Bug 51165 - [PATCH] Add support for OOXML Agile Encryption
Summary: [PATCH] Add support for OOXML Agile Encryption
Status: RESOLVED FIXED
Alias: None
Product: POI
Classification: Unclassified
Component: POIFS (show other bugs)
Version: 3.8-dev
Hardware: Macintosh All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-07 02:46 UTC by Gary King
Modified: 2011-05-13 09:07 UTC (History)
0 users



Attachments
git-format-patch @ c7c0e8c implementing agile decryption (70.38 KB, application/octet-stream)
2011-05-07 02:46 UTC, Gary King
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gary King 2011-05-07 02:46:17 UTC
Created attachment 26966 [details]
git-format-patch @ c7c0e8c implementing agile decryption

Currently (git-svn commit ID c7c0e8c) poifs.crypt generates a RuntimeException reading past the end of a buffer when presented with an OOXML document that was created with Agile encryption ([MS-OFFCRYPTO] 2.3.4.10), since both the header format and the encryption itself are significantly different from the ECMA-376 standard encryption.

This patch adds support for reading the encryption header and decrypting Agile encrypted documents and changes the Decryptor class into an abstract interface plus a factory so that different decryption implementations can be applied depending on the encryption header. The existing ECMA-compliant decryptor has been renamed EcmaDecryptor to reflect its proper usage.

Additionally, I've renamed the test classes since it appears that even after adding them to the top-level test suite they weren't being run since the test harness expects the class name to begin with "Test."
Comment 1 Maxim Valyanskiy 2011-05-10 10:38:55 UTC
commited in r1101397, thank you
Comment 2 Nick Burch 2011-05-12 22:11:34 UTC
One for the Maven gurus most likely - don't we need to add something to the main POI pom for this extra dependency?
Comment 3 Maxim Valyanskiy 2011-05-13 08:31:17 UTC
add maven dependency in r1102603.

Maybe it is better to copy Base64 implementation from Apache Commons to org.apache.poi.util? What do you think?
Comment 4 Yegor Kozlov 2011-05-13 09:06:56 UTC
I'm for copying Base64 to org.apache.poi.util. My goal is to avoid creating a dependency on another project without a strict need. Base64 is a small piece of code, should be stable over time and I think it is OK to maintain it independently as a part of POI.

Yegor
.
 It is a small piece of code

(In reply to comment #3)
> add maven dependency in r1102603.
> 
> Maybe it is better to copy Base64 implementation from Apache Commons to
> org.apache.poi.util? What do you think?
Comment 5 Nick Burch 2011-05-13 09:07:55 UTC
I'd looked at doing that, but as it isn't just the one class (looked to be at least half a dozen that are depended on by Base64), and given that commons codec is so small, it's probably simplest to just add it as a dependency