Summary: | Invalid signature created for streamed xlsx file | ||
---|---|---|---|
Product: | POI | Reporter: | asaf <asafb> |
Component: | OPC | Assignee: | POI Developers List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | Keywords: | PatchAvailable |
Priority: | P2 | ||
Version: | 3.17-dev | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
Patch for XML Signatures / Unix linebreaks
requested binary dump |
Description
asaf
2017-06-13 10:36:39 UTC
Created attachment 35075 [details]
Patch for XML Signatures / Unix linebreaks
I'll apply the patch after the 3.17-beta1 is out.
Originally I've adapted/developed the XML signature code under a Win7 box, but now couldn't sign any documents anymore in an Ubuntu environment.
The reason was the indenting setting in StreamHelper.
For the actual bug entry, look at TestSignatureInfo on how to add a signature in-memory. I haven't changed the OPC code, which adds relations on the fly when saving, but rather ask the user to save the unsigned file first to a byte buffer before using OPCPackage to reload/sign/save it.
Testcase: bug61182 took 0.187 sec FAILED expected:<[HDdvgXblLMiE6gZSoRSQUof6+aedrhK9i51we1n+4Q/ioqrQCeh5UkfQ8lD63nV4ZDbM4/pIVFi6VpMpN/HMnAUHeVdVUCVTgpn3Iz21Ymcd9/aerNov2BjHLhS8X3oUE+XTu2TbJLNmms0I9G4lfg6HWP9t7ZCXBXy6vyCMArc]=> but was:<[jVW6EPMywZ8jr4+I4alDosXzqrVuDG4wTdrr+la8QVbXfLm6HOh9AUFlo5yUZuWo/1gXrrkc34UTYNzuslyrOxKqadPOIRKUssJzdCh/hKeTxs/YtyWkpGHggrUjrF/vUUIeIXRHo+1DCAh6ptoicviH/I/Dtoa5NgkEHVuOHk8]=> junit.framework.AssertionFailedError: expected:<[HDdvgXblLMiE6gZSoRSQUof6+aedrhK9i51we1n+4Q/ioqrQCeh5UkfQ8lD63nV4ZDbM4/pIVFi6VpMpN/HMnAUHeVdVUCVTgpn3Iz21Ymcd9/aerNov2BjHLhS8X3oUE+XTu2TbJLNmms0I9G4lfg6HWP9t7ZCXBXy6vyCMArc]=> but was:<[jVW6EPMywZ8jr4+I4alDosXzqrVuDG4wTdrr+la8QVbXfLm6HOh9AUFlo5yUZuWo/1gXrrkc34UTYNzuslyrOxKqadPOIRKUssJzdCh/hKeTxs/YtyWkpGHggrUjrF/vUUIeIXRHo+1DCAh6ptoicviH/I/Dtoa5NgkEHVuOHk8]=> at org.apache.poi.poifs.crypt.TestSignatureInfo.bug61182(TestSignatureInfo.java:191) Hi Andi, Is this user error on my part? Something odd about my dev environment? Windows 10, Java 8 131 I guess this is again a line ending problem - as I need to setup my windows environment first - could you write the ByteArrayOutputStream to a file, which is filled after pkg1.close()? Created attachment 35140 [details]
requested binary dump
pkg1.save(bos);
pkg1.close();
OutputStream tmp = new FileOutputStream(new File("C:/data/testsig.bin"));
IOUtils.copy(new ByteArrayInputStream(bos.toByteArray()), tmp);
tmp.flush();
tmp.close();
Thank you, Andi!
The windows/linux files differ in their line-endings, due to org.apache.xmlbeans.impl.store.Saver._newLine being system dependent. As the xml canonicalization handles the newlines as-is, this leads to different hashes. Currently I think about 3 options: a) change the _newLine static final via reflection b) normalize the xmls to unix linebreaks on signing c) add a switch in the junit test to check for windows/mac/linux hashes As the files signed by a linux system worked in Libre/MS Office, I probably just go with c) This is fixed as far as I see. |