Bug 64772 - docx file signing failed
Summary: docx file signing failed
Status: RESOLVED CLOSED
Alias: None
Product: POI
Classification: Unclassified
Component: POIFS (show other bugs)
Version: 4.1.2-FINAL
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-27 01:51 UTC by lavender
Modified: 2021-01-07 22:35 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lavender 2020-09-27 01:51:59 UTC
I downloaded poi-src-4.1.2-20200217 and signed the docx file. The signature failed. (Note: the xlsx file is signed successfully.) My test program is as follows:

KeyPair keyPair;
			char password[] = "123456".toCharArray();
			File file = new File("D:\\1\\data\\付筠1.pfx");
			KeyStore keystore = KeyStore.getInstance("PKCS12");//KeyStoreException
			FileInputStream fis = new FileInputStream(file);//FileNotFoundException
			keystore.load(fis, password);//CertificateException,NoSuchAlgorithmException
			fis.close();// IOException
			// extracting private key and certificate
			String alias = "5a90de991425c0f3b8a1215eb0587726_183c7506-734c-4aeb-b291-ebeed563f78d"; // alias of the keystore entry
			Key key = keystore.getKey(alias, password);//UnrecoverableKeyException, NoSuchAlgorithmException
			X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);//KeyStoreException
			keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey)key);
			// filling the SignatureConfig entries (minimum fields, more options are available ...)
			SignatureConfig signatureConfig = new SignatureConfig();
			signatureConfig.setKey(keyPair.getPrivate());
			signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
			// adding the signature document to the package
			SignatureInfo si = new SignatureInfo();
			OPCPackage pkg = OPCPackage.open(new File("D:\\1\\data\\e2.xlsx"), PackageAccess.READ_WRITE);//InvalidFormatException
			signatureConfig.setOpcPackage(pkg);
			si.setSignatureConfig(signatureConfig);
			si.confirmSignature();// MarshalException,XMLSignatureException
			boolean b = si.verifySignature();
			//assert (b);
			System.out.println(b);
			// write the changes back to disc
			pkg.close();
Comment 1 lavender 2020-09-27 01:56:14 UTC
The error message is as follows:
Exception in thread "main" java.lang.NullPointerException
	at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestReferences(OOXMLSignatureFacet.java:167)
	at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestObject(OOXMLSignatureFacet.java:102)
	at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.preSign(OOXMLSignatureFacet.java:91)
	at org.apache.poi.poifs.crypt.dsig.SignatureInfo.preSign(SignatureInfo.java:400)
	at org.apache.poi.poifs.crypt.dsig.SignatureInfo.confirmSignature(SignatureInfo.java:209)
	at org.apache.poi.poifs.crypt.MyTest.main(MyTest.java:75)
Comment 2 lavender 2020-09-27 02:57:49 UTC
KeyPair keyPair;
			char password[] = "123456".toCharArray();
			File file = new File("D:\\1\\data\\付筠1.pfx");
			KeyStore keystore = KeyStore.getInstance("PKCS12");//KeyStoreException
			FileInputStream fis = new FileInputStream(file);//FileNotFoundException
			keystore.load(fis, password);//CertificateException,NoSuchAlgorithmException
			fis.close();// IOException
			// extracting private key and certificate
			String alias = "5a90de991425c0f3b8a1215eb0587726_183c7506-734c-4aeb-b291-ebeed563f78d"; // alias of the keystore entry
			Key key = keystore.getKey(alias, password);//UnrecoverableKeyException, NoSuchAlgorithmException
			X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);//KeyStoreException
			keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey)key);
			// filling the SignatureConfig entries (minimum fields, more options are available ...)
			SignatureConfig signatureConfig = new SignatureConfig();
			signatureConfig.setKey(keyPair.getPrivate());
			signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
			// adding the signature document to the package
			SignatureInfo si = new SignatureInfo();
			OPCPackage pkg = OPCPackage.open(new File("D:\\1\\data\\a1.docx"), PackageAccess.READ_WRITE);//InvalidFormatException
			signatureConfig.setOpcPackage(pkg);
			si.setSignatureConfig(signatureConfig);
			si.confirmSignature();// MarshalException,XMLSignatureException
			boolean b = si.verifySignature();
			//assert (b);
			System.out.println(b);
			// write the changes back to disc
			pkg.close();
Comment 3 Andreas Beeker 2020-09-28 20:25:09 UTC
Please share your .docx - either here in the ticket or email it to me privately.
If there's confidential information inside the .docx, please test to remove the content (in Word) and sign it again. If it fails again, then send me that file ... if not, you need to trial-and-error which element fails the signing process.
Comment 4 Andreas Beeker 2021-01-07 22:35:07 UTC
A months have passed since the request to provide the docx and I/we haven't received something.

Feel free to reopen the issue with an attached docx causing this error - I assume the docx is enough, I probably don't need the pfx keystore.