I downloaded poi-src-4.1.2-20200217 and signed the docx file. The signature failed. (Note: the xlsx file is signed successfully.) My test program is as follows: KeyPair keyPair; char password[] = "123456".toCharArray(); File file = new File("D:\\1\\data\\付筠1.pfx"); KeyStore keystore = KeyStore.getInstance("PKCS12");//KeyStoreException FileInputStream fis = new FileInputStream(file);//FileNotFoundException keystore.load(fis, password);//CertificateException,NoSuchAlgorithmException fis.close();// IOException // extracting private key and certificate String alias = "5a90de991425c0f3b8a1215eb0587726_183c7506-734c-4aeb-b291-ebeed563f78d"; // alias of the keystore entry Key key = keystore.getKey(alias, password);//UnrecoverableKeyException, NoSuchAlgorithmException X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);//KeyStoreException keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey)key); // filling the SignatureConfig entries (minimum fields, more options are available ...) SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(keyPair.getPrivate()); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); // adding the signature document to the package SignatureInfo si = new SignatureInfo(); OPCPackage pkg = OPCPackage.open(new File("D:\\1\\data\\e2.xlsx"), PackageAccess.READ_WRITE);//InvalidFormatException signatureConfig.setOpcPackage(pkg); si.setSignatureConfig(signatureConfig); si.confirmSignature();// MarshalException,XMLSignatureException boolean b = si.verifySignature(); //assert (b); System.out.println(b); // write the changes back to disc pkg.close();
The error message is as follows: Exception in thread "main" java.lang.NullPointerException at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestReferences(OOXMLSignatureFacet.java:167) at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestObject(OOXMLSignatureFacet.java:102) at org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.preSign(OOXMLSignatureFacet.java:91) at org.apache.poi.poifs.crypt.dsig.SignatureInfo.preSign(SignatureInfo.java:400) at org.apache.poi.poifs.crypt.dsig.SignatureInfo.confirmSignature(SignatureInfo.java:209) at org.apache.poi.poifs.crypt.MyTest.main(MyTest.java:75)
KeyPair keyPair; char password[] = "123456".toCharArray(); File file = new File("D:\\1\\data\\付筠1.pfx"); KeyStore keystore = KeyStore.getInstance("PKCS12");//KeyStoreException FileInputStream fis = new FileInputStream(file);//FileNotFoundException keystore.load(fis, password);//CertificateException,NoSuchAlgorithmException fis.close();// IOException // extracting private key and certificate String alias = "5a90de991425c0f3b8a1215eb0587726_183c7506-734c-4aeb-b291-ebeed563f78d"; // alias of the keystore entry Key key = keystore.getKey(alias, password);//UnrecoverableKeyException, NoSuchAlgorithmException X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);//KeyStoreException keyPair = new KeyPair(x509.getPublicKey(), (PrivateKey)key); // filling the SignatureConfig entries (minimum fields, more options are available ...) SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(keyPair.getPrivate()); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); // adding the signature document to the package SignatureInfo si = new SignatureInfo(); OPCPackage pkg = OPCPackage.open(new File("D:\\1\\data\\a1.docx"), PackageAccess.READ_WRITE);//InvalidFormatException signatureConfig.setOpcPackage(pkg); si.setSignatureConfig(signatureConfig); si.confirmSignature();// MarshalException,XMLSignatureException boolean b = si.verifySignature(); //assert (b); System.out.println(b); // write the changes back to disc pkg.close();
Please share your .docx - either here in the ticket or email it to me privately. If there's confidential information inside the .docx, please test to remove the content (in Word) and sign it again. If it fails again, then send me that file ... if not, you need to trial-and-error which element fails the signing process.
A months have passed since the request to provide the docx and I/we haven't received something. Feel free to reopen the issue with an attached docx causing this error - I assume the docx is enough, I probably don't need the pfx keystore.