Bug 65701 - Encrypted excel file is corrupt if Saxon is default transformer and EncryptionMode.agile is used
Summary: Encrypted excel file is corrupt if Saxon is default transformer and Encryptio...
Alias: None
Product: POI
Classification: Unclassified
Component: POIFS (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
Depends on:
Reported: 2021-11-24 14:28 UTC by Bernhard Schuhmann
Modified: 2021-11-25 10:46 UTC (History)
0 users

Corrupt excel file - use 'test' as password. (8.00 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet)
2021-11-24 14:28 UTC, Bernhard Schuhmann

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Schuhmann 2021-11-24 14:28:24 UTC
Created attachment 38101 [details]
Corrupt excel file - use 'test' as password.

If Saxon is on the classpath or javax.xml.transform.TransformerFactory is set to net.sf.saxon.TransformerFactoryImpl and EncryptionMode.agile is used for encryption, excel files generated by POI are corrupt and Excel fails to open them.

The encryption info in the encrypted file has an empty namespace for element KeyData: ...<keyData xmlns="" blockSize=...

This might be caused by org.apache.poi.poifs.crypt.agile.KeyData.write() (and probably other places) using Document.createElement() instead of Document.createElementNS().

This only seems to be an issue with Saxon as child nodes without namespace don't inherit their parents' namespace. Other transformer implementations (Xalan) behave differently, there's no xmlns="" in the generated XML and Excel is able to open them.
Comment 1 PJ Fanning 2021-11-24 17:00:58 UTC
I added r1895303 - could you try the encryptor with these changes?
Comment 2 Bernhard Schuhmann 2021-11-24 17:05:12 UTC
Brilliant, changes look good on paper - thanks for the swift response!

Will need a bit longer to test them - will report back.
Comment 3 PJ Fanning 2021-11-24 17:54:40 UTC
The changes seem to help in my testing but there is more work needed - I created branches where the unit tests are un with saxon on the classpath. Lots of tests fail before the 'fix' commit is added but all tests seem to pass with saxon after the 'fix'.

https://github.com/pjfanning/poi/tree/saxon-test (test with saxon but without the XML namespaces 'fix')

https://github.com/pjfanning/poi/tree/saxon-test2 (test with saxon and with the XML namespaces 'fix')
Comment 4 Bernhard Schuhmann 2021-11-24 18:19:44 UTC
OK, was easier than expected (Gradle newbie) - tested with 5.2.0-SNAPSHOT from trunk and my test case that failed with 5.1.0 is now working, i.e. Excel is now again able to open the file.
Comment 5 PJ Fanning 2021-11-25 10:32:43 UTC
Added https://ci-builds.apache.org/job/POI/job/POI-DSL-saxon-test/ to run unit tests with Saxon-HE on classpath