Created attachment 39479 [details] Adding classification label to signed supported types Hi! Just found a bug / not supported feature on signing process. It affects all versions of POI released so far when trying to sign an Excel file containing a classification label. If you try to sign that kind of file (again, any Excel .XLSX containing a classification label, that is, a part name docMetadata/LabelInfo.xml) it will generate an invalid signature since that's not recognised inside the SignatureInfo facets while signing. The signing process finishes ok, but when opening the file the signature will be reported as invalid due to POI not including this part in the signing. Digging down into the process, the class OOXMLSignatureFacet doesn't support the signed type classificationlabels, so when method isSignedRelationship is called for that relationship it will reject to include it. This was included in Office in 2020 (http://schemas.microsoft.com/office/2020/02/relationships/classificationlabels) but signed types supported seems to be from 2010. The FIX is really simple: Just change OOXMLSignatureFacet to add the new type to the default collection "signed", since this property can't be overriden. WORKAROUND: Created a custom facet that includes it and override default facet list definition. Thanks for fixing this! as of today, it's impossible to properly sign an Excel that includes classification label/s and that kind of feature is becoming more common accoss companies. Best!
Apache POI does not have a very active community. I am not aware of any active volunteers who have a major interest or experience with the signing feature. Sometimes you need to find the right tool. Couldn't you do some scripting and get Excel to sign your files? Google Docs and some other non-MS tools may also support it. Microsoft created these proprietary formats. There is not much incentive for volunteers to support 100% of what Microsoft support.
I added r1914808. If someone has a test xlsx file that could be used to test this, that would be appreciated.
Hi Have you signed with p12 file, usb token or hsm ?