You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by bu...@apache.org on 2019/08/31 13:33:24 UTC

[Bug 63712] New: upgrading xmlsec causes junit tests to fail

https://bz.apache.org/bugzilla/show_bug.cgi?id=63712

            Bug ID: 63712
           Summary: upgrading xmlsec causes junit tests to fail
           Product: POI
           Version: 4.0.x-dev
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: POI Overall
          Assignee: dev@poi.apache.org
          Reporter: fanningpj@yahoo.com
  Target Milestone: ---

XMLSEC 2.1.4 fixes a CVE issue.
https://santuario.apache.org/javareleasenotes.html

But upgrading causes issues. Similar issues discussed here:

https://stackoverflow.com/questions/17331187/xml-dig-sig-error-after-upgrade-to-java7u25


<testcase classname="org.apache.poi.poifs.crypt.TestSignatureInfo"
name="bug58630" time="1.826">
    <error message="javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID idSignedProperties"
type="javax.xml.crypto.dsig.XMLSignatureException">javax.xml.crypto.dsig.XMLSignatureException:
javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID idSignedProperties
        at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:418)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:352)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:486)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:371)
        at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.preSign(SignatureInfo.java:427)
        at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.confirmSignature(SignatureInfo.java:210)
        at
org.apache.poi.poifs.crypt.TestSignatureInfo.bug58630(TestSignatureInfo.java:775)
Caused by: javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID idSignedProperties
        at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:117)
        at
org.apache.poi.poifs.crypt.dsig.OOXMLURIDereferencer.dereference(OOXMLURIDereferencer.java:85)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:414)
Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID idSignedProperties
        at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:78)
        at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:278)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:110)
javax.xml.crypto.URIReferenceException:
org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot
resolve element with ID idSignedProperties
        at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:117)
        at
org.apache.poi.poifs.crypt.dsig.OOXMLURIDereferencer.dereference(OOXMLURIDereferencer.java:85)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:414)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:352)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:486)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:371)
        at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.preSign(SignatureInfo.java:427)
        at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.confirmSignature(SignatureInfo.java:210)
        at
org.apache.poi.poifs.crypt.TestSignatureInfo.bug58630(TestSignatureInfo.java:775)
Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID idSignedProperties
        at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:78)
        at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:278)
        at
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:110)
</error>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[Bug 63712] upgrading xmlsec causes junit tests to fail

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63712

--- Comment #1 from PJ Fanning <fa...@yahoo.com> ---
The issue seems to happen with xmlsec 2.1.3 and 2.1.4.

I tried a few things with trying to set the xsd:ID type but it didn't help.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[Bug 63712] upgrading xmlsec causes junit tests to fail

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63712

Andreas Beeker <ki...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Andreas Beeker <ki...@apache.org> ---
Patched via r1875392 and updated to XMLSec 2.1.5

I've validated a signed workbook in Excel ... I hope that the other signing
options still work too ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[Bug 63712] upgrading xmlsec causes junit tests to fail

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63712

--- Comment #2 from Andreas Beeker <ki...@apache.org> ---
Just a short follow-up:

The error happens with the following Santuario commit in xmlsec 2.1.3:
r1853805 | coheigea | 2019-02-18 16:10:04 +0100 (Mo, 18 Feb 2019) | 3 lines
Revert "[SANTUARIO-349] - Update JCP dsig code to simplify serialization"
This reverts commit 18b0fde1f8a5c7de811bc8ec3a886890d31276b9.


The symptom is that SignatureMarshalDefaultListener is only presented
DigestValues instead of Signature elements.

Investigating further ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org