You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2017/06/13 10:36:39 UTC
[Bug 61182] New: apache POI creates invalid signature for stream
xslx file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Bug ID: 61182
Summary: apache POI creates invalid signature for stream xslx
file
Product: POI
Version: 3.16-FINAL
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: OPC
Assignee: dev@poi.apache.org
Reporter: asafb@empownetworks.com
Target Milestone: ---
from here:
https://stackoverflow.com/questions/44499457/apache-poi-creates-invalid-signature-for-stream-xslx-file
I am trying to create and add a valid regular cryptographic signature to a xlsx
file i am creating. In addition, i am trying to do it in-memory. This seems to
cause problems for me. This code creates the file but in windows excel states
that the signature is invalid. note that i am sending an input stream
containing the xlsx (in-memory - not in file system) file, and i am writing the
pkg object to the output stream.
private ByteArrayOutputStream signFile(PrivateKey key, X509Certificate
x509Certificate, InputStream input) { //change to approve signed
SignatureConfig signatureConfig = new SignatureConfig();
ByteArrayOutputStream stream = new ByteArrayOutputStream();
signatureConfig.setKey(key);
signatureConfig.setExecutionTime(new Date());
ArrayList<X509Certificate> x509Certificates = new
ArrayList<>(Collections.singletonList(x509Certificate));
x509Certificates.add(x509Certificate);
signatureConfig.setSigningCertificateChain(x509Certificates);
OPCPackage pkg = null;
try {
if (input instanceof ByteArrayInputStream)
pkg = OPCPackage.open(input);
} catch (Exception ex) {
logger.error("failed to open package for file, exception:",ex);
}
signatureConfig.setOpcPackage(pkg);
// adding the signature document to the package
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(signatureConfig);
try {
si.confirmSignature();
} catch (Exception ex) {
logger.error("failed to confirm signature",ex);
}
// optionally verify the generated signature
boolean b = si.verifySignature();
if (b==false){
logger.error("signature verified result:" + b);
}
try {
pkg.flush();
pkg.save(stream);
pkg.close();
} catch (Exception ex) {
logger.error("failed to close package",ex);
}
return stream;
}
in addition i have this test code which creates a file and uses
OPCPackage.open(...) which works!! excel identifies the signature.
SignatureConfig signatureConfig = new SignatureConfig();
signatureConfig.setKey(aPrivate);
ArrayList<X509Certificate> x509Certificates = new ArrayList<>();
x509Certificates.add(x509Certificate);
signatureConfig.setSigningCertificateChain(x509Certificates);//Collections.singletonList(x509));
OPCPackage pkg = OPCPackage.open(filePath, PackageAccess.READ_WRITE);
signatureConfig.setOpcPackage(pkg);
// adding the signature document to the package
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(signatureConfig);
si.confirmSignature();
// optionally verify the generated signature
boolean b = si.verifySignature();
assertTrue(b);
// write the changes back to disc
pkg.close();
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Dominik Stadler <do...@gmx.at> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: [Bug 61182] Invalid signature created for streamed xlsx file
Posted by Greg Woolsey <gr...@gmail.com>.
Unless there is some use case I'm missing, unit tests would be the only
place a newly written file hash would need to match a precalculated value,
meaning c) should be fine by me. I don't think anyone should expect POI to
read a file and have the saved result be binarily equal to the input. The
only guarantee should be semantic equivalence.
On Tue, Jul 25, 2017, 03:53 <bu...@apache.org> wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
>
> --- Comment #6 from Andreas Beeker <ki...@apache.org> ---
> The windows/linux files differ in their line-endings, due to
> org.apache.xmlbeans.impl.store.Saver._newLine being system dependent.
>
> As the xml canonicalization handles the newlines as-is, this leads to
> different
> hashes.
>
> Currently I think about 3 options:
> a) change the _newLine static final via reflection
> b) normalize the xmls to unix linebreaks on signing
> c) add a switch in the junit test to check for windows/mac/linux hashes
>
> As the files signed by a linux system worked in Libre/MS Office, I probably
> just go with c)
>
> --
> You are receiving this mail because:
> You are the assignee for the bug.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
> For additional commands, e-mail: dev-help@poi.apache.org
>
>
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
--- Comment #6 from Andreas Beeker <ki...@apache.org> ---
The windows/linux files differ in their line-endings, due to
org.apache.xmlbeans.impl.store.Saver._newLine being system dependent.
As the xml canonicalization handles the newlines as-is, this leads to different
hashes.
Currently I think about 3 options:
a) change the _newLine static final via reflection
b) normalize the xmls to unix linebreaks on signing
c) add a switch in the junit test to check for windows/mac/linux hashes
As the files signed by a linux system worked in Libre/MS Office, I probably
just go with c)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Andreas Beeker <ki...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Invalid signature created |Invalid signature created
|for streamed xslx file |for streamed xlsx file
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Dominik Stadler <do...@gmx.at> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution|--- |FIXED
--- Comment #8 from Dominik Stadler <do...@gmx.at> ---
This is fixed as far as I see.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] apache POI creates invalid signature for stream xslx
file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
--- Comment #1 from Andreas Beeker <ki...@apache.org> ---
Created attachment 35075
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35075&action=edit
Patch for XML Signatures / Unix linebreaks
I'll apply the patch after the 3.17-beta1 is out.
Originally I've adapted/developed the XML signature code under a Win7 box, but
now couldn't sign any documents anymore in an Ubuntu environment.
The reason was the indenting setting in StreamHelper.
For the actual bug entry, look at TestSignatureInfo on how to add a signature
in-memory. I haven't changed the OPC code, which adds relations on the fly when
saving, but rather ask the user to save the unsigned file first to a byte
buffer before using OPCPackage to reload/sign/save it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
--- Comment #7 from Andreas Beeker <ki...@apache.org> ---
add hashes for other linebreaks via r1803011
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
--- Comment #5 from Tim Allison <ta...@mitre.org> ---
Created attachment 35140
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35140&action=edit
requested binary dump
pkg1.save(bos);
pkg1.close();
OutputStream tmp = new FileOutputStream(new
File("C:/data/testsig.bin"));
IOUtils.copy(new ByteArrayInputStream(bos.toByteArray()), tmp);
tmp.flush();
tmp.close();
Thank you, Andi!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Andreas Beeker <ki...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |NEEDINFO
--- Comment #4 from Andreas Beeker <ki...@apache.org> ---
I guess this is again a line ending problem - as I need to setup my windows
environment first - could you write the ByteArrayOutputStream to a file, which
is filled after pkg1.close()?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xlsx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Tim Allison <ta...@mitre.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #3 from Tim Allison <ta...@mitre.org> ---
Testcase: bug61182 took 0.187 sec
FAILED
expected:<[HDdvgXblLMiE6gZSoRSQUof6+aedrhK9i51we1n+4Q/ioqrQCeh5UkfQ8lD63nV4ZDbM4/pIVFi6VpMpN/HMnAUHeVdVUCVTgpn3Iz21Ymcd9/aerNov2BjHLhS8X3oUE+XTu2TbJLNmms0I9G4lfg6HWP9t7ZCXBXy6vyCMArc]=>
but
was:<[jVW6EPMywZ8jr4+I4alDosXzqrVuDG4wTdrr+la8QVbXfLm6HOh9AUFlo5yUZuWo/1gXrrkc34UTYNzuslyrOxKqadPOIRKUssJzdCh/hKeTxs/YtyWkpGHggrUjrF/vUUIeIXRHo+1DCAh6ptoicviH/I/Dtoa5NgkEHVuOHk8]=>
junit.framework.AssertionFailedError:
expected:<[HDdvgXblLMiE6gZSoRSQUof6+aedrhK9i51we1n+4Q/ioqrQCeh5UkfQ8lD63nV4ZDbM4/pIVFi6VpMpN/HMnAUHeVdVUCVTgpn3Iz21Ymcd9/aerNov2BjHLhS8X3oUE+XTu2TbJLNmms0I9G4lfg6HWP9t7ZCXBXy6vyCMArc]=>
but
was:<[jVW6EPMywZ8jr4+I4alDosXzqrVuDG4wTdrr+la8QVbXfLm6HOh9AUFlo5yUZuWo/1gXrrkc34UTYNzuslyrOxKqadPOIRKUssJzdCh/hKeTxs/YtyWkpGHggrUjrF/vUUIeIXRHo+1DCAh6ptoicviH/I/Dtoa5NgkEHVuOHk8]=>
at
org.apache.poi.poifs.crypt.TestSignatureInfo.bug61182(TestSignatureInfo.java:191)
Hi Andi,
Is this user error on my part? Something odd about my dev environment?
Windows 10, Java 8 131
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xslx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Andreas Beeker <ki...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Andreas Beeker <ki...@apache.org> ---
applied via r1800207
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 61182] Invalid signature created for streamed xslx file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61182
Andreas Beeker <ki...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Hardware|PC |All
OS|Linux |All
Summary|apache POI creates invalid |Invalid signature created
|signature for stream xslx |for streamed xslx file
|file |
Version|3.16-FINAL |3.17-dev
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org