Hi,
I am having a trouble signing docx files with certificate. The folowing
code works nicely, but once the servlet gets reloaded it stops working
(stack trace is below).
It fails in line where confirmSignature() is....
Any ideas?
Best regards, Blaz
------------------ CODE ----------------
KeyStore ksPrivate = KeyStore.getInstance("PKCS12");
ksPrivate.load(inStreamKeyStore, keystorePw);
String aliasName = Certs.getCertAlias(ksPrivate);
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)
ksPrivate.getEntry(aliasName, new KeyStore.PasswordProtection(certPw));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
OPCPackage pkg = null;
try (InputStream isDocToSign = fpToSign.getInputStream();) {
pkg = OPCPackage.open( isDocToSign );
SignatureConfig signatureConfig = new SignatureConfig();
signatureConfig.setKey( keyEntry.getPrivateKey() );
signatureConfig.setSigningCertificateChain(Collections.singletonList(
cert ));
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(signatureConfig);
si.setOpcPackage(pkg);
si.confirmSignature();
boolean b = si.verifySignature();
if (b == false) {
throw new ProgramException("Invalid signature!");
}
try (OutputStream os = fpToSign.getOutputStream()) {
pkg.save( os );
}
} finally {
if (pkg != null) {
pkg.close();
}
}
----------------- END CODE ----------
----------------- STACK TRACE -----------
javax.xml.crypto.dsig.XMLSignatureException: unknown canonicalization
method: http://schemas.openxmlformats.org/package/2006/RelationshipTransform
at
org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform(SignatureFacetHelper.java:47)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestReferences(OOXMLSignatureFacet.java:192)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestObject(OOXMLSignatureFacet.java:110)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.preSign(OOXMLSignatureFacet.java:96)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.preSign(SignatureInfo.java:382)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.SignatureInfo.confirmSignature(SignatureInfo.java:224)
~[poi-ooxml-5.0.0.jar:5.0.0]
at model.Signature.podpisiDocx(Signature.java:296) ~[classes/:?]
at servlets.AjaxServlet.izvozPodatkovPripravaAkcija(AjaxServlet.java:6297)
~[classes/:?]
at servlets.AjaxServlet.doGet(AjaxServlet.java:6050) ~[classes/:?]
at servlets.AjaxServlet.doPost(AjaxServlet.java:7668) ~[classes/:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:652)
~[servlet-api.jar:4.0.FR]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
~[servlet-api.jar:4.0.FR]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
~[tomcat-websocket.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at pageFilter.PagesFilter.doFilter(PagesFilter.java:148) ~[classes/:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
~[catalina.jar:9.0.41]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
~[catalina.jar:9.0.41]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
~[catalina.jar:9.0.41]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
~[catalina.jar:9.0.41]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
~[catalina.jar:9.0.41]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-coyote.jar:9.0.41]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_271]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_271]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:9.0.41]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_271]
Caused by: java.security.InvalidAlgorithmParameterException
at
org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.init(RelationshipTransformService.java:132)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:321)
~[xmlsec-2.2.2.jar:2.2.2]
at
org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform(SignatureFacetHelper.java:45)
~[poi-ooxml-5.0.0.jar:5.0.0]
... 36 more
----------------- END STACK TRACE ----
