Hi, thanks for reply.
I tried to output some text in org.apache.poi.poifs.crypt.dsig.
SignatureInfoInpo.preSign() method (just before it fails after servlet
reloads) with:
System.out.println("after preSign: provider: "+provider);
Iterator<Object> iterProv = provider.keySet().iterator();
while (iterProv.hasNext()) {
Object key = iterProv.next();
Object val = provider.get(key);
System.out.println(" Key: "+key+" Val: "+val);
}
Provider[] secProvs = Security.getProviders();
for (Provider p : secProvs) {
System.out.println("pName: "+p.getName()+" pInfo: "+p.getInfo()+"
pVersion: "+p.getVersion());
}
and output (print is at the end of email) is the same when servlet is
started for the first time (when it works) and after servlet gets reloaded
(when it still crashes).
Also in method
org.apache.poi.poifs.crypt.dsig.SignatureInfoInpo.initXmlProvider I changed
so provider gets initialized every time (text in output Registering...
XmlProviderInitSingleton):
provider = new XmlProviderInitSingleton().findProvider();
private XmlProviderInitSingleton() {
try {
Init.init();
RelationshipTransformService.registerDsigProvider();
CryptoFunctions.registerBouncyCastle();
System.out.println("Registering... XmlProviderInitSingleton");
} catch (Exception e) {
throw new RuntimeException("Xml & BouncyCastle-Provider
initialization failed", e);
}
}
Best regards, Blaž
------------------------- OUTPUT ---------------------
Registering... XmlProviderInitSingleton
Registering... XmlProviderInitSingleton
after preSign: provider: ApacheXMLDSig version 2.22
Key: Alg.Alias.TransformService.ENVELOPED Val:
http://www.w3.org/2000/09/xmldsig#enveloped-signature
Key: Alg.Alias.TransformService.XSLT Val:
http://www.w3.org/TR/1999/REC-xslt-19991116
Key: Provider.id name Val: ApacheXMLDSig
Key: TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments
Val: org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method
Key: TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/2000/09/xmldsig#base64
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/2006/12/xml-c14n11 Val:
org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method
Key: TransformService.http://www.w3.org/2002/06/xmldsig-filter2
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/2001/10/xml-exc-c14n#
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/TR/1999/REC-xpath-19991116
MechanismType Val: DOM
Key: TransformService.
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments MechanismType
Val: DOM
Key: TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Val: org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
Key: Provider.id version Val: 2.22
Key: KeyInfoFactory.DOM Val:
org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory
Key: Alg.Alias.TransformService.XPATH Val:
http://www.w3.org/TR/1999/REC-xpath-19991116
Key: TransformService.
http://www.w3.org/2000/09/xmldsig#enveloped-signature Val:
org.apache.jcp.xml.dsig.internal.dom.DOMEnvelopedTransform
Key: Alg.Alias.TransformService.BASE64 Val:
http://www.w3.org/2000/09/xmldsig#base64
Key: TransformService.http://www.w3.org/2006/12/xml-c14n11 MechanismType
Val: DOM
Key: Alg.Alias.TransformService.EXCLUSIVE_WITH_COMMENTS Val:
http://www.w3.org/2001/10/xml-exc-c14n#WithComments
Key: TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315
MechanismType Val: DOM
Key: Provider.id info Val: Apache Santuario XMLDSig (DOM
XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive
C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)
Key: TransformService.
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments Val:
org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod
Key: Alg.Alias.TransformService.INCLUSIVE Val:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Key: Alg.Alias.TransformService.XPATH2 Val:
http://www.w3.org/2002/06/xmldsig-filter2
Key: TransformService.
http://www.w3.org/2000/09/xmldsig#enveloped-signature MechanismType Val: DOM
Key: TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116 Val:
org.apache.jcp.xml.dsig.internal.dom.DOMXSLTTransform
Key: TransformService.http://www.w3.org/TR/1999/REC-xpath-19991116 Val:
org.apache.jcp.xml.dsig.internal.dom.DOMXPathTransform
Key: Alg.Alias.TransformService.EXCLUSIVE Val:
http://www.w3.org/2001/10/xml-exc-c14n#
Key: TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments
MechanismType Val: DOM
Key: TransformService.http://www.w3.org/2001/10/xml-exc-c14n# Val:
org.apache.jcp.xml.dsig.internal.dom.DOMExcC14NMethod
Key: TransformService.http://www.w3.org/2000/09/xmldsig#base64 Val:
org.apache.jcp.xml.dsig.internal.dom.DOMBase64Transform
Key: XMLSignatureFactory.DOM Val:
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory
Key: TransformService.http://www.w3.org/2002/06/xmldsig-filter2 Val:
org.apache.jcp.xml.dsig.internal.dom.DOMXPathFilter2Transform
Key: Provider.id className Val:
org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI
Key: TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments
Val: org.apache.jcp.xml.dsig.internal.dom.DOMExcC14NMethod
Key: Alg.Alias.TransformService.INCLUSIVE_WITH_COMMENTS Val:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
pName: SUN pInfo: SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX
CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores,
JavaPolicy Policy; JavaLoginConfig Configuration) pVersion: 1.8
pName: SunRsaSign pInfo: Sun RSA signature provider pVersion: 1.8
pName: SunEC pInfo: Sun Elliptic Curve provider (EC, ECDSA, ECDH) pVersion:
1.8
pName: SunJSSE pInfo: Sun JSSE provider(PKCS12, SunX509/PKIX key/trust
factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3) pVersion: 1.8
pName: SunJCE pInfo: SunJCE Provider (implements RSA, DES, Triple DES, AES,
Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) pVersion: 1.8
pName: SunJGSS pInfo: Sun (Kerberos v5, SPNEGO) pVersion: 1.8
pName: SunSASL pInfo: Sun SASL provider(implements client mechanisms for:
DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for:
DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) pVersion: 1.8
pName: XMLDSig pInfo: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory;
C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT
TransformServices) pVersion: 1.8
pName: SunPCSC pInfo: Sun PC/SC provider pVersion: 1.8
pName: SunMSCAPI pInfo: Sun's Microsoft Crypto API provider pVersion: 1.8
pName: POIXmlDsigProvider pInfo: POIXmlDsigProvider pVersion: 1.0
pName: BC pInfo: BouncyCastle Security Provider v1.64 pVersion: 1.64
ERROR: unknown canonicalization method:
http://schemas.openxmlformats.org/package/2006/RelationshipTransform
javax.xml.crypto.dsig.XMLSignatureException: unknown canonicalization
method: http://schemas.openxmlformats.org/package/2006/RelationshipTransform
at
org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform(SignatureFacetHelper.java:47)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestReferences(OOXMLSignatureFacet.java:192)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.addManifestObject(OOXMLSignatureFacet.java:110)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.facets.OOXMLSignatureFacet.preSign(OOXMLSignatureFacet.java:96)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.SignatureInfoInpo.preSign(SignatureInfoInpo.java:397)
~[classes/:5.0.0]
at
org.apache.poi.poifs.crypt.dsig.SignatureInfoInpo.confirmSignature(SignatureInfoInpo.java:225)
~[classes/:5.0.0]
at model.Signature.podpisiDocx(Signature.java:303) ~[classes/:?]
at servlets.AjaxServlet.izvozPodatkovPripravaAkcija(AjaxServlet.java:6297)
~[classes/:?]
at servlets.AjaxServlet.doGet(AjaxServlet.java:6050) ~[classes/:?]
at servlets.AjaxServlet.doPost(AjaxServlet.java:7624) ~[classes/:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:652)
~[servlet-api.jar:4.0.FR]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
~[servlet-api.jar:4.0.FR]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
~[tomcat-websocket.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at pageFilter.PagesFilter.doFilter(PagesFilter.java:148) ~[classes/:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
~[catalina.jar:9.0.41]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
~[catalina.jar:9.0.41]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
~[catalina.jar:9.0.41]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
~[catalina.jar:9.0.41]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
~[catalina.jar:9.0.41]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
~[catalina.jar:9.0.41]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597)
~[tomcat-coyote.jar:9.0.41]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-coyote.jar:9.0.41]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_271]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_271]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:9.0.41]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_271]
Caused by: java.security.InvalidAlgorithmParameterException
at
org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService.init(RelationshipTransformService.java:132)
~[poi-ooxml-5.0.0.jar:5.0.0]
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:321)
~[xmlsec-2.2.2.jar:2.2.2]
at
org.apache.poi.poifs.crypt.dsig.facets.SignatureFacetHelper.newTransform(SignatureFacetHelper.java:45)
~[poi-ooxml-5.0.0.jar:5.0.0]
... 36 more
------------------------- OUTPUT END ---------------------
On Thu, Aug 12, 2021 at 11:42 PM Andreas Beeker <[email protected]>
wrote:
> Hi Blaz,
>
> sorry for the late response.
>
> Please debug org.apache.poi.poifs.crypt.dsig.SignatureInfo#initXmlProvider
> after the servlet is reloaded.
> My guess is that the RelationshipTransformService registration is lost
> somewhere and the singleton is not initialized again.
> So depending on the internal state of SignatureInfo.provider or
> signatureConfig.provider, I would try to null them.
>
> Alternatively you could recall the three init methods invoked in
> org.apache.poi.poifs.crypt.dsig.SignatureInfo.XmlProviderInitSingleton#XmlProviderInitSingleton
> yourself.
>
> Andi.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
