How do I retrieve the digital signature data from a Word file using Java?

Question

I have a word/docx file which has been digitally signed.

I need to open the file and read the signature subject, valid from, valid to and the rest of the details (including the RSA public key)

How can I do this from Java?

The following link didn't help me as I already have a signed document.

Load RSA public key from file

I tried with apache poi, but unsuccess, return only nulls

public static void main(String[] args) throws IOException, XmlException {
        String fileName = "test.docx";
        OPCPackage pkg = null;
        try {
            pkg = OPCPackage.open(fileName, PackageAccess.READ_WRITE);
        } catch (InvalidFormatException ex) {
            ex.printStackTrace();
        }
        SignatureConfig sic = new SignatureConfig();
        sic.getProxyUrl();
        sic.setOpcPackage(pkg);
        SignatureInfo si = new SignatureInfo();
        si.setSignatureConfig(sic);
        boolean isValid = si.verifySignature();

        System.out.println("isValid " + isValid);


        Iterator<SignaturePart> iter = si.getSignatureParts().iterator();
        while (iter.hasNext()) {
            SignaturePart element = iter.next();

            System.out.println("getSigner " + element.getSigner());

            List<X509Certificate> list = element.getCertChain();
            for (X509Certificate cc : list) {
                System.out.println("getSigAlgName " + cc.getSigAlgName());
                System.out.println("getSigAlgOID " + cc.getSigAlgOID());
                System.out.println("getNotAfter " + cc.getNotAfter());
                System.out.println("getNotBefore " + cc.getNotBefore());
            }


        }

but checking isValid, returned true..

Did you try following the [Apache POI example on validating a signature](http://poi.apache.org/encryption.html#Validating+a+signed+office+document)? — Gagravarr, Mar 26 '15 at 14:22
can you provide me that file or a similar signed dummy file? either via bugzilla entry or private email (kiwiwings ... apache.org) ... — kiwiwings, Apr 06 '15 at 23:51

score -1 · Answer 1 · edited Dec 02 '16 at 17:11

-1

... and then

boolean isValid = si.verifySignature();
List<X509Certificate> result = new ArrayList<X509Certificate>();
for (SignaturePart sp : si.getSignatureParts()) {
    if (sp.validate()) {
        result.add(sp.getSigner());
    }
}
pkg.revert();
pkg.close();

edited Dec 02 '16 at 17:11

Jose Ricardo Bustos M.

8,016
6
40
62

answered Dec 02 '16 at 12:45

Nils

1

please to read [how to answer](http://stackoverflow.com/help/how-to-answer), and explain your answer – Jose Ricardo Bustos M. Dec 02 '16 at 17:10

How do I retrieve the digital signature data from a Word file using Java?

1 Answers1