Open wkloucek opened 1 week ago
@wkloucek, please specify the Document Server (helm docs images) version you are checking this case on.
@wkloucek, please specify the Document Server (helm docs images) version you are checking this case on.
It was the OnlyOffice Helm Chart 4.2.1, which uses OnlyOffice image 8.1.1-1
Please specify also the following information required to understand the reason: access_token and url with origin (or wopiSrc that is passed when opening the file) and debug logs after the issue is reproduced.
Upd. to speed up the process, we think that the parameters mentioned in my previous message are sufficient for the analysis without debug logs at this step.
Hello @wkloucek, we checked the keys you provided here on our test instance of the Document Server and successfully integrated it with SharePoint 2019 via WOPI - validation passed. We also checked them using MS validator and everything is ok.
Can you also confirm that this is the validator you are using? As of now we see that the keys you provided are valid and we are not able to identify the problem according to the code of your validator.
Can you also confirm that this is the validator you are using
Yes, this is the code.
Thanks a lot for checking it from your side! My colleagues need to have a look, too
@jvillafanez Please check if we have an issue in our implementation. Thanks!
@wkloucek you might want to try with onlyoffice 8.1.3. I had troubles with 8.1.0 but it seems to work with 8.1.3.
There have been some changes recently in onlyoffice regarding the key generation. The "blame" shows changes from 2-4 months ago in https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/b8f413343446ab278843b9749e4d9faaf8ad4b91/run-document-server.sh#L414-L428 .
I can't say for sure, but what I did was place the generated key files in the "/var/www/onlyoffice/Data" folder and restart the container. I guess the container fills the missing pieces, so there is no need to touch the local.json file (I think it gets overwritten). For the key file format, just run the commands in the script
openssl genpkey -algorithm RSA -outform PEM -out "${WOPI_PRIVATE_KEY}" >/dev/null 2>&1
openssl rsa -RSAPublicKey_out -in "${WOPI_PRIVATE_KEY}" -outform "MS PUBLICKEYBLOB" -out "${WOPI_PUBLIC_KEY}" >/dev/null 2>&1
I've also noticed that the onlyoffice 8.1.0 sends the modulus as hexadecimal code, although it should be sent base64-encoded (as it is sent with 8.1.3). Maybe this was the reason why proof keys didn't work before (although it seemed to work with the default keys...) As said, the public key file format has changed (it was PEM format before), so using the "new" "MS PUBLICKEYBLOB" format in an old container might also cause problems.
Describe the bug
I tried to use WOPI proof keys with OnlyOffice but couldn't succceed.
This is the information from OnlyOffice how to roll your own proof keys:
https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/b8f413343446ab278843b9749e4d9faaf8ad4b91/run-document-server.sh#L414-L428
Steps to reproduce
Expected behavior
The WOPI proof validation succeeds
Actual behavior
The WOPI proof validation fails:
Additional context
my local.json config:
My private key (not used for anything than temporary testing, therefore it's fine to paste it here):