Acrobat Address Book methods in Digital Signature API

Can anyone point me to code samples using the Acrobat Address Book methods in the Digital Signature API (AABFindCertsByName, AABGetCertTrust for example)?

I don't remember seeing any, sorry.
From: Adobe Forums <[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>
Date: Thu, 8 Dec 2011 16:32:46 -0800
To: Leonard Rosenthol <[email protected]<mailto:[email protected]>>
Subject: Acrobat Address Book methods in Digital Signature API
Acrobat Address Book methods in Digital Signature API
created by jmmorgan11<http://forums.adobe.com/people/jmmorgan11> in Acrobat SDK - View the full discussion<http://forums.adobe.com/message/4072845#4072845

Similar Messages

  • Implementing XAdES in Java XML Digital Signature API

    Hi,
    I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
    The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
    FINER: Pre-digested input:
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
    FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
    FINE: Reference object uri = #SignP
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
    FINE: Reference digesting completed,but while validating:
    FINER: Pre-digested input:
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
    FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
    FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
    FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
    2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
    FINE: Reference[#SignP] is valid: falseHow can I fix this?
    Signer class:
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.OutputStream;
    import java.security.KeyPair;
    import java.security.KeyPairGenerator;
    import java.util.ArrayList;
    import java.util.Collections;
    import java.util.Iterator;
    import java.util.List;
    import javax.xml.crypto.dom.DOMStructure;
    import javax.xml.crypto.dsig.CanonicalizationMethod;
    import javax.xml.crypto.dsig.DigestMethod;
    import javax.xml.crypto.dsig.Reference;
    import javax.xml.crypto.dsig.SignatureMethod;
    import javax.xml.crypto.dsig.SignedInfo;
    import javax.xml.crypto.dsig.Transform;
    import javax.xml.crypto.dsig.XMLObject;
    import javax.xml.crypto.dsig.XMLSignature;
    import javax.xml.crypto.dsig.XMLSignatureFactory;
    import javax.xml.crypto.dsig.dom.DOMSignContext;
    import javax.xml.crypto.dsig.dom.DOMValidateContext;
    import javax.xml.crypto.dsig.keyinfo.KeyInfo;
    import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
    import javax.xml.crypto.dsig.keyinfo.KeyValue;
    import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
    import javax.xml.crypto.dsig.spec.TransformParameterSpec;
    import javax.xml.parsers.DocumentBuilderFactory;
    import javax.xml.transform.Transformer;
    import javax.xml.transform.TransformerFactory;
    import javax.xml.transform.dom.DOMSource;
    import javax.xml.transform.stream.StreamResult;
    import org.w3c.dom.Document;
    import org.w3c.dom.Element;
    import org.w3c.dom.NodeList;
    import com.sun.org.apache.xml.internal.security.utils.IdResolver;
    public class SignatureTest1 {
         public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
         public static String signatureID="Sig1";
         public static String signedPropID="SignP";
         public static void main(String[] arg) {
            try{
              XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
              List<Reference> refs = new ArrayList<Reference>();
              Reference ref1 = fac.newReference
                  ("", fac.newDigestMethod(DigestMethod.SHA1, null),
                      Collections.singletonList
                    (fac.newTransform
                   (Transform.ENVELOPED, (TransformParameterSpec) null)),
                   null, null);
              refs.add(ref1);
              Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
              refs.add(ref2);
              SignedInfo si = fac.newSignedInfo
                  (fac.newCanonicalizationMethod
                   (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                    (C14NMethodParameterSpec) null),
                   fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
                   refs);
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
              kpg.initialize(512);
              KeyPair kp = kpg.generateKeyPair();
              KeyInfoFactory kif = fac.getKeyInfoFactory();
              KeyValue kv = kif.newKeyValue(kp.getPublic());
             KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
              DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
              dbf.setNamespaceAware(true);
              Document doc =
                  dbf.newDocumentBuilder().parse("purchaseOrder.xml");
              DOMSignContext dsc = new DOMSignContext
                  (kp.getPrivate(), doc.getDocumentElement());
              dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
              Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
            QPElement.setAttributeNS(null, "Target", signatureID);
            Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
            SPElement.setAttributeNS(null, "Id", signedPropID);
            IdResolver.registerElementById(SPElement, signedPropID);
            QPElement.appendChild(SPElement);
            Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
            QPElement.appendChild(UPElement);
            DOMStructure qualifPropStruct = new DOMStructure(QPElement);
            List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
            xmlObj.add(qualifPropStruct);
            XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
            List objects = Collections.singletonList(object);
            XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
              signature.sign(dsc);
              OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
              TransformerFactory tf = TransformerFactory.newInstance();
              Transformer trans = tf.newTransformer();
              trans.transform(new DOMSource(doc), new StreamResult(os));
            }catch(Exception e){
                 e.printStackTrace();
            try{
            Validator.main(null);
            }catch(Exception e){
                 System.out.println("Validator exception");
                 e.printStackTrace();
         public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
              String qName = prefix == null ? tag : prefix + ":" + tag;
             return doc.createElementNS(nsURI, qName);
    }Validator class:
    import javax.xml.crypto.*;
    import javax.xml.crypto.dsig.*;
    import javax.xml.crypto.dom.*;
    import javax.xml.crypto.dsig.dom.DOMValidateContext;
    import javax.xml.crypto.dsig.keyinfo.*;
    import java.io.FileInputStream;
    import java.security.*;
    import java.util.Collections;
    import java.util.Iterator;
    import java.util.List;
    import javax.xml.parsers.DocumentBuilderFactory;
    import org.w3c.dom.Document;
    import org.w3c.dom.NodeList;
    * This is a simple example of validating an XML
    * Signature using the JSR 105 API. It assumes the key needed to
    * validate the signature is contained in a KeyValue KeyInfo.
    public class Validator {
        // Synopsis: java Validate [document]
        //       where "document" is the name of a file containing the XML document
        //       to be validated.
        public static void main(String[] args) throws Exception {
         // Instantiate the document to be validated
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
         dbf.setNamespaceAware(true);
         Document doc =
                dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
         // Find Signature element
         NodeList nl =
             doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
         if (nl.getLength() == 0) {
             throw new Exception("Cannot find Signature element");
         // Create a DOM XMLSignatureFactory that will be used to unmarshal the
         // document containing the XMLSignature
         XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
         // Create a DOMValidateContext and specify a KeyValue KeySelector
            // and document context
         DOMValidateContext valContext = new DOMValidateContext
             (new KeyValueKeySelector(), nl.item(0));
         // unmarshal the XMLSignature
         XMLSignature signature = fac.unmarshalXMLSignature(valContext);
         // Validate the XMLSignature (generated above)
         boolean coreValidity = signature.validate(valContext);
         // Check core validation status
         if (coreValidity == false) {
                 System.err.println("Signature failed core validation");
             boolean sv = signature.getSignatureValue().validate(valContext);
             System.out.println("signature validation status: " + sv);
             // check the validation status of each Reference
             Iterator i = signature.getSignedInfo().getReferences().iterator();
             for (int j=0; i.hasNext(); j++) {
              boolean refValid =
                  ((Reference) i.next()).validate(valContext);
              System.out.println("ref["+j+"] validity status: " + refValid);
         } else {
                 System.out.println("Signature passed core validation");
         * KeySelector which retrieves the public key out of the
         * KeyValue element and returns it.
         * NOTE: If the key algorithm doesn't match signature algorithm,
         * then the public key will be ignored.
        private static class KeyValueKeySelector extends KeySelector {
         public KeySelectorResult select(KeyInfo keyInfo,
                                            KeySelector.Purpose purpose,
                                            AlgorithmMethod method,
                                            XMLCryptoContext context)
                throws KeySelectorException {
                if (keyInfo == null) {
              throw new KeySelectorException("Null KeyInfo object!");
                SignatureMethod sm = (SignatureMethod) method;
                List list = keyInfo.getContent();
                for (int i = 0; i < list.size(); i++) {
              XMLStructure xmlStructure = (XMLStructure) list.get(i);
                     if (xmlStructure instanceof KeyValue) {
                        PublicKey pk = null;
                        try {
                            pk = ((KeyValue)xmlStructure).getPublicKey();
                        } catch (KeyException ke) {
                            throw new KeySelectorException(ke);
                        // make sure algorithm is compatible with method
                        if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
                            return new SimpleKeySelectorResult(pk);
                throw new KeySelectorException("No KeyValue element found!");
            //@@@FIXME: this should also work for key types other than DSA/RSA
         static boolean algEquals(String algURI, String algName) {
                if (algName.equalsIgnoreCase("DSA") &&
              algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
              return true;
                } else if (algName.equalsIgnoreCase("RSA") &&
                           algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
              return true;
                } else {
              return false;
        private static class SimpleKeySelectorResult implements KeySelectorResult {
         private PublicKey pk;
         SimpleKeySelectorResult(PublicKey pk) {
             this.pk = pk;
         public Key getKey() { return pk; }
    }PurchaseOrder.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <PurchaseOrder>
    <Item number="130046593231">
      <Description>Video Game</Description>
      <Price>10.29</Price>
    </Item>
    <Buyer id="8492340">
      <Name>My Name</Name>
      <Address>
       <Street>One Network Drive</Street>
       <Town>Burlington</Town>
       <State>MA</State>
       <Country>United States</Country>
       <PostalCode>01803</PostalCode>
      </Address>
    </Buyer>
    </PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
    <?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
    <Item number="130046593231">
      <Description>Video Game</Description>
      <Price>10.29</Price>
    </Item>
    <Buyer id="8492340">
      <Name>My Name</Name>
      <Address>
       <Street>One Network Drive</Street>
       <Town>Burlington</Town>
       <State>MA</State>
       <Country>United States</Country>
       <PostalCode>01803</PostalCode>
      </Address>
    </Buyer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
    xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
    QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
    dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>

    I believe the problem is that you are not explicitly adding the xades namespace
    attribute to the SignedProperties element before generating the signature. Thus,
    the namespace attribute is not visible when canonicalizing, but when you serialize the
    DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
    attribute is visible and is added to the SignedProperties element, which breaks the
    signature.
    You must always explicitly add namespace attributes using the Element.setAttributeNS
    method. Try changing the following code from:
    Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
    to:
    Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
    SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS);

  • Java XML Digital Signature API, how to sign different files

    Hello,
    I need to sign several files: binary and/or xml (in some cases just part of xml), and to implement digitla signatures in xAdes standard. So I'm looking to use Java XML Digital signature API, but can't find any examples, that would cover issues I encountered:
    How to sign binary file?
    Just to sign some simple "aaa.png" file and have it's signature in XML. How in right way to create referece?
    (should it be something like: Reference ref = fac.newReference("aaa.png", fac.newDigestMethod(DigestMethod.SHA1, null), null, null, null); )
    And how to pass file for signing? what to add/change to this code:
    Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("aaa.png"));
    DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
    (I have only found some information about needing to "dereference" or so - but no examples, how to make things work.)
    How to sing several different files?
    As I wrote before, several files needs to be signed, but in all examples, it's only one Document object (and only one file), how/where to add more files and if API will be capable to deal with such thing?
    In one of examples what I have to achive was such code:
    <Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <DigestValue>8rl/xzjAnE4yQQ2LTBvFTU2JH+c=</DigestValue>
    </Reference>
    If I do write code like: "fac.newReference("aaa.png", <...> );
    I'll get an error during signing: signature.sign(dsc);
    *"java.net.MalformedURLException: no protocol: aaa.png"*
    How to avoid this?
    Also, from exmaple (what to reach) above:
    <Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
    There is additional attribute "xmlns=<...>" - the question is if it is possible to add it by XMLSignatureFactory.newReference ?
    Java API adds a lot of prefixes "ds:" , like:
    <...>
    <ds:Reference URI="file:/D:/try5/SignableMetadata0.xml">
    <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </ds:Transforms>
    <...>
    Is it possible to avoid them?
    Any help on any of these questions would be very appreciated

    Hi,
    I would like to sign a specific part of a xml message [Only the contents under the <Buyer> tag]. I have also pasted the code which i used to do this. I am getting an output xml after the xml is signed, but when I validate the xml , the xml is valid even after I change the xml contents. Could you pls tell me what I am doing wrong here. I want to know whether the xpath implementation which I have done is correct.
    <?xml version="1.0" encoding="UTF-8"?>
    <PurchaseOrder>
    <Item number="130046593231">
    <Description>Video Game</Description>
    <Price>10.29</Price>
    </Item>
    *<Buyer id="8492340">*
    *<Name>My Name</Name>*
    *<Address>*
    *<Street>One Network Drive</Street>*
    *<Town>Burlington</Town>*
    *<State>MA</State>*
    *<Country>United States</Country>*
    *<PostalCode>01803</PostalCode>*
    *</Address>*
    *</Buyer>*</PurchaseOrder>
    // The code which i have used to perform the xpath transformation.
              XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
         XPathFilterParameterSpec xpathFilter = new XPathFilterParameterSpec("PurchaseOrder/Buyer");
              javax.xml.crypto.dsig.Reference ref = fac.newReference
              ("", fac.newDigestMethod(DigestMethod.SHA1, null),
              Collections.singletonList
              (fac.newTransform
              (Transform.XPATH, xpathFilter)),
              null, null);
              SignedInfo si = fac.newSignedInfo
              (fac.newCanonicalizationMethod
              (CanonicalizationMethod.INCLUSIVE,
              (C14NMethodParameterSpec) null),
              fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
    Collections.singletonList(ref));
    // Load the KeyStore and get the signing key and certificate.
         KeyStore ks = KeyStore.getInstance("JKS");
         char[] password = "changeme".toCharArray();
         ks.load(new FileInputStream("c:\\KeyStore"), password);
         KeyStore.PrivateKeyEntry keyEntry =
         (KeyStore.PrivateKeyEntry) ks.getEntry
         ("EISKeys", new KeyStore.PasswordProtection(password));
         X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
         // System.out.println("X509Certificate:"+cert);
         // Create the KeyInfo containing the X509Data.
         KeyInfoFactory kif = fac.getKeyInfoFactory();
         List x509Content = new ArrayList();
         x509Content.add(cert.getSubjectX500Principal().getName());
         x509Content.add(cert);
         X509Data xd = kif.newX509Data(x509Content);
         KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
         // Instantiate the document to be signed.
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
         dbf.setNamespaceAware(true);
         Document doc = dbf.newDocumentBuilder().parse
         (new FileInputStream("C:\\Life2012\\DigSign\\ACORD_Request.xml"));
         NodeList rootChildList = doc.getDocumentElement().getChildNodes();
         Node bodyNode = null;
         for(int i=0;i<rootChildList.getLength();i++){
              if("Buyer".equalsIgnoreCase(rootChildList.item(i).getLocalName())){
                   bodyNode = rootChildList.item(i);
                   System.out.println("Body Node is obtained"+bodyNode);
                   break;
         // Create a DOMSignContext and specify the RSA PrivateKey and
         // location of the resulting XMLSignature's parent element.
         //DOMSignContext dsc = new DOMSignContext
         // (keyEntry.getPrivateKey(), doc.getDocumentElement());
              // Sign only the body node
         DOMSignContext dsc = new DOMSignContext
         (keyEntry.getPrivateKey(), bodyNode);
         // Create the XMLSignature, but don't sign it yet.
         XMLSignature signature = fac.newXMLSignature(si, ki);
         // Marshal, generate, and sign the enveloped signature.
         signature.sign(dsc);

  • Xml digital signature api

    hello
    Has anyone tried to use the xml digital signature api on an application deployed on appserver 8.2 bundled with stucio?
    I am trying to,,but it seems i cannot work it out,.Here is what i do,,i ve built a sample application where when i clik a button the following code runs.I have imported the xmldsig.jar file i found on jwsdp-1.5 that includes the needed classes and i am using jdk 1.4.2.07.
    I should mention that when i deploy the application on tomcat 4.1.31 everything works fine and the xml file is properly signed.But it never works on when i run it on appserver.for ANY help i would be grateful!!!!!!!!
    the following code is on the click button action
    ypografi ob2 =new ypografi();
    boolean ok ;
    ok = ob2.ypegrapse("C:/attach.xml");
    the following code is the ypografi.java file
    package dokimi;
    import javax.xml.crypto.*;
    import javax.xml.crypto.dsig.*;
    import javax.xml.crypto.dom.*;
    import javax.xml.crypto.dsig.dom.DOMSignContext;
    import javax.xml.crypto.dsig.keyinfo.*;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.OutputStream;
    import java.security.*;
    import java.util.Collections;
    import java.util.Iterator;
    import javax.xml.parsers.DocumentBuilderFactory;
    import javax.xml.transform.*;
    import javax.xml.transform.dom.DOMSource;
    import javax.xml.transform.stream.StreamResult;
    import org.w3c.dom.Document;
    public class ypografi {
    /** Creates a new instance of ypografi */
    public ypografi() {
    public boolean ypegrapse(String nameoffile){
    // Create a DOM XMLSignatureFactory that will be used to generate the
              // enveloped signature
         try {     
    String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
              XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
    // Create a Reference to the enveloped document (in this case we are
              // signing the whole document, so a URI of "" signifies that) and
              // also specify the SHA1 digest algorithm and the ENVELOPED Transform.
              Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),Collections.singletonList(fac.newTransform(Transform.ENVELOPED, null)),null, null);
              // Create the SignedInfo
              SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, null),fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),Collections.singletonList(ref));
    // Create a DSA KeyPair
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
              kpg.initialize(512);
    KeyPair kp = kpg.generateKeyPair();
    // Create a KeyValue containing the DSA PublicKey that was generated
              KeyInfoFactory kif = fac.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(kp.getPublic());
              // Create a KeyInfo and add the KeyValue to it
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
              // Instantiate the document to be signed
              DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
              dbf.setNamespaceAware(true);
              Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(nameoffile));
    // Create a DOMSignContext and specify the DSA PrivateKey and
    // location of the resulting XMLSignature's parent element
              DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
              // Create the XMLSignature (but don't sign it yet)
              XMLSignature signature = fac.newXMLSignature(si, ki);
    // Marshal, generate (and sign) the enveloped signature
    signature.sign(dsc);
              // output the resulting document
              OutputStream os;
         os = new FileOutputStream(nameoffile);
              TransformerFactory tf = TransformerFactory.newInstance();
              Transformer trans = tf.newTransformer();
              trans.transform(new DOMSource(doc), new StreamResult(os));
    }catch(Exception e){
    System.out.println(e);
    return false;
    return true;
    }

    Something like this should work:
            Text text = doc.createTextNode("testContent");
            SignatureProperty sp = fac.newSignatureProperty
                (Collections.singletonList(new DOMStructure(text)),
                "#testTarget", "testID");
            SignatureProperties sps = fac.newSignatureProperties
                (Collections.singletonList(sp), null);
            objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
                null, null));

  • Acrobat 9 Standard and the Digital Signature usage right

    Acrobat 9 Standard is apparently able to apply certain usage rights to a document. I am trying to confirm whether or not the digital signature usage right is included. The
    Acrobat 9 product comparison seems to indicate it is not, but the online help implies that it is.
    Can someone with Acrobat 9 Standard confirm this for me by testing a document that you've enabled for use with Reader by attempting to sign a digital signature field with Reader?
    George

    In the office area, the Pro version might be good to have for the forms and other features. For the general library, Reader is probably adequate. Actually allowing PDF creation on public machines can be an issue. In a small libary system, Acrobat might be reasonable where you do not have to deal with a large, diverse population. However, for basic PDF creation, only Std is needed. Having both AA8 and AA9 on the same machine can lead to problems. However, if you remove one, you will likely have to repair the other.
    The problem with older versions is that they may not properly read some of the newer PDFs that might be downloaded. For the latter, you could install the latest version of Reader, but you need to be aware that you may have to deal with issues of right clicking (windows) on a file and selecting which application to open a PDF with. For forms and some editing, the Pro version would be good to have. You also have PDF Optimize and PreFlight with the Pro version that generally are not including in the Std version.
    To help compatibility with the files you create, you can select Start>Printers>Adobe PDF preferences (right click on printer). In the settings tab>Default settings> select at least Std or better Press or Print and then push edit. Under the general tab select the compatibility and set it to AA8 so that every thing is compatibile with the oldest version of Acrobat you have.
    If you have more than one computer in the office, you might consider having AA8 on one and AA9 on the other. Do check and be sure you have licenses for whatever you have and that someone has not come in and installed a pirated version. Also be sure you keep the original CDs and licenses (or if they were downloaded, burn the downloaded version to a CD as an archive and write the SN on the label).
    Now that I have confused you, are there more questions?

  • Save method for digital signatures

    Hi - I have several thousand forms all set up for digital signatures, which I use for locking down the form fields (render read-only). This works fine. The problem I have is that when a user digitally signs the form, they automatically get asked to Save As - with a default location on the local machine. Can this be changed to allow the user to simply save and overwrite the form in its original location. Of course there is a danger with doing this, but users with document/case management systems do not necessaritly know where to save the document, so basically they want to open up the form from their CMS/DMS, complete it, digitally sign it and simply save (automatically back in the location they launched it from.
    Does anyone know where I can even look - I have trawled the registry, the digital signature settings, etc, but no luck.

    Hi - these are all reader extended through Livecycle ES Reader extensions and are signed by users in Reader. What I am asking is if anyone has an idea where this behaviour is declared, so that I can change it.

  • XML Digital Signature API: creation of SignatureProperties

    Hallo!
    I'm having problems using the XMLDigitalSignature API to create signature properties.
    I want my signature to contain the following
    <SignatureProperties>
                <SignatureProperty Id="testID" Target="testTarget">
                    testContent
                </SignatureProperty>
    </SignatureProperties>I already create a signature using the following code:
              List<XMLObject> objs = new ArrayList<XMLObject>();
              objs.add(fac.newXMLObject(Collections.singletonList(manifest), null, null, null));
              XMLSignature signature = fac.newXMLSignature(si, ki, objs, signatureID, null);I've already been messing around with the method newSignatureProperties of the XMLSignatureFactory but I haven't managed to get it working. Can somebody help, please.
    Thanks in advance
    alex

    Something like this should work:
            Text text = doc.createTextNode("testContent");
            SignatureProperty sp = fac.newSignatureProperty
                (Collections.singletonList(new DOMStructure(text)),
                "#testTarget", "testID");
            SignatureProperties sps = fac.newSignatureProperties
                (Collections.singletonList(sp), null);
            objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
                null, null));

  • PubSec Digital signatures in Acrobat 9

    Hi,
    i m developing a digital signature plug-in, PubSec, to be specific. My plugin will, hopefully, digitally sign open pdf, and also able to verify them. The signature i am creating will be standard so that any other plugin, including Acrobat's own, can also verify it, and my plugin can verify others too. For this, i will leave the Filter unset and only set subfilter appropriately.
    Now, when implementing the signature creation and verification callbacks i found it very difficult, and in some cases am stuck, while getting required information from the provided arguments of the callbacks. For instance, from this structure "PSSigValidateDialogParams" i want to extract information such as:
    - signature's verification status
    - signer's certificate
    - reason location, etc.
    But so far i can only get the verification status as:
    ASInt32 sigValDigest = ASCabGetInt( sigValCab,  PROP_SigVal_Digest,  kDSSigValUnknown   );
    ASInt32 sigValTrustFlags = ASCabGetInt( sigValCab,  PROP_SigVal_TrustFlags,  kDSSigValUnknown   );
    ASInt32 sigValId = ASCabGetInt( sigValCab,  PROP_SigVal_Id,  kDSSigValUnknown );
    And i dont even completely understand what each of these mean. And i cannot get the rest of the info from the structure as well, as i cant find any discription about them in documentation. I did find a "Digital signature API Reference" document for acrobat 6, but none for acrobat 9. And even in acrobat 6, there is no description for most of the functions and structure, just the prototype.
    Please help me get the above information from the PSSigValidateDialogParams, or atleast point me towards the documentation of the digital signature api reference for acrobat 9. Thanks

    Hi,
    Go to: http://livedocs.adobe.com/acrobat_sdk/9/Acrobat9_HTMLHelp/API_References/Acrobat_API_Refer ence/Digital_Signatures/PubSec.html#kPSSigTrustUntrusted
    and search for  DSValidState
    enum DSValidState {  DSSigBlank = 0,
      DSSigUnknown,
      DSSigInvalid,
      DSSigValid,
      DSSigDoubleChecked,
      DSSigValidStateEnumSize
    and here: http://livedocs.adobe.com/acrobat_sdk/9/Acrobat9_HTMLHelp/API_References/Acrobat_API_Refer ence/Digital_Signatures/PubSec.html#kPSSigTrustAll
    enum DSSigValState {  kDSSigValUnknown = 0,
      kDSSigValUnknownTrouble,
      kDSSigValUnknownBytesNotReady,
      kDSSigValInvalidTrouble,
      kDSSigValUnused,
      kDSSigValJustSigned,
      kDSSigValFalse,
      kDSSigValTrue,
      kDSSigValEnumSize
    Regards,
    mwak

  • Acrobat is not validating digital signature

    Hi Everybody...
    I have generated a pdf file which includes digital signatures.
    But the acrobat is not validating the digital signature. But if
    we open this file in PDF-xchange viewer, it shows that the
    signatures are valid. Acrobat generates the following error...
    Error during signature verification.
    Signature contains incorrect, unrecognized, corrupted or
    suspicious data.
    Support Information: SigDict /Contents illegal data
    What may be the problem?

    Thank you Bernd for your kind and simple reply  
    I am uploading my file with my certificate which i am using for my digital
    signatures. Please have a deep look at contents entry. Use ASNVIEWER or
    decoder etc......
    Thanks again and Best Regards

  • Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

    Dear all,
    I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
    I know there are 3 options for digital signature and
    System signature with authorization by user ID and password (We use this currently)
    Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
    User signature without verification
    Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
    I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
    My active directory is based on Windows 2008.
    Thanks in advance!!
    Dhee

    Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

  • How to do Multiple digital signatures?

    I have created a form in Acrobat 9 Pro with multiple digital signatures. This is an approval form that is emailed "up the chain of command".  I have enabled extended features in Adobe Reader so that users without Acrobat 9 can digitally sign the form.  I created the form and did a certified signature.  I then emailed it to a typical user who filled in the form and emailed it to her boss for a digital signature.  Her boss digitally signed it and emailed it to the CFO.  The CFO does not have Acrobat 9.  When she gets it, she gets the error message "This document enabled extended features in Adobe Reader.  The document has been changed since it was created and use of extended features is no longer available.  Please contact the author for the original version of this document."  How do I correct this?

    Steve,
    I wanted to test how cumbersome it would be to have the 2 staff members open with Adobe Reader instead of Creative Suite; however, I have not been able to find any option like "open with" in my outlook email.  Every time I try to open it defaults to my Acrobat 9 Pro to open the document.  Would the 2 staff members have to save the email and then use "open with" in order to by pass Creative Suite?
    Also I am not sure if you answered my question last time - Is it possible to just upgrade the Acrobat portion of Creative Suite or do you have to upgrade the entire Creative Suite just to get the newer Acrobat?  I will also be checking the upgrade link you sent.  Thanks.

  • Maintaining digital signatures in single pdf

    Is there a way in Acrobat 9 Pro to maintain digital signatures when combining multiple files into a single pdf?  For instance, if I sign my timecard and a separate expense report, then my supervisor also countersigns both documents, I lose the signatures when combining the timecard and expense report into a single file.  I believe the signatures are maintained when creating a portfolio, but can it also be accomplished in a single pdf?

    I tried combining mulitple pdf documents either signed by me and/or a customer into one pdf document and the signatures were lost. However, if you combine them as a 'PDF Portfolio' instead of 'Single PDF' you'll maintain the signatures. The option is located in the right corner of the 'Combine Files' screen.

  • Digital Signatures/Javascript After Signing?

    Hello everyone,
    I'm currently developing forms for my company, post processed through Adobe Acrobat 9 Standard, that require digital signatures. Working in the food industry requires compliance to specific FDA guidelines, specifically CFR 21 part 11. In order to meet the requirements I must develop an SOP (Standard Operating Procedure) that proves signatures are accurate and secure.
    The process is tedious, and I have called a few meetings thus far to discuss some of the unforseen circumstances. During the discussion a question was brought up stating; What protects forms stored in the archives (3 years for compliance) from being corrupted by a disgruntled employee? Specifically, what stops an employee from clearing a digital signature? I realize we can set up file access rights to the forms to prevent such happenings, but majority of the forms are setup to hold 6 months to a year of info, thus wouldn't be archived until filled completely.
    My question: Does anyone out there know of a javascript or trick to disable the "Clear Signature" function after signed? I've been searching and have turned up empty handed. Also, does anyone have any other javascripts that are used after digital signature occurs?
    Thanks in advance for any help you can give me,

    George,
    Thanks for your response.
    The issue is not if the file is deleted, the issue is if the files becomes "manipulated". I think "corrupted" was the wrong choice of words.
    To explain: Any form that is completed has several digital signatures within the contents, depending on which QA Technicians complete the task (e.g. Calibrations, Metal Detector Settings, etc...). Forms are setup by days, weeks, or in some cases years, and have designated signature areas for the time period the test was conducted. So, after "John Smith" completes his portion of the form he is required to digital sign the document, after signing is complete all information is set to read only and cannot be altered unless the signature is deleted.
    Digital signatures can be deleted in two ways:
    1. The user who signed the document, based on active directory, has the ability to "clear signature". As and FYI: no other user is capable of deleting a signature signed by another employee. (does not apply to the form author)
    2. The file creator can add a "Reset button" control, thus being able to delete any data specified.
    So as I said I'm looking for a way to lock all signature functions, after sign is completed, even for the original signer. So if form "Calibration01" is currently being filled out and has signatures x,y,and z on it; I want to make sure if "x" is disgruntled they do not maliciously go and clear their signature. Also, I would like all fields associated with the signature to be locked without any way for the user to manipulate or revise data.
    If anyone has any javascripts that run once signer digitally signs, it would be a great help,
    Thanks,

  • Pro or Standard for digital signatures

    Do I need Adobe Acrobat Pro or can I use Adobe Acrobat Standard X to have digital signatures enabled for Adobe Reader file users.  So far, Standard X isn't working for the Reader files.

    You need Pro.

  • Digital signatures on PDFs

    Sorry if I am posting this question in the wrong location, but hopefully someone who sees this message will be able to answer or point me in the right direction. I did perform a search and could not find a definitive answer.
    There are documents in my company that will be circulated for approval and we would like to apply digital signatures to indicate that certain personnel have reviewed/approved these documents. I have the capability with Acrobat 3D version 8.1.5 to add digital signatures to a PDF. My question is: Is that true of all versions of Acrobat? If not, can anyone tell me the most recent version of Acrobat that has this capability or how I might find this out. I won't necessarily be the one creating the PDFs; thus, the question. Also, is there a better practice for indicating review/approval of a document?
    Janice

    Hi Janice,
    First thing, the comment above is incorrect. You can most certainly add multiple signatures to a single PDF file, and one signature does not invalidate the next.
    Onto your question; if you want to author the document with existing signature fields in a specific location you need Acrobat. However, once the fields exist you can “Reader enable” the document so the signature field can be signed using either Acrobat or Reader. If the file has been Reader enabled, then the user can create (place) a signature field wherever they like.
    The ability to add signature fields has been in Acrobat since version 4 when digital signatures were introduced. The ability to sign using Reader has been around since version 5.1 (there was no 5.1 of Acrobat, only Reader). The ability for Acrobat to “Reader enable” a document for signing has been there since version 8.0.
    Does this answer your question?
    Steve

Maybe you are looking for

  • Length parameter in adapter module

    Hello, With sender J2EE JMS adapter i configured flat to xml conversion with localejbs/AF_Modules/MessageTransformBean. For parameter xml.fieldNames I have  35 fieldnames and the length of the value of the parameter becomes 347. However it seems that

  • How to Configure Location based Accounts system for a company

    Hi Experts, My client using SAP B1 2007B PL13. I am configuring the Accounts part. here My client is involved in manufacturing business. so there are 3 locations like Location 1: Head Office Location 2: Factory1 and Warehouse1. Location 3: Factory2 a

  • Channel contract mismatch when implementing ISerializable

    Hello, I am trying to retrieve an object via an OperationContract Channel but when I try to implement ISerializable for that class, I receive a CommunicationException client side. The serialization and deserialization work fine server side.  The exce

  • Stolen MacBook Air

    My 13" Macbook Air, S.N. RM632234U9B, was stolen from my office in Glendale, CA over the Christmas Holidays. I reported it to both company security and the  Police. I had Find My iPhone on it, so I activated the lock code and set the erase function. 

  • CMP entity bean update after database update

    I'm new to JDeveloper and J2EE. Since JDev 10.1.3 is now production software I finally got started with it. Everything was quite simple to achieve however I have one problem. My current setup is faily easy. I have a statelss session bean and a CMP en