Digital Signature Logs in DSAL Tcode
Hello All,
Please help me to solve one issue.
I have successfully created the configurations and code to digital check the R/3 User and password
of user and accordingly receiving the logs in DSAL tcode also using if_ds_sign-sign method.
But issue is that we cannot pass the password of the user in this method,a pop screen screen comes which ask
for password manually when we execute this method.
So please let me know if any other method or bapi or any other way ,with which i can pass user id and password from code and it is digitally checked and logs also gets populated in DSAL tcode accordingly.
Regards.
Abhinav Goel.
Hello Samuli Kaski,
Thanks for you reply.
I have successfully achieved the requirement by creating a BDC code.
Regards.
Abhinav Goel.
Similar Messages
-
Issue in Digital Signature Logs in DSAL Transaction
Hello,
Please help me resolve one of my issue regarding digital signatures in sap.
As per my company requirement we want that logs should be generated in DSAL Transaction in SAP.
We are using SIGN_SIGNATURE_CREATE bapi for creating the digital signature of the user.
Now when this bapi runs and returns the digital signature successfully then also we are not getting any
success logs in DSAL transaction.
So please let me know what are the necessary configurations required so that we get logs in DSAL transaction
weather digital signatures successfully generate or if some exception occured.
Please reply ASAP.
Regards.
Abhinav Goel.Are you sure the Digital Signature Log isn't updated? Make sure you select the correct Application and Signature Object in the selection screen of DSAL. At least interface IF_DS_RUNTIME updates the log, even for non-standard strategies/applications/objects.
Update: I checked the function module SIGN_SIGNATURE_CREATE which isn't a BAPI and it's not even released. It appears to be a low level API, I suggest you look into using IF_DS_RUNTIME instead. -
Digital Signature Comments in DSAL
Ok...I've spun my wheels on this one for a while, like usual, I'm missing a piece of the puzzle somewhere.
I'm trying to see digital signature comments in transaction code DSAL. My system is on support levels SAP_ABA - SAPKA64019 and SAP_APPL - SAPKH50016. I bring this up because this level still requires that I implement the corrections in OSS notes 1027446, 992731 and 994320. I've approached prototyping this thing very simply...I am using program DSIG_BOOKING_EX and the masterful 'Digital Signature Tool' Implementation guide written by Dr. Matthias Schuler, Dr. Thomas Wiechorek and Dr. Uwe Dittes (this guide is in version 3 so it is solid). Everything works fine except for the comments. : (
Ok, according to OSS note 1027446 I should be seeing an additional button on the DSAL screen. I don't. I'm not giving up (don't have that option), but I thought (hoped) someone else had the same issue and has already worked through it.
I'm still working on it...if I find the answer I'll make sure to post it. (Can I give myself points?) ; )Note 1106863 was created to fix this problem. It is now available.
-
SAP Digital signature solution in Invoice output PDF document
Hi,
We are trying to POC SAP Digital signature solution for Invoice output pdf document based on the OSS note 700495 implemengtation guide.
- Defining the log structure and database table.
- Defining signature single step and authorization group and assignment.
- Completed the configuration steps including system signature with authorization by SAP user id and password.
- Release strategy and Archiving NOT implemented for this solution as they are not required as of now.
Checked the above settings using DSIG_BOOKING_EX sample program and the same executed successfully without any errors and we can see the result 'Signature process was successfully completed by user XXXXXX'. Also we can view the signature log in DSAL Transaction.
Similar to the sample program code, Implemented the signature call in user exit ZXMCVU05(EXIT_SAPLMCS6_001) for Invoice output digital signature during VF01 create transaction.
In the process signature call processed successfully but the output PDF document does not have any signature.
Please let me know why digital signature NOT applied to invoice output pdf file. Is there any other process that need to be done?
Also if you have implemented any similar solution, please provide me the details on the same.
Thanks!Ritwika,
Are the User Name and Password correct? Is the User assigned to the SAP_XMII_User role in Netweaver? On the iCommand's Security screen, is the SAP_XMII_User assigned as a Reader role?
Have you checked the Netweaver log? There may be more detailed information there.
Kind Regards,
Diana
Edited by: Diana Hoppe on Mar 3, 2011 9:50 AM -
Adobe Acrobat and Reader digital signature verification error logs
Can you help me how enable and where Acrobat 9.2 and Reader 9.2.3 error logs to analyse digital signature certificate revacation (CRL, OCSP)?
Hi Gatis,
Check out the Security and Digital Signature Admin Guide athttp://learn.adobe.com/wiki/download/attachments/52658564/acrobat_reader_security_9x.pdf?v ersion=1
http://learn.adobe.com/wiki/download/attachments/52658564/acrobat_reader_security_9x.pdf?v ersion=1
Once you get the file open look at section 5.3.4.4
The folder path has to exist, but Acrobat will create the file if it's missing. For example, if you want to save the file to C:\LogFile\digSigLog.txt the folder LogFile would have to exist on the C drive, but the log file itself will get created if it's not there already.
When you type in the file path and name in the Edit Binary Value dialog in regedit, make sure you null terminate the string by typing a zero at the end of the hex data on the left side of the dialog. It will look like a dot on the right side, but it's not really a dot (a dot is 2E in hex).
Steve -
Hi all,
I have some douts pls help me to solve it
1)The digital signature ensures that certain tasks are only performed by specially authorized users and documented in a signed document together with the name of the undersigned person, and the date and time.
But this can also be met by using basis tools providing authorisation to restricted usere only for UD and Result recording
then what is the use of Digital signature?
2)If i am using digital signature it is not reflecting any where.
i can olny see logs for that under Tcode DSAL
ASDI pasted below the help file info from SPRO on digitial signatures. This gives you a good overview. You can find more info on this by searching help for information on SSF Settings for the System Signature. SSF = Secure Store and Forward and you will help files on this as well. These areas are set up by BASIS folks, not QM. You may want to inquire in a BASIS forum for more specific info on setting this up.
Craig
The basis application component Secure Store and Forward (SSF) is used to realize digital signatures in the SAP System. This section tells you how to make the following settings:
SSF settings for the digital signature
Which settings you make here depends on the signature method you use (see Specify Signature Method for Approval Using Simple Signature and Define Signature Strategies)
The complete names of the users that are supposed to execute the signatures as well as their personal time zones
When a signature is executed, the system copies the signatory name together with the local time according to the signatory's personal time zone to the signed document.
Caution
All users can maintain their address data and defaults by choosing System -> User profile -> Own data. The general user settings along with the SSF settings for the user are part of this data. Therefore if you use digital signatures, do not assign the authorization to maintain own data to all users.
Requirements
If you use the user signature as your signature method, you need an external security product that islinked to your SAP System by way of SSF.
Note that you should not store the users' Personal Security Environment (PSE) in a file system but rather, for example, on a smart card. The PSE software does not comply with legal requirements for digital signatures.
Standard settings
The SSF settings for the system signature are contained in the standard system.
Activities
SSF Settings for the User Signature
1. Go to Customizing for Basis Components, choose System Administration -> Digital Signature and carry out activity Application-Dependent Parameters for SSF Functions.
2. Enter the SSF information for the users that are supposed to execute digital signatures. If you want, you can also make the general user settings now (see below).
a) Go to user maintenance.
b) Enter the user ID of the user whose data you want to maintain and choose Change.
c) Go to the Address tab page.
d) Choose Other communication and double-click SSF (Secure Store & Forw.).
e) Enter the user's SSF information.
How the entries must be structured depends on the security product you use.
f) Choose Continue and save your entries.
SSF Settings for the System Signature
Check and, if required, maintain the standard settings. To do so, go to Customizing for Basis Components, choose System Administration -> Digital Signature and carry out the following activities:
Application-Dependent Parameters for SSF Functions
SAPSECULIB Maintenance Information
General User Settings
1. Go to user maintenance.
2. Enter the user ID of the user whose data you want to maintain and choose Change.
3. Go to the Address tab page and enter the user's first and last names.
4. Go to the Defaults tab page and enter the user's personal time zone.
5. Save your entries. -
Issue in Java concurrent program for Digital Signature Stamping
Hi All,
Im calling a Java concurrent program which does digital signature stamping on the PDF report generated.Program able to able to read the PDF file as input and also digital signature stored as file in the application but
ends in error in create signature method , need help in this regard.
Error:
Parameter 0 is Request id of with out Digital signature file
Parameter 1 is employee id of approver
Parameter:0:99203256
Parameter:1:1414603
$$$$ start query fileinfo with callable statment
programName>>>>>>>>BTPOPORPXML
$$$$ Without digital Signature file Name $$$
$/inst_top/finprod/apps/FINPROD_CPNQERPAAPZP10/logs/appl/conc/out/BTPOPORPXML_99203256_1.PDF
PFX File Reading Start
PFX File Reading Ends
PFX File size is: 6460 Byte size is: 6460
Elements present
java.lang.NullPointerException
at
com.lowagie.text.pdf.PdfSignatureAppearance.getAppearance
(Unknown Source)
at
com.lowagie.text.pdf.PdfSignatureAppearance.preClose
(Unknown Source)
at
com.lowagie.text.pdf.PdfSignatureAppearance.preClose
(Unknown Source)
at com.lowagie.text.pdf.PdfStamper.close(Unknown
Source)
at
btvl.oracle.apps.po.digsig.BTVLDigSign.runProgram
(BTVLDigSign.java:151)
at oracle.apps.fnd.cp.request.Run.main
(Run.java:157)
Edited by: 999033 on May 16, 2013 7:20 PMHi Charls,
I have successfully implemented at our end in 11i. Pl.try at your end.
v_request_id := FND_REQUEST.SUBMIT_REQUEST (passed your arguments... );
COMMIT;
IF NVL( v_request_id , 0 ) = 0 THEN
DBMS_OUTPUT.PUT_LINE( 'Item Assignment to Organization Program Not Submitted');
p_status := 'FAILURE' ;
p_err_msg := 'ERROR RAISED AFTER SUBMITTING THE IMPORT ITEM ORG.ASSIGNMENT CONCURRENT REQUEST ... ' ;
ELSE
v_finished := FND_CONCURRENT.WAIT_FOR_REQUEST
request_id => v_request_id,
interval => 0,
max_wait => 0,
phase => v_phase,
status => v_status,
dev_phase => v_request_phase,
dev_status => v_request_status,
message => v_message
LOOP
EXIT WHEN ( UPPER(v_request_phase) = 'COMPLETE' OR v_phase = 'C');
END LOOP;
HTH
Sanjay -
Excel 2013 crash - related to digital signature?
This is a cross-posting of a thread originally started in Microsoft Answers (Office- Excel) forum, advised to post in this forum by MS support engineer Mohan Suryanarayan (link to other forum: here).
I have a VB macro in file A (which otherwise contains only several Excel Tables with named ranges). My digital signature (for signing code) is attached to file A.
As the macro executes, the Open file dialog is called up so that the User can select a secondary file to open (file B or C).
Files B and C contain several sheets with formulas and Excel Tables, and also their own extensive VB macros. My digital signature is also attached to files B & C.
The remainder of the macro in file A simply executes an update of the Excel Tables in the secondary file, before saving & closing it.
I have been finding that during execution of the file A macro, Excel crashes and closes all open Excel files.
If I remove the digital signature from the secondary files then the macro in file A executes with no problem.
The macro was written in Excel 2007 and on a different laptop, with different digital signature, and used to have no problem at all. When a new laptop was purchased a new digital signature was obtained and placed into all of the files.
Execution of file A is a critical process - I need help with stopping the crash, while maintaining a digital signature in the secondary files (so that their own macros can execute).
Event Viewer error shows the following:
Faulting application name: EXCEL.EXE, version: 15.0.4667.1000, time stamp: 0x543d366c
Faulting module name: mso.dll, version: 0.0.0.0, time stamp: 0x5447696f
Exception code: 0xc0000602
Fault offset: 0x011aafdd
Faulting process id: 0x2d58
Faulting application start time: 0x01d01e17eafcd0bb
Faulting application path: C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll
JL Latham replied:
Tom, all I can give you is relatively non-information. I haven't experienced that type of behavior even in Excel 2013 with digitally signed macros in multiple workbooks. But my digital signature is a commercial one from DigiCert, not
self-cert. I'm not even sure what piece of Excel or Office processes the digital signature (that is, whether it is mso.dll or not). But your whole process has more moving parts than most of mine involving multiple workbooks do - I quite often turn
off .EnableEvents when doing things like that just so event driven macros in the other workbook(s) do not execute.
Do the macros in the 'B files' have to execute during all of this processing in file A? If not, have you tried turning interrupts off:
Application.EnableEvents = False
before starting to work with the B-files? Maybe something in them, such as a Worksheet_Change() or other event triggered process is messing things up?
If you do use Application.EnableEvents=False, remember that you MUST re-enable that later in the code with Application.EnableEvents=True to get responses to things like button clicks, changes in a worksheet or other event driven processes
to run 'normally' again.
Have you looked at this discussion:
http://answers.microsoft.com/en-us/office/forum/office_2013_release-excel/excel-2013-crashing-immediately-when-attempting-to/ea2ab100-5525-4a0d-a3cf-6977319f954f
Sounds very similar to yours - original signature created in 2007, and crashing in 2013. Some suggestions were made, but whether they fixed the issue or not is unknown: OP never came back and said "fixed it" or "didn't fix it".
I replied:
In answer, the secondary B files don't execute any part of their macros during the A file process, and I hadn't included an EnableEvents = False within the file A code. However, I have just tried it to check if it made any difference and unfortunately it didn't.
I had read the thread you gave a link to before posting, and also the sub threads given within that one, but didn't see anything I thought of immediate parallel other than an Excel 2013 crash.
The way I read the linked thread was that a User added a signature in Excel 2007 and when they tried to open the file Excel (2007?) crashes, although other people using Excel 2013 can open it (not clear whether it means others can open the one with
the 2007 signature or without it).
Anyway, the differences in my situation are that:
(1) my B-files were originally created in Excel 2007 on a different laptop to current and had their own signature attached. I maintain a 'stock' of B-file versions, some of which have the old signature and some the new. If I run the A-file macro
on one of the B-files with the old signature then it executes ok;
(2) I am able to open the B-files ok, no matter whether the signature in them derives from the old laptop with Excel 2007 or the new laptop with Excel 2013;
(3) the macros within the B-files execute ok (this includes any versions of the B-files which still have an old signature attached, by removing the old signature and replacing with the new and executing on the new laptop);
(4) the offending operation which triggers the crash (when the B-files have the new signature attached) is a Resize of the Excel Tables within the B-file. I understand that I may eventually have to find a workaround for this operation but initially
I want to sort out the signature issue (I'm reasonably sure the signature issue is not a red herring where the Resize is the 'real' problem).
Regards, TomHi,
According to your description, this issue occurred with some particular files that stored in SharePoint site. Did the user download the file to local disk to print?
Based on the event log >>Faulting module name: EXCEL.EXE<<, it does not show the root Faulting module. Thus, please try to follow this KB to do general troubleshooting:
https://support.microsoft.com/en-us/kb/2758592
Then, if you have used "printer status application", please go to Device settings -> Installable options -> Printer Status notification and select disable.
If this issue still exists, we may need to collect the App crash dump file:
https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
You can try to analyze dump by yourself if you would like to:
How to analyze app crash dump file:
http://blogs.technet.com/b/askperf/archive/2007/05/29/basic-debugging-of-an-application-crash.aspx
Regards,
George Zhao
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How do I delete a digital signature field?
I have Adobe Acrobat Pro 9 on Snow Leopard. I created a digital signature for a PDF file but it didn't look good, so I decided to delete it. I figured out how to delete the signature, but the signature field with the little red arrow did not delete with my signature. I want my PDF form to revert to the way it was before I created the signature. I cannot simply close the PDF without saving because I'd lose all the information I've already entered. Stupid me forgot to save before attempting the digital signature.
HOW CAN I DELETE the digital signature field? Help!Hi SM,
The place to look for permission settings is on the Security tab of the Document Properties dialog. You can get there by selecting the File > Properties menu item and then select the Security tab.
One thing to note is if the file is Reader Enabled you will need to use the File > Save a Copy menu item to create a non-Reader enabled version of the file. You cannot edit a Reader Enabled file. As an aside, the Save a Copy menu item won't be there if the file is not Reader Enabled.
If the file was created using Designer (which is only on Windows and I know you are using a Mac) then it has to be edited in Designer.
If the file was certified, then you need to remove (clear) the certifying signature before you can edit the file, and to do that you must have access to the private key that was used as part of that signature operation.
Finally, if the file is encrypted (e.g. Password Security or Certificate Security), you can edit the file, but you have to get Acrobat to realize you are the document owner which means you need the Permissions password or or logged in using a document owners digital ID (the former is only for Password Security and the latter is only for Certificate Security).
Steve -
How to Print Digital Signature in Smart forms.
Hi Experts,
Any one please help me how to use digital signatures in SMARTFORMS.?
Which are the tables used to store digital signatures and please any one have any demo program which prints the the digital signature using smartforms kindly let me know.
Thanks,
Sunil kairam.Hi Sunil,
After doing some research in sdn and other sources i found the following result...
Digital Signatures are nothing but graphics that we can store in SAP and use in our Smart Forms.
For Example you can create a .bmp file of your signatures, upload it via SE78, and then use it in your Smart Forms in your Footer Area as "Authorized Signatory".
The Logic in the Print Program can be something as follows -
1. Maintain a Z Table having fields like PLANT, FORMID (Name of the SmartForm), USERID.
2. Before calling the Form, the validation is made for the Logged in User with the Z Table created.
3. If the User Entry exists in the Z-Table, the Form is called and the Signature Image is displayed in the Footer Block i.e. the Authorized Signature.
4. If user entry does not exist in the Z-Table then the message is displayed "You are not the Authorized for Printing the Form" and exits the Transaction.
refer to these links:
[http://help.sap.com/saphelp_nw04s/helpdata/en/23/c8b4cb4b3847a9bc32fe100f368411/frameset.htm]
[http://help.sap.com/saphelp_nw04/helpdata/en/21/530b37cb3ed605e10000009b38f936/frameset.htm]
if u find some info on the topic pls let me know..
best of luck!!!
thanks
ravi -
Digital signatures and combining PDFs in Acrobat X
I hope that one of you Acrobat gurus can help me out with one or more of these questions:
Is it possible to maintain digital signatures when inserting signed PDFs into another PDF?
Is it possible to remove a digital signature after a signature has been deleted from the page?
Is it possible to change the format of the date and time on a digital signature?In the simplest sense a digital signature is a special checksum of all the bytes in the bytes in the PDF combined with all the bytes in the digital signature. If the document is changed in any way the checksum changes, so the signature becomes invalid. A valid signature ensures that the document hasn't changed since the signature was applied. That stuff that's shown on the signature field is irrelevant. It's just a pretty picture. The real stuff is going on inside the PDF where you can't see it.
Obviously it gets a lot more complext then this. The signature can be selectively applied so that the certain types of changes are allowed. A signature does not add real protection to a PDF, but Acrobat plays along with this scheme by trying to not allow changes that would invalidate the signature, and logging all modifications to the PDF.
1) There are ways to maintain the visual appearance of the signature on the page. If the permissions have been set to allow it the PDF can be flattened, which also partially removes much of the stuff that's going on internally. But this isn't always possible. I had to solve this problem once for a client, so I wrote a plug-in that strips the signature permissions from the PDF (I'll post this to www.pdfscripting.com sometime soon), after which the the PDF can be flattened, keeping the appearance. But of course, after this point the document has to be considered invalid. For example, if the document was a contract, the flattened version would be good for use in an analysis of say all contracts for a particular year, or for copying legal language to another contract, but it couldn't be used as the basis of a legal dispute.
2) I don't understand this one. Do you mean you're deleting the signature field and some of the internal digital signature stuff is still hanging around causing problems? If you own the signature (or the permissions allow), then a standard form reset will "Un-Sign" the PDF. Inserting PDF pages into another PDF will strip out all this info as well.
3) The stamp appearance is set at the time the stamp is applied, it cannot be changed after this point. It's a lot like a PDF stamp.
Thom Parker
The source for PDF Scripting Info
pdfscripting.com
The Acrobat JavaScript Reference, Use it Early and Often
http://www.adobe.com/devnet/acrobat/javascript.html
Then most important JavaScript Development tool in Acrobat
The Console Window (Video tutorial)
The Console Window(article) -
Digital Signatures on TechNet Gallery - thoughts?
I've recently obtained a code-signing certificate from DigiCert (who are awesome, and offer these certs for free to MVPs for personal use), and was thinking of going back and signing the various bits of script that I've posted to the TechNet Gallery. However,
most of these posts are code fragments (individual functions, etc). The intention isn't that the user will run them as-is, but just copy and paste the code into their own modules, profiles, scripts, or whatever.
This means that my signature would be thrown out anyway before the code is executed, but there may still be some benefit in verifying, at the time of download that the code hasn't been modified in any way since I originally uploaded it (say, for instance,
if someone manages to gain unauthorized access to my Microsoft account or the TechNet Gallery in some way.)
The only one I've signed so far is the Enhanced Script Logging Module, because that is uploaded as a zip file that contains, among other things, a compiled DLL. Not only is that one intended to be run as-is, but it's also harder for people to
verify that the DLL file is safe to run.
What do you think? Worth the time to go back and sign / re-post everything else?Hey Len
there is an internal mailing list for Oracle folks - drop me a mail for it.
that said, the standalone release of Publisher supports a site wide(no support for user digital signatures) digital signature that will be added to all PDF documents that BIP generates.
Please check the documentation for more info - http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/e12188/T421739T475591.htm#5013688
regards
Tim -
Hi
This is my freshclam.log file for SERVER1
ClamAV update process started at Fri Sep 29 09:40:16 2006
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/faq.html for an explanation.
ERROR: Can't get information about clamav.bkbhosting.com: No IP address
Trying again in 5 secs...
ClamAV update process started at Fri Sep 29 09:40:21 2006
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/faq.html for an explanation.
ERROR: Can't get information about clamav.bkbhosting.com: No IP address
Giving up on clamav.bkbhosting.com...
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
1. During the installation of GMP package there was no error but
clamav is not supporting DIGITAL SIGNATURES?
2. What i have to do to enable the digital signature support ?
3. can i run the clamav without DIGITAL SIGNATURES support ??
========================================
This is freshclam.log for my another SERVER2
ERROR: Can't save PID to file /var/run/freshclam.pid: Permission denied
freshclam daemon 0.88.4 (OS: solaris2.9, ARCH: sparc, CPU: sparc)
ClamAV update process started at Fri Sep 29 12:10:24 2006
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
daily.cvd updated (version: 1950, sigs: 6540, f-level: 8, builder: sven)
Database updated (70678 signatures) from clamav.antispam.or.id (IP: 222.124.18.201)
Clamd successfully notified about the update.
4.I think here every thing is ok except freshclam.pid file?
5.In both the servers i have installed the same packages
but the server1 is not supporting DIGITAL
SIGNATURES?
Thanks in AdvanceWhile I've installed and gotten ClamAV working, I actually use the ClamAV mailing group for help.
None of us, here, are really ClamAV experts. I suggest you join the ClamAV group, and ask there.
What I see is that you need to configure Freshclam so it knows where to find the data to update ClamAV. This is part of the installation/configuration. Check the URL in the error message for more help, there. -
Implementing XAdES in Java XML Digital Signature API
Hi,
I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #SignP
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed,but while validating:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#SignP] is valid: falseHow can I fix this?
Signer class:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.utils.IdResolver;
public class SignatureTest1 {
public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
public static String signatureID="Sig1";
public static String signedPropID="SignP";
public static void main(String[] arg) {
try{
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
List<Reference> refs = new ArrayList<Reference>();
Reference ref1 = fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform
(Transform.ENVELOPED, (TransformParameterSpec) null)),
null, null);
refs.add(ref1);
Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
refs.add(ref2);
SignedInfo si = fac.newSignedInfo
(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
refs);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =
dbf.newDocumentBuilder().parse("purchaseOrder.xml");
DOMSignContext dsc = new DOMSignContext
(kp.getPrivate(), doc.getDocumentElement());
dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
QPElement.setAttributeNS(null, "Target", signatureID);
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
SPElement.setAttributeNS(null, "Id", signedPropID);
IdResolver.registerElementById(SPElement, signedPropID);
QPElement.appendChild(SPElement);
Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
QPElement.appendChild(UPElement);
DOMStructure qualifPropStruct = new DOMStructure(QPElement);
List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
xmlObj.add(qualifPropStruct);
XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
List objects = Collections.singletonList(object);
XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
signature.sign(dsc);
OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}catch(Exception e){
e.printStackTrace();
try{
Validator.main(null);
}catch(Exception e){
System.out.println("Validator exception");
e.printStackTrace();
public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
String qName = prefix == null ? tag : prefix + ":" + tag;
return doc.createElementNS(nsURI, qName);
}Validator class:
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.*;
import java.io.FileInputStream;
import java.security.*;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
* This is a simple example of validating an XML
* Signature using the JSR 105 API. It assumes the key needed to
* validate the signature is contained in a KeyValue KeyInfo.
public class Validator {
// Synopsis: java Validate [document]
// where "document" is the name of a file containing the XML document
// to be validated.
public static void main(String[] args) throws Exception {
// Instantiate the document to be validated
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =
dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
// Find Signature element
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
DOMValidateContext valContext = new DOMValidateContext
(new KeyValueKeySelector(), nl.item(0));
// unmarshal the XMLSignature
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature (generated above)
boolean coreValidity = signature.validate(valContext);
// Check core validation status
if (coreValidity == false) {
System.err.println("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
System.out.println("signature validation status: " + sv);
// check the validation status of each Reference
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
boolean refValid =
((Reference) i.next()).validate(valContext);
System.out.println("ref["+j+"] validity status: " + refValid);
} else {
System.out.println("Signature passed core validation");
* KeySelector which retrieves the public key out of the
* KeyValue element and returns it.
* NOTE: If the key algorithm doesn't match signature algorithm,
* then the public key will be ignored.
private static class KeyValueKeySelector extends KeySelector {
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
throws KeySelectorException {
if (keyInfo == null) {
throw new KeySelectorException("Null KeyInfo object!");
SignatureMethod sm = (SignatureMethod) method;
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xmlStructure = (XMLStructure) list.get(i);
if (xmlStructure instanceof KeyValue) {
PublicKey pk = null;
try {
pk = ((KeyValue)xmlStructure).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
throw new KeySelectorException("No KeyValue element found!");
//@@@FIXME: this should also work for key types other than DSA/RSA
static boolean algEquals(String algURI, String algName) {
if (algName.equalsIgnoreCase("DSA") &&
algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
return true;
} else if (algName.equalsIgnoreCase("RSA") &&
algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
return true;
} else {
return false;
private static class SimpleKeySelectorResult implements KeySelectorResult {
private PublicKey pk;
SimpleKeySelectorResult(PublicKey pk) {
this.pk = pk;
public Key getKey() { return pk; }
}PurchaseOrder.xml
<?xml version="1.0" encoding="UTF-8"?>
<PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
<Street>One Network Drive</Street>
<Town>Burlington</Town>
<State>MA</State>
<Country>United States</Country>
<PostalCode>01803</PostalCode>
</Address>
</Buyer>
</PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
<Street>One Network Drive</Street>
<Town>Burlington</Town>
<State>MA</State>
<Country>United States</Country>
<PostalCode>01803</PostalCode>
</Address>
</Buyer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>I believe the problem is that you are not explicitly adding the xades namespace
attribute to the SignedProperties element before generating the signature. Thus,
the namespace attribute is not visible when canonicalizing, but when you serialize the
DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
attribute is visible and is added to the SignedProperties element, which breaks the
signature.
You must always explicitly add namespace attributes using the Element.setAttributeNS
method. Try changing the following code from:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
to:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS); -
Unable to add digital signatures using Adobe LCES Digital Security
I have tried running the Sample Java code to add digital signature fields and add signatures. I am getting errors. The log file shows:
com/adobe/idp/Context
Jan 2, 2009 4:00:14 PM com.adobe.livecycle.signatures.common.CommonBaseException logException
SEVERE: ALC-DSS-300-000 Generic SignaturesBaseException (in the operation : addSignatureField)
Caused By: com/adobe/idp/Context(EjbMessageDispatcher.java163)
Caused By: com/adobe/idp/Context(Class.java-2)
ALC-DSS-300-000 Generic SignaturesBaseException (in the operation : addSignatureField)
Caused By: com/adobe/idp/Context(EjbMessageDispatcher.java163)
Caused By: com/adobe/idp/Context(Class.java-2)
com.adobe.livecycle.signatures.client.SignatureServiceClient.addSignatureField(SignatureSe rviceClient.java:342)
apple.AddSignatureField.main(AddSignatureField.java:53)
Caused By: com.adobe.idp.dsc.DSCException
com.adobe.idp.dsc.provider.impl.ejb.EjbMessageDispatcher.doSend(EjbMessageDispatcher.java: 163)
com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispatc her.java:57)
com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
com.adobe.livecycle.signatures.client.SignatureServiceClient.addSignatureField(SignatureSe rviceClient.java:324)
apple.AddSignatureField.main(AddSignatureField.java:53)
Has anyone worked with the JAVA API to add digital signatures on to a PDF file using Adobe LiveCycle ES 8.2? If yes please let me know.
- RaghaThis was traced back to one of the ini files still having a folder name from the last instance installed (i.e. SERVER6).
So it is fixed
Maybe you are looking for
-
My old computer (a Sony) with my iTunes crashed. I have a new MAC and want to make sure I can keep all of my music (mostly from old CD's that have been lost). I bought iTunes match hoping that would work but it isn't using the data on my phone. HELP!
-
To split the payment document value as per the line items of the P O
To split the payment document value as per the line items of the purchase order in the period of payment, so that the payment amounts are measured against the Capex order assigned as account assignment in the purchase order.(Account assignment tab f
-
Hi Every body, Could any one please send me a sample soft copy of Chart of accounts relating to a Construction Company. We are implemeting Oracle Financial now we are in a bigning stage. For the test purpose I need a sample copy of a chart of account
-
Hello Experts, I have a standard Rebate Scenario. I have Rebate Agreement created for a recepient. I also have some invoices for the same. But when I check Invoices they are not updated with the Rebate Conditions. When I tried to run VBOF it did not
-
Character Set Syntax In Creating A New Database
What is the correct line of syntax for this block of code in order to make the default character set WE8ISO8859P1? I tried the following but the database will not accept the Swedish or French characters. create database DEL1 controlfile reuse logfile