Digital Signature validation

I have been using digital certificates to sign pdf documents for approximately a year.  The signatures can be checked against  a CRL which is provided on the internet.  So far Adobe Acrobat Reader has worked fine, retreiving CRLS and validating certificates.
Today I found out that since renewing expired certificates ( the default lifetime was set to 1 year) the  signatures on old signed documents are unverified .  The local time of the computer was stored in the signature not a timestamp. 
I found that reader defaults to using the local time of the computer to validate an old signature when a timestamp is not used, this has been rectified in 9.1 so that it uses to date that the signature was generated (why on earth would it use anything else!).  I now have the signatures validated by changing this setting providing the date range of the CRL in the reader encompases the end date of the certificate.
However, when the reader updates the CRL in the cache and the new CRL date range does not include that of the original signature the reader throws up an error stating that the CRL is invalid or expired.
How can I get it to agree pass the validation without turning off revocation checking?  I have the CRLs that were in force at the time of the signing but there is no way I can provide them to the reader.  How can I make the reader apply the current and valid CRL to the old documents.  The expiry date of the old certificates are still in there?
I always thought that not having to keep a CRL history for expired certificates was a dumb idea when I read the documents, but I didn't imagine that old signatures would become invalid when the certificate expired (mine have become invalid less thant 5 days after the documents were signed.  What were the developers thinking.
This is pushing toward creating certificates with lifetimes of 100's or thousands of years so that they can always be validated.
Anybody have a working solution.

I have found a solution.to this
Using a virtual machine I set the date on the system back to a point in time when the certificates were all valid.  I then create a new crl with a lifetime which makes it valid for one month from the real date (today).  I then set the date back and copy the crl to the distrubution point.
Hey presto, acrobat reader loads the crl and is quite happy to accept it even though it has events recorded in it that happened after the date on which it was created!.
Problem solved, but for how long?

Similar Messages

  • Please help me with the digital signature validation problem?

    Please help me with the digital signature validation problem?

    Hi
    Execute the program in the Debuggin mode.
    In the Debugger Window
    Select Breakpoint -> Break point at -> Breakpoint at source code Menu Item and enter the details of the program/include/line no..
    Activate the System Debugger On from the Settings Menu.
    Hope this would help you.
    Murthy
    Edited by: Kalyanam Seetha Rama Murthy on Jul 18, 2008 7:20 AM

  • Digital Signature validation issue in Adapter Module

    Hi guys,
    we have developed an adapter module for digital signature validation, unfortunately, it simetimes work, sometimes doesnt. Strange is, that the same adapter module works for one customer, while for another one doesn't.
    We have sent through some "invalid" messages, which should have been valid at the client, where the module works and theu were flagged as valid. It seems the problem is caused by "special" spanish characters, because validation works for the messages where are only standard chars.
    Any idea, what to check? Java version, system encoding?
    Any help appreciated,
    Olian

    Hi,
    Not really sure about what causes such issues, but if your module coding uses String and byte[] manipulation, are you using explicite encoding when declaring such types ? I remember facing strange issues with XML field values, and "forcing" encoding to "UTF-8" when appropriate, it solved all my errors (string typed object, when converted internally by the JVM, were not always represented by the same bytes object)
    Hope this helps
    Chris

  • Digital Signature Validation process goes into unending state

    Hi all
    I am working Adobe Digital Signatures in Web Dynpro Java applications. I have been using [this|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/com.sap.km.cm.docs/media/streamingmedia/developer-areas/user-interface-technology/interactive-forms/securing%20online%20interactive%20forms%20by%20adobe%20(Session%208)/index.html?slide=] webinar to follow steps to configure SSL and validation of Digital Signatures.
    After doing all necessary configurations, I am able to run my web dynpro applications containing interactive forms in secure mode.
    But when I sign with digital signature and try to validate the form, the application keeps on processing and shows no result.
    I tried debugging my application but control does not reach my button action code. I am clueless.
    I would be thankful to receive any hints or pointers from you.
    Thanks in advance.
    Kapil

    Following blog discusses solution to this prob
    /people/kapil.kamble/blog/2009/07/08/experimenting-with-digital-signatures-in-sap-interactive-forms-by-adobe
    Kapil

  • Digital signature valid or invalid depending on the signing Windows user

    I have a very strange problem and was not able to determine how to resolve it because I quite don't undestand the mechanisms of signing, it seems.
    I have a digital signature issued by a member of the "Adobe Approved Trust List". If I sign a document with Adobe Reader XI or Adobe Acrobat XI Standard logged in with one Windows user account the signature appears valid on any other Windows user account. If I use another Windows user account and sign the document with the same digital signature the signature is invalid in this Windows user account and any other.
    I didn't change any settings in any of the Adobe products. I use the standard configuration as present just after a fresh install.
    One thing I already checked, which nevertheless doesn't explain this strange behavior, is to enable Windows-Integration in the signature configuration of the Adobe products. If this is enabled both documents (the one signed with the "good" Windows user account and the other signed in a "bad" one) show the signature as valid on any Windows account.
    So I am wondering if, besides the signature itself, anything else is integrated into a document while being signed that could explain that behavior and, if this is the case, where the setting, trigger, whatsoever, is, to set up Adobe correctly.
    Please help.

    What do you mean by "signature is invalid"? Is it a a red X or is it Unknown? A problem with trust results in the "Unknown" status, not "Invalid".
    In any case, inspect the signature, first in the Signature panel. It will tell you some info about what's wrong with this signature. Then right-click on the signature and select "Show Signature Properties". You'll get a dialog with more info. In this dialog select "Show Signer's Certificate". Check the chain (in the left pane) and "Revocation" tab for each certificate in the chain.
    Compare this info for signatures created on a "good" account and "bad". My guess is that the "bad" account is lacking some certificate-related component.and the "good account has it. The fact that if you turn on Windows integration signature becomes valid tells me that it is something related to account.
    Another thing to try is this. Go to C:\Users\<username>\AppData\Roaming\Adobe\Acrobat\11.0\Security folder and see if it has CRLCache folder. If it has, delete it and try to sign again.
    Also compare the preferences. Check the Edit->Preferences->Signatures->Verification->More->Verification Time preference. Is it the same on both accounts? Is it "Time when the signature was created"? Is the "Include signature's revocation status" check box in  Edit->Preferences->Signatures->Verification->More->Creation and Appearances->More checked in both accounts?

  • Digital Signature Validation Issue

    Hi All,
    I have a problem with my digital signature fields. Whenever the user digitally signs the form, there is a message that says that the form is "Signed and all signatures are valid, but with unsigned changes after the last signature". When I open the signature panel (in Adobe Reader or in the Preview PDF tab of Livecycle) the form indicates that a bunch of fields located on the Master Page were deleted and then added (see below). Does anyone know what is causing this or how to fix it?

    I'm having the same issue as well. In addition to the additions/deletions to the master pages, the signature panel indicates that a field on the title page of my form was filled in after validation. I ran a temporary script on the signature field's postSign event, using Acrobat's signatureGetModifications() method, to narrow down where the updates are occurring, and it seems that they're taking place either at the same time the signature is validated or just after. The form is set to automatically preserve scripting changes when it is saved; switching to "manual" doesn't help. Turning field locking on/off doesn't work, either. Once the form has been saved and reopened, though, the problem disappears and the signature validates correctly.
    UPDATE 30 DEC 14: The master pages that are being "modified" have separate content areas for navigation buttons; it's these CAs, and their associated subforms and buttons, that Acrobat reports as being modified. I tried commenting out the scripts on the buttons' click events without success.
    UPDATE 15 APR 15: I've compared the preSign version of the XML for the field that's being modified with the postSign version and found that the XML is somehow being modified by the act of signing the document. To clarify: I need to fill in a date field on my form to indicate when the form is closed out. I have the signature field's preSign set up to add the current date to the date field. The preSign XML includes <value> and <date> tags, which are missing from the postSign version. Why would applying a signature modify the form's XML?

  • How do I control the certificate chain construction performed by Acrobat Reader during digital signature validation?

    I work in the federal government where there are many certificate authorities and cross certified certificate authorities. Acrobat Reader is building hundreds of certificate chains in attempting to find a trusted root for the signers certificate. It is taking 4 minutes to validate the signature!
    The image is the 15th screen shot showing three chains per screen shot. The window elevator has barely moved!

    I am now using Adobe Acrobat Reader 11. Signature validation is much better! Perhaps 10 seconds. The only issue I see that the detail pages have misleading messages. The Signature Properties window has no complaints about the signature but the Show Signer's Certificate page still complains about not valid trust anchor.

  • Digital Signature validation with expired TSA certificate

    Hi,
    I used Adobe Acrobat 8.2 to sign a PDF document with "certifying signature" (note: not approval signature) using a self-signed certificate and a remote TSA.  I did NOT embed long term validation information as described here
    http://help.adobe.com/en_US/Acrobat/9.0/Standard/WS934c23d7cc8877da1172e0811fde233c98-8000 .html
    The TSA certificate expired on a few days ago and now I am getting "not time valid" error on the TSA certificate (see attached mage)
    The signature validates fine since I get the ribbon icon at the top for certified document as described here:
    http://www.adobe.com/devnet/acrobat/pdfs/validation_cheat_sheet.pdf
    The problem is that I don't get the Clock symbol on the timestamp because Signature Properties says
    "signature is timestamped but timestamp could not be verified"
    The trust settings for all certificates are fine.
    I also changed "Verification Time" in Edit-->Security-->Advanced preferences to be "Time signature was created".
    I validated the signature using Adobe Reader 8 as well as 9 and got the same error.
    What am I doing or expecting that is wrong ?
    Appreciate any help!

    Thanks.  That worked!   Back in the sunshine again
    The message is as seen below : "signature is timestamped but TS has expired"
    I am assuming this is the right message.  If not, do respond.

  • XML digital signature validation problem - ArrayIndexOutOfBoundsException

    Hello,
    During validation of XML signature ( boolean coreValidity = signature.validate(valContext); ) , I get error:
    javax.xml.crypto.dsig.XMLSignatureException: java.lang.ArrayIndexOutOfBoundsException
         at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source)
         at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
         at GenSig.verify(GenSig.java:313)
         at GenSig.main(GenSig.java:545)
    The problem happens when validation process is checking reference to a file, which size is bigger than 50 KB. The same file if it is smaller than 50KB - makes no problems.
    Can anyone tell, how to avoid this problem?
    P.s. I'm working on Java 1.6
    Here is the log:
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
    FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
    FINE: I was asked whether I can resolve adoc1200922024845.pdf
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
    FINE: I state that I can't resolve adoc1200922024845.pdf
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
    FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem engineCanResolve
    FINE: I was asked whether I can resolve adoc1200922024845.pdf
    2009-06-18 08.59.53 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem engineCanResolve
    FINE: I state that I can resolve adoc1200922024845.pdf
    2009-06-18 08.59.53 org.jcp.xml.dsig.internal.dom.DOMReference dereference
    FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
    2009-06-18 08.59.53 org.jcp.xml.dsig.internal.dom.DOMReference dereference
    FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheOctetStreamData
    javax.xml.crypto.dsig.XMLSignatureException: java.lang.ArrayIndexOutOfBoundsException
    javax.xml.crypto.dsig.XMLSignatureException: java.lang.ArrayIndexOutOfBoundsException
         at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source)
         at org.jcp.xml.dsig.internal.dom.DOMReference.validate(Unknown Source)
         at GenSig.verify(GenSig.java:313)
         at GenSig.main(GenSig.java:545)
    Caused by: java.lang.ArrayIndexOutOfBoundsException
         at java.lang.System.arraycopy(Native Method)
         at com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream.write(Unknown Source)
         at org.jcp.xml.dsig.internal.DigesterOutputStream.write(Unknown Source)
         at com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream.write(Unknown Source)
         at com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream.write(Unknown Source)
         at com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput.updateOutputStream(Unknown Source)
    <...>

    Well I came to "not nice"solution - instead of validating all XMLSignature with one standard function ( boolean coreValidity = signature.validate(valContext); ), I validate it in parts:
    1. Check if signature value is ok.: boolean sv = signature.getSignatureValue().validate(valContext);
    2 Start checking all references:
    A. if reference leads to whole file - then I read file and calculate digest value:
    MessageDigest md = MessageDigest.getInstance("SHA");
    md.update(buffer, 0, length); // buffer - bytes[] of file
    byte[] raw = md.digest(); // get digest valueB. if reference is only to some part of file (just to some XML element), then I validate it by reference: boolean refValid = r.validate(valContext);

  • Digital Signature Validation falis

    I am able to sign the documet.But when i validate , it fails.
    Can anyone help me identify what i am doing wrong.
    my XML with singed content :
    <Data>
    <Name id="1">Doe</Name>
    <Address>900 N. Michigan Ave</Address>
    <City>Chicago</City>
    Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <CanonicalizationMethod Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
    <Reference URI="">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
    </Transforms>
    <DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1" />
    <DigestValue>76zcPvLBWmU4TOU1sOWkC4JDhoA=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>Kb/sxAEihzsGdglrn18vZiJDYoJtRVwLoAm6p7dj8h90ZN/O909+Wg==</SignatureValue>
    KeyInfo>
    <X509Data>
    <X509Certificate>MIIDDjCCAssCBD9OHkgwCwYHKoZIzjgEAwUAMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgT B1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vu a25vd24xEDAOBgNVBAMTB1Vua25vd24wHhcNMDMwODI4MTUyMjQ4WhcNMDMxMTI2MTUyMjQ4WjBs MRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAw DgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMIIBuDCC ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7 WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E +4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUC gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo FhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWf BpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAM3ggtd5Nk+c3yDnQWtejbjnKPMyxcWZq3zbgFeTsKz2 KuWHtX3kyYT75noYqwNHptP4tvW1S6ayNF1yKVWg/28XwT4KAMNj8dBJQ4K6xHcGP19SkfnGlBoh hniQ8m6r6E8CX87VrcXAA3NwyfqxvVqsic1haEeTnnjdij1jKPCyMAsGByqGSM44BAMFAAMwADAt AhUAhN8q+NKUhQNkM/4cTEHQvrl4xI0CFCbgfHawM6hvjAUWzcm2q231Jvfa</X509Certificate>
    </X509Data>
    <KeyValue>
    <DSAKeyValue>
    <P>/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu K2HXKu/yIgMZndFIAcc=</P>
    <Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q>
    <G>9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL Zl6Ae1UlZAFMO/7PSSo=</G>
    <Y>zeCC13k2T5zfIOdBa16NuOco8zLFxZmrfNuAV5OwrPYq5Ye1feTJhPvmehirA0em0/i29bVLprI0 XXIpVaD/bxfBPgoAw2Px0ElDgrrEdwY/X1KR+caUGiGGeJDybqvoTwJfztWtxcADc3DJ+rG9WqyJ zWFoR5OeeN2KPWMo8LI=</Y>
    </DSAKeyValue>
    </KeyValue>
    </KeyInfo>
    </Signature>
    </Data>
    String keystoreType = "JKS";
    String keystoreFile = "keystore.jks";
    String keystorePass = "xmlsecurity";
    String privateKeyAlias = "test";
    String privateKeyPass = "xmlsecurity";
    String certificateAlias = "test";
    File signatureFile = new File("signature.xml");
    File signatureFile = new File("signature.xml");
    KeyStore ks = KeyStore.getInstance(keystoreType);
    FileInputStream fis = new FileInputStream(keystoreFile);
    ks.load(fis, keystorePass.toCharArray ());
    PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
    privateKeyPass.toCharArray());
    javax.xml.parsers.DocumentBuilderFactory dbf =
    javax.xml.parsers.DocumentBuilderFactory.newInstance();
    javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
    org.w3c.dom.Document doc = db.parse(signatureFile );
    Element sourceElement = doc.getDocumentElement();
    String BaseURI = signatureFile.toURL().toString();
    XMLSignature sig = new XMLSignature(doc, BaseURI ,
    XMLSignature.ALGO_ID_SIGNATURE_DSA );
    sourceElement.appendChild(sig.getElement());
    Transforms transforms = new Transforms(doc);
    transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
    transforms.addTransform (Transforms.TRANSFORM_C14N_WITH_COMMENTS);
    sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
    X509Certificate cert =
    (X509Certificate) ks.getCertificate(certificateAlias);
    sig.addKeyInfo(cert);
    sig.addKeyInfo(cert.getPublicKey());
    System.out.println("Start signing");
    sig.sign(privateKey);
    System.out.println("Finished signing");
    FileOutputStream f = new FileOutputStream(signatureFile);
    XMLUtils.outputDOMc14nWithComments(doc, f);

    Hi,
    Not really sure about what causes such issues, but if your module coding uses String and byte[] manipulation, are you using explicite encoding when declaring such types ? I remember facing strange issues with XML field values, and "forcing" encoding to "UTF-8" when appropriate, it solved all my errors (string typed object, when converted internally by the JVM, were not always represented by the same bytes object)
    Hope this helps
    Chris

  • Can't get Verisign Signature validated in Acrobat

    For the past six monhts I have been unable to get my Verisign digital signature validated in Adobe Acrobat. Just today, I renewed my Verisign certificate for another year. I saved the certificate on my hard drive using a password to secure it. When I certifiy a my signature on a document, the resulting signature icon says "...persona not valid" and the icon in the upper left corner (the head and shoulders of a person) has a question mark on it.
    I am getting frustrated trying to figure out what's gone wrong. Any suggestions would be greatly appreciated.

    Hi Mike,
    In order for a signature to be valid one of the things that must occur is the person validating the signature (in this case you) trust's the signer, or one of the certificates in the signing chain. From the Signature Properties dialog (where you found the text) click on the Show Certificate button. On the left side of the Certificate Viewer dialog you can see the signing chain. At the least it includes your certificate, and if Acrobat could build the chain it will display each issuing certificate up to the self-signed root CA. It usually best if you select the top most certificate in the listbox. Once you highlight the top most certificate click on the Trust tab. Click the Add to Trusted Identities button and then click the OK button on the confirmation dialog, followed by the OK button on the Import Contact Settings dialog. Finally you can click the OK button on the Certificate Viewer dialog and then the Validate Signature on the Signature Properties dialog. At this point you should get a valid signature, but it all depends on whether or not Acrobat could get valid revocation information. Before we go down that path let's see what you get when you revalidate the signature.
    Steve

  • Acrobat 9,10 failing to validate digital signature while Acrobat 8 validating it.

    I am facing an issue while validating a digital signature. I applied a certified signature with “Annotation, form fill-in, and digital signatures” but
    when I apply Redaction “find and permanently remove” on a digitally signed document, Adobe Acrobat 9 and 10 complains that signature is Invalid But Adobe 8 is validating it. I have analyzed  that Adobe Acrobat applying Redaction in append mode and original content of signature  remains unchanged after Redaction.
    Can someone let me know what should be the actual behavior?
    Why Adobe Acrobat 9 and 10 failing to verify the signature even Adobe Acrobat keep enable Redaction which means it is allow to apply in a certified signed document with “Annotation, form fill-in, and digital signatures” option.
    Prompt responses are greatly appreciated!!

    When you sign, you should see where you can select the signature appearance name from a dropdown in the dialog.

  • Validating a digital signature in an xml

    Hi,
    Im working on validating a digital signature from an xml file . Im using the below code to get the value of signature node from the xml file.
    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    I'm getting it as nodelist object . When i try to get the length of the signature element it says 0 and hence it throws me an exception .
    I have to pass this nodeliest object to validate the xml file. Im attaching the xml file as well as the progarm to validate the xml file . Can somebody help me on this.
    Validate.java
    import javax.xml.crypto.*;
    import javax.xml.crypto.dsig.*;
    import javax.xml.crypto.dom.*;
    import javax.xml.crypto.dsig.dom.DOMValidateContext;
    import javax.xml.crypto.dsig.keyinfo.*;
    import java.io.File;
    import java.io.FileInputStream;
    import java.security.*;
    import java.util.Collections;
    import java.util.Iterator;
    import java.util.List;
    import javax.xml.parsers.DocumentBuilder;
    import javax.xml.parsers.DocumentBuilderFactory;
    import org.w3c.dom.Document;
    import org.w3c.dom.NodeList;
    * This is a simple example of validating an XML
    * Signature using the JSR 105 API. It assumes the key needed to
    * validate the signature is contained in a KeyValue KeyInfo.
    public class Validate {
    public static void main(String[] args) throws Exception {
    try
    File file = new File("c:\\test.xml");
    // Instantiate the document to be validated
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
         DocumentBuilder db = dbf.newDocumentBuilder();
         dbf.setNamespaceAware(true);
         //Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("C://signature.xml"));
    Document doc = db.parse(file);
         // Find Signature element
    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    System.out.println("the nodelist value is"+nl);
              if (nl.getLength() == 0) {
         throw new Exception("Cannot find Signature element");
         // Create a DOM XMLSignatureFactory that will be used to unmarshal the
         // document containing the XMLSignature
         XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
         // Create a DOMValidateContext and specify a KeyValue KeySelector
    // and document context
         //DOMValidateContext valContext = new DOMValidateContext
         // (new KeyValueKeySelector(), nl.item(0));
         DOMValidateContext valContext = new DOMValidateContext
    (new KeyValueKeySelector(), nl.item(0));
              // unmarshal the XMLSignature
         XMLSignature signature = fac.unmarshalXMLSignature(valContext);
         // Validate the XMLSignature (generated above)
         boolean coreValidity = signature.validate(valContext);
         // Check core validation status
         if (coreValidity == false) {
         System.err.println("Signature failed core validation");
         boolean sv = signature.getSignatureValue().validate(valContext);
         System.out.println("signature validation status: " + sv);
         // check the validation status of each Reference
         Iterator i = signature.getSignedInfo().getReferences().iterator();
         for (int j=0; i.hasNext(); j++) {
              boolean refValid =
              ((Reference) i.next()).validate(valContext);
              System.out.println("ref["+j+"] validity status: " + refValid);
         } else {
         System.out.println("Signature passed core validation");
    catch (Exception e)
         e.printStackTrace();
    * KeySelector which retrieves the public key out of the
    * KeyValue element and returns it.
    * NOTE: If the key algorithm doesn't match signature algorithm,
    * then the public key will be ignored.
    private static class KeyValueKeySelector extends KeySelector {
         public KeySelectorResult select(KeyInfo keyInfo,
    KeySelector.Purpose purpose,
    AlgorithmMethod method,
    XMLCryptoContext context)
    throws KeySelectorException {
    if (keyInfo == null) {
              throw new KeySelectorException("Null KeyInfo object!");
    SignatureMethod sm = (SignatureMethod) method;
    List list = keyInfo.getContent();
    for (int i = 0; i < list.size(); i++) {
              XMLStructure xmlStructure = (XMLStructure) list.get(i);
         if (xmlStructure instanceof KeyValue) {
    PublicKey pk = null;
    try {
    pk = ((KeyValue)xmlStructure).getPublicKey();
    } catch (KeyException ke) {
    throw new KeySelectorException(ke);
    // make sure algorithm is compatible with method
    if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
    return new SimpleKeySelectorResult(pk);
    throw new KeySelectorException("No KeyValue element found!");
    //@@@FIXME: this should also work for key types other than DSA/RSA
         static boolean algEquals(String algURI, String algName) {
    if (algName.equalsIgnoreCase("DSA") &&
              algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
              return true;
    } else if (algName.equalsIgnoreCase("RSA") &&
    algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
              return true;
    } else {
              return false;
    private static class SimpleKeySelectorResult implements KeySelectorResult {
         private PublicKey pk;
         SimpleKeySelectorResult(PublicKey pk) {
         this.pk = pk;
         public Key getKey() { return pk; }
    test.xml
    <?xml version="1.0" encoding="UTF-8"?><Signature XMLNS="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#CWRT"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VWmTb6knCBXhNjDLp6w5aX79AW4=</DigestValue></Reference><Reference URI="js/weatherData.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aRyqMcnVA7UsxHaq3VPjIzKnR30=</DigestValue></Reference><Reference URI="js/accuweather.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NKBau43TGuOTSwOiFLtC7xgeUxk=</DigestValue></Reference><Reference URI="js/location.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SNowBnKItayjP8hVg2a+qlrNnl4=</DigestValue></Reference><Reference URI="index.html"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ImhqtDT/KgYLUMwhzBjxo7kX16c=</DigestValue></Reference><Reference URI="images/bg_fade_current.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6YBFwLJdH7wLSLwgheOzTgLxe0g=</DigestValue></Reference><Reference URI="images/setdefault.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VD9Ay9DjNvHoCt4QpWI6H5gHo84=</DigestValue></Reference><Reference URI="images/bg_portrait.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eMNhpeowX/LaxFhZ0choyWoGdnU=</DigestValue></Reference><Reference URI="images/form_bg.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xRsfhpWI8R21vXcPd73EJ0SPg4c=</DigestValue></Reference><Reference URI="images/nav_hourly_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>7tBjRZQ6PC5uVRg8J5bAFTmBS4s=</DigestValue></Reference><Reference URI="images/bg_landscape.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>nTZ9DoZPW1UgjEvE3WfSBt3DdYA=</DigestValue></Reference><Reference URI="images/nav_maps_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ywLUlQ+DCMuybGr2YLYDQx85jJw=</DigestValue></Reference><Reference URI="images/nav_graph_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>853j9KcFEpuI5c8e5+0TEpmU33U=</DigestValue></Reference><Reference URI="images/label_forecast.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>2feKnZklWElbyqItqq5Q1bZRtn4=</DigestValue></Reference><Reference URI="images/bg_fade_content_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GDFP4Tcu96NBOCo9qRw7K25l8as=</DigestValue></Reference><Reference URI="images/btn_getlocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>sJajd6TTV4VyB2ibMRl8hM4cV+8=</DigestValue></Reference><Reference URI="images/bg_fade_home.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>joxnBor/RV5uvqc+SiNU613+W6U=</DigestValue></Reference><Reference URI="images/label_hourly.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>uinbV5pKm/XFwNsBjI21m0tYkhs=</DigestValue></Reference><Reference URI="images/wxicons/33.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>X8HvsFhHLUr3624myAcox9QyagQ=</DigestValue></Reference><Reference URI="images/wxicons/37.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ldJztK5xrBf3UOyRkSN9zFAootc=</DigestValue></Reference><Reference URI="images/wxicons/13.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bAah/tMqPUVrXis2iiOZLYo4jRw=</DigestValue></Reference><Reference URI="images/wxicons/16.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UZ2CKfWZN/FCLnILVz8bIXWlRAA=</DigestValue></Reference><Reference URI="images/wxicons/19.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>jRL/Ea5Dcj7DpvKOHnqGvUmpw4Q=</DigestValue></Reference><Reference URI="images/wxicons/18.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>76si6qIfm8bAPKBRIQCQScg0Mow=</DigestValue></Reference><Reference URI="images/wxicons/44.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>HkCAXti0I181Pjqkw2QNTjXN6/8=</DigestValue></Reference><Reference URI="images/wxicons/08.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>OAvQ6xMeMXCFznUUMZyL1frgJQk=</DigestValue></Reference><Reference URI="images/wxicons/20.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BavTiifJ1XKhQx/AO4Y2PywHi+w=</DigestValue></Reference><Reference URI="images/wxicons/12.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NNVCA+3eTGXWUXGjO1G4qoPPDaU=</DigestValue></Reference><Reference URI="images/wxicons/36.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5Wy7pMJKjwc+fdL0+ez3OrhZ/WY=</DigestValue></Reference><Reference URI="images/wxicons/32.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GrhBWg3ODd19NHkdaEyuzUDYGaQ=</DigestValue></Reference><Reference URI="images/wxicons/25.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>kVSt7ZBsrGBlnRp2mnNd4jzbjdc=</DigestValue></Reference><Reference URI="images/wxicons/29.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>CHkrsHgL9qFAKCgxQfGOaBgCg+A=</DigestValue></Reference><Reference URI="images/wxicons/17.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SxQBu2aYDFDTD1N6XXcL/Z9r2G0=</DigestValue></Reference><Reference URI="images/wxicons/05.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UR0ntm9xdDzhcq9m+EqdcDRhk5I=</DigestValue></Reference><Reference URI="images/wxicons/06.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>XUKHRCVRhhgG7M44QlhzFKulVf0=</DigestValue></Reference><Reference URI="images/wxicons/40.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0vBrc/yiUz4pE8epTER19nblmCA=</DigestValue></Reference><Reference URI="images/wxicons/41.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>y5a8jOOsS/qPhcEMQV3Aufb/aNE=</DigestValue></Reference><Reference URI="images/wxicons/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>pch5wjLWZAPSgNO09d1x7SMayY=</DigestValue></Reference><Reference URI="images/wxicons/14.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QoLGKWD8MVS0XxCvkvweDmYg1U=</DigestValue></Reference><Reference URI="images/wxicons/42.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>D9K0JzNNrtpryfckrNQNS87y1BQ=</DigestValue></Reference><Reference URI="images/wxicons/43.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>qlRMGFaqLYTej/k3k1wAGL+GWxM=</DigestValue></Reference><Reference URI="images/wxicons/04.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>a2ftn992/Hl3y1wp9IzsLSSqDdk=</DigestValue></Reference><Reference URI="images/wxicons/30.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6Ad7HYjHxySf33JzQdS/oDTgcno=</DigestValue></Reference><Reference URI="images/wxicons/23.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LsAfryFOtLhgviUgiOXM3z4lBAA=</DigestValue></Reference><Reference URI="images/wxicons/07.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bV4gju3kZ780HDNOVP2lHE1TDW4=</DigestValue></Reference><Reference URI="images/wxicons/22.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AeFmuHupwwVszEvbV94o0rngpCQ=</DigestValue></Reference><Reference URI="images/wxicons/01.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6DsWdqkV1/ub3FaeUeXvxsQxckA=</DigestValue></Reference><Reference URI="images/wxicons/21.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Z4W51hSrbkM5N91/F9xwDJwABb0=</DigestValue></Reference><Reference URI="images/wxicons/38.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Jfl9KECyaQ68D0Fq2iyAHubQYJE=</DigestValue></Reference><Reference URI="images/wxicons/35.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>c1SmObYV0bMJwveQBuyOk/aHjoY=</DigestValue></Reference><Reference URI="images/wxicons/39.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apdCy1y7Bhx4c8j8xZKpw9sLiHQ=</DigestValue></Reference><Reference URI="images/wxicons/34.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>RlUoSL1kyNF/LNHglKJojfidqDo=</DigestValue></Reference><Reference URI="images/wxicons/24.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rp274RE36TIQ/cJqykbC1pfma64=</DigestValue></Reference><Reference URI="images/wxicons/31.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>4T9iGJPK46NYQtmGWyvMhFXqefg=</DigestValue></Reference><Reference URI="images/wxicons/15.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>V/kRSkl8RuSLp5XHkK+Ev2qkA/Q=</DigestValue></Reference><Reference URI="images/wxicons/02.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LnzYacHZQ8dWbBsfY/xIBFf+FhY=</DigestValue></Reference><Reference URI="images/wxicons/26.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>L/fdXr1GduUly+gZoqoHtjSEeug=</DigestValue></Reference><Reference URI="images/wxicons/11.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5tlEUU8jkLu69GjxyKrj/dlCBnE=</DigestValue></Reference><Reference URI="images/wxicons/03.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eVam0Q5Ns+f0ivmOFlayoQjFJuQ=</DigestValue></Reference><Reference URI="images/btn_severe_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xkpq8N5rnVv2QUOOPEC3t2UZ3io=</DigestValue></Reference><Reference URI="images/bg_fade_prefs.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>mGtHZB8HWR4Kr46E9ibtgPqkSjg=</DigestValue></Reference><Reference URI="images/btn_previous.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>tYsSyliuIQHfoqX8Ljjd514gjiY=</DigestValue></Reference><Reference URI="images/btn_search.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Xs3TiHv5GVKqvqKcH4QQTLGeL5M=</DigestValue></Reference><Reference URI="images/nav_calendar_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>km6Jeefk1pbxhKPuKdX0tAikn20=</DigestValue></Reference><Reference URI="images/bg_fade_location.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>dsoQD4U3FStFnFCn9IU8XZOnbZ8=</DigestValue></Reference><Reference URI="images/logo_leaf.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AI6UYnx1653B/rX71hqlXRYayK0=</DigestValue></Reference><Reference URI="images/radar.jpg"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IEaZz7VDYcwgBHJhTFttbNpSr8=</DigestValue></Reference><Reference URI="images/btn_done.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VZYygwwnJmzSykTWnC3UMjx7UVU=</DigestValue></Reference><Reference URI="images/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aXryLm/7bU2iLfP6mwM96Q7iFfk=</DigestValue></Reference><Reference URI="images/btn_plus.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apIaI0Q/XpYkQIZgrE8y4KDpe34=</DigestValue></Reference><Reference URI="images/label_calendar.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Ek3gLnM9lZCvsJrn49FinTEFoc=</DigestValue></Reference><Reference URI="images/btn_severe_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rMRQheIr8WGukddQsbW79yPUa68=</DigestValue></Reference><Reference URI="images/bg_fade_about_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>exAFOiVOEx5VKUopSxkbRc3RTLc=</DigestValue></Reference><Reference URI="images/btn_removelocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BAAQeIMdUoZumMexhxIJFLOXy8M=</DigestValue></Reference><Reference URI="images/label_weathermap.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QLd8kSOk/dq9/PtPl3hycoufBGw=</DigestValue></Reference><Reference URI="images/space.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>lPyPvOmX8EoCzEM8iIruq8hfHIE=</DigestValue></Reference><Reference URI="images/btn_magnify.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3lSDkwWlIMufqacsbJ8dShiDvPc=</DigestValue></Reference><Reference URI="images/btn_next.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5l3/6rRyibJQXlQdSfopJ4Q9e3o=</DigestValue></Reference><Reference URI="images/bg_fade_current_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>klPlC3aqn33AAxtAzDCksik4CXo=</DigestValue></Reference><Reference URI="images/nav_hourly_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>oW7HwXpGfcEz6q1UEixc48IuEf0=</DigestValue></Reference><Reference URI="images/btn_shrink.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/6ORP54At9CAqkQno9aCvbXCF2E=</DigestValue></Reference><Reference URI="images/bg_cal_date.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>g10327Jhy+CE2XXE62b6Ea6cUZg=</DigestValue></Reference><Reference URI="images/key.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>anFOcEcBGzbkeEsfKJ7+y3S2Y0E=</DigestValue></Reference><Reference URI="images/degree_f.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QtJd4lj3Gaqm59G0J6TT87N9jLk=</DigestValue></Reference><Reference URI="images/bg_fade_about.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rYYhIG+rT3f8jPqSuzC65g2BRuE=</DigestValue></Reference><Reference URI="images/degree_c.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0AwnOwXF+1iAySDhG6u+WKGzmEE=</DigestValue></Reference><Reference URI="images/nav_maps_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>B7IsyllFvqC+hrxow9QlM+IdDkQ=</DigestValue></Reference><Reference URI="images/label_graph.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>8dKb7eEM6PKj2NqpJmTIA6d4OZw=</DigestValue></Reference><Reference URI="images/bg_fade_nav.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0gR7yxY7kUde+5gnApaniAR70c4=</DigestValue></Reference><Reference URI="images/nav_forecast_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>T6cSnzVZ6+NYmcJkSxagrBG34VA=</DigestValue></Reference><Reference URI="images/bg_fade_content.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eAAeix95CFcyTRFP0L37wCTiCT4=</DigestValue></Reference><Reference URI="images/nav_calendar_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>+7NYqrzg6E42x4bcSmI7oR+06Ok=</DigestValue></Reference><Reference URI="images/nav_graph_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IuDRMdZ5SGeHtOUrIO6N8Kz2ug0=</DigestValue></Reference><Reference URI="images/logo_accu.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/uv3wU6UomVHWqNw6FnQYutp19g=</DigestValue></Reference><Reference URI="images/nav_forecast_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>x+QqY/MePBUZryW4TH5q+IF1G+g=</DigestValue></Reference><Reference URI="config.xml"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xo9qqZXg+0DwkCx8Kks9jgMLaLA=</DigestValue></Reference><Reference URI="css/accuweather.css"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>wIZ0bV7p0RmG7GEQzl9GoN+MMEs=</DigestValue></Reference><Reference URI="icon.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vReEx8PURNyRoFZDvLHfXSAW5U=</DigestValue></Reference></SignedInfo><SignatureValue>H6RxXxj0OfpZuhbNHUkm048kZ1uzlGUwQV4TadOvFJ0VKHIyjTcJgzx7ApSUmCTjg/5JaRufBjAzihXmd7UTkq+aVm8smRgHpr3puz0w2wKGhPizO0dz4qfw3U7lqV6eLgSDakRj1jnFgqcMVHI+0k5vvYeVxgUVi6bz2b+IbM=</SignatureValue><Object Id="CWRT"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties" ><SignatureProperty Id="profile"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile" /></SignatureProperty><SignatureProperty Id="role"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor" /></SignatureProperty><SignatureProperty Id="identifier"><dsp:Identifier>{247220a7-f378-4151-83d3-6be32024c0ae}</dsp:Identifier></SignatureProperty></SignatureProperties></Object><KeyInfo><X509Data><X509Certificate>MIICzDCCAjWgAwIBAgIBADANBgkqhkiG9w0BAQUFADArMRAwDgYDVQQKEwdSRCBD
    ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZTAeFw0wNDExMTUxMjQyMDZaFw0z
    NzA5MjMxMjQyMDZaMCsxEDAOBgNVBAoTB1JEIENlcnQxFzAVBgNVBAMTDlJEIENl
    cnRpZmljYXRlMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDLRF+r1FGGkCwT
    rb420kbnAps7gi1yYUcXYUdWeFTuBeQe5eW46Y+LWaA8HMlDdoHRB0FgASisYcFa
    gwno9+oFf4AJka4H1gWEs5XTGwAA1s0d8XGh7W7Dt9F5FZij8F7/9Pi6+FhhxZFI
    f1DD+yry9D7+Sp+BgdNALe4XOpf25QIBA6OCAQAwgf0wDAYDVR0TBAUwAwEB/zAL
    BgNVHQ8EBAMCAoQwHQYDVR0OBBYEFFi/kuGzxhVpjGxe9ZwlxC3fH9jFMFMGA1Ud
    IwRMMEqAFFi/kuGzxhVpjGxe9ZwlxC3fH9jFoS+kLTArMRAwDgYDVQQKEwdSRCBD
    ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZYIBADBsBgNVHSAEZTBjMGEGBFUd
    IAAwWTATBggrBgEFBQcCARYHaHR0cDovLzBCBggrBgEFBQcCAjA2GjRGb3IgUiZE
    IHVzYWdlIG9ubHkuIFRoaXMgY2VydGlmaWNhdGUgaXMgbm90IHRydXN0ZWQuMA0G
    CSqGSIb3DQEBBQUAA4GBAHGB4RQMAgBdeT2hxfOr6f2nA/dZm+M5yX5daUtZnET9
    Ed0A9sazLawfN2G1KFQT9kxEParAyoAkpbMAsRrnRz/9cM3OHgFm/NiKRnf50DpT
    7oCx0I/65mVD2kt+xXE62/Ii5KPnTufIkPi2uLvURCia1tTS8JmJ8dtxDGyQt8BR</X509Certificate></X509Data></KeyInfo></Signature>

    >
    // Instantiate the document to be validated
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    DocumentBuilder db = dbf.newDocumentBuilder();
    dbf.setNamespaceAware(true);
    Document doc = db.parse(file);Your problem is that you've instantiated the DocumentBuilder before you've made the factory namespace aware. As a result, does not know against which namespace it is parsing the XML file.
    Change the lines of code to have the factory be namespace-aware before you instantiate the DocumentBuilder and then parse the class. You'll get past your "node not found" error to receive a number of other errors which you need to correct.
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    Document doc = dbf.newDocumentBuilder().parse(file);As a practice when generating an XML document, you should try to validate it inside an IDE like Netbeans/Eclipse before trying to do anything with the document to ensure you've not only got a well-formed XML document, but also one that is "schema-conformant. Your XML signature is not (the Object element cannot come before the KeyInfo element, and the SignatureProperty element is missing the required Target attribute); as a result your Signature element will fail to pass validation even if your code is correct. A cursory review of the XML Signature specs and its XSD is always helpful: [http://www.w3.org/TR/xmldsig-core/].
    Finally, please use the {code} tag for source-code to make it readable. Thanks.
    Arshad Noor
    StrongAuth, Inc.

  • Validating digital signatures successfull on Win7 but fails on Vista/XP/W2K3

    Microsoft has announced (Security Advisory 2880823: Recommendation to discontinue use of SHA-1) that
    they will stop recognizing the validity of SHA-1 based certificates after 2016. Microsoft started to sign their files with digital signatures which use the stronger SHA-2 hashing algorithm. For the countersignatures (Time Stamping Authenticode Signatures)
    they also use SHA-256. These certificates can be validated fine on Windows 7/8 but can't be validated on Windows Vista, Windows XP and Windows Server 2003R2. The status of certificates in the Certification Path are OK but on the older operating systems the
    countersignature seem to be missing... See the forum thread
    EMET 4.1 Update 1: 'The digital signature of the object did not verify.' on Vista/XP in the
    Enhanced Mitigation Experience Toolkit (EMET) Support Forum for several screenshots.
    Can someone explain this behavior and maybe provide a solution?
    W. Spu

    Hi,
    It looks like it is related with this
    https://technet.microsoft.com/library/security/2749655
    This issue might be caused by a missing timestamp Enhanced Key Usage (EKU) extension during certificate generation and signing of Microsoft core components and software.
    Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This
    could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability
    to properly install and uninstall affected Microsoft components and security updates.
    So have you applied this update on XP\Vista\Server 2003?
    http://support.microsoft.com/kb/2749655
    This update will help to ensure the continued functionality of all software that was signed with a specific certificate that did not use a timestamp Enhanced Key Usage (EKU) extension. To extend their functionality, WinVerifyTrust will ignore the lack of
    a timestamp EKU for these specific X.509 signatures.
    Yolanda Zhu
    TechNet Community Support

  • Acrobat is not validating digital signature

    Hi Everybody...
    I have generated a pdf file which includes digital signatures.
    But the acrobat is not validating the digital signature. But if
    we open this file in PDF-xchange viewer, it shows that the
    signatures are valid. Acrobat generates the following error...
    Error during signature verification.
    Signature contains incorrect, unrecognized, corrupted or
    suspicious data.
    Support Information: SigDict /Contents illegal data
    What may be the problem?

    Thank you Bernd for your kind and simple reply  
    I am uploading my file with my certificate which i am using for my digital
    signatures. Please have a deep look at contents entry. Use ASNVIEWER or
    decoder etc......
    Thanks again and Best Regards

Maybe you are looking for

  • Can edit some photos in Photoshop, but not all

    Hi, I recently had to archive and install for a system problem. When I tried to edit photos from iPhoto in Photoshop (which always worked before), I had problems, so I reinstalled Photoshop (actually twice). Now most of my photos will open in photosh

  • TOP OF PAGE printing according to SORT - ALV main internal table

    Hi guys I manage to solve my previous issues but 1 minor problem here Lets say I have an itab which has 3 records Sales Order | Purchase No, | Distributor 1                  |   123               | abc 1                  |   123               | abc 2

  • Accept payments without creating PayPal account on my site?

    Dear community, I'd like to accept credit cards on my site without forcing customers to create Paypal account. Still not the case inspite my efforts. I have Business account.Credit card confirmed.Bank account confirmed.My Selling Tools>Website prefer

  • New Look for Trophy Case

    Nike has updated the Trophy Case and added new features. Below it a link to the image. http://i106.photobucket.com/albums/m253/OwensZilla/TrophyCase.jpg   Windows XP Pro  

  • Successfull installation, But Cannot Launch Application Express 2.2

    Hi I have success fully installed the application express software, but however I could not launch the application express I have followed each and every step given in the installation documents. I have created the marvel.conf file with the following