Issue with validation of signature

Hello,
I am facing a problem in producing a correct signature and I hope someone can help me understand the root of the problem. Most of us are familiar with the Java (Sun) examples of GenDetached, GenEnveloped, GenEnveloping, and Validate code samples. The code below is a small variation of the GenDetached:
public class GenerateDetachedWithManifest {
public static void main(String[] args) throws Exception {
 // First, create a DOM XMLSignatureFactory that will be used to
 // generate the XMLSignature and marshal it to DOM.
 String providerName = System.getProperty("jsr105Provider",
 "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
 (Provider) Class.forName(providerName).newInstance());
 // Create a Reference to an external URI that will be digested
 // using the SHA1 digest algorithm
 Reference ref = fac.newReference("http://www.w3.org/TR/xml-stylesheet", fac
 .newDigestMethod(DigestMethod.SHA1, null));
 Reference xref = fac.newReference("#object", fac.newDigestMethod(
 DigestMethod.SHA1, null), null, "http://www.w3.org/2000/09/xmldsig#Object", null);
 Manifest manifest = fac.newManifest(Collections.singletonList(ref));
 List<XMLObject> objs = new ArrayList<XMLObject>();
 objs.add(fac.newXMLObject(Collections.singletonList(manifest), "object", null, null));
 // Create the SignedInfo
 SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(
 CanonicalizationMethod.INCLUSIVE,
 (C14NMethodParameterSpec) null), fac.newSignatureMethod(
 SignatureMethod.DSA_SHA1, null), Collections.singletonList(xref));
 // Create a DSA KeyPair
 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
 kpg.initialize(512);
 KeyPair kp = kpg.generateKeyPair();
 // Create a KeyValue containing the DSA PublicKey that was generated
 KeyInfoFactory kif = fac.getKeyInfoFactory();
 KeyValue kv = kif.newKeyValue(kp.getPublic());
 // Create a KeyInfo and add the KeyValue to it
 KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
 // Create the XMLSignature (but don't sign it yet)
 XMLSignature signature = fac.newXMLSignature(si, ki, objs, "SignatureIdValue", null);
 // Create the Document that will hold the resulting XMLSignature
 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 dbf.setNamespaceAware(true); // must be set
 Document doc = dbf.newDocumentBuilder().newDocument();
 // Create a DOMSignContext and set the signing Key to the DSA
 // PrivateKey and specify where the XMLSignature should be inserted
 // in the target document (in this case, the document root)
 DOMSignContext signContext = new DOMSignContext(kp.getPrivate(), doc);
 // Marshal, generate (and sign) the detached XMLSignature. The DOM
 // Document will contain the XML Signature if this method returns
 // successfully.
 signature.sign(signContext);
 // output the resulting document
 OutputStream os;
 if (args.length > 0) {
 os = new FileOutputStream(args[0]);
 } else {
 os = System.out;
 TransformerFactory tf = TransformerFactory.newInstance();
 Transformer trans = tf.newTransformer();
 trans.transform(new DOMSource(doc), new StreamResult(os));
}If you wonder why I am doing this the answer is that I am trying to sign a format based on OPC. Anyway, the problem I have is that the output of the above program fails to validate when running the Validate sample. I don't think the issue is with the Validate program because it correctly validates output of a .NET signing application whose behavior I am trying to replicate in Java.
So the question is: why does the above code produce an incorrect signature?
Thanks,
Luis

Can you post relevant sections of the OPC standard (or a link to it) that describes the requirement? Its possible that they have written the requirements differently from the examples. Its also possible that the DSIG library in the JDK only does things in a specifc way (I'll let Sean Mullan weigh in on this part of the discussion if he's monitoring this list/thread - he's the developer from Sun who wrote the library).
Here's the wording from the W3C spec on the Object element:
+"The Object's Id is commonly referenced from a Reference in SignedInfo, or Manifest. This element is typically used for enveloping signatures where the object being signed is to be included in the signature element. The digest is calculated over the entire Object element including start and end tags."+
What you have is neither an Enveloping Signature nor Detached - but a combination of the two. So its possible that the JDK library doesn't work with Object references in this manner (although in theory is should). Based on this thread (XML dsig: Can I sign a SignatureProperty of the Signature? it appears that this theory holds up for child-elements of Object , but not for the Object element itself.
Arshad Noor
StrongAuth, Inc.

Similar Messages

Form Size issue with multiple Digital Signatures

I have created a form (liveCycle 8) with multiple digital signatures required. When each user signs the form, that section of the form is locked using collections. The form is workflow through email after each user signs it. Each time the user signs and forwards the form, the form's size becomes too large.
How can the form be optimized to compress each time an users signs the form?
Thank you,
Lori

Steve,
After your request to post the form, I wanted to removal some company items like the Logo. Once I removed the Logo, I found the biggest issue was a Logo image size that was making the file so large. Once I reduced the image size, the signatures only added 46kb at each signature level.
Thank you for your help,
Lori

Template - issue with validity area - check on multiple usages at once

Hi all
One customer requirement Iu2019m trying to solve, and I donu2019t find a solution, is the following:
When we have two or more validity areas in the generation variant, we want to check on both at the same time in order to get the data on the SDS.
Is this possible or not and, in case it is possible, can someone explain me how to do this?
Thanks in advance.
Two examples.
In the generation variant we have validity areas:
A. REGION SE
 USE_CAT IND
B. REGION NO
 USE_CAT IND
C. REGION NO
 USE_CAT FER
In the specification data of one VAT we have several instances. The usages added to these instances are:
1. REGION SE
 USE_CAT IND
2. REGION SE
 USE_CAT FER
3. REGION NO
 USE_CAT IND
When I use generation variant A, I only want to see instance 1 on the SDS.
When I use generation variant B, I only want to see instance 3 on the SDS.
When I use generation variant C, I donu2019t want to see any instances on the SDS.
I donu2019t find how to solve this.
When I donu2019t use a repeating group type G for validity area, using generation variant A, I get instances 1 and 2. Using generation variant B or C I get instance 3 on the SDS.
When I use a repeating group type G for validity area USE_CAT, using generation variant A or B, I get instances 1 and 3. Using generation variant C I get instance 2 on the SDS.
Similar with the exclude check put.
In the generation variant we have validity areas:
D. REGION SE
 USE_CAT IND
E. REGION NO
 USE_CAT FER
In the specification data of one VAT we have several instances. The usages added to these instances are:
4. REGION SE
 USE_CAT IND excl
5. REGION REG_EU
 REGION SE excl
 USE_CAT FER
6. REGION NO
 USE_CAT IND
When I use generation variant D, I donu2019t want to see an instance on the SDS.
When I use generation variant E, I donu2019t want to see an instance on the SDS
I donu2019t find how to solve this.
When I donu2019t use a repeating group G for validity area USE_CAT, using generation variant D, I get instance 4 on the SDS. Using generation variant E I gent instance 6 on the SDS.
When I use a repeating group G for validity area USE_CAT, using generation variant D, I get instance 6 on the SDS. Using generation variant E, I get instance 5 on the SDS.
Kind regards,
Luk

Hello Luk
You wrote: When I understand the documentation of the validity area's correct, options subset, superset, 1:1, ... always reflect to the relation of the entry in the generation variant and the usage that is maintained one on the data.
This is exactly how the link is done between data in EH&S and the data which show up in WWI document (please exclude the topic of G group at the moment; this is special). Therefore the validity area entered in GenVar is the "Leading" validity area.
Regarding you questions some "basic" work is needed. May be this help you to find new options to solve your issue:
SAP EH&S uses the "validity area type" and the "validity area". Common used are the validity types:
REGION
DGREGION
PLANT
It seems that you have created a new validity area type USE_CAT with validity areas wich you have defined by your own.
I will give you only an overview about the "normal" use of REGION. In this case the validity area is normally a 1:1 relation to a country (defintion is done via customizing). A "special" validity area is REG_WORLD (please refer to SAP docu). REG_WOLRD contains automatically (without further doing) all other validity areas of type REGION. Now it is always possible to generate new "fictive" validity areas. E.g. you Could define the validity area "NAFTA" which would have a link to the countries: US, MX etc. These validiyta areas can be used in data maintenance and in the GenVar as well.
As I have no knowlede how you have defined the USE_CAT" validity areas I can not provide you hints. But I would like to provide further hints in using the "Excl." Flag of usage of the VAT
Example: if you use Rating 1 in combination with REG_WORLD, DE excluded and the GenVar has the leading validity area DE this value is not used in WWI report. But if the genVar would have the leading validity area BE it would be used.
Please check really carefully the topic of "subset, superset, 1:1,.." because this is the "key" issue if or if not a VAT will show up in WWI.
Now back to your next question:
when on the data a validity area is excluded and the same validity area is present in the generation variant, data should not be displayed even when there is a positive match prasent as well. (e.g. positive match on region, negative match on use category).
Now as explained above: if in VAT level a validity area is excluded but the same validity area is used as leading Validity area in WWI report the value will not show up. The same should be true if you have used "G groups" with discrete validity areas
Next question:
when you defined the data as relevant for region EU and use category industrial, data should only be displayed when the generation variant contains both a region related to EU AND this industrial use.
Here I would need more information. The GenVar contains by default only one leading validity area. Therefore any further "logic" must be applied by using "G Group" in the template and now things get "worse" in some sense.
If I remember correct the following should be true:
If you have used properly the G Group with "Use_CAT" in your WWI document this should work:
You have defined the VAT as : Rating + DE + IND. Now in a special section of your WWI report you have used the G Group. By using this the value should be printed but not a parallel VAT value with Rating + DE + FER.
If you have used this logic in your whole template I really salute because the WWI template is in my opinion very complex to understand and the logic how to retrieve the data from EH&S into the WWI report is complex too and the length of the report should have increased by at least 20 % or something like that
Now you have mentioned a further option you are using:
"Currently we solve this by creating multiple characteristics (use category specific) and selecting only on validity area region based on the generation variant."
If I underdstood your explanation correct you have done the following:
If necessary you have entered a further characteristic in the Class called "use CAT" which must have values. Then using the "if else etc." logic of WWI you select only those VATs into the WWI report which does have the correct "Use Cat".
Once again:hard work which you have done. In my opinion you should go on with this approach. In doing so you have implemented an "and" logic. Only if the Value does have DE and the UseCat (in characteristic) Is e.g. FER the value will be printed.
It is complex yes but the "G Group" is much complexer
Natural solution of demands like this is using further ratings to select the data properly. It seems to be you have excluded this option.
With best regards
C.B.
Edited by: Christoph Bergemann on Sep 4, 2011 5:50 PM
Edited by: Christoph Bergemann on Sep 4, 2011 5:54 PM

Error: Creating a Connection Pool: issue with valid transaction levels

Server: SunOS 5.8 Generic_117350-27 sun4u sparc SUNW,UltraAX-MP
App Server: Sun Java System Application Server 8.2
Jar: ojdbc14.jar
Datasource Classname: oracle.jdbc.pool.OracleConnectionPoolDataSource
Resource Type: javax.sql.ConnectionPoolDataSource
[Issue]
Using /SUNWappserver/lib/ojdbc14.jar, when I create my connection pool in Sun Java System Application Server 8.2, I return the following error each time I try to start the domain:
[#|2006-07-28T14:53:56.169-0500|WARNING|sun-appserver-pe8.2|javax.enterprise.resource.resourceadapter|_ThreadID=11;|RAR5117 : Failed to obtain/create connection. Reason : The isolation level could not be set: READ_COMMITTED and SERIALIZABLE are the only valid transaction levels|#]
When I change the value to "SERIALIZABLE" in my domain.xml file, I receive the following error in my server.log:
Caused by: org.xml.sax.SAXParseException: Attribute "transaction-isolation-level" with value "SERIALIZABLE" must have a value from the list "read-uncommitted read-committed repeatable-read serializable ".
So, I'm stuck!
I can't use the values READ_COMMITTED or SERIALIZABLE since the valid values are "read-uncommitted read-committed repeatable-read serializable ".
Case sensitivity matters.
Any thoughts or help would be greatly appreciated.
Thanks,
--Todd

The Oracle JDBC accepts TRANSACTION_READ_COMMITTED and TRANSACTION_SERIALIZABLE isolation levels.
Example:
connAttr.setProperty(“TRANSACTION_ISOLATION”, “TRANSACTION_SERIALIZABLE”);
I'd check with the Apps server folks.
Kuassi - blog http://db360.blogspot.com/
------ book http://www.amazon.com/gp/product/1555583296/

Issue with Validation in EO

Hi all
we have a requirement that ,we r getting two rows in a page of irec when it is getting rendered,our requirement is to hide the one row from that table and delete that from database as well, while the page is getting rendered.We extended the CO and tried to remove the row using row.remove in the
processRequest method ,it is getting done but there are validtaion for this row in the entity object due to which we cant submit our page ,
so please share, is there any solution for this issue ,how can we achieve this ,is it possible or not ,
any clues would be most welcome
thanx
Pratap

hi
we r having this code with us for this issue
public void processRequest(OAPageContext oapagecontext, OAWebBean oawebbean)
super.processRequest(oapagecontext, oawebbean);
OAApplicationModule am = oapagecontext.getApplicationModule(oawebbean);
OAViewObject oav = (OAViewObject)am.findViewObject("IrcEditRecruitmentActivitiesVO");
if(oav != null)
Row row = oav.last();
if(row != null)
row.remove();
am.getOADBTransaction().commit();
although this is able to hide the row from table and onle one row is appearing but at the same time we r
getting this error in the page
"Row validation method failed for row with key oracle.jbo.Key[23895 ] in PerAllVacanciesEO"
thanx
Pratap

Issue with multiple digital signatures disabling fast web view

Hello, I'm using acrobat 9.1 pro and have some questions regarding an issue using multiple signatures on a pdf.
Why am I asking the question below? My job involves preparing pdf's for submission to FDA. The FDA requires, among other things, that electronically submitted docs have fast web view enabled.
I am currently exploring ways of using digital signatures to sign pdf reports and still make sure they are FDA spec compliant. My issue involves a document that would have multiple signature fields. What I do is create at least two signature fields in the doc and then save and optimize while enabling fast web view. When I sign the first box and save, the file retains the fast web view status. Yet, when I apply and signatures past the first one, the file is subsequently set to fast web view off without any obvious way of turning it back on. I am confused as to why it gets disabled only after the second, and not right after even the first one was signed. And, of course, I would like to know if it is possible to maintain fast web view and how to do it. I'll gladly accept "tinkering under the hood" of the file suggestions if they exist as well.
Please let me know if anything is unclear or you need further information.
Thanks for your time and help.
~Vlad

Hi Vlad,
Michael actual had the correct answer. The purpose of a "Linearized" file (i.e. a file that has been Optimized for Fast Web View) is to get the first page to display as soon as possible so you can start reading without waiting for the rest of the file to download. As an aside, the designated first page doesn't necessarily have to be page 0 (PDF's use a zero based counting system for pages), but usually it is. To quote the PDF specification, "The primary focus of Linearized PDF is optimized viewing of read-only PDF documents. It is intended that the Linearized PDF be generated once and read many times. Incremental update is still permitted, but the resulting PDF is no longer linearized and subsequently is treated as ordinary PDF."
When you sign a PDF file the first time the Save process is a "full save", that is the entire document is rewritten so there are no more than two %%EOF (end-of-file) markers in it. The first EOF designates which page to show first and the second EOF designates the end of the rest of the file (so the browser knows when to stop downloading). However, when you add a second (or subsequent) signature the file is saved as an "incremental save" and all of the new data is tacked onto the the end of the original file. This is so you can do a rollback to the previous signed version and allows Acrobat/Reader to check the integrity of each signature independent of any other signatures. It's the incremental save that breaks the linearized optimization of the file.
Steve

Issue with Validation for some report parameters

Hello,
I have a report with 2 parameters : Start_Date and End_Date. And a Validation (Function returning Error Text) with "Error message display location" = Inline Notification.
Now, in case I have end_date less than start_date (OR some other conditions, that should be checked on server side), I display the inline error (which works fine)
The problem is that the report still displays having as parameters those wrong "start_date" and "end_date", and I would like the report not be displayed at all in this case.
I could use conditional display for the report (using the same validation function), after moving parameters in another region, but I don't really like (calling twice Validation function, etc ...)
Any other idea ?
Ussing Apex 2.2 right now.
Thank you.

You can add a pseudo items start_date1 and end_date1. And a procedure that will run After Submit. You report have to address to this new item. In this case if validation is fired your pseudo parameters will not changed.
Best Regards, Kostya Proskudin

Persona not validated in signature

Good afternoon!
So I'm having an issue with a digital signature for one of our personnel and this is apparently the way to get support.
We are having issues with people rejecting her digital signature because on the right hand side it says persona not validated.. Is there a way to make that go away, so that the persona is validated? I believe I have checked all my revocations and trusts and everything appears fine but doesn't mean I didn't miss something..
We are using Adobe Acrobat Standard 11
Debbie test.png - Google Drive

Hi kihomachelpdesk,
TSN is correct, this is not tech support, but in this one case you've have gotten a hold of Adobe anyways.
The name that you see in the textual portion of the digital signature appearance (the right half of the signature field) is the value of the CN (common name) entry in the Subject extension of the digital ID used to create the digital signature. You need to procure for Ms. Leonard a digital ID from Symantec with a less frightening set of entries in the Subject name. Note that the OU (organizational unit) also says "Persona Not Validated" along with the CN entry. One of the tenets of using a "trusted third-party" to supply the digital ID is it's their job it to have vetted the identity of the end-user to whom they are issuing the digital ID. That way the document recipient (who must physically trust the Symantec Root CA certificate in order for the signature to be valid) is assured the signer is who they say they are (it's known as non-repudiation). My guess is Ms. Leonard obtained a test (or sample) digital ID form Symantec and since Symantec gives those away they don't bother with the identity vetting procedure like they do with digital IDs that are paid for. Since they aren't doing any identity verification they add the "Persona Not Validated" text so the document recipient isn't fooled into the believing the signer is someone that they are not.
As an aside, you can also make the graphics portion of the signature appearance (the left half of the signature field) look a bit better if you make the background of the signature appearance file transparent (aka removing all background opacity). That way the background won't obliterate the trefoil logo. And if you really want to get fancy you can replace the trefoil with your own company logo.
Steve

Issue with substitution variable with @MDSHIFT in BR in Calc Manager

Hi Experts,
We have a BR in EAS which is working fine.
and exported to Calcmanager, now while validation it is giving error "@BaseScenario" is not found.
the code is
@MDSHIFT("LFLSalesIncVAT_GBP_C_DHP"->&BaseScenario->"Final"->"CD_FinalPlanPL",-1,"Year",,1,"Period",);
if i hard code it like @MDSHIFT("LFLSalesIncVAT_GBP_C_DHP"->"P7PP"->"Final"->"CD_FinalPlanPL",-1,"Year",,1,"Period",); working fine.
is there any limitation with calc manger and substitution variables?
Thanks
GP

There seems to be many issues with validations in calc manager, does the rule run if you dont validate.
Cheers
John
http://john-goodwin.blogspot.com/

ServerAdmin and Valid Digital Signatures

How does one setup an XServer so that it issues a valid digital signature?
I'm attempting to enforce a requirement for valid digital signatures within ServerAdmin.
Any help or pointers to relevant documentation is greatly appreciated.
Thanks,
Carl.

OK, a little more digging around reveals some information on page 147 of the Server Administration Manual.
For the moment, this looks like my question has been answered!?
Carl.

Problem with validating SAML assertion signature ("bad" certificate?)

Hi,
We've been developing and testing webservices and webservice clients under WebLogic for awhile. In our typical configuration, we have the SAML Credential mapper configured on the webservice client side, and the SAML Identity Asserter on the webservice side, and we are using "sender-vouches", whereby the SAML assertions are being signed by the SAML Credential mapper.
Up through development, for the signing, we've been using certs issued by a test CA that we have, but now, we are moving to a pre-production environment, and we're required to use certs issued by a specific 3rd party CA. Since we've started using those new certs, we have been getting "token failed to validate" errors. We've been trying to diagnose this problem for awhile, and we're at the point that we believe that, for some reason, the certs that we got that were issued by the 3rd party CA are "bad".
Specifically, those certs are SSL Server certs, with the following characteristics:
Usages:
Digital Signature
Key Encipherment
Key Agreement
Netscape Type: SSL Server Authentication
but, they also have two "extended usage extension" OIDs, both are "2.16.840.1.101.2.x.yy.zz".
When we looked at the certs using various tools, e.g., "openssl x509...", etc., those extended usage extensions are being displayed as "unknown", which made us a littel suspicious about them, so I setup a simple test configuration with two WebLogic 10.0 MP1 instances.
For testing, we first used a cert from the 3rd party CA, which gave us the "failed to validate token" errors.
During this testing, we put a sniffer on the line, and captured the SOAP message with the signed SAML assertion, and we used a small Java app that I wrote awhile ago that will validate a digital signature. When we ran that Java app, the digital signature validated successfully (i.e., the digital signature was GOOD).
This seems to imply that the "failed to validate token signature" errors are happening because of something other than the digital signature being incorrect.
So, then, we created a certificate that matches the 3rd party CA certs almost exactly, except that we did not include the two extended usage extensions, and we configured the two WebLogic instances to use this new certificate.
When we tested with the new certificate, we no longer got the errors.
So, it appears that when the cert has those two enhanced usage extensions, WebLogic is either not willing to, or not able to, utilize the certs for validating digital signatures.
Does anyone have any insight into this problem, or has anyone encountered a problem like this before?
I also was wondering if there are any parameters for WebLogic that we might try to set that would tell WebLogic to perhaps ignore the certificate extensions and to just do the digital signature validation?
Thanks,
Jim

Hi,
FYI, we were able to resolve this problem today. It turned out to be that the certificate and key were not "matched".
The way that we figured this out was to use openssl and the procedure here:
http://kb.wisc.edu/middleware/page.php?id=4064
which showed the mismatch.
We've since generated a new cert request and got a new certificate, and it's working now.
Jim

Issue with back end validation in jsf 2.0

I am upgrading my apps to jsf2.0 and I came across something that I hope you have already solved.
In jsf 1.1 action methods returned a string. If that string was NOT mapped as a navigation in faces-config.xml, then it just rerendered the active page. this made doing back end validation easy because I could add messages to the faces context and when the active page rerendered the validation messages would get displayed and no one was the wiser than it was done on the back end instead of on the front end.
In jsf 2.0 I get null pointers if I return a string that is NOT mapped as a navigation. So I changed the code to return a string that is mapped as a navigation for that page when there is a validation error. but that is treating it like a new request and not a rerender so the validation messages I added to the faces context are not there when the page renders.
if i test submit a form that has only front end validation then it works fine and the validation messages are correctly shown.
any suggestions?

In 11.2.0.3 you are unlikely to see the various truncate/drop issues relating to large numbers of small extents - unless you use dictionary managed tablespaces.
There are a couple of possible threats with small extents and highly concurrent inserts with ASSM that might be a temporary problem when the object size is small. There may still be some issues with large uncommitted inserts or deletes making other session's work very hard to identify free blocks until the large transaction has committed - these things can be hard to test.
There may still be a couple of inefficiencies with parallel query and small extents, although parallel CTAS did have a (possibly temporary) hack to allocate immediate large extents to work around some of the silly details.
Really you need to think through your requirements and them model them on your system - some of the anomalies have changed several times over the last three years.
Regards
Jonathan Lewis
http://jonathanlewis.wordpress.com
Now on Twitter: @jloracle

Please help me with the digital signature validation problem?

Please help me with the digital signature validation problem?

Hi
Execute the program in the Debuggin mode.
In the Debugger Window
Select Breakpoint -> Break point at -> Breakpoint at source code Menu Item and enter the details of the program/include/line no..
Activate the System Debugger On from the Settings Menu.
Hope this would help you.
Murthy
Edited by: Kalyanam Seetha Rama Murthy on Jul 18, 2008 7:20 AM

Can I sign a Microsoft Word Document with the digital signature from a MIlitary issued CAC card?

Is it possible to sign a MS Word doc with the digital signature froma Military issued CAC card? It is easily done in Adobe but, I cannot find any guidance for MS Word docs.

According to this thread in Microsoft's forums:
http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macword/can-i-how-do- i-add-a-digital-signature-to-a/eb2c2787-b13f-4388-b20f-4580515eec95
this is not possible with Word for Mac.
Regards.

Validating detached signature with jsr105

Hi all.
I need to sign a SOAP message and I need to use JSR105. I've created a message with the following code and is signed without problems. However, I can't validate the signature. As you can see the elements that contains the nodes are OMElement (specific for Axis2 SOAP server) that are an instance of Node and Element classes.
The error I get is:
Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
 at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:366)
 at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:318)
 at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:230)
 at SignedSoap.main(SignedSoap.java:272)
Caused by: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
 at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:84)
 at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:358)
 ... 3 more
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
 at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
 at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
 at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:77)
 ... 4 more
javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
 at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:84)
 at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:358)
 at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:318)
 at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:230)
 at SignedSoap.main(SignedSoap.java:272)
Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
 at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
 at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
 at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:77)
 ... 4 more
My code is as follows
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Collections;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.*;
import javax.xml.crypto.dsig.keyinfo.*;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.soap.*;
import javax.xml.parsers.*;
import javax.xml.transform.*;
import javax.xml.transform.dom.*;
import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.*;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.xmlbeans.impl.piccolo.xml.XMLStreamReader;
import org.w3c.dom.*;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
//import org.xmlsoap.schemas.soap.encoding.DateTime;
* Construct a SOAP message, sign it and then validate the signature.
* This implementation follows the
* <a ref="http://www.w3.org/TR/SOAP-dsig/">
* W3C Note on digital signatures in SOAP messages
* </a>.
* The validating key is included in the signature.
* DOM Level 2 is used throughout.
* 
* The following SOAP message is signed:
* <pre><code>
* <?xml version="1.0" encoding="UTF-8"?>
* <soap-env:Envelope
* xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
* <soap-env:Header>
* <SOAP-SEC:Signature
* mustUnderstand="1"
* xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"/>
* </soap-env:Header>
* <soap-env:Body id="Body">
* <m:GetLastTradePrice xmlns:m="http://wombats.ztrade.com">
* <symbol>SUNW</symbol>
* </m:GetLastTradePrice>
* </soap-env:Body>
* </soap-env:Envelope>
* </code></pre>
public class SignedSoap {
private static boolean debug = false;
public static void main(String[] args) throws Exception {
 int argc = args.length;
 if (argc == 1) {
 if (args[0].equalsIgnoreCase("-help")) {
 System.out.println("Usage: SignedSoap [-debug]");
 System.out.println(" -debug\tactivates debug messages");
 return;
 debug = args[0].equalsIgnoreCase("-debug");
 // Create the SOAP message
 OMDOMFactory omfact=new OMDOMFactory();
 //Node nodo1=fd.newDomNode(options);
 OMNamespace namespace=omfact.createOMNamespace("http://schemas.xmlsoap.org/soap/security/2000-12", "soapenv");
 OMNamespace namespace2=omfact.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
 OMAttribute attr=omfact.createOMAttribute("mustUnderstand",namespace,"1");
 OMAttribute id=omfact.createOMAttribute("id",namespace,"1");
 OMAttribute id2=omfact.createOMAttribute("id",namespace,"2");
 OMElement sec=omfact.createOMElement("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse");
 OMElement timestamp=omfact.createOMElement("Timestamp",namespace2);
 OMElement created=omfact.createOMElement("Created",namespace2);
 OMElement expires=omfact.createOMElement("Expires",namespace2);
 created.setText("12122007");
 expires.setText("12122008");
 timestamp.addAttribute(id);
 timestamp.addChild(created);
 timestamp.addChild(expires);
 sec.addChild(timestamp);
 System.out.println("Generating the DOM tree...");
 // Get input source
 org.w3c.dom.Node security = (Node)sec;
 //if (debug) {
 // dumpDOMDocument(root);
 // Generate a DSA key pair
 System.out.println("Generating the DSA keypair...");
 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
 kpg.initialize(1024, new SecureRandom("not so random".getBytes()));
 KeyPair keypair = kpg.generateKeyPair();
// Assemble the signature parts
 System.out.println("Preparing the signature...");
 String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
 XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM",
(Provider) Class.forName(providerName).newInstance());
Reference ref = sigFactory.newReference("#1",
 sigFactory.newDigestMethod(DigestMethod.SHA1, null));
SignedInfo signedInfo = sigFactory.newSignedInfo(
 sigFactory.newCanonicalizationMethod(
 CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
 (C14NMethodParameterSpec) null),
sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
 Collections.singletonList(ref));
 KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
 KeyValue kv = kif.newKeyValue(keypair.getPublic());
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo);
 // Insert XML signature into DOM tree and sign
 System.out.println("Signing the SOAP message...");
 // Find where to insert signature
 Element ts = getFirstChildElement(envelope);
 DOMSignContext sigContext =
 new DOMSignContext(keypair.getPrivate(), sec);
 // Need to distinguish the Signature element in DSIG (from that in SOAP)
 sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
 // register Body ID attribute getNextSiblingElement(
 sigContext.setIdAttributeNS
 (ts,
 "http://schemas.xmlsoap.org/soap/security/2000-12","id");
 sig.sign(sigContext);
 if (debug) {
 dumpDOMDocument(envelope);
 // Validate the XML signature
// Locate the signature element
 Element sigElement = getNextSiblingElement(ts);
// Validate the signature using the public key generated above
DOMValidateContext valContext =
 new DOMValidateContext(keypair.getPublic(), sigElement);
 // register Body ID attribute getNextSiblingElement(
 valContext.setIdAttributeNS
 (ts,
 "http://schemas.xmlsoap.org/soap/security/2000-12","id");
boolean isValid = sig.validate(valContext);
 System.out.println("Validating the signature... " +
 (isValid ? "valid" : "invalid"));
* Outputs DOM representation to the standard output stream.
* @param root The DOM representation to be outputted
private static void dumpDOMDocument(org.w3c.dom.Node root)
 throws TransformerException, TransformerConfigurationException {
 System.out.println("\n");
 // Create a new transformer object
 Transformer transformer =
 TransformerFactory.newInstance().newTransformer();
 transformer.setOutputProperty(OutputKeys.INDENT, "yes");
 // Dump the DOM representation to standard output
 transformer.transform(new DOMSource(root), new StreamResult(System.out));
 System.out.println("\n");
* Returns the first child element of the specified node, or null if there
* is no such element.
* @param node the node
* @return the first child element of the specified node, or null if there
* is no such element
* @throws NullPointerException if <code>node == null</code>
private static Element getFirstChildElement(org.w3c.dom.Node node) {
 org.w3c.dom.Node child = node.getFirstChild();
 while (child != null &&
 child.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
child = child.getNextSibling();
return (Element) child;
* Returns the next sibling element of the specified node, or null if there
* is no such element.
* @param node the node
* @return the next sibling element of the specified node, or null if there
* is no such element
* @throws NullPointerException if <code>node == null</code>
public static Element getNextSiblingElement(org.w3c.dom.Node node) {
 org.w3c.dom.Node sibling = node.getNextSibling();
 while (sibling != null &&
 sibling.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
sibling = sibling.getNextSibling();
return (Element) sibling;
Thanks in advance

I've done further advancemets. It seems that the element to feed the sign validator MUST be a document AND that the ID attribute has to be registered in it even if has been already located in inner elements of the message. Now my code looks as follows but I'm not validating the reference. The sign itself can validate though.
The problem is the reference validation. Any ideas? Could it be the prefixes or namespaces? I've been making tests changing both but no luck so far.
Thanks in advance.
package _2006_08.sa.liberty;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.*;
import javax.xml.crypto.dsig.keyinfo.*;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.soap.*;
import javax.xml.parsers.*;
import javax.xml.transform.*;
import javax.xml.transform.dom.*;
import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.*;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.xmlbeans.impl.piccolo.xml.XMLStreamReader;
import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0_xsd.SecurityDocument;
import org.w3c.dom.*;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
//import org.xmlsoap.schemas.soap.encoding.DateTime;
* Construct a SOAP message, sign it and then validate the signature.
* This implementation follows the
* <a ref="http://www.w3.org/TR/SOAP-dsig/">
* W3C Note on digital signatures in SOAP messages
* </a>.
* The validating key is included in the signature.
* DOM Level 2 is used throughout.
* 
* The following SOAP message is signed:
* <pre><code>
* <?xml version="1.0" encoding="UTF-8"?>
* <soap-env:Envelope
* xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
* <soap-env:Header>
* <SOAP-SEC:Signature
* mustUnderstand="1"
* xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"/>
* </soap-env:Header>
* <soap-env:Body id="Body">
* <m:GetLastTradePrice xmlns:m="http://wombats.ztrade.com">
* <symbol>SUNW</symbol>
* </m:GetLastTradePrice>
* </soap-env:Body>
* </soap-env:Envelope>
* </code></pre>
public class SignedSoap {
private static boolean debug = false;
public static void main(String[] args) throws Exception {
 int argc = args.length;
 if (argc == 1) {
 if (args[0].equalsIgnoreCase("-help")) {
 System.out.println("Usage: SignedSoap [-debug]");
 System.out.println(" -debug\tactivates debug messages");
 return;
 debug = args[0].equalsIgnoreCase("-debug");
 // Create the SOAP message
 System.out.println("Creating the SOAP message...");
 SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
 SOAPPart soapPart = soapMessage.getSOAPPart();
 SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
 if(soapEnvelope instanceof Source){
 System.out.println("0");
 if(soapEnvelope instanceof Node){
 System.out.println("1");
 if(soapEnvelope instanceof Element){
 System.out.println("2");
 if(soapEnvelope instanceof Document){
 System.out.println("3");
 SOAPHeader soapHeader = soapEnvelope.getHeader();
 SOAPHeaderElement headerElement = soapHeader.addHeaderElement(
soapEnvelope.createName("Signature", "SOAP-SEC",
"http://schemas.xmlsoap.org/soap/security/2000-12"));
 SOAPBody soapBody = soapEnvelope.getBody();
 soapBody.addAttribute(soapEnvelope.createName("id", "SOAP-SEC",
 "http://schemas.xmlsoap.org/soap/security/2000-12"), "1");
 Name bodyName =soapEnvelope.createName("GetLastTradePrice", "m",
 "http://wombats.ztrade.com");
 SOAPBodyElement gltp = soapBody.addBodyElement(bodyName);
 Name name = soapEnvelope.createName("symbol");
 SOAPElement symbol = gltp.addChildElement(name);
 symbol.addTextNode("SUNW");
 // Generate a DOM representation of the SOAP message
 OMDOMFactory omfact=new OMDOMFactory();
 //Node nodo1=fd.newDomNode(options);
 OMNamespace namespace=omfact.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
 OMNamespace namespace2=omfact.createOMNamespace("http://www.w3.org/2002/12/soap-envelope", "S");
 OMAttribute attr=omfact.createOMAttribute("mustUnderstand",namespace,"1");
 OMAttribute id=omfact.createOMAttribute("Id",namespace2,"1");
 OMAttribute id2=omfact.createOMAttribute("Id",namespace2,"2");
 OMElement sec=omfact.createOMElement("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse");
 OMElement timestamp=omfact.createOMElement("Timestamp",namespace);
 OMElement created=omfact.createOMElement("Created",namespace);
 OMElement expires=omfact.createOMElement("Expires",namespace);
 OMElement frame=omfact.createOMElement("Framework",namespace2);
 OMElement signa=omfact.createOMElement("Signature",namespace2);
 timestamp.declareDefaultNamespace(namespace.getNamespaceURI());
 timestamp.setNamespace(namespace);
 Calendar now=Calendar.getInstance();
 Calendar exp=Calendar.getInstance();
 exp.add(now.MINUTE, 5);
 System.out.println("test");
 created.setText("created");
 expires.setText("expires");
 System.out.println("test");
 timestamp.addAttribute(id);
 System.out.println("test");
 timestamp.addChild(created);
 timestamp.addChild(expires);
 //sec.addChild(signa);
 sec.addAttribute(id2);
 sec.addChild(timestamp);
 //sec.addChild(frame);
 //System.out.println(sec.getParent().toString());
 System.out.println("Generating the DOM tree...");
 // Get input source
 Source source = soapPart.getContent();
 if(soapPart instanceof Source){
 System.out.println("10");
 if(soapPart instanceof Node){
 System.out.println("11");
 if(soapPart instanceof Element){
 System.out.println("12");
 if(soapPart instanceof Document){
 System.out.println("13");
 //Source source2 = soapPart.getFirstChild();
 //System.out.println(source.toString());
 //javax.xml.stream.XMLStreamReader inSource = sec.getXMLStreamReader();
 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 dbf.setNamespaceAware(true);
 DocumentBuilder db = null;
 System.out.println("13");
 //synchronized (dbf) {
 db = dbf.newDocumentBuilder();
 System.out.println("13");
 Document doc = db.newDocument();
 doc.appendChild((Node)sec);
 org.w3c.dom.Node root = (org.w3c.dom.Node) doc.getDocumentElement();
 System.out.println("13");
 System.out.println("13: "+root.getFirstChild().getLocalName());
 org.w3c.dom.Node envelope = (Node)sec;//soapPart.getFirstChild();
/* Node) sec;
 if (source instanceof DOMSource) {
 root = ((DOMSource)source).getNode();
 } else if (source instanceof SAXSource) {
 InputSource inSource = ((SAXSource)source).getInputSource();
 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 dbf.setNamespaceAware(true);
 DocumentBuilder db = null;
 synchronized (dbf) {
 db = dbf.newDocumentBuilder();
 Document doc = db.parse(inSource);
 root = (org.w3c.dom.Node) doc.getDocumentElement();
 } else {
 System.err.println("error: cannot convert SOAP message (" +
 source.getClass().getName() + ") into a W3C DOM tree");
 System.exit(-1);
 //if (debug) {
 // dumpDOMDocument(root);
 // Generate a DSA key pair
 System.out.println("Generating the DSA keypair...");
 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
 kpg.initialize(1024, new SecureRandom("not so random".getBytes()));
 KeyPair keypair = kpg.generateKeyPair();
// Assemble the signature parts
 System.out.println("Preparing the signature...");
 String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
 XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM",
(Provider) Class.forName(providerName).newInstance());
Reference ref = sigFactory.newReference("#1",
 sigFactory.newDigestMethod(DigestMethod.SHA1, null));
SignedInfo signedInfo = sigFactory.newSignedInfo(
 sigFactory.newCanonicalizationMethod(
 CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
 (C14NMethodParameterSpec) null),
sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
 Collections.singletonList(ref));
 KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
 KeyValue kv = kif.newKeyValue(keypair.getPublic());
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv));
XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo);
 // Insert XML signature into DOM tree and sign
 System.out.println("Signing the SOAP message...");
 // Find where to insert signature
 //Element envelope = getFirstChildElement(root);
 Element header = getFirstChildElement(envelope);
 System.out.println("Signing the SOAP message...");
 //System.out.println(header.getLocalName());
 DOMSignContext sigContext =
 new DOMSignContext(keypair.getPrivate(), envelope);
 // Need to distinguish the Signature element in DSIG (from that in SOAP)
 System.out.println("Signing the SOAP message...");
 sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
 // register Body ID attribute getNextSiblingElement(
 sigContext.setIdAttributeNS
 (header,
 "http://www.w3.org/2002/12/soap-envelope","Id");
 System.out.println("Signing the SOAP message...");
 sig.sign(sigContext);
 if (debug) {
 dumpDOMDocument(envelope);
 // Validate the XML signature
 String providerName2 = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory sigFactory2 = XMLSignatureFactory.getInstance("DOM",
(Provider) Class.forName(providerName2).newInstance());
SecurityDocument secdoc=SecurityDocument.Factory.parse(envelope);
System.out.println(secdoc.xmlText());
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 dbf.setNamespaceAware(true);
 Document doc = dbf.newDocumentBuilder().parse(secdoc.newInputStream());
// Locate the signature element
 //Element sigElement = //getFirstChildElement(header);
 //getNextSiblingElement(header);
// Validate the signature using the public key generated above
 System.out.println(doc.getFirstChild().getLastChild().getLocalName());
 DOMValidateContext valContext = new DOMValidateContext
(keypair.getPublic(), doc.getElementsByTagName("ds:Signature").item(0));
 valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
 System.out.println(doc.getElementsByTagName("ds:Signature").item(0).getLocalName());
// DOMValidateContext valContext =
 // new DOMValidateContext(keypair.getPublic(), sigElement);
 // register Body ID attribute getNextSiblingElement(
// System.out.println(header.getNamespaceURI());
 //valContext.setIdAttributeNS((Element) doc.
 // getElementsByTagNameNS("wsu", "Timestamp").item
 //(0), null, "Id");
 ((Element)doc.getElementsByTagName("wsu:Timestamp").item(0)).setAttributeNS("S", "Id", "1");
 ((Element)doc.getElementsByTagName("wsu:Timestamp").item(0)).setPrefix("wsu");
 valContext.setIdAttributeNS((Element)doc.getElementsByTagName("wsu:Timestamp").item(0),
 "http://www.w3.org/2002/12/soap-envelope","Id");
 //System.out.println(valContext.getElementById("1").getLocalName());
 //valContext.setBaseURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
 System.out.println("1");
 XMLSignature signature = sigFactory2.unmarshalXMLSignature(valContext);
 System.out.println("2: "+valContext.getDefaultNamespacePrefix());
 System.out.println(valContext.getElementById("1").getLocalName());
 //System.out.println(header.getLocalName());
 //System.out.println(getNextSiblingElement(header).getLocalName());
 //System.out.println(header.getAttribute("id"));
 //System.out.println(header.getBaseURI());
 if(signature.getSignatureValue().validate(valContext))
 System.out.println("Firma OK");
 Iterator it = signature.getSignedInfo().getReferences().iterator();
if (((Reference) it.next()).validate(valContext))
 System.out.println("ref OK");
boolean isValid = signature.validate(valContext);
 System.out.println("Validating the signature... " +
 (isValid ? "valid" : "invalid"));
* Outputs DOM representation to the standard output stream.
* @param root The DOM representation to be outputted
private static void dumpDOMDocument(org.w3c.dom.Node root)
 throws TransformerException, TransformerConfigurationException {
 System.out.println("\n");
 // Create a new transformer object
 Transformer transformer =
 TransformerFactory.newInstance().newTransformer();
 transformer.setOutputProperty(OutputKeys.INDENT, "yes");
 // Dump the DOM representation to standard output
 transformer.transform(new DOMSource(root), new StreamResult(System.out));
 System.out.println("\n");
* Returns the first child element of the specified node, or null if there
* is no such element.
* @param node the node
* @return the first child element of the specified node, or null if there
* is no such element
* @throws NullPointerException if <code>node == null</code>
private static Element getFirstChildElement(org.w3c.dom.Node node) {
 org.w3c.dom.Node child = node.getFirstChild();
 while (child != null &&
 child.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
child = child.getNextSibling();
return (Element) child;
* Returns the next sibling element of the specified node, or null if there
* is no such element.
* @param node the node
* @return the next sibling element of the specified node, or null if there
* is no such element
* @throws NullPointerException if <code>node == null</code>
public static Element getNextSiblingElement(org.w3c.dom.Node node) {
 org.w3c.dom.Node sibling = node.getNextSibling();
 while (sibling != null &&
 sibling.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
sibling = sibling.getNextSibling();
return (Element) sibling;
}

Issue with validation of signature

Similar Messages

Maybe you are looking for