Not validating signature with jsr 105

Similar Messages

• Acrobat not validating signature with three pairs of ByteRange values

  I have created a PDF with a Digital signature, when opened with Acrobat Reader 10 i see the signature not bieng validated with a message saying, "There are errors in the formatting or information contained in this signature (support information: SigDict /ByteRange value)". My signature's byterange  contains three pairs of integers(/ByteRange[0 569 6417 400 6817 1013]) which seems to be causing this problem. Will appreciate any input regarding this.

  Hi SindhuCT,
  I can't speak for PDF-XChange Viewer as to whether or not they are correctly processing the signature. The only thing I can point out is you are hashing the bytes from the beginning of the file (byte 0) to byte 569. Then you are leaving a hole for the signature from byte 570 through byte 6416. You are then hashing from byte 6417 and marching off another 400 bytes which gets you to byte 6817. Finally you are telling Acrobat/Reader to leave a hole from byte 6817 to the end of the file at byte 7830. The problem is your got byte 6817 on both sides of the fence, as part of the signed data and as part of the second unsigned portion of the file. That's probably where your problem lies.
  Yes, the PDF specification does say you can include other ranges, but it also says that it's not recommended because you are not going to be checking for all changes to the document. The specification says you should sign the entire file, less the hole for the signature contents.
  Steve

• Adobe Reader not validating signature with three byterange pairs

  I have created a PDF with a Digital signature from my program, when opened with Acrobat   Reader 10 i see the signature not bieng validated with a message  saying,  "There are errors in the formatting or information contained in this signature (support information: SigDict /ByteRange value)".   My signature's byterange  contains three pairs of  integers(/ByteRange[0  569 6417 400 6817 1013]) which seems to be  causing this problem. PDF-Xchange viewer works fine with the same file. It validates the signature!..  Appreciate any input regarding this.

  As described in ETSI TS 102778 (PAdES), the EU standard for PDF Digital
  Signatures that has been incorporated into ISO 32000-2, only a single set
  of byte ranges (aka two pairs) is permitted.

• Adobe Reader not validating signature with three pairs of ByteRange values

  I have created a PDF with a Digital signature, when opened with Acrobat  Reader 10 i see the signature not bieng validated with a message saying,  "There are errors in the formatting or information contained in this signature (support information: SigDict /ByteRange value)".  My signature's byterange  contains three pairs of integers(/ByteRange[0  569 6417 400 6817 1013]) which seems to be causing this problem. Will  appreciate any input regarding this.

  How have you created the signature? If you are using a program of your own creation, please repost in the Acrobat SDK forum.

• Not valid signature on hybrid extension

  I'm trying to sign an hybrid extension with my Globalsign certificate, I have tried using the signing toolkit and also directly in FlashBuilder ( Export Extension - hybrid).
  While installing the extension I always get "Extension ... does not contain valid signature". It creates the package without any warning or error, but I can't install it.
  I have successfully signed non hybrid extensions and they install fine, it's just the hybrid one. The certificate is also recent and I have tried including timestamp and without.
  Using Windows Vista and Extension Manager 6.0.1.26 , I have heard about issues with Mac OS X in the past but it's not the case.
  When using the signing tool the command is: java -jar ucf.jar -package -storetype PKCS12 -keystore globalsign.p12 com.mycompany.myextension.zxp -C "C:\myextfolder" .
  If I create the hybrid package using the Extension Manager it installs fine but I get this ugly warning for not signed extension.

  After a lot of try and error I have found the reason:
  My hybrid extension includes many resource files, the certificate adds a signature for each of this files, after around 300 files the signature starts to become corrupt ( this can be seen in the signature file included in the package) and logically extension manager issues a not valid certificate message when installing.
  The solution I have adopted is to include only one compressed file with all resource files instead of any single file, then my extension must unzip it the first time at runtime. It's not ideal but works and all packages are correctly signed.
  I have not found any mention to a limit of the files in the documentation but propably no one was thinking on so large extensions
  Hope it helps somebody

• Persona not validated in signature

  Good afternoon!
  So I'm having an issue with a digital signature for one of our personnel and this is apparently the way to get support.
  We are having issues with people rejecting her digital signature because on the right hand side it says persona not validated.. Is there a way to make that go away, so that the persona is validated? I believe I have checked all my revocations and trusts and everything appears fine but doesn't mean I didn't miss something..
  We are using Adobe Acrobat Standard 11
  Debbie test.png - Google Drive

  Hi kihomachelpdesk,
  TSN is correct, this is not tech support, but in this one case you've have gotten a hold of Adobe anyways. 
  The name that you see in the textual portion of the digital signature appearance (the right half of the signature field) is the value of the CN (common name) entry in the Subject extension of the digital ID used to create the digital signature. You need to procure for Ms. Leonard a digital ID from Symantec with a less frightening set of entries in the Subject name. Note that the OU (organizational unit) also says "Persona Not Validated" along with the CN entry. One of the tenets of using a "trusted third-party" to supply the digital ID is it's their job it to have vetted the identity of the end-user to whom they are issuing the digital ID. That way the document recipient (who must physically trust the Symantec Root CA certificate in order for the signature to be valid) is assured the signer is who they say they are (it's known as non-repudiation). My guess is Ms. Leonard obtained a test (or sample) digital ID form Symantec and since Symantec gives those away they don't bother with the identity vetting procedure like they do with digital IDs that are paid for. Since they aren't doing any identity verification they add the "Persona Not Validated" text so the document recipient isn't fooled into the believing the signer is someone that they are not.
  As an aside, you can also make the graphics portion of the signature appearance (the left half of the signature field) look a bit better if you make the background of the signature appearance file transparent (aka removing all background opacity). That way the background won't obliterate the trefoil logo. And if you really want to get fancy you can replace the trefoil with your own company logo.
  Steve

• The extension does not contain a valid signature

  hey guys, newbie on deck!
  So, after installing CS6 I ran the Adobe Update Manger. During the update the Adobe Extension Manager (AEM) fired off and began updating as well. One error I saw was:
  The extension 'Adobe_Flash_Professional_Toolkit_for_CreateJS' does not contain a valid signature. The extension will not be installed.
  I'm not sure what this is or what it does but I would like to:
  Understand the Adobe ecosystem and
  Clear any problems.
  Here's what I do know:
  The Mac I have is 2 days old and probably in the best shape of its life.
  I installed CS6 fresh from a DVD.
  Ran the Adobe Update Manager the next day (today).
  I don't intend to use Flash.
  If anyone can expain common causes for this behavior and a fix I would greatly appreciate it.
  Thanks in advance,
  TT

  Hi JesusPresley,
  The root cause is the updater updated Adobe Flash, which tried to install the extension above by Extension Manager in the installation. However, this extension was NOT signed with the updated Adobe certificate, so the extension installation will be rejected by Extension Manager. That is what you got. We have sent this issue to Flash team.
  If you don't use Flash, you can manually edit C:\Program Files\Adobe\Adobe Flash CS6\XManConfig.xml, and remove the line <Data key="SupportedInSuite">CS6</Data>. Thanks.
  Xiaoyi

• Appstudio exporter does not contain a valid signature

  HI I am trying to install AppStudio plugin to work with InDesign but Extension Manager is throwing the following error...
  appstudio exporter does not contain a valid signature !
  I have updated all software.
  (I am downloading new apps in the background)
  I have a CC subscription

  Hi,
  please click "tools"->"preferences", unselect "Allow Extension Manager to access Internet" option, and then try to install it again.

• Trying to download adobe program 'adobe p;hotshot CS5 Optional Automate Plug-ins' but get a message "does not contain valid signature"  Any ideas to get around that please.

  Trying to download adobe program  adobe photoshop CS5 Optional Automate Plug-ins, but get a message  that it does not contain valid signature and it won't install the app.  Can someone help with this please?  Trying to reach Adobe by phone is impossible.
  ev

  First, have you installed all the updates for photoshop cs5 by going to Help>Updates from within photoshop cs5?
  The automated installer only installs the following plugins:
  http://www.adobe.com/support/downloads/detail.jsp?ftpID=4965
  The following plug-ins and associated files are available via an installer:
  Automate Plug-Ins:
  • Contact Sheet II 
  • Picture Package (ContactSheetII) 
  • Web Photo Gallery (WebContactSheetII) plus presets 
  • Script for Layer Comps to Web Photo Gallery
  Other Optional Plug-Ins:
  • TWAIN
  Other plugins including the pattern maker plugin need to be installed manually using this download:
  http://www.adobe.com/support/downloads/detail.jsp?ftpID=4964

• Acrobat is not validating digital signature

  Hi Everybody...
  I have generated a pdf file which includes digital signatures.
  But the acrobat is not validating the digital signature. But if
  we open this file in PDF-xchange viewer, it shows that the
  signatures are valid. Acrobat generates the following error...
  Error during signature verification.
  Signature contains incorrect, unrecognized, corrupted or
  suspicious data.
  Support Information: SigDict /Contents illegal data
  What may be the problem?

  Thank you Bernd for your kind and simple reply  
  I am uploading my file with my certificate which i am using for my digital
  signatures. Please have a deep look at contents entry. Use ASNVIEWER or
  decoder etc......
  Thanks again and Best Regards

• Validating detached signature with jsr105

  Hi all.
  I need to sign a SOAP message and I need to use JSR105. I've created a message with the following code and is signed without problems. However, I can't validate the signature. As you can see the elements that contains the nodes are OMElement (specific for Axis2 SOAP server) that are an instance of Node and Element classes.
  The error I get is:
  Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
       at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:366)
       at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:318)
       at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:230)
       at SignedSoap.main(SignedSoap.java:272)
  Caused by: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
       at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:84)
       at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:358)
       ... 3 more
  Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
       at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
       at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
       at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:77)
       ... 4 more
  javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
       at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:84)
       at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:358)
       at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:318)
       at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:230)
       at SignedSoap.main(SignedSoap.java:272)
  Caused by: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID 1
       at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
       at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
       at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:77)
       ... 4 more
  My code is as follows
  import java.security.KeyPair;
  import java.security.KeyPairGenerator;
  import java.security.Provider;
  import java.security.SecureRandom;
  import java.util.Calendar;
  import java.util.Collections;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.*;
  import javax.xml.crypto.dsig.keyinfo.*;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.soap.*;
  import javax.xml.parsers.*;
  import javax.xml.transform.*;
  import javax.xml.transform.dom.*;
  import javax.xml.transform.sax.SAXSource;
  import javax.xml.transform.stream.*;
  import org.apache.axiom.om.OMAttribute;
  import org.apache.axiom.om.OMElement;
  import org.apache.axiom.om.OMNamespace;
  import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
  import org.apache.xmlbeans.impl.piccolo.xml.XMLStreamReader;
  import org.w3c.dom.*;
  import org.w3c.dom.Node;
  import org.xml.sax.InputSource;
  //import org.xmlsoap.schemas.soap.encoding.DateTime;
  * Construct a SOAP message, sign it and then validate the signature.
  * This implementation follows the
  * <a ref="http://www.w3.org/TR/SOAP-dsig/">
  * W3C Note on digital signatures in SOAP messages
  * </a>.
  * The validating key is included in the signature.
  * DOM Level 2 is used throughout.
  * <p>
  * The following SOAP message is signed:
  * <pre><code>
  * <?xml version="1.0" encoding="UTF-8"?>
  * <soap-env:Envelope
  * xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  * <soap-env:Header>
  * <SOAP-SEC:Signature
  * mustUnderstand="1"
  * xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"/>
  * </soap-env:Header>
  * <soap-env:Body id="Body">
  * <m:GetLastTradePrice xmlns:m="http://wombats.ztrade.com">
  * <symbol>SUNW</symbol>
  * </m:GetLastTradePrice>
  * </soap-env:Body>
  * </soap-env:Envelope>
  * </code></pre>
  public class SignedSoap {
  private static boolean debug = false;
  public static void main(String[] args) throws Exception {
       int argc = args.length;
       if (argc == 1) {
       if (args[0].equalsIgnoreCase("-help")) {
            System.out.println("Usage: SignedSoap [-debug]");
            System.out.println(" -debug\tactivates debug messages");
            return;
       debug = args[0].equalsIgnoreCase("-debug");
       // Create the SOAP message
       OMDOMFactory omfact=new OMDOMFactory();
       //Node nodo1=fd.newDomNode(options);
       OMNamespace namespace=omfact.createOMNamespace("http://schemas.xmlsoap.org/soap/security/2000-12", "soapenv");
       OMNamespace namespace2=omfact.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
       OMAttribute attr=omfact.createOMAttribute("mustUnderstand",namespace,"1");
       OMAttribute id=omfact.createOMAttribute("id",namespace,"1");
       OMAttribute id2=omfact.createOMAttribute("id",namespace,"2");
       OMElement sec=omfact.createOMElement("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse");
       OMElement timestamp=omfact.createOMElement("Timestamp",namespace2);
       OMElement created=omfact.createOMElement("Created",namespace2);
       OMElement expires=omfact.createOMElement("Expires",namespace2);
       created.setText("12122007");
       expires.setText("12122008");
       timestamp.addAttribute(id);
       timestamp.addChild(created);
       timestamp.addChild(expires);
       sec.addChild(timestamp);
       System.out.println("Generating the DOM tree...");
       // Get input source
       org.w3c.dom.Node security = (Node)sec;
       //if (debug) {
       // dumpDOMDocument(root);
       // Generate a DSA key pair
       System.out.println("Generating the DSA keypair...");
       KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
       kpg.initialize(1024, new SecureRandom("not so random".getBytes()));
       KeyPair keypair = kpg.generateKeyPair();
  // Assemble the signature parts
       System.out.println("Preparing the signature...");
       String providerName = System.getProperty
  ("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
       XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM",
  (Provider) Class.forName(providerName).newInstance());
  Reference ref = sigFactory.newReference("#1",
       sigFactory.newDigestMethod(DigestMethod.SHA1, null));
  SignedInfo signedInfo = sigFactory.newSignedInfo(
       sigFactory.newCanonicalizationMethod(
            CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
            (C14NMethodParameterSpec) null),
  sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
       Collections.singletonList(ref));
       KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
       KeyValue kv = kif.newKeyValue(keypair.getPublic());
  KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo);
       // Insert XML signature into DOM tree and sign
       System.out.println("Signing the SOAP message...");
       // Find where to insert signature
       Element ts = getFirstChildElement(envelope);
       DOMSignContext sigContext =
       new DOMSignContext(keypair.getPrivate(), sec);
       // Need to distinguish the Signature element in DSIG (from that in SOAP)
       sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
       // register Body ID attribute getNextSiblingElement(
       sigContext.setIdAttributeNS
       (ts,
       "http://schemas.xmlsoap.org/soap/security/2000-12","id");
       sig.sign(sigContext);
       if (debug) {
       dumpDOMDocument(envelope);
       // Validate the XML signature
  // Locate the signature element
       Element sigElement = getNextSiblingElement(ts);
  // Validate the signature using the public key generated above
  DOMValidateContext valContext =
       new DOMValidateContext(keypair.getPublic(), sigElement);
       // register Body ID attribute getNextSiblingElement(
       valContext.setIdAttributeNS
       (ts,
       "http://schemas.xmlsoap.org/soap/security/2000-12","id");
  boolean isValid = sig.validate(valContext);
       System.out.println("Validating the signature... " +
       (isValid ? "valid" : "invalid"));
  * Outputs DOM representation to the standard output stream.
  * @param root The DOM representation to be outputted
  private static void dumpDOMDocument(org.w3c.dom.Node root)
       throws TransformerException, TransformerConfigurationException {
       System.out.println("\n");
       // Create a new transformer object
       Transformer transformer =
       TransformerFactory.newInstance().newTransformer();
       transformer.setOutputProperty(OutputKeys.INDENT, "yes");
       // Dump the DOM representation to standard output
       transformer.transform(new DOMSource(root), new StreamResult(System.out));
       System.out.println("\n");
  * Returns the first child element of the specified node, or null if there
  * is no such element.
  * @param node the node
  * @return the first child element of the specified node, or null if there
  *     is no such element
  * @throws NullPointerException if <code>node == null</code>
  private static Element getFirstChildElement(org.w3c.dom.Node node) {
       org.w3c.dom.Node child = node.getFirstChild();
       while (child != null &&
       child.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
  child = child.getNextSibling();
  return (Element) child;
  * Returns the next sibling element of the specified node, or null if there
  * is no such element.
  * @param node the node
  * @return the next sibling element of the specified node, or null if there
  *     is no such element
  * @throws NullPointerException if <code>node == null</code>
  public static Element getNextSiblingElement(org.w3c.dom.Node node) {
       org.w3c.dom.Node sibling = node.getNextSibling();
       while (sibling != null &&
       sibling.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
  sibling = sibling.getNextSibling();
  return (Element) sibling;
  Thanks in advance

  I've done further advancemets. It seems that the element to feed the sign validator MUST be a document AND that the ID attribute has to be registered in it even if has been already located in inner elements of the message. Now my code looks as follows but I'm not validating the reference. The sign itself can validate though.
  The problem is the reference validation. Any ideas? Could it be the prefixes or namespaces? I've been making tests changing both but no luck so far.
  Thanks in advance.
  package _2006_08.sa.liberty;
  import java.security.KeyPair;
  import java.security.KeyPairGenerator;
  import java.security.Provider;
  import java.security.SecureRandom;
  import java.util.Calendar;
  import java.util.Collections;
  import java.util.Iterator;
  import javax.xml.crypto.URIDereferencer;
  import javax.xml.crypto.URIReference;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.*;
  import javax.xml.crypto.dsig.keyinfo.*;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.soap.*;
  import javax.xml.parsers.*;
  import javax.xml.transform.*;
  import javax.xml.transform.dom.*;
  import javax.xml.transform.sax.SAXSource;
  import javax.xml.transform.stream.*;
  import org.apache.axiom.om.OMAttribute;
  import org.apache.axiom.om.OMElement;
  import org.apache.axiom.om.OMNamespace;
  import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
  import org.apache.xmlbeans.impl.piccolo.xml.XMLStreamReader;
  import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_secext_1_0_xsd.SecurityDocument;
  import org.w3c.dom.*;
  import org.w3c.dom.Node;
  import org.xml.sax.InputSource;
  //import org.xmlsoap.schemas.soap.encoding.DateTime;
  * Construct a SOAP message, sign it and then validate the signature.
  * This implementation follows the
  * <a ref="http://www.w3.org/TR/SOAP-dsig/">
  * W3C Note on digital signatures in SOAP messages
  * </a>.
  * The validating key is included in the signature.
  * DOM Level 2 is used throughout.
  * <p>
  * The following SOAP message is signed:
  * <pre><code>
  * <?xml version="1.0" encoding="UTF-8"?>
  * <soap-env:Envelope
  * xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  * <soap-env:Header>
  * <SOAP-SEC:Signature
  * mustUnderstand="1"
  * xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"/>
  * </soap-env:Header>
  * <soap-env:Body id="Body">
  * <m:GetLastTradePrice xmlns:m="http://wombats.ztrade.com">
  * <symbol>SUNW</symbol>
  * </m:GetLastTradePrice>
  * </soap-env:Body>
  * </soap-env:Envelope>
  * </code></pre>
  public class SignedSoap {
  private static boolean debug = false;
  public static void main(String[] args) throws Exception {
       int argc = args.length;
       if (argc == 1) {
       if (args[0].equalsIgnoreCase("-help")) {
            System.out.println("Usage: SignedSoap [-debug]");
            System.out.println(" -debug\tactivates debug messages");
            return;
       debug = args[0].equalsIgnoreCase("-debug");
       // Create the SOAP message
       System.out.println("Creating the SOAP message...");
       SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
       SOAPPart soapPart = soapMessage.getSOAPPart();
       SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
       if(soapEnvelope instanceof Source){
            System.out.println("0");
       if(soapEnvelope instanceof Node){
       System.out.println("1");
       if(soapEnvelope instanceof Element){
       System.out.println("2");
       if(soapEnvelope instanceof Document){
            System.out.println("3");
       SOAPHeader soapHeader = soapEnvelope.getHeader();
       SOAPHeaderElement headerElement = soapHeader.addHeaderElement(
  soapEnvelope.createName("Signature", "SOAP-SEC",
  "http://schemas.xmlsoap.org/soap/security/2000-12"));
       SOAPBody soapBody = soapEnvelope.getBody();
       soapBody.addAttribute(soapEnvelope.createName("id", "SOAP-SEC",
       "http://schemas.xmlsoap.org/soap/security/2000-12"), "1");
       Name bodyName =soapEnvelope.createName("GetLastTradePrice", "m",
       "http://wombats.ztrade.com");
       SOAPBodyElement gltp = soapBody.addBodyElement(bodyName);
       Name name = soapEnvelope.createName("symbol");
       SOAPElement symbol = gltp.addChildElement(name);
       symbol.addTextNode("SUNW");
       // Generate a DOM representation of the SOAP message
       OMDOMFactory omfact=new OMDOMFactory();
       //Node nodo1=fd.newDomNode(options);
       OMNamespace namespace=omfact.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
       OMNamespace namespace2=omfact.createOMNamespace("http://www.w3.org/2002/12/soap-envelope", "S");
       OMAttribute attr=omfact.createOMAttribute("mustUnderstand",namespace,"1");
       OMAttribute id=omfact.createOMAttribute("Id",namespace2,"1");
       OMAttribute id2=omfact.createOMAttribute("Id",namespace2,"2");
       OMElement sec=omfact.createOMElement("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse");
       OMElement timestamp=omfact.createOMElement("Timestamp",namespace);
       OMElement created=omfact.createOMElement("Created",namespace);
       OMElement expires=omfact.createOMElement("Expires",namespace);
       OMElement frame=omfact.createOMElement("Framework",namespace2);
       OMElement signa=omfact.createOMElement("Signature",namespace2);
       timestamp.declareDefaultNamespace(namespace.getNamespaceURI());
       timestamp.setNamespace(namespace);
       Calendar now=Calendar.getInstance();
       Calendar exp=Calendar.getInstance();
       exp.add(now.MINUTE, 5);
       System.out.println("test");
       created.setText("created");
       expires.setText("expires");
       System.out.println("test");
       timestamp.addAttribute(id);
       System.out.println("test");
       timestamp.addChild(created);
       timestamp.addChild(expires);
       //sec.addChild(signa);
       sec.addAttribute(id2);
       sec.addChild(timestamp);
       //sec.addChild(frame);
       //System.out.println(sec.getParent().toString());
       System.out.println("Generating the DOM tree...");
       // Get input source
       Source source = soapPart.getContent();
       if(soapPart instanceof Source){
                 System.out.println("10");
            if(soapPart instanceof Node){
            System.out.println("11");
            if(soapPart instanceof Element){
            System.out.println("12");
            if(soapPart instanceof Document){
                 System.out.println("13");
       //Source source2 = soapPart.getFirstChild();
       //System.out.println(source.toString());
            //javax.xml.stream.XMLStreamReader inSource = sec.getXMLStreamReader();
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       DocumentBuilder db = null;
       System.out.println("13");
       //synchronized (dbf) {
            db = dbf.newDocumentBuilder();
            System.out.println("13");
       Document doc = db.newDocument();
       doc.appendChild((Node)sec);
       org.w3c.dom.Node root = (org.w3c.dom.Node) doc.getDocumentElement();
       System.out.println("13");
       System.out.println("13: "+root.getFirstChild().getLocalName());
       org.w3c.dom.Node envelope = (Node)sec;//soapPart.getFirstChild();
  /* Node) sec;
       if (source instanceof DOMSource) {
       root = ((DOMSource)source).getNode();
       } else if (source instanceof SAXSource) {
       InputSource inSource = ((SAXSource)source).getInputSource();
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       DocumentBuilder db = null;
       synchronized (dbf) {
            db = dbf.newDocumentBuilder();
       Document doc = db.parse(inSource);
       root = (org.w3c.dom.Node) doc.getDocumentElement();
       } else {
       System.err.println("error: cannot convert SOAP message (" +
            source.getClass().getName() + ") into a W3C DOM tree");
       System.exit(-1);
       //if (debug) {
       // dumpDOMDocument(root);
       // Generate a DSA key pair
       System.out.println("Generating the DSA keypair...");
       KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
       kpg.initialize(1024, new SecureRandom("not so random".getBytes()));
       KeyPair keypair = kpg.generateKeyPair();
  // Assemble the signature parts
       System.out.println("Preparing the signature...");
       String providerName = System.getProperty
  ("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
       XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM",
  (Provider) Class.forName(providerName).newInstance());
  Reference ref = sigFactory.newReference("#1",
       sigFactory.newDigestMethod(DigestMethod.SHA1, null));
  SignedInfo signedInfo = sigFactory.newSignedInfo(
       sigFactory.newCanonicalizationMethod(
            CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
            (C14NMethodParameterSpec) null),
  sigFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
       Collections.singletonList(ref));
       KeyInfoFactory kif = sigFactory.getKeyInfoFactory();
       KeyValue kv = kif.newKeyValue(keypair.getPublic());
  KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(kv));
  XMLSignature sig = sigFactory.newXMLSignature(signedInfo, keyInfo);
       // Insert XML signature into DOM tree and sign
       System.out.println("Signing the SOAP message...");
       // Find where to insert signature
       //Element envelope = getFirstChildElement(root);
       Element header = getFirstChildElement(envelope);
       System.out.println("Signing the SOAP message...");
       //System.out.println(header.getLocalName());
       DOMSignContext sigContext =
       new DOMSignContext(keypair.getPrivate(), envelope);
       // Need to distinguish the Signature element in DSIG (from that in SOAP)
       System.out.println("Signing the SOAP message...");
       sigContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
       // register Body ID attribute getNextSiblingElement(
       sigContext.setIdAttributeNS
       (header,
                 "http://www.w3.org/2002/12/soap-envelope","Id");
       System.out.println("Signing the SOAP message...");
       sig.sign(sigContext);
       if (debug) {
       dumpDOMDocument(envelope);
       // Validate the XML signature
       String providerName2 = System.getProperty
  ("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
  XMLSignatureFactory sigFactory2 = XMLSignatureFactory.getInstance("DOM",
  (Provider) Class.forName(providerName2).newInstance());
  SecurityDocument secdoc=SecurityDocument.Factory.parse(envelope);
  System.out.println(secdoc.xmlText());
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       Document doc = dbf.newDocumentBuilder().parse(secdoc.newInputStream());
  // Locate the signature element
       //Element sigElement = //getFirstChildElement(header);
            //getNextSiblingElement(header);
  // Validate the signature using the public key generated above
       System.out.println(doc.getFirstChild().getLastChild().getLocalName());
       DOMValidateContext valContext = new DOMValidateContext
  (keypair.getPublic(), doc.getElementsByTagName("ds:Signature").item(0));
            valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
            System.out.println(doc.getElementsByTagName("ds:Signature").item(0).getLocalName());
  // DOMValidateContext valContext =
       // new DOMValidateContext(keypair.getPublic(), sigElement);
       // register Body ID attribute getNextSiblingElement(
  // System.out.println(header.getNamespaceURI());
            //valContext.setIdAttributeNS((Element) doc.
                 //     getElementsByTagNameNS("wsu", "Timestamp").item
                      //(0), null, "Id");
            ((Element)doc.getElementsByTagName("wsu:Timestamp").item(0)).setAttributeNS("S", "Id", "1");
            ((Element)doc.getElementsByTagName("wsu:Timestamp").item(0)).setPrefix("wsu");
            valContext.setIdAttributeNS((Element)doc.getElementsByTagName("wsu:Timestamp").item(0),
       "http://www.w3.org/2002/12/soap-envelope","Id");
       //System.out.println(valContext.getElementById("1").getLocalName());
       //valContext.setBaseURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
       System.out.println("1");
       XMLSignature signature = sigFactory2.unmarshalXMLSignature(valContext);
       System.out.println("2: "+valContext.getDefaultNamespacePrefix());
       System.out.println(valContext.getElementById("1").getLocalName());
       //System.out.println(header.getLocalName());
       //System.out.println(getNextSiblingElement(header).getLocalName());
       //System.out.println(header.getAttribute("id"));
       //System.out.println(header.getBaseURI());
       if(signature.getSignatureValue().validate(valContext))
       System.out.println("Firma OK");
       Iterator it = signature.getSignedInfo().getReferences().iterator();
  if (((Reference) it.next()).validate(valContext))
       System.out.println("ref OK");
  boolean isValid = signature.validate(valContext);
       System.out.println("Validating the signature... " +
       (isValid ? "valid" : "invalid"));
  * Outputs DOM representation to the standard output stream.
  * @param root The DOM representation to be outputted
  private static void dumpDOMDocument(org.w3c.dom.Node root)
       throws TransformerException, TransformerConfigurationException {
       System.out.println("\n");
       // Create a new transformer object
       Transformer transformer =
       TransformerFactory.newInstance().newTransformer();
       transformer.setOutputProperty(OutputKeys.INDENT, "yes");
       // Dump the DOM representation to standard output
       transformer.transform(new DOMSource(root), new StreamResult(System.out));
       System.out.println("\n");
  * Returns the first child element of the specified node, or null if there
  * is no such element.
  * @param node the node
  * @return the first child element of the specified node, or null if there
  *     is no such element
  * @throws NullPointerException if <code>node == null</code>
  private static Element getFirstChildElement(org.w3c.dom.Node node) {
       org.w3c.dom.Node child = node.getFirstChild();
       while (child != null &&
       child.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
  child = child.getNextSibling();
  return (Element) child;
  * Returns the next sibling element of the specified node, or null if there
  * is no such element.
  * @param node the node
  * @return the next sibling element of the specified node, or null if there
  *     is no such element
  * @throws NullPointerException if <code>node == null</code>
  public static Element getNextSiblingElement(org.w3c.dom.Node node) {
       org.w3c.dom.Node sibling = node.getNextSibling();
       while (sibling != null &&
       sibling.getNodeType() != org.w3c.dom.Node.ELEMENT_NODE) {
  sibling = sibling.getNextSibling();
  return (Element) sibling;
  }

• HT5318 Won't install 10.6.3 -Says signature not valid

  Won't install 10.6.3 -Says signature not valid. Never had a problem with any updates before. Tried downloading , then installing. wont work.. I'm Stumped...

  Go directly to Apple link to download
  http://support.apple.com/kb/DL1426
  Select "Save" instead of "Run". Once downloaded, go to the downloaded folder, right click the iTunesSetup.exe or iTunesSetup64.exe and select 'Run as Administrator' to install

• The extention does not contain valid signature...".

  Hi
  I made .ZPX file. But during unpacking it shows an alert "The extention does not contain valid signature...". What can be reason and how to fix it?

  Hi Maxim3,
  It is difficult to tell what is wrong with your ZXP without inspecting what's inside it, but here are a few things which could cause this kind of error in Extension Manager
  Adding files to the ZXP after it has already been signed
  Adding a whole folder to a ZXP, rather than the contents of a folder (since Extension Manager won't find your MXI in the root level of your ZXP)
  Adding files which contain double-byte characters (e.g. Traditional Chinese)
  The command should have looked something like this:
  java -jar ucf.jar -package  -storetype PKCS12 -keystore cert.p12 -storepass password outputfile.zxp -C "/inputfolder" .
  [note the dot (.) at the end of the command]
  Probably the easiest way to package a ZXP is using Adobe Exchange Packager:
  https://www.adobeexchange.com/api/Packager.exe
  https://www.adobeexchange.com/api/Packager.dmg
  ...as you can use this to create self-signed certificates, and it guides you through the process of packaging and signing.
  Fraser

• Error #2046: The loaded file did not have a valid signature in flex 4

  As part of our CI build, the ant script that builds the client side (flex 4) projects also runs a set of FlexUnit4 tests on the deployed project. Most of the tests work but a few fail with this error
  RSL
  http://local.foo.com/bar/com/blah/components/someComponent/framework_4.1.0.16076.swz failed to load.
  Error #2046: The loaded file did not have a valid signature.
  The build machine is running Ununtu 10.10 with Firefox 3.6 and Flashplayer 10.2. If I run  the exact same set of tasks, accessed from the same URL in windows everything passes with no problem. After some searching I did run across this thread: http://forums.adobe.com/message/2747415#2747415 but when I went looking for the libflashsupport.so file mentioned, the Ubuntu docs seemed to indicate that it was no longer needed.
  I'm at my wits end here. Is libflashsupport.so actually needed in Ubuntu 10.10 and if so where would I find it? If not does anyone know of another issue that could be responsible for this?

  hello,
  I have the same issue, Ubuntu 10.10, flashplayer 10.3rc1
  mxmlc SimplePrj.mxml -debug=true -benchmark=true --target-player=10 -output ../deploy/SimplePrj.swf
  mxlc verbose:
  Loading configuration file /home/.../flex-config.xml
  Initial setup: 79ms
  start loading swcs 9ms Running Total: 88ms
  Loaded 34 SWCs: 740ms
  precompile: 1062ms
  Required RSLs:
      http://fpdownload.adobe.com/pub/swz/flex/4.5.0.20967/framework_4.5.0.20967.swz with 1 failover.
      http://fpdownload.adobe.com/pub/swz/tlf/2.0.0.232/textLayout_2.0.0.232.swz with 1 failover.
      http://fpdownload.adobe.com/pub/swz/flex/4.5.0.20967/spark_4.5.0.20967.swz with 1 failover.
      http://fpdownload.adobe.com/pub/swz/flex/4.5.0.20967/sparkskins_4.5.0.20967.swz with 1 failover.
      http://fpdownload.adobe.com/pub/swz/flex/4.5.0.20967/mx_4.5.0.20967.swz with 1 failover.
  Files: 540 Time: 3380ms
  Linking... 27ms
  SWF Encoding... 18ms
  /.../SimplePrj/deploy/SimplePrj.swf (80059 bytes)
  postcompile: 45ms
  Total time: 4259ms
  Peak memory usage: 81 MB (Heap: 62, Non-Heap: 19)
  I had to copy the swz to deploy folder since failovers are not yet available.
  * accessing from windows machines it loads swz without complaints.
  Jaco

• Signatures not Valid

  Need help urgent please.
  Currently unable to use Exchange Panel at all. When launching it, it says it needs to update. I allow it to download the update then attempt to install (+- 15 Mb) but it just hangs. It says it needs to start the Extension manager, but it just hangs there doing nothing.
  When launching the extension manager it says the signature is not valid. Even though it is a fresh install (no changes made) and then Adobe Exchange Panel was downloaded from the site not even 5 minutes ago.
  System is a Clean Windows 7 x64. Installed is Adobe Dreamweaver, Photoshop Extension manager, Air and Exchange Panel. No AV and firewall disabled.
  Any help would be greatly appreciated.
  Also, this is not an isolated problem. happening on All machines tested on. The applications were packaged through the Creative Cloud Suite today, so i assume it would be up to date?
  Versions :     Air                           3.8.0.1430
                      Dreamweaver CC    6.0
                      Exchange Panel      1.0
                      Photoshop CC         14.0
  Windows 7 SP1 x64

  Hi there, just an update, i have found a way to resolve the issue.
  Issue was trying to install the CC version of Exchange Panel. When trying to install via the command line, it would give an error that the cert was invalid.
  By chance i tried to install via the Extension manager as with CS5, but this failed. I then saw there was a ExManCmd.exe
  Installing the ZXP extension for Exchange Panel has now resolved the issues faced. Exchange Panel now added to all applicable apps.
  Command run from command line
  C:\Program Files (x86)\Adobe\Adobe Extension Manager CC>ExManCmd.exe /install C:\AdobeExchange.zxp