Signature Validation Bug in WebLogic 10.3

Similar Messages

• Bug with Overall Signature Validity Icon

  I am finding that there are inconsistencies in the way Adobe Acrobat 9.0.0 and Adobe Reader 9.0.0 indicate Overall Signature Validity states for digitally signed documents. Adobe's white paper on this issue at http://www.adobe.com/devnet/reader/articles/reader_compatibility/readercomp_digitalsignat ures.pdf clearly states when/how both these applications should indicate "Unsigned changes since last valid signature", being the icon of a signature with triangle containing an exclamation mark.
  I performed the following steps:
  1. Open a document already containing blank digital signature fields and Extended Features / Reader Rights enabled, in Adobe Reader.
  2. Sign and save the document.
  3. In the signatures panel, select "Validate All".
  4. The overall signature validity icon of a signature and tick (indicating all is valid) is displayed, as expected.
  5. Open the "Comment and Markup" toolbar, and place either a "sticky note" or "stamp" in the document.
  6. In the signatures panel, select "Validate All".
  7. The overall signature validity icon of a signature with yellow triangle symbol with exclamation mark (meaning unsigned changes since last signature) is displayed, as expected.
  However, if at step 5 above I place any of the OTHER options (Text Edit, Text Highlight, Callout, Text Box, Cloud, Arrow, Line or Rectangle), and again "validate all", the overall signature validity icon still shows a signature and tick (i.e. it has not recognised the changes). In such cases, the "Annotations Created" entry also does not appear under the signed revision in the signatures panel.
  8. Furthermore, if I sign the document again after adding any of the "Comment and Markup" options, and then "Validate All", the overall signature validity icon of a signature with tick and blue 'i' symbol (meaning all is valid but document was updated since initial signature) is displayed, as expected.
  9. Then add ANY of the "Comment and Markup" options, and then "Validate All", and the overall signature validity icon of a signature with tick and blue 'i' symbol is STILL displayed. At this point I would expect the signature with yellow triangle symbol with exclamation mark to be displayed. Again in this case the "Annotations Created" entry also does not appear under the last signed revision in the signatures panel.
  Can anyone else repeat this behaviour? It appears to be the same in Adobe Acrobat and Adobe Reader. Am I missing something or is it a bug?
  Thanks,
  David.
  Canberra, Australia.

  Philip,
  The PDF file I was testing with originated from a Word document, created by Acrobat Professional v9.0.0. The document was created using the 'Convert to Adobe PDF' option that is embedded within the Word menus when Acrobat Professional was installed. From there I added the digital signature fields, text fields, check box etc, then 'Extended Features in Adobe Reader', and saved the document (replacing the original file) as prompted when extending the features to Adobe Reader. I don't have the LiveCycle Designer application.
  The bug I am experiencing is not effected by saving or not saving. Today I started with the document created some time ago that I describe above. It contains several blank signature fields, no certification, a blank text field and a check box, and extended features in Adobe Reader were enabled. Today I opened that document, signed the first signature field and saved as a different file name when prompted. I then added a 'text box' annotation. I then selected validate all from the signature panel, and no changes are listed under Rev 1, just the remaining unsigned signature fields are listed. The overall signature validity icon shows a signature and tick. I then saved the document, and again selected validate all. No change to either rev status or icon. I then closed Acrobat Pro and reopened the document, and selected validate all. Still no change to rev status or icon. I then checked the check box field in the document, and selected validate all. The icon now shows signature with triangle containing exclamation mark, with comments regarding unsigned changes since last signature etc. There are also two entries under Rev 1 in the signature panel, the first labelled 'Annotations' which describes the text box, and the second labelled 'Form Fields Filled In' which describes the checking of the check box. In my mind, the 'Annotation' entry should have showed up (along with an icon change to show unsigned changes since last signature) when I selected validate all after adding the text box originally.
  I am happy to email the document to you if you're able to provide an address.
  Regards,
  David.

• License signature validation error! with NodeManager

  Hi,
  I downloaded the WebLogic Server 6.1 eval from the BEA website and started up a
  NodeManager on the same machine as my
  Administration Console. I am trying to use
  it to start up difference servers on my test machine. For some reason when I try to start up any of my defined server instances I get:
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  WebLogic: license signature validation error!
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  If I manually startup the servers using the startManagedWebLogic.sh everything works.
  I'm running on Solaris 8.
  What could I be doing wrong? Does the eval license not cover this scenario?
  Thanks,
  Andrea Rosso

  Hi.
  If you aren't already doing so I suggest downloading and using WLS with service pack 2. If you are then please open a case with support.
  Thanks,
  Michael
  Andrea Rosso wrote:
  Hi,
  I downloaded the WebLogic Server 6.1 eval from the BEA website and started up a
  NodeManager on the same machine as my
  Administration Console. I am trying to use
  it to start up difference servers on my test machine. For some reason when I try to start up any of my defined server instances I get:
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  WebLogic: license signature validation error!
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  If I manually startup the servers using the startManagedWebLogic.sh everything works.
  I'm running on Solaris 8.
  What could I be doing wrong? Does the eval license not cover this scenario?
  Thanks,
  Andrea Rosso--
  Michael Young
  Developer Relations Engineer
  BEA Support

• License signature validation error!

  After installing (solaris 8) I tried to start the examples server and first it could not find java_home (/opt/bea/java13 - I guess the install created teh java13 directory but nothing is installed?). I manually configured java_home=/usr/java1.2 and then tried again.
  Now after using the system password created during installation I get:
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  WebLogic: license signature validation error!
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  explain?
  Dave

  JDK 1.2 is a bad choice. I have not seen directories called "java13".
  Where, oh where, was my WLS installed?
  $ cat $HOME/bea/beahomelist
  Which version of WLS are you using?
  Your JDK is most likely parallel to wlserver6.1 (?) in jdk131/jre/bin .
  Happy Hunting,
  Wayne Scott
  dave robern wrote:
  > After installing (solaris 8) I tried to start the examples server and first
  > it could not find java_home (/opt/bea/java13 - I guess the install created
  > teh java13 directory but nothing is installed?). I manually configured
  > java_home=/usr/java1.2 and then tried again.
  >
  > Now after using the system password created during installation I get:
  >
  > $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  >
  > Unable to start WebLogic Server !! WebLogic: license signature validation
  > error!
  >
  > $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  >
  > explain?
  >
  > Dave

• Clustered JMS: license signature validation error

  I have encountered the following error when I tried to send JMS message to a queue. Can anyone help to point out what license has been expired and where is it located? Please help
            weblogic.jms.common.InvalidDestinationException: Error creating producer: License exception prevents access to destination ImportFileQueue
            weblogic.jms.common.JMSException: Clustered JMS: license signature validation error!

  JDK 1.2 is a bad choice. I have not seen directories called "java13".
  Where, oh where, was my WLS installed?
  $ cat $HOME/bea/beahomelist
  Which version of WLS are you using?
  Your JDK is most likely parallel to wlserver6.1 (?) in jdk131/jre/bin .
  Happy Hunting,
  Wayne Scott
  dave robern wrote:
  > After installing (solaris 8) I tried to start the examples server and first
  > it could not find java_home (/opt/bea/java13 - I guess the install created
  > teh java13 directory but nothing is installed?). I manually configured
  > java_home=/usr/java1.2 and then tried again.
  >
  > Now after using the system password created during installation I get:
  >
  > $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  >
  > Unable to start WebLogic Server !! WebLogic: license signature validation
  > error!
  >
  > $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  >
  > explain?
  >
  > Dave

• WL/Oracle 9 license signature validation error

  Hello,
  I'm trying to check my oracle 9 solaris connection to WL 6.1 SP 2 through dbping.
  I get a license signature validation error. I've already worked through the "put
  the license in your classpath" problem, but this one has me stumped. There is an
  oracle block with a signature in my license file. Any ideas? This is the first task
  I've gotten on a new job and it's NOT going well. Please help!
  jDriver/Oracle: license signature validation error!
  Error encountered:
  java.sql.SQLException: Fail to load jDriver/Oracle due to license checking failed!
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Exception.java:42)
  at java.sql.SQLException.<init>(SQLException.java:82)
  at weblogic.jdbc.oci.Driver.loadLibraryIfNeeded(Driver.java:182)
  at weblogic.jdbc.oci.Driver.connect(Driver.java:76)
  at java.sql.DriverManager.getConnection(Compiled Code)
  at java.sql.DriverManager.getConnection(DriverManager.java:106)
  at utils.dbping.main(dbping.java:167)

  "Alan Coffel" <[email protected]> wrote:
  >
  Hello,
  I'm trying to check my oracle 9 solaris connection to WL 6.1 SP 2 through
  dbping.
  I get a license signature validation error. I've already worked through
  the "put
  the license in your classpath" problem, but this one has me stumped. There
  is an
  oracle block with a signature in my license file. Any ideas? This is the
  first task
  I've gotten on a new job and it's NOT going well. Please help!
  jDriver/Oracle: license signature validation error!
  Error encountered:
  java.sql.SQLException: Fail to load jDriver/Oracle due to license checking
  failed!
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Exception.java:42)
  at java.sql.SQLException.<init>(SQLException.java:82)
  at weblogic.jdbc.oci.Driver.loadLibraryIfNeeded(Driver.java:182)
  at weblogic.jdbc.oci.Driver.connect(Driver.java:76)
  at java.sql.DriverManager.getConnection(Compiled Code)
  at java.sql.DriverManager.getConnection(DriverManager.java:106)
  at utils.dbping.main(dbping.java:167)
  hmmm. I had this one, but adding the BEA_HOME to my classpath fixed it. check your
  set_environment.bat and see if the DB_CLASSPATH is set to include BEA_HOME, and when
  the server starts up, it echoes the classpath, so you can check if its picked the
  location of the license file.
  did you already make sure that your license.bea has a valid entry for JDriver? (just
  in case...)
  -deepak

• Please help me with the digital signature validation problem?

  Please help me with the digital signature validation problem?

  Hi
  Execute the program in the Debuggin mode.
  In the Debugger Window
  Select Breakpoint -> Break point at -> Breakpoint at source code Menu Item and enter the details of the program/include/line no..
  Activate the System Debugger On from the Settings Menu.
  Hope this would help you.
  Murthy
  Edited by: Kalyanam Seetha Rama Murthy on Jul 18, 2008 7:20 AM

• How to avoid JMS validation when starting weblogic server

  Hi All,
  When starting up WebLogic server, it will validate JMS destinations one by one for deployed applications.
  If I don't connect the VPN, then these JMS destinations are not reachable, and WebLogic Server will spend a lot of time to try connecting to these JMS destinations.
  Thus it will take a lot of time to startup the WebLogic Server.
  How can I disable JMS validation when starting weblogic server?
  Thanks and Regards!

  Hi Daniel,
  By blank do you mean that the screen is black? Is it gray? Is it blue? The word "blank" is vague when trying to determine and isolate startup issues.

• Digital Signature validation

  I have been using digital certificates to sign pdf documents for approximately a year.  The signatures can be checked against  a CRL which is provided on the internet.  So far Adobe Acrobat Reader has worked fine, retreiving CRLS and validating certificates.
  Today I found out that since renewing expired certificates ( the default lifetime was set to 1 year) the  signatures on old signed documents are unverified .  The local time of the computer was stored in the signature not a timestamp. 
  I found that reader defaults to using the local time of the computer to validate an old signature when a timestamp is not used, this has been rectified in 9.1 so that it uses to date that the signature was generated (why on earth would it use anything else!).  I now have the signatures validated by changing this setting providing the date range of the CRL in the reader encompases the end date of the certificate.
  However, when the reader updates the CRL in the cache and the new CRL date range does not include that of the original signature the reader throws up an error stating that the CRL is invalid or expired.
  How can I get it to agree pass the validation without turning off revocation checking?  I have the CRLs that were in force at the time of the signing but there is no way I can provide them to the reader.  How can I make the reader apply the current and valid CRL to the old documents.  The expiry date of the old certificates are still in there?
  I always thought that not having to keep a CRL history for expired certificates was a dumb idea when I read the documents, but I didn't imagine that old signatures would become invalid when the certificate expired (mine have become invalid less thant 5 days after the documents were signed.  What were the developers thinking.
  This is pushing toward creating certificates with lifetimes of 100's or thousands of years so that they can always be validated.
  Anybody have a working solution.

  I have found a solution.to this
  Using a virtual machine I set the date on the system back to a point in time when the certificates were all valid.  I then create a new crl with a lifetime which makes it valid for one month from the real date (today).  I then set the date back and copy the crl to the distrubution point.
  Hey presto, acrobat reader loads the crl and is quite happy to accept it even though it has events recorded in it that happened after the date on which it was created!.
  Problem solved, but for how long?

• Digital Signature validation issue in Adapter Module

  Hi guys,
  we have developed an adapter module for digital signature validation, unfortunately, it simetimes work, sometimes doesnt. Strange is, that the same adapter module works for one customer, while for another one doesn't.
  We have sent through some "invalid" messages, which should have been valid at the client, where the module works and theu were flagged as valid. It seems the problem is caused by "special" spanish characters, because validation works for the messages where are only standard chars.
  Any idea, what to check? Java version, system encoding?
  Any help appreciated,
  Olian

  Hi,
  Not really sure about what causes such issues, but if your module coding uses String and byte[] manipulation, are you using explicite encoding when declaring such types ? I remember facing strange issues with XML field values, and "forcing" encoding to "UTF-8" when appropriate, it solved all my errors (string typed object, when converted internally by the JVM, were not always represented by the same bytes object)
  Hope this helps
  Chris

• Certificate signature validation failed

  Hi!
  I'm getting nuts over how to get Acitve Directory to work with java.
  I have a root-certificate for the domain (supposed to work for everything according to our networking expert) but when using it I get: "Certificate signature validation failed".
  When looking in C:\ on the ADS I find another certificate but then my javaprogram says: "No trusted certificate found".
  So, now after much searching where I seems to find everything but what I'm looking for I have to ask: What should I be looking for? Hopefully when looking for the right thing I will find the answers. :-)
  Thanks you very much in advance
  Roland Carlsson

  Please! Anyone? How can I get a correct certificate from our ADS? The certificate-server on is on our Exchange-server. I have a certificate that is supposed to work all over the domain and I have check several other certificate that I found on our servers but I still havn't found anything that works.
  I'd would really like to get some ideas about where how to find the working one.
  Thanks in advance
  Roland

• Signature Validation Failed

  Hi,
  While performing cross domain SSO using SAML2.0 between the Oracel Identity Federation(IdP) and Novell Access Manager(SP). The connection between the both is in open mode and havent enabled SSO between the two. In the Idp end and the SP end, metadata of the other end is imported successfully.
  Artifact is send from the Idp to the SP and simillarly SP sends the ArtifactResolve SAML message to the Idp. From the Idp end, the ArtifactResponse Message is also send to the SP end.
  When the SP receive the Assertion in ArifactResponse message, "Signature Validation Failed" message is thrown by the SP side. Customer is signing the assertion in the Idp side. Also the signing certificate of the Idp is place in the trusted certificate store of the SP side. Also, there isnt any error message in the idp side.
  Any help on this would be appreciated.
  Thanks in advance,
  Anisha

  Please! Anyone? How can I get a correct certificate from our ADS? The certificate-server on is on our Exchange-server. I have a certificate that is supposed to work all over the domain and I have check several other certificate that I found on our servers but I still havn't found anything that works.
  I'd would really like to get some ideas about where how to find the working one.
  Thanks in advance
  Roland

• Optimistic Locking - Possible bug with Weblogic

  After extensive testing of a j2ee application Im involved with, it would appear their exists a problem with using Weblogic's Optimistic Concurrency (OL) mechanism.
  The exact problem is as follows:
  The ejbCreate and ejbRemove methods of a particular entity bean are as follows:
  public abstract class ProductBean implements javax.ejb.EntityBean {
  ejbCreate(){
  FolderEntityHome folderEH = FolderComponent.getFolderEntityHome();
  folderEH.create(getId());
  ejbRemove(){
  FolderEntityHome folderEH = FolderComponent.getFolderEntityHome();
  try {
  FolderBean folderEH.findByProductId(getId());
  catch(InvalidAccessRightsException iare)
  throw new RemoveException();
  Previously before OL was added when a RemoveException was thrown, this would cause the ejbRemove exception to fail, thus both the product and folder would still exist.
  After adding OL, when an InvalidAccessRightsException occurs giving rise to a RemoveException being thrown, weblogic simply ignores the RemoveException and deletes the Product even though the Folder could not be deleted. This causes system errors when users try to access the folder which contains a link to a product which no longer exists!
  Is anyone aware of this particular problem? Is it indeed a bug with Weblogic? For clarity, I believe I am using version 8.1 and the way in which I have implemented OL is to use an additional version column in the underlying tables for all entity beans.

  In case anyone's interested, it appears from further testing that the problem I've been having in the way the RemoveException behaves is down to the difference in which version 6.0 treats this exception compared to version 8.1!
  In version 6.0, if you threw a RemoteException at any point in the ejbRemove(), the entity would not be removed!
  In version 8.1, something wierd happens. If a RemoteException() is thrown in the ejbRemove() and sometime during the same transaction at the point of commit, the entity on which the exception is thrown is attempted to be accessed (through a finder), then the entity continues to be deleted! If on the other hand, a RemoveException is thrown and no access/modification is attempted on that entity within the same transaction, then at the point of commit, the entity is not removed!
  Seems this is indeed a problem which needs to be addressed in future releases.
  Message was edited by:
  rotan_imretxe
  Message was edited by:
  rotan_imretxe

• Migration Signature Validation Failed

  Hi, I am getting an invalid migration signature error when trying to install AIR Launchpad beta 3.0.1.
  The machine is running XP SP3, with all patches applied. I have tried switching off antivirus for both download and installation, but with no success.
  This is a 'clean' machine, with disk formatted, and OS and all other software re-installed less than a week ago. System time and date are correct.
  AIR was installed automatically as part of Flashbuilder 4.5 installation and the update to + 4.5.1 immediately applied.
  I have search the net for solutions to this, but found relatively few others with this exact issue. I did find many reports of issues with 'Package' validation errors, whhic are often attributed to certificate failures due to system date/time which I have already checked.
  Hope that sombody has an answer.
  The log file is attached below.
  Many Thanks
  Cjdsys
  [2011-08-28:11:09:51] Application Installer begin with version 2.5.1.17730 on Windows XP x86
  [2011-08-28:11:09:51] Commandline is: "C:\Documents and Settings\Ciaran\My Documents\Downloads\airlaunchpad_p8_3-0-1_081911.air"
  [2011-08-28:11:09:51] Installed runtime (2.5.1.17730) located at C:\Program Files\Common Files\Adobe AIR
  [2011-08-28:11:09:52] Unpackaging file:///C:/Documents%20and%20Settings/Ciaran/My%20Documents/Downloads/airlaunchpad_p8_3-0 -1_081911.air to C:\Documents and Settings\Ciaran\Local Settings\Temp\fla16C.tmp
  [2011-08-28:11:09:55] Migration signature validation failed
  [2011-08-28:11:09:55] Got an unexpected fatal error while unpackaging: [ErrorEvent type="error" bubbles=false cancelable=false eventPhase=2 text="invalid migration signature" errorID=5023]
  [2011-08-28:11:10:01] Application Installer end with exit code 7

  Hmmm.
  Looked at the system requirements for Launchpad 3.0.1.. Flashbuilder 4.5.1 or 4.5 sdk with AIR 2.6 overlay.. Log showed I was running 2.5.xxxx.
  Launched Flashbuilder and searched for updates.. Tells me all versions of Flash Player and AIR are up to date. Decide to try installing another AIR app, so go for Tour De Flex as I want to study the mobile stuff anyway. Installs fine, and on launch, I am immediately offered an AIR update to 2.7.x. Accept the update and low and behold, AIR Launchpad now installs.
  Sweet, but wtf?
  So, for anyone out there who comes falls foul of this in the future, do not rely on Flashbuilder to confirm your version of AIR is up to date, launch an AIR app instead and you will get the true picture.
  Hope this helps some other confused soul.
  Cjdsys

• Can't get Verisign Signature validated in Acrobat

  For the past six monhts I have been unable to get my Verisign digital signature validated in Adobe Acrobat. Just today, I renewed my Verisign certificate for another year. I saved the certificate on my hard drive using a password to secure it. When I certifiy a my signature on a document, the resulting signature icon says "...persona not valid" and the icon in the upper left corner (the head and shoulders of a person) has a question mark on it.
  I am getting frustrated trying to figure out what's gone wrong. Any suggestions would be greatly appreciated.

  Hi Mike,
  In order for a signature to be valid one of the things that must occur is the person validating the signature (in this case you) trust's the signer, or one of the certificates in the signing chain. From the Signature Properties dialog (where you found the text) click on the Show Certificate button. On the left side of the Certificate Viewer dialog you can see the signing chain. At the least it includes your certificate, and if Acrobat could build the chain it will display each issuing certificate up to the self-signed root CA. It usually best if you select the top most certificate in the listbox. Once you highlight the top most certificate click on the Trust tab. Click the Add to Trusted Identities button and then click the OK button on the confirmation dialog, followed by the OK button on the Import Contact Settings dialog. Finally you can click the OK button on the Certificate Viewer dialog and then the Validate Signature on the Signature Properties dialog. At this point you should get a valid signature, but it all depends on whether or not Acrobat could get valid revocation information. Before we go down that path let's see what you get when you revalidate the signature.
  Steve