Signing a certified document
I've got a certified pdf-document for signature. According to the document properties it's allowed to fill in and sign document. However all signature features are disabled in the doc. What can be done& Thanks
Here is an Acrobat Users link: how do I create a signature field in Adobe Acrobat X? I just need to create the field, doc to be signed later (e-signat…
Similar Messages
-
Able to clear signatures in a certified document in Acrobat 9.0
Hi
While testing Acrobat 9.0 feasibility for migrating my application from Acrobat 7.0, I stumbled upon a security issue that the signatures can be cleared in a certified document (Only Form Fill in and digital signatures are allowed) by right clicking and selecting Clear
Signature. After clearing the signature, the document status still remains valid i.e. it doesn't gets invalid even if the signature is cleared. Below are the steps to reproduce the same.
1. Certify a document having couple of signature fields by selecting Certify with Visible Signature and
i "Form fill-in and digital signatures"
as the Permitted Actions after Certifying.
2. Close and re-open the document.
3. Sign a signature field.
4. Close and re-open the document. Right click on the signed signature field and select Clear Signature.
5. Save the document, close and re-open the same. The signature is cleared
and the document status is valid.
This behavior is different from Acrobat 7.0 where
A) User is unable to clear a signature in a certified document
B) Even if he somehows clears the signature, the document certification becomes invalid.
Also, if you right click on the certifying signature in Step 4 above, it also can get cleared.
This behavior of clearing the signatures in a certified document nullifies the purpose of a certified document to prevent users from changing a document. Also, the option of locking the signature during the certification process is missing in Acrobat 9.
Please let me know whether this is a bug or expected behavior.Below is the example of difference in behavior of Acrobat 7 and 9.
In case of Acrobat 7, there was no option to clear a signature field in a "certified" document i.e. if I sign and right click on a signature field inside a certified document Acrobat 7.0, the Clear Signature option is not present.
However, if I sign the same signature field in the same PDF in Acrobat 9 and right click, Clear Signature option is available and am able to Clear the signature. -
Cannot sign and certify a PDF any more
I can't sign and certify a PDF document, and I used to be able to. It prompts me for a password and I put it there and it doesn't work.
I will try that, thank you.
Jim Dodge
English Proofreading Coordinator
ASIST Translation Services
4891 Sawmill Road, Suite 200
Columbus, OH 43235-7266
www.ASISTtranslations.com
Tel: 937-596-6649
NOTICE: This electronic mail transmission is for the use of the named
individual or entity to which it is directed and may contain information
that is privileged or confidential. It is not to be transmitted to or
received by anyone other than the named addressee (or a person authorized
to deliver it to the named addressee). It is not to be copied or forwarded
to any unauthorized persons. If you have received this electronic mail
transmission in error, delete it from your system without copying or
forwarding it, and notify the sender of the error by replying via email or
by calling ASIST Translation Services, Inc. at (614) 451-6744, so that our
address record can be corrected. -
Certified Documents are Un-Combinable?
We obtain Electronic Signatures from Doctors for the purpose of sending them in a combined PDF to the State Medicaid. However these "Certified" PDFs uncombinable.
We're using Adobe Acrobat to combine these files and the specific error we receive is, "Certified documents cannot be merged.".
These PDFs can still be secure and combinable. It indicates that this document cannot be modified and would not like not modify it, but would like to combine it into a larger PDF file.
Right now, we are by default internet explorer Acrobat Preferences to not open PDFs in Browser and then saving them as TIFFs and merging those.
Any work-around to ensure that the PDF signature attributes remain intact when needing to combine these documents?
ThanksSigned Echosign documents are both security password protected as well as certified with the aim to prevent editing of the signed pdf. Combining documents is considered editing in this permission set.
If you were able to combine signed documents, the signature on the original document would then be extended to the combined document.
My advise would be to make the other documents you use to combine with the signed document, part of the original agreement is applicable,
echosign allows you to upload mutliple documents into a single transaction, Echosign will combine the individual documents for you. -
How to digitally sign a scanned document
We have copiers and a large format scanner that can create PDF files. We would like to be able to affix digital signatures to these documents. The application is that we create plan sets for public construction projects and those are 'stamped' with a seal. We would like to start doing that electronically if possible. We have Adobe Acrobat Pro verson 8.
If you really want a digital signature, you can easily add one in Acrobat. I don't have Acrobat 8 to tell you exactly how you'd do it, but the Acrobat help doc should have more information. In Acrobat 9, you do it by selecting: Advanced > Sign & Certify > Place Signature
or: File > Save as Certified Document
You will first have to set up a digital identity. In Acrobat 9 you do this by selecting: Advanced > Security Settings > Digital IDs > Add ID
You can create digital signature appearances that get used with a digital signature. To configure one, select (again, Acrobat 9): Edit > Preferences > Security > Digital Signatures > Appearance > New (or Edit)
If you don't need all that a digital signature provides, you can use a stamp, perhaps a dynamic one, to add your seal. You can then flatten the page to convert the stamp annotation to regular page contents, preventing a user from altering it. -
Adobe Acrobate XI and SecCommerce SecSigner have a problem during signing of a document, creating/verification of the signature is not possible - solutions? SecSigner is not responding.
Well, I contacted SecCommerce about the issue, the response was, that I should sign the file later (afterwards). This is a solution, but not the best in my opinion.
When I sign the document the SecSigner window/Java window appears and freezes. Adobe is not responding. I have to terminate Adobe because the program is not responding.
I only found this support website, so I have realized that this is a User 2 User site, but it was a try to get some help. -
How can I allow commenting in a certified document/
In Acrobat Pro 9, I created a certified document by selecting "Certify with out Visible Signature." I tried all three settings in "Permitted Changes after Certifying" but my PDF still does not allow commenting in Reader. The PDF allowed commenting before I certified it---how can I enable commenting after certification?
Tags are independent of PDF page content. Removing/deleting a page or page(s) does not remove anything in the PDF's structure tree.
As Full Check is looking at the structure tree the report reflects what is present there.
In the Tags panel walk the structure tree to locate the Table tags. Delete these.
Be well... -
I need to use the PDF editor so I can sign or edit documents already on pdf format. Please advise?
I need to use the PDF editor so I can sign or edit documents already on pdf format. Please advise?
As per my understanding , To disable the field RV45A-KWMENG based on the condition for Transaction VA01/VA02.
The conditions which i need to check is Order Type and item category.
I understand that this is the code which i need to insert for disabling the field but i have a question here, where is the condition here and how the system understand for this field RV45A-KWMENG it has to disable. I think we need give the condition as if RV45A-KWMENG....... Another one if iam not wrong we need check that it has to be done in VA01 and VA02 then only this condition should be executed.
IF VBAK-AUART EQ 'XXX' OR VBAP-PSTYV EQ TANN .
IF SCREEN-NAME = 'XXX'.
SCREEN-ACTIVE = 0
ENDIF.
ENDIF.
Please suggest me the better way how can i do it in the coding.
Awaiting for ur prompt reply. -
How can I make my form be a certified document?
Hi all,
In my form, I want to export xml by using the script "Reference_Syntax.exportData( [ STRING param1 [, BOOLEAN param2 ] ])",
for example, xfa.host.exportData("filename.xml",0).
However, it is invalid.
It says that "This parameter1 is only valid on certified documents where the user has sufficient
permissions".
But how can I make my form be a certified document, or how can I get the sufficient permissions?
Script "xfa.host.exportData("",0)" can be valid, but what I need is specifying the location and file name so that users can export xml just by clicking the button.
Can I achieve this function?
Waiting for your reply, thanks a lot!
ElliePlease take a look at this discussion. Also, are your end users using Adobe Reader? If so, your document must be Reader Enabled withed LiveCycle RE to use the import / export xml functionality.
-
A signed letter or document for the IRS?
I'd like to create an iTunes Connect account to publish iBooks in your store, after creating them with iBooks Author. You've specified that, in order to create such an iTunes Connect account, I need a U.S. Tax ID. In order to request one from the IRS, I've been requested (by the IRS) to supply, and I quote, "A signed letter or document from the withholding agent, on official letterhead, showing your name and verifying that an ITIN is required to make distributions to you during the current tax year that are subject to IRS information reporting or federal tax withholding."
I'd like to request such a signed letter or document from Apple, but with no luck. What may I do?I'm going to send off my W7 with the letter provided by Amazon with a link And full details provided on this website
https://kdp.amazon.com/self-publishing/help?topicId=A1VDYJ32T5D3U4
Maybe as Amazon have been at this for so long they have dealt with all the hurdles involved. Maybe someone from Apple should have taken a look at this information.
I've been so disappointed with the support from Apple, that I will publish my first book, written without the use of iBooks Author on Amazon. -
Signed letter or document from the withholding agent (Apple).ITIN-IRS
Hello:
I'm from Spain.
I'm trying to publish an ibook with Ibooks Author, and I need an ITIN number from de IRS.
The problem was the following:
you will need a signed letter or document from the withholding agent (Apple), on official letterhead, showing your name and evidencing that an ITIN is required to make distribution to you during the current tax year that are subject to IRS reporting or Federal withholding.
Is possible to contact with Apple for to receive the letter required?
is an impossible mission?
I need help, and I reed a lot of discussions, but i can't see the correct answer.
Thanks and best regards.
Viaje SingularNo one has needed the letter from Apple? I'm the only earthling who need a letter from Apple? For to get the ITIN my manager asks me this letter...
Help needed from Spain.
Thanks. -
Why can't I sign a PDF document?
When I select the "Sign" pane, all of the options are greyed-out. What is wrong and how can I fix it?
That depends on the document, though some people are also reporting problems with the lastest Reader update. If the document is secured ij a way that would preclude adding e-signatures, you won't be able to add them. If you're wanting to digitally sign, then the document needs to be specifically enabled for this, either by Acrobat Pro or LiveCycle Reader Extensions. THis is something the creator of the document must do before distributing it.
-
Problem Digitally signing an xml document "Cannot resolve element"
I am trying to sign a cXML document. I try to add 3 references to the XMLSignatureFactory but when it hits the 2nd on it throws an error "Cannot resolve element with ID cXMLData". How come I can't add more than 1?
Here is the stack trace :
java.lang.RuntimeException: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.res olver.ResourceResolverException: Cannot resolve element with ID cXMLData
at com.praxair.security.b2b.CXMLDigitalSig.sign(CXMLD igitalSig.java:303)
at com.praxair.security.b2b.CXMLDigitalSig.main(CXMLD igitalSig.java:359)
Java Code:
public class CXMLDigitalSig
private XMLSignatureFactory factory;
private KeyStore keyStore;
private KeyPair keyPair;
private KeyInfo keyInfo;
private X509Certificate signingCert;
public CXMLDigitalSig()
private void loadCert() throws Exception
//String keystoreFile = config.getString(KEY_STORE_FILE);
//String password = config.getString(KEY_STORE_PASSWORD);
//String alias = config.getString(KEY_STORE_ALIAS);
String keystoreFile = "C:\\cxmlsign\\teststore";
String password = "xxxxx";
String alias = "xxxxx (thawte ssl ca)";
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
File file = new File(keystoreFile);
FileInputStream inStream = new FileInputStream(file);
char [] passAsChar = password.toCharArray();
keyStore.load(inStream, passAsChar);
inStream.close();
String providerName = System.getProperty("jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
factory = XMLSignatureFactory.getInstance("DOM", (Provider) Class
.forName(providerName).newInstance());
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore
.getEntry(alias, new KeyStore.PasswordProtection(passAsChar));
signingCert = (X509Certificate) entry.getCertificate();
keyPair = new KeyPair(entry.getCertificate().getPublicKey(),
entry.getPrivateKey());
KeyInfoFactory kFactory = factory.getKeyInfoFactory();
keyInfo = kFactory.newKeyInfo(Collections.singletonList(kFactory
.newX509Data(Collections.singletonList(entry
.getCertificate()))));
* This method returns the message digest for given certificate.
* @param cert
* @return
* @throws NoSuchAlgorithmException
* @throws CertificateEncodingException
private static String getThumbPrint(X509Certificate cert)
throws NoSuchAlgorithmException, CertificateEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = cert.getEncoded();
md.update(der);
byte[] digest = md.digest();
return hexify(digest);
private static String hexify(byte bytes[]) {
char[] hexDigits = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f' };
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
return buf.toString();
* Adds an enveloped signature to the given document. The signature is
* generated as per the CXML specfication outlined in the CXML user guide.
* This method creates the signature and three references and also the XADES
* information.
public void sign(Element cxmlElement, String payloadId) throws SQLException {
Reference ref1;
Reference ref2;
Reference ref3;
List<Reference> refs = new ArrayList<Reference>();
SignedInfo signedInfo;
try {
ref1 = factory.newReference("#cXMLSignedInfo",
factory.newDigestMethod(DigestMethod.SHA1, null), null,
null, null);
refs.add(ref1);
ref2 = factory.newReference("#cXMLData",
factory.newDigestMethod(DigestMethod.SHA1, null), null,
null, null);
refs.add(ref2);
ref3 = factory.newReference("#XAdESSignedProps",
factory.newDigestMethod(DigestMethod.SHA1, null));
refs.add(ref3);
signedInfo = factory.newSignedInfo(factory
.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null), factory
.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (InvalidAlgorithmParameterException e) {
throw new RuntimeException(e);
List<DOMStructure> xmlObjSignedInfo = new ArrayList<DOMStructure>();
Element signedInfoElement = createElement(cxmlElement,
"cXMLSignedInfo", null, null);
signedInfoElement.setAttributeNS(null, "Id", "cXMLSignedInfo");
signedInfoElement.setAttributeNS(null, "payloadID", payloadId);
signedInfoElement.setAttributeNS(null, "signatureVersion", "1.0");
DOMStructure signedInfoStruct = new DOMStructure(signedInfoElement);
xmlObjSignedInfo.add(signedInfoStruct);
String xadesNS = "http://uri.etsi.org/01903/v1.1.1#";
// Create the necessary XADES information as outlined in the CXML
// specification
Element QPElement = createElement(cxmlElement, "QualifyingProperties",
"xades", xadesNS);
QPElement.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns:xades", xadesNS);
QPElement.setAttributeNS(null, "Target", "#cXMLSignature");
Element SPElement = createElement(cxmlElement, "SignedProperties",
"xades", xadesNS);
SPElement.setAttributeNS(null, "Id", "XAdESSignedProps");
IdResolver.registerElementById(SPElement, "XAdESSignedProps");
QPElement.appendChild(SPElement);
Element signedSPElement = createElement(cxmlElement,
"SignedSignatureProperties", "xades", xadesNS);
Element signingTimeElement = createElement(cxmlElement, "SigningTime",
"xades", xadesNS);
SimpleDateFormat dateFormatter = new SimpleDateFormat(
"yyyy-MM-dd'T'HH:mm:ss");
signingTimeElement.appendChild(cxmlElement.getOwnerDocument()
.createTextNode(dateFormatter.format(new Date())));
signedSPElement.appendChild(signingTimeElement);
SPElement.appendChild(signedSPElement);
String certDigest = "";
try {
certDigest = getThumbPrint(signingCert);
} catch (CertificateEncodingException ce) {
throw new RuntimeException(ce);
} catch (NoSuchAlgorithmException ne) {
throw new RuntimeException(ne);
Element signingCertificateElement = createElement(cxmlElement,
"SigningCertificate", "xades", xadesNS);
Element certElement = createElement(cxmlElement, "Cert", "xades",
xadesNS);
Element certDigestElement = createElement(cxmlElement, "CertDigest",
"xades", xadesNS);
Element digestMethodElement = createElement(cxmlElement,
"DigestMethod", "ds", XMLSignature.XMLNS);
digestMethodElement
.setAttributeNS(null, "Algorithm", DigestMethod.SHA1);
Element digestValueElement = createElement(cxmlElement, "DigestValue",
"ds", XMLSignature.XMLNS);
digestValueElement.appendChild(cxmlElement.getOwnerDocument()
.createTextNode(certDigest));
Element issuerSerialElement = createElement(cxmlElement,
"IssuerSerial", "xades", xadesNS);
Element x509IssuerNameElement = createElement(cxmlElement,
"X509IssuerName", "ds", XMLSignature.XMLNS);
x509IssuerNameElement
.appendChild(cxmlElement.getOwnerDocument().createTextNode(
signingCert.getIssuerX500Principal().toString()));
Element x509IssuerSerialNumberElement = createElement(cxmlElement,
"X509IssuerSerialNumber", "ds", XMLSignature.XMLNS);
x509IssuerSerialNumberElement.appendChild(cxmlElement
.getOwnerDocument().createTextNode(
signingCert.getSerialNumber().toString()));
certDigestElement.appendChild(digestMethodElement);
certDigestElement.appendChild(digestValueElement);
certElement.appendChild(certDigestElement);
issuerSerialElement.appendChild(x509IssuerNameElement);
issuerSerialElement.appendChild(x509IssuerSerialNumberElement);
certElement.appendChild(issuerSerialElement);
signingCertificateElement.appendChild(certElement);
signedSPElement.appendChild(signingCertificateElement);
DOMStructure qualifPropStruct = new DOMStructure(QPElement);
List<DOMStructure> xmlObjQualifyingProperty = new ArrayList<DOMStructure>();
xmlObjQualifyingProperty.add(qualifPropStruct);
XMLObject objectSingedInfo = factory.newXMLObject(xmlObjSignedInfo,
null, null, null);
XMLObject objectQualifyingProperty = factory.newXMLObject(
xmlObjQualifyingProperty, null, null, null);
// Create the ds:object tags
List<XMLObject> objects = new ArrayList<XMLObject>();
objects.add(objectSingedInfo);
objects.add(objectQualifyingProperty);
XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo,
objects, "cXMLSignature", null);
DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
cxmlElement);
signContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
try {
signature.sign(signContext);
} catch (MarshalException e) {
throw new RuntimeException(e);
} catch (XMLSignatureException e) {
throw new RuntimeException(e);
private Element createElement(Element element, String tag, String prefix,
String nsURI) {
String qName = prefix == null ? tag : prefix + ":" + tag;
return element.getOwnerDocument().createElementNS(nsURI, qName);
X509Certificate getSigningCert() {
return signingCert;
private static String readFileAsString(String filePath) throws java.io.IOException
byte[] buffer = new byte[(int) new File(filePath).length()];
BufferedInputStream f = null;
try {
f = new BufferedInputStream(new FileInputStream(filePath));
f.read(buffer);
} finally {
if (f != null) {
try {
f.close();
} catch (IOException ignored) {
return new String(buffer);
public static void main(String args[])
System.out.println("start");
CXMLDigitalSig cXMLDigitalSig = new CXMLDigitalSig();
try
cXMLDigitalSig.loadCert();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
String cXML = readFileAsString("C:\\cxmlsign\\cxml.xml");
Document cxmlDocument = dbf.newDocumentBuilder()
.parse(new ByteArrayInputStream(cXML
.getBytes("UTF-8")));
System.out.println(cxmlDocument.getDocumentElement().getTagName());
cXMLDigitalSig.sign(cxmlDocument.getDocumentElement(), "55");
catch(Exception e)
//System.out.println(e.getMessage());
System.out.println(getStackTrace(e));
System.out.println("end");
public static String getStackTrace(Throwable aThrowable) {
final Writer result = new StringWriter();
final PrintWriter printWriter = new PrintWriter(result);
aThrowable.printStackTrace(printWriter);
return result.toString();
}Edited by: sabre150 on Jan 18, 2012 1:57 PM
Moderator action : added [ code ] tags to format source codeI am trying to sign a cXML document. I try to add 3 references to the XMLSignatureFactory but when it hits the 2nd on it throws an error "Cannot resolve element with ID cXMLData". How come I can't add more than 1?
Here is the stack trace :
java.lang.RuntimeException: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.res olver.ResourceResolverException: Cannot resolve element with ID cXMLData
at com.praxair.security.b2b.CXMLDigitalSig.sign(CXMLD igitalSig.java:303)
at com.praxair.security.b2b.CXMLDigitalSig.main(CXMLD igitalSig.java:359)
Java Code:
public class CXMLDigitalSig
private XMLSignatureFactory factory;
private KeyStore keyStore;
private KeyPair keyPair;
private KeyInfo keyInfo;
private X509Certificate signingCert;
public CXMLDigitalSig()
private void loadCert() throws Exception
//String keystoreFile = config.getString(KEY_STORE_FILE);
//String password = config.getString(KEY_STORE_PASSWORD);
//String alias = config.getString(KEY_STORE_ALIAS);
String keystoreFile = "C:\\cxmlsign\\teststore";
String password = "xxxxx";
String alias = "xxxxx (thawte ssl ca)";
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
File file = new File(keystoreFile);
FileInputStream inStream = new FileInputStream(file);
char [] passAsChar = password.toCharArray();
keyStore.load(inStream, passAsChar);
inStream.close();
String providerName = System.getProperty("jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
factory = XMLSignatureFactory.getInstance("DOM", (Provider) Class
.forName(providerName).newInstance());
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore
.getEntry(alias, new KeyStore.PasswordProtection(passAsChar));
signingCert = (X509Certificate) entry.getCertificate();
keyPair = new KeyPair(entry.getCertificate().getPublicKey(),
entry.getPrivateKey());
KeyInfoFactory kFactory = factory.getKeyInfoFactory();
keyInfo = kFactory.newKeyInfo(Collections.singletonList(kFactory
.newX509Data(Collections.singletonList(entry
.getCertificate()))));
* This method returns the message digest for given certificate.
* @param cert
* @return
* @throws NoSuchAlgorithmException
* @throws CertificateEncodingException
private static String getThumbPrint(X509Certificate cert)
throws NoSuchAlgorithmException, CertificateEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = cert.getEncoded();
md.update(der);
byte[] digest = md.digest();
return hexify(digest);
private static String hexify(byte bytes[]) {
char[] hexDigits = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f' };
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
return buf.toString();
* Adds an enveloped signature to the given document. The signature is
* generated as per the CXML specfication outlined in the CXML user guide.
* This method creates the signature and three references and also the XADES
* information.
public void sign(Element cxmlElement, String payloadId) throws SQLException {
Reference ref1;
Reference ref2;
Reference ref3;
List<Reference> refs = new ArrayList<Reference>();
SignedInfo signedInfo;
try {
ref1 = factory.newReference("#cXMLSignedInfo",
factory.newDigestMethod(DigestMethod.SHA1, null), null,
null, null);
refs.add(ref1);
ref2 = factory.newReference("#cXMLData",
factory.newDigestMethod(DigestMethod.SHA1, null), null,
null, null);
refs.add(ref2);
ref3 = factory.newReference("#XAdESSignedProps",
factory.newDigestMethod(DigestMethod.SHA1, null));
refs.add(ref3);
signedInfo = factory.newSignedInfo(factory
.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null), factory
.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (InvalidAlgorithmParameterException e) {
throw new RuntimeException(e);
List<DOMStructure> xmlObjSignedInfo = new ArrayList<DOMStructure>();
Element signedInfoElement = createElement(cxmlElement,
"cXMLSignedInfo", null, null);
signedInfoElement.setAttributeNS(null, "Id", "cXMLSignedInfo");
signedInfoElement.setAttributeNS(null, "payloadID", payloadId);
signedInfoElement.setAttributeNS(null, "signatureVersion", "1.0");
DOMStructure signedInfoStruct = new DOMStructure(signedInfoElement);
xmlObjSignedInfo.add(signedInfoStruct);
String xadesNS = "http://uri.etsi.org/01903/v1.1.1#";
// Create the necessary XADES information as outlined in the CXML
// specification
Element QPElement = createElement(cxmlElement, "QualifyingProperties",
"xades", xadesNS);
QPElement.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns:xades", xadesNS);
QPElement.setAttributeNS(null, "Target", "#cXMLSignature");
Element SPElement = createElement(cxmlElement, "SignedProperties",
"xades", xadesNS);
SPElement.setAttributeNS(null, "Id", "XAdESSignedProps");
IdResolver.registerElementById(SPElement, "XAdESSignedProps");
QPElement.appendChild(SPElement);
Element signedSPElement = createElement(cxmlElement,
"SignedSignatureProperties", "xades", xadesNS);
Element signingTimeElement = createElement(cxmlElement, "SigningTime",
"xades", xadesNS);
SimpleDateFormat dateFormatter = new SimpleDateFormat(
"yyyy-MM-dd'T'HH:mm:ss");
signingTimeElement.appendChild(cxmlElement.getOwnerDocument()
.createTextNode(dateFormatter.format(new Date())));
signedSPElement.appendChild(signingTimeElement);
SPElement.appendChild(signedSPElement);
String certDigest = "";
try {
certDigest = getThumbPrint(signingCert);
} catch (CertificateEncodingException ce) {
throw new RuntimeException(ce);
} catch (NoSuchAlgorithmException ne) {
throw new RuntimeException(ne);
Element signingCertificateElement = createElement(cxmlElement,
"SigningCertificate", "xades", xadesNS);
Element certElement = createElement(cxmlElement, "Cert", "xades",
xadesNS);
Element certDigestElement = createElement(cxmlElement, "CertDigest",
"xades", xadesNS);
Element digestMethodElement = createElement(cxmlElement,
"DigestMethod", "ds", XMLSignature.XMLNS);
digestMethodElement
.setAttributeNS(null, "Algorithm", DigestMethod.SHA1);
Element digestValueElement = createElement(cxmlElement, "DigestValue",
"ds", XMLSignature.XMLNS);
digestValueElement.appendChild(cxmlElement.getOwnerDocument()
.createTextNode(certDigest));
Element issuerSerialElement = createElement(cxmlElement,
"IssuerSerial", "xades", xadesNS);
Element x509IssuerNameElement = createElement(cxmlElement,
"X509IssuerName", "ds", XMLSignature.XMLNS);
x509IssuerNameElement
.appendChild(cxmlElement.getOwnerDocument().createTextNode(
signingCert.getIssuerX500Principal().toString()));
Element x509IssuerSerialNumberElement = createElement(cxmlElement,
"X509IssuerSerialNumber", "ds", XMLSignature.XMLNS);
x509IssuerSerialNumberElement.appendChild(cxmlElement
.getOwnerDocument().createTextNode(
signingCert.getSerialNumber().toString()));
certDigestElement.appendChild(digestMethodElement);
certDigestElement.appendChild(digestValueElement);
certElement.appendChild(certDigestElement);
issuerSerialElement.appendChild(x509IssuerNameElement);
issuerSerialElement.appendChild(x509IssuerSerialNumberElement);
certElement.appendChild(issuerSerialElement);
signingCertificateElement.appendChild(certElement);
signedSPElement.appendChild(signingCertificateElement);
DOMStructure qualifPropStruct = new DOMStructure(QPElement);
List<DOMStructure> xmlObjQualifyingProperty = new ArrayList<DOMStructure>();
xmlObjQualifyingProperty.add(qualifPropStruct);
XMLObject objectSingedInfo = factory.newXMLObject(xmlObjSignedInfo,
null, null, null);
XMLObject objectQualifyingProperty = factory.newXMLObject(
xmlObjQualifyingProperty, null, null, null);
// Create the ds:object tags
List<XMLObject> objects = new ArrayList<XMLObject>();
objects.add(objectSingedInfo);
objects.add(objectQualifyingProperty);
XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo,
objects, "cXMLSignature", null);
DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
cxmlElement);
signContext.putNamespacePrefix(XMLSignature.XMLNS, "ds");
try {
signature.sign(signContext);
} catch (MarshalException e) {
throw new RuntimeException(e);
} catch (XMLSignatureException e) {
throw new RuntimeException(e);
private Element createElement(Element element, String tag, String prefix,
String nsURI) {
String qName = prefix == null ? tag : prefix + ":" + tag;
return element.getOwnerDocument().createElementNS(nsURI, qName);
X509Certificate getSigningCert() {
return signingCert;
private static String readFileAsString(String filePath) throws java.io.IOException
byte[] buffer = new byte[(int) new File(filePath).length()];
BufferedInputStream f = null;
try {
f = new BufferedInputStream(new FileInputStream(filePath));
f.read(buffer);
} finally {
if (f != null) {
try {
f.close();
} catch (IOException ignored) {
return new String(buffer);
public static void main(String args[])
System.out.println("start");
CXMLDigitalSig cXMLDigitalSig = new CXMLDigitalSig();
try
cXMLDigitalSig.loadCert();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
String cXML = readFileAsString("C:\\cxmlsign\\cxml.xml");
Document cxmlDocument = dbf.newDocumentBuilder()
.parse(new ByteArrayInputStream(cXML
.getBytes("UTF-8")));
System.out.println(cxmlDocument.getDocumentElement().getTagName());
cXMLDigitalSig.sign(cxmlDocument.getDocumentElement(), "55");
catch(Exception e)
//System.out.println(e.getMessage());
System.out.println(getStackTrace(e));
System.out.println("end");
public static String getStackTrace(Throwable aThrowable) {
final Writer result = new StringWriter();
final PrintWriter printWriter = new PrintWriter(result);
aThrowable.printStackTrace(printWriter);
return result.toString();
}Edited by: sabre150 on Jan 18, 2012 1:57 PM
Moderator action : added [ code ] tags to format source code -
When I try to sign a PDF document, I get this error:
"The windows Crypttographic Service Provider reported and error: The security token does not have storage space available for an additional container. Error code 2148073507".
Anyone have an Idea?Per the OP, the issue is that the previous version of the users certificates have not been removed
from windows.
To do this (I only know the process through I.E.):
1 - Open Internet Explorer
2 - Alt-T to open the tools menu and select Internet Options
3 - Choose the Content Tab and select Certificates
You will most likely see your 3 previous certificates, your CURRENT certificates and possibly other users certificates.
4 - REMOVE the LOWER "CA" numbered certificates by selecting them and clicking "Remove".
5 - Close IE
6 - Close Any Adobe Acrobat Documents
7 - Re-open the document you want to sign and it should work.
IF You only had your OLD certificates, you can add your new certificates by opening Active Client
1a. Choose Tools
2a. Choose Advanced
3a. Select Make Certificates Available To Windows
Hope this helps whoever comes across this in the future. -
Is it possible to edit/comment/markup a certified document? Perhaps I need to save it first, but that choice is not available. The documents originate as certified documents (verisign) from the US government printing office. After download, permissions do not allow commenting. Is there a way to save them such that they are "de certified" and commentable?
Is it possible to edit/comment/markup a certified document? Perhaps I need to save it first, but that choice is not available. The documents originate as certified documents (verisign) from the US government printing office. After download, permissions do not allow commenting. Is there a way to save them such that they are "de certified" and commentable?
Maybe you are looking for
-
How to embed user credentials in Secured Web Service from OBIEE 11gFMW?
I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic. Here are the steps I completed: - I exposed a WSDL web service in EBS R1
-
HT1977 How do i get my money back for an app if it doesn't work?
How do i get my money back for an app if it doesn't work?
-
EBS Data model Guide / Technical Referece Document |
Hi All, I am working on Informatica/OBIEE and our source is EBS, with Finance Module. I am looking for a Technical Reference Guide/ Data model guide, which gives complete information on Tables involved in Finance module in EBS. I am not able to find
-
Impact of Changing existing system international to Country specific(24)
Dear Experts, Current system has to two company code - A & B with international payroll. Client is adding two more company code say eg. C & D as roll out process with country specific (24).we are planing to change existing company code(A & B) in to
-
MacBook pro keyboard doesn't light up all the way, I don't know why and I was wondering how much it could cost for repairs.