Signing .cat files

Similar Messages

• URLClassLoader + dynamically loading signed jar files

  I have an applet that does not know all of the jar files it will need to load at startup.
  I would like to dynamically load these signed jar files using the URLClassLoader, however it does not recognize these jar files as being signed and I get java.security.AccessControlException: access denied errors.
  Any suggestions?
  Thanks!

  Try this classloader for loading the jars, it should to the trick:
  import java.net.URL;
  import java.net.URLClassLoader;
  import java.net.URLStreamHandlerFactory;
  import java.security.AllPermission;
  import java.security.CodeSource;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  public class AllPermissionsClassLoader extends URLClassLoader {
      public AllPermissionsClassLoader (URL[] urls) {
          super(urls);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent) {
          super(urls, parent);
          System.out.println(parent);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) {
          super(urls, parent, factory);
      protected PermissionCollection getPermissions (CodeSource codesource) {
          Permissions permissions = new Permissions();
          permissions.add(new AllPermission());
          return permissions;
  }

• What values to place in signer.properties file for Webutil configuration

  Hi. I'm not sure of what value to place in JDK_HOME in signer.properties for Webutil configuration. My current settings are:
  JDK_HOME=D:\ora9i\jdk
  JINIT_HOME=C:\Archivos de programa\Oracle\JInitiator 1.3.1.13
  #Certificate settings:
  # These are used to generate the initial signing certificate
  # Change them to suite your organisation
  DN_CN=Product Management
  DN_OU=Development Tools
  DN_O=Oracle
  DN_C=US
  JAR_KEY=webutil
  JAR_KEY_PASSWORD=webutil
  Is JDK_HOME the jdk for oracle or SDK for windows machine(how to find?)?. Also how do i repeat the process of makecert and signing of webutil.jar and jacob.jar?. If i try to repeat this process I get the following warnings or error?
  Makecert:
  keytool error: java.lang.Exception: Key pair not generated, alias <webutil> already exists
  Certificate created...

  JDK_HOME is just the location of a Java distribution with Keytool in it - have a look at the signer batch file and you'll see how each variable is used. Also if you run keytool from the command prompt it will show you the commands to delete and existing Key or list the keys that are currently stored.

• How to automate digital signing PDF Files in batch

  I am trying to find a way to automate as much as possible the placing of a digital signature on a set of PDF documents.  We have Adobe Acrobat Pro 8.1 and the machine has MS Office 2003 with Vista Business.  Here's a scenario:  A set of documents exist in a TO-BE-SIGNED folder, each unsigned.  The user uses MS Access 2003 form with a button with VBA code to open and show the first document in the folder.  The AcroExch.App, AcroExch.AVDoc, and AcroApp.Show APIs are used to do this.  I found code on the internet to do that.  Rather than having my client now have to go through all the manual steps to place a digital signature on the document, I want to streamline it to a single click if possible.  Right now he has to click Advanced > Sign and Certify > Place Signature > then click and drag > then enter his password > then click sign > then save and close the doc.  Can all this be automated?  An added bonus would be automatically saving or moving the signed doc to a different folder when it is signed.
  I have created a stamp that allows me to add a stamp with just two clicks.  Can such be done to add a digital signature?  Is it possible to add a button to the toolbar to do this?  Can it be done in Access VBA using some Acrobat API calls?  Another feature I want to include is moving quickly from one document to the next in the TO-BE-SIGNED folder.  Like the arrow buttons take you from page to page, can a button be added to the Acrobat toolbar to take you from doc to doc in a particular folder?  Or can that be done using VBA and some Acrobat API calls?  To maintain the security of the password protection and yet cut down on clicks and keystrokes, I would like to input the password just once at the beginning of the session and have it remembered or applied to all the docs that get signed as long as that session is open.
  I've found some software that purports to do much of the above, but they are all very expensive and assume a big business with big bucks.  If anyone knows of inexpensive software that will REALLY do this, I'm open to that as well, though I'd like to control the process myself if possible.  I consider myself a beginner with Acrobat and using API calls and would appreciate any help anyone can give.  Is the above clear and even possible?
  PS:  I'm new to this site and using SDK.  I posted this under Security (thinking digital signatures) and was asked to post it here, which I'm glad to do.
  Thanks much!

  Our workflow is such that on infrequent occasions, we have a digitally signed PDF file and the doctor wants to append a scanned note to it.  In the past, we could do this, but not now.  In the past, when we added the scanned doc, we received a message saying that the doc is already signed and asking if we want to overrwrite the doc.  If we respond Yes, then Acrobat would allow it and the signature would indicate that the original part of the document was not modified, but that something had been changed--namely, a doc had been appended.  The signature indicated that something had changed since it was added, but it still allowed the append.  The signature would have an exclamation point in a yellow triangle indicating the doc had been updated since signed.  For our purposes, that was okay because we know what the change is based on the original doc and we know what is appended.  Now, however, we cannot append at all.  The only thing that is different that I know of is that the doc was signed with software that is not Adobe Acrobat, even though the other software uses an Adobe Acrobat self-created digital signature.
      I hope I've explained that clearly enough.
  Thanks for your help.

• How to remove password-encryption in a signed PDF file?

  I can open a password-encryption and digitally signed PDF file using Acrobat X Standard but cannot remove the password protection.
  Can anyone help me remove the password encryption?  The Acrobat only allows to set passsord encryption before adding digital signature to a PDF file.  Can I sign a PDF file and then encrypt it with password?  Thanks.

  Removing the security, if it is possible, would destroy the signature.
  Encrypting a signed PDF would destroy the signature.
  This is because signatures validate the file exactly as it is, and changes to the file break the signature by design. Setting security is a change to the PDF (a big change).

• How can i add update signed jar file

  I am developing an applet which requires signing to run in a browser.
  I am developing supporting classes. But these class files have to be added
  to the jar. Isnt it??
  But to test the applet i need to load it in the browser each time i modify the class files. So the jar file need to be updated every time. But an
  IOError
  is being displayed when i try to update the signed jar file.
  How can i update signed jar file?? Or is there any othe way to test the signed applet during development??

  How can i update signed jar file?You can't, the signature is there to make sure the content of the jare hasn't been messed
  with.
  Either recreate the jar and re sign it or set up a policy during testing.

• Signing exe files

  Does anyone add a (company) signature to their Cap4 produced exe files? We try to sign all our executables and had no problems with Cap3 but are now having problems. The signed exe doesn't run, error screen shots attached below.
  Some details... I'm using the aggregator to publish the .exe. All the swf files within the aggregator are swf files published with Flash Player 9. The exe runs fine before the signature.
  Here is some information on how we sign the files:
  We use signtool.exe to digitally sign files. This is a program distributed by Microsoft, here is a link to the documentation:
  http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx
  We also tried to sign the file using InstallShield 2008. This program signs all of our installs (exe files). We have never had any problems up to this point with any signed files.
  Thanks,
  Janet

  Hi there
  From past experience the $ is not a valide integer error results when a .EXE attempts to open a SWF and the EXE cannot locate the SWF.
  Hopefully that information may help guide you in where to look.
  This one is new for Aggregator EXE files. I've not seen it reported before. You should probably file a bug report to Adobe about it.
  Cheers... Rick
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks

• Is it possible to verify a signed jar-file from a program?

  Is it possible to verify a signed jar-file from a program
  (using some API) likewise jarsigner does?

  Is it possible to verify a signed jar-file from a
  program
  (using some API) likewise jarsigner does?Hi,
  You would have to open the jarfile, read each jar entry and for each of them do a getCertificates() and then in turn verify each certificate with the public key of the enclosed certificates in the jar file.
  An easier solution would be to use the verify flag of the JarFile or JarInputStream.
  Hope it helps..
  Cheers,
  Vijay

• Turning off jar cache causes classnotfound with signed jar files

  Hi,
  I have a problem with applet signed jars when the java cache is turned off.
  With the cache turned off, I get a class not found for the first class it attempts to use from the signed jar file from an applet.
  If I turn the jar caching on, all works perfectly with no other changes.
  Anyone have any ideas? This is java 6u16.
  Thanks

  jkc532 wrote:
  .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
  ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

• Three questions about signed jar file and applet

  I use three signed jar file. Each of them signed by different certificate. First of JARs contain applet class. When I start applet from html page I see message &#8220;This applet was signed by&#8230;&#8230; but Java cannot verify it&#8230; Do you trust&#8230;?&#8221;. All times I press &#8220;Yes I trust&#8221; and after this questions applet stop to work end exit. If I use only one certificate for signing of three JARs then applet continue to work after question. 1) What should I do to fix this bug? 2) Is it any method to check from applet that user press Trust button? Is it any method to emulate work of SecurityManager to check that Certificate object is trusted (I want do call some method check(Certificate) and if certificate is not trusted I want to see message with question: &#8220;Do you want to trust this certificate&#8221; and so on)?

  Hello Jarman,
  1. If I have a signed jar file, then as long as the
  certificate is recognised as trusted that applet can
  run as a fully trusted application on the client
  machine. So I should not have to add lines such as
  permission java.lang.RuntimePermission
  "readFileDescriptor", "read" ;
  permission java.lang.RuntimePermission
  "writeFileDescriptor", "write" ;
  to my java.policy file. true/false ?true
  2. If I am running a signed jar file in the Java
  plugin then I do not need to have a verisign or thawte
  certificate (however to allow my certificate to be
  accepted I do have to import it into the cacerts file
  on the client machine). True/false?true
  3. Following on from question 2, if I want to be able
  to run an applet on a client machine, without messing
  around with ANY files on those machines, I need a
  verisign or thawte certificate. True/false?true
  4. (And finally) Apart from a security exception
  saying that I need to add one of the lines like those
  of question 1, is there any way I can get other debug
  information as to why the signed jar file is not being
  recognised as signed?No. This could be a problem of importing your certifcate into the wrong place.
  The information on the following link is a little bit dated but it helped me to successfully install a testcertificate and sign an applet with it.
  http://www.suitable.com/Doc_CodeSigning.shtml

• How to create and sign CAB files info on Supplement Option

  To all Supplement Option subscribers:
  At the supplement option for iDevelopment Accelerators, I uploaded a zip with detailed info on how to create and sign CAB files (necessary when you are running your application on the Native IE Java Virtual Machine).
  Not all functionality provided to you through JInitiator will work (e.g. WebUtil doesn't) but the way how to make and sign a CAB file will become more easy.
  Cheers,
  Marc Vahsen
  Headstart Team

  This defeats the purpose of trying to centralize SAP-related web resources on the SAP server. Typically IIS/Apache or other non-SAP servers are under the control of IT and not the SAP BASIS group.
  We simply would like to have a centralized location to store static web files so that they are not overwritten during Portal support pack applications.

• Where should the Green Tick get displayed in digitally signed pdf files in whom the Signature has been validated ?

  I have Windows 7 & Adobe 11 installed on my P.C (Apart from other Software) . Recently I downloaded Digitally Signed .pdf files & validated the Signature with Trust Certificates . However , the Green Tick Mark is coming on the left-hand side of a blue panel situated in-between the menu bar & the document . Shouldn't it be coming at the bottom right side of the document (Just above the name of the signatory) ? Is there anyway I can get the green tick to display at the bottom right side of the document or is this just the way the green tick gets displayed in current versions of adobe reader ?
  This is the way it gets displayed on the top - left portion of the screen :
  However , it does not get displayed in the below manner :

  First of all, you need an app on the iPad that can read those files that you want to transfer. Adobe Reader and iBooks are two free apps that will read PDF files. Adobe Reader is much more robust than iBooks as it offers so many more features like renaming files, creating folders, annotating, highlights, etc.
  Download Adobe Reader in the App Store. Then read this about file sharing with iTunes.
  iOS: About File Sharing - Support - Apple
  There are other ways to get files to the iPad, like email, DropBox and some other apps that let you mount your iPad like a flash drive.
  This should be helpful as well.
  iTunes 11 for Mac: Set up syncing for iPod, iPhone, or iPad

• Signed JNLP file doesn't match JNLP file on webserver?

  Hi,
  using Java 1.6.0(_13) Webstart says, that the JNLP file is not signed.
  So I added my JNLP file as JNLP-INF/APPLICATION.JNLP into the client jar.
  I signed my jar with my cert from thawte and copied the JNLP file to the unix webserver.
  Now Webstart says that the JNLP file from the webserver doesn't match with the signed one.
  Does anyone have some practical experience with signing JNLP files and knows the common pitfalls.
  What are the issues that could let this fail, CR/LF or a bug ?
  Best regards

  Its from an Android device?  Maybe incompatible Java versions.  In Utilities launch the Java Preferences app and look at the enabled version information (General tab).  Perhaps click the Restore Defaults button.

• Issue With Signed JNLP file

  Hello,
  There seems to be a restriction in signed JNLP files with regards to relative path set in codebase ?
  (when we set the codebase to be a full url of the download site it works.).
  The problem for us is we want JNLP file for dev and Prod to be identical and not having to hardcode
  download URL.
  We have a start.jnlp which start our app. All our jars are signed. To avoid the usual warning message
  we decided to sign the JNLP file and include JNLP-INF/APPLICATION.JNLP in our jar that contain the main file.
  //start.jnlpl and APPLICATION.JNLP have the following
  <?xml version="1.0" encoding="utf-8"?>
  <jnlp codebase="webstart" href="start.jnlp">
  </jnlp>
  Error/Exception
  BadFieldException[ The field <jnlp>codebase has an invalid value in the signed launch file: webstart,webstart]
       at com.sun.javaws.jnl.XMLUtils.getAttributeURL(Unknown Source)
       at com.sun.javaws.jnl.XMLFormat.parse(Unknown Source)
       at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
       at com.sun.javaws.LaunchDownload.checkSignedLaunchDescHelper(Unknown Source)
       at com.sun.javaws.LaunchDownload.checkSignedLaunchDesc(Unknown Source)
       at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
       at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
       at com.sun.javaws.Launcher.launch(Unknown Source)
       at com.sun.javaws.Main.launchApp(Unknown Source)
       at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
       at com.sun.javaws.Main$1.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Any input will be greatly appreciated.
  Thanks
  Jc

  >
  There seems to be a restriction in signed JNLP files with regards to relative path set in codebase ?
  (when we set the codebase to be a full url of the download site it works.).>That is a problem. Sun seems to think there are many forms of launching where the codebase must be explicitly set for the JNLP to work correctly, and this is one of them. In fact, the only time I know it will work with a relative codebase is when embedding an applet using JNLP - and then it has to have no codebase to work!
  >
  The problem for us is we want JNLP file for dev and Prod to be identical and not having to hardcode
  download URL.>But this is really a matter of approaching the problem the most efficient way, and I would argue that way is to write a build file which will make both versions of the application. It might require a more complicated build file (OK - it will require a more complicated build file), but once it is done you will barely notice any difference in build time, and you can get on with development.

• Using "done signing" increases file size 3 to 5 times !

  The new feature in Acrobat Reader 10.1.2 onwards is great - I can add a signature and a date.
  BUT if I use "done signing" the file size increases 3 to 5 times the original file size !  So I used File Save - and that worked well.
  Then I updated to 10.1.6 - and now the signature that I added is not "fixed" - it can be deleted or moved !
  We don't want to use digital signatures !!
  Any suggestions ?
  Thanks

  When you click the "Done Signing" button, the signature appearance and any text you added is flattened and becomes regular page contents and it won't be able to be moved or deleted as you describe. I also don't see a file size increase as you describe. Are you using an image for the signature and if so, how large is it (in bytes)?