ACTIONSCRIPT 3 Developer’s Guide en

ACTIONSCRIPT 3.0 DEVELOPER’S GUIDE
XML signature validation in AIR
Dereferencing URIs in enveloping and detached signatures
Adobe AIR 1.5 and later
When the signed data is located in the same document as the signature itself, the URIs in the references typically use
XPath or XPointer syntax to address the elements that are signed. The W3C Recommendation for XML Signature
Syntax and Processing only recommends this syntax, so you should base your implementation on the signatures you
expect to encounter (and add sufficient error checking to gracefully handle unsupported syntax).
The signature of an AIR application is an example of an enveloping signature. The files in the application are listed in
a Manifest element. The Manifest element is addressed in the Reference URI attribute using the string,
“#PackageContents”, which refers to the Id of the Manifest element:
ZMGqQdaRKQc1HirIRsDpeBDlaElS+pPotdziIAyAYDk=
cQK...7Zg==
MII...T4e
0/oCb84THKMagtI0Dy0KogEu92TegdesqRr/clXct1c=
P9MqtqSdqcqnFgeoHCJysLQu4PmbUW2JdAnc1WLq8h4=
OliRHRAgc9qt3Dk0m0Bi53Ur5ur3fAweIFwju74rFgE=
A dereferencer for validating this signature must take the URI string containing, "#PackageContents" from the
Reference element, and return the Manifest element in a ByteArray object. The “#” symbol refers to the value of an
element Id attribute.
Last updated 6/6/2012
865