Trusted Central Signing Service - API - Document Seal

Prerequisites

- Seal certificate (p12) stored as a resource in PhenixID Autentication Services

-

Enable HTTP for pipes

- Login to Configuration Manager

- Click Advanced

- Open HTTP Connections (click on the pen)

- Get the ID value of the HTTP Connection (ie, http listening port) you would like to use for pipes

- Open Modules (click on the pen)

- Add configuration properties to the pipes module. Example:

{
		"name": "com.phenixidentity~phenix-pipes",
		"singleton": "true",
		"config": {
			"http_enabled": "true",
			"http_configuration_ref": "<id_value_fetched_in_previous_step>"
		},
		"enabled": "true",
		"created": "2017-07-03T11:38:03.057Z",
		"id": "01ffd70e-b5fb-4c06-b040-b61760424bf6"
	}

- Click Stage Changes

- Click Commit Changes

- Restart PhenixID Authentication Services

Add pipe for seal

- Click the Advanced tab

- Open Pipes (Click on the pen)

- Add this pipe. Change the keyStore value to the ID of the keystore to use to seal the document.

{
		"id": "SealAppDocSignPipeAPI",
		"description": "Seal document via API ",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/seal",
		"http_response_content_type": "application/pdf",
		"http_response_body_item_property": "document",
		"valves": [
			{
				"name": "ItemCreateValve",
				"config": {
					"dest_id": "temp"
				}
			},
			{
				"name": "PropertyAddValve",
				"config": {
					"name": "b64",
					"value": "{{request.body}}"
				}
			},
			{
				"name": "PropertyBase64DecoderValve",
				"config": {
					"source": "b64",
					"dest": "temporary"
				}
			},
			{
				"name": "PDFSign",
				"config": {
					"sourceDataAttribute": "temporary",
					"targetDataAttribute": "document",
					"keyStore": "PhenixID_Demo_SEAL.p12"
				}
			},
			{
				"name": "PropertyRemoveValve",
				"config": {
					"name": "b64"
				}
			}
		]
	}

- Click Stage Changes

- Click Commit Changes

Add pipe for verification

- Click the Advanced tab

- Open Pipes (Click on the pen)

- Add this pipe.

This pipe will only verify the signature(s), not the certificate(s). Please add/remove/change valves to suit your needs. Also, with SigningService additional valves are available. 

	{
		"id": "SealAppVerifyPipeAPI",
		"description": "Verify sealed document via API ",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/verifyseal",
		"valves": [
			{
				"name": "ItemCreateValve",
				"config": {
					"dest_id": "temp"
				}
			},
			{
				"name": "PropertyAddValve",
				"config": {
					"name": "b64",
					"value": "{{request.body}}"
				}
			},
			{
				"name": "PropertyBase64DecoderValve",
				"config": {
					"source": "b64",
					"dest": "temporary"
				}
			},
			{
				"name": "PropertyRemoveValve",
				"enabled": "true",
				"config": {
					"name": "b64"
				}
			},
			{
				"name": "PDFVerifySignature",
				"config": {
					"sourceDataAttribute": "temporary"
				}
			},
			{
				"name": "ItemRemoveValve",
				"enabled": "true",
				"config": {
					"item_include_expr": "true"
				}
			}
		]
	}

- Click Stage Changes

- Click Commit Changes

Test

Test by using a rest client, such as Google Chrome Postman. Follow this guide.