Trusted Central Signing Service - API - Document Sign
Prerequisites
Enable HTTP for pipes
- Login to Configuration Manager
- Click Advanced
- Open HTTP Connections (click on the pen)
- Get the ID value of the HTTP Connection (ie, http listening port) you would like to use for pipes
- Open Modules (click on the pen)
- Add configuration properties to the pipes module. Example:
{
"name": "com.phenixidentity~phenix-pipes",
"singleton": "true",
"config": {
"http_enabled": "true",
"http_configuration_ref": "<id_value_fetched_in_previous_step>"
},
"enabled": "true",
"created": "2017-07-03T11:38:03.057Z",
"id": "01ffd70e-b5fb-4c06-b040-b61760424bf6"
}- Click Stage Changes
- Click Commit Changes
- Restart PhenixID Authentication Services
Add pipe for sign
- Click the Advanced tab
- Open Pipes (Click on the pen)
- Add this pipe.
Change the LDAP values (connection_ref, base_dn, filter_template) to suit your environment.
This pipe will create a self-signed certificate. Please add/remove/change valves to better suit your environment.
{
"id": "SignAppDocSignAPIPipe",
"description": "Sign document via API",
"http_enabled": "true",
"http_path_pattern": "PUT:/pipes/sign",
"http_response_content_type": "application/pdf",
"http_response_body_item_property": "document",
"valves": [
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "MyAD",
"base_dn": "ou=demo,DC=demo,DC=example,DC=org",
"scope": "SUB",
"size_limit": "0",
"filter_template": "uid={{request.userid}}",
"attributes": "givenName,sn,displayName"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "b64",
"value": "{{request.body}}"
}
},
{
"name": "PropertyBase64DecoderValve",
"config": {
"source": "b64",
"dest": "temporary"
}
},
{
"name": "CertificateGeneratorValve",
"enabled": "true",
"config": {
"dest": "keystore",
"keystore_alias": "key",
"cert_subject_dn": "CN={{item.displayName}},OU=Demo,O=PhenixID",
"cert_key_usage": "true,true"
}
},
{
"name": "PDFSignWithUserKey",
"config": {
"sourceDataAttribute": "temporary",
"targetDataAttribute": "document",
"keyProperty": "keystore",
"certificateAlias": "key",
"_skip_if_expr": "true"
}
},
{
"name": "PropertyRemoveValve",
"config": {
"name": "b64"
}
}
]
}- Click Stage Changes
- Click Commit Changes
Add pipe for verification
- Click the Advanced tab
- Open Pipes (Click on the pen)
- Add this pipe.
This pipe will only verify the signature(s), not the certificate(s). Please add/remove/change valves to suit your needs. Also, with SigningService additional valves are available.
{
"id": "SignAppVerifyPipeAPI",
"description": "Verify signed document via API ",
"http_enabled": "true",
"http_path_pattern": "PUT:/pipes/verifysign",
"valves": [
{
"name": "ItemCreateValve",
"config": {
"dest_id": "temp"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "b64",
"value": "{{request.body}}"
}
},
{
"name": "PropertyBase64DecoderValve",
"config": {
"source": "b64",
"dest": "temporary"
}
},
{
"name": "PropertyRemoveValve",
"enabled": "true",
"config": {
"name": "b64"
}
},
{
"name": "PDFVerifySignature",
"config": {
"sourceDataAttribute": "temporary"
}
},
{
"name": "ItemRemoveValve",
"enabled": "true",
"config": {
"item_include_expr": "true"
}
}
]
}- Click Stage Changes
- Click Commit Changes
Test
Test by using a rest client, such as Google Chrome Postman. Follow this guide.