Older versionPhenixID Signing Service version 1.2ConfigurationTrusted Central Signing Service - API - Document Sign

Trusted Central Signing Service - API - Document Sign

Prerequisites

Enable HTTP for pipes

- Login to Configuration Manager

- Click Advanced

- Open HTTP Connections (click on the pen)

- Get the ID value of the HTTP Connection (ie, http listening port) you would like to use for pipes

- Open Modules (click on the pen)

- Add configuration properties to the pipes module. Example:

{
		"name": "com.phenixidentity~phenix-pipes",
		"singleton": "true",
		"config": {
			"http_enabled": "true",
			"http_configuration_ref": "<id_value_fetched_in_previous_step>"
		},
		"enabled": "true",
		"created": "2017-07-03T11:38:03.057Z",
		"id": "01ffd70e-b5fb-4c06-b040-b61760424bf6"
	}

- Click Stage Changes

- Click Commit Changes

- Restart PhenixID Authentication Services

Add pipe for sign

- Click the Advanced tab

- Open Pipes (Click on the pen)

- Add this pipe.

Change the LDAP values (connection_ref, base_dn, filter_template) to suit your environment.

This pipe will create a self-signed certificate. Please add/remove/change valves to better suit your environment.

{
		"id": "SignAppDocSignAPIPipe",
		"description": "Sign document via API",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/sign",
		"http_response_content_type": "application/pdf",
		"http_response_body_item_property": "document",
		"valves": [
			{
				"name": "LDAPSearchValve",
				"config": {
					"connection_ref": "MyAD",
					"base_dn": "ou=demo,DC=demo,DC=example,DC=org",
					"scope": "SUB",
					"size_limit": "0",
					"filter_template": "uid={{request.userid}}",
					"attributes": "givenName,sn,displayName"
				}
			},
			{
				"name": "PropertyAddValve",
				"config": {
					"name": "b64",
					"value": "{{request.body}}"
				}
			},
			{
				"name": "PropertyBase64DecoderValve",
				"config": {
					"source": "b64",
					"dest": "temporary"
				}
			},
			{
				"name": "CertificateGeneratorValve",
				"enabled": "true",
				"config": {
					"dest": "keystore",
					"keystore_alias": "key",
					"cert_subject_dn": "CN={{item.displayName}},OU=Demo,O=PhenixID",
					"cert_key_usage": "true,true"
				}
			},
			{
				"name": "PDFSignWithUserKey",
				"config": {
					"sourceDataAttribute": "temporary",
					"targetDataAttribute": "document",
					"keyProperty": "keystore",
					"certificateAlias": "key",
					"_skip_if_expr": "true"
				}
			},
			{
				"name": "PropertyRemoveValve",
				"config": {
					"name": "b64"
				}
			}
		]
	}

- Click Stage Changes

- Click Commit Changes

Add pipe for verification

- Click the Advanced tab

- Open Pipes (Click on the pen)

- Add this pipe.

This pipe will only verify the signature(s), not the certificate(s). Please add/remove/change valves to suit your needs. Also, with SigningService additional valves are available.

	{
		"id": "SignAppVerifyPipeAPI",
		"description": "Verify signed document via API ",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/verifysign",
		"valves": [
			{
				"name": "ItemCreateValve",
				"config": {
					"dest_id": "temp"
				}
			},
			{
				"name": "PropertyAddValve",
				"config": {
					"name": "b64",
					"value": "{{request.body}}"
				}
			},
			{
				"name": "PropertyBase64DecoderValve",
				"config": {
					"source": "b64",
					"dest": "temporary"
				}
			},
			{
				"name": "PropertyRemoveValve",
				"enabled": "true",
				"config": {
					"name": "b64"
				}
			},
			{
				"name": "PDFVerifySignature",
				"config": {
					"sourceDataAttribute": "temporary"
				}
			},
			{
				"name": "ItemRemoveValve",
				"enabled": "true",
				"config": {
					"item_include_expr": "true"
				}
			}
		]
	}

- Click Stage Changes

- Click Commit Changes

Test

Test by using a rest client, such as Google Chrome Postman. Follow this guide.