This class implement the cryptographic options and the aspects which forms a signature. Allows to sign a PDF document. The document is signed
indicating a keystore which must have been created previously.
1 pdf.sign
<pdf.sign
store-password='store-password'
provider='provider'
type='type'
alias='alias'
key-password='key-password'
sign-reason='sign-reason'
sign-location='sign-location'
sign-certify='sign-certify'
sign-page='sign-page'
sign-rect-llx='sign-rect-llx'
sign-rect-lly='sign-rect-lly'
sign-rect-urx='sign-rect-urx'
sign-rect-ury='sign-rect-ury'
sign-image-url='sign-image-url'
sign-timestamp='sign-timestamp'
timestamp-server-url='timestamp-server-url'
timestamp-server-port='timestamp-server-port'
timestamp-server-username='timestamp-server-username'
timestamp-server-password='timestamp-server-password'
timestamp-policy-oid='timestamp-policy-oid'
encoding='encoding'
>
<file_pdf /> ?
<file_keystore /> ?
</pdf.sign>
| Attributes | |||||
|---|---|---|---|---|---|
| Name | Type | Required | Default | Description | |
| Astore-password | string | The password to access to the keystore. | |||
| Aprovider | string | Providers tipically installed: SUN version 1.5 SunRsaSign version 1.5 SunJSSE version 1.5 SunJCE version 1.5 SunJGSS version 1.0 SunSASL version 1.5 BC version 1.38. | |||
| Atype | string | Type of cryptography. Each provider admits different types, for example: SUN: admits the KJS type. BC: admits the PKCS type. The BC types can be seen in the following table. | |||
| Aalias | string |
The name of the ky stored in the keystrore. A keystore can contain several entries, each one has an alias and a password through which its value is obtained. This value is optional, if not specified the first alias of the keystore is obtained. |
|||
| Akey-password | string | The password to acces to the key of the keystore, the key of the alias. If the alias was not specified, is the key for the first alias of the keystore. | |||
| Asign-reason | string | Information with the reason of the signature. | |||
| Asign-location | string | Information with the location of the signature. | |||
| Asign-certify | string | Information of the certify of the signature.. | |||
| Asign-page | integer | The page where the signature is incorporated. By default it is located in the same page. | |||
| Asign-rect-llx | number | X coordinate of the starting point where the rectangle that is added to the original PDF document with the signature information is located. | |||
| Asign-rect-lly | number | Y coordinate of the starting point where the rectangle that is added to the original PDF document with the signature information is located. | |||
| Asign-rect-urx | number | X coordinate of the ending point where the rectangle that is added to the original PDF document with the signature information is located. | |||
| Asign-rect-ury | number | Y coordinate of the ending point where the rectangle that is added to the original PDF document with the signature information is located. | |||
| Asign-image-url | string | Image which will be shown in the PDF as signature background. | |||
| Asign-timestamp | boolean | Use timestamping in the signature (true | false). | |||
| Atimestamp-server-url | string | URL of the timestamping service. The protocol can be a http or directly a server host. When the serbice is http, if the port is not the 80 should be specified in tha same url of the following form http://tsp.iaik.at:8090/tsp/TspRequest. If the service is by socket, we should put the server name and with the attribute timestamp-server-por we will put the port. | |||
| Atimestamp-server-port | string | Port of the timestamping service when the socket is used. | |||
| Atimestamp-server-username | string | User for the timestamping service. | |||
| Atimestamp-server-password | string | Password of the user for the timestamping service. | |||
| Atimestamp-policy-oid | string | OID policy for the timestamping service (if required). | |||
| Aencoding | string | Indicate the coding of the string of characters to process, for example ISO-8859-1 or UTF-8. If no specified, the one defined in the configuration file for the server is used. | |||
| Arguments | |||||
|---|---|---|---|---|---|
| Name | Type | Required | Unique | Nullable | Description |
| Efile_pdf | stream | The PDF file which you want to sign. | |||
| Efile_keystore | stream | The file which contains the keystore. | |||
| Returns | |
|---|---|
| Type | Description |
| string | Returns the bytes of the signed PDF document. |
Example
Create a new PDF file testsigned.pdf with the result of the signature of the file test.pdf with the keystore located in keystore.ks.
The keystore is indicated through the path (attribute file) and it is accessed through the key store-password. The stored key is indicated through the value in alias (a keystore can contain several entries) and must be indicated also the password for the entry key-password.
If the alias was not indicated, you will obtain the first alias of the keystore.
Optionally the provider and type are indicated and the signature information ( sign-reason, sign-location) and location ( sign page,sign-rect-llx)
Copy
<xsql-script name="signpdf">
<body>
<file.bytes.write>
<file type="absolute" name="testsigned.pdf"/>
<pdf.sign
store-password="changeit"
alias='deister-webstudio'
key-password='changeit'
provider="BC"
type="pkcs12"
sign-reason="final document"
sing-location="barcelona"
sign-page="2"
sign-rect-llx="100"
sign-rect-lly="100"
sign-rect-urx="250"
sign-rect-ury="250"
>
<file type="absolute" name="keystore.ks"/>
<file type="absolute" name="test.pdf"/>
</pdf.sign>
</file.bytes.write>
</body>
</xsql-script>
Example
Sign a PDF with timestamping, the timestamp obtains it of a server via http without requiring authentication.
Copy
<xsql-script name="signpdf">
<body>
<!-- url de timestamp servers
http://tsp.iaik.at/tsp/
http://security.polito.it/ts/
-->
<file.bytes.write>
<file type="absolute" name="testsigned.pdf"/>
<pdf.sign
store-password="changeit"
alias='deister-webstudio'
key-password='changeit'
provider="BC"
type="pkcs12"
sign-reason="document final"
sing-location="barcelona"
sign-page="2"
sign-rect-llx="100"
sign-rect-lly="100"
sign-rect-urx="250"
sign-rect-ury="250"
sign-timestamp='true'
timestamp-server-url="http://www.edelweb.fr/cgi-bin/service-tsp"
>
<file type="absolute" name="keystore.ks"/>
<file type="absolute" name="test.pdf"/>
</pdf.sign>
</file.bytes.write>
</body>
</xsql-script>