org.faceless.pdf2
Class RemoteSignatureHandlerFactory

java.lang.Object
  extended by org.faceless.pdf2.RemoteSignatureHandlerFactory
All Implemented Interfaces:
SignatureHandlerFactory

public class RemoteSignatureHandlerFactory
extends Object
implements SignatureHandlerFactory

An implementation of SignatureHandlerFactory that returns a handler which allow the PKCS#7 signature for a PDF to be calculated on a remote machine. This is done in conjunction with the RemoteSigningServlet class, which must be installed on the server.

An example use of this class might be if a PDF needs to be signed, but the signing key needs to be kept on a server - perhaps because it's stored in a hardware key, or perhaps just for extra security.

Add the bfopdf.jar JAR file to the WEB-INF/lib folder of your web application on the server. No PDF's are generated on the server with this process, so no license is required. Modify the web.xml to use the RemoteSigningServlet - perhaps with something like this:

  <servlet>
    <servlet-name>SigningServlet</servlet-name>
    <servlet-class>org.faceless.pdf2.RemoteSigningServlet</servlet-class>
    <init-param>
      <param-name>keystore.path</param-name>
      <param-value>/WEB-INF/keystore.jks</param-name>
    </init-param>
    <init-param>
      <param-name>keystore.password</param-name>
      <param-value>secret</param-name>
    </init-param>
    <init-param>
      <param-name>alias</param-name>
      <param-value>mykey</param-name>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>SigningServlet</servlet-name>
    <url-pattern>/path/to/SigningServlet</url-pattern>
 </servlet-mapping>
 
Then on the client machine you just need to create a SignatureHandlerFactory and use it as follows:
 URL url = new URL("http://yourserver.com/path/to/SigningServlet");
 SignatureHandlerFactory factory = new RemoteSignatureHandlerFactory(url);
 FormSignature sig = new FormSignature(null, "useralias", null, factory);
 

When the PDF is rendered, a connection will be made to the specified URL and a cryptographic digest of the PDF will be sent. The keystore on the server is used by the servlet to create a PKCS#7 object, which is returned and embedded into the PDF as normal.

Note that the SignatureHandler.setContentSize(int) method should be called on the handler created by this factory to set the expected size of the PKCS#7 object, otherwise this may result in two calls being made to the remote signing service or too much space being allocated for the PKCS#7 object in the PDF.

Since:
2.7.1
See Also:
RemoteSigningServlet, FormSignature

Constructor Summary
RemoteSignatureHandlerFactory(URL server)
          Create a new RemoteSignatureHandlerFactory
 
Method Summary
 SignatureHandler getHandler()
          Return a handler created by this factory
 URL getURL()
          Return the URL used by this Factory
 void setDigestAlgorithm(String algorithm)
          Set the message digest algorithm to use - one of "MD5", "SHA1" or "SHA256".
 void setParameter(String key, String value)
          Set an HTTP parameter to be passed through to the server.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RemoteSignatureHandlerFactory

public RemoteSignatureHandlerFactory(URL server)
Create a new RemoteSignatureHandlerFactory

Method Detail

setDigestAlgorithm

public void setDigestAlgorithm(String algorithm)
Set the message digest algorithm to use - one of "MD5", "SHA1" or "SHA256". The default is SHA1, and note that SHA256 is not supported by the default Sun provider.

Parameters:
algorithm - the message-digest algorithm to use.

getURL

public URL getURL()
Return the URL used by this Factory

Since:
2.11

setParameter

public void setParameter(String key,
                         String value)
Set an HTTP parameter to be passed through to the server. This can be used by those overriding the RemoteSigningServlet to pass custom information through.


getHandler

public SignatureHandler getHandler()
Description copied from interface: SignatureHandlerFactory
Return a handler created by this factory

Specified by:
getHandler in interface SignatureHandlerFactory


Copyright © 2001-2013 Big Faceless Organization