Comments (4)
Hello,
Yes, it is possible to create -T/-LT/-LTA signatures with REST API. For this you will need to provide the corresponding target signature level within the signature parameters, e.g. for PAdES-BASELINE-T level:
{
"parameters" : {
...
"signatureLevel" : "PAdES_BASELINE_T",
...
},
...
}
You may create the extended signature as a a part of the normal signature creation process (i.e. using the #getDataToSign/#signDocument methods) or separately by extending the existing signature (see #extend method).
Please note that the corresponding settings for the TSP Source and CRL/OCSP sources has to be configured on the server side. For more information about the configuration please see the corresponding chapter of the documentation.
If you use dss-demonstrations webapp, you may provide a spring bean configuration of the TSP Source through the properties file (see tsp-source parameter) as in the example. But you may also do it within the code, as explained in the documentation above.
The CRL and OCSP sources are already configured in the demo to fetch the data from online resources.
I hope this will help you.
Best regards,
Aleksandr.
from dss-demonstrations.
Thanks for your quick reply, it has shown me the path to solve this issue. It would be really nice if there was an easier way to add a custom TSP Source and extend the app with a custom trusted CA eg. by adding them to the "dss.properties" file.
Here my journey if someone else run into this:
Change the tsp-config.xml file as below:
/dss-demo-bundle-5.11.1/apache-tomcat-8.5.82/webapps/ROOT/WEB-INF/classes/config/tsp-config.xml
file: tsp-config.xml.txt
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<bean id="tspSource" class="eu.europa.esig.dss.service.tsp.OnlineTSPSource">
<property name="tspServer" value="https://freetsa.org/tsr " />
</bean>
</beans>
To send OCSP requests in an Test environment where the certificates are not in EUTL it is necessry to set certificateVerifier.setCheckRevocationForUntrustedChains(true) in "DSSBeanConfig.java" or extend it with your custom CA and recompile the code.
After this it is possible to set the signaturparameter to PAdES_BASELINE_LT as mentioned by @bsanchezb
"parameters" : {
...
"signatureLevel" : "PAdES_BASELINE_LT",
...
},
...
}```
from dss-demonstrations.
Indeed, for non-EU certificate chains, the corresponding trust anchors should be added to the CertificateVerifier or the check for untrusted chains should be disabled as shown in your reply (but please note that it is not a recommended option to be used in production).
Thank you for the follow-up reply, I'm sure it will be helpful by the community.
Best regards,
Aleksandr.
from dss-demonstrations.
I was coming to the repo to ask the same question. So thank for sharing.
Indeed, would you please explicit in more details the steps to add the external CA to the demo web app. Thanks in avance
from dss-demonstrations.
Related Issues (20)
- Is there a nice tutorial somewhere? HOT 2
- [Feature Request] Add a spring boot webapp alternative HOT 2
- Error when validating PDF file HOT 2
- REST API certificate chain error HOT 2
- VIsible signature via REST API HOT 3
- Disable logs from o.a.c.services.RestDocumentValidationServiceImpl HOT 2
- Is it possible to add custom certificates to DSS' list of trusted certificates? HOT 4
- Configuration of the demonstration webapp's ip and port HOT 2
- Online refresh with https://www.ssi.gouv.fr/uploads/tl-fr.xml raises [Received fatal alert: protocol_version] HOT 5
- Standalone application for Mac OS HOT 3
- Use additional trusted certificates in DSS DemoWebapp HOT 3
- Visible Signature via RestAPI HOT 2
- SigningCertificateV2 error in DSS verification HOT 3
- PDF_NOT_ETSI error while trying to verify a signature with DSS Validation Tool HOT 4
- Please teach how to create the jar file of dss-spi-x509-aia, which is not included in central repository HOT 2
- Please teach how to create the jar file of dss-spi-x509-aia, which is not included in central repository HOT 1
- DSS demonstration tool not recognising OCSP response for signing cert HOT 6
- Error "The time-stamp message imprint is not intact!" while trying to increment the level of signature in PAdES B-T HOT 1
- [BUG] The openapi generation does not correctly generate the structure json for the property bytes HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dss-demonstrations.