public class RemoteSignatureHandlerFactory extends Object implements SignatureHandlerFactory
An implementation of
SignatureHandlerFactory that returns a handler
which allow the PKCS#7 signature for a PDF to be calculated on a remote
machine. This is done in conjunction with the
class, which must be installed on the server.
An example use of this class might be if a PDF needs to be signed, but the signing key needs to be kept on a server - perhaps because it's stored in a hardware key, or perhaps just for extra security.
bfopdf.jar JAR file to the
folder of your web application on the server. No PDF's are generated on
the server with this process, so no license is required. Modify the
web.xml to use the
RemoteSigningServlet - perhaps with
something like this:
<servlet> <servlet-name>SigningServlet</servlet-name> <servlet-class>org.faceless.pdf2.RemoteSigningServlet</servlet-class> <init-param> <param-name>keystore.path</param-name> <param-value>/WEB-INF/keystore.jks</param-name> </init-param> <init-param> <param-name>keystore.password</param-name> <param-value>secret</param-name> </init-param> <init-param> <param-name>alias</param-name> <param-value>mykey</param-name> </init-param> </servlet> <servlet-mapping> <servlet-name>SigningServlet</servlet-name> <url-pattern>/path/to/SigningServlet</url-pattern> </servlet-mapping>Then on the client machine you just need to create a
SignatureHandlerFactoryand use it as follows:
URL url = new URL("http://yourserver.com/path/to/SigningServlet"); SignatureHandlerFactory factory = new RemoteSignatureHandlerFactory(url); FormSignature sig = new FormSignature(null, "useralias", null, factory);
When the PDF is rendered, a connection will be made to the specified URL and a cryptographic digest of the PDF will be sent. The keystore on the server is used by the servlet to create a PKCS#7 object, which is returned and embedded into the PDF as normal.
Note that the
SignatureHandler.setContentSize(int) method should be called on the
handler created by this factory to set the expected size of the PKCS#7 object, otherwise this
may result in two calls being made to the remote signing service or too much space being
allocated for the PKCS#7 object in the PDF.
|Constructor and Description|
Create a new RemoteSignatureHandlerFactory
|Modifier and Type||Method and Description|
Return a handler created by this factory
Return the URL used by this Factory
Set the message digest algorithm to use - one of "MD5", "SHA1" or "SHA-256".
Set an HTTP parameter to be passed through to the server.
public RemoteSignatureHandlerFactory(URL server)
public void setDigestAlgorithm(String algorithm)
algorithm- the message-digest algorithm to use.
public URL getURL()
Copyright © 2001-2017 Big Faceless Organization