Skip to content

SwisscomTrustServices/itext7-ais-client

Repository files navigation

iText7 based AIS Java Client

A Java client library for using the Swisscom All-in Signing Service (AIS) to sign and/or timestamp PDF documents. The library can be used either as a project dependency or as a command-line tool for batch operations. It relies on the iText library for PDF processing.

Demo Video

Watch the video

See it also on SharePoint

Getting started

To start using the Swisscom AIS service and this client library, do the following:

  1. Acquire an iText license
  2. Get authentication details to use with the AIS client.
  3. Build or download the AIS client binary package
  4. Configure the AIS client for your use case
  5. Use the AIS client, either programmatically or from the command line

Other topics of interest might be:

Quick examples

The rest of this page provides some quick examples for using the AIS client. Please see the links above for detailed instructions on how to get authentication data, download and configure the AIS client. The following snippets assume that you are already set up.

Command line usage

Get a help listing by calling the client without any parameters:

./bin/ais-client.sh

or

./bin/ais-client.sh -help

Get a default configuration file set in the current folder using the -init parameter:

./bin/ais-client.sh -init

Apply an On Demand signature with Step Up on a local PDF file:

./bin/ais-client.sh -type ondemand-stepup -input local-sample-doc.pdf -output test-sign.pdf

You can also add the following parameters for extra help:

  • -v: verbose log output (sets most of the client loggers to debug)
  • -vv: even more verbose log output (sets all the client loggers to debug, plus the Apache HTTP Client to debug, showing input and output HTTP traffic)
  • -config: select a custom properties file for configuration (by default it looks for the one named sign-pdf.properties)

More than one file can be signed/timestamped at once:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf -input doc2.pdf -input doc3.pdf

You don't have to specify the output file:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf

The output file name is composed of the input file name plus a configurable suffix (by default it is "-signed-#time", where #time is replaced at runtime with the current date and time). You can customize this suffix:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf -suffix -output-#time 

Programmatic usage

Once you add the AIS client library as a dependency to your project, you can configure it in the following way:

    // configuration for the REST client; this is done once per application lifetime
    RestClientConfiguration restConfig = RestClientConfiguration.builder()
        .withServiceSignUrl("https://ais.swisscom.com/AIS-Server/rs/v1.0/sign")
        .withServicePendingUrl("https://ais.swisscom.com/AIS-Server/rs/v1.0/pending")
        // the server certificate file is optional, in case it is omitted the CA must be a trusted one
        .withServerCertificateFile("/home/user/ais-server.crt")
        .withClientKeyFile("/home/user/ais-client.key")
        .withClientKeyPassword("secret")
        .withClientCertificateFile("/home/user/ais-client.crt")
        .build();

    SignatureRestClient restClient = new SignatureRestClientImpl().withConfiguration(restConfig);

    // load the AIS client config; this is done once per application lifetime
    // Use the ${...} placeholder in order to access env vars
    AisClientConfiguration aisConfig = new AisClientConfiguration(10, 10, "${ITEXT_LICENSE_FILE_PATH}");

    try (AisClient aisClient = new AisClientImpl(aisConfig, restClient)) {
        // third, configure a UserData instance with details about this signature
        // this is done for each signature (can also be created once and cached on a per-user basis)
        UserData userData = UserData.builder()
            .withClaimedIdentityName("ais-90days-trial")
            .withClaimedIdentityKey("keyEntity")
            .withDistinguishedName("cn=TEST User, givenname=Max, surname=Maximus, c=US, serialnumber=abcdefabcdefabcdefabcdefabcdef")
            .withStepUpLanguage("en")
            .withStepUpMessage("Please confirm the signing of the document")
            .withStepUpMsisdn("40799999999")
            .withSignatureReason("For testing purposes")
            .withSignatureLocation("Topeka, Kansas")
            .withSignatureContactInfo("[email protected]")
            .withSignatureStandard(SignatureStandard.PDF)
            .withConsentUrlCallback((consentUrl, userData1) -> System.out.println("Consent URL: " + consentUrl))
            .build();

        // fourth, populate a PdfMetadata with details about the document to be signed. More than one PdfMetadata can be given
        PdfMetadata document = new PdfMetadata(new FileInputStream("/home/user/input.pdf"),
                                               new FileOutputStream("/home/user/signed-output.pdf"), DigestAlgorithm.SHA256);

        // finally, do the signature
        SignatureResult result = aisClient.signWithOnDemandCertificateAndStepUp(Collections.singletonList(document), userData);
        if (result == SignatureResult.SUCCESS) {
            // yay!
        }
    }

References