Ardeo-CH/pdfbox-ais-client

Java client library for Swisscom All-in Signing Service. Support for all PDF signature types. Uses Apache PDFBox for processing PDFs.

PDFBox based AIS Java Client

A Java client library for using the Swisscom All-in Signing Service (AIS) to sign and/or timestamp PDF documents. The library can be used either as a project dependency or as a command-line tool for batch operations. It relies on the Apache PDFBox library for PDF processing.

Demo Video: PDFBox Client Video Demo

See it on SharePoint

• https://swisscom-my.sharepoint.com/:v:/p/mike_sauerer/EWG7R_eMLh5Fk-zfgpmkYpwBzw91gfNLOrnTi01XBhNJ_A?e=iCKZUi

Getting started

To start using the Swisscom AIS service and this client library, do the following:

1. Read the most frequent asked question when doing a POC. https://github.com/SwisscomTrustServices/AIS-Postman-Samples/blob/main/docs/Q-%26-A-all-topics-English.md
2. Get authentication details to use with the AIS client.
3. Build or download the AIS client binary package
4. Configure the AIS client for your use case
5. Use the AIS client, either programmatically or from the command line

Other topics of interest might be:

• On PAdES Long Term Validation support

Quick examples

The rest of this page provides some quick examples for using the AIS client. Please see the links above for detailed instructions on how to get authentication data, download and configure the AIS client. The following snippets assume that you are already set up.

Command line usage

Get a help listing by calling the client without any parameters:

./bin/ais-client.sh

or

./bin/ais-client.sh -help

Get a default configuration file set in the current folder using the -init parameter:

./bin/ais-client.sh -init

Apply an On Demand signature with Step Up on a local PDF file:

./bin/ais-client.sh -type ondemand-stepup -input local-sample-doc.pdf -output test-sign.pdf

You can also add the following parameters for extra help:

• -v: verbose log output (sets most of the client loggers to debug)
• -vv: even more verbose log output (sets all the client loggers to debug, plus the Apache HTTP Client to debug, showing input and output HTTP traffic)
• -config: select a custom properties file for configuration (by default it looks for the one named config.properties)

More than one file can be signed/timestamped at once:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf -input doc2.pdf -input doc3.pdf

You don't have to specify the output file:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf

The output file name is composed from the input file name plus a configurable suffix (by default it is "-signed-#time", where #time is replaced at runtime with the current date and time). You can customize this suffix:

./bin/ais-client.sh -type ondemand-stepup -input doc1.pdf -suffix -output-#time 

Programmatic usage

Once you add the AIS client library as a dependency to your project, you can configure it in the following way:

    // configuration for the REST client; this is done once per application lifetime
    RestClientConfiguration restConfig = new RestClientConfiguration();
    restConfig.setRestServiceSignUrl("https://ais.swisscom.com/AIS-Server/rs/v1.0/sign");
    restConfig.setRestServicePendingUrl("https://ais.swisscom.com/AIS-Server/rs/v1.0/pending");
    restConfig.setServerCertificateFile("/home/user/ais-server.crt");
    restConfig.setClientKeyFile("/home/user/ais-client.key");
    restConfig.setClientKeyPassword("secret");
    restConfig.setClientCertificateFile("/home/user/ais-client.crt");

    RestClientImpl restClient = new RestClientImpl();
    restClient.setConfiguration(restConfig);

    // load the AIS client config; this is done once per application lifetime
    AisClientConfiguration aisConfig = new AisClientConfiguration();
    aisConfig.setSignaturePollingIntervalInSeconds(10);
    aisConfig.setSignaturePollingRounds(10);

    try (AisClientImpl aisClient = new AisClientImpl(aisConfig, restClient)) {
        // third, configure a UserData instance with details about this signature
        // this is done for each signature (can also be created once and cached on a per-user basis)
        UserData userData = new UserData();
        userData.setClaimedIdentityName("ais-90days-trial");
        userData.setClaimedIdentityKey("keyEntity");
        userData.setDistinguishedName("cn=TEST User, givenname=Max, surname=Maximus, c=US, serialnumber=abcdefabcdefabcdefabcdefabcdef");

        userData.setStepUpLanguage("en");
        userData.setStepUpMessage("Please confirm the signing of the document");
        userData.setStepUpMsisdn("40799999999");

        userData.setSignatureReason("For testing purposes");
        userData.setSignatureLocation("Topeka, Kansas");
        userData.setSignatureContactInfo("test@test.com");

        userData.setAddRevocationInformation(RevocationInformation.PADES);
        userData.setSignatureStandard(SignatureStandard.PADES);

        userData.setConsentUrlCallback((consentUrl, userData1) -> System.out.println("Consent URL: " + consentUrl));

        // fourth, populate a PdfHandle with details about the document to be signed. More than one PdfHandle can be given
        PdfHandle document = new PdfHandle();
        document.setInputFromFile("/home/user/input.pdf");
        document.setOutputToFile("/home/user/signed-output.pdf");

        // finally, do the signature
        SignatureResult result = aisClient.signWithOnDemandCertificateAndStepUp(Collections.singletonList(document), userData);
        if (result == SignatureResult.SUCCESS) {
            // yay!
        }
    }

References

• Swisscom All-In Signing Service homepage
• Swisscom All-In Signing Service reference documentation (PDF)
• Swisscom Trust Services documentation
• Apache PDFBox library