The old Web Services interface

The SignServerWS is the old web services interface now replaced by SignServer ClientWS. It was new to version 3.0 and at the time replaced the RMI-SSL interface from version 1.0 and 2.0 for two reasons, the RMI-SSL were based on a commercial library and it only worked for Java clients.

The SignServerWS WSDL file is located at the URL http://<hostname>:8080/signserver/signserverws/signserverws?wsdl

The interface has two calls, the main one is 'process' which takes a collection of process request to a processable worker and returns a collection of process responses, the second one is getStatus that performs a health check of the node and returns an OK message if the node is healthy.

Although the SignServerWS interface uses web services, the actual process data is base64 encoded byte arrays in a special binary format. You will have to lookup the Java source code for the exact format of the request and response data. Alternatively, use the simpler HTTP interface or the newer Client WS interface.

The getStatus call can be used to implement high-availability towards the client. The Java client API described in the next section have built in support for different high availability policies.

It is possible to turn off the WebService interface by disabling it in the build configuration.

This interface is only supported using HTTPS. The reason is that JBoss 4 does not rewrite the protocol part of the WSDL URL so we had to hard code it for it to work with HTTPS. For details about this see DSS-327.

Since SignServer >=3.2.1 it is possible to supply extra request data called RequestMetadata containing key/value pairs that can be used by the signers. For instance the PDFSigner uses this feature to let the client supply a PDF password.

Java Client API

Built along with the WebService is a Java API that can be used by clients. It's available in the file lib/SignServer-Client-SignServerWS.jar (the old SignServerWS interface) and lib/SignServer-Client-ClientWS.jar (the ClientWS interface).

SigningAndValidation API

The SigningAndValidation API is a wrapper around the previous mentioned API in order to have a simplified interface that also is the same regardless if WebService or EJB Remote calls are used.

To use the API include the file lib/SignServer-Client-SigningAndValidationAPI.jar.

Sample Code

Signing and validating an XML document:

try {
System.setProperty("javax.net.ssl.trustStore", "p12/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
ISigningAndValidation signserver = new SigningAndValidationWS("localhost", 8442, true);
 
// Document to sign
byte[] unsigned = "<document><name>Some content</name></document>".getBytes();
byte[] signed;
 
// Signing
GenericSignResponse signResp = signserver.sign("DemoXMLSigner", unsigned);
signed = signResp.getProcessedData();
System.out.println("Signed: " + new String(signed));
 
// Validating
GenericValidationResponse validateResp = signserver.validate("DemoXMLValidator", signed);
System.out.println("Valid: " + validateResp.isValid());
 
if(validateResp.getSignerCertificate() != null) {
if(validateResp.getSignerCertificate() instanceof X509Certificate) {
X509Certificate signerCert = (X509Certificate) validateResp.getSignerCertificate();
System.out.println("Signed by: " + signerCert.getSubjectDN().getName());
}
}
} catch (Exception ex) {
ex.printStackTrace();
}