Introduction
I kindly request all readers to go through this The specified item was not found. by Juergen. It provides a good introduction to digital signatures in Adobe Interactive Forms for SAP.
While Juergen in his blog has very well explained this concept by explaining a simple digital signature scenario – implementation of a form containing signature and its validation on ABAP side. My blog would discuss this similar scenario for developers implementing it on JAVA side.
In addition to this blog, e-learning section of SAP Interactive Forms by Adobe in SDN contains a very useful recording on ‘Securing Online Interactive Forms by Adobe’ by Angel Dichev. Link for pdf presentation document.
In this recording, Angel has explained
- Configurations to be done on Java stack of SAP WAS 2004s to enable SSL communication
- Configurations to be done on ADS to run online form application using SSL communication
- Implementation and validation of digital signatures in online processing scenario
The recording also includes actual demo explained by him.
My Experiences
Following the recording step by step, I could immediately configure Java stack of WAS for using SSL. It was an easy task.
But I had to struggle for the next task i.e. to run an online form in secure mode. Following were the exceptions faced by me:
1. SSLCertificateException: InvalidResponseCodeException (401)Unauthorized (SSLCertificateException: InvalidResponseCodeException (401) Unauthorized)
2. Peer certificate: Bad certificate
3. Finally when I was able to run my online form in secure way, the Digital Signature Validation process used to go into unending state (Digital Signature Validation process goes into unending state)
First two problems that occurred were because while assigning certificate to ADSUSER in UME, instead of certificate from Trusted CA view of Key Storage service, certificate from ADSCerts view was used. See picture below.
The third problem was solved by ensuring no pop-up (warning message) appears while running the online form in secure mode – a tip given by SAP employee friend working on Adobe forms.
Validation Process of digital signature implemented on server-side
Scenario
Employee has to apply for leave online. In an online form application, employee fills the form with required details and signs the form with own digital signature and submits to the SAP system. Further processing of the leave application form is initiated only if the signature is valid.
Code for validating the signatures present in the form:
IWDPDFDocumentHandler pdfDocumentHandler = WDPDFDocumentFactory.getDocumentHandler();// msgMgr.reportSuccess("The document handler is " + pdfDocumentHandler.toString()); IWDPDFDocumentAccessibleContext accessibleContext = pdfDocumentHandler.getDocumentAccessibleContext(); byte[] pdf = wdContext.currentContextElement().getPdf(); accessibleContext.setPDF(pdf); accessibleContext.getTaskSetter().addGetSignatureTask(); IWDPDFDocument pdfDocument = accessibleContext.execute();// GetCertification IWDPDFDocumentCertificate certificate = pdfDocument.getCertification(); IWDPDFDocumentSignature[] signatures = pdfDocument.getSignature(); // Check all signature fields if(null == certificate){ }else{ wdThis.wdGetAPI().getComponent().getMessageManager().reportSuccess("Certificate Status: " + certificate.getStatus().toString()); wdThis.wdGetAPI().getComponent().getMessageManager().reportSuccess("Certificate Validity: " + certificate.isValid()); } if(null == signatures){ wdComponentAPI.getMessageManager().reportWarning( "The document has not been signed."); } else{ StringBuffer buffer = new StringBuffer(); buffer.append("Number of signature fields attached : " + signatures.length); buffer.append("||"); buffer.append("Accessing signature details one by one : "); for(int i = 0; i<signatures.length; i++){ buffer.append("||"); buffer.append("Field :" + signatures[i].getField()); buffer.append("||"); buffer.append("ContactInfo :" + signatures[i].getContactInfo()); buffer.append("||"); buffer.append("Date :" + signatures[i].getDate()); buffer.append("||"); buffer.append("Location :" + signatures[i].getLocation()); buffer.append("||"); buffer.append("Reason :" + signatures[i].getReason()); buffer.append("||"); buffer.append("Signer :" + signatures[i].getSigner()); buffer.append("||"); buffer.append("Status :" + signatures[i].getStatus().toString()); buffer.append("||"); buffer.append("isValid :" + signatures[i].isValid()); buffer.append("||"); if(signatures[i].isValid()){ wdComponentAPI.getMessageManager().reportSuccess("This is a signed document"); } wdComponentAPI.getMessageManager().reportSuccess( "The document has been signed." + buffer); } }
Case1 : What happens if online form application is run in non-secure (http) mode
The PDF Document APIs fail to recognize the signatures present in the form and return null value for the same.
Case2 : Valid Signature
As we understand from case1, in order to validate signatures present in the form, the online form application has to be run in secure (https) mode only.
Now, suppose the digital signature (key pair) that would be used for signing the form was generated by the j2ee server from its Key storage service and assigned to a user.
The validation of user's signature succeeds only if the user’s certificate (public key) are available at the following places:
1. TrustedCAs view of Key Storage service
2. SSL Ports (in SSL Provider service) should request for user’s certificate (public key)
3. Trusted Anchors in Document Services Configuration service (refer above help links as well)
From my experience while validating signatures, if user’s certificate is not available in any of the above locations, the PDF Document APIs return false validity.
Conclusion
All the above information mentioned could be found in the blog and recording links. But since it is too much of information for a beginner like me and in order to pin-point main focus areas, I felt to blog it on SDN.
I hope this blog is of help to those who are trying to implement digital signatures in SAP Interactive Forms by Adobe (SIFbA).
6 Comments
