Description

PDFSign Builder is a tool to add digital signatures to PDF files. Its REST interface allows a three-phase signature:

• Upload the document to sign and obtain a hash to be signed. After uploading the file, a hash can be obtained which must be signed by any third process
• Generate a PKCS#7 structure using the private key corresponding to the certificate informed in phase 1.
• Compose the signed document attaching the structure informed in phase 2.

Its services can be configured to respond over an HTTP or HTTPS protocol, and it is available as Docker distribution. 

Service

PDFSign builder responds to the requests in a unique URL defined in its configuration file. Different configurations can be accessed using the X-Tenant header variable. 

At least a general configuration must be defined so that the service can be started.

How to integrate

The following documentation can be useful if you decide to integrate it into your own project:

• SignBuilder: Integration describes how to integrate PDFSign-Builder in your platform with two different models.
• The latest available interface documentation can be reached following this link: PDFSign Builder V2 REST interface.
• Any future version can be found in this link: Next PDFSign Builder REST Interface.
• A former (v1) REST interface can be found in this document:  PDFSign Builder V1 Interface.

Example

You can test it by accessing the ACME tenant example. WebSigner was developed using this product.

Distribution

PDFSign Builder is released as:

- A docker container,

To obtain a ZIP distribution, please contact CertiSur team at support@certisur.com.

Download ACME image

Step 1- Download Docker image

In order to download the images, the user must be registered in the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Login using a Docker Hub account:

docker login -u <docker_hub_account>
Password:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

Step 2- Pulling an image from Docker

docker pull certisursa/pdf-signer-backend:latest

latest: Pulling from certisursa/pdf-signer-backend
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/pdf-signer-backend:latest
docker.io/certisursa/pdf-signer-backend:latest

Step 3- Run pdf-signer-backend docker image

To run pdf-signer-backend container you have to execute the following command line:

# docker run -d \
-it \
-p 7080:8080 \
-v <pdf-signer-backend_config_folder>:/opt/pdf-signer-backend/config/ \
-v <pdf-signer-backend_log_folder>:/opt/pdf-signer-backend/logs/ \
-v <pdf-signer-backend_cache_folder>:/opt/pdf-signer-backend/file-cache/ \
pdf-signer-backend:latest

It is necessary to overwrite the directory where the configuration of the tenants is located. The volume configuration is explained below. Look CONFIGURATION below to download a full example and run using docker-compose.

Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Step 4- Test pdf-signer-backend

Execute the following command to run the default pdf-signer-backend docker container

docker run -d \
-it \
--name pdf-signer-backend \
-p 7080:8080 \
certisursa/pdf-signer-backend:latest

Open your browser pointing to http://localhost:7080/healthcheck (or the port defined by you) to access the URL where you published your PDFSign Builder installation. You'll see the following image.

Configuration

Follow these Instructions to configure PDFSign Builder. 

You can also download this zip file, which contains all the structures and docker-compose.yml files.

Unzip the file into a directory, edit and adapt the docker-compose.yml file and run the command:

docker-compose up pdf-signer-backend

Depending on the kind of distribution used, you must request an extended license and install it. 

Send an email to support@certisur.com with the following additional information:

• Company Name
• Contact name
• eMail 
• Server Name (used to identify the request. It won't affect the license if you change this value in the future).
• Environment (Develop/QA/Production)
• Distribution (.zip file/docker)
• License request code (if you generate one in the previous step)

You'll receive an email with the license, and included it into the configuration file like:

pdfsigner.license=20190601014449:GeIdlvYetkRld5CjlcDfzK9/KjuonNKIanpJ9xLShXRf434343rfFfsdfv444x+Fa3Xmezu3Acg3dTqcYKZtUqMWWCygtzleivcH9iHsbGbT3TkiMQvZWruhroVg46j9IlHTmPPx234luNTv943b3ZP2kEaU00mwAkyKnr9UHl44c=

Restart and check into the log file that the new license is working.