Client HTTP Interface
GenericProcessServlet
HTTP requests can be sent to the SignServer servlet GenericProcessServlet located at /signserver/process using either POST or GET.
URL: | /signserver/process |
Method: | GET or POST |
Request content-type: | None, "x-www-form-urlencoded", "multipart/form-data" or other* |
Request parameters: |
|
Response code: |
|
Response content-type: | Depending on the worker, text/plain for the validators. |
Response content: | The signed document for signers. A string starting with "VALID" or "INVALID" for document validators. *Note to integrators: In future versions of SignServer there might be more information added after VALID/INVALID, such as a ;-separated list of additional information or more lines with information. A ;-separated string containing validation status code (see list below), valid purposes, status message, revocation reason (-1 if not revoked), and revocation date (empty when not revoked) for certificate validators. |
Validation status codes: |
|
* if the request content-type in a POST is specified as something else than "x-www-form-urlencoded" or "multipart/form-data" the message body is not parsed but instead directly passed to the worker specified by workerName or workerId in the URI's query string.
Configuration
HTTP_MAX_UPLOAD_SIZE = Global configuration property that can be set to specify the maximum size (in bytes) of the HTTP request. Defaut: "104857600" (100 MB).
HTTP_MAX_UPLOAD_FIELD_COUNT = Global configuration property that is set to a default of 16 which typically would support up to around 10 request metadata properties depending on how many other fields are provided. If more fields are needed, the property can be adjusted. Default: "16" fields.
FILE_SIZE_THRESHOLD = Global configuration property that can be set to specify the size threshold (in bytes) after which the data is written to disk Default: "1048576" (1 MB). The directory uploaded files are temporarly stored to is the default temp directory and can be changed by starting the application server with a different value for the Java property java.io.tmpdir.
Samples
- HTTP GET:
http://localhost:8080/signserver/process?workerName=DemoXMLSigner&data=%3Croot%3Ehej2%3C/root%3E
http://localhost:8080/signserver/process?workerName=DemoXMLSigner&encoding=base64&data=PGhlajI%2Bb2s8L2hlajI%2BCg%3D%3D HTTP POST with multipart/form-data or x-www-form-urlencoded:
For example see /signserver/clientweb/genericfile.xhtml (multipart/form-data) and /signserver/clientweb/genericdirect.xhtml (x-www-form-urlencoded).
Example with cURL:curl -F workerName=PDFSigner -F file=@sample.pdf --output sample-signed.pdf http://localhost:8080/signserver/process
CODE- HTTP POST with other content-type:
See the TimeStampClient. - Samples of content output for certificate validation:
- VALID;;This certificate is valid;-1;
- ISSUERNOTSUPPORTED;;Issuer of given certificate isn't supported;-1;
- REVOKED;;This certificate is revoked;3;1376565200519
WorkerServlet
HTTP requests can be sent to the SignServer servlet WorkerServlet located at /signserver/worker/* using either POST or GET.
Requests are forwarded to the GenericProcessServlet, except that the worker name is taken from the URL.
Worker name or ID given through request parameters are ignored.
URL: | /signserver/worker/* (* denotes a worker name) |
Method: | GET or POST |
Request content-type: | None, "x-www-form-urlencoded", "multipart/form-data" or other* |
Request parameters: |
|
Response code: |
|
Response content-type: | Depending on the worker |
SODProcessServlet
Servlet recieving HTTP POST requests containing data group hashes and creates a MRTDSODSignerRequest and passes it to the specified MRTDSODSigner. The response from the servlet is the signed security object in binary format.
ePassport Signing Requests
URL: | /signserver/sod |
Method: | POST |
Request parameters: |
|
Response code: | The same response codes as for the GenericProcessServlet are used. |
Response content-type: | application/octet-stream |
Other Requests
URL: | /signserver/sod |
Method: | GET |
Request parameters: |
|
Samples
- See /signserver/clientweb/mrtdsod.xhtml.
- To download the configured signer certificate:
HTTP GET: http://localhost:8080/signserver/sod?downloadCert=true&workerName=CMSSigner
SODProcessWorkerServlet
Servlet receiving HTTP POST requests containing data group hashes and creates a MRTDSODSignerRequest and passes it to the specified MRTDSODSigner. The response from the servlet is the signed security object in binary format.
Requests are forwarded to the SODProcessServlet, except that the worker name is taken from the URL.
Worker name or ID given through request parameters are ignored.
URL: | /signserver/sodworker |
Method: | POST |
Request parameters: |
|
Response code: | The same response codes as for the GenericProcessServlet are used. |
Response content-type: | application/octet-stream |
Samples
See /signserver/clientweb/mrtdsod.xhtml.