Class and Description |
---|
it.trento.comune.j4sign.examples.CMSServlet
This is old code not more maintained; see the
SigneServlet
inside the firma-digitale web application for replacement.CMSServlet is the server side part of the j4sign usage example
in a web environment.CMSServlet is a HttpServlet that takes care of
generating and sending to the web client the content to sign and the
corresponding bytes to digest and encrypt. After receiving the signature and
the signer certificate, it encapsulates them, along with the signed content,
in a CMS signed data message.
The entire example, with the
N.B.: IN A REAL WORLD WEB APPLICATION SCENARIO, YOU CAN (AND SHOULD) TAKE ADVANTAGE OF THE FULL SERVLET API.
Here are the
|
it.trento.comune.j4sign.examples.SimpleSignApplet
This is old code not more maintained; see
PKCS11SignApplet for
replacement.This is the client side part of the j4sign usage example in a web environment. SimpleSignApplet is simple in the sense that refined
GUI features are avoided (like multiple threads used to correctly implement
the progress bar), in favor to a clear exposition of specific signature
procedures.
The goal was to illustrate an approach in which the client side encryption, involving cryptographic token management via JNI, is completely separated from server side CMS message building. This lightens the applet, which has not to bear the weight of the BouncyCastle classes.
Note that in actual implementation of
Another feature is the encapsulation of the JNI part (the excellent pkcs11
wrapper developed by IAIK of Graz University of Technology, and the pcsc
wrapper taken from Open Card Framework project), along with the corresponding
native libraries, in a standard Java Extension, named
Some words about security; all downloaded jars, including the
The entire example, with the
N.B.: IN A REAL WORLD WEB APPLICATION SCENARIO, YOU CAN (AND SHOULD) TAKE ADVANTAGE OF THE FULL SERVLET API, AND HTTP/HTML FEATURES.
Here are the
N.B. note that in this example signature verification only ensures integrity; a complete verification to ensure non-repudiation requires checking the full certification path including the CA root certificate, and CRL verification on the CA side. (Good stuff for a next release ...) |