Example: Personal Desktop Client signing
A signing request follow the exact same process flow as an authentication request. For more information, see Example: Personal Desktop Client authentication.
Prerequisites
- Installed Hermod, see Deploy Smart ID.
Step-by-step instruction
Create signing request in Hermod
Create a signing request in Hermod with the
POST/rest/command/signcommand. See example:Example: Signing command
CODEPOST /rest/command/sign { "commandHeader":{ "lifespan":30, "timeout":30, "to":[ "@tmp" ] }, "signCommand":{ "params":{ "description":[ { "content_encoding":"base64", "content_type":"text/plain", "data":"UGVyc29uYWw=", "description":"Signing request from", "key":"requester", "visible":true } ], "filter":{ "op":"eq", "param":"key.type", "value":"RSA" }, "format":"pkcs7", "mechanism":"CKM_SHA256_RSA_PKCS", "tbs":[ { "content_encoding":"base64", "content_type":"text/plain", "data":"VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC4=", "description":"Text to sign", "key":"tbs", "visible":true } ] } } }Example: Signing response
CODEResponse 200 OK { "commandId": "688", "destinations": [ { "to": "@tmp", "bid": "11318956-2040-4360-941d-437e4ddd810c", "uri": "com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8", "mid": "14fc191a-a0a3-4ae3-929a-e37efafdb510", "location": "http://nexus-cod1.ad.nexusgroup.com:20401/hermod/rest/ms/11318956-2040-4360-941d-437e4ddd810c/14fc191a-a0a3-4ae3-929a-e37efafdb510" } ], "commandType": "SIGN", "state": "IN_PROGRESS", "fqdn": "nexus-cod1.ad.nexusgroup.com" }
Start Personal Desktop Client
Add the URI from the response as a link.
The protocol handler for Personal Ddesktop Client will open the plugout dialog:Example URI
TEXTcom.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8
Validate signing response
When the user has provided the smart card and entered the PIN then Personal Desktop Client will sign the request and send the response to Hermod which sends the response to the application server in a callback.
Validate the response:
Example: Signing callback command
CODEPOST https://my-registered-callbackserver/rest/callback/signExample: Signing callback response
CODEResponse 200 OK { "responseHeader" : { "inReplyTo" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b", "status" : 200 }, "signResponse" : { "code" : 0, "result" : { "signature" : "MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExDzANBglghkgBZQMEAgEFADBEBgkqhkiG9w0BBwGgNwQ1VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC6gggXEMIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRLMYIB1zCCAdMCAQEwQjA8MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLTmV4dXMgR3JvdXAxFzAVBgNVBAMTDk5leHVzIEdyb3VwIENBAgJCFzANBglghkgBZQMEAgEFAKBoMAkGA1UEDTECDAAwEAYKKoZIhvcNAQkZAzECBAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAvBgkqhkiG9w0BCQQxIgQgRDUmD1f94cSdDINiH415YwjEqdSLds5x5k/+HFemZO8wDQYJKoZIhvcNAQELBQAEggEARdx5wC/xa8kt0CxZiFVpRigkuw4vD6ZykHwY4wx5co9pUm0ezjiCz5qZCNhRHxnULb4R8rJeI5+F87p85lWRovrsbfWZqXM0/vgugnGXfdOVamenADDxmFV57lCpetea100FYSP5rb6qYOcg8bWrDt9+/4HQihY6FMhIM3DDArIe+mmXIuHOAk140MC27wU+dk0eajyLE2pWc7Nf9/nOEosVw9BokoE/HbppVp++hhVewhhTGSkfZNZ4jSUWIGbJjlARR6MsMtdwAV1xj9QvWgW4f7O+dJ9wXM0ZtPhiJeptPNXFC5PYq3smIzJ+W6+Q71HnsebzamuEVmdoEf2yHw==", "mechanism" : "CKM_SHA256_RSA_PKCS", "format" : "pkcs7", "signer" : { "certificate" : "MIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRL" } } }, "commandId" : "687", "destinations" : [ { "to" : "@tmp", "bid" : "1557ac95-5c1c-4dff-a9aa-f1176744f5a6", "uri" : "com.nexusgroup.plugout:///?url=https%3a%2f%2fnexus-cod1.test.nexusgroup.com%3A20400%2fhermod%2Frest%2Fms%2F1557ac95-5c1c-4dff-a9aa-f1176744f5a6&token=98dab581-6bf6-4c9d-8c78-dac98f5b899f", "mid" : "31a10af2-8fe5-4847-b4e5-5272bdaee07b", "location" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b" } ], "commandType" : "SIGN", "state" : "COMPLETED", "fqdn" : "nexus-cod1.test.nexusgroup.com" }