Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor editorial


Info

A signing request follow the exact same process flow as an authentication request. For more information, see Example: Personal Desktop Client authentication.


Expandall

Prerequisites

Expand
titlePrerequisites
  • Installed Hermod, see here.

Step-by-step instruction

Expand
titleCreate signing request in Hermod
  1. Create a signing request in Hermod with the POST /rest/command/sign command. See example:

    Code Block
    titleExample: Signing command
    POST /rest/command/sign
    {
       "commandHeader":{
          "lifespan":30,
          "timeout":30,
          "to":[
             "@tmp"
          ]
       },
       "signCommand":{
          "params":{
             "description":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"UGVyc29uYWw=",
                   "description":"Signing request from",
                   "key":"requester",
                   "visible":true
                }
             ],
             "filter":{
                "op":"eq",
                "param":"key.type",
                "value":"RSA"
             },
             "format":"pkcs7",
             "mechanism":"CKM_SHA256_RSA_PKCS",
             "tbs":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC4=",
                   "description":"Text to sign",
                   "key":"tbs",
                   "visible":true
                }
             ]
          }
       }
    }
    


    Code Block
    titleExample: Signing response
    Response 200 OK
    {
        "commandId": "688",
        "destinations": [
            {
                "to": "@tmp",
                "bid": "11318956-2040-4360-941d-437e4ddd810c",
                "uri": "com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8",
                "mid": "14fc191a-a0a3-4ae3-929a-e37efafdb510",
                "location": "http://nexus-cod1.ad.nexusgroup.com:20401/hermod/rest/ms/11318956-2040-4360-941d-437e4ddd810c/14fc191a-a0a3-4ae3-929a-e37efafdb510"
            }
        ],
        "commandType": "SIGN",
        "state": "IN_PROGRESS",
        "fqdn": "nexus-cod1.ad.nexusgroup.com"
    } 



Expand
titleStart Personal Desktop Client
  1. Add the URI from the response as a link. 

    Code Block
    languagetext
    titleExample URI
    com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8


    The protocol handler for personal desktop Personal Ddesktop Client will open the plugout dialog: 
    Start Personal Desktop for signingImage Removed
    Image Added


Expand
titleValidate signing response

When the user has provided the smart card and entered the PIN then personal Personal Desktop Client will sign the request and send the response to Hermod which sends the response to the application server in a callback.

  1. Validate the response:

    Code Block
    titleExample: Signing callback command
    POST https://my-registered-callbackserver/rest/callback/sign


    Code Block
    titleExample: Signing callback response
    Response 200 OK
    {
      "responseHeader" : {
        "inReplyTo" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "status" : 200
      },
      "signResponse" : {
        "code" : 0,
        "result" : {
          "signature" : "MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExDzANBglghkgBZQMEAgEFADBEBgkqhkiG9w0BBwGgNwQ1VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC6gggXEMIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRLMYIB1zCCAdMCAQEwQjA8MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLTmV4dXMgR3JvdXAxFzAVBgNVBAMTDk5leHVzIEdyb3VwIENBAgJCFzANBglghkgBZQMEAgEFAKBoMAkGA1UEDTECDAAwEAYKKoZIhvcNAQkZAzECBAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAvBgkqhkiG9w0BCQQxIgQgRDUmD1f94cSdDINiH415YwjEqdSLds5x5k/+HFemZO8wDQYJKoZIhvcNAQELBQAEggEARdx5wC/xa8kt0CxZiFVpRigkuw4vD6ZykHwY4wx5co9pUm0ezjiCz5qZCNhRHxnULb4R8rJeI5+F87p85lWRovrsbfWZqXM0/vgugnGXfdOVamenADDxmFV57lCpetea100FYSP5rb6qYOcg8bWrDt9+/4HQihY6FMhIM3DDArIe+mmXIuHOAk140MC27wU+dk0eajyLE2pWc7Nf9/nOEosVw9BokoE/HbppVp++hhVewhhTGSkfZNZ4jSUWIGbJjlARR6MsMtdwAV1xj9QvWgW4f7O+dJ9wXM0ZtPhiJeptPNXFC5PYq3smIzJ+W6+Q71HnsebzamuEVmdoEf2yHw==",
          "mechanism" : "CKM_SHA256_RSA_PKCS",
          "format" : "pkcs7",
          "signer" : {
            "certificate" : "MIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRL"
          }
        }
      },
      "commandId" : "687",
      "destinations" : [ {
        "to" : "@tmp",
        "bid" : "1557ac95-5c1c-4dff-a9aa-f1176744f5a6",
        "uri" : "com.nexusgroup.plugout:///?url=https%3a%2f%2fnexus-cod1.test.nexusgroup.com%3A20400%2fhermod%2Frest%2Fms%2F1557ac95-5c1c-4dff-a9aa-f1176744f5a6&token=98dab581-6bf6-4c9d-8c78-dac98f5b899f",
        "mid" : "31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "location" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b"
      } ],
      "commandType" : "SIGN",
      "state" : "COMPLETED",
      "fqdn" : "nexus-cod1.test.nexusgroup.com"
    }