Options
All
  • Public
  • Public/Protected
  • All
Menu

Hierarchy

  • LacunaWebPKI

Index

Constructors

constructor

  • Instatiates a new Lacuna Web PKI object.

    Parameters

    • Optional license: string | Object

      The license for the component. May be a string or an object (see Licensing). In order for the component to work, you must set a valid purchased license that matches the URL of the site running the code. If no licesnse is set, the component will work in localhost only, so you can test as much as you want in development before deciding to license it.

    Returns LacunaWebPKI

    Binary license sample

    // Here, we use the binary format of our license. This is preferred if you want to hide the details of your license
    // (expiration date and allowed domains). Please note that the details are not encrypted, just encoded in Base64.
    var pki = new LacunaWebPKI('ASYAanNmaWRkbGUubmV0LHdlYnBraS5sYWN1bmFzb2Z0d2FyZS5jb20AAAABClKvO1J22vAD+YmfANiKQLbcLE1lNraPKCel6tRM+ZxR+h6M/crtJYRRVGGz7hrdbM0Y0mfTu15RMYGqQMi1QNZS6GrT4vNzIayv552Fl0EFWQA7jWlctUwfYoHRHVEnCNx9YGXDiA9+yDoGlVwgTR7fjzNeS3Fen1MVIyKBF464gN0JvdiCRJMI47JGVDkPmKjcrYIvJs6y5Lg25RW4ZnBKVruS+HR2s3k8ZrV4y4RCQE4UYMKbukF9vsF+JqAEifRlPq2xLcrNdxBveVDSXS/LRHAcrZrMM+Iw4A79jl0ngWPcy+CwinAhT+3dxVo5ZWMRQFpmTkylEMDvTjV9wQ==');
    

    JSON license sample

    // Here, we use the JSON format of our license. If you don't mind having the details of your license (expiration
    // date and allowed domains) in the source code of your page, this option is preferred because it makes it
    // easier to diagnose problems such as an expired license.
    var pki = new LacunaWebPKI( {
        "format": 1,
        "allowedDomains": [
            "webpki.lacunasoftware.com",
            "jsfiddle.net"
        ],
        "expiration": null,
        "signature": "ClKvO1J22vAD+YmfANiKQLbcLE1lNraPKCel6tRM+ZxR+h6M/crtJYRRVGGz7hrdbM0Y0mfTu15RMYGqQMi1QNZS6GrT4vNzIayv552Fl0EFWQA7jWlctUwfYoHRHVEnCNx9YGXDiA9+yDoGlVwgTR7fjzNeS3Fen1MVIyKBF464gN0JvdiCRJMI47JGVDkPmKjcrYIvJs6y5Lg25RW4ZnBKVruS+HR2s3k8ZrV4y4RCQE4UYMKbukF9vsF+JqAEifRlPq2xLcrNdxBveVDSXS/LRHAcrZrMM+Iw4A79jl0ngWPcy+CwinAhT+3dxVo5ZWMRQFpmTkylEMDvTjV9wQ=="
    });
    

Properties

cadesAcceptablePolicies

cadesAcceptablePolicies: object

Object with CAdES acceptable policies preset

Type declaration

pkcs11Modules

pkcs11Modules: object

Web PKI standard PKCS#11 modules. Useful presets for pkcs11Modules argument of listTokens, generateTokenRsaKeyPair and importTokenCertificate methods.

Type declaration

standardTrustArbitrators

standardTrustArbitrators: object

Type declaration

xmlAcceptablePolicies

xmlAcceptablePolicies: object

Object with XAdES acceptable policies preset

Type declaration

  • pkiBrazil: XmlPolicies[]

    Any PKI Brazil acceptable policies

Methods

downloadToFolder

generateSoftwareRsaKeyPair

  • Generates a RSA key pair in the user computer, or OS certificate store, and returns a CSR (PKCS#10 Certificate Signing Request).

    Parameters

    • args: object
      • keySize: number

        The RSA keys size to be genarated.

      • Optional subjectName?: string

        A subject name (DN) string for the generated CSR. E.g. 'CN=My Name, O=ACME Inc., C=BR'

    Returns Promise<GenerateKeyPairResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a GenerateKeyPairResponse object.

generateTokenRsaKeyPair

  • Generates a RSA key pair in the user selected crypto device and returns a CSR (PKCS#10 Certificate Signing Request).

    Parameters

    • args: object
      • Optional keyLabel?: string

        A label for the generated keys objects in the token. If not set, a random Id is used.

      • keySize: number

        The RSA keys size to be genarated. Be sure that the selected device supports the requested key size on TokenModel.mechanisms.

      • Optional pkcs11Modules?: Pkcs11Module[]

        The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules

      • Optional subjectName?: string

        A subject name (DN) string for the generated CSR. E.g. 'CN=My Name, O=ACME Inc., C=BR'

      • tokenSerialNumber: string

        The selected token serial number, available in TokenModel.serialNumber as returned by listTokens method.

    Returns Promise<GenerateTokenKeyPairResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a GenerateTokenKeyPairResponse object.

importCertificate

  • Imports a digital certificate into the user computer, or OS certificate store. The computer must be the one holding the private key of the certificate being imported. The command can result with the certificate available for usage and also with a PFX (PKCS#12) backup copy, in this last case, see arguments savePkcs12, passwordMinLength and passwordPolicies.

    Parameters

    • args: object
      • certificateContent: string

        The digital certificate content (PEM or Base64 encoded DER bytes formats).

      • Optional passwordMinLength?: number

        A password required minimum length for the PFX file backup. Applies only if savePkcs12 is true.

      • Optional passwordPolicies?: PasswordPolicies

        A password secure level policy for the PFX file backup. Applies only if savePkcs12 is true.

      • savePkcs12: boolean

        Whether or not to also create a PFX (PKCS#12) file backup for the imported certificate and keys.

    Returns Promise<ImportSoftwareCertificateResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ImportSoftwareCertificateResponse object.

importTokenCertificate

  • Imports a digital certificate into the user crypto device. The device must be the one holding the private key of the certificate being imported.

    Parameters

    • args: object
      • certificateContent: string

        The digital certificate content (PEM or Base64 encoded DER bytes formats).

      • Optional certificateLabel?: string

        A label for the imported certificate object in the token. If not set, the same key Id is used.

      • Optional pkcs11Modules?: Pkcs11Module[]

        The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules

      • tokenSerialNumber: string

        The selected token serial number, available in TokenModel.serialNumber as returned by listTokens method.

    Returns Promise<ImportTokenCertificateResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ImportTokenCertificateResponse object.

init

  • init(args: object): Promise<Object>
  • Initializes the instance of the LacunaWebPKI object. This method must be called before calling any other methods.

    Parameters

    • args: object
      • Optional angularScope?: Object

        If your webpage uses AngularJS, you can pass here a reference to your $scope, which will then be used to call the callback functions properly, relieving you of doing a $scope.$apply(function() { ... }); on every callback. The calls are actually wrapped around a "safe $apply", as described in coderwall.

      • Optional brand?: string

        The brand name for customized install page, if license covered.

      • Optional defaultFail?: FailCallback

        The default callback to be called when an error occurrs (please refer to examples below for the exact function signature).

      • Optional license?: string | Object

        The license for the component, if not already set when instantiating the object.

      • Optional ngZone?: Object

        If your webpage uses Angular2+ technologies, you can pass a NgZone reference, so the page can properly detect elements changes on the callback functions.

      • Optional notInstalled?: function

        A function to be called if the component's installation is not OK (component not installed, outdated or user is using an unsupported browser). If no callback is given, the user is automatically redirected to the installation website and will be redirected back once the installation is completed. If you do pass a callback to override the default behavior, use the redirectToInstallPage method to redirect the user to the installation page whenever you think it's convenient.

      • ready: function

        A function to be called when the component is ready to be used. The function receives no arguments.

          • (): any
          • Returns any

      • Optional requiredApiVersion?: ApiVersions

        If you intend to use a specifc features set, pass the equivalent API version required parameter, so you can ensure that the users will have the minimum components required versions and will not force any unecessary update. See the API changelog for more information.

      • Optional restPkiUrl?: string

        The on premises Rest PKI URL. For on premises Rest PKI clients integration only.

    Returns Promise<Object>

    Simple ready example

    // This is the simplest way to call the method, in case you don't wish to register a default error callback nor
    // define a custom behavior for when the component is not installed/outdated.
    pki.init({ ready: onWebPkiReady });
    
    // The ready callback receives no arguments
    function onWebPkiReady() {
        // start using the component
    }
    

    Complete example

    // If you wish to pass any other argument, you must use the extended version of the method:
    pki.init({
        ready: onWebPkiReady,
        notInstalled: onWebPkiNotInstalled,
        defaultFail: onWebPkiFail
    });
    
    function onWebPkiReady() {
        // start using the component
    }
    
    // The notInstalled callback
    function onWebPkiNotInstalled(status, message) {
        alert(message + '\n\nYou will be redirected to the installation page');
        pki.redirectToInstallPage();
    }
    
    // The default fail callback
    function onWebPkiFail(ex) {
        alert(ex.userMessage);
        console.log('Web PKI error from ' + ex.origin + ': ' + ex.error + ' (' + ex.code + ')');
    }
    

    JSFiddle live example: init method full example

listCertificates

  • Lists the user available certificates in OS certificate store or connected crypto devices

    Parameters

    • Optional args: object
      • Optional selectId?: string

        A html <select> (dropdown) element id to be automatically populated with the available certificates. You can also pass the selectOptionFormatter function argument for formatting the populated options text. If no formatter function is passed, the default text formatting for a certificate c is "c.subjectName (issued by c.issuerName)"

      • Optional selectOptionFormatter?: function

        An <option> text formatter for the passed selectId. The formatter function must return a desired text for each CertificateModel.

    Returns Promise<CertificateModel[]>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives an array of CertificateModel

    Usage example (JavaScript)

    pki.listCertificates().success(function (certs) {
        // Use certificate list "certs"
    });
    

    JSFiddle live example: Listing Certificates

listTokens

  • Lists the user connected crypto devices

    Parameters

    • args: object
      • Optional pkcs11Modules?: Pkcs11Module[]

        The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules

    Returns Promise<TokenModel[]>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives an array of TokenModel.

    Usage sample (JavaScript)

    pki.listTokens({
        pkcs11Modules: [pki.pkcs11Modules.safeSign, pki.pkcs11Modules.safeNet]
    }).success(function (tokens) {
        // Use token list "tokens"
    });
    

    Lacuna Live Example: List Tokens Example

openCades

  • Opens a CAdES (.p7s) signature.

    Parameters

    • args: object
      • Optional acceptablePolicies?: CadesPolicies[]

        A collection of acceptables signature policies. The policies must be explicit policies (signed-attributes must have a signature policy Id). Se useful presets cadesAcceptablePolicies. Only applies if validate argument is true.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument. Only applies if validate argument is true.

      • Optional dateReference?: Date

        An external trusted date reference for the signature validation. If not set, the current date time will be used.

      • Optional originalFileId?: string

        The original file. Only applies if the passed signatureFileId does not have the encapsulated content.

      • signatureFileId: string

        The signed document (.p7s) FileModel.id, as returned by showFileBrowser method.

      • Optional specificPolicy?: CadesPolicies

        A CAdES signature policy for the signature validation. Only applies if validate argument is true.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one. Only applies if validate argument is true.

      • validate: boolean

        Whether or not to validate the CAdES sinatures.

    Returns Promise<CadesSignatureModel>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives CadesSignatureModel object.

openFile

  • openFile(args: object): Promise<boolean>
  • Opens a file with the OS default registered program for the file type. If the file type is not in the Web PKI whitelist, the file directory will be opened instead.

    Parameters

    Returns Promise<boolean>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a boolean argument with the success result.

openFolder

  • openFolder(args: object): Promise<boolean>

openPades

  • Opens a PDF signature.

    Parameters

    • args: object
      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument. Only applies if validate argument is true.

      • Optional dateReference?: Date

        An external trusted date reference for the signature validation. If not set, the current date time will be used.

      • signatureFileId: string

        The signed PDF FileModel.id, as returned by showFileBrowser method.

      • specificPolicy: PadesPolicies

        A PDF signature policy for the signature validation. Only applies if validate argument is true.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one. Only applies if validate argument is true.

      • validate: boolean

        Whether or not to validate the PDF sinatures.

    Returns Promise<PadesSignatureModel>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a PadesSignatureModel obejct.

openXmlSignature

  • Opens a XML signature.

    Parameters

    • args: object
      • Optional acceptablePolicies?: XmlPolicies[]

        A collection of acceptables signature policies. The policies must be explicit policies (signed-attributes must have a signature policy Id). Se useful presets cadesAcceptablePolicies. Only applies if validate argument is true.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument. Only applies if validate argument is true.

      • Optional dateReference?: Date

        An external trusted date reference for the signature validation. If not set, the current date time will be used.

      • Optional idResolutionTable?: XmlIdResolutionTableModel

        An Id resolution table. Needed in case the toSignElementId Id attribute name is not the default.

      • Optional signatureContent?: string

        A signed XML content (UTF-8 string or Base64 encoded bytes) can be passed optionally to signatureFileId.

      • Optional signatureFileId?: string

        The signed XML FileModel.id, as returned by showFileBrowser method.

      • Optional specificPolicy?: XmlPolicies

        A XML signature policy for the signature validation. Only applies if validate argument is true.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one. Only applies if validate argument is true.

      • validate: boolean

        Whether or not to validate the CAdES sinatures.

    Returns Promise<XmlSignatureModel>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives XmlSignatureModel obejct.

preauthorizeSignatures

  • preauthorizeSignatures(args: object): Promise<void>
  • Pre authorizes a number of signatures. Useful for cases in which a significant number of signatures will be performed and the user wants to authorize and enter its PIN only once for the whole signature batch.

    Parameters

    • args: object
      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • signatureCount: number

        The number of signatures to be pre authorized.

    Returns Promise<void>

    A promise object that can register fail and success callbacks to be called when the operation completes.

    Usage example (JavaScript)

    var batch = [
        'SGVsbG8gV29ybGQh',      // 'Hello World!'  Base64 encoded
        'SGVsbG8gV2ViUEtJIQ==',  // 'Hello WebPKI!' Base64 encoded
        'SGVsbG8gQmF0Y2gh',      // 'Hello Batch!'  Base64 encoded
        'SGVMbE8gd09yTGQh',      // 'HeLlO wOrLd!'  Base64 encoded
        'SGVsbG8gQ3J5cHRvIQ=='   // 'Hello Crypto!' Base64 encoded
    ];
    
    pki.preauthorizeSignatures({
        certificateThumbprint: $('#certificateSelect').val(),
        signatureCount: batch.length
    }).success(function () {
        signBatchItem(0); // start batch signatures
    });
    
    function signBatchItem(i) {
        if (i >= batch.length) {
             console.log('Batch finished');
             return;
        }
    
        pki.signData({
            thumbprint: $('#certificateSelect').val(),
            data: batch[i],
            digestAlgorithm: 'SHA-256'
    
        }).success(function (signature) {
            console.log('Signature ' + i + ': ' + signature);
            signBatchItem(++i); // signs next item of batch
        });
    }
    

    JSFiddle live example: Sign Batch Example

readCertificate

  • readCertificate(args: object): Promise<string>
  • Gets a certificate content

    Parameters

    Returns Promise<string>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) certificate DER bytes.

    Usage example (JavaScript)

    pki.readCertificate({
        thumbprint: $('#certificateSelect').val()
    }).success(function (content) {
        // Use certificate content
    });
    

    JSFiddle live example: Listing and reading certificates

redirectToInstallPage

  • redirectToInstallPage(): void
  • Redirects the user to the install page, with the appropriate url arguments so as to make the user be redirected back to the original page once the installation completes successfully.

    For an example of the proper way to call this method, see the complete example code at init method documentation.

    Returns void

sendAuthenticatedRequest

  • Sends an authenticated Web request (Web request with mutual SSL/TLS authentication).

    Parameters

    • args: object
      • Optional body?: string

        A request body content. If set, consider also to pass the Content-Type charset of the body encoding in the headers map. If not header charset is present, the Web PKI will, by default, attempt to decode as a Base64 string and, if fails, will get the UTF-8 bytes.

      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • Optional headers?: Object

        The request headers object-map. E.g.

        {
            "Content-Type": "application/json; charset=utf-8",
            "Accept-Encoding": "gzip, deflate"
        }
        
      • method: HttpMethods

        The request method.

      • Optional timeout?: number

        A request timeout in milliseconds. If not set, default is 60000 (1 min).

      • url: string

        The URL to send the request to or a relative route, if it is in the same domain. It must have a HTTPS scheme.

    Returns Promise<HttpResponseModel>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a HttpResponseModel object.

showFileBrowser

  • Shows the OS file browser. Used for commands which the user needs to choose a file.

    IMPORTANT

    In order to comply to user privacy policies, user paths are never returned to the page. All paths are handled inside extension or addon logic and an Id is returned instead. Later, the developer can refeer to the selected file by using the returned FileModel.id.

    Parameters

    • Optional args: object
      • Optional dialogTitle?: string

        The file browser dialog title

      • Optional filters?: FileFilterModel[]

        Any file extension filter for the browser dialog.

      • Optional multiselect?: boolean

        Whether the user can select multiple files or not.

    Returns Promise<ShowFileBrowserResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ShowFileBrowserResponse object.

showFolderBrowser

  • Shows the OS directory browser. Used for commands which the user needs to choose a directory.

    IMPORTANT

    In order to comply to user privacy policies, user paths are never returned to the page. All paths are handled inside extension or addon logic and an Id is returned instead. Later, the developer can refeer to the selected directory by using the returned ShowFolderBrowserResponse.folderId.

    Parameters

    • Optional args: object
      • Optional message?: string

        A message title for the browser dialog.

    Returns Promise<ShowFolderBrowserResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ShowFolderBrowserResponse object.

signCades

  • Signs a document with CAdES standard, generates a P7S.

    Parameters

    • args: object
      • Optional autoDetectCosign?: boolean

        Whether or not to auto-detect a co-signature intention if the fileId passed is a CAdES signature file.

      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument.

      • Optional cmsToCosignFileId?: string

        If you already have a CAdES file and a co-signature is intended, pass this argument instead of fileId. Optionally, you can use the fileId for CAdES signature file and enable the autoDetectCosign.

      • Optional fileId?: string

        The selected document FileModel.id, as returned by showFileBrowser method.

      • Optional includeEncapsulatedContent?: boolean

        Whether or not to include the encapsulated content (the original document) in the resulting CAdES signature file.

      • output: Output

        The CAdES signature file (.p7s) output options.

      • policy: CadesPolicies

        The CAdES signature policy.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one.

    Returns Promise<CadesSignResult>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a CadesSignResult object.

signData

  • signData(args: object): Promise<string>
  • Signs data with signer certificate private key.

    Parameters

    • args: object
      • data: string

        The Base64 encoded data to be signed.

      • digestAlgorithm: string

        The digest algorithm identifier to be used in the signature algorithm. It can be the algorithm name or OID (i.e. 'SHA-256' or '2.16.840.1.101.3.4.2.1').

      • thumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

    Returns Promise<string>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.

    Usage example (JavaScript)

    var dataToSign = 'SGVsbG8gV29ybGQh'; // 'Hello World!' Base64 encoded
    
    pki.signData({
        thumbprint: $('#certificateSelect').val(),
        data: dataToSign,
        digestAlgorithm: 'SHA-256'
    }).success(function (signature) {
        // Use signature
    });
    

    JSFiddle live example: Operates with selected certificate

signFullXml

  • Fully signs a XML.

    Parameters

    • args: object
      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument.

      • Optional content?: string

        A XML content (UTF-8 string or Base64 encoded bytes) to sign can be passed optionally to filedId.

      • Optional fileId?: string

        The selected XML FileModel.id, as returned by showFileBrowser method.

      • Optional namespaces?: NamespaceModel[]

        Any required namespace for xpath resolvings.

      • output: Output

        The XML signature file output options.

      • policy: XmlPolicies

        The XML signature policy.

      • Optional signatureElementId?: string

        The signature element Id. If not set, a random Id will be generated.

      • Optional signatureElementLocation?: XmlSignatureElementLocation

        The signature element include location on the resulting XML. If not set, the default is LacunaWebPKI.XmlInsertionOptions.AppendChild relative to the root element.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one.

    Returns Promise<XmlSignResult>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a XmlSignResult object.

signHash

  • signHash(args: object): Promise<string>
  • Signs a hash with signer certificate private key.

    Parameters

    • args: object
      • digestAlgorithm: string

        The digest algorithm identifier of the hash parameter. It can be the algorithm name or OID (i.e. 'SHA-256' or '2.16.840.1.101.3.4.2.1').

      • hash: string

        The Base64 encoded hash to be signed.

      • thumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

    Returns Promise<string>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.

    Usage example (JavaScript)

    var hashToSign = 'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk='; // Base64 encoded SHA-256 of 'Hello World!'
    
    pki.signHash({
        thumbprint: $('#certificateSelect').val(),
        hash: hashToSign,
        digestAlgorithm: 'SHA-256'
    }).success(function (signature) {
        // Use signature
    });
    

    JSFiddle live example: Operates with selected certificate

signHashBatch

  • Signs a batch of hashes with signer certificate private key.

    Parameters

    • args: object
      • batch: string[]

        The Array of Base64 encoded hashes to be signed.

      • digestAlgorithm: string

        The digest algorithm identifier of the hashes on batch parameter. It can be the algorithm name or OID (i.e. 'SHA-256' or '2.16.840.1.101.3.4.2.1').

      • thumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

    Returns Promise<SignHashBatchResponse>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes array.

    Usage example (JavaScript)

    var batch = [
        'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=', // Base64 encoded SHA-256 of 'Hello World!'
        'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=',
        'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk='
    ];
    
    pki.signHashBatch({
        thumbprint: $('#certificateSelect').val(),
        batch: batch,
        digestAlgorithm: 'SHA-256'
    }).success(function (signatures) {
        // Use signatures array
    });
    

    JSFiddle live example: Sign Hash Batch

signPdf

  • Signs a PDF document.

    Parameters

    • args: object
      • Optional bypassMarksIfSigned?: boolean

        If true, will not apply the pdfMarks in case PDF already has a signature. If false, any previous signature will be removed before the marks be applied.

      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument.

      • fileId: string

        The selected PDF FileModel.id, as returned by showFileBrowser method.

      • output: Output

        The signed PDF output options.

      • Optional pdfMarks?: PdfMark[]

        The PDF page marks.

      • policy: PadesPolicies

        The PDF signature policy.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one.

      • Optional visualRepresentation?: VisualRepresentation

        The PDF visual representation for the signer.

    Returns Promise<PdfSignResult>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a PdfSignResult obejct.

signWithRestPki

  • signWithRestPki(args: object): Promise<string>

signXmlElement

  • Signs an element, or elements, of a XML.

    Parameters

    • args: object
      • certificateThumbprint: string

        The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.

      • Optional clearPolicyTrustArbitrators?: boolean

        Whether or not to remove the policy default trust arbitrator. If true, you must pass the trustArbitrators argument.

      • Optional content?: string

        A XML content (UTF-8 string or Base64 encoded) to sign can be passed optionally to filedId.

      • fileId: string

        The selected XML FileModel.id, as returned by showFileBrowser method.

      • Optional idResolutionTable?: XmlIdResolutionTableModel

        An Id resolution table. Needed in case the toSignElementId Id attribute name is not the default.

      • Optional namespaces?: NamespaceModel[]

        Any required namespace for xpath resolvings.

      • output: Output

        The XML signature file output options.

      • policy: XmlPolicies

        The XML signature policy.

      • Optional signatureElementId?: string

        The signature element Id. If not set, a random Id will be generated.

      • Optional signatureElementLocation?: XmlSignatureElementLocation

        The signature element include location on the resulting XML. If not set, the default is LacunaWebPKI.XmlInsertionOptions.AppendSibling relative to the selected toSignElement.

      • Optional toSignElementId?: string

        The XML element to sign Id.

      • Optional toSignElementsIds?: string[]

        Optionally to a single toSignElementId, multiple elements to sign Ids on the same XML.

      • Optional toSignElementsXPath?: string

        Optionally to a single toSignElementId, multiple elements to sign Ids on the same XML, selected by a xpath. Also check if any namespace argument for xpath resolution is needed.

      • Optional trustArbitrators?: TrustArbitrator[]

        The trust arbitrators for the signer certificate validation. Not required if the policy already has a default one.

    Returns Promise<XmlSignResult>

    A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a XmlSignResult object.

Legend

  • Module
  • Object literal
  • Variable
  • Function
  • Function with type parameter
  • Index signature
  • Type alias
  • Type alias with type parameter
  • Enumeration
  • Enumeration member
  • Property
  • Method
  • Interface
  • Interface with type parameter
  • Constructor
  • Property
  • Method
  • Index signature
  • Class
  • Class with type parameter
  • Constructor
  • Property
  • Method
  • Accessor
  • Index signature
  • Inherited constructor
  • Inherited property
  • Inherited method
  • Inherited accessor
  • Protected property
  • Protected method
  • Protected accessor
  • Private property
  • Private method
  • Private accessor
  • Static property
  • Static method

Generated using TypeDoc