The license for the component. May be a string or an object (see Licensing). In order for the component to work, you must set a valid purchased license that matches the URL of the site running the code. If no licesnse is set, the component will work in localhost only, so you can test as much as you want in development before deciding to license it.
Binary license sample
// Here, we use the binary format of our license. This is preferred if you want to hide the details of your license
// (expiration date and allowed domains). Please note that the details are not encrypted, just encoded in Base64.
var pki = new LacunaWebPKI('ASYAanNmaWRkbGUubmV0LHdlYnBraS5sYWN1bmFzb2Z0d2FyZS5jb20AAAABClKvO1J22vAD+YmfANiKQLbcLE1lNraPKCel6tRM+ZxR+h6M/crtJYRRVGGz7hrdbM0Y0mfTu15RMYGqQMi1QNZS6GrT4vNzIayv552Fl0EFWQA7jWlctUwfYoHRHVEnCNx9YGXDiA9+yDoGlVwgTR7fjzNeS3Fen1MVIyKBF464gN0JvdiCRJMI47JGVDkPmKjcrYIvJs6y5Lg25RW4ZnBKVruS+HR2s3k8ZrV4y4RCQE4UYMKbukF9vsF+JqAEifRlPq2xLcrNdxBveVDSXS/LRHAcrZrMM+Iw4A79jl0ngWPcy+CwinAhT+3dxVo5ZWMRQFpmTkylEMDvTjV9wQ==');
JSON license sample
// Here, we use the JSON format of our license. If you don't mind having the details of your license (expiration
// date and allowed domains) in the source code of your page, this option is preferred because it makes it
// easier to diagnose problems such as an expired license.
var pki = new LacunaWebPKI( {
"format": 1,
"allowedDomains": [
"webpki.lacunasoftware.com",
"jsfiddle.net"
],
"expiration": null,
"signature": "ClKvO1J22vAD+YmfANiKQLbcLE1lNraPKCel6tRM+ZxR+h6M/crtJYRRVGGz7hrdbM0Y0mfTu15RMYGqQMi1QNZS6GrT4vNzIayv552Fl0EFWQA7jWlctUwfYoHRHVEnCNx9YGXDiA9+yDoGlVwgTR7fjzNeS3Fen1MVIyKBF464gN0JvdiCRJMI47JGVDkPmKjcrYIvJs6y5Lg25RW4ZnBKVruS+HR2s3k8ZrV4y4RCQE4UYMKbukF9vsF+JqAEifRlPq2xLcrNdxBveVDSXS/LRHAcrZrMM+Iw4A79jl0ngWPcy+CwinAhT+3dxVo5ZWMRQFpmTkylEMDvTjV9wQ=="
});
Object with CAdES acceptable policies preset
Any PKI Brazil acceptable policies
Whether or not currently running on a supported mobile platform (andoird, iOS) and current vendor supports mobile.
Web PKI standard PKCS#11 modules. Useful presets for pkcs11Modules
argument of listTokens, generateTokenRsaKeyPair and importTokenCertificate methods.
SafeNet PKCS#11 lib modules.
SafeSign PKCS#11 lib modules.
Object with XAdES acceptable policies preset
Any PKI Brazil acceptable policies
Decrypts data with selected certificate private key or generated private key.
A certificate thumbprint which private key will be used to decrypt data. Available in CertificateModel.thumbprint property returned by listCertificates method.
The Base64 encoded encrypted data to be decrypted.
The encryption parameters and padding algorithm to be used
A private key Id returned in the generate key pair methods generateSoftwareRsaKeyPair or generateTokenRsaKeyPair.
The user crypto device returned from listTokens. This parameter ir mandatory if the privateKeyId is from a crypto device.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a DecryptResponse object.
Live Example
Decrypt Sample: JSFiddle example for decrypting text with a selected certificate private key.
Downloads a specific content to a selected directory.
The file name of the content to be saved.
The selected ShowFolderBrowserResponse.folderId, as returned by showFolderBrowser method.
The content URL
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a DownloadToFolderResponse object
Encrypts data with selected certificate public key or generated public key.
A certificate thumbprint which public key will be used to encrypt data. Available in CertificateModel.thumbprint property returned by listCertificates method.
The Base64 encoded data to be encrypted.
The encryption parameters and padding algorithm to be used
A private key Id returned in the generate key pair methods generateSoftwareRsaKeyPair or generateTokenRsaKeyPair.
A public key content or PKCertificate content (PEM or DER base64 encoded) to encrypt data with
The user crypto device returned from listTokens. This parameter ir mandatory if the privateKeyId is from a crypto device.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a EncryptResponse object.
Live Example
Encrypt Sample: JSFiddle example for encrypting text with a selected certificate public key.
Generates a RSA key pair in the user computer, or OS certificate store, and returns a CSR (PKCS#10 Certificate Signing Request).
The RSA keys size to be genarated.
Generates a non exportable key. Software generated non exportable keys are only supported on Windows platform.
A subject name (DN) string for the generated CSR. E.g. 'CN=My Name, O=ACME Inc., C=BR'
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a GenerateKeyPairResponse object.
Lacuna Live Example: Issue Software Certificate Example
Generates a RSA key pair in the user selected crypto device and returns a CSR (PKCS#10 Certificate Signing Request).
A label for the generated keys objects in the token. If not set, a random Id is used.
The RSA keys size to be genarated. Be sure that the selected device supports the requested key size on TokenModel.mechanisms.
The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules
A subject name (DN) string for the generated CSR. E.g. 'CN=My Name, O=ACME Inc., C=BR'
The selected token to generate the key pair. As returned by listTokens method. Passing this parameter removes the need of pkcs11Modules
and tokenSerialNumber
parameters
The selected token serial number, available in TokenModel.serialNumber as returned by listTokens method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a GenerateTokenKeyPairResponse object.
Lacuna Live Example: Issue Token Certificate Example
Imports a digital certificate into the user computer, or OS certificate store. The computer must be the one holding the private key of the certificate being imported.
The command can result with the certificate available for usage and also with a PFX (PKCS#12) backup copy, in this last case, see arguments savePkcs12
, passwordMinLength
and passwordPolicies
.
The digital certificate content (PEM or Base64 encoded DER bytes formats).
A password required minimum length for the PFX file backup. Applies only if savePkcs12
is true
.
A password secure level policy for the PFX file backup. Applies only if savePkcs12
is true
.
The generated private key Id returned on GenerateKeyPairResponse.privateKeyId
Whether or not to also create a PFX (PKCS#12) file backup for the imported certificate and keys.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ImportSoftwareCertificateResponse object.
Lacuna Live Example: Issue Software Certificate Example
Imports a digital certificate into the user crypto device. The device must be the one holding the private key of the certificate being imported.
The digital certificate content (PEM or Base64 encoded DER bytes formats).
A label for the imported certificate object in the token. If not set, the same key Id is used.
The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules
The generated private key Id returned on GenerateTokenKeyPairResponse.privateKeyId
The selected token to import the certificate to. As returned by listTokens method. Passing this parameter removes the need of pkcs11Modules
and tokenSerialNumber
parameters
The selected token serial number, available in TokenModel.serialNumber as returned by listTokens method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ImportTokenCertificateResponse object.
Lacuna Live Example: Issue Token Certificate Example
Initializes the instance of the LacunaWebPKI object. This method must be called before calling any other methods.
If your webpage uses AngularJS, you can pass here a reference to your $scope, which will then be used to call the callback functions properly, relieving you of doing a $scope.$apply(function() { ... });
on every callback. The calls are actually wrapped around a "safe $apply", as described in coderwall.
The brand name for customized install page, if license covered.
The default callback to be called when an error occurrs (please refer to examples below for the exact function signature).
The license for the component, if not already set when instantiating the object.
The mobile integration mode. Default is LacunaWebPKI.MobileIntegrationModes.AppIntegration.
If your webpage uses Angular2+ technologies, you can pass a NgZone reference, so the page can properly detect elements changes on the callback functions.
A function to be called if the component's installation is not OK (component not installed, outdated or user is using an unsupported browser). If no callback is given, the user is automatically redirected to the installation website and will be redirected back once the installation is completed. If you do pass a callback to override the default behavior, use the redirectToInstallPage method to redirect the user to the installation page whenever you think it's convenient.
A function to be called when the component is ready to be used. The function receives no arguments.
If you intend to use a specifc features set, pass the equivalent API version required parameter, so you can ensure that the users will have the minimum components required versions and will not force any unecessary update. See the API changelog for more information.
The on premises Rest PKI URL. For on premises Rest PKI clients integration only.
Whether or not to share and persiste the native app instances per hostname. Default is one native app instance per page.
Simple ready
example
// This is the simplest way to call the method, in case you don't wish to register a default error callback nor
// define a custom behavior for when the component is not installed/outdated.
pki.init({ ready: onWebPkiReady });
// The ready callback receives no arguments
function onWebPkiReady() {
// start using the component
}
Complete example
// If you wish to pass any other argument, you must use the extended version of the method:
pki.init({
ready: onWebPkiReady,
notInstalled: onWebPkiNotInstalled,
defaultFail: onWebPkiFail
});
function onWebPkiReady() {
// start using the component
}
// The notInstalled callback
function onWebPkiNotInstalled(status, message) {
alert(message + '\n\nYou will be redirected to the installation page');
pki.redirectToInstallPage();
}
// The default fail callback
function onWebPkiFail(ex) {
alert(ex.userMessage);
console.log('Web PKI error from ' + ex.origin + ': ' + ex.error + ' (' + ex.code + ')');
}
JSFiddle live example: init method full example
Signs data with a generated private key.
The Base64 encoded data to be signed.
The digest algorithm identifier to be used in the signature algorithm. It can be the algorithm name or OID (i.e. 'SHA-256'
or '2.16.840.1.101.3.4.2.1'
).
The private key Id returned in the generate key pair methods generateSoftwareRsaKeyPair or generateTokenRsaKeyPair.
The user crypto device returned from listTokens, if the key pair was generated on a crypto device.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.
Signs a hash with a generated private key.
The digest algorithm identifier of the hash
parameter. It can be the algorithm name or OID (i.e. 'SHA-256'
or '2.16.840.1.101.3.4.2.1'
).
The Base64 encoded hash to be signed.
The private key Id returned in the generate key pair methods generateSoftwareRsaKeyPair or generateTokenRsaKeyPair.
The user crypto device returned from listTokens, if the key pair was generated on a crypto device.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.
Lists the user available certificates in OS certificate store or connected crypto devices
A html <select>
(dropdown) element id
to be automatically populated with the available certificates. You can also pass the selectOptionFormatter
function argument for formatting the populated options text. If no formatter function is passed, the default text formatting for a certificate c
is "c.subjectName
(issued by c.issuerName
)"
An <option>
text formatter for the passed selectId
. The formatter function must return a desired text for each CertificateModel.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives an array of CertificateModel
Usage example (JavaScript)
pki.listCertificates().success(function (certs) {
// Use certificate list "certs"
});
Lacuna Live Example: Listing Certificates Lacuna Live Example: Listing Certificates And Show Details
Lists the user connected crypto devices
The PKCS#11 modules to use for crypto devices communication. See standard supported pkcs11Modules
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives an array of TokenModel.
Usage sample (JavaScript)
pki.listTokens({
pkcs11Modules: [pki.pkcs11Modules.safeSign, pki.pkcs11Modules.safeNet]
}).success(function (tokens) {
// Use token list "tokens"
});
Lacuna Live Example: List Tokens And Show Details Example
Opens a CAdES (.p7s) signature.
A collection of acceptables signature policies. The policies must be explicit policies (signed-attributes must have a signature policy Id). Se useful presets cadesAcceptablePolicies. Only applies if validate
argument is true
.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument. Only applies if validate
argument is true
.
An external trusted date reference for the signature validation. If not set, the current date time will be used.
The original file. Only applies if the passed signatureFileId
or signatureContent
does not have the encapsulated content.
The signed PDF content (Base64 encoded bytes) to open. It can be passed optionally to signatureFileId
.
The signed document (.p7s) FileModel.id, as returned by showFileBrowser method.
A CAdES signature policy for the signature validation. Only applies if validate
argument is true
.
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one. Only applies if validate
argument is true
.
Whether or not to validate the CAdES sinatures.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives CadesSignatureModel object.
Opens a file with the OS default registered program for the file type. If the file type is not in the Web PKI whitelist, the file directory will be opened instead.
The selected FileModel.id, as returned by showFileBrowser method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a boolean argument with the success result.
Opens the selected folder in OS directory explorer.
The selected ShowFolderBrowserResponse.folderId, as returned by showFolderBrowser method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a boolean argument with the success result.
Opens a PDF signature.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument. Only applies if validate
argument is true
.
An external trusted date reference for the signature validation. If not set, the current date time will be used.
The signed PDF content (Base64 encoded bytes) to open. It can be passed optionally to signatureFileId
.
The signed PDF FileModel.id, as returned by showFileBrowser method.
A PDF signature policy for the signature validation. Only applies if validate
argument is true
.
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one. Only applies if validate
argument is true
.
Whether or not to validate the PDF sinatures.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a PadesSignatureModel obejct.
Opens a XML signature.
A collection of acceptables signature policies. The policies must be explicit policies (signed-attributes must have a signature policy Id). Se useful presets cadesAcceptablePolicies. Only applies if validate
argument is true
.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument. Only applies if validate
argument is true
.
An external trusted date reference for the signature validation. If not set, the current date time will be used.
An Id resolution table. Needed in case the toSignElementId
Id attribute name is not the default.
The signed XML content (UTF-8 string or Base64 encoded bytes) to open. It can be passed optionally to signatureFileId
.
The signed XML FileModel.id, as returned by showFileBrowser method.
A XML signature policy for the signature validation. Only applies if validate
argument is true
.
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one. Only applies if validate
argument is true
.
Whether or not to validate the CAdES sinatures.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives XmlSignatureModel obejct.
Pre authorizes a number of signatures. Useful for cases in which a significant number of signatures will be performed and the user wants to authorize and enter its PIN only once for the whole signature batch.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
The number of signatures to be pre authorized.
A promise object that can register fail and success callbacks to be called when the operation completes.
Usage example (JavaScript)
var batch = [
'SGVsbG8gV29ybGQh', // 'Hello World!' Base64 encoded
'SGVsbG8gV2ViUEtJIQ==', // 'Hello WebPKI!' Base64 encoded
'SGVsbG8gQmF0Y2gh', // 'Hello Batch!' Base64 encoded
'SGVMbE8gd09yTGQh', // 'HeLlO wOrLd!' Base64 encoded
'SGVsbG8gQ3J5cHRvIQ==' // 'Hello Crypto!' Base64 encoded
];
pki.preauthorizeSignatures({
certificateThumbprint: $('#certificateSelect').val(),
signatureCount: batch.length
}).success(function () {
signBatchItem(0); // start batch signatures
});
function signBatchItem(i) {
if (i >= batch.length) {
console.log('Batch finished');
return;
}
pki.signData({
thumbprint: $('#certificateSelect').val(),
data: batch[i],
digestAlgorithm: 'SHA-256'
}).success(function (signature) {
console.log('Signature ' + i + ': ' + signature);
signBatchItem(++i); // signs next item of batch
});
}
JSFiddle live example: Sign Batch Example
Gets a certificate content
The certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) certificate DER bytes.
Usage example (JavaScript)
pki.readCertificate({
thumbprint: $('#certificateSelect').val()
}).success(function (content) {
// Use certificate content
});
JSFiddle live example: Listing and reading certificates
Redirects the user to the install page, with the appropriate url arguments so as to make the user be redirected back to the original page once the installation completes successfully.
For an example of the proper way to call this method, see the complete example code at init method documentation.
Sends an authenticated Web request (Web request with mutual SSL/TLS authentication).
A request body content. If set, consider also to pass the Content-Type charset of the body encoding in the headers
map. If not header charset is present, the Web PKI will, by default, attempt to decode as a Base64 string and, if fails, will get the UTF-8 bytes.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
The request headers object-map. E.g.
{
"Content-Type": "application/json; charset=utf-8",
"Accept-Encoding": "gzip, deflate"
}
The request method.
A request timeout in milliseconds. If not set, default is 60000
(1 min).
The URL to send the request to or a relative route, if it is in the same domain. It must have a HTTPS scheme.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a HttpResponseModel object.
Live Example
Authenticated Request Sample: JSFiddle example with SOAP POST request to a staging invoice server.
Shows the OS file browser. Used for commands which the user needs to choose a file.
IMPORTANT
In order to comply to user privacy policies, user paths are never returned to the page. All paths are handled inside extension or addon logic and an Id
is returned instead.
Later, the developer can refeer to the selected file by using the returned FileModel.id.
The file browser dialog title
Any file extension filter for the browser dialog.
Whether the user can select multiple files or not.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ShowFileBrowserResponse object.
Shows the OS directory browser. Used for commands which the user needs to choose a directory.
IMPORTANT
In order to comply to user privacy policies, user paths are never returned to the page. All paths are handled inside extension or addon logic and an Id
is returned instead.
Later, the developer can refeer to the selected directory by using the returned ShowFolderBrowserResponse.folderId.
A message title for the browser dialog.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a ShowFolderBrowserResponse object.
Signs a document with CAdES standard, generates a P7S.
Whether or not to auto-detect a co-signature intention if the fileId
passed is a CAdES signature file.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
An optional signer certificate validation level to execute. Default is a signer certificate full validation.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument.
If you already have a CAdES file and a co-signature is intended, pass this argument instead of fileId
or content
. Optionally, you can use the fileId
for CAdES signature file and enable the autoDetectCosign
.
A content (Base64 encoded bytes) to sign can be passed optionally to filedId
.
The selected document FileModel.id, as returned by showFileBrowser method.
Whether or not to include the encapsulated content (the original document) in the resulting CAdES signature file.
The CAdES signature file (.p7s) output options.
The CAdES signature policy.
A timestamp requester for signature policies which require timestamping
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a CadesSignResult object.
Live Examples
InCode Content CAdES Signature: JSFiddle example with the to sign file content passed from JavasSript and the signed CAdES (P7S) result returned to JavasSript.
Local File CAdES Signature: JSFiddle example with local computer file and signed CAdES (P7S) saved in the same directory with suffix '-signed'.
Signs data with signer certificate private key.
The Base64 encoded data to be signed.
The digest algorithm identifier to be used in the signature algorithm. It can be the algorithm name or OID (i.e. 'SHA-256'
or '2.16.840.1.101.3.4.2.1'
).
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.
Usage example (JavaScript)
var dataToSign = 'SGVsbG8gV29ybGQh'; // 'Hello World!' Base64 encoded
pki.signData({
thumbprint: $('#certificateSelect').val(),
data: dataToSign,
digestAlgorithm: 'SHA-256'
}).success(function (signature) {
// Use signature
});
JSFiddle live example: Operates with selected certificate
Fully signs a XML.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
An optional signer certificate validation level to execute. Default is a signer certificate full validation.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument.
A XML content (UTF-8 string or Base64 encoded bytes) to sign can be passed optionally to filedId
.
The selected XML FileModel.id, as returned by showFileBrowser method.
Any required namespace for xpath resolvings.
The XML signature file output options.
The XML signature policy.
The signature element Id. If not set, a random Id will be generated.
The signature element include location on the resulting XML. If not set, the default is LacunaWebPKI.XmlInsertionOptions.AppendChild relative to the root element.
A timestamp requester parameters for signature policies which require timestamping
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a XmlSignResult object.
Signs a hash with signer certificate private key.
The digest algorithm identifier of the hash
parameter. It can be the algorithm name or OID (i.e. 'SHA-256'
or '2.16.840.1.101.3.4.2.1'
).
The Base64 encoded hash to be signed.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the (Base64 encoded) signature bytes.
Usage example (JavaScript)
var hashToSign = 'f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk='; // Base64 encoded SHA-256 of 'Hello World!'
pki.signHash({
thumbprint: $('#certificateSelect').val(),
hash: hashToSign,
digestAlgorithm: 'SHA-256'
}).success(function (signature) {
// Use signature
});
JSFiddle live example: Operates with selected certificate
OBSOLETE Please use [[signHashes]]
The Array of Base64 encoded hashes to be signed.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
The digest algorithm identifier of the hashes on batch
parameter. It can be the algorithm name or OID (i.e. 'SHA-256'
or '2.16.840.1.101.3.4.2.1'
).
Set to be able to call preauthorizeSignatures in order to call signHashBatch multiple times.
Signs a PDF document.
If true
, will not apply the pdfMarks
in case PDF already has a signature. If false
, any previous signature will be removed before the marks be applied.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
An optional signer certificate validation level to execute. Default is a signer certificate full validation.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument.
A PDF content (Base64 encoded bytes) to sign can be passed optionally to filedId
.
The selected PDF FileModel.id, as returned by showFileBrowser method.
The signed PDF output options.
The PDF page marks.
The PDF signature policy.
A timestamp requester for signature policies which require timestamping
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one.
The PDF visual representation for the signer.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a PdfSignResult obejct.
Live Examples
InCode PDF Signature: JSFiddle example with the to sign PDF passed from JavasSript and the signed PDF returned to JavasSript.
Local PDF File Signature: JSFiddle example with local computer PDF file and signed PDF result saved in the same directory with suffix '-signed'.
Executes a document signature with Rest PKI (server-side) integration. See Rest PKI documentation for more informations.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
The token returned by Rest PKI signature start process. See Rest PKI documentation for more informations.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives the current signature process token
.
Signs an element, or elements, of a XML.
The signer certificate thumbprint. Available in CertificateModel.thumbprint property returned by listCertificates method.
An optional signer certificate validation level to execute. Default is a signer certificate full validation.
Whether or not to remove the policy
default trust arbitrator. If true
, you must pass the trustArbitrators
argument.
A XML content (UTF-8 string or Base64 encoded) to sign can be passed optionally to filedId
.
The selected XML FileModel.id, as returned by showFileBrowser method.
An Id resolution table. Needed in case the toSignElementId
Id attribute name is not the default.
Any required namespace for xpath resolvings.
The XML signature file output options.
The XML signature policy.
The signature element Id. If not set, a random Id will be generated.
The signature element include location on the resulting XML. If not set, the default is LacunaWebPKI.XmlInsertionOptions.AppendSibling relative to the selected toSignElement
.
A timestamp requester for signature policies which require timestamping
The XML element to sign Id.
Optionally to a single toSignElementId
, multiple elements to sign Ids on the same XML.
Optionally to a single toSignElementId
, multiple elements to sign Ids on the same XML, selected by a xpath. Also check if any namespace
argument for xpath resolution is needed.
The trust arbitrators for the signer certificate validation. Not required if the policy
already has a default one.
A promise object that can register fail and success callbacks to be called when the operation completes. The success callback for this promise receives a XmlSignResult object.
Generated using TypeDoc
Instatiates a new Lacuna Web PKI object.