ESign is an open source electronic signature application which consists of ESignCore, ESignUI and ESignWebApp applications.
- ESignCore: Includes core functionalities.
- ESignUI: Includes almost complete sample UI for testing core functionalities. Includes desktop and web UI:
- Desktop: JFrame is used as a main container. Application runs inside frame and pages are separated by panels.
- Web: JApplet is used as a main panel. Applet can be embedded into JFrame for testing or it can be embedded into jsp file inside ESignWebApp to run.
- ESignWebApp: Sample web application to use as a container for applet.
To run application using JFrame no need to sign application. In pom.xml by default build configuration for sign operation is added. If a valid trusted certificate is not provided, it will prevent application to be built. One can comment out those fields to successfully built and run application.
If applet will be used it has to be signed by trusted certificate. Its forced by browsers. Some other ways could be found to bypass this for testing(google it). Signing is done in 3 steps:
- Define manifest file.
- One jar all jar files.
- Sign with trusted key.
To achieve these below code is added to pom.xml in ESignUI application:
<build>
<plugins>
<!--Set manifest file-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.5</version>
<configuration>
<archive>
<addMavenDescriptor>false</addMavenDescriptor>
<manifest>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<!--Add manifest properties-->
<manifestEntries>
<Permissions>all-permissions</Permissions>
<Trusted-Library>true</Trusted-Library>
</manifestEntries>
</archive>
</configuration>
</plugin>
<!--Set manifest file ends-->
<!--one jar plugin-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>2.3</version>
<configuration>
<filters>
<filter>
<artifact>*:*</artifact>
<!--Remove uncessary files which prevents application to be signed-->
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
</plugin>
<!--one jar plugin ends-->
<!--Sign application with trusted key-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.3.2</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${keystore}</keystore>
<storetype>${storetype}</storetype>
<alias>${alias}</alias>
<storepass>${storepass}</storepass>
</configuration>
</plugin>
<!--Sign application with trusted key ends-->
</plugins>
</build>To sign application keystore information is need to be provided in pom.xml. Since its not suitable to distribute this data along with code, settings file can be used. Settings file is used to create maven specific environment variables. Later on data can be reached using ${...}.
pom.xml
...
<configuration>
<keystore>${keystore}</keystore>
<storetype>${storetype}</storetype>
<alias>${alias}</alias>
<storepass>${storepass}</storepass>
</configuration>
...settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
User-specific configuration for maven. Includes things that should not
be distributed with the pom.xml file, such as developer identity, along with
local settings, like proxy information. The default location for the
settings file is ~/.m2/settings.xml
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>signer</id>
<properties>
<keystore>/user/home/../../code-signer.pfx</keystore>
<storetype>pkcs12</storetype>
<alias>myalias</alias>
<storepass>storepassword </storepass>
</properties>
</profile>
</profiles>
<!—Defines which profiles shall be active and reachable--→
<activeProfiles>
<activeProfile>signer</activeProfile>
</activeProfiles>
</settings>- Check if library pkcs11wrapper is installed.
- List modules.
- Select module.
- Read certificate.
- Show certificate details.
- Show user agreement.
- Accept user agreement.
- Let user enter pin code.
- Check pin code.
- Sign user agreement.
- Show last page.
- Let user download signed user agreement or login.
Before building project. Keystore information is need to be defined or build configuration should be removed from pom.xml of ESignUI application. Otherwise project cannot be build.
- Build all projects.
- Run ESignUI StartFrame.class to test whether build done successfully or not.