sealsign clickonce client
TRANSCRIPT
elevenpaths.com
SealSign – ClickOnce Client
ElevenPaths, radical and disruptive innovation in security solutions
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 2 of 13
TABLE OF CONTENT
1 Introduction ................................................................................................................ 3
2 Minimum requirements .............................................................................................. 4
3 Common Tasks ............................................................................................................ 5
3.1 Off-premises installation ........................................................................................................... 5
3.2 On-premises installation ........................................................................................................... 5
3.3 JavaScript client configuration.................................................................................................. 5
4 Use cases .................................................................................................................... 7
4.1 Running the client and launch when starting Windows ........................................................... 7
4.2 Digital signature ........................................................................................................................ 7
4.2.1 Certificate filtering ...................................................................................................................... 7
4.2.2 Signature of the document......................................................................................................... 7
4.3 Biometric signature .................................................................................................................. 8
4.3.1 Device configuration .................................................................................................................. 8
4.3.2 Signature of the document......................................................................................................... 8
5 Resources .................................................................................................................. 12
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 3 of 13
1 Introduction
The SealSign ClickOnce client replaces the Java Applet in Windows environments. Its functioning is based on Microsoft’s ClickOnce technology, which allows deploying applications online. For more information, visit the Microsoft site.
The client is able to communicate bidirectionally with the browser that launched the signing request in order to get a behavior similar to the Applet’s integration with the browser using JavaScript. This communication is achieved using Microsoft’s SignalR. For more information about SignalR, visit the official SignalR site.
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 4 of 13
2 Minimum requirements
The client works with .Net Framework 4.5
Supported operating systems:
o Windows 7
o Windows 8
o Windows 10
o Windows Server 2008 R2
o Windows Server 2012
Browsers compatible with SignalR:
o Internet Explorer versions 8, 9, 10 and 11
o Microsoft Edge
o Google Chrome from version 50
o Mozilla Firefox from version 46
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 5 of 13
3 Common Tasks
3.1 Off-premises installation
The ClickOnce client is hosted in 11paths servers. In the download site, you can install both the client and its prerequisites. Once installed, the icon will be displayed on the desktop.
Image 01: SealSign ClickOnce Icon.
3.2 On-premises installation
If it is necessary to deploy the client on another server different than 11paths, you will need to follow these steps.
Unzip the client that can be found in the SDK download for version 3.2.
To modify ClickOnce’s deployment files, you must download and install Windows SDK
Change the publication URL with the following command: mage -u SealSignClient.application -pu http://[URL]/SealSignClient.application
Reassign the application’s manifest with: mage -u SealSignClient.application -AppManifest "Application Files\SealSignClient_1_0_0_0\SealSignClient.exe.manifest"
Finally, sign the file with the command: mage -sign SealSignClient.application -cf [certificate path] -pwd [certificate password]
Once you have followed these steps, the ClickOnce client can be deployed on the server.
For everything to work properly, you have to check that the web server has the following MIME types configured:
.application –> application/x-ms-application
.manifest –> application/x-ms-manifest
.deploy –> application/octet-stream
3.3 JavaScript client configuration
This tutorial details how to set up an environment with SignalR. The example at 11Paths’ github shows all the necessary code to make it work.
Keep in mind that once the client has been launched, it remains listening in port 8081. In the JavaScript part, you will need to:
Reference the hub’s JavaScript code, located at URL http://localhost:8081/signalr/hubs
Indicate which is the hub’s URL. $.connection.hub.url = "http://localhost:8081/signalr";
The name of SignalR’s hub is sealSignHub. var hub = $.connection.sealSignHub;
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 6 of 13
The application calls to different methods of the JavaScript client, both to notify that it’s performing a task, and to notify that such task is completed, or to let the browser know that it needs to redirect to a URL. Methods are:
o Navigate: the application notifies the client to go to the URL that it sends via parameter. Normally it is one of the URLs defined as success, cancellation, refusal or error. Use: hub.client.Navigate = function (url) { }
o AsyncOperationStarted: the application notifies the client that it has started an asynchronous and long lasting operation. From this point, the JavaScript client cedes control to the ClickOnce component. It attaches a message with details of the operation. Use: hub.client.AsyncOperationStarted = function(message){ }
o AsyncOperationCompleted: the application notifies the client that it has completed the operation and that it can take control. Use: hub.client.AsyncOperationCompleted = function(){ }
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 7 of 13
4 Use cases
4.1 Running the client and launch when starting Windows
Once the client is installed, an icon appears on the desktop, to launch it, just click on it. The following message will be displayed.
Image 02: Client’s message.
The client can be configured to start when you log on to Windows. For this, right-click on the icon and then, click on the "Automatically start when I log on to Windows".
Image 03: Context menu of the tool.
4.2 Digital signature
This describes which functions are published for the digital signing of documents, as well as the JavaScript client functions that are invoked to notify the progress and the completion of the process.
4.2.1 Certificate filtering When carrying out a digital signature, you can filter the certificates that will show in the list. You can filter them by issuer, by hash and by serial number:
setCertificateIssuerFilter: It filters certificates by issuer; it receives as a parameter the valid issuers separated by '|'. Use this to show only DNIe certificates: hub.server.setCertificateIssuerFilter('AC DNIE 001');
setCertifciateHashFilter: It filters certificates by hash; it receives as a parameter the hash of the certificate that will be used for the signature. Use: hub.server.setCertificateHashFilter('[HASH]');
setCertificateSerialFilter: It filters certificates by their serial number. Use: hub.server.setCertificateSerialFilter('[SERIAL NUMBER]');
4.2.2 Signature of the document There are different ways to carry out the signature process:
Parameters: Every overload of the digitalSign method receives as the first parameter a string array where the signature is parameterized. These parameters are:
o Document URI.
o Service URL.
o Success URL.
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 8 of 13
o Error URL.
o Cancellation URL.
o Basic authentication user.
o Basic authentication password.
All parameters are required. If any of them must be sent empty, it will be sent as null.
digitalSign (string[]): The document is signed according to the parameters sent using the default settings of the document provider.
digitalSign (string[], string): The document is signed according to the parameters sent using the document provider configuration sent as second argument.
digitalSignUrl(string[], string): This signs the document found in the provided URL. It uses the document provider with the default configuration.
digitalSignUrl(string[], string, string): This signs the document found in the provided URL. The last parameter are the parameters to use with the document provider.
digitalSignBase64(string[], string): This signs the document sent as a parameter on base 64. It uses the document provider with the default configuration.
digitalSignBase64(string[], string, string): This signs the document sent as a parameter on base 64. The last parameter are the parameters to use with the document provider.
4.3 Biometric signature
4.3.1 Device configuration The following functions only affect Wacom devices:
setClearImage: It sets the background image of the tablet when the signing process is completed. The image is sent in base64.
setClearImageUrl: It sets the background image of the tablet when the signing process is completed. The image is hosted in the URL sent by parameter.
4.3.2 Signature of the document Parameters: The first parameter of the different signatures of the biometric signature method is
a string array that configures the behavior of the component.
o Document URI.
o Service URL.
o URL of the document to sign.
o Padding X left bottom corner.
o Padding Y left bottom corner.
o Success URL.
o Error URL.
o Cancellation URL.
o Rejection URL.
o Basic authentication user.
o Basic authentication password.
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 9 of 13
o Background color of the approval view title.
o Approval view title.
o Color of the approval view title.
o Identifier.
o "Step" tag
o "of" tag.
o "Sign" button - signature screen.
o "Continue" button - on all screens.
o "Clear" button – signature screen.
o "Cancel" button - on all screens.
o "Reject" button - on all screens.
o OPTIONAL upper text on the signature screen.
o OPTIONAL lower text 1 on the signature screen.
o OPTIONAL lower text 2 on the signature screen.
o Text above the checks area.
o Text below the checks area.
o XML with the configuration of the signature panel form.
Form: For the handwritten signature process, you can add a form in which the user must select multiple checks in order move forward in the process and finally perform the signature. The configuration of this form is the last parameter of those described in the previous section.
The following is an example of a valid XML:
<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?> <screens> <screen id=\"screen1\"> <text id=\"Label1\"> <label color=\"#003A8C\"> You are going to generate your electronic signature on the contents of the document with reference [XXXXXXXXXXXXXXX], the contents of which you expressly authorize.</label> </text> <checkbox id=\"chk1\" mandatory=\"1\"> <label color=\"#003A8C\"> Mark to continue </label> <value>0</value> </checkbox> </screen> <screen id=\"screen2\"> <text id=\"Label1\"> <label color=\"#003A8C\"> You give your express, previous and well-informed consent for the processing of personal data and the assignment of and to third parties provided in the document with reference [XXXXXAAAAAAAAA]</label> </text> <checkbox id=\"chk1\" mandatory=\"1\"> <label color=\"#003A8C\"> Mark to continue</label> <value>0</value> </checkbox> </screen> </screens>
In the XML, the screens that will be displayed in the screen node are defined. Each screen node can have multiple controls within: these controls can be tags, defined in the text nodes, or checkboxes,
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 10 of 13
defined in the checkbox nodes. These checkboxes can be mandatory in order to move forward in the signature process. Whether they are or not mandatory is defined in the mandatory attribute of the XML file checkbox node: if its value is 1, they are mandatory, if it is 0, they are optional.
In addition to this window setup, some of the parameters are used to configure the application's look & feel
Image 04 Example form.
We recommend to download the sample code from 11Paths’ GitHub page to become familiar with these parameters and see how they affect the screen.
bioSign(string[]): It launches the signature process parameterized with the configuration that is sent by argument. It uses the document provider associated with the document URI and its default parameterization.
bioSign(string[], string): It launches the signature process parameterized with the configuration that is sent by argument. It uses the document provider associated with the URI of the document that has received the parameters of the second argument.
bioSignUrl(string[], string): It launches the signature process parameterized with the configuration that is sent by argument. This signs the document the URL of which has been sent. It uses the document provider associated with the document URI and its default parameterization.
bioSignUrl(string[], string, string): It launches the signature process parameterized with the configuration that is sent by argument. This signs the document the URL of which has been sent. It uses the document provider associated with the URI of the document that has received the parameters of the second argument.
bioSignBase64(string[], string): It launches the signature process parameterized with the configuration that is sent by argument. This signs the document placed in the second parameter
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 11 of 13
in base64. It uses the document provider associated with the document URI and its default parameterization.
bioSignBase64(string[], string, string): It launches the signature process parameterized with the configuration that is sent by argument. This signs the document placed in the second parameter in base64. It uses the document provider associated with the URI of the document that has received the parameters of the second argument.
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 12 of 13
5 Resources
For information about the different SealSign services available, please go to this address:
https://www.elevenpaths.com/technology/sealsign/index.html
Also, on the ElevenPaths blog you can find interesting articles and innovations regarding this product.
You can find more information about Eleven Paths products on YouTube, on Vimeo and on Slideshare.
ClickOnce Client V.3.2 - August 2016
2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 13 of 13
PUBLICATION
August 2016
At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.
Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.
Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.
IF YOU WISH TO KNOW MORE ABOUT US, PLEASE CONTACT US AT:
elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths
The information disclosed in this document is the property of Telefónica Digital España, S.L.U. (“TDE”) and/or any other entity within Telefónica Group and/or its licensors. TDE and/or any Telefonica Group entity or TDE’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information in this document is subject to change at any time, without notice.
Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDE.
This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.
TDE shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.
TDE and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks.