NakovDocumentSigner: A System for Digitally Signing Documents in Web Applications
The Web Application Deployment Descriptor
In compliance with the J2EE platform standards for the functioning of the reference Web application, the configuration file web.xml (also called the Web application deployment descriptor) is also needed.
This file contains the application's configuration that *.do URL pattern to struts action servlet and sets the default application JSP page to /SignedFileUploadForm.jsp.
Struts Framework Configuration File
This file configures the Struts forms and Struts actions that the application uses. It also configures the forwarding actions for each form.
The Ant Build Script
The result from this script execution is the DocumentSigningDemoWebApp.war file that contains the compiled application in a form ready for execution that is in compliance with the Web application specifications of the J2EE platform.
Deploying and Running the Reference Web Application
To deploy and run the reference DocumentSigningDemoWebApp.war Web application, it is necessary that it is deployed on some J2EE server or some Java Web application server (Servlet container).
The deployment on Tomcat 4.x can be done just by copying the DocumentSigningDemoWebApp.war file into the "webapps" subdirectory of the Tomcat installation. The Tomcat server should be restarted after the initial deployment and after deployment of any changed version of the WAR archive.
Running the reference Web application can be performed by entering its URL in a Web browser. Under a standard deployment of the DocumentSigningDemoWebApp.war application on Tomcat 4.x server, this URL is: http://localhost:8080/DocumentSigningDemoWebApp/.
We performed various tests of the framework to ensure that is it compatible with different operating systems, Web browsers, and Java virtual machines. Our tests showed that NakovDocumentSigner is platform-independent and browser-independent. It runs on several operating systems and Web browsers with an installed Java Plug-In.
On the client side, we have successfully run tests in the environments of the following browsers: Internet Explorer 5.0 and 6.0, Mozilla 1.2.1 and 1.3 (for Windows and Linux), Netscape 6.1, having installed Java Plug-In 1.4.1 and 1.4.2, working on operating systems Windows 98, Windows 2000, Windows XP, and Red Hat Linux 9.0 (with the GNOME 2.0 graphical desktop).
The NakovDocumentSigner framework is a working example that illustrates one particular approach for using digital signatures by Java-based Web applications. It deals with the problems that arises in signing documents on the client machine and verifying them on the server. It demonstrates how the standard functionality available in the Java platform can be exploited to sign files in Web, verify digital signatures, certificates, and certification chains. The framework is freeware and can be used in its original or modified form for any purposes, including as a part of commercial products.
The need for informational security in Web applications is constantly rising and this inevitably leads to development and improvement of the technologies connected with it. It is very likely that future versions of the most widespread Web browsers will have built-in features for signing documents and HTML forms using the certificates installed in them, but until such features occur and become standard, NakovDocumentSigner will most probably remain one of the few complete freeware solutions in this direction.
The complete source code of the NakovDocumentSigner framework, along with instructions how to compile and use it, is available at its home site: http://www.nakov.com/documents-signing/.
In the most recent days, to increase security, some certification authorities provide their customers with smart cards instead of PFX certificate keystores. Smart cards are more secure because they cannot be duplicated and thus the private key stored in them cannot be stolen without the knowledge of their owner. It is a great idea to add support for signing documents on the Web with smart cards in DigitalSigninerApplet with the some version of NakovDocumentSigner. Due to a lack of standards for accessing smart cards' functionality, it is very hard to make a vendor-independent solution. We hope that one day smart cards will be strongly supported in the most popular operating systems and Web browsers and there will a standard API for accessing them from standalone and Web applications.
Contributors to the project are always welcome, especially for the smart cards functionality development.
- GlobalSign Certification Practice Statement, Chapter 21, Definitions
- Introduction to Public-Key Cryptography
- How PGP Works
- Java Glossary—Certificates
- Digital Signatures: How They Work
- Java Cryptography Architecture (JCA)—API Specification & Reference
- Trail: Security in Java 2 SDK 1.2—The Java Tutorial
- Java Certification Path API Programmer's Guide
- Java Security Evolution and Concepts, Part 5—Java CertPath API
- Java 2 Platform, Standard Edition, v 1.4.2—API Specification
- How to Sign Applets Using RSA-Signed Certificates
- NakovDocumentSigner—Digital Document Signing Framework for Java-based Web Applications
- Struts Framework
- Apache Ant
- Apache Tomcat
About the Author
Svetlin Nakov is part-time computer science lecturer in Sofia University, Bulgaria. He has over 5 years of professional software engineering and training experience and currently works as IT consultant in a leading Bulgarian software company. His areas of expertise include Java and related technologies, .NET Framework, network security, data structures and algorithms, and programming code quality. More information on his research background, skills and work experience is available from his home site
Page 5 of 5