SWS OnPremise - Docker container
- Lorenzo Cardinali
- 1 Installation
- 2 Administration
- 2.1 How change the api-key (password)?
- 2.2 How can enable opeapi and swagger?
- 2.3 How can disable opeapi and swagger?
- 2.4 How can i migrate from TEST to PROD environment?
- 2.5 How can i check if sign works?
- 2.6 How can I check the connection between SWS and Namirial servers?
- 2.7 How can I get the system info?
- 2.8 How can I edit the timestamp configuration?
- 2.9 How can I configure proxy on SWS?
- 2.10 How can I enable the logs on file?
- 2.11 How can i export log on files?
- 2.12 How can I expose SWS services on 8443 port using HTTPS protocol?
- 2.13 How can I manage fonts?
- 2.14 How can I add custom font?
- 2.15 How can I delete custom font in SWS?
- 2.16 How can I obtain the latest version?
Installation
SWS has been released on Docker image. SWS on Docker require the volume to share the configuration between all instances of SWS executed on orchestrator (like Kubernetes)
How can i obtain the SWS on Docker?
Namiral publish the docker images of SWS on this repository:
https://hub.docker.com/repository/docker/namirial/sws/generalBefore running the SWS docker image, you should create a volume by the following command (it will be used to save a custom configuration and to share it with other SWS instances):
docker volume create VOLUME_NAMEAfter the creation of dedicated volume has been completed, you can run the docker image:
docker run -d --name NAME_OF_ISTANCE -v VOLUME_NAME:/opt/sws/custom -p 8080:8080 namirial/sws:latestAt the end of this command, the SWS will be available on 8080 port.
NOTE: Once the installation has been completed, the SWS is ready to communicate with Namirial environment
Minimum Requirements
For proper operation it is necessary that the virtual machine has allocated at least the following resources. By default sws docker image, use the 70% of the memory available.
Is highly recommended to provide at least 1GB of memory to the container.
Performance will be affected if the container has less than 1GB of memory.
1 GB RAM
2 core
In the previous command to execute, you should add this properties:
How can I check if the installation has been completed succesfully?
To check if the docker instance has been executed without erros, you can open this link from browser:
And the output will be like this:
And check if the field “global” is “UP”
Administration
Below will be described the methods used to manage the configurations.
All administration methods are defined on this path:
Some administration methods require the authentication key (api-key). The default api key is “foo123”
Namirial reccomends to change this key.
The next command require to use a curl, if you are not a friendly with this tool or prefer to use a gui interface, you can use a postman.
The collection can be obtained from this link
How change the api-key (password)?
The method used to change the authentication key is exposed at this path:
Below you can find the details to execute the method:
Description | Allows to change the default authentication key |
|---|---|
HttpMethod | PUT |
Path | change-apikey |
Header | NAME: “x-api-key” VALUE: “OLD_API_KEY” |
Param | NAME: “newApiKey” VALUE: “NEW_API_KEY” |
Response | Return the status code 200 if the api key has been changed without errors |
Below you can find an example using curl:
How can enable opeapi and swagger?
If you need to enable. you should add this field to docker run:
The run command, will be:
Or you can use a dedicated endpoint to enable it:
Description | Allows to enable swagger ui |
|---|---|
HttpMethod | PUT |
Path | swagger |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Response | Return the status code 200 |
Below you can find an example using curl:
Once complete the request, you must restart the service (in case on SWS standalone) or restart the docker image
At this link will be published the OPENAPI endpoint:
While the swagger endpoint will be published at this endpoint:
How can disable opeapi and swagger?
If you need to enable. you should add this field to docker run:
The run command, will be:
Or you can use a dedicated endpoint to enable it:
Description | Allows to enable swagger ui |
|---|---|
HttpMethod | PUT |
Path | swagger |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Response | Return the status code 200 |
Below you can find an example using curl:
Once complete the request, you must restart the service (in case on SWS standalone) or restart the docker image
At this link will be published the OPENAPI endpoint:
While the swagger endpoint will be published at this endpoint:
How can i migrate from TEST to PROD environment?
When you install the docker image, the instance is configured to communicate with Namirial TEST environment. To migrate from TEST to PROD environment, you can use this method:
Below you can find the details to execute the method:
Description | Allows to migrate from TEST to PROD environment |
|---|---|
HttpMethod | POST |
Path | upload-keystore |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Body | NAME: “file” VALUE: “JKS keystore” |
Response | Return the status code 200 if the keystore was correctly loaded and the instance has been migrated to production environment |
Below you can find an example using curl:
How can i check if sign works?
After installation, we can try to to make a Pades signature (to check if the system has been configured correctly). Using this command:
Below the PDF to sign:
REPLACE the placeholder (“@USERNAME@” and “@PASSWORD@”) with a device assigned.
How can I check the connection between SWS and Namirial servers?
SWS application use external servers (managed by Namirial) to perform the hash signature (PKCS#1). This method allows to check if the comunication between SWS and Namirial servers correctly works.
Below the details to execute the method:
Description | Allows to check the connection between SWS and Namirial servers |
|---|---|
HttpMethod | GET |
Path | check-connection |
Response | Return the status code 200 if the connection with Namirial environment is correctly established |
Below you can find an example using curl:
How can I get the system info?
If you need to know the configurations used by Docker like: environment, version ecc.., you can use this resource:
Below you can find the details to execute the method:
Description | Allows to check the configurations of the SWS instance |
|---|---|
HttpMethod | GET |
Path | sys-info |
Response | Return the status code 200 and the body with configuration details |
NOTE:
The response body will be like this:
Below you can find an example using curl:
How can I edit the timestamp configuration?
If you need to set the custom configurations about timestamp (RFC3161) and the TSL (Trusted List) refresh period, you can specify the following fields:
tsaUrl
tsaUsername
tsaPassword
tlsRefresh
and use the following resource:
Below you can find the details to execute the method:
Description | Allows to edit the configurations about timestamp and tsl refresh |
|---|---|
HttpMethod | PUT |
Path | update-configs |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Body | { |
Response | Return the status code 200 if the update has been completed succesfully |
Below the example using a curl:
NOTE:
If you need to delete (restore to default configuration), you can use the action DELETE as you can see below:
How can I configure proxy on SWS?
By default SWS doesn’t use proxy, but it is possible to configure it using the following resource:
Below you can find the details to execute the method:
Description | Allows to set the proxy configuration |
|---|---|
HttpMethod | POST |
Path | configure-proxy |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Body | { |
Response | Return the status code 200 if the proxy was succesfully configured |
Below you can find an example using curl:
NOTE:
If you need to delete the proxy-config, you can use DELETE action on the same resource as you can see below:
How can I enable the logs on file?
By default SWS log on console, therefore it’s not possible to download the files with logs. If you need to retrieve the log files, first of all you have to enable log on files (re)running the docker instances with the environment variable:
Below you can find the docker command used to specify the log file
NOTE: the log files will be saved in:
How can i export log on files?
If you need to export log, SWS offer a specific resource to download the files.
IMPORTANT: before to download log on files → you must enable “log on files”
The resource to download the logs is:
Below the details to execute the method:
Description | Allow to set the proxy configuration |
|---|---|
HttpMethod | GET |
Path | export-log |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Response | Return the status code 200 and a zip files with the log in the body |
Below you can find an example using curl:
How can I expose SWS services on 8443 port using HTTPS protocol?
By default SWS is exposed on 8080 port using HTTP protocol, but if you want to expose SWS services on 443 port using HTTPS protocol, you have to provide a keystore containing SSL private key and certificate by the following resoruce:
Description | Allows to expose the service on 8443 port using HTTPS protocol |
|---|---|
HttpMethod | POST |
Path | configure-https |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
| NAME: “keystore” VALUE: file with keystore |
Body | NAME: “options” VALUE: { |
Response | Return the status code 200 |
After the execution you should restart the docker SWS and finally will be exposed on port 443 (https protocol)
Below you can find an example using curl:
If you need remove https configuration, you can use the action “DELETE”, below the example:
How can I manage fonts?
When you perform PAdES signatures using appereance, you can specify the font name (padesPreferences.signerImage.fontName). SWS offers some font name that you can see by the following resource:
You can see the font name availables.
Description | Allows to get the available fonts |
|---|---|
HttpMethod | GET |
Path | fonts |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Response | Return the status code 200. The body contains the list of available fonts with the name and a canBeDeleted attribute in order to know if the font can be deleted |
Below you can find the example using curl:
How can I add custom font?
Sometimes can happen a customer need to use a specific font. If it is not present, is possible to add manually providing the “ttf” file related to the font, using this resource:
You can see the font name availables.
Description | Allow to set the proxy configuration |
|---|---|
HttpMethod | GET |
Path | fonts |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Body | NAME: “font” VALUE: FILENAME_OF_FONT.ttf |
Response | Return the status code 200 |
NOTE: after the request success, you can use the new font specifying the filename. For example, if you have uploaded the file: “MY_FONTS1.ttf”, to use this font you should specify in the signing request:
Below you can find an example using curl:
How can I delete custom font in SWS?
If you have uploaded a font by mistake or want remove a font unused, you can use this resource:
You can see the font name availables.
Description | Allow to delete a font |
|---|---|
HttpMethod | DELETE |
Path | fonts |
Header | NAME: “x-api-key” VALUE: “API_KEY” |
Body | |
Response | Return the status code 200, and a json with field “deleted” set to true if the font has been deleted or not |
For example if you want delete the font files “MY_CUSTOM1_FONT.ttf” and “MYCUSTOM2_FONT.ttf”, the body request will be:
If the second font doesn’t exist, the response body will be:
So only the “MY_CUSTOM1_FONT.ttf” font was deleted.
Below you can find an example using curl:
How can I obtain the latest version?
If you want updated sws to latest version, you can do: