Quick Setup

Pre-Requisites

System Requirements:

OS 64-bit arch-type (Windows, Linux or Unix).
Java Development Kit version 11/64-bit or later.

Service requirements (Below are configurable):

Minimum memory 512 megabytes.
Temp. directory with no restrictions. (Read/Write).

Business requirement:

User who want to use this service should have qualified signing certificate , otherwise the user will not be able to reach the step of signing a document.
For Production deployment process the SP need to be whitelisted their IP at DESC side to be able to access this URL
https://ca-services.desc.gov.ae/adss/tsa
In case of any SSL issues please import the DESC TSA root and intermediate certificates to resolve the error. The certificate needs to be imported in Java cacerts. In order to obtain the certificates please reach out to the onboarding/operations team.

Running service instructions:

Download .jar file along with .jks and .pem files that will be provided from UAEPASS.
SP need to install the TSA certificate using below command:

"keytool -importcert -file {file path} -keystore cacerts -keypass changeit -storepass changeit -noprompt -alias tsa_Staging"

Get the TSA Staging certificate from respective onboarding team
Please note that the TSA certificate needs to be installed in java cacerts for both the environments (staging and production).
Execute the below command after verifying that you have Java 11+ successfully installed (you can check by executing command “java -version” in terminal window), values in red according to your environment values:

Initiate the command to initialize the Jar (parameters to change as per environment):

java -Dtmp.dir=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2 -DtrustStore.path=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2\tsa-staging-tx-dev.jks -DparentCert.path=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2\parentCertificate-stg.pem -Dtx/mp-rest/url=
https://stg-id.uaepass.ae
 -Dtx2/mp-rest/url=
https://stg-apis.uaepass.ae
 -Dtx.clientId=(SP specific client id) -Dtx.apiKey=(base64 endoded client id and secret) -Dtx.tokenRedirectUrlV2=
http://localhost:8089/v2/signature/token
 -Dtx.signIndenRedirectUrlV2=
http://localhost:8089/v2/signature/sign-identity
 -Dmax.allowed.file.size=52428800 -Dmax.allowed.files.count=10 -Dquarkus.http.port=8089 -Dquarkus.profile=staging -Xms512m -Xmx1G -jar digital-signature.jar

List of elements in the above command:

Element	Description
Dtmp.dir (mandatory)	This is any temporary location with read/write access to store files during processing temporarily locally in client’s environment. This will be cleaned automatically by utility
DtrustStore.path(mandatory)	directory of .jks file(keystore which contains certificates as per the environment) File will be provided by UAE PASS Onboarding team
DparentCert.path(mandatory)	directory of .pem file(used to store SSL certificates and their associated private keys as per the environment)File will be provided by UAE PASS Onboarding team
Dquarkus.profile(mandatory)	Target environment of UAE PASS (staging or production)
Dtx.clientId(mandatory)	Client_id (given by Onboarding team and automatically included) - To be used as per the environment
-Dtx/mp-rest/url(mandatory)	UAEPASS Base URL domain url depending on environment i.e. staging= https://stg-id.uaepass.ae , production=https://id.uaepass.ae
-Dtx2/mp-rest/url(mandatory)	-Dtx2/mp-rest/url(mandatory)---Signing Backend URL depending on environment i.e. staging =https://stg-apis.uaepass.ae , production https://apis.uaepass.ae
Dtx.apiKey(mandatory)	Base 64 encoded value of client id and client secret (given by Onboarding team and automatically included) - To be used as per the environment
Dtx.signIndenRedirectUrlV2	url to be redirected once the signIdentites and transaction id are generated
Dtx.tokenRedirectUrlV2	url to be redirected once the token is generated
Dquarkus.http.port(mandatory)	as per SP requirement it can be changed
Dmax.allowed.file.size(mandatory)	Max allowed file size
Dmax.allowed.files.count(mandatory)	Max allowed file count is 10

Element

Description

Dtmp.dir (mandatory)

This is any temporary location with read/write access to store files during processing temporarily locally in client’s environment.

This will be cleaned automatically by utility

DtrustStore.path(mandatory)

directory of .jks file(keystore which contains certificates as per the environment) File will be provided by UAE PASS Onboarding team

DparentCert.path(mandatory)

directory of .pem file(used to store SSL certificates and their associated private keys as per the environment)File will be provided by UAE PASS Onboarding team

Dquarkus.profile(mandatory)

Target environment of UAE PASS (staging or production)

Dtx.clientId(mandatory)

Client_id (given by Onboarding team and automatically included) - To be used as per the environment

-Dtx/mp-rest/url(mandatory)

UAEPASS Base URL domain url depending on environment i.e. staging= https://stg-id.uaepass.ae , production=https://id.uaepass.ae

-Dtx2/mp-rest/url(mandatory)

-Dtx2/mp-rest/url(mandatory)---Signing Backend URL depending on environment i.e. staging =https://stg-apis.uaepass.ae , production https://apis.uaepass.ae

Dtx.apiKey(mandatory)

Base 64 encoded value of client id and client secret (given by Onboarding team and automatically included) - To be used as per the environment

Dtx.signIndenRedirectUrlV2

url to be redirected once the signIdentites and transaction id are generated

Dtx.tokenRedirectUrlV2

url to be redirected once the token is generated

Dquarkus.http.port(mandatory)

as per SP requirement it can be changed

Dmax.allowed.file.size(mandatory)

Max allowed file size

Dmax.allowed.files.count(mandatory)

Max allowed file count is 10

Please find below snapshot of folder locations below for reference:

Folder location where digital-signature.jar file is placed:

Folder location where .jks and .pem files are placed:

PreviousHash Signing (Java SDK Set Up)NextHash Signing Process

Last updated 10 months ago