Skip to main content

New files needed

There are two new files required to be added within demos/common.

  1. licence_proxy.php
  2. siganture_sdk_helper.js

licence_proxy.php

Version 2 of the JavaScript SDK introduces an updated licensing system. The license proxy runs a basic access control check to ensure the script is called from an expected source. If the referer check passes, the script proceeds to execute the API request.

Without the license proxy, the key and secret would be exposed publically. To hide the licence, we retrieve it from an external server.

Setting the license has been reworked so that now, the key and secret are not exposed publically. More information about this can be seen within the wizard, complete and simple sections of the upgrade guide.


<?php
/**
 * Copyright (C) 2023 Wacom.
 * Use of this source code is governed by the MIT License that can be found in the LICENSE file.
 */


/** 
 * Get header Authorization
 * */
function getAuthorizationHeader(){
    $headers = null;
    if (isset($_SERVER['Authorization'])) {
        $headers = trim($_SERVER["Authorization"]);
    }
    else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
        $headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
    } elseif (function_exists('apache_request_headers')) {
        $requestHeaders = apache_request_headers();
        // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
        $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
        //print_r($requestHeaders);
        if (isset($requestHeaders['Authorization'])) {
            $headers = trim($requestHeaders['Authorization']);
        }
    }
    return $headers;
}

/**
 * get access token from header
 * */
function getBearerToken() {
    $headers = getAuthorizationHeader();
    // HEADER: Get the access token from the header
    if (!empty($headers)) {
        if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
            return $matches[1];
        }
    }
    return null;
}


function hexToString($hex) {
return pack('H*', $hex);
}

$query = "HOST FROM WHERE WE CALL";
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($query)) !== $query) {
	echo "unauthorized access";
} else {
    $key = "PUT THE KEY HERE";
    $secret = "PUT THE SECRET HERE";
    $sign = hash_hmac('sha256', $key, base64_decode($secret), true);
    $sign = urlencode(base64_encode($sign));
    $url = "https://lms-tx.azurewebsites.net/api/Client/".$key."?hashedKey=".$sign;
    $authorization = "Authorization: Bearer ".getBearerToken();

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array($authorization));
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true );
    // This is what solved the issue (Accepting gzip encoding)
    curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate");     
    $response = curl_exec($ch);
    curl_close($ch);
    echo $response;
}
?>

signature_sdk_helper.js


/**
 * Copyright (C) 2023 Wacom.
 * Use of this source code is governed by the MIT License that can be found in the LICENSE file.
 */

function integrityStatusDesc(status) {
	switch (status) {
		case Module.IntegrityStatus.OK: return "Integrity correct";
		case Module.IntegrityStatus.FAIL: return "Signature tampered";
		case Module.IntegrityStatus.MISSING: return "The signature has not integrity data";
		case Module.IntegrityStatus.WRONG_TYPE: return "The type of the key is incorrect, please try with another type";
		case Module.IntegrityStatus.INSUFFICIENT_DATA: return "Insufficiente data";
		case Module.IntegrityStatus.UNCERTAIN: return "The intetrity is uncertain";
		case Module.IntegrityStatus.NOT_SUPPORTED: return "The integrity type is not supported in this version of Signature SDK";
	}
}

function dataStatusDesc(status) {
	switch (status) {
		case Module.DataStatus.GOOD: return "Signed data correct";
		case Module.DataStatus.NO_HASH: return "The signature has not attached any data";
		case Module.DataStatus.BAD_TYPE: return "The type of the hash is incorrect, please try with another type";
		case Module.DataStatus.BAD_HASH: return "The hash of the document it is different from the provided";
		case Module.DataStatus.ERROR: return "Unknown error";
		case Module.DataStatus.UNCERTAIN: return "The data is uncertain";
		case Module.DataStatus.SIG_MOVED: return "The signature has been moved";
	}
}

function isEncryptedBinary(data) {
    var string = new TextDecoder().decode(data);
	return (string.startsWith("wgssAES_") || string.startsWith("wgssRSA_"));
}