Digital Signature in Netsuite for XMLs
Hi All,
In today's world, when digital signature ( Adobe, Docusign) is becoming very important and can be treat as
legal sign.
Netsuite provide functionality to add digital sign into each PDF or document going out from Netsuite.
For next few days, we will be writing post about Digital Signature in Netsuite.
In today's world, when digital signature ( Adobe, Docusign) is becoming very important and can be treat as
legal sign.
Netsuite provide functionality to add digital sign into each PDF or document going out from Netsuite.
For next few days, we will be writing post about Digital Signature in Netsuite.
Please Note: These APIs will not show any signature in PDF , these APIs are only to add signature tag in XML and send it to server. Please don't expect any signature in PDF.
If you are looking for solution to add Signature in PDF please use any of below Suite APPs,
1. Adobe Sign for NetSuite (Bundle ID: 345211)
2. DocuSign for NetSuite (Bundle ID: 319224)
Digital Signing
Digital signing provides authentication of documents or messages so that the identity of the sender and the validity of the document’s contents can be trusted. Some companies need digital signing of electronic document like invoice using official digital certificate.
Netsuite store these certificates securely. Netsuite also track expiration dates and remind users when certificate's expiry date is approaching.
For one world account, we can generate certificate for each subsidiary.
In Netsuite, developer can use scripting to sign documents (ex: pdfs, reports, xmls and even plain string )
To store certificate, go to Set Up > Company > Preferences > Certificates
Click on New certificate and add details, you can select audience also.Please refer below image.
 |
| Digital signature in Netsuite |
Please Note: Do not store certificates in File Cabinet , never keep copy of digital signature in File cabinet.
If certificate expires, always use new certificate, never use old certificate again.
Module Used in Digital Signature
You can manage digital signing using three SuiteScript 2.x modules:
N/https/clientCertificate Module
N/crypto/certificate Module
N/certificateControl Module
Create sample XML like below:
<?xml version="1.0"?>
<!DOCTYPE pdf PUBLIC "-//big.faceless.org//report" "report-1.1.dtd">
<pdf>
<head>
<meta name="title" value="My First Document"/>
</head>
<body font-size="18">Hello World!
<signature></signature>
</body>
</pdf>
<!DOCTYPE pdf PUBLIC "-//big.faceless.org//report" "report-1.1.dtd">
<pdf>
<head>
<meta name="title" value="My First Document"/>
</head>
<body font-size="18">Hello World!
<signature></signature>
</body>
</pdf>
Upload above XML file into file cabinet , save file id for now, we will use file id later in our code.
/**
* @NApiVersion 2.x
* @NScriptType Suitelet
*/
define(['N/crypto/certificate','N/file', 'N/certificateControl', 'N/render'],
function (certificate, file, mycert, render){
function onRequest(context) {
var infNFe = file.load({
id: 11111
});
var signedXml = certificate.signXml({
algorithm: 'SHA1',
certId: 'custcertificate3',
rootTag: 'signature',
xmlString: infNFe.getContents()
});
certificate.verifyXmlSignature({
signedXml:signedXml,
rootTag: 'signature'
});
var fileObj = file.create({
name: 'signedXMLMy.xml',
fileType: file.Type.XMLDOC,
contents: signedXml,
description: 'This is a signed xml file.',
folder: UseFolderIdToSave
});
var fid = fileObj.save();
context.response.write({
output: "File created successfully."
});
}
return {
onRequest: onRequest
};
});
* @NApiVersion 2.x
* @NScriptType Suitelet
*/
define(['N/crypto/certificate','N/file', 'N/certificateControl', 'N/render'],
function (certificate, file, mycert, render){
function onRequest(context) {
var infNFe = file.load({
id: 11111
});
var signedXml = certificate.signXml({
algorithm: 'SHA1',
certId: 'custcertificate3',
rootTag: 'signature',
xmlString: infNFe.getContents()
});
certificate.verifyXmlSignature({
signedXml:signedXml,
rootTag: 'signature'
});
var fileObj = file.create({
name: 'signedXMLMy.xml',
fileType: file.Type.XMLDOC,
contents: signedXml,
description: 'This is a signed xml file.',
folder: UseFolderIdToSave
});
var fid = fileObj.save();
context.response.write({
output: "File created successfully."
});
}
return {
onRequest: onRequest
};
});
As we use in above code, always use:
1. N/crypto/certificate Module --- to update XML file into signed XML.
You can also use signer and test it.
2. N/https/clientCertificate Module - To make post, put , delete, request
and get file to remote server.
3. N/certificateControl Module - To load certificate, find certificate, modify
certificate, find usage , and even delete certificate
Signed XML will look like this
( Please note I modified contents from tags, tags are important here)
<?xml version="1.0" encoding="UTF-8" standalone="no"?><pdf>
<head>
<meta name="title" value="My First Document"/>
</head>
<body font-size="18">Hello World!
<signature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>5lM/vlL3trdGgf8JANXPkFJNM08=</DigestValue></Reference>
</SignedInfo>
<SignatureValue>3vT99DQO2Py9xmkugqtiR
f1Lpon1p9AiapPIT+b0dNqx4TruNetWQ9M4Ksw==</SignatureValue>
<KeyInfo><X509Data><X509Certificate>XRl
Qsr0h9/YuBYcXhN/lHMoBO1HoqXlLwkhB9qIKJ72PDICZ5bsTnfklDpy</X509Certificate>
</X509Data></KeyInfo></Signature></signature>
</body>
</pdf>
<head>
<meta name="title" value="My First Document"/>
</head>
<body font-size="18">Hello World!
<signature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>5lM/vlL3trdGgf8JANXPkFJNM08=</DigestValue></Reference>
</SignedInfo>
<SignatureValue>3vT99DQO2Py9xmkugqtiR
f1Lpon1p9AiapPIT+b0dNqx4TruNetWQ9M4Ksw==</SignatureValue>
<KeyInfo><X509Data><X509Certificate>XRl
Qsr0h9/YuBYcXhN/lHMoBO1HoqXlLwkhB9qIKJ72PDICZ5bsTnfklDpy</X509Certificate>
</X509Data></KeyInfo></Signature></signature>
</body>
</pdf>
Please let us know if you have any question about this, there are limited documentation in Netsuite here and around internet. Again , this api will not allow you to show signature tag in XML. This api is for sending signed XML to remote server ( it could be company server or govt server etc)
Thanks
Team Netsuite Guru
Hello
ReplyDeleteCan you please explain how to print digital signature in PDF using PFx file.
Thanks in advance
Please Note: These APIs will not show any signature in PDF , these APIs are only to add signature tag in XML and send it to server. Please don't expect any signature in PDF.
ReplyDelete