Skip to main content

Digital Signing and E-Sign

This page describes the desktop signing layer used to initiate signing, resolve certificate state, and manage custom signature appearances.

Scope

The signing module is a client-side service layer. It does not own the signer UI itself; instead, it proxies requests to the active signing backend and to Nuxeo-facing services when the environment requires it.

Primary Entry Points

The central service wrapper is ESignServiceProxy.

It resolves the active signing implementation based on:

  • the current desktop user
  • whether the user is marked as a remote signer
  • the endpoint type selected by EndPoints

Depending on that state, the proxy delegates to either:

  • RemoteESignService
  • RemoteESignServiceOfflineStub

Signing Flow

ESignServiceProxy exposes the signing contract used by the desktop client:

  • isSigningAllowed() checks whether the current user can sign
  • getCertificate() resolves the user certificate
  • signFile() signs a file payload
  • signDocument() signs a document model
  • isPasswordRequired() reports password requirements
  • showCertificateSetupDialog() opens certificate setup
  • initSigningProcess() begins the sign session for a document
  • requiresVerificationCodeAndPasswordForSigning() determines the credential prompts
  • verifyCertificate() validates the certificate and credential data
  • isExpired() and isRevoked() report certificate status
  • deleteUserIdentity() and verifyUserIdentity() manage the identity record
  • isLicensedUser() reports whether the account is licensed for signing

Custom Signature Appearances

Custom signature appearance data is managed by ClientCustomSignatureAppearanceProvider.

That provider is responsible for:

  • creating a custom appearance through the remote Nuxeo operation OP_APPEARANCE_CREATE
  • deleting a saved appearance through OP_APPEARANCE_DELETE
  • querying appearances through OP_APPEARANCE_QUERY
  • returning the appearance that matches a requested style name

The provider only executes those operations when the active endpoint is remote.

Implementation Notes

  • The signing layer is environment-sensitive. Local offline behavior is intentionally stubbed when the remote endpoint is unavailable.
  • The signature appearance provider is intentionally silent around Nuxeo calls because it is used during account verification and other partially initialized states.
  • The proxy delegates rather than implementing signing directly, which keeps the desktop module thin and focused on orchestration.