I would like to create a notes mail from some html source (with possibly inline image and attachments) using java through DIIOP. I tried to use mime item to do that, but sign and encrypt would need internet certs. So rich text seems to be the only choice, but I could not find any java API to import html into richtext. In notes client GUI, one can import from text/html. And also I noticed that MIME mail exported from inbox are "Itemized by DIIOP Server". Is there any way I can programmatically import html into lotus notes message so that sign and encrypt can be used with Lotus Notes internal certs.
Thanks and Regards,
Shing
You should be able to encrypt using Java via DIIOP, but you can't sign that way.
You need a private key in order to sign a message or document. The low-level Notes APIs expect the private key to be located in the current ID file for the session. When you are using DIIOP. Your Java code is running locally and it does not have access to your user ID file. The low-level Notes APIs don't run on the same machine that the Java is running on. There usually isn't even a Notes or Domino installation on the code where the Java code is running, so the code for the low-level APIs isn't even available to the JVM.
In a DIIOP configuraiton, the low-level Notes API code is running on the Domino server. The only ID file it has access to is the server ID file, and it will not allow you to sign using the server's private key.
Eventually find a solution, abeit rather hacky. create a document using MIME, then save to database, then close the session. The open a new session, and get the saved document, it is converted to richtext by the Domino Server, but there are some traces of MIME, export to DXL using DXLExporter. In the exported DXL, remove the items "MIME_Version" and "$MIMETrack". Inline image of type other than jpg and gif (png and gif) are not handled properly, have to play around the XML DOM a bit to fix it, then import the fixed DXL using DXLImporter, and there you have a converted Richtext document, rather like what you get from importing HTML file in Note Client GUI. Better than none.
Related
At the moment we have developed a system that can digitally sign documents using a java applet. However with the ban of applets under chrome we are looking for an alternative solution for digital signing.
At the moment the signing works the following way:
A HTTP GET is sent to a servlet to get the document that is going to
be signed;
The applet gets started, the digital signature driver gets extracted from the file system and the user enters the PIN;
The applet gets the certification chain, checks CRLs/OSCP and signs the document;
The applet sends a multipart post with the already signed file to a servlet in the system.
One alternative solution would be to import the certificate in the browser and use js to do the signing. But that won't be an user friendly solution.
Another solution could be to ask the user to download a run a program using JNLP that downloads and signs the document and automatically uploads it using HTTP multipart POST. The drawback of this approach would be it requires additional user interactions (the download action) and we lose browser http session, so we have to authenticate again.
Which is more viable? Can you think of alternative?
All post below suggests RSA based signing.
You may sign it in pure Javascript+ Web Crypto api.
Key points is extracting key with HTML5 <file> tag, use forge js library to deal with keys and hashes and canonize xml with deoxxa and use web crypto for sign/verify (in addition, forge also may sign/verify but web crypto is faster).
If you are signing xmls with exclusive canonicalization, use deoxxa (you should browserify it before using). If you sign xml and need to do inclusive canonicalization use my fork of deoxxa (hosted on own gitlab server). I was too lazy to rename exclusive to inclusive but my .js file performs inclusive, believe me) Example of usage forge+deoxxa+html5_p12_file_read in signJs, verifyJs files.
Also, forge supports signing binary files (CMS or in older naming style PKCS#7) but my JSP files doesn't have such example. About OCSP and chain test in JS - I opened the issue in forge, but it seems too difficult to handle CRL/OCSP and TSP protocols in JS, that's why you may sign in JS, but verify may be splitted - hash checking doing in JS(forge usage and additional code showed in my JSP) but smart checks like CRL, chain e.t.c do in your web service - you may extract X509Certificate and send it to your web service and use bouncycastle or any other cool library to do smart checks. X509Certificate is anyway public info, no problem in sending it to service, but digest checking requires files and you may not want to send files to service and thus use forge for checking digest which is showed in my verifyJS file.
My JS code is not refactored and even not in OOP and currently I'm not working on that project but on some stage I had fully working xml RSA siging with p12 keys in file system.
Latest JSP in my repo uses forge just for parsing p12 files and providing keys from them to Web Crypto API but my repo history also has pure Javascript sign/verify (if you don't like web crypto api). see history of the project branches.
Is there a posability in Vaadin 7 or in Java generally, to check if a browser has an embedded pdfreader or not?
I need to know that because it depends on that how i open the pdf.
There is unfortunately no way to consistently check if the browser supports viewing PDF files or not. I would recommend using something like PDF.JS (https://github.com/mozilla/pdf.js) or FlexPaper (http://flexpaper.devaldi.com/products.jsp) on your web site to display your documents to make sure your visitors can see your documents
Both those options are available as open source
In a web application, Java (and per se, Vaadin) runs on server side, so you cannot know which technology is installed on client, in this case, the browser. Just fire your file download with the application/pdf mime header and let the client do it's work. If you want to fire it as a general file download, use application/octet-stream mime header instead.
Here's a more generic q/a on this topic: How to determine if the user's browser can view PDF files
In Java, how to launch the mail client along with the given file as its attachment - particularly using the method Desktop.getDesktop().mail(URI)
I am using Windows 7 and want to launch MS Outlook.
It is a good question.
Indeed the URI that sent as a parameter to method desktop.mail(URI) allows setting to, cc, bcc, subject, body and does not allow setting attachments. (see http://www.ietf.org/rfc/rfc2368.txt)
However attachments are actually specially formatted fragments of email body. Please read this for more details: http://techhelp.santovec.us/decode.htm.
This means that you can encode your binary attachment using Base64 and create email body that already contains the attachment of any generic file. I personally have not tried this but I believe it must work. Good luck.
As far as I know, it is unfortunatly not possible to specify any attachment using Desktop.mail(URI).
I've tried AlexR suggestion. It doesn't work if the file is too big because of the restriction of the number of characters in the URI.
However, it is still possible using JMAPI, though it only works on x86 platforms.
The ultimate way to make it work is using the JavaMail API, but it forces you to create your own GUI and to set the SMTP server configuration.. which is not pretty user-friendly.
If anyone as other suggestions, i'd be glad to know them.
There is any way (from browser) to read local file without open dialog?
Can be used: javascript, flash, or java.
Goal: when you paste text in WYSIWYG with images from MS Word, there will be links to image files. Like "file:///C:/Users/username/AppData/Local/Temp/msohtmlclip1/01/clip_image001.jpg". I want to read this files, upload to server and replace local path.
Accessing the disk contents from the browser without the user permission is a security risk. As such, to do that with Java you need your applet signed and the user allowing it to run.
A Java applet can do this, but it would need to be signed with an SSL certificate from a trusted authority, otherwise the applet would not be run with a security exception thrown.
You'd use any standard Java approach to loading and uploading the file (Apache Commons FileUtils and HttpClient?); if you're new to Java then there may be simpler solutions.
I currently have a finance calculator applet that at the users request generates a PDF of the information calculated for the user. When it is generated, the PDF is created locally, and a JFileChooser allows the user to move the PDF to the destination on their machine of their choosing.
A certificate is required for the JFileChooser to run. What can I do to deliver the PDF to the user as an alternative to the JFileChooser and signing the applet?
From the official Java Applet tutorial:
When launched by using JNLP, unsigned applets can also perform the
following operations:
* They can open, read, and save files on the client.
Check this out as an example.
If you have to stick to traditional applets, you should sign the jar, even if that means self-signing (I think in this case a warning is displayed, but the user can proceed).
Use this method:
URL url = new URL(getCodeBase().getProtocol(),
getCodeBase().getHost(),
getCodeBase().getPort(),
"/your_pdf_file");
getAppletContext().showDocument(url);
It would just prompt the user to download the file or view it inline
EDIT: This is only useful if the Server is generating the PDF and not the Client Applet