Understanding the IPDFSignature Interface Class

If the signer of the report needs to be determined dynamically at report run time (for example, the signer is to be determined based on the report data), then a custom application class based on the IPT_PDFSIGNATURE_INT:IPDFSignature interface must be used. However, if the report signer and digital certificate are known at report design time, then the certificate ID (referred to as the digital ID or signature ID) can be specified in the psxp_signature_digitalID property in the report definition. In this case, there is no need to implement a custom application class.

Consider these situations when determining whether to create a custom implementation of the IPT_PDFSIGNATURE_INT:IPDFSignature interface class:

  • If the psxp_signature_digitalID property has a value, BI Publisher for PeopleSoft can use this value as the digital ID; therefore, you do not need to implement a custom application class.

  • If a digital signature will be applied to the PDF report and the psxp_signature_digitalID property has no value, you must specify a a custom implementation of the IPT_PDFSIGNATURE_INT:IPDFSignature interface class in the psxp_signature_appclass property.

  • If you specify a value for both psxp_signature_digitalID and psxp_signature_appclass, the value of psxp_signature_digitalID is ignored and your application class will be used to determine the digital ID.

When you create an implementation of the IPT_PDFSIGNATURE_INT:IPDFSignature interface, you need your application class to return which digital ID is to be used for signing a specific report. When you implement this interface:

  1. You must not set any of the four properties that are set for you by BI Publisher for PeopleSoft. These are: OperatorId, ProcessInstance, ReportId, and secStore.

  2. In addition, you must not set two other properties that BI Publisher for PeopleSoft may set for you: KeyFieldNames and KeyFieldValues.

    Those properties are populated from XML report file data as arrays of string when the report’s psxp_signature_mapfields property has a value. Use those arrays to determine the signer for the specified report or report instance. In the case of a bursted report with a different signer for each instance, BI Publisher for PeopleSoft will call your application class separately for each report instance with these properties set to values specific to the report instance.

  3. You must complete implementations of the interface’s two abstract methods:

    • Implement getSignatureId to return the digital ID for the certificate that is to be used to sign a specific report.

      See getSignatureId for an example implementation.

    • Implement getErrorString to return a detailed error message to BI Publisher for PeopleSoft.

      See getErrorString for more information and an example.

  4. You must provide a value for the UseSameSignatureForBursting read-only property to indicate whether to use the same signer for bursted instances of this report.

    See UseSameSignatureForBursting for an example of a technique to implement this.

  5. You must provide the full path to your application class by specifying the psxp_signature_appclass property on the Global Properties page—for example:

    MY_CUSTOM_PACKAGE:MY_SignedPDF

    Important! If both the psxp_signature_appclass property and the psxp_signature_digitalID property are set, the psxp_signature_digitalID property is ignored.

The following example shows just the class definition block of an example implementation of an application class named My_SignedPDF:

class My_SignedPDF implements IPT_PDFSIGNATURE_INT:IPDFSignature
   /* inputs */
   property string ReportId; /* report Id that requires digital signature */
   property string OperatorId; /* operator ID who runs a report */
   property number ProcessInstance; /* Process Scheduler Process Instance */
   property array of string KeyFieldNames; /* an array of field names that contain key data */
   property array of string KeyFieldValues; /* an array of field values that contain key data */
   property PT_SECURITY_DIGITALCERTSTORE:DigitalCertStore secStore; /* Security App class used to get Digital Certificates info from Security storage */
   
   /* outputs */
   property boolean UseSameSignatureForBursting get; /* If true the same signature  will be reused for all bursted instances */
   method My_SignedPDF(); /* Constructor */
   method getSignatureId() Returns string; /* Signature Authority ID to be used for signing a report */
   method getErrorString() Returns string; /* An error string, if any */
   
private
   instance string &m_errorStr;
   instance number &m_ErrorMessageSet;
   instance Boolean &mb_ReuseSignature;
end-class;