Beruflich Dokumente
Kultur Dokumente
PROJECT: VALIDATOR
Kashish Kochar
15CSU091
1
TABLE OF CONTENTS
Preface .........................................................................................................4
Acknowledgement ....................................................................................... 5
Abstract ........................................................................................................ 6
Introduction ................................................................................................. 7
Executive Summary ................................................................................... 8
Training Description ................................................................................ 10
Project: Validator…………….…...........................................................10
1. Project Background and Scope….....................................................10
2. Project’s rationale and Goals............................................................10
3. Methodology used for Verification of Digital Signature………......11
3.1 Checking a document’s integrity...................................................11
3.2 Retrieving information from a signature.......................................11
3.3 Validating the certificates of a signature.......................................11
3.4 Checking if the certificate was revoked using CRLs and OCSP..12
4. Technical Details..............................................................................12
Testing…………………………………………..………........................13
Analysis …………......................................................................................14
Conclusion ..................................................................................................15
Bibliography …………...............................................................................16
Appendix B (About
LEEGALITY)………………...................................................................25
2
Appendix C (About LEEGALITY’S AADHAAR ESIGN
SERVICES)................................................................................................28
3
PREFACE
This report documents the work done during the summer internship at
Leegality(Grey Swift Private Limited), 91 SpringBoard, Nehru Place, New
Delhi under the supervision of Mr. Prakhar Aggarwal. The report will give
an overview of the tasks completed during the period of internship with
technical details. I have tried my best to keep report simple yet technically
correct. I hope I succeed in my attempt.
4
ACKNOWLEDGEMENT
During my summer internship, the staff at Leegality and people guiding me were very
helpful and extended their valuable guidance and help whenever required for the projects
which I worked on.
I am highly indebted to my guide Mr. Prakhar Aggarwal for his invaluable guidance and
advice during my Summer Internship.
Kashish Kochar
5
ABSTRACT
The report presents the three tasks completed during summer internship at Leegality,
which are listed below:
1. Conceptual learning of Groovy and Grails.
3. Unit Testing
Grails is an open source web application framework that uses the Apache
Groovy programming language (which is in turn based on the Java platform). It is
intended to be a high-productivity framework by following the "coding by
convention" paradigm, providing a stand-alone development environment and
hiding much of the configuration detail from the developer.
6
INTRODUCTION
COMPANY PROFILE
The platform provides a guarantee of unmatched security and legal reliability on the
documents signed through them.
Leegality’s Aadhaar eSigning APIs are highly functional and highly modifiable to
allow businesses to incorporate the services within their products as per their unique
flow requirements. Their architecture follows industry best security practices and is
compliant with ISO 27001 Information Management Standard. They also provide a
digitally signed audit trail for every document signed through their platform.
7
EXECUTIVE SUMMARY
My two-month Industrial Internship Program work term was with the
Leegality(Grey Swift Private Limited), New Delhi. I worked as a Web Development
Intern during my work term.
This project was entirely a learning experience for me and it helped me to learn many
new things since I didn’t had knowledge of Groovy and Grails in starting.
I learnt:
Step-by-step process of verifying digital signatures
I learnt many new commands and how to create my own logic.
I learnt to make new pages in GSP using HTML, CSS and Bootstrap along
with proper validations.
Handling the uploaded document, creating a preview through Ajax call and
extracting data through backend.
Using Ajax call to get responsive real time data.
One of the important achievements of this project was the development of a new
Application to verify the digital signature on a document. The application provides the
following checks:
8
An application was finally developed using the above criteria to demonstrate the
usefulness and requirement of the project. It was a fully developed project which
worked very well.
After the completion of the project I did testing for the same and found out major
improvements and suggestions that could help the project work more efficiently.
I acquired many new technical skills throughout my work term. I acquired new
knowledge in the area of Groovy and Grails. I also brushed up my CSS, Bootstrap
and HTML skills while making these applications. The project is still in its working
phase.
Then I got introduced to the area of research and how to approach it. Most
importantly, the work experience was very good which included good fellowship,
cooperative teamwork and accepting responsibilities.
Although I spent a lot of time learning new things, I found that I was well trained in
certain areas that helped me substantially in my projects. Many programming skills
that I used in my projects, such as programming style and design, were ones that I
had acquired during my studies in Computer Science.
9
TRAINING DESCRIPTION
Project: Validator
The aim of the process was to develop a platform in order to verify the
Digital Signature by following a proper step-by-step process as described
in the third section.
10
3. Methodology used for Verification of Digital Signature
3.1 Checking a document’s integrity
The three reasons which marks the goal of signing documents using a
digital signature are: to ensure the integrity of the document, to get
assurance about the identity of the signer, to make sure the signer can’t
deny he has signed the document.
11
3.3.2 Verifying a signature against a key store: We verify the
certificates obtained from the keystore against the ones generated
from the certificate chain of the document.
3.4 Checking if the certificate was revoked using CRLs and OCSP
We take the signing certificate and the certificate of the issuer of that
certificate (or null if it was self-signed). We’ll use these certificates as
parameters to check for revocation.
We will check if the OCSP responses of the document were valid for the
certificate on a specific date on the signing date or today. If not, the
verifier will try to look for a valid OCSP response online.
Then the verifier will check if the CRLs of the document were valid on a
specific date. If the certificate was revoked an exception will be thrown.
If no valid CRL was found, the verifier will try to fetch a CRL online. If
we still didn’t get any object as result, the certificate couldn’t be verified.
Otherwise, we get a list of the checks that made us accept the certificate.
4. Technical details
Web Presentation: HTML, CSS, Bootstrap, JavaScript, Groovy Server
Pages(GSP)
Programming Language: Groovy with Grails
Browser: Google Chrome
Front-End and Backend Integration: JQuery and Ajax
Version Control: Git
API creation and testing: Postman
Operating System: Ubuntu 16.04
IDEs: IntelliJ IDEA 2018.1.4
I was acquainted with some of the languages earlier but few of them were
new to me.
12
Testing
After the successful completion of the project, I was also involved in
designing test suites and writing codes for unit testing of the already exiting
application in Spock, a unit testing framework for Groovy applications.
During my term in the company, I wrote codes for four services of the already
existing application along with my fellow interns who wrote codes for the
other services.
The operations of mocking, stubbing and spying can be accomplished by
really simple code through Spock, which made work easy.
After the completion of unit testing of services, I was also involved in writing
test codes for 26 domain classes of the already existing system.
The testing phase was an entirely new learning curve for me which helped me
to learn valuable skills in testing along with my work in development.
13
ANALYSIS
My training at Leegality has been very beneficial for me as I have learned and
improved myself a lot technically as well non-technically.
During my project, initially I went through all concepts of Groovy and Grails,
HTML, Bootstrap, JavaScript, CSS.
Then, I started my technical analysis of the Web application of the already running
projects to understand the basic layout of the website. I started doing some programs
implementing Grails on my own.
A lot of time was then spent understanding the concepts of digital signatures and
analysing and understanding the verification process for the same.
During my project, I first worked on creating functions for the implementations of
the process, and then discussed all the processes required in verification with my
mentor. Unit testing was done after each step so as to verify the outputs and
successful completion of each step of the process.
After completing the functions required for the process of Validator, I designed the
UI of the application. I first designed a basic layout for the application, then
incorporated the functions which I previously made, using JQuery and Ajax calls.
Then, I discussed all the possible changes required in the UI of the application to
make it more relatable to the look and feel of the already existing website. After
incorporating those changes, I successfully submitted my project for deployment.
Other than the project, I have also contributed to the firm in terms of writing codes
for API calls in different languages such as Android and .Net for integration by
clients. Also, using Chart.js, I designed some graphs for graphical representation of
the different data in the user and administrator console.
And, I also wrote test suites for the already existing system in Spock (Unit testing
framework).
Now coming to personal skills, a person never thinks that adapting to corporate
culture, working in a team etc., can be such a big part of shaping an individual. While
working in the company, I inculcated all of it quite successfully and got quite
comfortable with the office environment. One of the strength that I developed during
this training period was being optimistic about unfamiliar work within the given
deadline.
It was a great experience for me as I learned a lot of new things during my internship.
Practical knowledge is very much important to learn anything.
14
CONCLUSION
In the past 20 years, technology has changed the nature of attendance and complaint
log system. In the old days, everything was done manually, with records maintained
in registers. Now that the computers and technology have penetrated the industry,
automation has become the competitive advantage in today's world. We are now
completely reliable on technology for every work. This summer internship had
helped me a lot to know about the working of IT companies in today's world and
how do they withstand the high level competitive environment. I learnt the real
during my project. I built a great skill of working and coordinating with team
members and gave my best to the work allotted to me. I gained technical, as well as
15
BIBLIOGRAPHY
https://www.theserverside.com/definition/cascading-style-sheet-CSS
https://www.theserverside.com/definition/JavaScript
https://en.wikipedia.org/wiki/JQuery
https://en.wikipedia.org/wiki/Ajax_(programming)
https://valuebound.com/resources/blog/get-to-know-about-postman-tool
https://www.securedsigning.com/resources/intro-to-digital-signatures
16
APPENDIX A
1. Groovy
What is Groovy?
Groovy can serve as a scripting language for developers new to the Java
platform and can also be useful for veteran Java developers interested in
enhancing the expediency and flexibility of that language.
Groovy has a Java-like syntax and works seamlessly with Java bytecode.
Many of the language's features resemble those
of Perl, Python, Ruby and Smalltalk.
2. Grails
Grails is a web framework based on Groovy and Java which can be deployed
into existing Java web servers, e.g., Tomcat or Jetty.
Grails uses JavaEE as the architectural basis and Spring for structuring the
application via dependency injection.
Grails is plug-in based and currently uses its own build system (Gant) but
plans to migrated to Gradle. The Grails homepage provides several pre-
defined plugins which extend the Grails framework.
During the start of a new development with Grails you mainly use the
command line to generated new user interfaces.
Grails uses GORM (Grails Object Relational Mapping) for the persistence
of the domain model. GORM is based on Hibernate. You can test with the
18
HSQLDB and run in production against another database simply by
changing the configuration file (DataSource.groovy).
3. HTML
HTML (Hypertext Markup Language) is the set of markup symbols or codes
inserted in a file intended for display on a World Wide Web browser page.
The markup tells the Web browser how to display a Web page's words and
images for the user. Each individual markup code is referred to as an element
(but many people also refer to it as a tag). Some elements come in pairs that
indicate when some display effect is to begin and when it is to end.
4. CSS
A cascading style sheet (CSS) is a Web page derived from multiple sources
with a defined order of precedence where the definitions of any style element
conflict. The Cascading Style Sheet, level 1 (CSS1) recommendation from the
World Wide Web Consortium (W3C), which is implemented in the latest
versions of the Netscape and Microsoft Web browsers, specifies the possible
style sheets or statements that may determine how a given element is
presented in a Web page.
CSS gives more control over the appearance of a Web page to the page creator
than to the browser designer or the viewer. With CSS, the sources of style
definition for a given document element are in this order of precedence:
19
1. The STYLE attribute on an individual element tag
2. The STYLE element that defines a specific style sheet containing style
declarations or a LINK element that links to a separate document
containing the STYLE element. In a Web page, the STYLE element is
placed between the TITLE statement and the BODY statement.
3. An imported style sheet, using the CSS @import notation to
automatically import and merge an external style sheet with the current
style sheet
4. Style attributes specified by the viewer to the browser
5. The default style sheet assumed by the browser
In general, the Web page creator's style sheet takes precedence, but it's
recommended that browsers provide ways for the viewer to override the style
attributes in some respects. Since it's likely that different browsers will choose
to implement CSS1 somewhat differently, the Web page creator must test the
page with different browsers.
5. Bootstrap
Bootstrap is a free and open-source front-end framework (library) for
designing websites and web applications. It contains HTML- and CSS-based
design templates for typography, forms, buttons, navigation and other
interface components, as well as optional JavaScript extensions. Unlike many
web frameworks, it concerns itself with front-end development only.
6. JavaScript
JavaScript is a programming language that started off simply as a mechanism
to add logic and interactivity to an otherwise static Netscape browser. In the
years since its introduction, it has not only supplanted a variety of other
competing languages and technologies to become the standard for browser-
based programming, but it has also expanded beyond the client space to
become a dominant language on the server side, as well.
20
What JavaScript can be used for?
The Hyper Text Transport Protocol, or HTTP, was designed to do exactly
what the name implies, which is to transport HTML text across a network for
viewing. But the problem with HTML is that it is completely static, providing
no capabilities to implement logic.
7. JQuery
jQuery is a cross-platform JavaScript library designed to simplify the client-
side scripting of HTML. It is free, open-source software using the
permissive MIT License. Web analysis indicates that it is the most widely
deployed JavaScript library by a large margin.
jQuery's syntax is designed to make it easier to navigate a document,
select DOM elements, create animations, handle events, and
develop Ajax applications. jQuery also provides capabilities for developers to
create plug-ins on top of the JavaScript library. This enables developers to
create abstractions for low-level interaction and animation, advanced effects
and high-level, themeable widgets. The modular approach to the jQuery
library allows the creation of powerful dynamic web pages and Web
applications.
The set of jQuery core features—DOM element selections, traversal and
manipulation—enabled by its selector engine (named "Sizzle" from v1.3),
created a new "programming style", fusing algorithms and DOM data
structures. This style influenced the architecture of other JavaScript
frameworks like YUI v3 and Dojo, later stimulating the creation of the
standard Selectors API.
21
8. Ajax
Ajax (also AJAX; short for "Asynchronous JavaScript And XML") is a set
of Web development techniques using many Web technologies on the client
side to create asynchronous Web applications. With Ajax, Web applications
can send and retrieve data from a server asynchronously (in the background)
without interfering with the display and behavior of the existing page. By
decoupling the data interchange layer from the presentation layer, Ajax allows
Web pages, and by extension Web applications, to change content
dynamically without the need to reload the entire page. In practice, modern
implementations commonly utilize JSON instead of XML due to the
advantages of JSON being native to JavaScript.
9. Postman
Postman is a Google Chrome app for interacting with HTTP APIs. It presents
you with a friendly GUI for constructing requests and reading responses. The
people behind Postman also offer an add-on package called Jetpacks, which
includes some automation tools and, most crucially, a Javascript testing
library. This post will walk you through an example that uses those testing
features. While they won't replace your focused unit tests, they do breathe new
life into testing features from outside your applications. This makes it
extremely valuable for functional testers or for developers who love to
test outside-in.
10. Git
Git is a version control system for tracking changes in computer files and
coordinating work on those files among multiple people. It is primarily used
for source code management in software development, but it can be used to
keep track of changes in any set of files. As a distributed revision
control system it is aimed at speed, data integrity, and support for distributed,
non-linear workflows.
Git was created by Linus Torvalds in 2005 for development of the Linux
kernel, with other kernel developers contributing to its initial development. Its
current maintainer since 2005 is Junio Hamano.
As with most other distributed version control systems, and unlike
most client–server systems, every Git directory on every computer is a full-
fledged repository with complete history and full version tracking abilities,
independent of network access or a central server.
22
Git is free and open source software distributed under the terms of the GNU
General Public License version 2.
11. Spock
Spock is a testing and specification framework for Java and Groovy
applications. What makes it stand out from the crowd is its beautiful and
highly expressive specification language. Thanks to its JUnit runner, Spock is
compatible with most IDEs, build tools, and continuous integration servers.
Spock is inspired
from JUnit, RSpec, jMock, Mockito, Groovy, Scala, Vulcans, and other
fascinating life forms.
Every Spock test (or specification) extends spock.lang.Specification. This
abstract class uses Spock's JUnit
runner, org.spockframework.runtime.Sputnik, and contains useful methods
for writing tests eg creating mock objects
23
APPENDIX B
About LEEGALITY
Online e-stamping
Obtain stamp paper of 7+ states for your legal documents
24
25
Leegality’s Platform
26
APPENDIX C
In fact, Aadhaar based digital signatures are even more legally secure than
physical signatures due to the presumptions existing in favour of the
authenticity and correctness of digital signatures under Section 85A, 85B &
85 C of the Indian Evidence Act, 1872, as discussed above.
But Section 1(4) of the IT Act lays down- “Nothing in this Act shall apply to
documents or transactions specified in the First Schedule by way of addition
or deletion of entries thereto.”
28
expressly excluded from the application of the IT Act under the First
Schedule.
29
APPENDIX D
30
Digital Signatures Process
Using David and Donna, we can demonstrate how digital signatures are work.
From David’s point of view, the signing process operation is simple. But few steps are
happening while signing process is started. :
The hash result and the user’s digital certificate that includes user’s Public
Key are mixed into a digital signature; it’s done by using the user’s Private
Key to encrypt the document hash. The resulting signature is unique to both
the document and the user. Finally, the digital signature is embedded to the
document.
David sends the signed document to Donna. Donna uses David’s public key
(which is included in the signature within the Digital Certificate) to
authenticate David’s signature and to ensure the document didn’t alter after
it was signed.
Donna:
32
PROJECT DAILY TASK
Date Day Work
th
18 May, 2018 Friday Installing soft wares and getting to
know the workflow of the company.
33
7th June, 2018 Thursday Looking at different templates for the
UI of the application and finalising
three probable templates.
8th June, 2018 Friday Starting with the UI of the validator.
11th June, 2018 Monday Finalising the template and working
on the UI of the application.
12th June, 2018 Tuesday Working and finishing off the UI of the
application.
13th June, 2018 Wednesday Integration of UI with the
code(Upload file, pdf preview).
Successfully completed training.
14th June, 2018 Thursday Finishing integration of code(PDF
preview, Show certificates) and
making final changes to the
application to make it ready for
deployment. Submitting final project
code for deployment.
15th June, 2018 Friday Off.
34
35