add verify tool

1 year ago · 0dcd97f49b
parent de14330449
commit 0dcd97f49b
4 changed files with 49 additions and 20 deletions
--- a/app/controllers/api/tools_controller.rb
+++ b/app/controllers/api/tools_controller.rb
@ -14,5 +14,29 @@ module Api
        data: Base64.encode64(PdfUtils.merge(files.map { |base64| StringIO.new(Base64.decode64(base64)) }).string)
      }
    end
+
+    def verify
+      file = Base64.decode64(params[:file])
+      pdf = HexaPDF::Document.new(io: StringIO.new(file))
+
+      trusted_certs = Accounts.load_trusted_certs(current_account)
+
+      is_checksum_found = ActiveStorage::Attachment.joins(:blob)
+                                                   .where(name: 'documents', record_type: 'Submitter')
+                                                   .exists?(blob: { checksum: Digest::MD5.base64digest(file) })
+
+      render json: {
+        checksum_status: is_checksum_found ? 'verified' : 'not_found',
+        signatures: pdf.signatures.map do |sig|
+          {
+            verification_result: sig.verify(trusted_certs:).messages,
+            signer_name: sig.signer_name,
+            signing_reason: sig.signing_reason,
+            signing_time: sig.signing_time,
+            signature_type: sig.signature_type
+          }
+        end
+      }
+    end
  end
 end
--- a/app/controllers/verify_pdf_signature_controller.rb
+++ b/app/controllers/verify_pdf_signature_controller.rb
@ -9,26 +9,7 @@ class VerifyPdfSignatureController < ApplicationController
        HexaPDF::Document.new(io: file.open)
      end

-    cert_data =
-      if Docuseal.multitenant?
-        value = EncryptedConfig.find_by(account: current_account, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {}
-
-        Docuseal::CERTS.merge(value)
-      else
-        EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {}
-      end
-
-    default_pkcs = GenerateCertificate.load_pkcs(cert_data)
-
-    custom_certs = cert_data.fetch('custom', []).map do |e|
-      OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s)
-    end
-
-    trusted_certs = [default_pkcs.certificate,
-                     *default_pkcs.ca_certs,
-                     *custom_certs.map(&:certificate),
-                     *custom_certs.flat_map(&:ca_certs).compact,
-                     *Docuseal.trusted_certs]
+    trusted_certs = Accounts.load_trusted_certs(current_account)

    render turbo_stream: turbo_stream.replace('result', partial: 'result',
                                                        locals: { pdfs:, files: params[:files], trusted_certs: })
--- a/config/routes.rb
+++ b/config/routes.rb
@ -45,6 +45,7 @@ Rails.application.routes.draw do
    end
    resources :tools, only: %i[] do
      post :merge, on: :collection
+      post :verify, on: :collection
    end
    scope 'events' do
      resources :form_events, only: %i[index], path: 'form/:type'
--- a/lib/accounts.rb
+++ b/lib/accounts.rb
@ -137,6 +137,29 @@ module Accounts
    end.presence
  end

+  def load_trusted_certs(account)
+    cert_data =
+      if Docuseal.multitenant?
+        value = EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {}
+
+        Docuseal::CERTS.merge(value)
+      else
+        EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {}
+      end
+
+    default_pkcs = GenerateCertificate.load_pkcs(cert_data)
+
+    custom_certs = cert_data.fetch('custom', []).map do |e|
+      OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s)
+    end
+
+    [default_pkcs.certificate,
+     *default_pkcs.ca_certs,
+     *custom_certs.map(&:certificate),
+     *custom_certs.flat_map(&:ca_certs).compact,
+     *Docuseal.trusted_certs]
+  end
+
  def can_send_emails?(_account, **_params)
    return true if Docuseal.multitenant?
    return true if ENV['SMTP_ADDRESS'].present?