diff --git a/app/controllers/api/tools_controller.rb b/app/controllers/api/tools_controller.rb index 9eaa1486..32c59808 100644 --- a/app/controllers/api/tools_controller.rb +++ b/app/controllers/api/tools_controller.rb @@ -14,5 +14,29 @@ module Api data: Base64.encode64(PdfUtils.merge(files.map { |base64| StringIO.new(Base64.decode64(base64)) }).string) } end + + def verify + file = Base64.decode64(params[:file]) + pdf = HexaPDF::Document.new(io: StringIO.new(file)) + + trusted_certs = Accounts.load_trusted_certs(current_account) + + is_checksum_found = ActiveStorage::Attachment.joins(:blob) + .where(name: 'documents', record_type: 'Submitter') + .exists?(blob: { checksum: Digest::MD5.base64digest(file) }) + + render json: { + checksum_status: is_checksum_found ? 'verified' : 'not_found', + signatures: pdf.signatures.map do |sig| + { + verification_result: sig.verify(trusted_certs:).messages, + signer_name: sig.signer_name, + signing_reason: sig.signing_reason, + signing_time: sig.signing_time, + signature_type: sig.signature_type + } + end + } + end end end diff --git a/app/controllers/verify_pdf_signature_controller.rb b/app/controllers/verify_pdf_signature_controller.rb index dbd39021..69e6098b 100644 --- a/app/controllers/verify_pdf_signature_controller.rb +++ b/app/controllers/verify_pdf_signature_controller.rb @@ -9,26 +9,7 @@ class VerifyPdfSignatureController < ApplicationController HexaPDF::Document.new(io: file.open) end - cert_data = - if Docuseal.multitenant? - value = EncryptedConfig.find_by(account: current_account, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {} - - Docuseal::CERTS.merge(value) - else - EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {} - end - - default_pkcs = GenerateCertificate.load_pkcs(cert_data) - - custom_certs = cert_data.fetch('custom', []).map do |e| - OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s) - end - - trusted_certs = [default_pkcs.certificate, - *default_pkcs.ca_certs, - *custom_certs.map(&:certificate), - *custom_certs.flat_map(&:ca_certs).compact, - *Docuseal.trusted_certs] + trusted_certs = Accounts.load_trusted_certs(current_account) render turbo_stream: turbo_stream.replace('result', partial: 'result', locals: { pdfs:, files: params[:files], trusted_certs: }) diff --git a/config/routes.rb b/config/routes.rb index 2de99d5f..6cdc09a3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -45,6 +45,7 @@ Rails.application.routes.draw do end resources :tools, only: %i[] do post :merge, on: :collection + post :verify, on: :collection end scope 'events' do resources :form_events, only: %i[index], path: 'form/:type' diff --git a/lib/accounts.rb b/lib/accounts.rb index 4103f76c..0ce789d7 100644 --- a/lib/accounts.rb +++ b/lib/accounts.rb @@ -137,6 +137,29 @@ module Accounts end.presence end + def load_trusted_certs(account) + cert_data = + if Docuseal.multitenant? + value = EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {} + + Docuseal::CERTS.merge(value) + else + EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || {} + end + + default_pkcs = GenerateCertificate.load_pkcs(cert_data) + + custom_certs = cert_data.fetch('custom', []).map do |e| + OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s) + end + + [default_pkcs.certificate, + *default_pkcs.ca_certs, + *custom_certs.map(&:certificate), + *custom_certs.flat_map(&:ca_certs).compact, + *Docuseal.trusted_certs] + end + def can_send_emails?(_account, **_params) return true if Docuseal.multitenant? return true if ENV['SMTP_ADDRESS'].present?