From 7e537e4232e821f08cc2bfbcc519f67baaaffa00 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Thu, 26 Sep 2024 10:58:32 +0300
Subject: [PATCH] adjust signing certs

---
 app/controllers/esign_settings_controller.rb  | 13 +++++++---
 .../_default_signature_row.html.erb           | 25 +++++++++++++++++++
 app/views/esign_settings/show.html.erb        |  4 +++
 .../icons/_discount_check_filled.html.erb     |  4 +++
 lib/accounts.rb                               | 10 ++++++--
 lib/docuseal.rb                               |  1 +
 lib/submissions/generate_audit_trail.rb       |  6 +++--
 .../generate_combined_attachment.rb           |  2 +-
 .../generate_result_attachments.rb            |  4 +--
 9 files changed, 58 insertions(+), 11 deletions(-)
 create mode 100644 app/views/esign_settings/_default_signature_row.html.erb
 create mode 100644 app/views/icons/_discount_check_filled.html.erb

diff --git a/app/controllers/esign_settings_controller.rb b/app/controllers/esign_settings_controller.rb
index 6f052eeb..9e7f2708 100644
--- a/app/controllers/esign_settings_controller.rb
+++ b/app/controllers/esign_settings_controller.rb
@@ -21,9 +21,9 @@ class EsignSettingsController < ApplicationController
     default_pkcs = GenerateCertificate.load_pkcs(cert_data) if cert_data['cert'].present?
 
     custom_pkcs_list = (cert_data['custom'] || []).map do |e|
-      { 'pkcs' => OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s),
-        'name' => e['name'],
-        'status' => e['status'] }
+      pkcs = e['data'].present? ? OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s) : nil
+
+      { 'pkcs' => pkcs, 'name' => e['name'], 'status' => e['status'] }
     end
 
     @pkcs_list = [
@@ -69,7 +69,12 @@ class EsignSettingsController < ApplicationController
     @encrypted_config.value['custom'].each { |e| e['status'] = 'validate' }
 
     custom_cert_data = @encrypted_config.value['custom'].find { |e| e['name'] == params[:name] }
-    custom_cert_data['status'] = 'default' if custom_cert_data
+
+    if custom_cert_data
+      custom_cert_data['status'] = 'default'
+    elsif params[:name] == Docuseal::AATL_CERT_NAME
+      @encrypted_config.value['custom'] << { 'name' => params[:name], 'status' => 'default' }
+    end
 
     @encrypted_config.save!
 
diff --git a/app/views/esign_settings/_default_signature_row.html.erb b/app/views/esign_settings/_default_signature_row.html.erb
new file mode 100644
index 00000000..387db8a1
--- /dev/null
+++ b/app/views/esign_settings/_default_signature_row.html.erb
@@ -0,0 +1,25 @@
+<tr scope="row" class="group">
+  <td class="flex items-center space-x-1">
+    <%= svg_icon('discount_check_filled', class: 'w-6 h-6 text-green-500') %>
+    <span class="flex items-center">
+      DocuSeal Trusted Signature
+      <div class="tooltip ml-1" data-tip="Sign documents with trusted certificate provided by DocuSeal. Your documents and data are never shared with DocuSeal. PDF checksum is provided to generate a trusted signature.">
+        <%= svg_icon('circle_question', class: 'w-4 h-4 stroke-1') %>
+      </div>
+    </span>
+  </td>
+  <td>
+    <a href="<%= "#{Docuseal::CLOUD_URL}/sign_up?#{{ redir: "#{Docuseal::CONSOLE_URL}/on_premise" }.to_query}" %>" class="btn btn-neutral btn-sm text-white">
+      Upgrade to Pro
+    </a>
+  </td>
+  <td>
+    <div class="tooltip" data-tip="Upgrade to Pro">
+      <%= button_to settings_esign_path, method: :put, params: { name: Docuseal::AATL_CERT_NAME }, class: 'btn btn-outline btn-neutral btn-xs whitespace-nowrap', title: t('make_default'), disabled: true do %>
+        <%= t('make_default') %>
+      <% end %>
+    </div>
+  </td>
+  <td>
+  </td>
+</tr>
diff --git a/app/views/esign_settings/show.html.erb b/app/views/esign_settings/show.html.erb
index cc3710d7..a93679c1 100644
--- a/app/views/esign_settings/show.html.erb
+++ b/app/views/esign_settings/show.html.erb
@@ -71,6 +71,7 @@
         </thead>
         <tbody>
           <% @pkcs_list.each do |item| %>
+            <% next if item['pkcs'].blank? %>
             <tr scope="row" class="group">
               <td>
                 <%= item['name'] %>
@@ -98,6 +99,9 @@
               </td>
             </tr>
           <% end %>
+          <% unless Docuseal.multitenant? %>
+            <%= render 'default_signature_row' %>
+          <% end %>
         </tbody>
       </table>
     </div>
diff --git a/app/views/icons/_discount_check_filled.html.erb b/app/views/icons/_discount_check_filled.html.erb
new file mode 100644
index 00000000..274cd4a9
--- /dev/null
+++ b/app/views/icons/_discount_check_filled.html.erb
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+  <path stroke="none" d="M0 0h24v24H0z" fill="none" />
+  <path d="M12.01 2.011a3.2 3.2 0 0 1 2.113 .797l.154 .145l.698 .698a1.2 1.2 0 0 0 .71 .341l.135 .008h1a3.2 3.2 0 0 1 3.195 3.018l.005 .182v1c0 .27 .092 .533 .258 .743l.09 .1l.697 .698a3.2 3.2 0 0 1 .147 4.382l-.145 .154l-.698 .698a1.2 1.2 0 0 0 -.341 .71l-.008 .135v1a3.2 3.2 0 0 1 -3.018 3.195l-.182 .005h-1a1.2 1.2 0 0 0 -.743 .258l-.1 .09l-.698 .697a3.2 3.2 0 0 1 -4.382 .147l-.154 -.145l-.698 -.698a1.2 1.2 0 0 0 -.71 -.341l-.135 -.008h-1a3.2 3.2 0 0 1 -3.195 -3.018l-.005 -.182v-1a1.2 1.2 0 0 0 -.258 -.743l-.09 -.1l-.697 -.698a3.2 3.2 0 0 1 -.147 -4.382l.145 -.154l.698 -.698a1.2 1.2 0 0 0 .341 -.71l.008 -.135v-1l.005 -.182a3.2 3.2 0 0 1 3.013 -3.013l.182 -.005h1a1.2 1.2 0 0 0 .743 -.258l.1 -.09l.698 -.697a3.2 3.2 0 0 1 2.269 -.944zm3.697 7.282a1 1 0 0 0 -1.414 0l-3.293 3.292l-1.293 -1.292l-.094 -.083a1 1 0 0 0 -1.32 1.497l2 2l.094 .083a1 1 0 0 0 1.32 -.083l4 -4l.083 -.094a1 1 0 0 0 -.083 -1.32z" stroke-width="0" fill="currentColor" />
+</svg>
diff --git a/lib/accounts.rb b/lib/accounts.rb
index ea754ce9..d6088bab 100644
--- a/lib/accounts.rb
+++ b/lib/accounts.rb
@@ -118,7 +118,11 @@ module Accounts
       end
 
     if (default_cert = cert_data['custom']&.find { |e| e['status'] == 'default' })
-      OpenSSL::PKCS12.new(Base64.urlsafe_decode64(default_cert['data']), default_cert['password'].to_s)
+      if default_cert['name'] == Docuseal::AATL_CERT_NAME
+        Docuseal.default_pkcs
+      else
+        OpenSSL::PKCS12.new(Base64.urlsafe_decode64(default_cert['data']), default_cert['password'].to_s)
+      end
     else
       GenerateCertificate.load_pkcs(cert_data)
     end
@@ -153,7 +157,9 @@ module Accounts
 
     default_pkcs = GenerateCertificate.load_pkcs(cert_data)
 
-    custom_certs = cert_data.fetch('custom', []).map do |e|
+    custom_certs = cert_data.fetch('custom', []).filter_map do |e|
+      next if e['data'].blank?
+
       OpenSSL::PKCS12.new(Base64.urlsafe_decode64(e['data']), e['password'].to_s)
     end
 
diff --git a/lib/docuseal.rb b/lib/docuseal.rb
index 50282975..2b3e283d 100644
--- a/lib/docuseal.rb
+++ b/lib/docuseal.rb
@@ -14,6 +14,7 @@ module Docuseal
   CHATGPT_URL = 'https://chatgpt.com/g/g-9hg8AAw0r-docuseal'
   SUPPORT_EMAIL = 'support@docuseal.co'
   HOST = ENV.fetch('HOST', 'localhost')
+  AATL_CERT_NAME = 'docuseal_aatl'
   CONSOLE_URL = if Rails.env.development?
                   'http://console.localhost.io:3001'
                 elsif ENV['MULTITENANT'] == 'true'
diff --git a/lib/submissions/generate_audit_trail.rb b/lib/submissions/generate_audit_trail.rb
index cd19e01d..bfb6b1b2 100644
--- a/lib/submissions/generate_audit_trail.rb
+++ b/lib/submissions/generate_audit_trail.rb
@@ -43,9 +43,11 @@ module Submissions
 
       document.trailer.info[:Creator] = "#{Docuseal.product_name} (#{Docuseal::PRODUCT_URL})"
 
+      last_submitter = submission.submitters.select(&:completed_at).max_by(&:completed_at)
+
       sign_params = {
         reason: sign_reason,
-        **Submissions::GenerateResultAttachments.build_signing_params(pkcs, tsa_url)
+        **Submissions::GenerateResultAttachments.build_signing_params(last_submitter, pkcs, tsa_url)
       }
 
       document.sign(io, **sign_params)
@@ -170,7 +172,7 @@ module Submissions
 
       composer.draw_box(divider)
 
-      last_submitter = submission.submitters.where.not(completed_at: nil).order(:completed_at).last
+      last_submitter = submission.submitters.select(&:completed_at).max_by(&:completed_at)
 
       documents_data = Submitters.select_attachments_for_download(last_submitter).map do |document|
         original_documents = submission.template.documents.select do |e|
diff --git a/lib/submissions/generate_combined_attachment.rb b/lib/submissions/generate_combined_attachment.rb
index 7234ff4e..5c728da3 100644
--- a/lib/submissions/generate_combined_attachment.rb
+++ b/lib/submissions/generate_combined_attachment.rb
@@ -19,7 +19,7 @@ module Submissions
 
       sign_params = {
         reason: sign_reason,
-        **Submissions::GenerateResultAttachments.build_signing_params(pkcs, tsa_url)
+        **Submissions::GenerateResultAttachments.build_signing_params(submitter, pkcs, tsa_url)
       }
 
       pdf.sign(io, **sign_params)
diff --git a/lib/submissions/generate_result_attachments.rb b/lib/submissions/generate_result_attachments.rb
index f4093bbd..bee00c74 100644
--- a/lib/submissions/generate_result_attachments.rb
+++ b/lib/submissions/generate_result_attachments.rb
@@ -454,7 +454,7 @@ module Submissions
       if sign_reason
         sign_params = {
           reason: sign_reason,
-          **build_signing_params(pkcs, tsa_url)
+          **build_signing_params(submitter, pkcs, tsa_url)
         }
 
         begin
@@ -491,7 +491,7 @@ module Submissions
       io
     end
 
-    def build_signing_params(pkcs, tsa_url)
+    def build_signing_params(_submitter, pkcs, tsa_url)
       params = {
         certificate: pkcs.certificate,
         key: pkcs.key,