adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor sign params

Browse Source
pull/267/head
Pete Matsyburka 2 years ago
parent 71319c1548
commit 99341e773f
6 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File

3
app/controllers/verify_pdf_signature_controller.rb
Unescape View File

@ -27,7 +27,8 @@ class VerifyPdfSignatureController < ApplicationController
trusted_certs = [default_pkcs.certificate,
*default_pkcs.ca_certs,
*custom_certs.map(&:certificate),
*custom_certs.flat_map(&:ca_certs).compact]
*custom_certs.flat_map(&:ca_certs).compact,
*Docuseal.trusted_certs]
render turbo_stream: turbo_stream.replace('result', partial: 'result',
locals: { pdfs:, files: params[:files], trusted_certs: })

6
lib/accounts.rb
Unescape View File

@ -90,7 +90,11 @@ module Accounts
def load_signing_pkcs(account)
cert_data =
if Docuseal.multitenant?
EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || Docuseal::CERTS
data = EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value
return Docuseal.default_pkcs if data.blank?
data
else
EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value ||
EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY).value

11
lib/docuseal.rb
Unescape View File

@ -60,6 +60,17 @@ module Docuseal
ENV['ACTIVE_STORAGE_PUBLIC'] == 'true'
end
def default_pkcs
@default_pkcs ||= GenerateCertificate.load_pkcs(Docuseal::CERTS)
end
def trusted_certs
@trusted_certs ||=
ENV['TRUSTED_CERTS'].to_s.split("\n\n").map do |base64|
OpenSSL::X509::Certificate.new(base64)
end
end
def default_url_options
return DEFAULT_URL_OPTIONS if multitenant?

6
lib/generate_certificate.rb
Unescape View File

@ -3,6 +3,8 @@
module GenerateCertificate
SIZE = 2**11
Pkcs12Struct = Struct.new(:certificate, :ca_certs, keyword_init: true)
module_function
def call(name = Docuseal.product_name)
@ -89,10 +91,12 @@ module GenerateCertificate
def load_pkcs(cert_data)
cert = OpenSSL::X509::Certificate.new(cert_data['cert'])
key = OpenSSL::PKey::RSA.new(cert_data['key'])
key = OpenSSL::PKey::RSA.new(cert_data['key']) if cert_data['key'].present?
sub_ca = OpenSSL::X509::Certificate.new(cert_data['sub_ca'])
root_ca = OpenSSL::X509::Certificate.new(cert_data['root_ca'])
return Pkcs12Struct.new(certificate: cert, ca_certs: [sub_ca, root_ca]) unless key
OpenSSL::PKCS12.create(
'',
'',

10
lib/submissions/generate_audit_trail.rb
Unescape View File

@ -296,17 +296,9 @@ module Submissions
sign_params = {
reason: SIGN_REASON,
certificate: pkcs.certificate,
doc_mdp_permissions: :no_changes,
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
**Submissions::GenerateResultAttachments.build_signing_params(pkcs, tsa_url)
}
if tsa_url
sign_params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
sign_params[:signature_size] = 10_000
end
composer.document.sign(io, **sign_params)
ActiveStorage::Attachment.create!(

24
lib/submissions/generate_result_attachments.rb
Unescape View File

@ -304,16 +304,9 @@ module Submissions
if sign_reason
sign_params = {
reason: sign_reason,
certificate: pkcs.certificate,
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
**build_signing_params(pkcs, tsa_url)
}
if tsa_url
sign_params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
sign_params[:signature_size] = 10_000
end
begin
pdf.sign(io, write_options: { validate: false }, **sign_params)
rescue HexaPDF::MalformedPDFError => e
@ -342,6 +335,21 @@ module Submissions
)
end
def build_signing_params(pkcs, tsa_url)
params = {
certificate: pkcs.certificate,
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
}
if tsa_url
params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
params[:signature_size] = 10_000
end
params
end
def images_pdf_uuid(attachments)
Digest::UUID.uuid_v5(Digest::UUID::OID_NAMESPACE, attachments.map(&:uuid).sort.join(':'))
end

Write Preview
Loading…
Cancel
Save