adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor sign params

Browse Source
pull/267/head
Pete Matsyburka 2 years ago
parent 71319c1548
commit 99341e773f
6 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File

3
app/controllers/verify_pdf_signature_controller.rb
Unescape View File

@ -27,7 +27,8 @@ class VerifyPdfSignatureController < ApplicationController
trusted_certs = [default_pkcs.certificate, trusted_certs = [default_pkcs.certificate,
*default_pkcs.ca_certs, *default_pkcs.ca_certs,
*custom_certs.map(&:certificate), *custom_certs.map(&:certificate),
*custom_certs.flat_map(&:ca_certs).compact] *custom_certs.flat_map(&:ca_certs).compact,
*Docuseal.trusted_certs]
render turbo_stream: turbo_stream.replace('result', partial: 'result', render turbo_stream: turbo_stream.replace('result', partial: 'result',
locals: { pdfs:, files: params[:files], trusted_certs: }) locals: { pdfs:, files: params[:files], trusted_certs: })

6
lib/accounts.rb
Unescape View File

@ -90,7 +90,11 @@ module Accounts
def load_signing_pkcs(account) def load_signing_pkcs(account)
cert_data = cert_data =
if Docuseal.multitenant? if Docuseal.multitenant?
EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || Docuseal::CERTS data = EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value
return Docuseal.default_pkcs if data.blank?
data
else else
EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value || EncryptedConfig.find_by(account:, key: EncryptedConfig::ESIGN_CERTS_KEY)&.value ||
EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY).value EncryptedConfig.find_by(key: EncryptedConfig::ESIGN_CERTS_KEY).value

11
lib/docuseal.rb
Unescape View File

@ -60,6 +60,17 @@ module Docuseal
ENV['ACTIVE_STORAGE_PUBLIC'] == 'true' ENV['ACTIVE_STORAGE_PUBLIC'] == 'true'
end end
def default_pkcs
@default_pkcs ||= GenerateCertificate.load_pkcs(Docuseal::CERTS)
end
def trusted_certs
@trusted_certs ||=
ENV['TRUSTED_CERTS'].to_s.split("\n\n").map do |base64|
OpenSSL::X509::Certificate.new(base64)
end
end
def default_url_options def default_url_options
return DEFAULT_URL_OPTIONS if multitenant? return DEFAULT_URL_OPTIONS if multitenant?

6
lib/generate_certificate.rb
Unescape View File

@ -3,6 +3,8 @@
module GenerateCertificate module GenerateCertificate
SIZE = 2**11 SIZE = 2**11
Pkcs12Struct = Struct.new(:certificate, :ca_certs, keyword_init: true)
module_function module_function
def call(name = Docuseal.product_name) def call(name = Docuseal.product_name)
@ -89,10 +91,12 @@ module GenerateCertificate
def load_pkcs(cert_data) def load_pkcs(cert_data)
cert = OpenSSL::X509::Certificate.new(cert_data['cert']) cert = OpenSSL::X509::Certificate.new(cert_data['cert'])
key = OpenSSL::PKey::RSA.new(cert_data['key']) key = OpenSSL::PKey::RSA.new(cert_data['key']) if cert_data['key'].present?
sub_ca = OpenSSL::X509::Certificate.new(cert_data['sub_ca']) sub_ca = OpenSSL::X509::Certificate.new(cert_data['sub_ca'])
root_ca = OpenSSL::X509::Certificate.new(cert_data['root_ca']) root_ca = OpenSSL::X509::Certificate.new(cert_data['root_ca'])
return Pkcs12Struct.new(certificate: cert, ca_certs: [sub_ca, root_ca]) unless key
OpenSSL::PKCS12.create( OpenSSL::PKCS12.create(
'', '',
'', '',

10
lib/submissions/generate_audit_trail.rb
Unescape View File

@ -296,17 +296,9 @@ module Submissions
sign_params = { sign_params = {
reason: SIGN_REASON, reason: SIGN_REASON,
certificate: pkcs.certificate, **Submissions::GenerateResultAttachments.build_signing_params(pkcs, tsa_url)
doc_mdp_permissions: :no_changes,
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
} }
if tsa_url
sign_params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
sign_params[:signature_size] = 10_000
end
composer.document.sign(io, **sign_params) composer.document.sign(io, **sign_params)
ActiveStorage::Attachment.create!( ActiveStorage::Attachment.create!(

24
lib/submissions/generate_result_attachments.rb
Unescape View File

@ -304,16 +304,9 @@ module Submissions
if sign_reason if sign_reason
sign_params = { sign_params = {
reason: sign_reason, reason: sign_reason,
certificate: pkcs.certificate, **build_signing_params(pkcs, tsa_url)
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
} }
if tsa_url
sign_params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
sign_params[:signature_size] = 10_000
end
begin begin
pdf.sign(io, write_options: { validate: false }, **sign_params) pdf.sign(io, write_options: { validate: false }, **sign_params)
rescue HexaPDF::MalformedPDFError => e rescue HexaPDF::MalformedPDFError => e
@ -342,6 +335,21 @@ module Submissions
) )
end end
def build_signing_params(pkcs, tsa_url)
params = {
certificate: pkcs.certificate,
key: pkcs.key,
certificate_chain: pkcs.ca_certs || []
}
if tsa_url
params[:timestamp_handler] = Submissions::TimestampHandler.new(tsa_url:)
params[:signature_size] = 10_000
end
params
end
def images_pdf_uuid(attachments) def images_pdf_uuid(attachments)
Digest::UUID.uuid_v5(Digest::UUID::OID_NAMESPACE, attachments.map(&:uuid).sort.join(':')) Digest::UUID.uuid_v5(Digest::UUID::OID_NAMESPACE, attachments.map(&:uuid).sort.join(':'))
end end

Write Preview
Loading…
Cancel
Save