From c9e255f5892034a3d195500f3560f99d8083de80 Mon Sep 17 00:00:00 2001
From: Alex Turchyn <lexfox777@gmail.com>
Date: Sat, 24 Jun 2023 12:27:34 +0300
Subject: [PATCH] add signature verification

---
 app/controllers/api/attachments_controller.rb |  2 +-
 app/controllers/esign_settings_controller.rb  | 31 ++++-----
 app/controllers/submit_form_controller.rb     |  4 +-
 app/javascript/elements/file_dropzone.js      | 51 +++++++-------
 app/javascript/submission_form/dropzone.vue   | 22 +++++-
 app/views/esign_settings/_result.html.erb     | 68 +++++++++++++++++++
 app/views/esign_settings/index.html.erb       | 41 ++++++++---
 app/views/icons/_certificate.html.erb         |  9 +++
 app/views/icons/_circle_check.html.erb        |  5 ++
 app/views/icons/_cloud_upload.html.erb        |  6 ++
 app/views/icons/_file_text.html.erb           |  8 +++
 app/views/icons/_lock_access.html.erb         |  9 +++
 app/views/icons/_user.html.erb                |  5 ++
 app/views/icons/_x_circle.html.erb            |  6 +-
 config/initializers/active_storage.rb         |  7 ++
 lib/generate_certificate.rb                   |  2 +-
 .../generate_result_attachments.rb            |  6 +-
 package.json                                  |  2 +-
 yarn.lock                                     |  8 +--
 19 files changed, 231 insertions(+), 61 deletions(-)
 create mode 100644 app/views/esign_settings/_result.html.erb
 create mode 100644 app/views/icons/_certificate.html.erb
 create mode 100644 app/views/icons/_circle_check.html.erb
 create mode 100644 app/views/icons/_cloud_upload.html.erb
 create mode 100644 app/views/icons/_file_text.html.erb
 create mode 100644 app/views/icons/_lock_access.html.erb
 create mode 100644 app/views/icons/_user.html.erb

diff --git a/app/controllers/api/attachments_controller.rb b/app/controllers/api/attachments_controller.rb
index fc17a9b1..9a297da7 100644
--- a/app/controllers/api/attachments_controller.rb
+++ b/app/controllers/api/attachments_controller.rb
@@ -12,7 +12,7 @@ module Api
       attachment = ActiveStorage::Attachment.create!(
         blob:,
         name: params[:name],
-        record: submitter || current_account
+        record: submitter
       )
 
       render json: attachment.as_json(only: %i[uuid], methods: %i[url filename content_type])
diff --git a/app/controllers/esign_settings_controller.rb b/app/controllers/esign_settings_controller.rb
index d0d307f7..4260b3a3 100644
--- a/app/controllers/esign_settings_controller.rb
+++ b/app/controllers/esign_settings_controller.rb
@@ -1,26 +1,25 @@
 # frozen_string_literal: true
 
 class EsignSettingsController < ApplicationController
-  before_action :load_encrypted_config
-
   def create
-    attachment = ActiveStorage::Attachment.find_by!(uuid: params[:attachment_uuid])
-
-    pdf = HexaPDF::Document.new(io: StringIO.new(attachment.download))
+    blobs =
+      params[:blob_signed_ids].map do |sid|
+        ActiveStorage::Blob.find_signed(sid)
+      end
 
-    pdf.signatures
-  end
+    pdfs =
+      blobs.map do |blob|
+        HexaPDF::Document.new(io: StringIO.new(blob.download))
+      end
 
-  private
+    cert = EncryptedConfig.find_by(account: current_account, key: EncryptedConfig::ESIGN_CERTS_KEY).value
 
-  def load_encrypted_config
-    @encrypted_config =
-      EncryptedConfig.find_or_initialize_by(account: current_account, key: EncryptedConfig::ESIGN_CERTS_KEY)
-  end
+    trusted_certs = [OpenSSL::X509::Certificate.new(cert['cert']),
+                     OpenSSL::X509::Certificate.new(cert['sub_ca']),
+                     OpenSSL::X509::Certificate.new(cert['root_ca'])]
 
-  def storage_configs
-    params.require(:encrypted_config).permit(value: {}).tap do |e|
-      e[:value].compact_blank!
-    end
+    render turbo_stream: turbo_stream.replace('result', partial: 'result', locals: { pdfs:, blobs:, trusted_certs: })
+  rescue HexaPDF::MalformedPDFError
+    render turbo_stream: turbo_stream.replace('result', html: helpers.tag.div('Invalid PDF', id: 'result'))
   end
 end
diff --git a/app/controllers/submit_form_controller.rb b/app/controllers/submit_form_controller.rb
index 2c5ad926..ef386e2c 100644
--- a/app/controllers/submit_form_controller.rb
+++ b/app/controllers/submit_form_controller.rb
@@ -10,6 +10,8 @@ class SubmitFormController < ApplicationController
       Submitter.preload(submission: { template: { documents_attachments: { preview_images_attachments: :blob } } })
                .find_by!(slug: params[:slug])
 
+    cookies.signed[:submitter_sid] = @submitter.signed_id
+
     redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at?
   end
 
@@ -18,7 +20,7 @@ class SubmitFormController < ApplicationController
     submitter.values.merge!(normalized_values)
     submitter.completed_at = Time.current if params[:completed] == 'true'
 
-    submitter.save
+    submitter.save!
 
     head :ok
   end
diff --git a/app/javascript/elements/file_dropzone.js b/app/javascript/elements/file_dropzone.js
index 24285b19..e6010337 100644
--- a/app/javascript/elements/file_dropzone.js
+++ b/app/javascript/elements/file_dropzone.js
@@ -6,8 +6,8 @@ import { target, targetable } from '@github/catalyst/lib/targetable'
 export default actionable(targetable(class extends HTMLElement {
   static [target.static] = [
     'loading',
-    'input',
-    'valueField'
+    'icon',
+    'input'
   ]
 
   connectedCallback () {
@@ -30,8 +30,16 @@ export default actionable(targetable(class extends HTMLElement {
     })
   }
 
+  toggleLoading () {
+    this.loading.classList.toggle('hidden')
+    this.icon.classList.toggle('hidden')
+    this.classList.toggle('opacity-50')
+  }
+
   async uploadFiles (files) {
-    const blobs = await Promise.all(
+    this.toggleLoading()
+
+    await Promise.all(
       Array.from(files).map(async (file) => {
         const upload = new DirectUpload(
           file,
@@ -53,29 +61,26 @@ export default actionable(targetable(class extends HTMLElement {
           console.error(error)
         })
       })
-    )
+    ).then((blobs) => {
+      if (this.dataset.submitOnUpload) {
+        this.querySelectorAll('[name="blob_signed_ids[]"]').forEach((e) => e.remove())
+      }
 
-    await Promise.all(
-      blobs.map((blob) => {
-        return fetch('/api/attachments', {
-          method: 'POST',
-          body: JSON.stringify({
-            name: this.dataset.name,
-            blob_signed_id: blob.signed_id,
-            submitter_slug: this.dataset.submitterSlug
-          }),
-          headers: { 'Content-Type': 'application/json' }
-        }).then(resp => resp.json()).then((data) => {
-          return data
-        })
-      })).then((result) => {
-      result.forEach((attachment) => {
-        if (this.valueField) {
-          this.valueField.value = attachment.uuid
-        }
+      blobs.forEach((blob) => {
+        const input = document.createElement('input')
 
-        this.dispatchEvent(new CustomEvent('upload', { detail: attachment }))
+        input.type = 'hidden'
+        input.name = 'blob_signed_ids[]'
+        input.value = blob.signed_id
+
+        this.append(input)
       })
+
+      if (this.dataset.submitOnUpload) {
+        this.closest('form').querySelector('button[type="submit"]').click()
+      }
+    }).finally(() => {
+      this.toggleLoading()
     })
   }
 }))
diff --git a/app/javascript/submission_form/dropzone.vue b/app/javascript/submission_form/dropzone.vue
index 8447a079..47fd7ba6 100644
--- a/app/javascript/submission_form/dropzone.vue
+++ b/app/javascript/submission_form/dropzone.vue
@@ -7,10 +7,18 @@
     <label
       :for="inputId"
       class="w-full relative bg-base-300 hover:bg-base-200 rounded-md border border-base-content border-dashed"
+      :class="{ 'opacity-50': isLoading }"
     >
       <div class="absolute top-0 right-0 left-0 bottom-0 flex items-center justify-center">
         <div class="flex flex-col items-center">
+          <IconInnerShadowTop
+            v-if="isLoading"
+            class="animate-spin"
+            :width="30"
+            :height="30"
+          />
           <IconCloudUpload
+            v-else
             :width="30"
             :height="30"
           />
@@ -40,12 +48,13 @@
 
 <script>
 import { DirectUpload } from '@rails/activestorage'
-import { IconCloudUpload } from '@tabler/icons-vue'
+import { IconCloudUpload, IconInnerShadowTop } from '@tabler/icons-vue'
 
 export default {
   name: 'FileDropzone',
   components: {
-    IconCloudUpload
+    IconCloudUpload,
+    IconInnerShadowTop
   },
   props: {
     message: {
@@ -68,6 +77,11 @@ export default {
     }
   },
   emits: ['upload'],
+  data () {
+    return {
+      isLoading: false
+    }
+  },
   computed: {
     inputId () {
       return 'el' + Math.random().toString(32).split('.')[1]
@@ -87,6 +101,8 @@ export default {
       })
     },
     async uploadFiles (files) {
+      this.isLoading = true
+
       const blobs = await Promise.all(
         Array.from(files).map(async (file) => {
           const upload = new DirectUpload(
@@ -126,6 +142,8 @@ export default {
           })
         })).then((result) => {
         this.$emit('upload', result)
+      }).finally(() => {
+        this.isLoading = false
       })
     }
   }
diff --git a/app/views/esign_settings/_result.html.erb b/app/views/esign_settings/_result.html.erb
new file mode 100644
index 00000000..461b1a47
--- /dev/null
+++ b/app/views/esign_settings/_result.html.erb
@@ -0,0 +1,68 @@
+<div id="result">
+  <% blobs.zip(pdfs).each do |blob, pdf| %>
+    <div class="mb-4 border border-base-300 rounded-md py-2 px-3">
+      <% if pdf.signatures.to_a.size == 0 %>
+        <div class="text-sm">
+          <%= blob.filename %>
+        </div>
+        <p class="text-xl font-medium">
+          There are no signatures...
+        </p>
+      <% else %>
+        <div class="flex items-center space-x-1 border-b border-dashed border-base-300 pb-2">
+          <%= svg_icon('file_text', class: 'w-5 h-5 inline') %>
+          <span><%= blob.filename %> - <%= pluralize(pdf.signatures.to_a.size, 'Signature') %></span>
+        </div>
+        <% pdf.signatures.to_a.each do |signature| %>
+          <div class="mt-3">
+            <div class="space-y-1 font-medium pb-2 text-xl">
+              <% signature.verify(trusted_certs:).messages.map(&:content).each do |message| %>
+                <p class="flex space-x-1 items-center">
+                  <% if message == 'Signature verification failed' %>
+                    <%= svg_icon('x_circle', class: 'w-6 h-6 text-red-500') %>
+                  <% elsif message == 'Signature valid' %>
+                    <%= svg_icon('circle_check', class: 'w-6 h-6 text-green-500') %>
+                  <% end %>
+                  <span>
+                    <%= message %>
+                  </span>
+                </p>
+                <% if message == 'Signature valid' %>
+                  <p class="flex space-x-1 items-center">
+                    <% if signature.signature_handler.signer_certificate.public_key.to_der == trusted_certs.first.public_key.to_der %>
+                      <%= svg_icon('circle_check', class: 'w-6 h-6 text-green-500') %>
+                      <span>
+                        Signed with DocuSeal Certificate
+                      </span>
+                    <% else %>
+                      <%= svg_icon('x_circle', class: 'w-6 h-6 text-red-500') %>
+                      <span>
+                        Signed with External Certificate
+                      </span>
+                    <% end %>
+                  </p>
+                <% end %>
+              <% end %>
+            </div>
+            <div class="flex items-center space-x-1">
+              <%= svg_icon('user', class: 'w-5 h-5 inline') %>
+              <span><%= signature.signing_reason %></span>
+            </div>
+            <div class="flex items-center space-x-1">
+              <%= svg_icon('calendar', class: 'w-5 h-5 inline') %>
+              <span><%= l(signature.signing_time, format: :long) %></span>
+            </div>
+            <div class="flex items-center space-x-1">
+              <%= svg_icon('certificate', class: 'w-5 h-5 inline') %>
+              <span><%= signature.signer_name %></span>
+            </div>
+            <div class="flex items-center space-x-1">
+              <%= svg_icon('lock_access', class: 'w-5 h-5 inline') %>
+              <span><%= signature.signature_type %></span>
+            </div>
+          </div>
+        <% end %>
+      <% end %>
+    </div>
+  <% end %>
+</div>
diff --git a/app/views/esign_settings/index.html.erb b/app/views/esign_settings/index.html.erb
index 97bb3c93..1d33c146 100644
--- a/app/views/esign_settings/index.html.erb
+++ b/app/views/esign_settings/index.html.erb
@@ -1,19 +1,40 @@
 <div class="flex flex-wrap space-y-4 md:flex-nowrap md:space-y-0">
   <%= render 'shared/settings_nav' %>
   <div class="flex-grow max-w-xl mx-auto">
-    <h1 class="text-4xl font-bold mb-4">eSign</h1>
-    <p>
-      Upload your electronic signature
-    </p>
+    <h1 class="text-4xl font-bold mb-4">Verify PDF Signature</h1>
+    <div id="result">
+      <p class="mb-2">
+        Upload signed PDF file to validate its signature:
+      </p>
+    </div>
     <%= form_for '', url: settings_esign_index_path, method: :post do |f| %>
-      <file-dropzone data-name="verify_attachments" class="">
-        <label for="file">
-          <input id="attachment_uuid" name="attachment_uuid" class="hidden" data-target="file-dropzone.valueField" type="text" autocomplete="off">
-          <input id="file" class="hidden" data-action="change:file-dropzone#onSelectFiles" data-target="file-dropzone.input" type="file">
-          Cick to upload
+      <%= f.button type: 'submit', class: 'flex' do %>
+        <div class="disabled mb-3">
+          <%= svg_icon('loader', class: 'w-5 h-5 animate-spin inline') %>
+          Analyzing...
+        </div>
+      <% end %>
+      <file-dropzone data-name="verify_attachments" data-submit-on-upload="true" class="w-full">
+        <label for="file" class="w-full block h-32 relative bg-base-300 hover:bg-base-200 rounded-md border border-base-content border-dashed">
+          <div class="absolute top-0 right-0 left-0 bottom-0 flex items-center justify-center">
+            <div class="flex flex-col items-center">
+              <span data-target="file-dropzone.icon">
+                <%= svg_icon('cloud_upload', class: 'w-10 h-10') %>
+              </span>
+              <span data-target="file-dropzone.loading" class="hidden">
+                <%= svg_icon('loader', class: 'w-10 h-10 animate-spin') %>
+              </span>
+              <div class="font-medium mb-1">
+                Verify Signed PDF
+              </div>
+              <div class="text-xs">
+                <span class="font-medium">Click to upload</span> or drag and drop
+              </div>
+            </div>
+            <input id="file" class="hidden" data-action="change:file-dropzone#onSelectFiles" data-target="file-dropzone.input" type="file" accept="application/pdf" multiple>
+          </div>
         </label>
       </file-dropzone>
-      <%= f.button button_title(title: 'Save', disabled_with: 'Saving') %>
     <% end %>
   </div>
   <div class="w-0 md:w-52"></div>
diff --git a/app/views/icons/_certificate.html.erb b/app/views/icons/_certificate.html.erb
new file mode 100644
index 00000000..28638de5
--- /dev/null
+++ b/app/views/icons/_certificate.html.erb
@@ -0,0 +1,9 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M15 15m-3 0a3 3 0 1 0 6 0a3 3 0 1 0 -6 0"></path>
+   <path d="M13 17.5v4.5l2 -1.5l2 1.5v-4.5"></path>
+   <path d="M10 19h-5a2 2 0 0 1 -2 -2v-10c0 -1.1 .9 -2 2 -2h14a2 2 0 0 1 2 2v10a2 2 0 0 1 -1 1.73"></path>
+   <path d="M6 9l12 0"></path>
+   <path d="M6 12l3 0"></path>
+   <path d="M6 15l2 0"></path>
+</svg>
diff --git a/app/views/icons/_circle_check.html.erb b/app/views/icons/_circle_check.html.erb
new file mode 100644
index 00000000..42cb3771
--- /dev/null
+++ b/app/views/icons/_circle_check.html.erb
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M12 12m-9 0a9 9 0 1 0 18 0a9 9 0 1 0 -18 0"></path>
+   <path d="M9 12l2 2l4 -4"></path>
+</svg>
diff --git a/app/views/icons/_cloud_upload.html.erb b/app/views/icons/_cloud_upload.html.erb
new file mode 100644
index 00000000..8110596f
--- /dev/null
+++ b/app/views/icons/_cloud_upload.html.erb
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M7 18a4.6 4.4 0 0 1 0 -9a5 4.5 0 0 1 11 2h1a3.5 3.5 0 0 1 0 7h-1"></path>
+   <path d="M9 15l3 -3l3 3"></path>
+   <path d="M12 12l0 9"></path>
+</svg>
diff --git a/app/views/icons/_file_text.html.erb b/app/views/icons/_file_text.html.erb
new file mode 100644
index 00000000..f198a58b
--- /dev/null
+++ b/app/views/icons/_file_text.html.erb
@@ -0,0 +1,8 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M14 3v4a1 1 0 0 0 1 1h4"></path>
+   <path d="M17 21h-10a2 2 0 0 1 -2 -2v-14a2 2 0 0 1 2 -2h7l5 5v11a2 2 0 0 1 -2 2z"></path>
+   <path d="M9 9l1 0"></path>
+   <path d="M9 13l6 0"></path>
+   <path d="M9 17l6 0"></path>
+</svg>
diff --git a/app/views/icons/_lock_access.html.erb b/app/views/icons/_lock_access.html.erb
new file mode 100644
index 00000000..7915748a
--- /dev/null
+++ b/app/views/icons/_lock_access.html.erb
@@ -0,0 +1,9 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M4 8v-2a2 2 0 0 1 2 -2h2"></path>
+   <path d="M4 16v2a2 2 0 0 0 2 2h2"></path>
+   <path d="M16 4h2a2 2 0 0 1 2 2v2"></path>
+   <path d="M16 20h2a2 2 0 0 0 2 -2v-2"></path>
+   <path d="M8 11m0 1a1 1 0 0 1 1 -1h6a1 1 0 0 1 1 1v3a1 1 0 0 1 -1 1h-6a1 1 0 0 1 -1 -1z"></path>
+   <path d="M10 11v-2a2 2 0 1 1 4 0v2"></path>
+</svg>
diff --git a/app/views/icons/_user.html.erb b/app/views/icons/_user.html.erb
new file mode 100644
index 00000000..ba0c0558
--- /dev/null
+++ b/app/views/icons/_user.html.erb
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M8 7a4 4 0 1 0 8 0a4 4 0 0 0 -8 0"></path>
+   <path d="M6 21v-2a4 4 0 0 1 4 -4h4a4 4 0 0 1 4 4v2"></path>
+</svg>
diff --git a/app/views/icons/_x_circle.html.erb b/app/views/icons/_x_circle.html.erb
index a7a5104c..7277bf78 100644
--- a/app/views/icons/_x_circle.html.erb
+++ b/app/views/icons/_x_circle.html.erb
@@ -1 +1,5 @@
-<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" class="<%= local_assigns[:class] %>" width="44" height="44" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
+   <path stroke="none" d="M0 0h24v24H0z" fill="none"></path>
+   <path d="M12 12m-9 0a9 9 0 1 0 18 0a9 9 0 1 0 -18 0"></path>
+   <path d="M10 10l4 4m0 -4l-4 4"></path>
+</svg>
diff --git a/config/initializers/active_storage.rb b/config/initializers/active_storage.rb
index 2cf7c277..dfcf4f1c 100644
--- a/config/initializers/active_storage.rb
+++ b/config/initializers/active_storage.rb
@@ -11,6 +11,13 @@ Rails.configuration.to_prepare do
     response.set_header('Cache-Control', 'public, max-age=31536000') if action_name == 'show'
   end
 
+  ActiveStorage::DirectUploadsController.before_action do
+    next if current_user
+    next if Submitter.find_signed(cookies.signed[:submitter_sid])
+
+    head :forbidden
+  end
+
   LoadActiveStorageConfigs.call
 rescue StandardError => e
   Rails.logger.error(e)
diff --git a/lib/generate_certificate.rb b/lib/generate_certificate.rb
index ae809a65..80436583 100644
--- a/lib/generate_certificate.rb
+++ b/lib/generate_certificate.rb
@@ -70,7 +70,7 @@ module GenerateCertificate
     key = OpenSSL::PKey::RSA.new(SIZE)
 
     cert = OpenSSL::X509::Certificate.new
-    cert.subject = OpenSSL::X509::Name.parse("/C=AT/O=#{name}/CN=#{name} Certificate")
+    cert.subject = OpenSSL::X509::Name.parse("/C=AT/O=#{name}/CN=#{name}")
     cert.issuer = ca_cert.subject
     cert.not_before = Time.current
     cert.not_after = 100.years.from_now
diff --git a/lib/submissions/generate_result_attachments.rb b/lib/submissions/generate_result_attachments.rb
index f0a4cfa8..646695d7 100644
--- a/lib/submissions/generate_result_attachments.rb
+++ b/lib/submissions/generate_result_attachments.rb
@@ -5,6 +5,8 @@ module Submissions
     FONT_SIZE = 11
     FONT_NAME = 'Helvetica'
 
+    INFO_CREATOR = 'DocuSeal (https://www.docuseal.co)'
+
     A4_SIZE = [595, 842].freeze
 
     module_function
@@ -165,7 +167,9 @@ module Submissions
     def save_signed_pdf(pdf:, submitter:, cert:, uuid:, name:)
       io = StringIO.new
 
-      pdf.sign(io, reason: "Signed by #{submitter.email}",
+      pdf.trailer[:Info][:Creator] = INFO_CREATOR
+
+      pdf.sign(io, reason: "Signed by #{submitter.email} with docuseal.co",
                    certificate: OpenSSL::X509::Certificate.new(cert['cert']),
                    key: OpenSSL::PKey::RSA.new(cert['key']),
                    certificate_chain: [OpenSSL::X509::Certificate.new(cert['sub_ca']),
diff --git a/package.json b/package.json
index 08ff389e..54560cdb 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
     "@babel/runtime": "7.21.5",
     "@github/catalyst": "^2.0.0-beta",
     "@hotwired/turbo-rails": "^7.3.0",
-    "@rails/activestorage": "^7.0.4-3",
+    "@rails/activestorage": "^7.0.0",
     "@tabler/icons-vue": "^2.20.0",
     "autoprefixer": "^10.4.14",
     "babel-loader": "9.1.2",
diff --git a/yarn.lock b/yarn.lock
index 362e97d5..fd71b634 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1119,10 +1119,10 @@
   resolved "https://registry.yarnpkg.com/@rails/actioncable/-/actioncable-7.0.4.tgz#70a3ca56809f7aaabb80af2f9c01ae51e1a8ed41"
   integrity sha512-tz4oM+Zn9CYsvtyicsa/AwzKZKL+ITHWkhiu7x+xF77clh2b4Rm+s6xnOgY/sGDWoFWZmtKsE95hxBPkgQQNnQ==
 
-"@rails/activestorage@^7.0.4-3":
-  version "7.0.4-3"
-  resolved "https://registry.yarnpkg.com/@rails/activestorage/-/activestorage-7.0.4-3.tgz#ffdc5cb3bfef842c80c42db03dc26d862b2e9e08"
-  integrity sha512-elTffC5AbJsnz5SV2UFTUBH9+nO1xWRBe+E7A8x+6kAr/3yv6s/yWOUjbxiPPzVPyiihxJXuZ5zpvCdzwBpksA==
+"@rails/activestorage@^7.0.0":
+  version "7.0.5"
+  resolved "https://registry.yarnpkg.com/@rails/activestorage/-/activestorage-7.0.5.tgz#0e8fe255a422e5cb9f4e673e02fca845f32a50c1"
+  integrity sha512-lTOlsVsjz1OYDFRD2SKNH9j2TOA/LTrrIPgRSKyyD3CvJnD1bc65PQt/z6qB1hGqYmtUiklns+SjVWb9xYEqaA==
   dependencies:
     spark-md5 "^3.0.1"