Merge pull request #4191 from LibreSign/backport/4183/stable29

[stable29] feat: allow to change signature hash algorithm
LibreSign · Dec 24, 2024 · 52dcdbc · 52dcdbc
2 parents 77ba446 + c663c0a
commit 52dcdbc
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 3 deletions.
diff --git a/lib/Handler/JSignPdfHandler.php b/lib/Handler/JSignPdfHandler.php
@@ -80,6 +80,33 @@ public function getJSignParam(): JSignParam {
 		return $this->jSignParam;
 	}
 
+	private function getHashAlgorithm(): string {
+		/**
+		 * Need to respect the follow code:
+		 * https://github.com/intoolswetrust/jsignpdf/blob/JSignPdf_2_2_2/jsignpdf/src/main/java/net/sf/jsignpdf/types/HashAlgorithm.java#L46-L47
+		 */
+		$content = $this->getInputFile()->getContent();
+		if (!$content) {
+			return 'SHA1';
+		}
+		preg_match('/^%PDF-(?<version>\d+(\.\d+)?)/', $content, $match);
+		if (isset($match['version'])) {
+			$version = (float)$match['version'];
+			if ($version < 1.6) {
+				return 'SHA1';
+			}
+			if ($version < 1.7) {
+				return 'SHA256';
+			}
+		}
+
+		$hashAlgorithm = $this->appConfig->getAppValue('signature_hash_algorithm', 'SHA256');
+		if (in_array($hashAlgorithm, ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'RIPEMD160'])) {
+			return $hashAlgorithm;
+		}
+		return 'SHA256';
+	}
+
 	/**
 	 * @psalm-suppress MixedReturnStatement
 	 */
@@ -128,6 +155,13 @@ private function signUsingVisibleElements(): string {
 
 	private function signWrapper(JSignPDF $jSignPDF): string {
 		try {
+			$param = $this->getJSignParam();
+			$param
+				->setJSignParameters(
+					$this->jSignParam->getJSignParameters() .
+					' --hash-algorithm ' . $this->getHashAlgorithm()
+				);
+			$jSignPDF->setParam($param);
 			return $jSignPDF->sign();
 		} catch (\Throwable $th) {
 			$rows = str_getcsv($th->getMessage());

diff --git a/src/views/Settings/Settings.vue b/src/views/Settings/Settings.vue
@@ -36,6 +36,7 @@
 		<IdentificationDocuments />
 		<CollectMetadata />
 		<DefaultUserFolder />
+		<SignatureHashAlgorithm />
 	</NcSettingsSection>
 </template>
 
@@ -54,6 +55,7 @@ import IdentificationFactors from './IdentificationFactors.vue'
 import LegalInformation from './LegalInformation.vue'
 import RootCertificateCfssl from './RootCertificateCfssl.vue'
 import RootCertificateOpenSsl from './RootCertificateOpenSsl.vue'
+import SignatureHashAlgorithm from './SignatureHashAlgorithm.vue'
 import Validation from './Validation.vue'
 
 export default {
@@ -73,6 +75,7 @@ export default {
 		IdentificationDocuments,
 		CollectMetadata,
 		DefaultUserFolder,
+		SignatureHashAlgorithm,
 	},
 	data() {
 		return {

diff --git a/src/views/Settings/SignatureHashAlgorithm.vue b/src/views/Settings/SignatureHashAlgorithm.vue
@@ -0,0 +1,76 @@
+<!--
+  - SPDX-FileCopyrightText: 2024 LibreCode coop and LibreCode contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+<template>
+	<NcSettingsSection :name="name" :description="description">
+		<NcSelect :key="idKey"
+			v-model="selected"
+			label="displayname"
+			:no-wrap="false"
+			:aria-label-combobox="description"
+			:close-on-select="false"
+			:disabled="loading"
+			:loading="loading"
+			required
+			:options="hashes"
+			:show-no-options="false"
+			@update:modelValue="saveSignatureHash" />
+	</NcSettingsSection>
+</template>
+
+<script>
+import axios from '@nextcloud/axios'
+import { translate as t } from '@nextcloud/l10n'
+import { confirmPassword } from '@nextcloud/password-confirmation'
+import { generateOcsUrl } from '@nextcloud/router'
+
+import NcSelect from '@nextcloud/vue/dist/Components/NcSelect.js'
+import NcSettingsSection from '@nextcloud/vue/dist/Components/NcSettingsSection.js'
+
+import '@nextcloud/password-confirmation/dist/style.css'
+
+export default {
+	name: 'SignatureHashAlgorithm',
+	components: {
+		NcSettingsSection,
+		NcSelect,
+	},
+
+	data: () => ({
+		name: t('libresign', 'Signature hash algorithm'),
+		description: t('libresign', 'Hash algorithm used for signature.'),
+		selected: [],
+		hashes: ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'RIPEMD160'],
+		loading: false,
+		idKey: 0,
+	}),
+
+	mounted() {
+		this.getData()
+	},
+
+	methods: {
+		async getData() {
+			this.loading = true
+			const response = await axios.get(
+				generateOcsUrl('/apps/provisioning_api/api/v1/config/apps/libresign/signature_hash_algorithm'),
+			)
+			this.selected = this.hashes.includes(response.data.ocs.data.data)
+				? response.data.ocs.data.data
+				: 'SHA256'
+			this.loading = false
+		},
+
+		async saveSignatureHash() {
+			await confirmPassword()
+
+			const selected = this.hashes.includes(this.selected) ? this.selected : 'SHA256'
+			OCP.AppConfig.setValue('libresign', 'signature_hash_algorithm', selected)
+			this.idKey += 1
+		},
+	},
+
+}
+</script>
diff --git a/src/views/SignPDF/_partials/Sign.vue b/src/views/SignPDF/_partials/Sign.vue
@@ -279,9 +279,12 @@ export default {
 					}
 				})
 				.catch((err) => {
-					err.response.data.ocs.data.errors.forEach(err => {
-						showError(err)
-					})
+					const errors = err.response?.data?.ocs?.data?.errors
+					if (errors) {
+						errors.forEach(error => {
+							showError(error)
+						})
+					}
 				})
 			this.loading = false
 		},