feat: allow to change signature hash algorithm

The default hash algorithm of JSignPdf is SHA1 and with this change was defined SHA256 as default hash algorithm and make possible choose between the allowed algorithms: SHA1, SHA256, SHA384, SHA512, RIPEMD160. Signed-off-by: Vitor Mattos <[email protected]>
LibreSign · Dec 23, 2024 · 708edff · 708edff
1 parent 6ed4c7f
commit 708edff
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 0 deletions.
diff --git a/lib/Handler/JSignPdfHandler.php b/lib/Handler/JSignPdfHandler.php
@@ -54,6 +54,10 @@ public function getJSignParam(): JSignParam {
 				->setjSignPdfJarPath(
 					$this->appConfig->getAppValue('jsignpdf_jar_path', '/opt/jsignpdf-' . self::VERSION . '/JSignPdf.jar')
 				);
+			$parameters = $this->jSignParam->getJSignParameters();
+			$parameters .= ' --hash-algorithm ' . $this->getHashAlgorithm();
+			$parameters = trim($parameters);
+			$this->jSignParam->setJSignParameters($parameters);
 			if (!empty($javaPath)) {
 				if (!file_exists($javaPath)) {
 					throw new \Exception('Invalid Java binary. Run occ libresign:install --java');
@@ -64,6 +68,14 @@ public function getJSignParam(): JSignParam {
 		return $this->jSignParam;
 	}
 
+	private function getHashAlgorithm(): string {
+		$hashAlgorithm = $this->appConfig->getAppValue('signature_hash_algorithm', 'SHA256');
+		if (in_array($hashAlgorithm, ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'RIPEMD160'])) {
+			return $hashAlgorithm;
+		}
+		return 'SHA256';
+	}
+
 	/**
 	 * @psalm-suppress MixedReturnStatement
 	 */

diff --git a/src/views/Settings/Settings.vue b/src/views/Settings/Settings.vue
@@ -18,6 +18,7 @@
 		<IdentificationDocuments />
 		<CollectMetadata />
 		<DefaultUserFolder />
+		<SignatureHashAlgorithm />
 	</NcSettingsSection>
 </template>
 
@@ -36,6 +37,7 @@ import IdentificationFactors from './IdentificationFactors.vue'
 import LegalInformation from './LegalInformation.vue'
 import RootCertificateCfssl from './RootCertificateCfssl.vue'
 import RootCertificateOpenSsl from './RootCertificateOpenSsl.vue'
+import SignatureHashAlgorithm from './SignatureHashAlgorithm.vue'
 import Validation from './Validation.vue'
 
 export default {
@@ -55,6 +57,7 @@ export default {
 		IdentificationDocuments,
 		CollectMetadata,
 		DefaultUserFolder,
+		SignatureHashAlgorithm,
 	},
 	data() {
 		return {

diff --git a/src/views/Settings/SignatureHashAlgorithm.vue b/src/views/Settings/SignatureHashAlgorithm.vue
@@ -0,0 +1,76 @@
+<!--
+  - SPDX-FileCopyrightText: 2024 LibreCode coop and LibreCode contributors
+  - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+<template>
+	<NcSettingsSection :name="name" :description="description">
+		<NcSelect :key="idKey"
+			v-model="selected"
+			label="displayname"
+			:no-wrap="false"
+			:aria-label-combobox="description"
+			:close-on-select="false"
+			:disabled="loading"
+			:loading="loading"
+			required
+			:options="hashes"
+			:show-no-options="false"
+			@update:modelValue="saveSignatureHash" />
+	</NcSettingsSection>
+</template>
+
+<script>
+import axios from '@nextcloud/axios'
+import { translate as t } from '@nextcloud/l10n'
+import { confirmPassword } from '@nextcloud/password-confirmation'
+import { generateOcsUrl } from '@nextcloud/router'
+
+import NcSelect from '@nextcloud/vue/dist/Components/NcSelect.js'
+import NcSettingsSection from '@nextcloud/vue/dist/Components/NcSettingsSection.js'
+
+import '@nextcloud/password-confirmation/dist/style.css'
+
+export default {
+	name: 'SignatureHashAlgorithm',
+	components: {
+		NcSettingsSection,
+		NcSelect,
+	},
+
+	data: () => ({
+		name: t('libresign', 'Signature hash algorithm'),
+		description: t('libresign', 'Hash algorithm used for signature.'),
+		selected: [],
+		hashes: ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'RIPEMD160'],
+		loading: false,
+		idKey: 0,
+	}),
+
+	mounted() {
+		this.getData()
+	},
+
+	methods: {
+		async getData() {
+			this.loading = true
+			const response = await axios.get(
+				generateOcsUrl('/apps/provisioning_api/api/v1/config/apps/libresign/signature_hash_algorithm'),
+			)
+			this.selected = this.hashes.includes(response.data.ocs.data.data)
+				? response.data.ocs.data.data
+				: 'SHA256'
+			this.loading = false
+		},
+
+		async saveSignatureHash() {
+			await confirmPassword()
+
+			const selected = this.hashes.includes(this.selected) ? this.selected : 'SHA256'
+			OCP.AppConfig.setValue('libresign', 'signature_hash_algorithm', selected)
+			this.idKey += 1
+		},
+	},
+
+}
+</script>