Skip to content

Commit

Permalink
Merge pull request #3144 from LibreSign/fix/sign-setup
Browse files Browse the repository at this point in the history
Fix/sign setup
  • Loading branch information
vitormattos authored Jun 17, 2024
2 parents 2365040 + 4358759 commit c298b87
Show file tree
Hide file tree
Showing 12 changed files with 405 additions and 262 deletions.
44 changes: 2 additions & 42 deletions lib/Command/Base.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,50 +13,10 @@
use Psr\Log\LoggerInterface;

class Base extends CommandBase {
/** @var InstallService */
public $installService;

/** @var LoggerInterface */
protected $logger;

public function __construct(
InstallService $installService,
LoggerInterface $logger
public InstallService $installService,
protected LoggerInterface $logger
) {
parent::__construct();
$this->installService = $installService;
$this->logger = $logger;
}

protected function installJava(): void {
$this->installService->installJava();
}

protected function uninstallJava(): void {
$this->installService->uninstallJava();
}

protected function installJSignPdf(): void {
$this->installService->installJSignPdf();
}

protected function uninstallJSignPdf(): void {
$this->installService->uninstallJSignPdf();
}

protected function installPdftk(): void {
$this->installService->installPdftk();
}

protected function uninstallPdftk(): void {
$this->installService->uninstallPdftk();
}

protected function installCfssl(): void {
$this->installService->installCfssl();
}

protected function uninstallCfssl(): void {
$this->installService->uninstallCfssl();
}
}
13 changes: 9 additions & 4 deletions lib/Command/Developer/SignSetup.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

use OC\Core\Command\Base;
use OC\IntegrityCheck\Helpers\FileAccessHelper;
use OCA\Libresign\Service\Install\InstallService;
use OCA\Libresign\Service\Install\SignSetupService;
use OCP\IConfig;
use phpseclib\Crypt\RSA;
Expand All @@ -23,6 +24,7 @@ public function __construct(
private IConfig $config,
private FileAccessHelper $fileAccessHelper,
private SignSetupService $signSetupService,
private InstallService $installService,
) {
parent::__construct();
}
Expand All @@ -34,7 +36,7 @@ public function isEnabled(): bool {
protected function configure(): void {
$this
->setName('libresign:developer:sign-setup')
->setDescription('Clean all LibreSign data')
->setDescription('Sign the current setup')
->addOption('privateKey', null, InputOption::VALUE_REQUIRED, 'Path to private key to use for signing')
->addOption('certificate', null, InputOption::VALUE_REQUIRED, 'Path to certificate to use for signing')
;
Expand All @@ -44,11 +46,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
if (is_null($privateKeyPath) || is_null($keyBundlePath)) {
$output->writeln('This command requires the --path, --privateKey and --certificate.');
$output->writeln('This command requires --privateKey and --certificate.');
$output->writeln('Example: ./occ libresign:developer:sign-setup --privateKey="/libresign/private/myapp.key" --certificate="/libresign/public/mycert.crt"');
return 1;
}

$privateKey = $this->fileAccessHelper->file_get_contents((string) $privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents((string) $keyBundlePath);
if ($privateKey === false) {
Expand All @@ -67,8 +68,12 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
try {
$this->signSetupService->setCertificate($x509);
$this->signSetupService->setPrivateKey($rsa);
foreach ($this->signSetupService->getArchitectures() as $architecture) {
$this->signSetupService->writeAppSignature($x509, $rsa, $architecture);
foreach ($this->installService->getAvailableResources() as $resource) {
$this->signSetupService->writeAppSignature($architecture, $resource);
}
}
$output->writeln('Successfully signed');
} catch (\Exception $e) {
Expand Down
28 changes: 28 additions & 0 deletions lib/Command/Install.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,24 @@

namespace OCA\Libresign\Command;

use OCA\Libresign\Service\Install\InstallService;
use OCP\AppFramework\Services\IAppConfig;
use OCP\IConfig;
use Psr\Log\LoggerInterface;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;

class Install extends Base {
public function __construct(
InstallService $installService,
LoggerInterface $logger,
private IAppConfig $appConfig,
private IConfig $config,
) {
parent::__construct($installService, $logger);
}

protected function configure(): void {
$this
->setName('libresign:install')
Expand Down Expand Up @@ -53,6 +66,14 @@ protected function configure(): void {
mode: InputOption::VALUE_REQUIRED,
description: 'x86_64 or aarch64'
);
if ($this->config->getSystemValue('debug', false) === true) {
$this->addOption(
name: 'use-local-cert',
shortcut: null,
mode: InputOption::VALUE_NONE,
description: 'Use local cert'
);
}
}

protected function execute(InputInterface $input, OutputInterface $output): int {
Expand All @@ -64,6 +85,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int
if (in_array($architecture, ['x86_64', 'aarch64'])) {
$this->installService->setArchitecture($architecture);
}
if ($input->hasOption('use-local-cert') && $input->getOption('use-local-cert')) {
$this->installService->willUseLocalCert();
}
$all = $input->getOption('all');
if ($input->getOption('java') || $all) {
$this->installService->installJava();
Expand All @@ -78,7 +102,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$ok = true;
}
if ($input->getOption('cfssl') || $all) {
$currentEngine = $this->appConfig->getAppValue('certificate_engine', 'openssl');
$this->installService->installCfssl();
if ($currentEngine !== 'cfssl') {
$output->writeln('<comment>To use CFSSL, set the engine to cfssl with:</comment> config:app:set libresign certificate_engine --value cfssl');
}
$ok = true;
}
} catch (\Exception $e) {
Expand Down
12 changes: 12 additions & 0 deletions lib/Exception/EmptySignatureDataException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?php

declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2024 LibreCode coop and contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

namespace OCA\Libresign\Exception;

class EmptySignatureDataException extends \Exception {
}
12 changes: 12 additions & 0 deletions lib/Exception/SignatureDataNotFoundException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?php

declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2024 LibreCode coop and contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

namespace OCA\Libresign\Exception;

class SignatureDataNotFoundException extends \Exception {
}
24 changes: 21 additions & 3 deletions lib/Service/Install/ConfigureCheckService.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public function checkSign(): array {
public function checkJSignPdf(): array {
$jsignpdJarPath = $this->appConfig->getAppValue('jsignpdf_jar_path');
if ($jsignpdJarPath) {
if (count($this->signSetupService->verify($this->architecture, 'jsignpdf'))) {
if (count($this->verify('jsignpdf'))) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(
Expand Down Expand Up @@ -129,7 +129,7 @@ public function checkJSignPdf(): array {
public function checkPdftk(): array {
$pdftkPath = $this->appConfig->getAppValue('pdftk_path');
if ($pdftkPath) {
if (count($this->signSetupService->verify($this->architecture, 'pdftk'))) {
if (count($this->verify('pdftk'))) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(
Expand Down Expand Up @@ -200,6 +200,24 @@ public function checkPdftk(): array {
];
}

public function isDebugEnabled(): bool {
return $this->systemConfig->getValue('debug', false) === true;
}

private function verify(string $resource): array {
$this->signSetupService->willUseLocalCert($this->isDebugEnabled());
$result = $this->signSetupService->verify($this->architecture, $resource);
if (count($result) === 1 && $this->isDebugEnabled()) {
if (isset($result['SIGNATURE_DATA_NOT_FOUND'])) {
return [];
}
if (isset($result['EMPTY_SIGNATURE_DATA'])) {
return [];
}
}
return $result;
}

/**
* Check all requirements to use Java
*
Expand All @@ -208,7 +226,7 @@ public function checkPdftk(): array {
private function checkJava(): array {
$javaPath = $this->appConfig->getAppValue('java_path');
if ($javaPath) {
if (count($this->signSetupService->verify($this->architecture, 'java'))) {
if (count($this->verify('java'))) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(
Expand Down
Loading

0 comments on commit c298b87

Please sign in to comment.