Merge pull request #4305 from LibreSign/backport/4302/stable30

[stable30] fix: match signers from cert with signers from LibreSign
LibreSign · Jan 14, 2025 · 64ad4ef · 64ad4ef
2 parents 7506c7d + 3a97622
commit 64ad4ef
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 6 deletions.
diff --git a/lib/Controller/FileController.php b/lib/Controller/FileController.php
@@ -133,6 +133,7 @@ public function validateBinary(): DataResponse {
 			$return = $this->fileService
 				->setMe($this->userSession->getUser())
 				->setFileFromRequest($file)
+				->setHost($this->request->getServerHost())
 				->showVisibleElements()
 				->showSigners()
 				->showSettings()
@@ -207,6 +208,7 @@ public function validate(?string $type = null, $identifier = null): DataResponse
 			$return = $this->fileService
 				->setMe($this->userSession->getUser())
 				->setIdentifyMethodId($this->sessionService->getIdentifyMethodId())
+				->setHost($this->request->getServerHost())
 				->showVisibleElements()
 				->showSigners()
 				->showSettings()

diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -185,6 +185,7 @@ public function indexFPath(string $path): TemplateResponse {
 					$this->fileService
 						->setFileByType('uuid', $matches['uuid'])
 						->setIdentifyMethodId($this->sessionService->getIdentifyMethodId())
+						->setHost($this->request->getServerHost())
 						->setMe($this->userSession->getUser())
 						->showVisibleElements()
 						->showSigners()
@@ -289,6 +290,7 @@ public function sign(string $uuid): TemplateResponse {
 		$this->initialState->provideInitialState('filename', $this->getFileEntity()->getName());
 		$file = $this->fileService
 			->setFile($this->getFileEntity())
+			->setHost($this->request->getServerHost())
 			->setMe($this->userSession->getUser())
 			->setIdentifyMethodId($this->sessionService->getIdentifyMethodId())
 			->setSignRequest($this->getSignRequestEntity())
@@ -366,6 +368,7 @@ public function signAccountFile($uuid): TemplateResponse {
 		$this->initialState->provideInitialState('filename', $fileEntity->getName());
 		$file = $this->fileService
 			->setFile($fileEntity)
+			->setHost($this->request->getServerHost())
 			->setMe($this->userSession->getUser())
 			->setIdentifyMethodId($this->sessionService->getIdentifyMethodId())
 			->showVisibleElements()
@@ -580,6 +583,7 @@ public function validationFilePublic(string $uuid): TemplateResponse {
 		$this->initialState->provideInitialState('file_info',
 			$this->fileService
 				->setIdentifyMethodId($this->sessionService->getIdentifyMethodId())
+				->setHost($this->request->getServerHost())
 				->showVisibleElements()
 				->showSigners()
 				->showSettings()

diff --git a/lib/Controller/RequestSignatureController.php b/lib/Controller/RequestSignatureController.php
@@ -77,6 +77,7 @@ public function request(array $file, array $users, string $name, ?string $callba
 			$file = $this->requestSignatureService->save($data);
 			$return = $this->fileService
 				->setFile($file)
+				->setHost($this->request->getServerHost())
 				->setMe($data['userManager'])
 				->showVisibleElements()
 				->showSigners()
@@ -138,6 +139,7 @@ public function updateSign(?array $users = [], ?string $uuid = null, ?array $vis
 			$file = $this->requestSignatureService->save($data);
 			$return = $this->fileService
 				->setFile($file)
+				->setHost($this->request->getServerHost())
 				->setMe($data['userManager'])
 				->showVisibleElements()
 				->showSigners()

diff --git a/lib/Service/FileService.php b/lib/Service/FileService.php
@@ -53,6 +53,7 @@ class FileService {
 	private bool $validateFile = false;
 	private bool $signersLibreSignLoaded = false;
 	private string $fileContent = '';
+	private string $host = '';
 	private ?File $file = null;
 	private ?SignRequest $signRequest = null;
 	private ?IUser $me = null;
@@ -145,6 +146,11 @@ public function setIdentifyMethodId(?int $id): self {
 		return $this;
 	}
 
+	public function setHost(string $host): self {
+		$this->host = $host;
+		return $this;
+	}
+
 	/**
 	 * @return static
 	 */
@@ -411,9 +417,6 @@ private function loadSignersFromCertData(): void {
 			if (!empty($signer['chain'][0]['name'])) {
 				$this->fileData->signers[$index]['subject'] = $signer['chain'][0]['name'];
 			}
-			if (!empty($signer['chain'][0]['subject']['CN'])) {
-				$this->fileData->signers[$index]['displayName'] = $signer['chain'][0]['subject']['CN'];
-			}
 			if (!empty($signer['chain'][0]['validFrom_time_t'])) {
 				$this->fileData->signers[$index]['valid_from'] = $signer['chain'][0]['validFrom_time_t'];
 			}
@@ -432,11 +435,43 @@ private function loadSignersFromCertData(): void {
 			}
 			if (!empty($signer['chain'][0]['subject']['UID'])) {
 				$this->fileData->signers[$index]['uid'] = $signer['chain'][0]['subject']['UID'];
-			} elseif (!empty($signer['chain'][0]['subject']['CN'])) {
-				if (preg_match('/^(?<key>.*):(?<value>.*), /', $signer['chain'][0]['subject']['CN'], $matches)) {
-					$signatureToShow['uid'] = $matches['key'] . ':' . $matches['value'];
+			} elseif (!empty($signer['chain'][0]['subject']['CN']) && preg_match('/^(?<key>.*):(?<value>.*), /', $signer['chain'][0]['subject']['CN'], $matches)) {
+				// Used by CFSSL
+				$this->fileData->signers[$index]['uid'] = $matches['key'] . ':' . $matches['value'];
+			} elseif (!empty($signer['chain'][0]['extensions']['subjectAltName'])) {
+				// Used by old certs of LibreSign
+				preg_match('/^(?<key>(email|account)):(?<value>.*)$/', $signer['chain'][0]['extensions']['subjectAltName'], $matches);
+				if ($matches) {
+					if (str_ends_with($matches['value'], $this->host)) {
+						$uid = str_replace('@' . $this->host, '', $matches['value']);
+						$userFound = $this->userManager->get($uid);
+						if ($userFound) {
+							$this->fileData->signers[$index]['uid'] = 'account:' . $uid;
+						} else {
+							$userFound = $this->userManager->getByEmail($matches['value']);
+							if ($userFound) {
+								$userFound = current($userFound);
+								$this->fileData->signers[$index]['uid'] = 'account:' . $userFound->getUID();
+							} else {
+								$this->fileData->signers[$index]['uid'] = 'email:' . $matches['value'];
+							}
+						}
+					} else {
+						$userFound = $this->userManager->getByEmail($matches['value']);
+						if ($userFound) {
+							$userFound = current($userFound);
+							$this->fileData->signers[$index]['uid'] = 'account:' . $userFound->getUID();
+						} else {
+							$this->fileData->signers[$index]['uid'] = $matches['key'] . ':' . $matches['value'];
+						}
+					}
 				}
 			}
+			if (!empty($signer['chain'][0]['subject']['CN'])) {
+				$this->fileData->signers[$index]['displayName'] = $signer['chain'][0]['subject']['CN'];
+			} elseif (!empty($this->fileData->signers[$index]['uid'])) {
+				$this->fileData->signers[$index]['displayName'] = $this->fileData->signers[$index]['uid'];
+			}
 			for ($i = 1; $i < count($signer['chain']); $i++) {
 				$this->fileData->signers[$index]['chain'][] = [
 					'displayName' => $signer['chain'][$i]['name'],