From 3a97622acf4538cf8f2f87ee86f63c4a592a079b Mon Sep 17 00:00:00 2001 From: Vitor Mattos Date: Tue, 14 Jan 2025 07:48:09 -0300 Subject: [PATCH] fix: match signers from cert with signers from LibreSign Signed-off-by: Vitor Mattos --- lib/Controller/FileController.php | 2 + lib/Controller/PageController.php | 4 ++ lib/Controller/RequestSignatureController.php | 2 + lib/Service/FileService.php | 47 ++++++++++++++++--- 4 files changed, 49 insertions(+), 6 deletions(-) diff --git a/lib/Controller/FileController.php b/lib/Controller/FileController.php index 2a3d8e240..0efb5d608 100644 --- a/lib/Controller/FileController.php +++ b/lib/Controller/FileController.php @@ -133,6 +133,7 @@ public function validateBinary(): DataResponse { $return = $this->fileService ->setMe($this->userSession->getUser()) ->setFileFromRequest($file) + ->setHost($this->request->getServerHost()) ->showVisibleElements() ->showSigners() ->showSettings() @@ -207,6 +208,7 @@ public function validate(?string $type = null, $identifier = null): DataResponse $return = $this->fileService ->setMe($this->userSession->getUser()) ->setIdentifyMethodId($this->sessionService->getIdentifyMethodId()) + ->setHost($this->request->getServerHost()) ->showVisibleElements() ->showSigners() ->showSettings() diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index da3ddd4df..c272adcba 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -185,6 +185,7 @@ public function indexFPath(string $path): TemplateResponse { $this->fileService ->setFileByType('uuid', $matches['uuid']) ->setIdentifyMethodId($this->sessionService->getIdentifyMethodId()) + ->setHost($this->request->getServerHost()) ->setMe($this->userSession->getUser()) ->showVisibleElements() ->showSigners() @@ -289,6 +290,7 @@ public function sign(string $uuid): TemplateResponse { $this->initialState->provideInitialState('filename', $this->getFileEntity()->getName()); $file = $this->fileService ->setFile($this->getFileEntity()) + ->setHost($this->request->getServerHost()) ->setMe($this->userSession->getUser()) ->setIdentifyMethodId($this->sessionService->getIdentifyMethodId()) ->setSignRequest($this->getSignRequestEntity()) @@ -366,6 +368,7 @@ public function signAccountFile($uuid): TemplateResponse { $this->initialState->provideInitialState('filename', $fileEntity->getName()); $file = $this->fileService ->setFile($fileEntity) + ->setHost($this->request->getServerHost()) ->setMe($this->userSession->getUser()) ->setIdentifyMethodId($this->sessionService->getIdentifyMethodId()) ->showVisibleElements() @@ -580,6 +583,7 @@ public function validationFilePublic(string $uuid): TemplateResponse { $this->initialState->provideInitialState('file_info', $this->fileService ->setIdentifyMethodId($this->sessionService->getIdentifyMethodId()) + ->setHost($this->request->getServerHost()) ->showVisibleElements() ->showSigners() ->showSettings() diff --git a/lib/Controller/RequestSignatureController.php b/lib/Controller/RequestSignatureController.php index f089c1aea..46b2c9acf 100644 --- a/lib/Controller/RequestSignatureController.php +++ b/lib/Controller/RequestSignatureController.php @@ -77,6 +77,7 @@ public function request(array $file, array $users, string $name, ?string $callba $file = $this->requestSignatureService->save($data); $return = $this->fileService ->setFile($file) + ->setHost($this->request->getServerHost()) ->setMe($data['userManager']) ->showVisibleElements() ->showSigners() @@ -138,6 +139,7 @@ public function updateSign(?array $users = [], ?string $uuid = null, ?array $vis $file = $this->requestSignatureService->save($data); $return = $this->fileService ->setFile($file) + ->setHost($this->request->getServerHost()) ->setMe($data['userManager']) ->showVisibleElements() ->showSigners() diff --git a/lib/Service/FileService.php b/lib/Service/FileService.php index 8ae459709..62a33d4a3 100644 --- a/lib/Service/FileService.php +++ b/lib/Service/FileService.php @@ -53,6 +53,7 @@ class FileService { private bool $validateFile = false; private bool $signersLibreSignLoaded = false; private string $fileContent = ''; + private string $host = ''; private ?File $file = null; private ?SignRequest $signRequest = null; private ?IUser $me = null; @@ -145,6 +146,11 @@ public function setIdentifyMethodId(?int $id): self { return $this; } + public function setHost(string $host): self { + $this->host = $host; + return $this; + } + /** * @return static */ @@ -411,9 +417,6 @@ private function loadSignersFromCertData(): void { if (!empty($signer['chain'][0]['name'])) { $this->fileData->signers[$index]['subject'] = $signer['chain'][0]['name']; } - if (!empty($signer['chain'][0]['subject']['CN'])) { - $this->fileData->signers[$index]['displayName'] = $signer['chain'][0]['subject']['CN']; - } if (!empty($signer['chain'][0]['validFrom_time_t'])) { $this->fileData->signers[$index]['valid_from'] = $signer['chain'][0]['validFrom_time_t']; } @@ -432,11 +435,43 @@ private function loadSignersFromCertData(): void { } if (!empty($signer['chain'][0]['subject']['UID'])) { $this->fileData->signers[$index]['uid'] = $signer['chain'][0]['subject']['UID']; - } elseif (!empty($signer['chain'][0]['subject']['CN'])) { - if (preg_match('/^(?.*):(?.*), /', $signer['chain'][0]['subject']['CN'], $matches)) { - $signatureToShow['uid'] = $matches['key'] . ':' . $matches['value']; + } elseif (!empty($signer['chain'][0]['subject']['CN']) && preg_match('/^(?.*):(?.*), /', $signer['chain'][0]['subject']['CN'], $matches)) { + // Used by CFSSL + $this->fileData->signers[$index]['uid'] = $matches['key'] . ':' . $matches['value']; + } elseif (!empty($signer['chain'][0]['extensions']['subjectAltName'])) { + // Used by old certs of LibreSign + preg_match('/^(?(email|account)):(?.*)$/', $signer['chain'][0]['extensions']['subjectAltName'], $matches); + if ($matches) { + if (str_ends_with($matches['value'], $this->host)) { + $uid = str_replace('@' . $this->host, '', $matches['value']); + $userFound = $this->userManager->get($uid); + if ($userFound) { + $this->fileData->signers[$index]['uid'] = 'account:' . $uid; + } else { + $userFound = $this->userManager->getByEmail($matches['value']); + if ($userFound) { + $userFound = current($userFound); + $this->fileData->signers[$index]['uid'] = 'account:' . $userFound->getUID(); + } else { + $this->fileData->signers[$index]['uid'] = 'email:' . $matches['value']; + } + } + } else { + $userFound = $this->userManager->getByEmail($matches['value']); + if ($userFound) { + $userFound = current($userFound); + $this->fileData->signers[$index]['uid'] = 'account:' . $userFound->getUID(); + } else { + $this->fileData->signers[$index]['uid'] = $matches['key'] . ':' . $matches['value']; + } + } } } + if (!empty($signer['chain'][0]['subject']['CN'])) { + $this->fileData->signers[$index]['displayName'] = $signer['chain'][0]['subject']['CN']; + } elseif (!empty($this->fileData->signers[$index]['uid'])) { + $this->fileData->signers[$index]['displayName'] = $this->fileData->signers[$index]['uid']; + } for ($i = 1; $i < count($signer['chain']); $i++) { $this->fileData->signers[$index]['chain'][] = [ 'displayName' => $signer['chain'][$i]['name'],