Implement pdf signing on the client

new library function signPdf(passportUUID /*string*/, pdfRaw /*array buffer|Uint8Array*/)

Implement pdf signing on the client
0c87bfd1 · Damyan Mitev · Sasha Ilieva · 6821eb90 · 0c87bfd1 · 0c87bfd1
Commit 0c87bfd1 authored 6 years ago by Damyan Mitev Committed by Sasha Ilieva 6 years ago
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,6 @@ bin/
 Gopkg.lock
 vendor/
 temp/
-yarn-error.log
\ No newline at end of file
+yarn-error.log
+/.project
+cmake-build-debug/
--- a/javascript/src/iframe/viamapi-iframe.js
+++ b/javascript/src/iframe/viamapi-iframe.js
@@ -16,6 +16,9 @@ import {
  decryptMessage,
  encryptMessage, signEmail
 } from '../utilities/signingUtilities';
+import {
+  signPdf
+} from '../utilities/pdfUtilities';
 import CryptoData from '../CryptoData';
 import Identity from '../Identity';
 import {STATUS_DEVICE_REVOKED} from '../constants/statuses';
@@ -929,6 +932,64 @@ const connection = Penpal.connectToParent({

      return encodeResponse("200", response.data, "Email signed");
    },
+    signPdf: async (passportUUID, pdfRaw /*array buffer*/) => {
+
+        //TODO api is not finished
+
+        const authenticationPublicKey = localStorage.getItem("authenticatedIdentity");
+
+        if (
+            !authenticationPublicKey ||
+            !window.loadedIdentities[authenticationPublicKey] ||
+            !extendPinCodeTtl(authenticationPublicKey)
+        ) {
+            return encodeResponse("400", "", "Identity not authenticated");
+        }
+
+        let response = await getCertificateForPassport(passportUUID, true);
+
+        if (response.code !== "200") {
+            return encodeResponse("400", "", response.status);
+        }
+
+        const {
+            x509Certificate: passportCertificate,
+            privateKey: passportPrivateKey,
+            chain: passportChain
+        } = response.data;
+
+        const keys =
+            await createOneTimePassportCertificate(
+                makeid() + "-" + passportUUID, null, passportPrivateKey, passportCertificate);
+
+        const { privateKeyPEM: privateKeyOneTime, certificatePEM: certificateOneTime } = keys;
+
+        passportChain.push(passportCertificate);
+
+        const signedPdf = await signPdf(pdfRaw, certificateOneTime, passportChain, privateKeyOneTime);
+
+        //for test
+        response.data.signedPdf = signedPdf;
+        //for test
+
+        // response = await executeRestfulFunction(
+        //     "private", window.viamApi, window.viamApi.passportGetEmailWithHeaderByPassport, null, passportUUID, emailMessage);
+        //
+        // if (response.code !== "200") {
+        //     return encodeResponse("400", "", response.status);
+        // }
+        //
+        // const signedEmail = await signEmail(response.data, certificateOneTime, passportChain, privateKeyOneTime);
+        //
+        // response = await executeRestfulFunction(
+        //     "private", window.viamApi, window.viamApi.signResignEmail, null, passportUUID, signedEmail);
+        //
+        // if (response.code !== "200") {
+        //     return encodeResponse("400", "", response.status);
+        // }
+
+        return encodeResponse("200", response.data, "PDF signed");
+    },
    documentCreateDocument: async (path, passportUUID, contenttype) => {
      const authenticationPublicKey = localStorage.getItem("authenticatedIdentity");
      if (

--- a/javascript/src/lib/pdfjs.parser.js
+++ b/javascript/src/lib/pdfjs.parser.js
--- a/javascript/src/utilities/pdfUtilities.js
+++ b/javascript/src/utilities/pdfUtilities.js
--- a/javascript/src/utilities/signingUtilities.js
+++ b/javascript/src/utilities/signingUtilities.js
@@ -494,7 +494,7 @@ function decodePEM(pemString) {
 }

 //*********************************************************************************
-function parseCertificate(certificatePEM) {
+export function parseCertificate(certificatePEM) {
  const certificateBuffer = decodePEM(certificatePEM);
  const asn1 = asn1js.fromBER(certificateBuffer);
  const certificate = new pkijs.Certificate({ schema: asn1.result });
@@ -541,7 +541,7 @@ export function decryptMessage(message, password) {
 }

 //*********************************************************************************
-function parsePrivateKey(privateKeyPEM) {
+export function parsePrivateKey(privateKeyPEM) {
  const privateKeyBuffer = decodePEM(privateKeyPEM);
  const crypto = pkijs.getCrypto();
  const privateKeyPromise = crypto.importKey(
@@ -589,58 +589,36 @@ export function createPassportCertificate(commonNameArg) {

 export function createOneTimePassportCertificate(commonNameArg, emailArg, privateKeyIssuerArg, certicateIssuerArg) {
  var certData = null;
-  if(emailArg != null && emailArg !== "") {
-    certData = {
-      algorithms: {
-        hashAlg: "SHA-256",
-        signAlg: "RSASSA-PKCS1-v1_5",
-        keyLength: 2048
-      },
-      //keyPair: generateKeys(), //optional , if provided must be object or promise that resolves to object {publicKey, prvateKey}. If it is not provided, new ones are generated automatically
-      subject: {
-        commonName: commonNameArg + "-onetime", //optional for leaf, recommended for CA
-        country: "CH", //optional for leaf, recommended for CA
-        locality: "Zug", //optional for leaf, recommended for CA
-        state: "Zug", //optional for leaf, recommended for CA
-        organization: "Vereign AG", //optional for leaf, recommended for CA
-        organizationUnit:"Business Dep", //optional for leaf, recommended for CA
-        email: emailArg, // added to DN and Subject Alternative Name extension. Optional for CA. Mandatory for leaf certificate, used for email protection
-        //url: "www.vereign.com" // optional url, recommended for CA, added to Subject Alternative Name extension
-      },
-      validity: {
-        //notBefore: new Date() // optional, defaults to today at 00:00:00
-        //notAfter: new Date()  // optional, defaults to notBefore + validYears at 23:59:59
-        validYears: 5 //optional, defaults to 1
-      },
-      isCA: false // optional flag denoting if this is CA certificate or leaf certificate, defaults to false
-    }
-  } else {
-    certData = {
-      algorithms: {
-        hashAlg: "SHA-256",
-        signAlg: "RSASSA-PKCS1-v1_5",
-        keyLength: 2048
-      },
-      //keyPair: generateKeys(), //optional , if provided must be object or promise that resolves to object {publicKey, prvateKey}. If it is not provided, new ones are generated automatically
-      subject: {
-        commonName: commonNameArg + "-onetime", //optional for leaf, recommended for CA
-        country: "CH", //optional for leaf, recommended for CA
-        locality: "Zug", //optional for leaf, recommended for CA
-        state: "Zug", //optional for leaf, recommended for CA
-        organization: "Vereign AG", //optional for leaf, recommended for CA
-        organizationUnit:"Business Dep", //optional for leaf, recommended for CA
-        //email: emailArg, // added to DN and Subject Alternative Name extension. Optional for CA. Mandatory for leaf certificate, used for email protection
-        //url: "www.vereign.com" // optional url, recommended for CA, added to Subject Alternative Name extension
-      },
-      validity: {
-        //notBefore: new Date() // optional, defaults to today at 00:00:00
-        //notAfter: new Date()  // optional, defaults to notBefore + validYears at 23:59:59
-        validYears: 5 //optional, defaults to 1
-      },
-      isCA: false // optional flag denoting if this is CA certificate or leaf certificate, defaults to false
-    }
+  if(emailArg != null && emailArg == "") {
+      emailArg = null;
  }

+  certData = {
+    algorithms: {
+      hashAlg: "SHA-256",
+      signAlg: "RSASSA-PKCS1-v1_5",
+      keyLength: 2048
+    },
+    //keyPair: generateKeys(), //optional , if provided must be object or promise that resolves to object {publicKey, prvateKey}. If it is not provided, new ones are generated automatically
+    subject: {
+      commonName: commonNameArg + "-onetime", //optional for leaf, recommended for CA
+      country: "CH", //optional for leaf, recommended for CA
+      locality: "Zug", //optional for leaf, recommended for CA
+      state: "Zug", //optional for leaf, recommended for CA
+      organization: "Vereign AG", //optional for leaf, recommended for CA
+      organizationUnit:"Business Dep", //optional for leaf, recommended for CA
+      email: emailArg, // added to DN and Subject Alternative Name extension. Optional for CA. Mandatory for leaf certificate, used for email protection
+      //url: "www.vereign.com" // optional url, recommended for CA, added to Subject Alternative Name extension
+    },
+    validity: {
+      //notBefore: new Date() // optional, defaults to today at 00:00:00
+      //notAfter: new Date()  // optional, defaults to notBefore + validYears at 23:59:59
+      validYears: 5 //optional, defaults to 1
+    },
+    isCA: false // optional flag denoting if this is CA certificate or leaf certificate, defaults to false
+  }
+
+
  return parsePrivateKey(privateKeyIssuerArg).then(privateKeyDecoded => {
    const issuerData = {
      certificate: parseCertificate(certicateIssuerArg),// vereignCACertPEM),