mirror of
https://github.com/24eme/signaturepdf
synced 2024-05-21 15:16:37 +02:00
Modification cryptography, fix several issues that made the choice
between cryptic and non cryptic impossible
This commit is contained in:
Tanguy Le Faucheur
parent
7c0c5ffbfe
commit
1b8a037f3c
45
app.php
45
app.php
|
|
@ -49,6 +49,10 @@ if ($f3->get('GET.lang')) {
|
|||
selectLanguage($f3->get('LANGUAGE'), $f3);
|
||||
}
|
||||
|
||||
if (!$f3->exists('PDF_STORAGE_ENCRYPTION')) {
|
||||
$f3->set('PDF_STORAGE_ENCRYPTION', CryptographyClass::isGpgInstalled());
|
||||
}
|
||||
|
||||
$domain = basename(glob($f3->get('ROOT')."/locale/application_*.pot")[0], '.pot');
|
||||
|
||||
bindtextdomain($domain, $f3->get('ROOT')."/locale");
|
||||
|
|
@ -82,14 +86,6 @@ $f3->route('GET /signature',
|
|||
$f3->set('noSharingMode', true);
|
||||
}
|
||||
|
||||
if (!$f3->exists('PDF_STORAGE_ENCRYPTION')) {
|
||||
if (CryptographyClass::isGpgInstalled() == true) {
|
||||
$f3->set('PDF_STORAGE_ENCRYPTION', 'true');
|
||||
} else {
|
||||
$f3->set('PDF_STORAGE_ENCRYPTION', '');
|
||||
}
|
||||
}
|
||||
|
||||
$f3->set('activeTab', 'sign');
|
||||
|
||||
echo View::instance()->render('signature.html.php');
|
||||
|
|
@ -250,14 +246,17 @@ $f3->route('POST /share',
|
|||
array_map('cryptographyClass::hardUnlink', glob($tmpfile."*.svg"));
|
||||
}
|
||||
|
||||
$symmetricKey = $_COOKIE[$hash];
|
||||
$encryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
if (!$encryptor->encrypt()) {
|
||||
$f3->error(403);
|
||||
};
|
||||
$symmetricKey = "";
|
||||
if (isset($_COOKIE[$hash])) {
|
||||
$symmetricKey = "#sk:" . $_COOKIE[$hash];
|
||||
$encryptor = new CryptographyClass($_COOKIE[$hash], $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
if (!$encryptor->encrypt()) {
|
||||
shell_exec("rm -rf $sharingFolder");
|
||||
$f3->error(500);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetricKey);
|
||||
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash.$symmetricKey);
|
||||
}
|
||||
|
||||
);
|
||||
|
|
@ -267,10 +266,13 @@ $f3->route('GET /signature/@hash/pdf',
|
|||
$f3->set('activeTab', 'sign');
|
||||
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
|
||||
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
|
||||
|
||||
$cryptor = new CryptographyClass(CryptographyClass::protectSymmetricKey($_COOKIE[$hash]), $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
$symmetricKey = null;
|
||||
if (isset($_COOKIE[$hash])) {
|
||||
$symmetricKey = CryptographyClass::protectSymmetricKey($_COOKIE[$hash]);
|
||||
}
|
||||
$cryptor = new CryptographyClass($symmetricKey, $f3->get('PDF_STORAGE_PATH').$hash);
|
||||
if ($cryptor->decrypt() == false) {
|
||||
$f3->error(403);
|
||||
$f3->error(500);
|
||||
}
|
||||
|
||||
$files = scandir($sharingFolder);
|
||||
|
|
@ -296,13 +298,14 @@ $f3->route('GET /signature/@hash/pdf',
|
|||
shell_exec(sprintf("pdftk %s multistamp %s output %s", $finalFile, $layerFile, $bufferFile));
|
||||
rename($bufferFile, $finalFile);
|
||||
}
|
||||
Web::instance()->send($finalFile, null, 0, TRUE, $filename);
|
||||
|
||||
$cryptor->encrypt($hash);
|
||||
|
||||
if ($symmetricKey) {
|
||||
$cryptor->encrypt($hash);
|
||||
}
|
||||
if($f3->get('DEBUG')) {
|
||||
return;
|
||||
}
|
||||
|
||||
array_map('unlink', glob($finalFile."*"));
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -193,4 +193,3 @@ cat <<EOF >>/var/www/signaturepdf/config/config.ini
|
|||
PDF_STORAGE_PATH=/var/www/signaturepdf/tmp
|
||||
EOF
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -22,32 +22,43 @@ class CryptographyClass
|
|||
}
|
||||
|
||||
public function encrypt() {
|
||||
|
||||
foreach ($this->getFiles(false) as $file) {
|
||||
$outputFile = $file.".gpg";
|
||||
$command = "gpg --batch --passphrase $this->symmetricKey --symmetric --cipher-algo AES256 -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
if ($result === false) {
|
||||
if ($result) {
|
||||
echo "Cypher failure";
|
||||
return $result;
|
||||
}
|
||||
$this->hardUnlink($file);
|
||||
return $result;
|
||||
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function decrypt() {
|
||||
if (!$this->isEncrypted()) {
|
||||
return true;
|
||||
}
|
||||
if (!$this->symmetricKey) {
|
||||
return false;
|
||||
}
|
||||
foreach ($this->getFiles(true) as $file) {
|
||||
$outputFile = str_replace(".gpg", "", $file);
|
||||
$command = "gpg --batch --passphrase $this->symmetricKey --decrypt -o $outputFile $file";
|
||||
$result = shell_exec($command);
|
||||
if ($result === false) {
|
||||
if ($result) {
|
||||
echo "Decypher failure";
|
||||
return $result;
|
||||
}
|
||||
|
||||
$this->hardUnlink($file);
|
||||
}
|
||||
return $result;
|
||||
return true;
|
||||
}
|
||||
|
||||
public function isEncrypted() {
|
||||
return file_exists($this->pathHash."/filename.txt.gpg");
|
||||
}
|
||||
|
||||
public static function hardUnlink($element) {
|
||||
|
|
|
|||
|
|
@ -819,9 +819,13 @@ var createEventsListener = function() {
|
|||
document.getElementById('input_svg_share').files = dataTransfer.files;
|
||||
hasModifications = false;
|
||||
|
||||
|
||||
document.getElementById('input_pdf_hash').value = generatePdfHash();
|
||||
document.getElementById('input_symmetric_key').value = generateSymmetricKey();
|
||||
storeSymmetricKeyCookie(document.getElementById('input_pdf_hash').value, document.getElementById('input_symmetric_key').value);
|
||||
|
||||
if (document.getElementById('checkbox_encryption').checked) {
|
||||
storeSymmetricKeyCookie(document.getElementById('input_pdf_hash').value, generateSymmetricKey());
|
||||
}
|
||||
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -1173,7 +1177,7 @@ function storeSymmetricKeyCookie(hash, symmetricKey) {
|
|||
console.error("Erreur taille cle symmetrique.");
|
||||
return;
|
||||
}
|
||||
document.cookie = hash + "=" + symmetricKey + "; SameSite=Strict";
|
||||
document.cookie = hash + "=" + symmetricKey + "; SameSite=Lax;";
|
||||
}
|
||||
|
||||
function generateSymmetricKey() {
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@
|
|||
<p><?php echo _("By enabling PDF sharing, you will be able to provide a link to the people of your choice so that they can sign this PDF."); ?></p>
|
||||
<p><?php echo sprintf(_("%s This sharing requires the PDF to be transferred and stored on the server for future signers to access."), '<i class="bi bi-hdd-network"></i>'); ?></p>
|
||||
<p class="mb-0"><?php echo sprintf(_("%s The PDF will be kept"), '<i class="bi bi-hourglass-split"></i>'); ?> <select name='duration' form='form_sharing'><option value='+1 year'><?php echo _("for one year"); ?></option><option value='+6 month'><?php echo _("for six months"); ?></option><option value='+1 month' selected='selected'><?php echo _("for one month"); ?></option><option value='+1 week'><?php echo _("for one week"); ?></option><option value='+1 day'><?php echo _("for one day"); ?></option><option value='+1 hour'><?php echo _("for one hour"); ?></option></select> <?php echo _("after the last signature."); ?></p>
|
||||
<div class="mt-3 <?php if (!$PDF_STORAGE_ENCRYPTION): ?>opacity-50<?php endif;?>"><i class="bi bi-lock-fill"></i> <input type="checkbox" id="encryption" name="encryption" value="true" form='form_sharing' <?php if (!$PDF_STORAGE_ENCRYPTION): ?>disabled="disabled"<?php else: ?>checked<?php endif; ?>/> <label for="encryption"><?php echo _("The PDF will be stored encrypted on the server"); ?></label>
|
||||
<div class="mt-3 <?php if (!$PDF_STORAGE_ENCRYPTION): ?>opacity-50<?php endif;?>"><i class="bi bi-lock-fill"></i> <input type="checkbox" id="checkbox_encryption" name="encryption" value="true" form='form_sharing' <?php if (!$PDF_STORAGE_ENCRYPTION): ?>disabled="disabled"<?php else: ?>checked<?php endif; ?>/> <label for="checkbox_encryption"><?php echo _("The PDF will be stored encrypted on the server"); ?></label>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in a new issue