mirror of
https://github.com/LibreSign/libresign.git
synced 2025-12-18 05:20:45 +01:00
b0304dbe60
Save user's selected tab (Account/Email) in the 'Add new signer' modal to userconfig store. The preference is now persisted across modal closures and page reloads, improving user experience by remembering the last selected identification method. Changes: - Add activeTab state to RequestSignatureTab component - Load saved tab preference from userconfig store on mount - Save tab changes to backend with debounce (500ms) - Add signer_identify_tab to AccountService config output - Use snake_case naming convention for consistency with backend Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
567 lines
19 KiB
PHP
567 lines
19 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
/**
|
|
* SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OCA\Libresign\Service;
|
|
|
|
use InvalidArgumentException;
|
|
use OC\Files\Filesystem;
|
|
use OCA\Libresign\AppInfo\Application;
|
|
use OCA\Libresign\Db\File as FileEntity;
|
|
use OCA\Libresign\Db\FileMapper;
|
|
use OCA\Libresign\Db\FileTypeMapper;
|
|
use OCA\Libresign\Db\IdentifyMethodMapper;
|
|
use OCA\Libresign\Db\SignRequest;
|
|
use OCA\Libresign\Db\SignRequestMapper;
|
|
use OCA\Libresign\Db\UserElement;
|
|
use OCA\Libresign\Db\UserElementMapper;
|
|
use OCA\Libresign\Exception\InvalidPasswordException;
|
|
use OCA\Libresign\Exception\LibresignException;
|
|
use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
|
|
use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
|
|
use OCA\Libresign\Helper\ValidateHelper;
|
|
use OCA\Settings\Mailer\NewUserMailHelper;
|
|
use OCP\Accounts\IAccountManager;
|
|
use OCP\AppFramework\Db\DoesNotExistException;
|
|
use OCP\AppFramework\Utility\ITimeFactory;
|
|
use OCP\Files\Config\IMountProviderCollection;
|
|
use OCP\Files\File;
|
|
use OCP\Files\IMimeTypeDetector;
|
|
use OCP\Files\IRootFolder;
|
|
use OCP\Files\NotFoundException;
|
|
use OCP\Http\Client\IClientService;
|
|
use OCP\IAppConfig;
|
|
use OCP\IConfig;
|
|
use OCP\IGroupManager;
|
|
use OCP\IL10N;
|
|
use OCP\IURLGenerator;
|
|
use OCP\IUser;
|
|
use OCP\IUserManager;
|
|
use Sabre\DAV\UUIDUtil;
|
|
use Throwable;
|
|
|
|
class AccountService {
|
|
private ?SignRequest $signRequest = null;
|
|
private ?\OCA\Libresign\Db\File $fileData = null;
|
|
private \OCP\Files\File $fileToSign;
|
|
|
|
public function __construct(
|
|
private IL10N $l10n,
|
|
private SignRequestMapper $signRequestMapper,
|
|
private IUserManager $userManager,
|
|
private IAccountManager $accountManager,
|
|
private IRootFolder $root,
|
|
private IMimeTypeDetector $mimeTypeDetector,
|
|
private FileMapper $fileMapper,
|
|
private FileTypeMapper $fileTypeMapper,
|
|
private SignFileService $signFileService,
|
|
private RequestSignatureService $requestSignatureService,
|
|
private CertificateEngineFactory $certificateEngineFactory,
|
|
private IConfig $config,
|
|
private IAppConfig $appConfig,
|
|
private IMountProviderCollection $mountProviderCollection,
|
|
private NewUserMailHelper $newUserMail,
|
|
private IdentifyMethodService $identifyMethodService,
|
|
private IdentifyMethodMapper $identifyMethodMapper,
|
|
private ValidateHelper $validateHelper,
|
|
private IURLGenerator $urlGenerator,
|
|
private Pkcs12Handler $pkcs12Handler,
|
|
private IGroupManager $groupManager,
|
|
private IdDocsService $idDocsService,
|
|
private SignerElementsService $signerElementsService,
|
|
private UserElementMapper $userElementMapper,
|
|
private FolderService $folderService,
|
|
private IClientService $clientService,
|
|
private ITimeFactory $timeFactory,
|
|
) {
|
|
}
|
|
|
|
public function validateCreateToSign(array $data): void {
|
|
if (!UUIDUtil::validateUUID($data['uuid'])) {
|
|
throw new LibresignException($this->l10n->t('Invalid UUID'), 1);
|
|
}
|
|
try {
|
|
$signRequest = $this->getSignRequestByUuid($data['uuid']);
|
|
} catch (\Throwable) {
|
|
throw new LibresignException($this->l10n->t('UUID not found'), 1);
|
|
}
|
|
$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequest->getId());
|
|
if (!array_key_exists('identify', $data['user'])) {
|
|
throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
|
|
}
|
|
foreach ($data['user']['identify'] as $method => $value) {
|
|
if (!array_key_exists($method, $identifyMethods)) {
|
|
throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
|
|
}
|
|
foreach ($identifyMethods[$method] as $identifyMethod) {
|
|
$identifyMethod->validateToCreateAccount($value);
|
|
}
|
|
}
|
|
if (empty($data['password'])) {
|
|
throw new LibresignException($this->l10n->t('Password is mandatory'), 1);
|
|
}
|
|
$file = $this->getFileByUuid($data['uuid']);
|
|
if (empty($file['fileToSign'])) {
|
|
throw new LibresignException($this->l10n->t('File not found'));
|
|
}
|
|
}
|
|
|
|
public function getFileByUuid(string $uuid): array {
|
|
$signRequest = $this->getSignRequestByUuid($uuid);
|
|
if (!$this->fileData instanceof \OCA\Libresign\Db\File) {
|
|
$this->fileData = $this->fileMapper->getById($signRequest->getFileId());
|
|
|
|
$nodeId = $this->fileData->getNodeId();
|
|
|
|
$fileToSign = $this->root->getUserFolder($this->fileData->getUserId())->getFirstNodeById($nodeId);
|
|
if ($fileToSign) {
|
|
$this->fileToSign = $fileToSign;
|
|
}
|
|
}
|
|
return [
|
|
'fileData' => $this->fileData,
|
|
'fileToSign' => $this->fileToSign
|
|
];
|
|
}
|
|
|
|
public function validateCertificateData(array $data): void {
|
|
if (array_key_exists('email', $data['user']) && empty($data['user']['email'])) {
|
|
throw new LibresignException($this->l10n->t('You must have an email. You can define the email in your profile.'), 1);
|
|
}
|
|
if (!empty($data['user']['email']) && !filter_var($data['user']['email'], FILTER_VALIDATE_EMAIL)) {
|
|
throw new LibresignException($this->l10n->t('Invalid email'), 1);
|
|
}
|
|
if (empty($data['signPassword'])) {
|
|
throw new LibresignException($this->l10n->t('Password to sign is mandatory'), 1);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get signRequest by Uuid
|
|
*/
|
|
public function getSignRequestByUuid(string $uuid): SignRequest {
|
|
if (!$this->signRequest instanceof SignRequest) {
|
|
$this->signRequest = $this->signRequestMapper->getByUuid($uuid);
|
|
}
|
|
return $this->signRequest;
|
|
}
|
|
|
|
public function createToSign(string $uuid, string $email, string $password, ?string $signPassword): void {
|
|
$signRequest = $this->getSignRequestByUuid($uuid);
|
|
|
|
$newUser = $this->userManager->createUser($email, $password);
|
|
$newUser->setDisplayName($signRequest->getDisplayName());
|
|
$newUser->setSystemEMailAddress($email);
|
|
|
|
$this->updateIdentifyMethodToAccount($signRequest->getId(), $email, $newUser->getUID());
|
|
|
|
if ($this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes') {
|
|
try {
|
|
$emailTemplate = $this->newUserMail->generateTemplate($newUser, false);
|
|
$this->newUserMail->sendMail($newUser, $emailTemplate);
|
|
} catch (\Exception) {
|
|
throw new LibresignException('Unable to send the invitation', 1);
|
|
}
|
|
}
|
|
|
|
if ($signPassword) {
|
|
$certificate = $this->pkcs12Handler->generateCertificate(
|
|
[
|
|
'host' => $newUser->getPrimaryEMailAddress(),
|
|
'uid' => 'account:' . $newUser->getUID(),
|
|
'name' => $newUser->getDisplayName()
|
|
],
|
|
$signPassword,
|
|
$newUser->getDisplayName()
|
|
);
|
|
$this->pkcs12Handler->savePfx($newUser->getPrimaryEMailAddress(), $certificate);
|
|
}
|
|
}
|
|
|
|
public function getCertificateEngineName(): string {
|
|
return $this->certificateEngineFactory->getEngine()->getName();
|
|
}
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function getConfig(?IUser $user = null): array {
|
|
$info['identificationDocumentsFlow'] = $this->appConfig->getValueBool(Application::APP_ID, 'identification_documents', false);
|
|
$info['hasSignatureFile'] = $this->hasSignatureFile($user);
|
|
$info['phoneNumber'] = $this->getPhoneNumber($user);
|
|
$info['isApprover'] = $this->validateHelper->userCanApproveValidationDocuments($user, false);
|
|
$info['id_docs_filters'] = $this->getUserConfigIdDocsFilters($user);
|
|
$info['id_docs_sort'] = $this->getUserConfigIdDocsSort($user);
|
|
$info['crl_filters'] = $this->getUserConfigCrlFilters($user);
|
|
$info['crl_sort'] = $this->getUserConfigCrlSort($user);
|
|
$info['grid_view'] = $this->getUserConfigByKey('grid_view', $user) === '1';
|
|
$info['signer_identify_tab'] = $this->getUserConfigByKey('signer_identify_tab', $user);
|
|
|
|
return array_filter($info);
|
|
}
|
|
|
|
public function getConfigFilters(?IUser $user = null): array {
|
|
$info['filter_modified'] = $this->getUserConfigByKey('filter_modified', $user);
|
|
$info['filter_status'] = $this->getUserConfigByKey('filter_status', $user);
|
|
|
|
return $info;
|
|
}
|
|
|
|
private function updateIdentifyMethodToAccount(int $signRequestId, string $email, string $uid): void {
|
|
$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequestId);
|
|
foreach ($identifyMethods as $name => $methods) {
|
|
if ($name === IdentifyMethodService::IDENTIFY_EMAIL) {
|
|
foreach ($methods as $identifyMethod) {
|
|
$entity = $identifyMethod->getEntity();
|
|
if ($entity->getIdentifierValue() === $email) {
|
|
$entity->setIdentifierKey(IdentifyMethodService::IDENTIFY_ACCOUNT);
|
|
$entity->setIdentifierValue($uid);
|
|
$this->identifyMethodMapper->update($entity);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
private function getPhoneNumber(?IUser $user): string {
|
|
if (!$user) {
|
|
return '';
|
|
}
|
|
$userAccount = $this->accountManager->getAccount($user);
|
|
return $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
|
|
}
|
|
|
|
public function hasSignatureFile(?IUser $user = null): bool {
|
|
if (!$user) {
|
|
return false;
|
|
}
|
|
try {
|
|
$this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID());
|
|
return true;
|
|
} catch (LibresignException) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private function getUserConfigByKey(string $key, ?IUser $user = null): string {
|
|
if (!$user) {
|
|
return '';
|
|
}
|
|
|
|
return $this->config->getUserValue($user->getUID(), Application::APP_ID, $key);
|
|
}
|
|
|
|
private function getUserConfigIdDocsFilters(?IUser $user = null): array {
|
|
if (!$user) {
|
|
return [];
|
|
}
|
|
|
|
$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'id_docs_filters', '');
|
|
if (empty($value)) {
|
|
return [];
|
|
}
|
|
|
|
$decoded = json_decode($value, true);
|
|
return is_array($decoded) ? $decoded : [];
|
|
}
|
|
|
|
private function getUserConfigCrlFilters(?IUser $user = null): array {
|
|
if (!$user || !$this->groupManager->isAdmin($user->getUID())) {
|
|
return [];
|
|
}
|
|
|
|
$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_filters', '');
|
|
if (empty($value)) {
|
|
return [];
|
|
}
|
|
|
|
$decoded = json_decode($value, true);
|
|
return is_array($decoded) ? $decoded : [];
|
|
}
|
|
|
|
private function getUserConfigCrlSort(?IUser $user): array {
|
|
if (!$user || !$this->groupManager->isAdmin($user->getUID())) {
|
|
return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
|
|
}
|
|
|
|
$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_sort', '');
|
|
if (empty($value)) {
|
|
return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
|
|
}
|
|
|
|
$decoded = json_decode($value, true);
|
|
return is_array($decoded) ? $decoded : ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
|
|
}
|
|
|
|
private function getUserConfigIdDocsSort(?IUser $user): array {
|
|
if (!$user || !$this->validateHelper->userCanApproveValidationDocuments($user, false)) {
|
|
return ['sortBy' => null, 'sortOrder' => null];
|
|
}
|
|
|
|
$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'id_docs_sort', '');
|
|
if (empty($value)) {
|
|
return ['sortBy' => null, 'sortOrder' => null];
|
|
}
|
|
|
|
$decoded = json_decode($value, true);
|
|
return is_array($decoded) ? $decoded : ['sortBy' => null, 'sortOrder' => null];
|
|
}
|
|
|
|
/**
|
|
* Get PDF node by UUID
|
|
*
|
|
* @psalm-suppress MixedReturnStatement
|
|
* @throws Throwable
|
|
* @return \OCP\Files\File
|
|
*/
|
|
public function getPdfByUuid(string $uuid): File {
|
|
$fileData = $this->fileMapper->getByUuid($uuid);
|
|
|
|
if (in_array($fileData->getStatus(), [FileEntity::STATUS_PARTIAL_SIGNED, FileEntity::STATUS_SIGNED])) {
|
|
$nodeId = $fileData->getSignedNodeId();
|
|
} else {
|
|
$nodeId = $fileData->getNodeId();
|
|
}
|
|
$file = $this->root->getUserFolder($fileData->getUserId())->getFirstNodeById($nodeId);
|
|
if (!$file instanceof File) {
|
|
throw new DoesNotExistException('Not found');
|
|
}
|
|
return $file;
|
|
}
|
|
|
|
public function getFileByNodeId(int $nodeId): File {
|
|
try {
|
|
return $this->folderService->getFileById($nodeId);
|
|
} catch (NotFoundException) {
|
|
throw new DoesNotExistException('Not found');
|
|
}
|
|
}
|
|
|
|
public function canRequestSign(?IUser $user = null): bool {
|
|
if (!$user) {
|
|
return false;
|
|
}
|
|
$authorized = $this->appConfig->getValueArray(Application::APP_ID, 'groups_request_sign', ['admin']);
|
|
if (empty($authorized)) {
|
|
return false;
|
|
}
|
|
$userGroups = $this->groupManager->getUserGroupIds($user);
|
|
if (!array_intersect($userGroups, $authorized)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public function getSettings(?IUser $user = null): array {
|
|
$return['canRequestSign'] = $this->canRequestSign($user);
|
|
$return['hasSignatureFile'] = $this->hasSignatureFile($user);
|
|
return $return;
|
|
}
|
|
|
|
public function addFilesToAccount(array $files, IUser $user): void {
|
|
$this->idDocsService->addIdDocs($files, $user);
|
|
}
|
|
|
|
public function deleteFileFromAccount(int $nodeId, IUser $user): void {
|
|
$this->idDocsService->deleteIdDoc($nodeId, $user);
|
|
}
|
|
|
|
public function saveVisibleElements(array $elements, string $sessionId, ?IUser $user): void {
|
|
foreach ($elements as $element) {
|
|
$this->saveVisibleElement($element, $sessionId, $user);
|
|
}
|
|
}
|
|
|
|
public function saveVisibleElement(array $data, string $sessionId, ?IUser $user): void {
|
|
if (isset($data['elementId'])) {
|
|
$this->updateFileOfVisibleElement($data);
|
|
$this->updateDataOfVisibleElement($data);
|
|
} elseif ($user instanceof IUser) {
|
|
$file = $this->saveFileOfVisibleElementUsingUser($data, $user);
|
|
$this->insertVisibleElement($data, $user, $file);
|
|
} else {
|
|
$file = $this->saveFileOfVisibleElementUsingSession($data, $sessionId);
|
|
}
|
|
}
|
|
|
|
private function updateFileOfVisibleElement(array $data): void {
|
|
if (!isset($data['file'])) {
|
|
return;
|
|
}
|
|
$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
|
|
$file = $this->folderService->getFileById($userElement->getFileId());
|
|
$file->putContent($this->getFileRaw($data));
|
|
}
|
|
|
|
private function updateDataOfVisibleElement(array $data): void {
|
|
if (!isset($data['starred'])) {
|
|
return;
|
|
}
|
|
$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
|
|
$userElement->setStarred($data['starred'] ? 1 : 0);
|
|
$this->userElementMapper->update($userElement);
|
|
}
|
|
|
|
private function saveFileOfVisibleElementUsingUser(array $data, IUser $user): File {
|
|
$rootSignatureFolder = $this->folderService->getFolder();
|
|
$folderName = $this->folderService->getFolderName($data, $user);
|
|
$folderToFile = $rootSignatureFolder->newFolder($folderName);
|
|
return $folderToFile->newFile(UUIDUtil::getUUID() . '.png', $this->getFileRaw($data));
|
|
}
|
|
|
|
private function saveFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
|
|
if (!empty($data['nodeId'])) {
|
|
return $this->updateFileOfVisibleElementUsingSession($data, $sessionId);
|
|
}
|
|
return $this->createFileOfVisibleElementUsingSession($data, $sessionId);
|
|
}
|
|
|
|
private function updateFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
|
|
$fileList = $this->signerElementsService->getElementsFromSession();
|
|
$element = array_filter($fileList, fn (File $element) => $element->getId() === $data['nodeId']);
|
|
$element = current($element);
|
|
if (!$element instanceof File) {
|
|
throw new \Exception($this->l10n->t('File not found'));
|
|
}
|
|
$element->putContent($this->getFileRaw($data));
|
|
return $element;
|
|
}
|
|
|
|
private function createFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
|
|
$rootSignatureFolder = $this->folderService->getFolder();
|
|
$folderName = $sessionId;
|
|
$folderToFile = $rootSignatureFolder->newFolder($folderName);
|
|
$filename = implode(
|
|
'_',
|
|
[
|
|
$data['type'],
|
|
$this->timeFactory->getDateTime()->getTimestamp(),
|
|
]
|
|
) . '.png';
|
|
return $folderToFile->newFile($filename, $this->getFileRaw($data));
|
|
}
|
|
|
|
private function insertVisibleElement(array $data, IUser $user, File $file): void {
|
|
$userElement = new UserElement();
|
|
$userElement->setType($data['type']);
|
|
$userElement->setFileId($file->getId());
|
|
$userElement->setUserId($user->getUID());
|
|
$userElement->setStarred(isset($data['starred']) && $data['starred'] ? 1 : 0);
|
|
$userElement->setCreatedAt($this->timeFactory->getDateTime());
|
|
$this->userElementMapper->insert($userElement);
|
|
}
|
|
|
|
private function getFileRaw(array $data): string {
|
|
if (!empty($data['file']['url'])) {
|
|
if (!filter_var($data['file']['url'], FILTER_VALIDATE_URL)) {
|
|
throw new \Exception($this->l10n->t('Invalid URL file'));
|
|
}
|
|
$response = $this->clientService->newClient()->get($data['file']['url']);
|
|
$contentType = $response->getHeader('Content-Type');
|
|
if ($contentType !== 'image/png') {
|
|
throw new \Exception($this->l10n->t('Visible element file must be png.'));
|
|
}
|
|
$content = (string)$response->getBody();
|
|
if (empty($content)) {
|
|
throw new \Exception($this->l10n->t('Empty file'));
|
|
}
|
|
$this->validateHelper->validateBase64($content, ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
|
|
return $content;
|
|
}
|
|
$this->validateHelper->validateBase64($data['file']['base64'], ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
|
|
$withMime = explode(',', (string)$data['file']['base64']);
|
|
if (count($withMime) === 2) {
|
|
$content = base64_decode($withMime[1]);
|
|
} else {
|
|
$content = base64_decode((string)$data['file']['base64']);
|
|
}
|
|
if (!$content) {
|
|
return '';
|
|
}
|
|
return $content;
|
|
}
|
|
|
|
public function deleteSignatureElement(?IUser $user, string $sessionId, int $nodeId): void {
|
|
if ($user instanceof IUser) {
|
|
$element = $this->userElementMapper->findOne([
|
|
'file_id' => $nodeId,
|
|
'user_id' => $user->getUID(),
|
|
]);
|
|
$this->userElementMapper->delete($element);
|
|
try {
|
|
$file = $this->folderService->getFileById($element->getFileId());
|
|
$file->delete();
|
|
} catch (NotFoundException) {
|
|
}
|
|
} else {
|
|
$rootSignatureFolder = $this->folderService->getFolder();
|
|
$folderName = $sessionId;
|
|
$rootSignatureFolder->delete($folderName);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws LibresignException at savePfx
|
|
* @throws InvalidArgumentException
|
|
*/
|
|
public function uploadPfx(array $file, IUser $user): void {
|
|
if (
|
|
$file['error'] !== 0
|
|
|| !is_uploaded_file($file['tmp_name'])
|
|
|| Filesystem::isFileBlacklisted($file['tmp_name'])
|
|
) {
|
|
// TRANSLATORS Error when the uploaded certificate file is not valid
|
|
throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
|
|
}
|
|
if ($file['size'] > 10 * 1024) {
|
|
// TRANSLATORS Error when the certificate file is bigger than normal
|
|
throw new InvalidArgumentException($this->l10n->t('File is too big'));
|
|
}
|
|
$content = file_get_contents($file['tmp_name']);
|
|
$mimetype = $this->mimeTypeDetector->detectString($content);
|
|
if ($mimetype !== 'application/octet-stream') {
|
|
// TRANSLATORS Error when the mimetype of uploaded file is not valid
|
|
throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
|
|
}
|
|
$extension = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));
|
|
if ($extension !== 'pfx') {
|
|
// TRANSLATORS Error when the certificate file is not a pfx file
|
|
throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
|
|
}
|
|
unlink($file['tmp_name']);
|
|
$this->pkcs12Handler->savePfx($user->getUID(), $content);
|
|
}
|
|
|
|
public function deletePfx(IUser $user): void {
|
|
$this->pkcs12Handler->deletePfx($user->getUID());
|
|
}
|
|
|
|
/**
|
|
* @throws LibresignException when have not a certificate file
|
|
*/
|
|
public function updatePfxPassword(IUser $user, string $current, string $new): void {
|
|
try {
|
|
$pfx = $this->pkcs12Handler->updatePassword($user->getUID(), $current, $new);
|
|
} catch (InvalidPasswordException) {
|
|
throw new LibresignException($this->l10n->t('Invalid user or password'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws LibresignException when have not a certificate file
|
|
*/
|
|
public function readPfxData(IUser $user, string $password): array {
|
|
try {
|
|
return $this->pkcs12Handler
|
|
->setCertificate($this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID()))
|
|
->setPassword($password)
|
|
->readCertificate();
|
|
} catch (InvalidPasswordException) {
|
|
throw new LibresignException($this->l10n->t('Invalid user or password'));
|
|
}
|
|
}
|
|
}
|