cert_sign 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5901a478415ed1ceff961e48525f35899789a409bddad68242dd1a9598b07030
+  data.tar.gz: e1636dd9763eae686ce75c1ac33bf3a25fce6cd19875454c5d9644c060e762f4
+SHA512:
+  metadata.gz: 12752e48d6707391265f7ce4fcd9c0975b5b23ff3829978a0c4c15630434a9165faab86d7b146ac44a6a20551276dc9e2bd6523652d4e428dafbfd32be7b82b7
+  data.tar.gz: e0a201b750dd6922b5a916fa6893f5cc4be77445f5206725c773a1e72870e005aaec520ba8ac91e2c1ab78a89c83cc356aa68a6215c71bd8d38dbe7f0a22ec7e

data/lib/cert_sign/a1_signer.rb

@@ -0,0 +1,104 @@
+# lib/cert_sign/a1_signer.rb
+require "hexapdf"
+
+module CertSign
+  class A1Signer
+    def initialize(key:, cert:, chain: [])
+      @key   = key
+      @cert  = cert
+      @chain = chain
+    end
+
+    def self.from_p12(path:, password:)
+      p12 = OpenSSL::PKCS12.new(File.binread(path), password)
+      new(key: p12.key, cert: p12.certificate, chain: (p12.ca_certs || []))
+    end
+
+    # Agora aceita as keywords :signature_type e :tsa_url (e ignora quaisquer outras)
+    # visible: { page:, x_pct:, y_pct:, width_pt:, height_pt:, text: }
+    def sign_pdf(input_path:, output_path:, visible:, reason: nil, location: nil, contact: nil,
+                 signature_type: nil, tsa_url: nil, **_ignored)
+      doc = HexaPDF::Document.open(input_path)
+
+      # AcroForm, campo e widget na página desejada
+      form = doc.acro_form(create: true)
+
+      page_index = (visible[:page].to_i - 1).clamp(0, doc.pages.count - 1)
+      rect = CertSign::Coordinates.rect_from_percent(
+        doc,
+        page_index: page_index,
+        x_pct:      visible[:x_pct].to_f,
+        y_pct:      visible[:y_pct].to_f,
+        width_pt:   visible[:width_pt].to_f,
+        height_pt:  visible[:height_pt].to_f
+      )
+
+      sig_field = form.create_signature_field("Signature#{Time.now.to_i}")
+      widget    = sig_field.create_widget(doc.pages[page_index], Rect: rect)
+
+      # === Carimbo visual da assinatura ===
+      w = rect[2] - rect[0]
+      h = rect[3] - rect[1]
+      pad = 6
+
+      #cn    = @cert.subject.to_a.assoc('CN')&..to_s
+      cn = @cert.subject.to_s[/CN=([^\/]+)/, 1]
+      title = (visible[:text].presence || "Assinado digitalmente").to_s
+      now   = Time.now.getlocal.strftime("%d/%m/%Y %H:%M:%S")
+
+      canvas = widget.create_appearance.canvas
+
+      # fundo + borda
+      canvas.save_graphics_state do
+        canvas.line_width(0.8)
+        canvas.stroke_color(0.25)
+        canvas.fill_color(0.96)
+        canvas.rectangle(0, 0, w, h).fill_stroke
+      end
+
+      # título
+      y = h - pad - 11
+      canvas.fill_color(0)
+      canvas.font("Helvetica", variant: :bold, size: 10)
+      canvas.text(title, at: [pad, y])
+      y -= 14
+
+      # linhas
+      canvas.font("Helvetica", size: 9)
+      [
+        ("Por: #{cn}" unless cn.empty?),
+        "Data: #{now}",
+        "Motivo: #{(reason || CertSign.config.default_reason)}",
+        ("Local: #{(location || CertSign.config.default_location)}" if location || CertSign.config.default_location)
+      ].compact.each do |line|
+        break if y < pad + 9
+        canvas.text(line, at: [pad, y])
+        y -= 12
+      end
+      # === fim do carimbo ===
+
+
+      # Timestamp handler (opcional)
+      ts_handler = nil
+      if tsa_url.to_s.strip != ""
+        # Em HexaPDF 1.x o helper é exposto via document
+        ts_handler = doc.signatures.signing_handler(name: :timestamp, tsa_url: tsa_url) rescue nil
+      end
+
+      # Chamada de assinatura (HexaPDF 1.4+)
+      # signature_type pode ser :pades (quando quiser PAdES) ou nil (CMS padrão)
+      doc.sign(
+        output_path,
+        signature:         sig_field,
+        reason:            reason   || CertSign.config.default_reason,
+        location:          location || CertSign.config.default_location,
+        contact_info:      contact  || CertSign.config.default_contact,
+        certificate:       @cert,
+        key:               @key,
+        certificate_chain: @chain,
+        signature_type:    (signature_type&.to_sym),
+        timestamp_handler: ts_handler
+      )
+    end
+  end
+end

data/lib/cert_sign/a3_signer.rb

@@ -0,0 +1,62 @@
+# lib/cert_sign/a1_signer.rb
+require "hexapdf"
+
+module CertSign
+  class A3Signer
+    def initialize(key:, cert:, chain: [])
+      @key   = key
+      @cert  = cert
+      @chain = chain
+    end
+
+    def self.from_p12(path:, password:)
+      p12 = OpenSSL::PKCS12.new(File.binread(path), password)
+      new(key: p12.key, cert: p12.certificate, chain: (p12.ca_certs || []))
+    end
+
+    # visible: { page:, x_pct:, y_pct:, width_pt:, height_pt:, text: }
+    def sign_pdf(input_path:, output_path:, visible:, reason: nil, location: nil, contact: nil, signature_type: nil, tsa_url: nil)
+      doc = HexaPDF::Document.open(input_path)
+
+      # 1) cria (ou reusa) o AcroForm
+      form = doc.acro_form(create: true)
+
+      # 2) cria o campo de assinatura e o widget na página alvo
+      page_index = (visible[:page].to_i - 1).clamp(0, doc.pages.count - 1)
+      rect = CertSign::Coordinates.rect_from_percent(
+        doc,
+        page_index: page_index,
+        x_pct:      visible[:x_pct].to_f,
+        y_pct:      visible[:y_pct].to_f,
+        width_pt:   visible[:width_pt].to_f,
+        height_pt:  visible[:height_pt].to_f
+      )
+      sig_field = form.create_signature_field("Signature#{Time.now.to_i}")
+      widget = sig_field.create_widget(doc.pages[page_index], Rect: rect)
+
+      # aparencia simples (texto); você pode desenhar logo/imagem aqui
+      widget.create_appearance.canvas.
+        font("Helvetica", size: 9).
+        text((visible[:text] || "").to_s, at: [4, 4])
+
+      # 3) handler de timestamp (opcional) — estilo 1.4
+      ts_handler = nil
+      if tsa_url.to_s.present?
+        ts_handler = doc.signatures.signing_handler(name: :timestamp, tsa_url: tsa_url)
+      end
+
+      # 4) chama o sign – padrão é CMS (adbe.pkcs7.detached). Para PAdES use signature_type: :pades
+      doc.sign(output_path,
+        signature:          sig_field,
+        reason:             (reason   || CertSign.config.default_reason),
+        location:           (location || CertSign.config.default_location),
+        contact_info:       (contact  || CertSign.config.default_contact),
+        certificate:        @cert,
+        key:                @key,
+        certificate_chain:  @chain,
+        signature_type:     (signature_type&.to_sym),   # ex.: :pades ou nil p/ CMS
+        timestamp_handler:  ts_handler
+      )
+    end
+  end
+end

data/lib/cert_sign/config.rb

@@ -0,0 +1,22 @@
+module CertSign
+  class Config
+    attr_accessor :ca_bundle_path, :tsa_url, :default_reason, :default_location, :default_contact
+
+    def initialize
+      @ca_bundle_path   = nil
+      @tsa_url          = nil
+      @default_reason   = "Assinatura eletrônica"
+      @default_location = "Brasil"
+      @default_contact  = ""
+    end
+  end
+
+  def self.config
+    @config ||= Config.new
+  end
+
+  def self.configure
+    yield config
+  end
+end
+

data/lib/cert_sign/coordinates.rb

@@ -0,0 +1,28 @@
+# Converte % do canvas para pontos PDF (origem: canto inferior esquerdo do PDF)
+module CertSign
+  module Coordinates
+    module_function
+
+    # x_pct, y_pct ∈ [0,1] (y_pct medido do TOPO do preview)
+    # width_pt / height_pt em pontos (1pt = 1/72 pol)
+    def rect_from_percent(doc, page_index:, x_pct:, y_pct:, width_pt:, height_pt:)
+      page = doc.pages[page_index]
+      box  = page.box(:media)
+      pdf_w = box.width.to_f
+      pdf_h = box.height.to_f
+
+      llx = (x_pct * pdf_w).round(2)
+      lly = ((1.0 - y_pct) * pdf_h - height_pt).round(2)
+      urx = (llx + width_pt).round(2)
+      ury = (lly + height_pt).round(2)
+
+      # Mantém dentro da página
+      llx = [[0, llx].max, pdf_w - width_pt].min
+      lly = [[0, lly].max, pdf_h - height_pt].min
+      urx = llx + width_pt
+      ury = lly + height_pt
+
+      [llx, lly, urx, ury]
+    end
+  end
+end

data/lib/cert_sign/version.rb

@@ -0,0 +1,3 @@
+module CertSign
+  VERSION = "1.0.0"
+end

data/lib/cert_sign.rb

@@ -0,0 +1,11 @@
+# lib/cert_sign.rb
+require_relative "cert_sign/version"
+require_relative "cert_sign/config"
+require_relative "cert_sign/coordinates"
+require_relative "cert_sign/a1_signer"
+require_relative "cert_sign/a3_signer"
+
+module CertSign
+  # aqui você pode colocar helpers de namespace globais, se quiser
+end
+

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification
+name: cert_sign
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Luiz Cláudio de Castro Figueredo
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-08-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hexapdf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.41'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.41'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Assine PDFs em Ruby/Rails usando HexaPDF. Preview no browser, marcação
+  do local e assinatura PAdES.
+email:
+- luizfigueredo@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/cert_sign.rb
+- lib/cert_sign/a1_signer.rb
+- lib/cert_sign/a3_signer.rb
+- lib/cert_sign/config.rb
+- lib/cert_sign/coordinates.rb
+- lib/cert_sign/version.rb
+homepage: https://github.com/luizclaudiocfigueredo
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: Assinatura digital PAdES (PDF) com certificado A1/A3 (ICP-Brasil pronto).
+test_files: []