pki_express 1.0.0 → 1.1.0

data/lib/pki_express/pki_express_operator.rb

@@ -76,7 +76,7 @@ module PkiExpress
       # Add file references if added.
       unless @file_references.nil?
         @file_references.each do |key, value|
-          cmd_args.append('--file_reference')
+          cmd_args.append('--file-reference')
           cmd_args.append("#{key}=#{value}")
         end
       end

data/lib/pki_express/signature_finisher.rb

@@ -1,6 +1,6 @@
 module PkiExpress
   class SignatureFinisher < PkiExpressOperator
-    attr_accessor :output_file_path, :transfer_file_id
+    attr_reader :transfer_file_id, :output_file_path
 
     def initialize(config=PkiExpressConfig.new)
       super(config)
@@ -251,6 +251,23 @@ module PkiExpress
 
     # endregion
 
+    def transfer_file_id=(value)
+      unless value
+        raise 'The provided "transfer_file_id" is not valid'
+      end
+      unless File.exist?(File.expand_path(value, @config.transfer_data_folder))
+        raise 'The provided "transfer_file_id" does not exist'
+      end
+      @transfer_file_id = value
+    end
+
+    def output_file_path=(value)
+      unless value
+        raise 'The provided "output_file_path" is not valid'
+      end
+      @output_file_path = value
+    end
+
     def complete(get_cert=true)
       unless @file_to_sign_path
         raise 'The file to be signed was not set'

data/lib/pki_express/signature_starter.rb

@@ -70,6 +70,7 @@ module PkiExpress
 
       _set_certificate(content_raw)
     end
+    private :_set_certificate_base64
 
     def certificate_path
       _get_certificate_path
@@ -99,7 +100,7 @@ module PkiExpress
     # endregion
 
     def self.get_result(response, transfer_file)
-      return {
+      {
           toSignHash: response[0],
           digestAlgorithmName: response[1],
           digestAlgorithmOid: response[2],

data/lib/pki_express/signer.rb

@@ -2,7 +2,7 @@ module PkiExpress
 
   class Signer < BaseSigner
 
-    attr_accessor :output_file_path, :cert_thumb, :cert_password
+    attr_accessor :output_file_path, :cert_thumb, :cert_password, :trust_service_session
 
     def initialize(config=PkiExpressConfig.new)
       super(config)
@@ -10,6 +10,8 @@ module PkiExpress
       @pkcs12_path = nil
       @cert_thumb = nil
       @cert_password = nil
+      @use_machine = false
+      @trust_service_session = nil
     end
 
     # region The "pkcs12" accessors
@@ -58,19 +60,19 @@ module PkiExpress
     end
     private :_get_pkcs12_base64
 
-    def pkcs12_base64=(content_base64)
-      _set_pkcs12_base64(content_base64)
+    def pkcs12_base64=(pkcs12_base64)
+      _set_pkcs12_base64(pkcs12_base64)
     end
 
-    def _set_pkcs12_base64(content_base64)
-      unless content_base64
-        raise 'The provided "content_base64" is not valid'
+    def _set_pkcs12_base64(pkcs12_base64)
+      unless pkcs12_base64
+        raise 'The provided "pkcs12_base64" is not valid'
       end
 
       begin
-        content_raw = Base64.decode64(content_base64)
+        content_raw = Base64.decode64(pkcs12_base64)
       rescue Error
-        raise 'The provided "content_base64" is not Base64-encoded'
+        raise 'The provided "pkcs12_base64" is not Base64-encoded'
       end
 
       _set_pkcs12(content_raw)
@@ -78,29 +80,72 @@ module PkiExpress
     private :_set_pkcs12_base64
 
     def pkcs12_path
+      _get_pkcs12_path
+    end
+
+    def _get_pkcs12_path
       @pkcs12_path
     end
+    private :_get_pkcs12_path
+
+    def pkcs12_path=(pkcs12_path)
+      _set_pkcs12_path(pkcs12_path)
+    end
 
-    def pkcs12_path=(path)
-      unless path
-        raise 'The provided "content_path" is not valid'
+    def _set_pkcs12_path(pkcs12_path)
+      unless pkcs12_path
+        raise 'The provided "pkcs12_path" is not valid'
       end
-      unless File.exists?(path)
-        raise 'The provided "content_path" does not exist'
+      unless File.exists?(pkcs12_path)
+        raise 'The provided "pkcs12_path" does not exist'
       end
 
-      @pkcs12_path = path
+      @pkcs12_path = pkcs12_path
     end
+    private :_set_pkcs12_path
 
     # endregion
 
-    protected
     def verify_and_add_common_options(args)
       # Verify and add common option between signers and signature starters.
       super(args)
 
-      
+      if !@cert_thumb && !@pkcs12_path && !@trust_service_session
+        raise 'Neither the PKCS #12 file, the certificate\'s thumbprint nor the trust service session was provided'
+      end
+
+      if @cert_thumb
+        args.append('--thumbprint')
+        args.append(@cert_thumb)
+        @version_manager.require_version('1.3')
+      end
+
+      if @pkcs12_path
+        args.append('--pkcs12')
+        args.append(@pkcs12_path)
+        @version_manager.require_version('1.3')
+      end
+
+      if @cert_password
+        args.append('--password')
+        args.append(@cert_password)
+        @version_manager.require_version('1.3')
+      end
+
+      if @use_machine
+        args.append('--machine')
+        @version_manager.require_version('1.3')
+      end
+
+      if @trust_service_session
+        args.append('--trust-service-session')
+        args.append(@trust_service_session)
+        # This option can only be used on versions greater than 1.18 of 
+        # the PKI Express.
+        @version_manager.require_version('1.18')
+      end
     end
+    protected :verify_and_add_common_options
   end
 
 end

data/lib/pki_express/standard_signature_policies.rb

@@ -1,6 +1,6 @@
 module PkiExpress
 
-  class StandardSignaturePolicies
+  class StandardSignaturePolicies < Enum
     PKI_BRAZIL_CADES_ADR_BASICA = 'adrb'
     PKI_BRAZIL_CADES_ADR_BASICA_WITH_REVOCATION_VALUE = 'adrb-rv'
     PKI_BRAZIL_CADES_ADR_TEMPO = 'adrt'
@@ -24,6 +24,29 @@ module PkiExpress
     COD_WITH_SHA1 = 'cod-sha1'
     COD_WITH_SHA256 = 'cod-sha256'
 
+    VALUES = [
+        PKI_BRAZIL_CADES_ADR_BASICA,
+        PKI_BRAZIL_CADES_ADR_BASICA_WITH_REVOCATION_VALUE,
+        PKI_BRAZIL_CADES_ADR_TEMPO,
+        PKI_BRAZIL_CADES_ADR_COMPLETA,
+        CADES_BES,
+        CADES_BES_WITH_REVOCATION_VALUES,
+        CADES_T,
+        PADES_BASIC,
+        PADES_BASIC_WITH_LTV,
+        PADES_T,
+        PKI_BRAZIL_PADES_ADR_BASICA,
+        PKI_BRAZIL_PADES_ADR_BASICA_WITH_LTV,
+        PKI_BRAZIL_PADES_ADR_TEMPO,
+        NFE_PADRAO_NACIONAL,
+        XADES_BES,
+        XML_DSIG_BASIC,
+        PKI_BRAZIL_XML_ADR_BASIC,
+        PKI_BRAZIL_XML_ADR_TEMPO,
+        COD_WITH_SHA1,
+        COD_WITH_SHA256
+    ]
+
     def self.require_timestamp(policy)
       if policy.nil?
         return false

data/lib/pki_express/timestamp_authority.rb

@@ -4,7 +4,7 @@ module PkiExpress
 
     def initialize(url)
       @url = url
-      @auth_type = :none
+      @auth_type = TsaAuthenticationType::NONE
       @token = nil
       @ssl_thumbprint = nil
       @basic_auth = nil
@@ -12,17 +12,17 @@ module PkiExpress
 
     def set_oauth_token_authentication(token)
       @token = token
-      @auth_type = :oauth_token
+      @auth_type = TsaAuthenticationType::OAUTH_TOKEN
     end
 
     def set_basic_authentication(username, password)
       @basic_auth = "#{username}:#{password}"
-      @auth_type = :basic_auth
+      @auth_type = TsaAuthenticationType::BASIC_AUTH
     end
 
     def set_ssl_thumbprint(ssl_thumbprint)
       @ssl_thumbprint = ssl_thumbprint
-      @auth_type = :ssl
+      @auth_type = TsaAuthenticationType::SSL
     end
 
     def get_cmd_arguments
@@ -31,14 +31,14 @@ module PkiExpress
       args.append(url)
 
       case auth_type
-      when :none
-      when :basic_auth
+      when TsaAuthenticationType::NONE
+      when TsaAuthenticationType::BASIC_AUTH
         args.append('--tsa-basic-auth')
         args.append(@basic_auth)
-      when :ssl
+      when TsaAuthenticationType::SSL
         args.append('--tsa-ssl-thumbprint')
         args.append(@ssl_thumbprint)
-      when :oauth_token
+      when TsaAuthenticationType::OAUTH_TOKEN
         args.append('--tsa-token')
         args.append(token)
       else

data/lib/pki_express/trust_service_auth_parameters.rb

@@ -0,0 +1,21 @@
+module PkiExpress
+
+  class TrustServiceAuthParameters
+    attr_accessor :service_info, :auth_url
+
+    def initialize(model)
+      @service_info = nil
+      @auth_url = nil
+
+      unless model.nil?
+        @auth_url = model.fetch(:authUrl)
+
+        service_info = model.fetch(:serviceInfo)
+        if service_info
+          @service_info = TrustServiceInfo.new(service_info)
+        end
+      end
+    end
+
+  end
+end

data/lib/pki_express/trust_service_info.rb

@@ -0,0 +1,38 @@
+module PkiExpress
+
+  class TrustServiceInfo
+
+    attr_accessor :service, :provider, :badge_url
+
+    def initialize(model)
+      @service = nil
+      @provider = nil
+      @badge_url = nil
+
+      unless model.nil?
+        @provider = model.fetch(:provider)
+        @badge_url = model.fetch(:badgeUrl)
+
+        service = model.fetch(:service)
+        if service
+          @service = TrustServiceName.new(service)
+        end
+      end
+    end
+
+  end
+
+  class TrustServiceName
+
+    attr_accessor :name
+
+    def initialize(model)
+      @name = nil
+
+      unless model.nil?
+        @name = model.fetch(:name)
+      end
+    end
+
+  end
+end

data/lib/pki_express/trust_service_manager.rb

@@ -0,0 +1,259 @@
+module PkiExpress
+  class TrustServicesManager < PkiExpressOperator
+    def initialize(config=PkiExpressConfig.new)
+      super(config)
+    end
+
+    def check_by_cpf(service, cpf)
+      unless service
+        raise "The provided service is not valid"
+      end
+
+      unless cpf
+          raise "The provided CPF is not valid"
+      end
+
+      args = [
+        service,
+        '--cpf',
+        cpf,
+      ]
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::CHECK_SERVICE, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      CheckServiceResult.new(model)
+    end
+
+    def check_by_cnpj(service, cnpj)
+      unless service
+        raise "The provided service is not valid"
+      end
+
+      unless cnpj
+          raise "The provided CNPJ is not valid"
+      end
+
+      args = [
+        service,
+        '--cnpj',
+        cnpj,
+      ]
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::CHECK_SERVICE, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      CheckServiceResult.new(model)
+    end
+
+    def discover_by_cpf(cpf, throw_exceptions=false)
+      unless cpf
+        raise "The provided CPF is not valid"
+      end
+
+      args = [
+        '--cpf', 
+        cpf
+      ]
+
+      if throw_exceptions
+        args.append('--throw')
+      end
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::DISCOVER_SERVICES, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      DiscoverServicesResult.new(model).services
+    end
+
+    def discover_by_cnpj(cnpj, throw_exceptions=false)
+      unless cnpj
+        raise "The provided CNPJ is not valid"
+      end
+
+      args = [
+        '--cnpj', 
+        cnpj
+      ]
+
+      if throw_exceptions
+        args.append('--throw')
+      end
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::DISCOVER_SERVICES, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      DiscoverServicesResult.new(model).services
+    end
+
+    def discover_by_cpf_and_start_auth(cpf, redirect_url, 
+      session_type=TrustServiceSessionTypes::SIGNATURE_SESSION, 
+      custom_state=nil, throw_exceptions=false)
+      unless cpf
+          raise "The provided CPF is not valid"
+      end
+      unless redirect_url
+          raise "The provided redirectUrl is not valid"
+      end
+      unless session_type
+        raise "No session type was provided"
+      end
+
+      args = [
+        '--cpf',
+        cpf,
+        '--redirect-url',
+        redirect_url,
+        '--session-type',
+        session_type,
+      ]
+
+      if custom_state
+          args.append('--custom-state')
+          args.append(custom_state)
+      end
+
+      if throw_exceptions
+          args.append('--throw')
+      end
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::DISCOVER_SERVICES, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      DiscoverServicesResult.new(model).auth_parameters
+    end
+
+    def discover_by_cnpj_and_start_auth(cnpj, redirect_url, 
+      session_type=TrustServiceSessionTypes::SIGNATURE_SESSION, 
+      custom_state=nil, throw_exceptions=false)
+      unless cnpj
+        raise "The provided CNPJ is not valid"
+      end
+      unless redirect_url
+          raise "The provided redirectUrl is not valid"
+      end
+      unless session_type
+        raise "No session type was provided"
+      end
+
+      args = [
+        '--cnpj',
+        cnpj,
+        '--redirect-url',
+        redirect_url,
+        '--session-type',
+        session_type
+      ]
+
+      if custom_state
+          args.append('--custom-state')
+          args.append(custom_state)
+      end
+
+      if throw_exceptions
+          args.append('--throw')
+      end
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::DISCOVER_SERVICES, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      DiscoverServicesResult.new(model).auth_parameters
+    end
+
+    def password_authorize(service, username, password,
+      session_type=TrustServiceSessionTypes::SIGNATURE_SESSION)
+      unless service
+        raise "The provided service is not valid"
+      end
+
+      unless username
+        raise "The provided username is not valid"
+      end
+
+      unless password
+          raise "The provided password is not valid"
+      end
+
+      unless session_type
+          raise "No session type was provided"
+      end
+
+      args = [
+        service,
+        username,
+        password,
+        session_type
+      ]
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::PASSWORD_AUTHORIZE, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      TrustServiceSessionResult.new(model)
+    end
+
+    def complete_auth(code, state)
+      unless code
+        raise "The provided code is not valid"
+      end
+
+      unless state
+          raise "The provided state is not valid"
+      end
+
+      args = [code, state]
+
+      # This operation can only be used on versions greater than 1.18 of
+      # the PKI Express.
+      @version_manager.require_version('1.18')
+
+      # Invoke command.
+      response = invoke(Commands::COMPLETE_SERVICE_AUTH, args)
+
+      # Parse output and return result.
+      model = parse_output(response)
+      TrustServiceSessionResult.new(model)
+    end
+
+  end
+end