pki_express 1.3.1 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitattributes +2 -2
- data/.github/workflows/test.yml +21 -21
- data/.gitignore +27 -27
- data/CHANGELOG.md +19 -16
- data/Gemfile +8 -7
- data/README.md +24 -24
- data/Rakefile +6 -6
- data/lib/pki_express/auth_complete_result.rb +21 -21
- data/lib/pki_express/auth_start_result.rb +76 -76
- data/lib/pki_express/authentication.rb +284 -284
- data/lib/pki_express/base_signer.rb +54 -54
- data/lib/pki_express/cades_signature.rb +89 -89
- data/lib/pki_express/cades_signature_starter.rb +242 -242
- data/lib/pki_express/check_service_result.rb +15 -15
- data/lib/pki_express/command_error.rb +13 -13
- data/lib/pki_express/commands.rb +24 -24
- data/lib/pki_express/digest_algorithm.rb +118 -118
- data/lib/pki_express/digest_algorithm_and_value.rb +30 -30
- data/lib/pki_express/discovery_service_result.rb +25 -25
- data/lib/pki_express/enum.rb +9 -9
- data/lib/pki_express/error_codes.rb +46 -46
- data/lib/pki_express/installation_not_found_error.rb +8 -8
- data/lib/pki_express/name.rb +47 -47
- data/lib/pki_express/oids.rb +30 -30
- data/lib/pki_express/pades_certification_level.rb +7 -7
- data/lib/pki_express/pades_horizontal_align.rb +9 -9
- data/lib/pki_express/pades_measurement_units.rb +8 -8
- data/lib/pki_express/pades_page_optimization.rb +50 -50
- data/lib/pki_express/pades_page_orientation.rb +9 -9
- data/lib/pki_express/pades_paper_size.rb +21 -21
- data/lib/pki_express/pades_signature.rb +16 -16
- data/lib/pki_express/pades_signature_explorer.rb +30 -30
- data/lib/pki_express/pades_signature_starter.rb +251 -251
- data/lib/pki_express/pades_signer.rb +274 -274
- data/lib/pki_express/pades_signer_info.rb +9 -9
- data/lib/pki_express/pades_size.rb +17 -17
- data/lib/pki_express/pades_text_horizontal_align.rb +8 -8
- data/lib/pki_express/pades_vertical_align.rb +9 -9
- data/lib/pki_express/pades_visual_auto_positioning.rb +21 -21
- data/lib/pki_express/pades_visual_image.rb +51 -51
- data/lib/pki_express/pades_visual_manual_positioning.rb +16 -16
- data/lib/pki_express/pades_visual_positioning.rb +27 -27
- data/lib/pki_express/pades_visual_rectangle.rb +74 -74
- data/lib/pki_express/pades_visual_representation.rb +22 -22
- data/lib/pki_express/pades_visual_text.rb +35 -35
- data/lib/pki_express/pk_algorithms.rb +157 -157
- data/lib/pki_express/pk_certificate.rb +61 -61
- data/lib/pki_express/pki_brazil_certificate_fields.rb +57 -57
- data/lib/pki_express/pki_brazil_certificate_types.rb +19 -19
- data/lib/pki_express/pki_express_config.rb +39 -26
- data/lib/pki_express/pki_express_operator.rb +240 -240
- data/lib/pki_express/pki_italy_certificate_fields.rb +15 -15
- data/lib/pki_express/pki_italy_certificate_types.rb +11 -11
- data/lib/pki_express/signature_algorithm_and_value.rb +34 -34
- data/lib/pki_express/signature_explorer.rb +74 -74
- data/lib/pki_express/signature_finisher.rb +314 -314
- data/lib/pki_express/signature_policy_identifier.rb +20 -20
- data/lib/pki_express/signature_start_result.rb +12 -12
- data/lib/pki_express/signature_starter.rb +116 -116
- data/lib/pki_express/signer.rb +151 -151
- data/lib/pki_express/standard_signature_policies.rb +58 -58
- data/lib/pki_express/timestamp_authority.rb +50 -50
- data/lib/pki_express/trust_service_auth_parameters.rb +20 -20
- data/lib/pki_express/trust_service_info.rb +37 -37
- data/lib/pki_express/trust_service_manager.rb +258 -258
- data/lib/pki_express/trust_service_session_result.rb +29 -29
- data/lib/pki_express/trust_service_session_types.rb +7 -7
- data/lib/pki_express/tsa_authentication_type.rb +14 -14
- data/lib/pki_express/validation_error.rb +8 -8
- data/lib/pki_express/validation_item.rb +43 -43
- data/lib/pki_express/validation_item_types.rb +103 -103
- data/lib/pki_express/validation_results.rb +120 -120
- data/lib/pki_express/version.rb +3 -3
- data/lib/pki_express/version_manager.rb +20 -20
- data/lib/pki_express.rb +69 -69
- data/pki_express.gemspec +26 -26
- data/spec/pki_express/pki_express_config_spec.rb +73 -0
- data/spec/pki_express/pki_express_operator_spec.rb +30 -30
- metadata +4 -2
@@ -1,285 +1,285 @@
|
|
1
|
-
module PkiExpress
|
2
|
-
class Authentication < PkiExpressOperator
|
3
|
-
|
4
|
-
attr_accessor :use_external_storage
|
5
|
-
|
6
|
-
def initialize(config=PkiExpressConfig.new)
|
7
|
-
super(config)
|
8
|
-
@nonce_base64 = nil
|
9
|
-
@certificate_path = nil
|
10
|
-
@signature_base64 = nil
|
11
|
-
@use_external_storage = false
|
12
|
-
end
|
13
|
-
|
14
|
-
# region The "nonce" accessors
|
15
|
-
|
16
|
-
def nonce
|
17
|
-
_get_nonce
|
18
|
-
end
|
19
|
-
|
20
|
-
def _get_nonce
|
21
|
-
unless @nonce_base64
|
22
|
-
return nil
|
23
|
-
end
|
24
|
-
|
25
|
-
Base64.decode64(@nonce_base64)
|
26
|
-
end
|
27
|
-
private :_get_nonce
|
28
|
-
|
29
|
-
def nonce=(nonce)
|
30
|
-
_set_nonce(nonce)
|
31
|
-
end
|
32
|
-
|
33
|
-
def _set_nonce(nonce)
|
34
|
-
unless nonce
|
35
|
-
raise 'The provided "nonce" is not valid'
|
36
|
-
end
|
37
|
-
|
38
|
-
begin
|
39
|
-
b64 = Base64.encode64(nonce)
|
40
|
-
rescue Error
|
41
|
-
raise 'The provided "nonce" is not valid'
|
42
|
-
end
|
43
|
-
|
44
|
-
@nonce_base64 = b64
|
45
|
-
end
|
46
|
-
private :_set_nonce
|
47
|
-
|
48
|
-
def nonce_base64
|
49
|
-
_get_nonce_base64
|
50
|
-
end
|
51
|
-
|
52
|
-
def _get_nonce_base64
|
53
|
-
@nonce_base64
|
54
|
-
end
|
55
|
-
private :_get_nonce_base64
|
56
|
-
|
57
|
-
def nonce_base64=(nonce_base64)
|
58
|
-
unless nonce_base64
|
59
|
-
raise 'The provided "nonce_base64" is not valid'
|
60
|
-
end
|
61
|
-
|
62
|
-
begin
|
63
|
-
Base64.decode64(nonce_base64)
|
64
|
-
rescue Error
|
65
|
-
raise 'The provided "nonce_base64" is not Base64-encoded'
|
66
|
-
end
|
67
|
-
|
68
|
-
@nonce_base64 = nonce_base64
|
69
|
-
end
|
70
|
-
|
71
|
-
#endregion
|
72
|
-
|
73
|
-
# region The "certificate" accessors
|
74
|
-
|
75
|
-
def certificate
|
76
|
-
_get_certificate
|
77
|
-
end
|
78
|
-
|
79
|
-
def _get_certificate
|
80
|
-
unless @certificate_path
|
81
|
-
return nil
|
82
|
-
end
|
83
|
-
|
84
|
-
File.read(@certificate_path)
|
85
|
-
end
|
86
|
-
private :_get_certificate
|
87
|
-
|
88
|
-
def certificate=(content_raw)
|
89
|
-
_set_certificate(content_raw)
|
90
|
-
end
|
91
|
-
|
92
|
-
def _set_certificate(content_raw)
|
93
|
-
unless content_raw
|
94
|
-
raise 'The provided "certificate" is not valid'
|
95
|
-
end
|
96
|
-
|
97
|
-
temp_file_path = self.create_temp_file
|
98
|
-
File.open(temp_file_path, 'wb') do |f|
|
99
|
-
f.write(content_raw)
|
100
|
-
end
|
101
|
-
@certificate_path = temp_file_path
|
102
|
-
end
|
103
|
-
private :_set_certificate
|
104
|
-
|
105
|
-
def certificate_base64
|
106
|
-
_get_certificate_base64
|
107
|
-
end
|
108
|
-
|
109
|
-
def _get_certificate_base64
|
110
|
-
unless @certificate_path
|
111
|
-
return nil
|
112
|
-
end
|
113
|
-
|
114
|
-
content = File.read(@certificate_path)
|
115
|
-
Base64.encode64(content)
|
116
|
-
end
|
117
|
-
private :_get_certificate_base64
|
118
|
-
|
119
|
-
def certificate_base64=(content_base64)
|
120
|
-
_set_certificate_base64(content_base64)
|
121
|
-
end
|
122
|
-
|
123
|
-
def _set_certificate_base64(content_base64)
|
124
|
-
unless content_base64
|
125
|
-
raise 'The provided "certificate_base64" is not valid'
|
126
|
-
end
|
127
|
-
|
128
|
-
begin
|
129
|
-
content_raw = Base64.decode64(content_base64)
|
130
|
-
rescue Error
|
131
|
-
raise 'The provided "certificate_base64" is not Base64-encoded'
|
132
|
-
end
|
133
|
-
|
134
|
-
_set_certificate(content_raw)
|
135
|
-
end
|
136
|
-
private :_set_certificate_base64
|
137
|
-
|
138
|
-
def certificate_path
|
139
|
-
_get_certificate_path
|
140
|
-
end
|
141
|
-
|
142
|
-
def _get_certificate_path
|
143
|
-
@certificate_path
|
144
|
-
end
|
145
|
-
private :_get_certificate_path
|
146
|
-
|
147
|
-
def certificate_path=(path)
|
148
|
-
_set_certificate_path(path)
|
149
|
-
end
|
150
|
-
|
151
|
-
def _set_certificate_path(path)
|
152
|
-
unless path
|
153
|
-
raise 'The provided "certificate_path" is not valid'
|
154
|
-
end
|
155
|
-
if File.exists?(path)
|
156
|
-
raise 'The provided "certificate_path" does not exist'
|
157
|
-
end
|
158
|
-
|
159
|
-
@certificate_path = path
|
160
|
-
end
|
161
|
-
private :_set_certificate_path
|
162
|
-
|
163
|
-
# endregion
|
164
|
-
|
165
|
-
# region The "signature" accessors
|
166
|
-
|
167
|
-
def signature
|
168
|
-
_get_signature
|
169
|
-
end
|
170
|
-
|
171
|
-
def _get_signature
|
172
|
-
unless @signature_base64
|
173
|
-
return nil
|
174
|
-
end
|
175
|
-
|
176
|
-
Base64.decode64(@signature_base64)
|
177
|
-
end
|
178
|
-
private :_get_signature
|
179
|
-
|
180
|
-
def signature=(signature)
|
181
|
-
_set_signature(signature)
|
182
|
-
end
|
183
|
-
|
184
|
-
def _set_signature(signature)
|
185
|
-
unless signature
|
186
|
-
raise 'The provided "signature" is not valid'
|
187
|
-
end
|
188
|
-
begin
|
189
|
-
b64 = Base64.encode64(signature)
|
190
|
-
rescue Error
|
191
|
-
raise 'The provided "signature" is not valid'
|
192
|
-
end
|
193
|
-
|
194
|
-
@signature_base64 = b64
|
195
|
-
end
|
196
|
-
private :_set_signature
|
197
|
-
|
198
|
-
def signature_base64
|
199
|
-
_get_signature_base64
|
200
|
-
end
|
201
|
-
|
202
|
-
def _get_signature_base64
|
203
|
-
@signature_base64
|
204
|
-
end
|
205
|
-
private :_get_signature_base64
|
206
|
-
|
207
|
-
def signature_base64=(signature_base64)
|
208
|
-
_set_signature_base64(signature_base64)
|
209
|
-
end
|
210
|
-
|
211
|
-
def _set_signature_base64(signature_base64)
|
212
|
-
unless signature_base64
|
213
|
-
raise 'The provided "signature_base64" is not valid'
|
214
|
-
end
|
215
|
-
begin
|
216
|
-
Base64.decode64(signature_base64)
|
217
|
-
rescue Error
|
218
|
-
raise 'The provided "signature_base64" is not Base64-encoded'
|
219
|
-
end
|
220
|
-
|
221
|
-
@signature_base64 = signature_base64
|
222
|
-
end
|
223
|
-
private :_set_signature_base64
|
224
|
-
|
225
|
-
# endregion
|
226
|
-
|
227
|
-
def start
|
228
|
-
args = []
|
229
|
-
|
230
|
-
# The option "use external storage" is used to ignore the PKI Express's
|
231
|
-
# nonce verification, to make a own nonce store and nonce verification.
|
232
|
-
if @use_external_storage
|
233
|
-
args.append('--nonce-store')
|
234
|
-
args.append(@config.transfer_data_folder)
|
235
|
-
end
|
236
|
-
|
237
|
-
# This operation can only be used on versions greater then 1.4 of PKI
|
238
|
-
# Express.
|
239
|
-
@version_manager.require_version('1.4')
|
240
|
-
|
241
|
-
# Invoke command.
|
242
|
-
result = invoke(Commands::START_AUTH, args)
|
243
|
-
|
244
|
-
# Parse output and return result.
|
245
|
-
model = parse_output(result)
|
246
|
-
AuthStartResult.new(model)
|
247
|
-
end
|
248
|
-
|
249
|
-
def complete
|
250
|
-
unless @nonce_base64
|
251
|
-
raise 'The nonce was not set.'
|
252
|
-
end
|
253
|
-
unless @certificate_path
|
254
|
-
raise 'The certificate file was not set.'
|
255
|
-
end
|
256
|
-
unless @signature_base64
|
257
|
-
raise 'The signature was not set.'
|
258
|
-
end
|
259
|
-
|
260
|
-
args = [
|
261
|
-
@nonce_base64,
|
262
|
-
@certificate_path,
|
263
|
-
@signature_base64
|
264
|
-
]
|
265
|
-
|
266
|
-
# The option "use external storage" is used to ignore the PKI Express's
|
267
|
-
# nonce verification, to make a own nonce store and nonce verification.
|
268
|
-
unless @use_external_storage
|
269
|
-
args.append('--nonce-store')
|
270
|
-
args.append(@config.transfer_data_folder)
|
271
|
-
end
|
272
|
-
|
273
|
-
# This configuration can only be used on versions greater than 1.4 of PKI
|
274
|
-
# Express.
|
275
|
-
@version_manager.require_version('1.4')
|
276
|
-
|
277
|
-
# Invoke command.
|
278
|
-
result = invoke(Commands::COMPLETE_AUTH, args)
|
279
|
-
|
280
|
-
# Parse output and return result.
|
281
|
-
model = parse_output(result)
|
282
|
-
AuthCompleteResult.new(model)
|
283
|
-
end
|
284
|
-
end
|
1
|
+
module PkiExpress
|
2
|
+
class Authentication < PkiExpressOperator
|
3
|
+
|
4
|
+
attr_accessor :use_external_storage
|
5
|
+
|
6
|
+
def initialize(config=PkiExpressConfig.new)
|
7
|
+
super(config)
|
8
|
+
@nonce_base64 = nil
|
9
|
+
@certificate_path = nil
|
10
|
+
@signature_base64 = nil
|
11
|
+
@use_external_storage = false
|
12
|
+
end
|
13
|
+
|
14
|
+
# region The "nonce" accessors
|
15
|
+
|
16
|
+
def nonce
|
17
|
+
_get_nonce
|
18
|
+
end
|
19
|
+
|
20
|
+
def _get_nonce
|
21
|
+
unless @nonce_base64
|
22
|
+
return nil
|
23
|
+
end
|
24
|
+
|
25
|
+
Base64.decode64(@nonce_base64)
|
26
|
+
end
|
27
|
+
private :_get_nonce
|
28
|
+
|
29
|
+
def nonce=(nonce)
|
30
|
+
_set_nonce(nonce)
|
31
|
+
end
|
32
|
+
|
33
|
+
def _set_nonce(nonce)
|
34
|
+
unless nonce
|
35
|
+
raise 'The provided "nonce" is not valid'
|
36
|
+
end
|
37
|
+
|
38
|
+
begin
|
39
|
+
b64 = Base64.encode64(nonce)
|
40
|
+
rescue Error
|
41
|
+
raise 'The provided "nonce" is not valid'
|
42
|
+
end
|
43
|
+
|
44
|
+
@nonce_base64 = b64
|
45
|
+
end
|
46
|
+
private :_set_nonce
|
47
|
+
|
48
|
+
def nonce_base64
|
49
|
+
_get_nonce_base64
|
50
|
+
end
|
51
|
+
|
52
|
+
def _get_nonce_base64
|
53
|
+
@nonce_base64
|
54
|
+
end
|
55
|
+
private :_get_nonce_base64
|
56
|
+
|
57
|
+
def nonce_base64=(nonce_base64)
|
58
|
+
unless nonce_base64
|
59
|
+
raise 'The provided "nonce_base64" is not valid'
|
60
|
+
end
|
61
|
+
|
62
|
+
begin
|
63
|
+
Base64.decode64(nonce_base64)
|
64
|
+
rescue Error
|
65
|
+
raise 'The provided "nonce_base64" is not Base64-encoded'
|
66
|
+
end
|
67
|
+
|
68
|
+
@nonce_base64 = nonce_base64
|
69
|
+
end
|
70
|
+
|
71
|
+
#endregion
|
72
|
+
|
73
|
+
# region The "certificate" accessors
|
74
|
+
|
75
|
+
def certificate
|
76
|
+
_get_certificate
|
77
|
+
end
|
78
|
+
|
79
|
+
def _get_certificate
|
80
|
+
unless @certificate_path
|
81
|
+
return nil
|
82
|
+
end
|
83
|
+
|
84
|
+
File.read(@certificate_path)
|
85
|
+
end
|
86
|
+
private :_get_certificate
|
87
|
+
|
88
|
+
def certificate=(content_raw)
|
89
|
+
_set_certificate(content_raw)
|
90
|
+
end
|
91
|
+
|
92
|
+
def _set_certificate(content_raw)
|
93
|
+
unless content_raw
|
94
|
+
raise 'The provided "certificate" is not valid'
|
95
|
+
end
|
96
|
+
|
97
|
+
temp_file_path = self.create_temp_file
|
98
|
+
File.open(temp_file_path, 'wb') do |f|
|
99
|
+
f.write(content_raw)
|
100
|
+
end
|
101
|
+
@certificate_path = temp_file_path
|
102
|
+
end
|
103
|
+
private :_set_certificate
|
104
|
+
|
105
|
+
def certificate_base64
|
106
|
+
_get_certificate_base64
|
107
|
+
end
|
108
|
+
|
109
|
+
def _get_certificate_base64
|
110
|
+
unless @certificate_path
|
111
|
+
return nil
|
112
|
+
end
|
113
|
+
|
114
|
+
content = File.read(@certificate_path)
|
115
|
+
Base64.encode64(content)
|
116
|
+
end
|
117
|
+
private :_get_certificate_base64
|
118
|
+
|
119
|
+
def certificate_base64=(content_base64)
|
120
|
+
_set_certificate_base64(content_base64)
|
121
|
+
end
|
122
|
+
|
123
|
+
def _set_certificate_base64(content_base64)
|
124
|
+
unless content_base64
|
125
|
+
raise 'The provided "certificate_base64" is not valid'
|
126
|
+
end
|
127
|
+
|
128
|
+
begin
|
129
|
+
content_raw = Base64.decode64(content_base64)
|
130
|
+
rescue Error
|
131
|
+
raise 'The provided "certificate_base64" is not Base64-encoded'
|
132
|
+
end
|
133
|
+
|
134
|
+
_set_certificate(content_raw)
|
135
|
+
end
|
136
|
+
private :_set_certificate_base64
|
137
|
+
|
138
|
+
def certificate_path
|
139
|
+
_get_certificate_path
|
140
|
+
end
|
141
|
+
|
142
|
+
def _get_certificate_path
|
143
|
+
@certificate_path
|
144
|
+
end
|
145
|
+
private :_get_certificate_path
|
146
|
+
|
147
|
+
def certificate_path=(path)
|
148
|
+
_set_certificate_path(path)
|
149
|
+
end
|
150
|
+
|
151
|
+
def _set_certificate_path(path)
|
152
|
+
unless path
|
153
|
+
raise 'The provided "certificate_path" is not valid'
|
154
|
+
end
|
155
|
+
if File.exists?(path)
|
156
|
+
raise 'The provided "certificate_path" does not exist'
|
157
|
+
end
|
158
|
+
|
159
|
+
@certificate_path = path
|
160
|
+
end
|
161
|
+
private :_set_certificate_path
|
162
|
+
|
163
|
+
# endregion
|
164
|
+
|
165
|
+
# region The "signature" accessors
|
166
|
+
|
167
|
+
def signature
|
168
|
+
_get_signature
|
169
|
+
end
|
170
|
+
|
171
|
+
def _get_signature
|
172
|
+
unless @signature_base64
|
173
|
+
return nil
|
174
|
+
end
|
175
|
+
|
176
|
+
Base64.decode64(@signature_base64)
|
177
|
+
end
|
178
|
+
private :_get_signature
|
179
|
+
|
180
|
+
def signature=(signature)
|
181
|
+
_set_signature(signature)
|
182
|
+
end
|
183
|
+
|
184
|
+
def _set_signature(signature)
|
185
|
+
unless signature
|
186
|
+
raise 'The provided "signature" is not valid'
|
187
|
+
end
|
188
|
+
begin
|
189
|
+
b64 = Base64.encode64(signature)
|
190
|
+
rescue Error
|
191
|
+
raise 'The provided "signature" is not valid'
|
192
|
+
end
|
193
|
+
|
194
|
+
@signature_base64 = b64
|
195
|
+
end
|
196
|
+
private :_set_signature
|
197
|
+
|
198
|
+
def signature_base64
|
199
|
+
_get_signature_base64
|
200
|
+
end
|
201
|
+
|
202
|
+
def _get_signature_base64
|
203
|
+
@signature_base64
|
204
|
+
end
|
205
|
+
private :_get_signature_base64
|
206
|
+
|
207
|
+
def signature_base64=(signature_base64)
|
208
|
+
_set_signature_base64(signature_base64)
|
209
|
+
end
|
210
|
+
|
211
|
+
def _set_signature_base64(signature_base64)
|
212
|
+
unless signature_base64
|
213
|
+
raise 'The provided "signature_base64" is not valid'
|
214
|
+
end
|
215
|
+
begin
|
216
|
+
Base64.decode64(signature_base64)
|
217
|
+
rescue Error
|
218
|
+
raise 'The provided "signature_base64" is not Base64-encoded'
|
219
|
+
end
|
220
|
+
|
221
|
+
@signature_base64 = signature_base64
|
222
|
+
end
|
223
|
+
private :_set_signature_base64
|
224
|
+
|
225
|
+
# endregion
|
226
|
+
|
227
|
+
def start
|
228
|
+
args = []
|
229
|
+
|
230
|
+
# The option "use external storage" is used to ignore the PKI Express's
|
231
|
+
# nonce verification, to make a own nonce store and nonce verification.
|
232
|
+
if @use_external_storage
|
233
|
+
args.append('--nonce-store')
|
234
|
+
args.append(@config.transfer_data_folder)
|
235
|
+
end
|
236
|
+
|
237
|
+
# This operation can only be used on versions greater then 1.4 of PKI
|
238
|
+
# Express.
|
239
|
+
@version_manager.require_version('1.4')
|
240
|
+
|
241
|
+
# Invoke command.
|
242
|
+
result = invoke(Commands::START_AUTH, args)
|
243
|
+
|
244
|
+
# Parse output and return result.
|
245
|
+
model = parse_output(result)
|
246
|
+
AuthStartResult.new(model)
|
247
|
+
end
|
248
|
+
|
249
|
+
def complete
|
250
|
+
unless @nonce_base64
|
251
|
+
raise 'The nonce was not set.'
|
252
|
+
end
|
253
|
+
unless @certificate_path
|
254
|
+
raise 'The certificate file was not set.'
|
255
|
+
end
|
256
|
+
unless @signature_base64
|
257
|
+
raise 'The signature was not set.'
|
258
|
+
end
|
259
|
+
|
260
|
+
args = [
|
261
|
+
@nonce_base64,
|
262
|
+
@certificate_path,
|
263
|
+
@signature_base64
|
264
|
+
]
|
265
|
+
|
266
|
+
# The option "use external storage" is used to ignore the PKI Express's
|
267
|
+
# nonce verification, to make a own nonce store and nonce verification.
|
268
|
+
unless @use_external_storage
|
269
|
+
args.append('--nonce-store')
|
270
|
+
args.append(@config.transfer_data_folder)
|
271
|
+
end
|
272
|
+
|
273
|
+
# This configuration can only be used on versions greater than 1.4 of PKI
|
274
|
+
# Express.
|
275
|
+
@version_manager.require_version('1.4')
|
276
|
+
|
277
|
+
# Invoke command.
|
278
|
+
result = invoke(Commands::COMPLETE_AUTH, args)
|
279
|
+
|
280
|
+
# Parse output and return result.
|
281
|
+
model = parse_output(result)
|
282
|
+
AuthCompleteResult.new(model)
|
283
|
+
end
|
284
|
+
end
|
285
285
|
end
|
@@ -1,55 +1,55 @@
|
|
1
|
-
module PkiExpress
|
2
|
-
|
3
|
-
class BaseSigner < PkiExpressOperator
|
4
|
-
|
5
|
-
def initialize(config=PkiExpressConfig.new)
|
6
|
-
super(config)
|
7
|
-
end
|
8
|
-
|
9
|
-
def verify_and_add_common_options(args)
|
10
|
-
|
11
|
-
if StandardSignaturePolicies::require_timestamp(@signature_policy) and
|
12
|
-
@timestamp_authority.nil?
|
13
|
-
raise 'The provided policy requires a timestamp authority and none was provided.'
|
14
|
-
end
|
15
|
-
|
16
|
-
# Set the signature policy.
|
17
|
-
unless @signature_policy.nil?
|
18
|
-
args << '--policy'
|
19
|
-
args << @signature_policy
|
20
|
-
|
21
|
-
# This operation evolved after version 1.5 to other signature policies.
|
22
|
-
if @signature_policy != StandardSignaturePolicies::XML_DSIG_BASIC and @signature_policy != StandardSignaturePolicies::NFE_PADRAO_NACIONAL
|
23
|
-
# This operation evolved after version 1.5 to other signature
|
24
|
-
# policies.
|
25
|
-
@version_manager.require_version('1.5')
|
26
|
-
end
|
27
|
-
|
28
|
-
if @signature_policy == StandardSignaturePolicies::COD_WITH_SHA1 or @signature_policy == StandardSignaturePolicies::COD_WITH_SHA256
|
29
|
-
# These policies can only be used on version greater than 1.6 of
|
30
|
-
# PKI Express.
|
31
|
-
@version_manager.require_version('1.6')
|
32
|
-
end
|
33
|
-
|
34
|
-
if @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_BASICA or @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_BASICA_WITH_LTV or @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_TEMPO
|
35
|
-
# These policies can only be used on version greater than 1.12 of
|
36
|
-
# PKI Express.
|
37
|
-
@version_manager.require_version('1.12')
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
# Add timestamp authority.
|
42
|
-
if @timestamp_authority
|
43
|
-
tsp_args = @timestamp_authority.get_cmd_arguments
|
44
|
-
args.append(*tsp_args)
|
45
|
-
|
46
|
-
|
47
|
-
# This option can only be used on version greater than 1.5 of the
|
48
|
-
# PKI Express.
|
49
|
-
@version_manager.require_version('1.5')
|
50
|
-
end
|
51
|
-
end
|
52
|
-
protected :verify_and_add_common_options
|
53
|
-
end
|
54
|
-
|
1
|
+
module PkiExpress
|
2
|
+
|
3
|
+
class BaseSigner < PkiExpressOperator
|
4
|
+
|
5
|
+
def initialize(config=PkiExpressConfig.new)
|
6
|
+
super(config)
|
7
|
+
end
|
8
|
+
|
9
|
+
def verify_and_add_common_options(args)
|
10
|
+
|
11
|
+
if StandardSignaturePolicies::require_timestamp(@signature_policy) and
|
12
|
+
@timestamp_authority.nil?
|
13
|
+
raise 'The provided policy requires a timestamp authority and none was provided.'
|
14
|
+
end
|
15
|
+
|
16
|
+
# Set the signature policy.
|
17
|
+
unless @signature_policy.nil?
|
18
|
+
args << '--policy'
|
19
|
+
args << @signature_policy
|
20
|
+
|
21
|
+
# This operation evolved after version 1.5 to other signature policies.
|
22
|
+
if @signature_policy != StandardSignaturePolicies::XML_DSIG_BASIC and @signature_policy != StandardSignaturePolicies::NFE_PADRAO_NACIONAL
|
23
|
+
# This operation evolved after version 1.5 to other signature
|
24
|
+
# policies.
|
25
|
+
@version_manager.require_version('1.5')
|
26
|
+
end
|
27
|
+
|
28
|
+
if @signature_policy == StandardSignaturePolicies::COD_WITH_SHA1 or @signature_policy == StandardSignaturePolicies::COD_WITH_SHA256
|
29
|
+
# These policies can only be used on version greater than 1.6 of
|
30
|
+
# PKI Express.
|
31
|
+
@version_manager.require_version('1.6')
|
32
|
+
end
|
33
|
+
|
34
|
+
if @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_BASICA or @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_BASICA_WITH_LTV or @signature_policy == StandardSignaturePolicies::PKI_BRAZIL_PADES_ADR_TEMPO
|
35
|
+
# These policies can only be used on version greater than 1.12 of
|
36
|
+
# PKI Express.
|
37
|
+
@version_manager.require_version('1.12')
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Add timestamp authority.
|
42
|
+
if @timestamp_authority
|
43
|
+
tsp_args = @timestamp_authority.get_cmd_arguments
|
44
|
+
args.append(*tsp_args)
|
45
|
+
|
46
|
+
|
47
|
+
# This option can only be used on version greater than 1.5 of the
|
48
|
+
# PKI Express.
|
49
|
+
@version_manager.require_version('1.5')
|
50
|
+
end
|
51
|
+
end
|
52
|
+
protected :verify_and_add_common_options
|
53
|
+
end
|
54
|
+
|
55
55
|
end
|