Merge pull request #21 from JSignPdf/fix/works-with-unicode-password

jeidison · web-flow · commit 3596031ecebf · 2024-04-24T14:19:52.000-03:00
fix: works with unicode password
diff --git a/src/Sign/JSignService.php b/src/Sign/JSignService.php
@@ -24,7 +24,7 @@ public function sign(JSignParam $params)
             $this->validation($params);
 
             $commandSign = $this->commandSign($params);
-            \exec($commandSign, $output);
+            exec($commandSign, $output);
 
             $out            = json_encode($output);
             $messageSuccess = "Finished: Signature succesfully created.";
@@ -51,6 +51,21 @@ public function sign(JSignParam $params)
         }
     }
 
+    /**
+     * JSignPdf don't works as well at CLI interfaceif the password have
+     * unicode chars. As workaround, I changed the password certificate in
+     * memory.
+     */
+    private function repackCertificateIfPasswordIsUnicode(JSignParam $params, $cert, $pkey)
+    {
+        if (!mb_detect_encoding($params->getPassword(), 'ASCII', true)) {
+            $password = md5(microtime());
+            $newCert = $this->exportToPkcs12($cert, $pkey, $password);
+            $params->setPassword($password);
+            $params->setCertificate($newCert);
+        }
+    }
+
     public function getVersion(JSignParam $params)
     {
         $java     = $this->javaCommand($params);
@@ -75,8 +90,8 @@ private function validation(JSignParam $params)
         $this->throwIf(empty($params->getPdf()), 'PDF is Empty or Invalid.');
         $this->throwIf(empty($params->getCertificate()), 'Certificate is Empty or Invalid.');
         $this->throwIf(empty($params->getPassword()), 'Certificate Password is Empty.');
-        $this->throwIf(!$this->isPasswordCertificateValid($params->getCertificate(), $params->getPassword()), 'Certificate Password Invalid.');
-        $this->throwIf($this->isExpiredCertificate($params->getCertificate(), $params->getPassword()), 'Certificate expired.');
+        $this->throwIf(!$this->isPasswordCertificateValid($params), 'Certificate Password Invalid.');
+        $this->throwIf($this->isExpiredCertificate($params), 'Certificate expired.');
         if ($params->isUseJavaInstalled()) {
             $javaVersion    = exec("java -version 2>&1");
             $hasJavaVersion = strpos($javaVersion, 'not found') === false;
@@ -135,9 +150,9 @@ private function throwIf($condition, $message)
             throw new Exception($message);
     }
 
-    private function isPasswordCertificateValid($certificate, $password)
+    private function isPasswordCertificateValid(JSignParam $params)
     {
-        return $this->pkcs12Read($certificate, $password);
+        return $this->pkcs12Read($params);
     }
 
     /**
@@ -153,9 +168,12 @@ private function isPasswordCertificateValid($certificate, $password)
      * https://github.com/php/php-src/issues/12128
      * https://www.php.net/manual/en/function.openssl-pkcs12-read.php#128992
      */
-    private function pkcs12Read($certificate, $password)
+    private function pkcs12Read(JSignParam $params)
     {
+        $certificate = $params->getCertificate();
+        $password = $params->getPassword();
         if (openssl_pkcs12_read($certificate, $certInfo, $password)) {
+            $this->repackCertificateIfPasswordIsUnicode($params, $certInfo['cert'], $certInfo['pkey']);
             return $certInfo;
         }
         $msg = openssl_error_string();
@@ -175,19 +193,33 @@ private function pkcs12Read($certificate, $password)
                 REPACK_COMMAND
             );
             $certificateRepacked = file_get_contents($tempEncriptedRepacked);
+            $params->setCertificate($certificateRepacked);
             unlink($tempPassword);
             unlink($tempEncriptedOriginal);
             unlink($tempEncriptedRepacked);
             unlink($tempDecrypted);
             openssl_pkcs12_read($certificateRepacked, $certInfo, $password);
+            $this->repackCertificateIfPasswordIsUnicode($params, $certInfo['cert'], $certInfo['pkey']);
             return $certInfo;
         }
         return [];
     }
 
-    private function isExpiredCertificate($certificate, $password)
+    private function exportToPkcs12(\OpenSSLCertificate|string $certificate, \OpenSSLAsymmetricKey|\OpenSSLCertificate|string $privateKey, string $password)
+    {
+        $certContent = null;
+        openssl_pkcs12_export(
+            $certificate,
+            $certContent,
+            $privateKey,
+            $password,
+        );
+        return $certContent;
+    }
+
+    private function isExpiredCertificate(JSignParam $params)
     {
-        $certInfo = $this->pkcs12Read($certificate, $password);
+        $certInfo = $this->pkcs12Read($params);
         $certificate = openssl_x509_parse($certInfo['cert']);
         $dateCert    = date_create()->setTimestamp($certificate['validTo_time_t']);
         return $dateCert <= date_create();
diff --git a/tests/JSignPDFTest.php b/tests/JSignPDFTest.php
@@ -1,5 +1,16 @@
 <?php
 
+namespace Jeidison\JSignPDF\Sign;
+
+function exec(string $command, array &$output = null, int &$return_var = null) {
+    global $mockExec;
+    if ($mockExec) {
+        $output = $mockExec;
+        return $output;
+    }
+    return \exec($command, $output, $return_var);
+}
+
 namespace Jeidison\JSignPDF\Tests;
 
 use Exception;
@@ -16,6 +27,8 @@ class JSignPDFTest extends TestCase
 
     protected function setUp(): void
     {
+        global $mockExec;
+        $mockExec = null;
         $this->service = new JSignService();
     }
 
@@ -41,14 +54,9 @@ private function getNewCert($password)
         $temporaryFile = tempnam(sys_get_temp_dir(), 'cfg');
         $csr = openssl_csr_new($csrNames, $privateKey);
         $x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, 365);
-        return $this->exportToPkcs12($x509, $privateKey, $password);
-    }
-
-    private function exportToPkcs12(\OpenSSLCertificate $certificate, \OpenSSLAsymmetricKey $privateKey, string $password)
-    {
         $certContent = null;
         openssl_pkcs12_export(
-            $certificate,
+            $x509,
             $certContent,
             $privateKey,
             $password,
@@ -67,19 +75,35 @@ public function testSignSuccess()
         $this->assertNotNull($fileSigned);
     }
 
-    public function testSignUsingPasswordWithQuote()
+    /**
+     * @dataProvider providerSignUsingDifferentPasswords
+     */
+    public function testSignUsingDifferentPasswords(string $password)
     {
+        global $mockExec;
         if (!class_exists('JSignPDF\JSignPDFBin\JavaCommandService')) {
             $this->markTestSkipped('Install jsignpdf/jsignpdf-bin');
         }
         $params = JSignParamBuilder::instance()->withDefault();
-        $password = "with ' quote";
         $params->setCertificate($this->getNewCert($password));
         $params->setPassword($password);
+        $mockExec = 'Finished: Signature succesfully created.';
+        $path = $params->getTempPdfSignedPath();
+        file_put_contents($path, 'dummy');
         $fileSigned = $this->service->sign($params);
         $this->assertNotNull($fileSigned);
     }
 
+    public function providerSignUsingDifferentPasswords()
+    {
+        return [
+            ["with ' quote"],
+            ['with ( parentheis )'],
+            ['with $ dollar'],
+            ['with 😃 unicode'],
+        ];
+    }
+
     public function testCertificateExpired()
     {
         if (!class_exists('JSignPDF\JSignPDFBin\JavaCommandService')) {
