fix: works with unicode password

JSignPdf don't works as well at CLI interfaceif the password have unicode
chars. As workaround, I changed the password certificate in memory.

Signed-off-by: Vitor Mattos <vitor@php.rio>

Author: vitormattos

src/Sign/JSignService.php

@@ -22,6 +22,7 @@ public function sign(JSignParam $params)
     {
         try {
             $this->validation($params);
+            $this->repackCertificateIfPasswordIsUnicode($params);
 
             $commandSign = $this->commandSign($params);
             \exec($commandSign, $output);
@@ -51,6 +52,22 @@ public function sign(JSignParam $params)
         }
     }
 
+    /**
+     * JSignPdf don't works as well at CLI interfaceif the password have
+     * unicode chars. As workaround, I changed the password certificate in
+     * memory.
+     */
+    private function repackCertificateIfPasswordIsUnicode(JSignParam $params)
+    {
+        if (!mb_detect_encoding($params->getPassword(), 'ASCII', true)) {
+            $password = md5(microtime());
+            $certInfo = $this->pkcs12Read($params);
+            $newCert = $this->exportToPkcs12($certInfo['cert'], $certInfo['pkey'], $password);
+            $params->setPassword($password);
+            $params->setCertificate($newCert);
+        }
+    }
+
     public function getVersion(JSignParam $params)
     {
         $java     = $this->javaCommand($params);
@@ -75,8 +92,8 @@ private function validation(JSignParam $params)
         $this->throwIf(empty($params->getPdf()), 'PDF is Empty or Invalid.');
         $this->throwIf(empty($params->getCertificate()), 'Certificate is Empty or Invalid.');
         $this->throwIf(empty($params->getPassword()), 'Certificate Password is Empty.');
-        $this->throwIf(!$this->isPasswordCertificateValid($params->getCertificate(), $params->getPassword()), 'Certificate Password Invalid.');
-        $this->throwIf($this->isExpiredCertificate($params->getCertificate(), $params->getPassword()), 'Certificate expired.');
+        $this->throwIf(!$this->isPasswordCertificateValid($params), 'Certificate Password Invalid.');
+        $this->throwIf($this->isExpiredCertificate($params), 'Certificate expired.');
         if ($params->isUseJavaInstalled()) {
             $javaVersion    = exec("java -version 2>&1");
             $hasJavaVersion = strpos($javaVersion, 'not found') === false;
@@ -135,9 +152,9 @@ private function throwIf($condition, $message)
             throw new Exception($message);
     }
 
-    private function isPasswordCertificateValid($certificate, $password)
+    private function isPasswordCertificateValid(JSignParam $params)
     {
-        return $this->pkcs12Read($certificate, $password);
+        return $this->pkcs12Read($params);
     }
 
     /**
@@ -153,8 +170,10 @@ private function isPasswordCertificateValid($certificate, $password)
      * https://github.com/php/php-src/issues/12128
      * https://www.php.net/manual/en/function.openssl-pkcs12-read.php#128992
      */
-    private function pkcs12Read($certificate, $password)
+    private function pkcs12Read(JSignParam $params)
     {
+        $certificate = $params->getCertificate();
+        $password = $params->getPassword();
         if (openssl_pkcs12_read($certificate, $certInfo, $password)) {
             return $certInfo;
         }
@@ -175,6 +194,7 @@ private function pkcs12Read($certificate, $password)
                 REPACK_COMMAND
             );
             $certificateRepacked = file_get_contents($tempEncriptedRepacked);
+            $params->setCertificate($certificateRepacked);
             unlink($tempPassword);
             unlink($tempEncriptedOriginal);
             unlink($tempEncriptedRepacked);
@@ -185,9 +205,21 @@ private function pkcs12Read($certificate, $password)
         return [];
     }
 
-    private function isExpiredCertificate($certificate, $password)
+    public function exportToPkcs12(\OpenSSLCertificate|string $certificate, \OpenSSLAsymmetricKey|\OpenSSLCertificate|string $privateKey, string $password)
+    {
+        $certContent = null;
+        openssl_pkcs12_export(
+            $certificate,
+            $certContent,
+            $privateKey,
+            $password,
+        );
+        return $certContent;
+    }
+
+    private function isExpiredCertificate(JSignParam $params)
     {
-        $certInfo = $this->pkcs12Read($certificate, $password);
+        $certInfo = $this->pkcs12Read($params);
         $certificate = openssl_x509_parse($certInfo['cert']);
         $dateCert    = date_create()->setTimestamp($certificate['validTo_time_t']);
         return $dateCert <= date_create();

tests/JSignPDFTest.php

@@ -41,19 +41,7 @@ private function getNewCert($password)
         $temporaryFile = tempnam(sys_get_temp_dir(), 'cfg');
         $csr = openssl_csr_new($csrNames, $privateKey);
         $x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, 365);
-        return $this->exportToPkcs12($x509, $privateKey, $password);
-    }
-
-    private function exportToPkcs12(\OpenSSLCertificate $certificate, \OpenSSLAsymmetricKey $privateKey, string $password)
-    {
-        $certContent = null;
-        openssl_pkcs12_export(
-            $certificate,
-            $certContent,
-            $privateKey,
-            $password,
-        );
-        return $certContent;
+        return $this->service->exportToPkcs12($x509, $privateKey, $password);
     }
 
     public function testSignSuccess()
@@ -67,19 +55,31 @@ public function testSignSuccess()
         $this->assertNotNull($fileSigned);
     }
 
-    public function testSignUsingPasswordWithQuote()
+    /**
+     * @dataProvider providerSignUsingDifferentPasswords
+     */
+    public function testSignUsingDifferentPasswords(string $password)
     {
         if (!class_exists('JSignPDF\JSignPDFBin\JavaCommandService')) {
             $this->markTestSkipped('Install jsignpdf/jsignpdf-bin');
         }
         $params = JSignParamBuilder::instance()->withDefault();
-        $password = "with ' quote";
         $params->setCertificate($this->getNewCert($password));
         $params->setPassword($password);
         $fileSigned = $this->service->sign($params);
         $this->assertNotNull($fileSigned);
     }
 
+    public function providerSignUsingDifferentPasswords()
+    {
+        return [
+            ["with ' quote"],
+            ['with ( parentheis )'],
+            ['with $ dollar'],
+            ['with 😃 unicode'],
+        ];
+    }
+
     public function testCertificateExpired()
     {
         if (!class_exists('JSignPDF\JSignPDFBin\JavaCommandService')) {