def upload(goto):
"""
This function allows the user to upload a file to be signed. Once the file
is uploaded, we save it to the app_data folder and redirect the user to
cades-signature or pades-signature view passing the filename on the
"userfile" URL argument.
"""
if request.method == 'POST':
userfile = request.files['userfile']
# Generate a unique filename.
filename = '%s_%s' % (str(
uuid.uuid4()), secure_filename(userfile.filename))
# Move the file to the "app_data" with the unique filename. Make sure
# the "app_data" folder exists (static/util.py).
create_app_data()
userfile.save(
os.path.join(current_app.config['APPDATA_FOLDER'], filename))
# Redirect the user to the redirect parameter "goto".
return redirect('/%s/%s' % (goto, filename))
else:
return render_template('upload/index.html')
def get(filename):
# Locate document. This sample should not ocntinue if the file is not found.
if not os.path.exists(os.path.join(current_app.config['APPDATA_FOLDER'],
filename)):
# Return "Not found" code.
abort(404)
return
# Get an instance of the PadesTimestamper class, used to timestamp a PDF
# file.
stamper = PadesTimestamper()
# Set PKI default (see utils.py).
set_pki_defaults(stamper)
# Set the PDF to be timestamped.
stamper.set_pdf_from_path(os.path.join(current_app.config['APPDATA_FOLDER'],
filename))
# Generate path for output file and add to the stamper.
create_app_data() # Guarantees that "app_data" folder exists.
output_file = '%s.pdf' % str(uuid.uuid4())
stamper.output_file_path = os.path.join(
current_app.config['APPDATA_FOLDER'], output_file)
# Add a timestmap to the PDF file.
stamper.stamp()
# Return the stamped PDF as a downloadable file.
return send_from_directory(current_app.config['APPDATA_FOLDER'],
output_file)
def complete(token=None):
"""
This function is called asynchornously via AJAX by the batch signature page
for each document being signed. It receives the tokne, that identifies the
signature process. We'll call REST PKI to complete this signature and return
a JSON with the saved filename so that the page can render a link to it.
"""
# Get an instance of the CadesSignatureFinisher class, responsible for
# completing the signature process.
signature_finisher = CadesSignatureFinisher(get_restpki_client())
# Set the token.
signature_finisher.token = token
# Call the finish() method, which finalizes the signature process.The
# return value is the CMS content.
result = signature_finisher.finish()
# At this point, you'd typically store the signed PDF on your database.
# For demonstration purposes, we'll store the CMS on a temporary folder
# publicly accessible and render a link to it.
create_app_data() # Guarantees that "app data" folder exists.
filename = '%s.p7s' % (str(uuid.uuid4()))
result.write_to_file(
os.path.join(current_app.config['APPDATA_FOLDER'], filename))
return jsonify(filename)
def index(userfile):
try:
# Verify if the provided userfile exists.
if not os.path.exists(
os.path.join(current_app.config['APPDATA_FOLDER'], userfile)):
return render_template('error.html', msg='File not found')
# Get an instance of the PadesSigner class, responsible for receiving
# the signature elements and performing the local signature.
signer = PadesSigner()
# Set PKI default options (see utils.py).
set_pki_defaults(signer)
# Set signature policy.
signer.signature_policy = \
standard_signature_policies.PADES_BASIC_WITH_LTV
# Set PDF to be signed.
signer.set_pdf_to_sign_from_path(
os.path.join(current_app.config['APPDATA_FOLDER'], userfile))
# The PKCS #12 certificate path.
signer.set_pkcs12_from_path(
os.path.join(current_app.static_folder, 'Pierre de Fermat.pfx'))
# Set the certificate's PIN.
signer.cert_password = '******'
# Set a file reference for the stamp file. Note that this file can be
# referenced later by "fref://{alias}" at the "url" field on the visual
# representation (see content/vr.json or get_visual_representation()
# method).
signer.add_file_reference('stamp', get_pdf_stamp_path())
# Set visual representation. We provide a dictionary that represents the
# visual representation JSON model.
signer.set_visual_representation(get_visual_representation())
# Generate path for output file and add to signer object.
create_app_data() # Guarantees that "app data" folder exists.
output_file = '%s.pdf' % (str(uuid.uuid4()))
signer.output_file = os.path.join(current_app.config['APPDATA_FOLDER'],
output_file)
# Perform the signature.
signer_cert = signer.sign(get_cert=True)
response = make_response(
render_template('pades_signature_server_key/index.html',
signer_cert=signer_cert,
filename=output_file))
response.headers = get_expired_page_headers()
return response
except Exception as e:
return render_template('error.html', msg=e)
def complete():
"""
This function completes the signature, it will be called programatically
after the Web PKI component perform the signature and submit the form (see
method sign() on static/js/signature-complete-form.js).
"""
userfile = None
try:
# Recover variables from the POST arguments to be used on this step.
transfer_file = request.form['transferFileField']
signature = request.form['signatureField']
if request.form['userfileField'] != 'None':
userfile = request.form['userfileField']
# Get an instance of the SignatureFinisher class, responsible for
# completing the signature process.
signature_finisher = SignatureFinisher()
# Set PKI default options (see utils.py).
set_pki_defaults(signature_finisher)
# Set the file to be signed. It's the same file we used on "start"
# method.
if userfile:
signature_finisher.set_file_to_sign_from_path(
os.path.join(current_app.config['APPDATA_FOLDER'], userfile))
else:
signature_finisher.set_file_to_sign_from_path(
get_sample_doc_path())
# Set the transfer file.
signature_finisher.set_transfer_file_from_path(transfer_file)
# Set the signature file.
signature_finisher.signature = signature
# Generate path for output file and add to the signature finisher.
create_app_data() # Guarantees that "app data" folder exists.
filename = '%s.p7s' % (str(uuid.uuid4()))
signature_finisher.output_file = \
os.path.join(current_app.config['APPDATA_FOLDER'], filename)
# Complete the signature process.
signer_cert = signature_finisher.complete(get_cert=True)
return render_template('cades_signature/signature-info.html',
signer_cert=signer_cert,
filename=filename)
except Exception as e:
flash(str(e))
return redirect(url_for('cades_signature.index', userfile=userfile))
def index(userfile):
try:
# Verify if the provided userfile exists.
if not os.path.exists(
os.path.join(current_app.config['APPDATA_FOLDER'], userfile)):
return render_template('error.html', msg='File not found')
# Get an instance of the CadesSigner class, responsible for receiving
# the signature elements and performing the local signature.
signer = CadesSigner()
# Set PKI default options (see utils.py).
set_pki_defaults(signer)
# Set signature policy.
signer.signature_policy = \
standard_signature_policies.PKI_BRAZIL_CADES_ADR_BASICA
# Set file to be signed. If the file is a CSM, the PKI Express will
# recognize that and will co-sign that file.
signer.set_file_to_sign_from_path(
os.path.join(current_app.config['APPDATA_FOLDER'], userfile))
# The PKCS #12 certificate path.
signer.set_pkcs12_from_path(
os.path.join(current_app.static_folder, 'Pierre de Fermat.pfx'))
# Set the certificate's PIN.
signer.cert_password = '******'
# Set 'encapsulate content' option (default: True).
signer.encapsulated_content = True
# Generate path for output file and add to signer object.
create_app_data() # Guarantees that "app_data" folder exists.
output_file = '%s.p7s' % (str(uuid.uuid4()))
signer.output_file = os.path.join(current_app.config['APPDATA_FOLDER'],
output_file)
# Perform the signature.
signer_cert = signer.sign(get_cert=True)
response = make_response(
render_template('cades_signature_server_key/index.html',
signer_cert=signer_cert,
filename=output_file))
response.headers = get_expired_page_headers()
return response
except Exception as e:
return render_template('error.html', msg=e)
def action():
"""
This function receives the form submission from the template
cades-signature/index.html. We'll call REST PKI to complete the signature.
"""
try:
# Get the token for this signature. (rendered in a hidden input field, see
# pades-signature/index.html template)
token = request.form['token']
# Get an intance of the PadesSignatureFinisher class, responsible for
# completing the signature process.
signature_finisher = PadesSignatureFinisher(get_restpki_client())
# Set the token.
signature_finisher.token = token
# Call the finish() method, which finalizes the signature process. The
# return value is the signed PDF content.
result = signature_finisher.finish()
# Get information about the certificate used by the user to sign the file.
# This method must only be called after calling the finish() method.
signer_cert = result.certificate
# At this point, you'd typically store the signed PDF on your database. For
# demonstration purposes, we'll store the PDF on a temporary folder publicly
# accessible and render a link to it.
create_app_data() # Guarantees that "app data" folder exists.
filename = '%s.pdf' % (str(uuid.uuid4()))
result.write_to_file(
os.path.join(current_app.config['APPDATA_FOLDER'], filename))
return render_template('pades_signature/action.html',
filename=filename,
signer_cert=signer_cert)
except Exception as e:
return render_template('error.html', msg=e)
def complete():
"""
This method is called asynchronously via AJAX by the batch signature page
for each document being signed. It completes the CAdES signature using
PKI Express and returns a JSON with the saved filename so that the page can
render a link to it.
"""
# Recover variables from the POST arguments to be used on this step.
file_id = request.form['id']
transfer_file = request.form['transferFile']
signature = request.form['signature']
# Get an instance of the SignatureFinisher class, responsible for completing
# the signature process.
signature_finisher = SignatureFinisher()
# Set PKI default options (see utils.py).
set_pki_defaults(signature_finisher)
# Set the file to be signed. It's the same file we use don "start" method.
signature_finisher.set_file_to_sign_from_path(
get_sample_batch_doc_path(file_id))
# Set the transfer file.
signature_finisher.set_transfer_file_from_path(transfer_file)
# Set the signature file.
signature_finisher.signature = signature
# Generate path for output file and add to the signature finisher.
create_app_data() # Guarantees that "app data" folder exists.
filename = '%s.p7s' % (str(uuid.uuid4()))
signature_finisher.output_file = \
os.path.join(current_app.config['APPDATA_FOLDER'], filename)
# Complete the signature process.
signature_finisher.complete()
return jsonify(filename)