packages/signing/transports/local-cert.ts

import fs from 'node:fs';

import { signWithP12 } from '@documenso/pdf-sign';

import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';
import { updateSigningPlaceholder } from '../helpers/update-signing-placeholder';

export type SignWithLocalCertOptions = {
  pdf: Buffer;
};

export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {
  const { pdf: pdfWithPlaceholder, byteRange } = updateSigningPlaceholder({
    pdf: await addSigningPlaceholder({ pdf }),
  });

  const pdfWithoutSignature = Buffer.concat([
    pdfWithPlaceholder.subarray(0, byteRange[1]),
    pdfWithPlaceholder.subarray(byteRange[2]),
  ]);

  const signatureLength = byteRange[2] - byteRange[1];

  let cert: Buffer | null = null;

  if (process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS) {
    cert = Buffer.from(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS, 'base64');
  }

  if (!cert) {
    cert = Buffer.from(
      fs.readFileSync(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH || './example/cert.p12'),
    );
  }

  const signature = signWithP12({
    cert,
    content: pdfWithoutSignature,
    password: process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE || undefined,
  });

  const signatureAsHex = signature.toString('hex');

  const signedPdf = Buffer.concat([
    pdfWithPlaceholder.subarray(0, byteRange[1]),
    Buffer.from(`<${signatureAsHex.padEnd(signatureLength - 2, '0')}>`),
    pdfWithPlaceholder.subarray(byteRange[2]),
  ]);

  return signedPdf;
};
chore: sign document 2023-09-25 15:57:10 +10:00			`import fs from 'node:fs';`

chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`import { signWithP12 } from '@documenso/pdf-sign';`

			`import { addSigningPlaceholder } from '../helpers/add-signing-placeholder';`
			`import { updateSigningPlaceholder } from '../helpers/update-signing-placeholder';`
chore: sign document 2023-09-25 15:57:10 +10:00
			`export type SignWithLocalCertOptions = {`
			`pdf: Buffer;`
			`};`

			`export const signWithLocalCert = async ({ pdf }: SignWithLocalCertOptions) => {`
chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`const { pdf: pdfWithPlaceholder, byteRange } = updateSigningPlaceholder({`
			`pdf: await addSigningPlaceholder({ pdf }),`
			`});`

			`const pdfWithoutSignature = Buffer.concat([`
			`pdfWithPlaceholder.subarray(0, byteRange[1]),`
			`pdfWithPlaceholder.subarray(byteRange[2]),`
			`]);`

			`const signatureLength = byteRange[2] - byteRange[1];`
chore: sign document 2023-09-25 15:57:10 +10:00
chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`let cert: Buffer \| null = null;`
chore: sign document 2023-09-25 15:57:10 +10:00
			`if (process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS) {`
chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`cert = Buffer.from(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS, 'base64');`
chore: sign document 2023-09-25 15:57:10 +10:00			`}`

chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`if (!cert) {`
			`cert = Buffer.from(`
chore: sign document 2023-09-25 15:57:10 +10:00			`fs.readFileSync(process.env.NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH \|\| './example/cert.p12'),`
			`);`
			`}`

chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`const signature = signWithP12({`
			`cert,`
			`content: pdfWithoutSignature,`
			`password: process.env.NEXT_PRIVATE_SIGNING_PASSPHRASE \|\| undefined,`
			`});`

			`const signatureAsHex = signature.toString('hex');`

			`const signedPdf = Buffer.concat([`
			`pdfWithPlaceholder.subarray(0, byteRange[1]),`
			Buffer.from(`<${signatureAsHex.padEnd(signatureLength - 2, '0')}>`),
			`pdfWithPlaceholder.subarray(byteRange[2]),`
			`]);`
chore: sign document 2023-09-25 15:57:10 +10:00
chore: use rust based cms signing 2024-03-15 22:26:09 +11:00			`return signedPdf;`
chore: sign document 2023-09-25 15:57:10 +10:00			`};`