update deps, switching pyhanko to version 0.29

Included tzdata package and set the timezone to Europe/Paris by creating a symbolic link in /etc/localtime. This ensures the container runs with the correct timezone settings.

.idea/misc.xml

@@ -3,5 +3,5 @@
   <component name="Black">
     <option name="sdkName" value="Python 3.10 (pythonProject)" />
   </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10 (pythonProject)" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10 virtualenv at ~/dev/chill/sign-pdf-worker/pythonProject/.venv" project-jdk-type="Python SDK" />
 </project>

.idea/sign-pdf-worker.iml

@@ -4,7 +4,7 @@
     <content url="file://$MODULE_DIR$">
       <excludeFolder url="file://$MODULE_DIR$/pythonProject/.venv" />
     </content>
-    <orderEntry type="inheritedJdk" />
+    <orderEntry type="jdk" jdkName="Python 3.10 virtualenv at ~/dev/chill/sign-pdf-worker/pythonProject/.venv" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
 </module>

pythonProject/Dockerfile

@@ -5,7 +5,10 @@ FROM python:3.10-alpine
 WORKDIR /app
 
 # add required clis
-RUN apk add --no-cache openssl
+RUN apk add --no-cache openssl tzdata
+
+# set timezone
+RUN ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
 
 # Copy requirements.txt to the Docker container
 COPY requirements.txt .

pythonProject/requirements.txt

@@ -1,20 +1,22 @@
 asn1crypto==1.5.1
-certifi==2024.6.2
-cffi==1.16.0
-charset-normalizer==3.3.2
-click==8.1.7
-cryptography==42.0.8
-idna==3.7
+certifi==2025.4.26
+cffi==1.17.1
+charset-normalizer==3.4.2
+click==8.2.1
+cryptography==45.0.3
+idna==3.10
+lxml==5.4.0
 oscrypto==1.3.0
 pika==1.3.2
+pika-stubs==0.1.3
 pycparser==2.22
-pyHanko==0.25.0
-pyhanko-certvalidator==0.26.3
+pyHanko==0.29.0
+pyhanko-certvalidator==0.27.0
 pypng==0.20220715.0
-PyYAML==6.0.1
-qrcode==7.4.2
+PyYAML==6.0.2
+qrcode==8.2
 requests==2.32.3
-typing_extensions==4.12.2
-tzlocal==5.2
-uritools==4.0.3
-urllib3==2.2.2
+typing_extensions==4.14.0
+tzlocal==5.3.1
+uritools==5.0.0
+urllib3==2.4.0

pythonProject/sign_individual.py

@@ -13,9 +13,13 @@ orchestrator = SignOrchestrator('./assets/dummy.p12',
                                 pkcs12_password=None)
 
 with open('./assets/test.pdf', 'rb') as input:
-    signed_content = orchestrator.sign(reason="first signer", signature_index=None,
+    signed_content = orchestrator.sign(reason="first\nsigner\nreturn\ntext", signature_index=None,
                                        input_content=input.read(), box_place=(300, 600, 500, 660), on_page=0,
-                                       signer_text="Mme Caroline Diallo")
+                                       signer_text="""Mme Caroline Diallo
+with
+return
+text
+""")
 
     with open('./assets/test_signed_0.pdf', 'wb') as output:
         output.write(signed_content.read())

pythonProject/worker.py

@@ -26,7 +26,7 @@ TSA_CONFIG_PATH = os.environ.get('TSA_CONFIG_PATH')
 TSA_CERT_CHAIN = os.environ.get('TSA_CERT_CHAIN')
 TSA_KEY_PASSWORD = os.environ.get('TSA_KEY_PASSWORD')
 
-orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=os.environ.get('PKCS12_PASSWORD', None))
+orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=None if os.environ.get('PKCS12_PASSWORD', None) is None else os.environ.get('PKCS12_PASSWORD').encode())
 
 parameters = pika.URLParameters(DSN)
 connection = pika.BlockingConnection(parameters)

ts-authority/README.md

@@ -152,7 +152,7 @@ openssl ts -verify -data /etc/hosts -in /tmp/response.tsr -CAfile ca/root-ca.pem
 ```
 
 
-# Préparation pour Vendée
+# Préparation à partir d'un certificat d'horodatage au format pkcs12
 
 ## Extraire les infos