local.env.dist

@@ -5,6 +5,3 @@ TIMESTAMP_URL=http://freetsa.org/tsr
 QUEUE_IN=to_python_sign
 EXCHANGE_OUT=signed_docs
 OUT_ROUTING_KEY=signed_doc
-TSA_CONFIG_PATH=/home/julien/dev/chill/sign-pdf-worker/ts-authority/rootca.conf
-TSA_CERT_CHAIN=/home/julien/dev/chill/sign-pdf-worker/ts-authority/ca/tsa-chain.pem
-TSA_KEY_PASSWORD=5678

pythonProject/Dockerfile

@@ -5,10 +5,7 @@ FROM python:3.10-alpine
 WORKDIR /app
 
 # add required clis
-RUN apk add --no-cache openssl tzdata
+RUN apk add --no-cache openssl
-
-# set timezone
-RUN ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
 
 # Copy requirements.txt to the Docker container
 COPY requirements.txt .

pythonProject/sign.py

@@ -4,10 +4,11 @@ from typing import Optional
 
 from pyhanko import stamp
 from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
-from pyhanko.sign import signers, fields
+from pyhanko.sign import signers, timestamps, fields
+from pyhanko_certvalidator import ValidationContext
 from typing_extensions import Buffer
 
-from timestamp import LocalOpensslTimestamp
+from pythonProject.timestamp import LocalOpensslTimestamp
 
 
 class SignOrchestrator:

pythonProject/worker.py

@@ -12,7 +12,7 @@ logging.basicConfig(level=logging.INFO, format=LOG_FORMAT)
 LOGGER = logging.getLogger(__name__)
 LOGGER.setLevel(os.environ.get('LOG_LEVEL', logging.INFO))
 
-for v in ['AMQP_URL', 'PKCS12_PATH', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY', 'TSA_CONFIG_PATH', 'TSA_CERT_CHAIN', 'TSA_KEY_PASSWORD']:
+for v in ['AMQP_URL', 'PKCS12_PATH', 'TIMESTAMP_URL', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY']:
     if v not in os.environ:
         LOGGER.error('Missing environment variable: %s', v)
         raise ValueError('Missing environment variable: ' + v)
@@ -26,7 +26,7 @@ TSA_CONFIG_PATH = os.environ.get('TSA_CONFIG_PATH')
 TSA_CERT_CHAIN = os.environ.get('TSA_CERT_CHAIN')
 TSA_KEY_PASSWORD = os.environ.get('TSA_KEY_PASSWORD')
 
-orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=None if os.environ.get('PKCS12_PASSWORD', None) is None else os.environ.get('PKCS12_PASSWORD').encode())
+orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=os.environ.get('PKCS12_PASSWORD', None))
 
 parameters = pika.URLParameters(DSN)
 connection = pika.BlockingConnection(parameters)
@@ -76,7 +76,6 @@ def on_message(channel, method_frame, header_frame, body):
         else:
             LOGGER.warning(f"first try failed, signatureId: {body_content['signatureId']}")
             channel.basic_ack(delivery_tag=method_frame.delivery_tag)
-        raise e
 
 
 if __name__ == '__main__':

ts-authority/README.md

@@ -152,7 +152,7 @@ openssl ts -verify -data /etc/hosts -in /tmp/response.tsr -CAfile ca/root-ca.pem
 ```
 
 
-# Préparation à partir d'un certificat d'horodatage au format pkcs12
+# Préparation pour Vendée
 
 ## Extraire les infos