9 changed files with 25 additions and 37 deletions
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@ -3,5 +3,5 @@
  <component name="Black">
    <option name="sdkName" value="Python 3.10 (pythonProject)" />
  </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10 virtualenv at ~/dev/chill/sign-pdf-worker/pythonProject/.venv" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.10 (pythonProject)" project-jdk-type="Python SDK" />
 </project>
--- a/.idea/sign-pdf-worker.iml
+++ b/.idea/sign-pdf-worker.iml
@ -4,7 +4,7 @@
    <content url="file://$MODULE_DIR$">
      <excludeFolder url="file://$MODULE_DIR$/pythonProject/.venv" />
    </content>
-    <orderEntry type="jdk" jdkName="Python 3.10 virtualenv at ~/dev/chill/sign-pdf-worker/pythonProject/.venv" jdkType="Python SDK" />
+    <orderEntry type="inheritedJdk" />
    <orderEntry type="sourceFolder" forTests="false" />
  </component>
 </module>
--- a/local.env.dist
+++ b/local.env.dist
@ -5,6 +5,3 @@ TIMESTAMP_URL=http://freetsa.org/tsr
 QUEUE_IN=to_python_sign
 EXCHANGE_OUT=signed_docs
 OUT_ROUTING_KEY=signed_doc
-TSA_CONFIG_PATH=/home/julien/dev/chill/sign-pdf-worker/ts-authority/rootca.conf
-TSA_CERT_CHAIN=/home/julien/dev/chill/sign-pdf-worker/ts-authority/ca/tsa-chain.pem
-TSA_KEY_PASSWORD=5678
--- a/pythonProject/Dockerfile
+++ b/pythonProject/Dockerfile
@ -5,10 +5,7 @@ FROM python:3.10-alpine
 WORKDIR /app

 # add required clis
-RUN apk add --no-cache openssl tzdata
-
-# set timezone
-RUN ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
+RUN apk add --no-cache openssl

 # Copy requirements.txt to the Docker container
 COPY requirements.txt .
--- a/pythonProject/requirements.txt
+++ b/pythonProject/requirements.txt
@ -1,22 +1,20 @@
 asn1crypto==1.5.1
-certifi==2025.4.26
-cffi==1.17.1
-charset-normalizer==3.4.2
-click==8.2.1
-cryptography==45.0.3
-idna==3.10
-lxml==5.4.0
+certifi==2024.6.2
+cffi==1.16.0
+charset-normalizer==3.3.2
+click==8.1.7
+cryptography==42.0.8
+idna==3.7
 oscrypto==1.3.0
 pika==1.3.2
-pika-stubs==0.1.3
 pycparser==2.22
-pyHanko==0.29.0
-pyhanko-certvalidator==0.27.0
+pyHanko==0.25.0
+pyhanko-certvalidator==0.26.3
 pypng==0.20220715.0
-PyYAML==6.0.2
-qrcode==8.2
+PyYAML==6.0.1
+qrcode==7.4.2
 requests==2.32.3
-typing_extensions==4.14.0
-tzlocal==5.3.1
-uritools==5.0.0
-urllib3==2.4.0
+typing_extensions==4.12.2
+tzlocal==5.2
+uritools==4.0.3
+urllib3==2.2.2
--- a/pythonProject/sign.py
+++ b/pythonProject/sign.py
@ -4,10 +4,11 @@ from typing import Optional

 from pyhanko import stamp
 from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
-from pyhanko.sign import signers, fields
+from pyhanko.sign import signers, timestamps, fields
+from pyhanko_certvalidator import ValidationContext
 from typing_extensions import Buffer

-from timestamp import LocalOpensslTimestamp
+from pythonProject.timestamp import LocalOpensslTimestamp


 class SignOrchestrator:
--- a/pythonProject/sign_individual.py
+++ b/pythonProject/sign_individual.py
@ -13,13 +13,9 @@ orchestrator = SignOrchestrator('./assets/dummy.p12',
                                pkcs12_password=None)

 with open('./assets/test.pdf', 'rb') as input:
-    signed_content = orchestrator.sign(reason="first\nsigner\nreturn\ntext", signature_index=None,
+    signed_content = orchestrator.sign(reason="first signer", signature_index=None,
                                       input_content=input.read(), box_place=(300, 600, 500, 660), on_page=0,
-                                       signer_text="""Mme Caroline Diallo
-with
-return
-text
-""")
+                                       signer_text="Mme Caroline Diallo")

    with open('./assets/test_signed_0.pdf', 'wb') as output:
        output.write(signed_content.read())
--- a/pythonProject/worker.py
+++ b/pythonProject/worker.py
@ -12,7 +12,7 @@ logging.basicConfig(level=logging.INFO, format=LOG_FORMAT)
 LOGGER = logging.getLogger(__name__)
 LOGGER.setLevel(os.environ.get('LOG_LEVEL', logging.INFO))

-for v in ['AMQP_URL', 'PKCS12_PATH', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY', 'TSA_CONFIG_PATH', 'TSA_CERT_CHAIN', 'TSA_KEY_PASSWORD']:
+for v in ['AMQP_URL', 'PKCS12_PATH', 'TIMESTAMP_URL', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY']:
    if v not in os.environ:
        LOGGER.error('Missing environment variable: %s', v)
        raise ValueError('Missing environment variable: ' + v)
@ -26,7 +26,7 @@ TSA_CONFIG_PATH = os.environ.get('TSA_CONFIG_PATH')
 TSA_CERT_CHAIN = os.environ.get('TSA_CERT_CHAIN')
 TSA_KEY_PASSWORD = os.environ.get('TSA_KEY_PASSWORD')

-orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=None if os.environ.get('PKCS12_PASSWORD', None) is None else os.environ.get('PKCS12_PASSWORD').encode())
+orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=os.environ.get('PKCS12_PASSWORD', None))

 parameters = pika.URLParameters(DSN)
 connection = pika.BlockingConnection(parameters)
@ -76,7 +76,6 @@ def on_message(channel, method_frame, header_frame, body):
        else:
            LOGGER.warning(f"first try failed, signatureId: {body_content['signatureId']}")
            channel.basic_ack(delivery_tag=method_frame.delivery_tag)
-        raise e


 if __name__ == '__main__':
--- a/ts-authority/README.md
+++ b/ts-authority/README.md
@ -152,7 +152,7 @@ openssl ts -verify -data /etc/hosts -in /tmp/response.tsr -CAfile ca/root-ca.pem
 ```


-# Préparation à partir d'un certificat d'horodatage au format pkcs12
+# Préparation pour Vendée

 ## Extraire les infos