Fix environment password encoding in SignOrchestrator init

Previously, the `PKCS12_PASSWORD` environment variable was used directly, which could lead to issues when it was not set. This change ensures the password is properly encoded when provided and defaults to `None` if not set.
Update README section title for clarity
2024-10-22 16:37:49 +02:00 · 2024-10-22 16:37:31 +02:00 · 2024-10-22 12:07:08 +02:00 · 2024-10-21 18:53:52 +02:00 · 2024-10-21 18:28:20 +02:00 · 2024-10-16 07:13:38 +00:00
4 changed files with 9 additions and 6 deletions
--- a/local.env.dist
+++ b/local.env.dist
@@ -5,3 +5,6 @@ TIMESTAMP_URL=http://freetsa.org/tsr
 QUEUE_IN=to_python_sign
 EXCHANGE_OUT=signed_docs
 OUT_ROUTING_KEY=signed_doc
+TSA_CONFIG_PATH=/home/julien/dev/chill/sign-pdf-worker/ts-authority/rootca.conf
+TSA_CERT_CHAIN=/home/julien/dev/chill/sign-pdf-worker/ts-authority/ca/tsa-chain.pem
+TSA_KEY_PASSWORD=5678
--- a/pythonProject/sign.py
+++ b/pythonProject/sign.py
@@ -4,11 +4,10 @@ from typing import Optional

 from pyhanko import stamp
 from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
-from pyhanko.sign import signers, timestamps, fields
-from pyhanko_certvalidator import ValidationContext
+from pyhanko.sign import signers, fields
 from typing_extensions import Buffer

-from pythonProject.timestamp import LocalOpensslTimestamp
+from timestamp import LocalOpensslTimestamp


 class SignOrchestrator:
--- a/pythonProject/worker.py
+++ b/pythonProject/worker.py
@@ -12,7 +12,7 @@ logging.basicConfig(level=logging.INFO, format=LOG_FORMAT)
 LOGGER = logging.getLogger(__name__)
 LOGGER.setLevel(os.environ.get('LOG_LEVEL', logging.INFO))

-for v in ['AMQP_URL', 'PKCS12_PATH', 'TIMESTAMP_URL', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY']:
+for v in ['AMQP_URL', 'PKCS12_PATH', 'QUEUE_IN', 'EXCHANGE_OUT', 'OUT_ROUTING_KEY', 'TSA_CONFIG_PATH', 'TSA_CERT_CHAIN', 'TSA_KEY_PASSWORD']:
    if v not in os.environ:
        LOGGER.error('Missing environment variable: %s', v)
        raise ValueError('Missing environment variable: ' + v)
@@ -26,7 +26,7 @@ TSA_CONFIG_PATH = os.environ.get('TSA_CONFIG_PATH')
 TSA_CERT_CHAIN = os.environ.get('TSA_CERT_CHAIN')
 TSA_KEY_PASSWORD = os.environ.get('TSA_KEY_PASSWORD')

-orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=os.environ.get('PKCS12_PASSWORD', None))
+orchestrator = sign.SignOrchestrator(PKCS12_PATH, TSA_CONFIG_PATH, TSA_KEY_PASSWORD, TSA_CERT_CHAIN, pkcs12_password=None if os.environ.get('PKCS12_PASSWORD', None) is None else os.environ.get('PKCS12_PASSWORD').encode())

 parameters = pika.URLParameters(DSN)
 connection = pika.BlockingConnection(parameters)
@@ -76,6 +76,7 @@ def on_message(channel, method_frame, header_frame, body):
        else:
            LOGGER.warning(f"first try failed, signatureId: {body_content['signatureId']}")
            channel.basic_ack(delivery_tag=method_frame.delivery_tag)
+        raise e


 if __name__ == '__main__':
--- a/ts-authority/README.md
+++ b/ts-authority/README.md
@@ -152,7 +152,7 @@ openssl ts -verify -data /etc/hosts -in /tmp/response.tsr -CAfile ca/root-ca.pem
 ```


-# Préparation pour Vendée
+# Préparation à partir d'un certificat d'horodatage au format pkcs12

 ## Extraire les infos
Author	SHA1	Message	Date
Julien Fastré	0e7d01f0fd	Fix environment password encoding in SignOrchestrator init All checks were successful Build image and push it to registry / build (push) Successful in 6m47s Details Previously, the `PKCS12_PASSWORD` environment variable was used directly, which could lead to issues when it was not set. This change ensures the password is properly encoded when provided and defaults to `None` if not set.	2024-10-22 16:37:49 +02:00
Julien Fastré	39b9f7455c	Update README section title for clarity Changed the title "Préparation pour Vendée" to "Préparation à partir d'un certificat d'horodatage au format pkcs12" for better clarity and specificity. This update helps users understand the section's purpose more easily.	2024-10-22 16:37:31 +02:00
Julien Fastré	97a2385167	Remove redundant 'TIMESTAMP_URL' environment variable check All checks were successful Build image and push it to registry / build (push) Successful in 1m27s Details The 'TIMESTAMP_URL' environment variable check was removed from the worker script as it is no longer required. This simplifies the code by eliminating unnecessary validation.	2024-10-22 12:07:08 +02:00
Julien Fastré	77aaf97d7b	Add new TSA configuration environment variables All checks were successful Build image and push it to registry / build (push) Successful in 1m1s Details Included 'TSA_CONFIG_PATH', 'TSA_CERT_CHAIN', and 'TSA_KEY_PASSWORD' to the environment variable check in worker.py. This ensures the script validates these new required configurations before proceeding. Added an exception raise in the error handling block for better error management.	2024-10-21 18:53:52 +02:00
Julien Fastré	dd8c30787a	fix imports All checks were successful Build image and push it to registry / build (push) Successful in 1m48s Details	2024-10-21 18:28:20 +02:00
Julien Fastré	8c5950b37f	Merge pull request 'Allow the signature_index to be None' (#3 ) from test-ts-sign into main All checks were successful Build image and push it to registry / build (push) Successful in 1m40s Details Reviewed-on: #3	2024-10-16 07:13:38 +00:00
Julien Fastré	df2a8d554f	Merge pull request 'Create a dedicated timestamper which use the openssl cli and custom certificates' (#2 ) from test-ts-sign into main All checks were successful Build image and push it to registry / build (push) Successful in 1m42s Details Reviewed-on: #2	2024-10-11 14:19:51 +00:00