forked from vgoma/crypto-pro
-
Notifications
You must be signed in to change notification settings - Fork 0
/
createDetachedSignature.ts
107 lines (89 loc) · 4.5 KB
/
createDetachedSignature.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import {CADESCOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME} from '../constants';
import {_afterPluginsLoaded} from '../helpers/_afterPluginsLoaded';
import {_extractMeaningfulErrorMessage} from '../helpers/_extractMeaningfulErrorMessage';
import {__cadesAsyncToken__, __createCadesPluginObject__, _generateCadesFn} from '../helpers/_generateCadesFn';
import {_getCadesCert} from '../helpers/_getCadesCert';
import {_getDateObj} from '../helpers/_getDateObj';
interface Attributes {
commentAttr: any;
usageAttr: any;
}
/**
* Создает отсоединенную подпись хеша по отпечатку сертификата
*
* @param thumbprint - отпечаток сертификата
* @param messageHash - хеш подписываемого сообщения, сгенерированный по ГОСТ Р 34.11-2012 256 бит
* @param attributes = { commentAttr - примечание, usageAttr - тип подписи } - атрибуты подписи
* @returns подпись в формате PKCS#7
*/
export const createDetachedSignature = _afterPluginsLoaded(
async (thumbprint: string, messageHash: string, attributes?: Attributes): Promise<string> => {
const {cadesplugin} = window;
const cadesCertificate = await _getCadesCert(thumbprint);
return eval(
_generateCadesFn(function createDetachedSignature(): string {
let cadesAttrs;
let cadesHashedData;
let cadesSignedData;
let cadesSigner;
try {
cadesAttrs = __cadesAsyncToken__ + __createCadesPluginObject__('CADESCOM.CPAttribute');
cadesHashedData = __cadesAsyncToken__ + __createCadesPluginObject__('CAdESCOM.HashedData');
cadesSignedData = __cadesAsyncToken__ + __createCadesPluginObject__('CAdESCOM.CadesSignedData');
cadesSigner = __cadesAsyncToken__ + __createCadesPluginObject__('CAdESCOM.CPSigner');
} catch (error) {
console.error(error);
throw new Error(_extractMeaningfulErrorMessage(error) || 'Ошибка при инициализации подписи');
}
const currentTime = _getDateObj(new Date());
try {
void (__cadesAsyncToken__ + cadesAttrs.propset_Name(CADESCOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME));
void (__cadesAsyncToken__ + cadesAttrs.propset_Value(currentTime));
// Set commentAttr
if (attributes.commentAttr) {
void (__cadesAsyncToken__ + cadesAttrs.propset_Name('1.2.643.2.45.1.1.1'));
void (__cadesAsyncToken__ + cadesAttrs.propset_Value(attributes.commentAttr));
}
// Set usageAttr
if (attributes.usageAttr) {
void (__cadesAsyncToken__ + cadesAttrs.propset_Name('1.2.643.2.45.1.1.3'));
void (__cadesAsyncToken__ + cadesAttrs.propset_Value(attributes.usageAttr));
}
} catch (error) {
console.error(error);
throw new Error(_extractMeaningfulErrorMessage(error) || 'Ошибка при установке времени подписи');
}
let cadesAuthAttrs;
try {
void (__cadesAsyncToken__ + cadesSigner.propset_Certificate(cadesCertificate));
cadesAuthAttrs = __cadesAsyncToken__ + cadesSigner.AuthenticatedAttributes2;
void (__cadesAsyncToken__ + cadesAuthAttrs.Add(cadesAttrs));
void (__cadesAsyncToken__ + cadesSigner.propset_Options(cadesplugin.CAPICOM_CERTIFICATE_INCLUDE_WHOLE_CHAIN));
} catch (error) {
console.error(error);
throw new Error(_extractMeaningfulErrorMessage(error) || 'Ошибка при установке сертификата');
}
try {
void (
__cadesAsyncToken__ +
cadesHashedData.propset_Algorithm(cadesplugin.CADESCOM_HASH_ALGORITHM_CP_GOST_3411_2012_256)
);
void (__cadesAsyncToken__ + cadesHashedData.SetHashValue(messageHash));
} catch (error) {
console.error(error);
throw new Error(_extractMeaningfulErrorMessage(error) || 'Ошибка при установке хеша');
}
let signature: string;
try {
signature =
__cadesAsyncToken__ +
cadesSignedData.SignHash(cadesHashedData, cadesSigner, cadesplugin.CADESCOM_PKCS7_TYPE);
} catch (error) {
console.error(error);
throw new Error(_extractMeaningfulErrorMessage(error) || 'Ошибка при подписании данных');
}
return signature;
}),
);
},
);