[ERROR] NC20 and sidebar --> How-To?

[aheider]

Dear all, I set up a nextcloud instance using docker with compose and letsencrypt SSL certificates (works since ages). It is running on NC20. I recently updated the NC app container with the dependencies according to the LibreSign app and I added a CFSSL container. I installed the LibreSign app from the app store (version 2.2.1) --> installed smoothly I added Email details in NC admin section --> test email got through without issues. I added CFSSL details in NC admin section as follows: --> root certificate was issued successfully and I could see it in the /cfssl folder

I created a new "abonnement" for a given email address as follows: --> created successfully

I tried to sign the Nextcloud Manual.pdf:

The result was this, which reads "document could not be signed":

In the logs I see the following errors: `[index] Error: Exception: Call to a member function loadKeys() on null at <>

0. /var/www/html/lib/private/AppFramework/App.php line 152 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
1. /var/www/html/lib/private/Route/Router.php line 309 OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
2. /var/www/html/lib/base.php line 1008 OC\Route\Router->match("/apps/libresign ... e")
3. /var/www/html/index.php line 37 OC::handleRequest() GET /apps/libresign/api/0.1/admin/certificate from MYIP by andreas at 2021-04-22T14:55:01+00:00

[PHP] Error: Error: Undefined property: OCA\Libresign\Controller\AdminController::$service at /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php#74 at <>

0. /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php line 74 OC\Log\ErrorHandler::onError(8, "Undefined prope ... e", "/var/www/html/c ... p", 74, [])
1. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 169 OCA\Libresign\Controller\AdminController->loadCertificate()
2. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 100 OC\AppFramework\Http\Dispatcher->executeController(OCA\Libresign\Co ... }}, "loadCertificate")
3. /var/www/html/lib/private/AppFramework/App.php line 152 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
4. /var/www/html/lib/private/Route/Router.php line 309 OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
5. /var/www/html/lib/base.php line 1008 OC\Route\Router->match("/apps/libresign ... e")
6. /var/www/html/index.php line 37 OC::handleRequest() GET /apps/libresign/api/0.1/admin/certificate from MYIP by andreas at 2021-04-22T14:55:01+00:00

[index] Error: Exception: Call to a member function loadKeys() on null at <>

0. /var/www/html/lib/private/AppFramework/App.php line 152 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
1. /var/www/html/lib/private/Route/Router.php line 309 OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
2. /var/www/html/lib/base.php line 1008 OC\Route\Router->match("/apps/libresign ... e")
3. /var/www/html/index.php line 37 OC::handleRequest() GET /apps/libresign/api/0.1/admin/certificate from MYIP by andreas at 2021-04-22T14:41:17+00:00

[PHP] Error: Error: Undefined property: OCA\Libresign\Controller\AdminController::$service at /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php#74 at <>

0. /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php line 74 OC\Log\ErrorHandler::onError(8, "Undefined prope ... e", "/var/www/html/c ... p", 74, [])
1. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 169 OCA\Libresign\Controller\AdminController->loadCertificate()
2. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 100 OC\AppFramework\Http\Dispatcher->executeController(OCA\Libresign\Co ... }}, "loadCertificate")
3. /var/www/html/lib/private/AppFramework/App.php line 152 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
4. /var/www/html/lib/private/Route/Router.php line 309 OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
5. /var/www/html/lib/base.php line 1008 OC\Route\Router->match("/apps/libresign ... e")
6. /var/www/html/index.php line 37 OC::handleRequest() GET /apps/libresign/api/0.1/admin/certificate from MYIP by andreas at 2021-04-22T14:41:17+00:00 `

What have I done wrong? Was this suppossed to happen? How can I fix this (on NC20 including use of the sidebar? If this is not possible, what is the alternative?

THank you so much!

[vitormattos]

Hi @aheider!

Grateful for the contact and I am very happy that you are testing LibreSign, it is an app that we believe can be very useful for thousands of people.

At the moment this option to sign as shown in your print is not working because it was a proof of concept that we did using jQuery, we need to rewrite this part of the application using VueJS #60 which is the framework adopted as standard in the newer versions of Nextcloud .

For now the start of the signature flow is only working well with requests for API as described in the documentation: https://libresign.github.io/libresign/Getting-started.html

There is also an identified problem described in this issue #170. The creation of the signature file as it is in the print you sent is also a proof of concept that in a future version will be removed and simplified with a screen listing all documents and their status #5.

To test, make a request as described in the link I sent above. Make the request for someone with an email that does not have an account on your Nextcloud instance. This person will receive an email asking them to sign the document.

[aheider]

Ok, thanks. I now tried the following:

curl -X POST \ http://MYNC.URL/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic BASE64OFUSER:PASS' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "url":"https://MYNC.URL/s/LnRqEjngG7BHsMT" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"my.email@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

But what I got was: `

301 Moved Permanently

---

nginx/1.17.6

`

I also tried https://MYNC.URL/s/LnRqEjngG7BHsMT/download for a direct download link, which gives the same error. And I tried for the webhook http://MYNC.URL/index.php/apps/libresign/api/v1.0/webhook/register as this was indicated in the first paragraph of the Guide.

So could it be that the webhook URL is the wrong one? I guess the authentication works, because the response does not seem so. Do we need a direkt URL to a PDF file (like with the "/download")? The callback URL is optional and it would work without this, right?

A minimum working example that gets me to sign a sample doc would be really great. But I think I will get there if I get 2 more hints or so B-)

[vitormattos]

I have not yet identified the exact reason but in some cases when the HTTP protocol of the PDF URL is HTTPS, it returns 302 and does not download the PDF. You can use either the url or base64 of the file when making the request to the API.

If you are not going to use any callback webhook you can remove this parameter from json.

[aheider]

Ok, funny thing: When I just set "https" as protocol, I don't get an error message back but I also don't get back ANYTHING. Not too bad but I also don't get an email.

Any additional tipps? What to try next?

[vitormattos]

I made some recent adjustments that are in the main branch and maybe they will solve with what you reported in the last message, I will generate a new release.

[vitormattos]

There, I just published a new release. Update and see if the request works.

[aheider]

Ok. I got further now!

FIrst, I tried this POST: curl -X POST \ https://mync.url/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic base64ofuser:pass' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "url":"https://mync.url/s/LnRqEjngG7BHsMT/download" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"myemail@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

--> message: invalid PDF

I searched for a really small PDF in base64 encoding and tried: curl -X POST \ https://mync.url/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic base64ofuser:pass' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "base64":"JVBERi0xLjcKCjEgMCBvYmogICUgZW50cnkgcG9pbnQKPDwKICAvVHlwZSAvQ2F0YWxvZwogIC9QYWdlcyAyIDAgUgo+PgplbmRvYmoKCjIgMCBvYmoKPDwKICAvVHlwZSAvUGFnZXMKICAvTWVkaWFCb3ggWyAwIDAgMjAwIDIwMCBdCiAgL0NvdW50IDEKICAvS2lkcyBbIDMgMCBSIF0KPj4KZW5kb2JqCgozIDAgb2JqCjw8CiAgL1R5cGUgL1BhZ2UKICAvUGFyZW50IDIgMCBSCiAgL1Jlc291cmNlcyA8PAogICAgL0ZvbnQgPDwKICAgICAgL0YxIDQgMCBSIAogICAgPj4KICA+PgogIC9Db250ZW50cyA1IDAgUgo+PgplbmRvYmoKCjQgMCBvYmoKPDwKICAvVHlwZSAvRm9udAogIC9TdWJ0eXBlIC9UeXBlMQogIC9CYXNlRm9udCAvVGltZXMtUm9tYW4KPj4KZW5kb2JqCgo1IDAgb2JqICAlIHBhZ2UgY29udGVudAo8PAogIC9MZW5ndGggNDQKPj4Kc3RyZWFtCkJUCjcwIDUwIFRECi9GMSAxMiBUZgooSGVsbG8sIHdvcmxkISkgVGoKRVQKZW5kc3RyZWFtCmVuZG9iagoKeHJlZgowIDYKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDEwIDAwMDAwIG4gCjAwMDAwMDAwNzkgMDAwMDAgbiAKMDAwMDAwMDE3MyAwMDAwMCBuIAowMDAwMDAwMzAxIDAwMDAwIG4gCjAwMDAwMDAzODAgMDAwMDAgbiAKdHJhaWxlcgo8PAogIC9TaXplIDYKICAvUm9vdCAxIDAgUgo+PgpzdGFydHhyZWYKNDkyCiUlRU9G" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"mymail@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

--> {"message":"Erfolgreich","data":{"uuid":"c54338bf-86d3-4318-9555-0b141ea89f9d"}} --> I got an email! --> I clicked on the link --> I got to the sign page --> I wrote the signature password --> I got "Signature FIle Not Found"

By what means does LibreSign find the right signature file (and in there the password or a hash) in my Nextcloud instance? What I did was use the NC app from within NC to create a "pfx" file in the folder /files/signatures/My Name.pfx What could have gone wrong now? NC did not throw any errors at all.

What I also learned was:

• you must set "https" explicitely, otherwise it won't work at least if you are using SSL
• you must set the "name" field, otherwise it gives an error

[aheider]

when I use an email address that is not one of the NC users, and I have it previously registered, I get: `404 Dies ist nicht deine Datei

Es tut uns leid, aber die Seite, nach der du suchst, existiert nicht, wurde entfernt, verschoben oder ist vorübergehend nicht verfügbar.`

--> "404 This is not your file..."

Questions:

• is it required that the signing email user is preregistered using the within NC LibreSign Register app?
• if so, what to do if several "pfx" files with the same email address have been registered? Can I simply delete the "pfx" files and they are gone? Can I "erase" parts of the database or so?
• if preregistering from within NC LibreSign app is NOT NECCESSARY, what is the process to register?
• how can I overcome the "This is not your file" situation?

I think I am almost there! But I still need some help...

Thank you so much.

[aheider]

So...

I figured out that you need to logout from any open NC connections in your browser, otherwise, this won#t work and NC/LibreSign thinks you are the already logged in person!

I tried with an up to now untouched email address in the POST ---> I got the email --> clicked the link --> got the "REGISTER NEW USER" page, which is the first time ---> inserted details ---> clicked the button (with spanish text) --> This is not your file

I tried a new POST request with an email address which has been preregistered in NC/LibreSign --> logged out --> got the mail --> clicked the link --> register account page --> entered details --> clicked the button (spanish text) --> internal server error, contact admin --> error in the log of NC: {"reqId":"6xQNtFUsSuoJb4fLHZH5","level":3,"time":"2021-04-23T08:57:09+00:00","remoteAddr":"myip","user":"mymail@mailserver.org","app":"libresign","method":"POST","url":"/apps/libresign/api/0.1/sign/614ae278-8d67-46af-b20a-cfc6549bfec6","message":"Java not installed, set the flag \"isUseJavaInstalled\" as false or install java.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.7.1","id":"60828c03ede37"}

Of course Java is installed. I verified this in the NC app docker container --> its not there, seems dockerfile did not work as expected --> got exec in the container --> mkdir -p /usr/share/man/man1 /usr/share/man/man2 --> apt update; apt install default-jre --> succeeded --> java -v --> gives correct version

Redone all the LibreSign steps from sending the POST onwards --> error "eror to sign pdf []" {"reqId":"xuo6ATpNmVLAe79uIgWY","level":3,"time":"2021-04-23T09:20:30+00:00","remoteAddr":"myip","user":"mymail@mailser.org","app":"libresign","method":"POST","url":"/apps/libresign/api/0.1/sign/de97af5b-ba22-46ca-9b71-cd9545117a03","message":"Error to sign PDF. []","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.7.1","id":"6082917444edf"}

So I still miss some magic bits ;-)

Please give my a hand here...

Thank you so much!

[aheider]

Ok. Somehow jsignpdf WAS NOT INSTALLED CORRECTLY via the dockerfile, when running the commands by hand all worked well!

Redone all steps from POST request onwards --> something godd happened!

In the account of the signer nothing special happened.

However in the NC account of the person whose credentials were used to send the POST request there is a new folder "LibreSign" that had a new folder for each signing operation. I searched for the last one as that was the working one. In there I found 2 PDF files: original one and one which had "_unterschrieben" (= "_signed") in its name. I opened it and it has a line "Digital Unterschrieben mit LibreSign" (= "digitally singed with LibreSign") in. I downloaded it and opened it in Adobe Reader (NOT PRO). Here is what I found:

Not all too bad! There is a signature on it, but Adobe Reader cannot read the details and thus cannot verify it. I guess also it has no access to the rott certificate (of course).

Can I get Adobe Reader to validate the signature against a root certificate or something? Can I get Adobe Reader to list the signer name, email and maybe other details? TImestamp, IP, eg?

Thank you so much!

[RenataAmoedo]

Hi there! How are you coming along with LibreSign? Is this issue solved or there's anything else we can help?

We're glad to see you sharing your experiencies with LibreSign! Do you know your page at Patreon (https://www.patreon.com/librecode)? Over there you can learn more about the project and contribute opening and solving new issues. Feel free to be part of it and contribute as you can!

[fishfree]

@aheider Hi, aheider. Would you pls share how you start the cfssl container service and connect it from Nextcloud? Mine is as below, but I don't know how to do next for no detailed documentation. BTW: I have bought a cert, how to import it into cfssl server?