feat: add personal setting to specify the CA chain for document signing

Document signing needs to store keys as richdocuments settings. This
involves the signing key, certificate and the matching CA chain.

As a first step, add code to the personal settings to be able to set a
CA chain that issues the signing key / certificate.

Setting and getting the setting is possible after this; the setting is
not yet exposed in the WOPI CheckFileInfo response.

<CollaboraOnline/online#9992 (comment)>
has instructions on how to generate self-signed certificates for
document signing for development purposes. Related to nextcloud#4123

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 20ca5fd)

css/admin.scss

@@ -27,6 +27,10 @@ input#zoteroAPIKeyField {
 	width: 300px;
 }
 
+textarea#documentSigningCaField {
+	width: 600px;
+}
+
 #richdocuments,
 #richdocuments-templates {
 	// inline buttons on section headers

lib/Controller/SettingsController.php

@@ -235,7 +235,8 @@ public function updateWatermarkSettings($settings = []): JSONResponse {
 	 * @return JSONResponse
 	 */
 	public function setPersonalSettings($templateFolder,
-		$zoteroAPIKeyInput) {
+		$zoteroAPIKeyInput,
+		$documentSigningCaInput) {
 		$message = $this->l10n->t('Saved');
 		$status = 'success';
 
@@ -256,6 +257,15 @@ public function setPersonalSettings($templateFolder,
 			}
 		}
 
+		if ($documentSigningCaInput !== null) {
+			try {
+				$this->config->setUserValue($this->userId, 'richdocuments', 'documentSigningCa', $documentSigningCaInput);
+			} catch (PreConditionNotMetException $e) {
+				$message = $this->l10n->t('Error when saving');
+				$status = 'error';
+			}
+		}
+
 		$response = [
 			'status' => $status,
 			'data' => ['message' => $message]

lib/Service/CapabilitiesService.php

@@ -85,6 +85,10 @@ public function hasWASMSupport(): bool {
 		return $this->getCapabilities()['hasWASMSupport'] ?? false;
 	}
 
+	public function hasDocumentSigningSupport(): bool {
+		return $this->getCapabilities()['hasDocumentSigningSupport'] ?? false;
+	}
+
 	public function hasFormFilling(): bool {
 		return $this->isVersionAtLeast('24.04.5.2');
 	}

lib/Settings/Personal.php

@@ -45,6 +45,8 @@ public function getForm() {
 			'personal',
 			[
 				'templateFolder' => $this->config->getUserValue($this->userId, 'richdocuments', 'templateFolder', ''),
+				'hasDocumentSigningSupport' => $this->capabilitiesService->hasDocumentSigningSupport(),
+				'documentSigningCa' => $this->config->getUserValue($this->userId, 'richdocuments', 'documentSigningCa', ''),
 				'hasZoteroSupport' => $this->capabilitiesService->hasZoteroSupport(),
 				'zoteroAPIKey' => $this->config->getUserValue($this->userId, 'richdocuments', 'zoteroAPIKey', '')
 			],

src/personal.js

@@ -17,6 +17,10 @@ import { showError } from '@nextcloud/dialogs'
 		this.zoteroAPIKeySaveButton = document.getElementById('zoteroAPIKeySave')
 		this.zoteroAPIKeyRemoveButton = document.getElementById('zoteroAPIKeyRemove')
 
+		this.documentSigningCaInput = document.getElementById('documentSigningCaField')
+		this.documentSigningCaSaveButton = document.getElementById('documentSigningCaSave')
+		this.documentSigningCaRemoveButton = document.getElementById('documentSigningCaRemove')
+
 		const self = this
 		this.templateSelectButton.addEventListener('click', function() {
 			OC.dialogs.filepicker(t('richdocuments', 'Select a personal template folder'), function(datapath, returntype) {
@@ -31,6 +35,12 @@ import { showError } from '@nextcloud/dialogs'
 		})
 
 		this.zoteroAPIKeyRemoveButton.addEventListener('click', this.resetZoteroAPI.bind(this))
+
+		this.documentSigningCaSaveButton.addEventListener('click', function() {
+			self.updateDocumentSigningCa(self.documentSigningCaInput.value)
+		})
+
+		this.documentSigningCaRemoveButton.addEventListener('click', this.resetDocumentSigningCa.bind(this))
 	}
 
 	PersonalSettings.prototype.updateSetting = function(path) {
@@ -69,6 +79,24 @@ import { showError } from '@nextcloud/dialogs'
 		})
 	}
 
+	PersonalSettings.prototype.updateDocumentSigningCa = function(ca) {
+		const self = this
+		this._updateSetting({ documentSigningCaInput: ca }, function() {
+			self.documentSigningCaInput.value = ca
+		}, function() {
+			showError(t('richdocuments', 'Failed to update the document signing CA chain'))
+		})
+	}
+
+	PersonalSettings.prototype.resetDocumentSigningCa = function() {
+		const self = this
+		this._updateSetting({ documentSigningCaInput: '' }, function() {
+			self.documentSigningCaInput.value = ''
+		}, function() {
+
+		})
+	}
+
 	PersonalSettings.prototype._updateSetting = function(data, successCallback, errorCallback) {
 		OC.msg.startAction('#documents-admin-msg', t('richdocuments', 'Saving …'))
 		const request = new XMLHttpRequest()

templates/personal.php

@@ -30,5 +30,18 @@
 	<?php } else { ?>
 		<p><em><?php p($l->t('This instance does not support Zotero, because the feature is missing or disabled. Please contact the administration.')); ?></em></p>
 	<?php } ?>
+	<p><strong><?php p($l->t('Document signing')) ?></strong></p>
+	<?php if ($_['hasDocumentSigningSupport']) { ?>
+		<div class="input-wrapper">
+			<p><label for="documentSigningCaField"><?php p($l->t('Enter document signing CA chain')); ?></label><br />
+				<textarea type="text" name="documentSigningCaField" id="documentSigningCaField"><?php p($_['documentSigningCa']); ?></textarea><br />
+				<button id="documentSigningCaSave"><span title="<?php p($l->t('Save document signing CA chain')); ?>" data-toggle="tooltip">Save</span></button>
+				<button id="documentSigningCaRemove"><span  class="icon-delete" title="<?php p($l->t('Remove document signing CA chain')); ?>" data-toggle="tooltip"></span></button>
+			</p>
+			<p><em><?php p($l->t('To use document signing, specify your signing certificate, key and CA chain here.')); ?></em></p>
+		</div>
+	<?php } else { ?>
+		<p><em><?php p($l->t('This instance does not support document signing, because the feature is missing or disabled. Please contact the administrator.')); ?></em></p>
+	<?php } ?>
 	</div>
 </div>