feat(security): add RFC 3161 PDF timestamp tool (#5855)

Co-authored-by: Anthony Stirling <[email protected]>
This commit is contained in:
InstaZDLL
2026-03-24 17:00:33 +00:00
committed by GitHub
co-authored by Anthony Stirling
parent 7b3985e34a
commit 8bbfbd63d7
17 changed files with 1068 additions and 1 deletions
@@ -356,6 +356,7 @@ public class EndpointConfiguration {
addEndpointToGroup("Security", "cert-sign");
addEndpointToGroup("Security", "remove-cert-sign");
addEndpointToGroup("Security", "sanitize-pdf");
addEndpointToGroup("Security", "timestamp-pdf");
addEndpointToGroup("Security", "auto-redact");
addEndpointToGroup("Security", "validate-signature");
addEndpointToGroup("Security", "add-stamp");
@@ -472,6 +473,7 @@ public class EndpointConfiguration {
addEndpointToGroup("Java", "auto-rename");
addEndpointToGroup("Java", "auto-split-pdf");
addEndpointToGroup("Java", "sanitize-pdf");
addEndpointToGroup("Java", "timestamp-pdf");
addEndpointToGroup("Java", "crop");
addEndpointToGroup("Java", "get-info-on-pdf");
addEndpointToGroup("Java", "pdf-to-single-page");
@@ -251,6 +251,7 @@ public class ApplicationProperties {
private String customGlobalAPIKey;
private Jwt jwt = new Jwt();
private Validation validation = new Validation();
private Timestamp timestamp = new Timestamp();
private String xFrameOptions = "DENY";
public Boolean isAltLogin() {
@@ -569,6 +570,12 @@ public class ApplicationProperties {
private boolean hardFail = false;
}
}
@Data
public static class Timestamp {
private String defaultTsaUrl = "http://timestamp.digicert.com";
private List<String> customTsaUrls = new ArrayList<>();
}
}
@Data
@@ -17,6 +17,7 @@ import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.config.EndpointConfiguration;
import stirling.software.SPDF.config.EndpointConfiguration.EndpointAvailability;
import stirling.software.SPDF.config.InitialSetup;
import stirling.software.SPDF.controller.api.security.TimestampController;
import stirling.software.common.annotations.api.ConfigApi;
import stirling.software.common.configuration.AppConfig;
import stirling.software.common.model.ApplicationProperties;
@@ -245,6 +246,13 @@ public class ConfigController {
// Premium/Enterprise settings
configData.put("premiumEnabled", applicationProperties.getPremium().isEnabled());
// Timestamp TSA settings — single source of truth for presets + admin URLs
ApplicationProperties.Security.Timestamp tsConfig =
applicationProperties.getSecurity().getTimestamp();
configData.put("timestampDefaultTsaUrl", tsConfig.getDefaultTsaUrl());
configData.put("timestampCustomTsaUrls", tsConfig.getCustomTsaUrls());
configData.put("timestampTsaPresets", TimestampController.TSA_PRESETS);
// Server certificate settings
configData.put(
"serverCertificateEnabled",
@@ -0,0 +1,264 @@
package stirling.software.SPDF.controller.api.security;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Calendar;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampToken;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.multipart.MultipartFile;
import io.swagger.v3.oas.annotations.Operation;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.SPDF.config.swagger.StandardPdfResponse;
import stirling.software.SPDF.model.api.security.TimestampPdfRequest;
import stirling.software.common.annotations.AutoJobPostMapping;
import stirling.software.common.annotations.api.SecurityApi;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.GeneralUtils;
import stirling.software.common.util.WebResponseUtils;
@Slf4j
@SecurityApi
@RequiredArgsConstructor
public class TimestampController {
static {
Security.addProvider(new BouncyCastleProvider());
}
/** Built-in TSA presets with labels — single source of truth for backend + frontend. */
public static final List<Map<String, String>> TSA_PRESETS =
List.of(
Map.of("label", "DigiCert", "url", "http://timestamp.digicert.com"),
Map.of("label", "Sectigo", "url", "http://timestamp.sectigo.com"),
Map.of("label", "SSL.com", "url", "http://ts.ssl.com"),
Map.of("label", "FreeTSA", "url", "https://freetsa.org/tsr"),
Map.of("label", "MeSign", "url", "http://tsa.mesign.com"));
private static final Set<String> ALLOWED_TSA_PRESET_URLS =
TSA_PRESETS.stream().map(p -> p.get("url")).collect(Collectors.toUnmodifiableSet());
private static final int MAX_TSA_RESPONSE_SIZE = 1024 * 1024; // 1 MB
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
private final CustomPDFDocumentFactory pdfDocumentFactory;
private final ApplicationProperties applicationProperties;
@AutoJobPostMapping(consumes = MediaType.MULTIPART_FORM_DATA_VALUE, value = "/timestamp-pdf")
@StandardPdfResponse
@Operation(
summary = "Add RFC 3161 document timestamp to a PDF",
description =
"Contacts a trusted Time Stamp Authority (TSA) server and embeds an RFC 3161"
+ " document timestamp into the PDF. Only a SHA-256 hash of the"
+ " document is sent to the TSA — the PDF itself never leaves the"
+ " server. Input:PDF Output:PDF Type:SISO")
public ResponseEntity<byte[]> timestampPdf(@ModelAttribute TimestampPdfRequest request)
throws Exception {
MultipartFile inputFile = request.getFileInput();
ApplicationProperties.Security.Timestamp tsConfig =
applicationProperties.getSecurity().getTimestamp();
// Determine effective TSA URL: use request value if provided, otherwise config default
String tsaUrl =
(request.getTsaUrl() != null && !request.getTsaUrl().isBlank())
? request.getTsaUrl()
: tsConfig.getDefaultTsaUrl();
// Build allowed set: built-in presets + admin-configured custom URLs
// Filter null/blank entries and validate protocol (TASK-6)
Set<String> allowedUrls = new HashSet<>(ALLOWED_TSA_PRESET_URLS);
if (tsConfig.getDefaultTsaUrl() != null
&& !tsConfig.getDefaultTsaUrl().isBlank()
&& isValidTsaUrlProtocol(tsConfig.getDefaultTsaUrl())) {
allowedUrls.add(tsConfig.getDefaultTsaUrl());
}
List<String> customUrls = tsConfig.getCustomTsaUrls();
if (customUrls != null) {
customUrls.stream()
.filter(u -> u != null && !u.isBlank() && isValidTsaUrlProtocol(u))
.forEach(allowedUrls::add);
}
// Normalize for case-insensitive comparison (TASK-12)
Set<String> normalizedAllowed =
allowedUrls.stream()
.map(TimestampController::normalizeTsaUrl)
.collect(Collectors.toSet());
// Validate TSA URL against allowed set to prevent SSRF
if (!normalizedAllowed.contains(normalizeTsaUrl(tsaUrl))) {
throw new IllegalArgumentException(
"TSA URL is not in the allowed list. Contact your administrator to add it"
+ " via settings.yml (security.timestamp.customTsaUrls).");
}
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
try (PDDocument document = pdfDocumentFactory.load(inputFile)) {
PDSignature signature = new PDSignature();
signature.setType(COSName.DOC_TIME_STAMP);
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(COSName.getPDFName("ETSI.RFC3161"));
signature.setSignDate(Calendar.getInstance());
document.addSignature(signature, content -> requestTimestampToken(content, tsaUrl));
document.saveIncremental(outputStream);
}
return WebResponseUtils.bytesToWebResponse(
outputStream.toByteArray(),
GeneralUtils.generateFilename(inputFile.getOriginalFilename(), "_timestamped.pdf"));
}
private byte[] requestTimestampToken(InputStream content, String tsaUrl) throws IOException {
HttpURLConnection connection = null;
try {
// Hash the PDF content byte range with SHA-256
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] buffer = new byte[8192];
int read;
while ((read = content.read(buffer)) != -1) {
digest.update(buffer, 0, read);
}
byte[] hash = digest.digest();
// Build the RFC 3161 timestamp request
TimeStampRequestGenerator generator = new TimeStampRequestGenerator();
generator.setCertReq(true);
BigInteger nonce = BigInteger.valueOf(SECURE_RANDOM.nextLong() & Long.MAX_VALUE);
ASN1ObjectIdentifier digestAlgorithm = NISTObjectIdentifiers.id_sha256;
TimeStampRequest tsaRequest = generator.generate(digestAlgorithm, hash, nonce);
byte[] requestBytes = tsaRequest.getEncoded();
// Contact the TSA server (redirects disabled to prevent SSRF via redirect)
connection = (HttpURLConnection) URI.create(tsaUrl).toURL().openConnection();
connection.setInstanceFollowRedirects(false);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/timestamp-query");
connection.setRequestProperty("Content-Length", String.valueOf(requestBytes.length));
connection.setConnectTimeout(30_000);
connection.setReadTimeout(30_000);
try (OutputStream out = connection.getOutputStream()) {
out.write(requestBytes);
}
int responseCode = connection.getResponseCode();
if (responseCode != HttpURLConnection.HTTP_OK) {
// Read error stream for debugging (TASK-5)
String errorBody = readErrorStream(connection);
throw new IOException(
"TSA server returned HTTP "
+ responseCode
+ " for URL: "
+ tsaUrl
+ (errorBody.isEmpty() ? "" : "" + errorBody));
}
// Read response with size limit to prevent OOM (TASK-4)
byte[] responseBytes;
try (InputStream in = connection.getInputStream()) {
responseBytes = in.readNBytes(MAX_TSA_RESPONSE_SIZE);
if (in.read() != -1) {
throw new IOException(
"TSA response exceeds maximum allowed size of "
+ MAX_TSA_RESPONSE_SIZE
+ " bytes");
}
}
// Parse and validate the TSA response
TimeStampResponse tsaResponse = new TimeStampResponse(responseBytes);
tsaResponse.validate(tsaRequest);
TimeStampToken token = tsaResponse.getTimeStampToken();
if (token == null) {
throw new IOException(
"TSA server did not return a timestamp token. Status: "
+ tsaResponse.getStatus());
}
log.info(
"RFC 3161 timestamp obtained from {} at {}",
tsaUrl,
token.getTimeStampInfo().getGenTime());
return token.getEncoded();
} catch (IOException e) {
throw e;
} catch (Exception e) {
throw new IOException(
"Failed to obtain RFC 3161 timestamp from " + tsaUrl + ": " + e.getMessage(),
e);
} finally {
// Always disconnect to release the underlying socket (TASK-1)
if (connection != null) {
connection.disconnect();
}
}
}
private static boolean isValidTsaUrlProtocol(String url) {
String lower = url.toLowerCase(Locale.ROOT);
return lower.startsWith("http://") || lower.startsWith("https://");
}
private static String normalizeTsaUrl(String url) {
try {
URI uri = URI.create(url.trim());
String scheme = uri.getScheme() == null ? "" : uri.getScheme().toLowerCase(Locale.ROOT);
String host = uri.getHost() == null ? "" : uri.getHost().toLowerCase(Locale.ROOT);
int port = uri.getPort();
String path = uri.getPath() == null ? "" : uri.getPath();
return scheme + "://" + host + (port == -1 ? "" : ":" + port) + path;
} catch (Exception e) {
return url.toLowerCase(Locale.ROOT);
}
}
private static String readErrorStream(HttpURLConnection connection) {
try (InputStream err = connection.getErrorStream()) {
if (err == null) return "";
byte[] body = err.readNBytes(2048);
return new String(body, StandardCharsets.UTF_8).trim();
} catch (IOException e) {
return "";
}
}
}
@@ -0,0 +1,24 @@
package stirling.software.SPDF.model.api.security;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import stirling.software.common.model.api.PDFFile;
@Data
@EqualsAndHashCode(callSuper = true)
public class TimestampPdfRequest extends PDFFile {
@Schema(
description =
"URL of the RFC 3161 Time Stamp Authority (TSA) server."
+ " Must be one of the built-in presets (DigiCert, Sectigo, SSL.com,"
+ " FreeTSA, MeSign) or an admin-configured URL in"
+ " settings.yml (security.timestamp.customTsaUrls)."
+ " If omitted, the server default is used.",
defaultValue = "http://timestamp.digicert.com",
requiredMode = Schema.RequiredMode.NOT_REQUIRED)
private String tsaUrl;
}
@@ -65,7 +65,7 @@ security:
enableKeyRotation: true # Set to 'true' to enable key pair rotation
enableKeyCleanup: true # Set to 'true' to enable key pair cleanup
tokenExpiryMinutes: 1440 # JWT access token lifetime in minutes for web clients (1 day).
desktopTokenExpiryMinutes: 43200 # JWT access token lifetime in minutes for desktop clients (30 days).
desktopTokenExpiryMinutes: 43200 # JWT access token lifetime in minutes for desktop clients (30 days).
allowedClockSkewSeconds: 60 # Allowed JWT validation clock skew in seconds to tolerate small client/server time drift.
refreshGraceMinutes: 15 # Allow refresh using an expired access token only within this many minutes after expiry.
validation: # PDF signature validation settings
@@ -84,6 +84,9 @@ security:
revocation:
mode: none # Revocation checking mode: 'none' (disabled), 'ocsp' (OCSP only), 'crl' (CRL only), 'ocsp+crl' (OCSP with CRL fallback)
hardFail: false # Fail validation if revocation status cannot be determined (true=strict, false=soft-fail)
timestamp:
defaultTsaUrl: http://timestamp.digicert.com # Default TSA server for RFC 3161 document timestamps
customTsaUrls: [] # Admin-configured additional TSA URLs (e.g. ['https://internal-tsa.corp.com/timestamp']). Users can only select from built-in presets and these URLs.
xFrameOptions: DENY # X-Frame-Options header value. Options: 'DENY' (default, prevents all framing), 'SAMEORIGIN' (allows framing from same domain), 'DISABLED' (no X-Frame-Options header sent). Note: automatically set to DISABLED when login is disabled
premium:
@@ -0,0 +1,288 @@
package stirling.software.SPDF.controller.api.security;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.List;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockMultipartFile;
import stirling.software.SPDF.model.api.security.TimestampPdfRequest;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.service.CustomPDFDocumentFactory;
@DisplayName("TimestampController security tests")
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class TimestampControllerTest {
@Mock private CustomPDFDocumentFactory pdfDocumentFactory;
@Mock private ApplicationProperties applicationProperties;
@InjectMocks private TimestampController controller;
private ApplicationProperties.Security security;
private ApplicationProperties.Security.Timestamp tsConfig;
private MockMultipartFile mockPdfFile;
@BeforeEach
void setUp() {
security = new ApplicationProperties.Security();
tsConfig = new ApplicationProperties.Security.Timestamp();
security.setTimestamp(tsConfig);
when(applicationProperties.getSecurity()).thenReturn(security);
mockPdfFile =
new MockMultipartFile(
"fileInput",
"test.pdf",
MediaType.APPLICATION_PDF_VALUE,
new byte[] {0x25, 0x50, 0x44, 0x46}); // %PDF header
}
private TimestampPdfRequest createRequest(String tsaUrl) {
TimestampPdfRequest request = new TimestampPdfRequest();
request.setFileInput(mockPdfFile);
request.setTsaUrl(tsaUrl);
return request;
}
@Nested
@DisplayName("URL Allowlist Validation")
class AllowlistTests {
@ParameterizedTest
@DisplayName("Should accept built-in preset URLs")
@ValueSource(
strings = {
"http://timestamp.digicert.com",
"http://timestamp.sectigo.com",
"http://ts.ssl.com",
"https://freetsa.org/tsr",
"http://tsa.mesign.com"
})
void shouldAcceptPresetUrls(String presetUrl) throws Exception {
// Mock PDF loading to avoid actual TSA call — we only test validation here
PDDocument mockDoc = mock(PDDocument.class);
when(pdfDocumentFactory.load(any(MockMultipartFile.class))).thenReturn(mockDoc);
doAnswer(
inv -> {
ByteArrayOutputStream baos = inv.getArgument(0);
baos.write(new byte[] {0x25, 0x50, 0x44, 0x46});
return null;
})
.when(mockDoc)
.saveIncremental(any(ByteArrayOutputStream.class));
doNothing().when(mockDoc).close();
TimestampPdfRequest request = createRequest(presetUrl);
// The method should NOT throw IllegalArgumentException for preset URLs
// It may throw IOException when contacting the TSA — that's expected
try {
controller.timestampPdf(request);
} catch (IllegalArgumentException e) {
fail("Preset URL should be in the allowlist: " + presetUrl);
} catch (Exception e) {
// IOException from TSA contact is expected in test env — validation passed
assertFalse(
e instanceof IllegalArgumentException,
"Should not reject preset URL: " + presetUrl);
}
}
@Test
@DisplayName("Should reject arbitrary URL not in allowlist")
void shouldRejectArbitraryUrl() {
TimestampPdfRequest request = createRequest("http://evil.internal.corp/ssrf");
IllegalArgumentException ex =
assertThrows(
IllegalArgumentException.class, () -> controller.timestampPdf(request));
assertTrue(ex.getMessage().contains("not in the allowed list"));
}
@ParameterizedTest
@DisplayName("Should reject SSRF-prone URLs")
@ValueSource(
strings = {
"http://localhost/timestamp",
"http://127.0.0.1:8080/internal",
"http://192.168.1.1/admin",
"http://10.0.0.1/metadata",
"http://169.254.169.254/latest/meta-data",
"file:///etc/passwd",
"ftp://internal-server/data",
"gopher://internal:25/",
})
void shouldRejectSsrfUrls(String ssrfUrl) {
TimestampPdfRequest request = createRequest(ssrfUrl);
assertThrows(
IllegalArgumentException.class,
() -> controller.timestampPdf(request),
"Should reject SSRF URL: " + ssrfUrl);
}
@Test
@DisplayName("Should accept admin-configured custom URL")
void shouldAcceptAdminCustomUrl() throws Exception {
String customUrl = "https://internal-tsa.corp.com/timestamp";
tsConfig.setCustomTsaUrls(new ArrayList<>(List.of(customUrl)));
PDDocument mockDoc = mock(PDDocument.class);
when(pdfDocumentFactory.load(any(MockMultipartFile.class))).thenReturn(mockDoc);
doNothing().when(mockDoc).close();
TimestampPdfRequest request = createRequest(customUrl);
try {
controller.timestampPdf(request);
} catch (IllegalArgumentException e) {
fail("Admin-configured custom URL should be accepted: " + customUrl);
} catch (Exception e) {
// IOException from TSA contact is expected
assertFalse(e instanceof IllegalArgumentException);
}
}
@Test
@DisplayName("Should reject URL not in admin custom list")
void shouldRejectUrlNotInAdminList() {
tsConfig.setCustomTsaUrls(
new ArrayList<>(List.of("https://allowed-tsa.corp.com/timestamp")));
TimestampPdfRequest request =
createRequest("https://not-allowed-tsa.evil.com/timestamp");
assertThrows(IllegalArgumentException.class, () -> controller.timestampPdf(request));
}
}
@Nested
@DisplayName("Default TSA URL Fallback")
class DefaultFallbackTests {
@Test
@DisplayName("Should use config default when tsaUrl is null")
void shouldFallbackToConfigDefault() throws Exception {
tsConfig.setDefaultTsaUrl("http://timestamp.digicert.com");
PDDocument mockDoc = mock(PDDocument.class);
when(pdfDocumentFactory.load(any(MockMultipartFile.class))).thenReturn(mockDoc);
doNothing().when(mockDoc).close();
TimestampPdfRequest request = createRequest(null);
// Should not throw IllegalArgumentException — default is in presets
try {
controller.timestampPdf(request);
} catch (IllegalArgumentException e) {
fail("Default TSA URL should be accepted");
} catch (Exception e) {
// IOException expected
}
}
@Test
@DisplayName("Should use config default when tsaUrl is blank")
void shouldFallbackToConfigDefaultWhenBlank() throws Exception {
tsConfig.setDefaultTsaUrl("http://timestamp.digicert.com");
PDDocument mockDoc = mock(PDDocument.class);
when(pdfDocumentFactory.load(any(MockMultipartFile.class))).thenReturn(mockDoc);
doNothing().when(mockDoc).close();
TimestampPdfRequest request = createRequest(" ");
try {
controller.timestampPdf(request);
} catch (IllegalArgumentException e) {
fail("Should fallback to config default when blank");
} catch (Exception e) {
// IOException expected
}
}
}
@Nested
@DisplayName("Config URL Validation (TASK-6)")
class ConfigValidationTests {
@Test
@DisplayName("Should filter blank entries from admin custom URLs")
void shouldFilterBlankCustomUrls() {
List<String> customUrls = new ArrayList<>(List.of("", " ", "http://valid-tsa.com/ts"));
tsConfig.setCustomTsaUrls(customUrls);
TimestampPdfRequest request = createRequest("http://evil.com/ssrf");
// Blank entries should not expand the allowlist
assertThrows(IllegalArgumentException.class, () -> controller.timestampPdf(request));
}
@Test
@DisplayName("Should reject file:// protocol in admin config")
void shouldRejectFileProtocolInConfig() {
tsConfig.setDefaultTsaUrl("file:///etc/passwd");
tsConfig.setCustomTsaUrls(new ArrayList<>());
TimestampPdfRequest request = createRequest(null);
// file:// default should be filtered out, leaving no valid default
// The request falls back to "file:///etc/passwd" which is not in allowed set
assertThrows(Exception.class, () -> controller.timestampPdf(request));
}
@Test
@DisplayName("Should reject ftp:// protocol in custom URLs")
void shouldRejectFtpProtocolInCustomUrls() {
tsConfig.setCustomTsaUrls(new ArrayList<>(List.of("ftp://internal-server/timestamp")));
TimestampPdfRequest request = createRequest("ftp://internal-server/timestamp");
assertThrows(IllegalArgumentException.class, () -> controller.timestampPdf(request));
}
}
@Nested
@DisplayName("Case-insensitive URL matching (TASK-12)")
class CaseInsensitiveTests {
@Test
@DisplayName("Should match URLs regardless of case")
void shouldMatchCaseInsensitive() throws Exception {
PDDocument mockDoc = mock(PDDocument.class);
when(pdfDocumentFactory.load(any(MockMultipartFile.class))).thenReturn(mockDoc);
doNothing().when(mockDoc).close();
TimestampPdfRequest request = createRequest("HTTP://TIMESTAMP.DIGICERT.COM");
try {
controller.timestampPdf(request);
} catch (IllegalArgumentException e) {
fail("Case-insensitive URL should match preset");
} catch (Exception e) {
// IOException expected
assertFalse(e instanceof IllegalArgumentException);
}
}
}
}
@@ -3773,6 +3773,11 @@ desc = "Adds signature to PDF by drawing, text or image"
tags = "signature,autograph,e-sign,electronic signature,digital signature,sign document,approval,signoff,authorize,endorse,ink signature,handwriting"
title = "Sign"
[home.timestampPdf]
desc = "Add an RFC 3161 document timestamp to prove when your PDF existed"
tags = "timestamp,RFC 3161,TSA,time stamp authority,document timestamp,proof of existence,timestamp token,trusted timestamp,sign timestamp,notarise"
title = "Timestamp PDF"
[home.split]
desc = "Split PDFs into multiple documents"
tags = "divide,separate,break,split,extract pages,separate pages,divide document,break apart,separate files,unbind,split by page,divide by chapter"
@@ -5718,6 +5723,32 @@ text = "Rotate your PDF pages clockwise or anticlockwise in 90-degree increments
[rotate.tooltip.header]
title = "Rotate Settings Overview"
[timestampPdf]
completed = "PDF timestamped successfully"
desc = "Add an RFC 3161 document timestamp to your PDF using a trusted Time Stamp Authority (TSA) server."
filenamePrefix = "timestamped"
results = "Timestamp Results"
submit = "Apply Timestamp"
title = "Timestamp PDF"
[timestampPdf.error]
failed = "An error occurred while timestamping the PDF."
generic = "Timestamping failed"
[timestampPdf.files]
placeholder = "Select a PDF file in the main view to get started"
[timestampPdf.options]
note = "Only a SHA-256 hash of your document is sent to the TSA server; the PDF file itself is never sent to the TSA server."
title = "Timestamp Server (TSA)"
[timestampPdf.options.tsaUrl]
desc = "Pick a trusted Time Stamp Authority"
label = "Select a TSA server"
[timestampPdf.steps]
settings = "Settings"
[sanitize]
completed = "Sanitisation completed successfully"
desc = "Remove potentially harmful elements from PDF files."
@@ -142,6 +142,10 @@ welcome = "Bienvenue"
white = "Blanc"
WorkInProgess = "En cours de développement, merci de nous remonter les problèmes que vous pourriez constater!"
yes = "Oui"
insufficientCredits = "Insufficient credits. Required: {{requiredCredits}}, Available: {{currentBalance}}, Shortfall: {{shortfall}}"
loadingCredits = "Checking credits..."
loadingProStatus = "Checking subscription status..."
noticeTopUpOrPlan = "Not enough credits, please top up or upgrade to a plan"
[account]
accountSettings = "Paramètres du compte"
@@ -1557,6 +1561,13 @@ underline = "Souligner"
undo = "Annuler"
unsupportedType = "Ce type dannotation nest pas entièrement pris en charge pour l’édition."
width = "Largeur"
annotationStyle = "Annotation style"
comment = "Comment"
comments = "Comments"
insertText = "Insert Text"
lineArrow = "Arrow"
polyline = "Polyline"
replaceText = "Replace Text"
[app]
description = "Lalternative gratuite à Adobe Acrobat (10M+ téléchargements)"
@@ -2574,10 +2585,22 @@ title = "Réglage de la qualité"
[compressPdfs]
tags = "compresser,réduire,taille,squish,small,tiny"
[config]
plan = "Plan"
[config.account.overview]
guestDescription = "Vous êtes connecté en tant quinvité. Envisagez de mettre à niveau votre compte ci-dessus."
manageAccountPreferences = "Gérer les préférences de votre compte"
title = "Paramètres du compte"
confirmDelete = "Delete My Account"
deleteAccount = "Delete Account"
deleteAccountTitle = "Delete Account"
deleteFailed = "Failed to delete account."
deleteFailedTitle = "Unable to delete account"
deleteWarning = "This action is permanent and cannot be undone. All your data will be deleted."
enterEmailConfirm = "To confirm deletion, please type your email address ({{email}}) below:"
label = "Overview"
signedInAs = "Signed in as"
[config.account.upgrade]
description = "Liez votre compte pour préserver votre historique et accéder à davantage de fonctionnalités !"
@@ -2592,6 +2615,32 @@ socialLogin = "Mettre à niveau avec un compte social"
title = "Mettre à niveau le compte invité"
upgradeButton = "Mettre à niveau le compte"
[config.account.profilePicture]
description = "Upload an image to personalize your account."
help = "PNG, JPG, or WebP up to 2MB."
remove = "Remove"
sizeError = "Please select an image smaller than 2MB."
switchedToCustom = "Switched to custom picture. You can now upload your own."
title = "Profile picture"
upload = "Upload"
useCustom = "Use custom picture"
usingProvider = "Using {{provider}} profile picture"
[config.account.profilePicture.cropper]
cropError = "Failed to crop image. Please try again."
invalidImage = "Invalid image file. Please select a valid PNG, JPG, or WebP file."
processing = "Processing crop..."
save = "Save Cropped Image"
sizeErrorAfterCrop = "Cropped image is too large. Please zoom out or crop a smaller area."
title = "Crop Profile Picture"
zoom = "Zoom"
[config.account.security]
changePassword = "Change password"
description = "Manage your password and security settings."
title = "Passwords & Security"
update = "Update password"
[config.apiKeys]
chartAriaLabel = "Utilisation des crédits : inclus {{includedUsed}} sur {{includedTotal}}, achetés {{purchasedUsed}} sur {{purchasedTotal}}"
copyKeyAriaLabel = "Copier la clé API"
@@ -2614,6 +2663,7 @@ refreshAriaLabel = "Actualiser la clé API"
schemaLink = "Référence du schéma API"
totalCredits = "Crédits totaux"
usage = "Incluez cette clé dans len-tête X-API-KEY pour toutes les requêtes API."
creditsRemaining = "Credits Remaining"
[config.apiKeys.alert]
apiKeyErrorTitle = "Erreur de clé API"
@@ -2728,6 +2778,15 @@ webOptions = "Options Web vers PDF"
wordDoc = "Document Word"
wordDocExt = "Document Word (.docx)"
zoomLevel = "Niveau de zoom"
cbrToPdf = "CBR → PDF"
cbzToPdf = "CBZ → PDF"
ebookToPdf = "eBook → PDF"
emlToPdf = "Email → PDF"
fileToPdf = "Office/Document → PDF"
pdfToCbr = "PDF → CBR"
pdfToCbz = "PDF → CBZ"
pdfToEpub = "PDF → EPUB"
svgToPdf = "SVG → PDF"
[convert.ebookOptions]
ebookOptions = "Options eBook vers PDF"
@@ -3713,6 +3772,11 @@ desc = "Recherche et affiche tout JavaScript injecté dans un PDF."
tags = "javascript,code,script"
title = "Afficher le JavaScript"
[home.timestampPdf]
desc = "Ajoutez un horodatage RFC 3161 pour prouver la date d'existence de votre PDF"
tags = "horodatage,RFC 3161,TSA,autorité de timestamp,horodatage de document,preuve d'existence,jeton d'horodatage,timestamp de confiance,signer horodatage,notariser"
title = "Horodater le PDF"
[home.sign]
desc = "Ajoutez une signature au PDF avec un dessin, du texte ou une image."
tags = "signature,autographe"
@@ -3920,6 +3984,13 @@ username = "Nom dutilisateur"
verifyingMfa = "Vérification..."
verifyMfa = "Vérifier le code"
youAreLoggedIn = "Vous êtes connecté !"
backToSignIn = "Back to sign in"
passwordUpdatedSuccess = "Your password has been updated successfully."
resetHelp = "Enter your email to receive a secure link to reset your password. If the link has expired, please request a new one."
resetYourPassword = "Reset your password"
sendResetLink = "Send reset link"
subtitle = "Sign back in to Stirling PDF"
updatePassword = "Update password"
[login.slides.edit]
alt = "Modifier des PDF"
@@ -4280,6 +4351,15 @@ rightRail = "Le <strong>rail de droite</strong> contient des actions rapides pou
topBar = "La barre supérieure permet de basculer entre la <strong>Visionneuse</strong>, <strong>l’Éditeur de pages</strong> et <strong>les fichiers actifs</strong>."
wrapUp = "Voilà les nouveautés de la V2. Ouvrez le menu <strong>Visites guidées</strong> à tout moment pour rejouer ceci, le parcours des outils ou le parcours Admin."
[onboarding.freeTrial]
afterTrialWithPayment = "Your Pro subscription will start automatically when the trial ends."
afterTrialWithoutPayment = "After your trial ends, you'll continue with our free tier. Add a payment method to keep Pro access."
body = "You have full access to Stirling PDF Pro features during your trial. Enjoy unlimited conversions, larger file sizes, and priority processing."
daysRemaining = "{{days}} days remaining"
daysRemainingSingular = "{{days}} day remaining"
title = "Your 30-Day Pro Trial"
trialEnds = "Trial ends {{date}}"
[overlay-pdfs]
desc = "Superposer un PDF sur un autre"
header = "Incrustation de PDF"
@@ -4401,6 +4481,31 @@ dismiss = "Fermer"
apply = "Appliquer les modifications"
download = "Télécharger le PDF"
[viewer.comments]
addComment = "Add comment"
addCommentPlaceholder = "Add comment..."
addLink = "Add link"
addReplyPlaceholder = "Add reply..."
deleteAnnotationAndComment = "Delete annotation & comment"
deleteDescription = "This annotation has a comment attached. You can remove just the comment from the sidebar while keeping the annotation, or delete everything."
deleteTitle = "Remove annotation from comments?"
goToLink = "Go to link"
hint = "Place comments with the Comment, Insert Text, or Replace Text tools. They will appear here by page."
locateAnnotation = "Locate in document"
moreActions = "More actions"
nComments = "{{count}} comments"
oneComment = "1 comment"
pageLabel = "Page {{page}}"
placeholder = "Type your comment..."
removeCommentOnly = "Remove comment only"
saveReply = "Save reply"
send = "Send"
title = "Comments"
typeComment = "Comment"
typeInsertText = "Insert Text"
typeReplaceText = "Replace Text"
viewComment = "View comment"
[rightRail]
closeSelected = "Fermer les fichiers sélectionnés"
selectAll = "Tout sélectionner"
@@ -4433,6 +4538,12 @@ exitRedaction = "Quitter le mode de caviardage"
save = "Enregistrer"
downloadAll = "Tout télécharger"
saveAll = "Tout enregistrer"
readAloud = "Read Aloud"
readAloudLanguage = "Language"
readAloudSpeed = "Speed"
saveAs = "Save As"
selectLanguage = "Select language"
toggleComments = "Comments"
[textAlign]
left = "Gauche"
@@ -4980,6 +5091,9 @@ selectPlan = "Choisir un plan"
showComparison = "Comparer toutes les fonctionnalités"
upgrade = "Mettre à niveau"
withServer = "+ Plan Server"
purchase = "Purchase"
selectCredits = "Select Credit Amount"
totalCost = "Total Cost"
[plan.activePlan]
subtitle = "Détails de votre abonnement actuel"
@@ -5069,6 +5183,30 @@ successMessage = "Votre licence a été activée avec succès. Vous pouvez maint
name = "Team"
siteLicense = "Licence site"
[plan.api]
large = "5,000 Credits"
medium = "1,000 Credits"
small = "500 Credits"
xsmall = "100 Credits"
[plan.apiPackages]
subtitle = "Purchase API credits for your applications"
title = "API Credit Packages"
[plan.trial]
badge = "Trial"
continueWithFree = "Continue with Free"
daysRemaining = "Your trial ends in {{days}} days"
endDate = "Expires: {{date}}"
expired = "Your Trial Has Ended"
expiredMessage = "Your 30-day Pro trial has expired. Subscribe to Pro to continue accessing premium features, or continue with our free tier."
freeTierLimitations = "Free tier includes basic PDF tools with usage limits."
message = ""
subscribe = "Subscribe to Pro"
subscribeToPro = "Subscribe to Pro"
subscriptionScheduled = "Subscription scheduled - starts {{date}}"
title = "Free Trial Active"
[credits]
enableOverageBilling = "Activer la facturation de dépassement"
maybeLater = "Peut-être plus tard"
@@ -5631,6 +5769,32 @@ text = "Faites pivoter les pages de votre PDF dans le sens horaire ou antihorair
[rotate.tooltip.header]
title = "Aperçu des paramètres de rotation"
[timestampPdf]
completed = "PDF horodaté avec succès"
desc = "Ajoutez un horodatage RFC 3161 à votre PDF via un serveur d'autorité d'horodatage (TSA) de confiance."
filenamePrefix = "horodaté"
results = "Résultats de l'horodatage"
submit = "Appliquer l'horodatage"
title = "Horodater le PDF"
[timestampPdf.error]
failed = "Une erreur est survenue lors de l'horodatage du PDF."
generic = "Échec de l'horodatage"
[timestampPdf.files]
placeholder = "Sélectionnez un fichier PDF dans la vue principale pour commencer"
[timestampPdf.options]
note = "Seul le hash SHA-256 de votre document est envoyé au serveur TSA ; le fichier PDF lui-même n'est jamais envoyé au serveur TSA."
title = "Serveur d'horodatage (TSA)"
[timestampPdf.options.tsaUrl]
desc = "Choisissez une autorité d'horodatage de confiance"
label = "Sélectionner un serveur TSA"
[timestampPdf.steps]
settings = "Paramètres"
[sanitize]
completed = "Assainissement effectué avec succès"
desc = "Supprimer les éléments potentiellement nuisibles des fichiers PDF."
@@ -5772,10 +5936,13 @@ logout = "Se déconnecter"
server = "Serveur"
title = "Mode de connexion"
user = "Connecté en tant que"
localDescription = "You are using the local backend without an account. Some tools requiring cloud processing or a self-hosted server are unavailable."
signIn = "Sign In"
[settings.connection.mode]
saas = "Stirling Cloud"
selfhosted = "Auto-hébergé"
local = "Local Only"
[settings.planBilling]
currentPlan = "Offre actuelle"
@@ -5931,6 +6098,9 @@ title = "Politiques et confidentialité"
[settings.preferences]
title = "Préférences"
[settings.search]
placeholder = "Rechercher dans les paramètres…"
[settings.security]
description = "Mettez à jour votre mot de passe pour sécuriser votre compte."
title = "Sécurité"
@@ -5988,6 +6158,7 @@ sso = "Authentification unique"
submit = "Se connecter"
subtitle = "Saisissez vos identifiants pour continuer"
title = "Se connecter"
skipSignIn = "Continue without signing in"
[setup.login.email]
label = "Email"
@@ -6023,6 +6194,13 @@ title = "Se connecter à Stirling"
link = "ou connectez-vous à un compte auto-hébergé"
subtitle = "Saisissez les identifiants du serveur"
title = "Se connecter au serveur"
switchToLocal = "Use local tools instead"
[setup.selfhosted.unreachable]
continueOffline = "Use local tools instead"
message = "Could not reach {{url}}. Check that the server is running and accessible."
retry = "Retry"
title = "Cannot connect to server"
[setup.server]
subtitle = "Saisissez lURL de votre serveur autohébergé"
@@ -6036,6 +6214,7 @@ emptyUrl = "Veuillez saisir une URL de serveur"
invalidUrl = "Format dURL invalide. Veuillez saisir une URL valide comme https://your-server.com"
testFailed = "Échec du test de connexion"
unreachable = "Connexion au serveur impossible"
configFetchError = "Failed to fetch server configuration: {{error}}"
[setup.server.error.securityDisabled]
body = "La connexion n'est pas activée sur ce serveur. Pour vous y connecter, vous devez activer l'authentification :"
@@ -6561,6 +6740,7 @@ showDetails = "Afficher les détails"
unavailable = "Désactivé par ladministrateur du serveur :"
unavailableDependency = "Indisponible - outil requis manquant sur le serveur :"
unfavorite = "Retirer des favoris"
selfHostedOffline = "Requires your Stirling-PDF server (currently offline):"
[toolPanel.modePrompt]
chooseFullscreen = "Utiliser le mode plein écran"
@@ -7534,3 +7714,37 @@ description = "Clé API Google pour Google Picker API depuis Google Cloud Consol
[provider.googledrive.appId]
label = "App ID"
description = "App ID Google Drive depuis Google Cloud Console"
[selfHosted.offline]
hideTools = "Hide unavailable tools ▴"
messageNoFallback = "Tools are unavailable until your server comes back online."
messageWithFallback = "Some tools require a server connection."
showTools = "View unavailable tools ▾"
title = "Your Stirling-PDF server is unreachable"
toolNotAvailableLocally = "Your Stirling-PDF server is offline and \"{{endpoint}}\" is not available on the local backend."
[connectionMode.status]
localOffline = "Offline mode running"
localOnline = "Offline mode running"
saas = "Connected to Stirling Cloud"
selfhostedChecking = "Connected to self-hosted server (checking...)"
selfhostedOffline = "Self-hosted server unreachable"
selfhostedOnline = "Connected to self-hosted server"
[localMode]
toolUnavailable = "This tool requires an account. Sign in to Stirling Cloud or connect to a self-hosted server to use it."
[localMode.banner]
message = "Sign in to unlock all tools."
signIn = "Sign In"
title = "Running locally"
[localMode.toolPicker]
message = "Sign in to unlock all tools."
signIn = "Sign In"
[tool]
endpointUnavailable = "This tool is unavailable on your server."
endpointUnavailableClickable = "Not available in this mode. Click to sign in."
invalidParams = "Fill in the required settings."
noFiles = "Add a file to get started."
@@ -0,0 +1,80 @@
import { useEffect, useRef } from "react";
import { Stack, Text, Select } from "@mantine/core";
import { useTranslation } from "react-i18next";
import {
TimestampPdfParameters,
FALLBACK_TSA_PRESETS,
} from "@app/hooks/tools/timestampPdf/useTimestampPdfParameters";
import { useAppConfig } from "@app/contexts/AppConfigContext";
interface TimestampPdfSettingsProps {
parameters: TimestampPdfParameters;
onParameterChange: <K extends keyof TimestampPdfParameters>(
key: K,
value: TimestampPdfParameters[K]
) => void;
disabled?: boolean;
}
const TimestampPdfSettings = ({
parameters,
onParameterChange,
disabled = false,
}: TimestampPdfSettingsProps) => {
const { t } = useTranslation();
const { config } = useAppConfig();
const defaultApplied = useRef(false);
// Use backend presets (single source of truth) with fallback (TASK-10)
const presets = config?.timestampTsaPresets ?? FALLBACK_TSA_PRESETS;
// Build dropdown: presets + admin custom URLs, deduplicated (TASK-9)
const presetUrls = new Set(presets.map((p) => p.url));
const adminCustomUrls = (config?.timestampCustomTsaUrls ?? []).filter(
(url) => !presetUrls.has(url)
);
const selectData = [
...presets.map((preset) => ({ value: preset.url, label: preset.label })),
...adminCustomUrls.map((url) => ({ value: url, label: url })),
];
// Apply admin default TSA URL on first config load (TASK-2)
useEffect(() => {
if (!defaultApplied.current && config?.timestampDefaultTsaUrl) {
defaultApplied.current = true;
const adminDefault = config.timestampDefaultTsaUrl;
if (adminDefault && adminDefault !== parameters.tsaUrl) {
onParameterChange("tsaUrl", adminDefault);
}
}
}, [config?.timestampDefaultTsaUrl]);
return (
<Stack gap="md">
<Text size="sm" fw={500}>
{t("timestampPdf.options.title", "Timestamp Server (TSA)")}
</Text>
<Select
label={t("timestampPdf.options.tsaUrl.label", "Select a TSA server")}
description={t(
"timestampPdf.options.tsaUrl.desc",
"Pick a trusted Time Stamp Authority"
)}
data={selectData}
value={parameters.tsaUrl}
onChange={(value) => onParameterChange("tsaUrl", value ?? presets[0].url)}
disabled={disabled}
/>
<Text size="xs" c="dimmed">
{t(
"timestampPdf.options.note",
"Only a SHA-256 hash of your document is sent to the TSA server; the PDF file itself is never sent to the TSA server."
)}
</Text>
</Stack>
);
};
export default TimestampPdfSettings;
@@ -43,6 +43,7 @@ import FormFill from "@app/tools/formFill/FormFill";
import RemoveCertificateSign from "@app/tools/RemoveCertificateSign";
import RemoveImage from "@app/tools/RemoveImage";
import CertSign from "@app/tools/CertSign";
import TimestampPdf from "@app/tools/TimestampPdf";
import BookletImposition from "@app/tools/BookletImposition";
import Flatten from "@app/tools/Flatten";
import Rotate from "@app/tools/Rotate";
@@ -69,6 +70,7 @@ import { convertOperationConfig } from "@app/hooks/tools/convert/useConvertOpera
import { removeCertificateSignOperationConfig } from "@app/hooks/tools/removeCertificateSign/useRemoveCertificateSignOperation";
import { changePermissionsOperationConfig } from "@app/hooks/tools/changePermissions/useChangePermissionsOperation";
import { certSignOperationConfig } from "@app/hooks/tools/certSign/useCertSignOperation";
import { timestampPdfOperationConfig } from "@app/hooks/tools/timestampPdf/useTimestampPdfOperation";
import { bookletImpositionOperationConfig } from "@app/hooks/tools/bookletImposition/useBookletImpositionOperation";
import { mergeOperationConfig } from '@app/hooks/tools/merge/useMergeOperation';
import { editTableOfContentsOperationConfig } from '@app/hooks/tools/editTableOfContents/useEditTableOfContentsOperation';
@@ -213,6 +215,19 @@ export function useTranslatedToolCatalog(): TranslatedToolCatalog {
operationConfig: certSignOperationConfig,
automationSettings: CertSignAutomationSettings,
},
timestampPdf: {
icon: <LocalIcon icon="schedule-rounded" width="1.5rem" height="1.5rem" />,
name: t("home.timestampPdf.title", "Timestamp PDF"),
component: TimestampPdf,
description: t("home.timestampPdf.desc", "Add an RFC 3161 document timestamp to prove when your PDF existed"),
categoryId: ToolCategoryId.STANDARD_TOOLS,
subcategoryId: SubcategoryId.SIGNING,
maxFiles: -1,
endpoints: ["timestamp-pdf"],
operationConfig: timestampPdfOperationConfig,
automationSettings: null,
synonyms: getSynonyms(t, "timestampPdf"),
},
sign: {
icon: <LocalIcon icon="signature-rounded" width="1.5rem" height="1.5rem" />,
name: t("home.sign.title", "Sign"),
@@ -0,0 +1,33 @@
import { useTranslation } from 'react-i18next';
import { ToolType, useToolOperation } from '@app/hooks/tools/shared/useToolOperation';
import { createStandardErrorHandler } from '@app/utils/toolErrorHandler';
import { TimestampPdfParameters, defaultParameters } from '@app/hooks/tools/timestampPdf/useTimestampPdfParameters';
export const buildTimestampPdfFormData = (parameters: TimestampPdfParameters, file: File): FormData => {
const formData = new FormData();
formData.append('fileInput', file);
formData.append('tsaUrl', parameters.tsaUrl);
return formData;
};
export const timestampPdfOperationConfig = {
toolType: ToolType.singleFile,
buildFormData: buildTimestampPdfFormData,
operationType: 'timestampPdf',
endpoint: '/api/v1/security/timestamp-pdf',
multiFileEndpoint: false,
defaultParameters,
} as const;
export const useTimestampPdfOperation = () => {
const { t } = useTranslation();
return useToolOperation<TimestampPdfParameters>({
...timestampPdfOperationConfig,
getErrorMessage: createStandardErrorHandler(
t('timestampPdf.error.failed', 'An error occurred while timestamping the PDF.')
),
});
};
@@ -0,0 +1,33 @@
import { BaseParameters } from '@app/types/parameters';
import { useBaseParameters, BaseParametersHook } from '@app/hooks/tools/shared/useBaseParameters';
// Fallback presets used only when AppConfig hasn't loaded yet.
// The real presets are served by the backend via /api/v1/config/app-config
// (field: timestampTsaPresets) — single source of truth.
export const FALLBACK_TSA_PRESETS = [
{ label: 'DigiCert', url: 'http://timestamp.digicert.com' },
{ label: 'Sectigo', url: 'http://timestamp.sectigo.com' },
{ label: 'SSL.com', url: 'http://ts.ssl.com' },
{ label: 'FreeTSA', url: 'https://freetsa.org/tsr' },
{ label: 'MeSign', url: 'http://tsa.mesign.com' },
] as const;
export interface TimestampPdfParameters extends BaseParameters {
tsaUrl: string;
}
export const defaultParameters: TimestampPdfParameters = {
tsaUrl: FALLBACK_TSA_PRESETS[0].url,
};
export type TimestampPdfParametersHook = BaseParametersHook<TimestampPdfParameters>;
export const useTimestampPdfParameters = (): TimestampPdfParametersHook => {
return useBaseParameters({
defaultParameters,
endpointName: 'timestamp-pdf',
validateFn: (params) => {
return params.tsaUrl.trim().length > 0;
},
});
};
+60
View File
@@ -0,0 +1,60 @@
import { useTranslation } from "react-i18next";
import { createToolFlow } from "@app/components/tools/shared/createToolFlow";
import TimestampPdfSettings from "@app/components/tools/timestampPdf/TimestampPdfSettings";
import { useTimestampPdfParameters } from "@app/hooks/tools/timestampPdf/useTimestampPdfParameters";
import { useTimestampPdfOperation } from "@app/hooks/tools/timestampPdf/useTimestampPdfOperation";
import { useBaseTool } from "@app/hooks/tools/shared/useBaseTool";
import { BaseToolProps, ToolComponent } from "@app/types/tool";
const TimestampPdf = (props: BaseToolProps) => {
const { t } = useTranslation();
const base = useBaseTool(
"timestampPdf",
useTimestampPdfParameters,
useTimestampPdfOperation,
props
);
return createToolFlow({
files: {
selectedFiles: base.selectedFiles,
isCollapsed: base.hasResults,
},
steps: [
{
title: t("timestampPdf.steps.settings", "Settings"),
isCollapsed: base.settingsCollapsed,
onCollapsedClick: base.settingsCollapsed ? base.handleSettingsReset : undefined,
content: (
<TimestampPdfSettings
parameters={base.params.parameters}
onParameterChange={base.params.updateParameter}
disabled={base.endpointLoading}
/>
),
},
],
executeButton: {
text: t("timestampPdf.submit", "Apply Timestamp"),
isVisible: !base.hasResults,
loadingText: t("loading"),
onClick: base.handleExecute,
disabled:
!base.params.validateParameters() ||
!base.hasFiles ||
!base.endpointEnabled,
},
review: {
isVisible: base.hasResults,
operation: base.operation,
title: t("timestampPdf.results", "Timestamp Results"),
onFileClick: base.handleThumbnailClick,
onUndo: base.handleUndo,
},
});
};
TimestampPdf.tool = () => useTimestampPdfOperation;
export default TimestampPdf as ToolComponent;
+3
View File
@@ -50,6 +50,9 @@ export interface AppConfig {
googleDriveClientId?: string;
googleDriveApiKey?: string;
googleDriveAppId?: string;
timestampDefaultTsaUrl?: string;
timestampCustomTsaUrls?: string[];
timestampTsaPresets?: { label: string; url: string }[];
}
export type AppConfigBootstrapMode = 'blocking' | 'non-blocking';
+1
View File
@@ -52,6 +52,7 @@ export const CORE_REGULAR_TOOL_IDS = [
'overlayPdfs',
'getPdfInfo',
'validateSignature',
'timestampPdf',
'replaceColor',
'showJS',
'bookletImposition',
@@ -77,6 +77,7 @@ export const TOOL_CREDIT_COSTS: Record<ToolId, number> = {
convert: CREDIT_COSTS.LARGE,
ocr: CREDIT_COSTS.LARGE,
certSign: CREDIT_COSTS.LARGE,
timestampPdf: CREDIT_COSTS.LARGE,
// Extra large operations (10 credits)
automate: CREDIT_COSTS.XLARGE,