82 lines
2.9 KiB
SQL
82 lines
2.9 KiB
SQL
-- Table pour stocker les preuves de signature vérifiables publiquement
|
|
CREATE TABLE IF NOT EXISTS signature_verifications (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
|
|
-- Informations du document
|
|
document_name TEXT NOT NULL,
|
|
pdf_url TEXT NOT NULL,
|
|
signed_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
|
|
-- Informations du signataire
|
|
signer_name TEXT NOT NULL,
|
|
signer_email TEXT NOT NULL,
|
|
|
|
-- Données cryptographiques
|
|
signature_hash TEXT NOT NULL, -- Hash SHA-256 du contenu signé
|
|
signature_hex TEXT NOT NULL, -- Signature complète en hexadécimal
|
|
|
|
-- Certificat
|
|
certificate_info JSONB NOT NULL DEFAULT '{
|
|
"issuer": "",
|
|
"subject": "",
|
|
"valid_from": "",
|
|
"valid_until": "",
|
|
"serial_number": ""
|
|
}'::jsonb,
|
|
|
|
-- Horodatage (TSA)
|
|
timestamp JSONB NOT NULL DEFAULT '{
|
|
"tsa_url": "",
|
|
"timestamp": "",
|
|
"hash": ""
|
|
}'::jsonb,
|
|
|
|
-- Statuts de vérification
|
|
verification_status JSONB NOT NULL DEFAULT '{
|
|
"seal_valid": true,
|
|
"timestamp_valid": true,
|
|
"document_intact": true
|
|
}'::jsonb,
|
|
|
|
-- ⭐ Ledger S3 immuable (Compliance Lock)
|
|
s3_ledger_key TEXT NOT NULL, -- Clé S3 du document JSON immuable
|
|
s3_ledger_version_id TEXT, -- Version ID S3
|
|
s3_ledger_locked_until TIMESTAMPTZ NOT NULL, -- Date d'expiration du lock (10 ans)
|
|
s3_ledger_integrity_verified BOOLEAN DEFAULT false, -- Vérification d'intégrité effectuée
|
|
|
|
-- Métadonnées
|
|
contract_id UUID REFERENCES contracts(id) ON DELETE SET NULL,
|
|
organization_id UUID REFERENCES organizations(id) ON DELETE CASCADE,
|
|
|
|
created_at TIMESTAMPTZ DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ DEFAULT NOW()
|
|
);
|
|
|
|
-- Index pour recherche rapide
|
|
CREATE INDEX idx_signature_verifications_id ON signature_verifications(id);
|
|
CREATE INDEX idx_signature_verifications_contract ON signature_verifications(contract_id);
|
|
CREATE INDEX idx_signature_verifications_org ON signature_verifications(organization_id);
|
|
CREATE INDEX idx_signature_verifications_s3_ledger ON signature_verifications(s3_ledger_key);
|
|
CREATE INDEX idx_signature_verifications_locked_until ON signature_verifications(s3_ledger_locked_until);
|
|
|
|
-- RLS: Les pages de vérification sont publiques
|
|
ALTER TABLE signature_verifications ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- Politique publique en lecture (n'importe qui peut vérifier une signature)
|
|
CREATE POLICY "Vérifications publiques" ON signature_verifications
|
|
FOR SELECT
|
|
USING (true);
|
|
|
|
-- Seul le système peut créer/modifier
|
|
CREATE POLICY "Système peut gérer" ON signature_verifications
|
|
FOR ALL
|
|
USING (auth.uid() IS NOT NULL)
|
|
WITH CHECK (auth.uid() IS NOT NULL);
|
|
|
|
-- Trigger de mise à jour
|
|
CREATE TRIGGER update_signature_verifications_updated_at
|
|
BEFORE UPDATE ON signature_verifications
|
|
FOR EACH ROW
|
|
EXECUTE FUNCTION update_updated_at_column();
|
|
|
|
COMMENT ON TABLE signature_verifications IS 'Preuves de signature électronique vérifiables publiquement via URL/QR code';
|