Merge pull request #4404 from LibreSign/backport/4398/stable30

[stable30] chore: validate signer of signed pdf file
LibreSign · Jan 19, 2025 · a87d822 · a87d822
2 parents 92701d7 + 4153a74
commit a87d822
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/Handler/Pkcs12Handler.php b/lib/Handler/Pkcs12Handler.php
@@ -175,7 +175,7 @@ public function getCertificateChain($resource): array {
 					if (empty($certificates[$signerCounter]['chain'][$certificateIndex]['signature_validation'])) {
 						$certificates[$signerCounter]['chain'][$certificateIndex]['signature_validation'] = [
 							'id' => 1,
-							'label' => $this->l10n->t('Certificate is Trusted.'),
+							'label' => $this->l10n->t('Signature is valid.'),
 						];
 					}
 				}

diff --git a/tests/integration/features/file/validate.feature b/tests/integration/features/file/validate.feature
@@ -4,7 +4,8 @@ Feature: validate
     And run the command "libresign:install --use-local-cert --java" with result code 0
     And run the command "libresign:install --use-local-cert --jsignpdf" with result code 0
     And run the command "libresign:install --use-local-cert --pdftk" with result code 0
-    And run the command "libresign:configure:openssl --cn test" with result code 0
+    And run the command "config:app:set libresign certificate_engine --value=openssl" with result code 0
+    And run the command "libresign:configure:openssl --cn=Common\ Name --c=BR --o=Organization --st=State\ of\ Company --l=City\ Name --ou=Organization\ Unit" with result code 0
     And sending "post" to ocs "/apps/provisioning_api/api/v1/config/apps/libresign/identify_methods"
       | value | (string)[{"name":"account","enabled":true,"mandatory":true,"signatureMethods":{"clickToSign":{"enabled":true}}}] |
     And user "signer1" exists
@@ -29,3 +30,10 @@ Feature: validate
     And as user ""
     And sending "get" to ocs "/apps/libresign/api/v1/file/validate/uuid/<FILE_UUID>"
     Then the response should have a status code 200
+    Then the response should be a JSON array with the following mandatory values
+      | key                                           | value                                                                                                                |
+      | (jq).ocs.data.signers[0].me                   | false                                                                                                                |
+      | (jq).ocs.data.signers[0].uid                  | account:signer1                                                                                                      |
+      | (jq).ocs.data.signers[0].subject              | /C=BR/ST=State of Company/L=City Name/O=Organization/OU=Organization Unit/UID=account:signer1/CN=signer1-displayname |
+      | (jq).ocs.data.signers[0].signature_validation | {"id":1,"label":"Signature is valid."}                                                                           |
+      | (jq).ocs.data.signers[0].hash_algorithm       | RSA-SHA1                                                                                                             |