feat: integrate pdf-signature-validator for native validation#7596
Open
vitormattos wants to merge 21 commits intomainfrom
Open
feat: integrate pdf-signature-validator for native validation#7596vitormattos wants to merge 21 commits intomainfrom
vitormattos wants to merge 21 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Integrates the libresign/pdf-signature-validator Composer package into LibreSign to perform native (pure-PHP) PDF signature validation, and wires its metadata/validation outputs into LibreSign’s existing certificate-chain payload.
Changes:
- Add
PdfSignatureValidationServiceto run native validation and translate package results/reasons into LibreSign’s expected format. - Update
Pkcs12Handlerto enrich signature/certificate chain data using native extractor/validator outputs (replacing the previouspdfsig-based Poppler path). - Update install checks and unit tests to reflect the new validation flow and dependencies.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/php/Unit/Service/Signature/PdfSignatureValidationServiceTest.php | New unit tests for mapping native validator results into LibreSign payload shape. |
| tests/php/Unit/Service/IdentifyMethod/PasswordTest.php | Updates test construction for Pkcs12Handler after constructor dependency changes. |
| tests/php/Unit/Handler/SignEngine/Pkcs12HandlerTest.php | Adds tests for extractor metadata parsing and native validation integration in getCertificateChain(). |
| lib/Service/Signature/PdfSignatureValidationService.php | New service wrapping PdfSignatureValidator and translating results/reasons with l10n. |
| lib/Service/Install/ConfigureCheckService.php | Removes the pdfsig setup check, keeping pdfinfo as Poppler fallback check. |
| lib/Handler/SignEngine/Pkcs12Handler.php | Injects native extractor/validation service and uses them to enrich chain leaf data. |
| lib/Controller/FileController.php | Refactors preview mime-fallback redirects and adds broader error handling/logging. |
| composer.json | Adds libresign/pdf-signature-validator dependency. |
| composer.lock | Locks the new package and updates dependency hash. |
vitormattos
force-pushed
the
feat/integrate-pdf-signature-validator
branch
2 times, most recently
from
4db8ad1 to
4595c3e
Compare
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
The service's validateFromResource() already returns properly formatted arrays with id, label, isValid, and reason. The localize* methods were unnecessarily converting numbers back to enums and then back to numbers. Now Pkcs12Handler uses the validation results directly without the circular conversion, eliminating code duplication and improving clarity. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
- FileController::fetchPreview: add inline type assertions for RedirectResponse
to specify exact status code (303) when returning null-checked values
- PdfSignatureValidationService: update docblocks for validateFromResource,
validateFromString, and mapValidationResults to include the 'raw' field
- Pkcs12Handler::extractNativeSignatureMetadata: change return type from
list<array> to array<int, array{...}> to match actual implementation
All Psalm errors resolved, unit tests still passing.
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update constructor arguments to match the new signature which includes PdfSignatureValidationService and PdfSignatureExtractor, and removes the no-longer-used TempManager. Also use real instance of PdfSignatureExtractor instead of mock since the class is final and cannot be mocked. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
vitormattos
force-pushed
the
feat/integrate-pdf-signature-validator
branch
from
4595c3e to
6015855
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
libresign/pdf-signature-validatorinto LibreSign via ComposerPdfSignatureValidationServiceto map package validation results to LibreSign payload formatPkcs12Handlerto enrich certificate chain data using native metadata/validation from the packagepdfsigsetup check requirement and keeppdfinfoas poppler fallback checkPkcs12HandlerandPdfSignatureValidationService