Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
da68d92
feat: integrate pdf-signature-validator for native validation
vitormattos Apr 23, 2026
e065851
refactor: translate signature validation messages via l10n
vitormattos Apr 24, 2026
74b629f
refactor: avoid translating dynamic reason strings
vitormattos Apr 24, 2026
aa0ab74
feat: add translatable dictionary for validation reasons
vitormattos Apr 24, 2026
6250c8c
docs: add translator guidance for validation reasons
vitormattos Apr 24, 2026
1022811
docs: place translator comments above each l10n call
vitormattos Apr 24, 2026
74313b8
docs: place translator comments above each l10n call
vitormattos Apr 24, 2026
0b3c68c
refactor: remove redundant docs from CA getters
vitormattos Apr 24, 2026
ffa0f69
refactor: remove redundant comments in validation service
vitormattos Apr 24, 2026
390e453
test: remove deprecated reflection accessibility calls
vitormattos Apr 24, 2026
3719847
build: use released pdf-signature-validator v0.2.0
vitormattos Apr 24, 2026
3a3b4fb
refactor: centralize validation localization mapping
vitormattos Apr 24, 2026
c5e1af8
fix: remove invalid UNKNOWN_FAILURE enum state
vitormattos Apr 24, 2026
96cb253
refactor: remove redundant localize* methods
vitormattos Apr 24, 2026
31547c1
fix: cs
vitormattos Apr 24, 2026
d58348c
fix: resolve Psalm type hint errors
vitormattos Apr 24, 2026
e6c5f4f
fix: update PasswordTest constructor arguments for Pkcs12Handler
vitormattos Apr 24, 2026
3332427
fix: cs
vitormattos Apr 24, 2026
a42f0eb
fix: preserve legacy signature validation on native digest mismatch
vitormattos Apr 24, 2026
eabc640
fix: address native validator review feedback
vitormattos Apr 24, 2026
6afd97b
fix: cs
vitormattos Apr 24, 2026
61a0e72
fix: remove phpseclib from direct deps, use provide via 3rdparty
vitormattos Jun 18, 2026
cba47bf
refactor: move pdf-signature-validator to 3rdparty scoped vendor
vitormattos Jun 18, 2026
334f841
fix(cs): fix use statement ordering per php-cs-fixer
vitormattos Jun 18, 2026
435a7d4
fix: propagate unexpected native validation exceptions
vitormattos Jul 7, 2026
00bd45b
fix: always reset policy context on metadata failures
vitormattos Jul 7, 2026
6caca7b
test: cover native validation exception flow
vitormattos Jul 7, 2026
c25b69c
test: cover metadata extraction failure propagation
vitormattos Jul 7, 2026
7d15296
fix: cs
vitormattos Jul 7, 2026
acb800e
fix: unit tests
vitormattos Jul 7, 2026
fec6988
fix(sign-engine): backport policy validation context
vitormattos Jul 7, 2026
3682f8d
fix(sign-engine): restore native validation flow
vitormattos Jul 7, 2026
0a150d2
test(sign-engine): cover stable native validation flow
vitormattos Jul 7, 2026
7156bcb
chore(deps): point stable32 to pdf validator backport
vitormattos Jul 7, 2026
1126c38
Revert "fix(sign-engine): backport policy validation context"
vitormattos Jul 7, 2026
1d2d0f9
fix(backport): drop policy context from stable32
vitormattos Jul 7, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion 3rdparty
Submodule 3rdparty updated 66 files
+2 −1 composer.json
+58 −7 composer.lock
+1 −1 composer/composer/autoload_classmap.php
+1 −1 composer/composer/autoload_files.php
+1 −1 composer/composer/autoload_psr4.php
+4 −4 composer/composer/autoload_static.php
+62 −8 composer/composer/installed.json
+661 −0 composer/libresign/pdf-signature-validator/COPYING
+661 −0 composer/libresign/pdf-signature-validator/LICENSES/AGPL-3.0-or-later.txt
+121 −0 composer/libresign/pdf-signature-validator/LICENSES/CC0-1.0.txt
+33 −0 composer/libresign/pdf-signature-validator/REUSE.toml
+69 −0 composer/libresign/pdf-signature-validator/composer.json
+1,369 −0 composer/libresign/pdf-signature-validator/composer.lock
+25 −0 composer/libresign/pdf-signature-validator/deptrac.yaml
+16 −0 composer/libresign/pdf-signature-validator/infection.json5
+21 −0 composer/libresign/pdf-signature-validator/phpmd.xml
+27 −0 composer/libresign/pdf-signature-validator/phpunit.xml
+21 −0 composer/libresign/pdf-signature-validator/psalm.xml
+13 −0 composer/libresign/pdf-signature-validator/rector.php
+11 −0 composer/libresign/pdf-signature-validator/src/Exception/UnsignedPdfException.php
+14 −0 composer/libresign/pdf-signature-validator/src/Model/ExtractedSignature.php
+17 −0 composer/libresign/pdf-signature-validator/src/Model/SignatureMetadata.php
+15 −0 composer/libresign/pdf-signature-validator/src/Model/ValidationReason.php
+16 −0 composer/libresign/pdf-signature-validator/src/Model/ValidationResult.php
+26 −0 composer/libresign/pdf-signature-validator/src/Model/ValidationState.php
+14 −0 composer/libresign/pdf-signature-validator/src/Model/ValidationStatus.php
+78 −0 composer/libresign/pdf-signature-validator/src/Parser/CertificateExtractor.php
+92 −0 composer/libresign/pdf-signature-validator/src/Parser/CertificateInspector.php
+180 −0 composer/libresign/pdf-signature-validator/src/Parser/CertificateValidator.php
+75 −0 composer/libresign/pdf-signature-validator/src/Parser/CmsHashAlgorithmExtractor.php
+148 −0 composer/libresign/pdf-signature-validator/src/Parser/PdfSignatureExtractor.php
+137 −0 composer/libresign/pdf-signature-validator/src/Parser/PdfSignatureValidator.php
+35 −0 composer/libresign/pdf-signature-validator/src/Parser/PopplerStatusMapper.php
+95 −0 composer/libresign/pdf-signature-validator/src/Parser/SignatureValidator.php
+20 −0 composer/libresign/pdf-signature-validator/tests/Fixtures/certs/self-signed-cert.pem
+ composer/libresign/pdf-signature-validator/tests/Fixtures/pdfs/real_jsignpdf_level1.pdf
+ composer/libresign/pdf-signature-validator/tests/Fixtures/pdfs/small_valid-signed.pdf
+ composer/libresign/pdf-signature-validator/tests/Fixtures/pdfs/small_valid.pdf
+56 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/CertificateExtractorTest.php
+69 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/CertificateInspectorTest.php
+126 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/CertificateValidatorTest.php
+18 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/CmsHashAlgorithmExtractorTest.php
+177 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/PdfSignatureCorpusTest.php
+51 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/PdfSignatureExtractorRealPdfTest.php
+55 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/PdfSignatureExtractorTest.php
+122 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/PdfSignatureValidatorTest.php
+57 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/PopplerStatusMapperTest.php
+75 −0 composer/libresign/pdf-signature-validator/tests/Unit/Parser/SignatureValidatorTest.php
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/deptrac/composer.json
+2,124 −0 composer/libresign/pdf-signature-validator/vendor-bin/deptrac/composer.lock
+14 −0 composer/libresign/pdf-signature-validator/vendor-bin/infection/composer.json
+2,624 −0 composer/libresign/pdf-signature-validator/vendor-bin/infection/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/php-cs-fixer/composer.json
+2,764 −0 composer/libresign/pdf-signature-validator/vendor-bin/php-cs-fixer/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpmd/composer.json
+1,052 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpmd/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpstan/composer.json
+86 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpstan/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpunit/composer.json
+1,803 −0 composer/libresign/pdf-signature-validator/vendor-bin/phpunit/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/psalm/composer.json
+2,128 −0 composer/libresign/pdf-signature-validator/vendor-bin/psalm/composer.lock
+11 −0 composer/libresign/pdf-signature-validator/vendor-bin/rector/composer.json
+146 −0 composer/libresign/pdf-signature-validator/vendor-bin/rector/composer.lock
+1 −0 composer/libresign/pdf-signature-validator/vendor-bin/update/composer.json
+1 −5 composer/mikehaertl/php-pdftk/src/Pdf.php
45 changes: 39 additions & 6 deletions lib/Controller/FileController.php
Original file line number Diff line number Diff line change
Expand Up @@ -457,14 +457,23 @@ private function fetchPreview(
bool $forceIcon,
string $mode,
bool $mimeFallback = false,
) : Http\Response {
): Http\Response {
if (!($node instanceof File) || (!$forceIcon && !$this->preview->isAvailable($node))) {
return new DataResponse([], Http::STATUS_NOT_FOUND);
}
if (!$node->isReadable()) {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}

// Avoid expensive external preview generators for PDFs when a mime fallback is explicitly requested.
if ($mimeFallback && $node->getMimeType() === 'application/pdf') {
$mimeFallbackResponse = $this->getMimeFallbackResponse($node->getMimeType());
if ($mimeFallbackResponse !== null) {
/** @var Http\RedirectResponse<Http::STATUS_SEE_OTHER, array{}> $mimeFallbackResponse */
return $mimeFallbackResponse;
}
}

$storage = $node->getStorage();
if ($storage->instanceOfStorage(SharedStorage::class)) {
/** @var SharedStorage $storage */
Expand All @@ -483,19 +492,43 @@ private function fetchPreview(
$response->cacheFor(3600 * 24, false, true);
return $response;
} catch (NotFoundException) {
// If we have no preview enabled, we can redirect to the mime icon if any
if ($mimeFallback) {
if ($url = $this->mimeIconProvider->getMimeIconUrl($node->getMimeType())) {
return new RedirectResponse($url);
}
$mimeFallbackResponse = $mimeFallback ? $this->getMimeFallbackResponse($node->getMimeType()) : null;
if ($mimeFallbackResponse !== null) {
/** @var Http\RedirectResponse<Http::STATUS_SEE_OTHER, array{}> $mimeFallbackResponse */
return $mimeFallbackResponse;
}

return new DataResponse([], Http::STATUS_NOT_FOUND);
} catch (\InvalidArgumentException) {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
} catch (\Throwable $e) {
$this->logger->warning('Failed to generate LibreSign thumbnail preview', [
'nodeId' => $node->getId(),
'mimeType' => $node->getMimeType(),
'exception' => $e,
]);

$mimeFallbackResponse = $mimeFallback ? $this->getMimeFallbackResponse($node->getMimeType()) : null;
if ($mimeFallbackResponse !== null) {
/** @var Http\RedirectResponse<Http::STATUS_SEE_OTHER, array{}> $mimeFallbackResponse */
return $mimeFallbackResponse;
}

return new DataResponse([], Http::STATUS_NOT_FOUND);
}
}

private function getMimeFallbackResponse(string $mimeType): ?\OCP\AppFramework\Http\RedirectResponse {
$url = $this->mimeIconProvider->getMimeIconUrl($mimeType);
if ($url) {
/** @var \OCP\AppFramework\Http\RedirectResponse<Http::STATUS_SEE_OTHER, array{}> $response */
$response = new RedirectResponse($url, Http::STATUS_SEE_OTHER);
return $response;
}

return null;
}

/**
* Send a file
*
Expand Down
Loading
Loading