mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2026-04-06 03:19:39 +02:00
dd44de349c
## PR: Certificate Pre-Validation for Document Signing ### Problem When a participant uploaded a certificate to sign a document, there was no validation at submission time. If the certificate had the wrong password, was expired, or was incompatible with the signing algorithm, the error only surfaced during **finalization** — potentially days later, after all other participants had signed. At that point the session is stuck with no way to recover. Additionally, `buildKeystore` in the finalization service only recognised `"P12"` as a cert type, causing a `400 Invalid certificate type: PKCS12` error when the **owner** signed using the standard `PKCS12` identifier. --- ### What this PR does #### Backend — Certificate pre-validation service Adds `CertificateSubmissionValidator`, which validates a keystore before it is stored by: 1. Loading the keystore with the provided password (catches wrong password / corrupt file) 2. Checking the certificate's validity dates (catches expired and not-yet-valid certs) 3. Test-signing a blank PDF using the same `PdfSigningService` code path as finalization (catches algorithm incompatibilities) This runs on both the participant submission endpoint (`WorkflowParticipantController`) and the owner signing endpoint (`SigningSessionController`), so both flows are protected. #### Backend — Bug fix `SigningFinalizationService.buildKeystore` now accepts `"PKCS12"` and `"PFX"` as aliases for `"P12"`, consistent with how the validator already handles them. This fixes a `400` error when the owner signed using the `PKCS12` cert type. #### Frontend — Real-time validation feedback `ParticipantView` gains a debounced validation call (600ms) triggered whenever the cert file or password changes. The UI shows: - A spinner while validating - Green "Certificate valid until [date] · [subject name]" on success - Red error message on failure (wrong password, expired, not yet valid) - The submit button is disabled while validation is in flight #### Tests — Three layers | Layer | File | Coverage | |---|---|---| | Service unit | `CertificateSubmissionValidatorTest` | 11 tests — valid P12/JKS, wrong password, corrupt bytes, expired, not-yet-valid, signing failure, cert type aliases | | Controller unit | `WorkflowParticipantValidateCertificateTest` | 4 tests — valid cert, invalid cert, missing file, invalid token | | Controller integration | `CertificateValidationIntegrationTest` | 6 tests — real `.p12`/`.jks` files through the full controller → validator stack | | Frontend E2E | `CertificateValidationE2E.spec.ts` | 7 Playwright tests — all feedback states, button behaviour, SERVER type bypass | #### CI - **PR**: Playwright runs on chromium when frontend files change (~2-3 min) - **Nightly / on-demand**: All three browsers (chromium, firefox, webkit) at 2 AM UTC, also manually triggerable via `workflow_dispatch`
257 lines
4.0 KiB
Plaintext
257 lines
4.0 KiB
Plaintext
### Eclipse ###
|
|
.metadata
|
|
bin/
|
|
tmp/
|
|
*.tmp
|
|
*.bak
|
|
*.exe
|
|
*.swp
|
|
*~.nib
|
|
local.properties
|
|
.settings/
|
|
.loadpath
|
|
.recommenders
|
|
.classpath
|
|
.project
|
|
*.local.json
|
|
version.properties
|
|
|
|
#### Stirling-PDF Files ###
|
|
pipeline/
|
|
!pipeline/.gitkeep
|
|
customFiles/
|
|
configs/
|
|
watchedFolders/
|
|
clientWebUI/
|
|
!cucumber/
|
|
!cucumber/exampleFiles/
|
|
!cucumber/exampleFiles/example_html.zip
|
|
exampleYmlFiles/stirling/
|
|
/stirling/
|
|
/testing/file_snapshots
|
|
/testing/cucumber/junit/
|
|
/testing/cucumber/report.html
|
|
/testing/.failed_tests
|
|
SwaggerDoc.json
|
|
|
|
# Runtime storage for uploaded files and user data (not Java source code)
|
|
app/core/storage/
|
|
|
|
# Frontend build artifacts copied to backend static resources
|
|
# These are generated by npm build and should not be committed
|
|
app/core/src/main/resources/static/assets/
|
|
app/core/src/main/resources/static/index.html
|
|
app/core/src/main/resources/static/locales/
|
|
app/core/src/main/resources/static/Login/
|
|
app/core/src/main/resources/static/classic-logo/
|
|
app/core/src/main/resources/static/modern-logo/
|
|
app/core/src/main/resources/static/og_images/
|
|
app/core/src/main/resources/static/samples/
|
|
app/core/src/main/resources/static/manifest-classic.json
|
|
app/core/src/main/resources/static/robots.txt
|
|
app/core/src/main/resources/static/pdfium/
|
|
app/core/src/main/resources/static/vendor/
|
|
# Note: Keep backend-managed files like fonts/, css/, js/, pdfjs/, etc.
|
|
|
|
# Gradle
|
|
.gradle
|
|
.gradle-home
|
|
.lock
|
|
|
|
# External tool builders
|
|
.externalToolBuilders/
|
|
|
|
# Locally stored "Eclipse launch configurations"
|
|
*.launch
|
|
|
|
# PyDev specific (Python IDE for Eclipse)
|
|
*.pydevproject
|
|
|
|
# CDT-specific (C/C++ Development Tooling)
|
|
.cproject
|
|
|
|
# CDT- autotools
|
|
.autotools
|
|
|
|
# Java annotation processor (APT)
|
|
.factorypath
|
|
|
|
# PDT-specific (PHP Development Tools)
|
|
.buildpath
|
|
|
|
# sbteclipse plugin
|
|
.target
|
|
|
|
# Tern plugin
|
|
.tern-project
|
|
|
|
# TeXlipse plugin
|
|
.texlipse
|
|
|
|
# STS (Spring Tool Suite)
|
|
.springBeans
|
|
|
|
# Code Recommenders
|
|
.recommenders/
|
|
|
|
# Annotation Processing
|
|
.apt_generated/
|
|
.apt_generated_test/
|
|
|
|
# Scala IDE specific (Scala & Java development for Eclipse)
|
|
.cache-main
|
|
.scala_dependencies
|
|
.worksheet
|
|
|
|
# Uncomment this line if you wish to ignore the project description file.
|
|
# Typically, this file would be tracked if it contains build/dependency configurations:
|
|
#.project
|
|
|
|
### Eclipse Patch ###
|
|
# Spring Boot Tooling
|
|
.sts4-cache/
|
|
|
|
### Git ###
|
|
# Created by git for backups. To disable backups in Git:
|
|
# $ git config --global mergetool.keepBackup false
|
|
*.orig
|
|
|
|
# Created by git when using merge tools for conflicts
|
|
*.BACKUP.*
|
|
*.BASE.*
|
|
*.LOCAL.*
|
|
*.REMOTE.*
|
|
*_BACKUP_*.txt
|
|
*_BASE_*.txt
|
|
*_LOCAL_*.txt
|
|
*_REMOTE_*.txt
|
|
|
|
### Java ###
|
|
# Compiled class file
|
|
*.class
|
|
|
|
# Log file
|
|
*.log
|
|
|
|
# BlueJ files
|
|
*.ctxt
|
|
|
|
# Mobile Tools for Java (J2ME)
|
|
.mtj.tmp/
|
|
|
|
# Package Files #
|
|
*.jar
|
|
*.war
|
|
*.nar
|
|
*.ear
|
|
*.zip
|
|
*.tar.gz
|
|
*.rar
|
|
*.db
|
|
build
|
|
app/core/build
|
|
app/common/build
|
|
app/proprietary/build
|
|
common/build
|
|
proprietary/build
|
|
stirling-pdf/build
|
|
frontend/src-tauri/provisioner/target
|
|
|
|
# Byte-compiled / optimized / DLL files
|
|
__pycache__/
|
|
*.py[cod]
|
|
*.pyo
|
|
|
|
# Virtual environments
|
|
.env*
|
|
!.env*.example
|
|
.venv*
|
|
env*/
|
|
venv*/
|
|
ENV/
|
|
env.bak/
|
|
venv.bak/
|
|
|
|
# VS Code
|
|
/.vscode/**/*
|
|
!/.vscode/settings.json
|
|
!/.vscode/extensions.json
|
|
|
|
# IntelliJ IDEA
|
|
.idea/
|
|
*.iml
|
|
out/
|
|
|
|
# Ignore Mac DS_Store files
|
|
.DS_Store
|
|
**/.DS_Store
|
|
|
|
# cucumber
|
|
/cucumber/reports/**
|
|
|
|
# Certs and Security Files
|
|
*.p12
|
|
*.pk8
|
|
*.pem
|
|
*.crt
|
|
*.cer
|
|
*.cert
|
|
*.der
|
|
*.key
|
|
*.csr
|
|
*.kdbx
|
|
*.jks
|
|
*.asc
|
|
|
|
# Allow test fixture certificates (synthetic, no real credentials)
|
|
!frontend/src/core/tests/test-fixtures/certs/**
|
|
|
|
# SSH Keys
|
|
*.pub
|
|
*.priv
|
|
id_rsa
|
|
id_rsa.pub
|
|
id_ecdsa
|
|
id_ecdsa.pub
|
|
id_ed25519
|
|
id_ed25519.pub
|
|
.ssh/
|
|
*ssh
|
|
|
|
# cache
|
|
.cache
|
|
.ruff_cache
|
|
.mypy_cache
|
|
.pytest_cache
|
|
.ipynb_checkpoints
|
|
.build-cache
|
|
|
|
|
|
**/jcef-bundle/
|
|
|
|
# node_modules
|
|
node_modules/
|
|
|
|
# weasyPrint
|
|
**/LOCAL_APPDATA_FONTCONFIG_CACHE/**
|
|
|
|
# Translation temp files
|
|
*_compact.json
|
|
*compact*.json
|
|
test_batch.json
|
|
*.backup.*.json
|
|
frontend/public/locales/*/translation.backup*.json
|
|
|
|
# Development/build artifacts
|
|
.gradle-cache/
|
|
scripts/pdf-collection/
|
|
**/tmp/
|
|
*.backup
|
|
|
|
# Type3 development data
|
|
docs/type3/signatures/
|
|
|
|
|
|
# Type3 sample PDFs (development only)
|
|
**/type3/samples/
|