[stable31] fix: prevent footer on signed pdfs#6039
Merged
vitormattos merged 5 commits intostable31from Dec 9, 2025
Merged
Conversation
This service provides a dedicated, testable way to detect if a PDF already contains signatures. It encapsulates the signature detection logic that was previously scattered across multiple handlers. The service creates a memory resource from PDF content and uses the SignEngineFactory to check for existing certificate chains. It handles exceptions gracefully and returns false for any detection failures. Tests use real PDF fixtures (signed and unsigned) instead of mocks, providing better confidence in the detection logic. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Changed createMinimalPdf() and createPdfWithDocMdp() from protected to public visibility. This simplifies test code by allowing direct usage without wrapper methods or complex workarounds. The methods are already designed for test usage only and making them public improves usability in data providers and static contexts. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
When a PDF already has signatures, applying a footer causes the PDF to be rewritten, which invalidates existing signatures. This results in "Digest mismatch" errors when validating the original signatures. This fix detects existing signatures before applying footer/stamp and skips the footer application when signatures are present. The signed content is returned directly without modification. The detection uses the new PdfSignatureDetectionService to check for existing certificate chains in the PDF content. Fixes the issue where adding a second signature invalidates the first signature due to PDF rewriting during footer application. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Added PdfSignatureDetectionService as a new dependency in the SignFileService constructor. Updated all test setup code to create and inject a mock of this service. This maintains test isolation while allowing the service to use the new signature detection logic. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
github-project-automation
Bot
moved this from 0. Needs triage
to 4. to release
in Roadmap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of PR #6035