[stable32] feat: docmdp iso validation#6014
Merged
vitormattos merged 7 commits intostable32from Dec 6, 2025
Merged
Conversation
- Create DocMdpLevel enum with four certification levels (NONE, NO_CHANGES, FORM_FILL, FORM_FILL_AND_ANNOTATIONS) - Add getLabel() and getDescription() methods accepting IL10N parameter - Add isCertifying() method to identify certification signatures - Descriptions clarify which levels allow additional approval signatures Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
- Create dedicated handler for DocMDP (Document Modification Detection and Prevention) - Implement extractDocMdpData() as single public API - Add private methods for level extraction, modification detection, and validation - Support all DocMDP levels with proper validation logic - Clean architecture with minimal dependencies (only IL10N required) Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
- Inject DocMdpHandler in constructor - Delegate DocMDP extraction to dedicated handler - Simplify extractDocMdpData() to single delegation call - Remove DocMDP logic from signature processing handler - Improve separation of concerns Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
- Add 30 unit tests covering all DocMDP validation requirements - Test ISO 32000-1 Tables 252, 253, 254 compliance - Test ICP-Brasil ITI requirements (Chapter VI) - Test permission levels P=1, P=2, P=3 behavior - Test DocMDP extraction from inline and indirect references - Test validation of signature dictionary entries - Test enforcement of single DocMDP and first-signature rules - Test /V /1.2 version requirement per ICP-Brasil - All 30 tests passing with 42 assertions Refs: ISO 32000-1:2008 Section 12.8.2.2, ITI Guia Desenvolvedor Cap VI Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Implement complete validation of DocMDP (Modification Detection and Prevention) according to ISO 32000-1:2008 and ICP-Brasil ITI requirements. ISO 32000-1 compliance: - Section 12.8.2.2.1: Enforce single DocMDP signature per document - Section 12.8.2.2.1: Validate DocMDP is first certifying signature - Table 252: Validate signature dictionary (/Type /Sig, /Filter, /ByteRange) - Table 253: Validate signature reference (/TransformMethod /DocMDP) - Table 254: Validate TransformParams (/P, /V /1.2) ICP-Brasil ITI requirements: - Extract DocMDP from /Reference (not /Perms) per ITI recommendation - Support indirect references (168 0 R → 170 0 R pattern) - Require /V /1.2 version in TransformParams - Handle both inline and indirect TransformParams Code improvements: - Add ALLOWED_MODIFICATIONS constant for configuration-based validation - Extract helper methods: validateIsoCompliance(), extractPValue() - Create parsePdfObjects() to eliminate regex duplication - Simplify validateModifications() using match expressions - Pattern-based modification detection in analyzeModificationType() - Comprehensive docblocks with ISO/ITI references Refs: ISO 32000-1:2008 §12.8.2.2, ITI Guia Desenvolvedor Cap VI Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Follow PHP-CS-Fixer standards for short arrow function syntax. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add DocMDP modification tracking to File entity: - MODIFICATION_UNCHECKED (0): Not yet checked - MODIFICATION_UNMODIFIED (1): No modifications detected - MODIFICATION_ALLOWED (2): Modifications within DocMDP permissions - MODIFICATION_VIOLATION (3): Unauthorized modifications detected Add modificationStatus property (SMALLINT) to track PDF modification state after signature validation. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
github-project-automation
Bot
moved this from 0. Needs triage
to 4. to release
in Roadmap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of PR #6012