Skip to content

Add desktop certificate store selection for PDF signing #5402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Frooodle wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add desktop certificate store selection for PDF signing #5402

Frooodle wants to merge 2 commits into from

Conversation

@Frooodle
Copy link
Member

@Frooodle Frooodle commented Jan 6, 2026

Motivation

  • Allow users on desktop builds to sign PDFs with certificates stored in OS keystores or hardware tokens (Windows Certificate Store, macOS Keychain, PKCS#11) and to explicitly pick the intended certificate entry by alias.
  • Prevent server/remote environments from attempting to access local OS keystores by restricting these flows to desktop mode.
  • Provide a UI-driven list of available store certificates so users can choose from multiple entries on the device.

Description

  • Backend: added a new UI-data endpoint POST /api/v1/ui-data/cert-store-entries with request model CertStoreEntriesRequest to enumerate OS-backed certificates and a loader for Windows-MY, KeychainStore, and PKCS#11 providers; added ensureDesktopMode(...) guard to restrict store access to desktop mode.
  • Signing flow: extended SignPDFWithCertRequest with certAlias and pkcs11ConfigFile and updated CertSignController to support WINDOWS_STORE, MAC_KEYCHAIN, and PKCS11 certType values, including selectKeyStoreEntry(...) to validate alias, extract private key and chain, and build an in-memory keystore for signing.
  • Frontend: added useCertStoreEntries hook and isDesktopMode helper, exposed desktop-only buttons in CertificateFormatSettings, and added certificate listing, refresh, PKCS#11 config upload and alias dropdown in CertificateFilesSettings; updated form builder buildCertSignFormData to include certAlias and pkcs11ConfigFile when applicable.
  • Misc: PKCS#11 provider loading uses a temporary config file and checks for the SunPKCS11 provider; certificate listing returns display-friendly metadata (subject, issuer, validity) for dropdown presentation.

Testing

  • Ran ./gradlew spotlessApply which completed successfully and applied formatting changes.
  • Attempted ./gradlew build but the build failed during dependency resolution with Maven Central returning HTTP 403, preventing full compilation and test execution.
  • Frontend UI wiring was exercised locally via code changes (hook + components) but no E2E or automated browser tests completed because the frontend was not reachable during Playwright capture (empty response).

Codex Task

@Frooodle Frooodle added the codex null label Jan 6, 2026 — with ChatGPT Codex Connector
@stirlingbot stirlingbot bot added Java Pull requests that update Java code Front End Issues or pull requests related to front-end development Back End Issues related to back-end development API API-related issues or pull requests labels Jan 6, 2026
@stirlingbot
Copy link
Contributor

stirlingbot bot commented Jan 6, 2026

🌐 TOML Translation Verification Summary

🔄 Reference Branch: pr-branch

📃 File Check: en-GB/translation.toml

  1. Test Status:Passed
  2. Test Status:Passed
  3. Test Status:Passed

✅ Overall Check Status: Success

Thanks @Frooodle for your help in keeping the translations up to date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reecebrowne reecebrowne Awaiting requested review from reecebrowne reecebrowne will be requested when the pull request is marked ready for review reecebrowne is a code owner

@ConnorYoh ConnorYoh Awaiting requested review from ConnorYoh ConnorYoh will be requested when the pull request is marked ready for review ConnorYoh is a code owner

@EthanHealy01 EthanHealy01 Awaiting requested review from EthanHealy01 EthanHealy01 will be requested when the pull request is marked ready for review EthanHealy01 is a code owner

@jbrunton96 jbrunton96 Awaiting requested review from jbrunton96 jbrunton96 will be requested when the pull request is marked ready for review jbrunton96 is a code owner

@DarioGii DarioGii Awaiting requested review from DarioGii DarioGii will be requested when the pull request is marked ready for review DarioGii is a code owner

@Ludy87 Ludy87 Awaiting requested review from Ludy87 Ludy87 will be requested when the pull request is marked ready for review Ludy87 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

API API-related issues or pull requests Back End Issues related to back-end development codex null Front End Issues or pull requests related to front-end development Java Pull requests that update Java code Translation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Frooodle