fix: allow legacy certificates without CRL metadata

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Service/IdentifyMethod/SignatureMethod/Password.php

@@ -59,6 +59,14 @@ private function validateCertificateRevocation(array $certificateData): void {
 		if ($status === CrlValidationStatus::DISABLED) {
 			return;
 		}
+		// Backward compatibility for legacy certificates issued before CRL metadata existed.
+		if ($status === CrlValidationStatus::MISSING) {
+			$this->identifyService->getLogger()->warning('Signing allowed for certificate without revocation metadata', [
+				'status' => $status->value,
+				'signer_uid' => $this->userSession->getUser()?->getUID(),
+			]);
+			return;
+		}
 		$this->logRevocationBlockedSigning($status);
 		throw new LibresignException($this->getRevocationErrorMessage($status), 422);
 	}

tests/php/Unit/Service/IdentifyMethod/PasswordTest.php

@@ -290,8 +290,7 @@ public static function providerValidateToSignWithCertificateData(): array {
 					'validTo_time_t' => $futureTimestamp,
 					'crl_validation' => CrlValidationStatus::MISSING,
 				],
-				'shouldThrow' => true,
-				'expectedCode' => 422,
+				'shouldThrow' => false,
 			],
 			'revoked and expired certificate' => [
 				'certificateData' => [
@@ -306,8 +305,7 @@ public static function providerValidateToSignWithCertificateData(): array {
 					'validTo_time_t' => $futureTimestamp,
 					'crl_validation' => CrlValidationStatus::MISSING,
 				],
-				'shouldThrow' => true,
-				'expectedCode' => 422,
+				'shouldThrow' => false,
 			],
 			'valid certificate - old date but valid (1970s timestamp)' => [
 				'certificateData' => [