[stable32] test: sign with pkcs12 certificate

playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts

@@ -0,0 +1,63 @@
+/**
+ * SPDX-FileCopyrightText: 2026 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { expect, test } from '@playwright/test'
+import { login } from '../support/nc-login'
+import { configureOpenSsl, deleteUserPfx, setAppConfig } from '../support/nc-provisioning'
+
+test('sign herself with pkcs12 certificate', async ({ page }) => {
+	const adminUser = process.env.NEXTCLOUD_ADMIN_USER ?? 'admin'
+	const adminPassword = process.env.NEXTCLOUD_ADMIN_PASSWORD ?? 'admin'
+
+	await login(page.request, adminUser, adminPassword)
+
+	await configureOpenSsl(page.request, 'LibreSign Test', {
+		C: 'BR',
+		OU: ['Organization Unit'],
+		ST: 'Rio de Janeiro',
+		O: 'LibreSign',
+		L: 'Rio de Janeiro',
+	})
+
+	await setAppConfig(
+		page.request,
+		'libresign',
+		'identify_methods',
+		JSON.stringify([
+			{ name: 'account', enabled: true, mandatory: true, signatureMethods: { password: { enabled: true } } },
+			{ name: 'email', enabled: false, mandatory: false },
+		]),
+	)
+
+	// Ensure the user has no existing certificate so the test always goes
+	// through the "create password" flow.
+	await deleteUserPfx(page.request, adminUser, adminPassword)
+
+	await page.goto('./apps/libresign')
+
+	await page.getByRole('button', { name: 'Upload from URL' }).click()
+	await page.getByRole('textbox', { name: 'URL of a PDF file' }).fill('https://raw.githubusercontent.com/LibreSign/libresign/main/tests/php/fixtures/pdfs/small_valid.pdf')
+	await page.getByRole('button', { name: 'Send' }).click()
+	await page.getByRole('button', { name: 'Add signer' }).click()
+	await page.getByPlaceholder('Account').fill(adminUser)
+	await page.getByText('[email protected]').click()
+	await page.getByRole('button', { name: 'Save' }).click()
+	await page.getByRole('button', { name: 'Request signatures' }).click()
+	await page.getByRole('button', { name: 'Send' }).click()
+	await page.getByRole('button', { name: 'Sign document' }).click()
+	await page.getByRole('button', { name: 'Define a password and sign the document.' }).click()
+	await page.getByLabel('Enter a password').fill('Password1234')
+	await page.getByRole('button', { name: 'Confirm' }).click()
+	await page.getByRole('button', { name: 'Sign the document.' }).click()
+	await page.getByLabel('Signature password').fill('Password1234')
+	await page.getByRole('button', { name: 'Sign document' }).click()
+	await page.waitForURL('**/validation/**')
+	await expect(page.getByText('This document is valid')).toBeVisible()
+	await page.getByRole('button', { name: 'Expand details' }).click()
+	await page.getByRole('button', { name: 'Expand validation status', exact: true }).click()
+	await expect(page.getByRole('link', { name: 'Document integrity verified' })).toBeVisible()
+	await page.getByRole('button', { name: 'Expand document certification', exact: true }).click()
+	await expect(page.getByRole('link', { name: 'Document has not been' })).toBeVisible()
+})

playwright/support/nc-provisioning.ts

@@ -143,6 +143,19 @@ type OpenSslCertNames = {
 	L?: string
 }
 
+/**
+ * Deletes the PFX certificate of a user so the next signing attempt
+ * starts without an existing certificate.
+ * Equivalent to: DELETE /ocs/v2.php/apps/libresign/api/v1/account/pfx
+ */
+export async function deleteUserPfx(
+	request: APIRequestContext,
+	userId: string,
+	password: string,
+): Promise<void> {
+	await ocsRequest(request, 'DELETE', '/apps/libresign/api/v1/account/pfx', userId, password)
+}
+
 /**
  * Configures the OpenSSL certificate engine.
  * Equivalent to: `occ libresign:configure:openssl --cn=... --c=... ...`