From 67c71c92b7c0ce2df280dd8b4a25f022a18ba45f Mon Sep 17 00:00:00 2001
From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Date: Sat, 25 Apr 2026 14:35:35 -0300
Subject: [PATCH] fix: filter account identifier from signer CN

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
---
 lib/Service/SignFileService.php                |  6 +++++-
 tests/php/Unit/Service/SignFileServiceTest.php | 16 ++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/lib/Service/SignFileService.php b/lib/Service/SignFileService.php
index 93f243bdb2..ba6f0039e7 100644
--- a/lib/Service/SignFileService.php
+++ b/lib/Service/SignFileService.php
@@ -948,7 +948,11 @@ private function normalizeCertificateFieldToString(mixed $value): string {
 					$flattened[] = (string)$item;
 				}
 			});
-			return implode(', ', $flattened);
+			$displayValues = array_values(array_filter(
+				$flattened,
+				static fn (string $item) => !preg_match('/^account:\s*/i', $item),
+			));
+			return implode(', ', $displayValues);
 		}
 
 		return $value === null ? '' : (string)$value;
diff --git a/tests/php/Unit/Service/SignFileServiceTest.php b/tests/php/Unit/Service/SignFileServiceTest.php
index f39bfdf37a..1a7dfdbaaa 100644
--- a/tests/php/Unit/Service/SignFileServiceTest.php
+++ b/tests/php/Unit/Service/SignFileServiceTest.php
@@ -1246,6 +1246,22 @@ public static function providerGetSignatureParamsCommonName(): array {
 				'',
 				'',
 			],
+			'legacy AD/LDAP cert with account: prefix in CN array' => [
+				[
+					'issuer' => ['CN' => 'LibreCode CA'],
+					'subject' => ['CN' => ['account:johndoe', 'John Doe']],
+				],
+				'LibreCode CA',
+				'John Doe',
+			],
+			'legacy AD/LDAP cert with spaced account: prefix in CN array' => [
+				[
+					'issuer' => ['CN' => 'LibreCode CA'],
+					'subject' => ['CN' => ['account: johndoe', 'John Doe']],
+				],
+				'LibreCode CA',
+				'John Doe',
+			],
 		];
 	}