Index

  1. \setasign\SetaPDF2
    1. Signer
      1. Asn1
      2. CertificateBundler
      3. Cms
      4. Digest
      5. DigestInterface
      6. DocumentSecurityStore
      7. Exception
      8. Exception
      9. InformationResolver
      10. Ocsp
      11. PemHelper
      12. Signature
      13. SignatureField
      14. Signer
      15. Timestamp
      16. TmpDocument
      17. Tsp
      18. ValidationRelatedInfo
      19. X509

setasign\SetaPDF2\Signer

DocumentSecurityStore Class representing a "Document Security Store" in a PDF document.

File: /SetaPDF v2/Signer/DocumentSecurityStore.php
Old class name (alias): \SetaPDF_Signer_DocumentSecurityStore

Class hierarchy

Summary

Methods

Properties

Properties

$_document

protected \SetaPDF_Core_Document DocumentSecurityStore::$_document

The document instance

$_optimizeOcspResponses

protected bool DocumentSecurityStore::$_optimizeOcspResponses = true

Defines whether OCSP responses should be embedded including their optional certificates (false) or not (true).


Methods

__construct()

public DocumentSecurityStore::__construct ()

The constructor.

Parameters
$document : \SetaPDF_Core_Document
 

_addStream()

protected DocumentSecurityStore::_addStream (
string $type,
string $data
): \SetaPDF_Core_Type_IndirectObject

Adds a stream to the DSS data.

Parameters
$type : string

The type/key to which the data should be added.

$data : string
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

_getStreams()

protected DocumentSecurityStore::_getStreams (
string $type
): array

Get a stream by its type from the DSS dictionary.

Parameters
$type : string
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

addCRL()

public DocumentSecurityStore::addCRL (): \SetaPDF_Core_Type_IndirectObject

Add a CRL to the CRLs entry in the DSS dictionary.

Parameters
$crl : string|\SetaPDF_Signer_X509_Crl
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

addCRLs()

public DocumentSecurityStore::addCRLs (): void

Add CRLs to the CRLs entry in the DSS dictionary.

Parameters
$crls : string[]|\SetaPDF_Signer_X509_Crl[]
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

addCertificate()

public DocumentSecurityStore::addCertificate (
string|\SetaPDF_Signer_X509_Certificate $certificate
): \SetaPDF_Core_Type_IndirectObject

Add a certificate to the Certs entry in the DSS dictionary.

Parameters
$certificate : string|\SetaPDF_Signer_X509_Certificate
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

addCertificates()

public DocumentSecurityStore::addCertificates (
string[]|\SetaPDF_Signer_X509_Certificate[] $certificates
): void

Add certificates to the Certs entry in the DSS dictionary.

Parameters
$certificates : string[]|\SetaPDF_Signer_X509_Certificate[]
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

addOCSP()

public DocumentSecurityStore::addOCSP (
string|\SetaPDF_Signer_Ocsp_Response $ocspResponse
): \SetaPDF_Core_Type_IndirectObject

Add a OCSP response to the OCSPs entry in the DSS dictionary.

Parameters
$ocspResponse : string|\SetaPDF_Signer_Ocsp_Response
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

Throws Exception

addOCSPs()

public DocumentSecurityStore::addOCSPs (): void

Add OCSP responses to the OCSPs entry in the DSS dictionary.

Parameters
$ocsps : string[]|\SetaPDF_Signer_Ocsp_Response
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

Throws Exception

addValidationRelatedInfo()

public DocumentSecurityStore::addValidationRelatedInfo (
string $key,
array $crls = array ( ),
array $ocsps = array ( ),
array $certs = array ( ),
null|\SetaPDF_Core_DataStructure_Date|DateTime|string $timestamp = null
): void

Add validation related information to the VRI dictionary of the DSS dictionary.

Parameters
$key : string

The sha1 digest of the signature.

$crls : array

An array of strings, X509\Crl instances or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the CRLs.

$ocsps : array

An array of strings, Ocsp\Response instances or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the OCSPs.

$certs : array

An array of strings, X509\Certificate instances or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the certs.

$timestamp : null|\SetaPDF_Core_DataStructure_Date|DateTime|string
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

Throws Exception

Throws \Exception

addValidationRelatedInfoByField()

WARNING: This method is marked as deprecated!

Use DocumentSecurityStore::addValidationRelatedInfoByFieldName() instead.

public DocumentSecurityStore::addValidationRelatedInfoByField (
string $fieldName,
array $crls = array ( ),
array $ocsps = array ( ),
array $certs = array ( ),
null|\SetaPDF_Core_DataStructure_Date|DateTime|string $timestamp = null
): void
Parameters
$fieldName : string

The signature field name.

$crls : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the CRLs.

$ocsps : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the OCSPs.

$certs : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the certs.

$timestamp : null|\SetaPDF_Core_DataStructure_Date|DateTime|string
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

Throws Exception

See

addValidationRelatedInfoByFieldName()

public DocumentSecurityStore::addValidationRelatedInfoByFieldName (
string $fieldName,
array $crls = array ( ),
array $ocsps = array ( ),
array $certs = array ( ),
null|\SetaPDF_Core_DataStructure_Date|DateTime|string $timestamp = null
): void

Add validation related information to the VRI dictionary of the DSS dictionary by a specific signature field.

Parameters
$fieldName : string

The signature field name.

$crls : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the CRLs.

$ocsps : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the OCSPs.

$certs : array

An array of strings or \setasign\SetaPDF2\Core\Type\IndirectObjectInterface to streams of the certs.

$timestamp : null|\SetaPDF_Core_DataStructure_Date|DateTime|string
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

Throws Exception

cleanUp()

public DocumentSecurityStore::cleanUp (
void
): void

Release cycled references.

getCRLs()

public DocumentSecurityStore::getCRLs (
void
): string[]

Get all CRLs the OCSPs entry in the DSS dictionary.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

getCertificates()

public DocumentSecurityStore::getCertificates (
void
): string[]

Get all certificates from the Certs entry in the DSS dictionary.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

getDictionary()

public DocumentSecurityStore::getDictionary (
bool $create = false
): ?\SetaPDF_Core_Type_Dictionary

Get and/or creates the DSS dictionary.

Parameters
$create : bool
 
Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

getOCSPs()

public DocumentSecurityStore::getOCSPs (
void
): string[]

Get all OCSP responses from the OCSPs entry in the DSS dictionary.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

getOptimizeOcspResponses()

public DocumentSecurityStore::getOptimizeOcspResponses (
void
): bool

Get whether OCSP responses should be optimized or not.

See

getSignatureDigest()

WARNING: This method is marked as deprecated!

Use DocumentSecurityStore::getVriNameByFieldName() instead.

public DocumentSecurityStore::getSignatureDigest (
string $fieldName
): string
Parameters
$fieldName : string
 
Exceptions

Throws \setasign\SetaPDF2\Core\Exception

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Core\Type\IndirectReference\Exception

Throws Asn1\Exception

Throws Exception

See

getValidationRelatedInfo()

public DocumentSecurityStore::getValidationRelatedInfo (
?string $vriKey = null
): array|array[]|bool

Get validation related information.

Parameters
$vriKey : ?string

The sha1 digest of the signature to get a specific information. Otherwise all found validation data is returned.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

getValidationRelatedInfoByField()

WARNING: This method is marked as deprecated!

Use DocumentSecurityStore::getValidationRelatedInfoByFieldName() instead.

public DocumentSecurityStore::getValidationRelatedInfoByField (
string $fieldName
): array|array[]|bool
Parameters
$fieldName : string

The signature field name.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

See

getValidationRelatedInfoByFieldName()

public DocumentSecurityStore::getValidationRelatedInfoByFieldName (
string $fieldName
): array|array[]|bool

Get validation related information by a signature field name.

Parameters
$fieldName : string

The signature field name.

Exceptions

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Exception

Throws \setasign\SetaPDF2\NotImplementedException

Throws Asn1\Exception

getVriName()

public DocumentSecurityStore::getVriName (): string

Get the signature digest of a CRL or OCSP response which can be used as an index in the VRI dictionary.

Parameters
$object : \SetaPDF_Signer_Asn1_Signed
 

getVriNameByFieldName()

public DocumentSecurityStore::getVriNameByFieldName (
string $fieldName
): string

Get the signature digest of a signature field, which can be used as an index in the VRI dictionary.

For a document signature the bytes that are hashed are those of the signature's DER-encoded PKCS#7 (and its derivatives) binary data object (base-16 decoded byte string in the Contents entry in the signature dictionary).

For the signatures of the CRL and OCSP response, it is the respective signature object represented as a BER-encoded OCTET STRING encoded with primitive encoding.

For a Time-stamp's signature it is the bytes of the Time-stamp itself since the Time-stamp token is a signed data object.
Parameters
$fieldName : string
 
Exceptions

Throws \setasign\SetaPDF2\Core\Exception

Throws \setasign\SetaPDF2\Core\SecHandler\Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

Throws \setasign\SetaPDF2\Core\Type\IndirectReference\Exception

Throws Asn1\Exception

Throws Exception

setOptimizeOcspResponses()

public DocumentSecurityStore::setOptimizeOcspResponses (
bool $optimizeOcspResponses
): void

Define whether OCSP responses should be optimized or not.

By optimizing (default = true) the OCSP responses the certificates are removed as they are normally embedded via addCertificates(), too. By doing this the certificates are not embedded twice.

Anyhow, there are validation enginges on the road which EXPECTS this optional field to be available.

Parameters
$optimizeOcspResponses : bool
 

© 2025 Setasign GmbH & Co. KG · Contact / Imprint · Data Privacy Statement (German)