SetaPDF_Signer_Signature_Module_Cms A signature module to create CMS signatures.

File: /SetaPDF v2/Signer/Signature/Module/Cms.php

This module creates a signature using the Cryptographic Message Syntax (CMS - described in RFC3852).

It allows a low level access to the ASN.1 structure, including signed and unsigned attributes. The final signature makes use of the openssl_sign() function.

To add additional signed or unsigned attributes this class needs to be extended and own implementations of the _getSignedAttributes() and _getUnsignedAttributes() needs to be implemented.

By default the class makes use of signed attributes to reduce the overhead data that needs to be signed {see @link SetaPDF_Signer_Signature_Module_Cms::_signCms() _signCms()}.

Class hierarchy

Implements

Summary

Properties

$_certificate

$_digest

protected string SetaPDF_Signer_Signature_Module_Cms::$_digest = 'sha256'

The digest algorithm to use when signing

$_extraCertificates

Additional certificates to be specified

$_hashValue

The signature hash value object in the CMS structure

$_oCertificate

Get the original signing certificate argument

$_privateKey

The private key to use when signing

$_signatureValue

The signature value object in the CMS structure


Static Methods

getParsedCertificate()

Ensures a certificate parameter and parses it into an ASN.1 element object structure.

Parameters
$certificate : string

A PEM encoded string or path to a PEM encoded X.509 certificate.

Exceptions

Throws InvalidArgumentException


Methods

_getIssuerAndSerialNumber()

Extracts the issuer and serial number from an existing X.509 certificate.

Parameters
$certificate : SetaPDF_Signer_Asn1_Element
 

_getSignedAttributes()

Creates and returns all signed attribues.

Overwrite this method to add individual signed attributes.

_getSubjectPublicKeyInfoAlgorithm()

Get the algorithm identifier of the subjectPublicKeyInfo from the signer certificate.

Parameters
$certificate : SetaPDF_Signer_Asn1_Element
 

_getUnsignedAttributes()

Creates and returns unsigned attributes.

createSignature()

Create a signature for the file in the given $tmpPath.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws BadMethodCallException

Throws SetaPDF_Signer_Exception

getCertificate()

Get the certificate value.

getCms()

Get the complete Cryptographic Message Syntax structure.

getDataToSign()

Creates the signature and add it to the CMS container.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws SetaPDF_Signer_Exception

getDigest()

Get the digest algorithm.

setCertificate()

public SetaPDF_Signer_Signature_Module_Cms::setCertificate (
string $certificate
): void

Set the signing certificate (PEM).

Parameters
$certificate : string

PEM encoded certificate or path to the PEM encoded certificate.

Exceptions

Throws InvalidArgumentException

setDigest()

public SetaPDF_Signer_Signature_Module_Cms::setDigest (
string $digest
): void

Set the digest algorithm to use when signing.

Possible values are defined in SetaPDF_Signer_Digest.

Parameters
$digest : string
 
See

setExtraCertificates()

public SetaPDF_Signer_Signature_Module_Cms::setExtraCertificates (
array $extraCertificates
): void

Add additional certificates which are placed into the CMS structure.

Parameters
$extraCertificates : array

PEM encoded certificates or pathes to PEM encoded certificates.

setPrivateKey()

public SetaPDF_Signer_Signature_Module_Cms::setPrivateKey (
resource|string|array $privateKey [, string $passphrase = '' ]
): void

Set the the private key or a path to the private key file and password argument.

Parameters
$privateKey : resource|string|array

A key, returned by openssl_get_privatekey() or a PEM formatted key as a string. Or a string having the format file://path/to/file.pem

$passphrase : string

The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).

Exceptions

Throws InvalidArgumentException

setSignatureValue()

public SetaPDF_Signer_Signature_Module_Cms::setSignatureValue (
string $signatureValue
): void

Set the signature value.

Parameters
$signatureValue : string