SetaPDF_Signer_Signature_Module_Cms A signature module to create CMS signatures.
File: /SetaPDF v2/Signer/Signature/Module/Cms.php
This module creates a signature using the Cryptographic Message Syntax (CMS - described in RFC3852).
It allows a low level access to the ASN.1 structure, including signed and unsigned attributes. The final signature makes use of the openssl_sign() function.
To add additional signed or unsigned attributes this class needs to be extended and own implementations of the
_getSignedAttributes()
and
_getUnsignedAttributes()
needs to be
implemented.
By default the class makes use of signed attributes to reduce the overhead data that needs to be signed
(see getDataToSign()
).
Class hierarchy
Implements
Summary
Properties
$_cms
The CMS structure
$_extraCertificates
Additional certificates to be specified
$_oCertificate
Get the original signing certificate argument
$_ocspResponses
OCSP response instances to be embedded in the RevocationInfoArchival attribute.
$_privateKey
The private key to use when signing
Static Methods
getParsedCertificate()
WARNING: This method is marked as deprecated!
Ensures a certificate parameter and parses it into an ASN.1 element object structure.
Parameters
- $certificate : string
A PEM encoded string or path to a PEM encoded X.509 certificate.
Exceptions
Throws InvalidArgumentException
Methods
_getSignedAttributes()
Creates and returns all signed attribues.
Overwrite this method to add individual signed attributes.
_getUnsignedAttributes()
Creates and returns unsigned attributes.
addCrl()
Adds an CRL which will be embedded in the CMS structure.
Parameters
- $crl : string|SetaPDF_Signer_X509_Crl
addOcspResponse()
Adds an OCSP response which will be embedded in the CMS structure.
Parameters
- $ocspResponse : string|SetaPDF_Signer_Ocsp_Response
DER encoded OCSP response or OCSP response instance.
Exceptions
Throws SetaPDF_Signer_Exception
createSignature()
Create a signature for the file in the given $tmpPath.
Parameters
- $tmpPath : SetaPDF_Core_Reader_FilePath
Exceptions
Throws BadMethodCallException
Throws SetaPDF_Signer_Exception
getCertificate()
Get the certificate value.
getCms()
getDataToSign()
Get the data which needs to be digitally signed.
Parameters
- $tmpPath : SetaPDF_Core_Reader_FilePath
Exceptions
Throws SetaPDF_Signer_Exception
setCertificate()
Set the signing certificate (PEM).
Parameters
- $certificate : string|SetaPDF_Signer_X509_Certificate
PEM encoded certificate, path to the PEM encoded certificate or a certificate instance.
Exceptions
Throws InvalidArgumentException
setDigest()
Set the digest algorithm to use when signing.
Possible values are defined in SetaPDF_Signer_Digest
.
Parameters
- $digest : string
See
setExtraCertificates()
Add additional certificates which are placed into the CMS structure.
Parameters
- $extraCertificates : array|SetaPDF_Signer_X509_Collection
PEM encoded certificates or pathes to PEM encoded certificates.
Exceptions
setOcspResponse()
WARNING: This method is marked as deprecated!
Alias for addOcspResponse().
Parameters
- $ocspResponse : string
DER encoded OCSP response.
Exceptions
Throws SetaPDF_Signer_Exception
setPrivateKey()
Set the the private key or a path to the private key file and password argument.
Parameters
- $privateKey : resource|OpenSSLAsymmetricKey|string|array
A key, returned by openssl_get_privatekey() or a PEM formatted key as a string. Or a string having the format file://path/to/file.pem
- $passphrase : string
The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).
Exceptions
Throws InvalidArgumentException
setSignatureValue()
Set the signature value.
By default this needs to be the binary string of an RSASSA-PKCS1-v1_5 signature operation.
Parameters
- $signatureValue : string