SetaPDF_Signer_Signature_Module_Cms A signature module to create CMS signatures.

File: /SetaPDF v2/Signer/Signature/Module/Cms.php

This module creates a signature using the Cryptographic Message Syntax (CMS - described in RFC3852).

It allows a low level access to the ASN.1 structure, including signed and unsigned attributes. The final signature makes use of the openssl_sign() function.

To add additional signed or unsigned attributes this class needs to be extended and own implementations of the _getSignedAttributes() and _getUnsignedAttributes() needs to be implemented.

By default the class makes use of signed attributes to reduce the overhead data that needs to be signed (see getDataToSign()).

Class hierarchy

Implements

Summary

Properties

$_certificate

$_crls

CRL responses instances to be embedded in the RevocationInfoArchival attribute.

$_digest

protected string SetaPDF_Signer_Signature_Module_Cms::$_digest = 'sha256'

The digest algorithm to use when signing

$_extraCertificates

Additional certificates to be specified

$_hashValue

The signature hash value object in the CMS structure

$_oCertificate

Get the original signing certificate argument

$_ocspResponses

OCSP response instances to be embedded in the RevocationInfoArchival attribute.

$_privateKey

The private key to use when signing

$_signatureValue

The signature value object in the CMS structure


Static Methods

getParsedCertificate()

WARNING: This method is marked as deprecated!

Ensures a certificate parameter and parses it into an ASN.1 element object structure.

Parameters
$certificate : string

A PEM encoded string or path to a PEM encoded X.509 certificate.

Exceptions

Throws InvalidArgumentException

Throws SetaPDF_Signer_Asn1_Exception


Methods

_getSignatureAlgorithmIdentifier()

_getSignedAttributes()

Creates and returns all signed attribues.

Overwrite this method to add individual signed attributes.

_getUnsignedAttributes()

Creates and returns unsigned attributes.

addCrl()

Adds an CRL which will be embedded in the CMS structure.

Parameters
$crl : string|SetaPDF_Signer_X509_Crl
 

addOcspResponse()

Adds an OCSP response which will be embedded in the CMS structure.

Parameters
$ocspResponse : string|SetaPDF_Signer_Ocsp_Response

DER encoded OCSP response or OCSP response instance.

Exceptions

Throws SetaPDF_Signer_Exception

createSignature()

Create a signature for the file in the given $tmpPath.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws BadMethodCallException

Throws SetaPDF_Signer_Exception

getCertificate()

Get the certificate value.

getCms()

Get the complete Cryptographic Message Syntax structure.

Exceptions

Throws SetaPDF_Signer_Exception

getDataToSign()

Get the data which needs to be digitally signed.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws SetaPDF_Signer_Exception

getDigest()

Get the digest algorithm.

setCertificate()

Set the signing certificate (PEM).

Parameters
$certificate : string|SetaPDF_Signer_X509_Certificate

PEM encoded certificate, path to the PEM encoded certificate or a certificate instance.

Exceptions

Throws InvalidArgumentException

Throws SetaPDF_Signer_Asn1_Exception

setDigest()

public SetaPDF_Signer_Signature_Module_Cms::setDigest (
string $digest
): void

Set the digest algorithm to use when signing.

Possible values are defined in SetaPDF_Signer_Digest.

Parameters
$digest : string
 
See

setExtraCertificates()

Add additional certificates which are placed into the CMS structure.

Parameters
$extraCertificates : array|SetaPDF_Signer_X509_Collection

PEM encoded certificates or pathes to PEM encoded certificates.

Exceptions

Throws SetaPDF_Signer_Asn1_Exception

setOcspResponse()

WARNING: This method is marked as deprecated!

public SetaPDF_Signer_Signature_Module_Cms::setOcspResponse (
string $ocspResponse
): void

Alias for addOcspResponse().

Parameters
$ocspResponse : string

DER encoded OCSP response.

Exceptions

Throws SetaPDF_Signer_Exception

setPrivateKey()

public SetaPDF_Signer_Signature_Module_Cms::setPrivateKey (
resource|OpenSSLAsymmetricKey|string|array $privateKey [, string $passphrase = '' ]
): void

Set the the private key or a path to the private key file and password argument.

Parameters
$privateKey : resource|OpenSSLAsymmetricKey|string|array

A key, returned by openssl_get_privatekey() or a PEM formatted key as a string. Or a string having the format file://path/to/file.pem

$passphrase : string

The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).

Exceptions

Throws InvalidArgumentException

setSignatureValue()

public SetaPDF_Signer_Signature_Module_Cms::setSignatureValue (
string $signatureValue
): void

Set the signature value.

By default this needs to be the binary string of an RSASSA-PKCS1-v1_5 signature operation.

Parameters
$signatureValue : string