SetaPDF_Signer_Signature_Module_Pades A signature module to create PAdES-BES/B-B conform signatures.

File: /SetaPDF v2/Signer/Signature/Module/Pades.php

This modules allows you to create signatures conforming to the PAdES-BES profile as specified in ETSI TS 102 778-3 or the PAdES baseline signature level B-B (PAdES-B-B) specified in ETSI EN 319 142-1.

By adding a signature time-stamp through e.g. the SetaPDF_Signer_Timestamp_Module_Rfc3161_Curl class you can add the optional signature time-stamp attribute to comply with e.g. PAdES-B-T (ETSI EN 319 142-1).

Class hierarchy

Implements

Summary

Properties

$_certificate

$_crls

CRL responses instances to be embedded in the RevocationInfoArchival attribute.

$_digest

protected string SetaPDF_Signer_Signature_Module_Cms::$_digest = 'sha256'

The digest algorithm to use when signing

$_extraCertificates

Additional certificates to be specified

$_hashValue

The signature hash value object in the CMS structure

$_oCertificate

Get the original signing certificate argument

$_ocspResponses

OCSP response instances to be embedded in the RevocationInfoArchival attribute.

$_privateKey

The private key to use when signing

$_signatureValue

The signature value object in the CMS structure

$_signingCertificatesV2

Data for the signingCertificatesV2 attribute


Static Methods

getParsedCertificate()

Ensures a certificate parameter and parses it into an ASN.1 element object structure.

Parameters
$certificate : string

A PEM encoded string or path to a PEM encoded X.509 certificate.

Exceptions

Throws InvalidArgumentException

Throws SetaPDF_Signer_Asn1_Exception


Methods

_getSignatureAlgorithmIdentifier()

_getSignedAttributes()

Creates and returns all signed attribues.

Overwritten to add additional required signing attributes.

Exceptions

Throws SetaPDF_Signer_Exception

_getSigningCertificateV2Attribute()

Create and return the Signing Certificate Reference Attributes.

Exceptions

Throws SetaPDF_Signer_Exception

_getUnsignedAttributes()

Creates and returns unsigned attributes.

addCrl()

Adds an CRL which will be embedded in the CMS structure.

Parameters
$crl : string|SetaPDF_Signer_X509_Crl
 

addOcspResponse()

Adds an OCSP response which will be embedded in the CMS structure.

Parameters
$ocspResponse : string|SetaPDF_Signer_Ocsp_Response

DER encoded OCSP response or OCSP response instance.

Exceptions

Throws SetaPDF_Signer_Exception

addSigningCertificateV2()

Adds Signing Certificate Reference Attribute.

Parameters
$certificate : string|string[]|SetaPDF_Signer_X509_Certificate|SetaPDF_Signer_X509_Certificate[]
 
$hashAlgorithm : string
 
Exceptions

Throws SetaPDF_Signer_Asn1_Exception

createSignature()

Create a signature for the file in the given $tmpPath.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws BadMethodCallException

Throws SetaPDF_Signer_Exception

getCertificate()

Get the certificate value.

getCms()

Get the complete Cryptographic Message Syntax structure.

Exceptions

Throws SetaPDF_Signer_Exception

getDataToSign()

Get the data which needs to be digitally signed.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws SetaPDF_Signer_Exception

getDigest()

Get the digest algorithm.

setCertificate()

Set the signing certificate.

Parameters
$certificate : string|SetaPDF_Signer_X509_Certificate

PEM encoded certificate, path to the PEM encoded certificate or a certificate instance.

Exceptions

Throws InvalidArgumentException

Throws SetaPDF_Signer_Asn1_Exception

setDigest()

public SetaPDF_Signer_Signature_Module_Pades::setDigest (
string $digest
): void

Set the digest algorithm to use when signing.

Possible values are defined in TS 119 312.

Parameters
$digest : string
 
See

setExtraCertificates()

Add additional certificates which are placed into the CMS structure.

Parameters
$extraCertificates : array|SetaPDF_Signer_X509_Collection

PEM encoded certificates or pathes to PEM encoded certificates.

Exceptions

Throws SetaPDF_Signer_Asn1_Exception

setOcspResponse()

public SetaPDF_Signer_Signature_Module_Cms::setOcspResponse (
string $ocspResponse
): void

Alias for addOcspResponse().

Parameters
$ocspResponse : string

DER encoded OCSP response.

Exceptions

Throws SetaPDF_Signer_Exception

setPrivateKey()

public SetaPDF_Signer_Signature_Module_Cms::setPrivateKey (
resource|OpenSSLAsymmetricKey|string|array $privateKey [, string $passphrase = '' ]
): void

Set the the private key or a path to the private key file and password argument.

Parameters
$privateKey : resource|OpenSSLAsymmetricKey|string|array

A key, returned by openssl_get_privatekey() or a PEM formatted key as a string. Or a string having the format file://path/to/file.pem

$passphrase : string

The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).

Exceptions

Throws InvalidArgumentException

setSignatureValue()

public SetaPDF_Signer_Signature_Module_Cms::setSignatureValue (
string $signatureValue
): void

Set the signature value.

By default this needs to be the binary string of an RSASSA-PKCS1-v1_5 signature operation.

Parameters
$signatureValue : string
 

updateDocument()

Updates the document instance.

Parameters
$document : SetaPDF_Core_Document
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

Throws SetaPDF_Core_Type_Exception

See
  • ETSI TS 102 778-3 V1.2.1 - 4.7 Extensions Dictionary
  • ETSI EN 319 142-1 V1.1.0 - 5.6 Extension dictionary

updateSignatureDictionary()

Updates the signature dictionary.

PAdES requires special Filter and SubFilter entries in the signature dictionary.

Parameters
$dictionary : SetaPDF_Core_Type_Dictionary
 
Exceptions

Throws SetaPDF_Signer_Exception