SetaPDF_Signer_Signature_Module_Pades A signature module to create PAdES-BES/B-B conform signatures.

File: /SetaPDF v2/Signer/Signature/Module/Pades.php

This modules allows you to create signatures conforming to the PAdES-BES profile as specified in ETSI TS 102 778-3 or the PAdES baseline signature level B-B (PAdES-B-B) specified in ETSI EN 319 142-1.

By adding a signature time-stamp through e.g. the SetaPDF_Signer_Timestamp_Module_Rfc3161_Curl class you can add the optional signature time-stamp attribute to comply with e.g. PAdES-B-T (ETSI EN 319 142-1).

Class hierarchy

Implements

Summary

Properties

$_certificate

protected SetaPDF_Signer_Asn1_Element SetaPDF_Signer_Signature_Module_Pades::$_certificate

The signing certificate

$_cms

protected null|SetaPDF_Signer_Asn1_Element SetaPDF_Signer_Signature_Module_Pades::$_cms

The CMS structure

$_digest

protected string SetaPDF_Signer_Signature_Module_Pades::$_digest = 'sha256'

The digest algorithm to use when signing

$_extraCertificates

protected SetaPDF_Signer_Asn1_Element[] SetaPDF_Signer_Signature_Module_Pades::$_extraCertificates = array()

Additional certificates to be specified

$_hashValue

protected SetaPDF_Signer_Asn1_Element SetaPDF_Signer_Signature_Module_Pades::$_hashValue

The signature hash value object in the CMS structure

$_oCertificate

protected string SetaPDF_Signer_Signature_Module_Pades::$_oCertificate

Get the original signing certificate argument

$_privateKey

protected resource|string SetaPDF_Signer_Signature_Module_Pades::$_privateKey

The private key to use when signing

$_signatureValue

protected SetaPDF_Signer_Asn1_Element SetaPDF_Signer_Signature_Module_Pades::$_signatureValue

The signature value object in the CMS structure

$_signingCertificatesV2

protected array SetaPDF_Signer_Signature_Module_Pades::$_signingCertificatesV2 = array()

Data for the signingCertificatesV2 attribute


Static Methods

getParsedCertificate()

Ensures a certificate parameter and parses it into an ASN.1 element object structure.

Parameters
$certificate : string

A PEM encoded string or path to a PEM encoded X.509 certificate.

Exceptions

Throws InvalidArgumentException


Methods

_getIssuerAndSerialNumber()

Extracts the issuer and serial number from an existing X.509 certificate.

Parameters
$certificate : SetaPDF_Signer_Asn1_Element
 

_getSignedAttributes()

Creates and returns all signed attribues.

Overwritten to add additional required signing attributes.

_getSigningCertificateV2Attribute()

Create and return the Signing Certificate Reference Attributes.

_getSubjectPublicKeyInfoAlgorithm()

Get the algorithm identifier of the subjectPublicKeyInfo from the signer certificate.

Parameters
$certificate : SetaPDF_Signer_Asn1_Element
 

_getUnsignedAttributes()

Creates and returns unsigned attributes.

addSigningCertificateV2()

public SetaPDF_Signer_Signature_Module_Pades::addSigningCertificateV2 (
$certificate [, string $hashAlgorithm = SetaPDF_Signer_Digest::SHA_256 ]
): void

Adds Signing Certificate Reference Attribute.

Parameters
$certificate
 
$hashAlgorithm : string
 

createSignature()

Create a signature for the file in the given $tmpPath.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws BadMethodCallException

Throws SetaPDF_Signer_Exception

getCertificate()

Get the certificate value.

getCms()

Get the complete Cryptographic Message Syntax structure.

getDataToSign()

Get the data which needs to be digitally signed.

Parameters
$tmpPath : SetaPDF_Core_Reader_FilePath
 
Exceptions

Throws SetaPDF_Signer_Exception

getDigest()

Get the digest algorithm.

setCertificate()

public SetaPDF_Signer_Signature_Module_Pades::setCertificate (
string $certificate
): void

Set the signing certificate (PEM).

Parameters
$certificate : string
 
Exceptions

Throws InvalidArgumentException

setDigest()

public SetaPDF_Signer_Signature_Module_Pades::setDigest (
string $digest
): void

Set the digest algorithm to use when signing.

Possible values are defined in TS 119 312.

Parameters
$digest : string
 
See

setExtraCertificates()

public SetaPDF_Signer_Signature_Module_Cms::setExtraCertificates (
array $extraCertificates
): void

Add additional certificates which are placed into the CMS structure.

Parameters
$extraCertificates : array

PEM encoded certificates or pathes to PEM encoded certificates.

setPrivateKey()

public SetaPDF_Signer_Signature_Module_Cms::setPrivateKey (
resource|string|array $privateKey [, string $passphrase = '' ]
): void

Set the the private key or a path to the private key file and password argument.

Parameters
$privateKey : resource|string|array

A key, returned by openssl_get_privatekey() or a PEM formatted key as a string. Or a string having the format file://path/to/file.pem

$passphrase : string

The optional parameter passphrase must be used if the specified key is encrypted (protected by a passphrase).

Exceptions

Throws InvalidArgumentException

setSignatureValue()

public SetaPDF_Signer_Signature_Module_Cms::setSignatureValue (
string $signatureValue
): void

Set the signature value.

Parameters
$signatureValue : string
 

updateDocument()

Updates the document instance.

Parameters
$document : SetaPDF_Core_Document
 
See
  • ETSI TS 102 778-3 V1.2.1 - 4.7 Extensions Dictionary
  • ETSI EN 319 142-1 V1.1.0 - 5.6 Extension dictionary

updateSignatureDictionary()

Updates the signature dictionary.

PAdES requires special Filter and SubFilter entries in the signature dictionary.

Parameters
$dictionary : SetaPDF_Core_Type_Dictionary
 
Exceptions

Throws SetaPDF_Signer_Exception