From 8e0ef1158dc86bf9501309689e938d3722c305d8 Mon Sep 17 00:00:00 2001 From: Jan Slabon Date: Thu, 10 Mar 2022 16:00:33 +0100 Subject: [PATCH] Update demo-ltv.php --- examples/demo-ltv.php | 55 +++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/examples/demo-ltv.php b/examples/demo-ltv.php index abec7ae..a080412 100644 --- a/examples/demo-ltv.php +++ b/examples/demo-ltv.php @@ -22,16 +22,17 @@ $settings = require __DIR__ . '/settings.php'; $file = __DIR__ . '/files/Laboratory-Report.pdf'; -$apiUrl = 'https://t2gtest.globaltrust.eu/trust2go'; $certificateSerialNumber = $settings['certificateSerialNumber']; // A requestID generated by the client to identify this signature operation (6 alphanumeric characters) $requestId = '123456'; +$caBundle = realpath(__DIR__ . '/files/globaltrust-all.pem'); + $httpClient = new GuzzleClient([ 'handler' => new CurlHandler(), // note: guzzle requires this parameter to fully support PSR-18 'http_errors' => false, - 'verify' => __DIR__ . '/files/globaltrust-eu-cert-chain.pem', + 'verify' => $caBundle, // timeout by api after ~300 seconds 'timeout' => 360, ]); @@ -44,7 +45,7 @@ $httpClient, $requestFactory, $streamFactory, - $apiUrl, + $settings['apiUrl'], $settings['username'], $settings['activationPin'] ); @@ -59,37 +60,55 @@ $reader = new SetaPDF_Core_Reader_File($file); $writer = new SetaPDF_Core_Writer_File(__DIR__ . '/signed-ltv.pdf'); +$tmpWriter = new SetaPDF_Core_Writer_TempFile(); // let's get the document -$document = SetaPDF_Core_Document::load($reader, $writer); +$document = SetaPDF_Core_Document::load($reader, $tmpWriter); // now let's create a signer instance $signer = new SetaPDF_Signer($document); $signer->setAllowSignatureContentLengthChange(false); -$signer->setSignatureContentLength(30000); +$signer->setSignatureContentLength(26000); + +if ($settings['tsUrl']) { + $tsModule = new SetaPDF_Signer_Timestamp_Module_Rfc3161_Curl($settings['tsUrl']); + $tsModule->setCurlOption(CURLOPT_USERPWD, $settings['tsUsername'] . ':' . $settings['tsPassword']); + $tsModule->setCurlOption(CURLOPT_CAINFO, $caBundle); + $signer->setTimestampModule($tsModule); +} -//// set some signature properties -$signer->setLocation($_SERVER['SERVER_NAME']); +// set some signature properties $signer->setReason('Testing TRUST2GO'); $field = $signer->getSignatureField(); $fieldName = $field->getQualifiedName(); $signer->setSignatureFieldName($fieldName); +$signer->sign($module); + +$document = \SetaPDF_Core_Document::loadByFilename($tmpWriter->getPath(), $writer); + // Create a collection of trusted certificats: $trustedCertificates = new SetaPDF_Signer_X509_Collection($certificates['chain']); +// This is the root certificate for the SubCA of the timestamping service +$trustedCertificates->add(SetaPDF_Signer_Pem::extractFromFile($caBundle)); + // Create a collector instance $collector = new SetaPDF_Signer_ValidationRelatedInfo_Collector($trustedCertificates); -// Collect revocation information for this certificate -$vriData = $collector->getByCertificate($certificate); +// Collect revocation information for this field +$vriData = $collector->getByFieldName($document, $fieldName); -// now add these information to the CMS container -$module->setExtraCertificates($vriData->getCertificates()); -foreach ($vriData->getOcspResponses() as $ocspResponse) { - $module->addOcspResponse($ocspResponse); -} -foreach ($vriData->getCrls() as $crl) { - $module->addCrl($crl); -} +// Debug process for resolving verification related information +//foreach ($collector->getLogger()->getLogs() as $log) { +// echo str_repeat(' ', $log->getDepth() * 4) . $log . "\n"; +//} -$signer->sign($module); +$dss = new SetaPDF_Signer_DocumentSecurityStore($document); +$dss->addValidationRelatedInfoByFieldName( + $fieldName, + $vriData->getCrls(), + $vriData->getOcspResponses(), + $vriData->getCertificates() +); + +$document->save()->finish();