Last active
January 11, 2019 15:20
-
-
Save antonioribeiro/43929ebefdf8c962673866c2048bec86 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Route::get('/sign-async-setasign', function () { | |
| // Define the path to the OpenSSL executable | |
| // $opensslPath = 'C:\\OpenSSL-Win32\\bin\\'; | |
| $opensslPath = '/usr/bin/'; | |
| // require SetaPDF | |
| // require_once 'library/SetaPDF/Autoload.php'; // we are using Composer | |
| date_default_timezone_set('Europe/Berlin'); | |
| // the file to sign | |
| $fileToSign = | |
| '/Users/antoniocarlos/code/clearitie/clt/certificates-pdf/certifyme.pdf'; | |
| // create a temporary path | |
| $tempFile = SetaPDF_Core_Writer_TempFile::createTempPath(); | |
| // create a writer instance | |
| $writer = new SetaPDF_Core_Writer_Http( | |
| '/Users/antoniocarlos/code/clearitie/clt/certificates-pdf/certified.pdf', | |
| true | |
| ); | |
| // create the document instance | |
| $document = SetaPDF_Core_Document::loadByFilename( | |
| $fileToSign, | |
| $writer | |
| ); | |
| // create the signer instance | |
| $signer = new SetaPDF_Signer($document); | |
| // let's use the PAdES modul and configure it | |
| $module = new SetaPDF_Signer_Signature_Module_Pades(); | |
| $module->setDigest(SetaPDF_Signer_Digest::SHA_256); | |
| $module->setCertificate( | |
| '/Users/antoniocarlos/code/clearitie/clt/certificates-pdf/certificate.pem' | |
| ); | |
| // create a temporary version which represents the data which should get signed | |
| $tmpDocument = $signer->preSign( | |
| new SetaPDF_Core_Writer_File($tempFile), | |
| $module | |
| ); | |
| // get the hash data from the module | |
| $hashData = $module->getDataToSign($tmpDocument->getHashFile()); | |
| // define some variables related to the private key | |
| $privateKey = realpath('files/certificates/setapdf-no-pw.pem'); | |
| $privateKeyPass = ''; | |
| // with pkeyutl we only need to pass the hash value, so get it | |
| $hash = hash($module->getDigest(), $hashData, true); | |
| file_put_contents( | |
| '/Users/antoniocarlos/code/clearitie/clt/certificates-pdf/certifyme.setasign.hash', | |
| $hash | |
| ); | |
| // and write it to a temporary file | |
| $tmpFileIn = SetaPDF_Core_Writer_TempFile::createTempFile($hash); | |
| // prepare a temporary file for the final signature | |
| $tmpFileOut = | |
| '/Users/antoniocarlos/code/clearitie/clt/certificates-pdf/signature-setasign-hash.txt'; | |
| // build the command | |
| $cmd = // this will allow us to sign the hash only | |
| $opensslPath . | |
| "openssl pkeyutl -sign " . | |
| "-inkey " . | |
| escapeshellarg($privateKey) . | |
| ' ' . | |
| "-pkeyopt digest:" . | |
| $module->getDigest() . | |
| ' ' . | |
| '-passin pass:' . | |
| escapeshellarg($privateKeyPass) . | |
| ' ' . | |
| '-in ' . | |
| escapeshellarg($tmpFileIn) . | |
| ' ' . | |
| '-out ' . | |
| escapeshellarg($tmpFileOut); | |
| // execute it | |
| $retValue = 0; // exec($cmd, $out, $retValue); // IGNORED --- just ignoring it because we already have a signature file | |
| if ($retValue !== 0) { | |
| throw new SetaPDF_Signer_Exception( | |
| sprintf( | |
| 'An error occurs while calling OpenSSL through CLI (exit code %s).', | |
| $retValue | |
| ) | |
| ); | |
| } | |
| // get the signature data | |
| $signatureValue = file_get_contents($tmpFileOut); | |
| // pass it to the module | |
| $module->setSignatureValue($signatureValue); | |
| // get the final cms container | |
| $cms = $module->getCms(); | |
| // and pass it to the main signer instance | |
| $signer->saveSignature($tmpDocument, $cms); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment