|
82 | 82 | $module->setCredentialId($credentialId); |
83 | 83 | $module->setSignatureAlgorithmOid($algorithm); |
84 | 84 | $module->setCertificate($certificate); |
85 | | - |
86 | | -// now add this information to the CMS container |
87 | 85 | $module->setExtraCertificates($certificates); |
88 | 86 |
|
89 | | -// create a collection of trusted certificats: |
90 | | -$trustedCertificates = new Collection($certificates[count($certificates) - 1]); |
91 | | -$trustedCertificates->add(PemHelper::extractFromFile($trustedCertificatesPath)); |
92 | | -// sadly not all CSC API implementations return the full chain (in our tests e.g. SSL.com), so we have to |
93 | | -// add a trusted root on our own: |
94 | | -foreach ($otherTrustedCertificatePaths as $otherTrustedCertificatePath) { |
95 | | - $trustedCertificates->addFromFile($otherTrustedCertificatePath); |
96 | | -} |
97 | | - |
98 | | -// create a collector instance |
99 | | -$collector = new Collector($trustedCertificates); |
100 | | -$vriData = $collector->getByCertificate($certificate); |
101 | | -foreach ($vriData->getOcspResponses() as $ocspResponse) { |
102 | | - $module->addOcspResponse($ocspResponse); |
103 | | -} |
104 | | -foreach ($vriData->getCrls() as $crl) { |
105 | | - $module->addCrl($crl); |
106 | | -} |
107 | | - |
108 | 87 | if ($credentialInfo['authMode'] === 'explicit' && !isset($_GET['otp']) && !isset($_GET['pin'])) { |
109 | 88 | // you should check the OTP and/or PIN entry in $credentialInfo for how to setup authentication exactly |
110 | 89 | echo 'Please enter OTP or PIN:'; |
|
128 | 107 |
|
129 | 108 | // create the signer instance |
130 | 109 | $signer = new Signer($document); |
131 | | -// because of the timestamp and VRI data we need more space for the signature container |
132 | | -$signer->setSignatureContentLength(40000); |
| 110 | +// because of the timestamp we need more space for the signature container |
| 111 | +$signer->setSignatureContentLength(20000); |
133 | 112 |
|
134 | 113 | // setup a timestamp module |
135 | 114 | $tsModule = new Curl($timestampingUrl); |
|
157 | 136 | // create a new instance |
158 | 137 | $document = Document::loadByFilename($tmpWriter->getPath(), $writer); |
159 | 138 |
|
| 139 | +// create a collection of trusted certificats: |
| 140 | +$trustedCertificates = new Collection($certificates[count($certificates) - 1]); |
| 141 | +$trustedCertificates->add(PemHelper::extractFromFile($trustedCertificatesPath)); |
| 142 | +// sadly not all CSC API implementations return the full chain (in our tests e.g. SSL.com), so we have to |
| 143 | +// add a trusted root on our own: |
| 144 | +foreach ($otherTrustedCertificatePaths as $otherTrustedCertificatePath) { |
| 145 | + $trustedCertificates->addFromFile($otherTrustedCertificatePath); |
| 146 | +} |
160 | 147 | // create a VRI collector instance |
161 | 148 | $collector = new Collector($trustedCertificates); |
162 | 149 | // Use IPv4 to bypass an issue at http://ocsp.ensuredca.com |
|
165 | 152 | //]); |
166 | 153 |
|
167 | 154 | // get VRI for the timestamp signature |
168 | | -$vriData = $collector->getByFieldName( |
169 | | - $document, |
170 | | - $signatureField->getQualifiedName(), |
171 | | - Collector::SOURCE_OCSP_OR_CRL, |
172 | | - null, |
173 | | - null, |
174 | | - $vriData // pass the previously gathered VRI data |
175 | | -); |
| 155 | +$vriData = $collector->getByFieldName($document, $signatureField->getQualifiedName()); |
176 | 156 |
|
177 | 157 | //$logger = $collector->getLogger(); |
| 158 | +//echo "<pre>"; |
178 | 159 | //foreach ($logger->getLogs() as $log) { |
179 | 160 | // echo str_repeat(' ', $log->getDepth() * 4) . $log . "\n"; |
180 | 161 | //} |
| 162 | +//echo "</pre>"; |
181 | 163 |
|
182 | 164 | // and add it to the document. |
183 | 165 | $dss = new DocumentSecurityStore($document); |
|
0 commit comments