Merge pull request #3 from Binternet/feature/sign-using-sad

MaximilianKresse · web-flow · commit 63ab77fbc6d1 · 2022-10-04T11:10:34.000+02:00
Added an option to sign using SAD in addition to OTP
diff --git a/src/Module.php b/src/Module.php
@@ -33,10 +33,21 @@ class Module implements ModuleInterface, DictionaryInterface, DocumentInterface
     protected $certificateId;
 
     /**
+     * A Time based One Time Pin (TOTP) generated by a compatible app such as Google Authenticator, Microsoft
+     * Authenticator etc.
+     *
      * @var null|string
      */
     protected $otp;
 
+    /**
+     * The Signing Activation Data (SAD) token obtained in an earlier authorise request.
+     *
+     * @see Client::authorize()
+     * @var null|string
+     */
+    protected $sad;
+
     /**
      * @var string
      */
@@ -75,11 +86,30 @@ public function setSigningAlgorithm(string $algorithm)
         $this->_getPadesModule()->setDigest($hashingAlgorithm);
     }
 
+    /**
+     * Set a Time based One Time Pin (TOTP) generated by a compatible app such as Google Authenticator, Microsoft
+     * Authenticator etc.
+     *
+     * @param string $otp
+     * @return void
+     */
     public function setOtp(string $otp): void
     {
         $this->otp = $otp;
     }
 
+    /**
+     * Set a Signing Activation Data (SAD) token obtained in an earlier authorise request.
+     *
+     * @see Client::authorize()
+     * @param string $sad
+     * @return void
+     */
+    public function setSad(string $sad): void
+    {
+        $this->sad = $sad;
+    }
+
     public function getCertificate()
     {
         $padesModule = $this->_getPadesModule();
@@ -92,10 +122,6 @@ public function getCertificate()
 
     public function createSignature(SetaPDF_Core_Reader_FilePath $tmpPath)
     {
-        if ($this->otp === null) {
-            throw new \BadMethodCallException('Missing otp!');
-        }
-
         // ensure certificate
         $certificate = $this->getCertificate();
         if ($certificate === null) {
@@ -107,12 +133,30 @@ public function createSignature(SetaPDF_Core_Reader_FilePath $tmpPath)
         $padesDigest = $padesModule->getDigest();
 
         $hashData = hash($padesDigest, $padesModule->getDataToSign($tmpPath), true);
-        $signatureValue = $this->client->signWithOtp(
-            $this->certificateId,
-            $this->signingAlgorithm,
-            $hashData,
-            $this->otp
-        );
+
+        if ($this->sad !== null && $this->otp !== null) {
+            throw new \BadMethodCallException('SAD and OTP given! You must only use one.');
+        }
+
+        if ($this->sad !== null) {
+            // Sign using SAD
+            $signatureValue = $this->client->signWithSad(
+                $this->certificateId,
+                $this->signingAlgorithm,
+                $hashData,
+                $this->sad
+            );
+        } elseif ($this->otp !== null) {
+            // Sign using OTP
+            $signatureValue = $this->client->signWithOtp(
+                $this->certificateId,
+                $this->signingAlgorithm,
+                $hashData,
+                $this->otp
+            );
+        } else {
+            throw new \BadMethodCallException('Missing SAD/OTP! Please use setOtp() OR setSad() before.');
+        }
 
         if (\in_array($this->signingAlgorithm, ['ES256', 'ES384', 'ES512'], true)) {
             // THIS NEEDS TO BE USED TO FIX EC SIGNATURES
