Added an option to sign using SAD in addition to OTP

Binternet · Binternet · commit f8dbf3e76292 · 2022-10-03T15:36:56.000+03:00
diff --git a/src/Module.php b/src/Module.php
@@ -33,10 +33,24 @@ class Module implements ModuleInterface, DictionaryInterface, DocumentInterface
     protected $certificateId;
 
     /**
+     * A Time based One Time Pin (TOTP) generated by a compatible app such as Google Authenticator, Microsoft Authenticator etc'.
      * @var null|string
      */
     protected $otp;
 
+    /**
+     * The Signing Activation Data (SAD) token obtained in an earlier authorise request.
+     * @var null|string
+     */
+    protected $sad;
+
+    /**
+     * Signing method to be used, either 'otp' or 'sad'
+     * Default: otp
+     * @var string
+     */
+    protected $signingMethod = 'otp';
+
     /**
      * @var string
      */
@@ -80,6 +94,26 @@ public function setOtp(string $otp): void
         $this->otp = $otp;
     }
 
+    public function setSad(string $sad): void
+    {
+        $this->sad = $sad;
+    }
+
+    /**
+     * Sets the desired signing method to use on createSignature method
+     */
+    public function setSigningMethod($method)
+    {
+        $possible = ['otp','sad'];
+
+        if ( ! in_array($method, $possible ) )
+        {
+            throw new InvalidArgumentException('Invalid signing method! you can only choose beteen: ' . implode(',', $possible));
+        }
+
+        $this->signingMethod = $method;
+    }
+
     public function getCertificate()
     {
         $padesModule = $this->_getPadesModule();
@@ -92,10 +126,6 @@ public function getCertificate()
 
     public function createSignature(SetaPDF_Core_Reader_FilePath $tmpPath)
     {
-        if ($this->otp === null) {
-            throw new \BadMethodCallException('Missing otp!');
-        }
-
         // ensure certificate
         $certificate = $this->getCertificate();
         if ($certificate === null) {
@@ -107,12 +137,34 @@ public function createSignature(SetaPDF_Core_Reader_FilePath $tmpPath)
         $padesDigest = $padesModule->getDigest();
 
         $hashData = hash($padesDigest, $padesModule->getDataToSign($tmpPath), true);
-        $signatureValue = $this->client->signWithOtp(
-            $this->certificateId,
-            $this->signingAlgorithm,
-            $hashData,
-            $this->otp
-        );
+
+        if ( $this->signingMethod == 'sad' ) {
+            // Sign using SAD
+            if ($this->sad === null) {
+                throw new \BadMethodCallException('Missing SAD! Did you perform /authorize request before?');
+            }
+
+            $signatureValue = $this->client->signWithSad(
+                $this->certificateId,
+                $this->signingAlgorithm,
+                $hashData,
+                $this->sad
+            );
+        }
+        else {
+            // Sign using OTP
+            if ($this->otp === null) {
+                throw new \BadMethodCallException('Missing OTP!');
+            }
+
+            $signatureValue = $this->client->signWithOtp(
+                $this->certificateId,
+                $this->signingAlgorithm,
+                $hashData,
+                $this->otp
+            );
+        }
+
 
         if (\in_array($this->signingAlgorithm, ['ES256', 'ES384', 'ES512'], true)) {
             // THIS NEEDS TO BE USED TO FIX EC SIGNATURES
