SetaPDF Signer API Manual 1.5.1
SetaPDF Signer API Manual 1.5.1
SetaPDF Signer API Manual 1.5.1
SetaPDF-Signer API
Manual and Reference
Version 1.5.1, 2010-03-25 16:58:13 Setasign - Jan Slabon Major-Hirst-Strae 11 38442 Wolfsburg Germany http://www.setasign.de [email protected]
Setasign 2010
Page 1 of 87
Table of contents
Introduction ......................................................................................................................................................4 System Requirements .....................................................................................................................................5 Installation ........................................................................................................................................................6 Ioncube ........................................................................................................................................................8 Zend.............................................................................................................................................................9 Constants / Configuration ..............................................................................................................................10 Caching ..........................................................................................................................................................15 SetaPDF ........................................................................................................................................................18 SetaPDF::isError() .....................................................................................................................................19 SetaPDF_Error ..............................................................................................................................................20 SetaPDF_Parser ............................................................................................................................................21 SetaPDF_Parser::cacheDir() .....................................................................................................................22 SetaPDF_Parser::cacheFlags() .................................................................................................................23 SetaPDF_Parser::cacheMkdirMode() ........................................................................................................24 SetaPDF_Parser::cacheNoOfObjectsPerInstance() ..................................................................................25 SetaPDF_Parser::cacheHashFunction() ...................................................................................................26 SetaPDF_Signer ............................................................................................................................................27 SetaPDF_Signer::factory() .........................................................................................................................29 SetaPDF_Signer::setSourceFileName() ....................................................................................................30 SetaPDF_Signer::setAppearance() ...........................................................................................................31 SetaPDF_Signer::setTmpDirectory() .........................................................................................................33 SetaPDF_Signer::setFieldName() .............................................................................................................34 SetaPDF_Signer::setSignatureContentMinLength() ..................................................................................35 SetaPDF_Signer::setAllowSignatureContentLengthChange() ..................................................................36 SetaPDF_Signer::setRemoveNeedAppearancesFlag() ............................................................................37 SetaPDF_Signer::createNewTmpFileName() ............................................................................................38 SetaPDF_Signer::cleanTmpDirectory() .....................................................................................................39 SetaPDF_Signer::setSignatureProperty() ..................................................................................................40 SetaPDF_Signer::getSignatureProperty() .................................................................................................41 SetaPDF_Signer::setName() .....................................................................................................................42 SetaPDF_Signer::getName() .....................................................................................................................43 SetaPDF_Signer::setLocation() .................................................................................................................44 SetaPDF_Signer::getLocation() .................................................................................................................45 SetaPDF_Signer::setReason() ..................................................................................................................46 SetaPDF_Signer::getReason() ..................................................................................................................47 SetaPDF_Signer::setContactInfo() ............................................................................................................48 SetaPDF_Signer::getContactInfo() ............................................................................................................49
Setasign 2010
Page 2 of 87
SetaPDF_Signer::setTimeOfSigning() .......................................................................................................50 SetaPDF_Signer::getTimeOfSigning() .......................................................................................................51 SetaPDF_Signer::setCertificationLevel() ...................................................................................................52 SetaPDF_Signer::getPageBoxes() ............................................................................................................53 SetaPDF_Signer::getOriginBox() ...............................................................................................................54 SetaPDF_Signer::getPageRotation() .........................................................................................................55 SetaPDF_Signer::setTsModule() ...............................................................................................................56 SetaPDF_Signer::sign() .............................................................................................................................57 SetaPDF_Signer::unsetParser() ................................................................................................................58 SetaPDF_Signer_Module ..............................................................................................................................59 SetaPDF_Signer_Module_OpenSsl ..............................................................................................................60 SetaPDF_Signer_Module_OpenSsl::setSignCert() ...................................................................................61 SetaPDF_Signer_Module_OpenSsl::setPrivateKey() ................................................................................62 SetaPDF_Signer_Module_OpenSsl::setExtraCerts() ................................................................................63 SetaPDF_Signer_Module_OpenSslCli ..........................................................................................................64 SetaPDF_Signer_Module_OpenSslCli::setOpenSslPath() ........................................................................65 SetaPDF_Signer_Module_OpenSslCli::setSignCert() ...............................................................................66 SetaPDF_Signer_Module_OpenSslCli::setPrivateKey() ...........................................................................67 SetaPDF_Signer_Module_OpenSslCli::setPrivateKeyPassword() ............................................................68 SetaPDF_Signer_Module_OpenSslCli::setExtraCerts() ............................................................................69 SetaPDF_Signer_Module_Ts_Abstract .........................................................................................................70 SetaPDF_Signer_Module_Ts_Abstract::setSignature() ............................................................................71 SetaPDF_Signer_Module_Ts_Abstract::getSignature() ............................................................................72 SetaPDF_Signer_Module_Ts_Abstract::getParsedSignature() .................................................................73 SetaPDF_Signer_Module_Ts_Abstract::getHash() ...................................................................................74 SetaPDF_Signer_Module_Ts_Abstract::setReqPolicy() ...........................................................................75 SetaPDF_Signer_Module_Ts_Abstract::getReqPolicy() ...........................................................................76 SetaPDF_Signer_Module_Ts_Abstract::setNonce() .................................................................................77 SetaPDF_Signer_Module_Ts_Abstract::getNonce() .................................................................................78 SetaPDF_Signer_Module_Ts_Abstract::setCertReq() ..............................................................................79 SetaPDF_Signer_Module_Ts_Abstract::getCertReq() ..............................................................................80 SetaPDF_Signer_Module_Ts_Abstract::_getTsq() ...................................................................................81 SetaPDF_Signer_Module_Ts_Abstract::_getFinalSignature() ..................................................................82 SetaPDF_Signer_Module_Ts_Abstract::onSet() .......................................................................................83 SetaPDF_Signer_Module_Ts_Abstract::createTimeStamp() ....................................................................84 SetaPDF_Signer_Module_Ts_Curl ...............................................................................................................85 SetaPDF_Signer_Module_Ts_Curl::__construct() ....................................................................................86 SetaPDF_Signer_Module_Ts_Curl::setCurlOpts() ....................................................................................87
Setasign 2010
Page 3 of 87
Usage Demo
// require the SetaPDF_Signer class require_once("Signer/SetaPDF_Signer.php"); // require the OpenSSL signing module require_once("Signer/Module/OpenSsl.php"); // create an instance $module = new SetaPDF_Signer_Module_OpenSsl(); // set the properties of the module $module->setSignCert(file_get_contents('certificate.pem')); $module->setPrivateKey(array(file_get_contents('private-key.pem'), 'password')); // create a SetaPDF_Signer object $signer =& SetaPDF_Signer::factory('pdfdocument.pdf'); // set some signature properties $signer->setReason("Just for testing"); $signer->setLocation('www.setasign.de'); $signer->setContactInfo('+49 5361 3099400'); // sign the document and send it to the client $res = $signer->sign($module, 'signed.pdf', 'I'); if (SetaPDF::isError($res)) // check for errors var_dump($res);
Setasign 2010
Page 4 of 87
Setasign 2010
Page 5 of 87
If you transfer the files via FTP make sure you use binary mode. For each API or API combination you'll find demo files in the /Demo directory in nearly the same structure:
To use one of the SetaPDF APIs in your applications you have to add the SetaPDF-directory to your include_path: set_include_path(get_include_path() . PATH_SEPARATOR . 'PathTo/SetaPDF/'); Now you can simply include the SetaPDF-Signer API with the following lines: require_once("Signer/SetaPDF_Signer.php");
Setasign 2010
Page 6 of 87
// load the php build in OpenSSL module require_once("Signer/Modul/OpenSsl.php"); // load the command line OpenSSL module require_once("Signer/Modul/OpenSslCli.php");
Setasign 2010
Page 7 of 87
Setasign 2010
Page 8 of 87
Setasign 2010
Page 9 of 87
Predefined Constants
SETAPDF_SIG_NOT_CERTIFIED (integer)0 Don't certify the document. SETAPDF_SIG_CERTIFIED_NO_CHANGES_ALLOWED (integer)1
Setasign 2010
Page 10 of 87
No changes allowed SETAPDF_SIG_CERTIFIED_FORM_FILLING (integer)2 Form fill-in only allowed SETAPDF_SIG_CERTIFIED_FORM_FILLING_AND_ANNOTATIONS (integer)3 Form fill-in and commenting allowed
Setasign 2010
Page 11 of 87
E_SETAPDF_ENC_WRONG_OWNER_PW (integer)13 E_SETAPDF_CANNOT_COPY_FILE (integer)14 Cannot copy file XXXX to YYYY E_SETAPDF_HEADER_ALREADY_SEND (integer)15 Some data has already been output to browser, can't send PDF file E_SETAPDF_UNABLE_TO_FIND_TRAILER (integer)16 Trailer keyword not found after xref table E_SETAPDF_UNSUPPORTED_FILTER (integer)17 An unsupported compression filter is required. E_SETAPDF_ZLIB_REQUIRED (integer)18 To handle /FlateDecode filter, php with zlib support is needed. E_SETAPDF_DECOMPRESSION_ERROR (integer)19 Error while decompressing stream. E_SETAPDF_UNABLE_TO_CREATE_CACHE_DIR (integer)20 Unable to create directories in cache directory.
Setasign 2010
Page 12 of 87
Passed module isn't an instance/subclass of SetaPDF_Signer_Module. E_SETAPDF_SIG_NEEDAPPEARANCES_FLAG_FOUND (integer)609 The document includes a NeedAppearances-Flag (see SetaPDF_Signer::setRemoveNeedAppearancesFlag()). E_SETAPDF_SIG_SIGNATURE_LENGTH_TO_LARGE (integer)611 The signature length (?? bytes) doesn't fit into the reserved space (?? bytes) and "$this->allowSignatureContentLengthChange" is set to false. (see SetaPDF_Signer::setAllowSignatureContentLengthChange()) E_SETAPDF_SIG_PARSER_NO_KIDS (integer)612 Cannot find /Kids in current /Page-Dictionary E_SETAPDF_SIG_ALREADY_CERTIFIED (integer)613 Document is already certified. Only approval signatures are possible E_SETAPDF_SIG_PARSER_WRONG_PAGE_NO (integer)614 Wrong page number given E_SETAPDF_SIG_NO_BOX_FOUND (integer)615 Page box not found E_SETAPDF_SIG_MOD_OPENSSL_NOT_AVAILABLE (integer)610 This module requires php compiled with openssl. E_SETAPDF_SIG_MOD_OPENSSL_ERROR (integer)603 An error from OpenSSL occurs. If you've set the track_errors directive to "On" the message will include a detailed error message. E_SETAPDF_SIG_MOD_OPENSSL_BOUNDARY_ID_NOT_FOUND (integer)604 Will occur if the boundary id in a created smime message is not found. E_SETAPDF_SIG_MOD_OPENSSL_SIG_EXTRACTION (integer)605 An error occurs while extracting the signature of the smime message. E_SETAPDF_SIG_MOD_OPENSSLCLI_ERROR (integer)606 The commandline call of OpenSSL failed. E_SETAPDF_SIG_CURL_ERROR (integer)616 curl_exec() returned false. The detailed error message is included in the error object.
Setasign 2010
Page 13 of 87
E_SETAPDF_SIG_CURL_RES_ERROR (integer)617 The time stamp server responses with another status code than 200. E_SETAPDF_SIG_TS_ERROR (integer)618 Time stamp server returned status other than 0 (zero). More details see: RFC3161 (2.4.2.)
Setasign 2010
Page 14 of 87
2. Objects
Each entry in the above described xref table points to an object representing specific data, like Images, Fonts, Pages,... If the parser should read such an object it have to go to the desired byte-offset position in the document, known from the xref-table, and have to parse the object token-wise. This process needs several string comparsions and also runs recursive until the object is totally read. The parser can cache the read objects and use the cached versions at the next situation when it is needed. No byte-position change or parsing of any string is done but simply unserializing the data from the cached data.
Usage
As already written the handling of the cache functionallity is done by static methods of the SetaPDF_Parser class. You can use the static method right after including a desired API like the SetaPDF-Merger API: require_once('Merger/SetaPDF_Merger.php'); // at this point you can access the SetaPDF_Parser class
Setasign 2010
Page 15 of 87
First of all you have to tell the API where you would like to save the cached data. You have to use the SetaPDF_Parser::cacheDir()-method for this: SetaPDF_Parser::cacheDir(realpath('../../path/for/cached/data/')); Now you were able to activate the caching by calling the SetaPDF_Parser::cacheFlags()-method with special flags. The flags are predefined in Constants: // Will read and write all data (xref table and objects) from/to cache. SetaPDF_Parser::cacheFlags(SETAPDF_P_CACHE_ALL); // Will just read and write the xref table from/to cache. SetaPDF_Parser::cacheFlags(SETAPDF_P_CACHE_XREF); // Will just read and write objects from/to cache. SetaPDF_Parser::cacheFlags(SETAPDF_P_CACHE_OBJECTS); After this the cache is active for all instances of any SetaPDF API. Furthermore you can do some fintuning:
Setasign 2010
Page 16 of 87
$id = $db->getOne("SELECT id FROM documents WHERE filename = ".$db->quote($filename)); return $id; } SetaPDF_Parser::cacheHashFunction('mapFilenameToId');
Setasign 2010
Page 17 of 87
SetaPDF - Class
This class is the base class for nearly all SetaPDF APIs. It offers some public static helper methods.
Class Overview
SetaPDF
Child Classes
SetaPDF_Signer
Methods
SetaPDF::isError()
Setasign 2010
Page 18 of 87
SetaPDF::isError()
Description
SetaPDF { boolean isError ( mixed $obj ) } Determines if a variable is a SetaPDF_Error object.
Parameters
$obj
Variable to check
Return Values
True if $obj is a SetaPDF_Error object
Setasign 2010
Page 19 of 87
SetaPDF_Error - Class
This class represents an error object thrown by a SetaPDF API. You can get more information about the error by checking the following properties $obj->message and $obj->code. You can add your own error handling by defining your own class named SetaPDF_Error before you include any SetaPDF-File. The original class looks like this: class SetaPDF_Error { var $message; var $code; function SetaPDF_Error($message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null) { $this->message = $message; $this->code = $code; } }
Setasign 2010
Page 20 of 87
SetaPDF_Parser - Class
The SetaPDF_Parser class is the base class for all indvidual SetaPDF parser classes. It is for example responsible for reading the xref table or objects of a document. The SetaPDF_Parser class is an abstract class and just offers some static methods which let you control the cache functionality.
Class Overview
SetaPDF_Parser
Methods
SetaPDF_Parser::cacheDir() SetaPDF_Parser::cacheFlags() SetaPDF_Parser::cacheMkdirMode() SetaPDF_Parser::cacheNoOfObjectsPerInstance() SetaPDF_Parser::cacheHashFunction()
Setasign 2010
Page 21 of 87
SetaPDF_Parser::cacheDir()
Description
SetaPDF_Parser { mixed cacheDir ( [string $dir=null] ) } Sets the directory for cache data. This method should be called static.
Parameters
$dir
Path to the directory where to write the cache data. If null the directory will not be changed.
Return Values
The actual path.
Setasign 2010
Page 22 of 87
SetaPDF_Parser::cacheFlags()
Description
SetaPDF_Parser { mixed cacheFlags ( [string $flags=null] ) } Sets the flags how the parser should handle read and write processes of objects or xref-tables. This method should be called static. You can use this flags to do fine tuning of the caching mechanism. The flags can be combined using a bitwise AND (|) operation. If any flag is set, except SETAPDF_P_CACHE_NO, a valid writeable path should be set with SetaPDF_Parser::cacheDir().
Parameters
$flags
The parameter defines the caching behaviour of the API. Available values are: SETAPDF_P_CACHE_NO - Don't read and write cache. SETAPDF_P_CACHE_READ_XREF - Try to read the cached xref table. SETAPDF_P_CACHE_WRITE_XREF - Write the xref table to cache. SETAPDF_P_CACHE_XREF - Try to read and write the xref table. SETAPDF_P_CACHE_READ_OBJECTS - Try to read cached objects. SETAPDF_P_CACHE_WRITE_OBJECTS - Write read objects to cache. SETAPDF_P_CACHE_OBJECTS - Try to read and write objects to cache. SETAPDF_P_CACHE_ALL - Read and write objects and xref-tables.
Setasign 2010
Page 23 of 87
SetaPDF_Parser::cacheMkdirMode()
Description
SetaPDF_Parser { mixed cacheMkdirMode ( [integer $mode=null] ) } As the caching mechanism creates directories for each pdf document the API internally uses mkdir to create the directory. With this method you can define if and which parameter should be passed as the $mode parameter of the mkdir-function. This method should be called static.
Parameters
$mode
The file mode. The parameter consists of three octal number components specifying access restrictions for the owner, the user group in which the owner is in, and to everybody else in this order. More informations about the mode-parameter can be found here.
Return Values
The actual value.
Setasign 2010
Page 24 of 87
SetaPDF_Parser::cacheNoOfObjectsPerInstance()
Description
SetaPDF_Parser { mixed cacheNoOfObjectsPerInstance ( [integer $no=null] ) } For sure a caching process needs more process power as the cached data have to be written to the file system. Often a PDF document is build with more houndres or thousands of objects which can increase the process time to a bad value. With this method you can define how many maximum objects should be cached per script instance. So you can chop the cache creation over several script executions. This method should be called static. If you set the $no-parameter, for example, to 100, the parser will cache 100 objects per script instance maximum, until all objects are cached. By default the parser will cache ALL objects.
Parameters
$no
The maximum number of objects to cache per instance.
Return Values
The actual value.
Setasign 2010
Page 25 of 87
SetaPDF_Parser::cacheHashFunction()
Description
SetaPDF_Parser { mixed cacheHashFunction ( [callback $hashFunction=null] ) } To identify a pdf document the API uses the md5_file()-function by default. If you want to create your own identification process or if you already know a hash or unique property of the document you can use this method to define an own function/method which will be called when the parser needs the hash. This hash/value will be used as the directory name in the cache directory (see SetaPDF_Parser::cacheDir() ). The given value will be used as the function parameter of a call_user_func()-call. This method should be called static.
Parameters
$hashFunction
The function to be called. (See also informations about the callback type.)
Return Values
The actual value.
Setasign 2010
Page 26 of 87
Class Overview
File: SetaPDF SetaPDF_Signer
Methods
SetaPDF_Signer::factory() SetaPDF_Signer::setSourceFileName() SetaPDF_Signer::setAppearance() SetaPDF_Signer::setTmpDirectory() SetaPDF_Signer::setFieldName() SetaPDF_Signer::setSignatureContentMinLength() SetaPDF_Signer::setAllowSignatureContentLengthChange() SetaPDF_Signer::setRemoveNeedAppearancesFlag() SetaPDF_Signer::createNewTmpFileName() SetaPDF_Signer::cleanTmpDirectory() SetaPDF_Signer::setSignatureProperty() SetaPDF_Signer::getSignatureProperty() SetaPDF_Signer::setName() SetaPDF_Signer::getName() SetaPDF_Signer::setLocation() SetaPDF_Signer::getLocation() SetaPDF_Signer::setReason() SetaPDF_Signer::getReason() SetaPDF_Signer::setContactInfo() SetaPDF_Signer::getContactInfo() SetaPDF_Signer::setTimeOfSigning() SetaPDF_Signer::getTimeOfSigning() SetaPDF_Signer::setCertificationLevel() SetaPDF_Signer::getPageBoxes() SetaPDF_Signer::getOriginBox() SetaPDF_Signer::getPageRotation() SetaPDF_Signer::setTsModule() SetaPDF_Signer::sign() SetaPDF_Signer::unsetParser()
Setasign 2010
Page 27 of 87
Inherited Methods
Class: SetaPDF
SetaPDF::isError()
Setasign 2010
Page 28 of 87
SetaPDF_Signer::factory()
Description
SetaPDF_Signer extends SetaPDF { factory ( string $sourceFileName[, string $tmpDirectory=null] ) } This method has to be called static and will return an instance of the SetaPDF_Signer class. The SetaPDF_Signer class also can be initiated without the factory method in the normal PHP style: $signer = new SetaPDF_Signer(); In this case you have to set the $sourceFileName with SetaPDF_Signer::setSourceFileName()-Method.
Parameters
$sourceFileName
A string that defines the path (relative or absolute) to the original document. Only local paths are allowed.
$tmpDirectory
A path for temporary files. If not or null is passed the default fallback directory SetaPDF/Signer/_tmp/ is used.
Return Values
A new instance of the SetaPDF_Signer class or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 29 of 87
SetaPDF_Signer::setSourceFileName()
Description
SetaPDF_Signer extends SetaPDF { void setSourceFileName ( string $sourceFileName ) } This method sets the documents filename, that should be signed.
Parameters
$sourceFileName
A string that defines the path (relative or absolute) to the original document. Only local paths are allowed.
Setasign 2010
Page 30 of 87
SetaPDF_Signer::setAppearance()
Description
SetaPDF_Signer extends SetaPDF { void setAppearance ( string $fileName[, mixed $x|$position=0[, mixed $y|$translate=0[, mixed $w=null[, mixed $h=null[, integer $pageNo=1]]]]] ) } With this method you can add a visible signature appearance to the document. The size can be specified in different ways: explicit width (w) and height (h) one explicit dimension (w or h), the other being calculated automatically in order to keep the original proportions no explicit dimension, the size of the original document is taken
Parameters
$fileName
A string that defines the path (relative or absolute) to a PDF file that represents the appearance as the first page. Only local paths are allowed.
$x|$position
The position on the abscissa. OR A position in the following format: LT = left top LM = left middle LB = left bottom CT = center top CM = center middle CB = center bottom RT = right top RM = right middle RB = right bottom
$y|$translate
Setasign 2010
Page 31 of 87
The position on the ordinate. OR An array with x- and/or y-values for a translation based on the position defined in the previous parameter: array( 'x' => 20, 'y' => -10 )
$w
The width in points.
$h
The height in points.
$pageNo
The page on which the appearance should appear.
Version
since 1.4
Setasign 2010
Page 32 of 87
SetaPDF_Signer::setTmpDirectory()
Description
SetaPDF_Signer extends SetaPDF { mixed setTmpDirectory ( [string $tmpDirectory=null] ) } If you want to change the path for temporary files at runtime, you can use this method.
Parameters
$tmpDirectory
A path for temporary files. If not or null is passed the default fallback directory SetaPDF/Signer/_tmp/ is used.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 33 of 87
SetaPDF_Signer::setFieldName()
Description
SetaPDF_Signer extends SetaPDF { void setFieldName ( string $fieldName ) } With this method you can define the name of the signature field added to the PDF document. If a form field with the same name already exists in the document you want to sign the name of the signature will be suffixed with a number. For example if a field named "Signature" already exists the signature fields name becomes: "Signature0" or if this also exists "Signature1",... If you're using a development license the signature fields name is fixed and cannot be changed!
Parameters
$fieldName
The signature field name. The default value is: "Signature"
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 34 of 87
SetaPDF_Signer::setSignatureContentMinLength()
Description
SetaPDF_Signer extends SetaPDF { void setSignatureContentMinLength ( integer $length ) } As a signatures content various in length it is neccesary to reserve a defined amount of space in the document. This space is defined with 3500 bytes by default. If the API recognize that a signature is bigger than the reserved space the signing process will start again, but it automatically sets the signatureContentMinLength-value to the needed length before. If you already know that your signature is very huge you can adjust the reserved space with this method. You also can set this value to a very smal amount, to force the API to create the signature twice, so it'll fit exactly in the reserved space and as less as possible bytes were used.
Parameters
$length
The length of the reserved bytes in the document.
Setasign 2010
Page 35 of 87
SetaPDF_Signer::setAllowSignatureContentLengthChange()
Description
SetaPDF_Signer extends SetaPDF { void setAllowSignatureContentLengthChange ( [boolean $allowSignatureContentLengthChange=true] ) } This method can be used to stop the API from recreating signatures if it's content doesn't fit into the reserved space. (see SetaPDF_Signer::setSignatureContentMinLength())
Parameters
$allowSignatureContentLengthChange
A boolean value defining if the API should recreate the signature if the resulting signature content is to large as the reserved space (true) or not (false).
Setasign 2010
Page 36 of 87
SetaPDF_Signer::setRemoveNeedAppearancesFlag()
Description
SetaPDF_Signer extends SetaPDF { void setRemoveNeedAppearancesFlag ( [boolean $status=true] ) } PDF documents (with form fields) can include a flag which tells the viewer application to rebuild the appearance streams of a form field at any time. This issue will destroy any digital signature, so Acrobat or the Adobe Reader will simply ignore the digital signature. If the SetaPDF-Signer API should sign a document where this flag is set and it's value is true it'll return an SetaPDF_Error object, because it makes no sense to sign this document. If you want to force the API to sign the document you can define this behaviour with this method. If you pass true (or nothing) to this method, the API will remove the flag. You should check the resulting document if all needed content is viewable after the signing process.
Parameters
$status
True: remove the flag. False: don't remove the flag.
Setasign 2010
Page 37 of 87
SetaPDF_Signer::createNewTmpFileName()
Description
SetaPDF_Signer extends SetaPDF { string createNewTmpFileName ( void ) } This method is a kind of helper method which is used to create unique filenames in the temporary directory. You can use this method to create temporary files which will be included in the cleanTmpDirectory routine of the SetaPDF-Signer API.
Return value
An absoulte unique filename/path
Setasign 2010
Page 38 of 87
SetaPDF_Signer::cleanTmpDirectory()
Description
SetaPDF_Signer extends SetaPDF { boolean cleanTmpDirectory ( void ) } This methods deletes olded files in the temporary directory. If the API causes an error it could be that temporary files will remain in the given temporary directory. In the PHP 5 version this method is called automatically by the __destruct()-method. In PHP 4 you can call it your own or register it as a shutdown function: register_shutdown_function(array(&$signerInstance,'cleanTmpDirectory')); The method makes use of the glob()-function. If this function is disabled cause of any security reason you can define your own function by setting it in the SetaPDF::$globFunctionName property. An example of a replacement function can be found in the user contributed notes on php.net By default temporary files which are older than 60 seconds will be deleted. To adjust this value, change the SetaPDF::$tmpFilesLifetime property.
Return value
True if files were deleted. False if no file was deleted.
Setasign 2010
Page 39 of 87
SetaPDF_Signer::setSignatureProperty()
Description
SetaPDF_Signer extends SetaPDF { mixed setSignatureProperty ( string $name[, mixed $value] ) } Sets a value of a signature property.
Parameters
$name
The name of the signature property. Possible values are: name location reason contactInfo timeOfSigning
For a detailed description of each possible property check their synonym methods.
$value
The value of the given property. If null is passed the property will not be written to the signature dictionary in the resulting PDF document. Except the "timeOfSigning"-property. If this property is set to null the time of signing will be the current local time on the server. All values (except the "timeOfSigning"-value) are strings. The "timeOfSigning"-value is an integer value - a unix timestamp.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 40 of 87
SetaPDF_Signer::getSignatureProperty()
Description
SetaPDF_Signer extends SetaPDF { mixed getSignatureProperty ( string $name ) } Gets a value of a signature property.
Parameters
$name
The name of the signature property. Possible values are: name location reason contactInfo timeOfSigning
For a detailed description of each possible property check their synonym methods.
Return Values
The value or an SetaPDF_Error object if the property is unknown.
Version
since 1.4
Setasign 2010
Page 41 of 87
SetaPDF_Signer::setName()
Description
SetaPDF_Signer extends SetaPDF { mixed setName ( string $name ) } This method is a synonym method for: $this->setSignatureProperty('name', $name); With it you can set the name of the person or auhority signing the document. You should only set this value if it's not possible to extract the name of the signature.
Parameters
$name
The name of the person or authority signing the document. If null is passed the property will not be written to the signature dictionary in the resulting PDF document.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 42 of 87
SetaPDF_Signer::getName()
Description
SetaPDF_Signer extends SetaPDF { mixed getName ( void ) } This method is a synonym method for: $this->getSignatureProperty('name'); It will return the name of the person or auhority signing the document, if set.
Return Values
The name of the person or auhority signing the document or null.
Version
since 1.4
Setasign 2010
Page 43 of 87
SetaPDF_Signer::setLocation()
Description
SetaPDF_Signer extends SetaPDF { mixed setLocation ( string $location ) } This method is a synonym method for: $this->setSignatureProperty('location', $location);
Parameters
$location
The CPU host name or physical location of signing. If null is passed the property will not be written to the signature dictionary in the resulting PDF document.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 44 of 87
SetaPDF_Signer::getLocation()
Description
SetaPDF_Signer extends SetaPDF { mixed getLocation ( void ) } This method is a synonym method for: $this->getSignatureProperty('location'); It will return the CPU host name or physical location of signing, if set.
Return Values
The CPU host name or physical location of signing or null.
Version
since 1.4
Setasign 2010
Page 45 of 87
SetaPDF_Signer::setReason()
Description
SetaPDF_Signer extends SetaPDF { mixed setReason ( string $reason ) } This method is a synonym method for: $this->setSignatureProperty('reason', $reason);
Parameters
$reason
The reason for the signing, such as (I agree...). If null is passed the property will not be written to the signature dictionary in the resulting PDF document.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 46 of 87
SetaPDF_Signer::getReason()
Description
SetaPDF_Signer extends SetaPDF { mixed getReason ( void ) } This method is a synonym method for: $this->getSignatureProperty('reason'); It will return the reason for the signing, if set.
Return Values
The reason for the signing or null.
Version
since 1.4
Setasign 2010
Page 47 of 87
SetaPDF_Signer::setContactInfo()
Description
SetaPDF_Signer extends SetaPDF { mixed setContactInfo ( string $contactInfo ) } This method is a synonym method for: $this->setSignatureProperty('contactInfo', $contactInfo);
Parameters
$contactInfo
Information provided by the signer to enable a recipient to contact the signer to verify the signature; for example, a phone number. If null is passed the property will not be written to the signature dictionary in the resulting PDF document.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 48 of 87
SetaPDF_Signer::getContactInfo()
Description
SetaPDF_Signer extends SetaPDF { mixed getContactInfo ( void ) } This method is a synonym method for: $this->getSignatureProperty('contactInfo'); It will return the contact information of the signer, if set.
Return Values
The contact information of the signer or null.
Version
since 1.4
Setasign 2010
Page 49 of 87
SetaPDF_Signer::setTimeOfSigning()
Description
SetaPDF_Signer extends SetaPDF { mixed setTimeOfSigning ( integer $timeOfSigning ) } This method is a synonym method for: $this->setSignatureProperty('timeOfSigning', $timeOfSigning);
Parameters
$timeOfSigning
A unix timestamp representing the time of signing. If null is passed the time of signing will be the local time of the server.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 50 of 87
SetaPDF_Signer::getTimeOfSigning()
Description
SetaPDF_Signer extends SetaPDF { mixed getTimeOfSigning ( void ) } This method is a synonym method for: $this->getSignatureProperty('timeOfSigning'); Will return a unix timestamp representing the time of signing, if set.
Return Values
A unix timestamp representing the time of signing or null.
Version
since 1.4
Setasign 2010
Page 51 of 87
SetaPDF_Signer::setCertificationLevel()
Description
SetaPDF_Signer extends SetaPDF { void setCertificationLevel ( integer $certificationLevel ) } Sets/Activates the certification level. A certification level specifies what changes are allowed after the document is certified.
Parameters
$certificationLevel
With the certification level you can specify what changes are allowed. Following values/constans are available: SETAPDF_SIG_CERTIFIED_NO_CHANGES_ALLOWED = 1 SETAPDF_SIG_CERTIFIED_FORM_FILLING = 2 SETAPDF_SIG_CERTIFIED_FORM_FILLING_AND_ANNOTATIONS = 3
Version
Available since version 1.3
Setasign 2010
Page 52 of 87
SetaPDF_Signer::getPageBoxes()
Description
SetaPDF_Signer extends SetaPDF { mixed getPageBoxes ( integer $pageNo[, mixed $fileName=null] ) } Gets the page boxes of a PDF document.
Parameters
$pageNo
The page number
$fileName
The path of the PDF file. If not set, the document which is set in the factory()-method or by setSourceFileName() is taken.
Return Values
An array of boxes, while the keys are the box-names (f.g. /MediaBox, /TrimBox,...). Each box has following entries: x: the abscissa y: ordinate w: the width h: the height llx: lower left abscissa lly: lower left ordinate urx: upper right abscissa ury: upper right ordinate
Version
since 1.4
Setasign 2010
Page 53 of 87
SetaPDF_Signer::getOriginBox()
Description
SetaPDF_Signer extends SetaPDF { mixed getOriginBox ( integer $pageNo[, mixed $fileName=null] ) } Gets the origin page box. This will be the /CropBox or the /MediaBox. The method will check the existence of the desired box for you.
Parameters
$pageNo
The page number
$fileName
The path of the PDF file. If not set, the document which is set in the factory()-method or by setSourceFileName() is taken.
Return Values
An array with the following entries: x: the abscissa y: ordinate w: the width h: the height llx: lower left abscissa lly: lower left ordinate urx: upper right abscissa ury: upper right ordinate
Version
since 1.4
Setasign 2010
Page 54 of 87
SetaPDF_Signer::getPageRotation()
Description
SetaPDF_Signer extends SetaPDF { mixed getPageRotation ( integer $pageNo[, mixed $fileName=null] ) } Gets the number of degrees by which the page is rotated.
Parameters
$pageNo
The page number
$fileName
The path of the PDF file. If not set, the document which is set in the factory()-method or by setSourceFileName() is taken.
Return Values
An integer value of a factor 90 or false if no value is given. If an error occurs this method will return a SetaPDF_Error-Object.
Version
since 1.4
Setasign 2010
Page 55 of 87
SetaPDF_Signer::setTsModule()
Description
SetaPDF_Signer extends SetaPDF { boolean setTsModule ( SetaPDF_Signer_Module_Ts_Abstract $tsModule ) } Adds a time stamp module to the signature process. This method will trigger the onSet-method of the time stamp module.
Parameters
$tsModule
An instance of a time stamp module.
Return Values
True if the given variable is an instance of SetaPDF_Signer_Module_Ts_Abstract. False in the other case.
Version
as of version 1.5
Setasign 2010
Page 56 of 87
SetaPDF_Signer::sign()
Description
SetaPDF_Signer extends SetaPDF { mixed sign ( SetaPDF_Signer_Module &$module, string $target[, string $dest='I'] ) } This method starts the signing process.
Parameters
&$module
An instance of a signing module. Currently only modules for OpenSSL are available. See SetaPDF_Signer_Module_OpenSsl and SetaPDF_Signer_Module_OpenSslCli.
$target
The resulting filename or path to the local filesystem where the resulting document will be saved.
$dest
Defines how the resulting document is handled: "F" saves the file to the file system "D" the file will be send to the client with a download dialogue "I" the file will be displayed in the client's browser window.
Return Values
True is everything works as expected or an SetaPDF_Error object if an error occurs.
Setasign 2010
Page 57 of 87
SetaPDF_Signer::unsetParser()
Description
SetaPDF_Signer extends SetaPDF { boolean unsetParser ( string $fileName ) } The SetaPDF-Signer API caches parser objects, so if you want to sign one document multiple times the source document is parsed only once. If you want to sign multiple documents in one instance it's good to close the unneeded parser objects.
Parameters
$fileName
The filename of the sourcefile.
Return Values
True if a parser object existed and could be deleted for this filename. False if no parser object exists for this filename.
Setasign 2010
Page 58 of 87
Class Overview
SetaPDF_Signer_Module
Child Classes
SetaPDF_Signer_Module_OpenSsl SetaPDF_Signer_Module_OpenSslCli
Setasign 2010
Page 59 of 87
SetaPDF_Signer_Module_OpenSsl
This class represents a module which will create the signature with phps build in OpenSSL functions.
Class Overview
File: SetaPDF_Signer_Module SetaPDF_Signer_Module_OpenSsl
Methods
SetaPDF_Signer_Module_OpenSsl::setSignCert() SetaPDF_Signer_Module_OpenSsl::setPrivateKey() SetaPDF_Signer_Module_OpenSsl::setExtraCerts()
Inherited Methods
Setasign 2010
Page 60 of 87
SetaPDF_Signer_Module_OpenSsl::setSignCert()
Description
SetaPDF_Signer_Module_OpenSsl extends SetaPDF_Signer_Module { void setSignCert ( mixed $signCert ) } With this method you have to set the certificate with which you want to sign the document.
Parameters
$signCert
The signing certificate. This parameter can be passed like desribed here.
Setasign 2010
Page 61 of 87
SetaPDF_Signer_Module_OpenSsl::setPrivateKey()
Description
SetaPDF_Signer_Module_OpenSsl extends SetaPDF_Signer_Module { void setPrivateKey ( mixed $privKey ) } Define the private key.
Parameters
$privKey
The private key. This parameter can be passed like desribed here.
Setasign 2010
Page 62 of 87
SetaPDF_Signer_Module_OpenSsl::setExtraCerts()
Description
SetaPDF_Signer_Module_OpenSsl extends SetaPDF_Signer_Module { void setExtraCerts ( string $extraCerts ) } Let's you add extra certificates to include in the signature which can for example be used to help the recipient to verify the certificate that you used.
Parameters
$extraCerts
Specifies the name of a file containing the extra certificates.
Setasign 2010
Page 63 of 87
SetaPDF_Signer_Module_OpenSslCli
This class represents a module which will create the signature with OpenSSL calls through the command line.
Class Overview
File: SetaPDF_Signer_Module SetaPDF_Signer_Module_OpenSslCli
Methods
SetaPDF_Signer_Module_OpenSslCli::setOpenSslPath() SetaPDF_Signer_Module_OpenSslCli::setSignCert() SetaPDF_Signer_Module_OpenSslCli::setPrivateKey() SetaPDF_Signer_Module_OpenSslCli::setPrivateKeyPassword() SetaPDF_Signer_Module_OpenSslCli::setExtraCerts()
Inherited Methods
Setasign 2010
Page 64 of 87
SetaPDF_Signer_Module_OpenSslCli::setOpenSslPath()
Description
SetaPDF_Signer_Module_OpenSslCli extends SetaPDF_Signer_Module { void setOpenSslPath ( mixed $openSslPath ) } Set the path to OpenSSL binaries. The default value is: /usr/bin/
Parameters
$openSslPath
The path to OpenSSL binaries.
Setasign 2010
Page 65 of 87
SetaPDF_Signer_Module_OpenSslCli::setSignCert()
Description
SetaPDF_Signer_Module_OpenSslCli extends SetaPDF_Signer_Module { void setSignCert ( string $signCert ) } With this method you have to set the certificate with which you want to sign the document.
Parameters
$signCert
An absolute path to the signing certificate file.
Setasign 2010
Page 66 of 87
SetaPDF_Signer_Module_OpenSslCli::setPrivateKey()
Description
SetaPDF_Signer_Module_OpenSslCli extends SetaPDF_Signer_Module { void setPrivateKey ( [string $privKey=null] ) } Define a private key file.
Parameters
$privKey
The absolute path to the private key file. It's not neccesarry to pass the private key apart if it is already included in the certificate, set with SetaPDF_Signer_Module_OpenSslCli::setSignCert(). To remove the private key property just omit this parameter or pass null.
Setasign 2010
Page 67 of 87
SetaPDF_Signer_Module_OpenSslCli:: setPrivateKeyPassword()
Description
SetaPDF_Signer_Module_OpenSslCli extends SetaPDF_Signer_Module { void setPrivateKeyPassword ( string $password ) } Set the password for the private key.
Parameters
$password
The password for the private key.
Setasign 2010
Page 68 of 87
SetaPDF_Signer_Module_OpenSslCli::setExtraCerts()
Description
SetaPDF_Signer_Module_OpenSslCli extends SetaPDF_Signer_Module { void setExtraCerts ( string $extraCerts ) } Let's you add extra certificates to include in the signature which can for example be used to help the recipient to verify the certificate that you used.
Parameters
$extraCerts
Specifies the name of a file containing the extra certificates.
Setasign 2010
Page 69 of 87
SetaPDF_Signer_Module_Ts_Abstract
An abstract class for timestamp modules.
Class Overview
File: SetaPDF_Signer_Module_Ts_Abstract
Child Classes
SetaPDF_Signer_Module_Ts_Curl
Methods
SetaPDF_Signer_Module_Ts_Abstract::setSignature() SetaPDF_Signer_Module_Ts_Abstract::getSignature() SetaPDF_Signer_Module_Ts_Abstract::getParsedSignature() SetaPDF_Signer_Module_Ts_Abstract::getHash() SetaPDF_Signer_Module_Ts_Abstract::setReqPolicy() SetaPDF_Signer_Module_Ts_Abstract::getReqPolicy() SetaPDF_Signer_Module_Ts_Abstract::setNonce() SetaPDF_Signer_Module_Ts_Abstract::getNonce() SetaPDF_Signer_Module_Ts_Abstract::setCertReq() SetaPDF_Signer_Module_Ts_Abstract::getCertReq() SetaPDF_Signer_Module_Ts_Abstract::_getTsq() SetaPDF_Signer_Module_Ts_Abstract::_getFinalSignature() SetaPDF_Signer_Module_Ts_Abstract::onSet() SetaPDF_Signer_Module_Ts_Abstract::createTimeStamp()
Setasign 2010
Page 70 of 87
SetaPDF_Signer_Module_Ts_Abstract::setSignature()
Description
SetaPDF_Signer_Module_Ts_Abstract { void setSignature ( string $signature ) } Sets the original signature. (automatically called from SetaPDF_Signer class)
Parameters
$signature
The BER encoded signature.
Version
as of version 1.5
Setasign 2010
Page 71 of 87
SetaPDF_Signer_Module_Ts_Abstract::getSignature()
Description
SetaPDF_Signer_Module_Ts_Abstract { string getSignature ( void ) } Gets the original signature.
Return value
The BER encoded signature.
Version
as of version 1.5
Setasign 2010
Page 72 of 87
...Signer_Module_Ts_Abstract::getParsedSignature()
Description
SetaPDF_Signer_Module_Ts_Abstract { Asn1_Type getParsedSignature ( void ) } Gets the signature in object form.
Return value
The signature in object form.
Version
as of version 1.5
Setasign 2010
Page 73 of 87
SetaPDF_Signer_Module_Ts_Abstract::getHash()
Description
SetaPDF_Signer_Module_Ts_Abstract { string getHash ( void ) } Gets the hash for the timestamp request.
Return value
The sha1-hash of the signed data.
Version
as of version 1.5
Setasign 2010
Page 74 of 87
SetaPDF_Signer_Module_Ts_Abstract::setReqPolicy()
Description
SetaPDF_Signer_Module_Ts_Abstract { void setReqPolicy ( string $reqPolicy ) } Sets the reqPolicy field in the timestamp request. The reqPolicy field, if set, indicates the TSA policy under which the TimeStampToken SHOULD be provided.
Parameters
$reqPolicy
The OID of the policy.
Version
as of version 1.5
Setasign 2010
Page 75 of 87
SetaPDF_Signer_Module_Ts_Abstract::getReqPolicy()
Description
SetaPDF_Signer_Module_Ts_Abstract { string getReqPolicy ( void ) } Gets the reqPolicy (OID) value.
Return value
The OID if set or NULL.
Version
as of version 1.5
Setasign 2010
Page 76 of 87
SetaPDF_Signer_Module_Ts_Abstract::setNonce()
Description
SetaPDF_Signer_Module_Ts_Abstract { void setNonce ( boolean $nonce ) } Define if the nonce field should be set or not.
Parameters
$nonce
True or false
Version
as of version 1.5
Setasign 2010
Page 77 of 87
SetaPDF_Signer_Module_Ts_Abstract::getNonce()
Description
SetaPDF_Signer_Module_Ts_Abstract { boolean getNonce ( void ) } Queries if nonce should be set.
Return value
True or false.
Version
as of version 1.5
Setasign 2010
Page 78 of 87
SetaPDF_Signer_Module_Ts_Abstract::setCertReq()
Description
SetaPDF_Signer_Module_Ts_Abstract { void setCertReq ( boolean $certReq ) } Set the certReq field.
Parameters
$certReq
True or false
Version
as of version 1.5
Setasign 2010
Page 79 of 87
SetaPDF_Signer_Module_Ts_Abstract::getCertReq()
Description
SetaPDF_Signer_Module_Ts_Abstract { string getCertReq ( void ) } Get the value of the certReq field.
Return value
If the field is set to true \xFF. If the field is not set \x00.
Version
as of version 1.5
Setasign 2010
Page 80 of 87
SetaPDF_Signer_Module_Ts_Abstract::_getTsq()
Description
SetaPDF_Signer_Module_Ts_Abstract { string _getTsq ( void ) } Creates the timestamp request/query.
Return value
The timestamp request in BER format.
Version
as of version 1.5
Setasign 2010
Page 81 of 87
SetaPDF_Signer_Module_Ts_Abstract::_getFinalSignature()
Description
SetaPDF_Signer_Module_Ts_Abstract { Asn1_Type _getFinalSignature ( Asn1_Type $tsToken ) } Attaches the timestamp token to the original signature and returns it.
Parameters
$tsToken
The timestamp token.
Return value
The signature including the timestamp token.
Version
as of version 1.5
Setasign 2010
Page 82 of 87
SetaPDF_Signer_Module_Ts_Abstract::onSet()
Description
SetaPDF_Signer_Module_Ts_Abstract { Asn1_Type onSet ( SetaPDF_Signer $signer ) } Will be called when ever the module is attached to the Signer class. In this method you can adjust some settings of the signer class like the signature content length.
Parameters
$signer
A SetaPDF_Signer instance.
Return value
The signature including the timestamp token.
Version
as of version 1.5
Setasign 2010
Page 83 of 87
SetaPDF_Signer_Module_Ts_Abstract::createTimeStamp()
Description
SetaPDF_Signer_Module_Ts_Abstract { string abstract createTimeStamp ( void ) } This method is an abstract method and have to be implemented later. It should request a timestamp token and returns the final signature.
Return value
The signature including the timestamp token in BER format.
Version
as of version 1.5
Setasign 2010
Page 84 of 87
SetaPDF_Signer_Module_Ts_Curl
A time stamp module, which uses curl for HTTP transport.
Class Overview
File: SetaPDF_Signer_Module_Ts_Abstract SetaPDF_Signer_Module_Ts_Curl
Methods
SetaPDF_Signer_Module_Ts_Curl::__construct() SetaPDF_Signer_Module_Ts_Curl::setCurlOpts() SetaPDF_Signer_Module_Ts_Curl::createTimeStamp()
Inherited Methods
Class: SetaPDF_Signer_Module_Ts_Abstract
SetaPDF_Signer_Module_Ts_Abstract::setSignature() SetaPDF_Signer_Module_Ts_Abstract::getSignature() SetaPDF_Signer_Module_Ts_Abstract::getParsedSignature() SetaPDF_Signer_Module_Ts_Abstract::getHash() SetaPDF_Signer_Module_Ts_Abstract::setReqPolicy() SetaPDF_Signer_Module_Ts_Abstract::getReqPolicy() SetaPDF_Signer_Module_Ts_Abstract::setNonce() SetaPDF_Signer_Module_Ts_Abstract::getNonce() SetaPDF_Signer_Module_Ts_Abstract::setCertReq() SetaPDF_Signer_Module_Ts_Abstract::getCertReq() SetaPDF_Signer_Module_Ts_Abstract::_getTsq() SetaPDF_Signer_Module_Ts_Abstract::_getFinalSignature() SetaPDF_Signer_Module_Ts_Abstract::onSet()
Setasign 2010
Page 85 of 87
SetaPDF_Signer_Module_Ts_Curl::__construct()
Description
SetaPDF_Signer_Module_Ts_Curl { void __construct ( string $url[, string $username=null[, string $password='']] ) } The constructor
Parameters
$url
URL of the time stamp server.
$username
Username if server requires http-auth
$password
Password if server requires http-auth
Version
as of version 1.5
Setasign 2010
Page 86 of 87
SetaPDF_Signer_Module_Ts_Curl::setCurlOpts()
Description
SetaPDF_Signer_Module_Ts_Curl { void setCurlOpts ( [boolean $verifyPeer=true[, boolean $verifyHost=true[, string $caInfo=null]]] ) } Sets some curl options.
Parameters
$verifyPeer
Value for CURLOPT_SSL_VERIFYPEER.
$verifyHost
Value for CURLOPT_SSL_VERIFYHOST.
$caInfo
Value for CURLOPT_CAINFO.
Version
as of version 1.5
Setasign 2010
Page 87 of 87