Support LTV and Timestamp #70
Conversation
Add last parameter for chain certs
And improve signature process . no need to write/read/parse tempfile in signing process.
test/signed_1.pdf
Outdated
There was a problem hiding this comment.
All these files inside the test folder are necessary or did you forget to add an entry in the .gitignore file??
Also signature.log?
There was a problem hiding this comment.
all pdf is test result, no needed. will be removed.
signature.log no need here, only created in signing process.
you can disable it by set cms->writeLog to false
pdfsign.php
Outdated
| @@ -18,39 +18,55 @@ | |||
| You should have received a copy of the GNU Lesser General Public License | |||
| along with this program. If not, see <https://www.gnu.org/licenses/>. | |||
| */ | |||
|
|
|||
| echo "<pre>"; | |||
There was a problem hiding this comment.
Is this html? or does it perform other functionality? really, I don't know, it's curiosity
This example changed a lot, it is no longer consistent with the others
There was a problem hiding this comment.
this is html in webserver because currently i'm using windows. so no stty command.
next i'll try to use stty in windows, maybe via msys2.
There was a problem hiding this comment.
Just add a .bat, that would add support for windows, look at https://github.com/dealfonso/sapp/pull/52/files
https://github.com/dealfonso/sapp/blob/24eee11992dffee0077cc983d727ebb8f50950b3/stty.bat
There was a problem hiding this comment.
yes i've got it. Thanks
pdfsign.php
Outdated
|
|
||
| if ($argc !== 3) | ||
| fwrite(STDERR, sprintf("usage: %s <filename> <certfile>", $argv[0])); |
There was a problem hiding this comment.
These examples are designed to be scripts executable by console, you execute them by sending the arguments, with this change only pre-established files are used
Look at this:
Lines 39 to 40 in 24eee11
There was a problem hiding this comment.
i have changed that. please check it
There was a problem hiding this comment.
Do you need help??
sure, of course.
remove logging function, use sapp default logging function
|
this PR looks great! thank you for your work! @parallels999 have you tried it? |
src/helpers/asn1.php
Outdated
| */ | ||
| namespace ddn\sapp\helpers; | ||
|
|
||
| class asn1 { |
There was a problem hiding this comment.
Originally the classes had individual files, I don't know why you unified everything in a single file
There was a problem hiding this comment.
sorry about that. as I said, I'm not so familiar with namespaces and class autoload.
migrate asn1 class functions to dynamic functions
src/helpers/asn1.php
Outdated
| } | ||
| // =====End ASN.1 Builder section===== | ||
| } | ||
| ?> |
There was a problem hiding this comment.
Just a suggestion, in PHP you don't need to close when it's just a class file, you only need to leave a line break as end of file
This does not affect the code in any way, it is just a standard (it seems to me)
-?>
+There was a problem hiding this comment.
Thanks. And does it also apply to bracket for if else in eg: pdfsign.php?
sometime its makes me confusing to find the boundary.
-change some message text. -set default $ocspUrl & $crl to prevent php notice message append in pdf result
Small fixes
calculated __SIGNATURE_MAX_LENGTH exactly. no longer waste signature space with zero padding.
- support path validation (unlimited) - removed ocsp, crl and issuer parameter (because it is difficult to implement if the certificate has a long path)
i have updated, but already implement that. feel free to change/remove if it needless. |
|
I actually went to the trouble of separating it for a good reason. |
|
@erikn69 I think with single merged script we can add or pass tsa. just set tsa url parameter to empty to bypass it? cmiiw.. |
|
|
also because i have removed optional ltv arguments such ocsp, crl & issuer, because it is difficult to implement if the certificate has a long path. except these arguments refer to a path containts many crl & issuer cert, so the script will search in it. |
|
The idea of the example scripts is to show a specific functionality, not to add them as a group. For example, if I want to test TSA, it immediately adds LTV to me But @dealfonso decides 👍 |
I don't want to remove remove default value, but how to bypass timestamping without removing that? any idea? |
Support <extracerts.pem> on array
That's why I created 2 separate scripts, |
umm i just remember that my reason to merged is when we need to perform ltv+timestamping. before merged i can do just timestamp only or ltv only. And to append timestamp token to existing signature we need to signing again caused message digest has changed. |
|
Great job and thank you for the new features!! |
Add Support for Long Term Validation and Timestamping.
Also skip tempfile requirement at signing process to improve performance and efficiency.