-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support LTV and Timestamp #70
Conversation
Add last parameter for chain certs
And improve signature process . no need to write/read/parse tempfile in signing process.
test/signed_1.pdf
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All these files inside the test folder are necessary or did you forget to add an entry in the .gitignore
file??
Also signature.log
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all pdf is test result, no needed. will be removed.
signature.log no need here, only created in signing process.
you can disable it by set cms->writeLog to false
pdfsign.php
Outdated
@@ -18,39 +18,55 @@ | |||
You should have received a copy of the GNU Lesser General Public License | |||
along with this program. If not, see <https://www.gnu.org/licenses/>. | |||
*/ | |||
|
|||
echo "<pre>"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this html? or does it perform other functionality? really, I don't know, it's curiosity
This example changed a lot, it is no longer consistent with the others
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is html in webserver because currently i'm using windows. so no stty command.
next i'll try to use stty in windows, maybe via msys2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just add a .bat
, that would add support for windows, look at https://github.com/dealfonso/sapp/pull/52/files
https://github.com/dealfonso/sapp/blob/24eee11992dffee0077cc983d727ebb8f50950b3/stty.bat
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes i've got it. Thanks
pdfsign.php
Outdated
|
||
if ($argc !== 3) | ||
fwrite(STDERR, sprintf("usage: %s <filename> <certfile>", $argv[0])); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These examples are designed to be scripts executable by console, you execute them by sending the arguments, with this change only pre-established files are used
Look at this:
Lines 39 to 40 in 24eee11
// Silently prompt for the timestamp autority | |
fwrite(STDERR, "TSA(\"http://timestamp.digicert.com\"): "); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i have changed that. please check it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need help??
sure, of course.
remove logging function, use sapp default logging function
this PR looks great! thank you for your work! @parallels999 have you tried it? |
src/helpers/asn1.php
Outdated
*/ | ||
namespace ddn\sapp\helpers; | ||
|
||
class asn1 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally the classes had individual files, I don't know why you unified everything in a single file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry about that. as I said, I'm not so familiar with namespaces and class autoload.
migrate asn1 class functions to dynamic functions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please, remove the files in the examples folder
src/helpers/asn1.php
Outdated
} | ||
// =====End ASN.1 Builder section===== | ||
} | ||
?> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a suggestion, in PHP you don't need to close when it's just a class file, you only need to leave a line break as end of file
This does not affect the code in any way, it is just a standard (it seems to me)
-?>
+
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. And does it also apply to bracket for if
else
in eg: pdfsign.php?
sometime its makes me confusing to find the boundary.
-change some message text. -set default $ocspUrl & $crl to prevent php notice message append in pdf result
Small fixes
calculated __SIGNATURE_MAX_LENGTH exactly. no longer waste signature space with zero padding.
- support path validation (unlimited) - removed ocsp, crl and issuer parameter (because it is difficult to implement if the certificate has a long path)
i have updated, but already implement that. feel free to change/remove if it needless. |
I actually went to the trouble of separating it for a good reason. |
@erikn69 I think with single merged script we can add or pass tsa. just set tsa url parameter to empty to bypass it? cmiiw.. |
|
also because i have removed optional ltv arguments such ocsp, crl & issuer, because it is difficult to implement if the certificate has a long path. except these arguments refer to a path containts many crl & issuer cert, so the script will search in it. |
The idea of the example scripts is to show a specific functionality, not to add them as a group. For example, if I want to test TSA, it immediately adds LTV to me But @dealfonso decides 👍 |
I don't want to remove remove default value, but how to bypass timestamping without removing that? any idea? |
Support <extracerts.pem> on array
That's why I created 2 separate scripts, |
umm i just remember that my reason to merged is when we need to perform ltv+timestamping. before merged i can do just timestamp only or ltv only. And to append timestamp token to existing signature we need to signing again caused message digest has changed. |
Great job and thank you for the new features!! |
Add Support for Long Term Validation and Timestamping.
Also skip tempfile requirement at signing process to improve performance and efficiency.