phpdftk API Documentation

TsaClient
in package

FinalYes

RFC 3161 Time-Stamp Authority (TSA) HTTP client.

Sends a TimeStampReq to a TSA server and returns the raw DER-encoded TimeStampToken suitable for embedding in a DocTimeStamp's /Contents entry.

The request is built using minimal ASN.1 DER encoding (no external ASN.1 library required). The hash algorithm defaults to SHA-256 (OID 2.16.840.1.101.3.4.2.1).

Usage: $tsa = new TsaClient('http://timestamp.example.com/tsa'); $token = $tsa->timestamp($dataToTimestamp);

For integration with PdfFileWriter's signing pipeline, use self::createTimestampSigner() which returns a closure compatible with the signer callback interface.

Tags
see
https://www.rfc-editor.org/rfc/rfc3161

RFC 3161

Table of Contents

Methods

__construct()  : mixed
buildTimeStampReq()  : string
Build an RFC 3161 TimeStampReq in DER format.
parseTimeStampResp()  : string
Parse an RFC 3161 TimeStampResp and extract the TimeStampToken.
timestamp()  : string
Request a timestamp token for the given data.

Methods

__construct()

public __construct(string $url[, string $hashAlgorithm = 'sha256' ][, string|null $username = null ][, string|null $password = null ][, int $timeout = 30 ][, bool $requestCert = true ]) : mixed
Parameters
$url : string

TSA server URL (HTTP or HTTPS)

$hashAlgorithm : string = 'sha256'

Hash algorithm: 'sha256', 'sha384', or 'sha512'

$username : string|null = null

HTTP Basic auth username (optional)

$password : string|null = null

HTTP Basic auth password (optional)

$timeout : int = 30

HTTP timeout in seconds

$requestCert : bool = true

Whether to request the TSA certificate in the response

buildTimeStampReq()

Build an RFC 3161 TimeStampReq in DER format.

public buildTimeStampReq(string $hash) : string

TimeStampReq ::= SEQUENCE { version INTEGER { v1(1) }, messageImprint MessageImprint, reqPolicy OBJECT IDENTIFIER OPTIONAL, nonce INTEGER OPTIONAL, certReq BOOLEAN DEFAULT FALSE, extensions [0] IMPLICIT Extensions OPTIONAL }

MessageImprint ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, hashedMessage OCTET STRING }

Parameters
$hash : string
Return values
string

parseTimeStampResp()

Parse an RFC 3161 TimeStampResp and extract the TimeStampToken.

public parseTimeStampResp(string $resp) : string

TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timeStampToken TimeStampToken OPTIONAL }

PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL }

PKIStatus ::= INTEGER { granted(0), grantedWithMods(1), rejection(2), waiting(3), revocationWarning(4), revocationNotification(5) }

Parameters
$resp : string
Return values
string

DER-encoded TimeStampToken (ContentInfo wrapping SignedData)

timestamp()

Request a timestamp token for the given data.

public timestamp(string $data) : string
Parameters
$data : string

The data to be timestamped (typically the signed byte ranges from the PDF)

Tags
throws
RuntimeException

on network error, invalid response, or TSA rejection

Return values
string

Raw DER-encoded TimeStampToken (RFC 3161 §2.4.2)


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results