Support LTV and Timestamp

[hidasw]

Add Support for Long Term Validation and Timestamping. Also skip tempfile requirement at signing process to improve performance and efficiency.

[dealfonso]

this PR looks great! thank you for your work!

@parallels999 have you tried it?

[hidasw]

Why did you close it?

sorry i dont know why it closed, i just refresh browser and this PR closed. reopen it.

[hidasw]

Ok next time. Cz little busy at this time. And note that this currently validate only signer certificate, not intermediate or multiple certificate path (no problem, just make validation function to loop until reach root ca. I'll manager it later). I'm also interested if we can define signature max length before signing. So we can define this size exactly instead set large size and padding excess space to zero. I think do signing twice just affect little performance since no need to write temp files. This improve efficiency on size. How about it?

[erikn69]

I'm also interested if we can define signature max length before signing

Those optimizations would be better in a separate PR

[hidasw]

What I do not like from these changes is that those scripts that are included here are supposed to be simple examples.

umm I think this still simple, we can ignore other optional arguments (tsa/ltv) and signing will done without that. Dont know the better way to manage some arguments and what arguments should to add... any suggestions would be very helpful.

[hidasw]

I'm also interested if we can define signature max length before signing

Those optimizations would be better in a separate PR

i have updated, but already implement that. feel free to change/remove if it needless.

[erikn69]

merged pdfsignltv.php & pdfsigntsa.php

I actually went to the trouble of separating it for a good reason. They can be used separately, That's why I created examples for each one. and in this way you can no longer send arguments to LTV

[hidasw]

@erikn69 I think with single merged script we can add or pass tsa. just set tsa url parameter to empty to bypass it? cmiiw..

[erikn69]

?: "http://timestamp.digicert.com"; you removed the default value, but on the text shows digicert as default

https://github.com/erikn69/sapp/commit/ac6ae194672601197027574dcea7ba0f6c24a642

[hidasw]

merged pdfsignltv.php & pdfsigntsa.php

I actually went to the trouble of separating it for a good reason. They can be used separately, That's why I created examples for each one. and in this way you can no longer send arguments to LTV

also because i have removed optional ltv arguments such ocsp, crl & issuer, because it is difficult to implement if the certificate has a long path. except these arguments refer to a path containts many crl & issuer cert, so the script will search in it.

[erikn69]

The idea of ​​the example scripts is to show a specific functionality, not to add them as a group.

For example, if I want to test TSA, it immediately adds LTV to me

But @dealfonso decides 👍

[hidasw]

?: "http://timestamp.digicert.com"; you removed the default value, but on the text shows digicert as default

erikn69@ac6ae19

I don't want to remove remove default value, but how to bypass timestamping without removing that? any idea?

[erikn69]

but how to bypass timestamping without removing that? any idea?

That's why I created 2 separate scripts, but let's leave it like this, this does not affect the functionality

[hidasw]

but how to bypass timestamping without removing that? any idea?

That's why I created 2 separate scripts, but let's leave it like this, this does not affect the functionality

umm i just remember that my reason to merged is when we need to perform ltv+timestamping. before merged i can do just timestamp only or ltv only. And to append timestamp token to existing signature we need to signing again caused message digest has changed.

[dealfonso]

Great job and thank you for the new features!!