setasign/setapdf-signer-x509-pdo-collection
Composer 安装命令:
composer require setasign/setapdf-signer-x509-pdo-collection
包简介
A X509\CollectionInterface implementation that uses PDO under the hood.
README 文档
README
An example X509\CollectionInterface implementation that uses PDO
under the hood.
During the development two additional interfaces were implemented in SetaPDF and used in this
project to get the best performance: X509\Collection\FindBySubjectKeyIdentifierInterface
and X509\Collection\FindByKeyHashInterface.
This implementation shows how you can use a database as a source of e.g. trusted certificates
for the ValidationRelatedInfo\Collector class.
For testing we use the certificate of the EUTL, Swiss Trust List and AATL. The trust lists are resolved by
the setasign/trust-list-fetcher project.
Please make sure, that you implement your own update mechanism to keep the list up-to-date!
The database table structure
The implementation is technically independent to a database backend. It only requires a table with following columns, types and indexes:
| Column | Type | Index / PK | Info |
|---|---|---|---|
| tlVersion | varchar(400) | PK (tlVersion + digest) | A trust list version identifiaction |
| digest | char(20) | PK (tlVersion + digest) | The hash (SHA-1) of the certificate |
| keyHash | char(20) | Index | The hash (SHA-1) of the public key |
| subject | varchar(400) | Index | Longest subject in the EUTL is actually 274 bytes long. |
| issuer | varchar(400) | Index | Longest issuer in the EUTL is actually 244 bytes long. |
| validFrom | uint(11) | A unix timestamp | |
| validTo | uint(11) | A unix timestamp | |
| serialNumber | varchar(42) | Hexadecimal string | |
| subjectKeyIdentifier | varchar(64) | Index | Hexadecimal string |
| certificate | varchar(6000) | The PEM encoded certificate (Largest certificate in the EUTL is e.g. 4381 bytes). | |
| origin | varchar(10) | An unique identification of the origin. |
We use SQLite for testing purpose. You can find the script that creates the table here and fills it with certificates of the EUTL.
Usage
Just create an instance of the PdoCollection class and pass it to e.g. the trusted
certificates' collection:
$path = 'sqlite:path/to/db.sqlite'; $dbh = new PDO($path); $collection = new PdoCollection($dbh, '<VERSION-IDENTIFIER>'); $collector = new ValidationRelatedInfo\Collector(); $collector->getTrustedCertificates()->add($collection); // ...
Please note that this class is only an example implementation and we build it in the
setasign\SetaPDF2\Demos\Signer\X509\Collection namespace to show that it is only a
demonstration. You should create your own implementation in your own namespace.
How to run the examples
For demonstration purpose we added demos, which rely on an SQLite database.
You have to execute the script /examples/create-tbl.php to create the SQLite
database in the /assets folder and import all certificates of the EUTL and AATL
into it. The script will also write a timestamp into the file
/assets/version.data which is later used by all examples as its trust list
version identification.
Then you can simply execute any other script in the /examples folder.
What's the syntax of subject and issuer?
As such collection instances are mostly used internally by the SetaPDF-Signer component, the
subject and issuer strings are internally generated by the DistinguishedName::getAsString()
method based on an underlying ASN.1 structure.
This method makes use of a static DistinguishedName::$separator property, which is used to
separate the individual parts of the name. This static property has to be kept in sync with
how the data were stored in the database.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 8
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-27