SetaPDF-Signer component module for the Azure Key Vault.

This package offers a module for the SetaPDF-Signer component that allow you to use the Azure Key Vault by Microsoft to digital sign PDF documents in pure PHP.

Requirements

To use this package you need credentials for the Azure Key Vault Service.

This package is developed and tested on PHP >= 7.2 up to PHP 8.5. Requirements of the SetaPDF-Signer component can be found here.

We're using PSR-17 (HTTP Factories) and PSR-18 (HTTP Client) for the requests. So you'll need an implementation of these. We recommend using Guzzle:

    "require" : {
        "guzzlehttp/guzzle": "^7.0",
        "http-interop/http-factory-guzzle": "^1.0"
    }

Installation

Add following to your composer.json:

{
    "require": {
        "setasign/setapdf-signer-addon-azure-keyvault": "^2.0"
    },
    "repositories": [
        {
            "type": "composer",
            "url": "https://www.setasign.com/downloads/"
        }
    ]
}

and execute composer update. You need to define the repository to evaluate the dependency to the SetaPDF-Signer component (see here for more details).

The Setasign repository requires authentication data: You can use your credentials of your account at setasign.com to which your licenses are assigned or use an access token which you can create in your personal composer settings on setasign.com. See here for more options for authentication with composer.

Without Composer

It's recommend to use composer otherwise you have to resolve the depency tree manually. You will require:

• SetaPDF-Signer component
• PSR-7 interfaces
• PSR-17 interfaces
• PSR-18 interfaces
• PSR-7 implementation like Guzzle PSR-7
• PSR-17 implementation like HTTP Factory for Guzzle
• PSR-18 implementation like Guzzle

Make sure, that the SetaPDF-Signer component is installed and its autoloader is registered correctly.

Then simply require the src/autoload.php file or register this package in your own PSR-4 compatible autoload implementation:

$loader = new \Example\Psr4AutoloaderClass;
$loader->register();
$loader->addNamespace('setasign\SetaPDF\Signer\Module\AzureKeyVault', 'path/to/src/');

Usage

All classes in this package are located in the namespace setasign\SetaPDF\Signer\Module\AzureKeyVault.

The Module class

This is the main signature module which can be used with the SetaPDF-Signer component. Its constructor requires 6 arguments:

• $vaultBaseUrl The base url of your key vault.
• $certificateName The name of your key.
• $certificateVersion The version of your key.
• $httpClient PSR-18 HTTP Client implementation.
• $requestFactory PSR-17 HTTP Factory implementation.
• $streamFactory PSR-17 HTTP Factory implementation.

A simple complete signature process would look like this:

use setasign\SetaPDF2\Core\Document;
use setasign\SetaPDF2\Core\Writer\FileWriter;
use setasign\SetaPDF2\Signer\Signer;

$httpClient = new GuzzleHttp\Client([
    'http_errors' => false,
    //'verify' => './cacert.pem'
]);

$azureModule = new setasign\SetaPDF\Signer\Module\AzureKeyVault\Module(
    $vaultBaseUrl,
    $certificateName,
    $certificateVersion,
    $httpClient,
    new Http\Factory\Guzzle\RequestFactory(),
    new Http\Factory\Guzzle\StreamFactory()
);

$token = $azureModule->createTokenBySharedSecret($tenantId, $appClientId, $appClientSecret);
$azureModule->setAccessToken($token['accessToken']);

// the file to sign
$fileToSign = __DIR__ . '/Laboratory-Report.pdf';

// create a writer instance
$writer = new FileWriter('signed.pdf');
// create the document instance
$document = Document::loadByFilename($fileToSign, $writer);

// create the signer instance
$signer = new Signer($document);
$azureModule->setSignatureAlgorithm($alg);
$signer->sign($azureModule);

License

This package is open-sourced software licensed under the MIT license.