} } // If the user was redirected here by upload.php (signature with file uploaded by user), the "userfile" URL argument // will contain the filename under the uploads/ folder. Otherwise (signature with server file), we'll sign a sample // document. $pdfPath = isset($_GET['userfile']) ? 'uploads/' . $_GET['userfile'] . '.pdf' : 'content/SampleDocument.pdf'; // Instantiate the PadesSignatureStarter class, responsible for receiving the signature elements and start the signature // process $signatureStarter = new PadesSignatureStarter(getRestPkiClient()); // Set the path of PDF to be signed. The file will be read with the standard file_get_contents() function, so the same // path rules apply. $signatureStarter->setPdfToSignPath($pdfPath); // Set the signature policy $signatureStarter->setSignaturePolicy(StandardSignaturePolicies::PADES_BASIC); // Set a SecurityContext to be used to determine trust in the certificate chain $signatureStarter->setSecurityContext(StandardSecurityContexts::PKI_BRAZIL); // Note: By changing the SecurityContext above you can accept only certificates from a certain PKI, for instance, // ICP-Brasil (\Lacuna\StandardSecurityContexts::PKI_BRAZIL). // Set the visual representation for the signature $signatureStarter->setVisualRepresentation(['text' => ['text' => 'Signed by {{signerName}} ({{signerNationalId}})', 'includeSigningTime' => true, 'horizontalAlign' => 'Left'], 'image' => ['resource' => ['content' => base64_encode(file_get_contents('content/PdfStamp.png')), 'mimeType' => 'image/png'], 'opacity' => 50, 'horizontalAlign' => 'Right'], 'position' => getVisualRepresentationPosition(3)]); // Call the startWithWebPki() method, which initiates the signature. This yields the token, a 43-character // case-sensitive URL-safe string, which identifies this signature process. We'll use this value to call the // signWithRestPki() method on the Web PKI component (see javascript below) and also to complete the signature after // the form is submitted (see file pades-signature-action.php). This should not be mistaken with the API access token. $token = $signatureStarter->startWithWebPki(); // The token acquired above can only be used for a single signature attempt. In order to retry the signature it is // necessary to get a new token. This can be a problem if the user uses the back button of the browser, since the // browser might show a cached page that we rendered previously, with a now stale token. To prevent this from happening, // we call the function setExpiredPage(), located in util.php, which sets HTTP headers to prevent caching of the page. setExpiredPage(); ?>