feat: implement TSA

Was used a hardcoded TSA server and without authentication for now

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

lib/Handler/SignEngine/JSignPdfHandler.php

@@ -408,11 +408,18 @@ private function listParamsToString(array $params): string {
 
 	private function signWrapper(JSignPDF $jSignPDF): string {
 		try {
+			$params = [
+				'--hash-algorithm' => $this->getHashAlgorithm(),
+				'--tsa-server-url' => $this->appConfig->getValueString(Application::APP_ID, 'tsa_url', ''),
+			];
+			if (empty($params['--tsa-server-url'])) {
+				unset($params['--tsa-server-url']);
+			}
 			$param = $this->getJSignParam();
 			$param
 				->setJSignParameters(
 					$this->jSignParam->getJSignParameters()
-					. ' --hash-algorithm ' . $this->getHashAlgorithm()
+					. $this->listParamsToString($params)
 				);
 			$jSignPDF->setParam($param);
 			return $jSignPDF->sign();

lib/Handler/SignEngine/Pkcs12Handler.php

@@ -99,17 +99,26 @@ public function getCertificateChain($resource): array {
 				continue;
 			}
 
-			if (!isset($fromFallback['signingTime'])) {
-				// Probably the best way to do this would be:
-				// ASN1::asn1map($decoded[0], Maps\TheMapName::MAP);
-				// But, what's the MAP to use?
-				//
-				// With maps also could be possible read all certificate data and
-				// maybe discart openssl at  this pint
-				try {
-					$decoded = ASN1::decodeBER($signature);
-					$certificates[$signerCounter]['signingTime'] = $decoded[0]['content'][1]['content'][0]['content'][4]['content'][0]['content'][3]['content'][1]['content'][1]['content'][0]['content'];
-				} catch (\Throwable) {
+			$tsa = new TSA();
+			$decoded = ASN1::decodeBER($signature);
+			try {
+				$certificates[$signerCounter]['timestamp'] = $tsa->extract($decoded);
+			} catch (\Throwable $e) {
+			}
+
+			if (!isset($fromFallback['signingTime']) || !$fromFallback['signingTime'] instanceof \DateTime) {
+				$certificates[$signerCounter]['signingTime'] = $tsa->getSigninTime($decoded);
+				if (!$certificates[$signerCounter]['signingTime'] instanceof \DateTime) {
+					// Probably the best way to do this would be:
+					// ASN1::asn1map($decoded[0], Maps\TheMapName::MAP);
+					// But, what's the MAP to use?
+					//
+					// With maps also could be possible read all certificate data and
+					// maybe discart openssl at  this pint
+					try {
+						$certificates[$signerCounter]['signingTime'] = $decoded[0]['content'][1]['content'][0]['content'][4]['content'][0]['content'][3]['content'][1]['content'][1]['content'][0]['content'];
+					} catch (\Throwable) {
+					}
 				}
 			}