authentin / eusig-bundle
Symfony bundle for authentin/eusig — eIDAS signing with DI, config, and autowiring
Maintainers
Package info
github.com/authentin/eusig-bundle
Type:symfony-bundle
pkg:composer/authentin/eusig-bundle
Requires
- php: >=8.2
- authentin/eusig: ^0.1
- symfony/config: ^6.4 || ^7.0 || ^8.0
- symfony/dependency-injection: ^6.4 || ^7.0 || ^8.0
- symfony/http-kernel: ^6.4 || ^7.0 || ^8.0
Requires (Dev)
- nyholm/psr7: ^1.8
- phpunit/phpunit: ^11.0
- symfony/http-client: ^6.4 || ^7.0 || ^8.0
- symfony/phpunit-bridge: ^6.4 || ^7.0 || ^8.0
README
Symfony bundle for authentin/eusig — adds DI, configuration, and autowiring for eIDAS-compliant electronic signatures.
Installation
composer require authentin/eusig-bundle
You also need a PSR-18 HTTP client and PSR-17 factories:
composer require symfony/http-client nyholm/psr7
Prerequisites
A running EU DSS instance:
docker run -d -p 8080:8080 ghcr.io/authentin/dss:latest
Configuration
# config/packages/eusig.yaml eusig: dss: base_url: '%env(DSS_BASE_URL)%' # Required. e.g. http://localhost:8080/services/rest token: # Optional. Omit if you only need validation. type: pkcs12 # Currently supported: pkcs12 path: '%env(PKCS12_PATH)%' # Path to the .p12 keystore file password: '%env(PKCS12_PASSWORD)%' # Keystore password (use env vars!) defaults: # Optional. Sensible defaults are provided. signature_level: PAdES_BASELINE_B # Any value from SignatureLevel enum digest_algorithm: SHA256 # Any value from DigestAlgorithm enum
Autowired services
The bundle registers these services, available via autowiring:
| Interface | Service | Always available |
|---|---|---|
SigningClientInterface |
DSS signing client | Yes |
ValidatorInterface |
DSS validator | Yes |
TokenInterface |
PKCS#12 token | Only when token is configured |
SignerInterface |
Signer (signing client + token) | Only when token is configured |
Usage
Signing a PDF
use Authentin\Eusig\Contract\SignerInterface; use Authentin\Eusig\Model\Document; use Authentin\Eusig\Model\SignatureLevel; use Authentin\Eusig\Model\SignatureParameters; use Symfony\Component\HttpFoundation\Response; class SignController { public function __invoke(SignerInterface $signer): Response { $signed = $signer->sign( Document::fromLocalFile('/path/to/document.pdf'), new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_B), ); return new Response($signed->content, 200, [ 'Content-Type' => 'application/pdf', 'Content-Disposition' => 'attachment; filename="signed.pdf"', ]); } }
Validating a signature
use Authentin\Eusig\Contract\ValidatorInterface; use Authentin\Eusig\Model\Document; class ValidateController { public function __invoke(ValidatorInterface $validator): Response { $result = $validator->validateSignature( Document::fromLocalFile('/path/to/signed.pdf'), ); return $this->json([ 'valid' => $result->valid, 'signatures' => $result->signaturesCount, ]); } }
Extending a signature
use Authentin\Eusig\Contract\SigningClientInterface; use Authentin\Eusig\Model\Document; use Authentin\Eusig\Model\SignatureLevel; use Authentin\Eusig\Model\SignatureParameters; class ExtendController { public function __invoke(SigningClientInterface $signingClient): Response { $extended = $signingClient->extendDocument( Document::fromLocalFile('/path/to/signed.pdf'), new SignatureParameters(signatureLevel: SignatureLevel::PAdES_BASELINE_T), ); $extended->saveToFile('/path/to/extended.pdf'); // ... } }
Custom token
To use a different signing backend (HSM, remote provider), implement TokenInterface and register it:
# config/services.yaml services: App\Signing\MyHsmToken: tags: ['authentin.eusig.token'] Authentin\Eusig\Contract\TokenInterface: alias: App\Signing\MyHsmToken
Then omit the token section from eusig.yaml — the bundle will use your service.
Standalone usage
For non-Symfony projects, use authentin/eusig directly.
License
MIT