PHPackages                             nexxai/laravel-freetsa - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. nexxai/laravel-freetsa

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

nexxai/laravel-freetsa
======================

A simple FreeTSA package for Laravel

v1.0.1(3mo ago)02↑2900%[1 PRs](https://github.com/nexxai/laravel-freetsa/pulls)MITPHPPHP ^8.3CI passing

Since Apr 3Pushed 2mo agoCompare

[ Source](https://github.com/nexxai/laravel-freetsa)[ Packagist](https://packagist.org/packages/nexxai/laravel-freetsa)[ Docs](https://github.com/nexxai/laravel-freetsa)[ GitHub Sponsors](https://github.com/nexxai)[ RSS](/packages/nexxai-laravel-freetsa/feed)WikiDiscussions main Synced 3mo ago

READMEChangelog (6)Dependencies (16)Versions (4)Used By (0)

Laravel RFC3161
===============

[](#laravel-rfc3161)

[![Latest Version on Packagist](https://camo.githubusercontent.com/911189da73041c6e34d024e51643f2261ef9de699b52b81cd1fbc3b6590fa888/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6e65787861692f6c61726176656c2d667265657473612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/nexxai/laravel-freetsa)[![GitHub Tests Action Status](https://camo.githubusercontent.com/d1425bdc5784bbcca1b1465f3c458af8486ae14aa01716c4c8a69501613b7a5a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6e65787861692f6c61726176656c2d667265657473612f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/nexxai/laravel-freetsa/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/b08d88ef3d4c7d8bc2cd3c6cabe263803959735a911c28e4faa627630466b59f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6e65787861692f6c61726176656c2d667265657473612f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/nexxai/laravel-freetsa/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/2554c3c4802da107de13a6da382e62de44ebc13761d5ac3d92d14584e698cbe4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6e65787861692f6c61726176656c2d667265657473612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/nexxai/laravel-freetsa)

`nexxai/laravel-rfc3161` is a thin Laravel interface for RFC 3161 timestamp providers. It creates timestamp requests, sends them to your selected provider, stores the request/response binary payloads, and verifies responses with provider-specific certificates.

Breaking Changes
----------------

[](#breaking-changes)

- The package namespace changed from `Nexxai\\FreeTsa\\...` to `Nexxai\\Rfc3161\\...`.
- Update all imports, config class references, and type hints to the new namespace.

Installation
------------

[](#installation)

### Requirements

[](#requirements)

- PHP must be able to execute an `openssl` CLI binary for RFC 3161 verification.
- By default this package calls `openssl` from your `PATH`; set `TIMESTAMP_OPENSSL_BINARY` if your binary lives elsewhere.

You can install the package via composer:

```
composer require nexxai/laravel-rfc3161
```

You can publish and run the migrations with:

```
php artisan vendor:publish --tag="rfc3161-migrations"
php artisan migrate
```

Add the package trait to your model so it gets the `timestampRecords()` polymorphic relationship:

```
use Nexxai\Rfc3161\Concerns\HasRfc3161Timestamps;

class User extends Authenticatable
{
    use HasRfc3161Timestamps;
}
```

You can publish the config file with:

```
php artisan vendor:publish --tag="rfc3161-config"
```

This is the contents of the published config file:

```
return [
    'default_provider' => env('TIMESTAMP_PROVIDER', \Nexxai\Rfc3161\Providers\FreeTsa::class),
    'hash_algorithm' => env('TIMESTAMP_HASH_ALGORITHM', 'sha512'),
    'openssl_binary' => env('TIMESTAMP_OPENSSL_BINARY', 'openssl'),
    'validate_certificate_chain' => env('TIMESTAMP_VALIDATE_CERTIFICATE_CHAIN', true),
    'certificates' => [
        'directory' => env('TIMESTAMP_CERTIFICATES_DIRECTORY', storage_path('app/timestamp/certificates')),
    ],
];
```

Provider endpoints and certificate chains are built into provider classes and are not user-configurable.

Set `TIMESTAMP_PROVIDER` to a provider class (for example `Nexxai\\Rfc3161\\Providers\\DigiCert`) to choose the default provider.

When overriding the provider in code, pass a provider object (for example `new DigiCert()`).

Before timestamp verification, download and store trusted certificates for your provider:

```
php artisan timestamp:download-certificates
```

If certificates are missing, verification will throw an exception with this command.

The package requests certificate inclusion in each TSQ (`-cert`) and, during verification, prefers the certificate chain embedded in the TSR for per-response validation. Local provider certificates are used as trust anchors (`-CAfile`) and as a fallback untrusted chain when a TSR does not include certificates.

When `TIMESTAMP_VALIDATE_CERTIFICATE_CHAIN=true`, the package validates trusted local certificates before requests and verification. If validation fails, it attempts one fresh re-download for that provider and throws an exception if validation still fails.

Usage
-----

[](#usage)

`timestampFile()` is a method on the Eloquent model (`Nexxai\Rfc3161\Models\Timestamp`), not the facade (`Nexxai\Rfc3161\Facades\Timestamp`).

If you need both in the same file, alias them so calls stay explicit:

```
use Nexxai\Rfc3161\Models\Timestamp as TimestampRecord;
use Nexxai\Rfc3161\Facades\Timestamp as TimestampFacade;

$timestamp = TimestampRecord::timestampFile($filePath, $invoice);
$rawResponse = TimestampFacade::requestTimestamp($filePath);
```

```
use App\Models\Invoice;
use Nexxai\Rfc3161\Models\Timestamp;
use Nexxai\Rfc3161\Providers\DigiCert;

$invoice = Invoice::findOrFail(1);

// Creates a TSQ from file content, sends it to your configured default provider, and stores TSQ/TSR binary payloads.
$timestamp = Timestamp::timestampFile(
    storage_path('app/invoices/invoice-2026-04.pdf'),
    $invoice,
);

// You can choose a specific provider per request.
$timestamp = Timestamp::timestampFile(
    storage_path('app/invoices/invoice-2026-04.pdf'),
    $invoice,
    new DigiCert(),
);

// Verify stored query and response with locally downloaded provider certificates.
$isValid = $timestamp->verify();

// You can also verify explicit query/response data.
$isValid = $timestamp->verify($customTsqBinary, $customTsrBinary);
```

The `timestamps` table includes a nullable polymorphic relation (`timestampable_type`, `timestampable_id`) so any Eloquent model can own many timestamp records.

After adding the trait, access records with `$user->timestampRecords` (or call `$user->timestampRecords()` for the relation query).

Testing
-------

[](#testing)

```
composer test
```

Releases
--------

[](#releases)

This package uses Release Please to create and publish semver releases from `main`.

Use Conventional Commits in merged PRs so the version bump is predictable:

- `fix: ...` -&gt; patch release (`x.y.Z`)
- `feat: ...` -&gt; minor release (`x.Y.0`)
- `feat!: ...` or a `BREAKING CHANGE:` footer -&gt; major release (`X.0.0`)

Example:

```
feat: add certificate download command
fix: handle missing cert files before verify
feat!: rename timestampFile API to createFromFile

```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

Security Vulnerabilities
------------------------

[](#security-vulnerabilities)

Please review [our security policy](../../security/policy) on how to report security vulnerabilities.

Credits
-------

[](#credits)

- [JT Smith](https://github.com/nexxai)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

38

—

LowBetter than 83% of packages

Maintenance84

Actively maintained with recent releases

Popularity3

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 92.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

92d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/4316564?v=4)[JT Smith](/maintainers/nexxai)[@nexxai](https://github.com/nexxai)

---

Top Contributors

[![nexxai](https://avatars.githubusercontent.com/u/4316564?v=4)](https://github.com/nexxai "nexxai (26 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (2 commits)")

---

Tags

laravelnexxailaravel-freetsa

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/nexxai-laravel-freetsa/health.svg)

```
[![Health](https://phpackages.com/badges/nexxai-laravel-freetsa/health.svg)](https://phpackages.com/packages/nexxai-laravel-freetsa)
```

###  Alternatives

[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[spatie/laravel-health

Monitor the health of a Laravel application

87512.0M167](/packages/spatie-laravel-health)[pressbooks/pressbooks

Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS.

45444.2k1](/packages/pressbooks-pressbooks)[api-platform/laravel

API Platform support for Laravel

58171.8k14](/packages/api-platform-laravel)[simplestats-io/laravel-client

Server-side analytics for Laravel that follows the full funnel from visit to registration to payment, attributed to the channel that drove it. Revenue, MRR, churn and ad-spend profit (ROAS/CAC) per channel. GDPR compliant, ad-blocker proof.

5022.0k](/packages/simplestats-io-laravel-client)[spatie/laravel-export

Create a static site bundle from a Laravel app

674146.0k6](/packages/spatie-laravel-export)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
