sop / x509

lib/X509/Certificate/Extension/IssuerAlternativeNameExtension.php

Indentation +46 added lines, -46 removed lines

@@ -15,54 +15,54 @@
  */
 class IssuerAlternativeNameExtension extends Extension
 {
-    /**
-     * Names.
-     *
-     * @var GeneralNames
-     */
-    protected $_names;
+	/**
+	 * Names.
+	 *
+	 * @var GeneralNames
+	 */
+	protected $_names;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param GeneralNames $names
-     */
-    public function __construct(bool $critical, GeneralNames $names)
-    {
-        parent::__construct(self::OID_ISSUER_ALT_NAME, $critical);
-        $this->_names = $names;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param GeneralNames $names
+	 */
+	public function __construct(bool $critical, GeneralNames $names)
+	{
+		parent::__construct(self::OID_ISSUER_ALT_NAME, $critical);
+		$this->_names = $names;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical)
-    {
-        return new self($critical,
-            GeneralNames::fromASN1(
-                UnspecifiedType::fromDER($data)->asSequence()));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical)
+	{
+		return new self($critical,
+			GeneralNames::fromASN1(
+				UnspecifiedType::fromDER($data)->asSequence()));
+	}
     
-    /**
-     * Get names.
-     *
-     * @return GeneralNames
-     */
-    public function names(): GeneralNames
-    {
-        return $this->_names;
-    }
+	/**
+	 * Get names.
+	 *
+	 * @return GeneralNames
+	 */
+	public function names(): GeneralNames
+	{
+		return $this->_names;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        return $this->_names->toASN1();
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		return $this->_names->toASN1();
+	}
 }

lib/X509/Certificate/Extension/ExtendedKeyUsageExtension.php

Indentation +120 added lines, -120 removed lines

@@ -14,133 +14,133 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.1.12
  */
 class ExtendedKeyUsageExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
-    const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
-    const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
-    const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
-    const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
-    const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
-    const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
-    const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
-    const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
-    const OID_DVCS = "1.3.6.1.5.5.7.3.10";
-    const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
-    const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
-    const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
-    const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
-    const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
-    const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
-    const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
-    const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
-    const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
-    const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
-    const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
-    const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
-    const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
-    const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
-    const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
-    const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
-    const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
-    const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
-    const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
+	const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
+	const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
+	const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
+	const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
+	const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
+	const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
+	const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
+	const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
+	const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
+	const OID_DVCS = "1.3.6.1.5.5.7.3.10";
+	const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
+	const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
+	const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
+	const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
+	const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
+	const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
+	const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
+	const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
+	const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
+	const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
+	const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
+	const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
+	const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
+	const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
+	const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
+	const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
+	const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
+	const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
+	const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
     
-    /**
-     * Purpose OID's.
-     *
-     * @var string[] $_purposes
-     */
-    protected $_purposes;
+	/**
+	 * Purpose OID's.
+	 *
+	 * @var string[] $_purposes
+	 */
+	protected $_purposes;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param string ...$purposes
-     */
-    public function __construct(bool $critical, string ...$purposes)
-    {
-        parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
-        $this->_purposes = $purposes;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param string ...$purposes
+	 */
+	public function __construct(bool $critical, string ...$purposes)
+	{
+		parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
+		$this->_purposes = $purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $purposes = array_map(
-            function (UnspecifiedType $el) {
-                return $el->asObjectIdentifier()->oid();
-            }, UnspecifiedType::fromDER($data)->asSequence()->elements());
-        return new self($critical, ...$purposes);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$purposes = array_map(
+			function (UnspecifiedType $el) {
+				return $el->asObjectIdentifier()->oid();
+			}, UnspecifiedType::fromDER($data)->asSequence()->elements());
+		return new self($critical, ...$purposes);
+	}
     
-    /**
-     * Whether purposes are present.
-     *
-     * If multiple purposes are checked, all must be present.
-     *
-     * @param string ...$oids
-     * @return bool
-     */
-    public function has(string ...$oids): bool
-    {
-        foreach ($oids as $oid) {
-            if (!in_array($oid, $this->_purposes)) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * Whether purposes are present.
+	 *
+	 * If multiple purposes are checked, all must be present.
+	 *
+	 * @param string ...$oids
+	 * @return bool
+	 */
+	public function has(string ...$oids): bool
+	{
+		foreach ($oids as $oid) {
+			if (!in_array($oid, $this->_purposes)) {
+				return false;
+			}
+		}
+		return true;
+	}
     
-    /**
-     * Get key usage purpose OID's.
-     *
-     * @return string[]
-     */
-    public function purposes(): array
-    {
-        return $this->_purposes;
-    }
+	/**
+	 * Get key usage purpose OID's.
+	 *
+	 * @return string[]
+	 */
+	public function purposes(): array
+	{
+		return $this->_purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function ($oid) {
-                return new ObjectIdentifier($oid);
-            }, $this->_purposes);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function ($oid) {
+				return new ObjectIdentifier($oid);
+			}, $this->_purposes);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get the number of purposes.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_purposes);
-    }
+	/**
+	 * Get the number of purposes.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_purposes);
+	}
     
-    /**
-     * Get iterator for usage purposes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_purposes);
-    }
+	/**
+	 * Get iterator for usage purposes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_purposes);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -74,7 +74,7 @@ 
     protected static function _fromDER(string $data, bool $critical): self
     {
         $purposes = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return $el->asObjectIdentifier()->oid();
             }, UnspecifiedType::fromDER($data)->asSequence()->elements());
         return new self($critical, ...$purposes);
@@ -116,7 +116,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function ($oid) {
+            function($oid) {
                 return new ObjectIdentifier($oid);
             }, $this->_purposes);
         return new Sequence(...$elements);

lib/X509/Certificate/Extension/InhibitAnyPolicyExtension.php

Indentation +44 added lines, -44 removed lines

@@ -14,52 +14,52 @@
  */
 class InhibitAnyPolicyExtension extends Extension
 {
-    /**
-     *
-     * @var int $_skipCerts
-     */
-    protected $_skipCerts;
+	/**
+	 *
+	 * @var int $_skipCerts
+	 */
+	protected $_skipCerts;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param int $skip_certs
-     */
-    public function __construct(bool $critical, int $skip_certs)
-    {
-        parent::__construct(self::OID_INHIBIT_ANY_POLICY, $critical);
-        $this->_skipCerts = $skip_certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param int $skip_certs
+	 */
+	public function __construct(bool $critical, int $skip_certs)
+	{
+		parent::__construct(self::OID_INHIBIT_ANY_POLICY, $critical);
+		$this->_skipCerts = $skip_certs;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        return new self($critical,
-            UnspecifiedType::fromDER($data)->asInteger()->intNumber());
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		return new self($critical,
+			UnspecifiedType::fromDER($data)->asInteger()->intNumber());
+	}
     
-    /**
-     * Get value.
-     *
-     * @return int
-     */
-    public function skipCerts(): int
-    {
-        return $this->_skipCerts;
-    }
+	/**
+	 * Get value.
+	 *
+	 * @return int
+	 */
+	public function skipCerts(): int
+	{
+		return $this->_skipCerts;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Integer
-     */
-    protected function _valueASN1(): Integer
-    {
-        return new Integer($this->_skipCerts);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Integer
+	 */
+	protected function _valueASN1(): Integer
+	{
+		return new Integer($this->_skipCerts);
+	}
 }

lib/X509/AttributeCertificate/AttributeCertificate.php

Indentation +199 added lines, -199 removed lines

@@ -21,203 +21,203 @@
  */
 class AttributeCertificate
 {
-    /**
-     * Attribute certificate info.
-     *
-     * @var AttributeCertificateInfo $_acinfo
-     */
-    protected $_acinfo;
-    
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificateInfo $acinfo
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(AttributeCertificateInfo $acinfo,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_acinfo = $acinfo;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($acinfo, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER data.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get attribute certificate info.
-     *
-     * @return AttributeCertificateInfo
-     */
-    public function acinfo(): AttributeCertificateInfo
-    {
-        return $this->_acinfo;
-    }
-    
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_acinfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get attribute certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get attribute certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Check whether attribute certificate is issued to the subject identified
-     * by given public key certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isHeldBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Check whether attribute certificate is issued by given public key
-     * certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isIssuedBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Verify signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Signer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_acinfo->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get attribute certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Attribute certificate info.
+	 *
+	 * @var AttributeCertificateInfo $_acinfo
+	 */
+	protected $_acinfo;
+    
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificateInfo $acinfo
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(AttributeCertificateInfo $acinfo,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_acinfo = $acinfo;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($acinfo, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER data.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get attribute certificate info.
+	 *
+	 * @return AttributeCertificateInfo
+	 */
+	public function acinfo(): AttributeCertificateInfo
+	{
+		return $this->_acinfo;
+	}
+    
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_acinfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get attribute certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued to the subject identified
+	 * by given public key certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isHeldBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued by given public key
+	 * certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isIssuedBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Verify signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Signer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_acinfo->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/CertificationRequest/CertificationRequest.php

Indentation +154 added lines, -154 removed lines

@@ -19,172 +19,172 @@
  */
 class CertificationRequest
 {
-    /**
-     * Certification request info.
-     *
-     * @var CertificationRequestInfo $_certificationRequestInfo
-     */
-    protected $_certificationRequestInfo;
+	/**
+	 * Certification request info.
+	 *
+	 * @var CertificationRequestInfo $_certificationRequestInfo
+	 */
+	protected $_certificationRequestInfo;
     
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
     
-    /**
-     * Signature.
-     *
-     * @var Signature $_signature
-     */
-    protected $_signature;
+	/**
+	 * Signature.
+	 *
+	 * @var Signature $_signature
+	 */
+	protected $_signature;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificationRequestInfo $info
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(CertificationRequestInfo $info,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_certificationRequestInfo = $info;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signature = $signature;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationRequestInfo $info
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(CertificationRequestInfo $info,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_certificationRequestInfo = $info;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signature = $signature;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($info, $algo, $signature);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($info, $algo, $signature);
+	}
     
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
     
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
     
-    /**
-     * Get certification request info.
-     *
-     * @return CertificationRequestInfo
-     */
-    public function certificationRequestInfo(): CertificationRequestInfo
-    {
-        return $this->_certificationRequestInfo;
-    }
+	/**
+	 * Get certification request info.
+	 *
+	 * @return CertificationRequestInfo
+	 */
+	public function certificationRequestInfo(): CertificationRequestInfo
+	{
+		return $this->_certificationRequestInfo;
+	}
     
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
     
-    /**
-     * Get signature.
-     *
-     * @return Signature
-     */
-    public function signature(): Signature
-    {
-        return $this->_signature;
-    }
+	/**
+	 * Get signature.
+	 *
+	 * @return Signature
+	 */
+	public function signature(): Signature
+	{
+		return $this->_signature;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_certificationRequestInfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_certificationRequestInfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
+	}
     
-    /**
-     * Get certification request as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
+	/**
+	 * Get certification request as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
     
-    /**
-     * Get certification request as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
-    }
+	/**
+	 * Get certification request as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
+	}
     
-    /**
-     * Verify certification request signature.
-     *
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if signature matches
-     */
-    public function verify(Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_certificationRequestInfo->toASN1()->toDER();
-        $pk_info = $this->_certificationRequestInfo->subjectPKInfo();
-        return $crypto->verify($data, $this->_signature, $pk_info,
-            $this->_signatureAlgorithm);
-    }
+	/**
+	 * Verify certification request signature.
+	 *
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if signature matches
+	 */
+	public function verify(Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_certificationRequestInfo->toASN1()->toDER();
+		$pk_info = $this->_certificationRequestInfo->subjectPKInfo();
+		return $crypto->verify($data, $this->_signature, $pk_info,
+			$this->_signatureAlgorithm);
+	}
     
-    /**
-     * Get certification request as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Get certification request as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/Certificate/Extension/AuthorityKeyIdentifierExtension.php

Indentation +166 added lines, -166 removed lines

@@ -20,181 +20,181 @@
  */
 class AuthorityKeyIdentifierExtension extends Extension
 {
-    /**
-     * Key identifier.
-     *
-     * @var string|null $_keyIdentifier
-     */
-    protected $_keyIdentifier;
+	/**
+	 * Key identifier.
+	 *
+	 * @var string|null $_keyIdentifier
+	 */
+	protected $_keyIdentifier;
     
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames|null $_authorityCertIssuer
-     */
-    protected $_authorityCertIssuer;
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames|null $_authorityCertIssuer
+	 */
+	protected $_authorityCertIssuer;
     
-    /**
-     * Issuer serial number.
-     *
-     * @var string|null $_authorityCertSerialNumber
-     */
-    protected $_authorityCertSerialNumber;
+	/**
+	 * Issuer serial number.
+	 *
+	 * @var string|null $_authorityCertSerialNumber
+	 */
+	protected $_authorityCertSerialNumber;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical Conforming CA's must mark as non-critical (false)
-     * @param string|null $keyIdentifier
-     * @param GeneralNames|null $issuer
-     * @param string|null $serial
-     */
-    public function __construct(bool $critical, $keyIdentifier,
-        GeneralNames $issuer = null, $serial = null)
-    {
-        parent::__construct(self::OID_AUTHORITY_KEY_IDENTIFIER, $critical);
-        $this->_keyIdentifier = $keyIdentifier;
-        $this->_authorityCertIssuer = $issuer;
-        $this->_authorityCertSerialNumber = isset($serial) ? strval($serial) : null;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical Conforming CA's must mark as non-critical (false)
+	 * @param string|null $keyIdentifier
+	 * @param GeneralNames|null $issuer
+	 * @param string|null $serial
+	 */
+	public function __construct(bool $critical, $keyIdentifier,
+		GeneralNames $issuer = null, $serial = null)
+	{
+		parent::__construct(self::OID_AUTHORITY_KEY_IDENTIFIER, $critical);
+		$this->_keyIdentifier = $keyIdentifier;
+		$this->_authorityCertIssuer = $issuer;
+		$this->_authorityCertSerialNumber = isset($serial) ? strval($serial) : null;
+	}
     
-    /**
-     * Create from public key info.
-     *
-     * @param PublicKeyInfo $pki
-     * @return AuthorityKeyIdentifierExtension
-     */
-    public static function fromPublicKeyInfo(PublicKeyInfo $pki)
-    {
-        return new self(false, $pki->keyIdentifier());
-    }
+	/**
+	 * Create from public key info.
+	 *
+	 * @param PublicKeyInfo $pki
+	 * @return AuthorityKeyIdentifierExtension
+	 */
+	public static function fromPublicKeyInfo(PublicKeyInfo $pki)
+	{
+		return new self(false, $pki->keyIdentifier());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $seq = UnspecifiedType::fromDER($data)->asSequence();
-        $keyIdentifier = null;
-        $issuer = null;
-        $serial = null;
-        if ($seq->hasTagged(0)) {
-            $keyIdentifier = $seq->getTagged(0)
-                ->asImplicit(Element::TYPE_OCTET_STRING)
-                ->asOctetString()
-                ->string();
-        }
-        if ($seq->hasTagged(1) || $seq->hasTagged(2)) {
-            if (!$seq->hasTagged(1) || !$seq->hasTagged(2)) {
-                throw new \UnexpectedValueException(
-                    "AuthorityKeyIdentifier must have both" .
-                         " authorityCertIssuer and authorityCertSerialNumber" .
-                         " present or both absent.");
-            }
-            $issuer = GeneralNames::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-            $serial = $seq->getTagged(2)
-                ->asImplicit(Element::TYPE_INTEGER)
-                ->asInteger()
-                ->number();
-        }
-        return new self($critical, $keyIdentifier, $issuer, $serial);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$seq = UnspecifiedType::fromDER($data)->asSequence();
+		$keyIdentifier = null;
+		$issuer = null;
+		$serial = null;
+		if ($seq->hasTagged(0)) {
+			$keyIdentifier = $seq->getTagged(0)
+				->asImplicit(Element::TYPE_OCTET_STRING)
+				->asOctetString()
+				->string();
+		}
+		if ($seq->hasTagged(1) || $seq->hasTagged(2)) {
+			if (!$seq->hasTagged(1) || !$seq->hasTagged(2)) {
+				throw new \UnexpectedValueException(
+					"AuthorityKeyIdentifier must have both" .
+						 " authorityCertIssuer and authorityCertSerialNumber" .
+						 " present or both absent.");
+			}
+			$issuer = GeneralNames::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+			$serial = $seq->getTagged(2)
+				->asImplicit(Element::TYPE_INTEGER)
+				->asInteger()
+				->number();
+		}
+		return new self($critical, $keyIdentifier, $issuer, $serial);
+	}
     
-    /**
-     * Whether key identifier is present.
-     *
-     * @return bool
-     */
-    public function hasKeyIdentifier(): bool
-    {
-        return isset($this->_keyIdentifier);
-    }
+	/**
+	 * Whether key identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasKeyIdentifier(): bool
+	{
+		return isset($this->_keyIdentifier);
+	}
     
-    /**
-     * Get key identifier.
-     *
-     * @throws \LogicException
-     * @return string
-     */
-    public function keyIdentifier(): string
-    {
-        if (!$this->hasKeyIdentifier()) {
-            throw new \LogicException("keyIdentifier not set.");
-        }
-        return $this->_keyIdentifier;
-    }
+	/**
+	 * Get key identifier.
+	 *
+	 * @throws \LogicException
+	 * @return string
+	 */
+	public function keyIdentifier(): string
+	{
+		if (!$this->hasKeyIdentifier()) {
+			throw new \LogicException("keyIdentifier not set.");
+		}
+		return $this->_keyIdentifier;
+	}
     
-    /**
-     * Whether issuer is present.
-     *
-     * @return bool
-     */
-    public function hasIssuer(): bool
-    {
-        return isset($this->_authorityCertIssuer);
-    }
+	/**
+	 * Whether issuer is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuer(): bool
+	{
+		return isset($this->_authorityCertIssuer);
+	}
     
-    /**
-     * Get issuer.
-     *
-     * @throws \LogicException
-     * @return GeneralNames
-     */
-    public function issuer(): GeneralNames
-    {
-        if (!$this->hasIssuer()) {
-            throw new \LogicException("authorityCertIssuer not set.");
-        }
-        return $this->_authorityCertIssuer;
-    }
+	/**
+	 * Get issuer.
+	 *
+	 * @throws \LogicException
+	 * @return GeneralNames
+	 */
+	public function issuer(): GeneralNames
+	{
+		if (!$this->hasIssuer()) {
+			throw new \LogicException("authorityCertIssuer not set.");
+		}
+		return $this->_authorityCertIssuer;
+	}
     
-    /**
-     * Get serial number.
-     *
-     * @throws \LogicException
-     * @return string Base 10 integer string
-     */
-    public function serial(): string
-    {
-        // both issuer and serial must be present or both absent
-        if (!$this->hasIssuer()) {
-            throw new \LogicException("authorityCertSerialNumber not set.");
-        }
-        return $this->_authorityCertSerialNumber;
-    }
+	/**
+	 * Get serial number.
+	 *
+	 * @throws \LogicException
+	 * @return string Base 10 integer string
+	 */
+	public function serial(): string
+	{
+		// both issuer and serial must be present or both absent
+		if (!$this->hasIssuer()) {
+			throw new \LogicException("authorityCertSerialNumber not set.");
+		}
+		return $this->_authorityCertSerialNumber;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array();
-        if (isset($this->_keyIdentifier)) {
-            $elements[] = new ImplicitlyTaggedType(0,
-                new OctetString($this->_keyIdentifier));
-        }
-        // if either issuer or serial is set, both must be set
-        if (isset($this->_authorityCertIssuer) ||
-             isset($this->_authorityCertSerialNumber)) {
-            if (!isset($this->_authorityCertIssuer,
-                $this->_authorityCertSerialNumber)) {
-                throw new \LogicException(
-                    "AuthorityKeyIdentifier must have both" .
-                     " authorityCertIssuer and authorityCertSerialNumber" .
-                     " present or both absent.");
-            }
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_authorityCertIssuer->toASN1());
-            $elements[] = new ImplicitlyTaggedType(2,
-                new Integer($this->_authorityCertSerialNumber));
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array();
+		if (isset($this->_keyIdentifier)) {
+			$elements[] = new ImplicitlyTaggedType(0,
+				new OctetString($this->_keyIdentifier));
+		}
+		// if either issuer or serial is set, both must be set
+		if (isset($this->_authorityCertIssuer) ||
+			 isset($this->_authorityCertSerialNumber)) {
+			if (!isset($this->_authorityCertIssuer,
+				$this->_authorityCertSerialNumber)) {
+				throw new \LogicException(
+					"AuthorityKeyIdentifier must have both" .
+					 " authorityCertIssuer and authorityCertSerialNumber" .
+					 " present or both absent.");
+			}
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_authorityCertIssuer->toASN1());
+			$elements[] = new ImplicitlyTaggedType(2,
+				new Integer($this->_authorityCertSerialNumber));
+		}
+		return new Sequence(...$elements);
+	}
 }

examples/ac-example.php

Indentation +68 added lines, -68 removed lines

@@ -36,106 +36,106 @@ 
 
 // CA private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $ca_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 // Issuer private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $issuer_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 // Holder private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $holder_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 
 // create trust anchor certificate (self signed)
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=CA"),
-    $ca_private_key->publicKeyInfo(),
-    Name::fromString("cn=CA"),
-    Validity::fromStrings("now", "now + 1 year"));
+	Name::fromString("cn=CA"),
+	$ca_private_key->publicKeyInfo(),
+	Name::fromString("cn=CA"),
+	Validity::fromStrings("now", "now + 1 year"));
 $tbs_cert = $tbs_cert->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        new BasicConstraintsExtension(true, true),
-        new SubjectKeyIdentifierExtension(false, 
-            $ca_private_key->publicKeyInfo()->keyIdentifier()),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE | 
-            KeyUsageExtension::KEY_CERT_SIGN));
+	->withAdditionalExtensions(
+		new BasicConstraintsExtension(true, true),
+		new SubjectKeyIdentifierExtension(false, 
+			$ca_private_key->publicKeyInfo()->keyIdentifier()),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE | 
+			KeyUsageExtension::KEY_CERT_SIGN));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $ca_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // create AC issuer certificate
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=Issuer"), 
-    $issuer_private_key->publicKeyInfo(), 
-    new Name(),
-    Validity::fromStrings("now", "now + 6 months"));
+	Name::fromString("cn=Issuer"), 
+	$issuer_private_key->publicKeyInfo(), 
+	new Name(),
+	Validity::fromStrings("now", "now + 6 months"));
 $tbs_cert = $tbs_cert->withIssuerCertificate($ca_cert)
-    ->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        // issuer must not be a CA
-        new BasicConstraintsExtension(true, false),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE |
-             KeyUsageExtension::KEY_ENCIPHERMENT));
+	->withRandomSerialNumber()
+	->withAdditionalExtensions(
+		// issuer must not be a CA
+		new BasicConstraintsExtension(true, false),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE |
+			 KeyUsageExtension::KEY_ENCIPHERMENT));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $issuer_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // create AC holder certificate
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=Holder, gn=John, sn=Doe"), 
-    $holder_private_key->publicKeyInfo(), 
-    new Name(),
-    Validity::fromStrings("now", "now + 6 months"));
+	Name::fromString("cn=Holder, gn=John, sn=Doe"), 
+	$holder_private_key->publicKeyInfo(), 
+	new Name(),
+	Validity::fromStrings("now", "now + 6 months"));
 $tbs_cert = $tbs_cert->withIssuerCertificate($ca_cert)
-    ->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        new BasicConstraintsExtension(true, false),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE |
-             KeyUsageExtension::KEY_ENCIPHERMENT));
+	->withRandomSerialNumber()
+	->withAdditionalExtensions(
+		new BasicConstraintsExtension(true, false),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE |
+			 KeyUsageExtension::KEY_ENCIPHERMENT));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $holder_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // named authority that grants the attributes
 $authority = new GeneralNames(
-    new UniformResourceIdentifier("uri:trusted_authority"));
+	new UniformResourceIdentifier("uri:trusted_authority"));
 // role attribute
 $attribs = new Attributes(
-    Attribute::fromAttributeValues(
-        RoleAttributeValue::fromString("role-name", $authority)));
+	Attribute::fromAttributeValues(
+		RoleAttributeValue::fromString("role-name", $authority)));
 $aci = new AttributeCertificateInfo(
-    // holder is identified by the holder's public key certificate
-    new Holder(IssuerSerial::fromPKC($holder_cert)),
-    AttCertIssuer::fromPKC($issuer_cert),
-    AttCertValidityPeriod::fromStrings("now - 1 hour", "now + 3 months"),
-    $attribs);
+	// holder is identified by the holder's public key certificate
+	new Holder(IssuerSerial::fromPKC($holder_cert)),
+	AttCertIssuer::fromPKC($issuer_cert),
+	AttCertValidityPeriod::fromStrings("now - 1 hour", "now + 3 months"),
+	$attribs);
 $aci = $aci->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        // named target identifier
-        TargetInformationExtension::fromTargets(
-            new TargetName(
-                new UniformResourceIdentifier("uri:target_identifier"))),
-        // key identifier of the AC issuer
-        new AuthorityKeyIdentifierExtension(false,
-            $issuer_cert->tbsCertificate()
-                ->subjectPublicKeyInfo()
-                ->keyIdentifier()));
+	->withAdditionalExtensions(
+		// named target identifier
+		TargetInformationExtension::fromTargets(
+			new TargetName(
+				new UniformResourceIdentifier("uri:target_identifier"))),
+		// key identifier of the AC issuer
+		new AuthorityKeyIdentifierExtension(false,
+			$issuer_cert->tbsCertificate()
+				->subjectPublicKeyInfo()
+				->keyIdentifier()));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $issuer_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$issuer_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $ac = $aci->sign($algo, $issuer_private_key);
 
 // validate AC
@@ -147,7 +147,7 @@ 
 $validator_config = $validator_config->withTargets($target);
 $validator = new ACValidator($ac, $validator_config);
 if ($validator->validate()) {
-    fprintf(STDERR, "AC validation succeeded.\n");
+	fprintf(STDERR, "AC validation succeeded.\n");
 }
 
 fprintf(STDERR, "Root certificate:\n");