sop /
x509
@@ -19,281 +19,281 @@ |
||
| 19 | 19 | */ |
| 20 | 20 | class Holder |
| 21 | 21 | { |
| 22 | - /** |
|
| 23 | - * Holder PKC's issuer and serial. |
|
| 24 | - * |
|
| 25 | - * @var IssuerSerial|null $_baseCertificateID |
|
| 26 | - */ |
|
| 27 | - protected $_baseCertificateID; |
|
| 22 | + /** |
|
| 23 | + * Holder PKC's issuer and serial. |
|
| 24 | + * |
|
| 25 | + * @var IssuerSerial|null $_baseCertificateID |
|
| 26 | + */ |
|
| 27 | + protected $_baseCertificateID; |
|
| 28 | 28 | |
| 29 | - /** |
|
| 30 | - * Holder PKC's subject. |
|
| 31 | - * |
|
| 32 | - * @var GeneralNames|null $_entityName |
|
| 33 | - */ |
|
| 34 | - protected $_entityName; |
|
| 29 | + /** |
|
| 30 | + * Holder PKC's subject. |
|
| 31 | + * |
|
| 32 | + * @var GeneralNames|null $_entityName |
|
| 33 | + */ |
|
| 34 | + protected $_entityName; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Linked object. |
|
| 38 | - * |
|
| 39 | - * @var ObjectDigestInfo|null $_objectDigestInfo |
|
| 40 | - */ |
|
| 41 | - protected $_objectDigestInfo; |
|
| 36 | + /** |
|
| 37 | + * Linked object. |
|
| 38 | + * |
|
| 39 | + * @var ObjectDigestInfo|null $_objectDigestInfo |
|
| 40 | + */ |
|
| 41 | + protected $_objectDigestInfo; |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * Constructor. |
|
| 45 | - * |
|
| 46 | - * @param IssuerSerial|null $issuer_serial |
|
| 47 | - * @param GeneralNames|null $entity_name |
|
| 48 | - */ |
|
| 49 | - public function __construct(IssuerSerial $issuer_serial = null, |
|
| 50 | - GeneralNames $entity_name = null) |
|
| 51 | - { |
|
| 52 | - $this->_baseCertificateID = $issuer_serial; |
|
| 53 | - $this->_entityName = $entity_name; |
|
| 54 | - } |
|
| 43 | + /** |
|
| 44 | + * Constructor. |
|
| 45 | + * |
|
| 46 | + * @param IssuerSerial|null $issuer_serial |
|
| 47 | + * @param GeneralNames|null $entity_name |
|
| 48 | + */ |
|
| 49 | + public function __construct(IssuerSerial $issuer_serial = null, |
|
| 50 | + GeneralNames $entity_name = null) |
|
| 51 | + { |
|
| 52 | + $this->_baseCertificateID = $issuer_serial; |
|
| 53 | + $this->_entityName = $entity_name; |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Initialize from a holder's public key certificate. |
|
| 58 | - * |
|
| 59 | - * @param Certificate $cert |
|
| 60 | - * @return self |
|
| 61 | - */ |
|
| 62 | - public static function fromPKC(Certificate $cert): self |
|
| 63 | - { |
|
| 64 | - return new self(IssuerSerial::fromPKC($cert)); |
|
| 65 | - } |
|
| 56 | + /** |
|
| 57 | + * Initialize from a holder's public key certificate. |
|
| 58 | + * |
|
| 59 | + * @param Certificate $cert |
|
| 60 | + * @return self |
|
| 61 | + */ |
|
| 62 | + public static function fromPKC(Certificate $cert): self |
|
| 63 | + { |
|
| 64 | + return new self(IssuerSerial::fromPKC($cert)); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - /** |
|
| 68 | - * Initialize from ASN.1. |
|
| 69 | - * |
|
| 70 | - * @param Sequence $seq |
|
| 71 | - */ |
|
| 72 | - public static function fromASN1(Sequence $seq): self |
|
| 73 | - { |
|
| 74 | - $cert_id = null; |
|
| 75 | - $entity_name = null; |
|
| 76 | - $digest_info = null; |
|
| 77 | - if ($seq->hasTagged(0)) { |
|
| 78 | - $cert_id = IssuerSerial::fromASN1( |
|
| 79 | - $seq->getTagged(0) |
|
| 80 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 81 | - ->asSequence()); |
|
| 82 | - } |
|
| 83 | - if ($seq->hasTagged(1)) { |
|
| 84 | - $entity_name = GeneralNames::fromASN1( |
|
| 85 | - $seq->getTagged(1) |
|
| 86 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 87 | - ->asSequence()); |
|
| 88 | - } |
|
| 89 | - if ($seq->hasTagged(2)) { |
|
| 90 | - $digest_info = ObjectDigestInfo::fromASN1( |
|
| 91 | - $seq->getTagged(2) |
|
| 92 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 93 | - ->asSequence()); |
|
| 94 | - } |
|
| 95 | - $obj = new self($cert_id, $entity_name); |
|
| 96 | - $obj->_objectDigestInfo = $digest_info; |
|
| 97 | - return $obj; |
|
| 98 | - } |
|
| 67 | + /** |
|
| 68 | + * Initialize from ASN.1. |
|
| 69 | + * |
|
| 70 | + * @param Sequence $seq |
|
| 71 | + */ |
|
| 72 | + public static function fromASN1(Sequence $seq): self |
|
| 73 | + { |
|
| 74 | + $cert_id = null; |
|
| 75 | + $entity_name = null; |
|
| 76 | + $digest_info = null; |
|
| 77 | + if ($seq->hasTagged(0)) { |
|
| 78 | + $cert_id = IssuerSerial::fromASN1( |
|
| 79 | + $seq->getTagged(0) |
|
| 80 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 81 | + ->asSequence()); |
|
| 82 | + } |
|
| 83 | + if ($seq->hasTagged(1)) { |
|
| 84 | + $entity_name = GeneralNames::fromASN1( |
|
| 85 | + $seq->getTagged(1) |
|
| 86 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 87 | + ->asSequence()); |
|
| 88 | + } |
|
| 89 | + if ($seq->hasTagged(2)) { |
|
| 90 | + $digest_info = ObjectDigestInfo::fromASN1( |
|
| 91 | + $seq->getTagged(2) |
|
| 92 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 93 | + ->asSequence()); |
|
| 94 | + } |
|
| 95 | + $obj = new self($cert_id, $entity_name); |
|
| 96 | + $obj->_objectDigestInfo = $digest_info; |
|
| 97 | + return $obj; |
|
| 98 | + } |
|
| 99 | 99 | |
| 100 | - /** |
|
| 101 | - * Get self with base certificate ID. |
|
| 102 | - * |
|
| 103 | - * @param IssuerSerial $issuer |
|
| 104 | - * @return self |
|
| 105 | - */ |
|
| 106 | - public function withBaseCertificateID(IssuerSerial $issuer): self |
|
| 107 | - { |
|
| 108 | - $obj = clone $this; |
|
| 109 | - $obj->_baseCertificateID = $issuer; |
|
| 110 | - return $obj; |
|
| 111 | - } |
|
| 100 | + /** |
|
| 101 | + * Get self with base certificate ID. |
|
| 102 | + * |
|
| 103 | + * @param IssuerSerial $issuer |
|
| 104 | + * @return self |
|
| 105 | + */ |
|
| 106 | + public function withBaseCertificateID(IssuerSerial $issuer): self |
|
| 107 | + { |
|
| 108 | + $obj = clone $this; |
|
| 109 | + $obj->_baseCertificateID = $issuer; |
|
| 110 | + return $obj; |
|
| 111 | + } |
|
| 112 | 112 | |
| 113 | - /** |
|
| 114 | - * Get self with entity name. |
|
| 115 | - * |
|
| 116 | - * @param GeneralNames $names |
|
| 117 | - * @return self |
|
| 118 | - */ |
|
| 119 | - public function withEntityName(GeneralNames $names): self |
|
| 120 | - { |
|
| 121 | - $obj = clone $this; |
|
| 122 | - $obj->_entityName = $names; |
|
| 123 | - return $obj; |
|
| 124 | - } |
|
| 113 | + /** |
|
| 114 | + * Get self with entity name. |
|
| 115 | + * |
|
| 116 | + * @param GeneralNames $names |
|
| 117 | + * @return self |
|
| 118 | + */ |
|
| 119 | + public function withEntityName(GeneralNames $names): self |
|
| 120 | + { |
|
| 121 | + $obj = clone $this; |
|
| 122 | + $obj->_entityName = $names; |
|
| 123 | + return $obj; |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * Get self with object digest info. |
|
| 128 | - * |
|
| 129 | - * @param ObjectDigestInfo $odi |
|
| 130 | - * @return self |
|
| 131 | - */ |
|
| 132 | - public function withObjectDigestInfo(ObjectDigestInfo $odi): self |
|
| 133 | - { |
|
| 134 | - $obj = clone $this; |
|
| 135 | - $obj->_objectDigestInfo = $odi; |
|
| 136 | - return $obj; |
|
| 137 | - } |
|
| 126 | + /** |
|
| 127 | + * Get self with object digest info. |
|
| 128 | + * |
|
| 129 | + * @param ObjectDigestInfo $odi |
|
| 130 | + * @return self |
|
| 131 | + */ |
|
| 132 | + public function withObjectDigestInfo(ObjectDigestInfo $odi): self |
|
| 133 | + { |
|
| 134 | + $obj = clone $this; |
|
| 135 | + $obj->_objectDigestInfo = $odi; |
|
| 136 | + return $obj; |
|
| 137 | + } |
|
| 138 | 138 | |
| 139 | - /** |
|
| 140 | - * Check whether base certificate ID is present. |
|
| 141 | - * |
|
| 142 | - * @return bool |
|
| 143 | - */ |
|
| 144 | - public function hasBaseCertificateID(): bool |
|
| 145 | - { |
|
| 146 | - return isset($this->_baseCertificateID); |
|
| 147 | - } |
|
| 139 | + /** |
|
| 140 | + * Check whether base certificate ID is present. |
|
| 141 | + * |
|
| 142 | + * @return bool |
|
| 143 | + */ |
|
| 144 | + public function hasBaseCertificateID(): bool |
|
| 145 | + { |
|
| 146 | + return isset($this->_baseCertificateID); |
|
| 147 | + } |
|
| 148 | 148 | |
| 149 | - /** |
|
| 150 | - * Get base certificate ID. |
|
| 151 | - * |
|
| 152 | - * @throws \LogicException |
|
| 153 | - * @return IssuerSerial |
|
| 154 | - */ |
|
| 155 | - public function baseCertificateID(): IssuerSerial |
|
| 156 | - { |
|
| 157 | - if (!$this->hasBaseCertificateID()) { |
|
| 158 | - throw new \LogicException("baseCertificateID not set."); |
|
| 159 | - } |
|
| 160 | - return $this->_baseCertificateID; |
|
| 161 | - } |
|
| 149 | + /** |
|
| 150 | + * Get base certificate ID. |
|
| 151 | + * |
|
| 152 | + * @throws \LogicException |
|
| 153 | + * @return IssuerSerial |
|
| 154 | + */ |
|
| 155 | + public function baseCertificateID(): IssuerSerial |
|
| 156 | + { |
|
| 157 | + if (!$this->hasBaseCertificateID()) { |
|
| 158 | + throw new \LogicException("baseCertificateID not set."); |
|
| 159 | + } |
|
| 160 | + return $this->_baseCertificateID; |
|
| 161 | + } |
|
| 162 | 162 | |
| 163 | - /** |
|
| 164 | - * Check whether entity name is present. |
|
| 165 | - * |
|
| 166 | - * @return bool |
|
| 167 | - */ |
|
| 168 | - public function hasEntityName(): bool |
|
| 169 | - { |
|
| 170 | - return isset($this->_entityName); |
|
| 171 | - } |
|
| 163 | + /** |
|
| 164 | + * Check whether entity name is present. |
|
| 165 | + * |
|
| 166 | + * @return bool |
|
| 167 | + */ |
|
| 168 | + public function hasEntityName(): bool |
|
| 169 | + { |
|
| 170 | + return isset($this->_entityName); |
|
| 171 | + } |
|
| 172 | 172 | |
| 173 | - /** |
|
| 174 | - * Get entity name. |
|
| 175 | - * |
|
| 176 | - * @throws \LogicException |
|
| 177 | - * @return GeneralNames |
|
| 178 | - */ |
|
| 179 | - public function entityName(): GeneralNames |
|
| 180 | - { |
|
| 181 | - if (!$this->hasEntityName()) { |
|
| 182 | - throw new \LogicException("entityName not set."); |
|
| 183 | - } |
|
| 184 | - return $this->_entityName; |
|
| 185 | - } |
|
| 173 | + /** |
|
| 174 | + * Get entity name. |
|
| 175 | + * |
|
| 176 | + * @throws \LogicException |
|
| 177 | + * @return GeneralNames |
|
| 178 | + */ |
|
| 179 | + public function entityName(): GeneralNames |
|
| 180 | + { |
|
| 181 | + if (!$this->hasEntityName()) { |
|
| 182 | + throw new \LogicException("entityName not set."); |
|
| 183 | + } |
|
| 184 | + return $this->_entityName; |
|
| 185 | + } |
|
| 186 | 186 | |
| 187 | - /** |
|
| 188 | - * Check whether object digest info is present. |
|
| 189 | - * |
|
| 190 | - * @return bool |
|
| 191 | - */ |
|
| 192 | - public function hasObjectDigestInfo(): bool |
|
| 193 | - { |
|
| 194 | - return isset($this->_objectDigestInfo); |
|
| 195 | - } |
|
| 187 | + /** |
|
| 188 | + * Check whether object digest info is present. |
|
| 189 | + * |
|
| 190 | + * @return bool |
|
| 191 | + */ |
|
| 192 | + public function hasObjectDigestInfo(): bool |
|
| 193 | + { |
|
| 194 | + return isset($this->_objectDigestInfo); |
|
| 195 | + } |
|
| 196 | 196 | |
| 197 | - /** |
|
| 198 | - * Get object digest info. |
|
| 199 | - * |
|
| 200 | - * @throws \LogicException |
|
| 201 | - * @return ObjectDigestInfo |
|
| 202 | - */ |
|
| 203 | - public function objectDigestInfo(): ObjectDigestInfo |
|
| 204 | - { |
|
| 205 | - if (!$this->hasObjectDigestInfo()) { |
|
| 206 | - throw new \LogicException("objectDigestInfo not set."); |
|
| 207 | - } |
|
| 208 | - return $this->_objectDigestInfo; |
|
| 209 | - } |
|
| 197 | + /** |
|
| 198 | + * Get object digest info. |
|
| 199 | + * |
|
| 200 | + * @throws \LogicException |
|
| 201 | + * @return ObjectDigestInfo |
|
| 202 | + */ |
|
| 203 | + public function objectDigestInfo(): ObjectDigestInfo |
|
| 204 | + { |
|
| 205 | + if (!$this->hasObjectDigestInfo()) { |
|
| 206 | + throw new \LogicException("objectDigestInfo not set."); |
|
| 207 | + } |
|
| 208 | + return $this->_objectDigestInfo; |
|
| 209 | + } |
|
| 210 | 210 | |
| 211 | - /** |
|
| 212 | - * Generate ASN.1 structure. |
|
| 213 | - * |
|
| 214 | - * @return Sequence |
|
| 215 | - */ |
|
| 216 | - public function toASN1(): Sequence |
|
| 217 | - { |
|
| 218 | - $elements = []; |
|
| 219 | - if (isset($this->_baseCertificateID)) { |
|
| 220 | - $elements[] = new ImplicitlyTaggedType(0, |
|
| 221 | - $this->_baseCertificateID->toASN1()); |
|
| 222 | - } |
|
| 223 | - if (isset($this->_entityName)) { |
|
| 224 | - $elements[] = new ImplicitlyTaggedType(1, |
|
| 225 | - $this->_entityName->toASN1()); |
|
| 226 | - } |
|
| 227 | - if (isset($this->_objectDigestInfo)) { |
|
| 228 | - $elements[] = new ImplicitlyTaggedType(2, |
|
| 229 | - $this->_objectDigestInfo->toASN1()); |
|
| 230 | - } |
|
| 231 | - return new Sequence(...$elements); |
|
| 232 | - } |
|
| 211 | + /** |
|
| 212 | + * Generate ASN.1 structure. |
|
| 213 | + * |
|
| 214 | + * @return Sequence |
|
| 215 | + */ |
|
| 216 | + public function toASN1(): Sequence |
|
| 217 | + { |
|
| 218 | + $elements = []; |
|
| 219 | + if (isset($this->_baseCertificateID)) { |
|
| 220 | + $elements[] = new ImplicitlyTaggedType(0, |
|
| 221 | + $this->_baseCertificateID->toASN1()); |
|
| 222 | + } |
|
| 223 | + if (isset($this->_entityName)) { |
|
| 224 | + $elements[] = new ImplicitlyTaggedType(1, |
|
| 225 | + $this->_entityName->toASN1()); |
|
| 226 | + } |
|
| 227 | + if (isset($this->_objectDigestInfo)) { |
|
| 228 | + $elements[] = new ImplicitlyTaggedType(2, |
|
| 229 | + $this->_objectDigestInfo->toASN1()); |
|
| 230 | + } |
|
| 231 | + return new Sequence(...$elements); |
|
| 232 | + } |
|
| 233 | 233 | |
| 234 | - /** |
|
| 235 | - * Check whether Holder identifies given certificate. |
|
| 236 | - * |
|
| 237 | - * @param Certificate $cert |
|
| 238 | - * @return boolean |
|
| 239 | - */ |
|
| 240 | - public function identifiesPKC(Certificate $cert): bool |
|
| 241 | - { |
|
| 242 | - // if neither baseCertificateID nor entityName are present |
|
| 243 | - if (!$this->_baseCertificateID && !$this->_entityName) { |
|
| 244 | - return false; |
|
| 245 | - } |
|
| 246 | - // if baseCertificateID is present, but doesn't match |
|
| 247 | - if ($this->_baseCertificateID && |
|
| 248 | - !$this->_baseCertificateID->identifiesPKC($cert)) { |
|
| 249 | - return false; |
|
| 250 | - } |
|
| 251 | - // if entityName is present, but doesn't match |
|
| 252 | - if ($this->_entityName && !$this->_checkEntityName($cert)) { |
|
| 253 | - return false; |
|
| 254 | - } |
|
| 255 | - return true; |
|
| 256 | - } |
|
| 234 | + /** |
|
| 235 | + * Check whether Holder identifies given certificate. |
|
| 236 | + * |
|
| 237 | + * @param Certificate $cert |
|
| 238 | + * @return boolean |
|
| 239 | + */ |
|
| 240 | + public function identifiesPKC(Certificate $cert): bool |
|
| 241 | + { |
|
| 242 | + // if neither baseCertificateID nor entityName are present |
|
| 243 | + if (!$this->_baseCertificateID && !$this->_entityName) { |
|
| 244 | + return false; |
|
| 245 | + } |
|
| 246 | + // if baseCertificateID is present, but doesn't match |
|
| 247 | + if ($this->_baseCertificateID && |
|
| 248 | + !$this->_baseCertificateID->identifiesPKC($cert)) { |
|
| 249 | + return false; |
|
| 250 | + } |
|
| 251 | + // if entityName is present, but doesn't match |
|
| 252 | + if ($this->_entityName && !$this->_checkEntityName($cert)) { |
|
| 253 | + return false; |
|
| 254 | + } |
|
| 255 | + return true; |
|
| 256 | + } |
|
| 257 | 257 | |
| 258 | - /** |
|
| 259 | - * Check whether entityName matches the given certificate. |
|
| 260 | - * |
|
| 261 | - * @param Certificate $cert |
|
| 262 | - * @return boolean |
|
| 263 | - */ |
|
| 264 | - private function _checkEntityName(Certificate $cert): bool |
|
| 265 | - { |
|
| 266 | - $name = $this->_entityName->firstDN(); |
|
| 267 | - if ($cert->tbsCertificate() |
|
| 268 | - ->subject() |
|
| 269 | - ->equals($name)) { |
|
| 270 | - return true; |
|
| 271 | - } |
|
| 272 | - $exts = $cert->tbsCertificate()->extensions(); |
|
| 273 | - if ($exts->hasSubjectAlternativeName()) { |
|
| 274 | - $ext = $exts->subjectAlternativeName(); |
|
| 275 | - if ($this->_checkEntityAlternativeNames($ext->names())) { |
|
| 276 | - return true; |
|
| 277 | - } |
|
| 278 | - } |
|
| 279 | - return false; |
|
| 280 | - } |
|
| 258 | + /** |
|
| 259 | + * Check whether entityName matches the given certificate. |
|
| 260 | + * |
|
| 261 | + * @param Certificate $cert |
|
| 262 | + * @return boolean |
|
| 263 | + */ |
|
| 264 | + private function _checkEntityName(Certificate $cert): bool |
|
| 265 | + { |
|
| 266 | + $name = $this->_entityName->firstDN(); |
|
| 267 | + if ($cert->tbsCertificate() |
|
| 268 | + ->subject() |
|
| 269 | + ->equals($name)) { |
|
| 270 | + return true; |
|
| 271 | + } |
|
| 272 | + $exts = $cert->tbsCertificate()->extensions(); |
|
| 273 | + if ($exts->hasSubjectAlternativeName()) { |
|
| 274 | + $ext = $exts->subjectAlternativeName(); |
|
| 275 | + if ($this->_checkEntityAlternativeNames($ext->names())) { |
|
| 276 | + return true; |
|
| 277 | + } |
|
| 278 | + } |
|
| 279 | + return false; |
|
| 280 | + } |
|
| 281 | 281 | |
| 282 | - /** |
|
| 283 | - * Check whether any of the subject alternative names match entityName. |
|
| 284 | - * |
|
| 285 | - * @param GeneralNames $san |
|
| 286 | - * @return boolean |
|
| 287 | - */ |
|
| 288 | - private function _checkEntityAlternativeNames(GeneralNames $san): bool |
|
| 289 | - { |
|
| 290 | - // only directory names supported for now |
|
| 291 | - $name = $this->_entityName->firstDN(); |
|
| 292 | - foreach ($san->allOf(GeneralName::TAG_DIRECTORY_NAME) as $dn) { |
|
| 293 | - if ($dn instanceof DirectoryName && $dn->dn()->equals($name)) { |
|
| 294 | - return true; |
|
| 295 | - } |
|
| 296 | - } |
|
| 297 | - return false; |
|
| 298 | - } |
|
| 282 | + /** |
|
| 283 | + * Check whether any of the subject alternative names match entityName. |
|
| 284 | + * |
|
| 285 | + * @param GeneralNames $san |
|
| 286 | + * @return boolean |
|
| 287 | + */ |
|
| 288 | + private function _checkEntityAlternativeNames(GeneralNames $san): bool |
|
| 289 | + { |
|
| 290 | + // only directory names supported for now |
|
| 291 | + $name = $this->_entityName->firstDN(); |
|
| 292 | + foreach ($san->allOf(GeneralName::TAG_DIRECTORY_NAME) as $dn) { |
|
| 293 | + if ($dn instanceof DirectoryName && $dn->dn()->equals($name)) { |
|
| 294 | + return true; |
|
| 295 | + } |
|
| 296 | + } |
|
| 297 | + return false; |
|
| 298 | + } |
|
| 299 | 299 | } |
@@ -12,112 +12,112 @@ |
||
| 12 | 12 | */ |
| 13 | 13 | class ACValidationConfig |
| 14 | 14 | { |
| 15 | - /** |
|
| 16 | - * Certification path of the AC holder. |
|
| 17 | - * |
|
| 18 | - * @var CertificationPath |
|
| 19 | - */ |
|
| 20 | - protected $_holderPath; |
|
| 15 | + /** |
|
| 16 | + * Certification path of the AC holder. |
|
| 17 | + * |
|
| 18 | + * @var CertificationPath |
|
| 19 | + */ |
|
| 20 | + protected $_holderPath; |
|
| 21 | 21 | |
| 22 | - /** |
|
| 23 | - * Certification path of the AC issuer. |
|
| 24 | - * |
|
| 25 | - * @var CertificationPath |
|
| 26 | - */ |
|
| 27 | - protected $_issuerPath; |
|
| 22 | + /** |
|
| 23 | + * Certification path of the AC issuer. |
|
| 24 | + * |
|
| 25 | + * @var CertificationPath |
|
| 26 | + */ |
|
| 27 | + protected $_issuerPath; |
|
| 28 | 28 | |
| 29 | - /** |
|
| 30 | - * Evaluation reference time. |
|
| 31 | - * |
|
| 32 | - * @var \DateTimeImmutable |
|
| 33 | - */ |
|
| 34 | - protected $_evalTime; |
|
| 29 | + /** |
|
| 30 | + * Evaluation reference time. |
|
| 31 | + * |
|
| 32 | + * @var \DateTimeImmutable |
|
| 33 | + */ |
|
| 34 | + protected $_evalTime; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Permitted targets. |
|
| 38 | - * |
|
| 39 | - * @var Target[] |
|
| 40 | - */ |
|
| 41 | - protected $_targets; |
|
| 36 | + /** |
|
| 37 | + * Permitted targets. |
|
| 38 | + * |
|
| 39 | + * @var Target[] |
|
| 40 | + */ |
|
| 41 | + protected $_targets; |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * Constructor. |
|
| 45 | - * |
|
| 46 | - * @param CertificationPath $holder_path Certification path of the AC holder |
|
| 47 | - * @param CertificationPath $issuer_path Certification path of the AC issuer |
|
| 48 | - */ |
|
| 49 | - public function __construct(CertificationPath $holder_path, |
|
| 50 | - CertificationPath $issuer_path) |
|
| 51 | - { |
|
| 52 | - $this->_holderPath = $holder_path; |
|
| 53 | - $this->_issuerPath = $issuer_path; |
|
| 54 | - $this->_evalTime = new \DateTimeImmutable(); |
|
| 55 | - $this->_targets = array(); |
|
| 56 | - } |
|
| 43 | + /** |
|
| 44 | + * Constructor. |
|
| 45 | + * |
|
| 46 | + * @param CertificationPath $holder_path Certification path of the AC holder |
|
| 47 | + * @param CertificationPath $issuer_path Certification path of the AC issuer |
|
| 48 | + */ |
|
| 49 | + public function __construct(CertificationPath $holder_path, |
|
| 50 | + CertificationPath $issuer_path) |
|
| 51 | + { |
|
| 52 | + $this->_holderPath = $holder_path; |
|
| 53 | + $this->_issuerPath = $issuer_path; |
|
| 54 | + $this->_evalTime = new \DateTimeImmutable(); |
|
| 55 | + $this->_targets = array(); |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * Get certification path of the AC's holder. |
|
| 60 | - * |
|
| 61 | - * @return CertificationPath |
|
| 62 | - */ |
|
| 63 | - public function holderPath(): CertificationPath |
|
| 64 | - { |
|
| 65 | - return $this->_holderPath; |
|
| 66 | - } |
|
| 58 | + /** |
|
| 59 | + * Get certification path of the AC's holder. |
|
| 60 | + * |
|
| 61 | + * @return CertificationPath |
|
| 62 | + */ |
|
| 63 | + public function holderPath(): CertificationPath |
|
| 64 | + { |
|
| 65 | + return $this->_holderPath; |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - /** |
|
| 69 | - * Get certification path of the AC's issuer. |
|
| 70 | - * |
|
| 71 | - * @return CertificationPath |
|
| 72 | - */ |
|
| 73 | - public function issuerPath(): CertificationPath |
|
| 74 | - { |
|
| 75 | - return $this->_issuerPath; |
|
| 76 | - } |
|
| 68 | + /** |
|
| 69 | + * Get certification path of the AC's issuer. |
|
| 70 | + * |
|
| 71 | + * @return CertificationPath |
|
| 72 | + */ |
|
| 73 | + public function issuerPath(): CertificationPath |
|
| 74 | + { |
|
| 75 | + return $this->_issuerPath; |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * Get self with given evaluation reference time. |
|
| 80 | - * |
|
| 81 | - * @param \DateTimeImmutable $dt |
|
| 82 | - * @return self |
|
| 83 | - */ |
|
| 84 | - public function withEvaluationTime(\DateTimeImmutable $dt): self |
|
| 85 | - { |
|
| 86 | - $obj = clone $this; |
|
| 87 | - $obj->_evalTime = $dt; |
|
| 88 | - return $obj; |
|
| 89 | - } |
|
| 78 | + /** |
|
| 79 | + * Get self with given evaluation reference time. |
|
| 80 | + * |
|
| 81 | + * @param \DateTimeImmutable $dt |
|
| 82 | + * @return self |
|
| 83 | + */ |
|
| 84 | + public function withEvaluationTime(\DateTimeImmutable $dt): self |
|
| 85 | + { |
|
| 86 | + $obj = clone $this; |
|
| 87 | + $obj->_evalTime = $dt; |
|
| 88 | + return $obj; |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - /** |
|
| 92 | - * Get the evaluation reference time. |
|
| 93 | - * |
|
| 94 | - * @return \DateTimeImmutable |
|
| 95 | - */ |
|
| 96 | - public function evaluationTime(): \DateTimeImmutable |
|
| 97 | - { |
|
| 98 | - return $this->_evalTime; |
|
| 99 | - } |
|
| 91 | + /** |
|
| 92 | + * Get the evaluation reference time. |
|
| 93 | + * |
|
| 94 | + * @return \DateTimeImmutable |
|
| 95 | + */ |
|
| 96 | + public function evaluationTime(): \DateTimeImmutable |
|
| 97 | + { |
|
| 98 | + return $this->_evalTime; |
|
| 99 | + } |
|
| 100 | 100 | |
| 101 | - /** |
|
| 102 | - * Get self with permitted targets. |
|
| 103 | - * |
|
| 104 | - * @param Target ...$targets |
|
| 105 | - * @return self |
|
| 106 | - */ |
|
| 107 | - public function withTargets(Target ...$targets): self |
|
| 108 | - { |
|
| 109 | - $obj = clone $this; |
|
| 110 | - $obj->_targets = $targets; |
|
| 111 | - return $obj; |
|
| 112 | - } |
|
| 101 | + /** |
|
| 102 | + * Get self with permitted targets. |
|
| 103 | + * |
|
| 104 | + * @param Target ...$targets |
|
| 105 | + * @return self |
|
| 106 | + */ |
|
| 107 | + public function withTargets(Target ...$targets): self |
|
| 108 | + { |
|
| 109 | + $obj = clone $this; |
|
| 110 | + $obj->_targets = $targets; |
|
| 111 | + return $obj; |
|
| 112 | + } |
|
| 113 | 113 | |
| 114 | - /** |
|
| 115 | - * Get array of permitted targets |
|
| 116 | - * |
|
| 117 | - * @return Target[] |
|
| 118 | - */ |
|
| 119 | - public function targets(): array |
|
| 120 | - { |
|
| 121 | - return $this->_targets; |
|
| 122 | - } |
|
| 114 | + /** |
|
| 115 | + * Get array of permitted targets |
|
| 116 | + * |
|
| 117 | + * @return Target[] |
|
| 118 | + */ |
|
| 119 | + public function targets(): array |
|
| 120 | + { |
|
| 121 | + return $this->_targets; |
|
| 122 | + } |
|
| 123 | 123 | } |
@@ -21,178 +21,178 @@ |
||
| 21 | 21 | */ |
| 22 | 22 | class ACValidator |
| 23 | 23 | { |
| 24 | - /** |
|
| 25 | - * Attribute certificate. |
|
| 26 | - * |
|
| 27 | - * @var AttributeCertificate |
|
| 28 | - */ |
|
| 29 | - protected $_ac; |
|
| 24 | + /** |
|
| 25 | + * Attribute certificate. |
|
| 26 | + * |
|
| 27 | + * @var AttributeCertificate |
|
| 28 | + */ |
|
| 29 | + protected $_ac; |
|
| 30 | 30 | |
| 31 | - /** |
|
| 32 | - * Validation configuration. |
|
| 33 | - * |
|
| 34 | - * @var ACValidationConfig |
|
| 35 | - */ |
|
| 36 | - protected $_config; |
|
| 31 | + /** |
|
| 32 | + * Validation configuration. |
|
| 33 | + * |
|
| 34 | + * @var ACValidationConfig |
|
| 35 | + */ |
|
| 36 | + protected $_config; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * Crypto engine. |
|
| 40 | - * |
|
| 41 | - * @var Crypto |
|
| 42 | - */ |
|
| 43 | - protected $_crypto; |
|
| 38 | + /** |
|
| 39 | + * Crypto engine. |
|
| 40 | + * |
|
| 41 | + * @var Crypto |
|
| 42 | + */ |
|
| 43 | + protected $_crypto; |
|
| 44 | 44 | |
| 45 | - /** |
|
| 46 | - * Constructor. |
|
| 47 | - * |
|
| 48 | - * @param AttributeCertificate $ac Attribute certificate to validate |
|
| 49 | - * @param ACValidationConfig $config Validation configuration |
|
| 50 | - * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 51 | - */ |
|
| 52 | - public function __construct(AttributeCertificate $ac, |
|
| 53 | - ACValidationConfig $config, Crypto $crypto = null) |
|
| 54 | - { |
|
| 55 | - $this->_ac = $ac; |
|
| 56 | - $this->_config = $config; |
|
| 57 | - $this->_crypto = $crypto ?: Crypto::getDefault(); |
|
| 58 | - } |
|
| 45 | + /** |
|
| 46 | + * Constructor. |
|
| 47 | + * |
|
| 48 | + * @param AttributeCertificate $ac Attribute certificate to validate |
|
| 49 | + * @param ACValidationConfig $config Validation configuration |
|
| 50 | + * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 51 | + */ |
|
| 52 | + public function __construct(AttributeCertificate $ac, |
|
| 53 | + ACValidationConfig $config, Crypto $crypto = null) |
|
| 54 | + { |
|
| 55 | + $this->_ac = $ac; |
|
| 56 | + $this->_config = $config; |
|
| 57 | + $this->_crypto = $crypto ?: Crypto::getDefault(); |
|
| 58 | + } |
|
| 59 | 59 | |
| 60 | - /** |
|
| 61 | - * Validate attribute certificate. |
|
| 62 | - * |
|
| 63 | - * @throws ACValidationException If validation fails |
|
| 64 | - * @return AttributeCertificate Validated AC |
|
| 65 | - */ |
|
| 66 | - public function validate(): AttributeCertificate |
|
| 67 | - { |
|
| 68 | - $this->_validateHolder(); |
|
| 69 | - $issuer = $this->_verifyIssuer(); |
|
| 70 | - $this->_validateIssuerProfile($issuer); |
|
| 71 | - $this->_validateTime(); |
|
| 72 | - $this->_validateTargeting(); |
|
| 73 | - return $this->_ac; |
|
| 74 | - } |
|
| 60 | + /** |
|
| 61 | + * Validate attribute certificate. |
|
| 62 | + * |
|
| 63 | + * @throws ACValidationException If validation fails |
|
| 64 | + * @return AttributeCertificate Validated AC |
|
| 65 | + */ |
|
| 66 | + public function validate(): AttributeCertificate |
|
| 67 | + { |
|
| 68 | + $this->_validateHolder(); |
|
| 69 | + $issuer = $this->_verifyIssuer(); |
|
| 70 | + $this->_validateIssuerProfile($issuer); |
|
| 71 | + $this->_validateTime(); |
|
| 72 | + $this->_validateTargeting(); |
|
| 73 | + return $this->_ac; |
|
| 74 | + } |
|
| 75 | 75 | |
| 76 | - /** |
|
| 77 | - * Validate AC holder's certification. |
|
| 78 | - * |
|
| 79 | - * @throws ACValidationException |
|
| 80 | - * @return Certificate Certificate of the AC's holder |
|
| 81 | - */ |
|
| 82 | - private function _validateHolder(): Certificate |
|
| 83 | - { |
|
| 84 | - $path = $this->_config->holderPath(); |
|
| 85 | - $config = PathValidationConfig::defaultConfig()->withMaxLength( |
|
| 86 | - count($path))->withDateTime($this->_config->evaluationTime()); |
|
| 87 | - try { |
|
| 88 | - $holder = $path->validate($config, $this->_crypto)->certificate(); |
|
| 89 | - } catch (PathValidationException $e) { |
|
| 90 | - throw new ACValidationException( |
|
| 91 | - "Failed to validate holder PKC's certification path.", 0, $e); |
|
| 92 | - } |
|
| 93 | - if (!$this->_ac->isHeldBy($holder)) { |
|
| 94 | - throw new ACValidationException("Name mismatch of AC's holder PKC."); |
|
| 95 | - } |
|
| 96 | - return $holder; |
|
| 97 | - } |
|
| 76 | + /** |
|
| 77 | + * Validate AC holder's certification. |
|
| 78 | + * |
|
| 79 | + * @throws ACValidationException |
|
| 80 | + * @return Certificate Certificate of the AC's holder |
|
| 81 | + */ |
|
| 82 | + private function _validateHolder(): Certificate |
|
| 83 | + { |
|
| 84 | + $path = $this->_config->holderPath(); |
|
| 85 | + $config = PathValidationConfig::defaultConfig()->withMaxLength( |
|
| 86 | + count($path))->withDateTime($this->_config->evaluationTime()); |
|
| 87 | + try { |
|
| 88 | + $holder = $path->validate($config, $this->_crypto)->certificate(); |
|
| 89 | + } catch (PathValidationException $e) { |
|
| 90 | + throw new ACValidationException( |
|
| 91 | + "Failed to validate holder PKC's certification path.", 0, $e); |
|
| 92 | + } |
|
| 93 | + if (!$this->_ac->isHeldBy($holder)) { |
|
| 94 | + throw new ACValidationException("Name mismatch of AC's holder PKC."); |
|
| 95 | + } |
|
| 96 | + return $holder; |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | - /** |
|
| 100 | - * Verify AC's signature and issuer's certification. |
|
| 101 | - * |
|
| 102 | - * @throws ACValidationException |
|
| 103 | - * @return Certificate Certificate of the AC's issuer |
|
| 104 | - */ |
|
| 105 | - private function _verifyIssuer(): Certificate |
|
| 106 | - { |
|
| 107 | - $path = $this->_config->issuerPath(); |
|
| 108 | - $config = PathValidationConfig::defaultConfig()->withMaxLength( |
|
| 109 | - count($path))->withDateTime($this->_config->evaluationTime()); |
|
| 110 | - try { |
|
| 111 | - $issuer = $path->validate($config, $this->_crypto)->certificate(); |
|
| 112 | - } catch (PathValidationException $e) { |
|
| 113 | - throw new ACValidationException( |
|
| 114 | - "Failed to validate issuer PKC's certification path.", 0, $e); |
|
| 115 | - } |
|
| 116 | - if (!$this->_ac->isIssuedBy($issuer)) { |
|
| 117 | - throw new ACValidationException("Name mismatch of AC's issuer PKC."); |
|
| 118 | - } |
|
| 119 | - $pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo(); |
|
| 120 | - if (!$this->_ac->verify($pubkey_info, $this->_crypto)) { |
|
| 121 | - throw new ACValidationException("Failed to verify signature."); |
|
| 122 | - } |
|
| 123 | - return $issuer; |
|
| 124 | - } |
|
| 99 | + /** |
|
| 100 | + * Verify AC's signature and issuer's certification. |
|
| 101 | + * |
|
| 102 | + * @throws ACValidationException |
|
| 103 | + * @return Certificate Certificate of the AC's issuer |
|
| 104 | + */ |
|
| 105 | + private function _verifyIssuer(): Certificate |
|
| 106 | + { |
|
| 107 | + $path = $this->_config->issuerPath(); |
|
| 108 | + $config = PathValidationConfig::defaultConfig()->withMaxLength( |
|
| 109 | + count($path))->withDateTime($this->_config->evaluationTime()); |
|
| 110 | + try { |
|
| 111 | + $issuer = $path->validate($config, $this->_crypto)->certificate(); |
|
| 112 | + } catch (PathValidationException $e) { |
|
| 113 | + throw new ACValidationException( |
|
| 114 | + "Failed to validate issuer PKC's certification path.", 0, $e); |
|
| 115 | + } |
|
| 116 | + if (!$this->_ac->isIssuedBy($issuer)) { |
|
| 117 | + throw new ACValidationException("Name mismatch of AC's issuer PKC."); |
|
| 118 | + } |
|
| 119 | + $pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo(); |
|
| 120 | + if (!$this->_ac->verify($pubkey_info, $this->_crypto)) { |
|
| 121 | + throw new ACValidationException("Failed to verify signature."); |
|
| 122 | + } |
|
| 123 | + return $issuer; |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * Validate AC issuer's profile. |
|
| 128 | - * |
|
| 129 | - * @link https://tools.ietf.org/html/rfc5755#section-4.5 |
|
| 130 | - * @param Certificate $cert |
|
| 131 | - * @throws ACValidationException |
|
| 132 | - */ |
|
| 133 | - private function _validateIssuerProfile(Certificate $cert) |
|
| 134 | - { |
|
| 135 | - $exts = $cert->tbsCertificate()->extensions(); |
|
| 136 | - if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) { |
|
| 137 | - throw new ACValidationException( |
|
| 138 | - "Issuer PKC's Key Usage extension doesn't permit" . |
|
| 139 | - " verification of digital signatures."); |
|
| 140 | - } |
|
| 141 | - if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) { |
|
| 142 | - throw new ACValidationException("Issuer PKC must not be a CA."); |
|
| 143 | - } |
|
| 144 | - } |
|
| 126 | + /** |
|
| 127 | + * Validate AC issuer's profile. |
|
| 128 | + * |
|
| 129 | + * @link https://tools.ietf.org/html/rfc5755#section-4.5 |
|
| 130 | + * @param Certificate $cert |
|
| 131 | + * @throws ACValidationException |
|
| 132 | + */ |
|
| 133 | + private function _validateIssuerProfile(Certificate $cert) |
|
| 134 | + { |
|
| 135 | + $exts = $cert->tbsCertificate()->extensions(); |
|
| 136 | + if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) { |
|
| 137 | + throw new ACValidationException( |
|
| 138 | + "Issuer PKC's Key Usage extension doesn't permit" . |
|
| 139 | + " verification of digital signatures."); |
|
| 140 | + } |
|
| 141 | + if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) { |
|
| 142 | + throw new ACValidationException("Issuer PKC must not be a CA."); |
|
| 143 | + } |
|
| 144 | + } |
|
| 145 | 145 | |
| 146 | - /** |
|
| 147 | - * Validate AC's validity period. |
|
| 148 | - * |
|
| 149 | - * @throws ACValidationException |
|
| 150 | - */ |
|
| 151 | - private function _validateTime() |
|
| 152 | - { |
|
| 153 | - $t = $this->_config->evaluationTime(); |
|
| 154 | - $validity = $this->_ac->acinfo()->validityPeriod(); |
|
| 155 | - if ($validity->notBeforeTime()->diff($t)->invert) { |
|
| 156 | - throw new ACValidationException("Validity period has not started."); |
|
| 157 | - } |
|
| 158 | - if ($t->diff($validity->notAfterTime())->invert) { |
|
| 159 | - throw new ACValidationException("Attribute certificate has expired."); |
|
| 160 | - } |
|
| 161 | - } |
|
| 146 | + /** |
|
| 147 | + * Validate AC's validity period. |
|
| 148 | + * |
|
| 149 | + * @throws ACValidationException |
|
| 150 | + */ |
|
| 151 | + private function _validateTime() |
|
| 152 | + { |
|
| 153 | + $t = $this->_config->evaluationTime(); |
|
| 154 | + $validity = $this->_ac->acinfo()->validityPeriod(); |
|
| 155 | + if ($validity->notBeforeTime()->diff($t)->invert) { |
|
| 156 | + throw new ACValidationException("Validity period has not started."); |
|
| 157 | + } |
|
| 158 | + if ($t->diff($validity->notAfterTime())->invert) { |
|
| 159 | + throw new ACValidationException("Attribute certificate has expired."); |
|
| 160 | + } |
|
| 161 | + } |
|
| 162 | 162 | |
| 163 | - /** |
|
| 164 | - * Validate AC's target information. |
|
| 165 | - * |
|
| 166 | - * @throws ACValidationException |
|
| 167 | - */ |
|
| 168 | - private function _validateTargeting() |
|
| 169 | - { |
|
| 170 | - $exts = $this->_ac->acinfo()->extensions(); |
|
| 171 | - // if target information extension is not present |
|
| 172 | - if (!$exts->has(Extension::OID_TARGET_INFORMATION)) { |
|
| 173 | - return; |
|
| 174 | - } |
|
| 175 | - $ext = $exts->get(Extension::OID_TARGET_INFORMATION); |
|
| 176 | - if ($ext instanceof TargetInformationExtension && |
|
| 177 | - !$this->_hasMatchingTarget($ext->targets())) { |
|
| 178 | - throw new ACValidationException( |
|
| 179 | - "Attribute certificate doesn't have a matching target."); |
|
| 180 | - } |
|
| 181 | - } |
|
| 163 | + /** |
|
| 164 | + * Validate AC's target information. |
|
| 165 | + * |
|
| 166 | + * @throws ACValidationException |
|
| 167 | + */ |
|
| 168 | + private function _validateTargeting() |
|
| 169 | + { |
|
| 170 | + $exts = $this->_ac->acinfo()->extensions(); |
|
| 171 | + // if target information extension is not present |
|
| 172 | + if (!$exts->has(Extension::OID_TARGET_INFORMATION)) { |
|
| 173 | + return; |
|
| 174 | + } |
|
| 175 | + $ext = $exts->get(Extension::OID_TARGET_INFORMATION); |
|
| 176 | + if ($ext instanceof TargetInformationExtension && |
|
| 177 | + !$this->_hasMatchingTarget($ext->targets())) { |
|
| 178 | + throw new ACValidationException( |
|
| 179 | + "Attribute certificate doesn't have a matching target."); |
|
| 180 | + } |
|
| 181 | + } |
|
| 182 | 182 | |
| 183 | - /** |
|
| 184 | - * Check whether validation configuration has matching targets. |
|
| 185 | - * |
|
| 186 | - * @param Targets $targets Set of eligible targets |
|
| 187 | - * @return boolean |
|
| 188 | - */ |
|
| 189 | - private function _hasMatchingTarget(Targets $targets): bool |
|
| 190 | - { |
|
| 191 | - foreach ($this->_config->targets() as $target) { |
|
| 192 | - if ($targets->hasTarget($target)) { |
|
| 193 | - return true; |
|
| 194 | - } |
|
| 195 | - } |
|
| 196 | - return false; |
|
| 197 | - } |
|
| 183 | + /** |
|
| 184 | + * Check whether validation configuration has matching targets. |
|
| 185 | + * |
|
| 186 | + * @param Targets $targets Set of eligible targets |
|
| 187 | + * @return boolean |
|
| 188 | + */ |
|
| 189 | + private function _hasMatchingTarget(Targets $targets): bool |
|
| 190 | + { |
|
| 191 | + foreach ($this->_config->targets() as $target) { |
|
| 192 | + if ($targets->hasTarget($target)) { |
|
| 193 | + return true; |
|
| 194 | + } |
|
| 195 | + } |
|
| 196 | + return false; |
|
| 197 | + } |
|
| 198 | 198 | } |
@@ -18,66 +18,66 @@ |
||
| 18 | 18 | */ |
| 19 | 19 | abstract class AttCertIssuer |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * Generate ASN.1 element. |
|
| 23 | - * |
|
| 24 | - * @return Element |
|
| 25 | - */ |
|
| 26 | - abstract public function toASN1(); |
|
| 21 | + /** |
|
| 22 | + * Generate ASN.1 element. |
|
| 23 | + * |
|
| 24 | + * @return Element |
|
| 25 | + */ |
|
| 26 | + abstract public function toASN1(); |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * Check whether AttCertIssuer identifies given certificate. |
|
| 30 | - * |
|
| 31 | - * @param Certificate $cert |
|
| 32 | - * @return bool |
|
| 33 | - */ |
|
| 34 | - abstract public function identifiesPKC(Certificate $cert): bool; |
|
| 28 | + /** |
|
| 29 | + * Check whether AttCertIssuer identifies given certificate. |
|
| 30 | + * |
|
| 31 | + * @param Certificate $cert |
|
| 32 | + * @return bool |
|
| 33 | + */ |
|
| 34 | + abstract public function identifiesPKC(Certificate $cert): bool; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Initialize from distinguished name. |
|
| 38 | - * |
|
| 39 | - * This conforms to RFC 5755 which states that only v2Form must be used, |
|
| 40 | - * and issuerName must contain exactly one GeneralName of DirectoryName |
|
| 41 | - * type. |
|
| 42 | - * |
|
| 43 | - * @link https://tools.ietf.org/html/rfc5755#section-4.2.3 |
|
| 44 | - * @param Name $name |
|
| 45 | - * @return self |
|
| 46 | - */ |
|
| 47 | - public static function fromName(Name $name): self |
|
| 48 | - { |
|
| 49 | - return new V2Form(new GeneralNames(new DirectoryName($name))); |
|
| 50 | - } |
|
| 36 | + /** |
|
| 37 | + * Initialize from distinguished name. |
|
| 38 | + * |
|
| 39 | + * This conforms to RFC 5755 which states that only v2Form must be used, |
|
| 40 | + * and issuerName must contain exactly one GeneralName of DirectoryName |
|
| 41 | + * type. |
|
| 42 | + * |
|
| 43 | + * @link https://tools.ietf.org/html/rfc5755#section-4.2.3 |
|
| 44 | + * @param Name $name |
|
| 45 | + * @return self |
|
| 46 | + */ |
|
| 47 | + public static function fromName(Name $name): self |
|
| 48 | + { |
|
| 49 | + return new V2Form(new GeneralNames(new DirectoryName($name))); |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * Initialize from an issuer's public key certificate. |
|
| 54 | - * |
|
| 55 | - * @param Certificate $cert |
|
| 56 | - * @return self |
|
| 57 | - */ |
|
| 58 | - public static function fromPKC(Certificate $cert): self |
|
| 59 | - { |
|
| 60 | - return self::fromName($cert->tbsCertificate()->subject()); |
|
| 61 | - } |
|
| 52 | + /** |
|
| 53 | + * Initialize from an issuer's public key certificate. |
|
| 54 | + * |
|
| 55 | + * @param Certificate $cert |
|
| 56 | + * @return self |
|
| 57 | + */ |
|
| 58 | + public static function fromPKC(Certificate $cert): self |
|
| 59 | + { |
|
| 60 | + return self::fromName($cert->tbsCertificate()->subject()); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - /** |
|
| 64 | - * Initialize from ASN.1. |
|
| 65 | - * |
|
| 66 | - * @param UnspecifiedType $el CHOICE |
|
| 67 | - * @throws \UnexpectedValueException |
|
| 68 | - * @return self |
|
| 69 | - */ |
|
| 70 | - public static function fromASN1(UnspecifiedType $el): self |
|
| 71 | - { |
|
| 72 | - if (!$el->isTagged()) { |
|
| 73 | - throw new \UnexpectedValueException("v1Form issuer not supported."); |
|
| 74 | - } |
|
| 75 | - $tagged = $el->asTagged(); |
|
| 76 | - switch ($tagged->tag()) { |
|
| 77 | - case 0: |
|
| 78 | - return V2Form::fromV2ASN1( |
|
| 79 | - $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence()); |
|
| 80 | - } |
|
| 81 | - throw new \UnexpectedValueException("Unsupported issuer type."); |
|
| 82 | - } |
|
| 63 | + /** |
|
| 64 | + * Initialize from ASN.1. |
|
| 65 | + * |
|
| 66 | + * @param UnspecifiedType $el CHOICE |
|
| 67 | + * @throws \UnexpectedValueException |
|
| 68 | + * @return self |
|
| 69 | + */ |
|
| 70 | + public static function fromASN1(UnspecifiedType $el): self |
|
| 71 | + { |
|
| 72 | + if (!$el->isTagged()) { |
|
| 73 | + throw new \UnexpectedValueException("v1Form issuer not supported."); |
|
| 74 | + } |
|
| 75 | + $tagged = $el->asTagged(); |
|
| 76 | + switch ($tagged->tag()) { |
|
| 77 | + case 0: |
|
| 78 | + return V2Form::fromV2ASN1( |
|
| 79 | + $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence()); |
|
| 80 | + } |
|
| 81 | + throw new \UnexpectedValueException("Unsupported issuer type."); |
|
| 82 | + } |
|
| 83 | 83 | } |
@@ -15,94 +15,94 @@ |
||
| 15 | 15 | */ |
| 16 | 16 | class AttCertValidityPeriod |
| 17 | 17 | { |
| 18 | - use DateTimeHelper; |
|
| 18 | + use DateTimeHelper; |
|
| 19 | 19 | |
| 20 | - /** |
|
| 21 | - * Not before time. |
|
| 22 | - * |
|
| 23 | - * @var \DateTimeImmutable |
|
| 24 | - */ |
|
| 25 | - protected $_notBeforeTime; |
|
| 20 | + /** |
|
| 21 | + * Not before time. |
|
| 22 | + * |
|
| 23 | + * @var \DateTimeImmutable |
|
| 24 | + */ |
|
| 25 | + protected $_notBeforeTime; |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * Not after time. |
|
| 29 | - * |
|
| 30 | - * @var \DateTimeImmutable |
|
| 31 | - */ |
|
| 32 | - protected $_notAfterTime; |
|
| 27 | + /** |
|
| 28 | + * Not after time. |
|
| 29 | + * |
|
| 30 | + * @var \DateTimeImmutable |
|
| 31 | + */ |
|
| 32 | + protected $_notAfterTime; |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Constructor. |
|
| 36 | - * |
|
| 37 | - * @param \DateTimeImmutable $nb |
|
| 38 | - * @param \DateTimeImmutable $na |
|
| 39 | - */ |
|
| 40 | - public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na) |
|
| 41 | - { |
|
| 42 | - $this->_notBeforeTime = $nb; |
|
| 43 | - $this->_notAfterTime = $na; |
|
| 44 | - } |
|
| 34 | + /** |
|
| 35 | + * Constructor. |
|
| 36 | + * |
|
| 37 | + * @param \DateTimeImmutable $nb |
|
| 38 | + * @param \DateTimeImmutable $na |
|
| 39 | + */ |
|
| 40 | + public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na) |
|
| 41 | + { |
|
| 42 | + $this->_notBeforeTime = $nb; |
|
| 43 | + $this->_notAfterTime = $na; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * Initialize from ASN.1. |
|
| 48 | - * |
|
| 49 | - * @param Sequence $seq |
|
| 50 | - * @return self |
|
| 51 | - */ |
|
| 52 | - public static function fromASN1(Sequence $seq): self |
|
| 53 | - { |
|
| 54 | - $nb = $seq->at(0) |
|
| 55 | - ->asGeneralizedTime() |
|
| 56 | - ->dateTime(); |
|
| 57 | - $na = $seq->at(1) |
|
| 58 | - ->asGeneralizedTime() |
|
| 59 | - ->dateTime(); |
|
| 60 | - return new self($nb, $na); |
|
| 61 | - } |
|
| 46 | + /** |
|
| 47 | + * Initialize from ASN.1. |
|
| 48 | + * |
|
| 49 | + * @param Sequence $seq |
|
| 50 | + * @return self |
|
| 51 | + */ |
|
| 52 | + public static function fromASN1(Sequence $seq): self |
|
| 53 | + { |
|
| 54 | + $nb = $seq->at(0) |
|
| 55 | + ->asGeneralizedTime() |
|
| 56 | + ->dateTime(); |
|
| 57 | + $na = $seq->at(1) |
|
| 58 | + ->asGeneralizedTime() |
|
| 59 | + ->dateTime(); |
|
| 60 | + return new self($nb, $na); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - /** |
|
| 64 | - * Initialize from date strings. |
|
| 65 | - * |
|
| 66 | - * @param string|null $nb_date Not before date |
|
| 67 | - * @param string|null $na_date Not after date |
|
| 68 | - * @param string|null $tz Timezone string |
|
| 69 | - * @return self |
|
| 70 | - */ |
|
| 71 | - public static function fromStrings($nb_date, $na_date, $tz = null): self |
|
| 72 | - { |
|
| 73 | - $nb = self::_createDateTime($nb_date, $tz); |
|
| 74 | - $na = self::_createDateTime($na_date, $tz); |
|
| 75 | - return new self($nb, $na); |
|
| 76 | - } |
|
| 63 | + /** |
|
| 64 | + * Initialize from date strings. |
|
| 65 | + * |
|
| 66 | + * @param string|null $nb_date Not before date |
|
| 67 | + * @param string|null $na_date Not after date |
|
| 68 | + * @param string|null $tz Timezone string |
|
| 69 | + * @return self |
|
| 70 | + */ |
|
| 71 | + public static function fromStrings($nb_date, $na_date, $tz = null): self |
|
| 72 | + { |
|
| 73 | + $nb = self::_createDateTime($nb_date, $tz); |
|
| 74 | + $na = self::_createDateTime($na_date, $tz); |
|
| 75 | + return new self($nb, $na); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * Get not before time. |
|
| 80 | - * |
|
| 81 | - * @return \DateTimeImmutable |
|
| 82 | - */ |
|
| 83 | - public function notBeforeTime(): \DateTimeImmutable |
|
| 84 | - { |
|
| 85 | - return $this->_notBeforeTime; |
|
| 86 | - } |
|
| 78 | + /** |
|
| 79 | + * Get not before time. |
|
| 80 | + * |
|
| 81 | + * @return \DateTimeImmutable |
|
| 82 | + */ |
|
| 83 | + public function notBeforeTime(): \DateTimeImmutable |
|
| 84 | + { |
|
| 85 | + return $this->_notBeforeTime; |
|
| 86 | + } |
|
| 87 | 87 | |
| 88 | - /** |
|
| 89 | - * Get not after time. |
|
| 90 | - * |
|
| 91 | - * @return \DateTimeImmutable |
|
| 92 | - */ |
|
| 93 | - public function notAfterTime(): \DateTimeImmutable |
|
| 94 | - { |
|
| 95 | - return $this->_notAfterTime; |
|
| 96 | - } |
|
| 88 | + /** |
|
| 89 | + * Get not after time. |
|
| 90 | + * |
|
| 91 | + * @return \DateTimeImmutable |
|
| 92 | + */ |
|
| 93 | + public function notAfterTime(): \DateTimeImmutable |
|
| 94 | + { |
|
| 95 | + return $this->_notAfterTime; |
|
| 96 | + } |
|
| 97 | 97 | |
| 98 | - /** |
|
| 99 | - * Generate ASN.1 structure. |
|
| 100 | - * |
|
| 101 | - * @return Sequence |
|
| 102 | - */ |
|
| 103 | - public function toASN1(): Sequence |
|
| 104 | - { |
|
| 105 | - return new Sequence(new GeneralizedTime($this->_notBeforeTime), |
|
| 106 | - new GeneralizedTime($this->_notAfterTime)); |
|
| 107 | - } |
|
| 98 | + /** |
|
| 99 | + * Generate ASN.1 structure. |
|
| 100 | + * |
|
| 101 | + * @return Sequence |
|
| 102 | + */ |
|
| 103 | + public function toASN1(): Sequence |
|
| 104 | + { |
|
| 105 | + return new Sequence(new GeneralizedTime($this->_notBeforeTime), |
|
| 106 | + new GeneralizedTime($this->_notAfterTime)); |
|
| 107 | + } |
|
| 108 | 108 | } |
@@ -15,87 +15,87 @@ |
||
| 15 | 15 | */ |
| 16 | 16 | class GeneralSubtrees implements \Countable, \IteratorAggregate |
| 17 | 17 | { |
| 18 | - /** |
|
| 19 | - * Subtrees. |
|
| 20 | - * |
|
| 21 | - * @var GeneralSubtree[] $_subtrees |
|
| 22 | - */ |
|
| 23 | - protected $_subtrees; |
|
| 18 | + /** |
|
| 19 | + * Subtrees. |
|
| 20 | + * |
|
| 21 | + * @var GeneralSubtree[] $_subtrees |
|
| 22 | + */ |
|
| 23 | + protected $_subtrees; |
|
| 24 | 24 | |
| 25 | - /** |
|
| 26 | - * Constructor. |
|
| 27 | - * |
|
| 28 | - * @param GeneralSubtree ...$subtrees |
|
| 29 | - */ |
|
| 30 | - public function __construct(GeneralSubtree ...$subtrees) |
|
| 31 | - { |
|
| 32 | - $this->_subtrees = $subtrees; |
|
| 33 | - } |
|
| 25 | + /** |
|
| 26 | + * Constructor. |
|
| 27 | + * |
|
| 28 | + * @param GeneralSubtree ...$subtrees |
|
| 29 | + */ |
|
| 30 | + public function __construct(GeneralSubtree ...$subtrees) |
|
| 31 | + { |
|
| 32 | + $this->_subtrees = $subtrees; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - /** |
|
| 36 | - * Initialize from ASN.1. |
|
| 37 | - * |
|
| 38 | - * @param Sequence $seq |
|
| 39 | - * @return self |
|
| 40 | - */ |
|
| 41 | - public static function fromASN1(Sequence $seq): self |
|
| 42 | - { |
|
| 43 | - $subtrees = array_map( |
|
| 44 | - function (UnspecifiedType $el) { |
|
| 45 | - return GeneralSubtree::fromASN1($el->asSequence()); |
|
| 46 | - }, $seq->elements()); |
|
| 47 | - if (!count($subtrees)) { |
|
| 48 | - throw new \UnexpectedValueException( |
|
| 49 | - "GeneralSubtrees must contain at least one GeneralSubtree."); |
|
| 50 | - } |
|
| 51 | - return new self(...$subtrees); |
|
| 52 | - } |
|
| 35 | + /** |
|
| 36 | + * Initialize from ASN.1. |
|
| 37 | + * |
|
| 38 | + * @param Sequence $seq |
|
| 39 | + * @return self |
|
| 40 | + */ |
|
| 41 | + public static function fromASN1(Sequence $seq): self |
|
| 42 | + { |
|
| 43 | + $subtrees = array_map( |
|
| 44 | + function (UnspecifiedType $el) { |
|
| 45 | + return GeneralSubtree::fromASN1($el->asSequence()); |
|
| 46 | + }, $seq->elements()); |
|
| 47 | + if (!count($subtrees)) { |
|
| 48 | + throw new \UnexpectedValueException( |
|
| 49 | + "GeneralSubtrees must contain at least one GeneralSubtree."); |
|
| 50 | + } |
|
| 51 | + return new self(...$subtrees); |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * Get all subtrees. |
|
| 56 | - * |
|
| 57 | - * @return GeneralSubtree[] |
|
| 58 | - */ |
|
| 59 | - public function all(): array |
|
| 60 | - { |
|
| 61 | - return $this->_subtrees; |
|
| 62 | - } |
|
| 54 | + /** |
|
| 55 | + * Get all subtrees. |
|
| 56 | + * |
|
| 57 | + * @return GeneralSubtree[] |
|
| 58 | + */ |
|
| 59 | + public function all(): array |
|
| 60 | + { |
|
| 61 | + return $this->_subtrees; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * Generate ASN.1 structure. |
|
| 66 | - * |
|
| 67 | - * @return Sequence |
|
| 68 | - */ |
|
| 69 | - public function toASN1(): Sequence |
|
| 70 | - { |
|
| 71 | - if (!count($this->_subtrees)) { |
|
| 72 | - throw new \LogicException("No subtrees."); |
|
| 73 | - } |
|
| 74 | - $elements = array_map( |
|
| 75 | - function (GeneralSubtree $gs) { |
|
| 76 | - return $gs->toASN1(); |
|
| 77 | - }, $this->_subtrees); |
|
| 78 | - return new Sequence(...$elements); |
|
| 79 | - } |
|
| 64 | + /** |
|
| 65 | + * Generate ASN.1 structure. |
|
| 66 | + * |
|
| 67 | + * @return Sequence |
|
| 68 | + */ |
|
| 69 | + public function toASN1(): Sequence |
|
| 70 | + { |
|
| 71 | + if (!count($this->_subtrees)) { |
|
| 72 | + throw new \LogicException("No subtrees."); |
|
| 73 | + } |
|
| 74 | + $elements = array_map( |
|
| 75 | + function (GeneralSubtree $gs) { |
|
| 76 | + return $gs->toASN1(); |
|
| 77 | + }, $this->_subtrees); |
|
| 78 | + return new Sequence(...$elements); |
|
| 79 | + } |
|
| 80 | 80 | |
| 81 | - /** |
|
| 82 | - * |
|
| 83 | - * @see \Countable::count() |
|
| 84 | - * @return int |
|
| 85 | - */ |
|
| 86 | - public function count(): int |
|
| 87 | - { |
|
| 88 | - return count($this->_subtrees); |
|
| 89 | - } |
|
| 81 | + /** |
|
| 82 | + * |
|
| 83 | + * @see \Countable::count() |
|
| 84 | + * @return int |
|
| 85 | + */ |
|
| 86 | + public function count(): int |
|
| 87 | + { |
|
| 88 | + return count($this->_subtrees); |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - /** |
|
| 92 | - * Get iterator for subtrees. |
|
| 93 | - * |
|
| 94 | - * @see \IteratorAggregate::getIterator() |
|
| 95 | - * @return \ArrayIterator |
|
| 96 | - */ |
|
| 97 | - public function getIterator(): \ArrayIterator |
|
| 98 | - { |
|
| 99 | - return new \ArrayIterator($this->_subtrees); |
|
| 100 | - } |
|
| 91 | + /** |
|
| 92 | + * Get iterator for subtrees. |
|
| 93 | + * |
|
| 94 | + * @see \IteratorAggregate::getIterator() |
|
| 95 | + * @return \ArrayIterator |
|
| 96 | + */ |
|
| 97 | + public function getIterator(): \ArrayIterator |
|
| 98 | + { |
|
| 99 | + return new \ArrayIterator($this->_subtrees); |
|
| 100 | + } |
|
| 101 | 101 | } |
@@ -16,207 +16,207 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | class PolicyInformation implements \Countable, \IteratorAggregate |
| 18 | 18 | { |
| 19 | - /** |
|
| 20 | - * Wildcard policy. |
|
| 21 | - * |
|
| 22 | - * @var string |
|
| 23 | - */ |
|
| 24 | - const OID_ANY_POLICY = "2.5.29.32.0"; |
|
| 25 | - |
|
| 26 | - /** |
|
| 27 | - * Policy identifier. |
|
| 28 | - * |
|
| 29 | - * @var string $_oid |
|
| 30 | - */ |
|
| 31 | - protected $_oid; |
|
| 32 | - |
|
| 33 | - /** |
|
| 34 | - * Policy qualifiers. |
|
| 35 | - * |
|
| 36 | - * @var PolicyQualifierInfo[] $_qualifiers |
|
| 37 | - */ |
|
| 38 | - protected $_qualifiers; |
|
| 39 | - |
|
| 40 | - /** |
|
| 41 | - * Constructor. |
|
| 42 | - * |
|
| 43 | - * @param string $oid |
|
| 44 | - * @param PolicyQualifierInfo ...$qualifiers |
|
| 45 | - */ |
|
| 46 | - public function __construct(string $oid, PolicyQualifierInfo ...$qualifiers) |
|
| 47 | - { |
|
| 48 | - $this->_oid = $oid; |
|
| 49 | - $this->_qualifiers = array(); |
|
| 50 | - foreach ($qualifiers as $qual) { |
|
| 51 | - $this->_qualifiers[$qual->oid()] = $qual; |
|
| 52 | - } |
|
| 53 | - } |
|
| 54 | - |
|
| 55 | - /** |
|
| 56 | - * Initialize from ASN.1. |
|
| 57 | - * |
|
| 58 | - * @param Sequence $seq |
|
| 59 | - * @return self |
|
| 60 | - */ |
|
| 61 | - public static function fromASN1(Sequence $seq): self |
|
| 62 | - { |
|
| 63 | - $oid = $seq->at(0) |
|
| 64 | - ->asObjectIdentifier() |
|
| 65 | - ->oid(); |
|
| 66 | - $qualifiers = array(); |
|
| 67 | - if (count($seq) > 1) { |
|
| 68 | - $qualifiers = array_map( |
|
| 69 | - function (UnspecifiedType $el) { |
|
| 70 | - return PolicyQualifierInfo::fromASN1($el->asSequence()); |
|
| 71 | - }, |
|
| 72 | - $seq->at(1) |
|
| 73 | - ->asSequence() |
|
| 74 | - ->elements()); |
|
| 75 | - } |
|
| 76 | - return new self($oid, ...$qualifiers); |
|
| 77 | - } |
|
| 78 | - |
|
| 79 | - /** |
|
| 80 | - * Get policy identifier. |
|
| 81 | - * |
|
| 82 | - * @return string |
|
| 83 | - */ |
|
| 84 | - public function oid(): string |
|
| 85 | - { |
|
| 86 | - return $this->_oid; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * Check whether this policy is anyPolicy. |
|
| 91 | - * |
|
| 92 | - * @return bool |
|
| 93 | - */ |
|
| 94 | - public function isAnyPolicy(): bool |
|
| 95 | - { |
|
| 96 | - return self::OID_ANY_POLICY === $this->_oid; |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - /** |
|
| 100 | - * Get policy qualifiers. |
|
| 101 | - * |
|
| 102 | - * @return PolicyQualifierInfo[] |
|
| 103 | - */ |
|
| 104 | - public function qualifiers(): array |
|
| 105 | - { |
|
| 106 | - return array_values($this->_qualifiers); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - /** |
|
| 110 | - * Check whether qualifier is present. |
|
| 111 | - * |
|
| 112 | - * @param string $oid |
|
| 113 | - * @return boolean |
|
| 114 | - */ |
|
| 115 | - public function has(string $oid): bool |
|
| 116 | - { |
|
| 117 | - return isset($this->_qualifiers[$oid]); |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - /** |
|
| 121 | - * Get qualifier by OID. |
|
| 122 | - * |
|
| 123 | - * @param string $oid |
|
| 124 | - * @throws \OutOfBoundsException |
|
| 125 | - * @return PolicyQualifierInfo |
|
| 126 | - */ |
|
| 127 | - public function get(string $oid): PolicyQualifierInfo |
|
| 128 | - { |
|
| 129 | - if (!$this->has($oid)) { |
|
| 130 | - throw new \LogicException("No $oid qualifier."); |
|
| 131 | - } |
|
| 132 | - return $this->_qualifiers[$oid]; |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - /** |
|
| 136 | - * Check whether CPS qualifier is present. |
|
| 137 | - * |
|
| 138 | - * @return bool |
|
| 139 | - */ |
|
| 140 | - public function hasCPSQualifier(): bool |
|
| 141 | - { |
|
| 142 | - return $this->has(PolicyQualifierInfo::OID_CPS); |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - /** |
|
| 146 | - * Get CPS qualifier. |
|
| 147 | - * |
|
| 148 | - * @throws \LogicException |
|
| 149 | - * @return CPSQualifier |
|
| 150 | - */ |
|
| 151 | - public function CPSQualifier(): CPSQualifier |
|
| 152 | - { |
|
| 153 | - if (!$this->hasCPSQualifier()) { |
|
| 154 | - throw new \LogicException("CPS qualifier not set."); |
|
| 155 | - } |
|
| 156 | - return $this->get(PolicyQualifierInfo::OID_CPS); |
|
| 157 | - } |
|
| 158 | - |
|
| 159 | - /** |
|
| 160 | - * Check whether user notice qualifier is present. |
|
| 161 | - * |
|
| 162 | - * @return bool |
|
| 163 | - */ |
|
| 164 | - public function hasUserNoticeQualifier(): bool |
|
| 165 | - { |
|
| 166 | - return $this->has(PolicyQualifierInfo::OID_UNOTICE); |
|
| 167 | - } |
|
| 168 | - |
|
| 169 | - /** |
|
| 170 | - * Get user notice qualifier. |
|
| 171 | - * |
|
| 172 | - * @throws \LogicException |
|
| 173 | - * @return UserNoticeQualifier |
|
| 174 | - */ |
|
| 175 | - public function userNoticeQualifier(): UserNoticeQualifier |
|
| 176 | - { |
|
| 177 | - if (!$this->hasUserNoticeQualifier()) { |
|
| 178 | - throw new \LogicException("User notice qualifier not set."); |
|
| 179 | - } |
|
| 180 | - return $this->get(PolicyQualifierInfo::OID_UNOTICE); |
|
| 181 | - } |
|
| 182 | - |
|
| 183 | - /** |
|
| 184 | - * Get ASN.1 structure. |
|
| 185 | - * |
|
| 186 | - * @return Sequence |
|
| 187 | - */ |
|
| 188 | - public function toASN1(): Sequence |
|
| 189 | - { |
|
| 190 | - $elements = array(new ObjectIdentifier($this->_oid)); |
|
| 191 | - if (count($this->_qualifiers)) { |
|
| 192 | - $qualifiers = array_map( |
|
| 193 | - function (PolicyQualifierInfo $pqi) { |
|
| 194 | - return $pqi->toASN1(); |
|
| 195 | - }, array_values($this->_qualifiers)); |
|
| 196 | - $elements[] = new Sequence(...$qualifiers); |
|
| 197 | - } |
|
| 198 | - return new Sequence(...$elements); |
|
| 199 | - } |
|
| 200 | - |
|
| 201 | - /** |
|
| 202 | - * Get number of qualifiers. |
|
| 203 | - * |
|
| 204 | - * @see \Countable::count() |
|
| 205 | - * @return int |
|
| 206 | - */ |
|
| 207 | - public function count(): int |
|
| 208 | - { |
|
| 209 | - return count($this->_qualifiers); |
|
| 210 | - } |
|
| 211 | - |
|
| 212 | - /** |
|
| 213 | - * Get iterator for qualifiers. |
|
| 214 | - * |
|
| 215 | - * @see \IteratorAggregate::getIterator() |
|
| 216 | - * @return \ArrayIterator |
|
| 217 | - */ |
|
| 218 | - public function getIterator(): \ArrayIterator |
|
| 219 | - { |
|
| 220 | - return new \ArrayIterator($this->_qualifiers); |
|
| 221 | - } |
|
| 19 | + /** |
|
| 20 | + * Wildcard policy. |
|
| 21 | + * |
|
| 22 | + * @var string |
|
| 23 | + */ |
|
| 24 | + const OID_ANY_POLICY = "2.5.29.32.0"; |
|
| 25 | + |
|
| 26 | + /** |
|
| 27 | + * Policy identifier. |
|
| 28 | + * |
|
| 29 | + * @var string $_oid |
|
| 30 | + */ |
|
| 31 | + protected $_oid; |
|
| 32 | + |
|
| 33 | + /** |
|
| 34 | + * Policy qualifiers. |
|
| 35 | + * |
|
| 36 | + * @var PolicyQualifierInfo[] $_qualifiers |
|
| 37 | + */ |
|
| 38 | + protected $_qualifiers; |
|
| 39 | + |
|
| 40 | + /** |
|
| 41 | + * Constructor. |
|
| 42 | + * |
|
| 43 | + * @param string $oid |
|
| 44 | + * @param PolicyQualifierInfo ...$qualifiers |
|
| 45 | + */ |
|
| 46 | + public function __construct(string $oid, PolicyQualifierInfo ...$qualifiers) |
|
| 47 | + { |
|
| 48 | + $this->_oid = $oid; |
|
| 49 | + $this->_qualifiers = array(); |
|
| 50 | + foreach ($qualifiers as $qual) { |
|
| 51 | + $this->_qualifiers[$qual->oid()] = $qual; |
|
| 52 | + } |
|
| 53 | + } |
|
| 54 | + |
|
| 55 | + /** |
|
| 56 | + * Initialize from ASN.1. |
|
| 57 | + * |
|
| 58 | + * @param Sequence $seq |
|
| 59 | + * @return self |
|
| 60 | + */ |
|
| 61 | + public static function fromASN1(Sequence $seq): self |
|
| 62 | + { |
|
| 63 | + $oid = $seq->at(0) |
|
| 64 | + ->asObjectIdentifier() |
|
| 65 | + ->oid(); |
|
| 66 | + $qualifiers = array(); |
|
| 67 | + if (count($seq) > 1) { |
|
| 68 | + $qualifiers = array_map( |
|
| 69 | + function (UnspecifiedType $el) { |
|
| 70 | + return PolicyQualifierInfo::fromASN1($el->asSequence()); |
|
| 71 | + }, |
|
| 72 | + $seq->at(1) |
|
| 73 | + ->asSequence() |
|
| 74 | + ->elements()); |
|
| 75 | + } |
|
| 76 | + return new self($oid, ...$qualifiers); |
|
| 77 | + } |
|
| 78 | + |
|
| 79 | + /** |
|
| 80 | + * Get policy identifier. |
|
| 81 | + * |
|
| 82 | + * @return string |
|
| 83 | + */ |
|
| 84 | + public function oid(): string |
|
| 85 | + { |
|
| 86 | + return $this->_oid; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * Check whether this policy is anyPolicy. |
|
| 91 | + * |
|
| 92 | + * @return bool |
|
| 93 | + */ |
|
| 94 | + public function isAnyPolicy(): bool |
|
| 95 | + { |
|
| 96 | + return self::OID_ANY_POLICY === $this->_oid; |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + /** |
|
| 100 | + * Get policy qualifiers. |
|
| 101 | + * |
|
| 102 | + * @return PolicyQualifierInfo[] |
|
| 103 | + */ |
|
| 104 | + public function qualifiers(): array |
|
| 105 | + { |
|
| 106 | + return array_values($this->_qualifiers); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + /** |
|
| 110 | + * Check whether qualifier is present. |
|
| 111 | + * |
|
| 112 | + * @param string $oid |
|
| 113 | + * @return boolean |
|
| 114 | + */ |
|
| 115 | + public function has(string $oid): bool |
|
| 116 | + { |
|
| 117 | + return isset($this->_qualifiers[$oid]); |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + /** |
|
| 121 | + * Get qualifier by OID. |
|
| 122 | + * |
|
| 123 | + * @param string $oid |
|
| 124 | + * @throws \OutOfBoundsException |
|
| 125 | + * @return PolicyQualifierInfo |
|
| 126 | + */ |
|
| 127 | + public function get(string $oid): PolicyQualifierInfo |
|
| 128 | + { |
|
| 129 | + if (!$this->has($oid)) { |
|
| 130 | + throw new \LogicException("No $oid qualifier."); |
|
| 131 | + } |
|
| 132 | + return $this->_qualifiers[$oid]; |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + /** |
|
| 136 | + * Check whether CPS qualifier is present. |
|
| 137 | + * |
|
| 138 | + * @return bool |
|
| 139 | + */ |
|
| 140 | + public function hasCPSQualifier(): bool |
|
| 141 | + { |
|
| 142 | + return $this->has(PolicyQualifierInfo::OID_CPS); |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + /** |
|
| 146 | + * Get CPS qualifier. |
|
| 147 | + * |
|
| 148 | + * @throws \LogicException |
|
| 149 | + * @return CPSQualifier |
|
| 150 | + */ |
|
| 151 | + public function CPSQualifier(): CPSQualifier |
|
| 152 | + { |
|
| 153 | + if (!$this->hasCPSQualifier()) { |
|
| 154 | + throw new \LogicException("CPS qualifier not set."); |
|
| 155 | + } |
|
| 156 | + return $this->get(PolicyQualifierInfo::OID_CPS); |
|
| 157 | + } |
|
| 158 | + |
|
| 159 | + /** |
|
| 160 | + * Check whether user notice qualifier is present. |
|
| 161 | + * |
|
| 162 | + * @return bool |
|
| 163 | + */ |
|
| 164 | + public function hasUserNoticeQualifier(): bool |
|
| 165 | + { |
|
| 166 | + return $this->has(PolicyQualifierInfo::OID_UNOTICE); |
|
| 167 | + } |
|
| 168 | + |
|
| 169 | + /** |
|
| 170 | + * Get user notice qualifier. |
|
| 171 | + * |
|
| 172 | + * @throws \LogicException |
|
| 173 | + * @return UserNoticeQualifier |
|
| 174 | + */ |
|
| 175 | + public function userNoticeQualifier(): UserNoticeQualifier |
|
| 176 | + { |
|
| 177 | + if (!$this->hasUserNoticeQualifier()) { |
|
| 178 | + throw new \LogicException("User notice qualifier not set."); |
|
| 179 | + } |
|
| 180 | + return $this->get(PolicyQualifierInfo::OID_UNOTICE); |
|
| 181 | + } |
|
| 182 | + |
|
| 183 | + /** |
|
| 184 | + * Get ASN.1 structure. |
|
| 185 | + * |
|
| 186 | + * @return Sequence |
|
| 187 | + */ |
|
| 188 | + public function toASN1(): Sequence |
|
| 189 | + { |
|
| 190 | + $elements = array(new ObjectIdentifier($this->_oid)); |
|
| 191 | + if (count($this->_qualifiers)) { |
|
| 192 | + $qualifiers = array_map( |
|
| 193 | + function (PolicyQualifierInfo $pqi) { |
|
| 194 | + return $pqi->toASN1(); |
|
| 195 | + }, array_values($this->_qualifiers)); |
|
| 196 | + $elements[] = new Sequence(...$qualifiers); |
|
| 197 | + } |
|
| 198 | + return new Sequence(...$elements); |
|
| 199 | + } |
|
| 200 | + |
|
| 201 | + /** |
|
| 202 | + * Get number of qualifiers. |
|
| 203 | + * |
|
| 204 | + * @see \Countable::count() |
|
| 205 | + * @return int |
|
| 206 | + */ |
|
| 207 | + public function count(): int |
|
| 208 | + { |
|
| 209 | + return count($this->_qualifiers); |
|
| 210 | + } |
|
| 211 | + |
|
| 212 | + /** |
|
| 213 | + * Get iterator for qualifiers. |
|
| 214 | + * |
|
| 215 | + * @see \IteratorAggregate::getIterator() |
|
| 216 | + * @return \ArrayIterator |
|
| 217 | + */ |
|
| 218 | + public function getIterator(): \ArrayIterator |
|
| 219 | + { |
|
| 220 | + return new \ArrayIterator($this->_qualifiers); |
|
| 221 | + } |
|
| 222 | 222 | } |
@@ -16,83 +16,83 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | class NoticeReference |
| 18 | 18 | { |
| 19 | - /** |
|
| 20 | - * Organization. |
|
| 21 | - * |
|
| 22 | - * @var DisplayText $_organization |
|
| 23 | - */ |
|
| 24 | - protected $_organization; |
|
| 19 | + /** |
|
| 20 | + * Organization. |
|
| 21 | + * |
|
| 22 | + * @var DisplayText $_organization |
|
| 23 | + */ |
|
| 24 | + protected $_organization; |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * Notification reference numbers. |
|
| 28 | - * |
|
| 29 | - * @var int[] $_numbers |
|
| 30 | - */ |
|
| 31 | - protected $_numbers; |
|
| 26 | + /** |
|
| 27 | + * Notification reference numbers. |
|
| 28 | + * |
|
| 29 | + * @var int[] $_numbers |
|
| 30 | + */ |
|
| 31 | + protected $_numbers; |
|
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * Constructor. |
|
| 35 | - * |
|
| 36 | - * @param DisplayText $organization |
|
| 37 | - * @param int ...$numbers |
|
| 38 | - */ |
|
| 39 | - public function __construct(DisplayText $organization, int ...$numbers) |
|
| 40 | - { |
|
| 41 | - $this->_organization = $organization; |
|
| 42 | - $this->_numbers = $numbers; |
|
| 43 | - } |
|
| 33 | + /** |
|
| 34 | + * Constructor. |
|
| 35 | + * |
|
| 36 | + * @param DisplayText $organization |
|
| 37 | + * @param int ...$numbers |
|
| 38 | + */ |
|
| 39 | + public function __construct(DisplayText $organization, int ...$numbers) |
|
| 40 | + { |
|
| 41 | + $this->_organization = $organization; |
|
| 42 | + $this->_numbers = $numbers; |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - /** |
|
| 46 | - * Initialize from ASN.1. |
|
| 47 | - * |
|
| 48 | - * @param Sequence $seq |
|
| 49 | - * @return self |
|
| 50 | - */ |
|
| 51 | - public static function fromASN1(Sequence $seq): self |
|
| 52 | - { |
|
| 53 | - $org = DisplayText::fromASN1($seq->at(0)->asString()); |
|
| 54 | - $numbers = array_map( |
|
| 55 | - function (UnspecifiedType $el) { |
|
| 56 | - return $el->asInteger()->intNumber(); |
|
| 57 | - }, |
|
| 58 | - $seq->at(1) |
|
| 59 | - ->asSequence() |
|
| 60 | - ->elements()); |
|
| 61 | - return new self($org, ...$numbers); |
|
| 62 | - } |
|
| 45 | + /** |
|
| 46 | + * Initialize from ASN.1. |
|
| 47 | + * |
|
| 48 | + * @param Sequence $seq |
|
| 49 | + * @return self |
|
| 50 | + */ |
|
| 51 | + public static function fromASN1(Sequence $seq): self |
|
| 52 | + { |
|
| 53 | + $org = DisplayText::fromASN1($seq->at(0)->asString()); |
|
| 54 | + $numbers = array_map( |
|
| 55 | + function (UnspecifiedType $el) { |
|
| 56 | + return $el->asInteger()->intNumber(); |
|
| 57 | + }, |
|
| 58 | + $seq->at(1) |
|
| 59 | + ->asSequence() |
|
| 60 | + ->elements()); |
|
| 61 | + return new self($org, ...$numbers); |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * Get reference organization. |
|
| 66 | - * |
|
| 67 | - * @return DisplayText |
|
| 68 | - */ |
|
| 69 | - public function organization(): DisplayText |
|
| 70 | - { |
|
| 71 | - return $this->_organization; |
|
| 72 | - } |
|
| 64 | + /** |
|
| 65 | + * Get reference organization. |
|
| 66 | + * |
|
| 67 | + * @return DisplayText |
|
| 68 | + */ |
|
| 69 | + public function organization(): DisplayText |
|
| 70 | + { |
|
| 71 | + return $this->_organization; |
|
| 72 | + } |
|
| 73 | 73 | |
| 74 | - /** |
|
| 75 | - * Get reference numbers. |
|
| 76 | - * |
|
| 77 | - * @return int[] |
|
| 78 | - */ |
|
| 79 | - public function numbers(): array |
|
| 80 | - { |
|
| 81 | - return $this->_numbers; |
|
| 82 | - } |
|
| 74 | + /** |
|
| 75 | + * Get reference numbers. |
|
| 76 | + * |
|
| 77 | + * @return int[] |
|
| 78 | + */ |
|
| 79 | + public function numbers(): array |
|
| 80 | + { |
|
| 81 | + return $this->_numbers; |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | - /** |
|
| 85 | - * Generate ASN.1 structure. |
|
| 86 | - * |
|
| 87 | - * @return Sequence |
|
| 88 | - */ |
|
| 89 | - public function toASN1(): Sequence |
|
| 90 | - { |
|
| 91 | - $org = $this->_organization->toASN1(); |
|
| 92 | - $nums = array_map( |
|
| 93 | - function ($number) { |
|
| 94 | - return new Integer($number); |
|
| 95 | - }, $this->_numbers); |
|
| 96 | - return new Sequence($org, new Sequence(...$nums)); |
|
| 97 | - } |
|
| 84 | + /** |
|
| 85 | + * Generate ASN.1 structure. |
|
| 86 | + * |
|
| 87 | + * @return Sequence |
|
| 88 | + */ |
|
| 89 | + public function toASN1(): Sequence |
|
| 90 | + { |
|
| 91 | + $org = $this->_organization->toASN1(); |
|
| 92 | + $nums = array_map( |
|
| 93 | + function ($number) { |
|
| 94 | + return new Integer($number); |
|
| 95 | + }, $this->_numbers); |
|
| 96 | + return new Sequence($org, new Sequence(...$nums)); |
|
| 97 | + } |
|
| 98 | 98 | } |
@@ -13,72 +13,72 @@ |
||
| 13 | 13 | */ |
| 14 | 14 | class UniqueIdentifier |
| 15 | 15 | { |
| 16 | - /** |
|
| 17 | - * Identifier. |
|
| 18 | - * |
|
| 19 | - * @var BitString $_uid |
|
| 20 | - */ |
|
| 21 | - protected $_uid; |
|
| 16 | + /** |
|
| 17 | + * Identifier. |
|
| 18 | + * |
|
| 19 | + * @var BitString $_uid |
|
| 20 | + */ |
|
| 21 | + protected $_uid; |
|
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * Constructor. |
|
| 25 | - * |
|
| 26 | - * @param BitString $bs |
|
| 27 | - */ |
|
| 28 | - public function __construct(BitString $bs) |
|
| 29 | - { |
|
| 30 | - $this->_uid = $bs; |
|
| 31 | - } |
|
| 23 | + /** |
|
| 24 | + * Constructor. |
|
| 25 | + * |
|
| 26 | + * @param BitString $bs |
|
| 27 | + */ |
|
| 28 | + public function __construct(BitString $bs) |
|
| 29 | + { |
|
| 30 | + $this->_uid = $bs; |
|
| 31 | + } |
|
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * Initialize from ASN.1. |
|
| 35 | - * |
|
| 36 | - * @param BitString $bs |
|
| 37 | - * @return self |
|
| 38 | - */ |
|
| 39 | - public static function fromASN1(BitString $bs): UniqueIdentifier |
|
| 40 | - { |
|
| 41 | - return new self($bs); |
|
| 42 | - } |
|
| 33 | + /** |
|
| 34 | + * Initialize from ASN.1. |
|
| 35 | + * |
|
| 36 | + * @param BitString $bs |
|
| 37 | + * @return self |
|
| 38 | + */ |
|
| 39 | + public static function fromASN1(BitString $bs): UniqueIdentifier |
|
| 40 | + { |
|
| 41 | + return new self($bs); |
|
| 42 | + } |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * Initialize from string. |
|
| 46 | - * |
|
| 47 | - * @param string $str |
|
| 48 | - * @return self |
|
| 49 | - */ |
|
| 50 | - public static function fromString(string $str): UniqueIdentifier |
|
| 51 | - { |
|
| 52 | - return new self(new BitString($str)); |
|
| 53 | - } |
|
| 44 | + /** |
|
| 45 | + * Initialize from string. |
|
| 46 | + * |
|
| 47 | + * @param string $str |
|
| 48 | + * @return self |
|
| 49 | + */ |
|
| 50 | + public static function fromString(string $str): UniqueIdentifier |
|
| 51 | + { |
|
| 52 | + return new self(new BitString($str)); |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - /** |
|
| 56 | - * Get unique identifier as a string. |
|
| 57 | - * |
|
| 58 | - * @return string |
|
| 59 | - */ |
|
| 60 | - public function string(): string |
|
| 61 | - { |
|
| 62 | - return $this->_uid->string(); |
|
| 63 | - } |
|
| 55 | + /** |
|
| 56 | + * Get unique identifier as a string. |
|
| 57 | + * |
|
| 58 | + * @return string |
|
| 59 | + */ |
|
| 60 | + public function string(): string |
|
| 61 | + { |
|
| 62 | + return $this->_uid->string(); |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * Get unique identifier as a bit string. |
|
| 67 | - * |
|
| 68 | - * @return BitString |
|
| 69 | - */ |
|
| 70 | - public function bitString(): BitString |
|
| 71 | - { |
|
| 72 | - return $this->_uid; |
|
| 73 | - } |
|
| 65 | + /** |
|
| 66 | + * Get unique identifier as a bit string. |
|
| 67 | + * |
|
| 68 | + * @return BitString |
|
| 69 | + */ |
|
| 70 | + public function bitString(): BitString |
|
| 71 | + { |
|
| 72 | + return $this->_uid; |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * Get ASN.1 element. |
|
| 77 | - * |
|
| 78 | - * @return BitString |
|
| 79 | - */ |
|
| 80 | - public function toASN1(): BitString |
|
| 81 | - { |
|
| 82 | - return $this->_uid; |
|
| 83 | - } |
|
| 75 | + /** |
|
| 76 | + * Get ASN.1 element. |
|
| 77 | + * |
|
| 78 | + * @return BitString |
|
| 79 | + */ |
|
| 80 | + public function toASN1(): BitString |
|
| 81 | + { |
|
| 82 | + return $this->_uid; |
|
| 83 | + } |
|
| 84 | 84 | } |
