sop / x509

lib/X509/AttributeCertificate/Validation/ACValidationConfig.php

Indentation +98 added lines, -98 removed lines

@@ -12,112 +12,112 @@
  */
 class ACValidationConfig
 {
-    /**
-     * Certification path of the AC holder.
-     *
-     * @var CertificationPath
-     */
-    protected $_holderPath;
+	/**
+	 * Certification path of the AC holder.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_holderPath;
     
-    /**
-     * Certification path of the AC issuer.
-     *
-     * @var CertificationPath
-     */
-    protected $_issuerPath;
+	/**
+	 * Certification path of the AC issuer.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_issuerPath;
     
-    /**
-     * Evaluation reference time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_evalTime;
+	/**
+	 * Evaluation reference time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_evalTime;
     
-    /**
-     * Permitted targets.
-     *
-     * @var Target[]
-     */
-    protected $_targets;
+	/**
+	 * Permitted targets.
+	 *
+	 * @var Target[]
+	 */
+	protected $_targets;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificationPath $holder_path Certification path of the AC holder
-     * @param CertificationPath $issuer_path Certification path of the AC issuer
-     */
-    public function __construct(CertificationPath $holder_path,
-        CertificationPath $issuer_path)
-    {
-        $this->_holderPath = $holder_path;
-        $this->_issuerPath = $issuer_path;
-        $this->_evalTime = new \DateTimeImmutable();
-        $this->_targets = array();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationPath $holder_path Certification path of the AC holder
+	 * @param CertificationPath $issuer_path Certification path of the AC issuer
+	 */
+	public function __construct(CertificationPath $holder_path,
+		CertificationPath $issuer_path)
+	{
+		$this->_holderPath = $holder_path;
+		$this->_issuerPath = $issuer_path;
+		$this->_evalTime = new \DateTimeImmutable();
+		$this->_targets = array();
+	}
     
-    /**
-     * Get certification path of the AC's holder.
-     *
-     * @return CertificationPath
-     */
-    public function holderPath(): CertificationPath
-    {
-        return $this->_holderPath;
-    }
+	/**
+	 * Get certification path of the AC's holder.
+	 *
+	 * @return CertificationPath
+	 */
+	public function holderPath(): CertificationPath
+	{
+		return $this->_holderPath;
+	}
     
-    /**
-     * Get certification path of the AC's issuer.
-     *
-     * @return CertificationPath
-     */
-    public function issuerPath(): CertificationPath
-    {
-        return $this->_issuerPath;
-    }
+	/**
+	 * Get certification path of the AC's issuer.
+	 *
+	 * @return CertificationPath
+	 */
+	public function issuerPath(): CertificationPath
+	{
+		return $this->_issuerPath;
+	}
     
-    /**
-     * Get self with given evaluation reference time.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return self
-     */
-    public function withEvaluationTime(\DateTimeImmutable $dt): self
-    {
-        $obj = clone $this;
-        $obj->_evalTime = $dt;
-        return $obj;
-    }
+	/**
+	 * Get self with given evaluation reference time.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return self
+	 */
+	public function withEvaluationTime(\DateTimeImmutable $dt): self
+	{
+		$obj = clone $this;
+		$obj->_evalTime = $dt;
+		return $obj;
+	}
     
-    /**
-     * Get the evaluation reference time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function evaluationTime(): \DateTimeImmutable
-    {
-        return $this->_evalTime;
-    }
+	/**
+	 * Get the evaluation reference time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function evaluationTime(): \DateTimeImmutable
+	{
+		return $this->_evalTime;
+	}
     
-    /**
-     * Get self with permitted targets.
-     *
-     * @param Target ...$targets
-     * @return self
-     */
-    public function withTargets(Target ...$targets): self
-    {
-        $obj = clone $this;
-        $obj->_targets = $targets;
-        return $obj;
-    }
+	/**
+	 * Get self with permitted targets.
+	 *
+	 * @param Target ...$targets
+	 * @return self
+	 */
+	public function withTargets(Target ...$targets): self
+	{
+		$obj = clone $this;
+		$obj->_targets = $targets;
+		return $obj;
+	}
     
-    /**
-     * Get array of permitted targets
-     *
-     * @return Target[]
-     */
-    public function targets(): array
-    {
-        return $this->_targets;
-    }
+	/**
+	 * Get array of permitted targets
+	 *
+	 * @return Target[]
+	 */
+	public function targets(): array
+	{
+		return $this->_targets;
+	}
 }

lib/X509/AttributeCertificate/Validation/ACValidator.php

Indentation +164 added lines, -164 removed lines

@@ -21,178 +21,178 @@
  */
 class ACValidator
 {
-    /**
-     * Attribute certificate.
-     *
-     * @var AttributeCertificate
-     */
-    protected $_ac;
+	/**
+	 * Attribute certificate.
+	 *
+	 * @var AttributeCertificate
+	 */
+	protected $_ac;
     
-    /**
-     * Validation configuration.
-     *
-     * @var ACValidationConfig
-     */
-    protected $_config;
+	/**
+	 * Validation configuration.
+	 *
+	 * @var ACValidationConfig
+	 */
+	protected $_config;
     
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto
+	 */
+	protected $_crypto;
     
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificate $ac Attribute certificate to validate
-     * @param ACValidationConfig $config Validation configuration
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     */
-    public function __construct(AttributeCertificate $ac,
-        ACValidationConfig $config, Crypto $crypto = null)
-    {
-        $this->_ac = $ac;
-        $this->_config = $config;
-        $this->_crypto = $crypto ?: Crypto::getDefault();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificate $ac Attribute certificate to validate
+	 * @param ACValidationConfig $config Validation configuration
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 */
+	public function __construct(AttributeCertificate $ac,
+		ACValidationConfig $config, Crypto $crypto = null)
+	{
+		$this->_ac = $ac;
+		$this->_config = $config;
+		$this->_crypto = $crypto ?: Crypto::getDefault();
+	}
     
-    /**
-     * Validate attribute certificate.
-     *
-     * @throws ACValidationException If validation fails
-     * @return AttributeCertificate Validated AC
-     */
-    public function validate(): AttributeCertificate
-    {
-        $this->_validateHolder();
-        $issuer = $this->_verifyIssuer();
-        $this->_validateIssuerProfile($issuer);
-        $this->_validateTime();
-        $this->_validateTargeting();
-        return $this->_ac;
-    }
+	/**
+	 * Validate attribute certificate.
+	 *
+	 * @throws ACValidationException If validation fails
+	 * @return AttributeCertificate Validated AC
+	 */
+	public function validate(): AttributeCertificate
+	{
+		$this->_validateHolder();
+		$issuer = $this->_verifyIssuer();
+		$this->_validateIssuerProfile($issuer);
+		$this->_validateTime();
+		$this->_validateTargeting();
+		return $this->_ac;
+	}
     
-    /**
-     * Validate AC holder's certification.
-     *
-     * @throws ACValidationException
-     * @return Certificate Certificate of the AC's holder
-     */
-    private function _validateHolder(): Certificate
-    {
-        $path = $this->_config->holderPath();
-        $config = PathValidationConfig::defaultConfig()->withMaxLength(
-            count($path))->withDateTime($this->_config->evaluationTime());
-        try {
-            $holder = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate holder PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isHeldBy($holder)) {
-            throw new ACValidationException("Name mismatch of AC's holder PKC.");
-        }
-        return $holder;
-    }
+	/**
+	 * Validate AC holder's certification.
+	 *
+	 * @throws ACValidationException
+	 * @return Certificate Certificate of the AC's holder
+	 */
+	private function _validateHolder(): Certificate
+	{
+		$path = $this->_config->holderPath();
+		$config = PathValidationConfig::defaultConfig()->withMaxLength(
+			count($path))->withDateTime($this->_config->evaluationTime());
+		try {
+			$holder = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate holder PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isHeldBy($holder)) {
+			throw new ACValidationException("Name mismatch of AC's holder PKC.");
+		}
+		return $holder;
+	}
     
-    /**
-     * Verify AC's signature and issuer's certification.
-     *
-     * @throws ACValidationException
-     * @return Certificate Certificate of the AC's issuer
-     */
-    private function _verifyIssuer(): Certificate
-    {
-        $path = $this->_config->issuerPath();
-        $config = PathValidationConfig::defaultConfig()->withMaxLength(
-            count($path))->withDateTime($this->_config->evaluationTime());
-        try {
-            $issuer = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate issuer PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isIssuedBy($issuer)) {
-            throw new ACValidationException("Name mismatch of AC's issuer PKC.");
-        }
-        $pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
-        if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
-            throw new ACValidationException("Failed to verify signature.");
-        }
-        return $issuer;
-    }
+	/**
+	 * Verify AC's signature and issuer's certification.
+	 *
+	 * @throws ACValidationException
+	 * @return Certificate Certificate of the AC's issuer
+	 */
+	private function _verifyIssuer(): Certificate
+	{
+		$path = $this->_config->issuerPath();
+		$config = PathValidationConfig::defaultConfig()->withMaxLength(
+			count($path))->withDateTime($this->_config->evaluationTime());
+		try {
+			$issuer = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate issuer PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isIssuedBy($issuer)) {
+			throw new ACValidationException("Name mismatch of AC's issuer PKC.");
+		}
+		$pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
+		if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
+			throw new ACValidationException("Failed to verify signature.");
+		}
+		return $issuer;
+	}
     
-    /**
-     * Validate AC issuer's profile.
-     *
-     * @link https://tools.ietf.org/html/rfc5755#section-4.5
-     * @param Certificate $cert
-     * @throws ACValidationException
-     */
-    private function _validateIssuerProfile(Certificate $cert)
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
-            throw new ACValidationException(
-                "Issuer PKC's Key Usage extension doesn't permit" .
-                     " verification of digital signatures.");
-        }
-        if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
-            throw new ACValidationException("Issuer PKC must not be a CA.");
-        }
-    }
+	/**
+	 * Validate AC issuer's profile.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5755#section-4.5
+	 * @param Certificate $cert
+	 * @throws ACValidationException
+	 */
+	private function _validateIssuerProfile(Certificate $cert)
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
+			throw new ACValidationException(
+				"Issuer PKC's Key Usage extension doesn't permit" .
+					 " verification of digital signatures.");
+		}
+		if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
+			throw new ACValidationException("Issuer PKC must not be a CA.");
+		}
+	}
     
-    /**
-     * Validate AC's validity period.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTime()
-    {
-        $t = $this->_config->evaluationTime();
-        $validity = $this->_ac->acinfo()->validityPeriod();
-        if ($validity->notBeforeTime()->diff($t)->invert) {
-            throw new ACValidationException("Validity period has not started.");
-        }
-        if ($t->diff($validity->notAfterTime())->invert) {
-            throw new ACValidationException("Attribute certificate has expired.");
-        }
-    }
+	/**
+	 * Validate AC's validity period.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTime()
+	{
+		$t = $this->_config->evaluationTime();
+		$validity = $this->_ac->acinfo()->validityPeriod();
+		if ($validity->notBeforeTime()->diff($t)->invert) {
+			throw new ACValidationException("Validity period has not started.");
+		}
+		if ($t->diff($validity->notAfterTime())->invert) {
+			throw new ACValidationException("Attribute certificate has expired.");
+		}
+	}
     
-    /**
-     * Validate AC's target information.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTargeting()
-    {
-        $exts = $this->_ac->acinfo()->extensions();
-        // if target information extension is not present
-        if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
-            return;
-        }
-        $ext = $exts->get(Extension::OID_TARGET_INFORMATION);
-        if ($ext instanceof TargetInformationExtension &&
-             !$this->_hasMatchingTarget($ext->targets())) {
-            throw new ACValidationException(
-                "Attribute certificate doesn't have a matching target.");
-        }
-    }
+	/**
+	 * Validate AC's target information.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTargeting()
+	{
+		$exts = $this->_ac->acinfo()->extensions();
+		// if target information extension is not present
+		if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
+			return;
+		}
+		$ext = $exts->get(Extension::OID_TARGET_INFORMATION);
+		if ($ext instanceof TargetInformationExtension &&
+			 !$this->_hasMatchingTarget($ext->targets())) {
+			throw new ACValidationException(
+				"Attribute certificate doesn't have a matching target.");
+		}
+	}
     
-    /**
-     * Check whether validation configuration has matching targets.
-     *
-     * @param Targets $targets Set of eligible targets
-     * @return boolean
-     */
-    private function _hasMatchingTarget(Targets $targets): bool
-    {
-        foreach ($this->_config->targets() as $target) {
-            if ($targets->hasTarget($target)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether validation configuration has matching targets.
+	 *
+	 * @param Targets $targets Set of eligible targets
+	 * @return boolean
+	 */
+	private function _hasMatchingTarget(Targets $targets): bool
+	{
+		foreach ($this->_config->targets() as $target) {
+			if ($targets->hasTarget($target)) {
+				return true;
+			}
+		}
+		return false;
+	}
 }

lib/X509/AttributeCertificate/AttCertValidityPeriod.php

Indentation +82 added lines, -82 removed lines

@@ -15,94 +15,94 @@
  */
 class AttCertValidityPeriod
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Not before time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notBeforeTime;
+	/**
+	 * Not before time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notBeforeTime;
     
-    /**
-     * Not after time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notAfterTime;
+	/**
+	 * Not after time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notAfterTime;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $nb
-     * @param \DateTimeImmutable $na
-     */
-    public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
-    {
-        $this->_notBeforeTime = $nb;
-        $this->_notAfterTime = $na;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $nb
+	 * @param \DateTimeImmutable $na
+	 */
+	public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
+	{
+		$this->_notBeforeTime = $nb;
+		$this->_notAfterTime = $na;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $nb = $seq->at(0)
-            ->asGeneralizedTime()
-            ->dateTime();
-        $na = $seq->at(1)
-            ->asGeneralizedTime()
-            ->dateTime();
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$nb = $seq->at(0)
+			->asGeneralizedTime()
+			->dateTime();
+		$na = $seq->at(1)
+			->asGeneralizedTime()
+			->dateTime();
+		return new self($nb, $na);
+	}
     
-    /**
-     * Initialize from date strings.
-     *
-     * @param string|null $nb_date Not before date
-     * @param string|null $na_date Not after date
-     * @param string|null $tz Timezone string
-     * @return self
-     */
-    public static function fromStrings($nb_date, $na_date, $tz = null): self
-    {
-        $nb = self::_createDateTime($nb_date, $tz);
-        $na = self::_createDateTime($na_date, $tz);
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from date strings.
+	 *
+	 * @param string|null $nb_date Not before date
+	 * @param string|null $na_date Not after date
+	 * @param string|null $tz Timezone string
+	 * @return self
+	 */
+	public static function fromStrings($nb_date, $na_date, $tz = null): self
+	{
+		$nb = self::_createDateTime($nb_date, $tz);
+		$na = self::_createDateTime($na_date, $tz);
+		return new self($nb, $na);
+	}
     
-    /**
-     * Get not before time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notBeforeTime(): \DateTimeImmutable
-    {
-        return $this->_notBeforeTime;
-    }
+	/**
+	 * Get not before time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notBeforeTime(): \DateTimeImmutable
+	{
+		return $this->_notBeforeTime;
+	}
     
-    /**
-     * Get not after time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notAfterTime(): \DateTimeImmutable
-    {
-        return $this->_notAfterTime;
-    }
+	/**
+	 * Get not after time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notAfterTime(): \DateTimeImmutable
+	{
+		return $this->_notAfterTime;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence(new GeneralizedTime($this->_notBeforeTime),
-            new GeneralizedTime($this->_notAfterTime));
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence(new GeneralizedTime($this->_notBeforeTime),
+			new GeneralizedTime($this->_notAfterTime));
+	}
 }

lib/X509/Certificate/UniqueIdentifier.php

Indentation +62 added lines, -62 removed lines

@@ -13,72 +13,72 @@
  */
 class UniqueIdentifier
 {
-    /**
-     * Identifier.
-     *
-     * @var BitString $_uid
-     */
-    protected $_uid;
+	/**
+	 * Identifier.
+	 *
+	 * @var BitString $_uid
+	 */
+	protected $_uid;
     
-    /**
-     * Constructor.
-     *
-     * @param BitString $bs
-     */
-    public function __construct(BitString $bs)
-    {
-        $this->_uid = $bs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param BitString $bs
+	 */
+	public function __construct(BitString $bs)
+	{
+		$this->_uid = $bs;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param BitString $bs
-     * @return self
-     */
-    public static function fromASN1(BitString $bs): UniqueIdentifier
-    {
-        return new self($bs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param BitString $bs
+	 * @return self
+	 */
+	public static function fromASN1(BitString $bs): UniqueIdentifier
+	{
+		return new self($bs);
+	}
     
-    /**
-     * Initialize from string.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromString(string $str): UniqueIdentifier
-    {
-        return new self(new BitString($str));
-    }
+	/**
+	 * Initialize from string.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromString(string $str): UniqueIdentifier
+	{
+		return new self(new BitString($str));
+	}
     
-    /**
-     * Get unique identifier as a string.
-     *
-     * @return string
-     */
-    public function string(): string
-    {
-        return $this->_uid->string();
-    }
+	/**
+	 * Get unique identifier as a string.
+	 *
+	 * @return string
+	 */
+	public function string(): string
+	{
+		return $this->_uid->string();
+	}
     
-    /**
-     * Get unique identifier as a bit string.
-     *
-     * @return BitString
-     */
-    public function bitString(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get unique identifier as a bit string.
+	 *
+	 * @return BitString
+	 */
+	public function bitString(): BitString
+	{
+		return $this->_uid;
+	}
     
-    /**
-     * Get ASN.1 element.
-     *
-     * @return BitString
-     */
-    public function toASN1(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get ASN.1 element.
+	 *
+	 * @return BitString
+	 */
+	public function toASN1(): BitString
+	{
+		return $this->_uid;
+	}
 }

lib/X509/CertificationRequest/Attributes.php

Indentation +96 added lines, -96 removed lines

@@ -20,107 +20,107 @@
  */
 class Attributes implements \Countable, \IteratorAggregate
 {
-    use AttributeContainer;
+	use AttributeContainer;
     
-    /**
-     * Mapping from OID to attribute value class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_CLASS = array(
-        /* @formatter:off */
-        ExtensionRequestValue::OID => ExtensionRequestValue::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from OID to attribute value class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_CLASS = array(
+		/* @formatter:off */
+		ExtensionRequestValue::OID => ExtensionRequestValue::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Constructor.
-     *
-     * @param Attribute ...$attribs Attribute objects
-     */
-    public function __construct(Attribute ...$attribs)
-    {
-        $this->_attributes = $attribs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Attribute ...$attribs Attribute objects
+	 */
+	public function __construct(Attribute ...$attribs)
+	{
+		$this->_attributes = $attribs;
+	}
     
-    /**
-     * Initialize from attribute values.
-     *
-     * @param AttributeValue ...$values
-     * @return self
-     */
-    public static function fromAttributeValues(AttributeValue ...$values): Attributes
-    {
-        $attribs = array_map(
-            function (AttributeValue $value) {
-                return $value->toAttribute();
-            }, $values);
-        return new self(...$attribs);
-    }
+	/**
+	 * Initialize from attribute values.
+	 *
+	 * @param AttributeValue ...$values
+	 * @return self
+	 */
+	public static function fromAttributeValues(AttributeValue ...$values): Attributes
+	{
+		$attribs = array_map(
+			function (AttributeValue $value) {
+				return $value->toAttribute();
+			}, $values);
+		return new self(...$attribs);
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Set $set
-     * @return self
-     */
-    public static function fromASN1(Set $set): Attributes
-    {
-        $attribs = array_map(
-            function (UnspecifiedType $el) {
-                return Attribute::fromASN1($el->asSequence());
-            }, $set->elements());
-        // cast attributes
-        $attribs = array_map(
-            function (Attribute $attr) {
-                $oid = $attr->oid();
-                if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
-                    $cls = self::MAP_OID_TO_CLASS[$oid];
-                    return $attr->castValues($cls);
-                }
-                return $attr;
-            }, $attribs);
-        return new self(...$attribs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Set $set
+	 * @return self
+	 */
+	public static function fromASN1(Set $set): Attributes
+	{
+		$attribs = array_map(
+			function (UnspecifiedType $el) {
+				return Attribute::fromASN1($el->asSequence());
+			}, $set->elements());
+		// cast attributes
+		$attribs = array_map(
+			function (Attribute $attr) {
+				$oid = $attr->oid();
+				if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
+					$cls = self::MAP_OID_TO_CLASS[$oid];
+					return $attr->castValues($cls);
+				}
+				return $attr;
+			}, $attribs);
+		return new self(...$attribs);
+	}
     
-    /**
-     * Check whether extension request attribute is present.
-     *
-     * @return bool
-     */
-    public function hasExtensionRequest(): bool
-    {
-        return $this->has(ExtensionRequestValue::OID);
-    }
+	/**
+	 * Check whether extension request attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasExtensionRequest(): bool
+	{
+		return $this->has(ExtensionRequestValue::OID);
+	}
     
-    /**
-     * Get extension request attribute value.
-     *
-     * @throws \LogicException
-     * @return ExtensionRequestValue
-     */
-    public function extensionRequest(): ExtensionRequestValue
-    {
-        if (!$this->hasExtensionRequest()) {
-            throw new \LogicException("No extension request attribute.");
-        }
-        return $this->firstOf(ExtensionRequestValue::OID)->first();
-    }
+	/**
+	 * Get extension request attribute value.
+	 *
+	 * @throws \LogicException
+	 * @return ExtensionRequestValue
+	 */
+	public function extensionRequest(): ExtensionRequestValue
+	{
+		if (!$this->hasExtensionRequest()) {
+			throw new \LogicException("No extension request attribute.");
+		}
+		return $this->firstOf(ExtensionRequestValue::OID)->first();
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Set
-     */
-    public function toASN1(): Set
-    {
-        $elements = array_map(
-            function (Attribute $attr) {
-                return $attr->toASN1();
-            }, array_values($this->_attributes));
-        $set = new Set(...$elements);
-        return $set->sortedSetOf();
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Set
+	 */
+	public function toASN1(): Set
+	{
+		$elements = array_map(
+			function (Attribute $attr) {
+				return $attr->toASN1();
+			}, array_values($this->_attributes));
+		$set = new Set(...$elements);
+		return $set->sortedSetOf();
+	}
 }

Spacing +4 added lines, -4 removed lines

@@ -54,7 +54,7 @@ 
     public static function fromAttributeValues(AttributeValue ...$values): Attributes
     {
         $attribs = array_map(
-            function (AttributeValue $value) {
+            function(AttributeValue $value) {
                 return $value->toAttribute();
             }, $values);
         return new self(...$attribs);
@@ -69,12 +69,12 @@ 
     public static function fromASN1(Set $set): Attributes
     {
         $attribs = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return Attribute::fromASN1($el->asSequence());
             }, $set->elements());
         // cast attributes
         $attribs = array_map(
-            function (Attribute $attr) {
+            function(Attribute $attr) {
                 $oid = $attr->oid();
                 if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
                     $cls = self::MAP_OID_TO_CLASS[$oid];
@@ -117,7 +117,7 @@ 
     public function toASN1(): Set
     {
         $elements = array_map(
-            function (Attribute $attr) {
+            function(Attribute $attr) {
                 return $attr->toASN1();
             }, array_values($this->_attributes));
         $set = new Set(...$elements);

lib/X509/Certificate/Extensions.php

Indentation +410 added lines, -410 removed lines

@@ -18,414 +18,414 @@
  */
 class Extensions implements \Countable, \IteratorAggregate
 {
-    /**
-     * Extensions.
-     *
-     * @var Extension\Extension[] $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Ext\Extension ...$extensions Extension objects
-     */
-    public function __construct(Ext\Extension ...$extensions)
-    {
-        $this->_extensions = array();
-        foreach ($extensions as $ext) {
-            $this->_extensions[$ext->oid()] = $ext;
-        }
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): Extensions
-    {
-        $extensions = array_map(
-            function (UnspecifiedType $el) {
-                return Ext\Extension::fromASN1($el->asSequence());
-            }, $seq->elements());
-        return new self(...$extensions);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array_values(
-            array_map(
-                function ($ext) {
-                    return $ext->toASN1();
-                }, $this->_extensions));
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Ext\Extension ...$exts One or more extensions to add
-     * @return self
-     */
-    public function withExtensions(Ext\Extension ...$exts): Extensions
-    {
-        $obj = clone $this;
-        foreach ($exts as $ext) {
-            $obj->_extensions[$ext->oid()] = $ext;
-        }
-        return $obj;
-    }
-    
-    /**
-     * Check whether extension is present.
-     *
-     * @param string $oid Extensions OID
-     * @return bool
-     */
-    public function has(string $oid): bool
-    {
-        return isset($this->_extensions[$oid]);
-    }
-    
-    /**
-     * Get extension by OID.
-     *
-     * @param string $oid
-     * @throws \LogicException If extension is not present
-     * @return Extension\Extension
-     */
-    public function get(string $oid): Ext\Extension
-    {
-        if (!$this->has($oid)) {
-            throw new \LogicException("No extension by OID $oid.");
-        }
-        return $this->_extensions[$oid];
-    }
-    
-    /**
-     * Check whether 'Authority Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasAuthorityKeyIdentifier(): bool
-    {
-        return $this->has(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Authority Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
-     */
-    public function authorityKeyIdentifier(): Ext\AuthorityKeyIdentifierExtension
-    {
-        /** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
-        $keyIdentifier = $this->get(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-        return $keyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Subject Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectKeyIdentifier(): bool
-    {
-        return $this->has(Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Subject Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
-     */
-    public function subjectKeyIdentifier(): Ext\SubjectKeyIdentifierExtension
-    {
-        /** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
-        $subjectKeyIdentifier = $this->get(
-            Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-        return $subjectKeyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasKeyUsage(): bool
-    {
-        return $this->has(Ext\Extension::OID_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\KeyUsageExtension
-     */
-    public function keyUsage(): Ext\KeyUsageExtension
-    {
-        /** @var Extension\KeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Ext\Extension::OID_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'Certificate Policies' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCertificatePolicies(): bool
-    {
-        return $this->has(Ext\Extension::OID_CERTIFICATE_POLICIES);
-    }
-    
-    /**
-     * Get 'Certificate Policies' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CertificatePoliciesExtension
-     */
-    public function certificatePolicies(): Ext\CertificatePoliciesExtension
-    {
-        /** @var Extension\CertificatePoliciesExtension $certPolicies */
-        $certPolicies = $this->get(Ext\Extension::OID_CERTIFICATE_POLICIES);
-        return $certPolicies;
-    }
-    
-    /**
-     * Check whether 'Policy Mappings' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyMappings(): bool
-    {
-        return $this->has(Ext\Extension::OID_POLICY_MAPPINGS);
-    }
-    
-    /**
-     * Get 'Policy Mappings' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyMappingsExtension
-     */
-    public function policyMappings(): Ext\PolicyMappingsExtension
-    {
-        /** @var Extension\PolicyMappingsExtension $policyMappings */
-        $policyMappings = $this->get(Ext\Extension::OID_POLICY_MAPPINGS);
-        return $policyMappings;
-    }
-    
-    /**
-     * Check whether 'Subject Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectAlternativeName(): bool
-    {
-        return $this->has(Ext\Extension::OID_SUBJECT_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Subject Alternative Name' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
-     */
-    public function subjectAlternativeName(): Ext\SubjectAlternativeNameExtension
-    {
-        /** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
-        $subjectAltName = $this->get(Ext\Extension::OID_SUBJECT_ALT_NAME);
-        return $subjectAltName;
-    }
-    
-    /**
-     * Check whether 'Issuer Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerAlternativeName(): bool
-    {
-        return $this->has(Ext\Extension::OID_ISSUER_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Issuer Alternative Name' extension.
-     *
-     * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
-     */
-    public function issuerAlternativeName(): Ext\IssuerAlternativeNameExtension
-    {
-        /** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
-        $issuerAltName = $this->get(Ext\Extension::OID_ISSUER_ALT_NAME);
-        return $issuerAltName;
-    }
-    
-    /**
-     * Check whether 'Basic Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasBasicConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_BASIC_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Basic Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\BasicConstraintsExtension
-     */
-    public function basicConstraints(): Ext\BasicConstraintsExtension
-    {
-        /** @var Extension\BasicConstraintsExtension $basicConstraints */
-        $basicConstraints = $this->get(Ext\Extension::OID_BASIC_CONSTRAINTS);
-        return $basicConstraints;
-    }
-    
-    /**
-     * Check whether 'Name Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasNameConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_NAME_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Name Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\NameConstraintsExtension
-     */
-    public function nameConstraints(): Ext\NameConstraintsExtension
-    {
-        /** @var Extension\NameConstraintsExtension $nameConstraints */
-        $nameConstraints = $this->get(Ext\Extension::OID_NAME_CONSTRAINTS);
-        return $nameConstraints;
-    }
-    
-    /**
-     * Check whether 'Policy Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_POLICY_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Policy Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyConstraintsExtension
-     */
-    public function policyConstraints(): Ext\PolicyConstraintsExtension
-    {
-        /** @var Extension\PolicyConstraintsExtension $policyConstraints */
-        $policyConstraints = $this->get(Ext\Extension::OID_POLICY_CONSTRAINTS);
-        return $policyConstraints;
-    }
-    
-    /**
-     * Check whether 'Extended Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasExtendedKeyUsage(): bool
-    {
-        return $this->has(Ext\Extension::OID_EXT_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Extended Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
-     */
-    public function extendedKeyUsage(): Ext\ExtendedKeyUsageExtension
-    {
-        /** @var Extension\ExtendedKeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Ext\Extension::OID_EXT_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'CRL Distribution Points' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCRLDistributionPoints(): bool
-    {
-        return $this->has(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
-    }
-    
-    /**
-     * Get 'CRL Distribution Points' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
-     */
-    public function crlDistributionPoints(): Ext\CRLDistributionPointsExtension
-    {
-        /** @var Extension\CRLDistributionPointsExtension $crlDist */
-        $crlDist = $this->get(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
-        return $crlDist;
-    }
-    
-    /**
-     * Check whether 'Inhibit anyPolicy' extension is present.
-     *
-     * @return bool
-     */
-    public function hasInhibitAnyPolicy(): bool
-    {
-        return $this->has(Ext\Extension::OID_INHIBIT_ANY_POLICY);
-    }
-    
-    /**
-     * Get 'Inhibit anyPolicy' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
-     */
-    public function inhibitAnyPolicy(): Ext\InhibitAnyPolicyExtension
-    {
-        /** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
-        $inhibitAny = $this->get(Ext\Extension::OID_INHIBIT_ANY_POLICY);
-        return $inhibitAny;
-    }
-    
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_extensions);
-    }
-    
-    /**
-     * Get iterator for extensions.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \Traversable
-     */
-    public function getIterator(): \Traversable
-    {
-        return new \ArrayIterator($this->_extensions);
-    }
+	/**
+	 * Extensions.
+	 *
+	 * @var Extension\Extension[] $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Ext\Extension ...$extensions Extension objects
+	 */
+	public function __construct(Ext\Extension ...$extensions)
+	{
+		$this->_extensions = array();
+		foreach ($extensions as $ext) {
+			$this->_extensions[$ext->oid()] = $ext;
+		}
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): Extensions
+	{
+		$extensions = array_map(
+			function (UnspecifiedType $el) {
+				return Ext\Extension::fromASN1($el->asSequence());
+			}, $seq->elements());
+		return new self(...$extensions);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array_values(
+			array_map(
+				function ($ext) {
+					return $ext->toASN1();
+				}, $this->_extensions));
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Ext\Extension ...$exts One or more extensions to add
+	 * @return self
+	 */
+	public function withExtensions(Ext\Extension ...$exts): Extensions
+	{
+		$obj = clone $this;
+		foreach ($exts as $ext) {
+			$obj->_extensions[$ext->oid()] = $ext;
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Check whether extension is present.
+	 *
+	 * @param string $oid Extensions OID
+	 * @return bool
+	 */
+	public function has(string $oid): bool
+	{
+		return isset($this->_extensions[$oid]);
+	}
+    
+	/**
+	 * Get extension by OID.
+	 *
+	 * @param string $oid
+	 * @throws \LogicException If extension is not present
+	 * @return Extension\Extension
+	 */
+	public function get(string $oid): Ext\Extension
+	{
+		if (!$this->has($oid)) {
+			throw new \LogicException("No extension by OID $oid.");
+		}
+		return $this->_extensions[$oid];
+	}
+    
+	/**
+	 * Check whether 'Authority Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasAuthorityKeyIdentifier(): bool
+	{
+		return $this->has(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Authority Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
+	 */
+	public function authorityKeyIdentifier(): Ext\AuthorityKeyIdentifierExtension
+	{
+		/** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
+		$keyIdentifier = $this->get(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+		return $keyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Subject Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectKeyIdentifier(): bool
+	{
+		return $this->has(Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Subject Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
+	 */
+	public function subjectKeyIdentifier(): Ext\SubjectKeyIdentifierExtension
+	{
+		/** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
+		$subjectKeyIdentifier = $this->get(
+			Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+		return $subjectKeyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasKeyUsage(): bool
+	{
+		return $this->has(Ext\Extension::OID_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\KeyUsageExtension
+	 */
+	public function keyUsage(): Ext\KeyUsageExtension
+	{
+		/** @var Extension\KeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Ext\Extension::OID_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'Certificate Policies' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCertificatePolicies(): bool
+	{
+		return $this->has(Ext\Extension::OID_CERTIFICATE_POLICIES);
+	}
+    
+	/**
+	 * Get 'Certificate Policies' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CertificatePoliciesExtension
+	 */
+	public function certificatePolicies(): Ext\CertificatePoliciesExtension
+	{
+		/** @var Extension\CertificatePoliciesExtension $certPolicies */
+		$certPolicies = $this->get(Ext\Extension::OID_CERTIFICATE_POLICIES);
+		return $certPolicies;
+	}
+    
+	/**
+	 * Check whether 'Policy Mappings' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyMappings(): bool
+	{
+		return $this->has(Ext\Extension::OID_POLICY_MAPPINGS);
+	}
+    
+	/**
+	 * Get 'Policy Mappings' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyMappingsExtension
+	 */
+	public function policyMappings(): Ext\PolicyMappingsExtension
+	{
+		/** @var Extension\PolicyMappingsExtension $policyMappings */
+		$policyMappings = $this->get(Ext\Extension::OID_POLICY_MAPPINGS);
+		return $policyMappings;
+	}
+    
+	/**
+	 * Check whether 'Subject Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectAlternativeName(): bool
+	{
+		return $this->has(Ext\Extension::OID_SUBJECT_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Subject Alternative Name' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
+	 */
+	public function subjectAlternativeName(): Ext\SubjectAlternativeNameExtension
+	{
+		/** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
+		$subjectAltName = $this->get(Ext\Extension::OID_SUBJECT_ALT_NAME);
+		return $subjectAltName;
+	}
+    
+	/**
+	 * Check whether 'Issuer Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerAlternativeName(): bool
+	{
+		return $this->has(Ext\Extension::OID_ISSUER_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Issuer Alternative Name' extension.
+	 *
+	 * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
+	 */
+	public function issuerAlternativeName(): Ext\IssuerAlternativeNameExtension
+	{
+		/** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
+		$issuerAltName = $this->get(Ext\Extension::OID_ISSUER_ALT_NAME);
+		return $issuerAltName;
+	}
+    
+	/**
+	 * Check whether 'Basic Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasBasicConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_BASIC_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Basic Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\BasicConstraintsExtension
+	 */
+	public function basicConstraints(): Ext\BasicConstraintsExtension
+	{
+		/** @var Extension\BasicConstraintsExtension $basicConstraints */
+		$basicConstraints = $this->get(Ext\Extension::OID_BASIC_CONSTRAINTS);
+		return $basicConstraints;
+	}
+    
+	/**
+	 * Check whether 'Name Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasNameConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_NAME_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Name Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\NameConstraintsExtension
+	 */
+	public function nameConstraints(): Ext\NameConstraintsExtension
+	{
+		/** @var Extension\NameConstraintsExtension $nameConstraints */
+		$nameConstraints = $this->get(Ext\Extension::OID_NAME_CONSTRAINTS);
+		return $nameConstraints;
+	}
+    
+	/**
+	 * Check whether 'Policy Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_POLICY_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Policy Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyConstraintsExtension
+	 */
+	public function policyConstraints(): Ext\PolicyConstraintsExtension
+	{
+		/** @var Extension\PolicyConstraintsExtension $policyConstraints */
+		$policyConstraints = $this->get(Ext\Extension::OID_POLICY_CONSTRAINTS);
+		return $policyConstraints;
+	}
+    
+	/**
+	 * Check whether 'Extended Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasExtendedKeyUsage(): bool
+	{
+		return $this->has(Ext\Extension::OID_EXT_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Extended Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
+	 */
+	public function extendedKeyUsage(): Ext\ExtendedKeyUsageExtension
+	{
+		/** @var Extension\ExtendedKeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Ext\Extension::OID_EXT_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'CRL Distribution Points' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCRLDistributionPoints(): bool
+	{
+		return $this->has(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
+	}
+    
+	/**
+	 * Get 'CRL Distribution Points' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
+	 */
+	public function crlDistributionPoints(): Ext\CRLDistributionPointsExtension
+	{
+		/** @var Extension\CRLDistributionPointsExtension $crlDist */
+		$crlDist = $this->get(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
+		return $crlDist;
+	}
+    
+	/**
+	 * Check whether 'Inhibit anyPolicy' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasInhibitAnyPolicy(): bool
+	{
+		return $this->has(Ext\Extension::OID_INHIBIT_ANY_POLICY);
+	}
+    
+	/**
+	 * Get 'Inhibit anyPolicy' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
+	 */
+	public function inhibitAnyPolicy(): Ext\InhibitAnyPolicyExtension
+	{
+		/** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
+		$inhibitAny = $this->get(Ext\Extension::OID_INHIBIT_ANY_POLICY);
+		return $inhibitAny;
+	}
+    
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_extensions);
+	}
+    
+	/**
+	 * Get iterator for extensions.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \Traversable
+	 */
+	public function getIterator(): \Traversable
+	{
+		return new \ArrayIterator($this->_extensions);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -47,7 +47,7 @@ 
     public static function fromASN1(Sequence $seq): Extensions
     {
         $extensions = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return Ext\Extension::fromASN1($el->asSequence());
             }, $seq->elements());
         return new self(...$extensions);
@@ -62,7 +62,7 @@ 
     {
         $elements = array_values(
             array_map(
-                function ($ext) {
+                function($ext) {
                     return $ext->toASN1();
                 }, $this->_extensions));
         return new Sequence(...$elements);

lib/X509/AttributeCertificate/ObjectDigestInfo.php

Indentation +81 added lines, -81 removed lines

@@ -20,92 +20,92 @@
  */
 class ObjectDigestInfo
 {
-    const TYPE_PUBLIC_KEY = 0;
-    const TYPE_PUBLIC_KEY_CERT = 1;
-    const TYPE_OTHER_OBJECT_TYPES = 2;
+	const TYPE_PUBLIC_KEY = 0;
+	const TYPE_PUBLIC_KEY_CERT = 1;
+	const TYPE_OTHER_OBJECT_TYPES = 2;
     
-    /**
-     * Object type.
-     *
-     * @var int $_digestedObjectType
-     */
-    protected $_digestedObjectType;
+	/**
+	 * Object type.
+	 *
+	 * @var int $_digestedObjectType
+	 */
+	protected $_digestedObjectType;
     
-    /**
-     * OID of other object type.
-     *
-     * @var string|null $_otherObjectTypeID
-     */
-    protected $_otherObjectTypeID;
+	/**
+	 * OID of other object type.
+	 *
+	 * @var string|null $_otherObjectTypeID
+	 */
+	protected $_otherObjectTypeID;
     
-    /**
-     * Digest algorithm.
-     *
-     * @var AlgorithmIdentifierType $_digestAlgorithm
-     */
-    protected $_digestAlgorithm;
+	/**
+	 * Digest algorithm.
+	 *
+	 * @var AlgorithmIdentifierType $_digestAlgorithm
+	 */
+	protected $_digestAlgorithm;
     
-    /**
-     * Object digest.
-     *
-     * @var BitString $_objectDigest
-     */
-    protected $_objectDigest;
+	/**
+	 * Object digest.
+	 *
+	 * @var BitString $_objectDigest
+	 */
+	protected $_objectDigest;
     
-    /**
-     * Constructor.
-     *
-     * @param int $type
-     * @param AlgorithmIdentifierType $algo
-     * @param BitString $digest
-     */
-    public function __construct(int $type, AlgorithmIdentifierType $algo,
-        BitString $digest)
-    {
-        $this->_digestedObjectType = $type;
-        $this->_otherObjectTypeID = null;
-        $this->_digestAlgorithm = $algo;
-        $this->_objectDigest = $digest;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param int $type
+	 * @param AlgorithmIdentifierType $algo
+	 * @param BitString $digest
+	 */
+	public function __construct(int $type, AlgorithmIdentifierType $algo,
+		BitString $digest)
+	{
+		$this->_digestedObjectType = $type;
+		$this->_otherObjectTypeID = null;
+		$this->_digestAlgorithm = $algo;
+		$this->_objectDigest = $digest;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): ObjectDigestInfo
-    {
-        $type = $seq->at(0)
-            ->asEnumerated()
-            ->intNumber();
-        $oid = null;
-        $idx = 1;
-        if ($seq->has($idx, Element::TYPE_OBJECT_IDENTIFIER)) {
-            $oid = $seq->at($idx++)
-                ->asObjectIdentifier()
-                ->oid();
-        }
-        $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
-        $digest = $seq->at($idx)->asBitString();
-        $obj = new self($type, $algo, $digest);
-        $obj->_otherObjectTypeID = $oid;
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): ObjectDigestInfo
+	{
+		$type = $seq->at(0)
+			->asEnumerated()
+			->intNumber();
+		$oid = null;
+		$idx = 1;
+		if ($seq->has($idx, Element::TYPE_OBJECT_IDENTIFIER)) {
+			$oid = $seq->at($idx++)
+				->asObjectIdentifier()
+				->oid();
+		}
+		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
+		$digest = $seq->at($idx)->asBitString();
+		$obj = new self($type, $algo, $digest);
+		$obj->_otherObjectTypeID = $oid;
+		return $obj;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new Enumerated($this->_digestedObjectType));
-        if (isset($this->_otherObjectTypeID)) {
-            $elements[] = new ObjectIdentifier($this->_otherObjectTypeID);
-        }
-        $elements[] = $this->_digestAlgorithm->toASN1();
-        $elements[] = $this->_objectDigest;
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new Enumerated($this->_digestedObjectType));
+		if (isset($this->_otherObjectTypeID)) {
+			$elements[] = new ObjectIdentifier($this->_otherObjectTypeID);
+		}
+		$elements[] = $this->_digestAlgorithm->toASN1();
+		$elements[] = $this->_objectDigest;
+		return new Sequence(...$elements);
+	}
 }

lib/X509/AttributeCertificate/IssuerSerial.php

Indentation +156 added lines, -156 removed lines

@@ -19,172 +19,172 @@
  */
 class IssuerSerial
 {
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames $_issuer
-     */
-    protected $_issuer;
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames $_issuer
+	 */
+	protected $_issuer;
     
-    /**
-     * Serial number.
-     *
-     * @var string $_serial
-     */
-    protected $_serial;
+	/**
+	 * Serial number.
+	 *
+	 * @var string $_serial
+	 */
+	protected $_serial;
     
-    /**
-     * Issuer unique ID.
-     *
-     * @var UniqueIdentifier|null $_issuerUID
-     */
-    protected $_issuerUID;
+	/**
+	 * Issuer unique ID.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUID
+	 */
+	protected $_issuerUID;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralNames $issuer
-     * @param string|int $serial
-     * @param UniqueIdentifier|null $uid
-     */
-    public function __construct(GeneralNames $issuer, $serial,
-        UniqueIdentifier $uid = null)
-    {
-        $this->_issuer = $issuer;
-        $this->_serial = strval($serial);
-        $this->_issuerUID = $uid;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralNames $issuer
+	 * @param string|int $serial
+	 * @param UniqueIdentifier|null $uid
+	 */
+	public function __construct(GeneralNames $issuer, $serial,
+		UniqueIdentifier $uid = null)
+	{
+		$this->_issuer = $issuer;
+		$this->_serial = strval($serial);
+		$this->_issuerUID = $uid;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): IssuerSerial
-    {
-        $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
-        $serial = $seq->at(1)
-            ->asInteger()
-            ->number();
-        $uid = null;
-        if ($seq->has(2, Element::TYPE_BIT_STRING)) {
-            $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
-        }
-        return new self($issuer, $serial, $uid);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): IssuerSerial
+	{
+		$issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
+		$serial = $seq->at(1)
+			->asInteger()
+			->number();
+		$uid = null;
+		if ($seq->has(2, Element::TYPE_BIT_STRING)) {
+			$uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
+		}
+		return new self($issuer, $serial, $uid);
+	}
     
-    /**
-     * Initialize from a public key certificate.
-     *
-     * @param Certificate $cert
-     * @return self
-     */
-    public static function fromPKC(Certificate $cert): IssuerSerial
-    {
-        $tbsCert = $cert->tbsCertificate();
-        $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
-        $serial = $tbsCert->serialNumber();
-        $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
-        return new self($issuer, $serial, $uid);
-    }
+	/**
+	 * Initialize from a public key certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return self
+	 */
+	public static function fromPKC(Certificate $cert): IssuerSerial
+	{
+		$tbsCert = $cert->tbsCertificate();
+		$issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
+		$serial = $tbsCert->serialNumber();
+		$uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
+		return new self($issuer, $serial, $uid);
+	}
     
-    /**
-     * Get issuer name.
-     *
-     * @return GeneralNames
-     */
-    public function issuer(): GeneralNames
-    {
-        return $this->_issuer;
-    }
+	/**
+	 * Get issuer name.
+	 *
+	 * @return GeneralNames
+	 */
+	public function issuer(): GeneralNames
+	{
+		return $this->_issuer;
+	}
     
-    /**
-     * Get serial number.
-     *
-     * @return string
-     */
-    public function serial(): string
-    {
-        return $this->_serial;
-    }
+	/**
+	 * Get serial number.
+	 *
+	 * @return string
+	 */
+	public function serial(): string
+	{
+		return $this->_serial;
+	}
     
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUID(): bool
-    {
-        return isset($this->_issuerUID);
-    }
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUID(): bool
+	{
+		return isset($this->_issuerUID);
+	}
     
-    /**
-     * Get issuer unique identifier.
-     *
-     * @throws \LogicException
-     * @return UniqueIdentifier
-     */
-    public function issuerUID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUID()) {
-            throw new \LogicException("issuerUID not set.");
-        }
-        return $this->_issuerUID;
-    }
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @throws \LogicException
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUID()) {
+			throw new \LogicException("issuerUID not set.");
+		}
+		return $this->_issuerUID;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array($this->_issuer->toASN1(), new Integer($this->_serial));
-        if (isset($this->_issuerUID)) {
-            $elements[] = $this->_issuerUID->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array($this->_issuer->toASN1(), new Integer($this->_serial));
+		if (isset($this->_issuerUID)) {
+			$elements[] = $this->_issuerUID->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Check whether this IssuerSerial identifies given certificate.
-     *
-     * @param Certificate $cert
-     * @return boolean
-     */
-    public function identifiesPKC(Certificate $cert): bool
-    {
-        $tbs = $cert->tbsCertificate();
-        if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
-            return false;
-        }
-        if (strval($tbs->serialNumber()) != strval($this->_serial)) {
-            return false;
-        }
-        if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether this IssuerSerial identifies given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return boolean
+	 */
+	public function identifiesPKC(Certificate $cert): bool
+	{
+		$tbs = $cert->tbsCertificate();
+		if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
+			return false;
+		}
+		if (strval($tbs->serialNumber()) != strval($this->_serial)) {
+			return false;
+		}
+		if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
+			return false;
+		}
+		return true;
+	}
     
-    /**
-     * Check whether issuerUID matches given certificate.
-     *
-     * @param Certificate $cert
-     * @return boolean
-     */
-    private function _checkUniqueID(Certificate $cert): bool
-    {
-        if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
-            return false;
-        }
-        $uid = $cert->tbsCertificate()
-            ->issuerUniqueID()
-            ->string();
-        if ($this->_issuerUID->string() != $uid) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether issuerUID matches given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return boolean
+	 */
+	private function _checkUniqueID(Certificate $cert): bool
+	{
+		if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
+			return false;
+		}
+		$uid = $cert->tbsCertificate()
+			->issuerUniqueID()
+			->string();
+		if ($this->_issuerUID->string() != $uid) {
+			return false;
+		}
+		return true;
+	}
 }

lib/X509/Certificate/Certificate.php

Indentation +231 added lines, -231 removed lines

@@ -20,235 +20,235 @@
  */
 class Certificate
 {
-    /**
-     * "To be signed" certificate information.
-     *
-     * @var TBSCertificate $_tbsCertificate
-     */
-    protected $_tbsCertificate;
-    
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param TBSCertificate $tbsCert
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(TBSCertificate $tbsCert,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_tbsCertificate = $tbsCert;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($tbsCert, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() != PEM::TYPE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get certificate information.
-     *
-     * @return TBSCertificate
-     */
-    public function tbsCertificate(): TBSCertificate
-    {
-        return $this->_tbsCertificate;
-    }
-    
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Check whether certificate is self-issued.
-     *
-     * @return bool
-     */
-    public function isSelfIssued(): bool
-    {
-        return $this->_tbsCertificate->subject()->equals(
-            $this->_tbsCertificate->issuer());
-    }
-    
-    /**
-     * Check whether certificate is semantically equal to another.
-     *
-     * @param Certificate $cert Certificate to compare to
-     * @return bool
-     */
-    public function equals(Certificate $cert): bool
-    {
-        return $this->_hasEqualSerialNumber($cert) &&
-             $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
-    }
-    
-    /**
-     * Check whether certificate has serial number equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSerialNumber(Certificate $cert): bool
-    {
-        $sn1 = $this->_tbsCertificate->serialNumber();
-        $sn2 = $cert->_tbsCertificate->serialNumber();
-        return $sn1 == $sn2;
-    }
-    
-    /**
-     * Check whether certificate has public key equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualPublicKey(Certificate $cert): bool
-    {
-        $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        return $kid1 == $kid2;
-    }
-    
-    /**
-     * Check whether certificate has subject equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSubject(Certificate $cert): bool
-    {
-        $dn1 = $this->_tbsCertificate->subject();
-        $dn2 = $cert->_tbsCertificate->subject();
-        return $dn1->equals($dn2);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_tbsCertificate->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Verify certificate signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Issuer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if certificate signature is valid
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_tbsCertificate->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * "To be signed" certificate information.
+	 *
+	 * @var TBSCertificate $_tbsCertificate
+	 */
+	protected $_tbsCertificate;
+    
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param TBSCertificate $tbsCert
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(TBSCertificate $tbsCert,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_tbsCertificate = $tbsCert;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($tbsCert, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() != PEM::TYPE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get certificate information.
+	 *
+	 * @return TBSCertificate
+	 */
+	public function tbsCertificate(): TBSCertificate
+	{
+		return $this->_tbsCertificate;
+	}
+    
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Check whether certificate is self-issued.
+	 *
+	 * @return bool
+	 */
+	public function isSelfIssued(): bool
+	{
+		return $this->_tbsCertificate->subject()->equals(
+			$this->_tbsCertificate->issuer());
+	}
+    
+	/**
+	 * Check whether certificate is semantically equal to another.
+	 *
+	 * @param Certificate $cert Certificate to compare to
+	 * @return bool
+	 */
+	public function equals(Certificate $cert): bool
+	{
+		return $this->_hasEqualSerialNumber($cert) &&
+			 $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
+	}
+    
+	/**
+	 * Check whether certificate has serial number equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSerialNumber(Certificate $cert): bool
+	{
+		$sn1 = $this->_tbsCertificate->serialNumber();
+		$sn2 = $cert->_tbsCertificate->serialNumber();
+		return $sn1 == $sn2;
+	}
+    
+	/**
+	 * Check whether certificate has public key equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualPublicKey(Certificate $cert): bool
+	{
+		$kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		$kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		return $kid1 == $kid2;
+	}
+    
+	/**
+	 * Check whether certificate has subject equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSubject(Certificate $cert): bool
+	{
+		$dn1 = $this->_tbsCertificate->subject();
+		$dn2 = $cert->_tbsCertificate->subject();
+		return $dn1->equals($dn2);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_tbsCertificate->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Issuer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if certificate signature is valid
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_tbsCertificate->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }