sop / x509

lib/X509/AttributeCertificate/Attribute/AuthenticationInfoAttributeValue.php

Indentation +14 added lines, -14 removed lines

@@ -13,19 +13,19 @@
  */
 class AuthenticationInfoAttributeValue extends SvceAuthInfo
 {
-    const OID = "1.3.6.1.5.5.7.10.1";
+	const OID = "1.3.6.1.5.5.7.10.1";
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralName $service
-     * @param GeneralName $ident
-     * @param string|null $auth_info
-     */
-    public function __construct(GeneralName $service, GeneralName $ident,
-        string $auth_info = null)
-    {
-        parent::__construct($service, $ident, $auth_info);
-        $this->_oid = self::OID;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralName $service
+	 * @param GeneralName $ident
+	 * @param string|null $auth_info
+	 */
+	public function __construct(GeneralName $service, GeneralName $ident,
+		string $auth_info = null)
+	{
+		parent::__construct($service, $ident, $auth_info);
+		$this->_oid = self::OID;
+	}
 }

lib/X509/AttributeCertificate/AttributeCertificate.php

Indentation +199 added lines, -199 removed lines

@@ -20,203 +20,203 @@
  */
 class AttributeCertificate
 {
-    /**
-     * Attribute certificate info.
-     *
-     * @var AttributeCertificateInfo $_acinfo
-     */
-    protected $_acinfo;
-    
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificateInfo $acinfo
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(AttributeCertificateInfo $acinfo,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_acinfo = $acinfo;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($acinfo, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER data.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data)
-    {
-        return self::fromASN1(Sequence::fromDER($data));
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem)
-    {
-        if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get attribute certificate info.
-     *
-     * @return AttributeCertificateInfo
-     */
-    public function acinfo(): AttributeCertificateInfo
-    {
-        return $this->_acinfo;
-    }
-    
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_acinfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get attribute certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get attribute certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Check whether attribute certificate is issued to the subject identified
-     * by given public key certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isHeldBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Check whether attribute certificate is issued by given public key
-     * certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isIssuedBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Verify signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Signer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_acinfo->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get attribute certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Attribute certificate info.
+	 *
+	 * @var AttributeCertificateInfo $_acinfo
+	 */
+	protected $_acinfo;
+    
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificateInfo $acinfo
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(AttributeCertificateInfo $acinfo,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_acinfo = $acinfo;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($acinfo, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER data.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data)
+	{
+		return self::fromASN1(Sequence::fromDER($data));
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem)
+	{
+		if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get attribute certificate info.
+	 *
+	 * @return AttributeCertificateInfo
+	 */
+	public function acinfo(): AttributeCertificateInfo
+	{
+		return $this->_acinfo;
+	}
+    
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_acinfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get attribute certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued to the subject identified
+	 * by given public key certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isHeldBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued by given public key
+	 * certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isIssuedBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Verify signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Signer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_acinfo->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/AttributeCertificate/AttributeCertificateInfo.php

Indentation +431 added lines, -431 removed lines

@@ -22,435 +22,435 @@
  */
 class AttributeCertificateInfo
 {
-    const VERSION_2 = 1;
-    
-    /**
-     * AC version.
-     *
-     * @var int $_version
-     */
-    protected $_version;
-    
-    /**
-     * AC holder.
-     *
-     * @var Holder $_holder
-     */
-    protected $_holder;
-    
-    /**
-     * AC issuer.
-     *
-     * @var AttCertIssuer $_issuer
-     */
-    protected $_issuer;
-    
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier $_signature
-     */
-    protected $_signature;
-    
-    /**
-     * AC serial number.
-     *
-     * @var int|string $_serialNumber
-     */
-    protected $_serialNumber;
-    
-    /**
-     * Validity period.
-     *
-     * @var AttCertValidityPeriod $_attrCertValidityPeriod
-     */
-    protected $_attrCertValidityPeriod;
-    
-    /**
-     * Attributes.
-     *
-     * @var Attributes $_attributes
-     */
-    protected $_attributes;
-    
-    /**
-     * Issuer unique identifier.
-     *
-     * @var UniqueIdentifier|null $_issuerUniqueID
-     */
-    protected $_issuerUniqueID;
-    
-    /**
-     * Extensions.
-     *
-     * @var Extensions $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Holder $holder AC holder
-     * @param AttCertIssuer $issuer AC issuer
-     * @param AttCertValidityPeriod $validity Validity
-     * @param Attributes $attribs Attributes
-     */
-    public function __construct(Holder $holder, AttCertIssuer $issuer,
-        AttCertValidityPeriod $validity, Attributes $attribs)
-    {
-        $this->_version = self::VERSION_2;
-        $this->_holder = $holder;
-        $this->_issuer = $issuer;
-        $this->_attrCertValidityPeriod = $validity;
-        $this->_attributes = $attribs;
-        $this->_extensions = new Extensions();
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $version = $seq->at(0)
-            ->asInteger()
-            ->number();
-        if ($version != self::VERSION_2) {
-            throw new \UnexpectedValueException("Version must be 2.");
-        }
-        $holder = Holder::fromASN1($seq->at(1)->asSequence());
-        $issuer = AttCertIssuer::fromASN1($seq->at(2));
-        $signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence());
-        if (!$signature instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $signature->oid() . ".");
-        }
-        $serial = $seq->at(4)
-            ->asInteger()
-            ->number();
-        $validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence());
-        $attribs = Attributes::fromASN1($seq->at(6)->asSequence());
-        $obj = new self($holder, $issuer, $validity, $attribs);
-        $obj->_signature = $signature;
-        $obj->_serialNumber = $serial;
-        $idx = 7;
-        if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
-            $obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->at($idx++)->asBitString());
-        }
-        if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
-            $obj->_extensions = Extensions::fromASN1(
-                $seq->at($idx++)->asSequence());
-        }
-        return $obj;
-    }
-    
-    /**
-     * Get self with holder.
-     *
-     * @param Holder $holder
-     * @return self
-     */
-    public function withHolder(Holder $holder)
-    {
-        $obj = clone $this;
-        $obj->_holder = $holder;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer.
-     *
-     * @param AttCertIssuer $issuer
-     * @return self
-     */
-    public function withIssuer(AttCertIssuer $issuer)
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-    
-    /**
-     * Get self with signature algorithm identifier.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo)
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-    
-    /**
-     * Get self with serial number.
-     *
-     * @param int|string $serial
-     * @return self
-     */
-    public function withSerialNumber($serial)
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = $serial;
-        return $obj;
-    }
-    
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16)
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-    
-    /**
-     * Get self with validity period.
-     *
-     * @param AttCertValidityPeriod $validity
-     * @return self
-     */
-    public function withValidity(AttCertValidityPeriod $validity)
-    {
-        $obj = clone $this;
-        $obj->_attrCertValidityPeriod = $validity;
-        return $obj;
-    }
-    
-    /**
-     * Get self with attributes.
-     *
-     * @param Attributes $attribs
-     * @return self
-     */
-    public function withAttributes(Attributes $attribs)
-    {
-        $obj = clone $this;
-        $obj->_attributes = $attribs;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer unique identifier.
-     *
-     * @param UniqueIdentifier $uid
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $uid)
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $uid;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions.
-     *
-     * @param Extensions $extensions
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions)
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts)
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-    
-    /**
-     * Get version.
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        return $this->_version;
-    }
-    
-    /**
-     * Get AC holder.
-     *
-     * @return Holder
-     */
-    public function holder(): Holder
-    {
-        return $this->_holder;
-    }
-    
-    /**
-     * Get AC issuer.
-     *
-     * @return AttCertIssuer
-     */
-    public function issuer(): AttCertIssuer
-    {
-        return $this->_issuer;
-    }
-    
-    /**
-     * Check whether signature is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-    
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature(): SignatureAlgorithmIdentifier
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException("signature not set.");
-        }
-        return $this->_signature;
-    }
-    
-    /**
-     * Check whether serial number is present.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-    
-    /**
-     * Get AC serial number.
-     *
-     * @return int|string
-     */
-    public function serialNumber()
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException("serialNumber not set.");
-        }
-        return $this->_serialNumber;
-    }
-    
-    /**
-     * Get validity period.
-     *
-     * @return AttCertValidityPeriod
-     */
-    public function validityPeriod(): AttCertValidityPeriod
-    {
-        return $this->_attrCertValidityPeriod;
-    }
-    
-    /**
-     * Get attributes.
-     *
-     * @return Attributes
-     */
-    public function attributes(): Attributes
-    {
-        return $this->_attributes;
-    }
-    
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-    
-    /**
-     * Get issuer unique identifier.
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException("issuerUniqueID not set.");
-        }
-        return $this->_issuerUniqueID;
-    }
-    
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new Integer($this->_version), $this->_holder->toASN1(),
-            $this->_issuer->toASN1(), $this->signature()->toASN1(),
-            new Integer($this->serialNumber()),
-            $this->_attrCertValidityPeriod->toASN1(),
-            $this->_attributes->toASN1());
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = $this->_issuerUniqueID->toASN1();
-        }
-        if (count($this->_extensions)) {
-            $elements[] = $this->_extensions->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Create signed attribute certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo Signature algorithm
-     * @param PrivateKeyInfo $privkey_info Private key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return AttributeCertificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, Crypto $crypto = null): AttributeCertificate
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $aci = clone $this;
-        if (!isset($aci->_serialNumber)) {
-            $aci->_serialNumber = 0;
-        }
-        $aci->_signature = $algo;
-        $data = $aci->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new AttributeCertificate($aci, $algo, $signature);
-    }
+	const VERSION_2 = 1;
+    
+	/**
+	 * AC version.
+	 *
+	 * @var int $_version
+	 */
+	protected $_version;
+    
+	/**
+	 * AC holder.
+	 *
+	 * @var Holder $_holder
+	 */
+	protected $_holder;
+    
+	/**
+	 * AC issuer.
+	 *
+	 * @var AttCertIssuer $_issuer
+	 */
+	protected $_issuer;
+    
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signature
+	 */
+	protected $_signature;
+    
+	/**
+	 * AC serial number.
+	 *
+	 * @var int|string $_serialNumber
+	 */
+	protected $_serialNumber;
+    
+	/**
+	 * Validity period.
+	 *
+	 * @var AttCertValidityPeriod $_attrCertValidityPeriod
+	 */
+	protected $_attrCertValidityPeriod;
+    
+	/**
+	 * Attributes.
+	 *
+	 * @var Attributes $_attributes
+	 */
+	protected $_attributes;
+    
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUniqueID
+	 */
+	protected $_issuerUniqueID;
+    
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Holder $holder AC holder
+	 * @param AttCertIssuer $issuer AC issuer
+	 * @param AttCertValidityPeriod $validity Validity
+	 * @param Attributes $attribs Attributes
+	 */
+	public function __construct(Holder $holder, AttCertIssuer $issuer,
+		AttCertValidityPeriod $validity, Attributes $attribs)
+	{
+		$this->_version = self::VERSION_2;
+		$this->_holder = $holder;
+		$this->_issuer = $issuer;
+		$this->_attrCertValidityPeriod = $validity;
+		$this->_attributes = $attribs;
+		$this->_extensions = new Extensions();
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$version = $seq->at(0)
+			->asInteger()
+			->number();
+		if ($version != self::VERSION_2) {
+			throw new \UnexpectedValueException("Version must be 2.");
+		}
+		$holder = Holder::fromASN1($seq->at(1)->asSequence());
+		$issuer = AttCertIssuer::fromASN1($seq->at(2));
+		$signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence());
+		if (!$signature instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $signature->oid() . ".");
+		}
+		$serial = $seq->at(4)
+			->asInteger()
+			->number();
+		$validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence());
+		$attribs = Attributes::fromASN1($seq->at(6)->asSequence());
+		$obj = new self($holder, $issuer, $validity, $attribs);
+		$obj->_signature = $signature;
+		$obj->_serialNumber = $serial;
+		$idx = 7;
+		if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
+			$obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->at($idx++)->asBitString());
+		}
+		if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
+			$obj->_extensions = Extensions::fromASN1(
+				$seq->at($idx++)->asSequence());
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Get self with holder.
+	 *
+	 * @param Holder $holder
+	 * @return self
+	 */
+	public function withHolder(Holder $holder)
+	{
+		$obj = clone $this;
+		$obj->_holder = $holder;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer.
+	 *
+	 * @param AttCertIssuer $issuer
+	 * @return self
+	 */
+	public function withIssuer(AttCertIssuer $issuer)
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with signature algorithm identifier.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo)
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with serial number.
+	 *
+	 * @param int|string $serial
+	 * @return self
+	 */
+	public function withSerialNumber($serial)
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = $serial;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16)
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+    
+	/**
+	 * Get self with validity period.
+	 *
+	 * @param AttCertValidityPeriod $validity
+	 * @return self
+	 */
+	public function withValidity(AttCertValidityPeriod $validity)
+	{
+		$obj = clone $this;
+		$obj->_attrCertValidityPeriod = $validity;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with attributes.
+	 *
+	 * @param Attributes $attribs
+	 * @return self
+	 */
+	public function withAttributes(Attributes $attribs)
+	{
+		$obj = clone $this;
+		$obj->_attributes = $attribs;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer unique identifier.
+	 *
+	 * @param UniqueIdentifier $uid
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $uid)
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $uid;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions.
+	 *
+	 * @param Extensions $extensions
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions)
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts)
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+    
+	/**
+	 * Get version.
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		return $this->_version;
+	}
+    
+	/**
+	 * Get AC holder.
+	 *
+	 * @return Holder
+	 */
+	public function holder(): Holder
+	{
+		return $this->_holder;
+	}
+    
+	/**
+	 * Get AC issuer.
+	 *
+	 * @return AttCertIssuer
+	 */
+	public function issuer(): AttCertIssuer
+	{
+		return $this->_issuer;
+	}
+    
+	/**
+	 * Check whether signature is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+    
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature(): SignatureAlgorithmIdentifier
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException("signature not set.");
+		}
+		return $this->_signature;
+	}
+    
+	/**
+	 * Check whether serial number is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+    
+	/**
+	 * Get AC serial number.
+	 *
+	 * @return int|string
+	 */
+	public function serialNumber()
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException("serialNumber not set.");
+		}
+		return $this->_serialNumber;
+	}
+    
+	/**
+	 * Get validity period.
+	 *
+	 * @return AttCertValidityPeriod
+	 */
+	public function validityPeriod(): AttCertValidityPeriod
+	{
+		return $this->_attrCertValidityPeriod;
+	}
+    
+	/**
+	 * Get attributes.
+	 *
+	 * @return Attributes
+	 */
+	public function attributes(): Attributes
+	{
+		return $this->_attributes;
+	}
+    
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+    
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException("issuerUniqueID not set.");
+		}
+		return $this->_issuerUniqueID;
+	}
+    
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new Integer($this->_version), $this->_holder->toASN1(),
+			$this->_issuer->toASN1(), $this->signature()->toASN1(),
+			new Integer($this->serialNumber()),
+			$this->_attrCertValidityPeriod->toASN1(),
+			$this->_attributes->toASN1());
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = $this->_issuerUniqueID->toASN1();
+		}
+		if (count($this->_extensions)) {
+			$elements[] = $this->_extensions->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Create signed attribute certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo Signature algorithm
+	 * @param PrivateKeyInfo $privkey_info Private key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return AttributeCertificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, Crypto $crypto = null): AttributeCertificate
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$aci = clone $this;
+		if (!isset($aci->_serialNumber)) {
+			$aci->_serialNumber = 0;
+		}
+		$aci->_signature = $algo;
+		$data = $aci->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new AttributeCertificate($aci, $algo, $signature);
+	}
 }

lib/X509/AttributeCertificate/IssuerSerial.php

Indentation +156 added lines, -156 removed lines

@@ -19,172 +19,172 @@
  */
 class IssuerSerial
 {
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames $_issuer
-     */
-    protected $_issuer;
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames $_issuer
+	 */
+	protected $_issuer;
     
-    /**
-     * Serial number.
-     *
-     * @var string|int $_serial
-     */
-    protected $_serial;
+	/**
+	 * Serial number.
+	 *
+	 * @var string|int $_serial
+	 */
+	protected $_serial;
     
-    /**
-     * Issuer unique ID.
-     *
-     * @var UniqueIdentifier|null $_issuerUID
-     */
-    protected $_issuerUID;
+	/**
+	 * Issuer unique ID.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUID
+	 */
+	protected $_issuerUID;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralNames $issuer
-     * @param string|int $serial
-     * @param UniqueIdentifier|null $uid
-     */
-    public function __construct(GeneralNames $issuer, $serial,
-        UniqueIdentifier $uid = null)
-    {
-        $this->_issuer = $issuer;
-        $this->_serial = $serial;
-        $this->_issuerUID = $uid;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralNames $issuer
+	 * @param string|int $serial
+	 * @param UniqueIdentifier|null $uid
+	 */
+	public function __construct(GeneralNames $issuer, $serial,
+		UniqueIdentifier $uid = null)
+	{
+		$this->_issuer = $issuer;
+		$this->_serial = $serial;
+		$this->_issuerUID = $uid;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
-        $serial = $seq->at(1)
-            ->asInteger()
-            ->number();
-        $uid = null;
-        if ($seq->has(2, Element::TYPE_BIT_STRING)) {
-            $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
-        }
-        return new self($issuer, $serial, $uid);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
+		$serial = $seq->at(1)
+			->asInteger()
+			->number();
+		$uid = null;
+		if ($seq->has(2, Element::TYPE_BIT_STRING)) {
+			$uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
+		}
+		return new self($issuer, $serial, $uid);
+	}
     
-    /**
-     * Initialize from a public key certificate.
-     *
-     * @param Certificate $cert
-     * @return self
-     */
-    public static function fromPKC(Certificate $cert)
-    {
-        $tbsCert = $cert->tbsCertificate();
-        $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
-        $serial = $tbsCert->serialNumber();
-        $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
-        return new self($issuer, $serial, $uid);
-    }
+	/**
+	 * Initialize from a public key certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return self
+	 */
+	public static function fromPKC(Certificate $cert)
+	{
+		$tbsCert = $cert->tbsCertificate();
+		$issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
+		$serial = $tbsCert->serialNumber();
+		$uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
+		return new self($issuer, $serial, $uid);
+	}
     
-    /**
-     * Get issuer name.
-     *
-     * @return GeneralNames
-     */
-    public function issuer(): GeneralNames
-    {
-        return $this->_issuer;
-    }
+	/**
+	 * Get issuer name.
+	 *
+	 * @return GeneralNames
+	 */
+	public function issuer(): GeneralNames
+	{
+		return $this->_issuer;
+	}
     
-    /**
-     * Get serial number.
-     *
-     * @return int|string
-     */
-    public function serial()
-    {
-        return $this->_serial;
-    }
+	/**
+	 * Get serial number.
+	 *
+	 * @return int|string
+	 */
+	public function serial()
+	{
+		return $this->_serial;
+	}
     
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUID(): bool
-    {
-        return isset($this->_issuerUID);
-    }
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUID(): bool
+	{
+		return isset($this->_issuerUID);
+	}
     
-    /**
-     * Get issuer unique identifier.
-     *
-     * @throws \LogicException
-     * @return UniqueIdentifier
-     */
-    public function issuerUID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUID()) {
-            throw new \LogicException("issuerUID not set.");
-        }
-        return $this->_issuerUID;
-    }
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @throws \LogicException
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUID()) {
+			throw new \LogicException("issuerUID not set.");
+		}
+		return $this->_issuerUID;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array($this->_issuer->toASN1(), new Integer($this->_serial));
-        if (isset($this->_issuerUID)) {
-            $elements[] = $this->_issuerUID->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array($this->_issuer->toASN1(), new Integer($this->_serial));
+		if (isset($this->_issuerUID)) {
+			$elements[] = $this->_issuerUID->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Check whether this IssuerSerial identifies given certificate.
-     *
-     * @param Certificate $cert
-     * @return boolean
-     */
-    public function identifiesPKC(Certificate $cert): bool
-    {
-        $tbs = $cert->tbsCertificate();
-        if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
-            return false;
-        }
-        if (strval($tbs->serialNumber()) != strval($this->_serial)) {
-            return false;
-        }
-        if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether this IssuerSerial identifies given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return boolean
+	 */
+	public function identifiesPKC(Certificate $cert): bool
+	{
+		$tbs = $cert->tbsCertificate();
+		if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
+			return false;
+		}
+		if (strval($tbs->serialNumber()) != strval($this->_serial)) {
+			return false;
+		}
+		if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
+			return false;
+		}
+		return true;
+	}
     
-    /**
-     * Check whether issuerUID matches given certificate.
-     *
-     * @param Certificate $cert
-     * @return boolean
-     */
-    private function _checkUniqueID(Certificate $cert): bool
-    {
-        if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
-            return false;
-        }
-        $uid = $cert->tbsCertificate()
-            ->issuerUniqueID()
-            ->string();
-        if ($this->_issuerUID->string() != $uid) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Check whether issuerUID matches given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return boolean
+	 */
+	private function _checkUniqueID(Certificate $cert): bool
+	{
+		if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
+			return false;
+		}
+		$uid = $cert->tbsCertificate()
+			->issuerUniqueID()
+			->string();
+		if ($this->_issuerUID->string() != $uid) {
+			return false;
+		}
+		return true;
+	}
 }

lib/X509/AttributeCertificate/AttCertValidityPeriod.php

Indentation +82 added lines, -82 removed lines

@@ -15,94 +15,94 @@
  */
 class AttCertValidityPeriod
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Not before time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notBeforeTime;
+	/**
+	 * Not before time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notBeforeTime;
     
-    /**
-     * Not after time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notAfterTime;
+	/**
+	 * Not after time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notAfterTime;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $nb
-     * @param \DateTimeImmutable $na
-     */
-    public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
-    {
-        $this->_notBeforeTime = $nb;
-        $this->_notAfterTime = $na;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $nb
+	 * @param \DateTimeImmutable $na
+	 */
+	public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
+	{
+		$this->_notBeforeTime = $nb;
+		$this->_notAfterTime = $na;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $nb = $seq->at(0)
-            ->asGeneralizedTime()
-            ->dateTime();
-        $na = $seq->at(1)
-            ->asGeneralizedTime()
-            ->dateTime();
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$nb = $seq->at(0)
+			->asGeneralizedTime()
+			->dateTime();
+		$na = $seq->at(1)
+			->asGeneralizedTime()
+			->dateTime();
+		return new self($nb, $na);
+	}
     
-    /**
-     * Initialize from date strings.
-     *
-     * @param string|null $nb_date Not before date
-     * @param string|null $na_date Not after date
-     * @param string|null $tz Timezone string
-     * @return self
-     */
-    public static function fromStrings($nb_date, $na_date, $tz = null)
-    {
-        $nb = self::_createDateTime($nb_date, $tz);
-        $na = self::_createDateTime($na_date, $tz);
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from date strings.
+	 *
+	 * @param string|null $nb_date Not before date
+	 * @param string|null $na_date Not after date
+	 * @param string|null $tz Timezone string
+	 * @return self
+	 */
+	public static function fromStrings($nb_date, $na_date, $tz = null)
+	{
+		$nb = self::_createDateTime($nb_date, $tz);
+		$na = self::_createDateTime($na_date, $tz);
+		return new self($nb, $na);
+	}
     
-    /**
-     * Get not before time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notBeforeTime(): \DateTimeImmutable
-    {
-        return $this->_notBeforeTime;
-    }
+	/**
+	 * Get not before time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notBeforeTime(): \DateTimeImmutable
+	{
+		return $this->_notBeforeTime;
+	}
     
-    /**
-     * Get not after time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notAfterTime(): \DateTimeImmutable
-    {
-        return $this->_notAfterTime;
-    }
+	/**
+	 * Get not after time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notAfterTime(): \DateTimeImmutable
+	{
+		return $this->_notAfterTime;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence(new GeneralizedTime($this->_notBeforeTime),
-            new GeneralizedTime($this->_notAfterTime));
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence(new GeneralizedTime($this->_notBeforeTime),
+			new GeneralizedTime($this->_notAfterTime));
+	}
 }

lib/X509/AttributeCertificate/AttCertIssuer.php

Indentation +58 added lines, -58 removed lines

@@ -18,66 +18,66 @@
  */
 abstract class AttCertIssuer
 {
-    /**
-     * Generate ASN.1 element.
-     *
-     * @return Element
-     */
-    abstract public function toASN1();
+	/**
+	 * Generate ASN.1 element.
+	 *
+	 * @return Element
+	 */
+	abstract public function toASN1();
     
-    /**
-     * Check whether AttCertIssuer identifies given certificate.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    abstract public function identifiesPKC(Certificate $cert): bool;
+	/**
+	 * Check whether AttCertIssuer identifies given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	abstract public function identifiesPKC(Certificate $cert): bool;
     
-    /**
-     * Initialize from distinguished name.
-     *
-     * This conforms to RFC 5755 which states that only v2Form must be used,
-     * and issuerName must contain exactly one GeneralName of DirectoryName
-     * type.
-     *
-     * @link https://tools.ietf.org/html/rfc5755#section-4.2.3
-     * @param Name $name
-     * @return self
-     */
-    public static function fromName(Name $name)
-    {
-        return new V2Form(new GeneralNames(new DirectoryName($name)));
-    }
+	/**
+	 * Initialize from distinguished name.
+	 *
+	 * This conforms to RFC 5755 which states that only v2Form must be used,
+	 * and issuerName must contain exactly one GeneralName of DirectoryName
+	 * type.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5755#section-4.2.3
+	 * @param Name $name
+	 * @return self
+	 */
+	public static function fromName(Name $name)
+	{
+		return new V2Form(new GeneralNames(new DirectoryName($name)));
+	}
     
-    /**
-     * Initialize from an issuer's public key certificate.
-     *
-     * @param Certificate $cert
-     * @return self
-     */
-    public static function fromPKC(Certificate $cert)
-    {
-        return self::fromName($cert->tbsCertificate()->subject());
-    }
+	/**
+	 * Initialize from an issuer's public key certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return self
+	 */
+	public static function fromPKC(Certificate $cert)
+	{
+		return self::fromName($cert->tbsCertificate()->subject());
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param UnspecifiedType $el CHOICE
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(UnspecifiedType $el)
-    {
-        if (!$el->isTagged()) {
-            throw new \UnexpectedValueException("v1Form issuer not supported.");
-        }
-        $tagged = $el->asTagged();
-        switch ($tagged->tag()) {
-            case 0:
-                return V2Form::fromV2ASN1(
-                    $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence());
-        }
-        throw new \UnexpectedValueException("Unsupported issuer type.");
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param UnspecifiedType $el CHOICE
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(UnspecifiedType $el)
+	{
+		if (!$el->isTagged()) {
+			throw new \UnexpectedValueException("v1Form issuer not supported.");
+		}
+		$tagged = $el->asTagged();
+		switch ($tagged->tag()) {
+			case 0:
+				return V2Form::fromV2ASN1(
+					$tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence());
+		}
+		throw new \UnexpectedValueException("Unsupported issuer type.");
+	}
 }

lib/X509/AttributeCertificate/V2Form.php

Indentation +131 added lines, -131 removed lines

@@ -17,144 +17,144 @@
  */
 class V2Form extends AttCertIssuer
 {
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames $_issuerName
-     */
-    protected $_issuerName;
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames $_issuerName
+	 */
+	protected $_issuerName;
     
-    /**
-     * Issuer PKC's issuer and serial.
-     *
-     * @var IssuerSerial $_baseCertificateID
-     */
-    protected $_baseCertificateID;
+	/**
+	 * Issuer PKC's issuer and serial.
+	 *
+	 * @var IssuerSerial $_baseCertificateID
+	 */
+	protected $_baseCertificateID;
     
-    /**
-     * Linked object.
-     *
-     * @var ObjectDigestInfo $_objectDigestInfo
-     */
-    protected $_objectDigestInfo;
+	/**
+	 * Linked object.
+	 *
+	 * @var ObjectDigestInfo $_objectDigestInfo
+	 */
+	protected $_objectDigestInfo;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralNames|null $names
-     */
-    public function __construct(GeneralNames $names = null)
-    {
-        $this->_issuerName = $names;
-        $this->_baseCertificateID = null;
-        $this->_objectDigestInfo = null;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralNames|null $names
+	 */
+	public function __construct(GeneralNames $names = null)
+	{
+		$this->_issuerName = $names;
+		$this->_baseCertificateID = null;
+		$this->_objectDigestInfo = null;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromV2ASN1(Sequence $seq)
-    {
-        $issuer = null;
-        $cert_id = null;
-        $digest_info = null;
-        if ($seq->has(0, Element::TYPE_SEQUENCE)) {
-            $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
-        }
-        if ($seq->hasTagged(0)) {
-            $cert_id = IssuerSerial::fromASN1(
-                $seq->getTagged(0)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-        }
-        if ($seq->hasTagged(1)) {
-            $digest_info = ObjectDigestInfo::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-        }
-        $obj = new self($issuer);
-        $obj->_baseCertificateID = $cert_id;
-        $obj->_objectDigestInfo = $digest_info;
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromV2ASN1(Sequence $seq)
+	{
+		$issuer = null;
+		$cert_id = null;
+		$digest_info = null;
+		if ($seq->has(0, Element::TYPE_SEQUENCE)) {
+			$issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
+		}
+		if ($seq->hasTagged(0)) {
+			$cert_id = IssuerSerial::fromASN1(
+				$seq->getTagged(0)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+		}
+		if ($seq->hasTagged(1)) {
+			$digest_info = ObjectDigestInfo::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+		}
+		$obj = new self($issuer);
+		$obj->_baseCertificateID = $cert_id;
+		$obj->_objectDigestInfo = $digest_info;
+		return $obj;
+	}
     
-    /**
-     * Check whether issuer name is set.
-     *
-     * @return bool
-     */
-    public function hasIssuerName(): bool
-    {
-        return isset($this->_issuerName);
-    }
+	/**
+	 * Check whether issuer name is set.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerName(): bool
+	{
+		return isset($this->_issuerName);
+	}
     
-    /**
-     * Get issuer name.
-     *
-     * @throws \LogicException
-     * @return GeneralNames
-     */
-    public function issuerName(): GeneralNames
-    {
-        if (!$this->hasIssuerName()) {
-            throw new \LogicException("issuerName not set.");
-        }
-        return $this->_issuerName;
-    }
+	/**
+	 * Get issuer name.
+	 *
+	 * @throws \LogicException
+	 * @return GeneralNames
+	 */
+	public function issuerName(): GeneralNames
+	{
+		if (!$this->hasIssuerName()) {
+			throw new \LogicException("issuerName not set.");
+		}
+		return $this->_issuerName;
+	}
     
-    /**
-     * Get DN of the issuer.
-     *
-     * This is a convenience method conforming to RFC 5755, which states
-     * that Issuer must contain only one non-empty distinguished name.
-     *
-     * @return \X501\ASN1\Name
-     */
-    public function name(): \X501\ASN1\Name
-    {
-        return $this->issuerName()->firstDN();
-    }
+	/**
+	 * Get DN of the issuer.
+	 *
+	 * This is a convenience method conforming to RFC 5755, which states
+	 * that Issuer must contain only one non-empty distinguished name.
+	 *
+	 * @return \X501\ASN1\Name
+	 */
+	public function name(): \X501\ASN1\Name
+	{
+		return $this->issuerName()->firstDN();
+	}
     
-    /**
-     *
-     * @see \X509\AttributeCertificate\AttCertIssuer::ASN1()
-     * @return ImplicitlyTaggedType Tagged Sequence
-     */
-    public function toASN1()
-    {
-        $elements = array();
-        if (isset($this->_issuerName)) {
-            $elements[] = $this->_issuerName->toASN1();
-        }
-        if (isset($this->_baseCertificateID)) {
-            $elements[] = new ImplicitlyTaggedType(0,
-                $this->_baseCertificateID->toASN1());
-        }
-        if (isset($this->_objectDigestInfo)) {
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_objectDigestInfo->toASN1());
-        }
-        return new ImplicitlyTaggedType(0, new Sequence(...$elements));
-    }
+	/**
+	 *
+	 * @see \X509\AttributeCertificate\AttCertIssuer::ASN1()
+	 * @return ImplicitlyTaggedType Tagged Sequence
+	 */
+	public function toASN1()
+	{
+		$elements = array();
+		if (isset($this->_issuerName)) {
+			$elements[] = $this->_issuerName->toASN1();
+		}
+		if (isset($this->_baseCertificateID)) {
+			$elements[] = new ImplicitlyTaggedType(0,
+				$this->_baseCertificateID->toASN1());
+		}
+		if (isset($this->_objectDigestInfo)) {
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_objectDigestInfo->toASN1());
+		}
+		return new ImplicitlyTaggedType(0, new Sequence(...$elements));
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @see \X509\AttributeCertificate\AttCertIssuer::identifiesPKC()
-     * @return bool
-     */
-    public function identifiesPKC(Certificate $cert): bool
-    {
-        $name = $this->_issuerName->firstDN();
-        if (!$cert->tbsCertificate()
-            ->subject()
-            ->equals($name)) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @see \X509\AttributeCertificate\AttCertIssuer::identifiesPKC()
+	 * @return bool
+	 */
+	public function identifiesPKC(Certificate $cert): bool
+	{
+		$name = $this->_issuerName->firstDN();
+		if (!$cert->tbsCertificate()
+			->subject()
+			->equals($name)) {
+			return false;
+		}
+		return true;
+	}
 }

lib/X509/Certificate/CertificateChain.php

Indentation +117 added lines, -117 removed lines

@@ -13,131 +13,131 @@
  */
 class CertificateChain implements \Countable, \IteratorAggregate
 {
-    /**
-     * List of certificates in a chain.
-     *
-     * @var Certificate[]
-     */
-    protected $_certs;
+	/**
+	 * List of certificates in a chain.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certs;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certs List of certificates, end-entity first
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certs List of certificates, end-entity first
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
     
-    /**
-     * Initialize from a list of PEMs.
-     *
-     * @param PEM ...$pems
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems)
-    {
-        $certs = array_map(
-            function (PEM $pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from a list of PEMs.
+	 *
+	 * @param PEM ...$pems
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems)
+	{
+		$certs = array_map(
+			function (PEM $pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
     
-    /**
-     * Initialize from a string containing multiple PEM blocks.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromPEMString(string $str)
-    {
-        $pems = PEMBundle::fromString($str)->all();
-        return self::fromPEMs(...$pems);
-    }
+	/**
+	 * Initialize from a string containing multiple PEM blocks.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromPEMString(string $str)
+	{
+		$pems = PEMBundle::fromString($str)->all();
+		return self::fromPEMs(...$pems);
+	}
     
-    /**
-     * Get all certificates in a chain ordered from the end-entity certificate
-     * to the trust anchor.
-     *
-     * @return Certificate[]
-     */
-    public function certificates(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a chain ordered from the end-entity certificate
+	 * to the trust anchor.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates(): array
+	{
+		return $this->_certs;
+	}
     
-    /**
-     * Get the end-entity certificate.
-     *
-     * @throws \LogicException
-     * @return Certificate
-     */
-    public function endEntityCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certs[0];
-    }
+	/**
+	 * Get the end-entity certificate.
+	 *
+	 * @throws \LogicException
+	 * @return Certificate
+	 */
+	public function endEntityCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certs[0];
+	}
     
-    /**
-     * Get the trust anchor certificate.
-     *
-     * @throws \LogicException
-     * @return Certificate
-     */
-    public function trustAnchorCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certs[count($this->_certs) - 1];
-    }
+	/**
+	 * Get the trust anchor certificate.
+	 *
+	 * @throws \LogicException
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certs[count($this->_certs) - 1];
+	}
     
-    /**
-     * Convert certificate chain to certification path.
-     *
-     * @return CertificationPath
-     */
-    public function certificationPath(): CertificationPath
-    {
-        return CertificationPath::fromCertificateChain($this);
-    }
+	/**
+	 * Convert certificate chain to certification path.
+	 *
+	 * @return CertificationPath
+	 */
+	public function certificationPath(): CertificationPath
+	{
+		return CertificationPath::fromCertificateChain($this);
+	}
     
-    /**
-     * Convert certificate chain to string of PEM blocks.
-     *
-     * @return string
-     */
-    public function toPEMString(): string
-    {
-        return implode("\n",
-            array_map(
-                function (Certificate $cert) {
-                    return $cert->toPEM()->string();
-                }, $this->_certs));
-    }
+	/**
+	 * Convert certificate chain to string of PEM blocks.
+	 *
+	 * @return string
+	 */
+	public function toPEMString(): string
+	{
+		return implode("\n",
+			array_map(
+				function (Certificate $cert) {
+					return $cert->toPEM()->string();
+				}, $this->_certs));
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }

lib/X509/Certificate/Extension/NameConstraints/GeneralSubtrees.php

Indentation +77 added lines, -77 removed lines

@@ -15,87 +15,87 @@
  */
 class GeneralSubtrees implements \Countable, \IteratorAggregate
 {
-    /**
-     * Subtrees.
-     *
-     * @var GeneralSubtree[] $_subtrees
-     */
-    protected $_subtrees;
+	/**
+	 * Subtrees.
+	 *
+	 * @var GeneralSubtree[] $_subtrees
+	 */
+	protected $_subtrees;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralSubtree[] $subtrees
-     */
-    public function __construct(GeneralSubtree ...$subtrees)
-    {
-        $this->_subtrees = $subtrees;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralSubtree[] $subtrees
+	 */
+	public function __construct(GeneralSubtree ...$subtrees)
+	{
+		$this->_subtrees = $subtrees;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $subtrees = array_map(
-            function (UnspecifiedType $el) {
-                return GeneralSubtree::fromASN1($el->asSequence());
-            }, $seq->elements());
-        if (!count($subtrees)) {
-            throw new \UnexpectedValueException(
-                "GeneralSubtrees must contain at least one GeneralSubtree.");
-        }
-        return new self(...$subtrees);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$subtrees = array_map(
+			function (UnspecifiedType $el) {
+				return GeneralSubtree::fromASN1($el->asSequence());
+			}, $seq->elements());
+		if (!count($subtrees)) {
+			throw new \UnexpectedValueException(
+				"GeneralSubtrees must contain at least one GeneralSubtree.");
+		}
+		return new self(...$subtrees);
+	}
     
-    /**
-     * Get all subtrees.
-     *
-     * @return GeneralSubtree[]
-     */
-    public function all(): array
-    {
-        return $this->_subtrees;
-    }
+	/**
+	 * Get all subtrees.
+	 *
+	 * @return GeneralSubtree[]
+	 */
+	public function all(): array
+	{
+		return $this->_subtrees;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        if (!count($this->_subtrees)) {
-            throw new \LogicException("No subtrees.");
-        }
-        $elements = array_map(
-            function (GeneralSubtree $gs) {
-                return $gs->toASN1();
-            }, $this->_subtrees);
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		if (!count($this->_subtrees)) {
+			throw new \LogicException("No subtrees.");
+		}
+		$elements = array_map(
+			function (GeneralSubtree $gs) {
+				return $gs->toASN1();
+			}, $this->_subtrees);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_subtrees);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_subtrees);
+	}
     
-    /**
-     * Get iterator for subtrees.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_subtrees);
-    }
+	/**
+	 * Get iterator for subtrees.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_subtrees);
+	}
 }