sop / x509

lib/X509/Certificate/Extension/TargetInformationExtension.php

Indentation +123 added lines, -123 removed lines

@@ -19,139 +19,139 @@
  * @link https://tools.ietf.org/html/rfc5755#section-4.3.2
  */
 class TargetInformationExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    /**
-     * Targets elements.
-     *
-     * @var Targets[] $_targets
-     */
-    protected $_targets;
+	/**
+	 * Targets elements.
+	 *
+	 * @var Targets[] $_targets
+	 */
+	protected $_targets;
     
-    /**
-     * Targets[] merged to single Targets.
-     *
-     * @var Targets|null
-     */
-    private $_merged;
+	/**
+	 * Targets[] merged to single Targets.
+	 *
+	 * @var Targets|null
+	 */
+	private $_merged;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param Targets[] $targets
-     */
-    public function __construct(bool $critical, Targets ...$targets)
-    {
-        parent::__construct(self::OID_TARGET_INFORMATION, $critical);
-        $this->_targets = $targets;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param Targets[] $targets
+	 */
+	public function __construct(bool $critical, Targets ...$targets)
+	{
+		parent::__construct(self::OID_TARGET_INFORMATION, $critical);
+		$this->_targets = $targets;
+	}
     
-    /**
-     * Initialize from one or more Target objects.
-     *
-     * Extension criticality shall be set to true as specified by RFC 5755.
-     *
-     * @param Target[] $target
-     * @return TargetInformationExtension
-     */
-    public static function fromTargets(Target ...$target)
-    {
-        return new self(true, new Targets(...$target));
-    }
+	/**
+	 * Initialize from one or more Target objects.
+	 *
+	 * Extension criticality shall be set to true as specified by RFC 5755.
+	 *
+	 * @param Target[] $target
+	 * @return TargetInformationExtension
+	 */
+	public static function fromTargets(Target ...$target)
+	{
+		return new self(true, new Targets(...$target));
+	}
     
-    /**
-     * Reset internal state on clone.
-     */
-    public function __clone()
-    {
-        $this->_merged = null;
-    }
+	/**
+	 * Reset internal state on clone.
+	 */
+	public function __clone()
+	{
+		$this->_merged = null;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER($data, $critical)
-    {
-        $targets = array_map(
-            function (UnspecifiedType $el) {
-                return Targets::fromASN1($el->asSequence());
-            }, Sequence::fromDER($data)->elements());
-        return new self($critical, ...$targets);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER($data, $critical)
+	{
+		$targets = array_map(
+			function (UnspecifiedType $el) {
+				return Targets::fromASN1($el->asSequence());
+			}, Sequence::fromDER($data)->elements());
+		return new self($critical, ...$targets);
+	}
     
-    /**
-     * Get all targets.
-     *
-     * @return Targets
-     */
-    public function targets(): Targets
-    {
-        if (!isset($this->_merged)) {
-            $a = array();
-            foreach ($this->_targets as $targets) {
-                $a = array_merge($a, $targets->all());
-            }
-            $this->_merged = new Targets(...$a);
-        }
-        return $this->_merged;
-    }
+	/**
+	 * Get all targets.
+	 *
+	 * @return Targets
+	 */
+	public function targets(): Targets
+	{
+		if (!isset($this->_merged)) {
+			$a = array();
+			foreach ($this->_targets as $targets) {
+				$a = array_merge($a, $targets->all());
+			}
+			$this->_merged = new Targets(...$a);
+		}
+		return $this->_merged;
+	}
     
-    /**
-     * Get all name targets.
-     *
-     * @return Target[]
-     */
-    public function names(): array
-    {
-        return $this->targets()->nameTargets();
-    }
+	/**
+	 * Get all name targets.
+	 *
+	 * @return Target[]
+	 */
+	public function names(): array
+	{
+		return $this->targets()->nameTargets();
+	}
     
-    /**
-     * Get all group targets.
-     *
-     * @return Target[]
-     */
-    public function groups(): array
-    {
-        return $this->targets()->groupTargets();
-    }
+	/**
+	 * Get all group targets.
+	 *
+	 * @return Target[]
+	 */
+	public function groups(): array
+	{
+		return $this->targets()->groupTargets();
+	}
     
-    /**
-     *
-     * @see \X509\Certificate\Extension\Extension::_valueASN1()
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function (Targets $targets) {
-                return $targets->toASN1();
-            }, $this->_targets);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * @see \X509\Certificate\Extension\Extension::_valueASN1()
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function (Targets $targets) {
+				return $targets->toASN1();
+			}, $this->_targets);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->targets());
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->targets());
+	}
     
-    /**
-     * Get iterator for targets.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->targets()->all());
-    }
+	/**
+	 * Get iterator for targets.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->targets()->all());
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate\Extension;
 
@@ -77,7 +77,7 @@ 
     protected static function _fromDER($data, $critical)
     {
         $targets = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return Targets::fromASN1($el->asSequence());
             }, Sequence::fromDER($data)->elements());
         return new self($critical, ...$targets);
@@ -128,7 +128,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function (Targets $targets) {
+            function(Targets $targets) {
                 return $targets->toASN1();
             }, $this->_targets);
         return new Sequence(...$elements);

lib/X509/Certificate/Extension/ExtendedKeyUsageExtension.php

Indentation +120 added lines, -120 removed lines

@@ -14,133 +14,133 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.1.12
  */
 class ExtendedKeyUsageExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
-    const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
-    const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
-    const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
-    const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
-    const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
-    const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
-    const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
-    const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
-    const OID_DVCS = "1.3.6.1.5.5.7.3.10";
-    const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
-    const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
-    const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
-    const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
-    const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
-    const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
-    const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
-    const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
-    const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
-    const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
-    const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
-    const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
-    const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
-    const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
-    const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
-    const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
-    const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
-    const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
-    const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
+	const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
+	const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
+	const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
+	const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
+	const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
+	const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
+	const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
+	const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
+	const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
+	const OID_DVCS = "1.3.6.1.5.5.7.3.10";
+	const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
+	const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
+	const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
+	const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
+	const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
+	const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
+	const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
+	const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
+	const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
+	const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
+	const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
+	const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
+	const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
+	const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
+	const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
+	const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
+	const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
+	const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
+	const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
     
-    /**
-     * Purpose OID's.
-     *
-     * @var string[] $_purposes
-     */
-    protected $_purposes;
+	/**
+	 * Purpose OID's.
+	 *
+	 * @var string[] $_purposes
+	 */
+	protected $_purposes;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param string[] $purposes
-     */
-    public function __construct(bool $critical, ...$purposes)
-    {
-        parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
-        $this->_purposes = $purposes;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param string[] $purposes
+	 */
+	public function __construct(bool $critical, ...$purposes)
+	{
+		parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
+		$this->_purposes = $purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER($data, $critical)
-    {
-        $purposes = array_map(
-            function (UnspecifiedType $el) {
-                return $el->asObjectIdentifier()->oid();
-            }, Sequence::fromDER($data)->elements());
-        return new self($critical, ...$purposes);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER($data, $critical)
+	{
+		$purposes = array_map(
+			function (UnspecifiedType $el) {
+				return $el->asObjectIdentifier()->oid();
+			}, Sequence::fromDER($data)->elements());
+		return new self($critical, ...$purposes);
+	}
     
-    /**
-     * Whether purposes are present.
-     *
-     * If multiple purposes are checked, all must be present.
-     *
-     * @param string[] $oids
-     * @return bool
-     */
-    public function has(...$oids): bool
-    {
-        foreach ($oids as $oid) {
-            if (!in_array($oid, $this->_purposes)) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * Whether purposes are present.
+	 *
+	 * If multiple purposes are checked, all must be present.
+	 *
+	 * @param string[] $oids
+	 * @return bool
+	 */
+	public function has(...$oids): bool
+	{
+		foreach ($oids as $oid) {
+			if (!in_array($oid, $this->_purposes)) {
+				return false;
+			}
+		}
+		return true;
+	}
     
-    /**
-     * Get key usage purpose OID's.
-     *
-     * @return string[]
-     */
-    public function purposes(): array
-    {
-        return $this->_purposes;
-    }
+	/**
+	 * Get key usage purpose OID's.
+	 *
+	 * @return string[]
+	 */
+	public function purposes(): array
+	{
+		return $this->_purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function ($oid) {
-                return new ObjectIdentifier($oid);
-            }, $this->_purposes);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function ($oid) {
+				return new ObjectIdentifier($oid);
+			}, $this->_purposes);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get the number of purposes.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_purposes);
-    }
+	/**
+	 * Get the number of purposes.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_purposes);
+	}
     
-    /**
-     * Get iterator for usage purposes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_purposes);
-    }
+	/**
+	 * Get iterator for usage purposes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_purposes);
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate\Extension;
 
@@ -74,7 +74,7 @@ 
     protected static function _fromDER($data, $critical)
     {
         $purposes = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return $el->asObjectIdentifier()->oid();
             }, Sequence::fromDER($data)->elements());
         return new self($critical, ...$purposes);
@@ -116,7 +116,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function ($oid) {
+            function($oid) {
                 return new ObjectIdentifier($oid);
             }, $this->_purposes);
         return new Sequence(...$elements);

lib/X509/Certificate/Validity.php

Indentation +75 added lines, -75 removed lines

@@ -13,86 +13,86 @@
  */
 class Validity
 {
-    /**
-     * Not before time.
-     *
-     * @var Time $_notBefore
-     */
-    protected $_notBefore;
+	/**
+	 * Not before time.
+	 *
+	 * @var Time $_notBefore
+	 */
+	protected $_notBefore;
     
-    /**
-     * Not after time.
-     *
-     * @var Time $_notAfter
-     */
-    protected $_notAfter;
+	/**
+	 * Not after time.
+	 *
+	 * @var Time $_notAfter
+	 */
+	protected $_notAfter;
     
-    /**
-     * Constructor.
-     *
-     * @param Time $not_before
-     * @param Time $not_after
-     */
-    public function __construct(Time $not_before, Time $not_after)
-    {
-        $this->_notBefore = $not_before;
-        $this->_notAfter = $not_after;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Time $not_before
+	 * @param Time $not_after
+	 */
+	public function __construct(Time $not_before, Time $not_after)
+	{
+		$this->_notBefore = $not_before;
+		$this->_notAfter = $not_after;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $nb = Time::fromASN1($seq->at(0)->asTime());
-        $na = Time::fromASN1($seq->at(1)->asTime());
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$nb = Time::fromASN1($seq->at(0)->asTime());
+		$na = Time::fromASN1($seq->at(1)->asTime());
+		return new self($nb, $na);
+	}
     
-    /**
-     * Initialize from date strings.
-     *
-     * @param string|null $nb_date Not before date
-     * @param string|null $na_date Not after date
-     * @param string|null $tz Timezone string
-     * @return self
-     */
-    public static function fromStrings($nb_date, $na_date, $tz = null)
-    {
-        return new self(Time::fromString($nb_date, $tz),
-            Time::fromString($na_date, $tz));
-    }
+	/**
+	 * Initialize from date strings.
+	 *
+	 * @param string|null $nb_date Not before date
+	 * @param string|null $na_date Not after date
+	 * @param string|null $tz Timezone string
+	 * @return self
+	 */
+	public static function fromStrings($nb_date, $na_date, $tz = null)
+	{
+		return new self(Time::fromString($nb_date, $tz),
+			Time::fromString($na_date, $tz));
+	}
     
-    /**
-     * Get not before time.
-     *
-     * @return Time
-     */
-    public function notBefore(): Time
-    {
-        return $this->_notBefore;
-    }
+	/**
+	 * Get not before time.
+	 *
+	 * @return Time
+	 */
+	public function notBefore(): Time
+	{
+		return $this->_notBefore;
+	}
     
-    /**
-     * Get not after time.
-     *
-     * @return Time
-     */
-    public function notAfter(): Time
-    {
-        return $this->_notAfter;
-    }
+	/**
+	 * Get not after time.
+	 *
+	 * @return Time
+	 */
+	public function notAfter(): Time
+	{
+		return $this->_notAfter;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_notBefore->toASN1(),
-            $this->_notAfter->toASN1());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_notBefore->toASN1(),
+			$this->_notAfter->toASN1());
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 

lib/X509/Certificate/Certificate.php

Indentation +231 added lines, -231 removed lines

@@ -19,235 +19,235 @@
  */
 class Certificate
 {
-    /**
-     * "To be signed" certificate information.
-     *
-     * @var TBSCertificate $_tbsCertificate
-     */
-    protected $_tbsCertificate;
-    
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param TBSCertificate $tbsCert
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(TBSCertificate $tbsCert,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_tbsCertificate = $tbsCert;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($tbsCert, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data)
-    {
-        return self::fromASN1(Sequence::fromDER($data));
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem)
-    {
-        if ($pem->type() != PEM::TYPE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get certificate information.
-     *
-     * @return TBSCertificate
-     */
-    public function tbsCertificate(): TBSCertificate
-    {
-        return $this->_tbsCertificate;
-    }
-    
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Check whether certificate is self-issued.
-     *
-     * @return bool
-     */
-    public function isSelfIssued(): bool
-    {
-        return $this->_tbsCertificate->subject()->equals(
-            $this->_tbsCertificate->issuer());
-    }
-    
-    /**
-     * Check whether certificate is semantically equal to another.
-     *
-     * @param Certificate $cert Certificate to compare to
-     * @return bool
-     */
-    public function equals(Certificate $cert): bool
-    {
-        return $this->_hasEqualSerialNumber($cert) &&
-             $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
-    }
-    
-    /**
-     * Check whether certificate has serial number equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSerialNumber(Certificate $cert): bool
-    {
-        $sn1 = $this->_tbsCertificate->serialNumber();
-        $sn2 = $cert->_tbsCertificate->serialNumber();
-        return $sn1 == $sn2;
-    }
-    
-    /**
-     * Check whether certificate has public key equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualPublicKey(Certificate $cert): bool
-    {
-        $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        return $kid1 == $kid2;
-    }
-    
-    /**
-     * Check whether certificate has subject equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSubject(Certificate $cert): bool
-    {
-        $dn1 = $this->_tbsCertificate->subject();
-        $dn2 = $cert->_tbsCertificate->subject();
-        return $dn1->equals($dn2);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_tbsCertificate->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Verify certificate signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Issuer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if certificate signature is valid
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_tbsCertificate->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * "To be signed" certificate information.
+	 *
+	 * @var TBSCertificate $_tbsCertificate
+	 */
+	protected $_tbsCertificate;
+    
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param TBSCertificate $tbsCert
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(TBSCertificate $tbsCert,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_tbsCertificate = $tbsCert;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($tbsCert, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data)
+	{
+		return self::fromASN1(Sequence::fromDER($data));
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem)
+	{
+		if ($pem->type() != PEM::TYPE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get certificate information.
+	 *
+	 * @return TBSCertificate
+	 */
+	public function tbsCertificate(): TBSCertificate
+	{
+		return $this->_tbsCertificate;
+	}
+    
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Check whether certificate is self-issued.
+	 *
+	 * @return bool
+	 */
+	public function isSelfIssued(): bool
+	{
+		return $this->_tbsCertificate->subject()->equals(
+			$this->_tbsCertificate->issuer());
+	}
+    
+	/**
+	 * Check whether certificate is semantically equal to another.
+	 *
+	 * @param Certificate $cert Certificate to compare to
+	 * @return bool
+	 */
+	public function equals(Certificate $cert): bool
+	{
+		return $this->_hasEqualSerialNumber($cert) &&
+			 $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
+	}
+    
+	/**
+	 * Check whether certificate has serial number equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSerialNumber(Certificate $cert): bool
+	{
+		$sn1 = $this->_tbsCertificate->serialNumber();
+		$sn2 = $cert->_tbsCertificate->serialNumber();
+		return $sn1 == $sn2;
+	}
+    
+	/**
+	 * Check whether certificate has public key equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualPublicKey(Certificate $cert): bool
+	{
+		$kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		$kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		return $kid1 == $kid2;
+	}
+    
+	/**
+	 * Check whether certificate has subject equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSubject(Certificate $cert): bool
+	{
+		$dn1 = $this->_tbsCertificate->subject();
+		$dn2 = $cert->_tbsCertificate->subject();
+		return $dn1->equals($dn2);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_tbsCertificate->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Issuer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if certificate signature is valid
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_tbsCertificate->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 

lib/X509/Certificate/Extensions.php

Indentation +409 added lines, -409 removed lines

@@ -18,413 +18,413 @@
  */
 class Extensions implements \Countable, \IteratorAggregate
 {
-    /**
-     * Extensions.
-     *
-     * @var Extension\Extension[] $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Extension\Extension[] ...$extensions Extension objects
-     */
-    public function __construct(Extension\Extension ...$extensions)
-    {
-        $this->_extensions = array();
-        foreach ($extensions as $ext) {
-            $this->_extensions[$ext->oid()] = $ext;
-        }
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $extensions = array_map(
-            function (UnspecifiedType $el) {
-                return Extension\Extension::fromASN1($el->asSequence());
-            }, $seq->elements());
-        return new self(...$extensions);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array_values(
-            array_map(
-                function ($ext) {
-                    return $ext->toASN1();
-                }, $this->_extensions));
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension\Extension ...$ext One or more extensions to add
-     * @return self
-     */
-    public function withExtensions(Extension\Extension ...$exts)
-    {
-        $obj = clone $this;
-        foreach ($exts as $ext) {
-            $obj->_extensions[$ext->oid()] = $ext;
-        }
-        return $obj;
-    }
-    
-    /**
-     * Check whether extension is present.
-     *
-     * @param string $oid Extensions OID
-     * @return bool
-     */
-    public function has(string $oid): bool
-    {
-        return isset($this->_extensions[$oid]);
-    }
-    
-    /**
-     * Get extension by OID.
-     *
-     * @param string $oid
-     * @throws \LogicException If extension is not present
-     * @return Extension\Extension
-     */
-    public function get(string $oid): Extension\Extension
-    {
-        if (!$this->has($oid)) {
-            throw new \LogicException("No extension by OID $oid.");
-        }
-        return $this->_extensions[$oid];
-    }
-    
-    /**
-     * Check whether 'Authority Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasAuthorityKeyIdentifier(): bool
-    {
-        return $this->has(Extension\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Authority Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
-     */
-    public function authorityKeyIdentifier(): Extension\AuthorityKeyIdentifierExtension
-    {
-        /** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
-        $keyIdentifier = $this->get(Extension\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-        return $keyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Subject Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectKeyIdentifier(): bool
-    {
-        return $this->has(Extension\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Subject Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
-     */
-    public function subjectKeyIdentifier()
-    {
-        /** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
-        $subjectKeyIdentifier = $this->get(Extension\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-        return $subjectKeyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasKeyUsage(): bool
-    {
-        return $this->has(Extension\Extension::OID_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\KeyUsageExtension
-     */
-    public function keyUsage()
-    {
-        /** @var Extension\KeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Extension\Extension::OID_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'Certificate Policies' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCertificatePolicies(): bool
-    {
-        return $this->has(Extension\Extension::OID_CERTIFICATE_POLICIES);
-    }
-    
-    /**
-     * Get 'Certificate Policies' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CertificatePoliciesExtension
-     */
-    public function certificatePolicies()
-    {
-        /** @var Extension\CertificatePoliciesExtension $certPolicies */
-        $certPolicies = $this->get(Extension\Extension::OID_CERTIFICATE_POLICIES);
-        return $certPolicies;
-    }
-    
-    /**
-     * Check whether 'Policy Mappings' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyMappings(): bool
-    {
-        return $this->has(Extension\Extension::OID_POLICY_MAPPINGS);
-    }
-    
-    /**
-     * Get 'Policy Mappings' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyMappingsExtension
-     */
-    public function policyMappings()
-    {
-        /** @var Extension\PolicyMappingsExtension $policyMappings */
-        $policyMappings = $this->get(Extension\Extension::OID_POLICY_MAPPINGS);
-        return $policyMappings;
-    }
-    
-    /**
-     * Check whether 'Subject Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectAlternativeName(): bool
-    {
-        return $this->has(Extension\Extension::OID_SUBJECT_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Subject Alternative Name' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
-     */
-    public function subjectAlternativeName()
-    {
-        /** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
-        $subjectAltName = $this->get(Extension\Extension::OID_SUBJECT_ALT_NAME);
-        return $subjectAltName;
-    }
-    
-    /**
-     * Check whether 'Issuer Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerAlternativeName(): bool
-    {
-        return $this->has(Extension\Extension::OID_ISSUER_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Issuer Alternative Name' extension.
-     *
-     * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
-     */
-    public function issuerAlternativeName()
-    {
-        /** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
-        $issuerAltName = $this->get(Extension\Extension::OID_ISSUER_ALT_NAME);
-        return $issuerAltName;
-    }
-    
-    /**
-     * Check whether 'Basic Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasBasicConstraints(): bool
-    {
-        return $this->has(Extension\Extension::OID_BASIC_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Basic Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\BasicConstraintsExtension
-     */
-    public function basicConstraints()
-    {
-        /** @var Extension\BasicConstraintsExtension $basicConstraints */
-        $basicConstraints = $this->get(Extension\Extension::OID_BASIC_CONSTRAINTS);
-        return $basicConstraints;
-    }
-    
-    /**
-     * Check whether 'Name Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasNameConstraints(): bool
-    {
-        return $this->has(Extension\Extension::OID_NAME_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Name Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\NameConstraintsExtension
-     */
-    public function nameConstraints()
-    {
-        /** @var Extension\NameConstraintsExtension $nameConstraints */
-        $nameConstraints = $this->get(Extension\Extension::OID_NAME_CONSTRAINTS);
-        return $nameConstraints;
-    }
-    
-    /**
-     * Check whether 'Policy Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyConstraints(): bool
-    {
-        return $this->has(Extension\Extension::OID_POLICY_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Policy Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyConstraintsExtension
-     */
-    public function policyConstraints()
-    {
-        /** @var Extension\PolicyConstraintsExtension $policyConstraints */
-        $policyConstraints = $this->get(Extension\Extension::OID_POLICY_CONSTRAINTS);
-        return $policyConstraints;
-    }
-    
-    /**
-     * Check whether 'Extended Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasExtendedKeyUsage(): bool
-    {
-        return $this->has(Extension\Extension::OID_EXT_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Extended Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
-     */
-    public function extendedKeyUsage()
-    {
-        /** @var Extension\ExtendedKeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Extension\Extension::OID_EXT_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'CRL Distribution Points' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCRLDistributionPoints(): bool
-    {
-        return $this->has(Extension\Extension::OID_CRL_DISTRIBUTION_POINTS);
-    }
-    
-    /**
-     * Get 'CRL Distribution Points' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
-     */
-    public function crlDistributionPoints()
-    {
-        /** @var Extension\CRLDistributionPointsExtension $crlDist */
-        $crlDist = $this->get(Extension\Extension::OID_CRL_DISTRIBUTION_POINTS);
-        return $crlDist;
-    }
-    
-    /**
-     * Check whether 'Inhibit anyPolicy' extension is present.
-     *
-     * @return bool
-     */
-    public function hasInhibitAnyPolicy(): bool
-    {
-        return $this->has(Extension\Extension::OID_INHIBIT_ANY_POLICY);
-    }
-    
-    /**
-     * Get 'Inhibit anyPolicy' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
-     */
-    public function inhibitAnyPolicy()
-    {
-        /** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
-        $inhibitAny = $this->get(Extension\Extension::OID_INHIBIT_ANY_POLICY);
-        return $inhibitAny;
-    }
-    
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_extensions);
-    }
-    
-    /**
-     * Get iterator for extensions.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \Traversable
-     */
-    public function getIterator(): \Traversable
-    {
-        return new \ArrayIterator($this->_extensions);
-    }
+	/**
+	 * Extensions.
+	 *
+	 * @var Extension\Extension[] $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Extension\Extension[] ...$extensions Extension objects
+	 */
+	public function __construct(Extension\Extension ...$extensions)
+	{
+		$this->_extensions = array();
+		foreach ($extensions as $ext) {
+			$this->_extensions[$ext->oid()] = $ext;
+		}
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$extensions = array_map(
+			function (UnspecifiedType $el) {
+				return Extension\Extension::fromASN1($el->asSequence());
+			}, $seq->elements());
+		return new self(...$extensions);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array_values(
+			array_map(
+				function ($ext) {
+					return $ext->toASN1();
+				}, $this->_extensions));
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension\Extension ...$ext One or more extensions to add
+	 * @return self
+	 */
+	public function withExtensions(Extension\Extension ...$exts)
+	{
+		$obj = clone $this;
+		foreach ($exts as $ext) {
+			$obj->_extensions[$ext->oid()] = $ext;
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Check whether extension is present.
+	 *
+	 * @param string $oid Extensions OID
+	 * @return bool
+	 */
+	public function has(string $oid): bool
+	{
+		return isset($this->_extensions[$oid]);
+	}
+    
+	/**
+	 * Get extension by OID.
+	 *
+	 * @param string $oid
+	 * @throws \LogicException If extension is not present
+	 * @return Extension\Extension
+	 */
+	public function get(string $oid): Extension\Extension
+	{
+		if (!$this->has($oid)) {
+			throw new \LogicException("No extension by OID $oid.");
+		}
+		return $this->_extensions[$oid];
+	}
+    
+	/**
+	 * Check whether 'Authority Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasAuthorityKeyIdentifier(): bool
+	{
+		return $this->has(Extension\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Authority Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
+	 */
+	public function authorityKeyIdentifier(): Extension\AuthorityKeyIdentifierExtension
+	{
+		/** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
+		$keyIdentifier = $this->get(Extension\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+		return $keyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Subject Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectKeyIdentifier(): bool
+	{
+		return $this->has(Extension\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Subject Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
+	 */
+	public function subjectKeyIdentifier()
+	{
+		/** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
+		$subjectKeyIdentifier = $this->get(Extension\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+		return $subjectKeyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasKeyUsage(): bool
+	{
+		return $this->has(Extension\Extension::OID_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\KeyUsageExtension
+	 */
+	public function keyUsage()
+	{
+		/** @var Extension\KeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Extension\Extension::OID_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'Certificate Policies' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCertificatePolicies(): bool
+	{
+		return $this->has(Extension\Extension::OID_CERTIFICATE_POLICIES);
+	}
+    
+	/**
+	 * Get 'Certificate Policies' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CertificatePoliciesExtension
+	 */
+	public function certificatePolicies()
+	{
+		/** @var Extension\CertificatePoliciesExtension $certPolicies */
+		$certPolicies = $this->get(Extension\Extension::OID_CERTIFICATE_POLICIES);
+		return $certPolicies;
+	}
+    
+	/**
+	 * Check whether 'Policy Mappings' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyMappings(): bool
+	{
+		return $this->has(Extension\Extension::OID_POLICY_MAPPINGS);
+	}
+    
+	/**
+	 * Get 'Policy Mappings' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyMappingsExtension
+	 */
+	public function policyMappings()
+	{
+		/** @var Extension\PolicyMappingsExtension $policyMappings */
+		$policyMappings = $this->get(Extension\Extension::OID_POLICY_MAPPINGS);
+		return $policyMappings;
+	}
+    
+	/**
+	 * Check whether 'Subject Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectAlternativeName(): bool
+	{
+		return $this->has(Extension\Extension::OID_SUBJECT_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Subject Alternative Name' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
+	 */
+	public function subjectAlternativeName()
+	{
+		/** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
+		$subjectAltName = $this->get(Extension\Extension::OID_SUBJECT_ALT_NAME);
+		return $subjectAltName;
+	}
+    
+	/**
+	 * Check whether 'Issuer Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerAlternativeName(): bool
+	{
+		return $this->has(Extension\Extension::OID_ISSUER_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Issuer Alternative Name' extension.
+	 *
+	 * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
+	 */
+	public function issuerAlternativeName()
+	{
+		/** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
+		$issuerAltName = $this->get(Extension\Extension::OID_ISSUER_ALT_NAME);
+		return $issuerAltName;
+	}
+    
+	/**
+	 * Check whether 'Basic Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasBasicConstraints(): bool
+	{
+		return $this->has(Extension\Extension::OID_BASIC_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Basic Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\BasicConstraintsExtension
+	 */
+	public function basicConstraints()
+	{
+		/** @var Extension\BasicConstraintsExtension $basicConstraints */
+		$basicConstraints = $this->get(Extension\Extension::OID_BASIC_CONSTRAINTS);
+		return $basicConstraints;
+	}
+    
+	/**
+	 * Check whether 'Name Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasNameConstraints(): bool
+	{
+		return $this->has(Extension\Extension::OID_NAME_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Name Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\NameConstraintsExtension
+	 */
+	public function nameConstraints()
+	{
+		/** @var Extension\NameConstraintsExtension $nameConstraints */
+		$nameConstraints = $this->get(Extension\Extension::OID_NAME_CONSTRAINTS);
+		return $nameConstraints;
+	}
+    
+	/**
+	 * Check whether 'Policy Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyConstraints(): bool
+	{
+		return $this->has(Extension\Extension::OID_POLICY_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Policy Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyConstraintsExtension
+	 */
+	public function policyConstraints()
+	{
+		/** @var Extension\PolicyConstraintsExtension $policyConstraints */
+		$policyConstraints = $this->get(Extension\Extension::OID_POLICY_CONSTRAINTS);
+		return $policyConstraints;
+	}
+    
+	/**
+	 * Check whether 'Extended Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasExtendedKeyUsage(): bool
+	{
+		return $this->has(Extension\Extension::OID_EXT_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Extended Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
+	 */
+	public function extendedKeyUsage()
+	{
+		/** @var Extension\ExtendedKeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Extension\Extension::OID_EXT_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'CRL Distribution Points' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCRLDistributionPoints(): bool
+	{
+		return $this->has(Extension\Extension::OID_CRL_DISTRIBUTION_POINTS);
+	}
+    
+	/**
+	 * Get 'CRL Distribution Points' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
+	 */
+	public function crlDistributionPoints()
+	{
+		/** @var Extension\CRLDistributionPointsExtension $crlDist */
+		$crlDist = $this->get(Extension\Extension::OID_CRL_DISTRIBUTION_POINTS);
+		return $crlDist;
+	}
+    
+	/**
+	 * Check whether 'Inhibit anyPolicy' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasInhibitAnyPolicy(): bool
+	{
+		return $this->has(Extension\Extension::OID_INHIBIT_ANY_POLICY);
+	}
+    
+	/**
+	 * Get 'Inhibit anyPolicy' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
+	 */
+	public function inhibitAnyPolicy()
+	{
+		/** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
+		$inhibitAny = $this->get(Extension\Extension::OID_INHIBIT_ANY_POLICY);
+		return $inhibitAny;
+	}
+    
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_extensions);
+	}
+    
+	/**
+	 * Get iterator for extensions.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \Traversable
+	 */
+	public function getIterator(): \Traversable
+	{
+		return new \ArrayIterator($this->_extensions);
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 
@@ -47,7 +47,7 @@ 
     public static function fromASN1(Sequence $seq)
     {
         $extensions = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return Extension\Extension::fromASN1($el->asSequence());
             }, $seq->elements());
         return new self(...$extensions);
@@ -62,7 +62,7 @@ 
     {
         $elements = array_values(
             array_map(
-                function ($ext) {
+                function($ext) {
                     return $ext->toASN1();
                 }, $this->_extensions));
         return new Sequence(...$elements);

lib/X509/Certificate/UniqueIdentifier.php

Indentation +61 added lines, -61 removed lines

@@ -13,71 +13,71 @@
  */
 class UniqueIdentifier
 {
-    /**
-     * Identifier.
-     *
-     * @var BitString $_uid
-     */
-    protected $_uid;
+	/**
+	 * Identifier.
+	 *
+	 * @var BitString $_uid
+	 */
+	protected $_uid;
     
-    /**
-     * Constructor.
-     *
-     * @param BitString $bs
-     */
-    public function __construct(BitString $bs)
-    {
-        $this->_uid = $bs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param BitString $bs
+	 */
+	public function __construct(BitString $bs)
+	{
+		$this->_uid = $bs;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param BitString $bs
-     */
-    public static function fromASN1(BitString $bs)
-    {
-        return new self($bs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param BitString $bs
+	 */
+	public static function fromASN1(BitString $bs)
+	{
+		return new self($bs);
+	}
     
-    /**
-     * Initialize from string.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromString(string $str)
-    {
-        return new self(new BitString($str));
-    }
+	/**
+	 * Initialize from string.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromString(string $str)
+	{
+		return new self(new BitString($str));
+	}
     
-    /**
-     * Get unique identifier as a string.
-     *
-     * @return string
-     */
-    public function string(): string
-    {
-        return $this->_uid->string();
-    }
+	/**
+	 * Get unique identifier as a string.
+	 *
+	 * @return string
+	 */
+	public function string(): string
+	{
+		return $this->_uid->string();
+	}
     
-    /**
-     * Get unique identifier as a bit string.
-     *
-     * @return BitString
-     */
-    public function bitString(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get unique identifier as a bit string.
+	 *
+	 * @return BitString
+	 */
+	public function bitString(): BitString
+	{
+		return $this->_uid;
+	}
     
-    /**
-     * Get ASN.1 element.
-     *
-     * @return BitString
-     */
-    public function toASN1(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get ASN.1 element.
+	 *
+	 * @return BitString
+	 */
+	public function toASN1(): BitString
+	{
+		return $this->_uid;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 

lib/X509/Certificate/CertificateBundle.php

Indentation +189 added lines, -189 removed lines

@@ -12,208 +12,208 @@
  */
 class CertificateBundle implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certificates.
-     *
-     * @var Certificate[] $_certs
-     */
-    protected $_certs;
+	/**
+	 * Certificates.
+	 *
+	 * @var Certificate[] $_certs
+	 */
+	protected $_certs;
     
-    /**
-     * Mapping from public key id to array of certificates.
-     *
-     * @var null|(Certificate[])[]
-     */
-    private $_keyIdMap;
+	/**
+	 * Mapping from public key id to array of certificates.
+	 *
+	 * @var null|(Certificate[])[]
+	 */
+	private $_keyIdMap;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate[] $certs Certificate objects
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate[] $certs Certificate objects
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
     
-    /**
-     * Reset internal cached variables on clone.
-     */
-    public function __clone()
-    {
-        $this->_keyIdMap = null;
-    }
+	/**
+	 * Reset internal cached variables on clone.
+	 */
+	public function __clone()
+	{
+		$this->_keyIdMap = null;
+	}
     
-    /**
-     * Initialize from PEMs.
-     *
-     * @param PEM[] $pems PEM objects
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems)
-    {
-        $certs = array_map(
-            function ($pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from PEMs.
+	 *
+	 * @param PEM[] $pems PEM objects
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems)
+	{
+		$certs = array_map(
+			function ($pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
     
-    /**
-     * Initialize from PEM bundle.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public static function fromPEMBundle(PEMBundle $pem_bundle)
-    {
-        return self::fromPEMs(...$pem_bundle->all());
-    }
+	/**
+	 * Initialize from PEM bundle.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public static function fromPEMBundle(PEMBundle $pem_bundle)
+	{
+		return self::fromPEMs(...$pem_bundle->all());
+	}
     
-    /**
-     * Get self with certificates added.
-     *
-     * @param Certificate[] $cert
-     * @return self
-     */
-    public function withCertificates(Certificate ...$cert)
-    {
-        $obj = clone $this;
-        $obj->_certs = array_merge($obj->_certs, $cert);
-        return $obj;
-    }
+	/**
+	 * Get self with certificates added.
+	 *
+	 * @param Certificate[] $cert
+	 * @return self
+	 */
+	public function withCertificates(Certificate ...$cert)
+	{
+		$obj = clone $this;
+		$obj->_certs = array_merge($obj->_certs, $cert);
+		return $obj;
+	}
     
-    /**
-     * Get self with certificates from PEMBundle added.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public function withPEMBundle(PEMBundle $pem_bundle)
-    {
-        $certs = $this->_certs;
-        foreach ($pem_bundle as $pem) {
-            $certs[] = Certificate::fromPEM($pem);
-        }
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with certificates from PEMBundle added.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public function withPEMBundle(PEMBundle $pem_bundle)
+	{
+		$certs = $this->_certs;
+		foreach ($pem_bundle as $pem) {
+			$certs[] = Certificate::fromPEM($pem);
+		}
+		return new self(...$certs);
+	}
     
-    /**
-     * Get self with single certificate from PEM added.
-     *
-     * @param PEM $pem
-     * @return self
-     */
-    public function withPEM(PEM $pem)
-    {
-        $certs = $this->_certs;
-        $certs[] = Certificate::fromPEM($pem);
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with single certificate from PEM added.
+	 *
+	 * @param PEM $pem
+	 * @return self
+	 */
+	public function withPEM(PEM $pem)
+	{
+		$certs = $this->_certs;
+		$certs[] = Certificate::fromPEM($pem);
+		return new self(...$certs);
+	}
     
-    /**
-     * Check whether bundle contains a given certificate.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    public function contains(Certificate $cert): bool
-    {
-        $id = self::_getCertKeyId($cert);
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return false;
-        }
-        foreach ($map[$id] as $c) {
-            /** @var Certificate $c */
-            if ($cert->equals($c)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether bundle contains a given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	public function contains(Certificate $cert): bool
+	{
+		$id = self::_getCertKeyId($cert);
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return false;
+		}
+		foreach ($map[$id] as $c) {
+			/** @var Certificate $c */
+			if ($cert->equals($c)) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Get all certificates that have given subject key identifier.
-     *
-     * @param string $id
-     * @return Certificate[]
-     */
-    public function allBySubjectKeyIdentifier($id): array
-    {
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return array();
-        }
-        return $map[$id];
-    }
+	/**
+	 * Get all certificates that have given subject key identifier.
+	 *
+	 * @param string $id
+	 * @return Certificate[]
+	 */
+	public function allBySubjectKeyIdentifier($id): array
+	{
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return array();
+		}
+		return $map[$id];
+	}
     
-    /**
-     * Get all certificates in a bundle.
-     *
-     * @return Certificate[]
-     */
-    public function all(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a bundle.
+	 *
+	 * @return Certificate[]
+	 */
+	public function all(): array
+	{
+		return $this->_certs;
+	}
     
-    /**
-     * Get certificate mapping by public key id.
-     *
-     * @return (Certificate[])[]
-     */
-    private function _getKeyIdMap(): array
-    {
-        // lazily build mapping
-        if (!isset($this->_keyIdMap)) {
-            $this->_keyIdMap = array();
-            foreach ($this->_certs as $cert) {
-                $id = self::_getCertKeyId($cert);
-                if (!isset($this->_keyIdMap[$id])) {
-                    $this->_keyIdMap[$id] = array();
-                }
-                array_push($this->_keyIdMap[$id], $cert);
-            }
-        }
-        return $this->_keyIdMap;
-    }
+	/**
+	 * Get certificate mapping by public key id.
+	 *
+	 * @return (Certificate[])[]
+	 */
+	private function _getKeyIdMap(): array
+	{
+		// lazily build mapping
+		if (!isset($this->_keyIdMap)) {
+			$this->_keyIdMap = array();
+			foreach ($this->_certs as $cert) {
+				$id = self::_getCertKeyId($cert);
+				if (!isset($this->_keyIdMap[$id])) {
+					$this->_keyIdMap[$id] = array();
+				}
+				array_push($this->_keyIdMap[$id], $cert);
+			}
+		}
+		return $this->_keyIdMap;
+	}
     
-    /**
-     * Get public key id for the certificate.
-     *
-     * @param Certificate $cert
-     * @return string
-     */
-    private static function _getCertKeyId(Certificate $cert): string
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasSubjectKeyIdentifier()) {
-            return $exts->subjectKeyIdentifier()->keyIdentifier();
-        }
-        return $cert->tbsCertificate()
-            ->subjectPublicKeyInfo()
-            ->keyIdentifier();
-    }
+	/**
+	 * Get public key id for the certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return string
+	 */
+	private static function _getCertKeyId(Certificate $cert): string
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasSubjectKeyIdentifier()) {
+			return $exts->subjectKeyIdentifier()->keyIdentifier();
+		}
+		return $cert->tbsCertificate()
+			->subjectPublicKeyInfo()
+			->keyIdentifier();
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 
@@ -53,7 +53,7 @@ 
     public static function fromPEMs(PEM ...$pems)
     {
         $certs = array_map(
-            function ($pem) {
+            function($pem) {
                 return Certificate::fromPEM($pem);
             }, $pems);
         return new self(...$certs);

lib/X509/Certificate/Time.php

Indentation +92 added lines, -92 removed lines

@@ -17,104 +17,104 @@
  */
 class Time
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Datetime.
-     *
-     * @var \DateTimeImmutable $_dt
-     */
-    protected $_dt;
+	/**
+	 * Datetime.
+	 *
+	 * @var \DateTimeImmutable $_dt
+	 */
+	protected $_dt;
     
-    /**
-     * Time ASN.1 type tag.
-     *
-     * @var int $_type
-     */
-    protected $_type;
+	/**
+	 * Time ASN.1 type tag.
+	 *
+	 * @var int $_type
+	 */
+	protected $_type;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt
-     */
-    public function __construct(\DateTimeImmutable $dt)
-    {
-        $this->_dt = $dt;
-        $this->_type = self::_determineType($dt);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 */
+	public function __construct(\DateTimeImmutable $dt)
+	{
+		$this->_dt = $dt;
+		$this->_type = self::_determineType($dt);
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param TimeType $el
-     * @return self
-     */
-    public static function fromASN1(TimeType $el)
-    {
-        $obj = new self($el->dateTime());
-        $obj->_type = $el->tag();
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param TimeType $el
+	 * @return self
+	 */
+	public static function fromASN1(TimeType $el)
+	{
+		$obj = new self($el->dateTime());
+		$obj->_type = $el->tag();
+		return $obj;
+	}
     
-    /**
-     * Initialize from date string.
-     *
-     * @param string|null $time
-     * @param string|null $tz
-     * @return self
-     */
-    public static function fromString($time, $tz = null)
-    {
-        return new self(self::_createDateTime($time, $tz));
-    }
+	/**
+	 * Initialize from date string.
+	 *
+	 * @param string|null $time
+	 * @param string|null $tz
+	 * @return self
+	 */
+	public static function fromString($time, $tz = null)
+	{
+		return new self(self::_createDateTime($time, $tz));
+	}
     
-    /**
-     * Get datetime.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dt;
-    }
+	/**
+	 * Get datetime.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dt;
+	}
     
-    /**
-     * Generate ASN.1.
-     *
-     * @throws \UnexpectedValueException
-     * @return TimeType
-     */
-    public function toASN1(): TimeType
-    {
-        $dt = $this->_dt;
-        switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if ($dt->format("u") != 0) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
-        }
-        throw new \UnexpectedValueException(
-            "Time type " . Element::tagToName($this->_type) . " not supported.");
-    }
+	/**
+	 * Generate ASN.1.
+	 *
+	 * @throws \UnexpectedValueException
+	 * @return TimeType
+	 */
+	public function toASN1(): TimeType
+	{
+		$dt = $this->_dt;
+		switch ($this->_type) {
+			case Element::TYPE_UTC_TIME:
+				return new UTCTime($dt);
+			case Element::TYPE_GENERALIZED_TIME:
+				// GeneralizedTime must not contain fractional seconds
+				// (rfc5280 4.1.2.5.2)
+				if ($dt->format("u") != 0) {
+					// remove fractional seconds (round down)
+					$dt = self::_roundDownFractionalSeconds($dt);
+				}
+				return new GeneralizedTime($dt);
+		}
+		throw new \UnexpectedValueException(
+			"Time type " . Element::tagToName($this->_type) . " not supported.");
+	}
     
-    /**
-     * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return int Type tag
-     */
-    protected static function _determineType(\DateTimeImmutable $dt): int
-    {
-        if ($dt->format("Y") >= 2050) {
-            return Element::TYPE_GENERALIZED_TIME;
-        }
-        return Element::TYPE_UTC_TIME;
-    }
+	/**
+	 * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return int Type tag
+	 */
+	protected static function _determineType(\DateTimeImmutable $dt): int
+	{
+		if ($dt->format("Y") >= 2050) {
+			return Element::TYPE_GENERALIZED_TIME;
+		}
+		return Element::TYPE_UTC_TIME;
+	}
 }

Switch Indentation +10 added lines, -10 removed lines

@@ -89,16 +89,16 @@
     {
         $dt = $this->_dt;
         switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if ($dt->format("u") != 0) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
+        case Element::TYPE_UTC_TIME:
+            return new UTCTime($dt);
+        case Element::TYPE_GENERALIZED_TIME:
+            // GeneralizedTime must not contain fractional seconds
+            // (rfc5280 4.1.2.5.2)
+            if ($dt->format("u") != 0) {
+                // remove fractional seconds (round down)
+                $dt = self::_roundDownFractionalSeconds($dt);
+            }
+            return new GeneralizedTime($dt);
         }
         throw new \UnexpectedValueException(
             "Time type " . Element::tagToName($this->_type) . " not supported.");

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;
 

lib/X509/Certificate/TBSCertificate.php

Indentation +607 added lines, -607 removed lines

@@ -27,611 +27,611 @@
  */
 class TBSCertificate
 {
-    // Certificate version enumerations
-    const VERSION_1 = 0;
-    const VERSION_2 = 1;
-    const VERSION_3 = 2;
-    
-    /**
-     * Certificate version.
-     *
-     * @var int
-     */
-    protected $_version;
-    
-    /**
-     * Serial number.
-     *
-     * @var int|string
-     */
-    protected $_serialNumber;
-    
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier
-     */
-    protected $_signature;
-    
-    /**
-     * Certificate issuer.
-     *
-     * @var Name $_issuer
-     */
-    protected $_issuer;
-    
-    /**
-     * Certificate validity period.
-     *
-     * @var Validity $_validity
-     */
-    protected $_validity;
-    
-    /**
-     * Certificate subject.
-     *
-     * @var Name $_subject
-     */
-    protected $_subject;
-    
-    /**
-     * Subject public key.
-     *
-     * @var PublicKeyInfo $_subjectPublicKeyInfo
-     */
-    protected $_subjectPublicKeyInfo;
-    
-    /**
-     * Issuer unique identifier.
-     *
-     * @var UniqueIdentifier|null $_issuerUniqueID
-     */
-    protected $_issuerUniqueID;
-    
-    /**
-     * Subject unique identifier.
-     *
-     * @var UniqueIdentifier|null $_subjectUniqueID
-     */
-    protected $_subjectUniqueID;
-    
-    /**
-     * Extensions.
-     *
-     * @var Extensions $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Name $subject Certificate subject
-     * @param PublicKeyInfo $pki Subject public key
-     * @param Name $issuer Certificate issuer
-     * @param Validity $validity Validity period
-     */
-    public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
-        Validity $validity)
-    {
-        $this->_subject = $subject;
-        $this->_subjectPublicKeyInfo = $pki;
-        $this->_issuer = $issuer;
-        $this->_validity = $validity;
-        $this->_extensions = new Extensions();
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $idx = 0;
-        if ($seq->hasTagged(0)) {
-            $idx++;
-            $version = intval(
-                $seq->getTagged(0)
-                    ->asExplicit()
-                    ->asInteger()
-                    ->number());
-        } else {
-            $version = self::VERSION_1;
-        }
-        $serial = (int) $seq->at($idx++)
-            ->asInteger()
-            ->number();
-        $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->name() . ".");
-        }
-        $issuer = Name::fromASN1($seq->at($idx++)->asSequence());
-        $validity = Validity::fromASN1($seq->at($idx++)->asSequence());
-        $subject = Name::fromASN1($seq->at($idx++)->asSequence());
-        $pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
-        $tbs_cert = new self($subject, $pki, $issuer, $validity);
-        $tbs_cert->_version = $version;
-        $tbs_cert->_serialNumber = $serial;
-        $tbs_cert->_signature = $algo;
-        if ($seq->hasTagged(1)) {
-            $tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(2)) {
-            $tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(2)
-                    ->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(3)) {
-            $tbs_cert->_extensions = Extensions::fromASN1(
-                $seq->getTagged(3)
-                    ->asExplicit()
-                    ->asSequence());
-        }
-        return $tbs_cert;
-    }
-    
-    /**
-     * Initialize from certification request.
-     *
-     * Note that signature is not verified and must be done by the caller.
-     *
-     * @param CertificationRequest $cr
-     * @return self
-     */
-    public static function fromCSR(CertificationRequest $cr)
-    {
-        $cri = $cr->certificationRequestInfo();
-        $tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
-            Validity::fromStrings(null, null));
-        // if CSR has Extension Request attribute
-        if ($cri->hasAttributes()) {
-            $attribs = $cri->attributes();
-            if ($attribs->hasExtensionRequest()) {
-                $tbs_cert = $tbs_cert->withExtensions(
-                    $attribs->extensionRequest()
-                        ->extensions());
-            }
-        }
-        // add Subject Key Identifier extension
-        $tbs_cert = $tbs_cert->withAdditionalExtensions(
-            new SubjectKeyIdentifierExtension(false,
-                $cri->subjectPKInfo()
-                    ->keyIdentifier()));
-        return $tbs_cert;
-    }
-    
-    /**
-     * Get self with fields set from the issuer's certificate.
-     *
-     * Issuer shall be set to issuing certificate's subject.
-     * Authority key identifier extensions shall be added with a key identifier
-     * set to issuing certificate's public key identifier.
-     *
-     * @param Certificate $cert Issuing party's certificate
-     * @return self
-     */
-    public function withIssuerCertificate(Certificate $cert)
-    {
-        $obj = clone $this;
-        // set issuer DN from cert's subject
-        $obj->_issuer = $cert->tbsCertificate()->subject();
-        // add authority key identifier extension
-        $key_id = $cert->tbsCertificate()
-            ->subjectPublicKeyInfo()
-            ->keyIdentifier();
-        $obj->_extensions = $obj->_extensions->withExtensions(
-            new AuthorityKeyIdentifierExtension(false, $key_id));
-        return $obj;
-    }
-    
-    /**
-     * Get self with given version.
-     *
-     * If version is not set, appropriate version is automatically
-     * determined during signing.
-     *
-     * @param int $version
-     * @return self
-     */
-    public function withVersion(int $version)
-    {
-        $obj = clone $this;
-        $obj->_version = $version;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given serial number.
-     *
-     * @param int|string $serial Base 10 number
-     * @return self
-     */
-    public function withSerialNumber($serial)
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = $serial;
-        return $obj;
-    }
-    
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16)
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-    
-    /**
-     * Get self with given signature algorithm.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo)
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given issuer.
-     *
-     * @param Name $issuer
-     * @return self
-     */
-    public function withIssuer(Name $issuer)
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given validity.
-     *
-     * @param Validity $validity
-     * @return self
-     */
-    public function withValidity(Validity $validity)
-    {
-        $obj = clone $this;
-        $obj->_validity = $validity;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given subject.
-     *
-     * @param Name $subject
-     * @return self
-     */
-    public function withSubject(Name $subject)
-    {
-        $obj = clone $this;
-        $obj->_subject = $subject;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given subject public key info.
-     *
-     * @param PublicKeyInfo $pub_key_info
-     * @return self
-     */
-    public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info)
-    {
-        $obj = clone $this;
-        $obj->_subjectPublicKeyInfo = $pub_key_info;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer unique ID.
-     *
-     * @param UniqueIdentifier $id
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $id)
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $id;
-        return $obj;
-    }
-    
-    /**
-     * Get self with subject unique ID.
-     *
-     * @param UniqueIdentifier $id
-     * @return self
-     */
-    public function withSubjectUniqueID(UniqueIdentifier $id)
-    {
-        $obj = clone $this;
-        $obj->_subjectUniqueID = $id;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given extensions.
-     *
-     * @param Extensions $extensions
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions)
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts)
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-    
-    /**
-     * Check whether version is set.
-     *
-     * @return bool
-     */
-    public function hasVersion(): bool
-    {
-        return isset($this->_version);
-    }
-    
-    /**
-     * Get certificate version.
-     *
-     * @return int
-     */
-    public function version()
-    {
-        if (!$this->hasVersion()) {
-            throw new \LogicException("version not set.");
-        }
-        return $this->_version;
-    }
-    
-    /**
-     * Check whether serial number is set.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-    
-    /**
-     * Get serial number.
-     *
-     * @return int|string Base 10 integer
-     */
-    public function serialNumber()
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException("serialNumber not set.");
-        }
-        return $this->_serialNumber;
-    }
-    
-    /**
-     * Check whether signature algorithm is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-    
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature()
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException("signature not set.");
-        }
-        return $this->_signature;
-    }
-    
-    /**
-     * Get issuer.
-     *
-     * @return Name
-     */
-    public function issuer()
-    {
-        return $this->_issuer;
-    }
-    
-    /**
-     * Get validity period.
-     *
-     * @return Validity
-     */
-    public function validity()
-    {
-        return $this->_validity;
-    }
-    
-    /**
-     * Get subject.
-     *
-     * @return Name
-     */
-    public function subject()
-    {
-        return $this->_subject;
-    }
-    
-    /**
-     * Get subject public key.
-     *
-     * @return PublicKeyInfo
-     */
-    public function subjectPublicKeyInfo()
-    {
-        return $this->_subjectPublicKeyInfo;
-    }
-    
-    /**
-     * Whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-    
-    /**
-     * Get issuerUniqueID.
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID()
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException("issuerUniqueID not set.");
-        }
-        return $this->_issuerUniqueID;
-    }
-    
-    /**
-     * Whether subject unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectUniqueID(): bool
-    {
-        return isset($this->_subjectUniqueID);
-    }
-    
-    /**
-     * Get subjectUniqueID.
-     *
-     * @return UniqueIdentifier
-     */
-    public function subjectUniqueID()
-    {
-        if (!$this->hasSubjectUniqueID()) {
-            throw new \LogicException("subjectUniqueID not set.");
-        }
-        return $this->_subjectUniqueID;
-    }
-    
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions()
-    {
-        return $this->_extensions;
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1()
-    {
-        $elements = array();
-        $version = $this->version();
-        // if version is not default
-        if ($version != self::VERSION_1) {
-            $elements[] = new ExplicitlyTaggedType(0, new Integer($version));
-        }
-        $serial = $this->serialNumber();
-        $signature = $this->signature();
-        // add required elements
-        array_push($elements, new Integer($serial), $signature->toASN1(),
-            $this->_issuer->toASN1(), $this->_validity->toASN1(),
-            $this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_issuerUniqueID->toASN1());
-        }
-        if (isset($this->_subjectUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(2,
-                $this->_subjectUniqueID->toASN1());
-        }
-        if (count($this->_extensions)) {
-            $elements[] = new ExplicitlyTaggedType(3,
-                $this->_extensions->toASN1());
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Create signed certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
-     * @param PrivateKeyInfo $privkey_info Private key used for signing
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return Certificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, Crypto $crypto = null)
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $tbs_cert = clone $this;
-        if (!isset($tbs_cert->_version)) {
-            $tbs_cert->_version = $tbs_cert->_determineVersion();
-        }
-        if (!isset($tbs_cert->_serialNumber)) {
-            $tbs_cert->_serialNumber = 0;
-        }
-        $tbs_cert->_signature = $algo;
-        $data = $tbs_cert->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new Certificate($tbs_cert, $algo, $signature);
-    }
-    
-    /**
-     * Determine minimum version for the certificate.
-     *
-     * @return int
-     */
-    protected function _determineVersion(): int
-    {
-        // if extensions are present
-        if (count($this->_extensions)) {
-            return self::VERSION_3;
-        }
-        // if UniqueIdentifier is present
-        if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
-            return self::VERSION_2;
-        }
-        return self::VERSION_1;
-    }
+	// Certificate version enumerations
+	const VERSION_1 = 0;
+	const VERSION_2 = 1;
+	const VERSION_3 = 2;
+    
+	/**
+	 * Certificate version.
+	 *
+	 * @var int
+	 */
+	protected $_version;
+    
+	/**
+	 * Serial number.
+	 *
+	 * @var int|string
+	 */
+	protected $_serialNumber;
+    
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier
+	 */
+	protected $_signature;
+    
+	/**
+	 * Certificate issuer.
+	 *
+	 * @var Name $_issuer
+	 */
+	protected $_issuer;
+    
+	/**
+	 * Certificate validity period.
+	 *
+	 * @var Validity $_validity
+	 */
+	protected $_validity;
+    
+	/**
+	 * Certificate subject.
+	 *
+	 * @var Name $_subject
+	 */
+	protected $_subject;
+    
+	/**
+	 * Subject public key.
+	 *
+	 * @var PublicKeyInfo $_subjectPublicKeyInfo
+	 */
+	protected $_subjectPublicKeyInfo;
+    
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUniqueID
+	 */
+	protected $_issuerUniqueID;
+    
+	/**
+	 * Subject unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_subjectUniqueID
+	 */
+	protected $_subjectUniqueID;
+    
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Name $subject Certificate subject
+	 * @param PublicKeyInfo $pki Subject public key
+	 * @param Name $issuer Certificate issuer
+	 * @param Validity $validity Validity period
+	 */
+	public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
+		Validity $validity)
+	{
+		$this->_subject = $subject;
+		$this->_subjectPublicKeyInfo = $pki;
+		$this->_issuer = $issuer;
+		$this->_validity = $validity;
+		$this->_extensions = new Extensions();
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$idx = 0;
+		if ($seq->hasTagged(0)) {
+			$idx++;
+			$version = intval(
+				$seq->getTagged(0)
+					->asExplicit()
+					->asInteger()
+					->number());
+		} else {
+			$version = self::VERSION_1;
+		}
+		$serial = (int) $seq->at($idx++)
+			->asInteger()
+			->number();
+		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->name() . ".");
+		}
+		$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
+		$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
+		$subject = Name::fromASN1($seq->at($idx++)->asSequence());
+		$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
+		$tbs_cert = new self($subject, $pki, $issuer, $validity);
+		$tbs_cert->_version = $version;
+		$tbs_cert->_serialNumber = $serial;
+		$tbs_cert->_signature = $algo;
+		if ($seq->hasTagged(1)) {
+			$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(2)) {
+			$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(2)
+					->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(3)) {
+			$tbs_cert->_extensions = Extensions::fromASN1(
+				$seq->getTagged(3)
+					->asExplicit()
+					->asSequence());
+		}
+		return $tbs_cert;
+	}
+    
+	/**
+	 * Initialize from certification request.
+	 *
+	 * Note that signature is not verified and must be done by the caller.
+	 *
+	 * @param CertificationRequest $cr
+	 * @return self
+	 */
+	public static function fromCSR(CertificationRequest $cr)
+	{
+		$cri = $cr->certificationRequestInfo();
+		$tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
+			Validity::fromStrings(null, null));
+		// if CSR has Extension Request attribute
+		if ($cri->hasAttributes()) {
+			$attribs = $cri->attributes();
+			if ($attribs->hasExtensionRequest()) {
+				$tbs_cert = $tbs_cert->withExtensions(
+					$attribs->extensionRequest()
+						->extensions());
+			}
+		}
+		// add Subject Key Identifier extension
+		$tbs_cert = $tbs_cert->withAdditionalExtensions(
+			new SubjectKeyIdentifierExtension(false,
+				$cri->subjectPKInfo()
+					->keyIdentifier()));
+		return $tbs_cert;
+	}
+    
+	/**
+	 * Get self with fields set from the issuer's certificate.
+	 *
+	 * Issuer shall be set to issuing certificate's subject.
+	 * Authority key identifier extensions shall be added with a key identifier
+	 * set to issuing certificate's public key identifier.
+	 *
+	 * @param Certificate $cert Issuing party's certificate
+	 * @return self
+	 */
+	public function withIssuerCertificate(Certificate $cert)
+	{
+		$obj = clone $this;
+		// set issuer DN from cert's subject
+		$obj->_issuer = $cert->tbsCertificate()->subject();
+		// add authority key identifier extension
+		$key_id = $cert->tbsCertificate()
+			->subjectPublicKeyInfo()
+			->keyIdentifier();
+		$obj->_extensions = $obj->_extensions->withExtensions(
+			new AuthorityKeyIdentifierExtension(false, $key_id));
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given version.
+	 *
+	 * If version is not set, appropriate version is automatically
+	 * determined during signing.
+	 *
+	 * @param int $version
+	 * @return self
+	 */
+	public function withVersion(int $version)
+	{
+		$obj = clone $this;
+		$obj->_version = $version;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given serial number.
+	 *
+	 * @param int|string $serial Base 10 number
+	 * @return self
+	 */
+	public function withSerialNumber($serial)
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = $serial;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16)
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+    
+	/**
+	 * Get self with given signature algorithm.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo)
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given issuer.
+	 *
+	 * @param Name $issuer
+	 * @return self
+	 */
+	public function withIssuer(Name $issuer)
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given validity.
+	 *
+	 * @param Validity $validity
+	 * @return self
+	 */
+	public function withValidity(Validity $validity)
+	{
+		$obj = clone $this;
+		$obj->_validity = $validity;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given subject.
+	 *
+	 * @param Name $subject
+	 * @return self
+	 */
+	public function withSubject(Name $subject)
+	{
+		$obj = clone $this;
+		$obj->_subject = $subject;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given subject public key info.
+	 *
+	 * @param PublicKeyInfo $pub_key_info
+	 * @return self
+	 */
+	public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info)
+	{
+		$obj = clone $this;
+		$obj->_subjectPublicKeyInfo = $pub_key_info;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $id)
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $id;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with subject unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 * @return self
+	 */
+	public function withSubjectUniqueID(UniqueIdentifier $id)
+	{
+		$obj = clone $this;
+		$obj->_subjectUniqueID = $id;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given extensions.
+	 *
+	 * @param Extensions $extensions
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions)
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts)
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+    
+	/**
+	 * Check whether version is set.
+	 *
+	 * @return bool
+	 */
+	public function hasVersion(): bool
+	{
+		return isset($this->_version);
+	}
+    
+	/**
+	 * Get certificate version.
+	 *
+	 * @return int
+	 */
+	public function version()
+	{
+		if (!$this->hasVersion()) {
+			throw new \LogicException("version not set.");
+		}
+		return $this->_version;
+	}
+    
+	/**
+	 * Check whether serial number is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+    
+	/**
+	 * Get serial number.
+	 *
+	 * @return int|string Base 10 integer
+	 */
+	public function serialNumber()
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException("serialNumber not set.");
+		}
+		return $this->_serialNumber;
+	}
+    
+	/**
+	 * Check whether signature algorithm is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+    
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature()
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException("signature not set.");
+		}
+		return $this->_signature;
+	}
+    
+	/**
+	 * Get issuer.
+	 *
+	 * @return Name
+	 */
+	public function issuer()
+	{
+		return $this->_issuer;
+	}
+    
+	/**
+	 * Get validity period.
+	 *
+	 * @return Validity
+	 */
+	public function validity()
+	{
+		return $this->_validity;
+	}
+    
+	/**
+	 * Get subject.
+	 *
+	 * @return Name
+	 */
+	public function subject()
+	{
+		return $this->_subject;
+	}
+    
+	/**
+	 * Get subject public key.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function subjectPublicKeyInfo()
+	{
+		return $this->_subjectPublicKeyInfo;
+	}
+    
+	/**
+	 * Whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+    
+	/**
+	 * Get issuerUniqueID.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID()
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException("issuerUniqueID not set.");
+		}
+		return $this->_issuerUniqueID;
+	}
+    
+	/**
+	 * Whether subject unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectUniqueID(): bool
+	{
+		return isset($this->_subjectUniqueID);
+	}
+    
+	/**
+	 * Get subjectUniqueID.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function subjectUniqueID()
+	{
+		if (!$this->hasSubjectUniqueID()) {
+			throw new \LogicException("subjectUniqueID not set.");
+		}
+		return $this->_subjectUniqueID;
+	}
+    
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions()
+	{
+		return $this->_extensions;
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1()
+	{
+		$elements = array();
+		$version = $this->version();
+		// if version is not default
+		if ($version != self::VERSION_1) {
+			$elements[] = new ExplicitlyTaggedType(0, new Integer($version));
+		}
+		$serial = $this->serialNumber();
+		$signature = $this->signature();
+		// add required elements
+		array_push($elements, new Integer($serial), $signature->toASN1(),
+			$this->_issuer->toASN1(), $this->_validity->toASN1(),
+			$this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_issuerUniqueID->toASN1());
+		}
+		if (isset($this->_subjectUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(2,
+				$this->_subjectUniqueID->toASN1());
+		}
+		if (count($this->_extensions)) {
+			$elements[] = new ExplicitlyTaggedType(3,
+				$this->_extensions->toASN1());
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Create signed certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
+	 * @param PrivateKeyInfo $privkey_info Private key used for signing
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return Certificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, Crypto $crypto = null)
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$tbs_cert = clone $this;
+		if (!isset($tbs_cert->_version)) {
+			$tbs_cert->_version = $tbs_cert->_determineVersion();
+		}
+		if (!isset($tbs_cert->_serialNumber)) {
+			$tbs_cert->_serialNumber = 0;
+		}
+		$tbs_cert->_signature = $algo;
+		$data = $tbs_cert->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new Certificate($tbs_cert, $algo, $signature);
+	}
+    
+	/**
+	 * Determine minimum version for the certificate.
+	 *
+	 * @return int
+	 */
+	protected function _determineVersion(): int
+	{
+		// if extensions are present
+		if (count($this->_extensions)) {
+			return self::VERSION_3;
+		}
+		// if UniqueIdentifier is present
+		if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
+			return self::VERSION_2;
+		}
+		return self::VERSION_1;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types=1);
+declare(strict_types = 1);
 
 namespace X509\Certificate;