sop / x509

lib/X509/Certificate/Extension/FreshestCRLExtension.php

Indentation +12 added lines, -12 removed lines

@@ -13,16 +13,16 @@
  */
 class FreshestCRLExtension extends CRLDistributionPointsExtension
 {
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param DistributionPoint ...$distribution_points
-     */
-    public function __construct(bool $critical,
-        DistributionPoint ...$distribution_points)
-    {
-        Extension::__construct(self::OID_FRESHEST_CRL, $critical);
-        $this->_distributionPoints = $distribution_points;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param DistributionPoint ...$distribution_points
+	 */
+	public function __construct(bool $critical,
+		DistributionPoint ...$distribution_points)
+	{
+		Extension::__construct(self::OID_FRESHEST_CRL, $critical);
+		$this->_distributionPoints = $distribution_points;
+	}
 }

lib/X509/Certificate/Time.php

Switch Indentation +10 added lines, -10 removed lines

@@ -89,16 +89,16 @@
     {
         $dt = $this->_dt;
         switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if ($dt->format("u") != 0) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
+        case Element::TYPE_UTC_TIME:
+            return new UTCTime($dt);
+        case Element::TYPE_GENERALIZED_TIME:
+            // GeneralizedTime must not contain fractional seconds
+            // (rfc5280 4.1.2.5.2)
+            if ($dt->format("u") != 0) {
+                // remove fractional seconds (round down)
+                $dt = self::_roundDownFractionalSeconds($dt);
+            }
+            return new GeneralizedTime($dt);
         }
         throw new \UnexpectedValueException(
             "Time type " . Element::tagToName($this->_type) . " not supported.");

Indentation +92 added lines, -92 removed lines

@@ -17,104 +17,104 @@
  */
 class Time
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Datetime.
-     *
-     * @var \DateTimeImmutable $_dt
-     */
-    protected $_dt;
+	/**
+	 * Datetime.
+	 *
+	 * @var \DateTimeImmutable $_dt
+	 */
+	protected $_dt;
     
-    /**
-     * Time ASN.1 type tag.
-     *
-     * @var int $_type
-     */
-    protected $_type;
+	/**
+	 * Time ASN.1 type tag.
+	 *
+	 * @var int $_type
+	 */
+	protected $_type;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt
-     */
-    public function __construct(\DateTimeImmutable $dt)
-    {
-        $this->_dt = $dt;
-        $this->_type = self::_determineType($dt);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 */
+	public function __construct(\DateTimeImmutable $dt)
+	{
+		$this->_dt = $dt;
+		$this->_type = self::_determineType($dt);
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param TimeType $el
-     * @return self
-     */
-    public static function fromASN1(TimeType $el): self
-    {
-        $obj = new self($el->dateTime());
-        $obj->_type = $el->tag();
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param TimeType $el
+	 * @return self
+	 */
+	public static function fromASN1(TimeType $el): self
+	{
+		$obj = new self($el->dateTime());
+		$obj->_type = $el->tag();
+		return $obj;
+	}
     
-    /**
-     * Initialize from date string.
-     *
-     * @param string|null $time
-     * @param string|null $tz
-     * @return self
-     */
-    public static function fromString($time, $tz = null): self
-    {
-        return new self(self::_createDateTime($time, $tz));
-    }
+	/**
+	 * Initialize from date string.
+	 *
+	 * @param string|null $time
+	 * @param string|null $tz
+	 * @return self
+	 */
+	public static function fromString($time, $tz = null): self
+	{
+		return new self(self::_createDateTime($time, $tz));
+	}
     
-    /**
-     * Get datetime.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dt;
-    }
+	/**
+	 * Get datetime.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dt;
+	}
     
-    /**
-     * Generate ASN.1.
-     *
-     * @throws \UnexpectedValueException
-     * @return TimeType
-     */
-    public function toASN1(): TimeType
-    {
-        $dt = $this->_dt;
-        switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if ($dt->format("u") != 0) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
-        }
-        throw new \UnexpectedValueException(
-            "Time type " . Element::tagToName($this->_type) . " not supported.");
-    }
+	/**
+	 * Generate ASN.1.
+	 *
+	 * @throws \UnexpectedValueException
+	 * @return TimeType
+	 */
+	public function toASN1(): TimeType
+	{
+		$dt = $this->_dt;
+		switch ($this->_type) {
+			case Element::TYPE_UTC_TIME:
+				return new UTCTime($dt);
+			case Element::TYPE_GENERALIZED_TIME:
+				// GeneralizedTime must not contain fractional seconds
+				// (rfc5280 4.1.2.5.2)
+				if ($dt->format("u") != 0) {
+					// remove fractional seconds (round down)
+					$dt = self::_roundDownFractionalSeconds($dt);
+				}
+				return new GeneralizedTime($dt);
+		}
+		throw new \UnexpectedValueException(
+			"Time type " . Element::tagToName($this->_type) . " not supported.");
+	}
     
-    /**
-     * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return int Type tag
-     */
-    protected static function _determineType(\DateTimeImmutable $dt): int
-    {
-        if ($dt->format("Y") >= 2050) {
-            return Element::TYPE_GENERALIZED_TIME;
-        }
-        return Element::TYPE_UTC_TIME;
-    }
+	/**
+	 * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return int Type tag
+	 */
+	protected static function _determineType(\DateTimeImmutable $dt): int
+	{
+		if ($dt->format("Y") >= 2050) {
+			return Element::TYPE_GENERALIZED_TIME;
+		}
+		return Element::TYPE_UTC_TIME;
+	}
 }

lib/X509/CertificationPath/PathValidation/PathValidationResult.php

Indentation +74 added lines, -74 removed lines

@@ -16,85 +16,85 @@
  */
 class PathValidationResult
 {
-    /**
-     * Certificates in a certification path.
-     *
-     * @var \X509\Certificate\Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certificates in a certification path.
+	 *
+	 * @var \X509\Certificate\Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Valid policy tree.
-     *
-     * @var \X509\CertificationPath\Policy\PolicyTree|null $_policyTree
-     */
-    protected $_policyTree;
+	/**
+	 * Valid policy tree.
+	 *
+	 * @var \X509\CertificationPath\Policy\PolicyTree|null $_policyTree
+	 */
+	protected $_policyTree;
     
-    /**
-     * End-entity certificate's public key.
-     *
-     * @var PublicKeyInfo
-     */
-    protected $_publicKeyInfo;
+	/**
+	 * End-entity certificate's public key.
+	 *
+	 * @var PublicKeyInfo
+	 */
+	protected $_publicKeyInfo;
     
-    /**
-     * Public key algorithm.
-     *
-     * @var AlgorithmIdentifierType
-     */
-    protected $_publicKeyAlgo;
+	/**
+	 * Public key algorithm.
+	 *
+	 * @var AlgorithmIdentifierType
+	 */
+	protected $_publicKeyAlgo;
     
-    /**
-     * Public key parameters.
-     *
-     * @var Element|null $_publicKeyParameters
-     */
-    protected $_publicKeyParameters;
+	/**
+	 * Public key parameters.
+	 *
+	 * @var Element|null $_publicKeyParameters
+	 */
+	protected $_publicKeyParameters;
     
-    /**
-     * Constructor.
-     *
-     * @param \X509\Certificate\Certificate[] $certificates Certificates in a
-     *        certification path
-     * @param \X509\CertificationPath\Policy\PolicyTree|null $policy_tree Valid
-     *        policy tree
-     * @param PublicKeyInfo $pubkey_info Public key of the end-entity
-     *        certificate
-     * @param AlgorithmIdentifierType $algo Public key algorithm of the
-     *        end-entity certificate
-     * @param Element|null $params Algorithm parameters
-     */
-    public function __construct(array $certificates, $policy_tree,
-        PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
-        Element $params = null)
-    {
-        $this->_certificates = array_values($certificates);
-        $this->_policyTree = $policy_tree;
-        $this->_publicKeyInfo = $pubkey_info;
-        $this->_publicKeyAlgo = $algo;
-        $this->_publicKeyParameters = $params;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \X509\Certificate\Certificate[] $certificates Certificates in a
+	 *        certification path
+	 * @param \X509\CertificationPath\Policy\PolicyTree|null $policy_tree Valid
+	 *        policy tree
+	 * @param PublicKeyInfo $pubkey_info Public key of the end-entity
+	 *        certificate
+	 * @param AlgorithmIdentifierType $algo Public key algorithm of the
+	 *        end-entity certificate
+	 * @param Element|null $params Algorithm parameters
+	 */
+	public function __construct(array $certificates, $policy_tree,
+		PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
+		Element $params = null)
+	{
+		$this->_certificates = array_values($certificates);
+		$this->_policyTree = $policy_tree;
+		$this->_publicKeyInfo = $pubkey_info;
+		$this->_publicKeyAlgo = $algo;
+		$this->_publicKeyParameters = $params;
+	}
     
-    /**
-     * Get end-entity certificate.
-     *
-     * @return \X509\Certificate\Certificate
-     */
-    public function certificate(): Certificate
-    {
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
+	/**
+	 * Get end-entity certificate.
+	 *
+	 * @return \X509\Certificate\Certificate
+	 */
+	public function certificate(): Certificate
+	{
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
     
-    /**
-     * Get certificate policies of the end-entity certificate.
-     *
-     * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
-     */
-    public function policies(): array
-    {
-        if (!$this->_policyTree) {
-            return array();
-        }
-        return $this->_policyTree->policiesAtDepth(count($this->_certificates));
-    }
+	/**
+	 * Get certificate policies of the end-entity certificate.
+	 *
+	 * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
+	 */
+	public function policies(): array
+	{
+		if (!$this->_policyTree) {
+			return array();
+		}
+		return $this->_policyTree->policiesAtDepth(count($this->_certificates));
+	}
 }

lib/X509/AttributeCertificate/AttributeCertificateInfo.php

Doc Comments +1 added lines

@@ -273,6 +273,7 @@
      * Get self with extensions added.
      *
      * @param Extension ...$exts One or more Extension objects
+     * @param Extension[] $exts
      * @return self
      */
     public function withAdditionalExtensions(Extension ...$exts): self

Indentation +431 added lines, -431 removed lines

@@ -22,435 +22,435 @@
  */
 class AttributeCertificateInfo
 {
-    const VERSION_2 = 1;
-    
-    /**
-     * AC version.
-     *
-     * @var int $_version
-     */
-    protected $_version;
-    
-    /**
-     * AC holder.
-     *
-     * @var Holder $_holder
-     */
-    protected $_holder;
-    
-    /**
-     * AC issuer.
-     *
-     * @var AttCertIssuer $_issuer
-     */
-    protected $_issuer;
-    
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier $_signature
-     */
-    protected $_signature;
-    
-    /**
-     * AC serial number.
-     *
-     * @var string $_serialNumber
-     */
-    protected $_serialNumber;
-    
-    /**
-     * Validity period.
-     *
-     * @var AttCertValidityPeriod $_attrCertValidityPeriod
-     */
-    protected $_attrCertValidityPeriod;
-    
-    /**
-     * Attributes.
-     *
-     * @var Attributes $_attributes
-     */
-    protected $_attributes;
-    
-    /**
-     * Issuer unique identifier.
-     *
-     * @var UniqueIdentifier|null $_issuerUniqueID
-     */
-    protected $_issuerUniqueID;
-    
-    /**
-     * Extensions.
-     *
-     * @var Extensions $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Holder $holder AC holder
-     * @param AttCertIssuer $issuer AC issuer
-     * @param AttCertValidityPeriod $validity Validity
-     * @param Attributes $attribs Attributes
-     */
-    public function __construct(Holder $holder, AttCertIssuer $issuer,
-        AttCertValidityPeriod $validity, Attributes $attribs)
-    {
-        $this->_version = self::VERSION_2;
-        $this->_holder = $holder;
-        $this->_issuer = $issuer;
-        $this->_attrCertValidityPeriod = $validity;
-        $this->_attributes = $attribs;
-        $this->_extensions = new Extensions();
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $version = $seq->at(0)
-            ->asInteger()
-            ->intNumber();
-        if ($version != self::VERSION_2) {
-            throw new \UnexpectedValueException("Version must be 2.");
-        }
-        $holder = Holder::fromASN1($seq->at(1)->asSequence());
-        $issuer = AttCertIssuer::fromASN1($seq->at(2));
-        $signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence());
-        if (!$signature instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $signature->oid() . ".");
-        }
-        $serial = $seq->at(4)
-            ->asInteger()
-            ->number();
-        $validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence());
-        $attribs = Attributes::fromASN1($seq->at(6)->asSequence());
-        $obj = new self($holder, $issuer, $validity, $attribs);
-        $obj->_signature = $signature;
-        $obj->_serialNumber = $serial;
-        $idx = 7;
-        if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
-            $obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->at($idx++)->asBitString());
-        }
-        if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
-            $obj->_extensions = Extensions::fromASN1(
-                $seq->at($idx++)->asSequence());
-        }
-        return $obj;
-    }
-    
-    /**
-     * Get self with holder.
-     *
-     * @param Holder $holder
-     * @return self
-     */
-    public function withHolder(Holder $holder): self
-    {
-        $obj = clone $this;
-        $obj->_holder = $holder;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer.
-     *
-     * @param AttCertIssuer $issuer
-     * @return self
-     */
-    public function withIssuer(AttCertIssuer $issuer): self
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-    
-    /**
-     * Get self with signature algorithm identifier.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo): self
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-    
-    /**
-     * Get self with serial number.
-     *
-     * @param int|string $serial
-     * @return self
-     */
-    public function withSerialNumber($serial): self
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = strval($serial);
-        return $obj;
-    }
-    
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16): self
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-    
-    /**
-     * Get self with validity period.
-     *
-     * @param AttCertValidityPeriod $validity
-     * @return self
-     */
-    public function withValidity(AttCertValidityPeriod $validity): self
-    {
-        $obj = clone $this;
-        $obj->_attrCertValidityPeriod = $validity;
-        return $obj;
-    }
-    
-    /**
-     * Get self with attributes.
-     *
-     * @param Attributes $attribs
-     * @return self
-     */
-    public function withAttributes(Attributes $attribs): self
-    {
-        $obj = clone $this;
-        $obj->_attributes = $attribs;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer unique identifier.
-     *
-     * @param UniqueIdentifier $uid
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $uid): self
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $uid;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions.
-     *
-     * @param Extensions $extensions
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-    
-    /**
-     * Get version.
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        return $this->_version;
-    }
-    
-    /**
-     * Get AC holder.
-     *
-     * @return Holder
-     */
-    public function holder(): Holder
-    {
-        return $this->_holder;
-    }
-    
-    /**
-     * Get AC issuer.
-     *
-     * @return AttCertIssuer
-     */
-    public function issuer(): AttCertIssuer
-    {
-        return $this->_issuer;
-    }
-    
-    /**
-     * Check whether signature is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-    
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature(): SignatureAlgorithmIdentifier
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException("signature not set.");
-        }
-        return $this->_signature;
-    }
-    
-    /**
-     * Check whether serial number is present.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-    
-    /**
-     * Get AC serial number.
-     *
-     * @return string
-     */
-    public function serialNumber(): string
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException("serialNumber not set.");
-        }
-        return $this->_serialNumber;
-    }
-    
-    /**
-     * Get validity period.
-     *
-     * @return AttCertValidityPeriod
-     */
-    public function validityPeriod(): AttCertValidityPeriod
-    {
-        return $this->_attrCertValidityPeriod;
-    }
-    
-    /**
-     * Get attributes.
-     *
-     * @return Attributes
-     */
-    public function attributes(): Attributes
-    {
-        return $this->_attributes;
-    }
-    
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-    
-    /**
-     * Get issuer unique identifier.
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException("issuerUniqueID not set.");
-        }
-        return $this->_issuerUniqueID;
-    }
-    
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new Integer($this->_version), $this->_holder->toASN1(),
-            $this->_issuer->toASN1(), $this->signature()->toASN1(),
-            new Integer($this->serialNumber()),
-            $this->_attrCertValidityPeriod->toASN1(),
-            $this->_attributes->toASN1());
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = $this->_issuerUniqueID->toASN1();
-        }
-        if (count($this->_extensions)) {
-            $elements[] = $this->_extensions->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Create signed attribute certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo Signature algorithm
-     * @param PrivateKeyInfo $privkey_info Private key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return AttributeCertificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, Crypto $crypto = null): AttributeCertificate
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $aci = clone $this;
-        if (!isset($aci->_serialNumber)) {
-            $aci->_serialNumber = "0";
-        }
-        $aci->_signature = $algo;
-        $data = $aci->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new AttributeCertificate($aci, $algo, $signature);
-    }
+	const VERSION_2 = 1;
+    
+	/**
+	 * AC version.
+	 *
+	 * @var int $_version
+	 */
+	protected $_version;
+    
+	/**
+	 * AC holder.
+	 *
+	 * @var Holder $_holder
+	 */
+	protected $_holder;
+    
+	/**
+	 * AC issuer.
+	 *
+	 * @var AttCertIssuer $_issuer
+	 */
+	protected $_issuer;
+    
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signature
+	 */
+	protected $_signature;
+    
+	/**
+	 * AC serial number.
+	 *
+	 * @var string $_serialNumber
+	 */
+	protected $_serialNumber;
+    
+	/**
+	 * Validity period.
+	 *
+	 * @var AttCertValidityPeriod $_attrCertValidityPeriod
+	 */
+	protected $_attrCertValidityPeriod;
+    
+	/**
+	 * Attributes.
+	 *
+	 * @var Attributes $_attributes
+	 */
+	protected $_attributes;
+    
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUniqueID
+	 */
+	protected $_issuerUniqueID;
+    
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Holder $holder AC holder
+	 * @param AttCertIssuer $issuer AC issuer
+	 * @param AttCertValidityPeriod $validity Validity
+	 * @param Attributes $attribs Attributes
+	 */
+	public function __construct(Holder $holder, AttCertIssuer $issuer,
+		AttCertValidityPeriod $validity, Attributes $attribs)
+	{
+		$this->_version = self::VERSION_2;
+		$this->_holder = $holder;
+		$this->_issuer = $issuer;
+		$this->_attrCertValidityPeriod = $validity;
+		$this->_attributes = $attribs;
+		$this->_extensions = new Extensions();
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$version = $seq->at(0)
+			->asInteger()
+			->intNumber();
+		if ($version != self::VERSION_2) {
+			throw new \UnexpectedValueException("Version must be 2.");
+		}
+		$holder = Holder::fromASN1($seq->at(1)->asSequence());
+		$issuer = AttCertIssuer::fromASN1($seq->at(2));
+		$signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence());
+		if (!$signature instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $signature->oid() . ".");
+		}
+		$serial = $seq->at(4)
+			->asInteger()
+			->number();
+		$validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence());
+		$attribs = Attributes::fromASN1($seq->at(6)->asSequence());
+		$obj = new self($holder, $issuer, $validity, $attribs);
+		$obj->_signature = $signature;
+		$obj->_serialNumber = $serial;
+		$idx = 7;
+		if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
+			$obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->at($idx++)->asBitString());
+		}
+		if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
+			$obj->_extensions = Extensions::fromASN1(
+				$seq->at($idx++)->asSequence());
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Get self with holder.
+	 *
+	 * @param Holder $holder
+	 * @return self
+	 */
+	public function withHolder(Holder $holder): self
+	{
+		$obj = clone $this;
+		$obj->_holder = $holder;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer.
+	 *
+	 * @param AttCertIssuer $issuer
+	 * @return self
+	 */
+	public function withIssuer(AttCertIssuer $issuer): self
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with signature algorithm identifier.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo): self
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with serial number.
+	 *
+	 * @param int|string $serial
+	 * @return self
+	 */
+	public function withSerialNumber($serial): self
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = strval($serial);
+		return $obj;
+	}
+    
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16): self
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+    
+	/**
+	 * Get self with validity period.
+	 *
+	 * @param AttCertValidityPeriod $validity
+	 * @return self
+	 */
+	public function withValidity(AttCertValidityPeriod $validity): self
+	{
+		$obj = clone $this;
+		$obj->_attrCertValidityPeriod = $validity;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with attributes.
+	 *
+	 * @param Attributes $attribs
+	 * @return self
+	 */
+	public function withAttributes(Attributes $attribs): self
+	{
+		$obj = clone $this;
+		$obj->_attributes = $attribs;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer unique identifier.
+	 *
+	 * @param UniqueIdentifier $uid
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $uid): self
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $uid;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions.
+	 *
+	 * @param Extensions $extensions
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+    
+	/**
+	 * Get version.
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		return $this->_version;
+	}
+    
+	/**
+	 * Get AC holder.
+	 *
+	 * @return Holder
+	 */
+	public function holder(): Holder
+	{
+		return $this->_holder;
+	}
+    
+	/**
+	 * Get AC issuer.
+	 *
+	 * @return AttCertIssuer
+	 */
+	public function issuer(): AttCertIssuer
+	{
+		return $this->_issuer;
+	}
+    
+	/**
+	 * Check whether signature is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+    
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature(): SignatureAlgorithmIdentifier
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException("signature not set.");
+		}
+		return $this->_signature;
+	}
+    
+	/**
+	 * Check whether serial number is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+    
+	/**
+	 * Get AC serial number.
+	 *
+	 * @return string
+	 */
+	public function serialNumber(): string
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException("serialNumber not set.");
+		}
+		return $this->_serialNumber;
+	}
+    
+	/**
+	 * Get validity period.
+	 *
+	 * @return AttCertValidityPeriod
+	 */
+	public function validityPeriod(): AttCertValidityPeriod
+	{
+		return $this->_attrCertValidityPeriod;
+	}
+    
+	/**
+	 * Get attributes.
+	 *
+	 * @return Attributes
+	 */
+	public function attributes(): Attributes
+	{
+		return $this->_attributes;
+	}
+    
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+    
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException("issuerUniqueID not set.");
+		}
+		return $this->_issuerUniqueID;
+	}
+    
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new Integer($this->_version), $this->_holder->toASN1(),
+			$this->_issuer->toASN1(), $this->signature()->toASN1(),
+			new Integer($this->serialNumber()),
+			$this->_attrCertValidityPeriod->toASN1(),
+			$this->_attributes->toASN1());
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = $this->_issuerUniqueID->toASN1();
+		}
+		if (count($this->_extensions)) {
+			$elements[] = $this->_extensions->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Create signed attribute certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo Signature algorithm
+	 * @param PrivateKeyInfo $privkey_info Private key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return AttributeCertificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, Crypto $crypto = null): AttributeCertificate
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$aci = clone $this;
+		if (!isset($aci->_serialNumber)) {
+			$aci->_serialNumber = "0";
+		}
+		$aci->_signature = $algo;
+		$data = $aci->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new AttributeCertificate($aci, $algo, $signature);
+	}
 }

lib/X509/CertificationPath/PathValidation/PathValidator.php

Doc Comments +1 added lines

@@ -52,6 +52,7 @@
      * @param PathValidationConfig $config Validation config
      * @param Certificate ...$certificates Certificates from the trust anchor to
      *        the end-entity certificate
+     * @param Certificate[] $certificates
      */
     public function __construct(Crypto $crypto, PathValidationConfig $config,
         Certificate ...$certificates)

Indentation +554 added lines, -554 removed lines

@@ -17,585 +17,585 @@
  */
 class PathValidator
 {
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto $_crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto $_crypto
+	 */
+	protected $_crypto;
     
-    /**
-     * Path validation configuration.
-     *
-     * @var PathValidationConfig $_config
-     */
-    protected $_config;
+	/**
+	 * Path validation configuration.
+	 *
+	 * @var PathValidationConfig $_config
+	 */
+	protected $_config;
     
-    /**
-     * Certification path.
-     *
-     * @var Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Certification path trust anchor.
-     *
-     * @var Certificate $_trustAnchor
-     */
-    protected $_trustAnchor;
+	/**
+	 * Certification path trust anchor.
+	 *
+	 * @var Certificate $_trustAnchor
+	 */
+	protected $_trustAnchor;
     
-    /**
-     * Constructor.
-     *
-     * @param Crypto $crypto Crypto engine
-     * @param PathValidationConfig $config Validation config
-     * @param Certificate ...$certificates Certificates from the trust anchor to
-     *        the end-entity certificate
-     */
-    public function __construct(Crypto $crypto, PathValidationConfig $config,
-        Certificate ...$certificates)
-    {
-        if (!count($certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        $this->_crypto = $crypto;
-        $this->_config = $config;
-        $this->_certificates = $certificates;
-        // if trust anchor is explicitly given in configuration
-        if ($config->hasTrustAnchor()) {
-            $this->_trustAnchor = $config->trustAnchor();
-        } else {
-            $this->_trustAnchor = $certificates[0];
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Crypto $crypto Crypto engine
+	 * @param PathValidationConfig $config Validation config
+	 * @param Certificate ...$certificates Certificates from the trust anchor to
+	 *        the end-entity certificate
+	 */
+	public function __construct(Crypto $crypto, PathValidationConfig $config,
+		Certificate ...$certificates)
+	{
+		if (!count($certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		$this->_crypto = $crypto;
+		$this->_config = $config;
+		$this->_certificates = $certificates;
+		// if trust anchor is explicitly given in configuration
+		if ($config->hasTrustAnchor()) {
+			$this->_trustAnchor = $config->trustAnchor();
+		} else {
+			$this->_trustAnchor = $certificates[0];
+		}
+	}
     
-    /**
-     * Validate certification path.
-     *
-     * @throws PathValidationException
-     * @return PathValidationResult
-     */
-    public function validate(): PathValidationResult
-    {
-        $n = count($this->_certificates);
-        $state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
-            $n);
-        for ($i = 0; $i < $n; ++$i) {
-            $state = $state->withIndex($i + 1);
-            $cert = $this->_certificates[$i];
-            // process certificate (section 6.1.3.)
-            $state = $this->_processCertificate($state, $cert);
-            if (!$state->isFinal()) {
-                // prepare next certificate (section 6.1.4.)
-                $state = $this->_prepareNext($state, $cert);
-            }
-        }
-        if (!isset($cert)) {
-            throw new \LogicException("No certificates.");
-        }
-        // wrap-up (section 6.1.5.)
-        $state = $this->_wrapUp($state, $cert);
-        // return outputs
-        return $state->getResult($this->_certificates);
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @throws PathValidationException
+	 * @return PathValidationResult
+	 */
+	public function validate(): PathValidationResult
+	{
+		$n = count($this->_certificates);
+		$state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
+			$n);
+		for ($i = 0; $i < $n; ++$i) {
+			$state = $state->withIndex($i + 1);
+			$cert = $this->_certificates[$i];
+			// process certificate (section 6.1.3.)
+			$state = $this->_processCertificate($state, $cert);
+			if (!$state->isFinal()) {
+				// prepare next certificate (section 6.1.4.)
+				$state = $this->_prepareNext($state, $cert);
+			}
+		}
+		if (!isset($cert)) {
+			throw new \LogicException("No certificates.");
+		}
+		// wrap-up (section 6.1.5.)
+		$state = $this->_wrapUp($state, $cert);
+		// return outputs
+		return $state->getResult($this->_certificates);
+	}
     
-    /**
-     * Apply basic certificate processing according to RFC 5280 section 6.1.3.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _processCertificate(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        // (a.1) verify signature
-        $this->_verifySignature($state, $cert);
-        // (a.2) check validity period
-        $this->_checkValidity($cert);
-        // (a.3) check that certificate is not revoked
-        $this->_checkRevocation($cert);
-        // (a.4) check issuer
-        $this->_checkIssuer($state, $cert);
-        // (b)(c) if certificate is self-issued and it is not
-        // the final certificate in the path, skip this step
-        if (!($cert->isSelfIssued() && !$state->isFinal())) {
-            // (b) check permitted subtrees
-            $this->_checkPermittedSubtrees($state, $cert);
-            // (c) check excluded subtrees
-            $this->_checkExcludedSubtrees($state, $cert);
-        }
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasCertificatePolicies()) {
-            // (d) process policy information
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processPolicies($state,
-                    $cert);
-            }
-        } else {
-            // (e) certificate policies extension not present,
-            // set the valid_policy_tree to NULL
-            $state = $state->withoutValidPolicyTree();
-        }
-        // (f) check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        return $state;
-    }
+	/**
+	 * Apply basic certificate processing according to RFC 5280 section 6.1.3.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _processCertificate(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		// (a.1) verify signature
+		$this->_verifySignature($state, $cert);
+		// (a.2) check validity period
+		$this->_checkValidity($cert);
+		// (a.3) check that certificate is not revoked
+		$this->_checkRevocation($cert);
+		// (a.4) check issuer
+		$this->_checkIssuer($state, $cert);
+		// (b)(c) if certificate is self-issued and it is not
+		// the final certificate in the path, skip this step
+		if (!($cert->isSelfIssued() && !$state->isFinal())) {
+			// (b) check permitted subtrees
+			$this->_checkPermittedSubtrees($state, $cert);
+			// (c) check excluded subtrees
+			$this->_checkExcludedSubtrees($state, $cert);
+		}
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasCertificatePolicies()) {
+			// (d) process policy information
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processPolicies($state,
+					$cert);
+			}
+		} else {
+			// (e) certificate policies extension not present,
+			// set the valid_policy_tree to NULL
+			$state = $state->withoutValidPolicyTree();
+		}
+		// (f) check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for the certificate i+1 according to rfc5280 section
-     * 6.1.4.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNext(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        // (a)(b) if policy mappings extension is present
-        $state = $this->_preparePolicyMappings($state, $cert);
-        // (c) assign working_issuer_name
-        $state = $state->withWorkingIssuerName(
-            $cert->tbsCertificate()
-                ->subject());
-        // (d)(e)(f)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (g) if name constraints extension is present
-        $state = $this->_prepareNameConstraints($state, $cert);
-        // (h) if certificate is not self-issued
-        if (!$cert->isSelfIssued()) {
-            $state = $this->_prepareNonSelfIssued($state);
-        }
-        // (i) if policy constraints extension is present
-        $state = $this->_preparePolicyConstraints($state, $cert);
-        // (j) if inhibit any policy extension is present
-        $state = $this->_prepareInhibitAnyPolicy($state, $cert);
-        // (k) check basic constraints
-        $this->_processBasicContraints($cert);
-        // (l) verify max_path_length
-        $state = $this->_verifyMaxPathLength($state, $cert);
-        // (m) check pathLenContraint
-        $state = $this->_processPathLengthContraint($state, $cert);
-        // (n) check key usage
-        $this->_checkKeyUsage($cert);
-        // (o) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        return $state;
-    }
+	/**
+	 * Apply preparation for the certificate i+1 according to rfc5280 section
+	 * 6.1.4.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNext(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		// (a)(b) if policy mappings extension is present
+		$state = $this->_preparePolicyMappings($state, $cert);
+		// (c) assign working_issuer_name
+		$state = $state->withWorkingIssuerName(
+			$cert->tbsCertificate()
+				->subject());
+		// (d)(e)(f)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (g) if name constraints extension is present
+		$state = $this->_prepareNameConstraints($state, $cert);
+		// (h) if certificate is not self-issued
+		if (!$cert->isSelfIssued()) {
+			$state = $this->_prepareNonSelfIssued($state);
+		}
+		// (i) if policy constraints extension is present
+		$state = $this->_preparePolicyConstraints($state, $cert);
+		// (j) if inhibit any policy extension is present
+		$state = $this->_prepareInhibitAnyPolicy($state, $cert);
+		// (k) check basic constraints
+		$this->_processBasicContraints($cert);
+		// (l) verify max_path_length
+		$state = $this->_verifyMaxPathLength($state, $cert);
+		// (m) check pathLenContraint
+		$state = $this->_processPathLengthContraint($state, $cert);
+		// (n) check key usage
+		$this->_checkKeyUsage($cert);
+		// (o) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		return $state;
+	}
     
-    /**
-     * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _wrapUp(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        $tbs_cert = $cert->tbsCertificate();
-        $extensions = $tbs_cert->extensions();
-        // (a)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (b)
-        if ($extensions->hasPolicyConstraints()) {
-            $ext = $extensions->policyConstraints();
-            if ($ext->hasRequireExplicitPolicy() &&
-                 $ext->requireExplicitPolicy() == 0) {
-                $state = $state->withExplicitPolicy(0);
-            }
-        }
-        // (c)(d)(e)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (f) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        // (g) intersection of valid_policy_tree and the initial-policy-set
-        $state = $this->_calculatePolicyIntersection($state);
-        // check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        // path validation succeeded
-        return $state;
-    }
+	/**
+	 * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _wrapUp(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		$tbs_cert = $cert->tbsCertificate();
+		$extensions = $tbs_cert->extensions();
+		// (a)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (b)
+		if ($extensions->hasPolicyConstraints()) {
+			$ext = $extensions->policyConstraints();
+			if ($ext->hasRequireExplicitPolicy() &&
+				 $ext->requireExplicitPolicy() == 0) {
+				$state = $state->withExplicitPolicy(0);
+			}
+		}
+		// (c)(d)(e)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (f) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		// (g) intersection of valid_policy_tree and the initial-policy-set
+		$state = $this->_calculatePolicyIntersection($state);
+		// check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		// path validation succeeded
+		return $state;
+	}
     
-    /**
-     * Update working_public_key, working_public_key_parameters and
-     * working_public_key_algorithm state variables from certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _setPublicKeyState(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
-        // assign working_public_key
-        $state = $state->withWorkingPublicKey($pk_info);
-        // assign working_public_key_parameters
-        $params = ValidatorState::getAlgorithmParameters(
-            $pk_info->algorithmIdentifier());
-        if (null !== $params) {
-            $state = $state->withWorkingPublicKeyParameters($params);
-        } else {
-            // if algorithms differ, set parameters to null
-            if ($pk_info->algorithmIdentifier()->oid() !==
-                 $state->workingPublicKeyAlgorithm()->oid()) {
-                $state = $state->withWorkingPublicKeyParameters(null);
-            }
-        }
-        // assign working_public_key_algorithm
-        $state = $state->withWorkingPublicKeyAlgorithm(
-            $pk_info->algorithmIdentifier());
-        return $state;
-    }
+	/**
+	 * Update working_public_key, working_public_key_parameters and
+	 * working_public_key_algorithm state variables from certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _setPublicKeyState(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		$pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
+		// assign working_public_key
+		$state = $state->withWorkingPublicKey($pk_info);
+		// assign working_public_key_parameters
+		$params = ValidatorState::getAlgorithmParameters(
+			$pk_info->algorithmIdentifier());
+		if (null !== $params) {
+			$state = $state->withWorkingPublicKeyParameters($params);
+		} else {
+			// if algorithms differ, set parameters to null
+			if ($pk_info->algorithmIdentifier()->oid() !==
+				 $state->workingPublicKeyAlgorithm()->oid()) {
+				$state = $state->withWorkingPublicKeyParameters(null);
+			}
+		}
+		// assign working_public_key_algorithm
+		$state = $state->withWorkingPublicKeyAlgorithm(
+			$pk_info->algorithmIdentifier());
+		return $state;
+	}
     
-    /**
-     * Verify certificate signature.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _verifySignature(ValidatorState $state, Certificate $cert)
-    {
-        try {
-            $valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
-        } catch (\RuntimeException $e) {
-            throw new PathValidationException(
-                "Failed to verify signature: " . $e->getMessage(), 0, $e);
-        }
-        if (!$valid) {
-            throw new PathValidationException(
-                "Certificate signature doesn't match.");
-        }
-    }
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _verifySignature(ValidatorState $state, Certificate $cert)
+	{
+		try {
+			$valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
+		} catch (\RuntimeException $e) {
+			throw new PathValidationException(
+				"Failed to verify signature: " . $e->getMessage(), 0, $e);
+		}
+		if (!$valid) {
+			throw new PathValidationException(
+				"Certificate signature doesn't match.");
+		}
+	}
     
-    /**
-     * Check certificate validity.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkValidity(Certificate $cert)
-    {
-        $refdt = $this->_config->dateTime();
-        $validity = $cert->tbsCertificate()->validity();
-        if ($validity->notBefore()
-            ->dateTime()
-            ->diff($refdt)->invert) {
-            throw new PathValidationException(
-                "Certificate validity period has not started.");
-        }
-        if ($refdt->diff($validity->notAfter()
-            ->dateTime())->invert) {
-            throw new PathValidationException("Certificate has expired.");
-        }
-    }
+	/**
+	 * Check certificate validity.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkValidity(Certificate $cert)
+	{
+		$refdt = $this->_config->dateTime();
+		$validity = $cert->tbsCertificate()->validity();
+		if ($validity->notBefore()
+			->dateTime()
+			->diff($refdt)->invert) {
+			throw new PathValidationException(
+				"Certificate validity period has not started.");
+		}
+		if ($refdt->diff($validity->notAfter()
+			->dateTime())->invert) {
+			throw new PathValidationException("Certificate has expired.");
+		}
+	}
     
-    /**
-     * Check certificate revocation.
-     *
-     * @param Certificate $cert
-     */
-    private function _checkRevocation(Certificate $cert)
-    {
-        // @todo Implement CRL handling
-    }
+	/**
+	 * Check certificate revocation.
+	 *
+	 * @param Certificate $cert
+	 */
+	private function _checkRevocation(Certificate $cert)
+	{
+		// @todo Implement CRL handling
+	}
     
-    /**
-     * Check certificate issuer.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkIssuer(ValidatorState $state, Certificate $cert)
-    {
-        if (!$cert->tbsCertificate()
-            ->issuer()
-            ->equals($state->workingIssuerName())) {
-            throw new PathValidationException("Certification issuer mismatch.");
-        }
-    }
+	/**
+	 * Check certificate issuer.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkIssuer(ValidatorState $state, Certificate $cert)
+	{
+		if (!$cert->tbsCertificate()
+			->issuer()
+			->equals($state->workingIssuerName())) {
+			throw new PathValidationException("Certification issuer mismatch.");
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkPermittedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->permittedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkPermittedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->permittedSubtrees();
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkExcludedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->excludedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkExcludedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->excludedSubtrees();
+	}
     
-    /**
-     * Apply policy mappings handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _preparePolicyMappings(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasPolicyMappings()) {
-            // (a) verify that anyPolicy mapping is not used
-            if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
-                throw new PathValidationException("anyPolicy mapping found.");
-            }
-            // (b) process policy mappings
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processMappings($state,
-                    $cert);
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy mappings handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyMappings(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasPolicyMappings()) {
+			// (a) verify that anyPolicy mapping is not used
+			if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
+				throw new PathValidationException("anyPolicy mapping found.");
+			}
+			// (b) process policy mappings
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processMappings($state,
+					$cert);
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Apply name constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNameConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasNameConstraints()) {
-            $state = $this->_processNameConstraints($state, $cert);
-        }
-        return $state;
-    }
+	/**
+	 * Apply name constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNameConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasNameConstraints()) {
+			$state = $this->_processNameConstraints($state, $cert);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for a non-self-signed certificate.
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState
-    {
-        // (h.1)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (h.2)
-        if ($state->policyMapping() > 0) {
-            $state = $state->withPolicyMapping($state->policyMapping() - 1);
-        }
-        // (h.3)
-        if ($state->inhibitAnyPolicy() > 0) {
-            $state = $state->withInhibitAnyPolicy(
-                $state->inhibitAnyPolicy() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Apply preparation for a non-self-signed certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState
+	{
+		// (h.1)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (h.2)
+		if ($state->policyMapping() > 0) {
+			$state = $state->withPolicyMapping($state->policyMapping() - 1);
+		}
+		// (h.3)
+		if ($state->inhibitAnyPolicy() > 0) {
+			$state = $state->withInhibitAnyPolicy(
+				$state->inhibitAnyPolicy() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply policy constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _preparePolicyConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if (!$extensions->hasPolicyConstraints()) {
-            return $state;
-        }
-        $ext = $extensions->policyConstraints();
-        // (i.1)
-        if ($ext->hasRequireExplicitPolicy() &&
-             $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
-            $state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
-        }
-        // (i.2)
-        if ($ext->hasInhibitPolicyMapping() &&
-             $ext->inhibitPolicyMapping() < $state->policyMapping()) {
-            $state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if (!$extensions->hasPolicyConstraints()) {
+			return $state;
+		}
+		$ext = $extensions->policyConstraints();
+		// (i.1)
+		if ($ext->hasRequireExplicitPolicy() &&
+			 $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
+			$state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
+		}
+		// (i.2)
+		if ($ext->hasInhibitPolicyMapping() &&
+			 $ext->inhibitPolicyMapping() < $state->policyMapping()) {
+			$state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
+		}
+		return $state;
+	}
     
-    /**
-     * Apply inhibit any-policy handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareInhibitAnyPolicy(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasInhibitAnyPolicy()) {
-            $ext = $extensions->inhibitAnyPolicy();
-            if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
-                $state = $state->withInhibitAnyPolicy($ext->skipCerts());
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply inhibit any-policy handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareInhibitAnyPolicy(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasInhibitAnyPolicy()) {
+			$ext = $extensions->inhibitAnyPolicy();
+			if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
+				$state = $state->withInhibitAnyPolicy($ext->skipCerts());
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Verify maximum certification path length for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _verifyMaxPathLength(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        if (!$cert->isSelfIssued()) {
-            if ($state->maxPathLength() <= 0) {
-                throw new PathValidationException(
-                    "Certification path length exceeded.");
-            }
-            $state = $state->withMaxPathLength($state->maxPathLength() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Verify maximum certification path length for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _verifyMaxPathLength(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		if (!$cert->isSelfIssued()) {
+			if ($state->maxPathLength() <= 0) {
+				throw new PathValidationException(
+					"Certification path length exceeded.");
+			}
+			$state = $state->withMaxPathLength($state->maxPathLength() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Check key usage extension for the preparation step.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkKeyUsage(Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasKeyUsage()) {
-            $ext = $extensions->keyUsage();
-            if (!$ext->isKeyCertSign()) {
-                throw new PathValidationException("keyCertSign usage not set.");
-            }
-        }
-    }
+	/**
+	 * Check key usage extension for the preparation step.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkKeyUsage(Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasKeyUsage()) {
+			$ext = $extensions->keyUsage();
+			if (!$ext->isKeyCertSign()) {
+				throw new PathValidationException("keyCertSign usage not set.");
+			}
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processNameConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processNameConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     * Process basic constraints extension.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _processBasicContraints(Certificate $cert)
-    {
-        if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
-            $extensions = $cert->tbsCertificate()->extensions();
-            if (!$extensions->hasBasicConstraints()) {
-                throw new PathValidationException(
-                    "v3 certificate must have basicConstraints extension.");
-            }
-            // verify that cA is set to TRUE
-            if (!$extensions->basicConstraints()->isCA()) {
-                throw new PathValidationException(
-                    "Certificate is not a CA certificate.");
-            }
-        }
-    }
+	/**
+	 * Process basic constraints extension.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _processBasicContraints(Certificate $cert)
+	{
+		if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
+			$extensions = $cert->tbsCertificate()->extensions();
+			if (!$extensions->hasBasicConstraints()) {
+				throw new PathValidationException(
+					"v3 certificate must have basicConstraints extension.");
+			}
+			// verify that cA is set to TRUE
+			if (!$extensions->basicConstraints()->isCA()) {
+				throw new PathValidationException(
+					"Certificate is not a CA certificate.");
+			}
+		}
+	}
     
-    /**
-     * Process pathLenConstraint.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processPathLengthContraint(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasBasicConstraints()) {
-            $ext = $extensions->basicConstraints();
-            if ($ext->hasPathLen()) {
-                if ($ext->pathLen() < $state->maxPathLength()) {
-                    $state = $state->withMaxPathLength($ext->pathLen());
-                }
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Process pathLenConstraint.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processPathLengthContraint(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasBasicConstraints()) {
+			$ext = $extensions->basicConstraints();
+			if ($ext->hasPathLen()) {
+				if ($ext->pathLen() < $state->maxPathLength()) {
+					$state = $state->withMaxPathLength($ext->pathLen());
+				}
+			}
+		}
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processExtensions(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processExtensions(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState
-    {
-        // (i) If the valid_policy_tree is NULL, the intersection is NULL
-        if (!$state->hasValidPolicyTree()) {
-            return $state;
-        }
-        // (ii) If the valid_policy_tree is not NULL and
-        // the user-initial-policy-set is any-policy, the intersection
-        // is the entire valid_policy_tree
-        $initial_policies = $this->_config->policySet();
-        if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
-            return $state;
-        }
-        // (iii) If the valid_policy_tree is not NULL and the
-        // user-initial-policy-set is not any-policy, calculate
-        // the intersection of the valid_policy_tree and the
-        // user-initial-policy-set as follows
-        return $state->validPolicyTree()->calculateIntersection($state,
-            $initial_policies);
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState
+	{
+		// (i) If the valid_policy_tree is NULL, the intersection is NULL
+		if (!$state->hasValidPolicyTree()) {
+			return $state;
+		}
+		// (ii) If the valid_policy_tree is not NULL and
+		// the user-initial-policy-set is any-policy, the intersection
+		// is the entire valid_policy_tree
+		$initial_policies = $this->_config->policySet();
+		if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
+			return $state;
+		}
+		// (iii) If the valid_policy_tree is not NULL and the
+		// user-initial-policy-set is not any-policy, calculate
+		// the intersection of the valid_policy_tree and the
+		// user-initial-policy-set as follows
+		return $state->validPolicyTree()->calculateIntersection($state,
+			$initial_policies);
+	}
 }

lib/X509/CertificationRequest/CertificationRequestInfo.php

Indentation +200 added lines, -200 removed lines

@@ -24,204 +24,204 @@
  */
 class CertificationRequestInfo
 {
-    const VERSION_1 = 0;
-    
-    /**
-     * Version.
-     *
-     * @var int
-     */
-    protected $_version;
-    
-    /**
-     * Subject.
-     *
-     * @var Name $_subject
-     */
-    protected $_subject;
-    
-    /**
-     * Public key info.
-     *
-     * @var PublicKeyInfo $_subjectPKInfo
-     */
-    protected $_subjectPKInfo;
-    
-    /**
-     * Attributes.
-     *
-     * @var Attributes|null $_attributes
-     */
-    protected $_attributes;
-    
-    /**
-     * Constructor.
-     *
-     * @param Name $subject Subject
-     * @param PublicKeyInfo $pkinfo Public key info
-     */
-    public function __construct(Name $subject, PublicKeyInfo $pkinfo)
-    {
-        $this->_version = self::VERSION_1;
-        $this->_subject = $subject;
-        $this->_subjectPKInfo = $pkinfo;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $version = $seq->at(0)
-            ->asInteger()
-            ->intNumber();
-        if ($version != self::VERSION_1) {
-            throw new \UnexpectedValueException(
-                "Version $version not supported.");
-        }
-        $subject = Name::fromASN1($seq->at(1)->asSequence());
-        $pkinfo = PublicKeyInfo::fromASN1($seq->at(2)->asSequence());
-        $obj = new self($subject, $pkinfo);
-        if ($seq->hasTagged(0)) {
-            $obj->_attributes = Attributes::fromASN1(
-                $seq->getTagged(0)
-                    ->asImplicit(Element::TYPE_SET)
-                    ->asSet());
-        }
-        return $obj;
-    }
-    
-    /**
-     * Get version.
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        return $this->_version;
-    }
-    
-    /**
-     * Get self with subject.
-     *
-     * @param Name $subject
-     * @return self
-     */
-    public function withSubject(Name $subject): self
-    {
-        $obj = clone $this;
-        $obj->_subject = $subject;
-        return $obj;
-    }
-    
-    /**
-     * Get subject.
-     *
-     * @return Name
-     */
-    public function subject(): Name
-    {
-        return $this->_subject;
-    }
-    
-    /**
-     * Get subject public key info.
-     *
-     * @return PublicKeyInfo
-     */
-    public function subjectPKInfo(): PublicKeyInfo
-    {
-        return $this->_subjectPKInfo;
-    }
-    
-    /**
-     * Whether certification request info has attributes.
-     *
-     * @return bool
-     */
-    public function hasAttributes(): bool
-    {
-        return isset($this->_attributes);
-    }
-    
-    /**
-     * Get attributes.
-     *
-     * @throws \LogicException
-     * @return Attributes
-     */
-    public function attributes(): Attributes
-    {
-        if (!$this->hasAttributes()) {
-            throw new \LogicException("No attributes.");
-        }
-        return $this->_attributes;
-    }
-    
-    /**
-     * Get instance of self with attributes.
-     *
-     * @param Attributes $attribs
-     */
-    public function withAttributes(Attributes $attribs): self
-    {
-        $obj = clone $this;
-        $obj->_attributes = $attribs;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extension request attribute.
-     *
-     * @param Extensions $extensions Extensions to request
-     * @return self
-     */
-    public function withExtensionRequest(Extensions $extensions): self
-    {
-        $obj = clone $this;
-        if (!isset($obj->_attributes)) {
-            $obj->_attributes = new Attributes();
-        }
-        $obj->_attributes = $obj->_attributes->withUnique(
-            Attribute::fromAttributeValues(
-                new ExtensionRequestValue($extensions)));
-        return $obj;
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new Integer($this->_version),
-            $this->_subject->toASN1(), $this->_subjectPKInfo->toASN1());
-        if (isset($this->_attributes)) {
-            $elements[] = new ImplicitlyTaggedType(0,
-                $this->_attributes->toASN1());
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Create signed CertificationRequest.
-     *
-     * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
-     * @param PrivateKeyInfo $privkey_info Private key used for signing
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return CertificationRequest
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, Crypto $crypto = null): CertificationRequest
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new CertificationRequest($this, $algo, $signature);
-    }
+	const VERSION_1 = 0;
+    
+	/**
+	 * Version.
+	 *
+	 * @var int
+	 */
+	protected $_version;
+    
+	/**
+	 * Subject.
+	 *
+	 * @var Name $_subject
+	 */
+	protected $_subject;
+    
+	/**
+	 * Public key info.
+	 *
+	 * @var PublicKeyInfo $_subjectPKInfo
+	 */
+	protected $_subjectPKInfo;
+    
+	/**
+	 * Attributes.
+	 *
+	 * @var Attributes|null $_attributes
+	 */
+	protected $_attributes;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Name $subject Subject
+	 * @param PublicKeyInfo $pkinfo Public key info
+	 */
+	public function __construct(Name $subject, PublicKeyInfo $pkinfo)
+	{
+		$this->_version = self::VERSION_1;
+		$this->_subject = $subject;
+		$this->_subjectPKInfo = $pkinfo;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$version = $seq->at(0)
+			->asInteger()
+			->intNumber();
+		if ($version != self::VERSION_1) {
+			throw new \UnexpectedValueException(
+				"Version $version not supported.");
+		}
+		$subject = Name::fromASN1($seq->at(1)->asSequence());
+		$pkinfo = PublicKeyInfo::fromASN1($seq->at(2)->asSequence());
+		$obj = new self($subject, $pkinfo);
+		if ($seq->hasTagged(0)) {
+			$obj->_attributes = Attributes::fromASN1(
+				$seq->getTagged(0)
+					->asImplicit(Element::TYPE_SET)
+					->asSet());
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Get version.
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		return $this->_version;
+	}
+    
+	/**
+	 * Get self with subject.
+	 *
+	 * @param Name $subject
+	 * @return self
+	 */
+	public function withSubject(Name $subject): self
+	{
+		$obj = clone $this;
+		$obj->_subject = $subject;
+		return $obj;
+	}
+    
+	/**
+	 * Get subject.
+	 *
+	 * @return Name
+	 */
+	public function subject(): Name
+	{
+		return $this->_subject;
+	}
+    
+	/**
+	 * Get subject public key info.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function subjectPKInfo(): PublicKeyInfo
+	{
+		return $this->_subjectPKInfo;
+	}
+    
+	/**
+	 * Whether certification request info has attributes.
+	 *
+	 * @return bool
+	 */
+	public function hasAttributes(): bool
+	{
+		return isset($this->_attributes);
+	}
+    
+	/**
+	 * Get attributes.
+	 *
+	 * @throws \LogicException
+	 * @return Attributes
+	 */
+	public function attributes(): Attributes
+	{
+		if (!$this->hasAttributes()) {
+			throw new \LogicException("No attributes.");
+		}
+		return $this->_attributes;
+	}
+    
+	/**
+	 * Get instance of self with attributes.
+	 *
+	 * @param Attributes $attribs
+	 */
+	public function withAttributes(Attributes $attribs): self
+	{
+		$obj = clone $this;
+		$obj->_attributes = $attribs;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extension request attribute.
+	 *
+	 * @param Extensions $extensions Extensions to request
+	 * @return self
+	 */
+	public function withExtensionRequest(Extensions $extensions): self
+	{
+		$obj = clone $this;
+		if (!isset($obj->_attributes)) {
+			$obj->_attributes = new Attributes();
+		}
+		$obj->_attributes = $obj->_attributes->withUnique(
+			Attribute::fromAttributeValues(
+				new ExtensionRequestValue($extensions)));
+		return $obj;
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new Integer($this->_version),
+			$this->_subject->toASN1(), $this->_subjectPKInfo->toASN1());
+		if (isset($this->_attributes)) {
+			$elements[] = new ImplicitlyTaggedType(0,
+				$this->_attributes->toASN1());
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Create signed CertificationRequest.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
+	 * @param PrivateKeyInfo $privkey_info Private key used for signing
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return CertificationRequest
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, Crypto $crypto = null): CertificationRequest
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new CertificationRequest($this, $algo, $signature);
+	}
 }

lib/X509/CertificationRequest/CertificationRequest.php

Indentation +154 added lines, -154 removed lines

@@ -18,172 +18,172 @@
  */
 class CertificationRequest
 {
-    /**
-     * Certification request info.
-     *
-     * @var CertificationRequestInfo $_certificationRequestInfo
-     */
-    protected $_certificationRequestInfo;
+	/**
+	 * Certification request info.
+	 *
+	 * @var CertificationRequestInfo $_certificationRequestInfo
+	 */
+	protected $_certificationRequestInfo;
     
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
     
-    /**
-     * Signature.
-     *
-     * @var Signature $_signature
-     */
-    protected $_signature;
+	/**
+	 * Signature.
+	 *
+	 * @var Signature $_signature
+	 */
+	protected $_signature;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificationRequestInfo $info
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(CertificationRequestInfo $info,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_certificationRequestInfo = $info;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signature = $signature;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationRequestInfo $info
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(CertificationRequestInfo $info,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_certificationRequestInfo = $info;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signature = $signature;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($info, $algo, $signature);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($info, $algo, $signature);
+	}
     
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(Sequence::fromDER($data));
-    }
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(Sequence::fromDER($data));
+	}
     
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
     
-    /**
-     * Get certification request info.
-     *
-     * @return CertificationRequestInfo
-     */
-    public function certificationRequestInfo(): CertificationRequestInfo
-    {
-        return $this->_certificationRequestInfo;
-    }
+	/**
+	 * Get certification request info.
+	 *
+	 * @return CertificationRequestInfo
+	 */
+	public function certificationRequestInfo(): CertificationRequestInfo
+	{
+		return $this->_certificationRequestInfo;
+	}
     
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
     
-    /**
-     * Get signature.
-     *
-     * @return Signature
-     */
-    public function signature(): Signature
-    {
-        return $this->_signature;
-    }
+	/**
+	 * Get signature.
+	 *
+	 * @return Signature
+	 */
+	public function signature(): Signature
+	{
+		return $this->_signature;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_certificationRequestInfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_certificationRequestInfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
+	}
     
-    /**
-     * Get certification request as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
+	/**
+	 * Get certification request as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
     
-    /**
-     * Get certification request as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
-    }
+	/**
+	 * Get certification request as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
+	}
     
-    /**
-     * Verify certification request signature.
-     *
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if signature matches
-     */
-    public function verify(Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_certificationRequestInfo->toASN1()->toDER();
-        $pk_info = $this->_certificationRequestInfo->subjectPKInfo();
-        return $crypto->verify($data, $this->_signature, $pk_info,
-            $this->_signatureAlgorithm);
-    }
+	/**
+	 * Verify certification request signature.
+	 *
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if signature matches
+	 */
+	public function verify(Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_certificationRequestInfo->toASN1()->toDER();
+		$pk_info = $this->_certificationRequestInfo->subjectPKInfo();
+		return $crypto->verify($data, $this->_signature, $pk_info,
+			$this->_signatureAlgorithm);
+	}
     
-    /**
-     * Get certification request as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Get certification request as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/CertificationRequest/Attribute/ExtensionRequestValue.php

Indentation +81 added lines, -81 removed lines

@@ -17,94 +17,94 @@
  */
 class ExtensionRequestValue extends AttributeValue
 {
-    const OID = "1.2.840.113549.1.9.14";
+	const OID = "1.2.840.113549.1.9.14";
     
-    /**
-     * Extensions.
-     *
-     * @var Extensions $_extensions
-     */
-    protected $_extensions;
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions $_extensions
+	 */
+	protected $_extensions;
     
-    /**
-     * Constructor.
-     *
-     * @param Extensions $extensions
-     */
-    public function __construct(Extensions $extensions)
-    {
-        $this->_extensions = $extensions;
-        $this->_oid = self::OID;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Extensions $extensions
+	 */
+	public function __construct(Extensions $extensions)
+	{
+		$this->_extensions = $extensions;
+		$this->_oid = self::OID;
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::fromASN1()
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromASN1(UnspecifiedType $el): self
-    {
-        return new self(Extensions::fromASN1($el->asSequence()));
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::fromASN1()
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromASN1(UnspecifiedType $el): self
+	{
+		return new self(Extensions::fromASN1($el->asSequence()));
+	}
     
-    /**
-     * Get requested extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
+	/**
+	 * Get requested extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::toASN1()
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return $this->_extensions->toASN1();
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::toASN1()
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return $this->_extensions->toASN1();
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::stringValue()
-     * @return string
-     */
-    public function stringValue(): string
-    {
-        return "#" . bin2hex($this->toASN1()->toDER());
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::stringValue()
+	 * @return string
+	 */
+	public function stringValue(): string
+	{
+		return "#" . bin2hex($this->toASN1()->toDER());
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::equalityMatchingRule()
-     * @return BinaryMatch
-     */
-    public function equalityMatchingRule(): BinaryMatch
-    {
-        return new BinaryMatch();
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::equalityMatchingRule()
+	 * @return BinaryMatch
+	 */
+	public function equalityMatchingRule(): BinaryMatch
+	{
+		return new BinaryMatch();
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::rfc2253String()
-     * @return string
-     */
-    public function rfc2253String(): string
-    {
-        return $this->stringValue();
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::rfc2253String()
+	 * @return string
+	 */
+	public function rfc2253String(): string
+	{
+		return $this->stringValue();
+	}
     
-    /**
-     *
-     * @see \X501\ASN1\AttributeValue\AttributeValue::_transcodedString()
-     * @return string
-     */
-    protected function _transcodedString(): string
-    {
-        return $this->stringValue();
-    }
+	/**
+	 *
+	 * @see \X501\ASN1\AttributeValue\AttributeValue::_transcodedString()
+	 * @return string
+	 */
+	protected function _transcodedString(): string
+	{
+		return $this->stringValue();
+	}
 }

lib/X509/CertificationRequest/Attributes.php

Indentation +96 added lines, -96 removed lines

@@ -20,107 +20,107 @@
  */
 class Attributes implements \Countable, \IteratorAggregate
 {
-    use AttributeContainer;
+	use AttributeContainer;
     
-    /**
-     * Mapping from OID to attribute value class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_CLASS = array(
-        /* @formatter:off */
-        ExtensionRequestValue::OID => ExtensionRequestValue::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from OID to attribute value class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_CLASS = array(
+		/* @formatter:off */
+		ExtensionRequestValue::OID => ExtensionRequestValue::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Constructor.
-     *
-     * @param Attribute ...$attribs Attribute objects
-     */
-    public function __construct(Attribute ...$attribs)
-    {
-        $this->_attributes = $attribs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Attribute ...$attribs Attribute objects
+	 */
+	public function __construct(Attribute ...$attribs)
+	{
+		$this->_attributes = $attribs;
+	}
     
-    /**
-     * Initialize from attribute values.
-     *
-     * @param AttributeValue ...$values
-     * @return self
-     */
-    public static function fromAttributeValues(AttributeValue ...$values): self
-    {
-        $attribs = array_map(
-            function (AttributeValue $value) {
-                return $value->toAttribute();
-            }, $values);
-        return new self(...$attribs);
-    }
+	/**
+	 * Initialize from attribute values.
+	 *
+	 * @param AttributeValue ...$values
+	 * @return self
+	 */
+	public static function fromAttributeValues(AttributeValue ...$values): self
+	{
+		$attribs = array_map(
+			function (AttributeValue $value) {
+				return $value->toAttribute();
+			}, $values);
+		return new self(...$attribs);
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Set $set
-     * @return self
-     */
-    public static function fromASN1(Set $set): self
-    {
-        $attribs = array_map(
-            function (UnspecifiedType $el) {
-                return Attribute::fromASN1($el->asSequence());
-            }, $set->elements());
-        // cast attributes
-        $attribs = array_map(
-            function (Attribute $attr) {
-                $oid = $attr->oid();
-                if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
-                    $cls = self::MAP_OID_TO_CLASS[$oid];
-                    return $attr->castValues($cls);
-                }
-                return $attr;
-            }, $attribs);
-        return new self(...$attribs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Set $set
+	 * @return self
+	 */
+	public static function fromASN1(Set $set): self
+	{
+		$attribs = array_map(
+			function (UnspecifiedType $el) {
+				return Attribute::fromASN1($el->asSequence());
+			}, $set->elements());
+		// cast attributes
+		$attribs = array_map(
+			function (Attribute $attr) {
+				$oid = $attr->oid();
+				if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
+					$cls = self::MAP_OID_TO_CLASS[$oid];
+					return $attr->castValues($cls);
+				}
+				return $attr;
+			}, $attribs);
+		return new self(...$attribs);
+	}
     
-    /**
-     * Check whether extension request attribute is present.
-     *
-     * @return bool
-     */
-    public function hasExtensionRequest(): bool
-    {
-        return $this->has(ExtensionRequestValue::OID);
-    }
+	/**
+	 * Check whether extension request attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasExtensionRequest(): bool
+	{
+		return $this->has(ExtensionRequestValue::OID);
+	}
     
-    /**
-     * Get extension request attribute value.
-     *
-     * @throws \LogicException
-     * @return ExtensionRequestValue
-     */
-    public function extensionRequest(): ExtensionRequestValue
-    {
-        if (!$this->hasExtensionRequest()) {
-            throw new \LogicException("No extension request attribute.");
-        }
-        return $this->firstOf(ExtensionRequestValue::OID)->first();
-    }
+	/**
+	 * Get extension request attribute value.
+	 *
+	 * @throws \LogicException
+	 * @return ExtensionRequestValue
+	 */
+	public function extensionRequest(): ExtensionRequestValue
+	{
+		if (!$this->hasExtensionRequest()) {
+			throw new \LogicException("No extension request attribute.");
+		}
+		return $this->firstOf(ExtensionRequestValue::OID)->first();
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Set
-     */
-    public function toASN1(): Set
-    {
-        $elements = array_map(
-            function (Attribute $attr) {
-                return $attr->toASN1();
-            }, array_values($this->_attributes));
-        $set = new Set(...$elements);
-        return $set->sortedSetOf();
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Set
+	 */
+	public function toASN1(): Set
+	{
+		$elements = array_map(
+			function (Attribute $attr) {
+				return $attr->toASN1();
+			}, array_values($this->_attributes));
+		$set = new Set(...$elements);
+		return $set->sortedSetOf();
+	}
 }

Spacing +4 added lines, -4 removed lines

@@ -54,7 +54,7 @@ 
     public static function fromAttributeValues(AttributeValue ...$values): self
     {
         $attribs = array_map(
-            function (AttributeValue $value) {
+            function(AttributeValue $value) {
                 return $value->toAttribute();
             }, $values);
         return new self(...$attribs);
@@ -69,12 +69,12 @@ 
     public static function fromASN1(Set $set): self
     {
         $attribs = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return Attribute::fromASN1($el->asSequence());
             }, $set->elements());
         // cast attributes
         $attribs = array_map(
-            function (Attribute $attr) {
+            function(Attribute $attr) {
                 $oid = $attr->oid();
                 if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
                     $cls = self::MAP_OID_TO_CLASS[$oid];
@@ -117,7 +117,7 @@ 
     public function toASN1(): Set
     {
         $elements = array_map(
-            function (Attribute $attr) {
+            function(Attribute $attr) {
                 return $attr->toASN1();
             }, array_values($this->_attributes));
         $set = new Set(...$elements);