TBSCertificate - Code Metrics - Inspection of "Fix doc" - sop/x509 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( cafc8c...f882cd )

by Joni

created 2016-06-07 05:53 UTC

TBSCertificate F

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	575
Duplicated Lines	3.65 %

Coupling/Cohesion

Components	1
Dependencies	19

Test Coverage

Coverage

99.05%

Importance

Changes

Metric	Value
wmc	56
lcom	1
cbo	19
dl	21
loc	575
ccs	209
cts	211
cp	0.9905
rs	2.4812
c	0
b	0
f	0

34 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	8	1
B	fromASN1()	12	48	6
A	fromCSR()	0	20	3
A	withIssuerCertificate()	0	12	1
A	withVersion()	0	5	1
A	withSerialNumber()	0	5	1
A	withRandomSerialNumber()	9	9	2
A	withSignature()	0	5	1
A	withIssuer()	0	5	1
A	withValidity()	0	5	1
A	withSubject()	0	5	1
A	withSubjectPublicKeyInfo()	0	5	1
A	withIssuerUniqueID()	0	5	1
A	withSubjectUniqueID()	0	5	1
A	withExtensions()	0	5	1
A	withAdditionalExtensions()	0	5	1
A	hasVersion()	0	3	1
A	version()	0	6	2
A	hasSerialNumber()	0	3	1
A	serialNumber()	0	6	2
A	hasSignature()	0	3	1
A	signature()	0	6	2
A	issuer()	0	3	1
A	validity()	0	3	1
A	subject()	0	3	1
A	subjectPublicKeyInfo()	0	3	1
A	hasIssuerUniqueID()	0	3	1
A	issuerUniqueID()	0	6	2
A	hasSubjectUniqueID()	0	3	1
A	subjectUniqueID()	0	6	2
A	extensions()	0	3	1
B	toASN1()	0	27	5
A	sign()	0	14	3
A	_determineVersion()	0	11	4

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like TBSCertificate often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use TBSCertificate, and based on these observations, apply Extract Interface, too.

<?php

namespace X509\Certificate;

use ASN1\Element;
use ASN1\Type\Constructed\Sequence;
use ASN1\Type\Primitive\Integer;
use ASN1\Type\Tagged\ExplicitlyTaggedType;
use ASN1\Type\Tagged\ImplicitlyTaggedType;
use CryptoUtil\ASN1\AlgorithmIdentifier;
use CryptoUtil\ASN1\AlgorithmIdentifier\Feature\SignatureAlgorithmIdentifier;
use CryptoUtil\ASN1\PrivateKeyInfo;
use CryptoUtil\ASN1\PublicKeyInfo;
use CryptoUtil\Crypto\Crypto;
use X501\ASN1\Name;
use X509\Certificate\Extension\AuthorityKeyIdentifierExtension;
use X509\Certificate\Extension\Extension;
use X509\Certificate\Extension\SubjectKeyIdentifierExtension;
use X509\CertificationRequest\CertificationRequest;


/**
 * Implements <i>TBSCertificate</i> ASN.1 type.
 *
 * @link https://tools.ietf.org/html/rfc5280#section-4.1.2
 */
class TBSCertificate
{
	// Certificate version enumerations
	const VERSION_1 = 0;
	const VERSION_2 = 1;
	const VERSION_3 = 2;
	
	/**
	 * Certificate version.
	 *
	 * @var int
	 */
	protected $_version;
	
	/**
	 * Serial number.
	 *
	 * @var int|string
	 */
	protected $_serialNumber;
	
	/**
	 * Signature algorithm.
	 *
	 * @var SignatureAlgorithmIdentifier
	 */
	protected $_signature;
	
	/**
	 * Certificate issuer.
	 *
	 * @var Name $_issuer
	 */
	protected $_issuer;
	
	/**
	 * Certificate validity period.
	 *
	 * @var Validity $_validity
	 */
	protected $_validity;
	
	/**
	 * Certificate subject.
	 *
	 * @var Name $_subject
	 */
	protected $_subject;
	
	/**
	 * Subject public key.
	 *
	 * @var PublicKeyInfo $_subjectPublicKeyInfo
	 */
	protected $_subjectPublicKeyInfo;
	
	/**
	 * Issuer unique identifier.
	 *
	 * @var UniqueIdentifier|null $_issuerUniqueID
	 */
	protected $_issuerUniqueID;
	
	/**
	 * Subject unique identifier.
	 *
	 * @var UniqueIdentifier|null $_subjectUniqueID
	 */
	protected $_subjectUniqueID;
	
	/**
	 * Extensions.
	 *
	 * @var Extensions $_extensions
	 */
	protected $_extensions;
	
	/**
	 * Constructor
	 *
	 * @param Name $subject Certificate subject
	 * @param PublicKeyInfo $pki Subject public key
	 * @param Name $issuer Certificate issuer
	 * @param Validity $validity Validity period
	 */
	public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer, 
			Validity $validity) {
		$this->_subject = $subject;
		$this->_subjectPublicKeyInfo = $pki;
		$this->_issuer = $issuer;
		$this->_validity = $validity;
		$this->_extensions = new Extensions();
	}
	
	/**
	 * Initialize from ASN.1.
	 *
	 * @param Sequence $seq
	 * @return self
	 */
	public static function fromASN1(Sequence $seq) {
		$idx = 0;
		if ($seq->hasTagged(0)) {
			$idx++;
			$version = intval(
				$seq->getTagged(0)
					->asExplicit()
					->asInteger()
					->number());
		} else {
			$version = self::VERSION_1;
		}
		$serial = $seq->at($idx++)
			->asInteger()
			->number();
		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
		if (!$algo instanceof SignatureAlgorithmIdentifier) {
			throw new \UnexpectedValueException(
				"Unsupported signature algorithm " . $algo->oid() . ".");
		}
		$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
		$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
		$subject = Name::fromASN1($seq->at($idx++)->asSequence());
		$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
		$tbs_cert = new self($subject, $pki, $issuer, $validity);
		$tbs_cert->_version = $version;
		$tbs_cert->_serialNumber = $serial;
		$tbs_cert->_signature = $algo;
		if ($seq->hasTagged(1)) {

			$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
				$seq->getTagged(1)
					->asImplicit(Element::TYPE_BIT_STRING)
					->asBitString());
		}
		if ($seq->hasTagged(2)) {

			$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
				$seq->getTagged(2)
					->asImplicit(Element::TYPE_BIT_STRING)
					->asBitString());
		}
		if ($seq->hasTagged(3)) {
			$tbs_cert->_extensions = Extensions::fromASN1(
				$seq->getTagged(3)
					->asExplicit()
					->asSequence());
		}
		return $tbs_cert;
	}
	
	/**
	 * Initialize from certification request.
	 *
	 * Note that signature is not verified and must be done by the caller.
	 *
	 * @param CertificationRequest $cr
	 * @return self
	 */
	public static function fromCSR(CertificationRequest $cr) {
		$cri = $cr->certificationRequestInfo();
		$tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(), 
			Validity::fromStrings(null, null));
		// if CSR has Extension Request attribute
		if ($cri->hasAttributes()) {
			$attribs = $cri->attributes();
			if ($attribs->hasExtensionRequest()) {
				$tbs_cert = $tbs_cert->withExtensions(
					$attribs->extensionRequest()
						->extensions());
			}
		}
		// add Subject Key Identifier extension
		$tbs_cert = $tbs_cert->withAdditionalExtensions(
			new SubjectKeyIdentifierExtension(false, 
				$cri->subjectPKInfo()
					->keyIdentifier()));
		return $tbs_cert;
	}
	
	/**
	 * Get self with fields set from the issuer's certificate.
	 *
	 * Issuer shall be set to issuing certificate's subject.
	 * Authority key identifier extensions shall be added with a key identifier
	 * set to issuing certificate's public key identifier.
	 *
	 * @param Certificate $cert Issuing party's certificate
	 * @return self
	 */
	public function withIssuerCertificate(Certificate $cert) {
		$obj = clone $this;
		// set issuer DN from cert's subject
		$obj->_issuer = $cert->tbsCertificate()->subject();
		// add authority key identifier extension
		$key_id = $cert->tbsCertificate()
			->subjectPublicKeyInfo()
			->keyIdentifier();
		$obj->_extensions = $obj->_extensions->withExtensions(
			new AuthorityKeyIdentifierExtension(false, $key_id));
		return $obj;
	}
	
	/**
	 * Get self with given version.
	 *
	 * If version is not set, appropriate version is automatically
	 * determined during signing.
	 *
	 * @param int $version
	 * @return self
	 */
	public function withVersion($version) {
		$obj = clone $this;
		$obj->_version = $version;
		return $obj;
	}
	
	/**
	 * Get self with given serial number.
	 *
	 * @param int|string $serial Base 10 number
	 * @return self
	 */
	public function withSerialNumber($serial) {
		$obj = clone $this;
		$obj->_serialNumber = $serial;
		return $obj;
	}
	
	/**
	 * Get self with random positive serial number.
	 *
	 * @param int $size Number of random bytes
	 * @return self
	 */
	public function withRandomSerialNumber($size = 16) {

		// ensure that first byte is always non-zero and having first bit unset
		$num = gmp_init(mt_rand(1, 0x7f), 10);
		for ($i = 1; $i < $size; ++$i) {
			$num <<= 8;
			$num += mt_rand(0, 0xff);
		}
		return $this->withSerialNumber(gmp_strval($num, 10));
	}
	
	/**
	 * Get self with given signature algorithm.
	 *
	 * @param SignatureAlgorithmIdentifier $algo
	 * @return self
	 */
	public function withSignature(SignatureAlgorithmIdentifier $algo) {
		$obj = clone $this;
		$obj->_signature = $algo;
		return $obj;
	}
	
	/**
	 * Get self with given issuer.
	 *
	 * @param Name $issuer
	 * @return self
	 */
	public function withIssuer(Name $issuer) {
		$obj = clone $this;
		$obj->_issuer = $issuer;
		return $obj;
	}
	
	/**
	 * Get self with given validity.
	 *
	 * @param Validity $validity
	 * @return self
	 */
	public function withValidity(Validity $validity) {
		$obj = clone $this;
		$obj->_validity = $validity;
		return $obj;
	}
	
	/**
	 * Get self with given subject.
	 *
	 * @param Name $subject
	 * @return self
	 */
	public function withSubject(Name $subject) {
		$obj = clone $this;
		$obj->_subject = $subject;
		return $obj;
	}
	
	/**
	 * Get self with given subject public key info.
	 *
	 * @param PublicKeyInfo $pub_key_info
	 * @return self
	 */
	public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info) {
		$obj = clone $this;
		$obj->_subjectPublicKeyInfo = $pub_key_info;
		return $obj;
	}
	
	/**
	 * Get self with issuer unique ID.
	 *
	 * @param UniqueIdentifier $id
	 * @return self
	 */
	public function withIssuerUniqueID(UniqueIdentifier $id) {
		$obj = clone $this;
		$obj->_issuerUniqueID = $id;
		return $obj;
	}
	
	/**
	 * Get self with subject unique ID.
	 *
	 * @param UniqueIdentifier $id
	 * @return self
	 */
	public function withSubjectUniqueID(UniqueIdentifier $id) {
		$obj = clone $this;
		$obj->_subjectUniqueID = $id;
		return $obj;
	}
	
	/**
	 * Get self with given extensions.
	 *
	 * @param Extensions $extensions
	 * @return self
	 */
	public function withExtensions(Extensions $extensions) {
		$obj = clone $this;
		$obj->_extensions = $extensions;
		return $obj;
	}
	
	/**
	 * Get self with extensions added.
	 *
	 * @param Extension ...$exts One or more Extension objects
	 * @return self
	 */
	public function withAdditionalExtensions(Extension ...$exts) {
		$obj = clone $this;
		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
		return $obj;
	}
	
	/**
	 * Check whether version is set.
	 *
	 * @return bool
	 */
	public function hasVersion() {
		return isset($this->_version);
	}
	
	/**
	 * Get certificate version.
	 *
	 * @return int
	 */
	public function version() {
		if (!$this->hasVersion()) {
			throw new \LogicException("version not set.");
		}
		return $this->_version;
	}
	
	/**
	 * Check whether serial number is set.
	 *
	 * @return bool
	 */
	public function hasSerialNumber() {
		return isset($this->_serialNumber);
	}
	
	/**
	 * Get serial number.
	 *
	 * @return int|string Base 10 integer
	 */
	public function serialNumber() {
		if (!$this->hasSerialNumber()) {
			throw new \LogicException("serialNumber not set.");
		}
		return $this->_serialNumber;
	}
	
	/**
	 * Check whether signature algorithm is set.
	 *
	 * @return bool
	 */
	public function hasSignature() {
		return isset($this->_signature);
	}
	
	/**
	 * Get signature algorithm.
	 *
	 * @return SignatureAlgorithmIdentifier
	 */
	public function signature() {
		if (!$this->hasSignature()) {
			throw new \LogicException("signature not set.");
		}
		return $this->_signature;
	}
	
	/**
	 * Get issuer.
	 *
	 * @return Name
	 */
	public function issuer() {
		return $this->_issuer;
	}
	
	/**
	 * Get validity period.
	 *
	 * @return Validity
	 */
	public function validity() {
		return $this->_validity;
	}
	
	/**
	 * Get subject.
	 *
	 * @return Name
	 */
	public function subject() {
		return $this->_subject;
	}
	
	/**
	 * Get subject public key.
	 *
	 * @return PublicKeyInfo
	 */
	public function subjectPublicKeyInfo() {
		return $this->_subjectPublicKeyInfo;
	}
	
	/**
	 * Whether issuer unique identifier is present.
	 *
	 * @return bool
	 */
	public function hasIssuerUniqueID() {
		return isset($this->_issuerUniqueID);
	}
	
	/**
	 * Get issuerUniqueID.
	 *
	 * @return UniqueIdentifier
	 */
	public function issuerUniqueID() {
		if (!$this->hasIssuerUniqueID()) {
			throw new \LogicException("issuerUniqueID not set.");
		}
		return $this->_issuerUniqueID;
	}
	
	/**
	 * Whether subject unique identifier is present.
	 *
	 * @return bool
	 */
	public function hasSubjectUniqueID() {
		return isset($this->_subjectUniqueID);
	}
	
	/**
	 * Get subjectUniqueID.
	 *
	 * @return UniqueIdentifier
	 */
	public function subjectUniqueID() {
		if (!$this->hasSubjectUniqueID()) {
			throw new \LogicException("subjectUniqueID not set.");
		}
		return $this->_subjectUniqueID;
	}
	
	/**
	 * Get extensions.
	 *
	 * @return Extensions
	 */
	public function extensions() {
		return $this->_extensions;
	}
	
	/**
	 * Generate ASN.1 structure.
	 *
	 * @return Sequence
	 */
	public function toASN1() {
		$elements = array();
		$version = $this->version();
		// if version is not default
		if ($version != self::VERSION_1) {
			$elements[] = new ExplicitlyTaggedType(0, new Integer($version));
		}
		$serial = $this->serialNumber();
		$signature = $this->signature();
		// add required elements
		array_push($elements, new Integer($serial), $signature->toASN1(), 
			$this->_issuer->toASN1(), $this->_validity->toASN1(), 
			$this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
		if (isset($this->_issuerUniqueID)) {
			$elements[] = new ImplicitlyTaggedType(1, 
				$this->_issuerUniqueID->toASN1());
		}
		if (isset($this->_subjectUniqueID)) {
			$elements[] = new ImplicitlyTaggedType(2, 
				$this->_subjectUniqueID->toASN1());
		}
		if (count($this->_extensions)) {
			$elements[] = new ExplicitlyTaggedType(3, 
				$this->_extensions->toASN1());
		}
		return new Sequence(...$elements);
	}
	
	/**
	 * Create signed certificate.
	 *
	 * @param Crypto $crypto Crypto engine
	 * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
	 * @param PrivateKeyInfo $privkey_info Private key used for signing
	 * @return Certificate
	 */
	public function sign(Crypto $crypto, SignatureAlgorithmIdentifier $algo, 
			PrivateKeyInfo $privkey_info) {
		$tbsCert = clone $this;
		if (!isset($tbsCert->_version)) {
			$tbsCert->_version = $tbsCert->_determineVersion();
		}
		if (!isset($tbsCert->_serialNumber)) {
			$tbsCert->_serialNumber = 0;
		}
		$tbsCert->_signature = $algo;
		$data = $tbsCert->toASN1()->toDER();
		$signature = $crypto->sign($data, $privkey_info, $algo);
		return new Certificate($tbsCert, $algo, $signature);
	}
	
	/**
	 * Determine minimum version for the certificate.
	 *
	 * @return int
	 */
	protected function _determineVersion() {
		// if extensions are present
		if (count($this->_extensions)) {
			return self::VERSION_3;
		}
		// if UniqueIdentifier is present
		if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
			return self::VERSION_2;
		}
		return self::VERSION_1;
	}
}


1			<?php
2
3			namespace X509\Certificate;
4
5			use ASN1\Element;
6			use ASN1\Type\Constructed\Sequence;
7			use ASN1\Type\Primitive\Integer;
8			use ASN1\Type\Tagged\ExplicitlyTaggedType;
9			use ASN1\Type\Tagged\ImplicitlyTaggedType;
10			use CryptoUtil\ASN1\AlgorithmIdentifier;
11			use CryptoUtil\ASN1\AlgorithmIdentifier\Feature\SignatureAlgorithmIdentifier;
12			use CryptoUtil\ASN1\PrivateKeyInfo;
13			use CryptoUtil\ASN1\PublicKeyInfo;
14			use CryptoUtil\Crypto\Crypto;
15			use X501\ASN1\Name;
16			use X509\Certificate\Extension\AuthorityKeyIdentifierExtension;
17			use X509\Certificate\Extension\Extension;
18			use X509\Certificate\Extension\SubjectKeyIdentifierExtension;
19			use X509\CertificationRequest\CertificationRequest;
20
21
22			/**
23			* Implements <i>TBSCertificate</i> ASN.1 type.
24			*
25			* @link https://tools.ietf.org/html/rfc5280#section-4.1.2
26			*/
27			class TBSCertificate
28			{
29			// Certificate version enumerations
30			const VERSION_1 = 0;
31			const VERSION_2 = 1;
32			const VERSION_3 = 2;
33
34			/**
35			* Certificate version.
36			*
37			* @var int
38			*/
39			protected $_version;
40
41			/**
42			* Serial number.
43			*
44			* @var int\|string
45			*/
46			protected $_serialNumber;
47
48			/**
49			* Signature algorithm.
50			*
51			* @var SignatureAlgorithmIdentifier
52			*/
53			protected $_signature;
54
55			/**
56			* Certificate issuer.
57			*
58			* @var Name $_issuer
59			*/
60			protected $_issuer;
61
62			/**
63			* Certificate validity period.
64			*
65			* @var Validity $_validity
66			*/
67			protected $_validity;
68
69			/**
70			* Certificate subject.
71			*
72			* @var Name $_subject
73			*/
74			protected $_subject;
75
76			/**
77			* Subject public key.
78			*
79			* @var PublicKeyInfo $_subjectPublicKeyInfo
80			*/
81			protected $_subjectPublicKeyInfo;
82
83			/**
84			* Issuer unique identifier.
85			*
86			* @var UniqueIdentifier\|null $_issuerUniqueID
87			*/
88			protected $_issuerUniqueID;
89
90			/**
91			* Subject unique identifier.
92			*
93			* @var UniqueIdentifier\|null $_subjectUniqueID
94			*/
95			protected $_subjectUniqueID;
96
97			/**
98			* Extensions.
99			*
100			* @var Extensions $_extensions
101			*/
102			protected $_extensions;
103
104			/**
105			* Constructor
106			*
107			* @param Name $subject Certificate subject
108			* @param PublicKeyInfo $pki Subject public key
109			* @param Name $issuer Certificate issuer
110			* @param Validity $validity Validity period
111			*/
112	18		public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
113			Validity $validity) {
114	18		$this->_subject = $subject;
115	18		$this->_subjectPublicKeyInfo = $pki;
116	18		$this->_issuer = $issuer;
117	18		$this->_validity = $validity;
118	18		$this->_extensions = new Extensions();
119	18		}
120
121			/**
122			* Initialize from ASN.1.
123			*
124			* @param Sequence $seq
125			* @return self
126			*/
127	12		public static function fromASN1(Sequence $seq) {
128	12		$idx = 0;
129	12		if ($seq->hasTagged(0)) {
130	9		$idx++;
131	9		$version = intval(
132	9		$seq->getTagged(0)
133	9		->asExplicit()
134	9		->asInteger()
135	9		->number());
136	9		} else {
137	3		$version = self::VERSION_1;
138			}
139	12		$serial = $seq->at($idx++)
140	12		->asInteger()
141	12		->number();
142	12		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
143	12		if (!$algo instanceof SignatureAlgorithmIdentifier) {
144			throw new \UnexpectedValueException(
145			"Unsupported signature algorithm " . $algo->oid() . ".");
146			}
147	12		$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
148	12		$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
149	12		$subject = Name::fromASN1($seq->at($idx++)->asSequence());
150	12		$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
151	12		$tbs_cert = new self($subject, $pki, $issuer, $validity);
152	12		$tbs_cert->_version = $version;
153	12		$tbs_cert->_serialNumber = $serial;
154	12		$tbs_cert->_signature = $algo;
155	12	View Code Duplication	if ($seq->hasTagged(1)) {
			0 ignored issues – show Duplication introduced 2016-06-06 10:46 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
156	1		$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
157	1		$seq->getTagged(1)
158	1		->asImplicit(Element::TYPE_BIT_STRING)
159	1		->asBitString());
160	1		}
161	12	View Code Duplication	if ($seq->hasTagged(2)) {
			0 ignored issues – show Duplication introduced 2016-06-06 10:46 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
162	1		$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
163	1		$seq->getTagged(2)
164	1		->asImplicit(Element::TYPE_BIT_STRING)
165	1		->asBitString());
166	1		}
167	12		if ($seq->hasTagged(3)) {
168	9		$tbs_cert->_extensions = Extensions::fromASN1(
169	9		$seq->getTagged(3)
170	9		->asExplicit()
171	9		->asSequence());
172	9		}
173	12		return $tbs_cert;
174			}
175
176			/**
177			* Initialize from certification request.
178			*
179			* Note that signature is not verified and must be done by the caller.
180			*
181			* @param CertificationRequest $cr
182			* @return self
183			*/
184	1		public static function fromCSR(CertificationRequest $cr) {
185	1		$cri = $cr->certificationRequestInfo();
186	1		$tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
187	1		Validity::fromStrings(null, null));
188			// if CSR has Extension Request attribute
189	1		if ($cri->hasAttributes()) {
190	1		$attribs = $cri->attributes();
191	1		if ($attribs->hasExtensionRequest()) {
192	1		$tbs_cert = $tbs_cert->withExtensions(
193	1		$attribs->extensionRequest()
194	1		->extensions());
195	1		}
196	1		}
197			// add Subject Key Identifier extension
198	1		$tbs_cert = $tbs_cert->withAdditionalExtensions(
199	1		new SubjectKeyIdentifierExtension(false,
200	1		$cri->subjectPKInfo()
201	1		->keyIdentifier()));
202	1		return $tbs_cert;
203			}
204
205			/**
206			* Get self with fields set from the issuer's certificate.
207			*
208			* Issuer shall be set to issuing certificate's subject.
209			* Authority key identifier extensions shall be added with a key identifier
210			* set to issuing certificate's public key identifier.
211			*
212			* @param Certificate $cert Issuing party's certificate
213			* @return self
214			*/
215	1		public function withIssuerCertificate(Certificate $cert) {
216	1		$obj = clone $this;
217			// set issuer DN from cert's subject
218	1		$obj->_issuer = $cert->tbsCertificate()->subject();
219			// add authority key identifier extension
220	1		$key_id = $cert->tbsCertificate()
221	1		->subjectPublicKeyInfo()
222	1		->keyIdentifier();
223	1		$obj->_extensions = $obj->_extensions->withExtensions(
224	1		new AuthorityKeyIdentifierExtension(false, $key_id));
225	1		return $obj;
226			}
227
228			/**
229			* Get self with given version.
230			*
231			* If version is not set, appropriate version is automatically
232			* determined during signing.
233			*
234			* @param int $version
235			* @return self
236			*/
237	4		public function withVersion($version) {
238	4		$obj = clone $this;
239	4		$obj->_version = $version;
240	4		return $obj;
241			}
242
243			/**
244			* Get self with given serial number.
245			*
246			* @param int\|string $serial Base 10 number
247			* @return self
248			*/
249	5		public function withSerialNumber($serial) {
250	5		$obj = clone $this;
251	5		$obj->_serialNumber = $serial;
252	5		return $obj;
253			}
254
255			/**
256			* Get self with random positive serial number.
257			*
258			* @param int $size Number of random bytes
259			* @return self
260			*/
261	1	View Code Duplication	public function withRandomSerialNumber($size = 16) {
			0 ignored issues – show Duplication introduced 2016-06-01 09:53 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
262			// ensure that first byte is always non-zero and having first bit unset
263	1		$num = gmp_init(mt_rand(1, 0x7f), 10);
264	1		for ($i = 1; $i < $size; ++$i) {
265	1		$num <<= 8;
266	1		$num += mt_rand(0, 0xff);
267	1		}
268	1		return $this->withSerialNumber(gmp_strval($num, 10));
269			}
270
271			/**
272			* Get self with given signature algorithm.
273			*
274			* @param SignatureAlgorithmIdentifier $algo
275			* @return self
276			*/
277	4		public function withSignature(SignatureAlgorithmIdentifier $algo) {
278	4		$obj = clone $this;
279	4		$obj->_signature = $algo;
280	4		return $obj;
281			}
282
283			/**
284			* Get self with given issuer.
285			*
286			* @param Name $issuer
287			* @return self
288			*/
289	1		public function withIssuer(Name $issuer) {
290	1		$obj = clone $this;
291	1		$obj->_issuer = $issuer;
292	1		return $obj;
293			}
294
295			/**
296			* Get self with given validity.
297			*
298			* @param Validity $validity
299			* @return self
300			*/
301	2		public function withValidity(Validity $validity) {
302	2		$obj = clone $this;
303	2		$obj->_validity = $validity;
304	2		return $obj;
305			}
306
307			/**
308			* Get self with given subject.
309			*
310			* @param Name $subject
311			* @return self
312			*/
313	1		public function withSubject(Name $subject) {
314	1		$obj = clone $this;
315	1		$obj->_subject = $subject;
316	1		return $obj;
317			}
318
319			/**
320			* Get self with given subject public key info.
321			*
322			* @param PublicKeyInfo $pub_key_info
323			* @return self
324			*/
325	1		public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info) {
326	1		$obj = clone $this;
327	1		$obj->_subjectPublicKeyInfo = $pub_key_info;
328	1		return $obj;
329			}
330
331			/**
332			* Get self with issuer unique ID.
333			*
334			* @param UniqueIdentifier $id
335			* @return self
336			*/
337	4		public function withIssuerUniqueID(UniqueIdentifier $id) {
338	4		$obj = clone $this;
339	4		$obj->_issuerUniqueID = $id;
340	4		return $obj;
341			}
342
343			/**
344			* Get self with subject unique ID.
345			*
346			* @param UniqueIdentifier $id
347			* @return self
348			*/
349	4		public function withSubjectUniqueID(UniqueIdentifier $id) {
350	4		$obj = clone $this;
351	4		$obj->_subjectUniqueID = $id;
352	4		return $obj;
353			}
354
355			/**
356			* Get self with given extensions.
357			*
358			* @param Extensions $extensions
359			* @return self
360			*/
361	4		public function withExtensions(Extensions $extensions) {
362	4		$obj = clone $this;
363	4		$obj->_extensions = $extensions;
364	4		return $obj;
365			}
366
367			/**
368			* Get self with extensions added.
369			*
370			* @param Extension ...$exts One or more Extension objects
371			* @return self
372			*/
373	3		public function withAdditionalExtensions(Extension ...$exts) {
374	3		$obj = clone $this;
375	3		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
376	3		return $obj;
377			}
378
379			/**
380			* Check whether version is set.
381			*
382			* @return bool
383			*/
384	41		public function hasVersion() {
385	41		return isset($this->_version);
386			}
387
388			/**
389			* Get certificate version.
390			*
391			* @return int
392			*/
393	41		public function version() {
394	41		if (!$this->hasVersion()) {
395	1		throw new \LogicException("version not set.");
396			}
397	40		return $this->_version;
398			}
399
400			/**
401			* Check whether serial number is set.
402			*
403			* @return bool
404			*/
405	44		public function hasSerialNumber() {
406	44		return isset($this->_serialNumber);
407			}
408
409			/**
410			* Get serial number.
411			*
412			* @return int\|string Base 10 integer
413			*/
414	44		public function serialNumber() {
415	44		if (!$this->hasSerialNumber()) {
416	1		throw new \LogicException("serialNumber not set.");
417			}
418	43		return $this->_serialNumber;
419			}
420
421			/**
422			* Check whether signature algorithm is set.
423			*
424			* @return bool
425			*/
426	41		public function hasSignature() {
427	41		return isset($this->_signature);
428			}
429
430			/**
431			* Get signature algorithm.
432			*
433			* @return SignatureAlgorithmIdentifier
434			*/
435	41		public function signature() {
436	41		if (!$this->hasSignature()) {
437	1		throw new \LogicException("signature not set.");
438			}
439	40		return $this->_signature;
440			}
441
442			/**
443			* Get issuer.
444			*
445			* @return Name
446			*/
447	37		public function issuer() {
448	37		return $this->_issuer;
449			}
450
451			/**
452			* Get validity period.
453			*
454			* @return Validity
455			*/
456	25		public function validity() {
457	25		return $this->_validity;
458			}
459
460			/**
461			* Get subject.
462			*
463			* @return Name
464			*/
465	36		public function subject() {
466	36		return $this->_subject;
467			}
468
469			/**
470			* Get subject public key.
471			*
472			* @return PublicKeyInfo
473			*/
474	31		public function subjectPublicKeyInfo() {
475	31		return $this->_subjectPublicKeyInfo;
476			}
477
478			/**
479			* Whether issuer unique identifier is present.
480			*
481			* @return bool
482			*/
483	3		public function hasIssuerUniqueID() {
484	3		return isset($this->_issuerUniqueID);
485			}
486
487			/**
488			* Get issuerUniqueID.
489			*
490			* @return UniqueIdentifier
491			*/
492	2		public function issuerUniqueID() {
493	2		if (!$this->hasIssuerUniqueID()) {
494	1		throw new \LogicException("issuerUniqueID not set.");
495			}
496	1		return $this->_issuerUniqueID;
497			}
498
499			/**
500			* Whether subject unique identifier is present.
501			*
502			* @return bool
503			*/
504	2		public function hasSubjectUniqueID() {
505	2		return isset($this->_subjectUniqueID);
506			}
507
508			/**
509			* Get subjectUniqueID.
510			*
511			* @return UniqueIdentifier
512			*/
513	2		public function subjectUniqueID() {
514	2		if (!$this->hasSubjectUniqueID()) {
515	1		throw new \LogicException("subjectUniqueID not set.");
516			}
517	1		return $this->_subjectUniqueID;
518			}
519
520			/**
521			* Get extensions.
522			*
523			* @return Extensions
524			*/
525	35		public function extensions() {
526	35		return $this->_extensions;
527			}
528
529			/**
530			* Generate ASN.1 structure.
531			*
532			* @return Sequence
533			*/
534	38		public function toASN1() {
535	38		$elements = array();
536	38		$version = $this->version();
537			// if version is not default
538	38		if ($version != self::VERSION_1) {
539	29		$elements[] = new ExplicitlyTaggedType(0, new Integer($version));
540	29		}
541	38		$serial = $this->serialNumber();
542	38		$signature = $this->signature();
543			// add required elements
544	38		array_push($elements, new Integer($serial), $signature->toASN1(),
545	38		$this->_issuer->toASN1(), $this->_validity->toASN1(),
546	38		$this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
547	38		if (isset($this->_issuerUniqueID)) {
548	3		$elements[] = new ImplicitlyTaggedType(1,
549	3		$this->_issuerUniqueID->toASN1());
550	3		}
551	38		if (isset($this->_subjectUniqueID)) {
552	3		$elements[] = new ImplicitlyTaggedType(2,
553	3		$this->_subjectUniqueID->toASN1());
554	3		}
555	38		if (count($this->_extensions)) {
556	25		$elements[] = new ExplicitlyTaggedType(3,
557	25		$this->_extensions->toASN1());
558	25		}
559	38		return new Sequence(...$elements);
560			}
561
562			/**
563			* Create signed certificate.
564			*
565			* @param Crypto $crypto Crypto engine
566			* @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
567			* @param PrivateKeyInfo $privkey_info Private key used for signing
568			* @return Certificate
569			*/
570	9		public function sign(Crypto $crypto, SignatureAlgorithmIdentifier $algo,
571			PrivateKeyInfo $privkey_info) {
572	9		$tbsCert = clone $this;
573	9		if (!isset($tbsCert->_version)) {
574	9		$tbsCert->_version = $tbsCert->_determineVersion();
575	9		}
576	9		if (!isset($tbsCert->_serialNumber)) {
577	9		$tbsCert->_serialNumber = 0;
578	9		}
579	9		$tbsCert->_signature = $algo;
580	9		$data = $tbsCert->toASN1()->toDER();
581	9		$signature = $crypto->sign($data, $privkey_info, $algo);
582	9		return new Certificate($tbsCert, $algo, $signature);
583			}
584
585			/**
586			* Determine minimum version for the certificate.
587			*
588			* @return int
589			*/
590	9		protected function _determineVersion() {
591			// if extensions are present
592	9		if (count($this->_extensions)) {
593	3		return self::VERSION_3;
594			}
595			// if UniqueIdentifier is present
596	6		if (isset($this->_issuerUniqueID) \|\| isset($this->_subjectUniqueID)) {
597	3		return self::VERSION_2;
598			}
599	3		return self::VERSION_1;
600			}
601			}
602

sop / x509

GitHub Access Token became invalid