sop / x509

lib/X509/CertificationPath/PathValidation/PathValidator.php

Doc Comments +1 added lines

@@ -50,6 +50,7 @@
      * @param PathValidationConfig $config Validation config
      * @param Certificate ...$certificates Certificates from the trust anchor to
      *            the end-entity certificate
+     * @param Certificate[] $certificates
      */
     public function __construct(Crypto $crypto, PathValidationConfig $config,
         Certificate ...$certificates)

Indentation +553 added lines, -553 removed lines

@@ -15,584 +15,584 @@
  */
 class PathValidator
 {
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto $_crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto $_crypto
+	 */
+	protected $_crypto;
     
-    /**
-     * Path validation configuration.
-     *
-     * @var PathValidationConfig $_config
-     */
-    protected $_config;
+	/**
+	 * Path validation configuration.
+	 *
+	 * @var PathValidationConfig $_config
+	 */
+	protected $_config;
     
-    /**
-     * Certification path.
-     *
-     * @var Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Certification path trust anchor.
-     *
-     * @var Certificate $_trustAnchor
-     */
-    protected $_trustAnchor;
+	/**
+	 * Certification path trust anchor.
+	 *
+	 * @var Certificate $_trustAnchor
+	 */
+	protected $_trustAnchor;
     
-    /**
-     * Constructor.
-     *
-     * @param Crypto $crypto Crypto engine
-     * @param PathValidationConfig $config Validation config
-     * @param Certificate ...$certificates Certificates from the trust anchor to
-     *            the end-entity certificate
-     */
-    public function __construct(Crypto $crypto, PathValidationConfig $config,
-        Certificate ...$certificates)
-    {
-        if (!count($certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        $this->_crypto = $crypto;
-        $this->_config = $config;
-        $this->_certificates = $certificates;
-        // if trust anchor is explicitly given in configuration
-        if ($config->hasTrustAnchor()) {
-            $this->_trustAnchor = $config->trustAnchor();
-        } else {
-            $this->_trustAnchor = $certificates[0];
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Crypto $crypto Crypto engine
+	 * @param PathValidationConfig $config Validation config
+	 * @param Certificate ...$certificates Certificates from the trust anchor to
+	 *            the end-entity certificate
+	 */
+	public function __construct(Crypto $crypto, PathValidationConfig $config,
+		Certificate ...$certificates)
+	{
+		if (!count($certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		$this->_crypto = $crypto;
+		$this->_config = $config;
+		$this->_certificates = $certificates;
+		// if trust anchor is explicitly given in configuration
+		if ($config->hasTrustAnchor()) {
+			$this->_trustAnchor = $config->trustAnchor();
+		} else {
+			$this->_trustAnchor = $certificates[0];
+		}
+	}
     
-    /**
-     * Validate certification path.
-     *
-     * @throws PathValidationException
-     * @return PathValidationResult
-     */
-    public function validate()
-    {
-        $n = count($this->_certificates);
-        $state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
-            $n);
-        for ($i = 0; $i < $n; ++$i) {
-            $state = $state->withIndex($i + 1);
-            $cert = $this->_certificates[$i];
-            // process certificate (section 6.1.3.)
-            $state = $this->_processCertificate($state, $cert);
-            if (!$state->isFinal()) {
-                // prepare next certificate (section 6.1.4.)
-                $state = $this->_prepareNext($state, $cert);
-            }
-        }
-        if (!isset($cert)) {
-            throw new \LogicException("No certificates.");
-        }
-        // wrap-up (section 6.1.5.)
-        $state = $this->_wrapUp($state, $cert);
-        // return outputs
-        return $state->getResult($this->_certificates);
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @throws PathValidationException
+	 * @return PathValidationResult
+	 */
+	public function validate()
+	{
+		$n = count($this->_certificates);
+		$state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
+			$n);
+		for ($i = 0; $i < $n; ++$i) {
+			$state = $state->withIndex($i + 1);
+			$cert = $this->_certificates[$i];
+			// process certificate (section 6.1.3.)
+			$state = $this->_processCertificate($state, $cert);
+			if (!$state->isFinal()) {
+				// prepare next certificate (section 6.1.4.)
+				$state = $this->_prepareNext($state, $cert);
+			}
+		}
+		if (!isset($cert)) {
+			throw new \LogicException("No certificates.");
+		}
+		// wrap-up (section 6.1.5.)
+		$state = $this->_wrapUp($state, $cert);
+		// return outputs
+		return $state->getResult($this->_certificates);
+	}
     
-    /**
-     * Apply basic certificate processing according to RFC 5280 section 6.1.3.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _processCertificate(ValidatorState $state, Certificate $cert)
-    {
-        // (a.1) verify signature
-        $this->_verifySignature($state, $cert);
-        // (a.2) check validity period
-        $this->_checkValidity($cert);
-        // (a.3) check that certificate is not revoked
-        $this->_checkRevocation($cert);
-        // (a.4) check issuer
-        $this->_checkIssuer($state, $cert);
-        // (b)(c) if certificate is self-issued and it is not
-        // the final certificate in the path, skip this step
-        if (!($cert->isSelfIssued() && !$state->isFinal())) {
-            // (b) check permitted subtrees
-            $this->_checkPermittedSubtrees($state, $cert);
-            // (c) check excluded subtrees
-            $this->_checkExcludedSubtrees($state, $cert);
-        }
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasCertificatePolicies()) {
-            // (d) process policy information
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processPolicies($state,
-                    $cert);
-            }
-        } else {
-            // (e) certificate policies extension not present,
-            // set the valid_policy_tree to NULL
-            $state = $state->withoutValidPolicyTree();
-        }
-        // (f) check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        return $state;
-    }
+	/**
+	 * Apply basic certificate processing according to RFC 5280 section 6.1.3.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _processCertificate(ValidatorState $state, Certificate $cert)
+	{
+		// (a.1) verify signature
+		$this->_verifySignature($state, $cert);
+		// (a.2) check validity period
+		$this->_checkValidity($cert);
+		// (a.3) check that certificate is not revoked
+		$this->_checkRevocation($cert);
+		// (a.4) check issuer
+		$this->_checkIssuer($state, $cert);
+		// (b)(c) if certificate is self-issued and it is not
+		// the final certificate in the path, skip this step
+		if (!($cert->isSelfIssued() && !$state->isFinal())) {
+			// (b) check permitted subtrees
+			$this->_checkPermittedSubtrees($state, $cert);
+			// (c) check excluded subtrees
+			$this->_checkExcludedSubtrees($state, $cert);
+		}
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasCertificatePolicies()) {
+			// (d) process policy information
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processPolicies($state,
+					$cert);
+			}
+		} else {
+			// (e) certificate policies extension not present,
+			// set the valid_policy_tree to NULL
+			$state = $state->withoutValidPolicyTree();
+		}
+		// (f) check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for the certificate i+1 according to rfc5280 section
-     * 6.1.4.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNext(ValidatorState $state, Certificate $cert)
-    {
-        // (a)(b) if policy mappings extension is present
-        $state = $this->_preparePolicyMappings($state, $cert);
-        // (c) assign working_issuer_name
-        $state = $state->withWorkingIssuerName(
-            $cert->tbsCertificate()
-                ->subject());
-        // (d)(e)(f)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (g) if name constraints extension is present
-        $state = $this->_prepareNameConstraints($state, $cert);
-        // (h) if certificate is not self-issued
-        if (!$cert->isSelfIssued()) {
-            $state = $this->_prepareNonSelfIssued($state);
-        }
-        // (i) if policy constraints extension is present
-        $state = $this->_preparePolicyConstraints($state, $cert);
-        // (j) if inhibit any policy extension is present
-        $state = $this->_prepareInhibitAnyPolicy($state, $cert);
-        // (k) check basic constraints
-        $this->_processBasicContraints($cert);
-        // (l) verify max_path_length
-        $state = $this->_verifyMaxPathLength($state, $cert);
-        // (m) check pathLenContraint
-        $state = $this->_processPathLengthContraint($state, $cert);
-        // (n) check key usage
-        $this->_checkKeyUsage($cert);
-        // (o) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        return $state;
-    }
+	/**
+	 * Apply preparation for the certificate i+1 according to rfc5280 section
+	 * 6.1.4.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNext(ValidatorState $state, Certificate $cert)
+	{
+		// (a)(b) if policy mappings extension is present
+		$state = $this->_preparePolicyMappings($state, $cert);
+		// (c) assign working_issuer_name
+		$state = $state->withWorkingIssuerName(
+			$cert->tbsCertificate()
+				->subject());
+		// (d)(e)(f)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (g) if name constraints extension is present
+		$state = $this->_prepareNameConstraints($state, $cert);
+		// (h) if certificate is not self-issued
+		if (!$cert->isSelfIssued()) {
+			$state = $this->_prepareNonSelfIssued($state);
+		}
+		// (i) if policy constraints extension is present
+		$state = $this->_preparePolicyConstraints($state, $cert);
+		// (j) if inhibit any policy extension is present
+		$state = $this->_prepareInhibitAnyPolicy($state, $cert);
+		// (k) check basic constraints
+		$this->_processBasicContraints($cert);
+		// (l) verify max_path_length
+		$state = $this->_verifyMaxPathLength($state, $cert);
+		// (m) check pathLenContraint
+		$state = $this->_processPathLengthContraint($state, $cert);
+		// (n) check key usage
+		$this->_checkKeyUsage($cert);
+		// (o) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		return $state;
+	}
     
-    /**
-     * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _wrapUp(ValidatorState $state, Certificate $cert)
-    {
-        $tbs_cert = $cert->tbsCertificate();
-        $extensions = $tbs_cert->extensions();
-        // (a)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (b)
-        if ($extensions->hasPolicyConstraints()) {
-            $ext = $extensions->policyConstraints();
-            if ($ext->hasRequireExplicitPolicy() &&
-                 $ext->requireExplicitPolicy() == 0) {
-                $state = $state->withExplicitPolicy(0);
-            }
-        }
-        // (c)(d)(e)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (f) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        // (g) intersection of valid_policy_tree and the initial-policy-set
-        $state = $this->_calculatePolicyIntersection($state);
-        // check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        // path validation succeeded
-        return $state;
-    }
+	/**
+	 * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _wrapUp(ValidatorState $state, Certificate $cert)
+	{
+		$tbs_cert = $cert->tbsCertificate();
+		$extensions = $tbs_cert->extensions();
+		// (a)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (b)
+		if ($extensions->hasPolicyConstraints()) {
+			$ext = $extensions->policyConstraints();
+			if ($ext->hasRequireExplicitPolicy() &&
+				 $ext->requireExplicitPolicy() == 0) {
+				$state = $state->withExplicitPolicy(0);
+			}
+		}
+		// (c)(d)(e)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (f) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		// (g) intersection of valid_policy_tree and the initial-policy-set
+		$state = $this->_calculatePolicyIntersection($state);
+		// check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		// path validation succeeded
+		return $state;
+	}
     
-    /**
-     * Update working_public_key, working_public_key_parameters and
-     * working_public_key_algorithm state variables from certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _setPublicKeyState(ValidatorState $state, Certificate $cert)
-    {
-        $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
-        // assign working_public_key
-        $state = $state->withWorkingPublicKey($pk_info);
-        // assign working_public_key_parameters
-        $params = ValidatorState::getAlgorithmParameters(
-            $pk_info->algorithmIdentifier());
-        if (null !== $params) {
-            $state = $state->withWorkingPublicKeyParameters($params);
-        } else {
-            // if algorithms differ, set parameters to null
-            if ($pk_info->algorithmIdentifier()->oid() !==
-                 $state->workingPublicKeyAlgorithm()->oid()) {
-                $state = $state->withWorkingPublicKeyParameters(null);
-            }
-        }
-        // assign working_public_key_algorithm
-        $state = $state->withWorkingPublicKeyAlgorithm(
-            $pk_info->algorithmIdentifier());
-        return $state;
-    }
+	/**
+	 * Update working_public_key, working_public_key_parameters and
+	 * working_public_key_algorithm state variables from certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _setPublicKeyState(ValidatorState $state, Certificate $cert)
+	{
+		$pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
+		// assign working_public_key
+		$state = $state->withWorkingPublicKey($pk_info);
+		// assign working_public_key_parameters
+		$params = ValidatorState::getAlgorithmParameters(
+			$pk_info->algorithmIdentifier());
+		if (null !== $params) {
+			$state = $state->withWorkingPublicKeyParameters($params);
+		} else {
+			// if algorithms differ, set parameters to null
+			if ($pk_info->algorithmIdentifier()->oid() !==
+				 $state->workingPublicKeyAlgorithm()->oid()) {
+				$state = $state->withWorkingPublicKeyParameters(null);
+			}
+		}
+		// assign working_public_key_algorithm
+		$state = $state->withWorkingPublicKeyAlgorithm(
+			$pk_info->algorithmIdentifier());
+		return $state;
+	}
     
-    /**
-     * Verify certificate signature.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _verifySignature(ValidatorState $state, Certificate $cert)
-    {
-        try {
-            $valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
-        } catch (\RuntimeException $e) {
-            throw new PathValidationException(
-                "Failed to verify signature: " . $e->getMessage(), null, $e);
-        }
-        if (!$valid) {
-            throw new PathValidationException(
-                "Certificate signature doesn't match.");
-        }
-    }
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _verifySignature(ValidatorState $state, Certificate $cert)
+	{
+		try {
+			$valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
+		} catch (\RuntimeException $e) {
+			throw new PathValidationException(
+				"Failed to verify signature: " . $e->getMessage(), null, $e);
+		}
+		if (!$valid) {
+			throw new PathValidationException(
+				"Certificate signature doesn't match.");
+		}
+	}
     
-    /**
-     * Check certificate validity.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkValidity(Certificate $cert)
-    {
-        $refdt = $this->_config->dateTime();
-        $validity = $cert->tbsCertificate()->validity();
-        if ($validity->notBefore()
-            ->dateTime()
-            ->diff($refdt)->invert) {
-            throw new PathValidationException(
-                "Certificate validity period has not started.");
-        }
-        if ($refdt->diff($validity->notAfter()
-            ->dateTime())->invert) {
-            throw new PathValidationException("Certificate has expired.");
-        }
-    }
+	/**
+	 * Check certificate validity.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkValidity(Certificate $cert)
+	{
+		$refdt = $this->_config->dateTime();
+		$validity = $cert->tbsCertificate()->validity();
+		if ($validity->notBefore()
+			->dateTime()
+			->diff($refdt)->invert) {
+			throw new PathValidationException(
+				"Certificate validity period has not started.");
+		}
+		if ($refdt->diff($validity->notAfter()
+			->dateTime())->invert) {
+			throw new PathValidationException("Certificate has expired.");
+		}
+	}
     
-    /**
-     * Check certificate revocation.
-     *
-     * @param Certificate $cert
-     */
-    private function _checkRevocation(Certificate $cert)
-    {
-        // @todo Implement CRL handling
-    }
+	/**
+	 * Check certificate revocation.
+	 *
+	 * @param Certificate $cert
+	 */
+	private function _checkRevocation(Certificate $cert)
+	{
+		// @todo Implement CRL handling
+	}
     
-    /**
-     * Check certificate issuer.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkIssuer(ValidatorState $state, Certificate $cert)
-    {
-        if (!$cert->tbsCertificate()
-            ->issuer()
-            ->equals($state->workingIssuerName())) {
-            throw new PathValidationException("Certification issuer mismatch.");
-        }
-    }
+	/**
+	 * Check certificate issuer.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkIssuer(ValidatorState $state, Certificate $cert)
+	{
+		if (!$cert->tbsCertificate()
+			->issuer()
+			->equals($state->workingIssuerName())) {
+			throw new PathValidationException("Certification issuer mismatch.");
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkPermittedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->permittedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkPermittedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->permittedSubtrees();
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkExcludedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->excludedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkExcludedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->excludedSubtrees();
+	}
     
-    /**
-     * Apply policy mappings handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _preparePolicyMappings(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasPolicyMappings()) {
-            // (a) verify that anyPolicy mapping is not used
-            if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
-                throw new PathValidationException("anyPolicy mapping found.");
-            }
-            // (b) process policy mappings
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processMappings($state,
-                    $cert);
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy mappings handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyMappings(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasPolicyMappings()) {
+			// (a) verify that anyPolicy mapping is not used
+			if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
+				throw new PathValidationException("anyPolicy mapping found.");
+			}
+			// (b) process policy mappings
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processMappings($state,
+					$cert);
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Apply name constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNameConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasNameConstraints()) {
-            $state = $this->_processNameConstraints($state, $cert);
-        }
-        return $state;
-    }
+	/**
+	 * Apply name constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNameConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasNameConstraints()) {
+			$state = $this->_processNameConstraints($state, $cert);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for a non-self-signed certificate.
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _prepareNonSelfIssued(ValidatorState $state)
-    {
-        // (h.1)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (h.2)
-        if ($state->policyMapping() > 0) {
-            $state = $state->withPolicyMapping($state->policyMapping() - 1);
-        }
-        // (h.3)
-        if ($state->inhibitAnyPolicy() > 0) {
-            $state = $state->withInhibitAnyPolicy(
-                $state->inhibitAnyPolicy() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Apply preparation for a non-self-signed certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _prepareNonSelfIssued(ValidatorState $state)
+	{
+		// (h.1)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (h.2)
+		if ($state->policyMapping() > 0) {
+			$state = $state->withPolicyMapping($state->policyMapping() - 1);
+		}
+		// (h.3)
+		if ($state->inhibitAnyPolicy() > 0) {
+			$state = $state->withInhibitAnyPolicy(
+				$state->inhibitAnyPolicy() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply policy constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _preparePolicyConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if (!$extensions->hasPolicyConstraints()) {
-            return $state;
-        }
-        $ext = $extensions->policyConstraints();
-        // (i.1)
-        if ($ext->hasRequireExplicitPolicy() &&
-             $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
-            $state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
-        }
-        // (i.2)
-        if ($ext->hasInhibitPolicyMapping() &&
-             $ext->inhibitPolicyMapping() < $state->policyMapping()) {
-            $state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if (!$extensions->hasPolicyConstraints()) {
+			return $state;
+		}
+		$ext = $extensions->policyConstraints();
+		// (i.1)
+		if ($ext->hasRequireExplicitPolicy() &&
+			 $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
+			$state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
+		}
+		// (i.2)
+		if ($ext->hasInhibitPolicyMapping() &&
+			 $ext->inhibitPolicyMapping() < $state->policyMapping()) {
+			$state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
+		}
+		return $state;
+	}
     
-    /**
-     * Apply inhibit any-policy handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareInhibitAnyPolicy(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasInhibitAnyPolicy()) {
-            $ext = $extensions->inhibitAnyPolicy();
-            if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
-                $state = $state->withInhibitAnyPolicy($ext->skipCerts());
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply inhibit any-policy handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareInhibitAnyPolicy(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasInhibitAnyPolicy()) {
+			$ext = $extensions->inhibitAnyPolicy();
+			if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
+				$state = $state->withInhibitAnyPolicy($ext->skipCerts());
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Verify maximum certification path length for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _verifyMaxPathLength(ValidatorState $state,
-        Certificate $cert)
-    {
-        if (!$cert->isSelfIssued()) {
-            if ($state->maxPathLength() <= 0) {
-                throw new PathValidationException(
-                    "Certification path length exceeded.");
-            }
-            $state = $state->withMaxPathLength($state->maxPathLength() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Verify maximum certification path length for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _verifyMaxPathLength(ValidatorState $state,
+		Certificate $cert)
+	{
+		if (!$cert->isSelfIssued()) {
+			if ($state->maxPathLength() <= 0) {
+				throw new PathValidationException(
+					"Certification path length exceeded.");
+			}
+			$state = $state->withMaxPathLength($state->maxPathLength() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Check key usage extension for the preparation step.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkKeyUsage(Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasKeyUsage()) {
-            $ext = $extensions->keyUsage();
-            if (!$ext->isKeyCertSign()) {
-                throw new PathValidationException("keyCertSign usage not set.");
-            }
-        }
-    }
+	/**
+	 * Check key usage extension for the preparation step.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkKeyUsage(Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasKeyUsage()) {
+			$ext = $extensions->keyUsage();
+			if (!$ext->isKeyCertSign()) {
+				throw new PathValidationException("keyCertSign usage not set.");
+			}
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processNameConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processNameConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     * Process basic constraints extension.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _processBasicContraints(Certificate $cert)
-    {
-        if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
-            $extensions = $cert->tbsCertificate()->extensions();
-            if (!$extensions->hasBasicConstraints()) {
-                throw new PathValidationException(
-                    "v3 certificate must have basicConstraints extension.");
-            }
-            // verify that cA is set to TRUE
-            if (!$extensions->basicConstraints()->isCA()) {
-                throw new PathValidationException(
-                    "Certificate is not a CA certificate.");
-            }
-        }
-    }
+	/**
+	 * Process basic constraints extension.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _processBasicContraints(Certificate $cert)
+	{
+		if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
+			$extensions = $cert->tbsCertificate()->extensions();
+			if (!$extensions->hasBasicConstraints()) {
+				throw new PathValidationException(
+					"v3 certificate must have basicConstraints extension.");
+			}
+			// verify that cA is set to TRUE
+			if (!$extensions->basicConstraints()->isCA()) {
+				throw new PathValidationException(
+					"Certificate is not a CA certificate.");
+			}
+		}
+	}
     
-    /**
-     * Process pathLenConstraint.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processPathLengthContraint(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasBasicConstraints()) {
-            $ext = $extensions->basicConstraints();
-            if ($ext->hasPathLen()) {
-                if ($ext->pathLen() < $state->maxPathLength()) {
-                    $state = $state->withMaxPathLength($ext->pathLen());
-                }
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Process pathLenConstraint.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processPathLengthContraint(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasBasicConstraints()) {
+			$ext = $extensions->basicConstraints();
+			if ($ext->hasPathLen()) {
+				if ($ext->pathLen() < $state->maxPathLength()) {
+					$state = $state->withMaxPathLength($ext->pathLen());
+				}
+			}
+		}
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processExtensions(ValidatorState $state, Certificate $cert)
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processExtensions(ValidatorState $state, Certificate $cert)
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _calculatePolicyIntersection(ValidatorState $state)
-    {
-        // (i) If the valid_policy_tree is NULL, the intersection is NULL
-        if (!$state->hasValidPolicyTree()) {
-            return $state;
-        }
-        // (ii) If the valid_policy_tree is not NULL and
-        // the user-initial-policy-set is any-policy, the intersection
-        // is the entire valid_policy_tree
-        $initial_policies = $this->_config->policySet();
-        if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
-            return $state;
-        }
-        // (iii) If the valid_policy_tree is not NULL and the
-        // user-initial-policy-set is not any-policy, calculate
-        // the intersection of the valid_policy_tree and the
-        // user-initial-policy-set as follows
-        return $state->validPolicyTree()->calculateIntersection($state,
-            $initial_policies);
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _calculatePolicyIntersection(ValidatorState $state)
+	{
+		// (i) If the valid_policy_tree is NULL, the intersection is NULL
+		if (!$state->hasValidPolicyTree()) {
+			return $state;
+		}
+		// (ii) If the valid_policy_tree is not NULL and
+		// the user-initial-policy-set is any-policy, the intersection
+		// is the entire valid_policy_tree
+		$initial_policies = $this->_config->policySet();
+		if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
+			return $state;
+		}
+		// (iii) If the valid_policy_tree is not NULL and the
+		// user-initial-policy-set is not any-policy, calculate
+		// the intersection of the valid_policy_tree and the
+		// user-initial-policy-set as follows
+		return $state->validPolicyTree()->calculateIntersection($state,
+			$initial_policies);
+	}
 }

lib/X509/CertificationPath/Policy/PolicyTree.php

Doc Comments +3 added lines, -2 removed lines

@@ -81,7 +81,7 @@ 
      * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g.
      *
      * @param ValidatorState $state
-     * @param array $policies
+     * @param string[] $policies
      * @return ValidatorState
      */
     public function calculateIntersection(ValidatorState $state, array $policies)
@@ -266,7 +266,7 @@ 
      * @param Certificate $cert
      * @param ValidatorState $state
      * @param string $idp OID of the issuer domain policy
-     * @param array $sdps Array of subject domain policy OIDs
+     * @param string[] $sdps Array of subject domain policy OIDs
      */
     protected function _applyAnyPolicyMapping(Certificate $cert,
         ValidatorState $state, $idp, array $sdps)
@@ -404,6 +404,7 @@ 
      * Gather all children of given nodes to a flattened array.
      *
      * @param PolicyNode ...$nodes
+     * @param PolicyNode[] $nodes
      * @return PolicyNode[]
      */
     private static function _gatherChildren(PolicyNode ...$nodes)

Indentation +392 added lines, -392 removed lines

@@ -8,410 +8,410 @@
 
 class PolicyTree
 {
-    /**
-     * Root node at depth zero.
-     *
-     * @var PolicyNode|null
-     */
-    protected $_root;
+	/**
+	 * Root node at depth zero.
+	 *
+	 * @var PolicyNode|null
+	 */
+	protected $_root;
     
-    /**
-     * Constructor.
-     *
-     * @param PolicyNode $root Initial root node
-     */
-    public function __construct(PolicyNode $root)
-    {
-        $this->_root = $root;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param PolicyNode $root Initial root node
+	 */
+	public function __construct(PolicyNode $root)
+	{
+		$this->_root = $root;
+	}
     
-    /**
-     * Process policy information from the certificate.
-     *
-     * Certificate policies extension must be present.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    public function processPolicies(ValidatorState $state, Certificate $cert)
-    {
-        $policies = $cert->tbsCertificate()
-            ->extensions()
-            ->certificatePolicies();
-        $tree = clone $this;
-        // (d.1) for each policy P not equal to anyPolicy
-        foreach ($policies as $policy) {
-            if ($policy->isAnyPolicy()) {
-                $tree->_processAnyPolicy($policy, $cert, $state);
-            } else {
-                $tree->_processPolicy($policy, $state);
-            }
-        }
-        // if whole tree is pruned
-        if (!$tree->_pruneTree($state->index() - 1)) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Process policy information from the certificate.
+	 *
+	 * Certificate policies extension must be present.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	public function processPolicies(ValidatorState $state, Certificate $cert)
+	{
+		$policies = $cert->tbsCertificate()
+			->extensions()
+			->certificatePolicies();
+		$tree = clone $this;
+		// (d.1) for each policy P not equal to anyPolicy
+		foreach ($policies as $policy) {
+			if ($policy->isAnyPolicy()) {
+				$tree->_processAnyPolicy($policy, $cert, $state);
+			} else {
+				$tree->_processPolicy($policy, $state);
+			}
+		}
+		// if whole tree is pruned
+		if (!$tree->_pruneTree($state->index() - 1)) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Process policy mappings from the certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    public function processMappings(ValidatorState $state, Certificate $cert)
-    {
-        $tree = clone $this;
-        if ($state->policyMapping() > 0) {
-            $tree->_applyMappings($cert, $state);
-        } else if ($state->policyMapping() == 0) {
-            $tree->_deleteMappings($cert, $state);
-        }
-        // if whole tree is pruned
-        if (!$tree->_root) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Process policy mappings from the certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	public function processMappings(ValidatorState $state, Certificate $cert)
+	{
+		$tree = clone $this;
+		if ($state->policyMapping() > 0) {
+			$tree->_applyMappings($cert, $state);
+		} else if ($state->policyMapping() == 0) {
+			$tree->_deleteMappings($cert, $state);
+		}
+		// if whole tree is pruned
+		if (!$tree->_root) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g.
-     *
-     * @param ValidatorState $state
-     * @param array $policies
-     * @return ValidatorState
-     */
-    public function calculateIntersection(ValidatorState $state, array $policies)
-    {
-        $tree = clone $this;
-        $valid_policy_node_set = $tree->_validPolicyNodeSet();
-        // 2. If the valid_policy of any node in the valid_policy_node_set
-        // is not in the user-initial-policy-set and is not anyPolicy,
-        // delete this node and all its children.
-        $valid_policy_node_set = array_filter($valid_policy_node_set,
-            function (PolicyNode $node) use ($policies) {
-                if ($node->isAnyPolicy()) {
-                    return true;
-                }
-                if (in_array($node->validPolicy(), $policies)) {
-                    return true;
-                }
-                $node->remove();
-                return false;
-            });
-        // array of valid policy OIDs
-        $valid_policy_set = array_map(
-            function (PolicyNode $node) {
-                return $node->validPolicy();
-            }, $valid_policy_node_set);
-        // 3. If the valid_policy_tree includes a node of depth n with
-        // the valid_policy anyPolicy and the user-initial-policy-set 
-        // is not any-policy
-        foreach ($tree->_nodesAtDepth($state->index()) as $node) {
-            if ($node->hasParent() && $node->isAnyPolicy()) {
-                // a. Set P-Q to the qualifier_set in the node of depth n
-                // with valid_policy anyPolicy.
-                $pq = $node->qualifiers();
-                // b. For each P-OID in the user-initial-policy-set that is not
-                // the valid_policy of a node in the valid_policy_node_set,
-                // create a child node whose parent is the node of depth n-1
-                // with the valid_policy anyPolicy.
-                $poids = array_diff($policies, $valid_policy_set);
-                foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) {
-                    if ($parent->isAnyPolicy()) {
-                        // Set the values in the child node as follows: 
-                        // set the valid_policy to P-OID, set the qualifier_set
-                        // to P-Q, and set the expected_policy_set to {P-OID}.
-                        foreach ($poids as $poid) {
-                            $parent->addChild(
-                                new PolicyNode($poid, $pq, array($poid)));
-                        }
-                        break;
-                    }
-                }
-                // c. Delete the node of depth n with the
-                // valid_policy anyPolicy.
-                $node->remove();
-            }
-        }
-        // 4. If there is a node in the valid_policy_tree of depth n-1 or less
-        // without any child nodes, delete that node. Repeat this step until
-        // there are no nodes of depth n-1 or less without children.
-        if (!$tree->_pruneTree($state->index() - 1)) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g.
+	 *
+	 * @param ValidatorState $state
+	 * @param array $policies
+	 * @return ValidatorState
+	 */
+	public function calculateIntersection(ValidatorState $state, array $policies)
+	{
+		$tree = clone $this;
+		$valid_policy_node_set = $tree->_validPolicyNodeSet();
+		// 2. If the valid_policy of any node in the valid_policy_node_set
+		// is not in the user-initial-policy-set and is not anyPolicy,
+		// delete this node and all its children.
+		$valid_policy_node_set = array_filter($valid_policy_node_set,
+			function (PolicyNode $node) use ($policies) {
+				if ($node->isAnyPolicy()) {
+					return true;
+				}
+				if (in_array($node->validPolicy(), $policies)) {
+					return true;
+				}
+				$node->remove();
+				return false;
+			});
+		// array of valid policy OIDs
+		$valid_policy_set = array_map(
+			function (PolicyNode $node) {
+				return $node->validPolicy();
+			}, $valid_policy_node_set);
+		// 3. If the valid_policy_tree includes a node of depth n with
+		// the valid_policy anyPolicy and the user-initial-policy-set 
+		// is not any-policy
+		foreach ($tree->_nodesAtDepth($state->index()) as $node) {
+			if ($node->hasParent() && $node->isAnyPolicy()) {
+				// a. Set P-Q to the qualifier_set in the node of depth n
+				// with valid_policy anyPolicy.
+				$pq = $node->qualifiers();
+				// b. For each P-OID in the user-initial-policy-set that is not
+				// the valid_policy of a node in the valid_policy_node_set,
+				// create a child node whose parent is the node of depth n-1
+				// with the valid_policy anyPolicy.
+				$poids = array_diff($policies, $valid_policy_set);
+				foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) {
+					if ($parent->isAnyPolicy()) {
+						// Set the values in the child node as follows: 
+						// set the valid_policy to P-OID, set the qualifier_set
+						// to P-Q, and set the expected_policy_set to {P-OID}.
+						foreach ($poids as $poid) {
+							$parent->addChild(
+								new PolicyNode($poid, $pq, array($poid)));
+						}
+						break;
+					}
+				}
+				// c. Delete the node of depth n with the
+				// valid_policy anyPolicy.
+				$node->remove();
+			}
+		}
+		// 4. If there is a node in the valid_policy_tree of depth n-1 or less
+		// without any child nodes, delete that node. Repeat this step until
+		// there are no nodes of depth n-1 or less without children.
+		if (!$tree->_pruneTree($state->index() - 1)) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Get policies at given policy tree depth.
-     *
-     * @param int $i Depth in range 1..n
-     * @return PolicyInformation[]
-     */
-    public function policiesAtDepth($i)
-    {
-        $policies = array();
-        foreach ($this->_nodesAtDepth($i) as $node) {
-            $policies[] = new PolicyInformation($node->validPolicy(),
-                ...$node->qualifiers());
-        }
-        return $policies;
-    }
+	/**
+	 * Get policies at given policy tree depth.
+	 *
+	 * @param int $i Depth in range 1..n
+	 * @return PolicyInformation[]
+	 */
+	public function policiesAtDepth($i)
+	{
+		$policies = array();
+		foreach ($this->_nodesAtDepth($i) as $node) {
+			$policies[] = new PolicyInformation($node->validPolicy(),
+				...$node->qualifiers());
+		}
+		return $policies;
+	}
     
-    /**
-     * Process single policy information.
-     *
-     * @param PolicyInformation $policy
-     * @param ValidatorState $state
-     */
-    protected function _processPolicy(PolicyInformation $policy,
-        ValidatorState $state)
-    {
-        $p_oid = $policy->oid();
-        $i = $state->index();
-        $match_count = 0;
-        // (d.1.i) for each node of depth i-1 in the valid_policy_tree...
-        foreach ($this->_nodesAtDepth($i - 1) as $node) {
-            // ...where P-OID is in the expected_policy_set
-            if ($node->hasExpectedPolicy($p_oid)) {
-                $node->addChild(
-                    new PolicyNode($p_oid, $policy->qualifiers(), array($p_oid)));
-                ++$match_count;
-            }
-        }
-        // (d.1.ii) if there was no match in step (i)...
-        if (!$match_count) {
-            // ...and the valid_policy_tree includes a node of depth i-1 with
-            // the valid_policy anyPolicy
-            foreach ($this->_nodesAtDepth($i - 1) as $node) {
-                if ($node->isAnyPolicy()) {
-                    $node->addChild(
-                        new PolicyNode($p_oid, $policy->qualifiers(),
-                            array($p_oid)));
-                }
-            }
-        }
-    }
+	/**
+	 * Process single policy information.
+	 *
+	 * @param PolicyInformation $policy
+	 * @param ValidatorState $state
+	 */
+	protected function _processPolicy(PolicyInformation $policy,
+		ValidatorState $state)
+	{
+		$p_oid = $policy->oid();
+		$i = $state->index();
+		$match_count = 0;
+		// (d.1.i) for each node of depth i-1 in the valid_policy_tree...
+		foreach ($this->_nodesAtDepth($i - 1) as $node) {
+			// ...where P-OID is in the expected_policy_set
+			if ($node->hasExpectedPolicy($p_oid)) {
+				$node->addChild(
+					new PolicyNode($p_oid, $policy->qualifiers(), array($p_oid)));
+				++$match_count;
+			}
+		}
+		// (d.1.ii) if there was no match in step (i)...
+		if (!$match_count) {
+			// ...and the valid_policy_tree includes a node of depth i-1 with
+			// the valid_policy anyPolicy
+			foreach ($this->_nodesAtDepth($i - 1) as $node) {
+				if ($node->isAnyPolicy()) {
+					$node->addChild(
+						new PolicyNode($p_oid, $policy->qualifiers(),
+							array($p_oid)));
+				}
+			}
+		}
+	}
     
-    /**
-     * Process anyPolicy policy information.
-     *
-     * @param PolicyInformation $policy
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _processAnyPolicy(PolicyInformation $policy,
-        Certificate $cert, ValidatorState $state)
-    {
-        $i = $state->index();
-        // if (a) inhibit_anyPolicy is greater than 0 or
-        // (b) i<n and the certificate is self-issued
-        if (!($state->inhibitAnyPolicy() > 0 ||
-             ($i < $state->pathLength() && $cert->isSelfIssued()))) {
-            return;
-        }
-        // for each node in the valid_policy_tree of depth i-1
-        foreach ($this->_nodesAtDepth($i - 1) as $node) {
-            // for each value in the expected_policy_set
-            foreach ($node->expectedPolicies() as $p_oid) {
-                // that does not appear in a child node
-                if (!$node->hasChildWithValidPolicy($p_oid)) {
-                    $node->addChild(
-                        new PolicyNode($p_oid, $policy->qualifiers(),
-                            array($p_oid)));
-                }
-            }
-        }
-    }
+	/**
+	 * Process anyPolicy policy information.
+	 *
+	 * @param PolicyInformation $policy
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _processAnyPolicy(PolicyInformation $policy,
+		Certificate $cert, ValidatorState $state)
+	{
+		$i = $state->index();
+		// if (a) inhibit_anyPolicy is greater than 0 or
+		// (b) i<n and the certificate is self-issued
+		if (!($state->inhibitAnyPolicy() > 0 ||
+			 ($i < $state->pathLength() && $cert->isSelfIssued()))) {
+			return;
+		}
+		// for each node in the valid_policy_tree of depth i-1
+		foreach ($this->_nodesAtDepth($i - 1) as $node) {
+			// for each value in the expected_policy_set
+			foreach ($node->expectedPolicies() as $p_oid) {
+				// that does not appear in a child node
+				if (!$node->hasChildWithValidPolicy($p_oid)) {
+					$node->addChild(
+						new PolicyNode($p_oid, $policy->qualifiers(),
+							array($p_oid)));
+				}
+			}
+		}
+	}
     
-    /**
-     * Apply policy mappings to the policy tree.
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _applyMappings(Certificate $cert, ValidatorState $state)
-    {
-        $policy_mappings = $cert->tbsCertificate()
-            ->extensions()
-            ->policyMappings();
-        // (6.1.4. b.1.) for each node in the valid_policy_tree of depth i...
-        foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) {
-            $match_count = 0;
-            foreach ($this->_nodesAtDepth($state->index()) as $node) {
-                // ...where ID-P is the valid_policy
-                if ($node->validPolicy() == $idp) {
-                    // set expected_policy_set to the set of subjectDomainPolicy
-                    // values that are specified as equivalent to ID-P by
-                    // the policy mappings extension
-                    $node->setExpectedPolicies(...$sdps);
-                    ++$match_count;
-                }
-            }
-            // if no node of depth i in the valid_policy_tree has
-            // a valid_policy of ID-P...
-            if (!$match_count) {
-                $this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps);
-            }
-        }
-    }
+	/**
+	 * Apply policy mappings to the policy tree.
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _applyMappings(Certificate $cert, ValidatorState $state)
+	{
+		$policy_mappings = $cert->tbsCertificate()
+			->extensions()
+			->policyMappings();
+		// (6.1.4. b.1.) for each node in the valid_policy_tree of depth i...
+		foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) {
+			$match_count = 0;
+			foreach ($this->_nodesAtDepth($state->index()) as $node) {
+				// ...where ID-P is the valid_policy
+				if ($node->validPolicy() == $idp) {
+					// set expected_policy_set to the set of subjectDomainPolicy
+					// values that are specified as equivalent to ID-P by
+					// the policy mappings extension
+					$node->setExpectedPolicies(...$sdps);
+					++$match_count;
+				}
+			}
+			// if no node of depth i in the valid_policy_tree has
+			// a valid_policy of ID-P...
+			if (!$match_count) {
+				$this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps);
+			}
+		}
+	}
     
-    /**
-     * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1).
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     * @param string $idp OID of the issuer domain policy
-     * @param array $sdps Array of subject domain policy OIDs
-     */
-    protected function _applyAnyPolicyMapping(Certificate $cert,
-        ValidatorState $state, $idp, array $sdps)
-    {
-        // (6.1.4. b.1.) ...but there is a node of depth i with
-        // a valid_policy of anyPolicy
-        foreach ($this->_nodesAtDepth($state->index()) as $node) {
-            if ($node->isAnyPolicy()) {
-                // then generate a child node of the node of depth i-1
-                // that has a valid_policy of anyPolicy as follows...
-                foreach ($this->_nodesAtDepth($state->index() - 1) as $node) {
-                    if ($node->isAnyPolicy()) {
-                        // try to fetch qualifiers of anyPolicy certificate policy
-                        $qualifiers = array();
-                        try {
-                            $qualifiers = $cert->tbsCertificate()
-                                ->extensions()
-                                ->certificatePolicies()
-                                ->anyPolicy()
-                                ->qualifiers();
-                        } catch (\LogicException $e) {
-                        }
-                        $node->addChild(
-                            new PolicyNode($idp, $qualifiers, $sdps));
-                        // bail after first anyPolicy has been processed
-                        break;
-                    }
-                }
-                // bail after first anyPolicy has been processed
-                break;
-            }
-        }
-    }
+	/**
+	 * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1).
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 * @param string $idp OID of the issuer domain policy
+	 * @param array $sdps Array of subject domain policy OIDs
+	 */
+	protected function _applyAnyPolicyMapping(Certificate $cert,
+		ValidatorState $state, $idp, array $sdps)
+	{
+		// (6.1.4. b.1.) ...but there is a node of depth i with
+		// a valid_policy of anyPolicy
+		foreach ($this->_nodesAtDepth($state->index()) as $node) {
+			if ($node->isAnyPolicy()) {
+				// then generate a child node of the node of depth i-1
+				// that has a valid_policy of anyPolicy as follows...
+				foreach ($this->_nodesAtDepth($state->index() - 1) as $node) {
+					if ($node->isAnyPolicy()) {
+						// try to fetch qualifiers of anyPolicy certificate policy
+						$qualifiers = array();
+						try {
+							$qualifiers = $cert->tbsCertificate()
+								->extensions()
+								->certificatePolicies()
+								->anyPolicy()
+								->qualifiers();
+						} catch (\LogicException $e) {
+						}
+						$node->addChild(
+							new PolicyNode($idp, $qualifiers, $sdps));
+						// bail after first anyPolicy has been processed
+						break;
+					}
+				}
+				// bail after first anyPolicy has been processed
+				break;
+			}
+		}
+	}
     
-    /**
-     * Delete nodes as specified in 6.1.4 (b)(2).
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _deleteMappings(Certificate $cert, ValidatorState $state)
-    {
-        $idps = $cert->tbsCertificate()
-            ->extensions()
-            ->policyMappings()
-            ->issuerDomainPolicies();
-        // delete each node of depth i in the valid_policy_tree
-        // where ID-P is the valid_policy
-        foreach ($this->_nodesAtDepth($state->index()) as $node) {
-            if (in_array($node->validPolicy(), $idps)) {
-                $node->remove();
-            }
-        }
-        $this->_pruneTree($state->index() - 1);
-    }
+	/**
+	 * Delete nodes as specified in 6.1.4 (b)(2).
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _deleteMappings(Certificate $cert, ValidatorState $state)
+	{
+		$idps = $cert->tbsCertificate()
+			->extensions()
+			->policyMappings()
+			->issuerDomainPolicies();
+		// delete each node of depth i in the valid_policy_tree
+		// where ID-P is the valid_policy
+		foreach ($this->_nodesAtDepth($state->index()) as $node) {
+			if (in_array($node->validPolicy(), $idps)) {
+				$node->remove();
+			}
+		}
+		$this->_pruneTree($state->index() - 1);
+	}
     
-    /**
-     * Prune tree starting from given depth.
-     *
-     * @param int $depth
-     * @return int The number of nodes left in a tree
-     */
-    protected function _pruneTree($depth)
-    {
-        for ($i = $depth; $i > 0; --$i) {
-            foreach ($this->_nodesAtDepth($i) as $node) {
-                if (!count($node)) {
-                    $node->remove();
-                }
-            }
-        }
-        // if root has no children left
-        if (!count($this->_root)) {
-            $this->_root = null;
-            return 0;
-        }
-        return $this->_root->nodeCount();
-    }
+	/**
+	 * Prune tree starting from given depth.
+	 *
+	 * @param int $depth
+	 * @return int The number of nodes left in a tree
+	 */
+	protected function _pruneTree($depth)
+	{
+		for ($i = $depth; $i > 0; --$i) {
+			foreach ($this->_nodesAtDepth($i) as $node) {
+				if (!count($node)) {
+					$node->remove();
+				}
+			}
+		}
+		// if root has no children left
+		if (!count($this->_root)) {
+			$this->_root = null;
+			return 0;
+		}
+		return $this->_root->nodeCount();
+	}
     
-    /**
-     * Get all nodes at given depth.
-     *
-     * @param int $i
-     * @return PolicyNode[]
-     */
-    protected function _nodesAtDepth($i)
-    {
-        if (!$this->_root) {
-            return array();
-        }
-        $depth = 0;
-        $nodes = array($this->_root);
-        while ($depth < $i) {
-            $nodes = self::_gatherChildren(...$nodes);
-            if (!count($nodes)) {
-                break;
-            }
-            ++$depth;
-        }
-        return $nodes;
-    }
+	/**
+	 * Get all nodes at given depth.
+	 *
+	 * @param int $i
+	 * @return PolicyNode[]
+	 */
+	protected function _nodesAtDepth($i)
+	{
+		if (!$this->_root) {
+			return array();
+		}
+		$depth = 0;
+		$nodes = array($this->_root);
+		while ($depth < $i) {
+			$nodes = self::_gatherChildren(...$nodes);
+			if (!count($nodes)) {
+				break;
+			}
+			++$depth;
+		}
+		return $nodes;
+	}
     
-    /**
-     * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1.
-     *
-     * @return PolicyNode[]
-     */
-    protected function _validPolicyNodeSet()
-    {
-        // 1. Determine the set of policy nodes whose parent nodes have
-        // a valid_policy of anyPolicy. This is the valid_policy_node_set.
-        $set = array();
-        if (!$this->_root) {
-            return $set;
-        }
-        // for each node in a tree
-        $this->_root->walkNodes(
-            function (PolicyNode $node) use (&$set) {
-                $parents = $node->parents();
-                // node has parents
-                if (count($parents)) {
-                    // check that each ancestor is an anyPolicy node
-                    foreach ($parents as $ancestor) {
-                        if (!$ancestor->isAnyPolicy()) {
-                            return;
-                        }
-                    }
-                    $set[] = $node;
-                }
-            });
-        return $set;
-    }
+	/**
+	 * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1.
+	 *
+	 * @return PolicyNode[]
+	 */
+	protected function _validPolicyNodeSet()
+	{
+		// 1. Determine the set of policy nodes whose parent nodes have
+		// a valid_policy of anyPolicy. This is the valid_policy_node_set.
+		$set = array();
+		if (!$this->_root) {
+			return $set;
+		}
+		// for each node in a tree
+		$this->_root->walkNodes(
+			function (PolicyNode $node) use (&$set) {
+				$parents = $node->parents();
+				// node has parents
+				if (count($parents)) {
+					// check that each ancestor is an anyPolicy node
+					foreach ($parents as $ancestor) {
+						if (!$ancestor->isAnyPolicy()) {
+							return;
+						}
+					}
+					$set[] = $node;
+				}
+			});
+		return $set;
+	}
     
-    /**
-     * Gather all children of given nodes to a flattened array.
-     *
-     * @param PolicyNode ...$nodes
-     * @return PolicyNode[]
-     */
-    private static function _gatherChildren(PolicyNode ...$nodes)
-    {
-        $children = array();
-        foreach ($nodes as $node) {
-            $children = array_merge($children, $node->children());
-        }
-        return $children;
-    }
+	/**
+	 * Gather all children of given nodes to a flattened array.
+	 *
+	 * @param PolicyNode ...$nodes
+	 * @return PolicyNode[]
+	 */
+	private static function _gatherChildren(PolicyNode ...$nodes)
+	{
+		$children = array();
+		foreach ($nodes as $node) {
+			$children = array_merge($children, $node->children());
+		}
+		return $children;
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -92,7 +92,7 @@ 
         // is not in the user-initial-policy-set and is not anyPolicy,
         // delete this node and all its children.
         $valid_policy_node_set = array_filter($valid_policy_node_set,
-            function (PolicyNode $node) use ($policies) {
+            function(PolicyNode $node) use ($policies) {
                 if ($node->isAnyPolicy()) {
                     return true;
                 }
@@ -104,7 +104,7 @@ 
             });
         // array of valid policy OIDs
         $valid_policy_set = array_map(
-            function (PolicyNode $node) {
+            function(PolicyNode $node) {
                 return $node->validPolicy();
             }, $valid_policy_node_set);
         // 3. If the valid_policy_tree includes a node of depth n with
@@ -384,7 +384,7 @@ 
         }
         // for each node in a tree
         $this->_root->walkNodes(
-            function (PolicyNode $node) use (&$set) {
+            function(PolicyNode $node) use (&$set) {
                 $parents = $node->parents();
                 // node has parents
                 if (count($parents)) {

lib/X509/GeneralName/IPv4Address.php

Indentation +37 added lines, -37 removed lines

@@ -4,42 +4,42 @@
 
 class IPv4Address extends IPAddress
 {
-    /**
-     * Initialize from octets.
-     *
-     * @param string $octets
-     * @throws \InvalidArgumentException
-     * @return self
-     */
-    public static function fromOctets($octets)
-    {
-        $mask = null;
-        $bytes = unpack("C*", $octets);
-        switch (count($bytes)) {
-            case 4:
-                $ip = implode(".", $bytes);
-                break;
-            case 8:
-                $ip = implode(".", array_slice($bytes, 0, 4));
-                $mask = implode(".", array_slice($bytes, 4, 4));
-                break;
-            default:
-                throw new \UnexpectedValueException("Invalid IPv4 octet length.");
-        }
-        return new self($ip, $mask);
-    }
+	/**
+	 * Initialize from octets.
+	 *
+	 * @param string $octets
+	 * @throws \InvalidArgumentException
+	 * @return self
+	 */
+	public static function fromOctets($octets)
+	{
+		$mask = null;
+		$bytes = unpack("C*", $octets);
+		switch (count($bytes)) {
+			case 4:
+				$ip = implode(".", $bytes);
+				break;
+			case 8:
+				$ip = implode(".", array_slice($bytes, 0, 4));
+				$mask = implode(".", array_slice($bytes, 4, 4));
+				break;
+			default:
+				throw new \UnexpectedValueException("Invalid IPv4 octet length.");
+		}
+		return new self($ip, $mask);
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _octets()
-    {
-        $bytes = array_map("intval", explode(".", $this->_ip));
-        if (isset($this->_mask)) {
-            $bytes = array_merge($bytes,
-                array_map("intval", explode(".", $this->_mask)));
-        }
-        return pack("C*", ...$bytes);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _octets()
+	{
+		$bytes = array_map("intval", explode(".", $this->_ip));
+		if (isset($this->_mask)) {
+			$bytes = array_merge($bytes,
+				array_map("intval", explode(".", $this->_mask)));
+		}
+		return pack("C*", ...$bytes);
+	}
 }

Switch Indentation +9 added lines, -9 removed lines

@@ -16,15 +16,15 @@
         $mask = null;
         $bytes = unpack("C*", $octets);
         switch (count($bytes)) {
-            case 4:
-                $ip = implode(".", $bytes);
-                break;
-            case 8:
-                $ip = implode(".", array_slice($bytes, 0, 4));
-                $mask = implode(".", array_slice($bytes, 4, 4));
-                break;
-            default:
-                throw new \UnexpectedValueException("Invalid IPv4 octet length.");
+        case 4:
+            $ip = implode(".", $bytes);
+            break;
+        case 8:
+            $ip = implode(".", array_slice($bytes, 0, 4));
+            $mask = implode(".", array_slice($bytes, 4, 4));
+            break;
+        default:
+            throw new \UnexpectedValueException("Invalid IPv4 octet length.");
         }
         return new self($ip, $mask);
     }

lib/X509/GeneralName/IPAddress.php

Indentation +85 added lines, -85 removed lines

@@ -16,97 +16,97 @@
  */
 abstract class IPAddress extends GeneralName
 {
-    /**
-     * IP address.
-     *
-     * @var string $_ip
-     */
-    protected $_ip;
+	/**
+	 * IP address.
+	 *
+	 * @var string $_ip
+	 */
+	protected $_ip;
     
-    /**
-     * Subnet mask.
-     *
-     * @var string|null $_mask
-     */
-    protected $_mask;
+	/**
+	 * Subnet mask.
+	 *
+	 * @var string|null $_mask
+	 */
+	protected $_mask;
     
-    /**
-     * Get octet representation of the IP address.
-     *
-     * @return string
-     */
-    abstract protected function _octets();
+	/**
+	 * Get octet representation of the IP address.
+	 *
+	 * @return string
+	 */
+	abstract protected function _octets();
     
-    /**
-     * Constructor.
-     *
-     * @param string $ip
-     * @param string|null $mask
-     */
-    public function __construct($ip, $mask = null)
-    {
-        $this->_tag = self::TAG_IP_ADDRESS;
-        $this->_ip = $ip;
-        $this->_mask = $mask;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $ip
+	 * @param string|null $mask
+	 */
+	public function __construct($ip, $mask = null)
+	{
+		$this->_tag = self::TAG_IP_ADDRESS;
+		$this->_ip = $ip;
+		$this->_mask = $mask;
+	}
     
-    /**
-     *
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromChosenASN1(UnspecifiedType $el)
-    {
-        $octets = $el->asOctetString()->string();
-        switch (strlen($octets)) {
-            case 4:
-            case 8:
-                return IPv4Address::fromOctets($octets);
-            case 16:
-            case 32:
-                return IPv6Address::fromOctets($octets);
-            default:
-                throw new \UnexpectedValueException(
-                    "Invalid octet length for IP address.");
-        }
-    }
+	/**
+	 *
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromChosenASN1(UnspecifiedType $el)
+	{
+		$octets = $el->asOctetString()->string();
+		switch (strlen($octets)) {
+			case 4:
+			case 8:
+				return IPv4Address::fromOctets($octets);
+			case 16:
+			case 32:
+				return IPv6Address::fromOctets($octets);
+			default:
+				throw new \UnexpectedValueException(
+					"Invalid octet length for IP address.");
+		}
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function string()
-    {
-        return $this->_ip . (isset($this->_mask) ? "/" . $this->_mask : "");
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function string()
+	{
+		return $this->_ip . (isset($this->_mask) ? "/" . $this->_mask : "");
+	}
     
-    /**
-     * Get IP address as a string.
-     *
-     * @return string
-     */
-    public function address()
-    {
-        return $this->_ip;
-    }
+	/**
+	 * Get IP address as a string.
+	 *
+	 * @return string
+	 */
+	public function address()
+	{
+		return $this->_ip;
+	}
     
-    /**
-     * Get subnet mask as a string.
-     *
-     * @return string
-     */
-    public function mask()
-    {
-        return $this->_mask;
-    }
+	/**
+	 * Get subnet mask as a string.
+	 *
+	 * @return string
+	 */
+	public function mask()
+	{
+		return $this->_mask;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _choiceASN1()
-    {
-        return new ImplicitlyTaggedType($this->_tag,
-            new OctetString($this->_octets()));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _choiceASN1()
+	{
+		return new ImplicitlyTaggedType($this->_tag,
+			new OctetString($this->_octets()));
+	}
 }

Switch Indentation +9 added lines, -9 removed lines

@@ -59,15 +59,15 @@
     {
         $octets = $el->asOctetString()->string();
         switch (strlen($octets)) {
-            case 4:
-            case 8:
-                return IPv4Address::fromOctets($octets);
-            case 16:
-            case 32:
-                return IPv6Address::fromOctets($octets);
-            default:
-                throw new \UnexpectedValueException(
-                    "Invalid octet length for IP address.");
+        case 4:
+        case 8:
+            return IPv4Address::fromOctets($octets);
+        case 16:
+        case 32:
+            return IPv6Address::fromOctets($octets);
+        default:
+            throw new \UnexpectedValueException(
+                "Invalid octet length for IP address.");
         }
     }
     

lib/X509/GeneralName/UniformResourceIdentifier.php

Indentation +50 added lines, -50 removed lines

@@ -14,59 +14,59 @@
  */
 class UniformResourceIdentifier extends GeneralName
 {
-    /**
-     * URI.
-     *
-     * @var string $_uri
-     */
-    protected $_uri;
+	/**
+	 * URI.
+	 *
+	 * @var string $_uri
+	 */
+	protected $_uri;
     
-    /**
-     * Constructor.
-     *
-     * @param string $uri
-     */
-    public function __construct($uri)
-    {
-        $this->_tag = self::TAG_URI;
-        $this->_uri = $uri;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $uri
+	 */
+	public function __construct($uri)
+	{
+		$this->_tag = self::TAG_URI;
+		$this->_uri = $uri;
+	}
     
-    /**
-     *
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromChosenASN1(UnspecifiedType $el)
-    {
-        return new self($el->asIA5String()->string());
-    }
+	/**
+	 *
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromChosenASN1(UnspecifiedType $el)
+	{
+		return new self($el->asIA5String()->string());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function string()
-    {
-        return $this->_uri;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function string()
+	{
+		return $this->_uri;
+	}
     
-    /**
-     * Get URI.
-     *
-     * @return string
-     */
-    public function uri()
-    {
-        return $this->_uri;
-    }
+	/**
+	 * Get URI.
+	 *
+	 * @return string
+	 */
+	public function uri()
+	{
+		return $this->_uri;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _choiceASN1()
-    {
-        return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_uri));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _choiceASN1()
+	{
+		return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_uri));
+	}
 }

lib/X509/GeneralName/DNSName.php

Indentation +50 added lines, -50 removed lines

@@ -13,59 +13,59 @@
  */
 class DNSName extends GeneralName
 {
-    /**
-     * DNS name.
-     *
-     * @var string
-     */
-    protected $_name;
+	/**
+	 * DNS name.
+	 *
+	 * @var string
+	 */
+	protected $_name;
     
-    /**
-     * Constructor.
-     *
-     * @param string $name Domain name
-     */
-    public function __construct($name)
-    {
-        $this->_tag = self::TAG_DNS_NAME;
-        $this->_name = $name;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $name Domain name
+	 */
+	public function __construct($name)
+	{
+		$this->_tag = self::TAG_DNS_NAME;
+		$this->_name = $name;
+	}
     
-    /**
-     *
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromChosenASN1(UnspecifiedType $el)
-    {
-        return new self($el->asIA5String()->string());
-    }
+	/**
+	 *
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromChosenASN1(UnspecifiedType $el)
+	{
+		return new self($el->asIA5String()->string());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function string()
-    {
-        return $this->_name;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function string()
+	{
+		return $this->_name;
+	}
     
-    /**
-     * Get DNS name.
-     *
-     * @return string
-     */
-    public function name()
-    {
-        return $this->_name;
-    }
+	/**
+	 * Get DNS name.
+	 *
+	 * @return string
+	 */
+	public function name()
+	{
+		return $this->_name;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _choiceASN1()
-    {
-        return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_name));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _choiceASN1()
+	{
+		return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_name));
+	}
 }

lib/X509/GeneralName/EDIPartyName.php

Indentation +39 added lines, -39 removed lines

@@ -15,47 +15,47 @@
  */
 class EDIPartyName extends GeneralName
 {
-    /**
-     *
-     * @var \ASN1\Element
-     */
-    protected $_element;
+	/**
+	 *
+	 * @var \ASN1\Element
+	 */
+	protected $_element;
     
-    /**
-     * Constructor.
-     */
-    protected function __construct()
-    {
-        $this->_tag = self::TAG_EDI_PARTY_NAME;
-    }
+	/**
+	 * Constructor.
+	 */
+	protected function __construct()
+	{
+		$this->_tag = self::TAG_EDI_PARTY_NAME;
+	}
     
-    /**
-     *
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromChosenASN1(UnspecifiedType $el)
-    {
-        $obj = new self();
-        $obj->_element = $el->asSequence();
-        return $obj;
-    }
+	/**
+	 *
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromChosenASN1(UnspecifiedType $el)
+	{
+		$obj = new self();
+		$obj->_element = $el->asSequence();
+		return $obj;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function string()
-    {
-        return bin2hex($this->_element->toDER());
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function string()
+	{
+		return bin2hex($this->_element->toDER());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _choiceASN1()
-    {
-        return new ImplicitlyTaggedType($this->_tag, $this->_element);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _choiceASN1()
+	{
+		return new ImplicitlyTaggedType($this->_tag, $this->_element);
+	}
 }

lib/X509/GeneralName/GeneralNames.php

Indentation +167 added lines, -167 removed lines

@@ -15,183 +15,183 @@
  */
 class GeneralNames implements \Countable, \IteratorAggregate
 {
-    /**
-     * GeneralName objects.
-     *
-     * @var GeneralName[] $_names
-     */
-    protected $_names;
+	/**
+	 * GeneralName objects.
+	 *
+	 * @var GeneralName[] $_names
+	 */
+	protected $_names;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralName ...$names One or more GeneralName objects
-     */
-    public function __construct(GeneralName ...$names)
-    {
-        $this->_names = $names;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralName ...$names One or more GeneralName objects
+	 */
+	public function __construct(GeneralName ...$names)
+	{
+		$this->_names = $names;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        if (!count($seq)) {
-            throw new \UnexpectedValueException(
-                "GeneralNames must have at least one GeneralName.");
-        }
-        $names = array_map(
-            function (UnspecifiedType $el) {
-                return GeneralName::fromASN1($el->asTagged());
-            }, $seq->elements());
-        return new self(...$names);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		if (!count($seq)) {
+			throw new \UnexpectedValueException(
+				"GeneralNames must have at least one GeneralName.");
+		}
+		$names = array_map(
+			function (UnspecifiedType $el) {
+				return GeneralName::fromASN1($el->asTagged());
+			}, $seq->elements());
+		return new self(...$names);
+	}
     
-    /**
-     * Find first GeneralName by given tag.
-     *
-     * @param int $tag
-     * @return GeneralName|null
-     */
-    protected function _findFirst($tag)
-    {
-        foreach ($this->_names as $name) {
-            if ($name->tag() == $tag) {
-                return $name;
-            }
-        }
-        return null;
-    }
+	/**
+	 * Find first GeneralName by given tag.
+	 *
+	 * @param int $tag
+	 * @return GeneralName|null
+	 */
+	protected function _findFirst($tag)
+	{
+		foreach ($this->_names as $name) {
+			if ($name->tag() == $tag) {
+				return $name;
+			}
+		}
+		return null;
+	}
     
-    /**
-     * Check whether GeneralNames contains a GeneralName of given type.
-     *
-     * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
-     * @return bool
-     */
-    public function has($tag)
-    {
-        return null !== $this->_findFirst($tag);
-    }
+	/**
+	 * Check whether GeneralNames contains a GeneralName of given type.
+	 *
+	 * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
+	 * @return bool
+	 */
+	public function has($tag)
+	{
+		return null !== $this->_findFirst($tag);
+	}
     
-    /**
-     * Get first GeneralName of given type.
-     *
-     * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
-     * @throws \OutOfBoundsException
-     * @return GeneralName
-     */
-    public function firstOf($tag)
-    {
-        $name = $this->_findFirst($tag);
-        if (!$name) {
-            throw new \UnexpectedValueException("No GeneralName by tag $tag.");
-        }
-        return $name;
-    }
+	/**
+	 * Get first GeneralName of given type.
+	 *
+	 * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
+	 * @throws \OutOfBoundsException
+	 * @return GeneralName
+	 */
+	public function firstOf($tag)
+	{
+		$name = $this->_findFirst($tag);
+		if (!$name) {
+			throw new \UnexpectedValueException("No GeneralName by tag $tag.");
+		}
+		return $name;
+	}
     
-    /**
-     * Get all GeneralName objects of given type.
-     *
-     * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
-     * @return GeneralName[]
-     */
-    public function allOf($tag)
-    {
-        $names = array_filter($this->_names,
-            function (GeneralName $name) use ($tag) {
-                return $name->tag() == $tag;
-            });
-        return array_values($names);
-    }
+	/**
+	 * Get all GeneralName objects of given type.
+	 *
+	 * @param int $tag One of <code>GeneralName::TAG_*</code> enumerations
+	 * @return GeneralName[]
+	 */
+	public function allOf($tag)
+	{
+		$names = array_filter($this->_names,
+			function (GeneralName $name) use ($tag) {
+				return $name->tag() == $tag;
+			});
+		return array_values($names);
+	}
     
-    /**
-     * Get value of the first 'dNSName' type.
-     *
-     * @return string
-     */
-    public function firstDNS()
-    {
-        $gn = $this->firstOf(GeneralName::TAG_DNS_NAME);
-        if (!$gn instanceof DNSName) {
-            throw new \RuntimeException(
-                DNSName::class . " expected, got " . get_class($gn));
-        }
-        return $gn->name();
-    }
+	/**
+	 * Get value of the first 'dNSName' type.
+	 *
+	 * @return string
+	 */
+	public function firstDNS()
+	{
+		$gn = $this->firstOf(GeneralName::TAG_DNS_NAME);
+		if (!$gn instanceof DNSName) {
+			throw new \RuntimeException(
+				DNSName::class . " expected, got " . get_class($gn));
+		}
+		return $gn->name();
+	}
     
-    /**
-     * Get value of the first 'directoryName' type.
-     *
-     * @return \X501\ASN1\Name
-     */
-    public function firstDN()
-    {
-        $gn = $this->firstOf(GeneralName::TAG_DIRECTORY_NAME);
-        if (!$gn instanceof DirectoryName) {
-            throw new \RuntimeException(
-                DirectoryName::class . " expected, got " . get_class($gn));
-        }
-        return $gn->dn();
-    }
+	/**
+	 * Get value of the first 'directoryName' type.
+	 *
+	 * @return \X501\ASN1\Name
+	 */
+	public function firstDN()
+	{
+		$gn = $this->firstOf(GeneralName::TAG_DIRECTORY_NAME);
+		if (!$gn instanceof DirectoryName) {
+			throw new \RuntimeException(
+				DirectoryName::class . " expected, got " . get_class($gn));
+		}
+		return $gn->dn();
+	}
     
-    /**
-     * Get value of the first 'uniformResourceIdentifier' type.
-     *
-     * @return string
-     */
-    public function firstURI()
-    {
-        $gn = $this->firstOf(GeneralName::TAG_URI);
-        if (!$gn instanceof UniformResourceIdentifier) {
-            throw new \RuntimeException(
-                UniformResourceIdentifier::class . " expected, got " .
-                     get_class($gn));
-        }
-        return $gn->uri();
-    }
+	/**
+	 * Get value of the first 'uniformResourceIdentifier' type.
+	 *
+	 * @return string
+	 */
+	public function firstURI()
+	{
+		$gn = $this->firstOf(GeneralName::TAG_URI);
+		if (!$gn instanceof UniformResourceIdentifier) {
+			throw new \RuntimeException(
+				UniformResourceIdentifier::class . " expected, got " .
+					 get_class($gn));
+		}
+		return $gn->uri();
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1()
-    {
-        if (!count($this->_names)) {
-            throw new \LogicException(
-                "GeneralNames must have at least one GeneralName.");
-        }
-        $elements = array_map(
-            function (GeneralName $name) {
-                return $name->toASN1();
-            }, $this->_names);
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1()
+	{
+		if (!count($this->_names)) {
+			throw new \LogicException(
+				"GeneralNames must have at least one GeneralName.");
+		}
+		$elements = array_map(
+			function (GeneralName $name) {
+				return $name->toASN1();
+			}, $this->_names);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count()
-    {
-        return count($this->_names);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count()
+	{
+		return count($this->_names);
+	}
     
-    /**
-     * Get iterator for GeneralName objects.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator()
-    {
-        return new \ArrayIterator($this->_names);
-    }
+	/**
+	 * Get iterator for GeneralName objects.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator()
+	{
+		return new \ArrayIterator($this->_names);
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -46,7 +46,7 @@ 
                 "GeneralNames must have at least one GeneralName.");
         }
         $names = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return GeneralName::fromASN1($el->asTagged());
             }, $seq->elements());
         return new self(...$names);
@@ -104,7 +104,7 @@ 
     public function allOf($tag)
     {
         $names = array_filter($this->_names,
-            function (GeneralName $name) use ($tag) {
+            function(GeneralName $name) use ($tag) {
                 return $name->tag() == $tag;
             });
         return array_values($names);
@@ -168,7 +168,7 @@ 
                 "GeneralNames must have at least one GeneralName.");
         }
         $elements = array_map(
-            function (GeneralName $name) {
+            function(GeneralName $name) {
                 return $name->toASN1();
             }, $this->_names);
         return new Sequence(...$elements);

lib/X509/GeneralName/RFC822Name.php

Indentation +50 added lines, -50 removed lines

@@ -13,59 +13,59 @@
  */
 class RFC822Name extends GeneralName
 {
-    /**
-     * Email.
-     *
-     * @var string $_email
-     */
-    protected $_email;
+	/**
+	 * Email.
+	 *
+	 * @var string $_email
+	 */
+	protected $_email;
     
-    /**
-     * Constructor.
-     *
-     * @param string $email
-     */
-    public function __construct($email)
-    {
-        $this->_tag = self::TAG_RFC822_NAME;
-        $this->_email = $email;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $email
+	 */
+	public function __construct($email)
+	{
+		$this->_tag = self::TAG_RFC822_NAME;
+		$this->_email = $email;
+	}
     
-    /**
-     *
-     * @param UnspecifiedType $el
-     * @return self
-     */
-    public static function fromChosenASN1(UnspecifiedType $el)
-    {
-        return new self($el->asIA5String()->string());
-    }
+	/**
+	 *
+	 * @param UnspecifiedType $el
+	 * @return self
+	 */
+	public static function fromChosenASN1(UnspecifiedType $el)
+	{
+		return new self($el->asIA5String()->string());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function string()
-    {
-        return $this->_email;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function string()
+	{
+		return $this->_email;
+	}
     
-    /**
-     * Get email.
-     *
-     * @return string
-     */
-    public function email()
-    {
-        return $this->_email;
-    }
+	/**
+	 * Get email.
+	 *
+	 * @return string
+	 */
+	public function email()
+	{
+		return $this->_email;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _choiceASN1()
-    {
-        return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_email));
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _choiceASN1()
+	{
+		return new ImplicitlyTaggedType($this->_tag, new IA5String($this->_email));
+	}
 }