Inspection of "Update deps" - sop/x509 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 584877...f7ba31 )

by Joni

created 2017-11-07 09:01 UTC

Status

Indentation +62 added lines, -62 removed lines patch added patch discarded remove patch

@@ -13,72 +13,72 @@
 block discarded – undo
  */
 class UniqueIdentifier
 {
-    /**
-     * Identifier.
-     *
-     * @var BitString $_uid
-     */
-    protected $_uid;
+	/**
+	 * Identifier.
+	 *
+	 * @var BitString $_uid
+	 */
+	protected $_uid;
     
-    /**
-     * Constructor.
-     *
-     * @param BitString $bs
-     */
-    public function __construct(BitString $bs)
-    {
-        $this->_uid = $bs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param BitString $bs
+	 */
+	public function __construct(BitString $bs)
+	{
+		$this->_uid = $bs;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param BitString $bs
-     * @return self
-     */
-    public static function fromASN1(BitString $bs): self
-    {
-        return new self($bs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param BitString $bs
+	 * @return self
+	 */
+	public static function fromASN1(BitString $bs): self
+	{
+		return new self($bs);
+	}
     
-    /**
-     * Initialize from string.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromString(string $str): self
-    {
-        return new self(new BitString($str));
-    }
+	/**
+	 * Initialize from string.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromString(string $str): self
+	{
+		return new self(new BitString($str));
+	}
     
-    /**
-     * Get unique identifier as a string.
-     *
-     * @return string
-     */
-    public function string(): string
-    {
-        return $this->_uid->string();
-    }
+	/**
+	 * Get unique identifier as a string.
+	 *
+	 * @return string
+	 */
+	public function string(): string
+	{
+		return $this->_uid->string();
+	}
     
-    /**
-     * Get unique identifier as a bit string.
-     *
-     * @return BitString
-     */
-    public function bitString(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get unique identifier as a bit string.
+	 *
+	 * @return BitString
+	 */
+	public function bitString(): BitString
+	{
+		return $this->_uid;
+	}
     
-    /**
-     * Get ASN.1 element.
-     *
-     * @return BitString
-     */
-    public function toASN1(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get ASN.1 element.
+	 *
+	 * @return BitString
+	 */
+	public function toASN1(): BitString
+	{
+		return $this->_uid;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/CertificateChain.php 1 patch

Indentation +117 added lines, -117 removed lines patch added patch discarded remove patch

@@ -13,131 +13,131 @@
 block discarded – undo
  */
 class CertificateChain implements \Countable, \IteratorAggregate
 {
-    /**
-     * List of certificates in a chain.
-     *
-     * @var Certificate[]
-     */
-    protected $_certs;
+	/**
+	 * List of certificates in a chain.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certs;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certs List of certificates, end-entity first
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certs List of certificates, end-entity first
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
     
-    /**
-     * Initialize from a list of PEMs.
-     *
-     * @param PEM ...$pems
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems): self
-    {
-        $certs = array_map(
-            function (PEM $pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from a list of PEMs.
+	 *
+	 * @param PEM ...$pems
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems): self
+	{
+		$certs = array_map(
+			function (PEM $pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
     
-    /**
-     * Initialize from a string containing multiple PEM blocks.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromPEMString(string $str): self
-    {
-        $pems = PEMBundle::fromString($str)->all();
-        return self::fromPEMs(...$pems);
-    }
+	/**
+	 * Initialize from a string containing multiple PEM blocks.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromPEMString(string $str): self
+	{
+		$pems = PEMBundle::fromString($str)->all();
+		return self::fromPEMs(...$pems);
+	}
     
-    /**
-     * Get all certificates in a chain ordered from the end-entity certificate
-     * to the trust anchor.
-     *
-     * @return Certificate[]
-     */
-    public function certificates(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a chain ordered from the end-entity certificate
+	 * to the trust anchor.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates(): array
+	{
+		return $this->_certs;
+	}
     
-    /**
-     * Get the end-entity certificate.
-     *
-     * @throws \LogicException
-     * @return Certificate
-     */
-    public function endEntityCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certs[0];
-    }
+	/**
+	 * Get the end-entity certificate.
+	 *
+	 * @throws \LogicException
+	 * @return Certificate
+	 */
+	public function endEntityCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certs[0];
+	}
     
-    /**
-     * Get the trust anchor certificate.
-     *
-     * @throws \LogicException
-     * @return Certificate
-     */
-    public function trustAnchorCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certs[count($this->_certs) - 1];
-    }
+	/**
+	 * Get the trust anchor certificate.
+	 *
+	 * @throws \LogicException
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certs[count($this->_certs) - 1];
+	}
     
-    /**
-     * Convert certificate chain to certification path.
-     *
-     * @return CertificationPath
-     */
-    public function certificationPath(): CertificationPath
-    {
-        return CertificationPath::fromCertificateChain($this);
-    }
+	/**
+	 * Convert certificate chain to certification path.
+	 *
+	 * @return CertificationPath
+	 */
+	public function certificationPath(): CertificationPath
+	{
+		return CertificationPath::fromCertificateChain($this);
+	}
     
-    /**
-     * Convert certificate chain to string of PEM blocks.
-     *
-     * @return string
-     */
-    public function toPEMString(): string
-    {
-        return implode("\n",
-            array_map(
-                function (Certificate $cert) {
-                    return $cert->toPEM()->string();
-                }, $this->_certs));
-    }
+	/**
+	 * Convert certificate chain to string of PEM blocks.
+	 *
+	 * @return string
+	 */
+	public function toPEMString(): string
+	{
+		return implode("\n",
+			array_map(
+				function (Certificate $cert) {
+					return $cert->toPEM()->string();
+				}, $this->_certs));
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/Validity.php 1 patch

Indentation +75 added lines, -75 removed lines patch added patch discarded remove patch

@@ -13,86 +13,86 @@
 block discarded – undo
  */
 class Validity
 {
-    /**
-     * Not before time.
-     *
-     * @var Time $_notBefore
-     */
-    protected $_notBefore;
+	/**
+	 * Not before time.
+	 *
+	 * @var Time $_notBefore
+	 */
+	protected $_notBefore;
     
-    /**
-     * Not after time.
-     *
-     * @var Time $_notAfter
-     */
-    protected $_notAfter;
+	/**
+	 * Not after time.
+	 *
+	 * @var Time $_notAfter
+	 */
+	protected $_notAfter;
     
-    /**
-     * Constructor.
-     *
-     * @param Time $not_before
-     * @param Time $not_after
-     */
-    public function __construct(Time $not_before, Time $not_after)
-    {
-        $this->_notBefore = $not_before;
-        $this->_notAfter = $not_after;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Time $not_before
+	 * @param Time $not_after
+	 */
+	public function __construct(Time $not_before, Time $not_after)
+	{
+		$this->_notBefore = $not_before;
+		$this->_notAfter = $not_after;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $nb = Time::fromASN1($seq->at(0)->asTime());
-        $na = Time::fromASN1($seq->at(1)->asTime());
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$nb = Time::fromASN1($seq->at(0)->asTime());
+		$na = Time::fromASN1($seq->at(1)->asTime());
+		return new self($nb, $na);
+	}
     
-    /**
-     * Initialize from date strings.
-     *
-     * @param string|null $nb_date Not before date
-     * @param string|null $na_date Not after date
-     * @param string|null $tz Timezone string
-     * @return self
-     */
-    public static function fromStrings($nb_date, $na_date, $tz = null): self
-    {
-        return new self(Time::fromString($nb_date, $tz),
-            Time::fromString($na_date, $tz));
-    }
+	/**
+	 * Initialize from date strings.
+	 *
+	 * @param string|null $nb_date Not before date
+	 * @param string|null $na_date Not after date
+	 * @param string|null $tz Timezone string
+	 * @return self
+	 */
+	public static function fromStrings($nb_date, $na_date, $tz = null): self
+	{
+		return new self(Time::fromString($nb_date, $tz),
+			Time::fromString($na_date, $tz));
+	}
     
-    /**
-     * Get not before time.
-     *
-     * @return Time
-     */
-    public function notBefore(): Time
-    {
-        return $this->_notBefore;
-    }
+	/**
+	 * Get not before time.
+	 *
+	 * @return Time
+	 */
+	public function notBefore(): Time
+	{
+		return $this->_notBefore;
+	}
     
-    /**
-     * Get not after time.
-     *
-     * @return Time
-     */
-    public function notAfter(): Time
-    {
-        return $this->_notAfter;
-    }
+	/**
+	 * Get not after time.
+	 *
+	 * @return Time
+	 */
+	public function notAfter(): Time
+	{
+		return $this->_notAfter;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_notBefore->toASN1(),
-            $this->_notAfter->toASN1());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_notBefore->toASN1(),
+			$this->_notAfter->toASN1());
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/CertificateBundle.php 1 patch

Indentation +189 added lines, -189 removed lines patch added patch discarded remove patch

@@ -12,208 +12,208 @@
 block discarded – undo
  */
 class CertificateBundle implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certificates.
-     *
-     * @var Certificate[] $_certs
-     */
-    protected $_certs;
+	/**
+	 * Certificates.
+	 *
+	 * @var Certificate[] $_certs
+	 */
+	protected $_certs;
     
-    /**
-     * Mapping from public key id to array of certificates.
-     *
-     * @var null|(Certificate[])[]
-     */
-    private $_keyIdMap;
+	/**
+	 * Mapping from public key id to array of certificates.
+	 *
+	 * @var null|(Certificate[])[]
+	 */
+	private $_keyIdMap;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate[] $certs Certificate objects
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate[] $certs Certificate objects
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
     
-    /**
-     * Reset internal cached variables on clone.
-     */
-    public function __clone()
-    {
-        $this->_keyIdMap = null;
-    }
+	/**
+	 * Reset internal cached variables on clone.
+	 */
+	public function __clone()
+	{
+		$this->_keyIdMap = null;
+	}
     
-    /**
-     * Initialize from PEMs.
-     *
-     * @param PEM[] $pems PEM objects
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems): self
-    {
-        $certs = array_map(
-            function ($pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from PEMs.
+	 *
+	 * @param PEM[] $pems PEM objects
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems): self
+	{
+		$certs = array_map(
+			function ($pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
     
-    /**
-     * Initialize from PEM bundle.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public static function fromPEMBundle(PEMBundle $pem_bundle): self
-    {
-        return self::fromPEMs(...$pem_bundle->all());
-    }
+	/**
+	 * Initialize from PEM bundle.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public static function fromPEMBundle(PEMBundle $pem_bundle): self
+	{
+		return self::fromPEMs(...$pem_bundle->all());
+	}
     
-    /**
-     * Get self with certificates added.
-     *
-     * @param Certificate[] $cert
-     * @return self
-     */
-    public function withCertificates(Certificate ...$cert): self
-    {
-        $obj = clone $this;
-        $obj->_certs = array_merge($obj->_certs, $cert);
-        return $obj;
-    }
+	/**
+	 * Get self with certificates added.
+	 *
+	 * @param Certificate[] $cert
+	 * @return self
+	 */
+	public function withCertificates(Certificate ...$cert): self
+	{
+		$obj = clone $this;
+		$obj->_certs = array_merge($obj->_certs, $cert);
+		return $obj;
+	}
     
-    /**
-     * Get self with certificates from PEMBundle added.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public function withPEMBundle(PEMBundle $pem_bundle): self
-    {
-        $certs = $this->_certs;
-        foreach ($pem_bundle as $pem) {
-            $certs[] = Certificate::fromPEM($pem);
-        }
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with certificates from PEMBundle added.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public function withPEMBundle(PEMBundle $pem_bundle): self
+	{
+		$certs = $this->_certs;
+		foreach ($pem_bundle as $pem) {
+			$certs[] = Certificate::fromPEM($pem);
+		}
+		return new self(...$certs);
+	}
     
-    /**
-     * Get self with single certificate from PEM added.
-     *
-     * @param PEM $pem
-     * @return self
-     */
-    public function withPEM(PEM $pem): self
-    {
-        $certs = $this->_certs;
-        $certs[] = Certificate::fromPEM($pem);
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with single certificate from PEM added.
+	 *
+	 * @param PEM $pem
+	 * @return self
+	 */
+	public function withPEM(PEM $pem): self
+	{
+		$certs = $this->_certs;
+		$certs[] = Certificate::fromPEM($pem);
+		return new self(...$certs);
+	}
     
-    /**
-     * Check whether bundle contains a given certificate.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    public function contains(Certificate $cert): bool
-    {
-        $id = self::_getCertKeyId($cert);
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return false;
-        }
-        foreach ($map[$id] as $c) {
-            /** @var Certificate $c */
-            if ($cert->equals($c)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether bundle contains a given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	public function contains(Certificate $cert): bool
+	{
+		$id = self::_getCertKeyId($cert);
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return false;
+		}
+		foreach ($map[$id] as $c) {
+			/** @var Certificate $c */
+			if ($cert->equals($c)) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Get all certificates that have given subject key identifier.
-     *
-     * @param string $id
-     * @return Certificate[]
-     */
-    public function allBySubjectKeyIdentifier(string $id): array
-    {
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return array();
-        }
-        return $map[$id];
-    }
+	/**
+	 * Get all certificates that have given subject key identifier.
+	 *
+	 * @param string $id
+	 * @return Certificate[]
+	 */
+	public function allBySubjectKeyIdentifier(string $id): array
+	{
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return array();
+		}
+		return $map[$id];
+	}
     
-    /**
-     * Get all certificates in a bundle.
-     *
-     * @return Certificate[]
-     */
-    public function all(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a bundle.
+	 *
+	 * @return Certificate[]
+	 */
+	public function all(): array
+	{
+		return $this->_certs;
+	}
     
-    /**
-     * Get certificate mapping by public key id.
-     *
-     * @return (Certificate[])[]
-     */
-    private function _getKeyIdMap(): array
-    {
-        // lazily build mapping
-        if (!isset($this->_keyIdMap)) {
-            $this->_keyIdMap = array();
-            foreach ($this->_certs as $cert) {
-                $id = self::_getCertKeyId($cert);
-                if (!isset($this->_keyIdMap[$id])) {
-                    $this->_keyIdMap[$id] = array();
-                }
-                array_push($this->_keyIdMap[$id], $cert);
-            }
-        }
-        return $this->_keyIdMap;
-    }
+	/**
+	 * Get certificate mapping by public key id.
+	 *
+	 * @return (Certificate[])[]
+	 */
+	private function _getKeyIdMap(): array
+	{
+		// lazily build mapping
+		if (!isset($this->_keyIdMap)) {
+			$this->_keyIdMap = array();
+			foreach ($this->_certs as $cert) {
+				$id = self::_getCertKeyId($cert);
+				if (!isset($this->_keyIdMap[$id])) {
+					$this->_keyIdMap[$id] = array();
+				}
+				array_push($this->_keyIdMap[$id], $cert);
+			}
+		}
+		return $this->_keyIdMap;
+	}
     
-    /**
-     * Get public key id for the certificate.
-     *
-     * @param Certificate $cert
-     * @return string
-     */
-    private static function _getCertKeyId(Certificate $cert): string
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasSubjectKeyIdentifier()) {
-            return $exts->subjectKeyIdentifier()->keyIdentifier();
-        }
-        return $cert->tbsCertificate()
-            ->subjectPublicKeyInfo()
-            ->keyIdentifier();
-    }
+	/**
+	 * Get public key id for the certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return string
+	 */
+	private static function _getCertKeyId(Certificate $cert): string
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasSubjectKeyIdentifier()) {
+			return $exts->subjectKeyIdentifier()->keyIdentifier();
+		}
+		return $cert->tbsCertificate()
+			->subjectPublicKeyInfo()
+			->keyIdentifier();
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/Extensions.php 1 patch

Indentation +410 added lines, -410 removed lines patch added patch discarded remove patch

@@ -18,414 +18,414 @@
 block discarded – undo
  */
 class Extensions implements \Countable, \IteratorAggregate
 {
-    /**
-     * Extensions.
-     *
-     * @var Extension\Extension[] $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Extension\Extension[] ...$extensions Extension objects
-     */
-    public function __construct(Ext\Extension ...$extensions)
-    {
-        $this->_extensions = array();
-        foreach ($extensions as $ext) {
-            $this->_extensions[$ext->oid()] = $ext;
-        }
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $extensions = array_map(
-            function (UnspecifiedType $el) {
-                return Ext\Extension::fromASN1($el->asSequence());
-            }, $seq->elements());
-        return new self(...$extensions);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array_values(
-            array_map(
-                function ($ext) {
-                    return $ext->toASN1();
-                }, $this->_extensions));
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension\Extension ...$ext One or more extensions to add
-     * @return self
-     */
-    public function withExtensions(Ext\Extension ...$exts): self
-    {
-        $obj = clone $this;
-        foreach ($exts as $ext) {
-            $obj->_extensions[$ext->oid()] = $ext;
-        }
-        return $obj;
-    }
-    
-    /**
-     * Check whether extension is present.
-     *
-     * @param string $oid Extensions OID
-     * @return bool
-     */
-    public function has(string $oid): bool
-    {
-        return isset($this->_extensions[$oid]);
-    }
-    
-    /**
-     * Get extension by OID.
-     *
-     * @param string $oid
-     * @throws \LogicException If extension is not present
-     * @return Extension\Extension
-     */
-    public function get(string $oid): Ext\Extension
-    {
-        if (!$this->has($oid)) {
-            throw new \LogicException("No extension by OID $oid.");
-        }
-        return $this->_extensions[$oid];
-    }
-    
-    /**
-     * Check whether 'Authority Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasAuthorityKeyIdentifier(): bool
-    {
-        return $this->has(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Authority Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
-     */
-    public function authorityKeyIdentifier(): Ext\AuthorityKeyIdentifierExtension
-    {
-        /** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
-        $keyIdentifier = $this->get(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
-        return $keyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Subject Key Identifier' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectKeyIdentifier(): bool
-    {
-        return $this->has(Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-    }
-    
-    /**
-     * Get 'Subject Key Identifier' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
-     */
-    public function subjectKeyIdentifier(): Ext\SubjectKeyIdentifierExtension
-    {
-        /** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
-        $subjectKeyIdentifier = $this->get(
-            Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
-        return $subjectKeyIdentifier;
-    }
-    
-    /**
-     * Check whether 'Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasKeyUsage(): bool
-    {
-        return $this->has(Ext\Extension::OID_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\KeyUsageExtension
-     */
-    public function keyUsage(): Ext\KeyUsageExtension
-    {
-        /** @var Extension\KeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Ext\Extension::OID_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'Certificate Policies' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCertificatePolicies(): bool
-    {
-        return $this->has(Ext\Extension::OID_CERTIFICATE_POLICIES);
-    }
-    
-    /**
-     * Get 'Certificate Policies' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CertificatePoliciesExtension
-     */
-    public function certificatePolicies(): Ext\CertificatePoliciesExtension
-    {
-        /** @var Extension\CertificatePoliciesExtension $certPolicies */
-        $certPolicies = $this->get(Ext\Extension::OID_CERTIFICATE_POLICIES);
-        return $certPolicies;
-    }
-    
-    /**
-     * Check whether 'Policy Mappings' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyMappings(): bool
-    {
-        return $this->has(Ext\Extension::OID_POLICY_MAPPINGS);
-    }
-    
-    /**
-     * Get 'Policy Mappings' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyMappingsExtension
-     */
-    public function policyMappings(): Ext\PolicyMappingsExtension
-    {
-        /** @var Extension\PolicyMappingsExtension $policyMappings */
-        $policyMappings = $this->get(Ext\Extension::OID_POLICY_MAPPINGS);
-        return $policyMappings;
-    }
-    
-    /**
-     * Check whether 'Subject Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectAlternativeName(): bool
-    {
-        return $this->has(Ext\Extension::OID_SUBJECT_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Subject Alternative Name' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
-     */
-    public function subjectAlternativeName(): Ext\SubjectAlternativeNameExtension
-    {
-        /** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
-        $subjectAltName = $this->get(Ext\Extension::OID_SUBJECT_ALT_NAME);
-        return $subjectAltName;
-    }
-    
-    /**
-     * Check whether 'Issuer Alternative Name' extension is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerAlternativeName(): bool
-    {
-        return $this->has(Ext\Extension::OID_ISSUER_ALT_NAME);
-    }
-    
-    /**
-     * Get 'Issuer Alternative Name' extension.
-     *
-     * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
-     */
-    public function issuerAlternativeName(): Ext\IssuerAlternativeNameExtension
-    {
-        /** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
-        $issuerAltName = $this->get(Ext\Extension::OID_ISSUER_ALT_NAME);
-        return $issuerAltName;
-    }
-    
-    /**
-     * Check whether 'Basic Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasBasicConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_BASIC_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Basic Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\BasicConstraintsExtension
-     */
-    public function basicConstraints(): Ext\BasicConstraintsExtension
-    {
-        /** @var Extension\BasicConstraintsExtension $basicConstraints */
-        $basicConstraints = $this->get(Ext\Extension::OID_BASIC_CONSTRAINTS);
-        return $basicConstraints;
-    }
-    
-    /**
-     * Check whether 'Name Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasNameConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_NAME_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Name Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\NameConstraintsExtension
-     */
-    public function nameConstraints(): Ext\NameConstraintsExtension
-    {
-        /** @var Extension\NameConstraintsExtension $nameConstraints */
-        $nameConstraints = $this->get(Ext\Extension::OID_NAME_CONSTRAINTS);
-        return $nameConstraints;
-    }
-    
-    /**
-     * Check whether 'Policy Constraints' extension is present.
-     *
-     * @return bool
-     */
-    public function hasPolicyConstraints(): bool
-    {
-        return $this->has(Ext\Extension::OID_POLICY_CONSTRAINTS);
-    }
-    
-    /**
-     * Get 'Policy Constraints' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\PolicyConstraintsExtension
-     */
-    public function policyConstraints(): Ext\PolicyConstraintsExtension
-    {
-        /** @var Extension\PolicyConstraintsExtension $policyConstraints */
-        $policyConstraints = $this->get(Ext\Extension::OID_POLICY_CONSTRAINTS);
-        return $policyConstraints;
-    }
-    
-    /**
-     * Check whether 'Extended Key Usage' extension is present.
-     *
-     * @return bool
-     */
-    public function hasExtendedKeyUsage(): bool
-    {
-        return $this->has(Ext\Extension::OID_EXT_KEY_USAGE);
-    }
-    
-    /**
-     * Get 'Extended Key Usage' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
-     */
-    public function extendedKeyUsage(): Ext\ExtendedKeyUsageExtension
-    {
-        /** @var Extension\ExtendedKeyUsageExtension $keyUsage */
-        $keyUsage = $this->get(Ext\Extension::OID_EXT_KEY_USAGE);
-        return $keyUsage;
-    }
-    
-    /**
-     * Check whether 'CRL Distribution Points' extension is present.
-     *
-     * @return bool
-     */
-    public function hasCRLDistributionPoints(): bool
-    {
-        return $this->has(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
-    }
-    
-    /**
-     * Get 'CRL Distribution Points' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
-     */
-    public function crlDistributionPoints(): Ext\CRLDistributionPointsExtension
-    {
-        /** @var Extension\CRLDistributionPointsExtension $crlDist */
-        $crlDist = $this->get(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
-        return $crlDist;
-    }
-    
-    /**
-     * Check whether 'Inhibit anyPolicy' extension is present.
-     *
-     * @return bool
-     */
-    public function hasInhibitAnyPolicy(): bool
-    {
-        return $this->has(Ext\Extension::OID_INHIBIT_ANY_POLICY);
-    }
-    
-    /**
-     * Get 'Inhibit anyPolicy' extension.
-     *
-     * @throws \LogicException If extension is not present
-     * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
-     */
-    public function inhibitAnyPolicy(): Ext\InhibitAnyPolicyExtension
-    {
-        /** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
-        $inhibitAny = $this->get(Ext\Extension::OID_INHIBIT_ANY_POLICY);
-        return $inhibitAny;
-    }
-    
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_extensions);
-    }
-    
-    /**
-     * Get iterator for extensions.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \Traversable
-     */
-    public function getIterator(): \Traversable
-    {
-        return new \ArrayIterator($this->_extensions);
-    }
+	/**
+	 * Extensions.
+	 *
+	 * @var Extension\Extension[] $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Extension\Extension[] ...$extensions Extension objects
+	 */
+	public function __construct(Ext\Extension ...$extensions)
+	{
+		$this->_extensions = array();
+		foreach ($extensions as $ext) {
+			$this->_extensions[$ext->oid()] = $ext;
+		}
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$extensions = array_map(
+			function (UnspecifiedType $el) {
+				return Ext\Extension::fromASN1($el->asSequence());
+			}, $seq->elements());
+		return new self(...$extensions);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array_values(
+			array_map(
+				function ($ext) {
+					return $ext->toASN1();
+				}, $this->_extensions));
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension\Extension ...$ext One or more extensions to add
+	 * @return self
+	 */
+	public function withExtensions(Ext\Extension ...$exts): self
+	{
+		$obj = clone $this;
+		foreach ($exts as $ext) {
+			$obj->_extensions[$ext->oid()] = $ext;
+		}
+		return $obj;
+	}
+    
+	/**
+	 * Check whether extension is present.
+	 *
+	 * @param string $oid Extensions OID
+	 * @return bool
+	 */
+	public function has(string $oid): bool
+	{
+		return isset($this->_extensions[$oid]);
+	}
+    
+	/**
+	 * Get extension by OID.
+	 *
+	 * @param string $oid
+	 * @throws \LogicException If extension is not present
+	 * @return Extension\Extension
+	 */
+	public function get(string $oid): Ext\Extension
+	{
+		if (!$this->has($oid)) {
+			throw new \LogicException("No extension by OID $oid.");
+		}
+		return $this->_extensions[$oid];
+	}
+    
+	/**
+	 * Check whether 'Authority Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasAuthorityKeyIdentifier(): bool
+	{
+		return $this->has(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Authority Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\AuthorityKeyIdentifierExtension
+	 */
+	public function authorityKeyIdentifier(): Ext\AuthorityKeyIdentifierExtension
+	{
+		/** @var Extension\AuthorityKeyIdentifierExtension $keyIdentifier */
+		$keyIdentifier = $this->get(Ext\Extension::OID_AUTHORITY_KEY_IDENTIFIER);
+		return $keyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Subject Key Identifier' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectKeyIdentifier(): bool
+	{
+		return $this->has(Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+	}
+    
+	/**
+	 * Get 'Subject Key Identifier' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectKeyIdentifierExtension
+	 */
+	public function subjectKeyIdentifier(): Ext\SubjectKeyIdentifierExtension
+	{
+		/** @var Extension\SubjectKeyIdentifierExtension $subjectKeyIdentifier */
+		$subjectKeyIdentifier = $this->get(
+			Ext\Extension::OID_SUBJECT_KEY_IDENTIFIER);
+		return $subjectKeyIdentifier;
+	}
+    
+	/**
+	 * Check whether 'Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasKeyUsage(): bool
+	{
+		return $this->has(Ext\Extension::OID_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\KeyUsageExtension
+	 */
+	public function keyUsage(): Ext\KeyUsageExtension
+	{
+		/** @var Extension\KeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Ext\Extension::OID_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'Certificate Policies' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCertificatePolicies(): bool
+	{
+		return $this->has(Ext\Extension::OID_CERTIFICATE_POLICIES);
+	}
+    
+	/**
+	 * Get 'Certificate Policies' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CertificatePoliciesExtension
+	 */
+	public function certificatePolicies(): Ext\CertificatePoliciesExtension
+	{
+		/** @var Extension\CertificatePoliciesExtension $certPolicies */
+		$certPolicies = $this->get(Ext\Extension::OID_CERTIFICATE_POLICIES);
+		return $certPolicies;
+	}
+    
+	/**
+	 * Check whether 'Policy Mappings' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyMappings(): bool
+	{
+		return $this->has(Ext\Extension::OID_POLICY_MAPPINGS);
+	}
+    
+	/**
+	 * Get 'Policy Mappings' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyMappingsExtension
+	 */
+	public function policyMappings(): Ext\PolicyMappingsExtension
+	{
+		/** @var Extension\PolicyMappingsExtension $policyMappings */
+		$policyMappings = $this->get(Ext\Extension::OID_POLICY_MAPPINGS);
+		return $policyMappings;
+	}
+    
+	/**
+	 * Check whether 'Subject Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectAlternativeName(): bool
+	{
+		return $this->has(Ext\Extension::OID_SUBJECT_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Subject Alternative Name' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\SubjectAlternativeNameExtension
+	 */
+	public function subjectAlternativeName(): Ext\SubjectAlternativeNameExtension
+	{
+		/** @var Extension\SubjectAlternativeNameExtension $subjectAltName */
+		$subjectAltName = $this->get(Ext\Extension::OID_SUBJECT_ALT_NAME);
+		return $subjectAltName;
+	}
+    
+	/**
+	 * Check whether 'Issuer Alternative Name' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerAlternativeName(): bool
+	{
+		return $this->has(Ext\Extension::OID_ISSUER_ALT_NAME);
+	}
+    
+	/**
+	 * Get 'Issuer Alternative Name' extension.
+	 *
+	 * @return \X509\Certificate\Extension\IssuerAlternativeNameExtension
+	 */
+	public function issuerAlternativeName(): Ext\IssuerAlternativeNameExtension
+	{
+		/** @var Extension\IssuerAlternativeNameExtension $issuerAltName */
+		$issuerAltName = $this->get(Ext\Extension::OID_ISSUER_ALT_NAME);
+		return $issuerAltName;
+	}
+    
+	/**
+	 * Check whether 'Basic Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasBasicConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_BASIC_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Basic Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\BasicConstraintsExtension
+	 */
+	public function basicConstraints(): Ext\BasicConstraintsExtension
+	{
+		/** @var Extension\BasicConstraintsExtension $basicConstraints */
+		$basicConstraints = $this->get(Ext\Extension::OID_BASIC_CONSTRAINTS);
+		return $basicConstraints;
+	}
+    
+	/**
+	 * Check whether 'Name Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasNameConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_NAME_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Name Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\NameConstraintsExtension
+	 */
+	public function nameConstraints(): Ext\NameConstraintsExtension
+	{
+		/** @var Extension\NameConstraintsExtension $nameConstraints */
+		$nameConstraints = $this->get(Ext\Extension::OID_NAME_CONSTRAINTS);
+		return $nameConstraints;
+	}
+    
+	/**
+	 * Check whether 'Policy Constraints' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPolicyConstraints(): bool
+	{
+		return $this->has(Ext\Extension::OID_POLICY_CONSTRAINTS);
+	}
+    
+	/**
+	 * Get 'Policy Constraints' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\PolicyConstraintsExtension
+	 */
+	public function policyConstraints(): Ext\PolicyConstraintsExtension
+	{
+		/** @var Extension\PolicyConstraintsExtension $policyConstraints */
+		$policyConstraints = $this->get(Ext\Extension::OID_POLICY_CONSTRAINTS);
+		return $policyConstraints;
+	}
+    
+	/**
+	 * Check whether 'Extended Key Usage' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasExtendedKeyUsage(): bool
+	{
+		return $this->has(Ext\Extension::OID_EXT_KEY_USAGE);
+	}
+    
+	/**
+	 * Get 'Extended Key Usage' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\ExtendedKeyUsageExtension
+	 */
+	public function extendedKeyUsage(): Ext\ExtendedKeyUsageExtension
+	{
+		/** @var Extension\ExtendedKeyUsageExtension $keyUsage */
+		$keyUsage = $this->get(Ext\Extension::OID_EXT_KEY_USAGE);
+		return $keyUsage;
+	}
+    
+	/**
+	 * Check whether 'CRL Distribution Points' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCRLDistributionPoints(): bool
+	{
+		return $this->has(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
+	}
+    
+	/**
+	 * Get 'CRL Distribution Points' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\CRLDistributionPointsExtension
+	 */
+	public function crlDistributionPoints(): Ext\CRLDistributionPointsExtension
+	{
+		/** @var Extension\CRLDistributionPointsExtension $crlDist */
+		$crlDist = $this->get(Ext\Extension::OID_CRL_DISTRIBUTION_POINTS);
+		return $crlDist;
+	}
+    
+	/**
+	 * Check whether 'Inhibit anyPolicy' extension is present.
+	 *
+	 * @return bool
+	 */
+	public function hasInhibitAnyPolicy(): bool
+	{
+		return $this->has(Ext\Extension::OID_INHIBIT_ANY_POLICY);
+	}
+    
+	/**
+	 * Get 'Inhibit anyPolicy' extension.
+	 *
+	 * @throws \LogicException If extension is not present
+	 * @return \X509\Certificate\Extension\InhibitAnyPolicyExtension
+	 */
+	public function inhibitAnyPolicy(): Ext\InhibitAnyPolicyExtension
+	{
+		/** @var Extension\InhibitAnyPolicyExtension $inhibitAny */
+		$inhibitAny = $this->get(Ext\Extension::OID_INHIBIT_ANY_POLICY);
+		return $inhibitAny;
+	}
+    
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_extensions);
+	}
+    
+	/**
+	 * Get iterator for extensions.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \Traversable
+	 */
+	public function getIterator(): \Traversable
+	{
+		return new \ArrayIterator($this->_extensions);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/Time.php 1 patch

Indentation +92 added lines, -92 removed lines patch added patch discarded remove patch

@@ -17,104 +17,104 @@
 block discarded – undo
  */
 class Time
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Datetime.
-     *
-     * @var \DateTimeImmutable $_dt
-     */
-    protected $_dt;
+	/**
+	 * Datetime.
+	 *
+	 * @var \DateTimeImmutable $_dt
+	 */
+	protected $_dt;
     
-    /**
-     * Time ASN.1 type tag.
-     *
-     * @var int $_type
-     */
-    protected $_type;
+	/**
+	 * Time ASN.1 type tag.
+	 *
+	 * @var int $_type
+	 */
+	protected $_type;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt
-     */
-    public function __construct(\DateTimeImmutable $dt)
-    {
-        $this->_dt = $dt;
-        $this->_type = self::_determineType($dt);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 */
+	public function __construct(\DateTimeImmutable $dt)
+	{
+		$this->_dt = $dt;
+		$this->_type = self::_determineType($dt);
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param TimeType $el
-     * @return self
-     */
-    public static function fromASN1(TimeType $el): self
-    {
-        $obj = new self($el->dateTime());
-        $obj->_type = $el->tag();
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param TimeType $el
+	 * @return self
+	 */
+	public static function fromASN1(TimeType $el): self
+	{
+		$obj = new self($el->dateTime());
+		$obj->_type = $el->tag();
+		return $obj;
+	}
     
-    /**
-     * Initialize from date string.
-     *
-     * @param string|null $time
-     * @param string|null $tz
-     * @return self
-     */
-    public static function fromString($time, $tz = null): self
-    {
-        return new self(self::_createDateTime($time, $tz));
-    }
+	/**
+	 * Initialize from date string.
+	 *
+	 * @param string|null $time
+	 * @param string|null $tz
+	 * @return self
+	 */
+	public static function fromString($time, $tz = null): self
+	{
+		return new self(self::_createDateTime($time, $tz));
+	}
     
-    /**
-     * Get datetime.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dt;
-    }
+	/**
+	 * Get datetime.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dt;
+	}
     
-    /**
-     * Generate ASN.1.
-     *
-     * @throws \UnexpectedValueException
-     * @return TimeType
-     */
-    public function toASN1(): TimeType
-    {
-        $dt = $this->_dt;
-        switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if ($dt->format("u") != 0) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
-        }
-        throw new \UnexpectedValueException(
-            "Time type " . Element::tagToName($this->_type) . " not supported.");
-    }
+	/**
+	 * Generate ASN.1.
+	 *
+	 * @throws \UnexpectedValueException
+	 * @return TimeType
+	 */
+	public function toASN1(): TimeType
+	{
+		$dt = $this->_dt;
+		switch ($this->_type) {
+			case Element::TYPE_UTC_TIME:
+				return new UTCTime($dt);
+			case Element::TYPE_GENERALIZED_TIME:
+				// GeneralizedTime must not contain fractional seconds
+				// (rfc5280 4.1.2.5.2)
+				if ($dt->format("u") != 0) {
+					// remove fractional seconds (round down)
+					$dt = self::_roundDownFractionalSeconds($dt);
+				}
+				return new GeneralizedTime($dt);
+		}
+		throw new \UnexpectedValueException(
+			"Time type " . Element::tagToName($this->_type) . " not supported.");
+	}
     
-    /**
-     * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return int Type tag
-     */
-    protected static function _determineType(\DateTimeImmutable $dt): int
-    {
-        if ($dt->format("Y") >= 2050) {
-            return Element::TYPE_GENERALIZED_TIME;
-        }
-        return Element::TYPE_UTC_TIME;
-    }
+	/**
+	 * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return int Type tag
+	 */
+	protected static function _determineType(\DateTimeImmutable $dt): int
+	{
+		if ($dt->format("Y") >= 2050) {
+			return Element::TYPE_GENERALIZED_TIME;
+		}
+		return Element::TYPE_UTC_TIME;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/Certificate.php 1 patch

Indentation +231 added lines, -231 removed lines patch added patch discarded remove patch

@@ -19,235 +19,235 @@
 block discarded – undo
  */
 class Certificate
 {
-    /**
-     * "To be signed" certificate information.
-     *
-     * @var TBSCertificate $_tbsCertificate
-     */
-    protected $_tbsCertificate;
-    
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param TBSCertificate $tbsCert
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(TBSCertificate $tbsCert,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_tbsCertificate = $tbsCert;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($tbsCert, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(Sequence::fromDER($data));
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() != PEM::TYPE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get certificate information.
-     *
-     * @return TBSCertificate
-     */
-    public function tbsCertificate(): TBSCertificate
-    {
-        return $this->_tbsCertificate;
-    }
-    
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Check whether certificate is self-issued.
-     *
-     * @return bool
-     */
-    public function isSelfIssued(): bool
-    {
-        return $this->_tbsCertificate->subject()->equals(
-            $this->_tbsCertificate->issuer());
-    }
-    
-    /**
-     * Check whether certificate is semantically equal to another.
-     *
-     * @param Certificate $cert Certificate to compare to
-     * @return bool
-     */
-    public function equals(Certificate $cert): bool
-    {
-        return $this->_hasEqualSerialNumber($cert) &&
-             $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
-    }
-    
-    /**
-     * Check whether certificate has serial number equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSerialNumber(Certificate $cert): bool
-    {
-        $sn1 = $this->_tbsCertificate->serialNumber();
-        $sn2 = $cert->_tbsCertificate->serialNumber();
-        return $sn1 == $sn2;
-    }
-    
-    /**
-     * Check whether certificate has public key equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualPublicKey(Certificate $cert): bool
-    {
-        $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        return $kid1 == $kid2;
-    }
-    
-    /**
-     * Check whether certificate has subject equal to another.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    private function _hasEqualSubject(Certificate $cert): bool
-    {
-        $dn1 = $this->_tbsCertificate->subject();
-        $dn2 = $cert->_tbsCertificate->subject();
-        return $dn1->equals($dn2);
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_tbsCertificate->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Verify certificate signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Issuer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if certificate signature is valid
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_tbsCertificate->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * "To be signed" certificate information.
+	 *
+	 * @var TBSCertificate $_tbsCertificate
+	 */
+	protected $_tbsCertificate;
+    
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param TBSCertificate $tbsCert
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(TBSCertificate $tbsCert,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_tbsCertificate = $tbsCert;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($tbsCert, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(Sequence::fromDER($data));
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() != PEM::TYPE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get certificate information.
+	 *
+	 * @return TBSCertificate
+	 */
+	public function tbsCertificate(): TBSCertificate
+	{
+		return $this->_tbsCertificate;
+	}
+    
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Check whether certificate is self-issued.
+	 *
+	 * @return bool
+	 */
+	public function isSelfIssued(): bool
+	{
+		return $this->_tbsCertificate->subject()->equals(
+			$this->_tbsCertificate->issuer());
+	}
+    
+	/**
+	 * Check whether certificate is semantically equal to another.
+	 *
+	 * @param Certificate $cert Certificate to compare to
+	 * @return bool
+	 */
+	public function equals(Certificate $cert): bool
+	{
+		return $this->_hasEqualSerialNumber($cert) &&
+			 $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
+	}
+    
+	/**
+	 * Check whether certificate has serial number equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSerialNumber(Certificate $cert): bool
+	{
+		$sn1 = $this->_tbsCertificate->serialNumber();
+		$sn2 = $cert->_tbsCertificate->serialNumber();
+		return $sn1 == $sn2;
+	}
+    
+	/**
+	 * Check whether certificate has public key equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualPublicKey(Certificate $cert): bool
+	{
+		$kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		$kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		return $kid1 == $kid2;
+	}
+    
+	/**
+	 * Check whether certificate has subject equal to another.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	private function _hasEqualSubject(Certificate $cert): bool
+	{
+		$dn1 = $this->_tbsCertificate->subject();
+		$dn2 = $cert->_tbsCertificate->subject();
+		return $dn1->equals($dn2);
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_tbsCertificate->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Issuer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if certificate signature is valid
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_tbsCertificate->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/TBSCertificate.php 1 patch

Indentation +606 added lines, -606 removed lines patch added patch discarded remove patch

@@ -27,610 +27,610 @@
 block discarded – undo
  */
 class TBSCertificate
 {
-    // Certificate version enumerations
-    const VERSION_1 = 0;
-    const VERSION_2 = 1;
-    const VERSION_3 = 2;
-    
-    /**
-     * Certificate version.
-     *
-     * @var int|null
-     */
-    protected $_version;
-    
-    /**
-     * Serial number.
-     *
-     * @var string|null
-     */
-    protected $_serialNumber;
-    
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier|null
-     */
-    protected $_signature;
-    
-    /**
-     * Certificate issuer.
-     *
-     * @var Name $_issuer
-     */
-    protected $_issuer;
-    
-    /**
-     * Certificate validity period.
-     *
-     * @var Validity $_validity
-     */
-    protected $_validity;
-    
-    /**
-     * Certificate subject.
-     *
-     * @var Name $_subject
-     */
-    protected $_subject;
-    
-    /**
-     * Subject public key.
-     *
-     * @var PublicKeyInfo $_subjectPublicKeyInfo
-     */
-    protected $_subjectPublicKeyInfo;
-    
-    /**
-     * Issuer unique identifier.
-     *
-     * @var UniqueIdentifier|null $_issuerUniqueID
-     */
-    protected $_issuerUniqueID;
-    
-    /**
-     * Subject unique identifier.
-     *
-     * @var UniqueIdentifier|null $_subjectUniqueID
-     */
-    protected $_subjectUniqueID;
-    
-    /**
-     * Extensions.
-     *
-     * @var Extensions $_extensions
-     */
-    protected $_extensions;
-    
-    /**
-     * Constructor.
-     *
-     * @param Name $subject Certificate subject
-     * @param PublicKeyInfo $pki Subject public key
-     * @param Name $issuer Certificate issuer
-     * @param Validity $validity Validity period
-     */
-    public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
-        Validity $validity)
-    {
-        $this->_subject = $subject;
-        $this->_subjectPublicKeyInfo = $pki;
-        $this->_issuer = $issuer;
-        $this->_validity = $validity;
-        $this->_extensions = new Extensions();
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $idx = 0;
-        if ($seq->hasTagged(0)) {
-            $idx++;
-            $version = $seq->getTagged(0)
-                ->asExplicit()
-                ->asInteger()
-                ->intNumber();
-        } else {
-            $version = self::VERSION_1;
-        }
-        $serial = $seq->at($idx++)
-            ->asInteger()
-            ->number();
-        $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->name() . ".");
-        }
-        $issuer = Name::fromASN1($seq->at($idx++)->asSequence());
-        $validity = Validity::fromASN1($seq->at($idx++)->asSequence());
-        $subject = Name::fromASN1($seq->at($idx++)->asSequence());
-        $pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
-        $tbs_cert = new self($subject, $pki, $issuer, $validity);
-        $tbs_cert->_version = $version;
-        $tbs_cert->_serialNumber = $serial;
-        $tbs_cert->_signature = $algo;
-        if ($seq->hasTagged(1)) {
-            $tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(2)) {
-            $tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(2)
-                    ->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(3)) {
-            $tbs_cert->_extensions = Extensions::fromASN1(
-                $seq->getTagged(3)
-                    ->asExplicit()
-                    ->asSequence());
-        }
-        return $tbs_cert;
-    }
-    
-    /**
-     * Initialize from certification request.
-     *
-     * Note that signature is not verified and must be done by the caller.
-     *
-     * @param CertificationRequest $cr
-     * @return self
-     */
-    public static function fromCSR(CertificationRequest $cr): self
-    {
-        $cri = $cr->certificationRequestInfo();
-        $tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
-            Validity::fromStrings(null, null));
-        // if CSR has Extension Request attribute
-        if ($cri->hasAttributes()) {
-            $attribs = $cri->attributes();
-            if ($attribs->hasExtensionRequest()) {
-                $tbs_cert = $tbs_cert->withExtensions(
-                    $attribs->extensionRequest()
-                        ->extensions());
-            }
-        }
-        // add Subject Key Identifier extension
-        $tbs_cert = $tbs_cert->withAdditionalExtensions(
-            new SubjectKeyIdentifierExtension(false,
-                $cri->subjectPKInfo()
-                    ->keyIdentifier()));
-        return $tbs_cert;
-    }
-    
-    /**
-     * Get self with fields set from the issuer's certificate.
-     *
-     * Issuer shall be set to issuing certificate's subject.
-     * Authority key identifier extensions shall be added with a key identifier
-     * set to issuing certificate's public key identifier.
-     *
-     * @param Certificate $cert Issuing party's certificate
-     * @return self
-     */
-    public function withIssuerCertificate(Certificate $cert): self
-    {
-        $obj = clone $this;
-        // set issuer DN from cert's subject
-        $obj->_issuer = $cert->tbsCertificate()->subject();
-        // add authority key identifier extension
-        $key_id = $cert->tbsCertificate()
-            ->subjectPublicKeyInfo()
-            ->keyIdentifier();
-        $obj->_extensions = $obj->_extensions->withExtensions(
-            new AuthorityKeyIdentifierExtension(false, $key_id));
-        return $obj;
-    }
-    
-    /**
-     * Get self with given version.
-     *
-     * If version is not set, appropriate version is automatically
-     * determined during signing.
-     *
-     * @param int $version
-     * @return self
-     */
-    public function withVersion(int $version): self
-    {
-        $obj = clone $this;
-        $obj->_version = $version;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given serial number.
-     *
-     * @param int|string $serial Base 10 number
-     * @return self
-     */
-    public function withSerialNumber($serial): self
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = strval($serial);
-        return $obj;
-    }
-    
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16): self
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-    
-    /**
-     * Get self with given signature algorithm.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo): self
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given issuer.
-     *
-     * @param Name $issuer
-     * @return self
-     */
-    public function withIssuer(Name $issuer): self
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given validity.
-     *
-     * @param Validity $validity
-     * @return self
-     */
-    public function withValidity(Validity $validity): self
-    {
-        $obj = clone $this;
-        $obj->_validity = $validity;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given subject.
-     *
-     * @param Name $subject
-     * @return self
-     */
-    public function withSubject(Name $subject): self
-    {
-        $obj = clone $this;
-        $obj->_subject = $subject;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given subject public key info.
-     *
-     * @param PublicKeyInfo $pub_key_info
-     * @return self
-     */
-    public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info): self
-    {
-        $obj = clone $this;
-        $obj->_subjectPublicKeyInfo = $pub_key_info;
-        return $obj;
-    }
-    
-    /**
-     * Get self with issuer unique ID.
-     *
-     * @param UniqueIdentifier $id
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $id): self
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $id;
-        return $obj;
-    }
-    
-    /**
-     * Get self with subject unique ID.
-     *
-     * @param UniqueIdentifier $id
-     * @return self
-     */
-    public function withSubjectUniqueID(UniqueIdentifier $id): self
-    {
-        $obj = clone $this;
-        $obj->_subjectUniqueID = $id;
-        return $obj;
-    }
-    
-    /**
-     * Get self with given extensions.
-     *
-     * @param Extensions $extensions
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-    
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-    
-    /**
-     * Check whether version is set.
-     *
-     * @return bool
-     */
-    public function hasVersion(): bool
-    {
-        return isset($this->_version);
-    }
-    
-    /**
-     * Get certificate version.
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        if (!$this->hasVersion()) {
-            throw new \LogicException("version not set.");
-        }
-        return $this->_version;
-    }
-    
-    /**
-     * Check whether serial number is set.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-    
-    /**
-     * Get serial number.
-     *
-     * @return string Base 10 integer
-     */
-    public function serialNumber(): string
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException("serialNumber not set.");
-        }
-        return $this->_serialNumber;
-    }
-    
-    /**
-     * Check whether signature algorithm is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-    
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature(): SignatureAlgorithmIdentifier
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException("signature not set.");
-        }
-        return $this->_signature;
-    }
-    
-    /**
-     * Get issuer.
-     *
-     * @return Name
-     */
-    public function issuer(): Name
-    {
-        return $this->_issuer;
-    }
-    
-    /**
-     * Get validity period.
-     *
-     * @return Validity
-     */
-    public function validity(): Validity
-    {
-        return $this->_validity;
-    }
-    
-    /**
-     * Get subject.
-     *
-     * @return Name
-     */
-    public function subject(): Name
-    {
-        return $this->_subject;
-    }
-    
-    /**
-     * Get subject public key.
-     *
-     * @return PublicKeyInfo
-     */
-    public function subjectPublicKeyInfo(): PublicKeyInfo
-    {
-        return $this->_subjectPublicKeyInfo;
-    }
-    
-    /**
-     * Whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-    
-    /**
-     * Get issuerUniqueID.
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException("issuerUniqueID not set.");
-        }
-        return $this->_issuerUniqueID;
-    }
-    
-    /**
-     * Whether subject unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectUniqueID(): bool
-    {
-        return isset($this->_subjectUniqueID);
-    }
-    
-    /**
-     * Get subjectUniqueID.
-     *
-     * @return UniqueIdentifier
-     */
-    public function subjectUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasSubjectUniqueID()) {
-            throw new \LogicException("subjectUniqueID not set.");
-        }
-        return $this->_subjectUniqueID;
-    }
-    
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array();
-        $version = $this->version();
-        // if version is not default
-        if ($version != self::VERSION_1) {
-            $elements[] = new ExplicitlyTaggedType(0, new Integer($version));
-        }
-        $serial = $this->serialNumber();
-        $signature = $this->signature();
-        // add required elements
-        array_push($elements, new Integer($serial), $signature->toASN1(),
-            $this->_issuer->toASN1(), $this->_validity->toASN1(),
-            $this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_issuerUniqueID->toASN1());
-        }
-        if (isset($this->_subjectUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(2,
-                $this->_subjectUniqueID->toASN1());
-        }
-        if (count($this->_extensions)) {
-            $elements[] = new ExplicitlyTaggedType(3,
-                $this->_extensions->toASN1());
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Create signed certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
-     * @param PrivateKeyInfo $privkey_info Private key used for signing
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return Certificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, Crypto $crypto = null): Certificate
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $tbs_cert = clone $this;
-        if (!isset($tbs_cert->_version)) {
-            $tbs_cert->_version = $tbs_cert->_determineVersion();
-        }
-        if (!isset($tbs_cert->_serialNumber)) {
-            $tbs_cert->_serialNumber = strval(0);
-        }
-        $tbs_cert->_signature = $algo;
-        $data = $tbs_cert->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new Certificate($tbs_cert, $algo, $signature);
-    }
-    
-    /**
-     * Determine minimum version for the certificate.
-     *
-     * @return int
-     */
-    protected function _determineVersion(): int
-    {
-        // if extensions are present
-        if (count($this->_extensions)) {
-            return self::VERSION_3;
-        }
-        // if UniqueIdentifier is present
-        if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
-            return self::VERSION_2;
-        }
-        return self::VERSION_1;
-    }
+	// Certificate version enumerations
+	const VERSION_1 = 0;
+	const VERSION_2 = 1;
+	const VERSION_3 = 2;
+    
+	/**
+	 * Certificate version.
+	 *
+	 * @var int|null
+	 */
+	protected $_version;
+    
+	/**
+	 * Serial number.
+	 *
+	 * @var string|null
+	 */
+	protected $_serialNumber;
+    
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier|null
+	 */
+	protected $_signature;
+    
+	/**
+	 * Certificate issuer.
+	 *
+	 * @var Name $_issuer
+	 */
+	protected $_issuer;
+    
+	/**
+	 * Certificate validity period.
+	 *
+	 * @var Validity $_validity
+	 */
+	protected $_validity;
+    
+	/**
+	 * Certificate subject.
+	 *
+	 * @var Name $_subject
+	 */
+	protected $_subject;
+    
+	/**
+	 * Subject public key.
+	 *
+	 * @var PublicKeyInfo $_subjectPublicKeyInfo
+	 */
+	protected $_subjectPublicKeyInfo;
+    
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_issuerUniqueID
+	 */
+	protected $_issuerUniqueID;
+    
+	/**
+	 * Subject unique identifier.
+	 *
+	 * @var UniqueIdentifier|null $_subjectUniqueID
+	 */
+	protected $_subjectUniqueID;
+    
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions $_extensions
+	 */
+	protected $_extensions;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Name $subject Certificate subject
+	 * @param PublicKeyInfo $pki Subject public key
+	 * @param Name $issuer Certificate issuer
+	 * @param Validity $validity Validity period
+	 */
+	public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
+		Validity $validity)
+	{
+		$this->_subject = $subject;
+		$this->_subjectPublicKeyInfo = $pki;
+		$this->_issuer = $issuer;
+		$this->_validity = $validity;
+		$this->_extensions = new Extensions();
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$idx = 0;
+		if ($seq->hasTagged(0)) {
+			$idx++;
+			$version = $seq->getTagged(0)
+				->asExplicit()
+				->asInteger()
+				->intNumber();
+		} else {
+			$version = self::VERSION_1;
+		}
+		$serial = $seq->at($idx++)
+			->asInteger()
+			->number();
+		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->name() . ".");
+		}
+		$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
+		$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
+		$subject = Name::fromASN1($seq->at($idx++)->asSequence());
+		$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
+		$tbs_cert = new self($subject, $pki, $issuer, $validity);
+		$tbs_cert->_version = $version;
+		$tbs_cert->_serialNumber = $serial;
+		$tbs_cert->_signature = $algo;
+		if ($seq->hasTagged(1)) {
+			$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(2)) {
+			$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(2)
+					->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(3)) {
+			$tbs_cert->_extensions = Extensions::fromASN1(
+				$seq->getTagged(3)
+					->asExplicit()
+					->asSequence());
+		}
+		return $tbs_cert;
+	}
+    
+	/**
+	 * Initialize from certification request.
+	 *
+	 * Note that signature is not verified and must be done by the caller.
+	 *
+	 * @param CertificationRequest $cr
+	 * @return self
+	 */
+	public static function fromCSR(CertificationRequest $cr): self
+	{
+		$cri = $cr->certificationRequestInfo();
+		$tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
+			Validity::fromStrings(null, null));
+		// if CSR has Extension Request attribute
+		if ($cri->hasAttributes()) {
+			$attribs = $cri->attributes();
+			if ($attribs->hasExtensionRequest()) {
+				$tbs_cert = $tbs_cert->withExtensions(
+					$attribs->extensionRequest()
+						->extensions());
+			}
+		}
+		// add Subject Key Identifier extension
+		$tbs_cert = $tbs_cert->withAdditionalExtensions(
+			new SubjectKeyIdentifierExtension(false,
+				$cri->subjectPKInfo()
+					->keyIdentifier()));
+		return $tbs_cert;
+	}
+    
+	/**
+	 * Get self with fields set from the issuer's certificate.
+	 *
+	 * Issuer shall be set to issuing certificate's subject.
+	 * Authority key identifier extensions shall be added with a key identifier
+	 * set to issuing certificate's public key identifier.
+	 *
+	 * @param Certificate $cert Issuing party's certificate
+	 * @return self
+	 */
+	public function withIssuerCertificate(Certificate $cert): self
+	{
+		$obj = clone $this;
+		// set issuer DN from cert's subject
+		$obj->_issuer = $cert->tbsCertificate()->subject();
+		// add authority key identifier extension
+		$key_id = $cert->tbsCertificate()
+			->subjectPublicKeyInfo()
+			->keyIdentifier();
+		$obj->_extensions = $obj->_extensions->withExtensions(
+			new AuthorityKeyIdentifierExtension(false, $key_id));
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given version.
+	 *
+	 * If version is not set, appropriate version is automatically
+	 * determined during signing.
+	 *
+	 * @param int $version
+	 * @return self
+	 */
+	public function withVersion(int $version): self
+	{
+		$obj = clone $this;
+		$obj->_version = $version;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given serial number.
+	 *
+	 * @param int|string $serial Base 10 number
+	 * @return self
+	 */
+	public function withSerialNumber($serial): self
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = strval($serial);
+		return $obj;
+	}
+    
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16): self
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+    
+	/**
+	 * Get self with given signature algorithm.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo): self
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given issuer.
+	 *
+	 * @param Name $issuer
+	 * @return self
+	 */
+	public function withIssuer(Name $issuer): self
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given validity.
+	 *
+	 * @param Validity $validity
+	 * @return self
+	 */
+	public function withValidity(Validity $validity): self
+	{
+		$obj = clone $this;
+		$obj->_validity = $validity;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given subject.
+	 *
+	 * @param Name $subject
+	 * @return self
+	 */
+	public function withSubject(Name $subject): self
+	{
+		$obj = clone $this;
+		$obj->_subject = $subject;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given subject public key info.
+	 *
+	 * @param PublicKeyInfo $pub_key_info
+	 * @return self
+	 */
+	public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info): self
+	{
+		$obj = clone $this;
+		$obj->_subjectPublicKeyInfo = $pub_key_info;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with issuer unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $id): self
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $id;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with subject unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 * @return self
+	 */
+	public function withSubjectUniqueID(UniqueIdentifier $id): self
+	{
+		$obj = clone $this;
+		$obj->_subjectUniqueID = $id;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with given extensions.
+	 *
+	 * @param Extensions $extensions
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+    
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+    
+	/**
+	 * Check whether version is set.
+	 *
+	 * @return bool
+	 */
+	public function hasVersion(): bool
+	{
+		return isset($this->_version);
+	}
+    
+	/**
+	 * Get certificate version.
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		if (!$this->hasVersion()) {
+			throw new \LogicException("version not set.");
+		}
+		return $this->_version;
+	}
+    
+	/**
+	 * Check whether serial number is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+    
+	/**
+	 * Get serial number.
+	 *
+	 * @return string Base 10 integer
+	 */
+	public function serialNumber(): string
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException("serialNumber not set.");
+		}
+		return $this->_serialNumber;
+	}
+    
+	/**
+	 * Check whether signature algorithm is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+    
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature(): SignatureAlgorithmIdentifier
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException("signature not set.");
+		}
+		return $this->_signature;
+	}
+    
+	/**
+	 * Get issuer.
+	 *
+	 * @return Name
+	 */
+	public function issuer(): Name
+	{
+		return $this->_issuer;
+	}
+    
+	/**
+	 * Get validity period.
+	 *
+	 * @return Validity
+	 */
+	public function validity(): Validity
+	{
+		return $this->_validity;
+	}
+    
+	/**
+	 * Get subject.
+	 *
+	 * @return Name
+	 */
+	public function subject(): Name
+	{
+		return $this->_subject;
+	}
+    
+	/**
+	 * Get subject public key.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function subjectPublicKeyInfo(): PublicKeyInfo
+	{
+		return $this->_subjectPublicKeyInfo;
+	}
+    
+	/**
+	 * Whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+    
+	/**
+	 * Get issuerUniqueID.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException("issuerUniqueID not set.");
+		}
+		return $this->_issuerUniqueID;
+	}
+    
+	/**
+	 * Whether subject unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectUniqueID(): bool
+	{
+		return isset($this->_subjectUniqueID);
+	}
+    
+	/**
+	 * Get subjectUniqueID.
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function subjectUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasSubjectUniqueID()) {
+			throw new \LogicException("subjectUniqueID not set.");
+		}
+		return $this->_subjectUniqueID;
+	}
+    
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array();
+		$version = $this->version();
+		// if version is not default
+		if ($version != self::VERSION_1) {
+			$elements[] = new ExplicitlyTaggedType(0, new Integer($version));
+		}
+		$serial = $this->serialNumber();
+		$signature = $this->signature();
+		// add required elements
+		array_push($elements, new Integer($serial), $signature->toASN1(),
+			$this->_issuer->toASN1(), $this->_validity->toASN1(),
+			$this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_issuerUniqueID->toASN1());
+		}
+		if (isset($this->_subjectUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(2,
+				$this->_subjectUniqueID->toASN1());
+		}
+		if (count($this->_extensions)) {
+			$elements[] = new ExplicitlyTaggedType(3,
+				$this->_extensions->toASN1());
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Create signed certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo Algorithm used for signing
+	 * @param PrivateKeyInfo $privkey_info Private key used for signing
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return Certificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, Crypto $crypto = null): Certificate
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$tbs_cert = clone $this;
+		if (!isset($tbs_cert->_version)) {
+			$tbs_cert->_version = $tbs_cert->_determineVersion();
+		}
+		if (!isset($tbs_cert->_serialNumber)) {
+			$tbs_cert->_serialNumber = strval(0);
+		}
+		$tbs_cert->_signature = $algo;
+		$data = $tbs_cert->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new Certificate($tbs_cert, $algo, $signature);
+	}
+    
+	/**
+	 * Determine minimum version for the certificate.
+	 *
+	 * @return int
+	 */
+	protected function _determineVersion(): int
+	{
+		// if extensions are present
+		if (count($this->_extensions)) {
+			return self::VERSION_3;
+		}
+		// if UniqueIdentifier is present
+		if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
+			return self::VERSION_2;
+		}
+		return self::VERSION_1;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/Certificate/Extension/PolicyMappingsExtension.php 1 patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch

@@ -15,170 +15,170 @@
 block discarded – undo
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.1.5
  */
 class PolicyMappingsExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    /**
-     * Policy mappings.
-     *
-     * @var PolicyMapping[] $_mappings
-     */
-    protected $_mappings;
+	/**
+	 * Policy mappings.
+	 *
+	 * @var PolicyMapping[] $_mappings
+	 */
+	protected $_mappings;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param PolicyMapping[] $mappings One or more PolicyMapping objects
-     */
-    public function __construct(bool $critical, PolicyMapping ...$mappings)
-    {
-        parent::__construct(self::OID_POLICY_MAPPINGS, $critical);
-        $this->_mappings = $mappings;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param PolicyMapping[] $mappings One or more PolicyMapping objects
+	 */
+	public function __construct(bool $critical, PolicyMapping ...$mappings)
+	{
+		parent::__construct(self::OID_POLICY_MAPPINGS, $critical);
+		$this->_mappings = $mappings;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $mappings = array_map(
-            function (UnspecifiedType $el) {
-                return PolicyMapping::fromASN1($el->asSequence());
-            }, Sequence::fromDER($data)->elements());
-        if (!count($mappings)) {
-            throw new \UnexpectedValueException(
-                "PolicyMappings must have at least one mapping.");
-        }
-        return new self($critical, ...$mappings);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$mappings = array_map(
+			function (UnspecifiedType $el) {
+				return PolicyMapping::fromASN1($el->asSequence());
+			}, Sequence::fromDER($data)->elements());
+		if (!count($mappings)) {
+			throw new \UnexpectedValueException(
+				"PolicyMappings must have at least one mapping.");
+		}
+		return new self($critical, ...$mappings);
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        if (!count($this->_mappings)) {
-            throw new \LogicException("No mappings.");
-        }
-        $elements = array_map(
-            function (PolicyMapping $mapping) {
-                return $mapping->toASN1();
-            }, $this->_mappings);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		if (!count($this->_mappings)) {
+			throw new \LogicException("No mappings.");
+		}
+		$elements = array_map(
+			function (PolicyMapping $mapping) {
+				return $mapping->toASN1();
+			}, $this->_mappings);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get all mappings.
-     *
-     * @return PolicyMapping[]
-     */
-    public function mappings(): array
-    {
-        return $this->_mappings;
-    }
+	/**
+	 * Get all mappings.
+	 *
+	 * @return PolicyMapping[]
+	 */
+	public function mappings(): array
+	{
+		return $this->_mappings;
+	}
     
-    /**
-     * Get mappings flattened into a single array of arrays of subject domains
-     * keyed by issuer domain.
-     *
-     * Eg. if policy mappings contains multiple mappings with the same issuer
-     * domain policy, their corresponding subject domain policies are placed
-     * under the same key.
-     *
-     * @return (string[])[]
-     */
-    public function flattenedMappings(): array
-    {
-        $mappings = array();
-        foreach ($this->_mappings as $mapping) {
-            $idp = $mapping->issuerDomainPolicy();
-            if (!isset($mappings[$idp])) {
-                $mappings[$idp] = array();
-            }
-            array_push($mappings[$idp], $mapping->subjectDomainPolicy());
-        }
-        return $mappings;
-    }
+	/**
+	 * Get mappings flattened into a single array of arrays of subject domains
+	 * keyed by issuer domain.
+	 *
+	 * Eg. if policy mappings contains multiple mappings with the same issuer
+	 * domain policy, their corresponding subject domain policies are placed
+	 * under the same key.
+	 *
+	 * @return (string[])[]
+	 */
+	public function flattenedMappings(): array
+	{
+		$mappings = array();
+		foreach ($this->_mappings as $mapping) {
+			$idp = $mapping->issuerDomainPolicy();
+			if (!isset($mappings[$idp])) {
+				$mappings[$idp] = array();
+			}
+			array_push($mappings[$idp], $mapping->subjectDomainPolicy());
+		}
+		return $mappings;
+	}
     
-    /**
-     * Get all subject domain policy OIDs that are mapped to given issuer
-     * domain policy OID.
-     *
-     * @param string $oid Issuer domain policy
-     * @return string[] List of OIDs in dotted format
-     */
-    public function issuerMappings(string $oid): array
-    {
-        $oids = array();
-        foreach ($this->_mappings as $mapping) {
-            if ($mapping->issuerDomainPolicy() == $oid) {
-                $oids[] = $mapping->subjectDomainPolicy();
-            }
-        }
-        return $oids;
-    }
+	/**
+	 * Get all subject domain policy OIDs that are mapped to given issuer
+	 * domain policy OID.
+	 *
+	 * @param string $oid Issuer domain policy
+	 * @return string[] List of OIDs in dotted format
+	 */
+	public function issuerMappings(string $oid): array
+	{
+		$oids = array();
+		foreach ($this->_mappings as $mapping) {
+			if ($mapping->issuerDomainPolicy() == $oid) {
+				$oids[] = $mapping->subjectDomainPolicy();
+			}
+		}
+		return $oids;
+	}
     
-    /**
-     * Get all mapped issuer domain policy OIDs.
-     *
-     * @return string[]
-     */
-    public function issuerDomainPolicies(): array
-    {
-        $idps = array_map(
-            function (PolicyMapping $mapping) {
-                return $mapping->issuerDomainPolicy();
-            }, $this->_mappings);
-        return array_values(array_unique($idps));
-    }
+	/**
+	 * Get all mapped issuer domain policy OIDs.
+	 *
+	 * @return string[]
+	 */
+	public function issuerDomainPolicies(): array
+	{
+		$idps = array_map(
+			function (PolicyMapping $mapping) {
+				return $mapping->issuerDomainPolicy();
+			}, $this->_mappings);
+		return array_values(array_unique($idps));
+	}
     
-    /**
-     * Check whether policy mappings have anyPolicy mapped.
-     *
-     * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either
-     * to or from the special value anyPolicy".
-     *
-     * @return bool
-     */
-    public function hasAnyPolicyMapping(): bool
-    {
-        foreach ($this->_mappings as $mapping) {
-            if ($mapping->issuerDomainPolicy() ==
-                 PolicyInformation::OID_ANY_POLICY) {
-                return true;
-            }
-            if ($mapping->subjectDomainPolicy() ==
-                 PolicyInformation::OID_ANY_POLICY) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether policy mappings have anyPolicy mapped.
+	 *
+	 * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either
+	 * to or from the special value anyPolicy".
+	 *
+	 * @return bool
+	 */
+	public function hasAnyPolicyMapping(): bool
+	{
+		foreach ($this->_mappings as $mapping) {
+			if ($mapping->issuerDomainPolicy() ==
+				 PolicyInformation::OID_ANY_POLICY) {
+				return true;
+			}
+			if ($mapping->subjectDomainPolicy() ==
+				 PolicyInformation::OID_ANY_POLICY) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Get the number of mappings.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_mappings);
-    }
+	/**
+	 * Get the number of mappings.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_mappings);
+	}
     
-    /**
-     * Get iterator for policy mappings.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_mappings);
-    }
+	/**
+	 * Get iterator for policy mappings.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_mappings);
+	}
 }

Please login to merge, or discard this patch.

GitHub Access Token became invalid

Push — master ( 584877...f7ba31 )

Status

Category

Indentation +62 added lines, -62 removed lines patch added patch discarded remove patch

Indentation +117 added lines, -117 removed lines patch added patch discarded remove patch

Indentation +75 added lines, -75 removed lines patch added patch discarded remove patch

Indentation +189 added lines, -189 removed lines patch added patch discarded remove patch

Indentation +410 added lines, -410 removed lines patch added patch discarded remove patch

Indentation +92 added lines, -92 removed lines patch added patch discarded remove patch

Indentation +231 added lines, -231 removed lines patch added patch discarded remove patch

Indentation +606 added lines, -606 removed lines patch added patch discarded remove patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch

		@@ -13,72 +13,72 @@
		block discarded – undo
13	13	*/
14	14	class UniqueIdentifier
15	15	{
16		- /**
17		- * Identifier.
18		- *
19		- * @var BitString $_uid
20		- */
21		- protected $_uid;
	16	+ /**
	17	+ * Identifier.
	18	+ *
	19	+ * @var BitString $_uid
	20	+ */
	21	+ protected $_uid;
22	22
23		- /**
24		- * Constructor.
25		- *
26		- * @param BitString $bs
27		- */
28		- public function __construct(BitString $bs)
29		- {
30		- $this->_uid = $bs;
31		- }
	23	+ /**
	24	+ * Constructor.
	25	+ *
	26	+ * @param BitString $bs
	27	+ */
	28	+ public function __construct(BitString $bs)
	29	+ {
	30	+ $this->_uid = $bs;
	31	+ }
32	32
33		- /**
34		- * Initialize from ASN.1.
35		- *
36		- * @param BitString $bs
37		- * @return self
38		- */
39		- public static function fromASN1(BitString $bs): self
40		- {
41		- return new self($bs);
42		- }
	33	+ /**
	34	+ * Initialize from ASN.1.
	35	+ *
	36	+ * @param BitString $bs
	37	+ * @return self
	38	+ */
	39	+ public static function fromASN1(BitString $bs): self
	40	+ {
	41	+ return new self($bs);
	42	+ }
43	43
44		- /**
45		- * Initialize from string.
46		- *
47		- * @param string $str
48		- * @return self
49		- */
50		- public static function fromString(string $str): self
51		- {
52		- return new self(new BitString($str));
53		- }
	44	+ /**
	45	+ * Initialize from string.
	46	+ *
	47	+ * @param string $str
	48	+ * @return self
	49	+ */
	50	+ public static function fromString(string $str): self
	51	+ {
	52	+ return new self(new BitString($str));
	53	+ }
54	54
55		- /**
56		- * Get unique identifier as a string.
57		- *
58		- * @return string
59		- */
60		- public function string(): string
61		- {
62		- return $this->_uid->string();
63		- }
	55	+ /**
	56	+ * Get unique identifier as a string.
	57	+ *
	58	+ * @return string
	59	+ */
	60	+ public function string(): string
	61	+ {
	62	+ return $this->_uid->string();
	63	+ }
64	64
65		- /**
66		- * Get unique identifier as a bit string.
67		- *
68		- * @return BitString
69		- */
70		- public function bitString(): BitString
71		- {
72		- return $this->_uid;
73		- }
	65	+ /**
	66	+ * Get unique identifier as a bit string.
	67	+ *
	68	+ * @return BitString
	69	+ */
	70	+ public function bitString(): BitString
	71	+ {
	72	+ return $this->_uid;
	73	+ }
74	74
75		- /**
76		- * Get ASN.1 element.
77		- *
78		- * @return BitString
79		- */
80		- public function toASN1(): BitString
81		- {
82		- return $this->_uid;
83		- }
	75	+ /**
	76	+ * Get ASN.1 element.
	77	+ *
	78	+ * @return BitString
	79	+ */
	80	+ public function toASN1(): BitString
	81	+ {
	82	+ return $this->_uid;
	83	+ }
84	84	}

		@@ -13,131 +13,131 @@
		block discarded – undo
13	13	*/
14	14	class CertificateChain implements \Countable, \IteratorAggregate
15	15	{
16		- /**
17		- * List of certificates in a chain.
18		- *
19		- * @var Certificate[]
20		- */
21		- protected $_certs;
	16	+ /**
	17	+ * List of certificates in a chain.
	18	+ *
	19	+ * @var Certificate[]
	20	+ */
	21	+ protected $_certs;
22	22
23		- /**
24		- * Constructor.
25		- *
26		- * @param Certificate ...$certs List of certificates, end-entity first
27		- */
28		- public function __construct(Certificate ...$certs)
29		- {
30		- $this->_certs = $certs;
31		- }
	23	+ /**
	24	+ * Constructor.
	25	+ *
	26	+ * @param Certificate ...$certs List of certificates, end-entity first
	27	+ */
	28	+ public function __construct(Certificate ...$certs)
	29	+ {
	30	+ $this->_certs = $certs;
	31	+ }
32	32
33		- /**
34		- * Initialize from a list of PEMs.
35		- *
36		- * @param PEM ...$pems
37		- * @return self
38		- */
39		- public static function fromPEMs(PEM ...$pems): self
40		- {
41		- $certs = array_map(
42		- function (PEM $pem) {
43		- return Certificate::fromPEM($pem);
44		- }, $pems);
45		- return new self(...$certs);
46		- }
	33	+ /**
	34	+ * Initialize from a list of PEMs.
	35	+ *
	36	+ * @param PEM ...$pems
	37	+ * @return self
	38	+ */
	39	+ public static function fromPEMs(PEM ...$pems): self
	40	+ {
	41	+ $certs = array_map(
	42	+ function (PEM $pem) {
	43	+ return Certificate::fromPEM($pem);
	44	+ }, $pems);
	45	+ return new self(...$certs);
	46	+ }
47	47
48		- /**
49		- * Initialize from a string containing multiple PEM blocks.
50		- *
51		- * @param string $str
52		- * @return self
53		- */
54		- public static function fromPEMString(string $str): self
55		- {
56		- $pems = PEMBundle::fromString($str)->all();
57		- return self::fromPEMs(...$pems);
58		- }
	48	+ /**
	49	+ * Initialize from a string containing multiple PEM blocks.
	50	+ *
	51	+ * @param string $str
	52	+ * @return self
	53	+ */
	54	+ public static function fromPEMString(string $str): self
	55	+ {
	56	+ $pems = PEMBundle::fromString($str)->all();
	57	+ return self::fromPEMs(...$pems);
	58	+ }
59	59
60		- /**
61		- * Get all certificates in a chain ordered from the end-entity certificate
62		- * to the trust anchor.
63		- *
64		- * @return Certificate[]
65		- */
66		- public function certificates(): array
67		- {
68		- return $this->_certs;
69		- }
	60	+ /**
	61	+ * Get all certificates in a chain ordered from the end-entity certificate
	62	+ * to the trust anchor.
	63	+ *
	64	+ * @return Certificate[]
	65	+ */
	66	+ public function certificates(): array
	67	+ {
	68	+ return $this->_certs;
	69	+ }
70	70
71		- /**
72		- * Get the end-entity certificate.
73		- *
74		- * @throws \LogicException
75		- * @return Certificate
76		- */
77		- public function endEntityCertificate(): Certificate
78		- {
79		- if (!count($this->_certs)) {
80		- throw new \LogicException("No certificates.");
81		- }
82		- return $this->_certs[0];
83		- }
	71	+ /**
	72	+ * Get the end-entity certificate.
	73	+ *
	74	+ * @throws \LogicException
	75	+ * @return Certificate
	76	+ */
	77	+ public function endEntityCertificate(): Certificate
	78	+ {
	79	+ if (!count($this->_certs)) {
	80	+ throw new \LogicException("No certificates.");
	81	+ }
	82	+ return $this->_certs[0];
	83	+ }
84	84
85		- /**
86		- * Get the trust anchor certificate.
87		- *
88		- * @throws \LogicException
89		- * @return Certificate
90		- */
91		- public function trustAnchorCertificate(): Certificate
92		- {
93		- if (!count($this->_certs)) {
94		- throw new \LogicException("No certificates.");
95		- }
96		- return $this->_certs[count($this->_certs) - 1];
97		- }
	85	+ /**
	86	+ * Get the trust anchor certificate.
	87	+ *
	88	+ * @throws \LogicException
	89	+ * @return Certificate
	90	+ */
	91	+ public function trustAnchorCertificate(): Certificate
	92	+ {
	93	+ if (!count($this->_certs)) {
	94	+ throw new \LogicException("No certificates.");
	95	+ }
	96	+ return $this->_certs[count($this->_certs) - 1];
	97	+ }
98	98
99		- /**
100		- * Convert certificate chain to certification path.
101		- *
102		- * @return CertificationPath
103		- */
104		- public function certificationPath(): CertificationPath
105		- {
106		- return CertificationPath::fromCertificateChain($this);
107		- }
	99	+ /**
	100	+ * Convert certificate chain to certification path.
	101	+ *
	102	+ * @return CertificationPath
	103	+ */
	104	+ public function certificationPath(): CertificationPath
	105	+ {
	106	+ return CertificationPath::fromCertificateChain($this);
	107	+ }
108	108
109		- /**
110		- * Convert certificate chain to string of PEM blocks.
111		- *
112		- * @return string
113		- */
114		- public function toPEMString(): string
115		- {
116		- return implode("\n",
117		- array_map(
118		- function (Certificate $cert) {
119		- return $cert->toPEM()->string();
120		- }, $this->_certs));
121		- }
	109	+ /**
	110	+ * Convert certificate chain to string of PEM blocks.
	111	+ *
	112	+ * @return string
	113	+ */
	114	+ public function toPEMString(): string
	115	+ {
	116	+ return implode("\n",
	117	+ array_map(
	118	+ function (Certificate $cert) {
	119	+ return $cert->toPEM()->string();
	120	+ }, $this->_certs));
	121	+ }
122	122
123		- /**
124		- *
125		- * @see \Countable::count()
126		- * @return int
127		- */
128		- public function count(): int
129		- {
130		- return count($this->_certs);
131		- }
	123	+ /**
	124	+ *
	125	+ * @see \Countable::count()
	126	+ * @return int
	127	+ */
	128	+ public function count(): int
	129	+ {
	130	+ return count($this->_certs);
	131	+ }
132	132
133		- /**
134		- * Get iterator for certificates.
135		- *
136		- * @see \IteratorAggregate::getIterator()
137		- * @return \ArrayIterator
138		- */
139		- public function getIterator(): \ArrayIterator
140		- {
141		- return new \ArrayIterator($this->_certs);
142		- }
	133	+ /**
	134	+ * Get iterator for certificates.
	135	+ *
	136	+ * @see \IteratorAggregate::getIterator()
	137	+ * @return \ArrayIterator
	138	+ */
	139	+ public function getIterator(): \ArrayIterator
	140	+ {
	141	+ return new \ArrayIterator($this->_certs);
	142	+ }
143	143	}

		@@ -13,86 +13,86 @@
		block discarded – undo
13	13	*/
14	14	class Validity
15	15	{
16		- /**
17		- * Not before time.
18		- *
19		- * @var Time $_notBefore
20		- */
21		- protected $_notBefore;
	16	+ /**
	17	+ * Not before time.
	18	+ *
	19	+ * @var Time $_notBefore
	20	+ */
	21	+ protected $_notBefore;
22	22
23		- /**
24		- * Not after time.
25		- *
26		- * @var Time $_notAfter
27		- */
28		- protected $_notAfter;
	23	+ /**
	24	+ * Not after time.
	25	+ *
	26	+ * @var Time $_notAfter
	27	+ */
	28	+ protected $_notAfter;
29	29
30		- /**
31		- * Constructor.
32		- *
33		- * @param Time $not_before
34		- * @param Time $not_after
35		- */
36		- public function __construct(Time $not_before, Time $not_after)
37		- {
38		- $this->_notBefore = $not_before;
39		- $this->_notAfter = $not_after;
40		- }
	30	+ /**
	31	+ * Constructor.
	32	+ *
	33	+ * @param Time $not_before
	34	+ * @param Time $not_after
	35	+ */
	36	+ public function __construct(Time $not_before, Time $not_after)
	37	+ {
	38	+ $this->_notBefore = $not_before;
	39	+ $this->_notAfter = $not_after;
	40	+ }
41	41
42		- /**
43		- * Initialize from ASN.1.
44		- *
45		- * @param Sequence $seq
46		- */
47		- public static function fromASN1(Sequence $seq): self
48		- {
49		- $nb = Time::fromASN1($seq->at(0)->asTime());
50		- $na = Time::fromASN1($seq->at(1)->asTime());
51		- return new self($nb, $na);
52		- }
	42	+ /**
	43	+ * Initialize from ASN.1.
	44	+ *
	45	+ * @param Sequence $seq
	46	+ */
	47	+ public static function fromASN1(Sequence $seq): self
	48	+ {
	49	+ $nb = Time::fromASN1($seq->at(0)->asTime());
	50	+ $na = Time::fromASN1($seq->at(1)->asTime());
	51	+ return new self($nb, $na);
	52	+ }
53	53
54		- /**
55		- * Initialize from date strings.
56		- *
57		- * @param string\|null $nb_date Not before date
58		- * @param string\|null $na_date Not after date
59		- * @param string\|null $tz Timezone string
60		- * @return self
61		- */
62		- public static function fromStrings($nb_date, $na_date, $tz = null): self
63		- {
64		- return new self(Time::fromString($nb_date, $tz),
65		- Time::fromString($na_date, $tz));
66		- }
	54	+ /**
	55	+ * Initialize from date strings.
	56	+ *
	57	+ * @param string\|null $nb_date Not before date
	58	+ * @param string\|null $na_date Not after date
	59	+ * @param string\|null $tz Timezone string
	60	+ * @return self
	61	+ */
	62	+ public static function fromStrings($nb_date, $na_date, $tz = null): self
	63	+ {
	64	+ return new self(Time::fromString($nb_date, $tz),
	65	+ Time::fromString($na_date, $tz));
	66	+ }
67	67
68		- /**
69		- * Get not before time.
70		- *
71		- * @return Time
72		- */
73		- public function notBefore(): Time
74		- {
75		- return $this->_notBefore;
76		- }
	68	+ /**
	69	+ * Get not before time.
	70	+ *
	71	+ * @return Time
	72	+ */
	73	+ public function notBefore(): Time
	74	+ {
	75	+ return $this->_notBefore;
	76	+ }
77	77
78		- /**
79		- * Get not after time.
80		- *
81		- * @return Time
82		- */
83		- public function notAfter(): Time
84		- {
85		- return $this->_notAfter;
86		- }
	78	+ /**
	79	+ * Get not after time.
	80	+ *
	81	+ * @return Time
	82	+ */
	83	+ public function notAfter(): Time
	84	+ {
	85	+ return $this->_notAfter;
	86	+ }
87	87
88		- /**
89		- * Generate ASN.1 structure.
90		- *
91		- * @return Sequence
92		- */
93		- public function toASN1(): Sequence
94		- {
95		- return new Sequence($this->_notBefore->toASN1(),
96		- $this->_notAfter->toASN1());
97		- }
	88	+ /**
	89	+ * Generate ASN.1 structure.
	90	+ *
	91	+ * @return Sequence
	92	+ */
	93	+ public function toASN1(): Sequence
	94	+ {
	95	+ return new Sequence($this->_notBefore->toASN1(),
	96	+ $this->_notAfter->toASN1());
	97	+ }
98	98	}

		@@ -12,208 +12,208 @@
		block discarded – undo
12	12	*/
13	13	class CertificateBundle implements \Countable, \IteratorAggregate
14	14	{
15		- /**
16		- * Certificates.
17		- *
18		- * @var Certificate[] $_certs
19		- */
20		- protected $_certs;
	15	+ /**
	16	+ * Certificates.
	17	+ *
	18	+ * @var Certificate[] $_certs
	19	+ */
	20	+ protected $_certs;
21	21
22		- /**
23		- * Mapping from public key id to array of certificates.
24		- *
25		- * @var null\|(Certificate[])[]
26		- */
27		- private $_keyIdMap;
	22	+ /**
	23	+ * Mapping from public key id to array of certificates.
	24	+ *
	25	+ * @var null\|(Certificate[])[]
	26	+ */
	27	+ private $_keyIdMap;
28	28
29		- /**
30		- * Constructor.
31		- *
32		- * @param Certificate[] $certs Certificate objects
33		- */
34		- public function __construct(Certificate ...$certs)
35		- {
36		- $this->_certs = $certs;
37		- }
	29	+ /**
	30	+ * Constructor.
	31	+ *
	32	+ * @param Certificate[] $certs Certificate objects
	33	+ */
	34	+ public function __construct(Certificate ...$certs)
	35	+ {
	36	+ $this->_certs = $certs;
	37	+ }
38	38
39		- /**
40		- * Reset internal cached variables on clone.
41		- */
42		- public function __clone()
43		- {
44		- $this->_keyIdMap = null;
45		- }
	39	+ /**
	40	+ * Reset internal cached variables on clone.
	41	+ */
	42	+ public function __clone()
	43	+ {
	44	+ $this->_keyIdMap = null;
	45	+ }
46	46
47		- /**
48		- * Initialize from PEMs.
49		- *
50		- * @param PEM[] $pems PEM objects
51		- * @return self
52		- */
53		- public static function fromPEMs(PEM ...$pems): self
54		- {
55		- $certs = array_map(
56		- function ($pem) {
57		- return Certificate::fromPEM($pem);
58		- }, $pems);
59		- return new self(...$certs);
60		- }
	47	+ /**
	48	+ * Initialize from PEMs.
	49	+ *
	50	+ * @param PEM[] $pems PEM objects
	51	+ * @return self
	52	+ */
	53	+ public static function fromPEMs(PEM ...$pems): self
	54	+ {
	55	+ $certs = array_map(
	56	+ function ($pem) {
	57	+ return Certificate::fromPEM($pem);
	58	+ }, $pems);
	59	+ return new self(...$certs);
	60	+ }
61	61
62		- /**
63		- * Initialize from PEM bundle.
64		- *
65		- * @param PEMBundle $pem_bundle
66		- * @return self
67		- */
68		- public static function fromPEMBundle(PEMBundle $pem_bundle): self
69		- {
70		- return self::fromPEMs(...$pem_bundle->all());
71		- }
	62	+ /**
	63	+ * Initialize from PEM bundle.
	64	+ *
	65	+ * @param PEMBundle $pem_bundle
	66	+ * @return self
	67	+ */
	68	+ public static function fromPEMBundle(PEMBundle $pem_bundle): self
	69	+ {
	70	+ return self::fromPEMs(...$pem_bundle->all());
	71	+ }
72	72
73		- /**
74		- * Get self with certificates added.
75		- *
76		- * @param Certificate[] $cert
77		- * @return self
78		- */
79		- public function withCertificates(Certificate ...$cert): self
80		- {
81		- $obj = clone $this;
82		- $obj->_certs = array_merge($obj->_certs, $cert);
83		- return $obj;
84		- }
	73	+ /**
	74	+ * Get self with certificates added.
	75	+ *
	76	+ * @param Certificate[] $cert
	77	+ * @return self
	78	+ */
	79	+ public function withCertificates(Certificate ...$cert): self
	80	+ {
	81	+ $obj = clone $this;
	82	+ $obj->_certs = array_merge($obj->_certs, $cert);
	83	+ return $obj;
	84	+ }
85	85
86		- /**
87		- * Get self with certificates from PEMBundle added.
88		- *
89		- * @param PEMBundle $pem_bundle
90		- * @return self
91		- */
92		- public function withPEMBundle(PEMBundle $pem_bundle): self
93		- {
94		- $certs = $this->_certs;
95		- foreach ($pem_bundle as $pem) {
96		- $certs[] = Certificate::fromPEM($pem);
97		- }
98		- return new self(...$certs);
99		- }
	86	+ /**
	87	+ * Get self with certificates from PEMBundle added.
	88	+ *
	89	+ * @param PEMBundle $pem_bundle
	90	+ * @return self
	91	+ */
	92	+ public function withPEMBundle(PEMBundle $pem_bundle): self
	93	+ {
	94	+ $certs = $this->_certs;
	95	+ foreach ($pem_bundle as $pem) {
	96	+ $certs[] = Certificate::fromPEM($pem);
	97	+ }
	98	+ return new self(...$certs);
	99	+ }
100	100
101		- /**
102		- * Get self with single certificate from PEM added.
103		- *
104		- * @param PEM $pem
105		- * @return self
106		- */
107		- public function withPEM(PEM $pem): self
108		- {
109		- $certs = $this->_certs;
110		- $certs[] = Certificate::fromPEM($pem);
111		- return new self(...$certs);
112		- }
	101	+ /**
	102	+ * Get self with single certificate from PEM added.
	103	+ *
	104	+ * @param PEM $pem
	105	+ * @return self
	106	+ */
	107	+ public function withPEM(PEM $pem): self
	108	+ {
	109	+ $certs = $this->_certs;
	110	+ $certs[] = Certificate::fromPEM($pem);
	111	+ return new self(...$certs);
	112	+ }
113	113
114		- /**
115		- * Check whether bundle contains a given certificate.
116		- *
117		- * @param Certificate $cert
118		- * @return bool
119		- */
120		- public function contains(Certificate $cert): bool
121		- {
122		- $id = self::_getCertKeyId($cert);
123		- $map = $this->_getKeyIdMap();
124		- if (!isset($map[$id])) {
125		- return false;
126		- }
127		- foreach ($map[$id] as $c) {
128		- /** @var Certificate $c */
129		- if ($cert->equals($c)) {
130		- return true;
131		- }
132		- }
133		- return false;
134		- }
	114	+ /**
	115	+ * Check whether bundle contains a given certificate.
	116	+ *
	117	+ * @param Certificate $cert
	118	+ * @return bool
	119	+ */
	120	+ public function contains(Certificate $cert): bool
	121	+ {
	122	+ $id = self::_getCertKeyId($cert);
	123	+ $map = $this->_getKeyIdMap();
	124	+ if (!isset($map[$id])) {
	125	+ return false;
	126	+ }
	127	+ foreach ($map[$id] as $c) {
	128	+ /** @var Certificate $c */
	129	+ if ($cert->equals($c)) {
	130	+ return true;
	131	+ }
	132	+ }
	133	+ return false;
	134	+ }
135	135
136		- /**
137		- * Get all certificates that have given subject key identifier.
138		- *
139		- * @param string $id
140		- * @return Certificate[]
141		- */
142		- public function allBySubjectKeyIdentifier(string $id): array
143		- {
144		- $map = $this->_getKeyIdMap();
145		- if (!isset($map[$id])) {
146		- return array();
147		- }
148		- return $map[$id];
149		- }
	136	+ /**
	137	+ * Get all certificates that have given subject key identifier.
	138	+ *
	139	+ * @param string $id
	140	+ * @return Certificate[]
	141	+ */
	142	+ public function allBySubjectKeyIdentifier(string $id): array
	143	+ {
	144	+ $map = $this->_getKeyIdMap();
	145	+ if (!isset($map[$id])) {
	146	+ return array();
	147	+ }
	148	+ return $map[$id];
	149	+ }
150	150
151		- /**
152		- * Get all certificates in a bundle.
153		- *
154		- * @return Certificate[]
155		- */
156		- public function all(): array
157		- {
158		- return $this->_certs;
159		- }
	151	+ /**
	152	+ * Get all certificates in a bundle.
	153	+ *
	154	+ * @return Certificate[]
	155	+ */
	156	+ public function all(): array
	157	+ {
	158	+ return $this->_certs;
	159	+ }
160	160
161		- /**
162		- * Get certificate mapping by public key id.
163		- *
164		- * @return (Certificate[])[]
165		- */
166		- private function _getKeyIdMap(): array
167		- {
168		- // lazily build mapping
169		- if (!isset($this->_keyIdMap)) {
170		- $this->_keyIdMap = array();
171		- foreach ($this->_certs as $cert) {
172		- $id = self::_getCertKeyId($cert);
173		- if (!isset($this->_keyIdMap[$id])) {
174		- $this->_keyIdMap[$id] = array();
175		- }
176		- array_push($this->_keyIdMap[$id], $cert);
177		- }
178		- }
179		- return $this->_keyIdMap;
180		- }
	161	+ /**
	162	+ * Get certificate mapping by public key id.
	163	+ *
	164	+ * @return (Certificate[])[]
	165	+ */
	166	+ private function _getKeyIdMap(): array
	167	+ {
	168	+ // lazily build mapping
	169	+ if (!isset($this->_keyIdMap)) {
	170	+ $this->_keyIdMap = array();
	171	+ foreach ($this->_certs as $cert) {
	172	+ $id = self::_getCertKeyId($cert);
	173	+ if (!isset($this->_keyIdMap[$id])) {
	174	+ $this->_keyIdMap[$id] = array();
	175	+ }
	176	+ array_push($this->_keyIdMap[$id], $cert);
	177	+ }
	178	+ }
	179	+ return $this->_keyIdMap;
	180	+ }
181	181
182		- /**
183		- * Get public key id for the certificate.
184		- *
185		- * @param Certificate $cert
186		- * @return string
187		- */
188		- private static function _getCertKeyId(Certificate $cert): string
189		- {
190		- $exts = $cert->tbsCertificate()->extensions();
191		- if ($exts->hasSubjectKeyIdentifier()) {
192		- return $exts->subjectKeyIdentifier()->keyIdentifier();
193		- }
194		- return $cert->tbsCertificate()
195		- ->subjectPublicKeyInfo()
196		- ->keyIdentifier();
197		- }
	182	+ /**
	183	+ * Get public key id for the certificate.
	184	+ *
	185	+ * @param Certificate $cert
	186	+ * @return string
	187	+ */
	188	+ private static function _getCertKeyId(Certificate $cert): string
	189	+ {
	190	+ $exts = $cert->tbsCertificate()->extensions();
	191	+ if ($exts->hasSubjectKeyIdentifier()) {
	192	+ return $exts->subjectKeyIdentifier()->keyIdentifier();
	193	+ }
	194	+ return $cert->tbsCertificate()
	195	+ ->subjectPublicKeyInfo()
	196	+ ->keyIdentifier();
	197	+ }
198	198
199		- /**
200		- *
201		- * @see \Countable::count()
202		- * @return int
203		- */
204		- public function count(): int
205		- {
206		- return count($this->_certs);
207		- }
	199	+ /**
	200	+ *
	201	+ * @see \Countable::count()
	202	+ * @return int
	203	+ */
	204	+ public function count(): int
	205	+ {
	206	+ return count($this->_certs);
	207	+ }
208	208
209		- /**
210		- * Get iterator for certificates.
211		- *
212		- * @see \IteratorAggregate::getIterator()
213		- * @return \ArrayIterator
214		- */
215		- public function getIterator(): \ArrayIterator
216		- {
217		- return new \ArrayIterator($this->_certs);
218		- }
	209	+ /**
	210	+ * Get iterator for certificates.
	211	+ *
	212	+ * @see \IteratorAggregate::getIterator()
	213	+ * @return \ArrayIterator
	214	+ */
	215	+ public function getIterator(): \ArrayIterator
	216	+ {
	217	+ return new \ArrayIterator($this->_certs);
	218	+ }
219	219	}

		@@ -17,104 +17,104 @@
		block discarded – undo
17	17	*/
18	18	class Time
19	19	{
20		- use DateTimeHelper;
	20	+ use DateTimeHelper;
21	21
22		- /**
23		- * Datetime.
24		- *
25		- * @var \DateTimeImmutable $_dt
26		- */
27		- protected $_dt;
	22	+ /**
	23	+ * Datetime.
	24	+ *
	25	+ * @var \DateTimeImmutable $_dt
	26	+ */
	27	+ protected $_dt;
28	28
29		- /**
30		- * Time ASN.1 type tag.
31		- *
32		- * @var int $_type
33		- */
34		- protected $_type;
	29	+ /**
	30	+ * Time ASN.1 type tag.
	31	+ *
	32	+ * @var int $_type
	33	+ */
	34	+ protected $_type;
35	35
36		- /**
37		- * Constructor.
38		- *
39		- * @param \DateTimeImmutable $dt
40		- */
41		- public function __construct(\DateTimeImmutable $dt)
42		- {
43		- $this->_dt = $dt;
44		- $this->_type = self::_determineType($dt);
45		- }
	36	+ /**
	37	+ * Constructor.
	38	+ *
	39	+ * @param \DateTimeImmutable $dt
	40	+ */
	41	+ public function __construct(\DateTimeImmutable $dt)
	42	+ {
	43	+ $this->_dt = $dt;
	44	+ $this->_type = self::_determineType($dt);
	45	+ }
46	46
47		- /**
48		- * Initialize from ASN.1.
49		- *
50		- * @param TimeType $el
51		- * @return self
52		- */
53		- public static function fromASN1(TimeType $el): self
54		- {
55		- $obj = new self($el->dateTime());
56		- $obj->_type = $el->tag();
57		- return $obj;
58		- }
	47	+ /**
	48	+ * Initialize from ASN.1.
	49	+ *
	50	+ * @param TimeType $el
	51	+ * @return self
	52	+ */
	53	+ public static function fromASN1(TimeType $el): self
	54	+ {
	55	+ $obj = new self($el->dateTime());
	56	+ $obj->_type = $el->tag();
	57	+ return $obj;
	58	+ }
59	59
60		- /**
61		- * Initialize from date string.
62		- *
63		- * @param string\|null $time
64		- * @param string\|null $tz
65		- * @return self
66		- */
67		- public static function fromString($time, $tz = null): self
68		- {
69		- return new self(self::_createDateTime($time, $tz));
70		- }
	60	+ /**
	61	+ * Initialize from date string.
	62	+ *
	63	+ * @param string\|null $time
	64	+ * @param string\|null $tz
	65	+ * @return self
	66	+ */
	67	+ public static function fromString($time, $tz = null): self
	68	+ {
	69	+ return new self(self::_createDateTime($time, $tz));
	70	+ }
71	71
72		- /**
73		- * Get datetime.
74		- *
75		- * @return \DateTimeImmutable
76		- */
77		- public function dateTime(): \DateTimeImmutable
78		- {
79		- return $this->_dt;
80		- }
	72	+ /**
	73	+ * Get datetime.
	74	+ *
	75	+ * @return \DateTimeImmutable
	76	+ */
	77	+ public function dateTime(): \DateTimeImmutable
	78	+ {
	79	+ return $this->_dt;
	80	+ }
81	81
82		- /**
83		- * Generate ASN.1.
84		- *
85		- * @throws \UnexpectedValueException
86		- * @return TimeType
87		- */
88		- public function toASN1(): TimeType
89		- {
90		- $dt = $this->_dt;
91		- switch ($this->_type) {
92		- case Element::TYPE_UTC_TIME:
93		- return new UTCTime($dt);
94		- case Element::TYPE_GENERALIZED_TIME:
95		- // GeneralizedTime must not contain fractional seconds
96		- // (rfc5280 4.1.2.5.2)
97		- if ($dt->format("u") != 0) {
98		- // remove fractional seconds (round down)
99		- $dt = self::_roundDownFractionalSeconds($dt);
100		- }
101		- return new GeneralizedTime($dt);
102		- }
103		- throw new \UnexpectedValueException(
104		- "Time type " . Element::tagToName($this->_type) . " not supported.");
105		- }
	82	+ /**
	83	+ * Generate ASN.1.
	84	+ *
	85	+ * @throws \UnexpectedValueException
	86	+ * @return TimeType
	87	+ */
	88	+ public function toASN1(): TimeType
	89	+ {
	90	+ $dt = $this->_dt;
	91	+ switch ($this->_type) {
	92	+ case Element::TYPE_UTC_TIME:
	93	+ return new UTCTime($dt);
	94	+ case Element::TYPE_GENERALIZED_TIME:
	95	+ // GeneralizedTime must not contain fractional seconds
	96	+ // (rfc5280 4.1.2.5.2)
	97	+ if ($dt->format("u") != 0) {
	98	+ // remove fractional seconds (round down)
	99	+ $dt = self::_roundDownFractionalSeconds($dt);
	100	+ }
	101	+ return new GeneralizedTime($dt);
	102	+ }
	103	+ throw new \UnexpectedValueException(
	104	+ "Time type " . Element::tagToName($this->_type) . " not supported.");
	105	+ }
106	106
107		- /**
108		- * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
109		- *
110		- * @param \DateTimeImmutable $dt
111		- * @return int Type tag
112		- */
113		- protected static function _determineType(\DateTimeImmutable $dt): int
114		- {
115		- if ($dt->format("Y") >= 2050) {
116		- return Element::TYPE_GENERALIZED_TIME;
117		- }
118		- return Element::TYPE_UTC_TIME;
119		- }
	107	+ /**
	108	+ * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
	109	+ *
	110	+ * @param \DateTimeImmutable $dt
	111	+ * @return int Type tag
	112	+ */
	113	+ protected static function _determineType(\DateTimeImmutable $dt): int
	114	+ {
	115	+ if ($dt->format("Y") >= 2050) {
	116	+ return Element::TYPE_GENERALIZED_TIME;
	117	+ }
	118	+ return Element::TYPE_UTC_TIME;
	119	+ }
120	120	}

		@@ -19,235 +19,235 @@
		block discarded – undo
19	19	*/
20	20	class Certificate
21	21	{
22		- /**
23		- * "To be signed" certificate information.
24		- *
25		- * @var TBSCertificate $_tbsCertificate
26		- */
27		- protected $_tbsCertificate;
28		-
29		- /**
30		- * Signature algorithm.
31		- *
32		- * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
33		- */
34		- protected $_signatureAlgorithm;
35		-
36		- /**
37		- * Signature value.
38		- *
39		- * @var Signature $_signatureValue
40		- */
41		- protected $_signatureValue;
42		-
43		- /**
44		- * Constructor.
45		- *
46		- * @param TBSCertificate $tbsCert
47		- * @param SignatureAlgorithmIdentifier $algo
48		- * @param Signature $signature
49		- */
50		- public function __construct(TBSCertificate $tbsCert,
51		- SignatureAlgorithmIdentifier $algo, Signature $signature)
52		- {
53		- $this->_tbsCertificate = $tbsCert;
54		- $this->_signatureAlgorithm = $algo;
55		- $this->_signatureValue = $signature;
56		- }
57		-
58		- /**
59		- * Initialize from ASN.1.
60		- *
61		- * @param Sequence $seq
62		- * @return self
63		- */
64		- public static function fromASN1(Sequence $seq): self
65		- {
66		- $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
67		- $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
68		- if (!$algo instanceof SignatureAlgorithmIdentifier) {
69		- throw new \UnexpectedValueException(
70		- "Unsupported signature algorithm " . $algo->oid() . ".");
71		- }
72		- $signature = Signature::fromSignatureData(
73		- $seq->at(2)
74		- ->asBitString()
75		- ->string(), $algo);
76		- return new self($tbsCert, $algo, $signature);
77		- }
78		-
79		- /**
80		- * Initialize from DER.
81		- *
82		- * @param string $data
83		- * @return self
84		- */
85		- public static function fromDER(string $data): self
86		- {
87		- return self::fromASN1(Sequence::fromDER($data));
88		- }
89		-
90		- /**
91		- * Initialize from PEM.
92		- *
93		- * @param PEM $pem
94		- * @throws \UnexpectedValueException
95		- * @return self
96		- */
97		- public static function fromPEM(PEM $pem): self
98		- {
99		- if ($pem->type() != PEM::TYPE_CERTIFICATE) {
100		- throw new \UnexpectedValueException("Invalid PEM type.");
101		- }
102		- return self::fromDER($pem->data());
103		- }
104		-
105		- /**
106		- * Get certificate information.
107		- *
108		- * @return TBSCertificate
109		- */
110		- public function tbsCertificate(): TBSCertificate
111		- {
112		- return $this->_tbsCertificate;
113		- }
114		-
115		- /**
116		- * Get signature algorithm.
117		- *
118		- * @return SignatureAlgorithmIdentifier
119		- */
120		- public function signatureAlgorithm(): SignatureAlgorithmIdentifier
121		- {
122		- return $this->_signatureAlgorithm;
123		- }
124		-
125		- /**
126		- * Get signature value.
127		- *
128		- * @return Signature
129		- */
130		- public function signatureValue(): Signature
131		- {
132		- return $this->_signatureValue;
133		- }
134		-
135		- /**
136		- * Check whether certificate is self-issued.
137		- *
138		- * @return bool
139		- */
140		- public function isSelfIssued(): bool
141		- {
142		- return $this->_tbsCertificate->subject()->equals(
143		- $this->_tbsCertificate->issuer());
144		- }
145		-
146		- /**
147		- * Check whether certificate is semantically equal to another.
148		- *
149		- * @param Certificate $cert Certificate to compare to
150		- * @return bool
151		- */
152		- public function equals(Certificate $cert): bool
153		- {
154		- return $this->_hasEqualSerialNumber($cert) &&
155		- $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
156		- }
157		-
158		- /**
159		- * Check whether certificate has serial number equal to another.
160		- *
161		- * @param Certificate $cert
162		- * @return bool
163		- */
164		- private function _hasEqualSerialNumber(Certificate $cert): bool
165		- {
166		- $sn1 = $this->_tbsCertificate->serialNumber();
167		- $sn2 = $cert->_tbsCertificate->serialNumber();
168		- return $sn1 == $sn2;
169		- }
170		-
171		- /**
172		- * Check whether certificate has public key equal to another.
173		- *
174		- * @param Certificate $cert
175		- * @return bool
176		- */
177		- private function _hasEqualPublicKey(Certificate $cert): bool
178		- {
179		- $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
180		- $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
181		- return $kid1 == $kid2;
182		- }
183		-
184		- /**
185		- * Check whether certificate has subject equal to another.
186		- *
187		- * @param Certificate $cert
188		- * @return bool
189		- */
190		- private function _hasEqualSubject(Certificate $cert): bool
191		- {
192		- $dn1 = $this->_tbsCertificate->subject();
193		- $dn2 = $cert->_tbsCertificate->subject();
194		- return $dn1->equals($dn2);
195		- }
196		-
197		- /**
198		- * Generate ASN.1 structure.
199		- *
200		- * @return Sequence
201		- */
202		- public function toASN1(): Sequence
203		- {
204		- return new Sequence($this->_tbsCertificate->toASN1(),
205		- $this->_signatureAlgorithm->toASN1(),
206		- $this->_signatureValue->bitString());
207		- }
208		-
209		- /**
210		- * Get certificate as a DER.
211		- *
212		- * @return string
213		- */
214		- public function toDER(): string
215		- {
216		- return $this->toASN1()->toDER();
217		- }
218		-
219		- /**
220		- * Get certificate as a PEM.
221		- *
222		- * @return PEM
223		- */
224		- public function toPEM(): PEM
225		- {
226		- return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
227		- }
228		-
229		- /**
230		- * Verify certificate signature.
231		- *
232		- * @param PublicKeyInfo $pubkey_info Issuer's public key
233		- * @param Crypto\|null $crypto Crypto engine, use default if not set
234		- * @return bool True if certificate signature is valid
235		- */
236		- public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
237		- {
238		- $crypto = $crypto ?: Crypto::getDefault();
239		- $data = $this->_tbsCertificate->toASN1()->toDER();
240		- return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
241		- $this->_signatureAlgorithm);
242		- }
243		-
244		- /**
245		- * Get certificate as a PEM formatted string.
246		- *
247		- * @return string
248		- */
249		- public function __toString()
250		- {
251		- return $this->toPEM()->string();
252		- }
	22	+ /**
	23	+ * "To be signed" certificate information.
	24	+ *
	25	+ * @var TBSCertificate $_tbsCertificate
	26	+ */
	27	+ protected $_tbsCertificate;
	28	+
	29	+ /**
	30	+ * Signature algorithm.
	31	+ *
	32	+ * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
	33	+ */
	34	+ protected $_signatureAlgorithm;
	35	+
	36	+ /**
	37	+ * Signature value.
	38	+ *
	39	+ * @var Signature $_signatureValue
	40	+ */
	41	+ protected $_signatureValue;
	42	+
	43	+ /**
	44	+ * Constructor.
	45	+ *
	46	+ * @param TBSCertificate $tbsCert
	47	+ * @param SignatureAlgorithmIdentifier $algo
	48	+ * @param Signature $signature
	49	+ */
	50	+ public function __construct(TBSCertificate $tbsCert,
	51	+ SignatureAlgorithmIdentifier $algo, Signature $signature)
	52	+ {
	53	+ $this->_tbsCertificate = $tbsCert;
	54	+ $this->_signatureAlgorithm = $algo;
	55	+ $this->_signatureValue = $signature;
	56	+ }
	57	+
	58	+ /**
	59	+ * Initialize from ASN.1.
	60	+ *
	61	+ * @param Sequence $seq
	62	+ * @return self
	63	+ */
	64	+ public static function fromASN1(Sequence $seq): self
	65	+ {
	66	+ $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
	67	+ $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
	68	+ if (!$algo instanceof SignatureAlgorithmIdentifier) {
	69	+ throw new \UnexpectedValueException(
	70	+ "Unsupported signature algorithm " . $algo->oid() . ".");
	71	+ }
	72	+ $signature = Signature::fromSignatureData(
	73	+ $seq->at(2)
	74	+ ->asBitString()
	75	+ ->string(), $algo);
	76	+ return new self($tbsCert, $algo, $signature);
	77	+ }
	78	+
	79	+ /**
	80	+ * Initialize from DER.
	81	+ *
	82	+ * @param string $data
	83	+ * @return self
	84	+ */
	85	+ public static function fromDER(string $data): self
	86	+ {
	87	+ return self::fromASN1(Sequence::fromDER($data));
	88	+ }
	89	+
	90	+ /**
	91	+ * Initialize from PEM.
	92	+ *
	93	+ * @param PEM $pem
	94	+ * @throws \UnexpectedValueException
	95	+ * @return self
	96	+ */
	97	+ public static function fromPEM(PEM $pem): self
	98	+ {
	99	+ if ($pem->type() != PEM::TYPE_CERTIFICATE) {
	100	+ throw new \UnexpectedValueException("Invalid PEM type.");
	101	+ }
	102	+ return self::fromDER($pem->data());
	103	+ }
	104	+
	105	+ /**
	106	+ * Get certificate information.
	107	+ *
	108	+ * @return TBSCertificate
	109	+ */
	110	+ public function tbsCertificate(): TBSCertificate
	111	+ {
	112	+ return $this->_tbsCertificate;
	113	+ }
	114	+
	115	+ /**
	116	+ * Get signature algorithm.
	117	+ *
	118	+ * @return SignatureAlgorithmIdentifier
	119	+ */
	120	+ public function signatureAlgorithm(): SignatureAlgorithmIdentifier
	121	+ {
	122	+ return $this->_signatureAlgorithm;
	123	+ }
	124	+
	125	+ /**
	126	+ * Get signature value.
	127	+ *
	128	+ * @return Signature
	129	+ */
	130	+ public function signatureValue(): Signature
	131	+ {
	132	+ return $this->_signatureValue;
	133	+ }
	134	+
	135	+ /**
	136	+ * Check whether certificate is self-issued.
	137	+ *
	138	+ * @return bool
	139	+ */
	140	+ public function isSelfIssued(): bool
	141	+ {
	142	+ return $this->_tbsCertificate->subject()->equals(
	143	+ $this->_tbsCertificate->issuer());
	144	+ }
	145	+
	146	+ /**
	147	+ * Check whether certificate is semantically equal to another.
	148	+ *
	149	+ * @param Certificate $cert Certificate to compare to
	150	+ * @return bool
	151	+ */
	152	+ public function equals(Certificate $cert): bool
	153	+ {
	154	+ return $this->_hasEqualSerialNumber($cert) &&
	155	+ $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
	156	+ }
	157	+
	158	+ /**
	159	+ * Check whether certificate has serial number equal to another.
	160	+ *
	161	+ * @param Certificate $cert
	162	+ * @return bool
	163	+ */
	164	+ private function _hasEqualSerialNumber(Certificate $cert): bool
	165	+ {
	166	+ $sn1 = $this->_tbsCertificate->serialNumber();
	167	+ $sn2 = $cert->_tbsCertificate->serialNumber();
	168	+ return $sn1 == $sn2;
	169	+ }
	170	+
	171	+ /**
	172	+ * Check whether certificate has public key equal to another.
	173	+ *
	174	+ * @param Certificate $cert
	175	+ * @return bool
	176	+ */
	177	+ private function _hasEqualPublicKey(Certificate $cert): bool
	178	+ {
	179	+ $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
	180	+ $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
	181	+ return $kid1 == $kid2;
	182	+ }
	183	+
	184	+ /**
	185	+ * Check whether certificate has subject equal to another.
	186	+ *
	187	+ * @param Certificate $cert
	188	+ * @return bool
	189	+ */
	190	+ private function _hasEqualSubject(Certificate $cert): bool
	191	+ {
	192	+ $dn1 = $this->_tbsCertificate->subject();
	193	+ $dn2 = $cert->_tbsCertificate->subject();
	194	+ return $dn1->equals($dn2);
	195	+ }
	196	+
	197	+ /**
	198	+ * Generate ASN.1 structure.
	199	+ *
	200	+ * @return Sequence
	201	+ */
	202	+ public function toASN1(): Sequence
	203	+ {
	204	+ return new Sequence($this->_tbsCertificate->toASN1(),
	205	+ $this->_signatureAlgorithm->toASN1(),
	206	+ $this->_signatureValue->bitString());
	207	+ }
	208	+
	209	+ /**
	210	+ * Get certificate as a DER.
	211	+ *
	212	+ * @return string
	213	+ */
	214	+ public function toDER(): string
	215	+ {
	216	+ return $this->toASN1()->toDER();
	217	+ }
	218	+
	219	+ /**
	220	+ * Get certificate as a PEM.
	221	+ *
	222	+ * @return PEM
	223	+ */
	224	+ public function toPEM(): PEM
	225	+ {
	226	+ return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
	227	+ }
	228	+
	229	+ /**
	230	+ * Verify certificate signature.
	231	+ *
	232	+ * @param PublicKeyInfo $pubkey_info Issuer's public key
	233	+ * @param Crypto\|null $crypto Crypto engine, use default if not set
	234	+ * @return bool True if certificate signature is valid
	235	+ */
	236	+ public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
	237	+ {
	238	+ $crypto = $crypto ?: Crypto::getDefault();
	239	+ $data = $this->_tbsCertificate->toASN1()->toDER();
	240	+ return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
	241	+ $this->_signatureAlgorithm);
	242	+ }
	243	+
	244	+ /**
	245	+ * Get certificate as a PEM formatted string.
	246	+ *
	247	+ * @return string
	248	+ */
	249	+ public function __toString()
	250	+ {
	251	+ return $this->toPEM()->string();
	252	+ }
253	253	}

		@@ -15,170 +15,170 @@
		block discarded – undo
15	15	* @link https://tools.ietf.org/html/rfc5280#section-4.2.1.5
16	16	*/
17	17	class PolicyMappingsExtension extends Extension implements
18		- \Countable,
19		- \IteratorAggregate
	18	+ \Countable,
	19	+ \IteratorAggregate
20	20	{
21		- /**
22		- * Policy mappings.
23		- *
24		- * @var PolicyMapping[] $_mappings
25		- */
26		- protected $_mappings;
	21	+ /**
	22	+ * Policy mappings.
	23	+ *
	24	+ * @var PolicyMapping[] $_mappings
	25	+ */
	26	+ protected $_mappings;
27	27
28		- /**
29		- * Constructor.
30		- *
31		- * @param bool $critical
32		- * @param PolicyMapping[] $mappings One or more PolicyMapping objects
33		- */
34		- public function __construct(bool $critical, PolicyMapping ...$mappings)
35		- {
36		- parent::__construct(self::OID_POLICY_MAPPINGS, $critical);
37		- $this->_mappings = $mappings;
38		- }
	28	+ /**
	29	+ * Constructor.
	30	+ *
	31	+ * @param bool $critical
	32	+ * @param PolicyMapping[] $mappings One or more PolicyMapping objects
	33	+ */
	34	+ public function __construct(bool $critical, PolicyMapping ...$mappings)
	35	+ {
	36	+ parent::__construct(self::OID_POLICY_MAPPINGS, $critical);
	37	+ $this->_mappings = $mappings;
	38	+ }
39	39
40		- /**
41		- *
42		- * {@inheritdoc}
43		- * @return self
44		- */
45		- protected static function _fromDER(string $data, bool $critical): self
46		- {
47		- $mappings = array_map(
48		- function (UnspecifiedType $el) {
49		- return PolicyMapping::fromASN1($el->asSequence());
50		- }, Sequence::fromDER($data)->elements());
51		- if (!count($mappings)) {
52		- throw new \UnexpectedValueException(
53		- "PolicyMappings must have at least one mapping.");
54		- }
55		- return new self($critical, ...$mappings);
56		- }
	40	+ /**
	41	+ *
	42	+ * {@inheritdoc}
	43	+ * @return self
	44	+ */
	45	+ protected static function _fromDER(string $data, bool $critical): self
	46	+ {
	47	+ $mappings = array_map(
	48	+ function (UnspecifiedType $el) {
	49	+ return PolicyMapping::fromASN1($el->asSequence());
	50	+ }, Sequence::fromDER($data)->elements());
	51	+ if (!count($mappings)) {
	52	+ throw new \UnexpectedValueException(
	53	+ "PolicyMappings must have at least one mapping.");
	54	+ }
	55	+ return new self($critical, ...$mappings);
	56	+ }
57	57
58		- /**
59		- *
60		- * {@inheritdoc}
61		- * @return Sequence
62		- */
63		- protected function _valueASN1(): Sequence
64		- {
65		- if (!count($this->_mappings)) {
66		- throw new \LogicException("No mappings.");
67		- }
68		- $elements = array_map(
69		- function (PolicyMapping $mapping) {
70		- return $mapping->toASN1();
71		- }, $this->_mappings);
72		- return new Sequence(...$elements);
73		- }
	58	+ /**
	59	+ *
	60	+ * {@inheritdoc}
	61	+ * @return Sequence
	62	+ */
	63	+ protected function _valueASN1(): Sequence
	64	+ {
	65	+ if (!count($this->_mappings)) {
	66	+ throw new \LogicException("No mappings.");
	67	+ }
	68	+ $elements = array_map(
	69	+ function (PolicyMapping $mapping) {
	70	+ return $mapping->toASN1();
	71	+ }, $this->_mappings);
	72	+ return new Sequence(...$elements);
	73	+ }
74	74
75		- /**
76		- * Get all mappings.
77		- *
78		- * @return PolicyMapping[]
79		- */
80		- public function mappings(): array
81		- {
82		- return $this->_mappings;
83		- }
	75	+ /**
	76	+ * Get all mappings.
	77	+ *
	78	+ * @return PolicyMapping[]
	79	+ */
	80	+ public function mappings(): array
	81	+ {
	82	+ return $this->_mappings;
	83	+ }
84	84
85		- /**
86		- * Get mappings flattened into a single array of arrays of subject domains
87		- * keyed by issuer domain.
88		- *
89		- * Eg. if policy mappings contains multiple mappings with the same issuer
90		- * domain policy, their corresponding subject domain policies are placed
91		- * under the same key.
92		- *
93		- * @return (string[])[]
94		- */
95		- public function flattenedMappings(): array
96		- {
97		- $mappings = array();
98		- foreach ($this->_mappings as $mapping) {
99		- $idp = $mapping->issuerDomainPolicy();
100		- if (!isset($mappings[$idp])) {
101		- $mappings[$idp] = array();
102		- }
103		- array_push($mappings[$idp], $mapping->subjectDomainPolicy());
104		- }
105		- return $mappings;
106		- }
	85	+ /**
	86	+ * Get mappings flattened into a single array of arrays of subject domains
	87	+ * keyed by issuer domain.
	88	+ *
	89	+ * Eg. if policy mappings contains multiple mappings with the same issuer
	90	+ * domain policy, their corresponding subject domain policies are placed
	91	+ * under the same key.
	92	+ *
	93	+ * @return (string[])[]
	94	+ */
	95	+ public function flattenedMappings(): array
	96	+ {
	97	+ $mappings = array();
	98	+ foreach ($this->_mappings as $mapping) {
	99	+ $idp = $mapping->issuerDomainPolicy();
	100	+ if (!isset($mappings[$idp])) {
	101	+ $mappings[$idp] = array();
	102	+ }
	103	+ array_push($mappings[$idp], $mapping->subjectDomainPolicy());
	104	+ }
	105	+ return $mappings;
	106	+ }
107	107
108		- /**
109		- * Get all subject domain policy OIDs that are mapped to given issuer
110		- * domain policy OID.
111		- *
112		- * @param string $oid Issuer domain policy
113		- * @return string[] List of OIDs in dotted format
114		- */
115		- public function issuerMappings(string $oid): array
116		- {
117		- $oids = array();
118		- foreach ($this->_mappings as $mapping) {
119		- if ($mapping->issuerDomainPolicy() == $oid) {
120		- $oids[] = $mapping->subjectDomainPolicy();
121		- }
122		- }
123		- return $oids;
124		- }
	108	+ /**
	109	+ * Get all subject domain policy OIDs that are mapped to given issuer
	110	+ * domain policy OID.
	111	+ *
	112	+ * @param string $oid Issuer domain policy
	113	+ * @return string[] List of OIDs in dotted format
	114	+ */
	115	+ public function issuerMappings(string $oid): array
	116	+ {
	117	+ $oids = array();
	118	+ foreach ($this->_mappings as $mapping) {
	119	+ if ($mapping->issuerDomainPolicy() == $oid) {
	120	+ $oids[] = $mapping->subjectDomainPolicy();
	121	+ }
	122	+ }
	123	+ return $oids;
	124	+ }
125	125
126		- /**
127		- * Get all mapped issuer domain policy OIDs.
128		- *
129		- * @return string[]
130		- */
131		- public function issuerDomainPolicies(): array
132		- {
133		- $idps = array_map(
134		- function (PolicyMapping $mapping) {
135		- return $mapping->issuerDomainPolicy();
136		- }, $this->_mappings);
137		- return array_values(array_unique($idps));
138		- }
	126	+ /**
	127	+ * Get all mapped issuer domain policy OIDs.
	128	+ *
	129	+ * @return string[]
	130	+ */
	131	+ public function issuerDomainPolicies(): array
	132	+ {
	133	+ $idps = array_map(
	134	+ function (PolicyMapping $mapping) {
	135	+ return $mapping->issuerDomainPolicy();
	136	+ }, $this->_mappings);
	137	+ return array_values(array_unique($idps));
	138	+ }
139	139
140		- /**
141		- * Check whether policy mappings have anyPolicy mapped.
142		- *
143		- * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either
144		- * to or from the special value anyPolicy".
145		- *
146		- * @return bool
147		- */
148		- public function hasAnyPolicyMapping(): bool
149		- {
150		- foreach ($this->_mappings as $mapping) {
151		- if ($mapping->issuerDomainPolicy() ==
152		- PolicyInformation::OID_ANY_POLICY) {
153		- return true;
154		- }
155		- if ($mapping->subjectDomainPolicy() ==
156		- PolicyInformation::OID_ANY_POLICY) {
157		- return true;
158		- }
159		- }
160		- return false;
161		- }
	140	+ /**
	141	+ * Check whether policy mappings have anyPolicy mapped.
	142	+ *
	143	+ * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either
	144	+ * to or from the special value anyPolicy".
	145	+ *
	146	+ * @return bool
	147	+ */
	148	+ public function hasAnyPolicyMapping(): bool
	149	+ {
	150	+ foreach ($this->_mappings as $mapping) {
	151	+ if ($mapping->issuerDomainPolicy() ==
	152	+ PolicyInformation::OID_ANY_POLICY) {
	153	+ return true;
	154	+ }
	155	+ if ($mapping->subjectDomainPolicy() ==
	156	+ PolicyInformation::OID_ANY_POLICY) {
	157	+ return true;
	158	+ }
	159	+ }
	160	+ return false;
	161	+ }
162	162
163		- /**
164		- * Get the number of mappings.
165		- *
166		- * @see \Countable::count()
167		- * @return int
168		- */
169		- public function count(): int
170		- {
171		- return count($this->_mappings);
172		- }
	163	+ /**
	164	+ * Get the number of mappings.
	165	+ *
	166	+ * @see \Countable::count()
	167	+ * @return int
	168	+ */
	169	+ public function count(): int
	170	+ {
	171	+ return count($this->_mappings);
	172	+ }
173	173
174		- /**
175		- * Get iterator for policy mappings.
176		- *
177		- * @see \IteratorAggregate::getIterator()
178		- * @return \ArrayIterator
179		- */
180		- public function getIterator(): \ArrayIterator
181		- {
182		- return new \ArrayIterator($this->_mappings);
183		- }
	174	+ /**
	175	+ * Get iterator for policy mappings.
	176	+ *
	177	+ * @see \IteratorAggregate::getIterator()
	178	+ * @return \ArrayIterator
	179	+ */
	180	+ public function getIterator(): \ArrayIterator
	181	+ {
	182	+ return new \ArrayIterator($this->_mappings);
	183	+ }
184	184	}

sop / x509

GitHub Access Token became invalid

Push — master ( 584877...f7ba31 )

Status

Category

Indentation +62 added lines, -62 removed lines patch added patch discarded remove patch

Indentation +117 added lines, -117 removed lines patch added patch discarded remove patch

Indentation +75 added lines, -75 removed lines patch added patch discarded remove patch

Indentation +189 added lines, -189 removed lines patch added patch discarded remove patch

Indentation +410 added lines, -410 removed lines patch added patch discarded remove patch

Indentation +92 added lines, -92 removed lines patch added patch discarded remove patch

Indentation +231 added lines, -231 removed lines patch added patch discarded remove patch

Indentation +606 added lines, -606 removed lines patch added patch discarded remove patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch