sop / x509

lib/X509/Certificate/Extension/AAControlsExtension.php

Indentation +198 added lines, -198 removed lines

@@ -19,215 +19,215 @@
  */
 class AAControlsExtension extends Extension
 {
-    /**
-     * Path length contraint.
-     *
-     * @var int|null $_pathLenConstraint
-     */
-    protected $_pathLenConstraint;
+	/**
+	 * Path length contraint.
+	 *
+	 * @var int|null $_pathLenConstraint
+	 */
+	protected $_pathLenConstraint;
     
-    /**
-     * Permitted attributes.
-     *
-     * Array of OID's.
-     *
-     * @var string[]|null $_permittedAttrs
-     */
-    protected $_permittedAttrs;
+	/**
+	 * Permitted attributes.
+	 *
+	 * Array of OID's.
+	 *
+	 * @var string[]|null $_permittedAttrs
+	 */
+	protected $_permittedAttrs;
     
-    /**
-     * Excluded attributes.
-     *
-     * Array of OID's.
-     *
-     * @var string[]|null $_excludedAttrs
-     */
-    protected $_excludedAttrs;
+	/**
+	 * Excluded attributes.
+	 *
+	 * Array of OID's.
+	 *
+	 * @var string[]|null $_excludedAttrs
+	 */
+	protected $_excludedAttrs;
     
-    /**
-     * Whether to permit unspecified attributes.
-     *
-     * @var bool $_permitUnSpecified
-     */
-    protected $_permitUnSpecified;
+	/**
+	 * Whether to permit unspecified attributes.
+	 *
+	 * @var bool $_permitUnSpecified
+	 */
+	protected $_permitUnSpecified;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param int|null $path_len
-     * @param string[]|null $permitted
-     * @param string[]|null $excluded
-     * @param bool $permit_unspecified
-     */
-    public function __construct(bool $critical, $path_len = null,
-        array $permitted = null, array $excluded = null, bool $permit_unspecified = true)
-    {
-        parent::__construct(self::OID_AA_CONTROLS, $critical);
-        $this->_pathLenConstraint = $path_len;
-        $this->_permittedAttrs = $permitted;
-        $this->_excludedAttrs = $excluded;
-        $this->_permitUnSpecified = $permit_unspecified;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param int|null $path_len
+	 * @param string[]|null $permitted
+	 * @param string[]|null $excluded
+	 * @param bool $permit_unspecified
+	 */
+	public function __construct(bool $critical, $path_len = null,
+		array $permitted = null, array $excluded = null, bool $permit_unspecified = true)
+	{
+		parent::__construct(self::OID_AA_CONTROLS, $critical);
+		$this->_pathLenConstraint = $path_len;
+		$this->_permittedAttrs = $permitted;
+		$this->_excludedAttrs = $excluded;
+		$this->_permitUnSpecified = $permit_unspecified;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $seq = Sequence::fromDER($data);
-        $path_len = null;
-        $permitted = null;
-        $excluded = null;
-        $permit_unspecified = true;
-        $idx = 0;
-        if ($seq->has($idx, Element::TYPE_INTEGER)) {
-            $path_len = $seq->at($idx++)
-                ->asInteger()
-                ->intNumber();
-        }
-        if ($seq->hasTagged(0)) {
-            $attr_seq = $seq->getTagged(0)
-                ->asImplicit(Element::TYPE_SEQUENCE)
-                ->asSequence();
-            $permitted = array_map(
-                function (UnspecifiedType $el) {
-                    return $el->asObjectIdentifier()->oid();
-                }, $attr_seq->elements());
-            $idx++;
-        }
-        if ($seq->hasTagged(1)) {
-            $attr_seq = $seq->getTagged(1)
-                ->asImplicit(Element::TYPE_SEQUENCE)
-                ->asSequence();
-            $excluded = array_map(
-                function (UnspecifiedType $el) {
-                    return $el->asObjectIdentifier()->oid();
-                }, $attr_seq->elements());
-            $idx++;
-        }
-        if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
-            $permit_unspecified = $seq->at($idx++)
-                ->asBoolean()
-                ->value();
-        }
-        return new self($critical, $path_len, $permitted, $excluded,
-            $permit_unspecified);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$seq = Sequence::fromDER($data);
+		$path_len = null;
+		$permitted = null;
+		$excluded = null;
+		$permit_unspecified = true;
+		$idx = 0;
+		if ($seq->has($idx, Element::TYPE_INTEGER)) {
+			$path_len = $seq->at($idx++)
+				->asInteger()
+				->intNumber();
+		}
+		if ($seq->hasTagged(0)) {
+			$attr_seq = $seq->getTagged(0)
+				->asImplicit(Element::TYPE_SEQUENCE)
+				->asSequence();
+			$permitted = array_map(
+				function (UnspecifiedType $el) {
+					return $el->asObjectIdentifier()->oid();
+				}, $attr_seq->elements());
+			$idx++;
+		}
+		if ($seq->hasTagged(1)) {
+			$attr_seq = $seq->getTagged(1)
+				->asImplicit(Element::TYPE_SEQUENCE)
+				->asSequence();
+			$excluded = array_map(
+				function (UnspecifiedType $el) {
+					return $el->asObjectIdentifier()->oid();
+				}, $attr_seq->elements());
+			$idx++;
+		}
+		if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
+			$permit_unspecified = $seq->at($idx++)
+				->asBoolean()
+				->value();
+		}
+		return new self($critical, $path_len, $permitted, $excluded,
+			$permit_unspecified);
+	}
     
-    /**
-     * Check whether path length constraint is present.
-     *
-     * @return bool
-     */
-    public function hasPathLen(): bool
-    {
-        return isset($this->_pathLenConstraint);
-    }
+	/**
+	 * Check whether path length constraint is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPathLen(): bool
+	{
+		return isset($this->_pathLenConstraint);
+	}
     
-    /**
-     * Get path length constraint.
-     *
-     * @throws \LogicException
-     * @return int
-     */
-    public function pathLen(): int
-    {
-        if (!$this->hasPathLen()) {
-            throw new \LogicException("pathLen not set.");
-        }
-        return $this->_pathLenConstraint;
-    }
+	/**
+	 * Get path length constraint.
+	 *
+	 * @throws \LogicException
+	 * @return int
+	 */
+	public function pathLen(): int
+	{
+		if (!$this->hasPathLen()) {
+			throw new \LogicException("pathLen not set.");
+		}
+		return $this->_pathLenConstraint;
+	}
     
-    /**
-     * Check whether permitted attributes are present.
-     *
-     * @return bool
-     */
-    public function hasPermittedAttrs(): bool
-    {
-        return isset($this->_permittedAttrs);
-    }
+	/**
+	 * Check whether permitted attributes are present.
+	 *
+	 * @return bool
+	 */
+	public function hasPermittedAttrs(): bool
+	{
+		return isset($this->_permittedAttrs);
+	}
     
-    /**
-     * Get OID's of permitted attributes.
-     *
-     * @throws \LogicException
-     * @return string[]
-     */
-    public function permittedAttrs(): array
-    {
-        if (!$this->hasPermittedAttrs()) {
-            throw new \LogicException("permittedAttrs not set.");
-        }
-        return $this->_permittedAttrs;
-    }
+	/**
+	 * Get OID's of permitted attributes.
+	 *
+	 * @throws \LogicException
+	 * @return string[]
+	 */
+	public function permittedAttrs(): array
+	{
+		if (!$this->hasPermittedAttrs()) {
+			throw new \LogicException("permittedAttrs not set.");
+		}
+		return $this->_permittedAttrs;
+	}
     
-    /**
-     * Check whether excluded attributes are present.
-     *
-     * @return bool
-     */
-    public function hasExcludedAttrs(): bool
-    {
-        return isset($this->_excludedAttrs);
-    }
+	/**
+	 * Check whether excluded attributes are present.
+	 *
+	 * @return bool
+	 */
+	public function hasExcludedAttrs(): bool
+	{
+		return isset($this->_excludedAttrs);
+	}
     
-    /**
-     * Get OID's of excluded attributes.
-     *
-     * @throws \LogicException
-     * @return string[]
-     */
-    public function excludedAttrs(): array
-    {
-        if (!$this->hasExcludedAttrs()) {
-            throw new \LogicException("excludedAttrs not set.");
-        }
-        return $this->_excludedAttrs;
-    }
+	/**
+	 * Get OID's of excluded attributes.
+	 *
+	 * @throws \LogicException
+	 * @return string[]
+	 */
+	public function excludedAttrs(): array
+	{
+		if (!$this->hasExcludedAttrs()) {
+			throw new \LogicException("excludedAttrs not set.");
+		}
+		return $this->_excludedAttrs;
+	}
     
-    /**
-     * Whether to permit attributes that are not explicitly specified in
-     * neither permitted nor excluded list.
-     *
-     * @return bool
-     */
-    public function permitUnspecified(): bool
-    {
-        return $this->_permitUnSpecified;
-    }
+	/**
+	 * Whether to permit attributes that are not explicitly specified in
+	 * neither permitted nor excluded list.
+	 *
+	 * @return bool
+	 */
+	public function permitUnspecified(): bool
+	{
+		return $this->_permitUnSpecified;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array();
-        if (isset($this->_pathLenConstraint)) {
-            $elements[] = new Integer($this->_pathLenConstraint);
-        }
-        if (isset($this->_permittedAttrs)) {
-            $oids = array_map(
-                function ($oid) {
-                    return new ObjectIdentifier($oid);
-                }, $this->_permittedAttrs);
-            $elements[] = new ImplicitlyTaggedType(0, new Sequence(...$oids));
-        }
-        if (isset($this->_excludedAttrs)) {
-            $oids = array_map(
-                function ($oid) {
-                    return new ObjectIdentifier($oid);
-                }, $this->_excludedAttrs);
-            $elements[] = new ImplicitlyTaggedType(1, new Sequence(...$oids));
-        }
-        if ($this->_permitUnSpecified !== true) {
-            $elements[] = new Boolean(false);
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array();
+		if (isset($this->_pathLenConstraint)) {
+			$elements[] = new Integer($this->_pathLenConstraint);
+		}
+		if (isset($this->_permittedAttrs)) {
+			$oids = array_map(
+				function ($oid) {
+					return new ObjectIdentifier($oid);
+				}, $this->_permittedAttrs);
+			$elements[] = new ImplicitlyTaggedType(0, new Sequence(...$oids));
+		}
+		if (isset($this->_excludedAttrs)) {
+			$oids = array_map(
+				function ($oid) {
+					return new ObjectIdentifier($oid);
+				}, $this->_excludedAttrs);
+			$elements[] = new ImplicitlyTaggedType(1, new Sequence(...$oids));
+		}
+		if ($this->_permitUnSpecified !== true) {
+			$elements[] = new Boolean(false);
+		}
+		return new Sequence(...$elements);
+	}
 }

lib/X509/Certificate/Extension/NameConstraintsExtension.php

Indentation +110 added lines, -110 removed lines

@@ -16,122 +16,122 @@
  */
 class NameConstraintsExtension extends Extension
 {
-    /**
-     * Permitted subtrees.
-     *
-     * @var GeneralSubtrees|null $_permitted
-     */
-    protected $_permitted;
+	/**
+	 * Permitted subtrees.
+	 *
+	 * @var GeneralSubtrees|null $_permitted
+	 */
+	protected $_permitted;
     
-    /**
-     * Excluded subtrees.
-     *
-     * @var GeneralSubtrees|null $_excluded
-     */
-    protected $_excluded;
+	/**
+	 * Excluded subtrees.
+	 *
+	 * @var GeneralSubtrees|null $_excluded
+	 */
+	protected $_excluded;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param GeneralSubtrees $permitted
-     * @param GeneralSubtrees $excluded
-     */
-    public function __construct(bool $critical, GeneralSubtrees $permitted = null,
-        GeneralSubtrees $excluded = null)
-    {
-        parent::__construct(self::OID_NAME_CONSTRAINTS, $critical);
-        $this->_permitted = $permitted;
-        $this->_excluded = $excluded;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param GeneralSubtrees $permitted
+	 * @param GeneralSubtrees $excluded
+	 */
+	public function __construct(bool $critical, GeneralSubtrees $permitted = null,
+		GeneralSubtrees $excluded = null)
+	{
+		parent::__construct(self::OID_NAME_CONSTRAINTS, $critical);
+		$this->_permitted = $permitted;
+		$this->_excluded = $excluded;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $seq = Sequence::fromDER($data);
-        $permitted = null;
-        $excluded = null;
-        if ($seq->hasTagged(0)) {
-            $permitted = GeneralSubtrees::fromASN1(
-                $seq->getTagged(0)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-        }
-        if ($seq->hasTagged(1)) {
-            $excluded = GeneralSubtrees::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-        }
-        return new self($critical, $permitted, $excluded);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$seq = Sequence::fromDER($data);
+		$permitted = null;
+		$excluded = null;
+		if ($seq->hasTagged(0)) {
+			$permitted = GeneralSubtrees::fromASN1(
+				$seq->getTagged(0)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+		}
+		if ($seq->hasTagged(1)) {
+			$excluded = GeneralSubtrees::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+		}
+		return new self($critical, $permitted, $excluded);
+	}
     
-    /**
-     * Whether permitted subtrees are present.
-     *
-     * @return bool
-     */
-    public function hasPermittedSubtrees(): bool
-    {
-        return isset($this->_permitted);
-    }
+	/**
+	 * Whether permitted subtrees are present.
+	 *
+	 * @return bool
+	 */
+	public function hasPermittedSubtrees(): bool
+	{
+		return isset($this->_permitted);
+	}
     
-    /**
-     * Get permitted subtrees.
-     *
-     * @throws \LogicException
-     * @return GeneralSubtrees
-     */
-    public function permittedSubtrees(): GeneralSubtrees
-    {
-        if (!$this->hasPermittedSubtrees()) {
-            throw new \LogicException("No permitted subtrees.");
-        }
-        return $this->_permitted;
-    }
+	/**
+	 * Get permitted subtrees.
+	 *
+	 * @throws \LogicException
+	 * @return GeneralSubtrees
+	 */
+	public function permittedSubtrees(): GeneralSubtrees
+	{
+		if (!$this->hasPermittedSubtrees()) {
+			throw new \LogicException("No permitted subtrees.");
+		}
+		return $this->_permitted;
+	}
     
-    /**
-     * Whether excluded subtrees are present.
-     *
-     * @return bool
-     */
-    public function hasExcludedSubtrees(): bool
-    {
-        return isset($this->_excluded);
-    }
+	/**
+	 * Whether excluded subtrees are present.
+	 *
+	 * @return bool
+	 */
+	public function hasExcludedSubtrees(): bool
+	{
+		return isset($this->_excluded);
+	}
     
-    /**
-     * Get excluded subtrees.
-     *
-     * @throws \LogicException
-     * @return GeneralSubtrees
-     */
-    public function excludedSubtrees(): GeneralSubtrees
-    {
-        if (!$this->hasExcludedSubtrees()) {
-            throw new \LogicException("No excluded subtrees.");
-        }
-        return $this->_excluded;
-    }
+	/**
+	 * Get excluded subtrees.
+	 *
+	 * @throws \LogicException
+	 * @return GeneralSubtrees
+	 */
+	public function excludedSubtrees(): GeneralSubtrees
+	{
+		if (!$this->hasExcludedSubtrees()) {
+			throw new \LogicException("No excluded subtrees.");
+		}
+		return $this->_excluded;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array();
-        if (isset($this->_permitted)) {
-            $elements[] = new ImplicitlyTaggedType(0, $this->_permitted->toASN1());
-        }
-        if (isset($this->_excluded)) {
-            $elements[] = new ImplicitlyTaggedType(1, $this->_excluded->toASN1());
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array();
+		if (isset($this->_permitted)) {
+			$elements[] = new ImplicitlyTaggedType(0, $this->_permitted->toASN1());
+		}
+		if (isset($this->_excluded)) {
+			$elements[] = new ImplicitlyTaggedType(1, $this->_excluded->toASN1());
+		}
+		return new Sequence(...$elements);
+	}
 }

lib/X509/Certificate/Extension/Extension.php

Indentation +199 added lines, -199 removed lines

@@ -19,214 +19,214 @@
  */
 abstract class Extension
 {
-    // OID's from standard certificate extensions
-    const OID_OBSOLETE_AUTHORITY_KEY_IDENTIFIER = "2.5.29.1";
-    const OID_OBSOLETE_KEY_ATTRIBUTES = "2.5.29.2";
-    const OID_OBSOLETE_CERTIFICATE_POLICIES = "2.5.29.3";
-    const OID_OBSOLETE_KEY_USAGE_RESTRICTION = "2.5.29.4";
-    const OID_OBSOLETE_POLICY_MAPPING = "2.5.29.5";
-    const OID_OBSOLETE_SUBTREES_CONSTRAINT = "2.5.29.6";
-    const OID_OBSOLETE_SUBJECT_ALT_NAME = "2.5.29.7";
-    const OID_OBSOLETE_ISSUER_ALT_NAME = "2.5.29.8";
-    const OID_SUBJECT_DIRECTORY_ATTRIBUTES = "2.5.29.9";
-    const OID_OBSOLETE_BASIC_CONSTRAINTS = "2.5.29.10";
-    const OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
-    const OID_KEY_USAGE = "2.5.29.15";
-    const OID_PRIVATE_KEY_USAGE_PERIOD = "2.5.29.16";
-    const OID_SUBJECT_ALT_NAME = "2.5.29.17";
-    const OID_ISSUER_ALT_NAME = "2.5.29.18";
-    const OID_BASIC_CONSTRAINTS = "2.5.29.19";
-    const OID_CRL_NUMBER = "2.5.29.20";
-    const OID_REASON_CODE = "2.5.29.21";
-    const OID_OBSOLETE_EXPIRATION_DATE = "2.5.29.22";
-    const OID_INSTRUCTION_CODE = "2.5.29.23";
-    const OID_INVALIDITY_DATE = "2.5.29.24";
-    const OID_OBSOLETE_CRL_DISTRIBUTION_POINTS = "2.5.29.25";
-    const OID_OBSOLETE_ISSUING_DISTRIBUTION_POINT = "2.5.29.26";
-    const OID_DELTA_CRL_INDICATOR = "2.5.29.27";
-    const OID_ISSUING_DISTRIBUTION_POINT = "2.5.29.28";
-    const OID_CERTIFICATE_ISSUER = "2.5.29.29";
-    const OID_NAME_CONSTRAINTS = "2.5.29.30";
-    const OID_CRL_DISTRIBUTION_POINTS = "2.5.29.31";
-    const OID_CERTIFICATE_POLICIES = "2.5.29.32";
-    const OID_POLICY_MAPPINGS = "2.5.29.33";
-    const OID_OBSOLETE_POLICY_CONSTRAINTS = "2.5.29.34";
-    const OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
-    const OID_POLICY_CONSTRAINTS = "2.5.29.36";
-    const OID_EXT_KEY_USAGE = "2.5.29.37";
-    const OID_AUTHORITY_ATTRIBUTE_IDENTIFIER = "2.5.29.38";
-    const OID_ROLE_SPEC_CERT_IDENTIFIER = "2.5.29.39";
-    const OID_CRL_STREAM_IDENTIFIER = "2.5.29.40";
-    const OID_BASIC_ATT_CONSTRAINTS = "2.5.29.41";
-    const OID_DELEGATED_NAME_CONSTRAINTS = "2.5.29.42";
-    const OID_TIME_SPECIFICATION = "2.5.29.43";
-    const OID_CRL_SCOPE = "2.5.29.44";
-    const OID_STATUS_REFERRALS = "2.5.29.45";
-    const OID_FRESHEST_CRL = "2.5.29.46";
-    const OID_ORDERED_LIST = "2.5.29.47";
-    const OID_ATTRIBUTE_DESCRIPTOR = "2.5.29.48";
-    const OID_USER_NOTICE = "2.5.29.49";
-    const OID_SOA_IDENTIFIER = "2.5.29.50";
-    const OID_BASE_UPDATE_TIME = "2.5.29.51";
-    const OID_ACCEPTABLE_CERT_POLICIES = "2.5.29.52";
-    const OID_DELTA_INFO = "2.5.29.53";
-    const OID_INHIBIT_ANY_POLICY = "2.5.29.54";
-    const OID_TARGET_INFORMATION = "2.5.29.55";
-    const OID_NO_REV_AVAIL = "2.5.29.56";
-    const OID_ACCEPTABLE_PRIVILEGE_POLICIES = "2.5.29.57";
-    const OID_TO_BE_REVOKED = "2.5.29.58";
-    const OID_REVOKED_GROUPS = "2.5.29.59";
-    const OID_EXPIRED_CERTS_ON_CRL = "2.5.29.60";
-    const OID_INDIRECT_ISSUER = "2.5.29.61";
-    const OID_NO_ASSERTION = "2.5.29.62";
-    const OID_AA_ISSUING_DISTRIBUTION_POINT = "2.5.29.63";
-    const OID_ISSUED_ON_BEHALF_OF = "2.5.29.64";
-    const OID_SINGLE_USE = "2.5.29.65";
-    const OID_GROUP_AC = "2.5.29.66";
-    const OID_ALLOWED_ATT_ASS = "2.5.29.67";
-    const OID_ATTRIBUTE_MAPPINGS = "2.5.29.68";
-    const OID_HOLDER_NAME_CONSTRAINTS = "2.5.29.69";
+	// OID's from standard certificate extensions
+	const OID_OBSOLETE_AUTHORITY_KEY_IDENTIFIER = "2.5.29.1";
+	const OID_OBSOLETE_KEY_ATTRIBUTES = "2.5.29.2";
+	const OID_OBSOLETE_CERTIFICATE_POLICIES = "2.5.29.3";
+	const OID_OBSOLETE_KEY_USAGE_RESTRICTION = "2.5.29.4";
+	const OID_OBSOLETE_POLICY_MAPPING = "2.5.29.5";
+	const OID_OBSOLETE_SUBTREES_CONSTRAINT = "2.5.29.6";
+	const OID_OBSOLETE_SUBJECT_ALT_NAME = "2.5.29.7";
+	const OID_OBSOLETE_ISSUER_ALT_NAME = "2.5.29.8";
+	const OID_SUBJECT_DIRECTORY_ATTRIBUTES = "2.5.29.9";
+	const OID_OBSOLETE_BASIC_CONSTRAINTS = "2.5.29.10";
+	const OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
+	const OID_KEY_USAGE = "2.5.29.15";
+	const OID_PRIVATE_KEY_USAGE_PERIOD = "2.5.29.16";
+	const OID_SUBJECT_ALT_NAME = "2.5.29.17";
+	const OID_ISSUER_ALT_NAME = "2.5.29.18";
+	const OID_BASIC_CONSTRAINTS = "2.5.29.19";
+	const OID_CRL_NUMBER = "2.5.29.20";
+	const OID_REASON_CODE = "2.5.29.21";
+	const OID_OBSOLETE_EXPIRATION_DATE = "2.5.29.22";
+	const OID_INSTRUCTION_CODE = "2.5.29.23";
+	const OID_INVALIDITY_DATE = "2.5.29.24";
+	const OID_OBSOLETE_CRL_DISTRIBUTION_POINTS = "2.5.29.25";
+	const OID_OBSOLETE_ISSUING_DISTRIBUTION_POINT = "2.5.29.26";
+	const OID_DELTA_CRL_INDICATOR = "2.5.29.27";
+	const OID_ISSUING_DISTRIBUTION_POINT = "2.5.29.28";
+	const OID_CERTIFICATE_ISSUER = "2.5.29.29";
+	const OID_NAME_CONSTRAINTS = "2.5.29.30";
+	const OID_CRL_DISTRIBUTION_POINTS = "2.5.29.31";
+	const OID_CERTIFICATE_POLICIES = "2.5.29.32";
+	const OID_POLICY_MAPPINGS = "2.5.29.33";
+	const OID_OBSOLETE_POLICY_CONSTRAINTS = "2.5.29.34";
+	const OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
+	const OID_POLICY_CONSTRAINTS = "2.5.29.36";
+	const OID_EXT_KEY_USAGE = "2.5.29.37";
+	const OID_AUTHORITY_ATTRIBUTE_IDENTIFIER = "2.5.29.38";
+	const OID_ROLE_SPEC_CERT_IDENTIFIER = "2.5.29.39";
+	const OID_CRL_STREAM_IDENTIFIER = "2.5.29.40";
+	const OID_BASIC_ATT_CONSTRAINTS = "2.5.29.41";
+	const OID_DELEGATED_NAME_CONSTRAINTS = "2.5.29.42";
+	const OID_TIME_SPECIFICATION = "2.5.29.43";
+	const OID_CRL_SCOPE = "2.5.29.44";
+	const OID_STATUS_REFERRALS = "2.5.29.45";
+	const OID_FRESHEST_CRL = "2.5.29.46";
+	const OID_ORDERED_LIST = "2.5.29.47";
+	const OID_ATTRIBUTE_DESCRIPTOR = "2.5.29.48";
+	const OID_USER_NOTICE = "2.5.29.49";
+	const OID_SOA_IDENTIFIER = "2.5.29.50";
+	const OID_BASE_UPDATE_TIME = "2.5.29.51";
+	const OID_ACCEPTABLE_CERT_POLICIES = "2.5.29.52";
+	const OID_DELTA_INFO = "2.5.29.53";
+	const OID_INHIBIT_ANY_POLICY = "2.5.29.54";
+	const OID_TARGET_INFORMATION = "2.5.29.55";
+	const OID_NO_REV_AVAIL = "2.5.29.56";
+	const OID_ACCEPTABLE_PRIVILEGE_POLICIES = "2.5.29.57";
+	const OID_TO_BE_REVOKED = "2.5.29.58";
+	const OID_REVOKED_GROUPS = "2.5.29.59";
+	const OID_EXPIRED_CERTS_ON_CRL = "2.5.29.60";
+	const OID_INDIRECT_ISSUER = "2.5.29.61";
+	const OID_NO_ASSERTION = "2.5.29.62";
+	const OID_AA_ISSUING_DISTRIBUTION_POINT = "2.5.29.63";
+	const OID_ISSUED_ON_BEHALF_OF = "2.5.29.64";
+	const OID_SINGLE_USE = "2.5.29.65";
+	const OID_GROUP_AC = "2.5.29.66";
+	const OID_ALLOWED_ATT_ASS = "2.5.29.67";
+	const OID_ATTRIBUTE_MAPPINGS = "2.5.29.68";
+	const OID_HOLDER_NAME_CONSTRAINTS = "2.5.29.69";
     
-    // OID's from private certificate extensions arc
-    const OID_AA_CONTROLS = "1.3.6.1.5.5.7.1.6";
+	// OID's from private certificate extensions arc
+	const OID_AA_CONTROLS = "1.3.6.1.5.5.7.1.6";
     
-    /**
-     * Mapping from extension ID to implementation class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_CLASS = array(
-        /* @formatter:off */
-        self::OID_AUTHORITY_KEY_IDENTIFIER => AuthorityKeyIdentifierExtension::class,
-        self::OID_SUBJECT_KEY_IDENTIFIER => SubjectKeyIdentifierExtension::class,
-        self::OID_KEY_USAGE => KeyUsageExtension::class,
-        self::OID_CERTIFICATE_POLICIES => CertificatePoliciesExtension::class,
-        self::OID_POLICY_MAPPINGS => PolicyMappingsExtension::class,
-        self::OID_SUBJECT_ALT_NAME => SubjectAlternativeNameExtension::class,
-        self::OID_ISSUER_ALT_NAME => IssuerAlternativeNameExtension::class,
-        self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => SubjectDirectoryAttributesExtension::class,
-        self::OID_BASIC_CONSTRAINTS => BasicConstraintsExtension::class,
-        self::OID_NAME_CONSTRAINTS => NameConstraintsExtension::class,
-        self::OID_POLICY_CONSTRAINTS => PolicyConstraintsExtension::class,
-        self::OID_EXT_KEY_USAGE => ExtendedKeyUsageExtension::class,
-        self::OID_CRL_DISTRIBUTION_POINTS => CRLDistributionPointsExtension::class,
-        self::OID_INHIBIT_ANY_POLICY => InhibitAnyPolicyExtension::class,
-        self::OID_FRESHEST_CRL => FreshestCRLExtension::class,
-        self::OID_NO_REV_AVAIL => NoRevocationAvailableExtension::class,
-        self::OID_TARGET_INFORMATION => TargetInformationExtension::class,
-        self::OID_AA_CONTROLS => AAControlsExtension::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from extension ID to implementation class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_CLASS = array(
+		/* @formatter:off */
+		self::OID_AUTHORITY_KEY_IDENTIFIER => AuthorityKeyIdentifierExtension::class,
+		self::OID_SUBJECT_KEY_IDENTIFIER => SubjectKeyIdentifierExtension::class,
+		self::OID_KEY_USAGE => KeyUsageExtension::class,
+		self::OID_CERTIFICATE_POLICIES => CertificatePoliciesExtension::class,
+		self::OID_POLICY_MAPPINGS => PolicyMappingsExtension::class,
+		self::OID_SUBJECT_ALT_NAME => SubjectAlternativeNameExtension::class,
+		self::OID_ISSUER_ALT_NAME => IssuerAlternativeNameExtension::class,
+		self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => SubjectDirectoryAttributesExtension::class,
+		self::OID_BASIC_CONSTRAINTS => BasicConstraintsExtension::class,
+		self::OID_NAME_CONSTRAINTS => NameConstraintsExtension::class,
+		self::OID_POLICY_CONSTRAINTS => PolicyConstraintsExtension::class,
+		self::OID_EXT_KEY_USAGE => ExtendedKeyUsageExtension::class,
+		self::OID_CRL_DISTRIBUTION_POINTS => CRLDistributionPointsExtension::class,
+		self::OID_INHIBIT_ANY_POLICY => InhibitAnyPolicyExtension::class,
+		self::OID_FRESHEST_CRL => FreshestCRLExtension::class,
+		self::OID_NO_REV_AVAIL => NoRevocationAvailableExtension::class,
+		self::OID_TARGET_INFORMATION => TargetInformationExtension::class,
+		self::OID_AA_CONTROLS => AAControlsExtension::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Extension's OID.
-     *
-     * @var string $_oid
-     */
-    protected $_oid;
+	/**
+	 * Extension's OID.
+	 *
+	 * @var string $_oid
+	 */
+	protected $_oid;
     
-    /**
-     * Whether extension is critical.
-     *
-     * @var bool $_critical
-     */
-    protected $_critical;
+	/**
+	 * Whether extension is critical.
+	 *
+	 * @var bool $_critical
+	 */
+	protected $_critical;
     
-    /**
-     * Get ASN.1 structure of the extension value.
-     *
-     * @return Element
-     */
-    abstract protected function _valueASN1();
+	/**
+	 * Get ASN.1 structure of the extension value.
+	 *
+	 * @return Element
+	 */
+	abstract protected function _valueASN1();
     
-    /**
-     * Parse extension value from DER.
-     *
-     * @param string $data DER data
-     * @param bool $critical Whether extension is critical
-     * @throws \BadMethodCallException
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical)
-    {
-        throw new \BadMethodCallException(
-            __FUNCTION__ . " must be implemented in derived class.");
-    }
+	/**
+	 * Parse extension value from DER.
+	 *
+	 * @param string $data DER data
+	 * @param bool $critical Whether extension is critical
+	 * @throws \BadMethodCallException
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical)
+	{
+		throw new \BadMethodCallException(
+			__FUNCTION__ . " must be implemented in derived class.");
+	}
     
-    /**
-     * Constructor.
-     *
-     * @param string $oid Extension OID
-     * @param bool $critical Whether extension is critical
-     */
-    public function __construct(string $oid, bool $critical)
-    {
-        $this->_oid = $oid;
-        $this->_critical = $critical;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $oid Extension OID
+	 * @param bool $critical Whether extension is critical
+	 */
+	public function __construct(string $oid, bool $critical)
+	{
+		$this->_oid = $oid;
+		$this->_critical = $critical;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): Extension
-    {
-        $extnID = $seq->at(0)
-            ->asObjectIdentifier()
-            ->oid();
-        $critical = false;
-        $idx = 1;
-        if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
-            $critical = $seq->at($idx++)
-                ->asBoolean()
-                ->value();
-        }
-        $data = $seq->at($idx)
-            ->asOctetString()
-            ->string();
-        if (array_key_exists($extnID, self::MAP_OID_TO_CLASS)) {
-            $cls = self::MAP_OID_TO_CLASS[$extnID];
-            return $cls::_fromDER($data, $critical);
-        }
-        return new UnknownExtension($extnID, $critical, new DERData($data));
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): Extension
+	{
+		$extnID = $seq->at(0)
+			->asObjectIdentifier()
+			->oid();
+		$critical = false;
+		$idx = 1;
+		if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
+			$critical = $seq->at($idx++)
+				->asBoolean()
+				->value();
+		}
+		$data = $seq->at($idx)
+			->asOctetString()
+			->string();
+		if (array_key_exists($extnID, self::MAP_OID_TO_CLASS)) {
+			$cls = self::MAP_OID_TO_CLASS[$extnID];
+			return $cls::_fromDER($data, $critical);
+		}
+		return new UnknownExtension($extnID, $critical, new DERData($data));
+	}
     
-    /**
-     * Get extension OID.
-     *
-     * @return string
-     */
-    public function oid(): string
-    {
-        return $this->_oid;
-    }
+	/**
+	 * Get extension OID.
+	 *
+	 * @return string
+	 */
+	public function oid(): string
+	{
+		return $this->_oid;
+	}
     
-    /**
-     * Check whether extension is critical.
-     *
-     * @return bool
-     */
-    public function isCritical(): bool
-    {
-        return $this->_critical;
-    }
+	/**
+	 * Check whether extension is critical.
+	 *
+	 * @return bool
+	 */
+	public function isCritical(): bool
+	{
+		return $this->_critical;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new ObjectIdentifier($this->_oid));
-        if ($this->_critical) {
-            $elements[] = new Boolean(true);
-        }
-        $elements[] = new OctetString($this->_valueASN1()->toDER());
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new ObjectIdentifier($this->_oid));
+		if ($this->_critical) {
+			$elements[] = new Boolean(true);
+		}
+		$elements[] = new OctetString($this->_valueASN1()->toDER());
+		return new Sequence(...$elements);
+	}
 }

lib/X509/Certificate/Extension/SubjectDirectoryAttributesExtension.php

Indentation +47 added lines, -47 removed lines

@@ -15,55 +15,55 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.1.8
  */
 class SubjectDirectoryAttributesExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    use AttributeContainer;
+	use AttributeContainer;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param Attribute ...$attribs One or more Attribute objects
-     */
-    public function __construct(bool $critical, Attribute ...$attribs)
-    {
-        parent::__construct(self::OID_SUBJECT_DIRECTORY_ATTRIBUTES, $critical);
-        $this->_attributes = $attribs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param Attribute ...$attribs One or more Attribute objects
+	 */
+	public function __construct(bool $critical, Attribute ...$attribs)
+	{
+		parent::__construct(self::OID_SUBJECT_DIRECTORY_ATTRIBUTES, $critical);
+		$this->_attributes = $attribs;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $attribs = array_map(
-            function (UnspecifiedType $el) {
-                return Attribute::fromASN1($el->asSequence());
-            }, Sequence::fromDER($data)->elements());
-        if (!count($attribs)) {
-            throw new \UnexpectedValueException(
-                "SubjectDirectoryAttributes must have at least one Attribute.");
-        }
-        return new self($critical, ...$attribs);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$attribs = array_map(
+			function (UnspecifiedType $el) {
+				return Attribute::fromASN1($el->asSequence());
+			}, Sequence::fromDER($data)->elements());
+		if (!count($attribs)) {
+			throw new \UnexpectedValueException(
+				"SubjectDirectoryAttributes must have at least one Attribute.");
+		}
+		return new self($critical, ...$attribs);
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        if (!count($this->_attributes)) {
-            throw new \LogicException("No attributes");
-        }
-        $elements = array_map(
-            function (Attribute $attr) {
-                return $attr->toASN1();
-            }, array_values($this->_attributes));
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		if (!count($this->_attributes)) {
+			throw new \LogicException("No attributes");
+		}
+		$elements = array_map(
+			function (Attribute $attr) {
+				return $attr->toASN1();
+			}, array_values($this->_attributes));
+		return new Sequence(...$elements);
+	}
 }

lib/X509/Certificate/Extension/TargetInformationExtension.php

Indentation +123 added lines, -123 removed lines

@@ -19,139 +19,139 @@
  * @link https://tools.ietf.org/html/rfc5755#section-4.3.2
  */
 class TargetInformationExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    /**
-     * Targets elements.
-     *
-     * @var Targets[] $_targets
-     */
-    protected $_targets;
+	/**
+	 * Targets elements.
+	 *
+	 * @var Targets[] $_targets
+	 */
+	protected $_targets;
     
-    /**
-     * Targets[] merged to single Targets.
-     *
-     * @var Targets|null
-     */
-    private $_merged;
+	/**
+	 * Targets[] merged to single Targets.
+	 *
+	 * @var Targets|null
+	 */
+	private $_merged;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param Targets[] $targets
-     */
-    public function __construct(bool $critical, Targets ...$targets)
-    {
-        parent::__construct(self::OID_TARGET_INFORMATION, $critical);
-        $this->_targets = $targets;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param Targets[] $targets
+	 */
+	public function __construct(bool $critical, Targets ...$targets)
+	{
+		parent::__construct(self::OID_TARGET_INFORMATION, $critical);
+		$this->_targets = $targets;
+	}
     
-    /**
-     * Initialize from one or more Target objects.
-     *
-     * Extension criticality shall be set to true as specified by RFC 5755.
-     *
-     * @param Target[] $target
-     * @return TargetInformationExtension
-     */
-    public static function fromTargets(Target ...$target): self
-    {
-        return new self(true, new Targets(...$target));
-    }
+	/**
+	 * Initialize from one or more Target objects.
+	 *
+	 * Extension criticality shall be set to true as specified by RFC 5755.
+	 *
+	 * @param Target[] $target
+	 * @return TargetInformationExtension
+	 */
+	public static function fromTargets(Target ...$target): self
+	{
+		return new self(true, new Targets(...$target));
+	}
     
-    /**
-     * Reset internal state on clone.
-     */
-    public function __clone()
-    {
-        $this->_merged = null;
-    }
+	/**
+	 * Reset internal state on clone.
+	 */
+	public function __clone()
+	{
+		$this->_merged = null;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $targets = array_map(
-            function (UnspecifiedType $el) {
-                return Targets::fromASN1($el->asSequence());
-            }, Sequence::fromDER($data)->elements());
-        return new self($critical, ...$targets);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$targets = array_map(
+			function (UnspecifiedType $el) {
+				return Targets::fromASN1($el->asSequence());
+			}, Sequence::fromDER($data)->elements());
+		return new self($critical, ...$targets);
+	}
     
-    /**
-     * Get all targets.
-     *
-     * @return Targets
-     */
-    public function targets(): Targets
-    {
-        if (!isset($this->_merged)) {
-            $a = array();
-            foreach ($this->_targets as $targets) {
-                $a = array_merge($a, $targets->all());
-            }
-            $this->_merged = new Targets(...$a);
-        }
-        return $this->_merged;
-    }
+	/**
+	 * Get all targets.
+	 *
+	 * @return Targets
+	 */
+	public function targets(): Targets
+	{
+		if (!isset($this->_merged)) {
+			$a = array();
+			foreach ($this->_targets as $targets) {
+				$a = array_merge($a, $targets->all());
+			}
+			$this->_merged = new Targets(...$a);
+		}
+		return $this->_merged;
+	}
     
-    /**
-     * Get all name targets.
-     *
-     * @return Target[]
-     */
-    public function names(): array
-    {
-        return $this->targets()->nameTargets();
-    }
+	/**
+	 * Get all name targets.
+	 *
+	 * @return Target[]
+	 */
+	public function names(): array
+	{
+		return $this->targets()->nameTargets();
+	}
     
-    /**
-     * Get all group targets.
-     *
-     * @return Target[]
-     */
-    public function groups(): array
-    {
-        return $this->targets()->groupTargets();
-    }
+	/**
+	 * Get all group targets.
+	 *
+	 * @return Target[]
+	 */
+	public function groups(): array
+	{
+		return $this->targets()->groupTargets();
+	}
     
-    /**
-     *
-     * @see \X509\Certificate\Extension\Extension::_valueASN1()
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function (Targets $targets) {
-                return $targets->toASN1();
-            }, $this->_targets);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * @see \X509\Certificate\Extension\Extension::_valueASN1()
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function (Targets $targets) {
+				return $targets->toASN1();
+			}, $this->_targets);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->targets());
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->targets());
+	}
     
-    /**
-     * Get iterator for targets.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->targets()->all());
-    }
+	/**
+	 * Get iterator for targets.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->targets()->all());
+	}
 }

lib/X509/CertificationPath/Policy/PolicyNode.php

Indentation +238 added lines, -238 removed lines

@@ -14,265 +14,265 @@
  */
 class PolicyNode implements \IteratorAggregate, \Countable
 {
-    /**
-     * Policy OID.
-     *
-     * @var string
-     */
-    protected $_validPolicy;
+	/**
+	 * Policy OID.
+	 *
+	 * @var string
+	 */
+	protected $_validPolicy;
     
-    /**
-     * List of qualifiers.
-     *
-     * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
-     */
-    protected $_qualifiers;
+	/**
+	 * List of qualifiers.
+	 *
+	 * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
+	 */
+	protected $_qualifiers;
     
-    /**
-     * List of expected policy OIDs.
-     *
-     * @var string[]
-     */
-    protected $_expectedPolicies;
+	/**
+	 * List of expected policy OIDs.
+	 *
+	 * @var string[]
+	 */
+	protected $_expectedPolicies;
     
-    /**
-     * List of child nodes.
-     *
-     * @var PolicyNode[]
-     */
-    protected $_children;
+	/**
+	 * List of child nodes.
+	 *
+	 * @var PolicyNode[]
+	 */
+	protected $_children;
     
-    /**
-     * Reference to the parent node.
-     *
-     * @var PolicyNode|null
-     */
-    protected $_parent;
+	/**
+	 * Reference to the parent node.
+	 *
+	 * @var PolicyNode|null
+	 */
+	protected $_parent;
     
-    /**
-     * Constructor.
-     *
-     * @param string $valid_policy Policy OID
-     * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
-     * @param string[] $expected_policies
-     */
-    public function __construct(string $valid_policy, array $qualifiers,
-        array $expected_policies)
-    {
-        $this->_validPolicy = $valid_policy;
-        $this->_qualifiers = $qualifiers;
-        $this->_expectedPolicies = $expected_policies;
-        $this->_children = array();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $valid_policy Policy OID
+	 * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
+	 * @param string[] $expected_policies
+	 */
+	public function __construct(string $valid_policy, array $qualifiers,
+		array $expected_policies)
+	{
+		$this->_validPolicy = $valid_policy;
+		$this->_qualifiers = $qualifiers;
+		$this->_expectedPolicies = $expected_policies;
+		$this->_children = array();
+	}
     
-    /**
-     * Create initial node for the policy tree.
-     *
-     * @return self
-     */
-    public static function anyPolicyNode(): self
-    {
-        return new self(PolicyInformation::OID_ANY_POLICY, array(),
-            array(PolicyInformation::OID_ANY_POLICY));
-    }
+	/**
+	 * Create initial node for the policy tree.
+	 *
+	 * @return self
+	 */
+	public static function anyPolicyNode(): self
+	{
+		return new self(PolicyInformation::OID_ANY_POLICY, array(),
+			array(PolicyInformation::OID_ANY_POLICY));
+	}
     
-    /**
-     * Get the valid policy OID.
-     *
-     * @return string
-     */
-    public function validPolicy(): string
-    {
-        return $this->_validPolicy;
-    }
+	/**
+	 * Get the valid policy OID.
+	 *
+	 * @return string
+	 */
+	public function validPolicy(): string
+	{
+		return $this->_validPolicy;
+	}
     
-    /**
-     * Check whether node has anyPolicy as a valid policy.
-     *
-     * @return boolean
-     */
-    public function isAnyPolicy(): bool
-    {
-        return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
-    }
+	/**
+	 * Check whether node has anyPolicy as a valid policy.
+	 *
+	 * @return boolean
+	 */
+	public function isAnyPolicy(): bool
+	{
+		return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
+	}
     
-    /**
-     * Get the qualifier set.
-     *
-     * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
-     */
-    public function qualifiers(): array
-    {
-        return $this->_qualifiers;
-    }
+	/**
+	 * Get the qualifier set.
+	 *
+	 * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
+	 */
+	public function qualifiers(): array
+	{
+		return $this->_qualifiers;
+	}
     
-    /**
-     * Check whether node has OID as an expected policy.
-     *
-     * @param string $oid
-     * @return boolean
-     */
-    public function hasExpectedPolicy(string $oid): bool
-    {
-        return in_array($oid, $this->_expectedPolicies);
-    }
+	/**
+	 * Check whether node has OID as an expected policy.
+	 *
+	 * @param string $oid
+	 * @return boolean
+	 */
+	public function hasExpectedPolicy(string $oid): bool
+	{
+		return in_array($oid, $this->_expectedPolicies);
+	}
     
-    /**
-     * Get the expected policy set.
-     *
-     * @return string[]
-     */
-    public function expectedPolicies(): array
-    {
-        return $this->_expectedPolicies;
-    }
+	/**
+	 * Get the expected policy set.
+	 *
+	 * @return string[]
+	 */
+	public function expectedPolicies(): array
+	{
+		return $this->_expectedPolicies;
+	}
     
-    /**
-     * Set expected policies.
-     *
-     * @param string ...$oids Policy OIDs
-     */
-    public function setExpectedPolicies(string ...$oids)
-    {
-        $this->_expectedPolicies = $oids;
-    }
+	/**
+	 * Set expected policies.
+	 *
+	 * @param string ...$oids Policy OIDs
+	 */
+	public function setExpectedPolicies(string ...$oids)
+	{
+		$this->_expectedPolicies = $oids;
+	}
     
-    /**
-     * Check whether node has a child node with given valid policy OID.
-     *
-     * @param string $oid
-     * @return boolean
-     */
-    public function hasChildWithValidPolicy(string $oid): bool
-    {
-        foreach ($this->_children as $node) {
-            if ($node->validPolicy() == $oid) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether node has a child node with given valid policy OID.
+	 *
+	 * @param string $oid
+	 * @return boolean
+	 */
+	public function hasChildWithValidPolicy(string $oid): bool
+	{
+		foreach ($this->_children as $node) {
+			if ($node->validPolicy() == $oid) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Add child node.
-     *
-     * @param PolicyNode $node
-     * @return self
-     */
-    public function addChild(PolicyNode $node): self
-    {
-        $id = spl_object_hash($node);
-        $node->_parent = $this;
-        $this->_children[$id] = $node;
-        return $this;
-    }
+	/**
+	 * Add child node.
+	 *
+	 * @param PolicyNode $node
+	 * @return self
+	 */
+	public function addChild(PolicyNode $node): self
+	{
+		$id = spl_object_hash($node);
+		$node->_parent = $this;
+		$this->_children[$id] = $node;
+		return $this;
+	}
     
-    /**
-     * Get the child nodes.
-     *
-     * @return PolicyNode[]
-     */
-    public function children(): array
-    {
-        return array_values($this->_children);
-    }
+	/**
+	 * Get the child nodes.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function children(): array
+	{
+		return array_values($this->_children);
+	}
     
-    /**
-     * Remove this node from the tree.
-     *
-     * @return self The removed node
-     */
-    public function remove(): self
-    {
-        if ($this->_parent) {
-            $id = spl_object_hash($this);
-            unset($this->_parent->_children[$id]);
-            unset($this->_parent);
-        }
-        return $this;
-    }
+	/**
+	 * Remove this node from the tree.
+	 *
+	 * @return self The removed node
+	 */
+	public function remove(): self
+	{
+		if ($this->_parent) {
+			$id = spl_object_hash($this);
+			unset($this->_parent->_children[$id]);
+			unset($this->_parent);
+		}
+		return $this;
+	}
     
-    /**
-     * Check whether node has a parent.
-     *
-     * @return bool
-     */
-    public function hasParent(): bool
-    {
-        return isset($this->_parent);
-    }
+	/**
+	 * Check whether node has a parent.
+	 *
+	 * @return bool
+	 */
+	public function hasParent(): bool
+	{
+		return isset($this->_parent);
+	}
     
-    /**
-     * Get the parent node.
-     *
-     * @return PolicyNode|null
-     */
-    public function parent()
-    {
-        return $this->_parent;
-    }
+	/**
+	 * Get the parent node.
+	 *
+	 * @return PolicyNode|null
+	 */
+	public function parent()
+	{
+		return $this->_parent;
+	}
     
-    /**
-     * Get chain of parent nodes from this node's parent to the root node.
-     *
-     * @return PolicyNode[]
-     */
-    public function parents(): array
-    {
-        if (!$this->_parent) {
-            return array();
-        }
-        $nodes = $this->_parent->parents();
-        $nodes[] = $this->_parent;
-        return array_reverse($nodes);
-    }
+	/**
+	 * Get chain of parent nodes from this node's parent to the root node.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function parents(): array
+	{
+		if (!$this->_parent) {
+			return array();
+		}
+		$nodes = $this->_parent->parents();
+		$nodes[] = $this->_parent;
+		return array_reverse($nodes);
+	}
     
-    /**
-     * Walk tree from this node, applying a callback for each node.
-     *
-     * Nodes are traversed depth-first and callback shall be applied post-order.
-     *
-     * @param callable $fn
-     */
-    public function walkNodes(callable $fn)
-    {
-        foreach ($this->_children as $node) {
-            $node->walkNodes($fn);
-        }
-        $fn($this);
-    }
+	/**
+	 * Walk tree from this node, applying a callback for each node.
+	 *
+	 * Nodes are traversed depth-first and callback shall be applied post-order.
+	 *
+	 * @param callable $fn
+	 */
+	public function walkNodes(callable $fn)
+	{
+		foreach ($this->_children as $node) {
+			$node->walkNodes($fn);
+		}
+		$fn($this);
+	}
     
-    /**
-     * Get the total number of nodes in a tree.
-     *
-     * @return int
-     */
-    public function nodeCount(): int
-    {
-        $c = 1;
-        foreach ($this->_children as $child) {
-            $c += $child->nodeCount();
-        }
-        return $c;
-    }
+	/**
+	 * Get the total number of nodes in a tree.
+	 *
+	 * @return int
+	 */
+	public function nodeCount(): int
+	{
+		$c = 1;
+		foreach ($this->_children as $child) {
+			$c += $child->nodeCount();
+		}
+		return $c;
+	}
     
-    /**
-     * Get the number of child nodes.
-     *
-     * @see \Countable::count()
-     */
-    public function count(): int
-    {
-        return count($this->_children);
-    }
+	/**
+	 * Get the number of child nodes.
+	 *
+	 * @see \Countable::count()
+	 */
+	public function count(): int
+	{
+		return count($this->_children);
+	}
     
-    /**
-     * Get iterator for the child nodes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_children);
-    }
+	/**
+	 * Get iterator for the child nodes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_children);
+	}
 }

lib/X509/CertificationPath/Policy/PolicyTree.php

Indentation +393 added lines, -393 removed lines

@@ -10,411 +10,411 @@
 
 class PolicyTree
 {
-    /**
-     * Root node at depth zero.
-     *
-     * @var PolicyNode|null
-     */
-    protected $_root;
+	/**
+	 * Root node at depth zero.
+	 *
+	 * @var PolicyNode|null
+	 */
+	protected $_root;
     
-    /**
-     * Constructor.
-     *
-     * @param PolicyNode $root Initial root node
-     */
-    public function __construct(PolicyNode $root)
-    {
-        $this->_root = $root;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param PolicyNode $root Initial root node
+	 */
+	public function __construct(PolicyNode $root)
+	{
+		$this->_root = $root;
+	}
     
-    /**
-     * Process policy information from the certificate.
-     *
-     * Certificate policies extension must be present.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    public function processPolicies(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        $policies = $cert->tbsCertificate()
-            ->extensions()
-            ->certificatePolicies();
-        $tree = clone $this;
-        // (d.1) for each policy P not equal to anyPolicy
-        foreach ($policies as $policy) {
-            if ($policy->isAnyPolicy()) {
-                $tree->_processAnyPolicy($policy, $cert, $state);
-            } else {
-                $tree->_processPolicy($policy, $state);
-            }
-        }
-        // if whole tree is pruned
-        if (!$tree->_pruneTree($state->index() - 1)) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Process policy information from the certificate.
+	 *
+	 * Certificate policies extension must be present.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	public function processPolicies(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		$policies = $cert->tbsCertificate()
+			->extensions()
+			->certificatePolicies();
+		$tree = clone $this;
+		// (d.1) for each policy P not equal to anyPolicy
+		foreach ($policies as $policy) {
+			if ($policy->isAnyPolicy()) {
+				$tree->_processAnyPolicy($policy, $cert, $state);
+			} else {
+				$tree->_processPolicy($policy, $state);
+			}
+		}
+		// if whole tree is pruned
+		if (!$tree->_pruneTree($state->index() - 1)) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Process policy mappings from the certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    public function processMappings(ValidatorState $state, Certificate $cert): ValidatorState
-    {
-        $tree = clone $this;
-        if ($state->policyMapping() > 0) {
-            $tree->_applyMappings($cert, $state);
-        } else if ($state->policyMapping() == 0) {
-            $tree->_deleteMappings($cert, $state);
-        }
-        // if whole tree is pruned
-        if (!$tree->_root) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Process policy mappings from the certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	public function processMappings(ValidatorState $state, Certificate $cert): ValidatorState
+	{
+		$tree = clone $this;
+		if ($state->policyMapping() > 0) {
+			$tree->_applyMappings($cert, $state);
+		} else if ($state->policyMapping() == 0) {
+			$tree->_deleteMappings($cert, $state);
+		}
+		// if whole tree is pruned
+		if (!$tree->_root) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g.
-     *
-     * @param ValidatorState $state
-     * @param array $policies
-     * @return ValidatorState
-     */
-    public function calculateIntersection(ValidatorState $state, array $policies): ValidatorState
-    {
-        $tree = clone $this;
-        $valid_policy_node_set = $tree->_validPolicyNodeSet();
-        // 2. If the valid_policy of any node in the valid_policy_node_set
-        // is not in the user-initial-policy-set and is not anyPolicy,
-        // delete this node and all its children.
-        $valid_policy_node_set = array_filter($valid_policy_node_set,
-            function (PolicyNode $node) use ($policies) {
-                if ($node->isAnyPolicy()) {
-                    return true;
-                }
-                if (in_array($node->validPolicy(), $policies)) {
-                    return true;
-                }
-                $node->remove();
-                return false;
-            });
-        // array of valid policy OIDs
-        $valid_policy_set = array_map(
-            function (PolicyNode $node) {
-                return $node->validPolicy();
-            }, $valid_policy_node_set);
-        // 3. If the valid_policy_tree includes a node of depth n with
-        // the valid_policy anyPolicy and the user-initial-policy-set 
-        // is not any-policy
-        foreach ($tree->_nodesAtDepth($state->index()) as $node) {
-            if ($node->hasParent() && $node->isAnyPolicy()) {
-                // a. Set P-Q to the qualifier_set in the node of depth n
-                // with valid_policy anyPolicy.
-                $pq = $node->qualifiers();
-                // b. For each P-OID in the user-initial-policy-set that is not
-                // the valid_policy of a node in the valid_policy_node_set,
-                // create a child node whose parent is the node of depth n-1
-                // with the valid_policy anyPolicy.
-                $poids = array_diff($policies, $valid_policy_set);
-                foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) {
-                    if ($parent->isAnyPolicy()) {
-                        // Set the values in the child node as follows: 
-                        // set the valid_policy to P-OID, set the qualifier_set
-                        // to P-Q, and set the expected_policy_set to {P-OID}.
-                        foreach ($poids as $poid) {
-                            $parent->addChild(
-                                new PolicyNode($poid, $pq, array($poid)));
-                        }
-                        break;
-                    }
-                }
-                // c. Delete the node of depth n with the
-                // valid_policy anyPolicy.
-                $node->remove();
-            }
-        }
-        // 4. If there is a node in the valid_policy_tree of depth n-1 or less
-        // without any child nodes, delete that node. Repeat this step until
-        // there are no nodes of depth n-1 or less without children.
-        if (!$tree->_pruneTree($state->index() - 1)) {
-            return $state->withoutValidPolicyTree();
-        }
-        return $state->withValidPolicyTree($tree);
-    }
+	/**
+	 * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g.
+	 *
+	 * @param ValidatorState $state
+	 * @param array $policies
+	 * @return ValidatorState
+	 */
+	public function calculateIntersection(ValidatorState $state, array $policies): ValidatorState
+	{
+		$tree = clone $this;
+		$valid_policy_node_set = $tree->_validPolicyNodeSet();
+		// 2. If the valid_policy of any node in the valid_policy_node_set
+		// is not in the user-initial-policy-set and is not anyPolicy,
+		// delete this node and all its children.
+		$valid_policy_node_set = array_filter($valid_policy_node_set,
+			function (PolicyNode $node) use ($policies) {
+				if ($node->isAnyPolicy()) {
+					return true;
+				}
+				if (in_array($node->validPolicy(), $policies)) {
+					return true;
+				}
+				$node->remove();
+				return false;
+			});
+		// array of valid policy OIDs
+		$valid_policy_set = array_map(
+			function (PolicyNode $node) {
+				return $node->validPolicy();
+			}, $valid_policy_node_set);
+		// 3. If the valid_policy_tree includes a node of depth n with
+		// the valid_policy anyPolicy and the user-initial-policy-set 
+		// is not any-policy
+		foreach ($tree->_nodesAtDepth($state->index()) as $node) {
+			if ($node->hasParent() && $node->isAnyPolicy()) {
+				// a. Set P-Q to the qualifier_set in the node of depth n
+				// with valid_policy anyPolicy.
+				$pq = $node->qualifiers();
+				// b. For each P-OID in the user-initial-policy-set that is not
+				// the valid_policy of a node in the valid_policy_node_set,
+				// create a child node whose parent is the node of depth n-1
+				// with the valid_policy anyPolicy.
+				$poids = array_diff($policies, $valid_policy_set);
+				foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) {
+					if ($parent->isAnyPolicy()) {
+						// Set the values in the child node as follows: 
+						// set the valid_policy to P-OID, set the qualifier_set
+						// to P-Q, and set the expected_policy_set to {P-OID}.
+						foreach ($poids as $poid) {
+							$parent->addChild(
+								new PolicyNode($poid, $pq, array($poid)));
+						}
+						break;
+					}
+				}
+				// c. Delete the node of depth n with the
+				// valid_policy anyPolicy.
+				$node->remove();
+			}
+		}
+		// 4. If there is a node in the valid_policy_tree of depth n-1 or less
+		// without any child nodes, delete that node. Repeat this step until
+		// there are no nodes of depth n-1 or less without children.
+		if (!$tree->_pruneTree($state->index() - 1)) {
+			return $state->withoutValidPolicyTree();
+		}
+		return $state->withValidPolicyTree($tree);
+	}
     
-    /**
-     * Get policies at given policy tree depth.
-     *
-     * @param int $i Depth in range 1..n
-     * @return PolicyInformation[]
-     */
-    public function policiesAtDepth(int $i): array
-    {
-        $policies = array();
-        foreach ($this->_nodesAtDepth($i) as $node) {
-            $policies[] = new PolicyInformation($node->validPolicy(),
-                ...$node->qualifiers());
-        }
-        return $policies;
-    }
+	/**
+	 * Get policies at given policy tree depth.
+	 *
+	 * @param int $i Depth in range 1..n
+	 * @return PolicyInformation[]
+	 */
+	public function policiesAtDepth(int $i): array
+	{
+		$policies = array();
+		foreach ($this->_nodesAtDepth($i) as $node) {
+			$policies[] = new PolicyInformation($node->validPolicy(),
+				...$node->qualifiers());
+		}
+		return $policies;
+	}
     
-    /**
-     * Process single policy information.
-     *
-     * @param PolicyInformation $policy
-     * @param ValidatorState $state
-     */
-    protected function _processPolicy(PolicyInformation $policy,
-        ValidatorState $state)
-    {
-        $p_oid = $policy->oid();
-        $i = $state->index();
-        $match_count = 0;
-        // (d.1.i) for each node of depth i-1 in the valid_policy_tree...
-        foreach ($this->_nodesAtDepth($i - 1) as $node) {
-            // ...where P-OID is in the expected_policy_set
-            if ($node->hasExpectedPolicy($p_oid)) {
-                $node->addChild(
-                    new PolicyNode($p_oid, $policy->qualifiers(), array($p_oid)));
-                ++$match_count;
-            }
-        }
-        // (d.1.ii) if there was no match in step (i)...
-        if (!$match_count) {
-            // ...and the valid_policy_tree includes a node of depth i-1 with
-            // the valid_policy anyPolicy
-            foreach ($this->_nodesAtDepth($i - 1) as $node) {
-                if ($node->isAnyPolicy()) {
-                    $node->addChild(
-                        new PolicyNode($p_oid, $policy->qualifiers(),
-                            array($p_oid)));
-                }
-            }
-        }
-    }
+	/**
+	 * Process single policy information.
+	 *
+	 * @param PolicyInformation $policy
+	 * @param ValidatorState $state
+	 */
+	protected function _processPolicy(PolicyInformation $policy,
+		ValidatorState $state)
+	{
+		$p_oid = $policy->oid();
+		$i = $state->index();
+		$match_count = 0;
+		// (d.1.i) for each node of depth i-1 in the valid_policy_tree...
+		foreach ($this->_nodesAtDepth($i - 1) as $node) {
+			// ...where P-OID is in the expected_policy_set
+			if ($node->hasExpectedPolicy($p_oid)) {
+				$node->addChild(
+					new PolicyNode($p_oid, $policy->qualifiers(), array($p_oid)));
+				++$match_count;
+			}
+		}
+		// (d.1.ii) if there was no match in step (i)...
+		if (!$match_count) {
+			// ...and the valid_policy_tree includes a node of depth i-1 with
+			// the valid_policy anyPolicy
+			foreach ($this->_nodesAtDepth($i - 1) as $node) {
+				if ($node->isAnyPolicy()) {
+					$node->addChild(
+						new PolicyNode($p_oid, $policy->qualifiers(),
+							array($p_oid)));
+				}
+			}
+		}
+	}
     
-    /**
-     * Process anyPolicy policy information.
-     *
-     * @param PolicyInformation $policy
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _processAnyPolicy(PolicyInformation $policy,
-        Certificate $cert, ValidatorState $state)
-    {
-        $i = $state->index();
-        // if (a) inhibit_anyPolicy is greater than 0 or
-        // (b) i<n and the certificate is self-issued
-        if (!($state->inhibitAnyPolicy() > 0 ||
-             ($i < $state->pathLength() && $cert->isSelfIssued()))) {
-            return;
-        }
-        // for each node in the valid_policy_tree of depth i-1
-        foreach ($this->_nodesAtDepth($i - 1) as $node) {
-            // for each value in the expected_policy_set
-            foreach ($node->expectedPolicies() as $p_oid) {
-                // that does not appear in a child node
-                if (!$node->hasChildWithValidPolicy($p_oid)) {
-                    $node->addChild(
-                        new PolicyNode($p_oid, $policy->qualifiers(),
-                            array($p_oid)));
-                }
-            }
-        }
-    }
+	/**
+	 * Process anyPolicy policy information.
+	 *
+	 * @param PolicyInformation $policy
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _processAnyPolicy(PolicyInformation $policy,
+		Certificate $cert, ValidatorState $state)
+	{
+		$i = $state->index();
+		// if (a) inhibit_anyPolicy is greater than 0 or
+		// (b) i<n and the certificate is self-issued
+		if (!($state->inhibitAnyPolicy() > 0 ||
+			 ($i < $state->pathLength() && $cert->isSelfIssued()))) {
+			return;
+		}
+		// for each node in the valid_policy_tree of depth i-1
+		foreach ($this->_nodesAtDepth($i - 1) as $node) {
+			// for each value in the expected_policy_set
+			foreach ($node->expectedPolicies() as $p_oid) {
+				// that does not appear in a child node
+				if (!$node->hasChildWithValidPolicy($p_oid)) {
+					$node->addChild(
+						new PolicyNode($p_oid, $policy->qualifiers(),
+							array($p_oid)));
+				}
+			}
+		}
+	}
     
-    /**
-     * Apply policy mappings to the policy tree.
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _applyMappings(Certificate $cert, ValidatorState $state)
-    {
-        $policy_mappings = $cert->tbsCertificate()
-            ->extensions()
-            ->policyMappings();
-        // (6.1.4. b.1.) for each node in the valid_policy_tree of depth i...
-        foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) {
-            $match_count = 0;
-            foreach ($this->_nodesAtDepth($state->index()) as $node) {
-                // ...where ID-P is the valid_policy
-                if ($node->validPolicy() == $idp) {
-                    // set expected_policy_set to the set of subjectDomainPolicy
-                    // values that are specified as equivalent to ID-P by
-                    // the policy mappings extension
-                    $node->setExpectedPolicies(...$sdps);
-                    ++$match_count;
-                }
-            }
-            // if no node of depth i in the valid_policy_tree has
-            // a valid_policy of ID-P...
-            if (!$match_count) {
-                $this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps);
-            }
-        }
-    }
+	/**
+	 * Apply policy mappings to the policy tree.
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _applyMappings(Certificate $cert, ValidatorState $state)
+	{
+		$policy_mappings = $cert->tbsCertificate()
+			->extensions()
+			->policyMappings();
+		// (6.1.4. b.1.) for each node in the valid_policy_tree of depth i...
+		foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) {
+			$match_count = 0;
+			foreach ($this->_nodesAtDepth($state->index()) as $node) {
+				// ...where ID-P is the valid_policy
+				if ($node->validPolicy() == $idp) {
+					// set expected_policy_set to the set of subjectDomainPolicy
+					// values that are specified as equivalent to ID-P by
+					// the policy mappings extension
+					$node->setExpectedPolicies(...$sdps);
+					++$match_count;
+				}
+			}
+			// if no node of depth i in the valid_policy_tree has
+			// a valid_policy of ID-P...
+			if (!$match_count) {
+				$this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps);
+			}
+		}
+	}
     
-    /**
-     * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1).
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     * @param string $idp OID of the issuer domain policy
-     * @param array $sdps Array of subject domain policy OIDs
-     */
-    protected function _applyAnyPolicyMapping(Certificate $cert,
-        ValidatorState $state, $idp, array $sdps)
-    {
-        // (6.1.4. b.1.) ...but there is a node of depth i with
-        // a valid_policy of anyPolicy
-        foreach ($this->_nodesAtDepth($state->index()) as $node) {
-            if ($node->isAnyPolicy()) {
-                // then generate a child node of the node of depth i-1
-                // that has a valid_policy of anyPolicy as follows...
-                foreach ($this->_nodesAtDepth($state->index() - 1) as $node) {
-                    if ($node->isAnyPolicy()) {
-                        // try to fetch qualifiers of anyPolicy certificate policy
-                        $qualifiers = array();
-                        try {
-                            $qualifiers = $cert->tbsCertificate()
-                                ->extensions()
-                                ->certificatePolicies()
-                                ->anyPolicy()
-                                ->qualifiers();
-                        } catch (\LogicException $e) {
-                            // if there's no policies or no qualifiers
-                        }
-                        $node->addChild(
-                            new PolicyNode($idp, $qualifiers, $sdps));
-                        // bail after first anyPolicy has been processed
-                        break;
-                    }
-                }
-                // bail after first anyPolicy has been processed
-                break;
-            }
-        }
-    }
+	/**
+	 * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1).
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 * @param string $idp OID of the issuer domain policy
+	 * @param array $sdps Array of subject domain policy OIDs
+	 */
+	protected function _applyAnyPolicyMapping(Certificate $cert,
+		ValidatorState $state, $idp, array $sdps)
+	{
+		// (6.1.4. b.1.) ...but there is a node of depth i with
+		// a valid_policy of anyPolicy
+		foreach ($this->_nodesAtDepth($state->index()) as $node) {
+			if ($node->isAnyPolicy()) {
+				// then generate a child node of the node of depth i-1
+				// that has a valid_policy of anyPolicy as follows...
+				foreach ($this->_nodesAtDepth($state->index() - 1) as $node) {
+					if ($node->isAnyPolicy()) {
+						// try to fetch qualifiers of anyPolicy certificate policy
+						$qualifiers = array();
+						try {
+							$qualifiers = $cert->tbsCertificate()
+								->extensions()
+								->certificatePolicies()
+								->anyPolicy()
+								->qualifiers();
+						} catch (\LogicException $e) {
+							// if there's no policies or no qualifiers
+						}
+						$node->addChild(
+							new PolicyNode($idp, $qualifiers, $sdps));
+						// bail after first anyPolicy has been processed
+						break;
+					}
+				}
+				// bail after first anyPolicy has been processed
+				break;
+			}
+		}
+	}
     
-    /**
-     * Delete nodes as specified in 6.1.4 (b)(2).
-     *
-     * @param Certificate $cert
-     * @param ValidatorState $state
-     */
-    protected function _deleteMappings(Certificate $cert, ValidatorState $state)
-    {
-        $idps = $cert->tbsCertificate()
-            ->extensions()
-            ->policyMappings()
-            ->issuerDomainPolicies();
-        // delete each node of depth i in the valid_policy_tree
-        // where ID-P is the valid_policy
-        foreach ($this->_nodesAtDepth($state->index()) as $node) {
-            if (in_array($node->validPolicy(), $idps)) {
-                $node->remove();
-            }
-        }
-        $this->_pruneTree($state->index() - 1);
-    }
+	/**
+	 * Delete nodes as specified in 6.1.4 (b)(2).
+	 *
+	 * @param Certificate $cert
+	 * @param ValidatorState $state
+	 */
+	protected function _deleteMappings(Certificate $cert, ValidatorState $state)
+	{
+		$idps = $cert->tbsCertificate()
+			->extensions()
+			->policyMappings()
+			->issuerDomainPolicies();
+		// delete each node of depth i in the valid_policy_tree
+		// where ID-P is the valid_policy
+		foreach ($this->_nodesAtDepth($state->index()) as $node) {
+			if (in_array($node->validPolicy(), $idps)) {
+				$node->remove();
+			}
+		}
+		$this->_pruneTree($state->index() - 1);
+	}
     
-    /**
-     * Prune tree starting from given depth.
-     *
-     * @param int $depth
-     * @return int The number of nodes left in a tree
-     */
-    protected function _pruneTree(int $depth): int
-    {
-        for ($i = $depth; $i > 0; --$i) {
-            foreach ($this->_nodesAtDepth($i) as $node) {
-                if (!count($node)) {
-                    $node->remove();
-                }
-            }
-        }
-        // if root has no children left
-        if (!count($this->_root)) {
-            $this->_root = null;
-            return 0;
-        }
-        return $this->_root->nodeCount();
-    }
+	/**
+	 * Prune tree starting from given depth.
+	 *
+	 * @param int $depth
+	 * @return int The number of nodes left in a tree
+	 */
+	protected function _pruneTree(int $depth): int
+	{
+		for ($i = $depth; $i > 0; --$i) {
+			foreach ($this->_nodesAtDepth($i) as $node) {
+				if (!count($node)) {
+					$node->remove();
+				}
+			}
+		}
+		// if root has no children left
+		if (!count($this->_root)) {
+			$this->_root = null;
+			return 0;
+		}
+		return $this->_root->nodeCount();
+	}
     
-    /**
-     * Get all nodes at given depth.
-     *
-     * @param int $i
-     * @return PolicyNode[]
-     */
-    protected function _nodesAtDepth(int $i): array
-    {
-        if (!$this->_root) {
-            return array();
-        }
-        $depth = 0;
-        $nodes = array($this->_root);
-        while ($depth < $i) {
-            $nodes = self::_gatherChildren(...$nodes);
-            if (!count($nodes)) {
-                break;
-            }
-            ++$depth;
-        }
-        return $nodes;
-    }
+	/**
+	 * Get all nodes at given depth.
+	 *
+	 * @param int $i
+	 * @return PolicyNode[]
+	 */
+	protected function _nodesAtDepth(int $i): array
+	{
+		if (!$this->_root) {
+			return array();
+		}
+		$depth = 0;
+		$nodes = array($this->_root);
+		while ($depth < $i) {
+			$nodes = self::_gatherChildren(...$nodes);
+			if (!count($nodes)) {
+				break;
+			}
+			++$depth;
+		}
+		return $nodes;
+	}
     
-    /**
-     * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1.
-     *
-     * @return PolicyNode[]
-     */
-    protected function _validPolicyNodeSet(): array
-    {
-        // 1. Determine the set of policy nodes whose parent nodes have
-        // a valid_policy of anyPolicy. This is the valid_policy_node_set.
-        $set = array();
-        if (!$this->_root) {
-            return $set;
-        }
-        // for each node in a tree
-        $this->_root->walkNodes(
-            function (PolicyNode $node) use (&$set) {
-                $parents = $node->parents();
-                // node has parents
-                if (count($parents)) {
-                    // check that each ancestor is an anyPolicy node
-                    foreach ($parents as $ancestor) {
-                        if (!$ancestor->isAnyPolicy()) {
-                            return;
-                        }
-                    }
-                    $set[] = $node;
-                }
-            });
-        return $set;
-    }
+	/**
+	 * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1.
+	 *
+	 * @return PolicyNode[]
+	 */
+	protected function _validPolicyNodeSet(): array
+	{
+		// 1. Determine the set of policy nodes whose parent nodes have
+		// a valid_policy of anyPolicy. This is the valid_policy_node_set.
+		$set = array();
+		if (!$this->_root) {
+			return $set;
+		}
+		// for each node in a tree
+		$this->_root->walkNodes(
+			function (PolicyNode $node) use (&$set) {
+				$parents = $node->parents();
+				// node has parents
+				if (count($parents)) {
+					// check that each ancestor is an anyPolicy node
+					foreach ($parents as $ancestor) {
+						if (!$ancestor->isAnyPolicy()) {
+							return;
+						}
+					}
+					$set[] = $node;
+				}
+			});
+		return $set;
+	}
     
-    /**
-     * Gather all children of given nodes to a flattened array.
-     *
-     * @param PolicyNode ...$nodes
-     * @return PolicyNode[]
-     */
-    private static function _gatherChildren(PolicyNode ...$nodes): array
-    {
-        $children = array();
-        foreach ($nodes as $node) {
-            $children = array_merge($children, $node->children());
-        }
-        return $children;
-    }
+	/**
+	 * Gather all children of given nodes to a flattened array.
+	 *
+	 * @param PolicyNode ...$nodes
+	 * @return PolicyNode[]
+	 */
+	private static function _gatherChildren(PolicyNode ...$nodes): array
+	{
+		$children = array();
+		foreach ($nodes as $node) {
+			$children = array_merge($children, $node->children());
+		}
+		return $children;
+	}
 }

lib/X509/CertificationPath/CertificationPath.php

Indentation +155 added lines, -155 removed lines

@@ -23,171 +23,171 @@
  */
 class CertificationPath implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certification path.
-     *
-     * @var Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certificates Certificates from the trust anchor
-     *        to the target end-entity certificate
-     */
-    public function __construct(Certificate ...$certificates)
-    {
-        $this->_certificates = $certificates;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certificates Certificates from the trust anchor
+	 *        to the target end-entity certificate
+	 */
+	public function __construct(Certificate ...$certificates)
+	{
+		$this->_certificates = $certificates;
+	}
     
-    /**
-     * Initialize from a certificate chain.
-     *
-     * @param CertificateChain $chain
-     * @return self
-     */
-    public static function fromCertificateChain(CertificateChain $chain): self
-    {
-        return new self(...array_reverse($chain->certificates(), false));
-    }
+	/**
+	 * Initialize from a certificate chain.
+	 *
+	 * @param CertificateChain $chain
+	 * @return self
+	 */
+	public static function fromCertificateChain(CertificateChain $chain): self
+	{
+		return new self(...array_reverse($chain->certificates(), false));
+	}
     
-    /**
-     * Build certification path to given target.
-     *
-     * @param Certificate $target Target end-entity certificate
-     * @param CertificateBundle $trust_anchors List of trust anchors
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @return self
-     */
-    public static function toTarget(Certificate $target,
-        CertificateBundle $trust_anchors, CertificateBundle $intermediate = null): self
-    {
-        $builder = new CertificationPathBuilder($trust_anchors);
-        return $builder->shortestPathToTarget($target, $intermediate);
-    }
+	/**
+	 * Build certification path to given target.
+	 *
+	 * @param Certificate $target Target end-entity certificate
+	 * @param CertificateBundle $trust_anchors List of trust anchors
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @return self
+	 */
+	public static function toTarget(Certificate $target,
+		CertificateBundle $trust_anchors, CertificateBundle $intermediate = null): self
+	{
+		$builder = new CertificationPathBuilder($trust_anchors);
+		return $builder->shortestPathToTarget($target, $intermediate);
+	}
     
-    /**
-     * Build certification path from given trust anchor to target certificate,
-     * using intermediate certificates from given bundle.
-     *
-     * @param Certificate $trust_anchor Trust anchor certificate
-     * @param Certificate $target Target end-entity certificate
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @return self
-     */
-    public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
-        Certificate $target, CertificateBundle $intermediate = null): self
-    {
-        return self::toTarget($target, new CertificateBundle($trust_anchor),
-            $intermediate);
-    }
+	/**
+	 * Build certification path from given trust anchor to target certificate,
+	 * using intermediate certificates from given bundle.
+	 *
+	 * @param Certificate $trust_anchor Trust anchor certificate
+	 * @param Certificate $target Target end-entity certificate
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @return self
+	 */
+	public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
+		Certificate $target, CertificateBundle $intermediate = null): self
+	{
+		return self::toTarget($target, new CertificateBundle($trust_anchor),
+			$intermediate);
+	}
     
-    /**
-     * Get certificates.
-     *
-     * @return Certificate[]
-     */
-    public function certificates(): array
-    {
-        return $this->_certificates;
-    }
+	/**
+	 * Get certificates.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates(): array
+	{
+		return $this->_certificates;
+	}
     
-    /**
-     * Get the trust anchor certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     * @return Certificate
-     */
-    public function trustAnchorCertificate(): Certificate
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certificates[0];
-    }
+	/**
+	 * Get the trust anchor certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate(): Certificate
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certificates[0];
+	}
     
-    /**
-     * Get the end-entity certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     * @return Certificate
-     */
-    public function endEntityCertificate(): Certificate
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
+	/**
+	 * Get the end-entity certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 * @return Certificate
+	 */
+	public function endEntityCertificate(): Certificate
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
     
-    /**
-     * Get certification path as a certificate chain.
-     *
-     * @return CertificateChain
-     */
-    public function certificateChain(): CertificateChain
-    {
-        return new CertificateChain(
-            ...array_reverse($this->_certificates, false));
-    }
+	/**
+	 * Get certification path as a certificate chain.
+	 *
+	 * @return CertificateChain
+	 */
+	public function certificateChain(): CertificateChain
+	{
+		return new CertificateChain(
+			...array_reverse($this->_certificates, false));
+	}
     
-    /**
-     * Check whether certification path starts with one ore more given
-     * certificates in parameter order.
-     *
-     * @param Certificate ...$certs Certificates
-     * @return true
-     */
-    public function startsWith(Certificate ...$certs): bool
-    {
-        $n = count($certs);
-        if ($n > count($this->_certificates)) {
-            return false;
-        }
-        for ($i = 0; $i < $n; ++$i) {
-            if (!$certs[$i]->equals($this->_certificates[$i])) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * Check whether certification path starts with one ore more given
+	 * certificates in parameter order.
+	 *
+	 * @param Certificate ...$certs Certificates
+	 * @return true
+	 */
+	public function startsWith(Certificate ...$certs): bool
+	{
+		$n = count($certs);
+		if ($n > count($this->_certificates)) {
+			return false;
+		}
+		for ($i = 0; $i < $n; ++$i) {
+			if (!$certs[$i]->equals($this->_certificates[$i])) {
+				return false;
+			}
+		}
+		return true;
+	}
     
-    /**
-     * Validate certification path.
-     *
-     * @param PathValidationConfig $config
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @throws Exception\PathValidationException
-     * @return PathValidation\PathValidationResult
-     */
-    public function validate(PathValidationConfig $config, Crypto $crypto = null): PathValidation\PathValidationResult
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $validator = new PathValidator($crypto, $config, ...$this->_certificates);
-        return $validator->validate();
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @param PathValidationConfig $config
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @throws Exception\PathValidationException
+	 * @return PathValidation\PathValidationResult
+	 */
+	public function validate(PathValidationConfig $config, Crypto $crypto = null): PathValidation\PathValidationResult
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$validator = new PathValidator($crypto, $config, ...$this->_certificates);
+		return $validator->validate();
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certificates);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certificates);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certificates);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certificates);
+	}
 }

lib/X509/CertificationPath/PathValidation/PathValidationConfig.php

Indentation +245 added lines, -245 removed lines

@@ -14,274 +14,274 @@
  */
 class PathValidationConfig
 {
-    /**
-     * Maximum allowed certification path length.
-     *
-     * @var int $_maxLength
-     */
-    protected $_maxLength;
+	/**
+	 * Maximum allowed certification path length.
+	 *
+	 * @var int $_maxLength
+	 */
+	protected $_maxLength;
     
-    /**
-     * Reference time.
-     *
-     * @var \DateTimeImmutable $_dateTime
-     */
-    protected $_dateTime;
+	/**
+	 * Reference time.
+	 *
+	 * @var \DateTimeImmutable $_dateTime
+	 */
+	protected $_dateTime;
     
-    /**
-     * List of acceptable policy identifiers.
-     *
-     * @var string[] $_policySet
-     */
-    protected $_policySet;
+	/**
+	 * List of acceptable policy identifiers.
+	 *
+	 * @var string[] $_policySet
+	 */
+	protected $_policySet;
     
-    /**
-     * Trust anchor certificate.
-     *
-     * If not set, path validation uses the first certificate of the path.
-     *
-     * @var Certificate|null $_trustAnchor
-     */
-    protected $_trustAnchor;
+	/**
+	 * Trust anchor certificate.
+	 *
+	 * If not set, path validation uses the first certificate of the path.
+	 *
+	 * @var Certificate|null $_trustAnchor
+	 */
+	protected $_trustAnchor;
     
-    /**
-     * Whether policy mapping in inhibited.
-     *
-     * Setting this to true disallows policy mapping.
-     *
-     * @var bool $_policyMappingInhibit
-     */
-    protected $_policyMappingInhibit;
+	/**
+	 * Whether policy mapping in inhibited.
+	 *
+	 * Setting this to true disallows policy mapping.
+	 *
+	 * @var bool $_policyMappingInhibit
+	 */
+	protected $_policyMappingInhibit;
     
-    /**
-     * Whether the path must be valid for at least one policy in the
-     * initial policy set.
-     *
-     * @var bool $_explicitPolicy
-     */
-    protected $_explicitPolicy;
+	/**
+	 * Whether the path must be valid for at least one policy in the
+	 * initial policy set.
+	 *
+	 * @var bool $_explicitPolicy
+	 */
+	protected $_explicitPolicy;
     
-    /**
-     * Whether anyPolicy OID processing should be inhibited.
-     *
-     * Setting this to true disallows the usage of anyPolicy.
-     *
-     * @var bool $_anyPolicyInhibit
-     */
-    protected $_anyPolicyInhibit;
+	/**
+	 * Whether anyPolicy OID processing should be inhibited.
+	 *
+	 * Setting this to true disallows the usage of anyPolicy.
+	 *
+	 * @var bool $_anyPolicyInhibit
+	 */
+	protected $_anyPolicyInhibit;
     
-    /**
-     *
-     * @todo Implement
-     * @var mixed $_permittedSubtrees
-     */
-    protected $_permittedSubtrees;
+	/**
+	 *
+	 * @todo Implement
+	 * @var mixed $_permittedSubtrees
+	 */
+	protected $_permittedSubtrees;
     
-    /**
-     *
-     * @todo Implement
-     * @var mixed $_excludedSubtrees
-     */
-    protected $_excludedSubtrees;
+	/**
+	 *
+	 * @todo Implement
+	 * @var mixed $_excludedSubtrees
+	 */
+	protected $_excludedSubtrees;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt Reference date and time
-     * @param int $max_length Maximum certification path length
-     */
-    public function __construct(\DateTimeImmutable $dt, int $max_length)
-    {
-        $this->_dateTime = $dt;
-        $this->_maxLength = (int) $max_length;
-        $this->_policySet = array((string) PolicyInformation::OID_ANY_POLICY);
-        $this->_policyMappingInhibit = false;
-        $this->_explicitPolicy = false;
-        $this->_anyPolicyInhibit = false;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt Reference date and time
+	 * @param int $max_length Maximum certification path length
+	 */
+	public function __construct(\DateTimeImmutable $dt, int $max_length)
+	{
+		$this->_dateTime = $dt;
+		$this->_maxLength = (int) $max_length;
+		$this->_policySet = array((string) PolicyInformation::OID_ANY_POLICY);
+		$this->_policyMappingInhibit = false;
+		$this->_explicitPolicy = false;
+		$this->_anyPolicyInhibit = false;
+	}
     
-    /**
-     * Get default configuration.
-     *
-     * @return self
-     */
-    public static function defaultConfig(): self
-    {
-        return new self(new \DateTimeImmutable(), 3);
-    }
+	/**
+	 * Get default configuration.
+	 *
+	 * @return self
+	 */
+	public static function defaultConfig(): self
+	{
+		return new self(new \DateTimeImmutable(), 3);
+	}
     
-    /**
-     * Get self with maximum path length.
-     *
-     * @param int $length
-     * @return self
-     */
-    public function withMaxLength(int $length): self
-    {
-        $obj = clone $this;
-        $obj->_maxLength = $length;
-        return $obj;
-    }
+	/**
+	 * Get self with maximum path length.
+	 *
+	 * @param int $length
+	 * @return self
+	 */
+	public function withMaxLength(int $length): self
+	{
+		$obj = clone $this;
+		$obj->_maxLength = $length;
+		return $obj;
+	}
     
-    /**
-     * Get self with reference date and time.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return self
-     */
-    public function withDateTime(\DateTimeImmutable $dt): self
-    {
-        $obj = clone $this;
-        $obj->_dateTime = $dt;
-        return $obj;
-    }
+	/**
+	 * Get self with reference date and time.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return self
+	 */
+	public function withDateTime(\DateTimeImmutable $dt): self
+	{
+		$obj = clone $this;
+		$obj->_dateTime = $dt;
+		return $obj;
+	}
     
-    /**
-     * Get self with trust anchor certificate.
-     *
-     * @param Certificate $ca
-     * @return self
-     */
-    public function withTrustAnchor(Certificate $ca): self
-    {
-        $obj = clone $this;
-        $obj->_trustAnchor = $ca;
-        return $obj;
-    }
+	/**
+	 * Get self with trust anchor certificate.
+	 *
+	 * @param Certificate $ca
+	 * @return self
+	 */
+	public function withTrustAnchor(Certificate $ca): self
+	{
+		$obj = clone $this;
+		$obj->_trustAnchor = $ca;
+		return $obj;
+	}
     
-    /**
-     * Get self with initial-policy-mapping-inhibit set.
-     *
-     * @param bool $flag
-     * @return self
-     */
-    public function withPolicyMappingInhibit(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_policyMappingInhibit = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-policy-mapping-inhibit set.
+	 *
+	 * @param bool $flag
+	 * @return self
+	 */
+	public function withPolicyMappingInhibit(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_policyMappingInhibit = $flag;
+		return $obj;
+	}
     
-    /**
-     * Get self with initial-explicit-policy set.
-     *
-     * @param bool $flag
-     * @return self
-     */
-    public function withExplicitPolicy(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_explicitPolicy = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-explicit-policy set.
+	 *
+	 * @param bool $flag
+	 * @return self
+	 */
+	public function withExplicitPolicy(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_explicitPolicy = $flag;
+		return $obj;
+	}
     
-    /**
-     * Get self with initial-any-policy-inhibit set.
-     *
-     * @param bool $flag
-     * @return self
-     */
-    public function withAnyPolicyInhibit(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_anyPolicyInhibit = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-any-policy-inhibit set.
+	 *
+	 * @param bool $flag
+	 * @return self
+	 */
+	public function withAnyPolicyInhibit(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_anyPolicyInhibit = $flag;
+		return $obj;
+	}
     
-    /**
-     * Get self with user-initial-policy-set set to policy OIDs.
-     *
-     * @param string ...$policies List of policy OIDs
-     * @return self
-     */
-    public function withPolicySet(string ...$policies): self
-    {
-        $obj = clone $this;
-        $obj->_policySet = $policies;
-        return $obj;
-    }
+	/**
+	 * Get self with user-initial-policy-set set to policy OIDs.
+	 *
+	 * @param string ...$policies List of policy OIDs
+	 * @return self
+	 */
+	public function withPolicySet(string ...$policies): self
+	{
+		$obj = clone $this;
+		$obj->_policySet = $policies;
+		return $obj;
+	}
     
-    /**
-     * Get maximum certification path length.
-     *
-     * @return int
-     */
-    public function maxLength(): int
-    {
-        return $this->_maxLength;
-    }
+	/**
+	 * Get maximum certification path length.
+	 *
+	 * @return int
+	 */
+	public function maxLength(): int
+	{
+		return $this->_maxLength;
+	}
     
-    /**
-     * Get reference date and time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dateTime;
-    }
+	/**
+	 * Get reference date and time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dateTime;
+	}
     
-    /**
-     * Get user-initial-policy-set.
-     *
-     * @return string[] Array of OID's
-     */
-    public function policySet(): array
-    {
-        return $this->_policySet;
-    }
+	/**
+	 * Get user-initial-policy-set.
+	 *
+	 * @return string[] Array of OID's
+	 */
+	public function policySet(): array
+	{
+		return $this->_policySet;
+	}
     
-    /**
-     * Check whether trust anchor certificate is set.
-     *
-     * @return bool
-     */
-    public function hasTrustAnchor(): bool
-    {
-        return isset($this->_trustAnchor);
-    }
+	/**
+	 * Check whether trust anchor certificate is set.
+	 *
+	 * @return bool
+	 */
+	public function hasTrustAnchor(): bool
+	{
+		return isset($this->_trustAnchor);
+	}
     
-    /**
-     * Get trust anchor certificate.
-     *
-     * @throws \LogicException
-     * @return Certificate
-     */
-    public function trustAnchor(): Certificate
-    {
-        if (!$this->hasTrustAnchor()) {
-            throw new \LogicException("No trust anchor.");
-        }
-        return $this->_trustAnchor;
-    }
+	/**
+	 * Get trust anchor certificate.
+	 *
+	 * @throws \LogicException
+	 * @return Certificate
+	 */
+	public function trustAnchor(): Certificate
+	{
+		if (!$this->hasTrustAnchor()) {
+			throw new \LogicException("No trust anchor.");
+		}
+		return $this->_trustAnchor;
+	}
     
-    /**
-     * Get initial-policy-mapping-inhibit.
-     *
-     * @return bool
-     */
-    public function policyMappingInhibit(): bool
-    {
-        return $this->_policyMappingInhibit;
-    }
+	/**
+	 * Get initial-policy-mapping-inhibit.
+	 *
+	 * @return bool
+	 */
+	public function policyMappingInhibit(): bool
+	{
+		return $this->_policyMappingInhibit;
+	}
     
-    /**
-     * Get initial-explicit-policy.
-     *
-     * @return bool
-     */
-    public function explicitPolicy(): bool
-    {
-        return $this->_explicitPolicy;
-    }
+	/**
+	 * Get initial-explicit-policy.
+	 *
+	 * @return bool
+	 */
+	public function explicitPolicy(): bool
+	{
+		return $this->_explicitPolicy;
+	}
     
-    /**
-     * Get initial-any-policy-inhibit.
-     *
-     * @return bool
-     */
-    public function anyPolicyInhibit(): bool
-    {
-        return $this->_anyPolicyInhibit;
-    }
+	/**
+	 * Get initial-any-policy-inhibit.
+	 *
+	 * @return bool
+	 */
+	public function anyPolicyInhibit(): bool
+	{
+		return $this->_anyPolicyInhibit;
+	}
 }