sop / x509

lib/X509/Certificate/Extension/ExtendedKeyUsageExtension.php

Indentation +120 added lines, -120 removed lines

@@ -14,133 +14,133 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.1.12
  */
 class ExtendedKeyUsageExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
-    const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
-    const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
-    const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
-    const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
-    const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
-    const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
-    const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
-    const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
-    const OID_DVCS = "1.3.6.1.5.5.7.3.10";
-    const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
-    const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
-    const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
-    const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
-    const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
-    const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
-    const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
-    const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
-    const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
-    const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
-    const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
-    const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
-    const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
-    const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
-    const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
-    const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
-    const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
-    const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
-    const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
+	const OID_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
+	const OID_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
+	const OID_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
+	const OID_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4";
+	const OID_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5";
+	const OID_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6";
+	const OID_IPSEC_USER = "1.3.6.1.5.5.7.3.7";
+	const OID_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
+	const OID_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9";
+	const OID_DVCS = "1.3.6.1.5.5.7.3.10";
+	const OID_SBGP_CERT_AA_SERVER_AUTH = "1.3.6.1.5.5.7.3.11";
+	const OID_SCVP_RESPONDER = "1.3.6.1.5.5.7.3.12";
+	const OID_EAP_OVER_PPP = "1.3.6.1.5.5.7.3.13";
+	const OID_EAP_OVER_LAN = "1.3.6.1.5.5.7.3.14";
+	const OID_SCVP_SERVER = "1.3.6.1.5.5.7.3.15";
+	const OID_SCVP_CLIENT = "1.3.6.1.5.5.7.3.16";
+	const OID_IPSEC_IKE = "1.3.6.1.5.5.7.3.17";
+	const OID_CAPWAP_AC = "1.3.6.1.5.5.7.3.18";
+	const OID_CAPWAP_WTP = "1.3.6.1.5.5.7.3.19";
+	const OID_SIP_DOMAIN = "1.3.6.1.5.5.7.3.20";
+	const OID_SECURE_SHELL_CLIENT = "1.3.6.1.5.5.7.3.21";
+	const OID_SECURE_SHELL_SERVER = "1.3.6.1.5.5.7.3.22";
+	const OID_SEND_ROUTER = "1.3.6.1.5.5.7.3.23";
+	const OID_SEND_PROXY = "1.3.6.1.5.5.7.3.24";
+	const OID_SEND_OWNER = "1.3.6.1.5.5.7.3.25";
+	const OID_SEND_PROXIED_OWNER = "1.3.6.1.5.5.7.3.26";
+	const OID_CMC_CA = "1.3.6.1.5.5.7.3.27";
+	const OID_CMC_RA = "1.3.6.1.5.5.7.3.28";
+	const OID_CMC_ARCHIVE = "1.3.6.1.5.5.7.3.29";
     
-    /**
-     * Purpose OID's.
-     *
-     * @var string[] $_purposes
-     */
-    protected $_purposes;
+	/**
+	 * Purpose OID's.
+	 *
+	 * @var string[] $_purposes
+	 */
+	protected $_purposes;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param string ...$purposes
-     */
-    public function __construct(bool $critical, string ...$purposes)
-    {
-        parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
-        $this->_purposes = $purposes;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param string ...$purposes
+	 */
+	public function __construct(bool $critical, string ...$purposes)
+	{
+		parent::__construct(self::OID_EXT_KEY_USAGE, $critical);
+		$this->_purposes = $purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $purposes = array_map(
-            function (UnspecifiedType $el) {
-                return $el->asObjectIdentifier()->oid();
-            }, UnspecifiedType::fromDER($data)->asSequence()->elements());
-        return new self($critical, ...$purposes);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$purposes = array_map(
+			function (UnspecifiedType $el) {
+				return $el->asObjectIdentifier()->oid();
+			}, UnspecifiedType::fromDER($data)->asSequence()->elements());
+		return new self($critical, ...$purposes);
+	}
     
-    /**
-     * Whether purposes are present.
-     *
-     * If multiple purposes are checked, all must be present.
-     *
-     * @param string ...$oids
-     * @return bool
-     */
-    public function has(string ...$oids): bool
-    {
-        foreach ($oids as $oid) {
-            if (!in_array($oid, $this->_purposes)) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * Whether purposes are present.
+	 *
+	 * If multiple purposes are checked, all must be present.
+	 *
+	 * @param string ...$oids
+	 * @return bool
+	 */
+	public function has(string ...$oids): bool
+	{
+		foreach ($oids as $oid) {
+			if (!in_array($oid, $this->_purposes)) {
+				return false;
+			}
+		}
+		return true;
+	}
     
-    /**
-     * Get key usage purpose OID's.
-     *
-     * @return string[]
-     */
-    public function purposes(): array
-    {
-        return $this->_purposes;
-    }
+	/**
+	 * Get key usage purpose OID's.
+	 *
+	 * @return string[]
+	 */
+	public function purposes(): array
+	{
+		return $this->_purposes;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function ($oid) {
-                return new ObjectIdentifier($oid);
-            }, $this->_purposes);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function ($oid) {
+				return new ObjectIdentifier($oid);
+			}, $this->_purposes);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get the number of purposes.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_purposes);
-    }
+	/**
+	 * Get the number of purposes.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_purposes);
+	}
     
-    /**
-     * Get iterator for usage purposes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_purposes);
-    }
+	/**
+	 * Get iterator for usage purposes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_purposes);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -74,7 +74,7 @@ 
     protected static function _fromDER(string $data, bool $critical): self
     {
         $purposes = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return $el->asObjectIdentifier()->oid();
             }, UnspecifiedType::fromDER($data)->asSequence()->elements());
         return new self($critical, ...$purposes);
@@ -116,7 +116,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function ($oid) {
+            function($oid) {
                 return new ObjectIdentifier($oid);
             }, $this->_purposes);
         return new Sequence(...$elements);

lib/X509/Certificate/Extension/InhibitAnyPolicyExtension.php

Indentation +44 added lines, -44 removed lines

@@ -14,52 +14,52 @@
  */
 class InhibitAnyPolicyExtension extends Extension
 {
-    /**
-     *
-     * @var int $_skipCerts
-     */
-    protected $_skipCerts;
+	/**
+	 *
+	 * @var int $_skipCerts
+	 */
+	protected $_skipCerts;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param int $skip_certs
-     */
-    public function __construct(bool $critical, int $skip_certs)
-    {
-        parent::__construct(self::OID_INHIBIT_ANY_POLICY, $critical);
-        $this->_skipCerts = $skip_certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param int $skip_certs
+	 */
+	public function __construct(bool $critical, int $skip_certs)
+	{
+		parent::__construct(self::OID_INHIBIT_ANY_POLICY, $critical);
+		$this->_skipCerts = $skip_certs;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        return new self($critical,
-            UnspecifiedType::fromDER($data)->asInteger()->intNumber());
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		return new self($critical,
+			UnspecifiedType::fromDER($data)->asInteger()->intNumber());
+	}
     
-    /**
-     * Get value.
-     *
-     * @return int
-     */
-    public function skipCerts(): int
-    {
-        return $this->_skipCerts;
-    }
+	/**
+	 * Get value.
+	 *
+	 * @return int
+	 */
+	public function skipCerts(): int
+	{
+		return $this->_skipCerts;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Integer
-     */
-    protected function _valueASN1(): Integer
-    {
-        return new Integer($this->_skipCerts);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Integer
+	 */
+	protected function _valueASN1(): Integer
+	{
+		return new Integer($this->_skipCerts);
+	}
 }

lib/X509/AttributeCertificate/AttributeCertificate.php

Indentation +199 added lines, -199 removed lines

@@ -21,203 +21,203 @@
  */
 class AttributeCertificate
 {
-    /**
-     * Attribute certificate info.
-     *
-     * @var AttributeCertificateInfo $_acinfo
-     */
-    protected $_acinfo;
-    
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
-    
-    /**
-     * Signature value.
-     *
-     * @var Signature $_signatureValue
-     */
-    protected $_signatureValue;
-    
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificateInfo $acinfo
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(AttributeCertificateInfo $acinfo,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_acinfo = $acinfo;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($acinfo, $algo, $signature);
-    }
-    
-    /**
-     * Initialize from DER data.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
-    
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
-    
-    /**
-     * Get attribute certificate info.
-     *
-     * @return AttributeCertificateInfo
-     */
-    public function acinfo(): AttributeCertificateInfo
-    {
-        return $this->_acinfo;
-    }
-    
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-    
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_acinfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-    
-    /**
-     * Get attribute certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-    
-    /**
-     * Get attribute certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
-    }
-    
-    /**
-     * Check whether attribute certificate is issued to the subject identified
-     * by given public key certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isHeldBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Check whether attribute certificate is issued by given public key
-     * certificate.
-     *
-     * @param Certificate $cert Certificate
-     * @return boolean
-     */
-    public function isIssuedBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-     * Verify signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Signer's public key
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool
-     */
-    public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_acinfo->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
-    
-    /**
-     * Get attribute certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Attribute certificate info.
+	 *
+	 * @var AttributeCertificateInfo $_acinfo
+	 */
+	protected $_acinfo;
+    
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
+    
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature $_signatureValue
+	 */
+	protected $_signatureValue;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificateInfo $acinfo
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(AttributeCertificateInfo $acinfo,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_acinfo = $acinfo;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($acinfo, $algo, $signature);
+	}
+    
+	/**
+	 * Initialize from DER data.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
+    
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
+    
+	/**
+	 * Get attribute certificate info.
+	 *
+	 * @return AttributeCertificateInfo
+	 */
+	public function acinfo(): AttributeCertificateInfo
+	{
+		return $this->_acinfo;
+	}
+    
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+    
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_acinfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+    
+	/**
+	 * Get attribute certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued to the subject identified
+	 * by given public key certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isHeldBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Check whether attribute certificate is issued by given public key
+	 * certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 * @return boolean
+	 */
+	public function isIssuedBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+    
+	/**
+	 * Verify signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Signer's public key
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_acinfo->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
+    
+	/**
+	 * Get attribute certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/CertificationRequest/CertificationRequest.php

Indentation +154 added lines, -154 removed lines

@@ -19,172 +19,172 @@
  */
 class CertificationRequest
 {
-    /**
-     * Certification request info.
-     *
-     * @var CertificationRequestInfo $_certificationRequestInfo
-     */
-    protected $_certificationRequestInfo;
+	/**
+	 * Certification request info.
+	 *
+	 * @var CertificationRequestInfo $_certificationRequestInfo
+	 */
+	protected $_certificationRequestInfo;
     
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
-     */
-    protected $_signatureAlgorithm;
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier $_signatureAlgorithm
+	 */
+	protected $_signatureAlgorithm;
     
-    /**
-     * Signature.
-     *
-     * @var Signature $_signature
-     */
-    protected $_signature;
+	/**
+	 * Signature.
+	 *
+	 * @var Signature $_signature
+	 */
+	protected $_signature;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificationRequestInfo $info
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature $signature
-     */
-    public function __construct(CertificationRequestInfo $info,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_certificationRequestInfo = $info;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signature = $signature;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationRequestInfo $info
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature $signature
+	 */
+	public function __construct(CertificationRequestInfo $info,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_certificationRequestInfo = $info;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signature = $signature;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                "Unsupported signature algorithm " . $algo->oid() . ".");
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)
-                ->asBitString()
-                ->string(), $algo);
-        return new self($info, $algo, $signature);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$info = CertificationRequestInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				"Unsupported signature algorithm " . $algo->oid() . ".");
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)
+				->asBitString()
+				->string(), $algo);
+		return new self($info, $algo, $signature);
+	}
     
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
     
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
-            throw new \UnexpectedValueException("Invalid PEM type.");
-        }
-        return self::fromDER($pem->data());
-    }
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if ($pem->type() !== PEM::TYPE_CERTIFICATE_REQUEST) {
+			throw new \UnexpectedValueException("Invalid PEM type.");
+		}
+		return self::fromDER($pem->data());
+	}
     
-    /**
-     * Get certification request info.
-     *
-     * @return CertificationRequestInfo
-     */
-    public function certificationRequestInfo(): CertificationRequestInfo
-    {
-        return $this->_certificationRequestInfo;
-    }
+	/**
+	 * Get certification request info.
+	 *
+	 * @return CertificationRequestInfo
+	 */
+	public function certificationRequestInfo(): CertificationRequestInfo
+	{
+		return $this->_certificationRequestInfo;
+	}
     
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
     
-    /**
-     * Get signature.
-     *
-     * @return Signature
-     */
-    public function signature(): Signature
-    {
-        return $this->_signature;
-    }
+	/**
+	 * Get signature.
+	 *
+	 * @return Signature
+	 */
+	public function signature(): Signature
+	{
+		return $this->_signature;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_certificationRequestInfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_certificationRequestInfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(), $this->_signature->bitString());
+	}
     
-    /**
-     * Get certification request as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
+	/**
+	 * Get certification request as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
     
-    /**
-     * Get certification request as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
-    }
+	/**
+	 * Get certification request as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE_REQUEST, $this->toDER());
+	}
     
-    /**
-     * Verify certification request signature.
-     *
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @return bool True if signature matches
-     */
-    public function verify(Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $data = $this->_certificationRequestInfo->toASN1()->toDER();
-        $pk_info = $this->_certificationRequestInfo->subjectPKInfo();
-        return $crypto->verify($data, $this->_signature, $pk_info,
-            $this->_signatureAlgorithm);
-    }
+	/**
+	 * Verify certification request signature.
+	 *
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @return bool True if signature matches
+	 */
+	public function verify(Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$data = $this->_certificationRequestInfo->toASN1()->toDER();
+		$pk_info = $this->_certificationRequestInfo->subjectPKInfo();
+		return $crypto->verify($data, $this->_signature, $pk_info,
+			$this->_signatureAlgorithm);
+	}
     
-    /**
-     * Get certification request as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Get certification request as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toPEM()->string();
+	}
 }

lib/X509/Certificate/Extension/AuthorityKeyIdentifierExtension.php

Indentation +166 added lines, -166 removed lines

@@ -20,181 +20,181 @@
  */
 class AuthorityKeyIdentifierExtension extends Extension
 {
-    /**
-     * Key identifier.
-     *
-     * @var string|null $_keyIdentifier
-     */
-    protected $_keyIdentifier;
+	/**
+	 * Key identifier.
+	 *
+	 * @var string|null $_keyIdentifier
+	 */
+	protected $_keyIdentifier;
     
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames|null $_authorityCertIssuer
-     */
-    protected $_authorityCertIssuer;
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames|null $_authorityCertIssuer
+	 */
+	protected $_authorityCertIssuer;
     
-    /**
-     * Issuer serial number.
-     *
-     * @var string|null $_authorityCertSerialNumber
-     */
-    protected $_authorityCertSerialNumber;
+	/**
+	 * Issuer serial number.
+	 *
+	 * @var string|null $_authorityCertSerialNumber
+	 */
+	protected $_authorityCertSerialNumber;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical Conforming CA's must mark as non-critical (false)
-     * @param string|null $keyIdentifier
-     * @param GeneralNames|null $issuer
-     * @param string|null $serial
-     */
-    public function __construct(bool $critical, $keyIdentifier,
-        GeneralNames $issuer = null, $serial = null)
-    {
-        parent::__construct(self::OID_AUTHORITY_KEY_IDENTIFIER, $critical);
-        $this->_keyIdentifier = $keyIdentifier;
-        $this->_authorityCertIssuer = $issuer;
-        $this->_authorityCertSerialNumber = isset($serial) ? strval($serial) : null;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical Conforming CA's must mark as non-critical (false)
+	 * @param string|null $keyIdentifier
+	 * @param GeneralNames|null $issuer
+	 * @param string|null $serial
+	 */
+	public function __construct(bool $critical, $keyIdentifier,
+		GeneralNames $issuer = null, $serial = null)
+	{
+		parent::__construct(self::OID_AUTHORITY_KEY_IDENTIFIER, $critical);
+		$this->_keyIdentifier = $keyIdentifier;
+		$this->_authorityCertIssuer = $issuer;
+		$this->_authorityCertSerialNumber = isset($serial) ? strval($serial) : null;
+	}
     
-    /**
-     * Create from public key info.
-     *
-     * @param PublicKeyInfo $pki
-     * @return AuthorityKeyIdentifierExtension
-     */
-    public static function fromPublicKeyInfo(PublicKeyInfo $pki)
-    {
-        return new self(false, $pki->keyIdentifier());
-    }
+	/**
+	 * Create from public key info.
+	 *
+	 * @param PublicKeyInfo $pki
+	 * @return AuthorityKeyIdentifierExtension
+	 */
+	public static function fromPublicKeyInfo(PublicKeyInfo $pki)
+	{
+		return new self(false, $pki->keyIdentifier());
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $seq = UnspecifiedType::fromDER($data)->asSequence();
-        $keyIdentifier = null;
-        $issuer = null;
-        $serial = null;
-        if ($seq->hasTagged(0)) {
-            $keyIdentifier = $seq->getTagged(0)
-                ->asImplicit(Element::TYPE_OCTET_STRING)
-                ->asOctetString()
-                ->string();
-        }
-        if ($seq->hasTagged(1) || $seq->hasTagged(2)) {
-            if (!$seq->hasTagged(1) || !$seq->hasTagged(2)) {
-                throw new \UnexpectedValueException(
-                    "AuthorityKeyIdentifier must have both" .
-                         " authorityCertIssuer and authorityCertSerialNumber" .
-                         " present or both absent.");
-            }
-            $issuer = GeneralNames::fromASN1(
-                $seq->getTagged(1)
-                    ->asImplicit(Element::TYPE_SEQUENCE)
-                    ->asSequence());
-            $serial = $seq->getTagged(2)
-                ->asImplicit(Element::TYPE_INTEGER)
-                ->asInteger()
-                ->number();
-        }
-        return new self($critical, $keyIdentifier, $issuer, $serial);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$seq = UnspecifiedType::fromDER($data)->asSequence();
+		$keyIdentifier = null;
+		$issuer = null;
+		$serial = null;
+		if ($seq->hasTagged(0)) {
+			$keyIdentifier = $seq->getTagged(0)
+				->asImplicit(Element::TYPE_OCTET_STRING)
+				->asOctetString()
+				->string();
+		}
+		if ($seq->hasTagged(1) || $seq->hasTagged(2)) {
+			if (!$seq->hasTagged(1) || !$seq->hasTagged(2)) {
+				throw new \UnexpectedValueException(
+					"AuthorityKeyIdentifier must have both" .
+						 " authorityCertIssuer and authorityCertSerialNumber" .
+						 " present or both absent.");
+			}
+			$issuer = GeneralNames::fromASN1(
+				$seq->getTagged(1)
+					->asImplicit(Element::TYPE_SEQUENCE)
+					->asSequence());
+			$serial = $seq->getTagged(2)
+				->asImplicit(Element::TYPE_INTEGER)
+				->asInteger()
+				->number();
+		}
+		return new self($critical, $keyIdentifier, $issuer, $serial);
+	}
     
-    /**
-     * Whether key identifier is present.
-     *
-     * @return bool
-     */
-    public function hasKeyIdentifier(): bool
-    {
-        return isset($this->_keyIdentifier);
-    }
+	/**
+	 * Whether key identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasKeyIdentifier(): bool
+	{
+		return isset($this->_keyIdentifier);
+	}
     
-    /**
-     * Get key identifier.
-     *
-     * @throws \LogicException
-     * @return string
-     */
-    public function keyIdentifier(): string
-    {
-        if (!$this->hasKeyIdentifier()) {
-            throw new \LogicException("keyIdentifier not set.");
-        }
-        return $this->_keyIdentifier;
-    }
+	/**
+	 * Get key identifier.
+	 *
+	 * @throws \LogicException
+	 * @return string
+	 */
+	public function keyIdentifier(): string
+	{
+		if (!$this->hasKeyIdentifier()) {
+			throw new \LogicException("keyIdentifier not set.");
+		}
+		return $this->_keyIdentifier;
+	}
     
-    /**
-     * Whether issuer is present.
-     *
-     * @return bool
-     */
-    public function hasIssuer(): bool
-    {
-        return isset($this->_authorityCertIssuer);
-    }
+	/**
+	 * Whether issuer is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuer(): bool
+	{
+		return isset($this->_authorityCertIssuer);
+	}
     
-    /**
-     * Get issuer.
-     *
-     * @throws \LogicException
-     * @return GeneralNames
-     */
-    public function issuer(): GeneralNames
-    {
-        if (!$this->hasIssuer()) {
-            throw new \LogicException("authorityCertIssuer not set.");
-        }
-        return $this->_authorityCertIssuer;
-    }
+	/**
+	 * Get issuer.
+	 *
+	 * @throws \LogicException
+	 * @return GeneralNames
+	 */
+	public function issuer(): GeneralNames
+	{
+		if (!$this->hasIssuer()) {
+			throw new \LogicException("authorityCertIssuer not set.");
+		}
+		return $this->_authorityCertIssuer;
+	}
     
-    /**
-     * Get serial number.
-     *
-     * @throws \LogicException
-     * @return string Base 10 integer string
-     */
-    public function serial(): string
-    {
-        // both issuer and serial must be present or both absent
-        if (!$this->hasIssuer()) {
-            throw new \LogicException("authorityCertSerialNumber not set.");
-        }
-        return $this->_authorityCertSerialNumber;
-    }
+	/**
+	 * Get serial number.
+	 *
+	 * @throws \LogicException
+	 * @return string Base 10 integer string
+	 */
+	public function serial(): string
+	{
+		// both issuer and serial must be present or both absent
+		if (!$this->hasIssuer()) {
+			throw new \LogicException("authorityCertSerialNumber not set.");
+		}
+		return $this->_authorityCertSerialNumber;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array();
-        if (isset($this->_keyIdentifier)) {
-            $elements[] = new ImplicitlyTaggedType(0,
-                new OctetString($this->_keyIdentifier));
-        }
-        // if either issuer or serial is set, both must be set
-        if (isset($this->_authorityCertIssuer) ||
-             isset($this->_authorityCertSerialNumber)) {
-            if (!isset($this->_authorityCertIssuer,
-                $this->_authorityCertSerialNumber)) {
-                throw new \LogicException(
-                    "AuthorityKeyIdentifier must have both" .
-                     " authorityCertIssuer and authorityCertSerialNumber" .
-                     " present or both absent.");
-            }
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_authorityCertIssuer->toASN1());
-            $elements[] = new ImplicitlyTaggedType(2,
-                new Integer($this->_authorityCertSerialNumber));
-        }
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array();
+		if (isset($this->_keyIdentifier)) {
+			$elements[] = new ImplicitlyTaggedType(0,
+				new OctetString($this->_keyIdentifier));
+		}
+		// if either issuer or serial is set, both must be set
+		if (isset($this->_authorityCertIssuer) ||
+			 isset($this->_authorityCertSerialNumber)) {
+			if (!isset($this->_authorityCertIssuer,
+				$this->_authorityCertSerialNumber)) {
+				throw new \LogicException(
+					"AuthorityKeyIdentifier must have both" .
+					 " authorityCertIssuer and authorityCertSerialNumber" .
+					 " present or both absent.");
+			}
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_authorityCertIssuer->toASN1());
+			$elements[] = new ImplicitlyTaggedType(2,
+				new Integer($this->_authorityCertSerialNumber));
+		}
+		return new Sequence(...$elements);
+	}
 }

examples/ac-example.php

Indentation +68 added lines, -68 removed lines

@@ -36,106 +36,106 @@ 
 
 // CA private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $ca_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 // Issuer private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $issuer_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 // Holder private key
 openssl_pkey_export(
-    openssl_pkey_new(
-        ["private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => 2048]), $pkey);
+	openssl_pkey_new(
+		["private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => 2048]), $pkey);
 $holder_private_key = PrivateKeyInfo::fromPEM(PEM::fromString($pkey));
 
 // create trust anchor certificate (self signed)
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=CA"),
-    $ca_private_key->publicKeyInfo(),
-    Name::fromString("cn=CA"),
-    Validity::fromStrings("now", "now + 1 year"));
+	Name::fromString("cn=CA"),
+	$ca_private_key->publicKeyInfo(),
+	Name::fromString("cn=CA"),
+	Validity::fromStrings("now", "now + 1 year"));
 $tbs_cert = $tbs_cert->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        new BasicConstraintsExtension(true, true),
-        new SubjectKeyIdentifierExtension(false, 
-            $ca_private_key->publicKeyInfo()->keyIdentifier()),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE | 
-            KeyUsageExtension::KEY_CERT_SIGN));
+	->withAdditionalExtensions(
+		new BasicConstraintsExtension(true, true),
+		new SubjectKeyIdentifierExtension(false, 
+			$ca_private_key->publicKeyInfo()->keyIdentifier()),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE | 
+			KeyUsageExtension::KEY_CERT_SIGN));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $ca_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // create AC issuer certificate
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=Issuer"), 
-    $issuer_private_key->publicKeyInfo(), 
-    new Name(),
-    Validity::fromStrings("now", "now + 6 months"));
+	Name::fromString("cn=Issuer"), 
+	$issuer_private_key->publicKeyInfo(), 
+	new Name(),
+	Validity::fromStrings("now", "now + 6 months"));
 $tbs_cert = $tbs_cert->withIssuerCertificate($ca_cert)
-    ->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        // issuer must not be a CA
-        new BasicConstraintsExtension(true, false),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE |
-             KeyUsageExtension::KEY_ENCIPHERMENT));
+	->withRandomSerialNumber()
+	->withAdditionalExtensions(
+		// issuer must not be a CA
+		new BasicConstraintsExtension(true, false),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE |
+			 KeyUsageExtension::KEY_ENCIPHERMENT));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $issuer_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // create AC holder certificate
 $tbs_cert = new TBSCertificate(
-    Name::fromString("cn=Holder, gn=John, sn=Doe"), 
-    $holder_private_key->publicKeyInfo(), 
-    new Name(),
-    Validity::fromStrings("now", "now + 6 months"));
+	Name::fromString("cn=Holder, gn=John, sn=Doe"), 
+	$holder_private_key->publicKeyInfo(), 
+	new Name(),
+	Validity::fromStrings("now", "now + 6 months"));
 $tbs_cert = $tbs_cert->withIssuerCertificate($ca_cert)
-    ->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        new BasicConstraintsExtension(true, false),
-        new KeyUsageExtension(true,
-            KeyUsageExtension::DIGITAL_SIGNATURE |
-             KeyUsageExtension::KEY_ENCIPHERMENT));
+	->withRandomSerialNumber()
+	->withAdditionalExtensions(
+		new BasicConstraintsExtension(true, false),
+		new KeyUsageExtension(true,
+			KeyUsageExtension::DIGITAL_SIGNATURE |
+			 KeyUsageExtension::KEY_ENCIPHERMENT));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $ca_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$ca_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $holder_cert = $tbs_cert->sign($algo, $ca_private_key);
 
 // named authority that grants the attributes
 $authority = new GeneralNames(
-    new UniformResourceIdentifier("uri:trusted_authority"));
+	new UniformResourceIdentifier("uri:trusted_authority"));
 // role attribute
 $attribs = new Attributes(
-    Attribute::fromAttributeValues(
-        RoleAttributeValue::fromString("role-name", $authority)));
+	Attribute::fromAttributeValues(
+		RoleAttributeValue::fromString("role-name", $authority)));
 $aci = new AttributeCertificateInfo(
-    // holder is identified by the holder's public key certificate
-    new Holder(IssuerSerial::fromPKC($holder_cert)),
-    AttCertIssuer::fromPKC($issuer_cert),
-    AttCertValidityPeriod::fromStrings("now - 1 hour", "now + 3 months"),
-    $attribs);
+	// holder is identified by the holder's public key certificate
+	new Holder(IssuerSerial::fromPKC($holder_cert)),
+	AttCertIssuer::fromPKC($issuer_cert),
+	AttCertValidityPeriod::fromStrings("now - 1 hour", "now + 3 months"),
+	$attribs);
 $aci = $aci->withRandomSerialNumber()
-    ->withAdditionalExtensions(
-        // named target identifier
-        TargetInformationExtension::fromTargets(
-            new TargetName(
-                new UniformResourceIdentifier("uri:target_identifier"))),
-        // key identifier of the AC issuer
-        new AuthorityKeyIdentifierExtension(false,
-            $issuer_cert->tbsCertificate()
-                ->subjectPublicKeyInfo()
-                ->keyIdentifier()));
+	->withAdditionalExtensions(
+		// named target identifier
+		TargetInformationExtension::fromTargets(
+			new TargetName(
+				new UniformResourceIdentifier("uri:target_identifier"))),
+		// key identifier of the AC issuer
+		new AuthorityKeyIdentifierExtension(false,
+			$issuer_cert->tbsCertificate()
+				->subjectPublicKeyInfo()
+				->keyIdentifier()));
 $algo = SignatureAlgorithmIdentifierFactory::algoForAsymmetricCrypto(
-    $issuer_private_key->algorithmIdentifier(),
-    new SHA256AlgorithmIdentifier());
+	$issuer_private_key->algorithmIdentifier(),
+	new SHA256AlgorithmIdentifier());
 $ac = $aci->sign($algo, $issuer_private_key);
 
 // validate AC
@@ -147,7 +147,7 @@ 
 $validator_config = $validator_config->withTargets($target);
 $validator = new ACValidator($ac, $validator_config);
 if ($validator->validate()) {
-    fprintf(STDERR, "AC validation succeeded.\n");
+	fprintf(STDERR, "AC validation succeeded.\n");
 }
 
 fprintf(STDERR, "Root certificate:\n");

lib/X509/Certificate/Extension/SubjectInformationAccessExtension.php

Indentation +75 added lines, -75 removed lines

@@ -14,86 +14,86 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.2.2
  */
 class SubjectInformationAccessExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    /**
-     * Access descriptions.
-     *
-     * @var SubjectAccessDescription[]
-     */
-    private $_accessDescriptions;
+	/**
+	 * Access descriptions.
+	 *
+	 * @var SubjectAccessDescription[]
+	 */
+	private $_accessDescriptions;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param SubjectAccessDescription ...$access
-     */
-    public function __construct(bool $critical,
-        SubjectAccessDescription ...$access)
-    {
-        parent::__construct(self::OID_SUBJECT_INFORMATION_ACCESS, $critical);
-        $this->_accessDescriptions = $access;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param SubjectAccessDescription ...$access
+	 */
+	public function __construct(bool $critical,
+		SubjectAccessDescription ...$access)
+	{
+		parent::__construct(self::OID_SUBJECT_INFORMATION_ACCESS, $critical);
+		$this->_accessDescriptions = $access;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $access = array_map(
-            function (UnspecifiedType $el) {
-                return SubjectAccessDescription::fromASN1($el->asSequence());
-            }, UnspecifiedType::fromDER($data)->asSequence()->elements());
-        return new self($critical, ...$access);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$access = array_map(
+			function (UnspecifiedType $el) {
+				return SubjectAccessDescription::fromASN1($el->asSequence());
+			}, UnspecifiedType::fromDER($data)->asSequence()->elements());
+		return new self($critical, ...$access);
+	}
     
-    /**
-     * Get the access descriptions.
-     *
-     * @return SubjectAccessDescription[]
-     */
-    public function accessDescriptions(): array
-    {
-        return $this->_accessDescriptions;
-    }
+	/**
+	 * Get the access descriptions.
+	 *
+	 * @return SubjectAccessDescription[]
+	 */
+	public function accessDescriptions(): array
+	{
+		return $this->_accessDescriptions;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function (AccessDescription $access) {
-                return $access->toASN1();
-            }, $this->_accessDescriptions);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function (AccessDescription $access) {
+				return $access->toASN1();
+			}, $this->_accessDescriptions);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get the number of access descriptions.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_accessDescriptions);
-    }
+	/**
+	 * Get the number of access descriptions.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_accessDescriptions);
+	}
     
-    /**
-     * Get iterator for access descriptions.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator List of SubjectAccessDescription objects
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_accessDescriptions);
-    }
+	/**
+	 * Get iterator for access descriptions.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator List of SubjectAccessDescription objects
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_accessDescriptions);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -45,7 +45,7 @@ 
     protected static function _fromDER(string $data, bool $critical): self
     {
         $access = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return SubjectAccessDescription::fromASN1($el->asSequence());
             }, UnspecifiedType::fromDER($data)->asSequence()->elements());
         return new self($critical, ...$access);
@@ -69,7 +69,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function (AccessDescription $access) {
+            function(AccessDescription $access) {
                 return $access->toASN1();
             }, $this->_accessDescriptions);
         return new Sequence(...$elements);

lib/X509/Certificate/Extension/AuthorityInformationAccessExtension.php

Indentation +75 added lines, -75 removed lines

@@ -14,86 +14,86 @@
  * @link https://tools.ietf.org/html/rfc5280#section-4.2.2.1
  */
 class AuthorityInformationAccessExtension extends Extension implements 
-    \Countable,
-    \IteratorAggregate
+	\Countable,
+	\IteratorAggregate
 {
-    /**
-     * Access descriptions.
-     *
-     * @var AuthorityAccessDescription[]
-     */
-    private $_accessDescriptions;
+	/**
+	 * Access descriptions.
+	 *
+	 * @var AuthorityAccessDescription[]
+	 */
+	private $_accessDescriptions;
     
-    /**
-     * Constructor.
-     *
-     * @param bool $critical
-     * @param AuthorityAccessDescription ...$access
-     */
-    public function __construct(bool $critical,
-        AuthorityAccessDescription ...$access)
-    {
-        parent::__construct(self::OID_AUTHORITY_INFORMATION_ACCESS, $critical);
-        $this->_accessDescriptions = $access;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param bool $critical
+	 * @param AuthorityAccessDescription ...$access
+	 */
+	public function __construct(bool $critical,
+		AuthorityAccessDescription ...$access)
+	{
+		parent::__construct(self::OID_AUTHORITY_INFORMATION_ACCESS, $critical);
+		$this->_accessDescriptions = $access;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical): self
-    {
-        $access = array_map(
-            function (UnspecifiedType $el) {
-                return AuthorityAccessDescription::fromASN1($el->asSequence());
-            }, UnspecifiedType::fromDER($data)->asSequence()->elements());
-        return new self($critical, ...$access);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical): self
+	{
+		$access = array_map(
+			function (UnspecifiedType $el) {
+				return AuthorityAccessDescription::fromASN1($el->asSequence());
+			}, UnspecifiedType::fromDER($data)->asSequence()->elements());
+		return new self($critical, ...$access);
+	}
     
-    /**
-     * Get the access descriptions.
-     *
-     * @return AuthorityAccessDescription[]
-     */
-    public function accessDescriptions(): array
-    {
-        return $this->_accessDescriptions;
-    }
+	/**
+	 * Get the access descriptions.
+	 *
+	 * @return AuthorityAccessDescription[]
+	 */
+	public function accessDescriptions(): array
+	{
+		return $this->_accessDescriptions;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     * @return Sequence
-     */
-    protected function _valueASN1(): Sequence
-    {
-        $elements = array_map(
-            function (AccessDescription $access) {
-                return $access->toASN1();
-            }, $this->_accessDescriptions);
-        return new Sequence(...$elements);
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 * @return Sequence
+	 */
+	protected function _valueASN1(): Sequence
+	{
+		$elements = array_map(
+			function (AccessDescription $access) {
+				return $access->toASN1();
+			}, $this->_accessDescriptions);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get the number of access descriptions.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_accessDescriptions);
-    }
+	/**
+	 * Get the number of access descriptions.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_accessDescriptions);
+	}
     
-    /**
-     * Get iterator for access descriptions.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator List of AuthorityAccessDescription objects
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_accessDescriptions);
-    }
+	/**
+	 * Get iterator for access descriptions.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator List of AuthorityAccessDescription objects
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_accessDescriptions);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -45,7 +45,7 @@ 
     protected static function _fromDER(string $data, bool $critical): self
     {
         $access = array_map(
-            function (UnspecifiedType $el) {
+            function(UnspecifiedType $el) {
                 return AuthorityAccessDescription::fromASN1($el->asSequence());
             }, UnspecifiedType::fromDER($data)->asSequence()->elements());
         return new self($critical, ...$access);
@@ -69,7 +69,7 @@ 
     protected function _valueASN1(): Sequence
     {
         $elements = array_map(
-            function (AccessDescription $access) {
+            function(AccessDescription $access) {
                 return $access->toASN1();
             }, $this->_accessDescriptions);
         return new Sequence(...$elements);

lib/X509/Certificate/Extension/Extension.php

Indentation +257 added lines, -257 removed lines

@@ -18,275 +18,275 @@
  */
 abstract class Extension
 {
-    // OID's from standard certificate extensions
-    const OID_OBSOLETE_AUTHORITY_KEY_IDENTIFIER = "2.5.29.1";
-    const OID_OBSOLETE_KEY_ATTRIBUTES = "2.5.29.2";
-    const OID_OBSOLETE_CERTIFICATE_POLICIES = "2.5.29.3";
-    const OID_OBSOLETE_KEY_USAGE_RESTRICTION = "2.5.29.4";
-    const OID_OBSOLETE_POLICY_MAPPING = "2.5.29.5";
-    const OID_OBSOLETE_SUBTREES_CONSTRAINT = "2.5.29.6";
-    const OID_OBSOLETE_SUBJECT_ALT_NAME = "2.5.29.7";
-    const OID_OBSOLETE_ISSUER_ALT_NAME = "2.5.29.8";
-    const OID_SUBJECT_DIRECTORY_ATTRIBUTES = "2.5.29.9";
-    const OID_OBSOLETE_BASIC_CONSTRAINTS = "2.5.29.10";
-    const OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
-    const OID_KEY_USAGE = "2.5.29.15";
-    const OID_PRIVATE_KEY_USAGE_PERIOD = "2.5.29.16";
-    const OID_SUBJECT_ALT_NAME = "2.5.29.17";
-    const OID_ISSUER_ALT_NAME = "2.5.29.18";
-    const OID_BASIC_CONSTRAINTS = "2.5.29.19";
-    const OID_CRL_NUMBER = "2.5.29.20";
-    const OID_REASON_CODE = "2.5.29.21";
-    const OID_OBSOLETE_EXPIRATION_DATE = "2.5.29.22";
-    const OID_INSTRUCTION_CODE = "2.5.29.23";
-    const OID_INVALIDITY_DATE = "2.5.29.24";
-    const OID_OBSOLETE_CRL_DISTRIBUTION_POINTS = "2.5.29.25";
-    const OID_OBSOLETE_ISSUING_DISTRIBUTION_POINT = "2.5.29.26";
-    const OID_DELTA_CRL_INDICATOR = "2.5.29.27";
-    const OID_ISSUING_DISTRIBUTION_POINT = "2.5.29.28";
-    const OID_CERTIFICATE_ISSUER = "2.5.29.29";
-    const OID_NAME_CONSTRAINTS = "2.5.29.30";
-    const OID_CRL_DISTRIBUTION_POINTS = "2.5.29.31";
-    const OID_CERTIFICATE_POLICIES = "2.5.29.32";
-    const OID_POLICY_MAPPINGS = "2.5.29.33";
-    const OID_OBSOLETE_POLICY_CONSTRAINTS = "2.5.29.34";
-    const OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
-    const OID_POLICY_CONSTRAINTS = "2.5.29.36";
-    const OID_EXT_KEY_USAGE = "2.5.29.37";
-    const OID_AUTHORITY_ATTRIBUTE_IDENTIFIER = "2.5.29.38";
-    const OID_ROLE_SPEC_CERT_IDENTIFIER = "2.5.29.39";
-    const OID_CRL_STREAM_IDENTIFIER = "2.5.29.40";
-    const OID_BASIC_ATT_CONSTRAINTS = "2.5.29.41";
-    const OID_DELEGATED_NAME_CONSTRAINTS = "2.5.29.42";
-    const OID_TIME_SPECIFICATION = "2.5.29.43";
-    const OID_CRL_SCOPE = "2.5.29.44";
-    const OID_STATUS_REFERRALS = "2.5.29.45";
-    const OID_FRESHEST_CRL = "2.5.29.46";
-    const OID_ORDERED_LIST = "2.5.29.47";
-    const OID_ATTRIBUTE_DESCRIPTOR = "2.5.29.48";
-    const OID_USER_NOTICE = "2.5.29.49";
-    const OID_SOA_IDENTIFIER = "2.5.29.50";
-    const OID_BASE_UPDATE_TIME = "2.5.29.51";
-    const OID_ACCEPTABLE_CERT_POLICIES = "2.5.29.52";
-    const OID_DELTA_INFO = "2.5.29.53";
-    const OID_INHIBIT_ANY_POLICY = "2.5.29.54";
-    const OID_TARGET_INFORMATION = "2.5.29.55";
-    const OID_NO_REV_AVAIL = "2.5.29.56";
-    const OID_ACCEPTABLE_PRIVILEGE_POLICIES = "2.5.29.57";
-    const OID_TO_BE_REVOKED = "2.5.29.58";
-    const OID_REVOKED_GROUPS = "2.5.29.59";
-    const OID_EXPIRED_CERTS_ON_CRL = "2.5.29.60";
-    const OID_INDIRECT_ISSUER = "2.5.29.61";
-    const OID_NO_ASSERTION = "2.5.29.62";
-    const OID_AA_ISSUING_DISTRIBUTION_POINT = "2.5.29.63";
-    const OID_ISSUED_ON_BEHALF_OF = "2.5.29.64";
-    const OID_SINGLE_USE = "2.5.29.65";
-    const OID_GROUP_AC = "2.5.29.66";
-    const OID_ALLOWED_ATT_ASS = "2.5.29.67";
-    const OID_ATTRIBUTE_MAPPINGS = "2.5.29.68";
-    const OID_HOLDER_NAME_CONSTRAINTS = "2.5.29.69";
+	// OID's from standard certificate extensions
+	const OID_OBSOLETE_AUTHORITY_KEY_IDENTIFIER = "2.5.29.1";
+	const OID_OBSOLETE_KEY_ATTRIBUTES = "2.5.29.2";
+	const OID_OBSOLETE_CERTIFICATE_POLICIES = "2.5.29.3";
+	const OID_OBSOLETE_KEY_USAGE_RESTRICTION = "2.5.29.4";
+	const OID_OBSOLETE_POLICY_MAPPING = "2.5.29.5";
+	const OID_OBSOLETE_SUBTREES_CONSTRAINT = "2.5.29.6";
+	const OID_OBSOLETE_SUBJECT_ALT_NAME = "2.5.29.7";
+	const OID_OBSOLETE_ISSUER_ALT_NAME = "2.5.29.8";
+	const OID_SUBJECT_DIRECTORY_ATTRIBUTES = "2.5.29.9";
+	const OID_OBSOLETE_BASIC_CONSTRAINTS = "2.5.29.10";
+	const OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
+	const OID_KEY_USAGE = "2.5.29.15";
+	const OID_PRIVATE_KEY_USAGE_PERIOD = "2.5.29.16";
+	const OID_SUBJECT_ALT_NAME = "2.5.29.17";
+	const OID_ISSUER_ALT_NAME = "2.5.29.18";
+	const OID_BASIC_CONSTRAINTS = "2.5.29.19";
+	const OID_CRL_NUMBER = "2.5.29.20";
+	const OID_REASON_CODE = "2.5.29.21";
+	const OID_OBSOLETE_EXPIRATION_DATE = "2.5.29.22";
+	const OID_INSTRUCTION_CODE = "2.5.29.23";
+	const OID_INVALIDITY_DATE = "2.5.29.24";
+	const OID_OBSOLETE_CRL_DISTRIBUTION_POINTS = "2.5.29.25";
+	const OID_OBSOLETE_ISSUING_DISTRIBUTION_POINT = "2.5.29.26";
+	const OID_DELTA_CRL_INDICATOR = "2.5.29.27";
+	const OID_ISSUING_DISTRIBUTION_POINT = "2.5.29.28";
+	const OID_CERTIFICATE_ISSUER = "2.5.29.29";
+	const OID_NAME_CONSTRAINTS = "2.5.29.30";
+	const OID_CRL_DISTRIBUTION_POINTS = "2.5.29.31";
+	const OID_CERTIFICATE_POLICIES = "2.5.29.32";
+	const OID_POLICY_MAPPINGS = "2.5.29.33";
+	const OID_OBSOLETE_POLICY_CONSTRAINTS = "2.5.29.34";
+	const OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
+	const OID_POLICY_CONSTRAINTS = "2.5.29.36";
+	const OID_EXT_KEY_USAGE = "2.5.29.37";
+	const OID_AUTHORITY_ATTRIBUTE_IDENTIFIER = "2.5.29.38";
+	const OID_ROLE_SPEC_CERT_IDENTIFIER = "2.5.29.39";
+	const OID_CRL_STREAM_IDENTIFIER = "2.5.29.40";
+	const OID_BASIC_ATT_CONSTRAINTS = "2.5.29.41";
+	const OID_DELEGATED_NAME_CONSTRAINTS = "2.5.29.42";
+	const OID_TIME_SPECIFICATION = "2.5.29.43";
+	const OID_CRL_SCOPE = "2.5.29.44";
+	const OID_STATUS_REFERRALS = "2.5.29.45";
+	const OID_FRESHEST_CRL = "2.5.29.46";
+	const OID_ORDERED_LIST = "2.5.29.47";
+	const OID_ATTRIBUTE_DESCRIPTOR = "2.5.29.48";
+	const OID_USER_NOTICE = "2.5.29.49";
+	const OID_SOA_IDENTIFIER = "2.5.29.50";
+	const OID_BASE_UPDATE_TIME = "2.5.29.51";
+	const OID_ACCEPTABLE_CERT_POLICIES = "2.5.29.52";
+	const OID_DELTA_INFO = "2.5.29.53";
+	const OID_INHIBIT_ANY_POLICY = "2.5.29.54";
+	const OID_TARGET_INFORMATION = "2.5.29.55";
+	const OID_NO_REV_AVAIL = "2.5.29.56";
+	const OID_ACCEPTABLE_PRIVILEGE_POLICIES = "2.5.29.57";
+	const OID_TO_BE_REVOKED = "2.5.29.58";
+	const OID_REVOKED_GROUPS = "2.5.29.59";
+	const OID_EXPIRED_CERTS_ON_CRL = "2.5.29.60";
+	const OID_INDIRECT_ISSUER = "2.5.29.61";
+	const OID_NO_ASSERTION = "2.5.29.62";
+	const OID_AA_ISSUING_DISTRIBUTION_POINT = "2.5.29.63";
+	const OID_ISSUED_ON_BEHALF_OF = "2.5.29.64";
+	const OID_SINGLE_USE = "2.5.29.65";
+	const OID_GROUP_AC = "2.5.29.66";
+	const OID_ALLOWED_ATT_ASS = "2.5.29.67";
+	const OID_ATTRIBUTE_MAPPINGS = "2.5.29.68";
+	const OID_HOLDER_NAME_CONSTRAINTS = "2.5.29.69";
     
-    // OID's from private certificate extensions arc
-    const OID_AUTHORITY_INFORMATION_ACCESS = "1.3.6.1.5.5.7.1.1";
-    const OID_AA_CONTROLS = "1.3.6.1.5.5.7.1.6";
-    const OID_SUBJECT_INFORMATION_ACCESS = "1.3.6.1.5.5.7.1.11";
-    const OID_LOGOTYPE = "1.3.6.1.5.5.7.1.12";
+	// OID's from private certificate extensions arc
+	const OID_AUTHORITY_INFORMATION_ACCESS = "1.3.6.1.5.5.7.1.1";
+	const OID_AA_CONTROLS = "1.3.6.1.5.5.7.1.6";
+	const OID_SUBJECT_INFORMATION_ACCESS = "1.3.6.1.5.5.7.1.11";
+	const OID_LOGOTYPE = "1.3.6.1.5.5.7.1.12";
     
-    /**
-     * Mapping from extension ID to implementation class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_CLASS = array(
-        /* @formatter:off */
-        self::OID_AUTHORITY_KEY_IDENTIFIER => AuthorityKeyIdentifierExtension::class,
-        self::OID_SUBJECT_KEY_IDENTIFIER => SubjectKeyIdentifierExtension::class,
-        self::OID_KEY_USAGE => KeyUsageExtension::class,
-        self::OID_CERTIFICATE_POLICIES => CertificatePoliciesExtension::class,
-        self::OID_POLICY_MAPPINGS => PolicyMappingsExtension::class,
-        self::OID_SUBJECT_ALT_NAME => SubjectAlternativeNameExtension::class,
-        self::OID_ISSUER_ALT_NAME => IssuerAlternativeNameExtension::class,
-        self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => SubjectDirectoryAttributesExtension::class,
-        self::OID_BASIC_CONSTRAINTS => BasicConstraintsExtension::class,
-        self::OID_NAME_CONSTRAINTS => NameConstraintsExtension::class,
-        self::OID_POLICY_CONSTRAINTS => PolicyConstraintsExtension::class,
-        self::OID_EXT_KEY_USAGE => ExtendedKeyUsageExtension::class,
-        self::OID_CRL_DISTRIBUTION_POINTS => CRLDistributionPointsExtension::class,
-        self::OID_INHIBIT_ANY_POLICY => InhibitAnyPolicyExtension::class,
-        self::OID_FRESHEST_CRL => FreshestCRLExtension::class,
-        self::OID_NO_REV_AVAIL => NoRevocationAvailableExtension::class,
-        self::OID_TARGET_INFORMATION => TargetInformationExtension::class,
-        self::OID_AUTHORITY_INFORMATION_ACCESS => AuthorityInformationAccessExtension::class,
-        self::OID_AA_CONTROLS => AAControlsExtension::class,
-        self::OID_SUBJECT_INFORMATION_ACCESS => SubjectInformationAccessExtension::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from extension ID to implementation class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_CLASS = array(
+		/* @formatter:off */
+		self::OID_AUTHORITY_KEY_IDENTIFIER => AuthorityKeyIdentifierExtension::class,
+		self::OID_SUBJECT_KEY_IDENTIFIER => SubjectKeyIdentifierExtension::class,
+		self::OID_KEY_USAGE => KeyUsageExtension::class,
+		self::OID_CERTIFICATE_POLICIES => CertificatePoliciesExtension::class,
+		self::OID_POLICY_MAPPINGS => PolicyMappingsExtension::class,
+		self::OID_SUBJECT_ALT_NAME => SubjectAlternativeNameExtension::class,
+		self::OID_ISSUER_ALT_NAME => IssuerAlternativeNameExtension::class,
+		self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => SubjectDirectoryAttributesExtension::class,
+		self::OID_BASIC_CONSTRAINTS => BasicConstraintsExtension::class,
+		self::OID_NAME_CONSTRAINTS => NameConstraintsExtension::class,
+		self::OID_POLICY_CONSTRAINTS => PolicyConstraintsExtension::class,
+		self::OID_EXT_KEY_USAGE => ExtendedKeyUsageExtension::class,
+		self::OID_CRL_DISTRIBUTION_POINTS => CRLDistributionPointsExtension::class,
+		self::OID_INHIBIT_ANY_POLICY => InhibitAnyPolicyExtension::class,
+		self::OID_FRESHEST_CRL => FreshestCRLExtension::class,
+		self::OID_NO_REV_AVAIL => NoRevocationAvailableExtension::class,
+		self::OID_TARGET_INFORMATION => TargetInformationExtension::class,
+		self::OID_AUTHORITY_INFORMATION_ACCESS => AuthorityInformationAccessExtension::class,
+		self::OID_AA_CONTROLS => AAControlsExtension::class,
+		self::OID_SUBJECT_INFORMATION_ACCESS => SubjectInformationAccessExtension::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Mapping from extensions ID to short name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_NAME = array(
-        /* @formatter:off */
-        self::OID_AUTHORITY_KEY_IDENTIFIER => "authorityKeyIdentifier",
-        self::OID_SUBJECT_KEY_IDENTIFIER => "subjectKeyIdentifier",
-        self::OID_KEY_USAGE => "keyUsage",
-        self::OID_PRIVATE_KEY_USAGE_PERIOD => "privateKeyUsagePeriod",
-        self::OID_CERTIFICATE_POLICIES => "certificatePolicies",
-        self::OID_POLICY_MAPPINGS => "policyMappings",
-        self::OID_SUBJECT_ALT_NAME => "subjectAltName",
-        self::OID_ISSUER_ALT_NAME => "issuerAltName",
-        self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => "subjectDirectoryAttributes",
-        self::OID_BASIC_CONSTRAINTS => "basicConstraints",
-        self::OID_NAME_CONSTRAINTS => "nameConstraints",
-        self::OID_POLICY_CONSTRAINTS => "policyConstraints",
-        self::OID_EXT_KEY_USAGE => "extKeyUsage",
-        self::OID_CRL_DISTRIBUTION_POINTS => "cRLDistributionPoints",
-        self::OID_INHIBIT_ANY_POLICY => "inhibitAnyPolicy",
-        self::OID_FRESHEST_CRL => "freshestCRL",
-        self::OID_NO_REV_AVAIL => "noRevAvail",
-        self::OID_TARGET_INFORMATION => "targetInformation",
-        self::OID_AUTHORITY_INFORMATION_ACCESS => "authorityInfoAccess",
-        self::OID_AA_CONTROLS => "aaControls",
-        self::OID_SUBJECT_INFORMATION_ACCESS => "subjectInfoAccess",
-        self::OID_LOGOTYPE => "logotype"
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from extensions ID to short name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_NAME = array(
+		/* @formatter:off */
+		self::OID_AUTHORITY_KEY_IDENTIFIER => "authorityKeyIdentifier",
+		self::OID_SUBJECT_KEY_IDENTIFIER => "subjectKeyIdentifier",
+		self::OID_KEY_USAGE => "keyUsage",
+		self::OID_PRIVATE_KEY_USAGE_PERIOD => "privateKeyUsagePeriod",
+		self::OID_CERTIFICATE_POLICIES => "certificatePolicies",
+		self::OID_POLICY_MAPPINGS => "policyMappings",
+		self::OID_SUBJECT_ALT_NAME => "subjectAltName",
+		self::OID_ISSUER_ALT_NAME => "issuerAltName",
+		self::OID_SUBJECT_DIRECTORY_ATTRIBUTES => "subjectDirectoryAttributes",
+		self::OID_BASIC_CONSTRAINTS => "basicConstraints",
+		self::OID_NAME_CONSTRAINTS => "nameConstraints",
+		self::OID_POLICY_CONSTRAINTS => "policyConstraints",
+		self::OID_EXT_KEY_USAGE => "extKeyUsage",
+		self::OID_CRL_DISTRIBUTION_POINTS => "cRLDistributionPoints",
+		self::OID_INHIBIT_ANY_POLICY => "inhibitAnyPolicy",
+		self::OID_FRESHEST_CRL => "freshestCRL",
+		self::OID_NO_REV_AVAIL => "noRevAvail",
+		self::OID_TARGET_INFORMATION => "targetInformation",
+		self::OID_AUTHORITY_INFORMATION_ACCESS => "authorityInfoAccess",
+		self::OID_AA_CONTROLS => "aaControls",
+		self::OID_SUBJECT_INFORMATION_ACCESS => "subjectInfoAccess",
+		self::OID_LOGOTYPE => "logotype"
+		/* @formatter:on */
+	);
     
-    /**
-     * Extension's OID.
-     *
-     * @var string $_oid
-     */
-    protected $_oid;
+	/**
+	 * Extension's OID.
+	 *
+	 * @var string $_oid
+	 */
+	protected $_oid;
     
-    /**
-     * Whether extension is critical.
-     *
-     * @var bool $_critical
-     */
-    protected $_critical;
+	/**
+	 * Whether extension is critical.
+	 *
+	 * @var bool $_critical
+	 */
+	protected $_critical;
     
-    /**
-     * Get ASN.1 structure of the extension value.
-     *
-     * @return Element
-     */
-    abstract protected function _valueASN1();
+	/**
+	 * Get ASN.1 structure of the extension value.
+	 *
+	 * @return Element
+	 */
+	abstract protected function _valueASN1();
     
-    /**
-     * Parse extension value from DER.
-     *
-     * @param string $data DER data
-     * @param bool $critical Whether extension is critical
-     * @throws \BadMethodCallException
-     * @return self
-     */
-    protected static function _fromDER(string $data, bool $critical)
-    {
-        throw new \BadMethodCallException(
-            __FUNCTION__ . " must be implemented in derived class.");
-    }
+	/**
+	 * Parse extension value from DER.
+	 *
+	 * @param string $data DER data
+	 * @param bool $critical Whether extension is critical
+	 * @throws \BadMethodCallException
+	 * @return self
+	 */
+	protected static function _fromDER(string $data, bool $critical)
+	{
+		throw new \BadMethodCallException(
+			__FUNCTION__ . " must be implemented in derived class.");
+	}
     
-    /**
-     * Constructor.
-     *
-     * @param string $oid Extension OID
-     * @param bool $critical Whether extension is critical
-     */
-    public function __construct(string $oid, bool $critical)
-    {
-        $this->_oid = $oid;
-        $this->_critical = $critical;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $oid Extension OID
+	 * @param bool $critical Whether extension is critical
+	 */
+	public function __construct(string $oid, bool $critical)
+	{
+		$this->_oid = $oid;
+		$this->_critical = $critical;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): Extension
-    {
-        $extnID = $seq->at(0)
-            ->asObjectIdentifier()
-            ->oid();
-        $critical = false;
-        $idx = 1;
-        if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
-            $critical = $seq->at($idx++)
-                ->asBoolean()
-                ->value();
-        }
-        $data = $seq->at($idx)
-            ->asOctetString()
-            ->string();
-        if (array_key_exists($extnID, self::MAP_OID_TO_CLASS)) {
-            $cls = self::MAP_OID_TO_CLASS[$extnID];
-            return $cls::_fromDER($data, $critical);
-        }
-        return new UnknownExtension($extnID, $critical, new DERData($data));
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): Extension
+	{
+		$extnID = $seq->at(0)
+			->asObjectIdentifier()
+			->oid();
+		$critical = false;
+		$idx = 1;
+		if ($seq->has($idx, Element::TYPE_BOOLEAN)) {
+			$critical = $seq->at($idx++)
+				->asBoolean()
+				->value();
+		}
+		$data = $seq->at($idx)
+			->asOctetString()
+			->string();
+		if (array_key_exists($extnID, self::MAP_OID_TO_CLASS)) {
+			$cls = self::MAP_OID_TO_CLASS[$extnID];
+			return $cls::_fromDER($data, $critical);
+		}
+		return new UnknownExtension($extnID, $critical, new DERData($data));
+	}
     
-    /**
-     * Get extension OID.
-     *
-     * @return string
-     */
-    public function oid(): string
-    {
-        return $this->_oid;
-    }
+	/**
+	 * Get extension OID.
+	 *
+	 * @return string
+	 */
+	public function oid(): string
+	{
+		return $this->_oid;
+	}
     
-    /**
-     * Check whether extension is critical.
-     *
-     * @return bool
-     */
-    public function isCritical(): bool
-    {
-        return $this->_critical;
-    }
+	/**
+	 * Check whether extension is critical.
+	 *
+	 * @return bool
+	 */
+	public function isCritical(): bool
+	{
+		return $this->_critical;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new ObjectIdentifier($this->_oid));
-        if ($this->_critical) {
-            $elements[] = new Boolean(true);
-        }
-        $elements[] = new OctetString($this->_valueASN1()->toDER());
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new ObjectIdentifier($this->_oid));
+		if ($this->_critical) {
+			$elements[] = new Boolean(true);
+		}
+		$elements[] = new OctetString($this->_valueASN1()->toDER());
+		return new Sequence(...$elements);
+	}
     
-    /**
-     * Get short name of the extension.
-     *
-     * @return string
-     */
-    public function extensionName(): string
-    {
-        if (array_key_exists($this->_oid, self::MAP_OID_TO_NAME)) {
-            return self::MAP_OID_TO_NAME[$this->_oid];
-        }
-        return $this->oid();
-    }
+	/**
+	 * Get short name of the extension.
+	 *
+	 * @return string
+	 */
+	public function extensionName(): string
+	{
+		if (array_key_exists($this->_oid, self::MAP_OID_TO_NAME)) {
+			return self::MAP_OID_TO_NAME[$this->_oid];
+		}
+		return $this->oid();
+	}
     
-    /**
-     *
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->extensionName();
-    }
+	/**
+	 *
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->extensionName();
+	}
 }