sop / x509

lib/X509/AttributeCertificate/Validation/ACValidationConfig.php

Indentation +98 added lines, -98 removed lines

@@ -12,112 +12,112 @@
  */
 class ACValidationConfig
 {
-    /**
-     * Certification path of the AC holder.
-     *
-     * @var CertificationPath
-     */
-    protected $_holderPath;
+	/**
+	 * Certification path of the AC holder.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_holderPath;
     
-    /**
-     * Certification path of the AC issuer.
-     *
-     * @var CertificationPath
-     */
-    protected $_issuerPath;
+	/**
+	 * Certification path of the AC issuer.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_issuerPath;
     
-    /**
-     * Evaluation reference time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_evalTime;
+	/**
+	 * Evaluation reference time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_evalTime;
     
-    /**
-     * Permitted targets.
-     *
-     * @var Target[]
-     */
-    protected $_targets;
+	/**
+	 * Permitted targets.
+	 *
+	 * @var Target[]
+	 */
+	protected $_targets;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificationPath $holder_path Certification path of the AC holder
-     * @param CertificationPath $issuer_path Certification path of the AC issuer
-     */
-    public function __construct(CertificationPath $holder_path,
-        CertificationPath $issuer_path)
-    {
-        $this->_holderPath = $holder_path;
-        $this->_issuerPath = $issuer_path;
-        $this->_evalTime = new \DateTimeImmutable();
-        $this->_targets = array();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationPath $holder_path Certification path of the AC holder
+	 * @param CertificationPath $issuer_path Certification path of the AC issuer
+	 */
+	public function __construct(CertificationPath $holder_path,
+		CertificationPath $issuer_path)
+	{
+		$this->_holderPath = $holder_path;
+		$this->_issuerPath = $issuer_path;
+		$this->_evalTime = new \DateTimeImmutable();
+		$this->_targets = array();
+	}
     
-    /**
-     * Get certification path of the AC's holder.
-     *
-     * @return CertificationPath
-     */
-    public function holderPath(): CertificationPath
-    {
-        return $this->_holderPath;
-    }
+	/**
+	 * Get certification path of the AC's holder.
+	 *
+	 * @return CertificationPath
+	 */
+	public function holderPath(): CertificationPath
+	{
+		return $this->_holderPath;
+	}
     
-    /**
-     * Get certification path of the AC's issuer.
-     *
-     * @return CertificationPath
-     */
-    public function issuerPath(): CertificationPath
-    {
-        return $this->_issuerPath;
-    }
+	/**
+	 * Get certification path of the AC's issuer.
+	 *
+	 * @return CertificationPath
+	 */
+	public function issuerPath(): CertificationPath
+	{
+		return $this->_issuerPath;
+	}
     
-    /**
-     * Get self with given evaluation reference time.
-     *
-     * @param \DateTimeImmutable $dt
-     * @return self
-     */
-    public function withEvaluationTime(\DateTimeImmutable $dt): self
-    {
-        $obj = clone $this;
-        $obj->_evalTime = $dt;
-        return $obj;
-    }
+	/**
+	 * Get self with given evaluation reference time.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 * @return self
+	 */
+	public function withEvaluationTime(\DateTimeImmutable $dt): self
+	{
+		$obj = clone $this;
+		$obj->_evalTime = $dt;
+		return $obj;
+	}
     
-    /**
-     * Get the evaluation reference time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function evaluationTime(): \DateTimeImmutable
-    {
-        return $this->_evalTime;
-    }
+	/**
+	 * Get the evaluation reference time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function evaluationTime(): \DateTimeImmutable
+	{
+		return $this->_evalTime;
+	}
     
-    /**
-     * Get self with permitted targets.
-     *
-     * @param Target ...$targets
-     * @return self
-     */
-    public function withTargets(Target ...$targets): self
-    {
-        $obj = clone $this;
-        $obj->_targets = $targets;
-        return $obj;
-    }
+	/**
+	 * Get self with permitted targets.
+	 *
+	 * @param Target ...$targets
+	 * @return self
+	 */
+	public function withTargets(Target ...$targets): self
+	{
+		$obj = clone $this;
+		$obj->_targets = $targets;
+		return $obj;
+	}
     
-    /**
-     * Get array of permitted targets
-     *
-     * @return Target[]
-     */
-    public function targets(): array
-    {
-        return $this->_targets;
-    }
+	/**
+	 * Get array of permitted targets
+	 *
+	 * @return Target[]
+	 */
+	public function targets(): array
+	{
+		return $this->_targets;
+	}
 }

lib/X509/AttributeCertificate/Validation/ACValidator.php

Indentation +164 added lines, -164 removed lines

@@ -21,178 +21,178 @@
  */
 class ACValidator
 {
-    /**
-     * Attribute certificate.
-     *
-     * @var AttributeCertificate
-     */
-    protected $_ac;
+	/**
+	 * Attribute certificate.
+	 *
+	 * @var AttributeCertificate
+	 */
+	protected $_ac;
     
-    /**
-     * Validation configuration.
-     *
-     * @var ACValidationConfig
-     */
-    protected $_config;
+	/**
+	 * Validation configuration.
+	 *
+	 * @var ACValidationConfig
+	 */
+	protected $_config;
     
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto
+	 */
+	protected $_crypto;
     
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificate $ac Attribute certificate to validate
-     * @param ACValidationConfig $config Validation configuration
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     */
-    public function __construct(AttributeCertificate $ac,
-        ACValidationConfig $config, Crypto $crypto = null)
-    {
-        $this->_ac = $ac;
-        $this->_config = $config;
-        $this->_crypto = $crypto ?: Crypto::getDefault();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificate $ac Attribute certificate to validate
+	 * @param ACValidationConfig $config Validation configuration
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 */
+	public function __construct(AttributeCertificate $ac,
+		ACValidationConfig $config, Crypto $crypto = null)
+	{
+		$this->_ac = $ac;
+		$this->_config = $config;
+		$this->_crypto = $crypto ?: Crypto::getDefault();
+	}
     
-    /**
-     * Validate attribute certificate.
-     *
-     * @throws ACValidationException If validation fails
-     * @return AttributeCertificate Validated AC
-     */
-    public function validate(): AttributeCertificate
-    {
-        $this->_validateHolder();
-        $issuer = $this->_verifyIssuer();
-        $this->_validateIssuerProfile($issuer);
-        $this->_validateTime();
-        $this->_validateTargeting();
-        return $this->_ac;
-    }
+	/**
+	 * Validate attribute certificate.
+	 *
+	 * @throws ACValidationException If validation fails
+	 * @return AttributeCertificate Validated AC
+	 */
+	public function validate(): AttributeCertificate
+	{
+		$this->_validateHolder();
+		$issuer = $this->_verifyIssuer();
+		$this->_validateIssuerProfile($issuer);
+		$this->_validateTime();
+		$this->_validateTargeting();
+		return $this->_ac;
+	}
     
-    /**
-     * Validate AC holder's certification.
-     *
-     * @throws ACValidationException
-     * @return Certificate Certificate of the AC's holder
-     */
-    private function _validateHolder(): Certificate
-    {
-        $path = $this->_config->holderPath();
-        $config = PathValidationConfig::defaultConfig()->withMaxLength(
-            count($path))->withDateTime($this->_config->evaluationTime());
-        try {
-            $holder = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate holder PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isHeldBy($holder)) {
-            throw new ACValidationException("Name mismatch of AC's holder PKC.");
-        }
-        return $holder;
-    }
+	/**
+	 * Validate AC holder's certification.
+	 *
+	 * @throws ACValidationException
+	 * @return Certificate Certificate of the AC's holder
+	 */
+	private function _validateHolder(): Certificate
+	{
+		$path = $this->_config->holderPath();
+		$config = PathValidationConfig::defaultConfig()->withMaxLength(
+			count($path))->withDateTime($this->_config->evaluationTime());
+		try {
+			$holder = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate holder PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isHeldBy($holder)) {
+			throw new ACValidationException("Name mismatch of AC's holder PKC.");
+		}
+		return $holder;
+	}
     
-    /**
-     * Verify AC's signature and issuer's certification.
-     *
-     * @throws ACValidationException
-     * @return Certificate Certificate of the AC's issuer
-     */
-    private function _verifyIssuer(): Certificate
-    {
-        $path = $this->_config->issuerPath();
-        $config = PathValidationConfig::defaultConfig()->withMaxLength(
-            count($path))->withDateTime($this->_config->evaluationTime());
-        try {
-            $issuer = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate issuer PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isIssuedBy($issuer)) {
-            throw new ACValidationException("Name mismatch of AC's issuer PKC.");
-        }
-        $pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
-        if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
-            throw new ACValidationException("Failed to verify signature.");
-        }
-        return $issuer;
-    }
+	/**
+	 * Verify AC's signature and issuer's certification.
+	 *
+	 * @throws ACValidationException
+	 * @return Certificate Certificate of the AC's issuer
+	 */
+	private function _verifyIssuer(): Certificate
+	{
+		$path = $this->_config->issuerPath();
+		$config = PathValidationConfig::defaultConfig()->withMaxLength(
+			count($path))->withDateTime($this->_config->evaluationTime());
+		try {
+			$issuer = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate issuer PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isIssuedBy($issuer)) {
+			throw new ACValidationException("Name mismatch of AC's issuer PKC.");
+		}
+		$pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
+		if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
+			throw new ACValidationException("Failed to verify signature.");
+		}
+		return $issuer;
+	}
     
-    /**
-     * Validate AC issuer's profile.
-     *
-     * @link https://tools.ietf.org/html/rfc5755#section-4.5
-     * @param Certificate $cert
-     * @throws ACValidationException
-     */
-    private function _validateIssuerProfile(Certificate $cert)
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
-            throw new ACValidationException(
-                "Issuer PKC's Key Usage extension doesn't permit" .
-                     " verification of digital signatures.");
-        }
-        if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
-            throw new ACValidationException("Issuer PKC must not be a CA.");
-        }
-    }
+	/**
+	 * Validate AC issuer's profile.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5755#section-4.5
+	 * @param Certificate $cert
+	 * @throws ACValidationException
+	 */
+	private function _validateIssuerProfile(Certificate $cert)
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
+			throw new ACValidationException(
+				"Issuer PKC's Key Usage extension doesn't permit" .
+					 " verification of digital signatures.");
+		}
+		if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
+			throw new ACValidationException("Issuer PKC must not be a CA.");
+		}
+	}
     
-    /**
-     * Validate AC's validity period.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTime()
-    {
-        $t = $this->_config->evaluationTime();
-        $validity = $this->_ac->acinfo()->validityPeriod();
-        if ($validity->notBeforeTime()->diff($t)->invert) {
-            throw new ACValidationException("Validity period has not started.");
-        }
-        if ($t->diff($validity->notAfterTime())->invert) {
-            throw new ACValidationException("Attribute certificate has expired.");
-        }
-    }
+	/**
+	 * Validate AC's validity period.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTime()
+	{
+		$t = $this->_config->evaluationTime();
+		$validity = $this->_ac->acinfo()->validityPeriod();
+		if ($validity->notBeforeTime()->diff($t)->invert) {
+			throw new ACValidationException("Validity period has not started.");
+		}
+		if ($t->diff($validity->notAfterTime())->invert) {
+			throw new ACValidationException("Attribute certificate has expired.");
+		}
+	}
     
-    /**
-     * Validate AC's target information.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTargeting()
-    {
-        $exts = $this->_ac->acinfo()->extensions();
-        // if target information extension is not present
-        if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
-            return;
-        }
-        $ext = $exts->get(Extension::OID_TARGET_INFORMATION);
-        if ($ext instanceof TargetInformationExtension &&
-             !$this->_hasMatchingTarget($ext->targets())) {
-            throw new ACValidationException(
-                "Attribute certificate doesn't have a matching target.");
-        }
-    }
+	/**
+	 * Validate AC's target information.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTargeting()
+	{
+		$exts = $this->_ac->acinfo()->extensions();
+		// if target information extension is not present
+		if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
+			return;
+		}
+		$ext = $exts->get(Extension::OID_TARGET_INFORMATION);
+		if ($ext instanceof TargetInformationExtension &&
+			 !$this->_hasMatchingTarget($ext->targets())) {
+			throw new ACValidationException(
+				"Attribute certificate doesn't have a matching target.");
+		}
+	}
     
-    /**
-     * Check whether validation configuration has matching targets.
-     *
-     * @param Targets $targets Set of eligible targets
-     * @return boolean
-     */
-    private function _hasMatchingTarget(Targets $targets): bool
-    {
-        foreach ($this->_config->targets() as $target) {
-            if ($targets->hasTarget($target)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether validation configuration has matching targets.
+	 *
+	 * @param Targets $targets Set of eligible targets
+	 * @return boolean
+	 */
+	private function _hasMatchingTarget(Targets $targets): bool
+	{
+		foreach ($this->_config->targets() as $target) {
+			if ($targets->hasTarget($target)) {
+				return true;
+			}
+		}
+		return false;
+	}
 }

lib/X509/AttributeCertificate/AttCertIssuer.php

Indentation +58 added lines, -58 removed lines

@@ -18,66 +18,66 @@
  */
 abstract class AttCertIssuer
 {
-    /**
-     * Generate ASN.1 element.
-     *
-     * @return Element
-     */
-    abstract public function toASN1();
+	/**
+	 * Generate ASN.1 element.
+	 *
+	 * @return Element
+	 */
+	abstract public function toASN1();
     
-    /**
-     * Check whether AttCertIssuer identifies given certificate.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    abstract public function identifiesPKC(Certificate $cert): bool;
+	/**
+	 * Check whether AttCertIssuer identifies given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	abstract public function identifiesPKC(Certificate $cert): bool;
     
-    /**
-     * Initialize from distinguished name.
-     *
-     * This conforms to RFC 5755 which states that only v2Form must be used,
-     * and issuerName must contain exactly one GeneralName of DirectoryName
-     * type.
-     *
-     * @link https://tools.ietf.org/html/rfc5755#section-4.2.3
-     * @param Name $name
-     * @return self
-     */
-    public static function fromName(Name $name): self
-    {
-        return new V2Form(new GeneralNames(new DirectoryName($name)));
-    }
+	/**
+	 * Initialize from distinguished name.
+	 *
+	 * This conforms to RFC 5755 which states that only v2Form must be used,
+	 * and issuerName must contain exactly one GeneralName of DirectoryName
+	 * type.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5755#section-4.2.3
+	 * @param Name $name
+	 * @return self
+	 */
+	public static function fromName(Name $name): self
+	{
+		return new V2Form(new GeneralNames(new DirectoryName($name)));
+	}
     
-    /**
-     * Initialize from an issuer's public key certificate.
-     *
-     * @param Certificate $cert
-     * @return self
-     */
-    public static function fromPKC(Certificate $cert): self
-    {
-        return self::fromName($cert->tbsCertificate()->subject());
-    }
+	/**
+	 * Initialize from an issuer's public key certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return self
+	 */
+	public static function fromPKC(Certificate $cert): self
+	{
+		return self::fromName($cert->tbsCertificate()->subject());
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param UnspecifiedType $el CHOICE
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromASN1(UnspecifiedType $el): self
-    {
-        if (!$el->isTagged()) {
-            throw new \UnexpectedValueException("v1Form issuer not supported.");
-        }
-        $tagged = $el->asTagged();
-        switch ($tagged->tag()) {
-            case 0:
-                return V2Form::fromV2ASN1(
-                    $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence());
-        }
-        throw new \UnexpectedValueException("Unsupported issuer type.");
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param UnspecifiedType $el CHOICE
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromASN1(UnspecifiedType $el): self
+	{
+		if (!$el->isTagged()) {
+			throw new \UnexpectedValueException("v1Form issuer not supported.");
+		}
+		$tagged = $el->asTagged();
+		switch ($tagged->tag()) {
+			case 0:
+				return V2Form::fromV2ASN1(
+					$tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence());
+		}
+		throw new \UnexpectedValueException("Unsupported issuer type.");
+	}
 }

lib/X509/AttributeCertificate/AttCertValidityPeriod.php

Indentation +82 added lines, -82 removed lines

@@ -15,94 +15,94 @@
  */
 class AttCertValidityPeriod
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
     
-    /**
-     * Not before time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notBeforeTime;
+	/**
+	 * Not before time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notBeforeTime;
     
-    /**
-     * Not after time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_notAfterTime;
+	/**
+	 * Not after time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_notAfterTime;
     
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $nb
-     * @param \DateTimeImmutable $na
-     */
-    public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
-    {
-        $this->_notBeforeTime = $nb;
-        $this->_notAfterTime = $na;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $nb
+	 * @param \DateTimeImmutable $na
+	 */
+	public function __construct(\DateTimeImmutable $nb, \DateTimeImmutable $na)
+	{
+		$this->_notBeforeTime = $nb;
+		$this->_notAfterTime = $na;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $nb = $seq->at(0)
-            ->asGeneralizedTime()
-            ->dateTime();
-        $na = $seq->at(1)
-            ->asGeneralizedTime()
-            ->dateTime();
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$nb = $seq->at(0)
+			->asGeneralizedTime()
+			->dateTime();
+		$na = $seq->at(1)
+			->asGeneralizedTime()
+			->dateTime();
+		return new self($nb, $na);
+	}
     
-    /**
-     * Initialize from date strings.
-     *
-     * @param string|null $nb_date Not before date
-     * @param string|null $na_date Not after date
-     * @param string|null $tz Timezone string
-     * @return self
-     */
-    public static function fromStrings($nb_date, $na_date, $tz = null): self
-    {
-        $nb = self::_createDateTime($nb_date, $tz);
-        $na = self::_createDateTime($na_date, $tz);
-        return new self($nb, $na);
-    }
+	/**
+	 * Initialize from date strings.
+	 *
+	 * @param string|null $nb_date Not before date
+	 * @param string|null $na_date Not after date
+	 * @param string|null $tz Timezone string
+	 * @return self
+	 */
+	public static function fromStrings($nb_date, $na_date, $tz = null): self
+	{
+		$nb = self::_createDateTime($nb_date, $tz);
+		$na = self::_createDateTime($na_date, $tz);
+		return new self($nb, $na);
+	}
     
-    /**
-     * Get not before time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notBeforeTime(): \DateTimeImmutable
-    {
-        return $this->_notBeforeTime;
-    }
+	/**
+	 * Get not before time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notBeforeTime(): \DateTimeImmutable
+	{
+		return $this->_notBeforeTime;
+	}
     
-    /**
-     * Get not after time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function notAfterTime(): \DateTimeImmutable
-    {
-        return $this->_notAfterTime;
-    }
+	/**
+	 * Get not after time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function notAfterTime(): \DateTimeImmutable
+	{
+		return $this->_notAfterTime;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence(new GeneralizedTime($this->_notBeforeTime),
-            new GeneralizedTime($this->_notAfterTime));
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence(new GeneralizedTime($this->_notBeforeTime),
+			new GeneralizedTime($this->_notAfterTime));
+	}
 }

lib/X509/Certificate/Extension/NameConstraints/GeneralSubtrees.php

Indentation +77 added lines, -77 removed lines

@@ -15,87 +15,87 @@
  */
 class GeneralSubtrees implements \Countable, \IteratorAggregate
 {
-    /**
-     * Subtrees.
-     *
-     * @var GeneralSubtree[] $_subtrees
-     */
-    protected $_subtrees;
+	/**
+	 * Subtrees.
+	 *
+	 * @var GeneralSubtree[] $_subtrees
+	 */
+	protected $_subtrees;
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralSubtree ...$subtrees
-     */
-    public function __construct(GeneralSubtree ...$subtrees)
-    {
-        $this->_subtrees = $subtrees;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralSubtree ...$subtrees
+	 */
+	public function __construct(GeneralSubtree ...$subtrees)
+	{
+		$this->_subtrees = $subtrees;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $subtrees = array_map(
-            function (UnspecifiedType $el) {
-                return GeneralSubtree::fromASN1($el->asSequence());
-            }, $seq->elements());
-        if (!count($subtrees)) {
-            throw new \UnexpectedValueException(
-                "GeneralSubtrees must contain at least one GeneralSubtree.");
-        }
-        return new self(...$subtrees);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$subtrees = array_map(
+			function (UnspecifiedType $el) {
+				return GeneralSubtree::fromASN1($el->asSequence());
+			}, $seq->elements());
+		if (!count($subtrees)) {
+			throw new \UnexpectedValueException(
+				"GeneralSubtrees must contain at least one GeneralSubtree.");
+		}
+		return new self(...$subtrees);
+	}
     
-    /**
-     * Get all subtrees.
-     *
-     * @return GeneralSubtree[]
-     */
-    public function all(): array
-    {
-        return $this->_subtrees;
-    }
+	/**
+	 * Get all subtrees.
+	 *
+	 * @return GeneralSubtree[]
+	 */
+	public function all(): array
+	{
+		return $this->_subtrees;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        if (!count($this->_subtrees)) {
-            throw new \LogicException("No subtrees.");
-        }
-        $elements = array_map(
-            function (GeneralSubtree $gs) {
-                return $gs->toASN1();
-            }, $this->_subtrees);
-        return new Sequence(...$elements);
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		if (!count($this->_subtrees)) {
+			throw new \LogicException("No subtrees.");
+		}
+		$elements = array_map(
+			function (GeneralSubtree $gs) {
+				return $gs->toASN1();
+			}, $this->_subtrees);
+		return new Sequence(...$elements);
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_subtrees);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_subtrees);
+	}
     
-    /**
-     * Get iterator for subtrees.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_subtrees);
-    }
+	/**
+	 * Get iterator for subtrees.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_subtrees);
+	}
 }

lib/X509/Certificate/Extension/CertificatePolicy/PolicyInformation.php

Indentation +203 added lines, -203 removed lines

@@ -16,207 +16,207 @@
  */
 class PolicyInformation implements \Countable, \IteratorAggregate
 {
-    /**
-     * Wildcard policy.
-     *
-     * @var string
-     */
-    const OID_ANY_POLICY = "2.5.29.32.0";
-    
-    /**
-     * Policy identifier.
-     *
-     * @var string $_oid
-     */
-    protected $_oid;
-    
-    /**
-     * Policy qualifiers.
-     *
-     * @var PolicyQualifierInfo[] $_qualifiers
-     */
-    protected $_qualifiers;
-    
-    /**
-     * Constructor.
-     *
-     * @param string $oid
-     * @param PolicyQualifierInfo ...$qualifiers
-     */
-    public function __construct(string $oid, PolicyQualifierInfo ...$qualifiers)
-    {
-        $this->_oid = $oid;
-        $this->_qualifiers = array();
-        foreach ($qualifiers as $qual) {
-            $this->_qualifiers[$qual->oid()] = $qual;
-        }
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $oid = $seq->at(0)
-            ->asObjectIdentifier()
-            ->oid();
-        $qualifiers = array();
-        if (count($seq) > 1) {
-            $qualifiers = array_map(
-                function (UnspecifiedType $el) {
-                    return PolicyQualifierInfo::fromASN1($el->asSequence());
-                },
-                $seq->at(1)
-                    ->asSequence()
-                    ->elements());
-        }
-        return new self($oid, ...$qualifiers);
-    }
-    
-    /**
-     * Get policy identifier.
-     *
-     * @return string
-     */
-    public function oid(): string
-    {
-        return $this->_oid;
-    }
-    
-    /**
-     * Check whether this policy is anyPolicy.
-     *
-     * @return bool
-     */
-    public function isAnyPolicy(): bool
-    {
-        return self::OID_ANY_POLICY === $this->_oid;
-    }
-    
-    /**
-     * Get policy qualifiers.
-     *
-     * @return PolicyQualifierInfo[]
-     */
-    public function qualifiers(): array
-    {
-        return array_values($this->_qualifiers);
-    }
-    
-    /**
-     * Check whether qualifier is present.
-     *
-     * @param string $oid
-     * @return boolean
-     */
-    public function has(string $oid): bool
-    {
-        return isset($this->_qualifiers[$oid]);
-    }
-    
-    /**
-     * Get qualifier by OID.
-     *
-     * @param string $oid
-     * @throws \OutOfBoundsException
-     * @return PolicyQualifierInfo
-     */
-    public function get(string $oid): PolicyQualifierInfo
-    {
-        if (!$this->has($oid)) {
-            throw new \LogicException("No $oid qualifier.");
-        }
-        return $this->_qualifiers[$oid];
-    }
-    
-    /**
-     * Check whether CPS qualifier is present.
-     *
-     * @return bool
-     */
-    public function hasCPSQualifier(): bool
-    {
-        return $this->has(PolicyQualifierInfo::OID_CPS);
-    }
-    
-    /**
-     * Get CPS qualifier.
-     *
-     * @throws \LogicException
-     * @return CPSQualifier
-     */
-    public function CPSQualifier(): CPSQualifier
-    {
-        if (!$this->hasCPSQualifier()) {
-            throw new \LogicException("CPS qualifier not set.");
-        }
-        return $this->get(PolicyQualifierInfo::OID_CPS);
-    }
-    
-    /**
-     * Check whether user notice qualifier is present.
-     *
-     * @return bool
-     */
-    public function hasUserNoticeQualifier(): bool
-    {
-        return $this->has(PolicyQualifierInfo::OID_UNOTICE);
-    }
-    
-    /**
-     * Get user notice qualifier.
-     *
-     * @throws \LogicException
-     * @return UserNoticeQualifier
-     */
-    public function userNoticeQualifier(): UserNoticeQualifier
-    {
-        if (!$this->hasUserNoticeQualifier()) {
-            throw new \LogicException("User notice qualifier not set.");
-        }
-        return $this->get(PolicyQualifierInfo::OID_UNOTICE);
-    }
-    
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = array(new ObjectIdentifier($this->_oid));
-        if (count($this->_qualifiers)) {
-            $qualifiers = array_map(
-                function (PolicyQualifierInfo $pqi) {
-                    return $pqi->toASN1();
-                }, array_values($this->_qualifiers));
-            $elements[] = new Sequence(...$qualifiers);
-        }
-        return new Sequence(...$elements);
-    }
-    
-    /**
-     * Get number of qualifiers.
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_qualifiers);
-    }
-    
-    /**
-     * Get iterator for qualifiers.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_qualifiers);
-    }
+	/**
+	 * Wildcard policy.
+	 *
+	 * @var string
+	 */
+	const OID_ANY_POLICY = "2.5.29.32.0";
+    
+	/**
+	 * Policy identifier.
+	 *
+	 * @var string $_oid
+	 */
+	protected $_oid;
+    
+	/**
+	 * Policy qualifiers.
+	 *
+	 * @var PolicyQualifierInfo[] $_qualifiers
+	 */
+	protected $_qualifiers;
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param string $oid
+	 * @param PolicyQualifierInfo ...$qualifiers
+	 */
+	public function __construct(string $oid, PolicyQualifierInfo ...$qualifiers)
+	{
+		$this->_oid = $oid;
+		$this->_qualifiers = array();
+		foreach ($qualifiers as $qual) {
+			$this->_qualifiers[$qual->oid()] = $qual;
+		}
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$oid = $seq->at(0)
+			->asObjectIdentifier()
+			->oid();
+		$qualifiers = array();
+		if (count($seq) > 1) {
+			$qualifiers = array_map(
+				function (UnspecifiedType $el) {
+					return PolicyQualifierInfo::fromASN1($el->asSequence());
+				},
+				$seq->at(1)
+					->asSequence()
+					->elements());
+		}
+		return new self($oid, ...$qualifiers);
+	}
+    
+	/**
+	 * Get policy identifier.
+	 *
+	 * @return string
+	 */
+	public function oid(): string
+	{
+		return $this->_oid;
+	}
+    
+	/**
+	 * Check whether this policy is anyPolicy.
+	 *
+	 * @return bool
+	 */
+	public function isAnyPolicy(): bool
+	{
+		return self::OID_ANY_POLICY === $this->_oid;
+	}
+    
+	/**
+	 * Get policy qualifiers.
+	 *
+	 * @return PolicyQualifierInfo[]
+	 */
+	public function qualifiers(): array
+	{
+		return array_values($this->_qualifiers);
+	}
+    
+	/**
+	 * Check whether qualifier is present.
+	 *
+	 * @param string $oid
+	 * @return boolean
+	 */
+	public function has(string $oid): bool
+	{
+		return isset($this->_qualifiers[$oid]);
+	}
+    
+	/**
+	 * Get qualifier by OID.
+	 *
+	 * @param string $oid
+	 * @throws \OutOfBoundsException
+	 * @return PolicyQualifierInfo
+	 */
+	public function get(string $oid): PolicyQualifierInfo
+	{
+		if (!$this->has($oid)) {
+			throw new \LogicException("No $oid qualifier.");
+		}
+		return $this->_qualifiers[$oid];
+	}
+    
+	/**
+	 * Check whether CPS qualifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasCPSQualifier(): bool
+	{
+		return $this->has(PolicyQualifierInfo::OID_CPS);
+	}
+    
+	/**
+	 * Get CPS qualifier.
+	 *
+	 * @throws \LogicException
+	 * @return CPSQualifier
+	 */
+	public function CPSQualifier(): CPSQualifier
+	{
+		if (!$this->hasCPSQualifier()) {
+			throw new \LogicException("CPS qualifier not set.");
+		}
+		return $this->get(PolicyQualifierInfo::OID_CPS);
+	}
+    
+	/**
+	 * Check whether user notice qualifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasUserNoticeQualifier(): bool
+	{
+		return $this->has(PolicyQualifierInfo::OID_UNOTICE);
+	}
+    
+	/**
+	 * Get user notice qualifier.
+	 *
+	 * @throws \LogicException
+	 * @return UserNoticeQualifier
+	 */
+	public function userNoticeQualifier(): UserNoticeQualifier
+	{
+		if (!$this->hasUserNoticeQualifier()) {
+			throw new \LogicException("User notice qualifier not set.");
+		}
+		return $this->get(PolicyQualifierInfo::OID_UNOTICE);
+	}
+    
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = array(new ObjectIdentifier($this->_oid));
+		if (count($this->_qualifiers)) {
+			$qualifiers = array_map(
+				function (PolicyQualifierInfo $pqi) {
+					return $pqi->toASN1();
+				}, array_values($this->_qualifiers));
+			$elements[] = new Sequence(...$qualifiers);
+		}
+		return new Sequence(...$elements);
+	}
+    
+	/**
+	 * Get number of qualifiers.
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_qualifiers);
+	}
+    
+	/**
+	 * Get iterator for qualifiers.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_qualifiers);
+	}
 }

lib/X509/Certificate/Extension/CertificatePolicy/NoticeReference.php

Indentation +73 added lines, -73 removed lines

@@ -16,83 +16,83 @@
  */
 class NoticeReference
 {
-    /**
-     * Organization.
-     *
-     * @var DisplayText $_organization
-     */
-    protected $_organization;
+	/**
+	 * Organization.
+	 *
+	 * @var DisplayText $_organization
+	 */
+	protected $_organization;
     
-    /**
-     * Notification reference numbers.
-     *
-     * @var int[] $_numbers
-     */
-    protected $_numbers;
+	/**
+	 * Notification reference numbers.
+	 *
+	 * @var int[] $_numbers
+	 */
+	protected $_numbers;
     
-    /**
-     * Constructor.
-     *
-     * @param DisplayText $organization
-     * @param int ...$numbers
-     */
-    public function __construct(DisplayText $organization, int ...$numbers)
-    {
-        $this->_organization = $organization;
-        $this->_numbers = $numbers;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param DisplayText $organization
+	 * @param int ...$numbers
+	 */
+	public function __construct(DisplayText $organization, int ...$numbers)
+	{
+		$this->_organization = $organization;
+		$this->_numbers = $numbers;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $org = DisplayText::fromASN1($seq->at(0)->asString());
-        $numbers = array_map(
-            function (UnspecifiedType $el) {
-                return $el->asInteger()->intNumber();
-            },
-            $seq->at(1)
-                ->asSequence()
-                ->elements());
-        return new self($org, ...$numbers);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$org = DisplayText::fromASN1($seq->at(0)->asString());
+		$numbers = array_map(
+			function (UnspecifiedType $el) {
+				return $el->asInteger()->intNumber();
+			},
+			$seq->at(1)
+				->asSequence()
+				->elements());
+		return new self($org, ...$numbers);
+	}
     
-    /**
-     * Get reference organization.
-     *
-     * @return DisplayText
-     */
-    public function organization(): DisplayText
-    {
-        return $this->_organization;
-    }
+	/**
+	 * Get reference organization.
+	 *
+	 * @return DisplayText
+	 */
+	public function organization(): DisplayText
+	{
+		return $this->_organization;
+	}
     
-    /**
-     * Get reference numbers.
-     *
-     * @return int[]
-     */
-    public function numbers(): array
-    {
-        return $this->_numbers;
-    }
+	/**
+	 * Get reference numbers.
+	 *
+	 * @return int[]
+	 */
+	public function numbers(): array
+	{
+		return $this->_numbers;
+	}
     
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $org = $this->_organization->toASN1();
-        $nums = array_map(
-            function ($number) {
-                return new Integer($number);
-            }, $this->_numbers);
-        return new Sequence($org, new Sequence(...$nums));
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$org = $this->_organization->toASN1();
+		$nums = array_map(
+			function ($number) {
+				return new Integer($number);
+			}, $this->_numbers);
+		return new Sequence($org, new Sequence(...$nums));
+	}
 }

lib/X509/Certificate/UniqueIdentifier.php

Indentation +62 added lines, -62 removed lines

@@ -13,72 +13,72 @@
  */
 class UniqueIdentifier
 {
-    /**
-     * Identifier.
-     *
-     * @var BitString $_uid
-     */
-    protected $_uid;
+	/**
+	 * Identifier.
+	 *
+	 * @var BitString $_uid
+	 */
+	protected $_uid;
     
-    /**
-     * Constructor.
-     *
-     * @param BitString $bs
-     */
-    public function __construct(BitString $bs)
-    {
-        $this->_uid = $bs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param BitString $bs
+	 */
+	public function __construct(BitString $bs)
+	{
+		$this->_uid = $bs;
+	}
     
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param BitString $bs
-     * @return self
-     */
-    public static function fromASN1(BitString $bs): UniqueIdentifier
-    {
-        return new self($bs);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param BitString $bs
+	 * @return self
+	 */
+	public static function fromASN1(BitString $bs): UniqueIdentifier
+	{
+		return new self($bs);
+	}
     
-    /**
-     * Initialize from string.
-     *
-     * @param string $str
-     * @return self
-     */
-    public static function fromString(string $str): UniqueIdentifier
-    {
-        return new self(new BitString($str));
-    }
+	/**
+	 * Initialize from string.
+	 *
+	 * @param string $str
+	 * @return self
+	 */
+	public static function fromString(string $str): UniqueIdentifier
+	{
+		return new self(new BitString($str));
+	}
     
-    /**
-     * Get unique identifier as a string.
-     *
-     * @return string
-     */
-    public function string(): string
-    {
-        return $this->_uid->string();
-    }
+	/**
+	 * Get unique identifier as a string.
+	 *
+	 * @return string
+	 */
+	public function string(): string
+	{
+		return $this->_uid->string();
+	}
     
-    /**
-     * Get unique identifier as a bit string.
-     *
-     * @return BitString
-     */
-    public function bitString(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get unique identifier as a bit string.
+	 *
+	 * @return BitString
+	 */
+	public function bitString(): BitString
+	{
+		return $this->_uid;
+	}
     
-    /**
-     * Get ASN.1 element.
-     *
-     * @return BitString
-     */
-    public function toASN1(): BitString
-    {
-        return $this->_uid;
-    }
+	/**
+	 * Get ASN.1 element.
+	 *
+	 * @return BitString
+	 */
+	public function toASN1(): BitString
+	{
+		return $this->_uid;
+	}
 }

lib/X509/Certificate/CertificateBundle.php

Indentation +189 added lines, -189 removed lines

@@ -12,208 +12,208 @@
  */
 class CertificateBundle implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certificates.
-     *
-     * @var Certificate[] $_certs
-     */
-    protected $_certs;
+	/**
+	 * Certificates.
+	 *
+	 * @var Certificate[] $_certs
+	 */
+	protected $_certs;
     
-    /**
-     * Mapping from public key id to array of certificates.
-     *
-     * @var null|(Certificate[])[]
-     */
-    private $_keyIdMap;
+	/**
+	 * Mapping from public key id to array of certificates.
+	 *
+	 * @var null|(Certificate[])[]
+	 */
+	private $_keyIdMap;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certs Certificate objects
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certs Certificate objects
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
     
-    /**
-     * Reset internal cached variables on clone.
-     */
-    public function __clone()
-    {
-        $this->_keyIdMap = null;
-    }
+	/**
+	 * Reset internal cached variables on clone.
+	 */
+	public function __clone()
+	{
+		$this->_keyIdMap = null;
+	}
     
-    /**
-     * Initialize from PEMs.
-     *
-     * @param PEM ...$pems PEM objects
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems): self
-    {
-        $certs = array_map(
-            function ($pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from PEMs.
+	 *
+	 * @param PEM ...$pems PEM objects
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems): self
+	{
+		$certs = array_map(
+			function ($pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
     
-    /**
-     * Initialize from PEM bundle.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public static function fromPEMBundle(PEMBundle $pem_bundle): self
-    {
-        return self::fromPEMs(...$pem_bundle->all());
-    }
+	/**
+	 * Initialize from PEM bundle.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public static function fromPEMBundle(PEMBundle $pem_bundle): self
+	{
+		return self::fromPEMs(...$pem_bundle->all());
+	}
     
-    /**
-     * Get self with certificates added.
-     *
-     * @param Certificate ...$cert
-     * @return self
-     */
-    public function withCertificates(Certificate ...$cert): self
-    {
-        $obj = clone $this;
-        $obj->_certs = array_merge($obj->_certs, $cert);
-        return $obj;
-    }
+	/**
+	 * Get self with certificates added.
+	 *
+	 * @param Certificate ...$cert
+	 * @return self
+	 */
+	public function withCertificates(Certificate ...$cert): self
+	{
+		$obj = clone $this;
+		$obj->_certs = array_merge($obj->_certs, $cert);
+		return $obj;
+	}
     
-    /**
-     * Get self with certificates from PEMBundle added.
-     *
-     * @param PEMBundle $pem_bundle
-     * @return self
-     */
-    public function withPEMBundle(PEMBundle $pem_bundle): self
-    {
-        $certs = $this->_certs;
-        foreach ($pem_bundle as $pem) {
-            $certs[] = Certificate::fromPEM($pem);
-        }
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with certificates from PEMBundle added.
+	 *
+	 * @param PEMBundle $pem_bundle
+	 * @return self
+	 */
+	public function withPEMBundle(PEMBundle $pem_bundle): self
+	{
+		$certs = $this->_certs;
+		foreach ($pem_bundle as $pem) {
+			$certs[] = Certificate::fromPEM($pem);
+		}
+		return new self(...$certs);
+	}
     
-    /**
-     * Get self with single certificate from PEM added.
-     *
-     * @param PEM $pem
-     * @return self
-     */
-    public function withPEM(PEM $pem): self
-    {
-        $certs = $this->_certs;
-        $certs[] = Certificate::fromPEM($pem);
-        return new self(...$certs);
-    }
+	/**
+	 * Get self with single certificate from PEM added.
+	 *
+	 * @param PEM $pem
+	 * @return self
+	 */
+	public function withPEM(PEM $pem): self
+	{
+		$certs = $this->_certs;
+		$certs[] = Certificate::fromPEM($pem);
+		return new self(...$certs);
+	}
     
-    /**
-     * Check whether bundle contains a given certificate.
-     *
-     * @param Certificate $cert
-     * @return bool
-     */
-    public function contains(Certificate $cert): bool
-    {
-        $id = self::_getCertKeyId($cert);
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return false;
-        }
-        foreach ($map[$id] as $c) {
-            /** @var Certificate $c */
-            if ($cert->equals($c)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether bundle contains a given certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return bool
+	 */
+	public function contains(Certificate $cert): bool
+	{
+		$id = self::_getCertKeyId($cert);
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return false;
+		}
+		foreach ($map[$id] as $c) {
+			/** @var Certificate $c */
+			if ($cert->equals($c)) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Get all certificates that have given subject key identifier.
-     *
-     * @param string $id
-     * @return Certificate[]
-     */
-    public function allBySubjectKeyIdentifier(string $id): array
-    {
-        $map = $this->_getKeyIdMap();
-        if (!isset($map[$id])) {
-            return array();
-        }
-        return $map[$id];
-    }
+	/**
+	 * Get all certificates that have given subject key identifier.
+	 *
+	 * @param string $id
+	 * @return Certificate[]
+	 */
+	public function allBySubjectKeyIdentifier(string $id): array
+	{
+		$map = $this->_getKeyIdMap();
+		if (!isset($map[$id])) {
+			return array();
+		}
+		return $map[$id];
+	}
     
-    /**
-     * Get all certificates in a bundle.
-     *
-     * @return Certificate[]
-     */
-    public function all(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a bundle.
+	 *
+	 * @return Certificate[]
+	 */
+	public function all(): array
+	{
+		return $this->_certs;
+	}
     
-    /**
-     * Get certificate mapping by public key id.
-     *
-     * @return (Certificate[])[]
-     */
-    private function _getKeyIdMap(): array
-    {
-        // lazily build mapping
-        if (!isset($this->_keyIdMap)) {
-            $this->_keyIdMap = array();
-            foreach ($this->_certs as $cert) {
-                $id = self::_getCertKeyId($cert);
-                if (!isset($this->_keyIdMap[$id])) {
-                    $this->_keyIdMap[$id] = array();
-                }
-                array_push($this->_keyIdMap[$id], $cert);
-            }
-        }
-        return $this->_keyIdMap;
-    }
+	/**
+	 * Get certificate mapping by public key id.
+	 *
+	 * @return (Certificate[])[]
+	 */
+	private function _getKeyIdMap(): array
+	{
+		// lazily build mapping
+		if (!isset($this->_keyIdMap)) {
+			$this->_keyIdMap = array();
+			foreach ($this->_certs as $cert) {
+				$id = self::_getCertKeyId($cert);
+				if (!isset($this->_keyIdMap[$id])) {
+					$this->_keyIdMap[$id] = array();
+				}
+				array_push($this->_keyIdMap[$id], $cert);
+			}
+		}
+		return $this->_keyIdMap;
+	}
     
-    /**
-     * Get public key id for the certificate.
-     *
-     * @param Certificate $cert
-     * @return string
-     */
-    private static function _getCertKeyId(Certificate $cert): string
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasSubjectKeyIdentifier()) {
-            return $exts->subjectKeyIdentifier()->keyIdentifier();
-        }
-        return $cert->tbsCertificate()
-            ->subjectPublicKeyInfo()
-            ->keyIdentifier();
-    }
+	/**
+	 * Get public key id for the certificate.
+	 *
+	 * @param Certificate $cert
+	 * @return string
+	 */
+	private static function _getCertKeyId(Certificate $cert): string
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasSubjectKeyIdentifier()) {
+			return $exts->subjectKeyIdentifier()->keyIdentifier();
+		}
+		return $cert->tbsCertificate()
+			->subjectPublicKeyInfo()
+			->keyIdentifier();
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }