Inspection of "Rename variable" - sop/x509 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — php72 ( 84962a...e2a8e9 )

by Joni

created 2019-05-09 13:14 UTC

Status

Indentation +122 added lines, -122 removed lines patch added patch discarded remove patch

@@ -13,136 +13,136 @@
 block discarded – undo
  */
 class CertificateChain implements \Countable, \IteratorAggregate
 {
-    /**
-     * List of certificates in a chain.
-     *
-     * @var Certificate[]
-     */
-    protected $_certs;
+	/**
+	 * List of certificates in a chain.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certs;
 
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certs List of certificates, end-entity first
-     */
-    public function __construct(Certificate ...$certs)
-    {
-        $this->_certs = $certs;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certs List of certificates, end-entity first
+	 */
+	public function __construct(Certificate ...$certs)
+	{
+		$this->_certs = $certs;
+	}
 
-    /**
-     * Initialize from a list of PEMs.
-     *
-     * @param PEM ...$pems
-     *
-     * @return self
-     */
-    public static function fromPEMs(PEM ...$pems): self
-    {
-        $certs = array_map(
-            function (PEM $pem) {
-                return Certificate::fromPEM($pem);
-            }, $pems);
-        return new self(...$certs);
-    }
+	/**
+	 * Initialize from a list of PEMs.
+	 *
+	 * @param PEM ...$pems
+	 *
+	 * @return self
+	 */
+	public static function fromPEMs(PEM ...$pems): self
+	{
+		$certs = array_map(
+			function (PEM $pem) {
+				return Certificate::fromPEM($pem);
+			}, $pems);
+		return new self(...$certs);
+	}
 
-    /**
-     * Initialize from a string containing multiple PEM blocks.
-     *
-     * @param string $str
-     *
-     * @return self
-     */
-    public static function fromPEMString(string $str): self
-    {
-        $pems = PEMBundle::fromString($str)->all();
-        return self::fromPEMs(...$pems);
-    }
+	/**
+	 * Initialize from a string containing multiple PEM blocks.
+	 *
+	 * @param string $str
+	 *
+	 * @return self
+	 */
+	public static function fromPEMString(string $str): self
+	{
+		$pems = PEMBundle::fromString($str)->all();
+		return self::fromPEMs(...$pems);
+	}
 
-    /**
-     * Get all certificates in a chain ordered from the end-entity certificate
-     * to the trust anchor.
-     *
-     * @return Certificate[]
-     */
-    public function certificates(): array
-    {
-        return $this->_certs;
-    }
+	/**
+	 * Get all certificates in a chain ordered from the end-entity certificate
+	 * to the trust anchor.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates(): array
+	{
+		return $this->_certs;
+	}
 
-    /**
-     * Get the end-entity certificate.
-     *
-     * @throws \LogicException
-     *
-     * @return Certificate
-     */
-    public function endEntityCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException('No certificates.');
-        }
-        return $this->_certs[0];
-    }
+	/**
+	 * Get the end-entity certificate.
+	 *
+	 * @throws \LogicException
+	 *
+	 * @return Certificate
+	 */
+	public function endEntityCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException('No certificates.');
+		}
+		return $this->_certs[0];
+	}
 
-    /**
-     * Get the trust anchor certificate.
-     *
-     * @throws \LogicException
-     *
-     * @return Certificate
-     */
-    public function trustAnchorCertificate(): Certificate
-    {
-        if (!count($this->_certs)) {
-            throw new \LogicException('No certificates.');
-        }
-        return $this->_certs[count($this->_certs) - 1];
-    }
+	/**
+	 * Get the trust anchor certificate.
+	 *
+	 * @throws \LogicException
+	 *
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate(): Certificate
+	{
+		if (!count($this->_certs)) {
+			throw new \LogicException('No certificates.');
+		}
+		return $this->_certs[count($this->_certs) - 1];
+	}
 
-    /**
-     * Convert certificate chain to certification path.
-     *
-     * @return CertificationPath
-     */
-    public function certificationPath(): CertificationPath
-    {
-        return CertificationPath::fromCertificateChain($this);
-    }
+	/**
+	 * Convert certificate chain to certification path.
+	 *
+	 * @return CertificationPath
+	 */
+	public function certificationPath(): CertificationPath
+	{
+		return CertificationPath::fromCertificateChain($this);
+	}
 
-    /**
-     * Convert certificate chain to string of PEM blocks.
-     *
-     * @return string
-     */
-    public function toPEMString(): string
-    {
-        return implode("\n",
-            array_map(
-                function (Certificate $cert) {
-                    return $cert->toPEM()->string();
-                }, $this->_certs));
-    }
+	/**
+	 * Convert certificate chain to string of PEM blocks.
+	 *
+	 * @return string
+	 */
+	public function toPEMString(): string
+	{
+		return implode("\n",
+			array_map(
+				function (Certificate $cert) {
+					return $cert->toPEM()->string();
+				}, $this->_certs));
+	}
 
-    /**
-     * @see \Countable::count()
-     *
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certs);
-    }
+	/**
+	 * @see \Countable::count()
+	 *
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certs);
+	}
 
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     *
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certs);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 *
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certs);
+	}
 }

Please login to merge, or discard this patch.

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@  discard block
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\Certificate;
 
@@ -40,7 +40,7 @@  discard block
 block discarded – undo
     public static function fromPEMs(PEM ...$pems): self
     {
         $certs = array_map(
-            function (PEM $pem) {
+            function(PEM $pem) {
                 return Certificate::fromPEM($pem);
             }, $pems);
         return new self(...$certs);
@@ -119,7 +119,7 @@  discard block
 block discarded – undo
     {
         return implode("\n",
             array_map(
-                function (Certificate $cert) {
+                function(Certificate $cert) {
                     return $cert->toPEM()->string();
                 }, $this->_certs));
     }

Please login to merge, or discard this patch.

lib/X509/Certificate/TBSCertificate.php 2 patches

Indentation +618 added lines, -618 removed lines patch added patch discarded remove patch

@@ -27,622 +27,622 @@
 block discarded – undo
  */
 class TBSCertificate
 {
-    // Certificate version enumerations
-    const VERSION_1 = 0;
-    const VERSION_2 = 1;
-    const VERSION_3 = 2;
-
-    /**
-     * Certificate version.
-     *
-     * @var null|int
-     */
-    protected $_version;
-
-    /**
-     * Serial number.
-     *
-     * @var null|string
-     */
-    protected $_serialNumber;
-
-    /**
-     * Signature algorithm.
-     *
-     * @var null|SignatureAlgorithmIdentifier
-     */
-    protected $_signature;
-
-    /**
-     * Certificate issuer.
-     *
-     * @var Name
-     */
-    protected $_issuer;
-
-    /**
-     * Certificate validity period.
-     *
-     * @var Validity
-     */
-    protected $_validity;
-
-    /**
-     * Certificate subject.
-     *
-     * @var Name
-     */
-    protected $_subject;
-
-    /**
-     * Subject public key.
-     *
-     * @var PublicKeyInfo
-     */
-    protected $_subjectPublicKeyInfo;
-
-    /**
-     * Issuer unique identifier.
-     *
-     * @var null|UniqueIdentifier
-     */
-    protected $_issuerUniqueID;
-
-    /**
-     * Subject unique identifier.
-     *
-     * @var null|UniqueIdentifier
-     */
-    protected $_subjectUniqueID;
-
-    /**
-     * Extensions.
-     *
-     * @var Extensions
-     */
-    protected $_extensions;
-
-    /**
-     * Constructor.
-     *
-     * @param Name          $subject  Certificate subject
-     * @param PublicKeyInfo $pki      Subject public key
-     * @param Name          $issuer   Certificate issuer
-     * @param Validity      $validity Validity period
-     */
-    public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
-        Validity $validity)
-    {
-        $this->_subject = $subject;
-        $this->_subjectPublicKeyInfo = $pki;
-        $this->_issuer = $issuer;
-        $this->_validity = $validity;
-        $this->_extensions = new Extensions();
-    }
-
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     *
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $idx = 0;
-        if ($seq->hasTagged(0)) {
-            ++$idx;
-            $version = $seq->getTagged(0)->asExplicit()->asInteger()->intNumber();
-        } else {
-            $version = self::VERSION_1;
-        }
-        $serial = $seq->at($idx++)->asInteger()->number();
-        $algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                'Unsupported signature algorithm ' . $algo->name() . '.');
-        }
-        $issuer = Name::fromASN1($seq->at($idx++)->asSequence());
-        $validity = Validity::fromASN1($seq->at($idx++)->asSequence());
-        $subject = Name::fromASN1($seq->at($idx++)->asSequence());
-        $pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
-        $tbs_cert = new self($subject, $pki, $issuer, $validity);
-        $tbs_cert->_version = $version;
-        $tbs_cert->_serialNumber = $serial;
-        $tbs_cert->_signature = $algo;
-        if ($seq->hasTagged(1)) {
-            $tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(1)->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(2)) {
-            $tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
-                $seq->getTagged(2)->asImplicit(Element::TYPE_BIT_STRING)
-                    ->asBitString());
-        }
-        if ($seq->hasTagged(3)) {
-            $tbs_cert->_extensions = Extensions::fromASN1(
-                $seq->getTagged(3)->asExplicit()->asSequence());
-        }
-        return $tbs_cert;
-    }
-
-    /**
-     * Initialize from certification request.
-     *
-     * Note that signature is not verified and must be done by the caller.
-     *
-     * @param CertificationRequest $cr
-     *
-     * @return self
-     */
-    public static function fromCSR(CertificationRequest $cr): self
-    {
-        $cri = $cr->certificationRequestInfo();
-        $tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
-            Validity::fromStrings(null, null));
-        // if CSR has Extension Request attribute
-        if ($cri->hasAttributes()) {
-            $attribs = $cri->attributes();
-            if ($attribs->hasExtensionRequest()) {
-                $tbs_cert = $tbs_cert->withExtensions(
-                    $attribs->extensionRequest()->extensions());
-            }
-        }
-        // add Subject Key Identifier extension
-        return $tbs_cert->withAdditionalExtensions(
-            new SubjectKeyIdentifierExtension(false,
-                $cri->subjectPKInfo()->keyIdentifier()));
-    }
-
-    /**
-     * Get self with fields set from the issuer's certificate.
-     *
-     * Issuer shall be set to issuing certificate's subject.
-     * Authority key identifier extensions shall be added with a key identifier
-     * set to issuing certificate's public key identifier.
-     *
-     * @param Certificate $cert Issuing party's certificate
-     *
-     * @return self
-     */
-    public function withIssuerCertificate(Certificate $cert): self
-    {
-        $obj = clone $this;
-        // set issuer DN from cert's subject
-        $obj->_issuer = $cert->tbsCertificate()->subject();
-        // add authority key identifier extension
-        $key_id = $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
-        $obj->_extensions = $obj->_extensions->withExtensions(
-            new AuthorityKeyIdentifierExtension(false, $key_id));
-        return $obj;
-    }
-
-    /**
-     * Get self with given version.
-     *
-     * If version is not set, appropriate version is automatically
-     * determined during signing.
-     *
-     * @param int $version
-     *
-     * @return self
-     */
-    public function withVersion(int $version): self
-    {
-        $obj = clone $this;
-        $obj->_version = $version;
-        return $obj;
-    }
-
-    /**
-     * Get self with given serial number.
-     *
-     * @param int|string $serial Base 10 number
-     *
-     * @return self
-     */
-    public function withSerialNumber($serial): self
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = strval($serial);
-        return $obj;
-    }
-
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     *
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16): self
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-
-    /**
-     * Get self with given signature algorithm.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     *
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo): self
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-
-    /**
-     * Get self with given issuer.
-     *
-     * @param Name $issuer
-     *
-     * @return self
-     */
-    public function withIssuer(Name $issuer): self
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-
-    /**
-     * Get self with given validity.
-     *
-     * @param Validity $validity
-     *
-     * @return self
-     */
-    public function withValidity(Validity $validity): self
-    {
-        $obj = clone $this;
-        $obj->_validity = $validity;
-        return $obj;
-    }
-
-    /**
-     * Get self with given subject.
-     *
-     * @param Name $subject
-     *
-     * @return self
-     */
-    public function withSubject(Name $subject): self
-    {
-        $obj = clone $this;
-        $obj->_subject = $subject;
-        return $obj;
-    }
-
-    /**
-     * Get self with given subject public key info.
-     *
-     * @param PublicKeyInfo $pub_key_info
-     *
-     * @return self
-     */
-    public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info): self
-    {
-        $obj = clone $this;
-        $obj->_subjectPublicKeyInfo = $pub_key_info;
-        return $obj;
-    }
-
-    /**
-     * Get self with issuer unique ID.
-     *
-     * @param UniqueIdentifier $id
-     *
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $id): self
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $id;
-        return $obj;
-    }
-
-    /**
-     * Get self with subject unique ID.
-     *
-     * @param UniqueIdentifier $id
-     *
-     * @return self
-     */
-    public function withSubjectUniqueID(UniqueIdentifier $id): self
-    {
-        $obj = clone $this;
-        $obj->_subjectUniqueID = $id;
-        return $obj;
-    }
-
-    /**
-     * Get self with given extensions.
-     *
-     * @param Extensions $extensions
-     *
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     *
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-
-    /**
-     * Check whether version is set.
-     *
-     * @return bool
-     */
-    public function hasVersion(): bool
-    {
-        return isset($this->_version);
-    }
-
-    /**
-     * Get certificate version.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        if (!$this->hasVersion()) {
-            throw new \LogicException('version not set.');
-        }
-        return $this->_version;
-    }
-
-    /**
-     * Check whether serial number is set.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-
-    /**
-     * Get serial number.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return string Base 10 integer
-     */
-    public function serialNumber(): string
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException('serialNumber not set.');
-        }
-        return $this->_serialNumber;
-    }
-
-    /**
-     * Check whether signature algorithm is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-
-    /**
-     * Get signature algorithm.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature(): SignatureAlgorithmIdentifier
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException('signature not set.');
-        }
-        return $this->_signature;
-    }
-
-    /**
-     * Get issuer.
-     *
-     * @return Name
-     */
-    public function issuer(): Name
-    {
-        return $this->_issuer;
-    }
-
-    /**
-     * Get validity period.
-     *
-     * @return Validity
-     */
-    public function validity(): Validity
-    {
-        return $this->_validity;
-    }
-
-    /**
-     * Get subject.
-     *
-     * @return Name
-     */
-    public function subject(): Name
-    {
-        return $this->_subject;
-    }
-
-    /**
-     * Get subject public key.
-     *
-     * @return PublicKeyInfo
-     */
-    public function subjectPublicKeyInfo(): PublicKeyInfo
-    {
-        return $this->_subjectPublicKeyInfo;
-    }
-
-    /**
-     * Whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-
-    /**
-     * Get issuerUniqueID.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException('issuerUniqueID not set.');
-        }
-        return $this->_issuerUniqueID;
-    }
-
-    /**
-     * Whether subject unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasSubjectUniqueID(): bool
-    {
-        return isset($this->_subjectUniqueID);
-    }
-
-    /**
-     * Get subjectUniqueID.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return UniqueIdentifier
-     */
-    public function subjectUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasSubjectUniqueID()) {
-            throw new \LogicException('subjectUniqueID not set.');
-        }
-        return $this->_subjectUniqueID;
-    }
-
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
-
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = [];
-        $version = $this->version();
-        // if version is not default
-        if (self::VERSION_1 != $version) {
-            $elements[] = new ExplicitlyTaggedType(0, new Integer($version));
-        }
-        $serial = $this->serialNumber();
-        $signature = $this->signature();
-        // add required elements
-        array_push($elements, new Integer($serial), $signature->toASN1(),
-            $this->_issuer->toASN1(), $this->_validity->toASN1(),
-            $this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(1,
-                $this->_issuerUniqueID->toASN1());
-        }
-        if (isset($this->_subjectUniqueID)) {
-            $elements[] = new ImplicitlyTaggedType(2,
-                $this->_subjectUniqueID->toASN1());
-        }
-        if (count($this->_extensions)) {
-            $elements[] = new ExplicitlyTaggedType(3,
-                $this->_extensions->toASN1());
-        }
-        return new Sequence(...$elements);
-    }
-
-    /**
-     * Create signed certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo         Algorithm used for signing
-     * @param PrivateKeyInfo               $privkey_info Private key used for signing
-     * @param null|Crypto                  $crypto       Crypto engine, use default if not set
-     *
-     * @return Certificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, ?Crypto $crypto = null): Certificate
-    {
-        $crypto = $crypto ?? Crypto::getDefault();
-        $tbs_cert = clone $this;
-        if (!isset($tbs_cert->_version)) {
-            $tbs_cert->_version = $tbs_cert->_determineVersion();
-        }
-        if (!isset($tbs_cert->_serialNumber)) {
-            $tbs_cert->_serialNumber = strval(0);
-        }
-        $tbs_cert->_signature = $algo;
-        $data = $tbs_cert->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new Certificate($tbs_cert, $algo, $signature);
-    }
-
-    /**
-     * Determine minimum version for the certificate.
-     *
-     * @return int
-     */
-    protected function _determineVersion(): int
-    {
-        // if extensions are present
-        if (count($this->_extensions)) {
-            return self::VERSION_3;
-        }
-        // if UniqueIdentifier is present
-        if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
-            return self::VERSION_2;
-        }
-        return self::VERSION_1;
-    }
+	// Certificate version enumerations
+	const VERSION_1 = 0;
+	const VERSION_2 = 1;
+	const VERSION_3 = 2;
+
+	/**
+	 * Certificate version.
+	 *
+	 * @var null|int
+	 */
+	protected $_version;
+
+	/**
+	 * Serial number.
+	 *
+	 * @var null|string
+	 */
+	protected $_serialNumber;
+
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var null|SignatureAlgorithmIdentifier
+	 */
+	protected $_signature;
+
+	/**
+	 * Certificate issuer.
+	 *
+	 * @var Name
+	 */
+	protected $_issuer;
+
+	/**
+	 * Certificate validity period.
+	 *
+	 * @var Validity
+	 */
+	protected $_validity;
+
+	/**
+	 * Certificate subject.
+	 *
+	 * @var Name
+	 */
+	protected $_subject;
+
+	/**
+	 * Subject public key.
+	 *
+	 * @var PublicKeyInfo
+	 */
+	protected $_subjectPublicKeyInfo;
+
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var null|UniqueIdentifier
+	 */
+	protected $_issuerUniqueID;
+
+	/**
+	 * Subject unique identifier.
+	 *
+	 * @var null|UniqueIdentifier
+	 */
+	protected $_subjectUniqueID;
+
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions
+	 */
+	protected $_extensions;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param Name          $subject  Certificate subject
+	 * @param PublicKeyInfo $pki      Subject public key
+	 * @param Name          $issuer   Certificate issuer
+	 * @param Validity      $validity Validity period
+	 */
+	public function __construct(Name $subject, PublicKeyInfo $pki, Name $issuer,
+		Validity $validity)
+	{
+		$this->_subject = $subject;
+		$this->_subjectPublicKeyInfo = $pki;
+		$this->_issuer = $issuer;
+		$this->_validity = $validity;
+		$this->_extensions = new Extensions();
+	}
+
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$idx = 0;
+		if ($seq->hasTagged(0)) {
+			++$idx;
+			$version = $seq->getTagged(0)->asExplicit()->asInteger()->intNumber();
+		} else {
+			$version = self::VERSION_1;
+		}
+		$serial = $seq->at($idx++)->asInteger()->number();
+		$algo = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				'Unsupported signature algorithm ' . $algo->name() . '.');
+		}
+		$issuer = Name::fromASN1($seq->at($idx++)->asSequence());
+		$validity = Validity::fromASN1($seq->at($idx++)->asSequence());
+		$subject = Name::fromASN1($seq->at($idx++)->asSequence());
+		$pki = PublicKeyInfo::fromASN1($seq->at($idx++)->asSequence());
+		$tbs_cert = new self($subject, $pki, $issuer, $validity);
+		$tbs_cert->_version = $version;
+		$tbs_cert->_serialNumber = $serial;
+		$tbs_cert->_signature = $algo;
+		if ($seq->hasTagged(1)) {
+			$tbs_cert->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(1)->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(2)) {
+			$tbs_cert->_subjectUniqueID = UniqueIdentifier::fromASN1(
+				$seq->getTagged(2)->asImplicit(Element::TYPE_BIT_STRING)
+					->asBitString());
+		}
+		if ($seq->hasTagged(3)) {
+			$tbs_cert->_extensions = Extensions::fromASN1(
+				$seq->getTagged(3)->asExplicit()->asSequence());
+		}
+		return $tbs_cert;
+	}
+
+	/**
+	 * Initialize from certification request.
+	 *
+	 * Note that signature is not verified and must be done by the caller.
+	 *
+	 * @param CertificationRequest $cr
+	 *
+	 * @return self
+	 */
+	public static function fromCSR(CertificationRequest $cr): self
+	{
+		$cri = $cr->certificationRequestInfo();
+		$tbs_cert = new self($cri->subject(), $cri->subjectPKInfo(), new Name(),
+			Validity::fromStrings(null, null));
+		// if CSR has Extension Request attribute
+		if ($cri->hasAttributes()) {
+			$attribs = $cri->attributes();
+			if ($attribs->hasExtensionRequest()) {
+				$tbs_cert = $tbs_cert->withExtensions(
+					$attribs->extensionRequest()->extensions());
+			}
+		}
+		// add Subject Key Identifier extension
+		return $tbs_cert->withAdditionalExtensions(
+			new SubjectKeyIdentifierExtension(false,
+				$cri->subjectPKInfo()->keyIdentifier()));
+	}
+
+	/**
+	 * Get self with fields set from the issuer's certificate.
+	 *
+	 * Issuer shall be set to issuing certificate's subject.
+	 * Authority key identifier extensions shall be added with a key identifier
+	 * set to issuing certificate's public key identifier.
+	 *
+	 * @param Certificate $cert Issuing party's certificate
+	 *
+	 * @return self
+	 */
+	public function withIssuerCertificate(Certificate $cert): self
+	{
+		$obj = clone $this;
+		// set issuer DN from cert's subject
+		$obj->_issuer = $cert->tbsCertificate()->subject();
+		// add authority key identifier extension
+		$key_id = $cert->tbsCertificate()->subjectPublicKeyInfo()->keyIdentifier();
+		$obj->_extensions = $obj->_extensions->withExtensions(
+			new AuthorityKeyIdentifierExtension(false, $key_id));
+		return $obj;
+	}
+
+	/**
+	 * Get self with given version.
+	 *
+	 * If version is not set, appropriate version is automatically
+	 * determined during signing.
+	 *
+	 * @param int $version
+	 *
+	 * @return self
+	 */
+	public function withVersion(int $version): self
+	{
+		$obj = clone $this;
+		$obj->_version = $version;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given serial number.
+	 *
+	 * @param int|string $serial Base 10 number
+	 *
+	 * @return self
+	 */
+	public function withSerialNumber($serial): self
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = strval($serial);
+		return $obj;
+	}
+
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 *
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16): self
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+
+	/**
+	 * Get self with given signature algorithm.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 *
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo): self
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given issuer.
+	 *
+	 * @param Name $issuer
+	 *
+	 * @return self
+	 */
+	public function withIssuer(Name $issuer): self
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given validity.
+	 *
+	 * @param Validity $validity
+	 *
+	 * @return self
+	 */
+	public function withValidity(Validity $validity): self
+	{
+		$obj = clone $this;
+		$obj->_validity = $validity;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given subject.
+	 *
+	 * @param Name $subject
+	 *
+	 * @return self
+	 */
+	public function withSubject(Name $subject): self
+	{
+		$obj = clone $this;
+		$obj->_subject = $subject;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given subject public key info.
+	 *
+	 * @param PublicKeyInfo $pub_key_info
+	 *
+	 * @return self
+	 */
+	public function withSubjectPublicKeyInfo(PublicKeyInfo $pub_key_info): self
+	{
+		$obj = clone $this;
+		$obj->_subjectPublicKeyInfo = $pub_key_info;
+		return $obj;
+	}
+
+	/**
+	 * Get self with issuer unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 *
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $id): self
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $id;
+		return $obj;
+	}
+
+	/**
+	 * Get self with subject unique ID.
+	 *
+	 * @param UniqueIdentifier $id
+	 *
+	 * @return self
+	 */
+	public function withSubjectUniqueID(UniqueIdentifier $id): self
+	{
+		$obj = clone $this;
+		$obj->_subjectUniqueID = $id;
+		return $obj;
+	}
+
+	/**
+	 * Get self with given extensions.
+	 *
+	 * @param Extensions $extensions
+	 *
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 *
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+
+	/**
+	 * Check whether version is set.
+	 *
+	 * @return bool
+	 */
+	public function hasVersion(): bool
+	{
+		return isset($this->_version);
+	}
+
+	/**
+	 * Get certificate version.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		if (!$this->hasVersion()) {
+			throw new \LogicException('version not set.');
+		}
+		return $this->_version;
+	}
+
+	/**
+	 * Check whether serial number is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+
+	/**
+	 * Get serial number.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return string Base 10 integer
+	 */
+	public function serialNumber(): string
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException('serialNumber not set.');
+		}
+		return $this->_serialNumber;
+	}
+
+	/**
+	 * Check whether signature algorithm is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature(): SignatureAlgorithmIdentifier
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException('signature not set.');
+		}
+		return $this->_signature;
+	}
+
+	/**
+	 * Get issuer.
+	 *
+	 * @return Name
+	 */
+	public function issuer(): Name
+	{
+		return $this->_issuer;
+	}
+
+	/**
+	 * Get validity period.
+	 *
+	 * @return Validity
+	 */
+	public function validity(): Validity
+	{
+		return $this->_validity;
+	}
+
+	/**
+	 * Get subject.
+	 *
+	 * @return Name
+	 */
+	public function subject(): Name
+	{
+		return $this->_subject;
+	}
+
+	/**
+	 * Get subject public key.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function subjectPublicKeyInfo(): PublicKeyInfo
+	{
+		return $this->_subjectPublicKeyInfo;
+	}
+
+	/**
+	 * Whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+
+	/**
+	 * Get issuerUniqueID.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException('issuerUniqueID not set.');
+		}
+		return $this->_issuerUniqueID;
+	}
+
+	/**
+	 * Whether subject unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSubjectUniqueID(): bool
+	{
+		return isset($this->_subjectUniqueID);
+	}
+
+	/**
+	 * Get subjectUniqueID.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function subjectUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasSubjectUniqueID()) {
+			throw new \LogicException('subjectUniqueID not set.');
+		}
+		return $this->_subjectUniqueID;
+	}
+
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
+
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = [];
+		$version = $this->version();
+		// if version is not default
+		if (self::VERSION_1 != $version) {
+			$elements[] = new ExplicitlyTaggedType(0, new Integer($version));
+		}
+		$serial = $this->serialNumber();
+		$signature = $this->signature();
+		// add required elements
+		array_push($elements, new Integer($serial), $signature->toASN1(),
+			$this->_issuer->toASN1(), $this->_validity->toASN1(),
+			$this->_subject->toASN1(), $this->_subjectPublicKeyInfo->toASN1());
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(1,
+				$this->_issuerUniqueID->toASN1());
+		}
+		if (isset($this->_subjectUniqueID)) {
+			$elements[] = new ImplicitlyTaggedType(2,
+				$this->_subjectUniqueID->toASN1());
+		}
+		if (count($this->_extensions)) {
+			$elements[] = new ExplicitlyTaggedType(3,
+				$this->_extensions->toASN1());
+		}
+		return new Sequence(...$elements);
+	}
+
+	/**
+	 * Create signed certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo         Algorithm used for signing
+	 * @param PrivateKeyInfo               $privkey_info Private key used for signing
+	 * @param null|Crypto                  $crypto       Crypto engine, use default if not set
+	 *
+	 * @return Certificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, ?Crypto $crypto = null): Certificate
+	{
+		$crypto = $crypto ?? Crypto::getDefault();
+		$tbs_cert = clone $this;
+		if (!isset($tbs_cert->_version)) {
+			$tbs_cert->_version = $tbs_cert->_determineVersion();
+		}
+		if (!isset($tbs_cert->_serialNumber)) {
+			$tbs_cert->_serialNumber = strval(0);
+		}
+		$tbs_cert->_signature = $algo;
+		$data = $tbs_cert->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new Certificate($tbs_cert, $algo, $signature);
+	}
+
+	/**
+	 * Determine minimum version for the certificate.
+	 *
+	 * @return int
+	 */
+	protected function _determineVersion(): int
+	{
+		// if extensions are present
+		if (count($this->_extensions)) {
+			return self::VERSION_3;
+		}
+		// if UniqueIdentifier is present
+		if (isset($this->_issuerUniqueID) || isset($this->_subjectUniqueID)) {
+			return self::VERSION_2;
+		}
+		return self::VERSION_1;
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\Certificate;
 

Please login to merge, or discard this patch.

lib/X509/Certificate/Certificate.php 2 patches

Indentation +219 added lines, -219 removed lines patch added patch discarded remove patch

@@ -20,242 +20,242 @@
 block discarded – undo
  */
 class Certificate
 {
-    /**
-     * "To be signed" certificate information.
-     *
-     * @var TBSCertificate
-     */
-    protected $_tbsCertificate;
+	/**
+	 * "To be signed" certificate information.
+	 *
+	 * @var TBSCertificate
+	 */
+	protected $_tbsCertificate;
 
-    /**
-     * Signature algorithm.
-     *
-     * @var SignatureAlgorithmIdentifier
-     */
-    protected $_signatureAlgorithm;
+	/**
+	 * Signature algorithm.
+	 *
+	 * @var SignatureAlgorithmIdentifier
+	 */
+	protected $_signatureAlgorithm;
 
-    /**
-     * Signature value.
-     *
-     * @var Signature
-     */
-    protected $_signatureValue;
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature
+	 */
+	protected $_signatureValue;
 
-    /**
-     * Constructor.
-     *
-     * @param TBSCertificate               $tbsCert
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature                    $signature
-     */
-    public function __construct(TBSCertificate $tbsCert,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_tbsCertificate = $tbsCert;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param TBSCertificate               $tbsCert
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature                    $signature
+	 */
+	public function __construct(TBSCertificate $tbsCert,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_tbsCertificate = $tbsCert;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
 
-    /**
-     * Get certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->toPEM()->string();
-    }
+	/**
+	 * Get certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->toPEM()->string();
+	}
 
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     *
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                'Unsupported signature algorithm ' . $algo->oid() . '.');
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)->asBitString()->string(), $algo);
-        return new self($tbsCert, $algo, $signature);
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				'Unsupported signature algorithm ' . $algo->oid() . '.');
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)->asBitString()->string(), $algo);
+		return new self($tbsCert, $algo, $signature);
+	}
 
-    /**
-     * Initialize from DER.
-     *
-     * @param string $data
-     *
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
+	/**
+	 * Initialize from DER.
+	 *
+	 * @param string $data
+	 *
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
 
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if (PEM::TYPE_CERTIFICATE != $pem->type()) {
-            throw new \UnexpectedValueException('Invalid PEM type.');
-        }
-        return self::fromDER($pem->data());
-    }
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if (PEM::TYPE_CERTIFICATE != $pem->type()) {
+			throw new \UnexpectedValueException('Invalid PEM type.');
+		}
+		return self::fromDER($pem->data());
+	}
 
-    /**
-     * Get certificate information.
-     *
-     * @return TBSCertificate
-     */
-    public function tbsCertificate(): TBSCertificate
-    {
-        return $this->_tbsCertificate;
-    }
+	/**
+	 * Get certificate information.
+	 *
+	 * @return TBSCertificate
+	 */
+	public function tbsCertificate(): TBSCertificate
+	{
+		return $this->_tbsCertificate;
+	}
 
-    /**
-     * Get signature algorithm.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
+	/**
+	 * Get signature algorithm.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
 
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
 
-    /**
-     * Check whether certificate is self-issued.
-     *
-     * @return bool
-     */
-    public function isSelfIssued(): bool
-    {
-        return $this->_tbsCertificate->subject()->equals(
-            $this->_tbsCertificate->issuer());
-    }
+	/**
+	 * Check whether certificate is self-issued.
+	 *
+	 * @return bool
+	 */
+	public function isSelfIssued(): bool
+	{
+		return $this->_tbsCertificate->subject()->equals(
+			$this->_tbsCertificate->issuer());
+	}
 
-    /**
-     * Check whether certificate is semantically equal to another.
-     *
-     * @param Certificate $cert Certificate to compare to
-     *
-     * @return bool
-     */
-    public function equals(Certificate $cert): bool
-    {
-        return $this->_hasEqualSerialNumber($cert) &&
-             $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
-    }
+	/**
+	 * Check whether certificate is semantically equal to another.
+	 *
+	 * @param Certificate $cert Certificate to compare to
+	 *
+	 * @return bool
+	 */
+	public function equals(Certificate $cert): bool
+	{
+		return $this->_hasEqualSerialNumber($cert) &&
+			 $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
+	}
 
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_tbsCertificate->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_tbsCertificate->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
 
-    /**
-     * Get certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
+	/**
+	 * Get certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
 
-    /**
-     * Get certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
-    }
+	/**
+	 * Get certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
+	}
 
-    /**
-     * Verify certificate signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Issuer's public key
-     * @param null|Crypto   $crypto      Crypto engine, use default if not set
-     *
-     * @return bool True if certificate signature is valid
-     */
-    public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?? Crypto::getDefault();
-        $data = $this->_tbsCertificate->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Issuer's public key
+	 * @param null|Crypto   $crypto      Crypto engine, use default if not set
+	 *
+	 * @return bool True if certificate signature is valid
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?? Crypto::getDefault();
+		$data = $this->_tbsCertificate->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
 
-    /**
-     * Check whether certificate has serial number equal to another.
-     *
-     * @param Certificate $cert
-     *
-     * @return bool
-     */
-    private function _hasEqualSerialNumber(Certificate $cert): bool
-    {
-        $sn1 = $this->_tbsCertificate->serialNumber();
-        $sn2 = $cert->_tbsCertificate->serialNumber();
-        return $sn1 == $sn2;
-    }
+	/**
+	 * Check whether certificate has serial number equal to another.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return bool
+	 */
+	private function _hasEqualSerialNumber(Certificate $cert): bool
+	{
+		$sn1 = $this->_tbsCertificate->serialNumber();
+		$sn2 = $cert->_tbsCertificate->serialNumber();
+		return $sn1 == $sn2;
+	}
 
-    /**
-     * Check whether certificate has public key equal to another.
-     *
-     * @param Certificate $cert
-     *
-     * @return bool
-     */
-    private function _hasEqualPublicKey(Certificate $cert): bool
-    {
-        $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
-        return $kid1 == $kid2;
-    }
+	/**
+	 * Check whether certificate has public key equal to another.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return bool
+	 */
+	private function _hasEqualPublicKey(Certificate $cert): bool
+	{
+		$kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		$kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
+		return $kid1 == $kid2;
+	}
 
-    /**
-     * Check whether certificate has subject equal to another.
-     *
-     * @param Certificate $cert
-     *
-     * @return bool
-     */
-    private function _hasEqualSubject(Certificate $cert): bool
-    {
-        $dn1 = $this->_tbsCertificate->subject();
-        $dn2 = $cert->_tbsCertificate->subject();
-        return $dn1->equals($dn2);
-    }
+	/**
+	 * Check whether certificate has subject equal to another.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return bool
+	 */
+	private function _hasEqualSubject(Certificate $cert): bool
+	{
+		$dn1 = $this->_tbsCertificate->subject();
+		$dn2 = $cert->_tbsCertificate->subject();
+		return $dn1->equals($dn2);
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\Certificate;
 

Please login to merge, or discard this patch.

lib/X509/Certificate/Time.php 3 patches

Indentation +96 added lines, -96 removed lines patch added patch discarded remove patch

@@ -17,108 +17,108 @@
 block discarded – undo
  */
 class Time
 {
-    use DateTimeHelper;
+	use DateTimeHelper;
 
-    /**
-     * Datetime.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_dt;
+	/**
+	 * Datetime.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_dt;
 
-    /**
-     * Time ASN.1 type tag.
-     *
-     * @var int
-     */
-    protected $_type;
+	/**
+	 * Time ASN.1 type tag.
+	 *
+	 * @var int
+	 */
+	protected $_type;
 
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt
-     */
-    public function __construct(\DateTimeImmutable $dt)
-    {
-        $this->_dt = $dt;
-        $this->_type = self::_determineType($dt);
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 */
+	public function __construct(\DateTimeImmutable $dt)
+	{
+		$this->_dt = $dt;
+		$this->_type = self::_determineType($dt);
+	}
 
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param TimeType $el
-     *
-     * @return self
-     */
-    public static function fromASN1(TimeType $el): self
-    {
-        $obj = new self($el->dateTime());
-        $obj->_type = $el->tag();
-        return $obj;
-    }
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param TimeType $el
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(TimeType $el): self
+	{
+		$obj = new self($el->dateTime());
+		$obj->_type = $el->tag();
+		return $obj;
+	}
 
-    /**
-     * Initialize from date string.
-     *
-     * @param null|string $time
-     * @param null|string $tz
-     *
-     * @return self
-     */
-    public static function fromString(?string $time, ?string $tz = null): self
-    {
-        return new self(self::_createDateTime($time, $tz));
-    }
+	/**
+	 * Initialize from date string.
+	 *
+	 * @param null|string $time
+	 * @param null|string $tz
+	 *
+	 * @return self
+	 */
+	public static function fromString(?string $time, ?string $tz = null): self
+	{
+		return new self(self::_createDateTime($time, $tz));
+	}
 
-    /**
-     * Get datetime.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dt;
-    }
+	/**
+	 * Get datetime.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dt;
+	}
 
-    /**
-     * Generate ASN.1.
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return TimeType
-     */
-    public function toASN1(): TimeType
-    {
-        $dt = $this->_dt;
-        switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if (0 != $dt->format('u')) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
-        }
-        throw new \UnexpectedValueException(
-            'Time type ' . Element::tagToName($this->_type) . ' not supported.');
-    }
+	/**
+	 * Generate ASN.1.
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return TimeType
+	 */
+	public function toASN1(): TimeType
+	{
+		$dt = $this->_dt;
+		switch ($this->_type) {
+			case Element::TYPE_UTC_TIME:
+				return new UTCTime($dt);
+			case Element::TYPE_GENERALIZED_TIME:
+				// GeneralizedTime must not contain fractional seconds
+				// (rfc5280 4.1.2.5.2)
+				if (0 != $dt->format('u')) {
+					// remove fractional seconds (round down)
+					$dt = self::_roundDownFractionalSeconds($dt);
+				}
+				return new GeneralizedTime($dt);
+		}
+		throw new \UnexpectedValueException(
+			'Time type ' . Element::tagToName($this->_type) . ' not supported.');
+	}
 
-    /**
-     * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
-     *
-     * @param \DateTimeImmutable $dt
-     *
-     * @return int Type tag
-     */
-    protected static function _determineType(\DateTimeImmutable $dt): int
-    {
-        if ($dt->format('Y') >= 2050) {
-            return Element::TYPE_GENERALIZED_TIME;
-        }
-        return Element::TYPE_UTC_TIME;
-    }
+	/**
+	 * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 *
+	 * @return int Type tag
+	 */
+	protected static function _determineType(\DateTimeImmutable $dt): int
+	{
+		if ($dt->format('Y') >= 2050) {
+			return Element::TYPE_GENERALIZED_TIME;
+		}
+		return Element::TYPE_UTC_TIME;
+	}
 }

Please login to merge, or discard this patch.

Switch Indentation +10 added lines, -10 removed lines patch added patch discarded remove patch

@@ -92,16 +92,16 @@
 block discarded – undo
     {
         $dt = $this->_dt;
         switch ($this->_type) {
-            case Element::TYPE_UTC_TIME:
-                return new UTCTime($dt);
-            case Element::TYPE_GENERALIZED_TIME:
-                // GeneralizedTime must not contain fractional seconds
-                // (rfc5280 4.1.2.5.2)
-                if (0 != $dt->format('u')) {
-                    // remove fractional seconds (round down)
-                    $dt = self::_roundDownFractionalSeconds($dt);
-                }
-                return new GeneralizedTime($dt);
+        case Element::TYPE_UTC_TIME:
+            return new UTCTime($dt);
+        case Element::TYPE_GENERALIZED_TIME:
+            // GeneralizedTime must not contain fractional seconds
+            // (rfc5280 4.1.2.5.2)
+            if (0 != $dt->format('u')) {
+                // remove fractional seconds (round down)
+                $dt = self::_roundDownFractionalSeconds($dt);
+            }
+            return new GeneralizedTime($dt);
         }
         throw new \UnexpectedValueException(
             'Time type ' . Element::tagToName($this->_type) . ' not supported.');

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\Certificate;
 

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathBuilding/CertificationPathBuilder.php 2 patches

Indentation +130 added lines, -130 removed lines patch added patch discarded remove patch

@@ -16,139 +16,139 @@
 block discarded – undo
  */
 class CertificationPathBuilder
 {
-    /**
-     * Trust anchors.
-     *
-     * @var CertificateBundle
-     */
-    protected $_trustList;
+	/**
+	 * Trust anchors.
+	 *
+	 * @var CertificateBundle
+	 */
+	protected $_trustList;
 
-    /**
-     * Constructor.
-     *
-     * @param CertificateBundle $trust_list List of trust anchors
-     */
-    public function __construct(CertificateBundle $trust_list)
-    {
-        $this->_trustList = $trust_list;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificateBundle $trust_list List of trust anchors
+	 */
+	public function __construct(CertificateBundle $trust_list)
+	{
+		$this->_trustList = $trust_list;
+	}
 
-    /**
-     * Get all certification paths to given target certificate from
-     * any trust anchor.
-     *
-     * @param Certificate            $target       Target certificate
-     * @param null|CertificateBundle $intermediate Optional intermediate certificates
-     *
-     * @return CertificationPath[]
-     */
-    public function allPathsToTarget(Certificate $target,
-        ?CertificateBundle $intermediate = null): array
-    {
-        $paths = $this->_resolvePathsToTarget($target, $intermediate);
-        // map paths to CertificationPath objects
-        return array_map(
-            function ($certs) {
-                return new CertificationPath(...$certs);
-            }, $paths);
-    }
+	/**
+	 * Get all certification paths to given target certificate from
+	 * any trust anchor.
+	 *
+	 * @param Certificate            $target       Target certificate
+	 * @param null|CertificateBundle $intermediate Optional intermediate certificates
+	 *
+	 * @return CertificationPath[]
+	 */
+	public function allPathsToTarget(Certificate $target,
+		?CertificateBundle $intermediate = null): array
+	{
+		$paths = $this->_resolvePathsToTarget($target, $intermediate);
+		// map paths to CertificationPath objects
+		return array_map(
+			function ($certs) {
+				return new CertificationPath(...$certs);
+			}, $paths);
+	}
 
-    /**
-     * Get shortest path to given target certificate from any trust anchor.
-     *
-     * @param Certificate            $target       Target certificate
-     * @param null|CertificateBundle $intermediate Optional intermediate certificates
-     *
-     * @throws PathBuildingException
-     *
-     * @return CertificationPath
-     */
-    public function shortestPathToTarget(Certificate $target,
-        ?CertificateBundle $intermediate = null): CertificationPath
-    {
-        $paths = $this->allPathsToTarget($target, $intermediate);
-        if (!count($paths)) {
-            throw new PathBuildingException('No certification paths.');
-        }
-        usort($paths,
-            function ($a, $b) {
-                return count($a) < count($b) ? -1 : 1;
-            });
-        return reset($paths);
-    }
+	/**
+	 * Get shortest path to given target certificate from any trust anchor.
+	 *
+	 * @param Certificate            $target       Target certificate
+	 * @param null|CertificateBundle $intermediate Optional intermediate certificates
+	 *
+	 * @throws PathBuildingException
+	 *
+	 * @return CertificationPath
+	 */
+	public function shortestPathToTarget(Certificate $target,
+		?CertificateBundle $intermediate = null): CertificationPath
+	{
+		$paths = $this->allPathsToTarget($target, $intermediate);
+		if (!count($paths)) {
+			throw new PathBuildingException('No certification paths.');
+		}
+		usort($paths,
+			function ($a, $b) {
+				return count($a) < count($b) ? -1 : 1;
+			});
+		return reset($paths);
+	}
 
-    /**
-     * Find all issuers of the target certificate from a given bundle.
-     *
-     * @param Certificate       $target Target certificate
-     * @param CertificateBundle $bundle Certificates to search
-     *
-     * @return Certificate[]
-     */
-    protected function _findIssuers(Certificate $target,
-        CertificateBundle $bundle): array
-    {
-        $issuers = [];
-        $issuer_name = $target->tbsCertificate()->issuer();
-        $extensions = $target->tbsCertificate()->extensions();
-        // find by authority key identifier
-        if ($extensions->hasAuthorityKeyIdentifier()) {
-            $ext = $extensions->authorityKeyIdentifier();
-            if ($ext->hasKeyIdentifier()) {
-                foreach ($bundle->allBySubjectKeyIdentifier(
-                    $ext->keyIdentifier()) as $issuer) {
-                    // check that issuer name matches
-                    if ($issuer->tbsCertificate()->subject()->equals($issuer_name)) {
-                        $issuers[] = $issuer;
-                    }
-                }
-            }
-        }
-        return $issuers;
-    }
+	/**
+	 * Find all issuers of the target certificate from a given bundle.
+	 *
+	 * @param Certificate       $target Target certificate
+	 * @param CertificateBundle $bundle Certificates to search
+	 *
+	 * @return Certificate[]
+	 */
+	protected function _findIssuers(Certificate $target,
+		CertificateBundle $bundle): array
+	{
+		$issuers = [];
+		$issuer_name = $target->tbsCertificate()->issuer();
+		$extensions = $target->tbsCertificate()->extensions();
+		// find by authority key identifier
+		if ($extensions->hasAuthorityKeyIdentifier()) {
+			$ext = $extensions->authorityKeyIdentifier();
+			if ($ext->hasKeyIdentifier()) {
+				foreach ($bundle->allBySubjectKeyIdentifier(
+					$ext->keyIdentifier()) as $issuer) {
+					// check that issuer name matches
+					if ($issuer->tbsCertificate()->subject()->equals($issuer_name)) {
+						$issuers[] = $issuer;
+					}
+				}
+			}
+		}
+		return $issuers;
+	}
 
-    /**
-     * Resolve all possible certification paths from any trust anchor to
-     * the target certificate, using optional intermediate certificates.
-     *
-     * Helper method for allPathsToTarget to be called recursively.
-     *
-     * @todo Implement loop detection
-     *
-     * @param Certificate            $target
-     * @param null|CertificateBundle $intermediate
-     *
-     * @return array[] Array of arrays containing path certificates
-     */
-    private function _resolvePathsToTarget(Certificate $target,
-        ?CertificateBundle $intermediate = null): array
-    {
-        // array of possible paths
-        $paths = [];
-        // signed by certificate in the trust list
-        foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
-            // if target is self-signed, path consists of only
-            // the target certificate
-            if ($target->equals($issuer)) {
-                $paths[] = [$target];
-            } else {
-                $paths[] = [$issuer, $target];
-            }
-        }
-        if (isset($intermediate)) {
-            // signed by intermediate certificate
-            foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
-                // intermediate certificate must not be self-signed
-                if ($issuer->isSelfIssued()) {
-                    continue;
-                }
-                // resolve paths to issuer
-                $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
-                foreach ($subpaths as $path) {
-                    $paths[] = array_merge($path, [$target]);
-                }
-            }
-        }
-        return $paths;
-    }
+	/**
+	 * Resolve all possible certification paths from any trust anchor to
+	 * the target certificate, using optional intermediate certificates.
+	 *
+	 * Helper method for allPathsToTarget to be called recursively.
+	 *
+	 * @todo Implement loop detection
+	 *
+	 * @param Certificate            $target
+	 * @param null|CertificateBundle $intermediate
+	 *
+	 * @return array[] Array of arrays containing path certificates
+	 */
+	private function _resolvePathsToTarget(Certificate $target,
+		?CertificateBundle $intermediate = null): array
+	{
+		// array of possible paths
+		$paths = [];
+		// signed by certificate in the trust list
+		foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
+			// if target is self-signed, path consists of only
+			// the target certificate
+			if ($target->equals($issuer)) {
+				$paths[] = [$target];
+			} else {
+				$paths[] = [$issuer, $target];
+			}
+		}
+		if (isset($intermediate)) {
+			// signed by intermediate certificate
+			foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
+				// intermediate certificate must not be self-signed
+				if ($issuer->isSelfIssued()) {
+					continue;
+				}
+				// resolve paths to issuer
+				$subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
+				foreach ($subpaths as $path) {
+					$paths[] = array_merge($path, [$target]);
+				}
+			}
+		}
+		return $paths;
+	}
 }

Please login to merge, or discard this patch.

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@  discard block
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\PathBuilding;
 
@@ -48,7 +48,7 @@  discard block
 block discarded – undo
         $paths = $this->_resolvePathsToTarget($target, $intermediate);
         // map paths to CertificationPath objects
         return array_map(
-            function ($certs) {
+            function($certs) {
                 return new CertificationPath(...$certs);
             }, $paths);
     }
@@ -71,7 +71,7 @@  discard block
 block discarded – undo
             throw new PathBuildingException('No certification paths.');
         }
         usort($paths,
-            function ($a, $b) {
+            function($a, $b) {
                 return count($a) < count($b) ? -1 : 1;
             });
         return reset($paths);

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/ValidatorState.php 2 patches

Indentation +496 added lines, -496 removed lines patch added patch discarded remove patch

@@ -20,500 +20,500 @@
 block discarded – undo
  */
 class ValidatorState
 {
-    /**
-     * Length of the certification path (n).
-     *
-     * @var int
-     */
-    protected $_pathLength;
-
-    /**
-     * Current index in the certification path in the range of 1..n (i).
-     *
-     * @var int
-     */
-    protected $_index;
-
-    /**
-     * Valid policy tree (valid_policy_tree).
-     *
-     * A tree of certificate policies with their optional qualifiers.
-     * Each of the leaves of the tree represents a valid policy at this stage in
-     * the certification path validation.
-     * Once the tree is set to NULL, policy processing ceases.
-     *
-     * @var null|PolicyTree
-     */
-    protected $_validPolicyTree;
-
-    /**
-     * Permitted subtrees (permitted_subtrees).
-     *
-     * A set of root names for each name type defining a set of subtrees within
-     * which all subject names in subsequent certificates in the certification
-     * path must fall.
-     *
-     * @var mixed
-     */
-    protected $_permittedSubtrees;
-
-    /**
-     * Excluded subtrees (excluded_subtrees).
-     *
-     * A set of root names for each name type defining a set of subtrees within
-     * which no subject name in subsequent certificates in the certification
-     * path may fall.
-     *
-     * @var mixed
-     */
-    protected $_excludedSubtrees;
-
-    /**
-     * Explicit policy (explicit_policy).
-     *
-     * An integer that indicates if a non-NULL valid_policy_tree is required.
-     *
-     * @var int
-     */
-    protected $_explicitPolicy;
-
-    /**
-     * Inhibit anyPolicy (inhibit_anyPolicy).
-     *
-     * An integer that indicates whether the anyPolicy policy identifier is
-     * considered a match.
-     *
-     * @var int
-     */
-    protected $_inhibitAnyPolicy;
-
-    /**
-     * Policy mapping (policy_mapping).
-     *
-     * An integer that indicates if policy mapping is permitted.
-     *
-     * @var int
-     */
-    protected $_policyMapping;
-
-    /**
-     * Working public key algorithm (working_public_key_algorithm).
-     *
-     * The digital signature algorithm used to verify the signature of a
-     * certificate.
-     *
-     * @var AlgorithmIdentifierType
-     */
-    protected $_workingPublicKeyAlgorithm;
-
-    /**
-     * Working public key (working_public_key).
-     *
-     * The public key used to verify the signature of a certificate.
-     *
-     * @var PublicKeyInfo
-     */
-    protected $_workingPublicKey;
-
-    /**
-     * Working public key parameters (working_public_key_parameters).
-     *
-     * Parameters associated with the current public key that may be required to
-     * verify a signature.
-     *
-     * @var null|Element
-     */
-    protected $_workingPublicKeyParameters;
-
-    /**
-     * Working issuer name (working_issuer_name).
-     *
-     * The issuer distinguished name expected in the next certificate in the
-     * chain.
-     *
-     * @var Name
-     */
-    protected $_workingIssuerName;
-
-    /**
-     * Maximum certification path length (max_path_length).
-     *
-     * @var int
-     */
-    protected $_maxPathLength;
-
-    /**
-     * Constructor.
-     */
-    protected function __construct()
-    {
-    }
-
-    /**
-     * Initialize variables according to RFC 5280 6.1.2.
-     *
-     * @see https://tools.ietf.org/html/rfc5280#section-6.1.2
-     *
-     * @param PathValidationConfig $config
-     * @param Certificate          $trust_anchor Trust anchor certificate
-     * @param int                  $n            Number of certificates
-     *                                           in the certification path
-     *
-     * @return self
-     */
-    public static function initialize(PathValidationConfig $config,
-        Certificate $trust_anchor, int $n): self
-    {
-        $state = new self();
-        $state->_pathLength = $n;
-        $state->_index = 1;
-        $state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
-        $state->_permittedSubtrees = null;
-        $state->_excludedSubtrees = null;
-        $state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
-        $state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
-        $state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
-        $state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
-        $tbsCert = $trust_anchor->tbsCertificate();
-        $state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
-        $state->_workingPublicKeyParameters = self::getAlgorithmParameters(
-            $state->_workingPublicKey->algorithmIdentifier());
-        $state->_workingIssuerName = $tbsCert->issuer();
-        $state->_maxPathLength = $config->maxLength();
-        return $state;
-    }
-
-    /**
-     * Get self with current certification path index set.
-     *
-     * @param int $index
-     *
-     * @return self
-     */
-    public function withIndex(int $index): self
-    {
-        $state = clone $this;
-        $state->_index = $index;
-        return $state;
-    }
-
-    /**
-     * Get self with valid_policy_tree.
-     *
-     * @param PolicyTree $policy_tree
-     *
-     * @return self
-     */
-    public function withValidPolicyTree(PolicyTree $policy_tree): self
-    {
-        $state = clone $this;
-        $state->_validPolicyTree = $policy_tree;
-        return $state;
-    }
-
-    /**
-     * Get self with valid_policy_tree set to null.
-     *
-     * @return self
-     */
-    public function withoutValidPolicyTree(): self
-    {
-        $state = clone $this;
-        $state->_validPolicyTree = null;
-        return $state;
-    }
-
-    /**
-     * Get self with explicit_policy.
-     *
-     * @param int $num
-     *
-     * @return self
-     */
-    public function withExplicitPolicy(int $num): self
-    {
-        $state = clone $this;
-        $state->_explicitPolicy = $num;
-        return $state;
-    }
-
-    /**
-     * Get self with inhibit_anyPolicy.
-     *
-     * @param int $num
-     *
-     * @return self
-     */
-    public function withInhibitAnyPolicy(int $num): self
-    {
-        $state = clone $this;
-        $state->_inhibitAnyPolicy = $num;
-        return $state;
-    }
-
-    /**
-     * Get self with policy_mapping.
-     *
-     * @param int $num
-     *
-     * @return self
-     */
-    public function withPolicyMapping(int $num): self
-    {
-        $state = clone $this;
-        $state->_policyMapping = $num;
-        return $state;
-    }
-
-    /**
-     * Get self with working_public_key_algorithm.
-     *
-     * @param AlgorithmIdentifierType $algo
-     *
-     * @return self
-     */
-    public function withWorkingPublicKeyAlgorithm(AlgorithmIdentifierType $algo): self
-    {
-        $state = clone $this;
-        $state->_workingPublicKeyAlgorithm = $algo;
-        return $state;
-    }
-
-    /**
-     * Get self with working_public_key.
-     *
-     * @param PublicKeyInfo $pubkey_info
-     *
-     * @return self
-     */
-    public function withWorkingPublicKey(PublicKeyInfo $pubkey_info): self
-    {
-        $state = clone $this;
-        $state->_workingPublicKey = $pubkey_info;
-        return $state;
-    }
-
-    /**
-     * Get self with working_public_key_parameters.
-     *
-     * @param null|Element $params
-     *
-     * @return self
-     */
-    public function withWorkingPublicKeyParameters(?Element $params = null): self
-    {
-        $state = clone $this;
-        $state->_workingPublicKeyParameters = $params;
-        return $state;
-    }
-
-    /**
-     * Get self with working_issuer_name.
-     *
-     * @param Name $issuer
-     *
-     * @return self
-     */
-    public function withWorkingIssuerName(Name $issuer): self
-    {
-        $state = clone $this;
-        $state->_workingIssuerName = $issuer;
-        return $state;
-    }
-
-    /**
-     * Get self with max_path_length.
-     *
-     * @param int $length
-     *
-     * @return self
-     */
-    public function withMaxPathLength(int $length): self
-    {
-        $state = clone $this;
-        $state->_maxPathLength = $length;
-        return $state;
-    }
-
-    /**
-     * Get the certification path length (n).
-     *
-     * @return int
-     */
-    public function pathLength(): int
-    {
-        return $this->_pathLength;
-    }
-
-    /**
-     * Get the current index in certification path in the range of 1..n.
-     *
-     * @return int
-     */
-    public function index(): int
-    {
-        return $this->_index;
-    }
-
-    /**
-     * Check whether valid_policy_tree is present.
-     *
-     * @return bool
-     */
-    public function hasValidPolicyTree(): bool
-    {
-        return isset($this->_validPolicyTree);
-    }
-
-    /**
-     * Get valid_policy_tree.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return PolicyTree
-     */
-    public function validPolicyTree(): PolicyTree
-    {
-        if (!$this->hasValidPolicyTree()) {
-            throw new \LogicException('valid_policy_tree not set.');
-        }
-        return $this->_validPolicyTree;
-    }
-
-    /**
-     * Get permitted_subtrees.
-     *
-     * @return mixed
-     */
-    public function permittedSubtrees()
-    {
-        return $this->_permittedSubtrees;
-    }
-
-    /**
-     * Get excluded_subtrees.
-     *
-     * @return mixed
-     */
-    public function excludedSubtrees()
-    {
-        return $this->_excludedSubtrees;
-    }
-
-    /**
-     * Get explicit_policy.
-     *
-     * @return int
-     */
-    public function explicitPolicy(): int
-    {
-        return $this->_explicitPolicy;
-    }
-
-    /**
-     * Get inhibit_anyPolicy.
-     *
-     * @return int
-     */
-    public function inhibitAnyPolicy(): int
-    {
-        return $this->_inhibitAnyPolicy;
-    }
-
-    /**
-     * Get policy_mapping.
-     *
-     * @return int
-     */
-    public function policyMapping(): int
-    {
-        return $this->_policyMapping;
-    }
-
-    /**
-     * Get working_public_key_algorithm.
-     *
-     * @return AlgorithmIdentifierType
-     */
-    public function workingPublicKeyAlgorithm(): AlgorithmIdentifierType
-    {
-        return $this->_workingPublicKeyAlgorithm;
-    }
-
-    /**
-     * Get working_public_key.
-     *
-     * @return PublicKeyInfo
-     */
-    public function workingPublicKey(): PublicKeyInfo
-    {
-        return $this->_workingPublicKey;
-    }
-
-    /**
-     * Get working_public_key_parameters.
-     *
-     * @return null|Element
-     */
-    public function workingPublicKeyParameters(): ?Element
-    {
-        return $this->_workingPublicKeyParameters;
-    }
-
-    /**
-     * Get working_issuer_name.
-     *
-     * @return Name
-     */
-    public function workingIssuerName(): Name
-    {
-        return $this->_workingIssuerName;
-    }
-
-    /**
-     * Get maximum certification path length.
-     *
-     * @return int
-     */
-    public function maxPathLength(): int
-    {
-        return $this->_maxPathLength;
-    }
-
-    /**
-     * Check whether processing the final certificate of the certification path.
-     *
-     * @return bool
-     */
-    public function isFinal(): bool
-    {
-        return $this->_index === $this->_pathLength;
-    }
-
-    /**
-     * Get the path validation result.
-     *
-     * @param Certificate[] $certificates Certificates in a certification path
-     *
-     * @return PathValidationResult
-     */
-    public function getResult(array $certificates): PathValidationResult
-    {
-        return new PathValidationResult($certificates, $this->_validPolicyTree,
-            $this->_workingPublicKey, $this->_workingPublicKeyAlgorithm,
-            $this->_workingPublicKeyParameters);
-    }
-
-    /**
-     * Get ASN.1 parameters from algorithm identifier.
-     *
-     * @param AlgorithmIdentifierType $algo
-     *
-     * @return null|Element ASN.1 element or null if parameters are omitted
-     */
-    public static function getAlgorithmParameters(AlgorithmIdentifierType $algo): ?Element
-    {
-        $seq = $algo->toASN1();
-        return $seq->has(1) ? $seq->at(1)->asElement() : null;
-    }
+	/**
+	 * Length of the certification path (n).
+	 *
+	 * @var int
+	 */
+	protected $_pathLength;
+
+	/**
+	 * Current index in the certification path in the range of 1..n (i).
+	 *
+	 * @var int
+	 */
+	protected $_index;
+
+	/**
+	 * Valid policy tree (valid_policy_tree).
+	 *
+	 * A tree of certificate policies with their optional qualifiers.
+	 * Each of the leaves of the tree represents a valid policy at this stage in
+	 * the certification path validation.
+	 * Once the tree is set to NULL, policy processing ceases.
+	 *
+	 * @var null|PolicyTree
+	 */
+	protected $_validPolicyTree;
+
+	/**
+	 * Permitted subtrees (permitted_subtrees).
+	 *
+	 * A set of root names for each name type defining a set of subtrees within
+	 * which all subject names in subsequent certificates in the certification
+	 * path must fall.
+	 *
+	 * @var mixed
+	 */
+	protected $_permittedSubtrees;
+
+	/**
+	 * Excluded subtrees (excluded_subtrees).
+	 *
+	 * A set of root names for each name type defining a set of subtrees within
+	 * which no subject name in subsequent certificates in the certification
+	 * path may fall.
+	 *
+	 * @var mixed
+	 */
+	protected $_excludedSubtrees;
+
+	/**
+	 * Explicit policy (explicit_policy).
+	 *
+	 * An integer that indicates if a non-NULL valid_policy_tree is required.
+	 *
+	 * @var int
+	 */
+	protected $_explicitPolicy;
+
+	/**
+	 * Inhibit anyPolicy (inhibit_anyPolicy).
+	 *
+	 * An integer that indicates whether the anyPolicy policy identifier is
+	 * considered a match.
+	 *
+	 * @var int
+	 */
+	protected $_inhibitAnyPolicy;
+
+	/**
+	 * Policy mapping (policy_mapping).
+	 *
+	 * An integer that indicates if policy mapping is permitted.
+	 *
+	 * @var int
+	 */
+	protected $_policyMapping;
+
+	/**
+	 * Working public key algorithm (working_public_key_algorithm).
+	 *
+	 * The digital signature algorithm used to verify the signature of a
+	 * certificate.
+	 *
+	 * @var AlgorithmIdentifierType
+	 */
+	protected $_workingPublicKeyAlgorithm;
+
+	/**
+	 * Working public key (working_public_key).
+	 *
+	 * The public key used to verify the signature of a certificate.
+	 *
+	 * @var PublicKeyInfo
+	 */
+	protected $_workingPublicKey;
+
+	/**
+	 * Working public key parameters (working_public_key_parameters).
+	 *
+	 * Parameters associated with the current public key that may be required to
+	 * verify a signature.
+	 *
+	 * @var null|Element
+	 */
+	protected $_workingPublicKeyParameters;
+
+	/**
+	 * Working issuer name (working_issuer_name).
+	 *
+	 * The issuer distinguished name expected in the next certificate in the
+	 * chain.
+	 *
+	 * @var Name
+	 */
+	protected $_workingIssuerName;
+
+	/**
+	 * Maximum certification path length (max_path_length).
+	 *
+	 * @var int
+	 */
+	protected $_maxPathLength;
+
+	/**
+	 * Constructor.
+	 */
+	protected function __construct()
+	{
+	}
+
+	/**
+	 * Initialize variables according to RFC 5280 6.1.2.
+	 *
+	 * @see https://tools.ietf.org/html/rfc5280#section-6.1.2
+	 *
+	 * @param PathValidationConfig $config
+	 * @param Certificate          $trust_anchor Trust anchor certificate
+	 * @param int                  $n            Number of certificates
+	 *                                           in the certification path
+	 *
+	 * @return self
+	 */
+	public static function initialize(PathValidationConfig $config,
+		Certificate $trust_anchor, int $n): self
+	{
+		$state = new self();
+		$state->_pathLength = $n;
+		$state->_index = 1;
+		$state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
+		$state->_permittedSubtrees = null;
+		$state->_excludedSubtrees = null;
+		$state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
+		$state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
+		$state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
+		$state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
+		$tbsCert = $trust_anchor->tbsCertificate();
+		$state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
+		$state->_workingPublicKeyParameters = self::getAlgorithmParameters(
+			$state->_workingPublicKey->algorithmIdentifier());
+		$state->_workingIssuerName = $tbsCert->issuer();
+		$state->_maxPathLength = $config->maxLength();
+		return $state;
+	}
+
+	/**
+	 * Get self with current certification path index set.
+	 *
+	 * @param int $index
+	 *
+	 * @return self
+	 */
+	public function withIndex(int $index): self
+	{
+		$state = clone $this;
+		$state->_index = $index;
+		return $state;
+	}
+
+	/**
+	 * Get self with valid_policy_tree.
+	 *
+	 * @param PolicyTree $policy_tree
+	 *
+	 * @return self
+	 */
+	public function withValidPolicyTree(PolicyTree $policy_tree): self
+	{
+		$state = clone $this;
+		$state->_validPolicyTree = $policy_tree;
+		return $state;
+	}
+
+	/**
+	 * Get self with valid_policy_tree set to null.
+	 *
+	 * @return self
+	 */
+	public function withoutValidPolicyTree(): self
+	{
+		$state = clone $this;
+		$state->_validPolicyTree = null;
+		return $state;
+	}
+
+	/**
+	 * Get self with explicit_policy.
+	 *
+	 * @param int $num
+	 *
+	 * @return self
+	 */
+	public function withExplicitPolicy(int $num): self
+	{
+		$state = clone $this;
+		$state->_explicitPolicy = $num;
+		return $state;
+	}
+
+	/**
+	 * Get self with inhibit_anyPolicy.
+	 *
+	 * @param int $num
+	 *
+	 * @return self
+	 */
+	public function withInhibitAnyPolicy(int $num): self
+	{
+		$state = clone $this;
+		$state->_inhibitAnyPolicy = $num;
+		return $state;
+	}
+
+	/**
+	 * Get self with policy_mapping.
+	 *
+	 * @param int $num
+	 *
+	 * @return self
+	 */
+	public function withPolicyMapping(int $num): self
+	{
+		$state = clone $this;
+		$state->_policyMapping = $num;
+		return $state;
+	}
+
+	/**
+	 * Get self with working_public_key_algorithm.
+	 *
+	 * @param AlgorithmIdentifierType $algo
+	 *
+	 * @return self
+	 */
+	public function withWorkingPublicKeyAlgorithm(AlgorithmIdentifierType $algo): self
+	{
+		$state = clone $this;
+		$state->_workingPublicKeyAlgorithm = $algo;
+		return $state;
+	}
+
+	/**
+	 * Get self with working_public_key.
+	 *
+	 * @param PublicKeyInfo $pubkey_info
+	 *
+	 * @return self
+	 */
+	public function withWorkingPublicKey(PublicKeyInfo $pubkey_info): self
+	{
+		$state = clone $this;
+		$state->_workingPublicKey = $pubkey_info;
+		return $state;
+	}
+
+	/**
+	 * Get self with working_public_key_parameters.
+	 *
+	 * @param null|Element $params
+	 *
+	 * @return self
+	 */
+	public function withWorkingPublicKeyParameters(?Element $params = null): self
+	{
+		$state = clone $this;
+		$state->_workingPublicKeyParameters = $params;
+		return $state;
+	}
+
+	/**
+	 * Get self with working_issuer_name.
+	 *
+	 * @param Name $issuer
+	 *
+	 * @return self
+	 */
+	public function withWorkingIssuerName(Name $issuer): self
+	{
+		$state = clone $this;
+		$state->_workingIssuerName = $issuer;
+		return $state;
+	}
+
+	/**
+	 * Get self with max_path_length.
+	 *
+	 * @param int $length
+	 *
+	 * @return self
+	 */
+	public function withMaxPathLength(int $length): self
+	{
+		$state = clone $this;
+		$state->_maxPathLength = $length;
+		return $state;
+	}
+
+	/**
+	 * Get the certification path length (n).
+	 *
+	 * @return int
+	 */
+	public function pathLength(): int
+	{
+		return $this->_pathLength;
+	}
+
+	/**
+	 * Get the current index in certification path in the range of 1..n.
+	 *
+	 * @return int
+	 */
+	public function index(): int
+	{
+		return $this->_index;
+	}
+
+	/**
+	 * Check whether valid_policy_tree is present.
+	 *
+	 * @return bool
+	 */
+	public function hasValidPolicyTree(): bool
+	{
+		return isset($this->_validPolicyTree);
+	}
+
+	/**
+	 * Get valid_policy_tree.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return PolicyTree
+	 */
+	public function validPolicyTree(): PolicyTree
+	{
+		if (!$this->hasValidPolicyTree()) {
+			throw new \LogicException('valid_policy_tree not set.');
+		}
+		return $this->_validPolicyTree;
+	}
+
+	/**
+	 * Get permitted_subtrees.
+	 *
+	 * @return mixed
+	 */
+	public function permittedSubtrees()
+	{
+		return $this->_permittedSubtrees;
+	}
+
+	/**
+	 * Get excluded_subtrees.
+	 *
+	 * @return mixed
+	 */
+	public function excludedSubtrees()
+	{
+		return $this->_excludedSubtrees;
+	}
+
+	/**
+	 * Get explicit_policy.
+	 *
+	 * @return int
+	 */
+	public function explicitPolicy(): int
+	{
+		return $this->_explicitPolicy;
+	}
+
+	/**
+	 * Get inhibit_anyPolicy.
+	 *
+	 * @return int
+	 */
+	public function inhibitAnyPolicy(): int
+	{
+		return $this->_inhibitAnyPolicy;
+	}
+
+	/**
+	 * Get policy_mapping.
+	 *
+	 * @return int
+	 */
+	public function policyMapping(): int
+	{
+		return $this->_policyMapping;
+	}
+
+	/**
+	 * Get working_public_key_algorithm.
+	 *
+	 * @return AlgorithmIdentifierType
+	 */
+	public function workingPublicKeyAlgorithm(): AlgorithmIdentifierType
+	{
+		return $this->_workingPublicKeyAlgorithm;
+	}
+
+	/**
+	 * Get working_public_key.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function workingPublicKey(): PublicKeyInfo
+	{
+		return $this->_workingPublicKey;
+	}
+
+	/**
+	 * Get working_public_key_parameters.
+	 *
+	 * @return null|Element
+	 */
+	public function workingPublicKeyParameters(): ?Element
+	{
+		return $this->_workingPublicKeyParameters;
+	}
+
+	/**
+	 * Get working_issuer_name.
+	 *
+	 * @return Name
+	 */
+	public function workingIssuerName(): Name
+	{
+		return $this->_workingIssuerName;
+	}
+
+	/**
+	 * Get maximum certification path length.
+	 *
+	 * @return int
+	 */
+	public function maxPathLength(): int
+	{
+		return $this->_maxPathLength;
+	}
+
+	/**
+	 * Check whether processing the final certificate of the certification path.
+	 *
+	 * @return bool
+	 */
+	public function isFinal(): bool
+	{
+		return $this->_index === $this->_pathLength;
+	}
+
+	/**
+	 * Get the path validation result.
+	 *
+	 * @param Certificate[] $certificates Certificates in a certification path
+	 *
+	 * @return PathValidationResult
+	 */
+	public function getResult(array $certificates): PathValidationResult
+	{
+		return new PathValidationResult($certificates, $this->_validPolicyTree,
+			$this->_workingPublicKey, $this->_workingPublicKeyAlgorithm,
+			$this->_workingPublicKeyParameters);
+	}
+
+	/**
+	 * Get ASN.1 parameters from algorithm identifier.
+	 *
+	 * @param AlgorithmIdentifierType $algo
+	 *
+	 * @return null|Element ASN.1 element or null if parameters are omitted
+	 */
+	public static function getAlgorithmParameters(AlgorithmIdentifierType $algo): ?Element
+	{
+		$seq = $algo->toASN1();
+		return $seq->has(1) ? $seq->at(1)->asElement() : null;
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\PathValidation;
 

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/PathValidationResult.php 2 patches

Indentation +70 added lines, -70 removed lines patch added patch discarded remove patch

@@ -18,81 +18,81 @@
 block discarded – undo
  */
 class PathValidationResult
 {
-    /**
-     * Certificates in a certification path.
-     *
-     * @var Certificate[]
-     */
-    protected $_certificates;
+	/**
+	 * Certificates in a certification path.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certificates;
 
-    /**
-     * Valid policy tree.
-     *
-     * @var null|PolicyTree
-     */
-    protected $_policyTree;
+	/**
+	 * Valid policy tree.
+	 *
+	 * @var null|PolicyTree
+	 */
+	protected $_policyTree;
 
-    /**
-     * End-entity certificate's public key.
-     *
-     * @var PublicKeyInfo
-     */
-    protected $_publicKeyInfo;
+	/**
+	 * End-entity certificate's public key.
+	 *
+	 * @var PublicKeyInfo
+	 */
+	protected $_publicKeyInfo;
 
-    /**
-     * Public key algorithm.
-     *
-     * @var AlgorithmIdentifierType
-     */
-    protected $_publicKeyAlgo;
+	/**
+	 * Public key algorithm.
+	 *
+	 * @var AlgorithmIdentifierType
+	 */
+	protected $_publicKeyAlgo;
 
-    /**
-     * Public key parameters.
-     *
-     * @var null|Element
-     */
-    protected $_publicKeyParameters;
+	/**
+	 * Public key parameters.
+	 *
+	 * @var null|Element
+	 */
+	protected $_publicKeyParameters;
 
-    /**
-     * Constructor.
-     *
-     * @param Certificate[]           $certificates Certificates in a certification path
-     * @param null|PolicyTree         $policy_tree  Valid policy tree
-     * @param PublicKeyInfo           $pubkey_info  Public key of the end-entity certificate
-     * @param AlgorithmIdentifierType $algo         Public key algorithm of the end-entity certificate
-     * @param null|Element            $params       Algorithm parameters
-     */
-    public function __construct(array $certificates, ?PolicyTree $policy_tree,
-        PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
-        ?Element $params = null)
-    {
-        $this->_certificates = array_values($certificates);
-        $this->_policyTree = $policy_tree;
-        $this->_publicKeyInfo = $pubkey_info;
-        $this->_publicKeyAlgo = $algo;
-        $this->_publicKeyParameters = $params;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate[]           $certificates Certificates in a certification path
+	 * @param null|PolicyTree         $policy_tree  Valid policy tree
+	 * @param PublicKeyInfo           $pubkey_info  Public key of the end-entity certificate
+	 * @param AlgorithmIdentifierType $algo         Public key algorithm of the end-entity certificate
+	 * @param null|Element            $params       Algorithm parameters
+	 */
+	public function __construct(array $certificates, ?PolicyTree $policy_tree,
+		PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
+		?Element $params = null)
+	{
+		$this->_certificates = array_values($certificates);
+		$this->_policyTree = $policy_tree;
+		$this->_publicKeyInfo = $pubkey_info;
+		$this->_publicKeyAlgo = $algo;
+		$this->_publicKeyParameters = $params;
+	}
 
-    /**
-     * Get end-entity certificate.
-     *
-     * @return Certificate
-     */
-    public function certificate(): Certificate
-    {
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
+	/**
+	 * Get end-entity certificate.
+	 *
+	 * @return Certificate
+	 */
+	public function certificate(): Certificate
+	{
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
 
-    /**
-     * Get certificate policies of the end-entity certificate.
-     *
-     * @return PolicyInformation[]
-     */
-    public function policies(): array
-    {
-        if (!$this->_policyTree) {
-            return [];
-        }
-        return $this->_policyTree->policiesAtDepth(count($this->_certificates));
-    }
+	/**
+	 * Get certificate policies of the end-entity certificate.
+	 *
+	 * @return PolicyInformation[]
+	 */
+	public function policies(): array
+	{
+		if (!$this->_policyTree) {
+			return [];
+		}
+		return $this->_policyTree->policiesAtDepth(count($this->_certificates));
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\PathValidation;
 

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/PathValidationConfig.php 2 patches

Indentation +253 added lines, -253 removed lines patch added patch discarded remove patch

@@ -14,282 +14,282 @@
 block discarded – undo
  */
 class PathValidationConfig
 {
-    /**
-     * Maximum allowed certification path length.
-     *
-     * @var int
-     */
-    protected $_maxLength;
+	/**
+	 * Maximum allowed certification path length.
+	 *
+	 * @var int
+	 */
+	protected $_maxLength;
 
-    /**
-     * Reference time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_dateTime;
+	/**
+	 * Reference time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_dateTime;
 
-    /**
-     * List of acceptable policy identifiers.
-     *
-     * @var string[]
-     */
-    protected $_policySet;
+	/**
+	 * List of acceptable policy identifiers.
+	 *
+	 * @var string[]
+	 */
+	protected $_policySet;
 
-    /**
-     * Trust anchor certificate.
-     *
-     * If not set, path validation uses the first certificate of the path.
-     *
-     * @var null|Certificate
-     */
-    protected $_trustAnchor;
+	/**
+	 * Trust anchor certificate.
+	 *
+	 * If not set, path validation uses the first certificate of the path.
+	 *
+	 * @var null|Certificate
+	 */
+	protected $_trustAnchor;
 
-    /**
-     * Whether policy mapping in inhibited.
-     *
-     * Setting this to true disallows policy mapping.
-     *
-     * @var bool
-     */
-    protected $_policyMappingInhibit;
+	/**
+	 * Whether policy mapping in inhibited.
+	 *
+	 * Setting this to true disallows policy mapping.
+	 *
+	 * @var bool
+	 */
+	protected $_policyMappingInhibit;
 
-    /**
-     * Whether the path must be valid for at least one policy in the
-     * initial policy set.
-     *
-     * @var bool
-     */
-    protected $_explicitPolicy;
+	/**
+	 * Whether the path must be valid for at least one policy in the
+	 * initial policy set.
+	 *
+	 * @var bool
+	 */
+	protected $_explicitPolicy;
 
-    /**
-     * Whether anyPolicy OID processing should be inhibited.
-     *
-     * Setting this to true disallows the usage of anyPolicy.
-     *
-     * @var bool
-     */
-    protected $_anyPolicyInhibit;
+	/**
+	 * Whether anyPolicy OID processing should be inhibited.
+	 *
+	 * Setting this to true disallows the usage of anyPolicy.
+	 *
+	 * @var bool
+	 */
+	protected $_anyPolicyInhibit;
 
-    /**
-     * @todo Implement
-     *
-     * @var mixed
-     */
-    protected $_permittedSubtrees;
+	/**
+	 * @todo Implement
+	 *
+	 * @var mixed
+	 */
+	protected $_permittedSubtrees;
 
-    /**
-     * @todo Implement
-     *
-     * @var mixed
-     */
-    protected $_excludedSubtrees;
+	/**
+	 * @todo Implement
+	 *
+	 * @var mixed
+	 */
+	protected $_excludedSubtrees;
 
-    /**
-     * Constructor.
-     *
-     * @param \DateTimeImmutable $dt         Reference date and time
-     * @param int                $max_length Maximum certification path length
-     */
-    public function __construct(\DateTimeImmutable $dt, int $max_length)
-    {
-        $this->_dateTime = $dt;
-        $this->_maxLength = $max_length;
-        $this->_policySet = [PolicyInformation::OID_ANY_POLICY];
-        $this->_policyMappingInhibit = false;
-        $this->_explicitPolicy = false;
-        $this->_anyPolicyInhibit = false;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \DateTimeImmutable $dt         Reference date and time
+	 * @param int                $max_length Maximum certification path length
+	 */
+	public function __construct(\DateTimeImmutable $dt, int $max_length)
+	{
+		$this->_dateTime = $dt;
+		$this->_maxLength = $max_length;
+		$this->_policySet = [PolicyInformation::OID_ANY_POLICY];
+		$this->_policyMappingInhibit = false;
+		$this->_explicitPolicy = false;
+		$this->_anyPolicyInhibit = false;
+	}
 
-    /**
-     * Get default configuration.
-     *
-     * @return self
-     */
-    public static function defaultConfig(): self
-    {
-        return new self(new \DateTimeImmutable(), 3);
-    }
+	/**
+	 * Get default configuration.
+	 *
+	 * @return self
+	 */
+	public static function defaultConfig(): self
+	{
+		return new self(new \DateTimeImmutable(), 3);
+	}
 
-    /**
-     * Get self with maximum path length.
-     *
-     * @param int $length
-     *
-     * @return self
-     */
-    public function withMaxLength(int $length): self
-    {
-        $obj = clone $this;
-        $obj->_maxLength = $length;
-        return $obj;
-    }
+	/**
+	 * Get self with maximum path length.
+	 *
+	 * @param int $length
+	 *
+	 * @return self
+	 */
+	public function withMaxLength(int $length): self
+	{
+		$obj = clone $this;
+		$obj->_maxLength = $length;
+		return $obj;
+	}
 
-    /**
-     * Get self with reference date and time.
-     *
-     * @param \DateTimeImmutable $dt
-     *
-     * @return self
-     */
-    public function withDateTime(\DateTimeImmutable $dt): self
-    {
-        $obj = clone $this;
-        $obj->_dateTime = $dt;
-        return $obj;
-    }
+	/**
+	 * Get self with reference date and time.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 *
+	 * @return self
+	 */
+	public function withDateTime(\DateTimeImmutable $dt): self
+	{
+		$obj = clone $this;
+		$obj->_dateTime = $dt;
+		return $obj;
+	}
 
-    /**
-     * Get self with trust anchor certificate.
-     *
-     * @param Certificate $ca
-     *
-     * @return self
-     */
-    public function withTrustAnchor(Certificate $ca): self
-    {
-        $obj = clone $this;
-        $obj->_trustAnchor = $ca;
-        return $obj;
-    }
+	/**
+	 * Get self with trust anchor certificate.
+	 *
+	 * @param Certificate $ca
+	 *
+	 * @return self
+	 */
+	public function withTrustAnchor(Certificate $ca): self
+	{
+		$obj = clone $this;
+		$obj->_trustAnchor = $ca;
+		return $obj;
+	}
 
-    /**
-     * Get self with initial-policy-mapping-inhibit set.
-     *
-     * @param bool $flag
-     *
-     * @return self
-     */
-    public function withPolicyMappingInhibit(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_policyMappingInhibit = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-policy-mapping-inhibit set.
+	 *
+	 * @param bool $flag
+	 *
+	 * @return self
+	 */
+	public function withPolicyMappingInhibit(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_policyMappingInhibit = $flag;
+		return $obj;
+	}
 
-    /**
-     * Get self with initial-explicit-policy set.
-     *
-     * @param bool $flag
-     *
-     * @return self
-     */
-    public function withExplicitPolicy(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_explicitPolicy = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-explicit-policy set.
+	 *
+	 * @param bool $flag
+	 *
+	 * @return self
+	 */
+	public function withExplicitPolicy(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_explicitPolicy = $flag;
+		return $obj;
+	}
 
-    /**
-     * Get self with initial-any-policy-inhibit set.
-     *
-     * @param bool $flag
-     *
-     * @return self
-     */
-    public function withAnyPolicyInhibit(bool $flag): self
-    {
-        $obj = clone $this;
-        $obj->_anyPolicyInhibit = $flag;
-        return $obj;
-    }
+	/**
+	 * Get self with initial-any-policy-inhibit set.
+	 *
+	 * @param bool $flag
+	 *
+	 * @return self
+	 */
+	public function withAnyPolicyInhibit(bool $flag): self
+	{
+		$obj = clone $this;
+		$obj->_anyPolicyInhibit = $flag;
+		return $obj;
+	}
 
-    /**
-     * Get self with user-initial-policy-set set to policy OIDs.
-     *
-     * @param string ...$policies List of policy OIDs
-     *
-     * @return self
-     */
-    public function withPolicySet(string ...$policies): self
-    {
-        $obj = clone $this;
-        $obj->_policySet = $policies;
-        return $obj;
-    }
+	/**
+	 * Get self with user-initial-policy-set set to policy OIDs.
+	 *
+	 * @param string ...$policies List of policy OIDs
+	 *
+	 * @return self
+	 */
+	public function withPolicySet(string ...$policies): self
+	{
+		$obj = clone $this;
+		$obj->_policySet = $policies;
+		return $obj;
+	}
 
-    /**
-     * Get maximum certification path length.
-     *
-     * @return int
-     */
-    public function maxLength(): int
-    {
-        return $this->_maxLength;
-    }
+	/**
+	 * Get maximum certification path length.
+	 *
+	 * @return int
+	 */
+	public function maxLength(): int
+	{
+		return $this->_maxLength;
+	}
 
-    /**
-     * Get reference date and time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function dateTime(): \DateTimeImmutable
-    {
-        return $this->_dateTime;
-    }
+	/**
+	 * Get reference date and time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function dateTime(): \DateTimeImmutable
+	{
+		return $this->_dateTime;
+	}
 
-    /**
-     * Get user-initial-policy-set.
-     *
-     * @return string[] Array of OID's
-     */
-    public function policySet(): array
-    {
-        return $this->_policySet;
-    }
+	/**
+	 * Get user-initial-policy-set.
+	 *
+	 * @return string[] Array of OID's
+	 */
+	public function policySet(): array
+	{
+		return $this->_policySet;
+	}
 
-    /**
-     * Check whether trust anchor certificate is set.
-     *
-     * @return bool
-     */
-    public function hasTrustAnchor(): bool
-    {
-        return isset($this->_trustAnchor);
-    }
+	/**
+	 * Check whether trust anchor certificate is set.
+	 *
+	 * @return bool
+	 */
+	public function hasTrustAnchor(): bool
+	{
+		return isset($this->_trustAnchor);
+	}
 
-    /**
-     * Get trust anchor certificate.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return Certificate
-     */
-    public function trustAnchor(): Certificate
-    {
-        if (!$this->hasTrustAnchor()) {
-            throw new \LogicException('No trust anchor.');
-        }
-        return $this->_trustAnchor;
-    }
+	/**
+	 * Get trust anchor certificate.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return Certificate
+	 */
+	public function trustAnchor(): Certificate
+	{
+		if (!$this->hasTrustAnchor()) {
+			throw new \LogicException('No trust anchor.');
+		}
+		return $this->_trustAnchor;
+	}
 
-    /**
-     * Get initial-policy-mapping-inhibit.
-     *
-     * @return bool
-     */
-    public function policyMappingInhibit(): bool
-    {
-        return $this->_policyMappingInhibit;
-    }
+	/**
+	 * Get initial-policy-mapping-inhibit.
+	 *
+	 * @return bool
+	 */
+	public function policyMappingInhibit(): bool
+	{
+		return $this->_policyMappingInhibit;
+	}
 
-    /**
-     * Get initial-explicit-policy.
-     *
-     * @return bool
-     */
-    public function explicitPolicy(): bool
-    {
-        return $this->_explicitPolicy;
-    }
+	/**
+	 * Get initial-explicit-policy.
+	 *
+	 * @return bool
+	 */
+	public function explicitPolicy(): bool
+	{
+		return $this->_explicitPolicy;
+	}
 
-    /**
-     * Get initial-any-policy-inhibit.
-     *
-     * @return bool
-     */
-    public function anyPolicyInhibit(): bool
-    {
-        return $this->_anyPolicyInhibit;
-    }
+	/**
+	 * Get initial-any-policy-inhibit.
+	 *
+	 * @return bool
+	 */
+	public function anyPolicyInhibit(): bool
+	{
+		return $this->_anyPolicyInhibit;
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\PathValidation;
 

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/PathValidator.php 2 patches

Indentation +568 added lines, -568 removed lines patch added patch discarded remove patch

@@ -17,599 +17,599 @@
 block discarded – undo
  */
 class PathValidator
 {
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto
+	 */
+	protected $_crypto;
 
-    /**
-     * Path validation configuration.
-     *
-     * @var PathValidationConfig
-     */
-    protected $_config;
+	/**
+	 * Path validation configuration.
+	 *
+	 * @var PathValidationConfig
+	 */
+	protected $_config;
 
-    /**
-     * Certification path.
-     *
-     * @var Certificate[]
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certificates;
 
-    /**
-     * Certification path trust anchor.
-     *
-     * @var Certificate
-     */
-    protected $_trustAnchor;
+	/**
+	 * Certification path trust anchor.
+	 *
+	 * @var Certificate
+	 */
+	protected $_trustAnchor;
 
-    /**
-     * Constructor.
-     *
-     * @param Crypto               $crypto          Crypto engine
-     * @param PathValidationConfig $config          Validation config
-     * @param Certificate          ...$certificates Certificates from the trust anchor to
-     *                                              the end-entity certificate
-     */
-    public function __construct(Crypto $crypto, PathValidationConfig $config,
-        Certificate ...$certificates)
-    {
-        if (!count($certificates)) {
-            throw new \LogicException('No certificates.');
-        }
-        $this->_crypto = $crypto;
-        $this->_config = $config;
-        $this->_certificates = $certificates;
-        // if trust anchor is explicitly given in configuration
-        if ($config->hasTrustAnchor()) {
-            $this->_trustAnchor = $config->trustAnchor();
-        } else {
-            $this->_trustAnchor = $certificates[0];
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Crypto               $crypto          Crypto engine
+	 * @param PathValidationConfig $config          Validation config
+	 * @param Certificate          ...$certificates Certificates from the trust anchor to
+	 *                                              the end-entity certificate
+	 */
+	public function __construct(Crypto $crypto, PathValidationConfig $config,
+		Certificate ...$certificates)
+	{
+		if (!count($certificates)) {
+			throw new \LogicException('No certificates.');
+		}
+		$this->_crypto = $crypto;
+		$this->_config = $config;
+		$this->_certificates = $certificates;
+		// if trust anchor is explicitly given in configuration
+		if ($config->hasTrustAnchor()) {
+			$this->_trustAnchor = $config->trustAnchor();
+		} else {
+			$this->_trustAnchor = $certificates[0];
+		}
+	}
 
-    /**
-     * Validate certification path.
-     *
-     * @throws PathValidationException
-     *
-     * @return PathValidationResult
-     */
-    public function validate(): PathValidationResult
-    {
-        $n = count($this->_certificates);
-        $state = ValidatorState::initialize(
-            $this->_config, $this->_trustAnchor, $n);
-        for ($i = 0; $i < $n; ++$i) {
-            $state = $state->withIndex($i + 1);
-            $cert = $this->_certificates[$i];
-            // process certificate (section 6.1.3.)
-            $state = $this->_processCertificate($state, $cert);
-            if (!$state->isFinal()) {
-                // prepare next certificate (section 6.1.4.)
-                $state = $this->_prepareNext($state, $cert);
-            }
-        }
-        if (!isset($cert)) {
-            throw new \LogicException('No certificates.');
-        }
-        // wrap-up (section 6.1.5.)
-        $state = $this->_wrapUp($state, $cert);
-        // return outputs
-        return $state->getResult($this->_certificates);
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @throws PathValidationException
+	 *
+	 * @return PathValidationResult
+	 */
+	public function validate(): PathValidationResult
+	{
+		$n = count($this->_certificates);
+		$state = ValidatorState::initialize(
+			$this->_config, $this->_trustAnchor, $n);
+		for ($i = 0; $i < $n; ++$i) {
+			$state = $state->withIndex($i + 1);
+			$cert = $this->_certificates[$i];
+			// process certificate (section 6.1.3.)
+			$state = $this->_processCertificate($state, $cert);
+			if (!$state->isFinal()) {
+				// prepare next certificate (section 6.1.4.)
+				$state = $this->_prepareNext($state, $cert);
+			}
+		}
+		if (!isset($cert)) {
+			throw new \LogicException('No certificates.');
+		}
+		// wrap-up (section 6.1.5.)
+		$state = $this->_wrapUp($state, $cert);
+		// return outputs
+		return $state->getResult($this->_certificates);
+	}
 
-    /**
-     * Apply basic certificate processing according to RFC 5280 section 6.1.3.
-     *
-     * @see https://tools.ietf.org/html/rfc5280#section-6.1.3
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     *
-     * @return ValidatorState
-     */
-    private function _processCertificate(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        // (a.1) verify signature
-        $this->_verifySignature($state, $cert);
-        // (a.2) check validity period
-        $this->_checkValidity($cert);
-        // (a.3) check that certificate is not revoked
-        $this->_checkRevocation($cert);
-        // (a.4) check issuer
-        $this->_checkIssuer($state, $cert);
-        // (b)(c) if certificate is self-issued and it is not
-        // the final certificate in the path, skip this step
-        if (!($cert->isSelfIssued() && !$state->isFinal())) {
-            // (b) check permitted subtrees
-            $this->_checkPermittedSubtrees($state, $cert);
-            // (c) check excluded subtrees
-            $this->_checkExcludedSubtrees($state, $cert);
-        }
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasCertificatePolicies()) {
-            // (d) process policy information
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processPolicies($state, $cert);
-            }
-        } else {
-            // (e) certificate policies extension not present,
-            // set the valid_policy_tree to NULL
-            $state = $state->withoutValidPolicyTree();
-        }
-        // (f) check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException('No valid policies.');
-        }
-        return $state;
-    }
+	/**
+	 * Apply basic certificate processing according to RFC 5280 section 6.1.3.
+	 *
+	 * @see https://tools.ietf.org/html/rfc5280#section-6.1.3
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 *
+	 * @return ValidatorState
+	 */
+	private function _processCertificate(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		// (a.1) verify signature
+		$this->_verifySignature($state, $cert);
+		// (a.2) check validity period
+		$this->_checkValidity($cert);
+		// (a.3) check that certificate is not revoked
+		$this->_checkRevocation($cert);
+		// (a.4) check issuer
+		$this->_checkIssuer($state, $cert);
+		// (b)(c) if certificate is self-issued and it is not
+		// the final certificate in the path, skip this step
+		if (!($cert->isSelfIssued() && !$state->isFinal())) {
+			// (b) check permitted subtrees
+			$this->_checkPermittedSubtrees($state, $cert);
+			// (c) check excluded subtrees
+			$this->_checkExcludedSubtrees($state, $cert);
+		}
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasCertificatePolicies()) {
+			// (d) process policy information
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processPolicies($state, $cert);
+			}
+		} else {
+			// (e) certificate policies extension not present,
+			// set the valid_policy_tree to NULL
+			$state = $state->withoutValidPolicyTree();
+		}
+		// (f) check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException('No valid policies.');
+		}
+		return $state;
+	}
 
-    /**
-     * Apply preparation for the certificate i+1 according to rfc5280 section
-     * 6.1.4.
-     *
-     * @see https://tools.ietf.org/html/rfc5280#section-6.1.4
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _prepareNext(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        // (a)(b) if policy mappings extension is present
-        $state = $this->_preparePolicyMappings($state, $cert);
-        // (c) assign working_issuer_name
-        $state = $state->withWorkingIssuerName(
-            $cert->tbsCertificate()->subject());
-        // (d)(e)(f)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (g) if name constraints extension is present
-        $state = $this->_prepareNameConstraints($state, $cert);
-        // (h) if certificate is not self-issued
-        if (!$cert->isSelfIssued()) {
-            $state = $this->_prepareNonSelfIssued($state);
-        }
-        // (i) if policy constraints extension is present
-        $state = $this->_preparePolicyConstraints($state, $cert);
-        // (j) if inhibit any policy extension is present
-        $state = $this->_prepareInhibitAnyPolicy($state, $cert);
-        // (k) check basic constraints
-        $this->_processBasicContraints($cert);
-        // (l) verify max_path_length
-        $state = $this->_verifyMaxPathLength($state, $cert);
-        // (m) check pathLenContraint
-        $state = $this->_processPathLengthContraint($state, $cert);
-        // (n) check key usage
-        $this->_checkKeyUsage($cert);
-        // (o) process relevant extensions
-        return $this->_processExtensions($state, $cert);
-    }
+	/**
+	 * Apply preparation for the certificate i+1 according to rfc5280 section
+	 * 6.1.4.
+	 *
+	 * @see https://tools.ietf.org/html/rfc5280#section-6.1.4
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _prepareNext(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		// (a)(b) if policy mappings extension is present
+		$state = $this->_preparePolicyMappings($state, $cert);
+		// (c) assign working_issuer_name
+		$state = $state->withWorkingIssuerName(
+			$cert->tbsCertificate()->subject());
+		// (d)(e)(f)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (g) if name constraints extension is present
+		$state = $this->_prepareNameConstraints($state, $cert);
+		// (h) if certificate is not self-issued
+		if (!$cert->isSelfIssued()) {
+			$state = $this->_prepareNonSelfIssued($state);
+		}
+		// (i) if policy constraints extension is present
+		$state = $this->_preparePolicyConstraints($state, $cert);
+		// (j) if inhibit any policy extension is present
+		$state = $this->_prepareInhibitAnyPolicy($state, $cert);
+		// (k) check basic constraints
+		$this->_processBasicContraints($cert);
+		// (l) verify max_path_length
+		$state = $this->_verifyMaxPathLength($state, $cert);
+		// (m) check pathLenContraint
+		$state = $this->_processPathLengthContraint($state, $cert);
+		// (n) check key usage
+		$this->_checkKeyUsage($cert);
+		// (o) process relevant extensions
+		return $this->_processExtensions($state, $cert);
+	}
 
-    /**
-     * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
-     *
-     * @see https://tools.ietf.org/html/rfc5280#section-6.1.5
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     *
-     * @return ValidatorState
-     */
-    private function _wrapUp(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $tbs_cert = $cert->tbsCertificate();
-        $extensions = $tbs_cert->extensions();
-        // (a)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (b)
-        if ($extensions->hasPolicyConstraints()) {
-            $ext = $extensions->policyConstraints();
-            if ($ext->hasRequireExplicitPolicy() &&
-                0 === $ext->requireExplicitPolicy()) {
-                $state = $state->withExplicitPolicy(0);
-            }
-        }
-        // (c)(d)(e)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (f) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        // (g) intersection of valid_policy_tree and the initial-policy-set
-        $state = $this->_calculatePolicyIntersection($state);
-        // check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException('No valid policies.');
-        }
-        // path validation succeeded
-        return $state;
-    }
+	/**
+	 * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
+	 *
+	 * @see https://tools.ietf.org/html/rfc5280#section-6.1.5
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 *
+	 * @return ValidatorState
+	 */
+	private function _wrapUp(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$tbs_cert = $cert->tbsCertificate();
+		$extensions = $tbs_cert->extensions();
+		// (a)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (b)
+		if ($extensions->hasPolicyConstraints()) {
+			$ext = $extensions->policyConstraints();
+			if ($ext->hasRequireExplicitPolicy() &&
+				0 === $ext->requireExplicitPolicy()) {
+				$state = $state->withExplicitPolicy(0);
+			}
+		}
+		// (c)(d)(e)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (f) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		// (g) intersection of valid_policy_tree and the initial-policy-set
+		$state = $this->_calculatePolicyIntersection($state);
+		// check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException('No valid policies.');
+		}
+		// path validation succeeded
+		return $state;
+	}
 
-    /**
-     * Update working_public_key, working_public_key_parameters and
-     * working_public_key_algorithm state variables from certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _setPublicKeyState(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
-        // assign working_public_key
-        $state = $state->withWorkingPublicKey($pk_info);
-        // assign working_public_key_parameters
-        $params = ValidatorState::getAlgorithmParameters(
-            $pk_info->algorithmIdentifier());
-        if (null !== $params) {
-            $state = $state->withWorkingPublicKeyParameters($params);
-        } else {
-            // if algorithms differ, set parameters to null
-            if ($pk_info->algorithmIdentifier()->oid() !==
-                    $state->workingPublicKeyAlgorithm()->oid()) {
-                $state = $state->withWorkingPublicKeyParameters(null);
-            }
-        }
-        // assign working_public_key_algorithm
-        return $state->withWorkingPublicKeyAlgorithm(
-            $pk_info->algorithmIdentifier());
-    }
+	/**
+	 * Update working_public_key, working_public_key_parameters and
+	 * working_public_key_algorithm state variables from certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _setPublicKeyState(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
+		// assign working_public_key
+		$state = $state->withWorkingPublicKey($pk_info);
+		// assign working_public_key_parameters
+		$params = ValidatorState::getAlgorithmParameters(
+			$pk_info->algorithmIdentifier());
+		if (null !== $params) {
+			$state = $state->withWorkingPublicKeyParameters($params);
+		} else {
+			// if algorithms differ, set parameters to null
+			if ($pk_info->algorithmIdentifier()->oid() !==
+					$state->workingPublicKeyAlgorithm()->oid()) {
+				$state = $state->withWorkingPublicKeyParameters(null);
+			}
+		}
+		// assign working_public_key_algorithm
+		return $state->withWorkingPublicKeyAlgorithm(
+			$pk_info->algorithmIdentifier());
+	}
 
-    /**
-     * Verify certificate signature.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     */
-    private function _verifySignature(ValidatorState $state,
-        Certificate $cert): void
-    {
-        try {
-            $valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
-        } catch (\RuntimeException $e) {
-            throw new PathValidationException(
-                'Failed to verify signature: ' . $e->getMessage(), 0, $e);
-        }
-        if (!$valid) {
-            throw new PathValidationException(
-                "Certificate signature doesn't match.");
-        }
-    }
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 */
+	private function _verifySignature(ValidatorState $state,
+		Certificate $cert): void
+	{
+		try {
+			$valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
+		} catch (\RuntimeException $e) {
+			throw new PathValidationException(
+				'Failed to verify signature: ' . $e->getMessage(), 0, $e);
+		}
+		if (!$valid) {
+			throw new PathValidationException(
+				"Certificate signature doesn't match.");
+		}
+	}
 
-    /**
-     * Check certificate validity.
-     *
-     * @param Certificate $cert
-     *
-     * @throws PathValidationException
-     */
-    private function _checkValidity(Certificate $cert): void
-    {
-        $refdt = $this->_config->dateTime();
-        $validity = $cert->tbsCertificate()->validity();
-        if ($validity->notBefore()->dateTime()->diff($refdt)->invert) {
-            throw new PathValidationException(
-                'Certificate validity period has not started.');
-        }
-        if ($refdt->diff($validity->notAfter()->dateTime())->invert) {
-            throw new PathValidationException('Certificate has expired.');
-        }
-    }
+	/**
+	 * Check certificate validity.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @throws PathValidationException
+	 */
+	private function _checkValidity(Certificate $cert): void
+	{
+		$refdt = $this->_config->dateTime();
+		$validity = $cert->tbsCertificate()->validity();
+		if ($validity->notBefore()->dateTime()->diff($refdt)->invert) {
+			throw new PathValidationException(
+				'Certificate validity period has not started.');
+		}
+		if ($refdt->diff($validity->notAfter()->dateTime())->invert) {
+			throw new PathValidationException('Certificate has expired.');
+		}
+	}
 
-    /**
-     * Check certificate revocation.
-     *
-     * @param Certificate $cert
-     */
-    private function _checkRevocation(Certificate $cert)
-    {
-        // @todo Implement CRL handling
-    }
+	/**
+	 * Check certificate revocation.
+	 *
+	 * @param Certificate $cert
+	 */
+	private function _checkRevocation(Certificate $cert)
+	{
+		// @todo Implement CRL handling
+	}
 
-    /**
-     * Check certificate issuer.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     */
-    private function _checkIssuer(ValidatorState $state, Certificate $cert): void
-    {
-        if (!$cert->tbsCertificate()->issuer()->equals($state->workingIssuerName())) {
-            throw new PathValidationException('Certification issuer mismatch.');
-        }
-    }
+	/**
+	 * Check certificate issuer.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 */
+	private function _checkIssuer(ValidatorState $state, Certificate $cert): void
+	{
+		if (!$cert->tbsCertificate()->issuer()->equals($state->workingIssuerName())) {
+			throw new PathValidationException('Certification issuer mismatch.');
+		}
+	}
 
-    /**
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     */
-    private function _checkPermittedSubtrees(ValidatorState $state, Certificate $cert)
-    {
-        // @todo Implement
-        $state->permittedSubtrees();
-    }
+	/**
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 */
+	private function _checkPermittedSubtrees(ValidatorState $state, Certificate $cert)
+	{
+		// @todo Implement
+		$state->permittedSubtrees();
+	}
 
-    /**
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     */
-    private function _checkExcludedSubtrees(ValidatorState $state, Certificate $cert)
-    {
-        // @todo Implement
-        $state->excludedSubtrees();
-    }
+	/**
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 */
+	private function _checkExcludedSubtrees(ValidatorState $state, Certificate $cert)
+	{
+		// @todo Implement
+		$state->excludedSubtrees();
+	}
 
-    /**
-     * Apply policy mappings handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     *
-     * @return ValidatorState
-     */
-    private function _preparePolicyMappings(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasPolicyMappings()) {
-            // (a) verify that anyPolicy mapping is not used
-            if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
-                throw new PathValidationException('anyPolicy mapping found.');
-            }
-            // (b) process policy mappings
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processMappings($state, $cert);
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy mappings handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 *
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyMappings(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasPolicyMappings()) {
+			// (a) verify that anyPolicy mapping is not used
+			if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
+				throw new PathValidationException('anyPolicy mapping found.');
+			}
+			// (b) process policy mappings
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processMappings($state, $cert);
+			}
+		}
+		return $state;
+	}
 
-    /**
-     * Apply name constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _prepareNameConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasNameConstraints()) {
-            $state = $this->_processNameConstraints($state, $cert);
-        }
-        return $state;
-    }
+	/**
+	 * Apply name constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _prepareNameConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasNameConstraints()) {
+			$state = $this->_processNameConstraints($state, $cert);
+		}
+		return $state;
+	}
 
-    /**
-     * Apply preparation for a non-self-signed certificate.
-     *
-     * @param ValidatorState $state
-     *
-     * @return ValidatorState
-     */
-    private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState
-    {
-        // (h.1)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (h.2)
-        if ($state->policyMapping() > 0) {
-            $state = $state->withPolicyMapping($state->policyMapping() - 1);
-        }
-        // (h.3)
-        if ($state->inhibitAnyPolicy() > 0) {
-            $state = $state->withInhibitAnyPolicy($state->inhibitAnyPolicy() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Apply preparation for a non-self-signed certificate.
+	 *
+	 * @param ValidatorState $state
+	 *
+	 * @return ValidatorState
+	 */
+	private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState
+	{
+		// (h.1)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (h.2)
+		if ($state->policyMapping() > 0) {
+			$state = $state->withPolicyMapping($state->policyMapping() - 1);
+		}
+		// (h.3)
+		if ($state->inhibitAnyPolicy() > 0) {
+			$state = $state->withInhibitAnyPolicy($state->inhibitAnyPolicy() - 1);
+		}
+		return $state;
+	}
 
-    /**
-     * Apply policy constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _preparePolicyConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if (!$extensions->hasPolicyConstraints()) {
-            return $state;
-        }
-        $ext = $extensions->policyConstraints();
-        // (i.1)
-        if ($ext->hasRequireExplicitPolicy() &&
-                $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
-            $state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
-        }
-        // (i.2)
-        if ($ext->hasInhibitPolicyMapping() &&
-                $ext->inhibitPolicyMapping() < $state->policyMapping()) {
-            $state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if (!$extensions->hasPolicyConstraints()) {
+			return $state;
+		}
+		$ext = $extensions->policyConstraints();
+		// (i.1)
+		if ($ext->hasRequireExplicitPolicy() &&
+				$ext->requireExplicitPolicy() < $state->explicitPolicy()) {
+			$state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
+		}
+		// (i.2)
+		if ($ext->hasInhibitPolicyMapping() &&
+				$ext->inhibitPolicyMapping() < $state->policyMapping()) {
+			$state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
+		}
+		return $state;
+	}
 
-    /**
-     * Apply inhibit any-policy handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _prepareInhibitAnyPolicy(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasInhibitAnyPolicy()) {
-            $ext = $extensions->inhibitAnyPolicy();
-            if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
-                $state = $state->withInhibitAnyPolicy($ext->skipCerts());
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply inhibit any-policy handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _prepareInhibitAnyPolicy(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasInhibitAnyPolicy()) {
+			$ext = $extensions->inhibitAnyPolicy();
+			if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
+				$state = $state->withInhibitAnyPolicy($ext->skipCerts());
+			}
+		}
+		return $state;
+	}
 
-    /**
-     * Verify maximum certification path length for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @throws PathValidationException
-     *
-     * @return ValidatorState
-     */
-    private function _verifyMaxPathLength(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        if (!$cert->isSelfIssued()) {
-            if ($state->maxPathLength() <= 0) {
-                throw new PathValidationException(
-                    'Certification path length exceeded.');
-            }
-            $state = $state->withMaxPathLength($state->maxPathLength() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Verify maximum certification path length for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @throws PathValidationException
+	 *
+	 * @return ValidatorState
+	 */
+	private function _verifyMaxPathLength(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		if (!$cert->isSelfIssued()) {
+			if ($state->maxPathLength() <= 0) {
+				throw new PathValidationException(
+					'Certification path length exceeded.');
+			}
+			$state = $state->withMaxPathLength($state->maxPathLength() - 1);
+		}
+		return $state;
+	}
 
-    /**
-     * Check key usage extension for the preparation step.
-     *
-     * @param Certificate $cert
-     *
-     * @throws PathValidationException
-     */
-    private function _checkKeyUsage(Certificate $cert): void
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasKeyUsage()) {
-            $ext = $extensions->keyUsage();
-            if (!$ext->isKeyCertSign()) {
-                throw new PathValidationException('keyCertSign usage not set.');
-            }
-        }
-    }
+	/**
+	 * Check key usage extension for the preparation step.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @throws PathValidationException
+	 */
+	private function _checkKeyUsage(Certificate $cert): void
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasKeyUsage()) {
+			$ext = $extensions->keyUsage();
+			if (!$ext->isKeyCertSign()) {
+				throw new PathValidationException('keyCertSign usage not set.');
+			}
+		}
+	}
 
-    /**
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _processNameConstraints(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _processNameConstraints(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		// @todo Implement
+		return $state;
+	}
 
-    /**
-     * Process basic constraints extension.
-     *
-     * @param Certificate $cert
-     *
-     * @throws PathValidationException
-     */
-    private function _processBasicContraints(Certificate $cert): void
-    {
-        if (TBSCertificate::VERSION_3 === $cert->tbsCertificate()->version()) {
-            $extensions = $cert->tbsCertificate()->extensions();
-            if (!$extensions->hasBasicConstraints()) {
-                throw new PathValidationException(
-                    'v3 certificate must have basicConstraints extension.');
-            }
-            // verify that cA is set to TRUE
-            if (!$extensions->basicConstraints()->isCA()) {
-                throw new PathValidationException(
-                    'Certificate is not a CA certificate.');
-            }
-        }
-    }
+	/**
+	 * Process basic constraints extension.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @throws PathValidationException
+	 */
+	private function _processBasicContraints(Certificate $cert): void
+	{
+		if (TBSCertificate::VERSION_3 === $cert->tbsCertificate()->version()) {
+			$extensions = $cert->tbsCertificate()->extensions();
+			if (!$extensions->hasBasicConstraints()) {
+				throw new PathValidationException(
+					'v3 certificate must have basicConstraints extension.');
+			}
+			// verify that cA is set to TRUE
+			if (!$extensions->basicConstraints()->isCA()) {
+				throw new PathValidationException(
+					'Certificate is not a CA certificate.');
+			}
+		}
+	}
 
-    /**
-     * Process pathLenConstraint.
-     *
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _processPathLengthContraint(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasBasicConstraints()) {
-            $ext = $extensions->basicConstraints();
-            if ($ext->hasPathLen()) {
-                if ($ext->pathLen() < $state->maxPathLength()) {
-                    $state = $state->withMaxPathLength($ext->pathLen());
-                }
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Process pathLenConstraint.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _processPathLengthContraint(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasBasicConstraints()) {
+			$ext = $extensions->basicConstraints();
+			if ($ext->hasPathLen()) {
+				if ($ext->pathLen() < $state->maxPathLength()) {
+					$state = $state->withMaxPathLength($ext->pathLen());
+				}
+			}
+		}
+		return $state;
+	}
 
-    /**
-     * @param ValidatorState $state
-     * @param Certificate    $cert
-     *
-     * @return ValidatorState
-     */
-    private function _processExtensions(ValidatorState $state,
-        Certificate $cert): ValidatorState
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 * @param ValidatorState $state
+	 * @param Certificate    $cert
+	 *
+	 * @return ValidatorState
+	 */
+	private function _processExtensions(ValidatorState $state,
+		Certificate $cert): ValidatorState
+	{
+		// @todo Implement
+		return $state;
+	}
 
-    /**
-     * @param ValidatorState $state
-     *
-     * @return ValidatorState
-     */
-    private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState
-    {
-        // (i) If the valid_policy_tree is NULL, the intersection is NULL
-        if (!$state->hasValidPolicyTree()) {
-            return $state;
-        }
-        // (ii) If the valid_policy_tree is not NULL and
-        // the user-initial-policy-set is any-policy, the intersection
-        // is the entire valid_policy_tree
-        $initial_policies = $this->_config->policySet();
-        if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
-            return $state;
-        }
-        // (iii) If the valid_policy_tree is not NULL and the
-        // user-initial-policy-set is not any-policy, calculate
-        // the intersection of the valid_policy_tree and the
-        // user-initial-policy-set as follows
-        return $state->validPolicyTree()->calculateIntersection($state, $initial_policies);
-    }
+	/**
+	 * @param ValidatorState $state
+	 *
+	 * @return ValidatorState
+	 */
+	private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState
+	{
+		// (i) If the valid_policy_tree is NULL, the intersection is NULL
+		if (!$state->hasValidPolicyTree()) {
+			return $state;
+		}
+		// (ii) If the valid_policy_tree is not NULL and
+		// the user-initial-policy-set is any-policy, the intersection
+		// is the entire valid_policy_tree
+		$initial_policies = $this->_config->policySet();
+		if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
+			return $state;
+		}
+		// (iii) If the valid_policy_tree is not NULL and the
+		// user-initial-policy-set is not any-policy, calculate
+		// the intersection of the valid_policy_tree and the
+		// user-initial-policy-set as follows
+		return $state->validPolicyTree()->calculateIntersection($state, $initial_policies);
+	}
 }

Please login to merge, or discard this patch.

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -1,6 +1,6 @@
 block discarded – undo
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\PathValidation;
 

Please login to merge, or discard this patch.

GitHub Access Token became invalid

Push — php72 ( 84962a...e2a8e9 )

Status

Category

Indentation +122 added lines, -122 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Indentation +618 added lines, -618 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +219 added lines, -219 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +96 added lines, -96 removed lines patch added patch discarded remove patch

Switch Indentation +10 added lines, -10 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +130 added lines, -130 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Indentation +496 added lines, -496 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +70 added lines, -70 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +253 added lines, -253 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +568 added lines, -568 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

		@@ -13,136 +13,136 @@
		block discarded – undo
13	13	*/
14	14	class CertificateChain implements \Countable, \IteratorAggregate
15	15	{
16		- /**
17		- * List of certificates in a chain.
18		- *
19		- * @var Certificate[]
20		- */
21		- protected $_certs;
	16	+ /**
	17	+ * List of certificates in a chain.
	18	+ *
	19	+ * @var Certificate[]
	20	+ */
	21	+ protected $_certs;
22	22
23		- /**
24		- * Constructor.
25		- *
26		- * @param Certificate ...$certs List of certificates, end-entity first
27		- */
28		- public function __construct(Certificate ...$certs)
29		- {
30		- $this->_certs = $certs;
31		- }
	23	+ /**
	24	+ * Constructor.
	25	+ *
	26	+ * @param Certificate ...$certs List of certificates, end-entity first
	27	+ */
	28	+ public function __construct(Certificate ...$certs)
	29	+ {
	30	+ $this->_certs = $certs;
	31	+ }
32	32
33		- /**
34		- * Initialize from a list of PEMs.
35		- *
36		- * @param PEM ...$pems
37		- *
38		- * @return self
39		- */
40		- public static function fromPEMs(PEM ...$pems): self
41		- {
42		- $certs = array_map(
43		- function (PEM $pem) {
44		- return Certificate::fromPEM($pem);
45		- }, $pems);
46		- return new self(...$certs);
47		- }
	33	+ /**
	34	+ * Initialize from a list of PEMs.
	35	+ *
	36	+ * @param PEM ...$pems
	37	+ *
	38	+ * @return self
	39	+ */
	40	+ public static function fromPEMs(PEM ...$pems): self
	41	+ {
	42	+ $certs = array_map(
	43	+ function (PEM $pem) {
	44	+ return Certificate::fromPEM($pem);
	45	+ }, $pems);
	46	+ return new self(...$certs);
	47	+ }
48	48
49		- /**
50		- * Initialize from a string containing multiple PEM blocks.
51		- *
52		- * @param string $str
53		- *
54		- * @return self
55		- */
56		- public static function fromPEMString(string $str): self
57		- {
58		- $pems = PEMBundle::fromString($str)->all();
59		- return self::fromPEMs(...$pems);
60		- }
	49	+ /**
	50	+ * Initialize from a string containing multiple PEM blocks.
	51	+ *
	52	+ * @param string $str
	53	+ *
	54	+ * @return self
	55	+ */
	56	+ public static function fromPEMString(string $str): self
	57	+ {
	58	+ $pems = PEMBundle::fromString($str)->all();
	59	+ return self::fromPEMs(...$pems);
	60	+ }
61	61
62		- /**
63		- * Get all certificates in a chain ordered from the end-entity certificate
64		- * to the trust anchor.
65		- *
66		- * @return Certificate[]
67		- */
68		- public function certificates(): array
69		- {
70		- return $this->_certs;
71		- }
	62	+ /**
	63	+ * Get all certificates in a chain ordered from the end-entity certificate
	64	+ * to the trust anchor.
	65	+ *
	66	+ * @return Certificate[]
	67	+ */
	68	+ public function certificates(): array
	69	+ {
	70	+ return $this->_certs;
	71	+ }
72	72
73		- /**
74		- * Get the end-entity certificate.
75		- *
76		- * @throws \LogicException
77		- *
78		- * @return Certificate
79		- */
80		- public function endEntityCertificate(): Certificate
81		- {
82		- if (!count($this->_certs)) {
83		- throw new \LogicException('No certificates.');
84		- }
85		- return $this->_certs[0];
86		- }
	73	+ /**
	74	+ * Get the end-entity certificate.
	75	+ *
	76	+ * @throws \LogicException
	77	+ *
	78	+ * @return Certificate
	79	+ */
	80	+ public function endEntityCertificate(): Certificate
	81	+ {
	82	+ if (!count($this->_certs)) {
	83	+ throw new \LogicException('No certificates.');
	84	+ }
	85	+ return $this->_certs[0];
	86	+ }
87	87
88		- /**
89		- * Get the trust anchor certificate.
90		- *
91		- * @throws \LogicException
92		- *
93		- * @return Certificate
94		- */
95		- public function trustAnchorCertificate(): Certificate
96		- {
97		- if (!count($this->_certs)) {
98		- throw new \LogicException('No certificates.');
99		- }
100		- return $this->_certs[count($this->_certs) - 1];
101		- }
	88	+ /**
	89	+ * Get the trust anchor certificate.
	90	+ *
	91	+ * @throws \LogicException
	92	+ *
	93	+ * @return Certificate
	94	+ */
	95	+ public function trustAnchorCertificate(): Certificate
	96	+ {
	97	+ if (!count($this->_certs)) {
	98	+ throw new \LogicException('No certificates.');
	99	+ }
	100	+ return $this->_certs[count($this->_certs) - 1];
	101	+ }
102	102
103		- /**
104		- * Convert certificate chain to certification path.
105		- *
106		- * @return CertificationPath
107		- */
108		- public function certificationPath(): CertificationPath
109		- {
110		- return CertificationPath::fromCertificateChain($this);
111		- }
	103	+ /**
	104	+ * Convert certificate chain to certification path.
	105	+ *
	106	+ * @return CertificationPath
	107	+ */
	108	+ public function certificationPath(): CertificationPath
	109	+ {
	110	+ return CertificationPath::fromCertificateChain($this);
	111	+ }
112	112
113		- /**
114		- * Convert certificate chain to string of PEM blocks.
115		- *
116		- * @return string
117		- */
118		- public function toPEMString(): string
119		- {
120		- return implode("\n",
121		- array_map(
122		- function (Certificate $cert) {
123		- return $cert->toPEM()->string();
124		- }, $this->_certs));
125		- }
	113	+ /**
	114	+ * Convert certificate chain to string of PEM blocks.
	115	+ *
	116	+ * @return string
	117	+ */
	118	+ public function toPEMString(): string
	119	+ {
	120	+ return implode("\n",
	121	+ array_map(
	122	+ function (Certificate $cert) {
	123	+ return $cert->toPEM()->string();
	124	+ }, $this->_certs));
	125	+ }
126	126
127		- /**
128		- * @see \Countable::count()
129		- *
130		- * @return int
131		- */
132		- public function count(): int
133		- {
134		- return count($this->_certs);
135		- }
	127	+ /**
	128	+ * @see \Countable::count()
	129	+ *
	130	+ * @return int
	131	+ */
	132	+ public function count(): int
	133	+ {
	134	+ return count($this->_certs);
	135	+ }
136	136
137		- /**
138		- * Get iterator for certificates.
139		- *
140		- * @see \IteratorAggregate::getIterator()
141		- *
142		- * @return \ArrayIterator
143		- */
144		- public function getIterator(): \ArrayIterator
145		- {
146		- return new \ArrayIterator($this->_certs);
147		- }
	137	+ /**
	138	+ * Get iterator for certificates.
	139	+ *
	140	+ * @see \IteratorAggregate::getIterator()
	141	+ *
	142	+ * @return \ArrayIterator
	143	+ */
	144	+ public function getIterator(): \ArrayIterator
	145	+ {
	146	+ return new \ArrayIterator($this->_certs);
	147	+ }
148	148	}

		@@ -1,6 +1,6 @@ discard block
		block discarded – undo
1	1	<?php
2	2
3		-declare(strict_types = 1);
	3	+declare(strict_types=1);
4	4
5	5	namespace Sop\X509\Certificate;
6	6
		@@ -40,7 +40,7 @@ discard block
		block discarded – undo
40	40	public static function fromPEMs(PEM ...$pems): self
41	41	{
42	42	$certs = array_map(
43		- function (PEM $pem) {
	43	+ function(PEM $pem) {
44	44	return Certificate::fromPEM($pem);
45	45	}, $pems);
46	46	return new self(...$certs);
		@@ -119,7 +119,7 @@ discard block
		block discarded – undo
119	119	{
120	120	return implode("\n",
121	121	array_map(
122		- function (Certificate $cert) {
	122	+ function(Certificate $cert) {
123	123	return $cert->toPEM()->string();
124	124	}, $this->_certs));
125	125	}

		@@ -1,6 +1,6 @@
		block discarded – undo
1	1	<?php
2	2
3		-declare(strict_types = 1);
	3	+declare(strict_types=1);
4	4
5	5	namespace Sop\X509\Certificate;
6	6

		@@ -20,242 +20,242 @@
		block discarded – undo
20	20	*/
21	21	class Certificate
22	22	{
23		- /**
24		- * "To be signed" certificate information.
25		- *
26		- * @var TBSCertificate
27		- */
28		- protected $_tbsCertificate;
	23	+ /**
	24	+ * "To be signed" certificate information.
	25	+ *
	26	+ * @var TBSCertificate
	27	+ */
	28	+ protected $_tbsCertificate;
29	29
30		- /**
31		- * Signature algorithm.
32		- *
33		- * @var SignatureAlgorithmIdentifier
34		- */
35		- protected $_signatureAlgorithm;
	30	+ /**
	31	+ * Signature algorithm.
	32	+ *
	33	+ * @var SignatureAlgorithmIdentifier
	34	+ */
	35	+ protected $_signatureAlgorithm;
36	36
37		- /**
38		- * Signature value.
39		- *
40		- * @var Signature
41		- */
42		- protected $_signatureValue;
	37	+ /**
	38	+ * Signature value.
	39	+ *
	40	+ * @var Signature
	41	+ */
	42	+ protected $_signatureValue;
43	43
44		- /**
45		- * Constructor.
46		- *
47		- * @param TBSCertificate $tbsCert
48		- * @param SignatureAlgorithmIdentifier $algo
49		- * @param Signature $signature
50		- */
51		- public function __construct(TBSCertificate $tbsCert,
52		- SignatureAlgorithmIdentifier $algo, Signature $signature)
53		- {
54		- $this->_tbsCertificate = $tbsCert;
55		- $this->_signatureAlgorithm = $algo;
56		- $this->_signatureValue = $signature;
57		- }
	44	+ /**
	45	+ * Constructor.
	46	+ *
	47	+ * @param TBSCertificate $tbsCert
	48	+ * @param SignatureAlgorithmIdentifier $algo
	49	+ * @param Signature $signature
	50	+ */
	51	+ public function __construct(TBSCertificate $tbsCert,
	52	+ SignatureAlgorithmIdentifier $algo, Signature $signature)
	53	+ {
	54	+ $this->_tbsCertificate = $tbsCert;
	55	+ $this->_signatureAlgorithm = $algo;
	56	+ $this->_signatureValue = $signature;
	57	+ }
58	58
59		- /**
60		- * Get certificate as a PEM formatted string.
61		- *
62		- * @return string
63		- */
64		- public function __toString(): string
65		- {
66		- return $this->toPEM()->string();
67		- }
	59	+ /**
	60	+ * Get certificate as a PEM formatted string.
	61	+ *
	62	+ * @return string
	63	+ */
	64	+ public function __toString(): string
	65	+ {
	66	+ return $this->toPEM()->string();
	67	+ }
68	68
69		- /**
70		- * Initialize from ASN.1.
71		- *
72		- * @param Sequence $seq
73		- *
74		- * @return self
75		- */
76		- public static function fromASN1(Sequence $seq): self
77		- {
78		- $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
79		- $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
80		- if (!$algo instanceof SignatureAlgorithmIdentifier) {
81		- throw new \UnexpectedValueException(
82		- 'Unsupported signature algorithm ' . $algo->oid() . '.');
83		- }
84		- $signature = Signature::fromSignatureData(
85		- $seq->at(2)->asBitString()->string(), $algo);
86		- return new self($tbsCert, $algo, $signature);
87		- }
	69	+ /**
	70	+ * Initialize from ASN.1.
	71	+ *
	72	+ * @param Sequence $seq
	73	+ *
	74	+ * @return self
	75	+ */
	76	+ public static function fromASN1(Sequence $seq): self
	77	+ {
	78	+ $tbsCert = TBSCertificate::fromASN1($seq->at(0)->asSequence());
	79	+ $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
	80	+ if (!$algo instanceof SignatureAlgorithmIdentifier) {
	81	+ throw new \UnexpectedValueException(
	82	+ 'Unsupported signature algorithm ' . $algo->oid() . '.');
	83	+ }
	84	+ $signature = Signature::fromSignatureData(
	85	+ $seq->at(2)->asBitString()->string(), $algo);
	86	+ return new self($tbsCert, $algo, $signature);
	87	+ }
88	88
89		- /**
90		- * Initialize from DER.
91		- *
92		- * @param string $data
93		- *
94		- * @return self
95		- */
96		- public static function fromDER(string $data): self
97		- {
98		- return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
99		- }
	89	+ /**
	90	+ * Initialize from DER.
	91	+ *
	92	+ * @param string $data
	93	+ *
	94	+ * @return self
	95	+ */
	96	+ public static function fromDER(string $data): self
	97	+ {
	98	+ return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
	99	+ }
100	100
101		- /**
102		- * Initialize from PEM.
103		- *
104		- * @param PEM $pem
105		- *
106		- * @throws \UnexpectedValueException
107		- *
108		- * @return self
109		- */
110		- public static function fromPEM(PEM $pem): self
111		- {
112		- if (PEM::TYPE_CERTIFICATE != $pem->type()) {
113		- throw new \UnexpectedValueException('Invalid PEM type.');
114		- }
115		- return self::fromDER($pem->data());
116		- }
	101	+ /**
	102	+ * Initialize from PEM.
	103	+ *
	104	+ * @param PEM $pem
	105	+ *
	106	+ * @throws \UnexpectedValueException
	107	+ *
	108	+ * @return self
	109	+ */
	110	+ public static function fromPEM(PEM $pem): self
	111	+ {
	112	+ if (PEM::TYPE_CERTIFICATE != $pem->type()) {
	113	+ throw new \UnexpectedValueException('Invalid PEM type.');
	114	+ }
	115	+ return self::fromDER($pem->data());
	116	+ }
117	117
118		- /**
119		- * Get certificate information.
120		- *
121		- * @return TBSCertificate
122		- */
123		- public function tbsCertificate(): TBSCertificate
124		- {
125		- return $this->_tbsCertificate;
126		- }
	118	+ /**
	119	+ * Get certificate information.
	120	+ *
	121	+ * @return TBSCertificate
	122	+ */
	123	+ public function tbsCertificate(): TBSCertificate
	124	+ {
	125	+ return $this->_tbsCertificate;
	126	+ }
127	127
128		- /**
129		- * Get signature algorithm.
130		- *
131		- * @return SignatureAlgorithmIdentifier
132		- */
133		- public function signatureAlgorithm(): SignatureAlgorithmIdentifier
134		- {
135		- return $this->_signatureAlgorithm;
136		- }
	128	+ /**
	129	+ * Get signature algorithm.
	130	+ *
	131	+ * @return SignatureAlgorithmIdentifier
	132	+ */
	133	+ public function signatureAlgorithm(): SignatureAlgorithmIdentifier
	134	+ {
	135	+ return $this->_signatureAlgorithm;
	136	+ }
137	137
138		- /**
139		- * Get signature value.
140		- *
141		- * @return Signature
142		- */
143		- public function signatureValue(): Signature
144		- {
145		- return $this->_signatureValue;
146		- }
	138	+ /**
	139	+ * Get signature value.
	140	+ *
	141	+ * @return Signature
	142	+ */
	143	+ public function signatureValue(): Signature
	144	+ {
	145	+ return $this->_signatureValue;
	146	+ }
147	147
148		- /**
149		- * Check whether certificate is self-issued.
150		- *
151		- * @return bool
152		- */
153		- public function isSelfIssued(): bool
154		- {
155		- return $this->_tbsCertificate->subject()->equals(
156		- $this->_tbsCertificate->issuer());
157		- }
	148	+ /**
	149	+ * Check whether certificate is self-issued.
	150	+ *
	151	+ * @return bool
	152	+ */
	153	+ public function isSelfIssued(): bool
	154	+ {
	155	+ return $this->_tbsCertificate->subject()->equals(
	156	+ $this->_tbsCertificate->issuer());
	157	+ }
158	158
159		- /**
160		- * Check whether certificate is semantically equal to another.
161		- *
162		- * @param Certificate $cert Certificate to compare to
163		- *
164		- * @return bool
165		- */
166		- public function equals(Certificate $cert): bool
167		- {
168		- return $this->_hasEqualSerialNumber($cert) &&
169		- $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
170		- }
	159	+ /**
	160	+ * Check whether certificate is semantically equal to another.
	161	+ *
	162	+ * @param Certificate $cert Certificate to compare to
	163	+ *
	164	+ * @return bool
	165	+ */
	166	+ public function equals(Certificate $cert): bool
	167	+ {
	168	+ return $this->_hasEqualSerialNumber($cert) &&
	169	+ $this->_hasEqualPublicKey($cert) && $this->_hasEqualSubject($cert);
	170	+ }
171	171
172		- /**
173		- * Generate ASN.1 structure.
174		- *
175		- * @return Sequence
176		- */
177		- public function toASN1(): Sequence
178		- {
179		- return new Sequence($this->_tbsCertificate->toASN1(),
180		- $this->_signatureAlgorithm->toASN1(),
181		- $this->_signatureValue->bitString());
182		- }
	172	+ /**
	173	+ * Generate ASN.1 structure.
	174	+ *
	175	+ * @return Sequence
	176	+ */
	177	+ public function toASN1(): Sequence
	178	+ {
	179	+ return new Sequence($this->_tbsCertificate->toASN1(),
	180	+ $this->_signatureAlgorithm->toASN1(),
	181	+ $this->_signatureValue->bitString());
	182	+ }
183	183
184		- /**
185		- * Get certificate as a DER.
186		- *
187		- * @return string
188		- */
189		- public function toDER(): string
190		- {
191		- return $this->toASN1()->toDER();
192		- }
	184	+ /**
	185	+ * Get certificate as a DER.
	186	+ *
	187	+ * @return string
	188	+ */
	189	+ public function toDER(): string
	190	+ {
	191	+ return $this->toASN1()->toDER();
	192	+ }
193	193
194		- /**
195		- * Get certificate as a PEM.
196		- *
197		- * @return PEM
198		- */
199		- public function toPEM(): PEM
200		- {
201		- return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
202		- }
	194	+ /**
	195	+ * Get certificate as a PEM.
	196	+ *
	197	+ * @return PEM
	198	+ */
	199	+ public function toPEM(): PEM
	200	+ {
	201	+ return new PEM(PEM::TYPE_CERTIFICATE, $this->toDER());
	202	+ }
203	203
204		- /**
205		- * Verify certificate signature.
206		- *
207		- * @param PublicKeyInfo $pubkey_info Issuer's public key
208		- * @param null\|Crypto $crypto Crypto engine, use default if not set
209		- *
210		- * @return bool True if certificate signature is valid
211		- */
212		- public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
213		- {
214		- $crypto = $crypto ?? Crypto::getDefault();
215		- $data = $this->_tbsCertificate->toASN1()->toDER();
216		- return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
217		- $this->_signatureAlgorithm);
218		- }
	204	+ /**
	205	+ * Verify certificate signature.
	206	+ *
	207	+ * @param PublicKeyInfo $pubkey_info Issuer's public key
	208	+ * @param null\|Crypto $crypto Crypto engine, use default if not set
	209	+ *
	210	+ * @return bool True if certificate signature is valid
	211	+ */
	212	+ public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
	213	+ {
	214	+ $crypto = $crypto ?? Crypto::getDefault();
	215	+ $data = $this->_tbsCertificate->toASN1()->toDER();
	216	+ return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
	217	+ $this->_signatureAlgorithm);
	218	+ }
219	219
220		- /**
221		- * Check whether certificate has serial number equal to another.
222		- *
223		- * @param Certificate $cert
224		- *
225		- * @return bool
226		- */
227		- private function _hasEqualSerialNumber(Certificate $cert): bool
228		- {
229		- $sn1 = $this->_tbsCertificate->serialNumber();
230		- $sn2 = $cert->_tbsCertificate->serialNumber();
231		- return $sn1 == $sn2;
232		- }
	220	+ /**
	221	+ * Check whether certificate has serial number equal to another.
	222	+ *
	223	+ * @param Certificate $cert
	224	+ *
	225	+ * @return bool
	226	+ */
	227	+ private function _hasEqualSerialNumber(Certificate $cert): bool
	228	+ {
	229	+ $sn1 = $this->_tbsCertificate->serialNumber();
	230	+ $sn2 = $cert->_tbsCertificate->serialNumber();
	231	+ return $sn1 == $sn2;
	232	+ }
233	233
234		- /**
235		- * Check whether certificate has public key equal to another.
236		- *
237		- * @param Certificate $cert
238		- *
239		- * @return bool
240		- */
241		- private function _hasEqualPublicKey(Certificate $cert): bool
242		- {
243		- $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
244		- $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
245		- return $kid1 == $kid2;
246		- }
	234	+ /**
	235	+ * Check whether certificate has public key equal to another.
	236	+ *
	237	+ * @param Certificate $cert
	238	+ *
	239	+ * @return bool
	240	+ */
	241	+ private function _hasEqualPublicKey(Certificate $cert): bool
	242	+ {
	243	+ $kid1 = $this->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
	244	+ $kid2 = $cert->_tbsCertificate->subjectPublicKeyInfo()->keyIdentifier();
	245	+ return $kid1 == $kid2;
	246	+ }
247	247
248		- /**
249		- * Check whether certificate has subject equal to another.
250		- *
251		- * @param Certificate $cert
252		- *
253		- * @return bool
254		- */
255		- private function _hasEqualSubject(Certificate $cert): bool
256		- {
257		- $dn1 = $this->_tbsCertificate->subject();
258		- $dn2 = $cert->_tbsCertificate->subject();
259		- return $dn1->equals($dn2);
260		- }
	248	+ /**
	249	+ * Check whether certificate has subject equal to another.
	250	+ *
	251	+ * @param Certificate $cert
	252	+ *
	253	+ * @return bool
	254	+ */
	255	+ private function _hasEqualSubject(Certificate $cert): bool
	256	+ {
	257	+ $dn1 = $this->_tbsCertificate->subject();
	258	+ $dn2 = $cert->_tbsCertificate->subject();
	259	+ return $dn1->equals($dn2);
	260	+ }
261	261	}

		@@ -17,108 +17,108 @@
		block discarded – undo
17	17	*/
18	18	class Time
19	19	{
20		- use DateTimeHelper;
	20	+ use DateTimeHelper;
21	21
22		- /**
23		- * Datetime.
24		- *
25		- * @var \DateTimeImmutable
26		- */
27		- protected $_dt;
	22	+ /**
	23	+ * Datetime.
	24	+ *
	25	+ * @var \DateTimeImmutable
	26	+ */
	27	+ protected $_dt;
28	28
29		- /**
30		- * Time ASN.1 type tag.
31		- *
32		- * @var int
33		- */
34		- protected $_type;
	29	+ /**
	30	+ * Time ASN.1 type tag.
	31	+ *
	32	+ * @var int
	33	+ */
	34	+ protected $_type;
35	35
36		- /**
37		- * Constructor.
38		- *
39		- * @param \DateTimeImmutable $dt
40		- */
41		- public function __construct(\DateTimeImmutable $dt)
42		- {
43		- $this->_dt = $dt;
44		- $this->_type = self::_determineType($dt);
45		- }
	36	+ /**
	37	+ * Constructor.
	38	+ *
	39	+ * @param \DateTimeImmutable $dt
	40	+ */
	41	+ public function __construct(\DateTimeImmutable $dt)
	42	+ {
	43	+ $this->_dt = $dt;
	44	+ $this->_type = self::_determineType($dt);
	45	+ }
46	46
47		- /**
48		- * Initialize from ASN.1.
49		- *
50		- * @param TimeType $el
51		- *
52		- * @return self
53		- */
54		- public static function fromASN1(TimeType $el): self
55		- {
56		- $obj = new self($el->dateTime());
57		- $obj->_type = $el->tag();
58		- return $obj;
59		- }
	47	+ /**
	48	+ * Initialize from ASN.1.
	49	+ *
	50	+ * @param TimeType $el
	51	+ *
	52	+ * @return self
	53	+ */
	54	+ public static function fromASN1(TimeType $el): self
	55	+ {
	56	+ $obj = new self($el->dateTime());
	57	+ $obj->_type = $el->tag();
	58	+ return $obj;
	59	+ }
60	60
61		- /**
62		- * Initialize from date string.
63		- *
64		- * @param null\|string $time
65		- * @param null\|string $tz
66		- *
67		- * @return self
68		- */
69		- public static function fromString(?string $time, ?string $tz = null): self
70		- {
71		- return new self(self::_createDateTime($time, $tz));
72		- }
	61	+ /**
	62	+ * Initialize from date string.
	63	+ *
	64	+ * @param null\|string $time
	65	+ * @param null\|string $tz
	66	+ *
	67	+ * @return self
	68	+ */
	69	+ public static function fromString(?string $time, ?string $tz = null): self
	70	+ {
	71	+ return new self(self::_createDateTime($time, $tz));
	72	+ }
73	73
74		- /**
75		- * Get datetime.
76		- *
77		- * @return \DateTimeImmutable
78		- */
79		- public function dateTime(): \DateTimeImmutable
80		- {
81		- return $this->_dt;
82		- }
	74	+ /**
	75	+ * Get datetime.
	76	+ *
	77	+ * @return \DateTimeImmutable
	78	+ */
	79	+ public function dateTime(): \DateTimeImmutable
	80	+ {
	81	+ return $this->_dt;
	82	+ }
83	83
84		- /**
85		- * Generate ASN.1.
86		- *
87		- * @throws \UnexpectedValueException
88		- *
89		- * @return TimeType
90		- */
91		- public function toASN1(): TimeType
92		- {
93		- $dt = $this->_dt;
94		- switch ($this->_type) {
95		- case Element::TYPE_UTC_TIME:
96		- return new UTCTime($dt);
97		- case Element::TYPE_GENERALIZED_TIME:
98		- // GeneralizedTime must not contain fractional seconds
99		- // (rfc5280 4.1.2.5.2)
100		- if (0 != $dt->format('u')) {
101		- // remove fractional seconds (round down)
102		- $dt = self::_roundDownFractionalSeconds($dt);
103		- }
104		- return new GeneralizedTime($dt);
105		- }
106		- throw new \UnexpectedValueException(
107		- 'Time type ' . Element::tagToName($this->_type) . ' not supported.');
108		- }
	84	+ /**
	85	+ * Generate ASN.1.
	86	+ *
	87	+ * @throws \UnexpectedValueException
	88	+ *
	89	+ * @return TimeType
	90	+ */
	91	+ public function toASN1(): TimeType
	92	+ {
	93	+ $dt = $this->_dt;
	94	+ switch ($this->_type) {
	95	+ case Element::TYPE_UTC_TIME:
	96	+ return new UTCTime($dt);
	97	+ case Element::TYPE_GENERALIZED_TIME:
	98	+ // GeneralizedTime must not contain fractional seconds
	99	+ // (rfc5280 4.1.2.5.2)
	100	+ if (0 != $dt->format('u')) {
	101	+ // remove fractional seconds (round down)
	102	+ $dt = self::_roundDownFractionalSeconds($dt);
	103	+ }
	104	+ return new GeneralizedTime($dt);
	105	+ }
	106	+ throw new \UnexpectedValueException(
	107	+ 'Time type ' . Element::tagToName($this->_type) . ' not supported.');
	108	+ }
109	109
110		- /**
111		- * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
112		- *
113		- * @param \DateTimeImmutable $dt
114		- *
115		- * @return int Type tag
116		- */
117		- protected static function _determineType(\DateTimeImmutable $dt): int
118		- {
119		- if ($dt->format('Y') >= 2050) {
120		- return Element::TYPE_GENERALIZED_TIME;
121		- }
122		- return Element::TYPE_UTC_TIME;
123		- }
	110	+ /**
	111	+ * Determine whether to use UTCTime or GeneralizedTime ASN.1 type.
	112	+ *
	113	+ * @param \DateTimeImmutable $dt
	114	+ *
	115	+ * @return int Type tag
	116	+ */
	117	+ protected static function _determineType(\DateTimeImmutable $dt): int
	118	+ {
	119	+ if ($dt->format('Y') >= 2050) {
	120	+ return Element::TYPE_GENERALIZED_TIME;
	121	+ }
	122	+ return Element::TYPE_UTC_TIME;
	123	+ }
124	124	}

		@@ -92,16 +92,16 @@
		block discarded – undo
92	92	{
93	93	$dt = $this->_dt;
94	94	switch ($this->_type) {
95		- case Element::TYPE_UTC_TIME:
96		- return new UTCTime($dt);
97		- case Element::TYPE_GENERALIZED_TIME:
98		- // GeneralizedTime must not contain fractional seconds
99		- // (rfc5280 4.1.2.5.2)
100		- if (0 != $dt->format('u')) {
101		- // remove fractional seconds (round down)
102		- $dt = self::_roundDownFractionalSeconds($dt);
103		- }
104		- return new GeneralizedTime($dt);
	95	+ case Element::TYPE_UTC_TIME:
	96	+ return new UTCTime($dt);
	97	+ case Element::TYPE_GENERALIZED_TIME:
	98	+ // GeneralizedTime must not contain fractional seconds
	99	+ // (rfc5280 4.1.2.5.2)
	100	+ if (0 != $dt->format('u')) {
	101	+ // remove fractional seconds (round down)
	102	+ $dt = self::_roundDownFractionalSeconds($dt);
	103	+ }
	104	+ return new GeneralizedTime($dt);
105	105	}
106	106	throw new \UnexpectedValueException(
107	107	'Time type ' . Element::tagToName($this->_type) . ' not supported.');

		@@ -16,139 +16,139 @@
		block discarded – undo
16	16	*/
17	17	class CertificationPathBuilder
18	18	{
19		- /**
20		- * Trust anchors.
21		- *
22		- * @var CertificateBundle
23		- */
24		- protected $_trustList;
	19	+ /**
	20	+ * Trust anchors.
	21	+ *
	22	+ * @var CertificateBundle
	23	+ */
	24	+ protected $_trustList;
25	25
26		- /**
27		- * Constructor.
28		- *
29		- * @param CertificateBundle $trust_list List of trust anchors
30		- */
31		- public function __construct(CertificateBundle $trust_list)
32		- {
33		- $this->_trustList = $trust_list;
34		- }
	26	+ /**
	27	+ * Constructor.
	28	+ *
	29	+ * @param CertificateBundle $trust_list List of trust anchors
	30	+ */
	31	+ public function __construct(CertificateBundle $trust_list)
	32	+ {
	33	+ $this->_trustList = $trust_list;
	34	+ }
35	35
36		- /**
37		- * Get all certification paths to given target certificate from
38		- * any trust anchor.
39		- *
40		- * @param Certificate $target Target certificate
41		- * @param null\|CertificateBundle $intermediate Optional intermediate certificates
42		- *
43		- * @return CertificationPath[]
44		- */
45		- public function allPathsToTarget(Certificate $target,
46		- ?CertificateBundle $intermediate = null): array
47		- {
48		- $paths = $this->_resolvePathsToTarget($target, $intermediate);
49		- // map paths to CertificationPath objects
50		- return array_map(
51		- function ($certs) {
52		- return new CertificationPath(...$certs);
53		- }, $paths);
54		- }
	36	+ /**
	37	+ * Get all certification paths to given target certificate from
	38	+ * any trust anchor.
	39	+ *
	40	+ * @param Certificate $target Target certificate
	41	+ * @param null\|CertificateBundle $intermediate Optional intermediate certificates
	42	+ *
	43	+ * @return CertificationPath[]
	44	+ */
	45	+ public function allPathsToTarget(Certificate $target,
	46	+ ?CertificateBundle $intermediate = null): array
	47	+ {
	48	+ $paths = $this->_resolvePathsToTarget($target, $intermediate);
	49	+ // map paths to CertificationPath objects
	50	+ return array_map(
	51	+ function ($certs) {
	52	+ return new CertificationPath(...$certs);
	53	+ }, $paths);
	54	+ }
55	55
56		- /**
57		- * Get shortest path to given target certificate from any trust anchor.
58		- *
59		- * @param Certificate $target Target certificate
60		- * @param null\|CertificateBundle $intermediate Optional intermediate certificates
61		- *
62		- * @throws PathBuildingException
63		- *
64		- * @return CertificationPath
65		- */
66		- public function shortestPathToTarget(Certificate $target,
67		- ?CertificateBundle $intermediate = null): CertificationPath
68		- {
69		- $paths = $this->allPathsToTarget($target, $intermediate);
70		- if (!count($paths)) {
71		- throw new PathBuildingException('No certification paths.');
72		- }
73		- usort($paths,
74		- function ($a, $b) {
75		- return count($a) < count($b) ? -1 : 1;
76		- });
77		- return reset($paths);
78		- }
	56	+ /**
	57	+ * Get shortest path to given target certificate from any trust anchor.
	58	+ *
	59	+ * @param Certificate $target Target certificate
	60	+ * @param null\|CertificateBundle $intermediate Optional intermediate certificates
	61	+ *
	62	+ * @throws PathBuildingException
	63	+ *
	64	+ * @return CertificationPath
	65	+ */
	66	+ public function shortestPathToTarget(Certificate $target,
	67	+ ?CertificateBundle $intermediate = null): CertificationPath
	68	+ {
	69	+ $paths = $this->allPathsToTarget($target, $intermediate);
	70	+ if (!count($paths)) {
	71	+ throw new PathBuildingException('No certification paths.');
	72	+ }
	73	+ usort($paths,
	74	+ function ($a, $b) {
	75	+ return count($a) < count($b) ? -1 : 1;
	76	+ });
	77	+ return reset($paths);
	78	+ }
79	79
80		- /**
81		- * Find all issuers of the target certificate from a given bundle.
82		- *
83		- * @param Certificate $target Target certificate
84		- * @param CertificateBundle $bundle Certificates to search
85		- *
86		- * @return Certificate[]
87		- */
88		- protected function _findIssuers(Certificate $target,
89		- CertificateBundle $bundle): array
90		- {
91		- $issuers = [];
92		- $issuer_name = $target->tbsCertificate()->issuer();
93		- $extensions = $target->tbsCertificate()->extensions();
94		- // find by authority key identifier
95		- if ($extensions->hasAuthorityKeyIdentifier()) {
96		- $ext = $extensions->authorityKeyIdentifier();
97		- if ($ext->hasKeyIdentifier()) {
98		- foreach ($bundle->allBySubjectKeyIdentifier(
99		- $ext->keyIdentifier()) as $issuer) {
100		- // check that issuer name matches
101		- if ($issuer->tbsCertificate()->subject()->equals($issuer_name)) {
102		- $issuers[] = $issuer;
103		- }
104		- }
105		- }
106		- }
107		- return $issuers;
108		- }
	80	+ /**
	81	+ * Find all issuers of the target certificate from a given bundle.
	82	+ *
	83	+ * @param Certificate $target Target certificate
	84	+ * @param CertificateBundle $bundle Certificates to search
	85	+ *
	86	+ * @return Certificate[]
	87	+ */
	88	+ protected function _findIssuers(Certificate $target,
	89	+ CertificateBundle $bundle): array
	90	+ {
	91	+ $issuers = [];
	92	+ $issuer_name = $target->tbsCertificate()->issuer();
	93	+ $extensions = $target->tbsCertificate()->extensions();
	94	+ // find by authority key identifier
	95	+ if ($extensions->hasAuthorityKeyIdentifier()) {
	96	+ $ext = $extensions->authorityKeyIdentifier();
	97	+ if ($ext->hasKeyIdentifier()) {
	98	+ foreach ($bundle->allBySubjectKeyIdentifier(
	99	+ $ext->keyIdentifier()) as $issuer) {
	100	+ // check that issuer name matches
	101	+ if ($issuer->tbsCertificate()->subject()->equals($issuer_name)) {
	102	+ $issuers[] = $issuer;
	103	+ }
	104	+ }
	105	+ }
	106	+ }
	107	+ return $issuers;
	108	+ }
109	109
110		- /**
111		- * Resolve all possible certification paths from any trust anchor to
112		- * the target certificate, using optional intermediate certificates.
113		- *
114		- * Helper method for allPathsToTarget to be called recursively.
115		- *
116		- * @todo Implement loop detection
117		- *
118		- * @param Certificate $target
119		- * @param null\|CertificateBundle $intermediate
120		- *
121		- * @return array[] Array of arrays containing path certificates
122		- */
123		- private function _resolvePathsToTarget(Certificate $target,
124		- ?CertificateBundle $intermediate = null): array
125		- {
126		- // array of possible paths
127		- $paths = [];
128		- // signed by certificate in the trust list
129		- foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
130		- // if target is self-signed, path consists of only
131		- // the target certificate
132		- if ($target->equals($issuer)) {
133		- $paths[] = [$target];
134		- } else {
135		- $paths[] = [$issuer, $target];
136		- }
137		- }
138		- if (isset($intermediate)) {
139		- // signed by intermediate certificate
140		- foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
141		- // intermediate certificate must not be self-signed
142		- if ($issuer->isSelfIssued()) {
143		- continue;
144		- }
145		- // resolve paths to issuer
146		- $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
147		- foreach ($subpaths as $path) {
148		- $paths[] = array_merge($path, [$target]);
149		- }
150		- }
151		- }
152		- return $paths;
153		- }
	110	+ /**
	111	+ * Resolve all possible certification paths from any trust anchor to
	112	+ * the target certificate, using optional intermediate certificates.
	113	+ *
	114	+ * Helper method for allPathsToTarget to be called recursively.
	115	+ *
	116	+ * @todo Implement loop detection
	117	+ *
	118	+ * @param Certificate $target
	119	+ * @param null\|CertificateBundle $intermediate
	120	+ *
	121	+ * @return array[] Array of arrays containing path certificates
	122	+ */
	123	+ private function _resolvePathsToTarget(Certificate $target,
	124	+ ?CertificateBundle $intermediate = null): array
	125	+ {
	126	+ // array of possible paths
	127	+ $paths = [];
	128	+ // signed by certificate in the trust list
	129	+ foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
	130	+ // if target is self-signed, path consists of only
	131	+ // the target certificate
	132	+ if ($target->equals($issuer)) {
	133	+ $paths[] = [$target];
	134	+ } else {
	135	+ $paths[] = [$issuer, $target];
	136	+ }
	137	+ }
	138	+ if (isset($intermediate)) {
	139	+ // signed by intermediate certificate
	140	+ foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
	141	+ // intermediate certificate must not be self-signed
	142	+ if ($issuer->isSelfIssued()) {
	143	+ continue;
	144	+ }
	145	+ // resolve paths to issuer
	146	+ $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
	147	+ foreach ($subpaths as $path) {
	148	+ $paths[] = array_merge($path, [$target]);
	149	+ }
	150	+ }
	151	+ }
	152	+ return $paths;
	153	+ }
154	154	}

		@@ -18,81 +18,81 @@
		block discarded – undo
18	18	*/
19	19	class PathValidationResult
20	20	{
21		- /**
22		- * Certificates in a certification path.
23		- *
24		- * @var Certificate[]
25		- */
26		- protected $_certificates;
	21	+ /**
	22	+ * Certificates in a certification path.
	23	+ *
	24	+ * @var Certificate[]
	25	+ */
	26	+ protected $_certificates;
27	27
28		- /**
29		- * Valid policy tree.
30		- *
31		- * @var null\|PolicyTree
32		- */
33		- protected $_policyTree;
	28	+ /**
	29	+ * Valid policy tree.
	30	+ *
	31	+ * @var null\|PolicyTree
	32	+ */
	33	+ protected $_policyTree;
34	34
35		- /**
36		- * End-entity certificate's public key.
37		- *
38		- * @var PublicKeyInfo
39		- */
40		- protected $_publicKeyInfo;
	35	+ /**
	36	+ * End-entity certificate's public key.
	37	+ *
	38	+ * @var PublicKeyInfo
	39	+ */
	40	+ protected $_publicKeyInfo;
41	41
42		- /**
43		- * Public key algorithm.
44		- *
45		- * @var AlgorithmIdentifierType
46		- */
47		- protected $_publicKeyAlgo;
	42	+ /**
	43	+ * Public key algorithm.
	44	+ *
	45	+ * @var AlgorithmIdentifierType
	46	+ */
	47	+ protected $_publicKeyAlgo;
48	48
49		- /**
50		- * Public key parameters.
51		- *
52		- * @var null\|Element
53		- */
54		- protected $_publicKeyParameters;
	49	+ /**
	50	+ * Public key parameters.
	51	+ *
	52	+ * @var null\|Element
	53	+ */
	54	+ protected $_publicKeyParameters;
55	55
56		- /**
57		- * Constructor.
58		- *
59		- * @param Certificate[] $certificates Certificates in a certification path
60		- * @param null\|PolicyTree $policy_tree Valid policy tree
61		- * @param PublicKeyInfo $pubkey_info Public key of the end-entity certificate
62		- * @param AlgorithmIdentifierType $algo Public key algorithm of the end-entity certificate
63		- * @param null\|Element $params Algorithm parameters
64		- */
65		- public function __construct(array $certificates, ?PolicyTree $policy_tree,
66		- PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
67		- ?Element $params = null)
68		- {
69		- $this->_certificates = array_values($certificates);
70		- $this->_policyTree = $policy_tree;
71		- $this->_publicKeyInfo = $pubkey_info;
72		- $this->_publicKeyAlgo = $algo;
73		- $this->_publicKeyParameters = $params;
74		- }
	56	+ /**
	57	+ * Constructor.
	58	+ *
	59	+ * @param Certificate[] $certificates Certificates in a certification path
	60	+ * @param null\|PolicyTree $policy_tree Valid policy tree
	61	+ * @param PublicKeyInfo $pubkey_info Public key of the end-entity certificate
	62	+ * @param AlgorithmIdentifierType $algo Public key algorithm of the end-entity certificate
	63	+ * @param null\|Element $params Algorithm parameters
	64	+ */
	65	+ public function __construct(array $certificates, ?PolicyTree $policy_tree,
	66	+ PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
	67	+ ?Element $params = null)
	68	+ {
	69	+ $this->_certificates = array_values($certificates);
	70	+ $this->_policyTree = $policy_tree;
	71	+ $this->_publicKeyInfo = $pubkey_info;
	72	+ $this->_publicKeyAlgo = $algo;
	73	+ $this->_publicKeyParameters = $params;
	74	+ }
75	75
76		- /**
77		- * Get end-entity certificate.
78		- *
79		- * @return Certificate
80		- */
81		- public function certificate(): Certificate
82		- {
83		- return $this->_certificates[count($this->_certificates) - 1];
84		- }
	76	+ /**
	77	+ * Get end-entity certificate.
	78	+ *
	79	+ * @return Certificate
	80	+ */
	81	+ public function certificate(): Certificate
	82	+ {
	83	+ return $this->_certificates[count($this->_certificates) - 1];
	84	+ }
85	85
86		- /**
87		- * Get certificate policies of the end-entity certificate.
88		- *
89		- * @return PolicyInformation[]
90		- */
91		- public function policies(): array
92		- {
93		- if (!$this->_policyTree) {
94		- return [];
95		- }
96		- return $this->_policyTree->policiesAtDepth(count($this->_certificates));
97		- }
	86	+ /**
	87	+ * Get certificate policies of the end-entity certificate.
	88	+ *
	89	+ * @return PolicyInformation[]
	90	+ */
	91	+ public function policies(): array
	92	+ {
	93	+ if (!$this->_policyTree) {
	94	+ return [];
	95	+ }
	96	+ return $this->_policyTree->policiesAtDepth(count($this->_certificates));
	97	+ }
98	98	}

		@@ -14,282 +14,282 @@
		block discarded – undo
14	14	*/
15	15	class PathValidationConfig
16	16	{
17		- /**
18		- * Maximum allowed certification path length.
19		- *
20		- * @var int
21		- */
22		- protected $_maxLength;
	17	+ /**
	18	+ * Maximum allowed certification path length.
	19	+ *
	20	+ * @var int
	21	+ */
	22	+ protected $_maxLength;
23	23
24		- /**
25		- * Reference time.
26		- *
27		- * @var \DateTimeImmutable
28		- */
29		- protected $_dateTime;
	24	+ /**
	25	+ * Reference time.
	26	+ *
	27	+ * @var \DateTimeImmutable
	28	+ */
	29	+ protected $_dateTime;
30	30
31		- /**
32		- * List of acceptable policy identifiers.
33		- *
34		- * @var string[]
35		- */
36		- protected $_policySet;
	31	+ /**
	32	+ * List of acceptable policy identifiers.
	33	+ *
	34	+ * @var string[]
	35	+ */
	36	+ protected $_policySet;
37	37
38		- /**
39		- * Trust anchor certificate.
40		- *
41		- * If not set, path validation uses the first certificate of the path.
42		- *
43		- * @var null\|Certificate
44		- */
45		- protected $_trustAnchor;
	38	+ /**
	39	+ * Trust anchor certificate.
	40	+ *
	41	+ * If not set, path validation uses the first certificate of the path.
	42	+ *
	43	+ * @var null\|Certificate
	44	+ */
	45	+ protected $_trustAnchor;
46	46
47		- /**
48		- * Whether policy mapping in inhibited.
49		- *
50		- * Setting this to true disallows policy mapping.
51		- *
52		- * @var bool
53		- */
54		- protected $_policyMappingInhibit;
	47	+ /**
	48	+ * Whether policy mapping in inhibited.
	49	+ *
	50	+ * Setting this to true disallows policy mapping.
	51	+ *
	52	+ * @var bool
	53	+ */
	54	+ protected $_policyMappingInhibit;
55	55
56		- /**
57		- * Whether the path must be valid for at least one policy in the
58		- * initial policy set.
59		- *
60		- * @var bool
61		- */
62		- protected $_explicitPolicy;
	56	+ /**
	57	+ * Whether the path must be valid for at least one policy in the
	58	+ * initial policy set.
	59	+ *
	60	+ * @var bool
	61	+ */
	62	+ protected $_explicitPolicy;
63	63
64		- /**
65		- * Whether anyPolicy OID processing should be inhibited.
66		- *
67		- * Setting this to true disallows the usage of anyPolicy.
68		- *
69		- * @var bool
70		- */
71		- protected $_anyPolicyInhibit;
	64	+ /**
	65	+ * Whether anyPolicy OID processing should be inhibited.
	66	+ *
	67	+ * Setting this to true disallows the usage of anyPolicy.
	68	+ *
	69	+ * @var bool
	70	+ */
	71	+ protected $_anyPolicyInhibit;
72	72
73		- /**
74		- * @todo Implement
75		- *
76		- * @var mixed
77		- */
78		- protected $_permittedSubtrees;
	73	+ /**
	74	+ * @todo Implement
	75	+ *
	76	+ * @var mixed
	77	+ */
	78	+ protected $_permittedSubtrees;
79	79
80		- /**
81		- * @todo Implement
82		- *
83		- * @var mixed
84		- */
85		- protected $_excludedSubtrees;
	80	+ /**
	81	+ * @todo Implement
	82	+ *
	83	+ * @var mixed
	84	+ */
	85	+ protected $_excludedSubtrees;
86	86
87		- /**
88		- * Constructor.
89		- *
90		- * @param \DateTimeImmutable $dt Reference date and time
91		- * @param int $max_length Maximum certification path length
92		- */
93		- public function __construct(\DateTimeImmutable $dt, int $max_length)
94		- {
95		- $this->_dateTime = $dt;
96		- $this->_maxLength = $max_length;
97		- $this->_policySet = [PolicyInformation::OID_ANY_POLICY];
98		- $this->_policyMappingInhibit = false;
99		- $this->_explicitPolicy = false;
100		- $this->_anyPolicyInhibit = false;
101		- }
	87	+ /**
	88	+ * Constructor.
	89	+ *
	90	+ * @param \DateTimeImmutable $dt Reference date and time
	91	+ * @param int $max_length Maximum certification path length
	92	+ */
	93	+ public function __construct(\DateTimeImmutable $dt, int $max_length)
	94	+ {
	95	+ $this->_dateTime = $dt;
	96	+ $this->_maxLength = $max_length;
	97	+ $this->_policySet = [PolicyInformation::OID_ANY_POLICY];
	98	+ $this->_policyMappingInhibit = false;
	99	+ $this->_explicitPolicy = false;
	100	+ $this->_anyPolicyInhibit = false;
	101	+ }
102	102
103		- /**
104		- * Get default configuration.
105		- *
106		- * @return self
107		- */
108		- public static function defaultConfig(): self
109		- {
110		- return new self(new \DateTimeImmutable(), 3);
111		- }
	103	+ /**
	104	+ * Get default configuration.
	105	+ *
	106	+ * @return self
	107	+ */
	108	+ public static function defaultConfig(): self
	109	+ {
	110	+ return new self(new \DateTimeImmutable(), 3);
	111	+ }
112	112
113		- /**
114		- * Get self with maximum path length.
115		- *
116		- * @param int $length
117		- *
118		- * @return self
119		- */
120		- public function withMaxLength(int $length): self
121		- {
122		- $obj = clone $this;
123		- $obj->_maxLength = $length;
124		- return $obj;
125		- }
	113	+ /**
	114	+ * Get self with maximum path length.
	115	+ *
	116	+ * @param int $length
	117	+ *
	118	+ * @return self
	119	+ */
	120	+ public function withMaxLength(int $length): self
	121	+ {
	122	+ $obj = clone $this;
	123	+ $obj->_maxLength = $length;
	124	+ return $obj;
	125	+ }
126	126
127		- /**
128		- * Get self with reference date and time.
129		- *
130		- * @param \DateTimeImmutable $dt
131		- *
132		- * @return self
133		- */
134		- public function withDateTime(\DateTimeImmutable $dt): self
135		- {
136		- $obj = clone $this;
137		- $obj->_dateTime = $dt;
138		- return $obj;
139		- }
	127	+ /**
	128	+ * Get self with reference date and time.
	129	+ *
	130	+ * @param \DateTimeImmutable $dt
	131	+ *
	132	+ * @return self
	133	+ */
	134	+ public function withDateTime(\DateTimeImmutable $dt): self
	135	+ {
	136	+ $obj = clone $this;
	137	+ $obj->_dateTime = $dt;
	138	+ return $obj;
	139	+ }
140	140
141		- /**
142		- * Get self with trust anchor certificate.
143		- *
144		- * @param Certificate $ca
145		- *
146		- * @return self
147		- */
148		- public function withTrustAnchor(Certificate $ca): self
149		- {
150		- $obj = clone $this;
151		- $obj->_trustAnchor = $ca;
152		- return $obj;
153		- }
	141	+ /**
	142	+ * Get self with trust anchor certificate.
	143	+ *
	144	+ * @param Certificate $ca
	145	+ *
	146	+ * @return self
	147	+ */
	148	+ public function withTrustAnchor(Certificate $ca): self
	149	+ {
	150	+ $obj = clone $this;
	151	+ $obj->_trustAnchor = $ca;
	152	+ return $obj;
	153	+ }
154	154
155		- /**
156		- * Get self with initial-policy-mapping-inhibit set.
157		- *
158		- * @param bool $flag
159		- *
160		- * @return self
161		- */
162		- public function withPolicyMappingInhibit(bool $flag): self
163		- {
164		- $obj = clone $this;
165		- $obj->_policyMappingInhibit = $flag;
166		- return $obj;
167		- }
	155	+ /**
	156	+ * Get self with initial-policy-mapping-inhibit set.
	157	+ *
	158	+ * @param bool $flag
	159	+ *
	160	+ * @return self
	161	+ */
	162	+ public function withPolicyMappingInhibit(bool $flag): self
	163	+ {
	164	+ $obj = clone $this;
	165	+ $obj->_policyMappingInhibit = $flag;
	166	+ return $obj;
	167	+ }
168	168
169		- /**
170		- * Get self with initial-explicit-policy set.
171		- *
172		- * @param bool $flag
173		- *
174		- * @return self
175		- */
176		- public function withExplicitPolicy(bool $flag): self
177		- {
178		- $obj = clone $this;
179		- $obj->_explicitPolicy = $flag;
180		- return $obj;
181		- }
	169	+ /**
	170	+ * Get self with initial-explicit-policy set.
	171	+ *
	172	+ * @param bool $flag
	173	+ *
	174	+ * @return self
	175	+ */
	176	+ public function withExplicitPolicy(bool $flag): self
	177	+ {
	178	+ $obj = clone $this;
	179	+ $obj->_explicitPolicy = $flag;
	180	+ return $obj;
	181	+ }
182	182
183		- /**
184		- * Get self with initial-any-policy-inhibit set.
185		- *
186		- * @param bool $flag
187		- *
188		- * @return self
189		- */
190		- public function withAnyPolicyInhibit(bool $flag): self
191		- {
192		- $obj = clone $this;
193		- $obj->_anyPolicyInhibit = $flag;
194		- return $obj;
195		- }
	183	+ /**
	184	+ * Get self with initial-any-policy-inhibit set.
	185	+ *
	186	+ * @param bool $flag
	187	+ *
	188	+ * @return self
	189	+ */
	190	+ public function withAnyPolicyInhibit(bool $flag): self
	191	+ {
	192	+ $obj = clone $this;
	193	+ $obj->_anyPolicyInhibit = $flag;
	194	+ return $obj;
	195	+ }
196	196
197		- /**
198		- * Get self with user-initial-policy-set set to policy OIDs.
199		- *
200		- * @param string ...$policies List of policy OIDs
201		- *
202		- * @return self
203		- */
204		- public function withPolicySet(string ...$policies): self
205		- {
206		- $obj = clone $this;
207		- $obj->_policySet = $policies;
208		- return $obj;
209		- }
	197	+ /**
	198	+ * Get self with user-initial-policy-set set to policy OIDs.
	199	+ *
	200	+ * @param string ...$policies List of policy OIDs
	201	+ *
	202	+ * @return self
	203	+ */
	204	+ public function withPolicySet(string ...$policies): self
	205	+ {
	206	+ $obj = clone $this;
	207	+ $obj->_policySet = $policies;
	208	+ return $obj;
	209	+ }
210	210
211		- /**
212		- * Get maximum certification path length.
213		- *
214		- * @return int
215		- */
216		- public function maxLength(): int
217		- {
218		- return $this->_maxLength;
219		- }
	211	+ /**
	212	+ * Get maximum certification path length.
	213	+ *
	214	+ * @return int
	215	+ */
	216	+ public function maxLength(): int
	217	+ {
	218	+ return $this->_maxLength;
	219	+ }
220	220
221		- /**
222		- * Get reference date and time.
223		- *
224		- * @return \DateTimeImmutable
225		- */
226		- public function dateTime(): \DateTimeImmutable
227		- {
228		- return $this->_dateTime;
229		- }
	221	+ /**
	222	+ * Get reference date and time.
	223	+ *
	224	+ * @return \DateTimeImmutable
	225	+ */
	226	+ public function dateTime(): \DateTimeImmutable
	227	+ {
	228	+ return $this->_dateTime;
	229	+ }
230	230
231		- /**
232		- * Get user-initial-policy-set.
233		- *
234		- * @return string[] Array of OID's
235		- */
236		- public function policySet(): array
237		- {
238		- return $this->_policySet;
239		- }
	231	+ /**
	232	+ * Get user-initial-policy-set.
	233	+ *
	234	+ * @return string[] Array of OID's
	235	+ */
	236	+ public function policySet(): array
	237	+ {
	238	+ return $this->_policySet;
	239	+ }
240	240
241		- /**
242		- * Check whether trust anchor certificate is set.
243		- *
244		- * @return bool
245		- */
246		- public function hasTrustAnchor(): bool
247		- {
248		- return isset($this->_trustAnchor);
249		- }
	241	+ /**
	242	+ * Check whether trust anchor certificate is set.
	243	+ *
	244	+ * @return bool
	245	+ */
	246	+ public function hasTrustAnchor(): bool
	247	+ {
	248	+ return isset($this->_trustAnchor);
	249	+ }
250	250
251		- /**
252		- * Get trust anchor certificate.
253		- *
254		- * @throws \LogicException If not set
255		- *
256		- * @return Certificate
257		- */
258		- public function trustAnchor(): Certificate
259		- {
260		- if (!$this->hasTrustAnchor()) {
261		- throw new \LogicException('No trust anchor.');
262		- }
263		- return $this->_trustAnchor;
264		- }
	251	+ /**
	252	+ * Get trust anchor certificate.
	253	+ *
	254	+ * @throws \LogicException If not set
	255	+ *
	256	+ * @return Certificate
	257	+ */
	258	+ public function trustAnchor(): Certificate
	259	+ {
	260	+ if (!$this->hasTrustAnchor()) {
	261	+ throw new \LogicException('No trust anchor.');
	262	+ }
	263	+ return $this->_trustAnchor;
	264	+ }
265	265
266		- /**
267		- * Get initial-policy-mapping-inhibit.
268		- *
269		- * @return bool
270		- */
271		- public function policyMappingInhibit(): bool
272		- {
273		- return $this->_policyMappingInhibit;
274		- }
	266	+ /**
	267	+ * Get initial-policy-mapping-inhibit.
	268	+ *
	269	+ * @return bool
	270	+ */
	271	+ public function policyMappingInhibit(): bool
	272	+ {
	273	+ return $this->_policyMappingInhibit;
	274	+ }
275	275
276		- /**
277		- * Get initial-explicit-policy.
278		- *
279		- * @return bool
280		- */
281		- public function explicitPolicy(): bool
282		- {
283		- return $this->_explicitPolicy;
284		- }
	276	+ /**
	277	+ * Get initial-explicit-policy.
	278	+ *
	279	+ * @return bool
	280	+ */
	281	+ public function explicitPolicy(): bool
	282	+ {
	283	+ return $this->_explicitPolicy;
	284	+ }
285	285
286		- /**
287		- * Get initial-any-policy-inhibit.
288		- *
289		- * @return bool
290		- */
291		- public function anyPolicyInhibit(): bool
292		- {
293		- return $this->_anyPolicyInhibit;
294		- }
	286	+ /**
	287	+ * Get initial-any-policy-inhibit.
	288	+ *
	289	+ * @return bool
	290	+ */
	291	+ public function anyPolicyInhibit(): bool
	292	+ {
	293	+ return $this->_anyPolicyInhibit;
	294	+ }
295	295	}

sop / x509

GitHub Access Token became invalid

Push — php72 ( 84962a...e2a8e9 )

Status

Category

Indentation +122 added lines, -122 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Indentation +618 added lines, -618 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +219 added lines, -219 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +96 added lines, -96 removed lines patch added patch discarded remove patch

Switch Indentation +10 added lines, -10 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +130 added lines, -130 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Indentation +496 added lines, -496 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +70 added lines, -70 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +253 added lines, -253 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Indentation +568 added lines, -568 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch