sop / x509

lib/X509/CertificationPath/Policy/PolicyNode.php

Indentation +240 added lines, -240 removed lines

@@ -16,267 +16,267 @@
  */
 class PolicyNode implements \IteratorAggregate, \Countable
 {
-    /**
-     * Policy OID.
-     *
-     * @var string
-     */
-    protected $_validPolicy;
+	/**
+	 * Policy OID.
+	 *
+	 * @var string
+	 */
+	protected $_validPolicy;
 
-    /**
-     * List of qualifiers.
-     *
-     * @var PolicyQualifierInfo[]
-     */
-    protected $_qualifiers;
+	/**
+	 * List of qualifiers.
+	 *
+	 * @var PolicyQualifierInfo[]
+	 */
+	protected $_qualifiers;
 
-    /**
-     * List of expected policy OIDs.
-     *
-     * @var string[]
-     */
-    protected $_expectedPolicies;
+	/**
+	 * List of expected policy OIDs.
+	 *
+	 * @var string[]
+	 */
+	protected $_expectedPolicies;
 
-    /**
-     * List of child nodes.
-     *
-     * @var PolicyNode[]
-     */
-    protected $_children;
+	/**
+	 * List of child nodes.
+	 *
+	 * @var PolicyNode[]
+	 */
+	protected $_children;
 
-    /**
-     * Reference to the parent node.
-     *
-     * @var null|PolicyNode
-     */
-    protected $_parent;
+	/**
+	 * Reference to the parent node.
+	 *
+	 * @var null|PolicyNode
+	 */
+	protected $_parent;
 
-    /**
-     * Constructor.
-     *
-     * @param string                $valid_policy      Policy OID
-     * @param PolicyQualifierInfo[] $qualifiers
-     * @param string[]              $expected_policies
-     */
-    public function __construct(string $valid_policy, array $qualifiers,
-        array $expected_policies)
-    {
-        $this->_validPolicy = $valid_policy;
-        $this->_qualifiers = $qualifiers;
-        $this->_expectedPolicies = $expected_policies;
-        $this->_children = [];
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string                $valid_policy      Policy OID
+	 * @param PolicyQualifierInfo[] $qualifiers
+	 * @param string[]              $expected_policies
+	 */
+	public function __construct(string $valid_policy, array $qualifiers,
+		array $expected_policies)
+	{
+		$this->_validPolicy = $valid_policy;
+		$this->_qualifiers = $qualifiers;
+		$this->_expectedPolicies = $expected_policies;
+		$this->_children = [];
+	}
 
-    /**
-     * Create initial node for the policy tree.
-     *
-     * @return self
-     */
-    public static function anyPolicyNode(): self
-    {
-        return new self(PolicyInformation::OID_ANY_POLICY, [],
-            [PolicyInformation::OID_ANY_POLICY]);
-    }
+	/**
+	 * Create initial node for the policy tree.
+	 *
+	 * @return self
+	 */
+	public static function anyPolicyNode(): self
+	{
+		return new self(PolicyInformation::OID_ANY_POLICY, [],
+			[PolicyInformation::OID_ANY_POLICY]);
+	}
 
-    /**
-     * Get the valid policy OID.
-     *
-     * @return string
-     */
-    public function validPolicy(): string
-    {
-        return $this->_validPolicy;
-    }
+	/**
+	 * Get the valid policy OID.
+	 *
+	 * @return string
+	 */
+	public function validPolicy(): string
+	{
+		return $this->_validPolicy;
+	}
 
-    /**
-     * Check whether node has anyPolicy as a valid policy.
-     *
-     * @return bool
-     */
-    public function isAnyPolicy(): bool
-    {
-        return PolicyInformation::OID_ANY_POLICY === $this->_validPolicy;
-    }
+	/**
+	 * Check whether node has anyPolicy as a valid policy.
+	 *
+	 * @return bool
+	 */
+	public function isAnyPolicy(): bool
+	{
+		return PolicyInformation::OID_ANY_POLICY === $this->_validPolicy;
+	}
 
-    /**
-     * Get the qualifier set.
-     *
-     * @return PolicyQualifierInfo[]
-     */
-    public function qualifiers(): array
-    {
-        return $this->_qualifiers;
-    }
+	/**
+	 * Get the qualifier set.
+	 *
+	 * @return PolicyQualifierInfo[]
+	 */
+	public function qualifiers(): array
+	{
+		return $this->_qualifiers;
+	}
 
-    /**
-     * Check whether node has OID as an expected policy.
-     *
-     * @param string $oid
-     *
-     * @return bool
-     */
-    public function hasExpectedPolicy(string $oid): bool
-    {
-        return in_array($oid, $this->_expectedPolicies);
-    }
+	/**
+	 * Check whether node has OID as an expected policy.
+	 *
+	 * @param string $oid
+	 *
+	 * @return bool
+	 */
+	public function hasExpectedPolicy(string $oid): bool
+	{
+		return in_array($oid, $this->_expectedPolicies);
+	}
 
-    /**
-     * Get the expected policy set.
-     *
-     * @return string[]
-     */
-    public function expectedPolicies(): array
-    {
-        return $this->_expectedPolicies;
-    }
+	/**
+	 * Get the expected policy set.
+	 *
+	 * @return string[]
+	 */
+	public function expectedPolicies(): array
+	{
+		return $this->_expectedPolicies;
+	}
 
-    /**
-     * Set expected policies.
-     *
-     * @param string ...$oids Policy OIDs
-     */
-    public function setExpectedPolicies(string ...$oids): void
-    {
-        $this->_expectedPolicies = $oids;
-    }
+	/**
+	 * Set expected policies.
+	 *
+	 * @param string ...$oids Policy OIDs
+	 */
+	public function setExpectedPolicies(string ...$oids): void
+	{
+		$this->_expectedPolicies = $oids;
+	}
 
-    /**
-     * Check whether node has a child node with given valid policy OID.
-     *
-     * @param string $oid
-     *
-     * @return bool
-     */
-    public function hasChildWithValidPolicy(string $oid): bool
-    {
-        foreach ($this->_children as $node) {
-            if ($node->validPolicy() == $oid) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether node has a child node with given valid policy OID.
+	 *
+	 * @param string $oid
+	 *
+	 * @return bool
+	 */
+	public function hasChildWithValidPolicy(string $oid): bool
+	{
+		foreach ($this->_children as $node) {
+			if ($node->validPolicy() == $oid) {
+				return true;
+			}
+		}
+		return false;
+	}
 
-    /**
-     * Add child node.
-     *
-     * @param PolicyNode $node
-     *
-     * @return self
-     */
-    public function addChild(PolicyNode $node): self
-    {
-        $id = spl_object_hash($node);
-        $node->_parent = $this;
-        $this->_children[$id] = $node;
-        return $this;
-    }
+	/**
+	 * Add child node.
+	 *
+	 * @param PolicyNode $node
+	 *
+	 * @return self
+	 */
+	public function addChild(PolicyNode $node): self
+	{
+		$id = spl_object_hash($node);
+		$node->_parent = $this;
+		$this->_children[$id] = $node;
+		return $this;
+	}
 
-    /**
-     * Get the child nodes.
-     *
-     * @return PolicyNode[]
-     */
-    public function children(): array
-    {
-        return array_values($this->_children);
-    }
+	/**
+	 * Get the child nodes.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function children(): array
+	{
+		return array_values($this->_children);
+	}
 
-    /**
-     * Remove this node from the tree.
-     *
-     * @return self The removed node
-     */
-    public function remove(): self
-    {
-        if ($this->_parent) {
-            $id = spl_object_hash($this);
-            unset($this->_parent->_children[$id], $this->_parent);
-        }
-        return $this;
-    }
+	/**
+	 * Remove this node from the tree.
+	 *
+	 * @return self The removed node
+	 */
+	public function remove(): self
+	{
+		if ($this->_parent) {
+			$id = spl_object_hash($this);
+			unset($this->_parent->_children[$id], $this->_parent);
+		}
+		return $this;
+	}
 
-    /**
-     * Check whether node has a parent.
-     *
-     * @return bool
-     */
-    public function hasParent(): bool
-    {
-        return isset($this->_parent);
-    }
+	/**
+	 * Check whether node has a parent.
+	 *
+	 * @return bool
+	 */
+	public function hasParent(): bool
+	{
+		return isset($this->_parent);
+	}
 
-    /**
-     * Get the parent node.
-     *
-     * @return null|PolicyNode
-     */
-    public function parent(): ?PolicyNode
-    {
-        return $this->_parent;
-    }
+	/**
+	 * Get the parent node.
+	 *
+	 * @return null|PolicyNode
+	 */
+	public function parent(): ?PolicyNode
+	{
+		return $this->_parent;
+	}
 
-    /**
-     * Get chain of parent nodes from this node's parent to the root node.
-     *
-     * @return PolicyNode[]
-     */
-    public function parents(): array
-    {
-        if (!$this->_parent) {
-            return [];
-        }
-        $nodes = $this->_parent->parents();
-        $nodes[] = $this->_parent;
-        return array_reverse($nodes);
-    }
+	/**
+	 * Get chain of parent nodes from this node's parent to the root node.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function parents(): array
+	{
+		if (!$this->_parent) {
+			return [];
+		}
+		$nodes = $this->_parent->parents();
+		$nodes[] = $this->_parent;
+		return array_reverse($nodes);
+	}
 
-    /**
-     * Walk tree from this node, applying a callback for each node.
-     *
-     * Nodes are traversed depth-first and callback shall be applied post-order.
-     *
-     * @param callable $fn
-     */
-    public function walkNodes(callable $fn): void
-    {
-        foreach ($this->_children as $node) {
-            $node->walkNodes($fn);
-        }
-        $fn($this);
-    }
+	/**
+	 * Walk tree from this node, applying a callback for each node.
+	 *
+	 * Nodes are traversed depth-first and callback shall be applied post-order.
+	 *
+	 * @param callable $fn
+	 */
+	public function walkNodes(callable $fn): void
+	{
+		foreach ($this->_children as $node) {
+			$node->walkNodes($fn);
+		}
+		$fn($this);
+	}
 
-    /**
-     * Get the total number of nodes in a tree.
-     *
-     * @return int
-     */
-    public function nodeCount(): int
-    {
-        $c = 1;
-        foreach ($this->_children as $child) {
-            $c += $child->nodeCount();
-        }
-        return $c;
-    }
+	/**
+	 * Get the total number of nodes in a tree.
+	 *
+	 * @return int
+	 */
+	public function nodeCount(): int
+	{
+		$c = 1;
+		foreach ($this->_children as $child) {
+			$c += $child->nodeCount();
+		}
+		return $c;
+	}
 
-    /**
-     * Get the number of child nodes.
-     *
-     * @see \Countable::count()
-     */
-    public function count(): int
-    {
-        return count($this->_children);
-    }
+	/**
+	 * Get the number of child nodes.
+	 *
+	 * @see \Countable::count()
+	 */
+	public function count(): int
+	{
+		return count($this->_children);
+	}
 
-    /**
-     * Get iterator for the child nodes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_children);
-    }
+	/**
+	 * Get iterator for the child nodes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_children);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\Policy;
 

lib/X509/CertificationPath/CertificationPath.php

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath;
 

Indentation +174 added lines, -174 removed lines

@@ -24,178 +24,178 @@
  */
 class CertificationPath implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certification path.
-     *
-     * @var Certificate[]
-     */
-    protected $_certificates;
-
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certificates Certificates from the trust anchor
-     *                                     to the target end-entity certificate
-     */
-    public function __construct(Certificate ...$certificates)
-    {
-        $this->_certificates = $certificates;
-    }
-
-    /**
-     * Initialize from a certificate chain.
-     *
-     * @param CertificateChain $chain
-     *
-     * @return self
-     */
-    public static function fromCertificateChain(CertificateChain $chain): self
-    {
-        return new self(...array_reverse($chain->certificates(), false));
-    }
-
-    /**
-     * Build certification path to given target.
-     *
-     * @param Certificate            $target        Target end-entity certificate
-     * @param CertificateBundle      $trust_anchors List of trust anchors
-     * @param null|CertificateBundle $intermediate  Optional intermediate certificates
-     *
-     * @return self
-     */
-    public static function toTarget(Certificate $target,
-        CertificateBundle $trust_anchors, ?CertificateBundle $intermediate = null): self
-    {
-        $builder = new CertificationPathBuilder($trust_anchors);
-        return $builder->shortestPathToTarget($target, $intermediate);
-    }
-
-    /**
-     * Build certification path from given trust anchor to target certificate,
-     * using intermediate certificates from given bundle.
-     *
-     * @param Certificate            $trust_anchor Trust anchor certificate
-     * @param Certificate            $target       Target end-entity certificate
-     * @param null|CertificateBundle $intermediate Optional intermediate certificates
-     *
-     * @return self
-     */
-    public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
-        Certificate $target, ?CertificateBundle $intermediate = null): self
-    {
-        return self::toTarget($target, new CertificateBundle($trust_anchor),
-            $intermediate);
-    }
-
-    /**
-     * Get certificates.
-     *
-     * @return Certificate[]
-     */
-    public function certificates(): array
-    {
-        return $this->_certificates;
-    }
-
-    /**
-     * Get the trust anchor certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     *
-     * @return Certificate
-     */
-    public function trustAnchorCertificate(): Certificate
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException('No certificates.');
-        }
-        return $this->_certificates[0];
-    }
-
-    /**
-     * Get the end-entity certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     *
-     * @return Certificate
-     */
-    public function endEntityCertificate(): Certificate
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException('No certificates.');
-        }
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
-
-    /**
-     * Get certification path as a certificate chain.
-     *
-     * @return CertificateChain
-     */
-    public function certificateChain(): CertificateChain
-    {
-        return new CertificateChain(...array_reverse($this->_certificates, false));
-    }
-
-    /**
-     * Check whether certification path starts with one ore more given
-     * certificates in parameter order.
-     *
-     * @param Certificate ...$certs Certificates
-     *
-     * @return bool
-     */
-    public function startsWith(Certificate ...$certs): bool
-    {
-        $n = count($certs);
-        if ($n > count($this->_certificates)) {
-            return false;
-        }
-        for ($i = 0; $i < $n; ++$i) {
-            if (!$certs[$i]->equals($this->_certificates[$i])) {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Validate certification path.
-     *
-     * @param PathValidationConfig $config
-     * @param null|Crypto          $crypto Crypto engine, use default if not set
-     *
-     * @throws Exception\PathValidationException
-     *
-     * @return PathValidationResult
-     */
-    public function validate(PathValidationConfig $config,
-        ?Crypto $crypto = null): PathValidationResult
-    {
-        $crypto = $crypto ?? Crypto::getDefault();
-        $validator = new PathValidator($crypto, $config, ...$this->_certificates);
-        return $validator->validate();
-    }
-
-    /**
-     * @see \Countable::count()
-     *
-     * @return int
-     */
-    public function count(): int
-    {
-        return count($this->_certificates);
-    }
-
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     *
-     * @return \ArrayIterator
-     */
-    public function getIterator(): \ArrayIterator
-    {
-        return new \ArrayIterator($this->_certificates);
-    }
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[]
+	 */
+	protected $_certificates;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certificates Certificates from the trust anchor
+	 *                                     to the target end-entity certificate
+	 */
+	public function __construct(Certificate ...$certificates)
+	{
+		$this->_certificates = $certificates;
+	}
+
+	/**
+	 * Initialize from a certificate chain.
+	 *
+	 * @param CertificateChain $chain
+	 *
+	 * @return self
+	 */
+	public static function fromCertificateChain(CertificateChain $chain): self
+	{
+		return new self(...array_reverse($chain->certificates(), false));
+	}
+
+	/**
+	 * Build certification path to given target.
+	 *
+	 * @param Certificate            $target        Target end-entity certificate
+	 * @param CertificateBundle      $trust_anchors List of trust anchors
+	 * @param null|CertificateBundle $intermediate  Optional intermediate certificates
+	 *
+	 * @return self
+	 */
+	public static function toTarget(Certificate $target,
+		CertificateBundle $trust_anchors, ?CertificateBundle $intermediate = null): self
+	{
+		$builder = new CertificationPathBuilder($trust_anchors);
+		return $builder->shortestPathToTarget($target, $intermediate);
+	}
+
+	/**
+	 * Build certification path from given trust anchor to target certificate,
+	 * using intermediate certificates from given bundle.
+	 *
+	 * @param Certificate            $trust_anchor Trust anchor certificate
+	 * @param Certificate            $target       Target end-entity certificate
+	 * @param null|CertificateBundle $intermediate Optional intermediate certificates
+	 *
+	 * @return self
+	 */
+	public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
+		Certificate $target, ?CertificateBundle $intermediate = null): self
+	{
+		return self::toTarget($target, new CertificateBundle($trust_anchor),
+			$intermediate);
+	}
+
+	/**
+	 * Get certificates.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates(): array
+	{
+		return $this->_certificates;
+	}
+
+	/**
+	 * Get the trust anchor certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 *
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate(): Certificate
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException('No certificates.');
+		}
+		return $this->_certificates[0];
+	}
+
+	/**
+	 * Get the end-entity certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 *
+	 * @return Certificate
+	 */
+	public function endEntityCertificate(): Certificate
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException('No certificates.');
+		}
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
+
+	/**
+	 * Get certification path as a certificate chain.
+	 *
+	 * @return CertificateChain
+	 */
+	public function certificateChain(): CertificateChain
+	{
+		return new CertificateChain(...array_reverse($this->_certificates, false));
+	}
+
+	/**
+	 * Check whether certification path starts with one ore more given
+	 * certificates in parameter order.
+	 *
+	 * @param Certificate ...$certs Certificates
+	 *
+	 * @return bool
+	 */
+	public function startsWith(Certificate ...$certs): bool
+	{
+		$n = count($certs);
+		if ($n > count($this->_certificates)) {
+			return false;
+		}
+		for ($i = 0; $i < $n; ++$i) {
+			if (!$certs[$i]->equals($this->_certificates[$i])) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	/**
+	 * Validate certification path.
+	 *
+	 * @param PathValidationConfig $config
+	 * @param null|Crypto          $crypto Crypto engine, use default if not set
+	 *
+	 * @throws Exception\PathValidationException
+	 *
+	 * @return PathValidationResult
+	 */
+	public function validate(PathValidationConfig $config,
+		?Crypto $crypto = null): PathValidationResult
+	{
+		$crypto = $crypto ?? Crypto::getDefault();
+		$validator = new PathValidator($crypto, $config, ...$this->_certificates);
+		return $validator->validate();
+	}
+
+	/**
+	 * @see \Countable::count()
+	 *
+	 * @return int
+	 */
+	public function count(): int
+	{
+		return count($this->_certificates);
+	}
+
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 *
+	 * @return \ArrayIterator
+	 */
+	public function getIterator(): \ArrayIterator
+	{
+		return new \ArrayIterator($this->_certificates);
+	}
 }

lib/X509/CertificationPath/Exception/PathBuildingException.php

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\CertificationPath\Exception;
 

lib/X509/AttributeCertificate/Validation/ACValidationConfig.php

Indentation +100 added lines, -100 removed lines

@@ -12,114 +12,114 @@
  */
 class ACValidationConfig
 {
-    /**
-     * Certification path of the AC holder.
-     *
-     * @var CertificationPath
-     */
-    protected $_holderPath;
+	/**
+	 * Certification path of the AC holder.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_holderPath;
 
-    /**
-     * Certification path of the AC issuer.
-     *
-     * @var CertificationPath
-     */
-    protected $_issuerPath;
+	/**
+	 * Certification path of the AC issuer.
+	 *
+	 * @var CertificationPath
+	 */
+	protected $_issuerPath;
 
-    /**
-     * Evaluation reference time.
-     *
-     * @var \DateTimeImmutable
-     */
-    protected $_evalTime;
+	/**
+	 * Evaluation reference time.
+	 *
+	 * @var \DateTimeImmutable
+	 */
+	protected $_evalTime;
 
-    /**
-     * Permitted targets.
-     *
-     * @var Target[]
-     */
-    protected $_targets;
+	/**
+	 * Permitted targets.
+	 *
+	 * @var Target[]
+	 */
+	protected $_targets;
 
-    /**
-     * Constructor.
-     *
-     * @param CertificationPath $holder_path Certification path of the AC holder
-     * @param CertificationPath $issuer_path Certification path of the AC issuer
-     */
-    public function __construct(CertificationPath $holder_path,
-        CertificationPath $issuer_path)
-    {
-        $this->_holderPath = $holder_path;
-        $this->_issuerPath = $issuer_path;
-        $this->_evalTime = new \DateTimeImmutable();
-        $this->_targets = [];
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificationPath $holder_path Certification path of the AC holder
+	 * @param CertificationPath $issuer_path Certification path of the AC issuer
+	 */
+	public function __construct(CertificationPath $holder_path,
+		CertificationPath $issuer_path)
+	{
+		$this->_holderPath = $holder_path;
+		$this->_issuerPath = $issuer_path;
+		$this->_evalTime = new \DateTimeImmutable();
+		$this->_targets = [];
+	}
 
-    /**
-     * Get certification path of the AC's holder.
-     *
-     * @return CertificationPath
-     */
-    public function holderPath(): CertificationPath
-    {
-        return $this->_holderPath;
-    }
+	/**
+	 * Get certification path of the AC's holder.
+	 *
+	 * @return CertificationPath
+	 */
+	public function holderPath(): CertificationPath
+	{
+		return $this->_holderPath;
+	}
 
-    /**
-     * Get certification path of the AC's issuer.
-     *
-     * @return CertificationPath
-     */
-    public function issuerPath(): CertificationPath
-    {
-        return $this->_issuerPath;
-    }
+	/**
+	 * Get certification path of the AC's issuer.
+	 *
+	 * @return CertificationPath
+	 */
+	public function issuerPath(): CertificationPath
+	{
+		return $this->_issuerPath;
+	}
 
-    /**
-     * Get self with given evaluation reference time.
-     *
-     * @param \DateTimeImmutable $dt
-     *
-     * @return self
-     */
-    public function withEvaluationTime(\DateTimeImmutable $dt): self
-    {
-        $obj = clone $this;
-        $obj->_evalTime = $dt;
-        return $obj;
-    }
+	/**
+	 * Get self with given evaluation reference time.
+	 *
+	 * @param \DateTimeImmutable $dt
+	 *
+	 * @return self
+	 */
+	public function withEvaluationTime(\DateTimeImmutable $dt): self
+	{
+		$obj = clone $this;
+		$obj->_evalTime = $dt;
+		return $obj;
+	}
 
-    /**
-     * Get the evaluation reference time.
-     *
-     * @return \DateTimeImmutable
-     */
-    public function evaluationTime(): \DateTimeImmutable
-    {
-        return $this->_evalTime;
-    }
+	/**
+	 * Get the evaluation reference time.
+	 *
+	 * @return \DateTimeImmutable
+	 */
+	public function evaluationTime(): \DateTimeImmutable
+	{
+		return $this->_evalTime;
+	}
 
-    /**
-     * Get self with permitted targets.
-     *
-     * @param Target ...$targets
-     *
-     * @return self
-     */
-    public function withTargets(Target ...$targets): self
-    {
-        $obj = clone $this;
-        $obj->_targets = $targets;
-        return $obj;
-    }
+	/**
+	 * Get self with permitted targets.
+	 *
+	 * @param Target ...$targets
+	 *
+	 * @return self
+	 */
+	public function withTargets(Target ...$targets): self
+	{
+		$obj = clone $this;
+		$obj->_targets = $targets;
+		return $obj;
+	}
 
-    /**
-     * Get array of permitted targets.
-     *
-     * @return Target[]
-     */
-    public function targets(): array
-    {
-        return $this->_targets;
-    }
+	/**
+	 * Get array of permitted targets.
+	 *
+	 * @return Target[]
+	 */
+	public function targets(): array
+	{
+		return $this->_targets;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate\Validation;
 

lib/X509/AttributeCertificate/Validation/Exception/ACValidationException.php

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate\Validation\Exception;
 

lib/X509/AttributeCertificate/Validation/ACValidator.php

Indentation +172 added lines, -172 removed lines

@@ -21,186 +21,186 @@
  */
 class ACValidator
 {
-    /**
-     * Attribute certificate.
-     *
-     * @var AttributeCertificate
-     */
-    protected $_ac;
+	/**
+	 * Attribute certificate.
+	 *
+	 * @var AttributeCertificate
+	 */
+	protected $_ac;
 
-    /**
-     * Validation configuration.
-     *
-     * @var ACValidationConfig
-     */
-    protected $_config;
+	/**
+	 * Validation configuration.
+	 *
+	 * @var ACValidationConfig
+	 */
+	protected $_config;
 
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto
+	 */
+	protected $_crypto;
 
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificate $ac     Attribute certificate to validate
-     * @param ACValidationConfig   $config Validation configuration
-     * @param null|Crypto          $crypto Crypto engine, use default if not set
-     */
-    public function __construct(AttributeCertificate $ac,
-        ACValidationConfig $config, ?Crypto $crypto = null)
-    {
-        $this->_ac = $ac;
-        $this->_config = $config;
-        $this->_crypto = $crypto ?? Crypto::getDefault();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificate $ac     Attribute certificate to validate
+	 * @param ACValidationConfig   $config Validation configuration
+	 * @param null|Crypto          $crypto Crypto engine, use default if not set
+	 */
+	public function __construct(AttributeCertificate $ac,
+		ACValidationConfig $config, ?Crypto $crypto = null)
+	{
+		$this->_ac = $ac;
+		$this->_config = $config;
+		$this->_crypto = $crypto ?? Crypto::getDefault();
+	}
 
-    /**
-     * Validate attribute certificate.
-     *
-     * @throws ACValidationException If validation fails
-     *
-     * @return AttributeCertificate Validated AC
-     */
-    public function validate(): AttributeCertificate
-    {
-        $this->_validateHolder();
-        $issuer = $this->_verifyIssuer();
-        $this->_validateIssuerProfile($issuer);
-        $this->_validateTime();
-        $this->_validateTargeting();
-        return $this->_ac;
-    }
+	/**
+	 * Validate attribute certificate.
+	 *
+	 * @throws ACValidationException If validation fails
+	 *
+	 * @return AttributeCertificate Validated AC
+	 */
+	public function validate(): AttributeCertificate
+	{
+		$this->_validateHolder();
+		$issuer = $this->_verifyIssuer();
+		$this->_validateIssuerProfile($issuer);
+		$this->_validateTime();
+		$this->_validateTargeting();
+		return $this->_ac;
+	}
 
-    /**
-     * Validate AC holder's certification.
-     *
-     * @throws ACValidationException
-     *
-     * @return Certificate Certificate of the AC's holder
-     */
-    private function _validateHolder(): Certificate
-    {
-        $path = $this->_config->holderPath();
-        $config = PathValidationConfig::defaultConfig()
-            ->withMaxLength(count($path))
-            ->withDateTime($this->_config->evaluationTime());
-        try {
-            $holder = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate holder PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isHeldBy($holder)) {
-            throw new ACValidationException("Name mismatch of AC's holder PKC.");
-        }
-        return $holder;
-    }
+	/**
+	 * Validate AC holder's certification.
+	 *
+	 * @throws ACValidationException
+	 *
+	 * @return Certificate Certificate of the AC's holder
+	 */
+	private function _validateHolder(): Certificate
+	{
+		$path = $this->_config->holderPath();
+		$config = PathValidationConfig::defaultConfig()
+			->withMaxLength(count($path))
+			->withDateTime($this->_config->evaluationTime());
+		try {
+			$holder = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate holder PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isHeldBy($holder)) {
+			throw new ACValidationException("Name mismatch of AC's holder PKC.");
+		}
+		return $holder;
+	}
 
-    /**
-     * Verify AC's signature and issuer's certification.
-     *
-     * @throws ACValidationException
-     *
-     * @return Certificate Certificate of the AC's issuer
-     */
-    private function _verifyIssuer(): Certificate
-    {
-        $path = $this->_config->issuerPath();
-        $config = PathValidationConfig::defaultConfig()
-            ->withMaxLength(count($path))
-            ->withDateTime($this->_config->evaluationTime());
-        try {
-            $issuer = $path->validate($config, $this->_crypto)->certificate();
-        } catch (PathValidationException $e) {
-            throw new ACValidationException(
-                "Failed to validate issuer PKC's certification path.", 0, $e);
-        }
-        if (!$this->_ac->isIssuedBy($issuer)) {
-            throw new ACValidationException("Name mismatch of AC's issuer PKC.");
-        }
-        $pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
-        if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
-            throw new ACValidationException('Failed to verify signature.');
-        }
-        return $issuer;
-    }
+	/**
+	 * Verify AC's signature and issuer's certification.
+	 *
+	 * @throws ACValidationException
+	 *
+	 * @return Certificate Certificate of the AC's issuer
+	 */
+	private function _verifyIssuer(): Certificate
+	{
+		$path = $this->_config->issuerPath();
+		$config = PathValidationConfig::defaultConfig()
+			->withMaxLength(count($path))
+			->withDateTime($this->_config->evaluationTime());
+		try {
+			$issuer = $path->validate($config, $this->_crypto)->certificate();
+		} catch (PathValidationException $e) {
+			throw new ACValidationException(
+				"Failed to validate issuer PKC's certification path.", 0, $e);
+		}
+		if (!$this->_ac->isIssuedBy($issuer)) {
+			throw new ACValidationException("Name mismatch of AC's issuer PKC.");
+		}
+		$pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
+		if (!$this->_ac->verify($pubkey_info, $this->_crypto)) {
+			throw new ACValidationException('Failed to verify signature.');
+		}
+		return $issuer;
+	}
 
-    /**
-     * Validate AC issuer's profile.
-     *
-     * @see https://tools.ietf.org/html/rfc5755#section-4.5
-     *
-     * @param Certificate $cert
-     *
-     * @throws ACValidationException
-     */
-    private function _validateIssuerProfile(Certificate $cert): void
-    {
-        $exts = $cert->tbsCertificate()->extensions();
-        if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
-            throw new ACValidationException(
-                "Issuer PKC's Key Usage extension doesn't permit" .
-                     ' verification of digital signatures.');
-        }
-        if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
-            throw new ACValidationException('Issuer PKC must not be a CA.');
-        }
-    }
+	/**
+	 * Validate AC issuer's profile.
+	 *
+	 * @see https://tools.ietf.org/html/rfc5755#section-4.5
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateIssuerProfile(Certificate $cert): void
+	{
+		$exts = $cert->tbsCertificate()->extensions();
+		if ($exts->hasKeyUsage() && !$exts->keyUsage()->isDigitalSignature()) {
+			throw new ACValidationException(
+				"Issuer PKC's Key Usage extension doesn't permit" .
+					 ' verification of digital signatures.');
+		}
+		if ($exts->hasBasicConstraints() && $exts->basicConstraints()->isCA()) {
+			throw new ACValidationException('Issuer PKC must not be a CA.');
+		}
+	}
 
-    /**
-     * Validate AC's validity period.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTime(): void
-    {
-        $t = $this->_config->evaluationTime();
-        $validity = $this->_ac->acinfo()->validityPeriod();
-        if ($validity->notBeforeTime()->diff($t)->invert) {
-            throw new ACValidationException('Validity period has not started.');
-        }
-        if ($t->diff($validity->notAfterTime())->invert) {
-            throw new ACValidationException('Attribute certificate has expired.');
-        }
-    }
+	/**
+	 * Validate AC's validity period.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTime(): void
+	{
+		$t = $this->_config->evaluationTime();
+		$validity = $this->_ac->acinfo()->validityPeriod();
+		if ($validity->notBeforeTime()->diff($t)->invert) {
+			throw new ACValidationException('Validity period has not started.');
+		}
+		if ($t->diff($validity->notAfterTime())->invert) {
+			throw new ACValidationException('Attribute certificate has expired.');
+		}
+	}
 
-    /**
-     * Validate AC's target information.
-     *
-     * @throws ACValidationException
-     */
-    private function _validateTargeting(): void
-    {
-        $exts = $this->_ac->acinfo()->extensions();
-        // if target information extension is not present
-        if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
-            return;
-        }
-        $ext = $exts->get(Extension::OID_TARGET_INFORMATION);
-        if ($ext instanceof TargetInformationExtension &&
-            !$this->_hasMatchingTarget($ext->targets())) {
-            throw new ACValidationException(
-                "Attribute certificate doesn't have a matching target.");
-        }
-    }
+	/**
+	 * Validate AC's target information.
+	 *
+	 * @throws ACValidationException
+	 */
+	private function _validateTargeting(): void
+	{
+		$exts = $this->_ac->acinfo()->extensions();
+		// if target information extension is not present
+		if (!$exts->has(Extension::OID_TARGET_INFORMATION)) {
+			return;
+		}
+		$ext = $exts->get(Extension::OID_TARGET_INFORMATION);
+		if ($ext instanceof TargetInformationExtension &&
+			!$this->_hasMatchingTarget($ext->targets())) {
+			throw new ACValidationException(
+				"Attribute certificate doesn't have a matching target.");
+		}
+	}
 
-    /**
-     * Check whether validation configuration has matching targets.
-     *
-     * @param Targets $targets Set of eligible targets
-     *
-     * @return bool
-     */
-    private function _hasMatchingTarget(Targets $targets): bool
-    {
-        foreach ($this->_config->targets() as $target) {
-            if ($targets->hasTarget($target)) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether validation configuration has matching targets.
+	 *
+	 * @param Targets $targets Set of eligible targets
+	 *
+	 * @return bool
+	 */
+	private function _hasMatchingTarget(Targets $targets): bool
+	{
+		foreach ($this->_config->targets() as $target) {
+			if ($targets->hasTarget($target)) {
+				return true;
+			}
+		}
+		return false;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate\Validation;
 

lib/X509/AttributeCertificate/AttributeCertificateInfo.php

Indentation +446 added lines, -446 removed lines

@@ -22,450 +22,450 @@
  */
 class AttributeCertificateInfo
 {
-    const VERSION_2 = 1;
-
-    /**
-     * AC version.
-     *
-     * @var int
-     */
-    protected $_version;
-
-    /**
-     * AC holder.
-     *
-     * @var Holder
-     */
-    protected $_holder;
-
-    /**
-     * AC issuer.
-     *
-     * @var AttCertIssuer
-     */
-    protected $_issuer;
-
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier
-     */
-    protected $_signature;
-
-    /**
-     * AC serial number as a base 10 integer.
-     *
-     * @var string
-     */
-    protected $_serialNumber;
-
-    /**
-     * Validity period.
-     *
-     * @var AttCertValidityPeriod
-     */
-    protected $_attrCertValidityPeriod;
-
-    /**
-     * Attributes.
-     *
-     * @var Attributes
-     */
-    protected $_attributes;
-
-    /**
-     * Issuer unique identifier.
-     *
-     * @var null|UniqueIdentifier
-     */
-    protected $_issuerUniqueID;
-
-    /**
-     * Extensions.
-     *
-     * @var Extensions
-     */
-    protected $_extensions;
-
-    /**
-     * Constructor.
-     *
-     * @param Holder                $holder   AC holder
-     * @param AttCertIssuer         $issuer   AC issuer
-     * @param AttCertValidityPeriod $validity Validity
-     * @param Attributes            $attribs  Attributes
-     */
-    public function __construct(Holder $holder, AttCertIssuer $issuer,
-        AttCertValidityPeriod $validity, Attributes $attribs)
-    {
-        $this->_version = self::VERSION_2;
-        $this->_holder = $holder;
-        $this->_issuer = $issuer;
-        $this->_attrCertValidityPeriod = $validity;
-        $this->_attributes = $attribs;
-        $this->_extensions = new Extensions();
-    }
-
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $idx = 0;
-        $version = $seq->at($idx++)->asInteger()->intNumber();
-        if (self::VERSION_2 !== $version) {
-            throw new \UnexpectedValueException('Version must be 2.');
-        }
-        $holder = Holder::fromASN1($seq->at($idx++)->asSequence());
-        $issuer = AttCertIssuer::fromASN1($seq->at($idx++));
-        $signature = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
-        if (!$signature instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                'Unsupported signature algorithm ' . $signature->oid() . '.');
-        }
-        $serial = $seq->at($idx++)->asInteger()->number();
-        $validity = AttCertValidityPeriod::fromASN1($seq->at($idx++)->asSequence());
-        $attribs = Attributes::fromASN1($seq->at($idx++)->asSequence());
-        $obj = new self($holder, $issuer, $validity, $attribs);
-        $obj->_signature = $signature;
-        $obj->_serialNumber = $serial;
-        if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
-            $obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
-                $seq->at($idx++)->asBitString());
-        }
-        if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
-            $obj->_extensions = Extensions::fromASN1(
-                $seq->at($idx++)->asSequence());
-        }
-        return $obj;
-    }
-
-    /**
-     * Get self with holder.
-     *
-     * @param Holder $holder
-     *
-     * @return self
-     */
-    public function withHolder(Holder $holder): self
-    {
-        $obj = clone $this;
-        $obj->_holder = $holder;
-        return $obj;
-    }
-
-    /**
-     * Get self with issuer.
-     *
-     * @param AttCertIssuer $issuer
-     *
-     * @return self
-     */
-    public function withIssuer(AttCertIssuer $issuer): self
-    {
-        $obj = clone $this;
-        $obj->_issuer = $issuer;
-        return $obj;
-    }
-
-    /**
-     * Get self with signature algorithm identifier.
-     *
-     * @param SignatureAlgorithmIdentifier $algo
-     *
-     * @return self
-     */
-    public function withSignature(SignatureAlgorithmIdentifier $algo): self
-    {
-        $obj = clone $this;
-        $obj->_signature = $algo;
-        return $obj;
-    }
-
-    /**
-     * Get self with serial number.
-     *
-     * @param int|string $serial Base 10 serial number
-     *
-     * @return self
-     */
-    public function withSerialNumber($serial): self
-    {
-        $obj = clone $this;
-        $obj->_serialNumber = strval($serial);
-        return $obj;
-    }
-
-    /**
-     * Get self with random positive serial number.
-     *
-     * @param int $size Number of random bytes
-     *
-     * @return self
-     */
-    public function withRandomSerialNumber(int $size = 16): self
-    {
-        // ensure that first byte is always non-zero and having first bit unset
-        $num = gmp_init(mt_rand(1, 0x7f), 10);
-        for ($i = 1; $i < $size; ++$i) {
-            $num <<= 8;
-            $num += mt_rand(0, 0xff);
-        }
-        return $this->withSerialNumber(gmp_strval($num, 10));
-    }
-
-    /**
-     * Get self with validity period.
-     *
-     * @param AttCertValidityPeriod $validity
-     *
-     * @return self
-     */
-    public function withValidity(AttCertValidityPeriod $validity): self
-    {
-        $obj = clone $this;
-        $obj->_attrCertValidityPeriod = $validity;
-        return $obj;
-    }
-
-    /**
-     * Get self with attributes.
-     *
-     * @param Attributes $attribs
-     *
-     * @return self
-     */
-    public function withAttributes(Attributes $attribs): self
-    {
-        $obj = clone $this;
-        $obj->_attributes = $attribs;
-        return $obj;
-    }
-
-    /**
-     * Get self with issuer unique identifier.
-     *
-     * @param UniqueIdentifier $uid
-     *
-     * @return self
-     */
-    public function withIssuerUniqueID(UniqueIdentifier $uid): self
-    {
-        $obj = clone $this;
-        $obj->_issuerUniqueID = $uid;
-        return $obj;
-    }
-
-    /**
-     * Get self with extensions.
-     *
-     * @param Extensions $extensions
-     *
-     * @return self
-     */
-    public function withExtensions(Extensions $extensions): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $extensions;
-        return $obj;
-    }
-
-    /**
-     * Get self with extensions added.
-     *
-     * @param Extension ...$exts One or more Extension objects
-     *
-     * @return self
-     */
-    public function withAdditionalExtensions(Extension ...$exts): self
-    {
-        $obj = clone $this;
-        $obj->_extensions = $obj->_extensions->withExtensions(...$exts);
-        return $obj;
-    }
-
-    /**
-     * Get version.
-     *
-     * @return int
-     */
-    public function version(): int
-    {
-        return $this->_version;
-    }
-
-    /**
-     * Get AC holder.
-     *
-     * @return Holder
-     */
-    public function holder(): Holder
-    {
-        return $this->_holder;
-    }
-
-    /**
-     * Get AC issuer.
-     *
-     * @return AttCertIssuer
-     */
-    public function issuer(): AttCertIssuer
-    {
-        return $this->_issuer;
-    }
-
-    /**
-     * Check whether signature is set.
-     *
-     * @return bool
-     */
-    public function hasSignature(): bool
-    {
-        return isset($this->_signature);
-    }
-
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signature(): SignatureAlgorithmIdentifier
-    {
-        if (!$this->hasSignature()) {
-            throw new \LogicException('signature not set.');
-        }
-        return $this->_signature;
-    }
-
-    /**
-     * Check whether serial number is present.
-     *
-     * @return bool
-     */
-    public function hasSerialNumber(): bool
-    {
-        return isset($this->_serialNumber);
-    }
-
-    /**
-     * Get AC serial number as a base 10 integer.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return string
-     */
-    public function serialNumber(): string
-    {
-        if (!$this->hasSerialNumber()) {
-            throw new \LogicException('serialNumber not set.');
-        }
-        return $this->_serialNumber;
-    }
-
-    /**
-     * Get validity period.
-     *
-     * @return AttCertValidityPeriod
-     */
-    public function validityPeriod(): AttCertValidityPeriod
-    {
-        return $this->_attrCertValidityPeriod;
-    }
-
-    /**
-     * Get attributes.
-     *
-     * @return Attributes
-     */
-    public function attributes(): Attributes
-    {
-        return $this->_attributes;
-    }
-
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUniqueID(): bool
-    {
-        return isset($this->_issuerUniqueID);
-    }
-
-    /**
-     * Get issuer unique identifier.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUniqueID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUniqueID()) {
-            throw new \LogicException('issuerUniqueID not set.');
-        }
-        return $this->_issuerUniqueID;
-    }
-
-    /**
-     * Get extensions.
-     *
-     * @return Extensions
-     */
-    public function extensions(): Extensions
-    {
-        return $this->_extensions;
-    }
-
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = [new Integer($this->_version), $this->_holder->toASN1(),
-            $this->_issuer->toASN1(), $this->signature()->toASN1(),
-            new Integer($this->serialNumber()),
-            $this->_attrCertValidityPeriod->toASN1(),
-            $this->_attributes->toASN1(), ];
-        if (isset($this->_issuerUniqueID)) {
-            $elements[] = $this->_issuerUniqueID->toASN1();
-        }
-        if (count($this->_extensions)) {
-            $elements[] = $this->_extensions->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
-
-    /**
-     * Create signed attribute certificate.
-     *
-     * @param SignatureAlgorithmIdentifier $algo         Signature algorithm
-     * @param PrivateKeyInfo               $privkey_info Private key
-     * @param null|Crypto                  $crypto       Crypto engine, use default if not set
-     *
-     * @return AttributeCertificate
-     */
-    public function sign(SignatureAlgorithmIdentifier $algo,
-        PrivateKeyInfo $privkey_info, ?Crypto $crypto = null): AttributeCertificate
-    {
-        $crypto = $crypto ?? Crypto::getDefault();
-        $aci = clone $this;
-        if (!isset($aci->_serialNumber)) {
-            $aci->_serialNumber = '0';
-        }
-        $aci->_signature = $algo;
-        $data = $aci->toASN1()->toDER();
-        $signature = $crypto->sign($data, $privkey_info, $algo);
-        return new AttributeCertificate($aci, $algo, $signature);
-    }
+	const VERSION_2 = 1;
+
+	/**
+	 * AC version.
+	 *
+	 * @var int
+	 */
+	protected $_version;
+
+	/**
+	 * AC holder.
+	 *
+	 * @var Holder
+	 */
+	protected $_holder;
+
+	/**
+	 * AC issuer.
+	 *
+	 * @var AttCertIssuer
+	 */
+	protected $_issuer;
+
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier
+	 */
+	protected $_signature;
+
+	/**
+	 * AC serial number as a base 10 integer.
+	 *
+	 * @var string
+	 */
+	protected $_serialNumber;
+
+	/**
+	 * Validity period.
+	 *
+	 * @var AttCertValidityPeriod
+	 */
+	protected $_attrCertValidityPeriod;
+
+	/**
+	 * Attributes.
+	 *
+	 * @var Attributes
+	 */
+	protected $_attributes;
+
+	/**
+	 * Issuer unique identifier.
+	 *
+	 * @var null|UniqueIdentifier
+	 */
+	protected $_issuerUniqueID;
+
+	/**
+	 * Extensions.
+	 *
+	 * @var Extensions
+	 */
+	protected $_extensions;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param Holder                $holder   AC holder
+	 * @param AttCertIssuer         $issuer   AC issuer
+	 * @param AttCertValidityPeriod $validity Validity
+	 * @param Attributes            $attribs  Attributes
+	 */
+	public function __construct(Holder $holder, AttCertIssuer $issuer,
+		AttCertValidityPeriod $validity, Attributes $attribs)
+	{
+		$this->_version = self::VERSION_2;
+		$this->_holder = $holder;
+		$this->_issuer = $issuer;
+		$this->_attrCertValidityPeriod = $validity;
+		$this->_attributes = $attribs;
+		$this->_extensions = new Extensions();
+	}
+
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$idx = 0;
+		$version = $seq->at($idx++)->asInteger()->intNumber();
+		if (self::VERSION_2 !== $version) {
+			throw new \UnexpectedValueException('Version must be 2.');
+		}
+		$holder = Holder::fromASN1($seq->at($idx++)->asSequence());
+		$issuer = AttCertIssuer::fromASN1($seq->at($idx++));
+		$signature = AlgorithmIdentifier::fromASN1($seq->at($idx++)->asSequence());
+		if (!$signature instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				'Unsupported signature algorithm ' . $signature->oid() . '.');
+		}
+		$serial = $seq->at($idx++)->asInteger()->number();
+		$validity = AttCertValidityPeriod::fromASN1($seq->at($idx++)->asSequence());
+		$attribs = Attributes::fromASN1($seq->at($idx++)->asSequence());
+		$obj = new self($holder, $issuer, $validity, $attribs);
+		$obj->_signature = $signature;
+		$obj->_serialNumber = $serial;
+		if ($seq->has($idx, Element::TYPE_BIT_STRING)) {
+			$obj->_issuerUniqueID = UniqueIdentifier::fromASN1(
+				$seq->at($idx++)->asBitString());
+		}
+		if ($seq->has($idx, Element::TYPE_SEQUENCE)) {
+			$obj->_extensions = Extensions::fromASN1(
+				$seq->at($idx++)->asSequence());
+		}
+		return $obj;
+	}
+
+	/**
+	 * Get self with holder.
+	 *
+	 * @param Holder $holder
+	 *
+	 * @return self
+	 */
+	public function withHolder(Holder $holder): self
+	{
+		$obj = clone $this;
+		$obj->_holder = $holder;
+		return $obj;
+	}
+
+	/**
+	 * Get self with issuer.
+	 *
+	 * @param AttCertIssuer $issuer
+	 *
+	 * @return self
+	 */
+	public function withIssuer(AttCertIssuer $issuer): self
+	{
+		$obj = clone $this;
+		$obj->_issuer = $issuer;
+		return $obj;
+	}
+
+	/**
+	 * Get self with signature algorithm identifier.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo
+	 *
+	 * @return self
+	 */
+	public function withSignature(SignatureAlgorithmIdentifier $algo): self
+	{
+		$obj = clone $this;
+		$obj->_signature = $algo;
+		return $obj;
+	}
+
+	/**
+	 * Get self with serial number.
+	 *
+	 * @param int|string $serial Base 10 serial number
+	 *
+	 * @return self
+	 */
+	public function withSerialNumber($serial): self
+	{
+		$obj = clone $this;
+		$obj->_serialNumber = strval($serial);
+		return $obj;
+	}
+
+	/**
+	 * Get self with random positive serial number.
+	 *
+	 * @param int $size Number of random bytes
+	 *
+	 * @return self
+	 */
+	public function withRandomSerialNumber(int $size = 16): self
+	{
+		// ensure that first byte is always non-zero and having first bit unset
+		$num = gmp_init(mt_rand(1, 0x7f), 10);
+		for ($i = 1; $i < $size; ++$i) {
+			$num <<= 8;
+			$num += mt_rand(0, 0xff);
+		}
+		return $this->withSerialNumber(gmp_strval($num, 10));
+	}
+
+	/**
+	 * Get self with validity period.
+	 *
+	 * @param AttCertValidityPeriod $validity
+	 *
+	 * @return self
+	 */
+	public function withValidity(AttCertValidityPeriod $validity): self
+	{
+		$obj = clone $this;
+		$obj->_attrCertValidityPeriod = $validity;
+		return $obj;
+	}
+
+	/**
+	 * Get self with attributes.
+	 *
+	 * @param Attributes $attribs
+	 *
+	 * @return self
+	 */
+	public function withAttributes(Attributes $attribs): self
+	{
+		$obj = clone $this;
+		$obj->_attributes = $attribs;
+		return $obj;
+	}
+
+	/**
+	 * Get self with issuer unique identifier.
+	 *
+	 * @param UniqueIdentifier $uid
+	 *
+	 * @return self
+	 */
+	public function withIssuerUniqueID(UniqueIdentifier $uid): self
+	{
+		$obj = clone $this;
+		$obj->_issuerUniqueID = $uid;
+		return $obj;
+	}
+
+	/**
+	 * Get self with extensions.
+	 *
+	 * @param Extensions $extensions
+	 *
+	 * @return self
+	 */
+	public function withExtensions(Extensions $extensions): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $extensions;
+		return $obj;
+	}
+
+	/**
+	 * Get self with extensions added.
+	 *
+	 * @param Extension ...$exts One or more Extension objects
+	 *
+	 * @return self
+	 */
+	public function withAdditionalExtensions(Extension ...$exts): self
+	{
+		$obj = clone $this;
+		$obj->_extensions = $obj->_extensions->withExtensions(...$exts);
+		return $obj;
+	}
+
+	/**
+	 * Get version.
+	 *
+	 * @return int
+	 */
+	public function version(): int
+	{
+		return $this->_version;
+	}
+
+	/**
+	 * Get AC holder.
+	 *
+	 * @return Holder
+	 */
+	public function holder(): Holder
+	{
+		return $this->_holder;
+	}
+
+	/**
+	 * Get AC issuer.
+	 *
+	 * @return AttCertIssuer
+	 */
+	public function issuer(): AttCertIssuer
+	{
+		return $this->_issuer;
+	}
+
+	/**
+	 * Check whether signature is set.
+	 *
+	 * @return bool
+	 */
+	public function hasSignature(): bool
+	{
+		return isset($this->_signature);
+	}
+
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signature(): SignatureAlgorithmIdentifier
+	{
+		if (!$this->hasSignature()) {
+			throw new \LogicException('signature not set.');
+		}
+		return $this->_signature;
+	}
+
+	/**
+	 * Check whether serial number is present.
+	 *
+	 * @return bool
+	 */
+	public function hasSerialNumber(): bool
+	{
+		return isset($this->_serialNumber);
+	}
+
+	/**
+	 * Get AC serial number as a base 10 integer.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return string
+	 */
+	public function serialNumber(): string
+	{
+		if (!$this->hasSerialNumber()) {
+			throw new \LogicException('serialNumber not set.');
+		}
+		return $this->_serialNumber;
+	}
+
+	/**
+	 * Get validity period.
+	 *
+	 * @return AttCertValidityPeriod
+	 */
+	public function validityPeriod(): AttCertValidityPeriod
+	{
+		return $this->_attrCertValidityPeriod;
+	}
+
+	/**
+	 * Get attributes.
+	 *
+	 * @return Attributes
+	 */
+	public function attributes(): Attributes
+	{
+		return $this->_attributes;
+	}
+
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUniqueID(): bool
+	{
+		return isset($this->_issuerUniqueID);
+	}
+
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUniqueID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUniqueID()) {
+			throw new \LogicException('issuerUniqueID not set.');
+		}
+		return $this->_issuerUniqueID;
+	}
+
+	/**
+	 * Get extensions.
+	 *
+	 * @return Extensions
+	 */
+	public function extensions(): Extensions
+	{
+		return $this->_extensions;
+	}
+
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = [new Integer($this->_version), $this->_holder->toASN1(),
+			$this->_issuer->toASN1(), $this->signature()->toASN1(),
+			new Integer($this->serialNumber()),
+			$this->_attrCertValidityPeriod->toASN1(),
+			$this->_attributes->toASN1(), ];
+		if (isset($this->_issuerUniqueID)) {
+			$elements[] = $this->_issuerUniqueID->toASN1();
+		}
+		if (count($this->_extensions)) {
+			$elements[] = $this->_extensions->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
+
+	/**
+	 * Create signed attribute certificate.
+	 *
+	 * @param SignatureAlgorithmIdentifier $algo         Signature algorithm
+	 * @param PrivateKeyInfo               $privkey_info Private key
+	 * @param null|Crypto                  $crypto       Crypto engine, use default if not set
+	 *
+	 * @return AttributeCertificate
+	 */
+	public function sign(SignatureAlgorithmIdentifier $algo,
+		PrivateKeyInfo $privkey_info, ?Crypto $crypto = null): AttributeCertificate
+	{
+		$crypto = $crypto ?? Crypto::getDefault();
+		$aci = clone $this;
+		if (!isset($aci->_serialNumber)) {
+			$aci->_serialNumber = '0';
+		}
+		$aci->_signature = $algo;
+		$data = $aci->toASN1()->toDER();
+		$signature = $crypto->sign($data, $privkey_info, $algo);
+		return new AttributeCertificate($aci, $algo, $signature);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate;
 

lib/X509/AttributeCertificate/AttributeCertificate.php

Indentation +204 added lines, -204 removed lines

@@ -21,208 +21,208 @@
  */
 class AttributeCertificate
 {
-    /**
-     * Attribute certificate info.
-     *
-     * @var AttributeCertificateInfo
-     */
-    protected $_acinfo;
-
-    /**
-     * Signature algorithm identifier.
-     *
-     * @var SignatureAlgorithmIdentifier
-     */
-    protected $_signatureAlgorithm;
-
-    /**
-     * Signature value.
-     *
-     * @var Signature
-     */
-    protected $_signatureValue;
-
-    /**
-     * Constructor.
-     *
-     * @param AttributeCertificateInfo     $acinfo
-     * @param SignatureAlgorithmIdentifier $algo
-     * @param Signature                    $signature
-     */
-    public function __construct(AttributeCertificateInfo $acinfo,
-        SignatureAlgorithmIdentifier $algo, Signature $signature)
-    {
-        $this->_acinfo = $acinfo;
-        $this->_signatureAlgorithm = $algo;
-        $this->_signatureValue = $signature;
-    }
-
-    /**
-     * Get attribute certificate as a PEM formatted string.
-     *
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->toPEM()->string();
-    }
-
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     *
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): self
-    {
-        $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
-        $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
-        if (!$algo instanceof SignatureAlgorithmIdentifier) {
-            throw new \UnexpectedValueException(
-                'Unsupported signature algorithm ' . $algo->oid() . '.');
-        }
-        $signature = Signature::fromSignatureData(
-            $seq->at(2)->asBitString()->string(), $algo);
-        return new self($acinfo, $algo, $signature);
-    }
-
-    /**
-     * Initialize from DER data.
-     *
-     * @param string $data
-     *
-     * @return self
-     */
-    public static function fromDER(string $data): self
-    {
-        return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
-    }
-
-    /**
-     * Initialize from PEM.
-     *
-     * @param PEM $pem
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    public static function fromPEM(PEM $pem): self
-    {
-        if (PEM::TYPE_ATTRIBUTE_CERTIFICATE !== $pem->type()) {
-            throw new \UnexpectedValueException('Invalid PEM type.');
-        }
-        return self::fromDER($pem->data());
-    }
-
-    /**
-     * Get attribute certificate info.
-     *
-     * @return AttributeCertificateInfo
-     */
-    public function acinfo(): AttributeCertificateInfo
-    {
-        return $this->_acinfo;
-    }
-
-    /**
-     * Get signature algorithm identifier.
-     *
-     * @return SignatureAlgorithmIdentifier
-     */
-    public function signatureAlgorithm(): SignatureAlgorithmIdentifier
-    {
-        return $this->_signatureAlgorithm;
-    }
-
-    /**
-     * Get signature value.
-     *
-     * @return Signature
-     */
-    public function signatureValue(): Signature
-    {
-        return $this->_signatureValue;
-    }
-
-    /**
-     * Get ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        return new Sequence($this->_acinfo->toASN1(),
-            $this->_signatureAlgorithm->toASN1(),
-            $this->_signatureValue->bitString());
-    }
-
-    /**
-     * Get attribute certificate as a DER.
-     *
-     * @return string
-     */
-    public function toDER(): string
-    {
-        return $this->toASN1()->toDER();
-    }
-
-    /**
-     * Get attribute certificate as a PEM.
-     *
-     * @return PEM
-     */
-    public function toPEM(): PEM
-    {
-        return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
-    }
-
-    /**
-     * Check whether attribute certificate is issued to the subject identified
-     * by given public key certificate.
-     *
-     * @param Certificate $cert Certificate
-     *
-     * @return bool
-     */
-    public function isHeldBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Check whether attribute certificate is issued by given public key
-     * certificate.
-     *
-     * @param Certificate $cert Certificate
-     *
-     * @return bool
-     */
-    public function isIssuedBy(Certificate $cert): bool
-    {
-        if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Verify signature.
-     *
-     * @param PublicKeyInfo $pubkey_info Signer's public key
-     * @param null|Crypto   $crypto      Crypto engine, use default if not set
-     *
-     * @return bool
-     */
-    public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
-    {
-        $crypto = $crypto ?? Crypto::getDefault();
-        $data = $this->_acinfo->toASN1()->toDER();
-        return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
-            $this->_signatureAlgorithm);
-    }
+	/**
+	 * Attribute certificate info.
+	 *
+	 * @var AttributeCertificateInfo
+	 */
+	protected $_acinfo;
+
+	/**
+	 * Signature algorithm identifier.
+	 *
+	 * @var SignatureAlgorithmIdentifier
+	 */
+	protected $_signatureAlgorithm;
+
+	/**
+	 * Signature value.
+	 *
+	 * @var Signature
+	 */
+	protected $_signatureValue;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param AttributeCertificateInfo     $acinfo
+	 * @param SignatureAlgorithmIdentifier $algo
+	 * @param Signature                    $signature
+	 */
+	public function __construct(AttributeCertificateInfo $acinfo,
+		SignatureAlgorithmIdentifier $algo, Signature $signature)
+	{
+		$this->_acinfo = $acinfo;
+		$this->_signatureAlgorithm = $algo;
+		$this->_signatureValue = $signature;
+	}
+
+	/**
+	 * Get attribute certificate as a PEM formatted string.
+	 *
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->toPEM()->string();
+	}
+
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): self
+	{
+		$acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence());
+		$algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence());
+		if (!$algo instanceof SignatureAlgorithmIdentifier) {
+			throw new \UnexpectedValueException(
+				'Unsupported signature algorithm ' . $algo->oid() . '.');
+		}
+		$signature = Signature::fromSignatureData(
+			$seq->at(2)->asBitString()->string(), $algo);
+		return new self($acinfo, $algo, $signature);
+	}
+
+	/**
+	 * Initialize from DER data.
+	 *
+	 * @param string $data
+	 *
+	 * @return self
+	 */
+	public static function fromDER(string $data): self
+	{
+		return self::fromASN1(UnspecifiedType::fromDER($data)->asSequence());
+	}
+
+	/**
+	 * Initialize from PEM.
+	 *
+	 * @param PEM $pem
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	public static function fromPEM(PEM $pem): self
+	{
+		if (PEM::TYPE_ATTRIBUTE_CERTIFICATE !== $pem->type()) {
+			throw new \UnexpectedValueException('Invalid PEM type.');
+		}
+		return self::fromDER($pem->data());
+	}
+
+	/**
+	 * Get attribute certificate info.
+	 *
+	 * @return AttributeCertificateInfo
+	 */
+	public function acinfo(): AttributeCertificateInfo
+	{
+		return $this->_acinfo;
+	}
+
+	/**
+	 * Get signature algorithm identifier.
+	 *
+	 * @return SignatureAlgorithmIdentifier
+	 */
+	public function signatureAlgorithm(): SignatureAlgorithmIdentifier
+	{
+		return $this->_signatureAlgorithm;
+	}
+
+	/**
+	 * Get signature value.
+	 *
+	 * @return Signature
+	 */
+	public function signatureValue(): Signature
+	{
+		return $this->_signatureValue;
+	}
+
+	/**
+	 * Get ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		return new Sequence($this->_acinfo->toASN1(),
+			$this->_signatureAlgorithm->toASN1(),
+			$this->_signatureValue->bitString());
+	}
+
+	/**
+	 * Get attribute certificate as a DER.
+	 *
+	 * @return string
+	 */
+	public function toDER(): string
+	{
+		return $this->toASN1()->toDER();
+	}
+
+	/**
+	 * Get attribute certificate as a PEM.
+	 *
+	 * @return PEM
+	 */
+	public function toPEM(): PEM
+	{
+		return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER());
+	}
+
+	/**
+	 * Check whether attribute certificate is issued to the subject identified
+	 * by given public key certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 *
+	 * @return bool
+	 */
+	public function isHeldBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->holder()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * Check whether attribute certificate is issued by given public key
+	 * certificate.
+	 *
+	 * @param Certificate $cert Certificate
+	 *
+	 * @return bool
+	 */
+	public function isIssuedBy(Certificate $cert): bool
+	{
+		if (!$this->_acinfo->issuer()->identifiesPKC($cert)) {
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * Verify signature.
+	 *
+	 * @param PublicKeyInfo $pubkey_info Signer's public key
+	 * @param null|Crypto   $crypto      Crypto engine, use default if not set
+	 *
+	 * @return bool
+	 */
+	public function verify(PublicKeyInfo $pubkey_info, ?Crypto $crypto = null): bool
+	{
+		$crypto = $crypto ?? Crypto::getDefault();
+		$data = $this->_acinfo->toASN1()->toDER();
+		return $crypto->verify($data, $this->_signatureValue, $pubkey_info,
+			$this->_signatureAlgorithm);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate;
 

lib/X509/AttributeCertificate/IssuerSerial.php

Indentation +169 added lines, -169 removed lines

@@ -19,173 +19,173 @@
  */
 class IssuerSerial
 {
-    /**
-     * Issuer name.
-     *
-     * @var GeneralNames
-     */
-    protected $_issuer;
-
-    /**
-     * Serial number as a base 10 integer.
-     *
-     * @var string
-     */
-    protected $_serial;
-
-    /**
-     * Issuer unique ID.
-     *
-     * @var null|UniqueIdentifier
-     */
-    protected $_issuerUID;
-
-    /**
-     * Constructor.
-     *
-     * @param GeneralNames          $issuer
-     * @param int|string            $serial
-     * @param null|UniqueIdentifier $uid
-     */
-    public function __construct(GeneralNames $issuer, $serial,
-        ?UniqueIdentifier $uid = null)
-    {
-        $this->_issuer = $issuer;
-        $this->_serial = strval($serial);
-        $this->_issuerUID = $uid;
-    }
-
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     *
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq): IssuerSerial
-    {
-        $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
-        $serial = $seq->at(1)->asInteger()->number();
-        $uid = null;
-        if ($seq->has(2, Element::TYPE_BIT_STRING)) {
-            $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
-        }
-        return new self($issuer, $serial, $uid);
-    }
-
-    /**
-     * Initialize from a public key certificate.
-     *
-     * @param Certificate $cert
-     *
-     * @return self
-     */
-    public static function fromPKC(Certificate $cert): IssuerSerial
-    {
-        $tbsCert = $cert->tbsCertificate();
-        $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
-        $serial = $tbsCert->serialNumber();
-        $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
-        return new self($issuer, $serial, $uid);
-    }
-
-    /**
-     * Get issuer name.
-     *
-     * @return GeneralNames
-     */
-    public function issuer(): GeneralNames
-    {
-        return $this->_issuer;
-    }
-
-    /**
-     * Get serial number.
-     *
-     * @return string
-     */
-    public function serial(): string
-    {
-        return $this->_serial;
-    }
-
-    /**
-     * Check whether issuer unique identifier is present.
-     *
-     * @return bool
-     */
-    public function hasIssuerUID(): bool
-    {
-        return isset($this->_issuerUID);
-    }
-
-    /**
-     * Get issuer unique identifier.
-     *
-     * @throws \LogicException If not set
-     *
-     * @return UniqueIdentifier
-     */
-    public function issuerUID(): UniqueIdentifier
-    {
-        if (!$this->hasIssuerUID()) {
-            throw new \LogicException('issuerUID not set.');
-        }
-        return $this->_issuerUID;
-    }
-
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1(): Sequence
-    {
-        $elements = [$this->_issuer->toASN1(), new Integer($this->_serial)];
-        if (isset($this->_issuerUID)) {
-            $elements[] = $this->_issuerUID->toASN1();
-        }
-        return new Sequence(...$elements);
-    }
-
-    /**
-     * Check whether this IssuerSerial identifies given certificate.
-     *
-     * @param Certificate $cert
-     *
-     * @return bool
-     */
-    public function identifiesPKC(Certificate $cert): bool
-    {
-        $tbs = $cert->tbsCertificate();
-        if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
-            return false;
-        }
-        if ($tbs->serialNumber() !== $this->_serial) {
-            return false;
-        }
-        if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Check whether issuerUID matches given certificate.
-     *
-     * @param Certificate $cert
-     *
-     * @return bool
-     */
-    private function _checkUniqueID(Certificate $cert): bool
-    {
-        if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
-            return false;
-        }
-        $uid = $cert->tbsCertificate()->issuerUniqueID()->string();
-        if ($this->_issuerUID->string() != $uid) {
-            return false;
-        }
-        return true;
-    }
+	/**
+	 * Issuer name.
+	 *
+	 * @var GeneralNames
+	 */
+	protected $_issuer;
+
+	/**
+	 * Serial number as a base 10 integer.
+	 *
+	 * @var string
+	 */
+	protected $_serial;
+
+	/**
+	 * Issuer unique ID.
+	 *
+	 * @var null|UniqueIdentifier
+	 */
+	protected $_issuerUID;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralNames          $issuer
+	 * @param int|string            $serial
+	 * @param null|UniqueIdentifier $uid
+	 */
+	public function __construct(GeneralNames $issuer, $serial,
+		?UniqueIdentifier $uid = null)
+	{
+		$this->_issuer = $issuer;
+		$this->_serial = strval($serial);
+		$this->_issuerUID = $uid;
+	}
+
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 *
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq): IssuerSerial
+	{
+		$issuer = GeneralNames::fromASN1($seq->at(0)->asSequence());
+		$serial = $seq->at(1)->asInteger()->number();
+		$uid = null;
+		if ($seq->has(2, Element::TYPE_BIT_STRING)) {
+			$uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString());
+		}
+		return new self($issuer, $serial, $uid);
+	}
+
+	/**
+	 * Initialize from a public key certificate.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return self
+	 */
+	public static function fromPKC(Certificate $cert): IssuerSerial
+	{
+		$tbsCert = $cert->tbsCertificate();
+		$issuer = new GeneralNames(new DirectoryName($tbsCert->issuer()));
+		$serial = $tbsCert->serialNumber();
+		$uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null;
+		return new self($issuer, $serial, $uid);
+	}
+
+	/**
+	 * Get issuer name.
+	 *
+	 * @return GeneralNames
+	 */
+	public function issuer(): GeneralNames
+	{
+		return $this->_issuer;
+	}
+
+	/**
+	 * Get serial number.
+	 *
+	 * @return string
+	 */
+	public function serial(): string
+	{
+		return $this->_serial;
+	}
+
+	/**
+	 * Check whether issuer unique identifier is present.
+	 *
+	 * @return bool
+	 */
+	public function hasIssuerUID(): bool
+	{
+		return isset($this->_issuerUID);
+	}
+
+	/**
+	 * Get issuer unique identifier.
+	 *
+	 * @throws \LogicException If not set
+	 *
+	 * @return UniqueIdentifier
+	 */
+	public function issuerUID(): UniqueIdentifier
+	{
+		if (!$this->hasIssuerUID()) {
+			throw new \LogicException('issuerUID not set.');
+		}
+		return $this->_issuerUID;
+	}
+
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1(): Sequence
+	{
+		$elements = [$this->_issuer->toASN1(), new Integer($this->_serial)];
+		if (isset($this->_issuerUID)) {
+			$elements[] = $this->_issuerUID->toASN1();
+		}
+		return new Sequence(...$elements);
+	}
+
+	/**
+	 * Check whether this IssuerSerial identifies given certificate.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return bool
+	 */
+	public function identifiesPKC(Certificate $cert): bool
+	{
+		$tbs = $cert->tbsCertificate();
+		if (!$tbs->issuer()->equals($this->_issuer->firstDN())) {
+			return false;
+		}
+		if ($tbs->serialNumber() !== $this->_serial) {
+			return false;
+		}
+		if ($this->_issuerUID && !$this->_checkUniqueID($cert)) {
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * Check whether issuerUID matches given certificate.
+	 *
+	 * @param Certificate $cert
+	 *
+	 * @return bool
+	 */
+	private function _checkUniqueID(Certificate $cert): bool
+	{
+		if (!$cert->tbsCertificate()->hasIssuerUniqueID()) {
+			return false;
+		}
+		$uid = $cert->tbsCertificate()->issuerUniqueID()->string();
+		if ($this->_issuerUID->string() != $uid) {
+			return false;
+		}
+		return true;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\X509\AttributeCertificate;