sop /
x509
@@ -14,94 +14,94 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class ExtensionRequestValue extends AttributeValue |
| 16 | 16 | { |
| 17 | - const OID = "1.2.840.113549.1.9.14"; |
|
| 17 | + const OID = "1.2.840.113549.1.9.14"; |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * Extensions. |
|
| 21 | - * |
|
| 22 | - * @var Extensions $_extensions |
|
| 23 | - */ |
|
| 24 | - protected $_extensions; |
|
| 19 | + /** |
|
| 20 | + * Extensions. |
|
| 21 | + * |
|
| 22 | + * @var Extensions $_extensions |
|
| 23 | + */ |
|
| 24 | + protected $_extensions; |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * Constructor. |
|
| 28 | - * |
|
| 29 | - * @param Extensions $extensions |
|
| 30 | - */ |
|
| 31 | - public function __construct(Extensions $extensions) |
|
| 32 | - { |
|
| 33 | - $this->_extensions = $extensions; |
|
| 34 | - $this->_oid = self::OID; |
|
| 35 | - } |
|
| 26 | + /** |
|
| 27 | + * Constructor. |
|
| 28 | + * |
|
| 29 | + * @param Extensions $extensions |
|
| 30 | + */ |
|
| 31 | + public function __construct(Extensions $extensions) |
|
| 32 | + { |
|
| 33 | + $this->_extensions = $extensions; |
|
| 34 | + $this->_oid = self::OID; |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | - /** |
|
| 38 | - * |
|
| 39 | - * @see \X501\ASN1\AttributeValue\AttributeValue::fromASN1() |
|
| 40 | - * @param UnspecifiedType $el |
|
| 41 | - * @return self |
|
| 42 | - */ |
|
| 43 | - public static function fromASN1(UnspecifiedType $el) |
|
| 44 | - { |
|
| 45 | - return new self(Extensions::fromASN1($el->asSequence())); |
|
| 46 | - } |
|
| 37 | + /** |
|
| 38 | + * |
|
| 39 | + * @see \X501\ASN1\AttributeValue\AttributeValue::fromASN1() |
|
| 40 | + * @param UnspecifiedType $el |
|
| 41 | + * @return self |
|
| 42 | + */ |
|
| 43 | + public static function fromASN1(UnspecifiedType $el) |
|
| 44 | + { |
|
| 45 | + return new self(Extensions::fromASN1($el->asSequence())); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * Get requested extensions. |
|
| 50 | - * |
|
| 51 | - * @return Extensions |
|
| 52 | - */ |
|
| 53 | - public function extensions() |
|
| 54 | - { |
|
| 55 | - return $this->_extensions; |
|
| 56 | - } |
|
| 48 | + /** |
|
| 49 | + * Get requested extensions. |
|
| 50 | + * |
|
| 51 | + * @return Extensions |
|
| 52 | + */ |
|
| 53 | + public function extensions() |
|
| 54 | + { |
|
| 55 | + return $this->_extensions; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * |
|
| 60 | - * @see \X501\ASN1\AttributeValue\AttributeValue::toASN1() |
|
| 61 | - * @return \ASN1\Type\Constructed\Sequence |
|
| 62 | - */ |
|
| 63 | - public function toASN1() |
|
| 64 | - { |
|
| 65 | - return $this->_extensions->toASN1(); |
|
| 66 | - } |
|
| 58 | + /** |
|
| 59 | + * |
|
| 60 | + * @see \X501\ASN1\AttributeValue\AttributeValue::toASN1() |
|
| 61 | + * @return \ASN1\Type\Constructed\Sequence |
|
| 62 | + */ |
|
| 63 | + public function toASN1() |
|
| 64 | + { |
|
| 65 | + return $this->_extensions->toASN1(); |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - /** |
|
| 69 | - * |
|
| 70 | - * @see \X501\ASN1\AttributeValue\AttributeValue::stringValue() |
|
| 71 | - * @return string |
|
| 72 | - */ |
|
| 73 | - public function stringValue() |
|
| 74 | - { |
|
| 75 | - return "#" . bin2hex($this->toASN1()->toDER()); |
|
| 76 | - } |
|
| 68 | + /** |
|
| 69 | + * |
|
| 70 | + * @see \X501\ASN1\AttributeValue\AttributeValue::stringValue() |
|
| 71 | + * @return string |
|
| 72 | + */ |
|
| 73 | + public function stringValue() |
|
| 74 | + { |
|
| 75 | + return "#" . bin2hex($this->toASN1()->toDER()); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * |
|
| 80 | - * @see \X501\ASN1\AttributeValue\AttributeValue::equalityMatchingRule() |
|
| 81 | - * @return BinaryMatch |
|
| 82 | - */ |
|
| 83 | - public function equalityMatchingRule() |
|
| 84 | - { |
|
| 85 | - return new BinaryMatch(); |
|
| 86 | - } |
|
| 78 | + /** |
|
| 79 | + * |
|
| 80 | + * @see \X501\ASN1\AttributeValue\AttributeValue::equalityMatchingRule() |
|
| 81 | + * @return BinaryMatch |
|
| 82 | + */ |
|
| 83 | + public function equalityMatchingRule() |
|
| 84 | + { |
|
| 85 | + return new BinaryMatch(); |
|
| 86 | + } |
|
| 87 | 87 | |
| 88 | - /** |
|
| 89 | - * |
|
| 90 | - * @see \X501\ASN1\AttributeValue\AttributeValue::rfc2253String() |
|
| 91 | - * @return string |
|
| 92 | - */ |
|
| 93 | - public function rfc2253String() |
|
| 94 | - { |
|
| 95 | - return $this->stringValue(); |
|
| 96 | - } |
|
| 88 | + /** |
|
| 89 | + * |
|
| 90 | + * @see \X501\ASN1\AttributeValue\AttributeValue::rfc2253String() |
|
| 91 | + * @return string |
|
| 92 | + */ |
|
| 93 | + public function rfc2253String() |
|
| 94 | + { |
|
| 95 | + return $this->stringValue(); |
|
| 96 | + } |
|
| 97 | 97 | |
| 98 | - /** |
|
| 99 | - * |
|
| 100 | - * @see \X501\ASN1\AttributeValue\AttributeValue::_transcodedString() |
|
| 101 | - * @return string |
|
| 102 | - */ |
|
| 103 | - protected function _transcodedString() |
|
| 104 | - { |
|
| 105 | - return $this->stringValue(); |
|
| 106 | - } |
|
| 98 | + /** |
|
| 99 | + * |
|
| 100 | + * @see \X501\ASN1\AttributeValue\AttributeValue::_transcodedString() |
|
| 101 | + * @return string |
|
| 102 | + */ |
|
| 103 | + protected function _transcodedString() |
|
| 104 | + { |
|
| 105 | + return $this->stringValue(); |
|
| 106 | + } |
|
| 107 | 107 | } |
@@ -18,107 +18,107 @@ |
||
| 18 | 18 | */ |
| 19 | 19 | class Attributes implements \Countable, \IteratorAggregate |
| 20 | 20 | { |
| 21 | - use AttributeContainer; |
|
| 21 | + use AttributeContainer; |
|
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * Mapping from OID to attribute value class name. |
|
| 25 | - * |
|
| 26 | - * @internal |
|
| 27 | - * |
|
| 28 | - * @var array |
|
| 29 | - */ |
|
| 30 | - const MAP_OID_TO_CLASS = array( |
|
| 31 | - /* @formatter:off */ |
|
| 32 | - ExtensionRequestValue::OID => ExtensionRequestValue::class |
|
| 33 | - /* @formatter:on */ |
|
| 34 | - ); |
|
| 23 | + /** |
|
| 24 | + * Mapping from OID to attribute value class name. |
|
| 25 | + * |
|
| 26 | + * @internal |
|
| 27 | + * |
|
| 28 | + * @var array |
|
| 29 | + */ |
|
| 30 | + const MAP_OID_TO_CLASS = array( |
|
| 31 | + /* @formatter:off */ |
|
| 32 | + ExtensionRequestValue::OID => ExtensionRequestValue::class |
|
| 33 | + /* @formatter:on */ |
|
| 34 | + ); |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Constructor. |
|
| 38 | - * |
|
| 39 | - * @param Attribute ...$attribs Attribute objects |
|
| 40 | - */ |
|
| 41 | - public function __construct(Attribute ...$attribs) |
|
| 42 | - { |
|
| 43 | - $this->_attributes = $attribs; |
|
| 44 | - } |
|
| 36 | + /** |
|
| 37 | + * Constructor. |
|
| 38 | + * |
|
| 39 | + * @param Attribute ...$attribs Attribute objects |
|
| 40 | + */ |
|
| 41 | + public function __construct(Attribute ...$attribs) |
|
| 42 | + { |
|
| 43 | + $this->_attributes = $attribs; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * Initialize from attribute values. |
|
| 48 | - * |
|
| 49 | - * @param AttributeValue ...$values |
|
| 50 | - * @return self |
|
| 51 | - */ |
|
| 52 | - public static function fromAttributeValues(AttributeValue ...$values) |
|
| 53 | - { |
|
| 54 | - $attribs = array_map( |
|
| 55 | - function (AttributeValue $value) { |
|
| 56 | - return $value->toAttribute(); |
|
| 57 | - }, $values); |
|
| 58 | - return new self(...$attribs); |
|
| 59 | - } |
|
| 46 | + /** |
|
| 47 | + * Initialize from attribute values. |
|
| 48 | + * |
|
| 49 | + * @param AttributeValue ...$values |
|
| 50 | + * @return self |
|
| 51 | + */ |
|
| 52 | + public static function fromAttributeValues(AttributeValue ...$values) |
|
| 53 | + { |
|
| 54 | + $attribs = array_map( |
|
| 55 | + function (AttributeValue $value) { |
|
| 56 | + return $value->toAttribute(); |
|
| 57 | + }, $values); |
|
| 58 | + return new self(...$attribs); |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - /** |
|
| 62 | - * Initialize from ASN.1. |
|
| 63 | - * |
|
| 64 | - * @param Set $set |
|
| 65 | - * @return self |
|
| 66 | - */ |
|
| 67 | - public static function fromASN1(Set $set) |
|
| 68 | - { |
|
| 69 | - $attribs = array_map( |
|
| 70 | - function (UnspecifiedType $el) { |
|
| 71 | - return Attribute::fromASN1($el->asSequence()); |
|
| 72 | - }, $set->elements()); |
|
| 73 | - // cast attributes |
|
| 74 | - $attribs = array_map( |
|
| 75 | - function (Attribute $attr) { |
|
| 76 | - $oid = $attr->oid(); |
|
| 77 | - if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) { |
|
| 78 | - $cls = self::MAP_OID_TO_CLASS[$oid]; |
|
| 79 | - return $attr->castValues($cls); |
|
| 80 | - } |
|
| 81 | - return $attr; |
|
| 82 | - }, $attribs); |
|
| 83 | - return new self(...$attribs); |
|
| 84 | - } |
|
| 61 | + /** |
|
| 62 | + * Initialize from ASN.1. |
|
| 63 | + * |
|
| 64 | + * @param Set $set |
|
| 65 | + * @return self |
|
| 66 | + */ |
|
| 67 | + public static function fromASN1(Set $set) |
|
| 68 | + { |
|
| 69 | + $attribs = array_map( |
|
| 70 | + function (UnspecifiedType $el) { |
|
| 71 | + return Attribute::fromASN1($el->asSequence()); |
|
| 72 | + }, $set->elements()); |
|
| 73 | + // cast attributes |
|
| 74 | + $attribs = array_map( |
|
| 75 | + function (Attribute $attr) { |
|
| 76 | + $oid = $attr->oid(); |
|
| 77 | + if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) { |
|
| 78 | + $cls = self::MAP_OID_TO_CLASS[$oid]; |
|
| 79 | + return $attr->castValues($cls); |
|
| 80 | + } |
|
| 81 | + return $attr; |
|
| 82 | + }, $attribs); |
|
| 83 | + return new self(...$attribs); |
|
| 84 | + } |
|
| 85 | 85 | |
| 86 | - /** |
|
| 87 | - * Check whether extension request attribute is present. |
|
| 88 | - * |
|
| 89 | - * @return bool |
|
| 90 | - */ |
|
| 91 | - public function hasExtensionRequest() |
|
| 92 | - { |
|
| 93 | - return $this->has(ExtensionRequestValue::OID); |
|
| 94 | - } |
|
| 86 | + /** |
|
| 87 | + * Check whether extension request attribute is present. |
|
| 88 | + * |
|
| 89 | + * @return bool |
|
| 90 | + */ |
|
| 91 | + public function hasExtensionRequest() |
|
| 92 | + { |
|
| 93 | + return $this->has(ExtensionRequestValue::OID); |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | - /** |
|
| 97 | - * Get extension request attribute value. |
|
| 98 | - * |
|
| 99 | - * @throws \LogicException |
|
| 100 | - * @return ExtensionRequestValue |
|
| 101 | - */ |
|
| 102 | - public function extensionRequest() |
|
| 103 | - { |
|
| 104 | - if (!$this->hasExtensionRequest()) { |
|
| 105 | - throw new \LogicException("No extension request attribute."); |
|
| 106 | - } |
|
| 107 | - return $this->firstOf(ExtensionRequestValue::OID)->first(); |
|
| 108 | - } |
|
| 96 | + /** |
|
| 97 | + * Get extension request attribute value. |
|
| 98 | + * |
|
| 99 | + * @throws \LogicException |
|
| 100 | + * @return ExtensionRequestValue |
|
| 101 | + */ |
|
| 102 | + public function extensionRequest() |
|
| 103 | + { |
|
| 104 | + if (!$this->hasExtensionRequest()) { |
|
| 105 | + throw new \LogicException("No extension request attribute."); |
|
| 106 | + } |
|
| 107 | + return $this->firstOf(ExtensionRequestValue::OID)->first(); |
|
| 108 | + } |
|
| 109 | 109 | |
| 110 | - /** |
|
| 111 | - * Generate ASN.1 structure. |
|
| 112 | - * |
|
| 113 | - * @return Set |
|
| 114 | - */ |
|
| 115 | - public function toASN1() |
|
| 116 | - { |
|
| 117 | - $elements = array_map( |
|
| 118 | - function (Attribute $attr) { |
|
| 119 | - return $attr->toASN1(); |
|
| 120 | - }, array_values($this->_attributes)); |
|
| 121 | - $set = new Set(...$elements); |
|
| 122 | - return $set->sortedSetOf(); |
|
| 123 | - } |
|
| 110 | + /** |
|
| 111 | + * Generate ASN.1 structure. |
|
| 112 | + * |
|
| 113 | + * @return Set |
|
| 114 | + */ |
|
| 115 | + public function toASN1() |
|
| 116 | + { |
|
| 117 | + $elements = array_map( |
|
| 118 | + function (Attribute $attr) { |
|
| 119 | + return $attr->toASN1(); |
|
| 120 | + }, array_values($this->_attributes)); |
|
| 121 | + $set = new Set(...$elements); |
|
| 122 | + return $set->sortedSetOf(); |
|
| 123 | + } |
|
| 124 | 124 | } |
@@ -7,52 +7,52 @@ |
||
| 7 | 7 | */ |
| 8 | 8 | trait DateTimeHelper |
| 9 | 9 | { |
| 10 | - /** |
|
| 11 | - * Create DateTime object from time string and timezone. |
|
| 12 | - * |
|
| 13 | - * @param string|null $time Time string, default to 'now' |
|
| 14 | - * @param string|null $tz Timezone, default if omitted |
|
| 15 | - * @throws \RuntimeException |
|
| 16 | - * @return \DateTimeImmutable |
|
| 17 | - */ |
|
| 18 | - private static function _createDateTime($time = null, $tz = null) |
|
| 19 | - { |
|
| 20 | - try { |
|
| 21 | - if (!isset($tz)) { |
|
| 22 | - $tz = date_default_timezone_get(); |
|
| 23 | - } |
|
| 24 | - return new \DateTimeImmutable($time, self::_createTimeZone($tz)); |
|
| 25 | - } catch (\Exception $e) { |
|
| 26 | - throw new \RuntimeException( |
|
| 27 | - "Failed to create DateTime: " . |
|
| 28 | - self::_getLastDateTimeImmutableErrorsStr(), 0, $e); |
|
| 29 | - } |
|
| 30 | - } |
|
| 10 | + /** |
|
| 11 | + * Create DateTime object from time string and timezone. |
|
| 12 | + * |
|
| 13 | + * @param string|null $time Time string, default to 'now' |
|
| 14 | + * @param string|null $tz Timezone, default if omitted |
|
| 15 | + * @throws \RuntimeException |
|
| 16 | + * @return \DateTimeImmutable |
|
| 17 | + */ |
|
| 18 | + private static function _createDateTime($time = null, $tz = null) |
|
| 19 | + { |
|
| 20 | + try { |
|
| 21 | + if (!isset($tz)) { |
|
| 22 | + $tz = date_default_timezone_get(); |
|
| 23 | + } |
|
| 24 | + return new \DateTimeImmutable($time, self::_createTimeZone($tz)); |
|
| 25 | + } catch (\Exception $e) { |
|
| 26 | + throw new \RuntimeException( |
|
| 27 | + "Failed to create DateTime: " . |
|
| 28 | + self::_getLastDateTimeImmutableErrorsStr(), 0, $e); |
|
| 29 | + } |
|
| 30 | + } |
|
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * Create DateTimeZone object from string. |
|
| 34 | - * |
|
| 35 | - * @param string $tz |
|
| 36 | - * @throws \UnexpectedValueException |
|
| 37 | - * @return \DateTimeZone |
|
| 38 | - */ |
|
| 39 | - private static function _createTimeZone($tz) |
|
| 40 | - { |
|
| 41 | - try { |
|
| 42 | - return new \DateTimeZone($tz); |
|
| 43 | - } catch (\Exception $e) { |
|
| 44 | - throw new \UnexpectedValueException("Invalid timezone.", 0, $e); |
|
| 45 | - } |
|
| 46 | - } |
|
| 32 | + /** |
|
| 33 | + * Create DateTimeZone object from string. |
|
| 34 | + * |
|
| 35 | + * @param string $tz |
|
| 36 | + * @throws \UnexpectedValueException |
|
| 37 | + * @return \DateTimeZone |
|
| 38 | + */ |
|
| 39 | + private static function _createTimeZone($tz) |
|
| 40 | + { |
|
| 41 | + try { |
|
| 42 | + return new \DateTimeZone($tz); |
|
| 43 | + } catch (\Exception $e) { |
|
| 44 | + throw new \UnexpectedValueException("Invalid timezone.", 0, $e); |
|
| 45 | + } |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * Get last error caused by DateTimeImmutable. |
|
| 50 | - * |
|
| 51 | - * @return string |
|
| 52 | - */ |
|
| 53 | - private static function _getLastDateTimeImmutableErrorsStr() |
|
| 54 | - { |
|
| 55 | - $errors = \DateTimeImmutable::getLastErrors()["errors"]; |
|
| 56 | - return implode(", ", $errors); |
|
| 57 | - } |
|
| 48 | + /** |
|
| 49 | + * Get last error caused by DateTimeImmutable. |
|
| 50 | + * |
|
| 51 | + * @return string |
|
| 52 | + */ |
|
| 53 | + private static function _getLastDateTimeImmutableErrorsStr() |
|
| 54 | + { |
|
| 55 | + $errors = \DateTimeImmutable::getLastErrors()["errors"]; |
|
| 56 | + return implode(", ", $errors); |
|
| 57 | + } |
|
| 58 | 58 | } |
@@ -12,136 +12,136 @@ |
||
| 12 | 12 | */ |
| 13 | 13 | trait AttributeContainer |
| 14 | 14 | { |
| 15 | - /** |
|
| 16 | - * Array of attributes. |
|
| 17 | - * |
|
| 18 | - * @var Attribute[] $_attributes |
|
| 19 | - */ |
|
| 20 | - protected $_attributes; |
|
| 15 | + /** |
|
| 16 | + * Array of attributes. |
|
| 17 | + * |
|
| 18 | + * @var Attribute[] $_attributes |
|
| 19 | + */ |
|
| 20 | + protected $_attributes; |
|
| 21 | 21 | |
| 22 | - /** |
|
| 23 | - * Find first attribute of given name or OID. |
|
| 24 | - * |
|
| 25 | - * @param string $name |
|
| 26 | - * @return Attribute|null |
|
| 27 | - */ |
|
| 28 | - protected function _findFirst($name) |
|
| 29 | - { |
|
| 30 | - $oid = AttributeType::attrNameToOID($name); |
|
| 31 | - foreach ($this->_attributes as $attr) { |
|
| 32 | - if ($attr->oid() == $oid) { |
|
| 33 | - return $attr; |
|
| 34 | - } |
|
| 35 | - } |
|
| 36 | - return null; |
|
| 37 | - } |
|
| 22 | + /** |
|
| 23 | + * Find first attribute of given name or OID. |
|
| 24 | + * |
|
| 25 | + * @param string $name |
|
| 26 | + * @return Attribute|null |
|
| 27 | + */ |
|
| 28 | + protected function _findFirst($name) |
|
| 29 | + { |
|
| 30 | + $oid = AttributeType::attrNameToOID($name); |
|
| 31 | + foreach ($this->_attributes as $attr) { |
|
| 32 | + if ($attr->oid() == $oid) { |
|
| 33 | + return $attr; |
|
| 34 | + } |
|
| 35 | + } |
|
| 36 | + return null; |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * Check whether attribute is present. |
|
| 41 | - * |
|
| 42 | - * @param string $name OID or attribute name |
|
| 43 | - * @return boolean |
|
| 44 | - */ |
|
| 45 | - public function has($name) |
|
| 46 | - { |
|
| 47 | - return null !== $this->_findFirst($name); |
|
| 48 | - } |
|
| 39 | + /** |
|
| 40 | + * Check whether attribute is present. |
|
| 41 | + * |
|
| 42 | + * @param string $name OID or attribute name |
|
| 43 | + * @return boolean |
|
| 44 | + */ |
|
| 45 | + public function has($name) |
|
| 46 | + { |
|
| 47 | + return null !== $this->_findFirst($name); |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * Get first attribute by OID or attribute name. |
|
| 52 | - * |
|
| 53 | - * @param string $name OID or attribute name |
|
| 54 | - * @throws \OutOfBoundsException |
|
| 55 | - * @return Attribute |
|
| 56 | - */ |
|
| 57 | - public function firstOf($name) |
|
| 58 | - { |
|
| 59 | - $attr = $this->_findFirst($name); |
|
| 60 | - if (!$attr) { |
|
| 61 | - throw new \UnexpectedValueException("No $name attribute."); |
|
| 62 | - } |
|
| 63 | - return $attr; |
|
| 64 | - } |
|
| 50 | + /** |
|
| 51 | + * Get first attribute by OID or attribute name. |
|
| 52 | + * |
|
| 53 | + * @param string $name OID or attribute name |
|
| 54 | + * @throws \OutOfBoundsException |
|
| 55 | + * @return Attribute |
|
| 56 | + */ |
|
| 57 | + public function firstOf($name) |
|
| 58 | + { |
|
| 59 | + $attr = $this->_findFirst($name); |
|
| 60 | + if (!$attr) { |
|
| 61 | + throw new \UnexpectedValueException("No $name attribute."); |
|
| 62 | + } |
|
| 63 | + return $attr; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * Get all attributes of given name. |
|
| 68 | - * |
|
| 69 | - * @param string $name OID or attribute name |
|
| 70 | - * @return Attribute[] |
|
| 71 | - */ |
|
| 72 | - public function allOf($name) |
|
| 73 | - { |
|
| 74 | - $oid = AttributeType::attrNameToOID($name); |
|
| 75 | - $attrs = array_filter($this->_attributes, |
|
| 76 | - function (Attribute $attr) use ($oid) { |
|
| 77 | - return $attr->oid() == $oid; |
|
| 78 | - }); |
|
| 79 | - return array_values($attrs); |
|
| 80 | - } |
|
| 66 | + /** |
|
| 67 | + * Get all attributes of given name. |
|
| 68 | + * |
|
| 69 | + * @param string $name OID or attribute name |
|
| 70 | + * @return Attribute[] |
|
| 71 | + */ |
|
| 72 | + public function allOf($name) |
|
| 73 | + { |
|
| 74 | + $oid = AttributeType::attrNameToOID($name); |
|
| 75 | + $attrs = array_filter($this->_attributes, |
|
| 76 | + function (Attribute $attr) use ($oid) { |
|
| 77 | + return $attr->oid() == $oid; |
|
| 78 | + }); |
|
| 79 | + return array_values($attrs); |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | - /** |
|
| 83 | - * Get all attributes. |
|
| 84 | - * |
|
| 85 | - * @return Attribute[] |
|
| 86 | - */ |
|
| 87 | - public function all() |
|
| 88 | - { |
|
| 89 | - return $this->_attributes; |
|
| 90 | - } |
|
| 82 | + /** |
|
| 83 | + * Get all attributes. |
|
| 84 | + * |
|
| 85 | + * @return Attribute[] |
|
| 86 | + */ |
|
| 87 | + public function all() |
|
| 88 | + { |
|
| 89 | + return $this->_attributes; |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - /** |
|
| 93 | - * Get self with additional attributes added. |
|
| 94 | - * |
|
| 95 | - * @param Attribute ...$attribs |
|
| 96 | - * @return self |
|
| 97 | - */ |
|
| 98 | - public function withAdditional(Attribute ...$attribs) |
|
| 99 | - { |
|
| 100 | - $obj = clone $this; |
|
| 101 | - foreach ($attribs as $attr) { |
|
| 102 | - $obj->_attributes[] = $attr; |
|
| 103 | - } |
|
| 104 | - return $obj; |
|
| 105 | - } |
|
| 92 | + /** |
|
| 93 | + * Get self with additional attributes added. |
|
| 94 | + * |
|
| 95 | + * @param Attribute ...$attribs |
|
| 96 | + * @return self |
|
| 97 | + */ |
|
| 98 | + public function withAdditional(Attribute ...$attribs) |
|
| 99 | + { |
|
| 100 | + $obj = clone $this; |
|
| 101 | + foreach ($attribs as $attr) { |
|
| 102 | + $obj->_attributes[] = $attr; |
|
| 103 | + } |
|
| 104 | + return $obj; |
|
| 105 | + } |
|
| 106 | 106 | |
| 107 | - /** |
|
| 108 | - * Get self with single unique attribute added. |
|
| 109 | - * |
|
| 110 | - * All previous attributes of the same type are removed. |
|
| 111 | - * |
|
| 112 | - * @param Attribute $attr |
|
| 113 | - * @return self |
|
| 114 | - */ |
|
| 115 | - public function withUnique(Attribute $attr) |
|
| 116 | - { |
|
| 117 | - $obj = clone $this; |
|
| 118 | - $obj->_attributes = array_filter($obj->_attributes, |
|
| 119 | - function (Attribute $a) use ($attr) { |
|
| 120 | - return $a->oid() != $attr->oid(); |
|
| 121 | - }); |
|
| 122 | - $obj->_attributes[] = $attr; |
|
| 123 | - return $obj; |
|
| 124 | - } |
|
| 107 | + /** |
|
| 108 | + * Get self with single unique attribute added. |
|
| 109 | + * |
|
| 110 | + * All previous attributes of the same type are removed. |
|
| 111 | + * |
|
| 112 | + * @param Attribute $attr |
|
| 113 | + * @return self |
|
| 114 | + */ |
|
| 115 | + public function withUnique(Attribute $attr) |
|
| 116 | + { |
|
| 117 | + $obj = clone $this; |
|
| 118 | + $obj->_attributes = array_filter($obj->_attributes, |
|
| 119 | + function (Attribute $a) use ($attr) { |
|
| 120 | + return $a->oid() != $attr->oid(); |
|
| 121 | + }); |
|
| 122 | + $obj->_attributes[] = $attr; |
|
| 123 | + return $obj; |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * Get number of attributes. |
|
| 128 | - * |
|
| 129 | - * @see \Countable::count() |
|
| 130 | - * @return int |
|
| 131 | - */ |
|
| 132 | - public function count() |
|
| 133 | - { |
|
| 134 | - return count($this->_attributes); |
|
| 135 | - } |
|
| 126 | + /** |
|
| 127 | + * Get number of attributes. |
|
| 128 | + * |
|
| 129 | + * @see \Countable::count() |
|
| 130 | + * @return int |
|
| 131 | + */ |
|
| 132 | + public function count() |
|
| 133 | + { |
|
| 134 | + return count($this->_attributes); |
|
| 135 | + } |
|
| 136 | 136 | |
| 137 | - /** |
|
| 138 | - * Get iterator for attributes. |
|
| 139 | - * |
|
| 140 | - * @see \IteratorAggregate::getIterator() |
|
| 141 | - * @return \ArrayIterator |
|
| 142 | - */ |
|
| 143 | - public function getIterator() |
|
| 144 | - { |
|
| 145 | - return new \ArrayIterator($this->_attributes); |
|
| 146 | - } |
|
| 137 | + /** |
|
| 138 | + * Get iterator for attributes. |
|
| 139 | + * |
|
| 140 | + * @see \IteratorAggregate::getIterator() |
|
| 141 | + * @return \ArrayIterator |
|
| 142 | + */ |
|
| 143 | + public function getIterator() |
|
| 144 | + { |
|
| 145 | + return new \ArrayIterator($this->_attributes); |
|
| 146 | + } |
|
| 147 | 147 | } |
@@ -20,435 +20,435 @@ |
||
| 20 | 20 | */ |
| 21 | 21 | class AttributeCertificateInfo |
| 22 | 22 | { |
| 23 | - const VERSION_2 = 1; |
|
| 24 | - |
|
| 25 | - /** |
|
| 26 | - * AC version. |
|
| 27 | - * |
|
| 28 | - * @var int $_version |
|
| 29 | - */ |
|
| 30 | - protected $_version; |
|
| 31 | - |
|
| 32 | - /** |
|
| 33 | - * AC holder. |
|
| 34 | - * |
|
| 35 | - * @var Holder $_holder |
|
| 36 | - */ |
|
| 37 | - protected $_holder; |
|
| 38 | - |
|
| 39 | - /** |
|
| 40 | - * AC issuer. |
|
| 41 | - * |
|
| 42 | - * @var AttCertIssuer $_issuer |
|
| 43 | - */ |
|
| 44 | - protected $_issuer; |
|
| 45 | - |
|
| 46 | - /** |
|
| 47 | - * Signature algorithm identifier. |
|
| 48 | - * |
|
| 49 | - * @var SignatureAlgorithmIdentifier $_signature |
|
| 50 | - */ |
|
| 51 | - protected $_signature; |
|
| 52 | - |
|
| 53 | - /** |
|
| 54 | - * AC serial number. |
|
| 55 | - * |
|
| 56 | - * @var int|string $_serialNumber |
|
| 57 | - */ |
|
| 58 | - protected $_serialNumber; |
|
| 59 | - |
|
| 60 | - /** |
|
| 61 | - * Validity period. |
|
| 62 | - * |
|
| 63 | - * @var AttCertValidityPeriod $_attrCertValidityPeriod |
|
| 64 | - */ |
|
| 65 | - protected $_attrCertValidityPeriod; |
|
| 66 | - |
|
| 67 | - /** |
|
| 68 | - * Attributes. |
|
| 69 | - * |
|
| 70 | - * @var Attributes $_attributes |
|
| 71 | - */ |
|
| 72 | - protected $_attributes; |
|
| 73 | - |
|
| 74 | - /** |
|
| 75 | - * Issuer unique identifier. |
|
| 76 | - * |
|
| 77 | - * @var UniqueIdentifier|null $_issuerUniqueID |
|
| 78 | - */ |
|
| 79 | - protected $_issuerUniqueID; |
|
| 80 | - |
|
| 81 | - /** |
|
| 82 | - * Extensions. |
|
| 83 | - * |
|
| 84 | - * @var Extensions $_extensions |
|
| 85 | - */ |
|
| 86 | - protected $_extensions; |
|
| 87 | - |
|
| 88 | - /** |
|
| 89 | - * Constructor. |
|
| 90 | - * |
|
| 91 | - * @param Holder $holder AC holder |
|
| 92 | - * @param AttCertIssuer $issuer AC issuer |
|
| 93 | - * @param AttCertValidityPeriod $validity Validity |
|
| 94 | - * @param Attributes $attribs Attributes |
|
| 95 | - */ |
|
| 96 | - public function __construct(Holder $holder, AttCertIssuer $issuer, |
|
| 97 | - AttCertValidityPeriod $validity, Attributes $attribs) |
|
| 98 | - { |
|
| 99 | - $this->_version = self::VERSION_2; |
|
| 100 | - $this->_holder = $holder; |
|
| 101 | - $this->_issuer = $issuer; |
|
| 102 | - $this->_attrCertValidityPeriod = $validity; |
|
| 103 | - $this->_attributes = $attribs; |
|
| 104 | - $this->_extensions = new Extensions(); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * Initialize from ASN.1. |
|
| 109 | - * |
|
| 110 | - * @param Sequence $seq |
|
| 111 | - * @throws \UnexpectedValueException |
|
| 112 | - * @return self |
|
| 113 | - */ |
|
| 114 | - public static function fromASN1(Sequence $seq) |
|
| 115 | - { |
|
| 116 | - $version = $seq->at(0) |
|
| 117 | - ->asInteger() |
|
| 118 | - ->number(); |
|
| 119 | - if ($version != self::VERSION_2) { |
|
| 120 | - throw new \UnexpectedValueException("Version must be 2."); |
|
| 121 | - } |
|
| 122 | - $holder = Holder::fromASN1($seq->at(1)->asSequence()); |
|
| 123 | - $issuer = AttCertIssuer::fromASN1($seq->at(2)); |
|
| 124 | - $signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence()); |
|
| 125 | - if (!$signature instanceof SignatureAlgorithmIdentifier) { |
|
| 126 | - throw new \UnexpectedValueException( |
|
| 127 | - "Unsupported signature algorithm " . $signature->oid() . "."); |
|
| 128 | - } |
|
| 129 | - $serial = $seq->at(4) |
|
| 130 | - ->asInteger() |
|
| 131 | - ->number(); |
|
| 132 | - $validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence()); |
|
| 133 | - $attribs = Attributes::fromASN1($seq->at(6)->asSequence()); |
|
| 134 | - $obj = new self($holder, $issuer, $validity, $attribs); |
|
| 135 | - $obj->_signature = $signature; |
|
| 136 | - $obj->_serialNumber = $serial; |
|
| 137 | - $idx = 7; |
|
| 138 | - if ($seq->has($idx, Element::TYPE_BIT_STRING)) { |
|
| 139 | - $obj->_issuerUniqueID = UniqueIdentifier::fromASN1( |
|
| 140 | - $seq->at($idx++)->asBitString()); |
|
| 141 | - } |
|
| 142 | - if ($seq->has($idx, Element::TYPE_SEQUENCE)) { |
|
| 143 | - $obj->_extensions = Extensions::fromASN1( |
|
| 144 | - $seq->at($idx++)->asSequence()); |
|
| 145 | - } |
|
| 146 | - return $obj; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * Get self with holder. |
|
| 151 | - * |
|
| 152 | - * @param Holder $holder |
|
| 153 | - * @return self |
|
| 154 | - */ |
|
| 155 | - public function withHolder(Holder $holder) |
|
| 156 | - { |
|
| 157 | - $obj = clone $this; |
|
| 158 | - $obj->_holder = $holder; |
|
| 159 | - return $obj; |
|
| 160 | - } |
|
| 161 | - |
|
| 162 | - /** |
|
| 163 | - * Get self with issuer. |
|
| 164 | - * |
|
| 165 | - * @param AttCertIssuer $issuer |
|
| 166 | - * @return self |
|
| 167 | - */ |
|
| 168 | - public function withIssuer(AttCertIssuer $issuer) |
|
| 169 | - { |
|
| 170 | - $obj = clone $this; |
|
| 171 | - $obj->_issuer = $issuer; |
|
| 172 | - return $obj; |
|
| 173 | - } |
|
| 174 | - |
|
| 175 | - /** |
|
| 176 | - * Get self with signature algorithm identifier. |
|
| 177 | - * |
|
| 178 | - * @param SignatureAlgorithmIdentifier $algo |
|
| 179 | - * @return self |
|
| 180 | - */ |
|
| 181 | - public function withSignature(SignatureAlgorithmIdentifier $algo) |
|
| 182 | - { |
|
| 183 | - $obj = clone $this; |
|
| 184 | - $obj->_signature = $algo; |
|
| 185 | - return $obj; |
|
| 186 | - } |
|
| 187 | - |
|
| 188 | - /** |
|
| 189 | - * Get self with serial number. |
|
| 190 | - * |
|
| 191 | - * @param int|string $serial |
|
| 192 | - * @return self |
|
| 193 | - */ |
|
| 194 | - public function withSerialNumber($serial) |
|
| 195 | - { |
|
| 196 | - $obj = clone $this; |
|
| 197 | - $obj->_serialNumber = $serial; |
|
| 198 | - return $obj; |
|
| 199 | - } |
|
| 200 | - |
|
| 201 | - /** |
|
| 202 | - * Get self with random positive serial number. |
|
| 203 | - * |
|
| 204 | - * @param int $size Number of random bytes |
|
| 205 | - * @return self |
|
| 206 | - */ |
|
| 207 | - public function withRandomSerialNumber($size = 16) |
|
| 208 | - { |
|
| 209 | - // ensure that first byte is always non-zero and having first bit unset |
|
| 210 | - $num = gmp_init(mt_rand(1, 0x7f), 10); |
|
| 211 | - for ($i = 1; $i < $size; ++$i) { |
|
| 212 | - $num <<= 8; |
|
| 213 | - $num += mt_rand(0, 0xff); |
|
| 214 | - } |
|
| 215 | - return $this->withSerialNumber(gmp_strval($num, 10)); |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - /** |
|
| 219 | - * Get self with validity period. |
|
| 220 | - * |
|
| 221 | - * @param AttCertValidityPeriod $validity |
|
| 222 | - * @return self |
|
| 223 | - */ |
|
| 224 | - public function withValidity(AttCertValidityPeriod $validity) |
|
| 225 | - { |
|
| 226 | - $obj = clone $this; |
|
| 227 | - $obj->_attrCertValidityPeriod = $validity; |
|
| 228 | - return $obj; |
|
| 229 | - } |
|
| 230 | - |
|
| 231 | - /** |
|
| 232 | - * Get self with attributes. |
|
| 233 | - * |
|
| 234 | - * @param Attributes $attribs |
|
| 235 | - * @return self |
|
| 236 | - */ |
|
| 237 | - public function withAttributes(Attributes $attribs) |
|
| 238 | - { |
|
| 239 | - $obj = clone $this; |
|
| 240 | - $obj->_attributes = $attribs; |
|
| 241 | - return $obj; |
|
| 242 | - } |
|
| 243 | - |
|
| 244 | - /** |
|
| 245 | - * Get self with issuer unique identifier. |
|
| 246 | - * |
|
| 247 | - * @param UniqueIdentifier $uid |
|
| 248 | - * @return self |
|
| 249 | - */ |
|
| 250 | - public function withIssuerUniqueID(UniqueIdentifier $uid) |
|
| 251 | - { |
|
| 252 | - $obj = clone $this; |
|
| 253 | - $obj->_issuerUniqueID = $uid; |
|
| 254 | - return $obj; |
|
| 255 | - } |
|
| 256 | - |
|
| 257 | - /** |
|
| 258 | - * Get self with extensions. |
|
| 259 | - * |
|
| 260 | - * @param Extensions $extensions |
|
| 261 | - * @return self |
|
| 262 | - */ |
|
| 263 | - public function withExtensions(Extensions $extensions) |
|
| 264 | - { |
|
| 265 | - $obj = clone $this; |
|
| 266 | - $obj->_extensions = $extensions; |
|
| 267 | - return $obj; |
|
| 268 | - } |
|
| 269 | - |
|
| 270 | - /** |
|
| 271 | - * Get self with extensions added. |
|
| 272 | - * |
|
| 273 | - * @param Extension ...$exts One or more Extension objects |
|
| 274 | - * @return self |
|
| 275 | - */ |
|
| 276 | - public function withAdditionalExtensions(Extension ...$exts) |
|
| 277 | - { |
|
| 278 | - $obj = clone $this; |
|
| 279 | - $obj->_extensions = $obj->_extensions->withExtensions(...$exts); |
|
| 280 | - return $obj; |
|
| 281 | - } |
|
| 282 | - |
|
| 283 | - /** |
|
| 284 | - * Get version. |
|
| 285 | - * |
|
| 286 | - * @return int |
|
| 287 | - */ |
|
| 288 | - public function version() |
|
| 289 | - { |
|
| 290 | - return $this->_version; |
|
| 291 | - } |
|
| 292 | - |
|
| 293 | - /** |
|
| 294 | - * Get AC holder. |
|
| 295 | - * |
|
| 296 | - * @return Holder |
|
| 297 | - */ |
|
| 298 | - public function holder() |
|
| 299 | - { |
|
| 300 | - return $this->_holder; |
|
| 301 | - } |
|
| 302 | - |
|
| 303 | - /** |
|
| 304 | - * Get AC issuer. |
|
| 305 | - * |
|
| 306 | - * @return AttCertIssuer |
|
| 307 | - */ |
|
| 308 | - public function issuer() |
|
| 309 | - { |
|
| 310 | - return $this->_issuer; |
|
| 311 | - } |
|
| 312 | - |
|
| 313 | - /** |
|
| 314 | - * Check whether signature is set. |
|
| 315 | - * |
|
| 316 | - * @return bool |
|
| 317 | - */ |
|
| 318 | - public function hasSignature() |
|
| 319 | - { |
|
| 320 | - return isset($this->_signature); |
|
| 321 | - } |
|
| 322 | - |
|
| 323 | - /** |
|
| 324 | - * Get signature algorithm identifier. |
|
| 325 | - * |
|
| 326 | - * @return SignatureAlgorithmIdentifier |
|
| 327 | - */ |
|
| 328 | - public function signature() |
|
| 329 | - { |
|
| 330 | - if (!$this->hasSignature()) { |
|
| 331 | - throw new \LogicException("signature not set."); |
|
| 332 | - } |
|
| 333 | - return $this->_signature; |
|
| 334 | - } |
|
| 335 | - |
|
| 336 | - /** |
|
| 337 | - * Check whether serial number is present. |
|
| 338 | - * |
|
| 339 | - * @return bool |
|
| 340 | - */ |
|
| 341 | - public function hasSerialNumber() |
|
| 342 | - { |
|
| 343 | - return isset($this->_serialNumber); |
|
| 344 | - } |
|
| 345 | - |
|
| 346 | - /** |
|
| 347 | - * Get AC serial number. |
|
| 348 | - * |
|
| 349 | - * @return int|string |
|
| 350 | - */ |
|
| 351 | - public function serialNumber() |
|
| 352 | - { |
|
| 353 | - if (!$this->hasSerialNumber()) { |
|
| 354 | - throw new \LogicException("serialNumber not set."); |
|
| 355 | - } |
|
| 356 | - return $this->_serialNumber; |
|
| 357 | - } |
|
| 358 | - |
|
| 359 | - /** |
|
| 360 | - * Get validity period. |
|
| 361 | - * |
|
| 362 | - * @return AttCertValidityPeriod |
|
| 363 | - */ |
|
| 364 | - public function validityPeriod() |
|
| 365 | - { |
|
| 366 | - return $this->_attrCertValidityPeriod; |
|
| 367 | - } |
|
| 368 | - |
|
| 369 | - /** |
|
| 370 | - * Get attributes. |
|
| 371 | - * |
|
| 372 | - * @return Attributes |
|
| 373 | - */ |
|
| 374 | - public function attributes() |
|
| 375 | - { |
|
| 376 | - return $this->_attributes; |
|
| 377 | - } |
|
| 378 | - |
|
| 379 | - /** |
|
| 380 | - * Check whether issuer unique identifier is present. |
|
| 381 | - * |
|
| 382 | - * @return bool |
|
| 383 | - */ |
|
| 384 | - public function hasIssuerUniqueID() |
|
| 385 | - { |
|
| 386 | - return isset($this->_issuerUniqueID); |
|
| 387 | - } |
|
| 388 | - |
|
| 389 | - /** |
|
| 390 | - * Get issuer unique identifier. |
|
| 391 | - * |
|
| 392 | - * @return UniqueIdentifier |
|
| 393 | - */ |
|
| 394 | - public function issuerUniqueID() |
|
| 395 | - { |
|
| 396 | - if (!$this->hasIssuerUniqueID()) { |
|
| 397 | - throw new \LogicException("issuerUniqueID not set."); |
|
| 398 | - } |
|
| 399 | - return $this->_issuerUniqueID; |
|
| 400 | - } |
|
| 401 | - |
|
| 402 | - /** |
|
| 403 | - * Get extensions. |
|
| 404 | - * |
|
| 405 | - * @return Extensions |
|
| 406 | - */ |
|
| 407 | - public function extensions() |
|
| 408 | - { |
|
| 409 | - return $this->_extensions; |
|
| 410 | - } |
|
| 411 | - |
|
| 412 | - /** |
|
| 413 | - * Get ASN.1 structure. |
|
| 414 | - * |
|
| 415 | - * @return Sequence |
|
| 416 | - */ |
|
| 417 | - public function toASN1() |
|
| 418 | - { |
|
| 419 | - $elements = array(new Integer($this->_version), $this->_holder->toASN1(), |
|
| 420 | - $this->_issuer->toASN1(), $this->signature()->toASN1(), |
|
| 421 | - new Integer($this->serialNumber()), |
|
| 422 | - $this->_attrCertValidityPeriod->toASN1(), |
|
| 423 | - $this->_attributes->toASN1()); |
|
| 424 | - if (isset($this->_issuerUniqueID)) { |
|
| 425 | - $elements[] = $this->_issuerUniqueID->toASN1(); |
|
| 426 | - } |
|
| 427 | - if (count($this->_extensions)) { |
|
| 428 | - $elements[] = $this->_extensions->toASN1(); |
|
| 429 | - } |
|
| 430 | - return new Sequence(...$elements); |
|
| 431 | - } |
|
| 432 | - |
|
| 433 | - /** |
|
| 434 | - * Create signed attribute certificate. |
|
| 435 | - * |
|
| 436 | - * @param SignatureAlgorithmIdentifier $algo Signature algorithm |
|
| 437 | - * @param PrivateKeyInfo $privkey_info Private key |
|
| 438 | - * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 439 | - * @return AttributeCertificate |
|
| 440 | - */ |
|
| 441 | - public function sign(SignatureAlgorithmIdentifier $algo, |
|
| 442 | - PrivateKeyInfo $privkey_info, Crypto $crypto = null) |
|
| 443 | - { |
|
| 444 | - $crypto = $crypto ?: Crypto::getDefault(); |
|
| 445 | - $aci = clone $this; |
|
| 446 | - if (!isset($aci->_serialNumber)) { |
|
| 447 | - $aci->_serialNumber = 0; |
|
| 448 | - } |
|
| 449 | - $aci->_signature = $algo; |
|
| 450 | - $data = $aci->toASN1()->toDER(); |
|
| 451 | - $signature = $crypto->sign($data, $privkey_info, $algo); |
|
| 452 | - return new AttributeCertificate($aci, $algo, $signature); |
|
| 453 | - } |
|
| 23 | + const VERSION_2 = 1; |
|
| 24 | + |
|
| 25 | + /** |
|
| 26 | + * AC version. |
|
| 27 | + * |
|
| 28 | + * @var int $_version |
|
| 29 | + */ |
|
| 30 | + protected $_version; |
|
| 31 | + |
|
| 32 | + /** |
|
| 33 | + * AC holder. |
|
| 34 | + * |
|
| 35 | + * @var Holder $_holder |
|
| 36 | + */ |
|
| 37 | + protected $_holder; |
|
| 38 | + |
|
| 39 | + /** |
|
| 40 | + * AC issuer. |
|
| 41 | + * |
|
| 42 | + * @var AttCertIssuer $_issuer |
|
| 43 | + */ |
|
| 44 | + protected $_issuer; |
|
| 45 | + |
|
| 46 | + /** |
|
| 47 | + * Signature algorithm identifier. |
|
| 48 | + * |
|
| 49 | + * @var SignatureAlgorithmIdentifier $_signature |
|
| 50 | + */ |
|
| 51 | + protected $_signature; |
|
| 52 | + |
|
| 53 | + /** |
|
| 54 | + * AC serial number. |
|
| 55 | + * |
|
| 56 | + * @var int|string $_serialNumber |
|
| 57 | + */ |
|
| 58 | + protected $_serialNumber; |
|
| 59 | + |
|
| 60 | + /** |
|
| 61 | + * Validity period. |
|
| 62 | + * |
|
| 63 | + * @var AttCertValidityPeriod $_attrCertValidityPeriod |
|
| 64 | + */ |
|
| 65 | + protected $_attrCertValidityPeriod; |
|
| 66 | + |
|
| 67 | + /** |
|
| 68 | + * Attributes. |
|
| 69 | + * |
|
| 70 | + * @var Attributes $_attributes |
|
| 71 | + */ |
|
| 72 | + protected $_attributes; |
|
| 73 | + |
|
| 74 | + /** |
|
| 75 | + * Issuer unique identifier. |
|
| 76 | + * |
|
| 77 | + * @var UniqueIdentifier|null $_issuerUniqueID |
|
| 78 | + */ |
|
| 79 | + protected $_issuerUniqueID; |
|
| 80 | + |
|
| 81 | + /** |
|
| 82 | + * Extensions. |
|
| 83 | + * |
|
| 84 | + * @var Extensions $_extensions |
|
| 85 | + */ |
|
| 86 | + protected $_extensions; |
|
| 87 | + |
|
| 88 | + /** |
|
| 89 | + * Constructor. |
|
| 90 | + * |
|
| 91 | + * @param Holder $holder AC holder |
|
| 92 | + * @param AttCertIssuer $issuer AC issuer |
|
| 93 | + * @param AttCertValidityPeriod $validity Validity |
|
| 94 | + * @param Attributes $attribs Attributes |
|
| 95 | + */ |
|
| 96 | + public function __construct(Holder $holder, AttCertIssuer $issuer, |
|
| 97 | + AttCertValidityPeriod $validity, Attributes $attribs) |
|
| 98 | + { |
|
| 99 | + $this->_version = self::VERSION_2; |
|
| 100 | + $this->_holder = $holder; |
|
| 101 | + $this->_issuer = $issuer; |
|
| 102 | + $this->_attrCertValidityPeriod = $validity; |
|
| 103 | + $this->_attributes = $attribs; |
|
| 104 | + $this->_extensions = new Extensions(); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * Initialize from ASN.1. |
|
| 109 | + * |
|
| 110 | + * @param Sequence $seq |
|
| 111 | + * @throws \UnexpectedValueException |
|
| 112 | + * @return self |
|
| 113 | + */ |
|
| 114 | + public static function fromASN1(Sequence $seq) |
|
| 115 | + { |
|
| 116 | + $version = $seq->at(0) |
|
| 117 | + ->asInteger() |
|
| 118 | + ->number(); |
|
| 119 | + if ($version != self::VERSION_2) { |
|
| 120 | + throw new \UnexpectedValueException("Version must be 2."); |
|
| 121 | + } |
|
| 122 | + $holder = Holder::fromASN1($seq->at(1)->asSequence()); |
|
| 123 | + $issuer = AttCertIssuer::fromASN1($seq->at(2)); |
|
| 124 | + $signature = AlgorithmIdentifier::fromASN1($seq->at(3)->asSequence()); |
|
| 125 | + if (!$signature instanceof SignatureAlgorithmIdentifier) { |
|
| 126 | + throw new \UnexpectedValueException( |
|
| 127 | + "Unsupported signature algorithm " . $signature->oid() . "."); |
|
| 128 | + } |
|
| 129 | + $serial = $seq->at(4) |
|
| 130 | + ->asInteger() |
|
| 131 | + ->number(); |
|
| 132 | + $validity = AttCertValidityPeriod::fromASN1($seq->at(5)->asSequence()); |
|
| 133 | + $attribs = Attributes::fromASN1($seq->at(6)->asSequence()); |
|
| 134 | + $obj = new self($holder, $issuer, $validity, $attribs); |
|
| 135 | + $obj->_signature = $signature; |
|
| 136 | + $obj->_serialNumber = $serial; |
|
| 137 | + $idx = 7; |
|
| 138 | + if ($seq->has($idx, Element::TYPE_BIT_STRING)) { |
|
| 139 | + $obj->_issuerUniqueID = UniqueIdentifier::fromASN1( |
|
| 140 | + $seq->at($idx++)->asBitString()); |
|
| 141 | + } |
|
| 142 | + if ($seq->has($idx, Element::TYPE_SEQUENCE)) { |
|
| 143 | + $obj->_extensions = Extensions::fromASN1( |
|
| 144 | + $seq->at($idx++)->asSequence()); |
|
| 145 | + } |
|
| 146 | + return $obj; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * Get self with holder. |
|
| 151 | + * |
|
| 152 | + * @param Holder $holder |
|
| 153 | + * @return self |
|
| 154 | + */ |
|
| 155 | + public function withHolder(Holder $holder) |
|
| 156 | + { |
|
| 157 | + $obj = clone $this; |
|
| 158 | + $obj->_holder = $holder; |
|
| 159 | + return $obj; |
|
| 160 | + } |
|
| 161 | + |
|
| 162 | + /** |
|
| 163 | + * Get self with issuer. |
|
| 164 | + * |
|
| 165 | + * @param AttCertIssuer $issuer |
|
| 166 | + * @return self |
|
| 167 | + */ |
|
| 168 | + public function withIssuer(AttCertIssuer $issuer) |
|
| 169 | + { |
|
| 170 | + $obj = clone $this; |
|
| 171 | + $obj->_issuer = $issuer; |
|
| 172 | + return $obj; |
|
| 173 | + } |
|
| 174 | + |
|
| 175 | + /** |
|
| 176 | + * Get self with signature algorithm identifier. |
|
| 177 | + * |
|
| 178 | + * @param SignatureAlgorithmIdentifier $algo |
|
| 179 | + * @return self |
|
| 180 | + */ |
|
| 181 | + public function withSignature(SignatureAlgorithmIdentifier $algo) |
|
| 182 | + { |
|
| 183 | + $obj = clone $this; |
|
| 184 | + $obj->_signature = $algo; |
|
| 185 | + return $obj; |
|
| 186 | + } |
|
| 187 | + |
|
| 188 | + /** |
|
| 189 | + * Get self with serial number. |
|
| 190 | + * |
|
| 191 | + * @param int|string $serial |
|
| 192 | + * @return self |
|
| 193 | + */ |
|
| 194 | + public function withSerialNumber($serial) |
|
| 195 | + { |
|
| 196 | + $obj = clone $this; |
|
| 197 | + $obj->_serialNumber = $serial; |
|
| 198 | + return $obj; |
|
| 199 | + } |
|
| 200 | + |
|
| 201 | + /** |
|
| 202 | + * Get self with random positive serial number. |
|
| 203 | + * |
|
| 204 | + * @param int $size Number of random bytes |
|
| 205 | + * @return self |
|
| 206 | + */ |
|
| 207 | + public function withRandomSerialNumber($size = 16) |
|
| 208 | + { |
|
| 209 | + // ensure that first byte is always non-zero and having first bit unset |
|
| 210 | + $num = gmp_init(mt_rand(1, 0x7f), 10); |
|
| 211 | + for ($i = 1; $i < $size; ++$i) { |
|
| 212 | + $num <<= 8; |
|
| 213 | + $num += mt_rand(0, 0xff); |
|
| 214 | + } |
|
| 215 | + return $this->withSerialNumber(gmp_strval($num, 10)); |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + /** |
|
| 219 | + * Get self with validity period. |
|
| 220 | + * |
|
| 221 | + * @param AttCertValidityPeriod $validity |
|
| 222 | + * @return self |
|
| 223 | + */ |
|
| 224 | + public function withValidity(AttCertValidityPeriod $validity) |
|
| 225 | + { |
|
| 226 | + $obj = clone $this; |
|
| 227 | + $obj->_attrCertValidityPeriod = $validity; |
|
| 228 | + return $obj; |
|
| 229 | + } |
|
| 230 | + |
|
| 231 | + /** |
|
| 232 | + * Get self with attributes. |
|
| 233 | + * |
|
| 234 | + * @param Attributes $attribs |
|
| 235 | + * @return self |
|
| 236 | + */ |
|
| 237 | + public function withAttributes(Attributes $attribs) |
|
| 238 | + { |
|
| 239 | + $obj = clone $this; |
|
| 240 | + $obj->_attributes = $attribs; |
|
| 241 | + return $obj; |
|
| 242 | + } |
|
| 243 | + |
|
| 244 | + /** |
|
| 245 | + * Get self with issuer unique identifier. |
|
| 246 | + * |
|
| 247 | + * @param UniqueIdentifier $uid |
|
| 248 | + * @return self |
|
| 249 | + */ |
|
| 250 | + public function withIssuerUniqueID(UniqueIdentifier $uid) |
|
| 251 | + { |
|
| 252 | + $obj = clone $this; |
|
| 253 | + $obj->_issuerUniqueID = $uid; |
|
| 254 | + return $obj; |
|
| 255 | + } |
|
| 256 | + |
|
| 257 | + /** |
|
| 258 | + * Get self with extensions. |
|
| 259 | + * |
|
| 260 | + * @param Extensions $extensions |
|
| 261 | + * @return self |
|
| 262 | + */ |
|
| 263 | + public function withExtensions(Extensions $extensions) |
|
| 264 | + { |
|
| 265 | + $obj = clone $this; |
|
| 266 | + $obj->_extensions = $extensions; |
|
| 267 | + return $obj; |
|
| 268 | + } |
|
| 269 | + |
|
| 270 | + /** |
|
| 271 | + * Get self with extensions added. |
|
| 272 | + * |
|
| 273 | + * @param Extension ...$exts One or more Extension objects |
|
| 274 | + * @return self |
|
| 275 | + */ |
|
| 276 | + public function withAdditionalExtensions(Extension ...$exts) |
|
| 277 | + { |
|
| 278 | + $obj = clone $this; |
|
| 279 | + $obj->_extensions = $obj->_extensions->withExtensions(...$exts); |
|
| 280 | + return $obj; |
|
| 281 | + } |
|
| 282 | + |
|
| 283 | + /** |
|
| 284 | + * Get version. |
|
| 285 | + * |
|
| 286 | + * @return int |
|
| 287 | + */ |
|
| 288 | + public function version() |
|
| 289 | + { |
|
| 290 | + return $this->_version; |
|
| 291 | + } |
|
| 292 | + |
|
| 293 | + /** |
|
| 294 | + * Get AC holder. |
|
| 295 | + * |
|
| 296 | + * @return Holder |
|
| 297 | + */ |
|
| 298 | + public function holder() |
|
| 299 | + { |
|
| 300 | + return $this->_holder; |
|
| 301 | + } |
|
| 302 | + |
|
| 303 | + /** |
|
| 304 | + * Get AC issuer. |
|
| 305 | + * |
|
| 306 | + * @return AttCertIssuer |
|
| 307 | + */ |
|
| 308 | + public function issuer() |
|
| 309 | + { |
|
| 310 | + return $this->_issuer; |
|
| 311 | + } |
|
| 312 | + |
|
| 313 | + /** |
|
| 314 | + * Check whether signature is set. |
|
| 315 | + * |
|
| 316 | + * @return bool |
|
| 317 | + */ |
|
| 318 | + public function hasSignature() |
|
| 319 | + { |
|
| 320 | + return isset($this->_signature); |
|
| 321 | + } |
|
| 322 | + |
|
| 323 | + /** |
|
| 324 | + * Get signature algorithm identifier. |
|
| 325 | + * |
|
| 326 | + * @return SignatureAlgorithmIdentifier |
|
| 327 | + */ |
|
| 328 | + public function signature() |
|
| 329 | + { |
|
| 330 | + if (!$this->hasSignature()) { |
|
| 331 | + throw new \LogicException("signature not set."); |
|
| 332 | + } |
|
| 333 | + return $this->_signature; |
|
| 334 | + } |
|
| 335 | + |
|
| 336 | + /** |
|
| 337 | + * Check whether serial number is present. |
|
| 338 | + * |
|
| 339 | + * @return bool |
|
| 340 | + */ |
|
| 341 | + public function hasSerialNumber() |
|
| 342 | + { |
|
| 343 | + return isset($this->_serialNumber); |
|
| 344 | + } |
|
| 345 | + |
|
| 346 | + /** |
|
| 347 | + * Get AC serial number. |
|
| 348 | + * |
|
| 349 | + * @return int|string |
|
| 350 | + */ |
|
| 351 | + public function serialNumber() |
|
| 352 | + { |
|
| 353 | + if (!$this->hasSerialNumber()) { |
|
| 354 | + throw new \LogicException("serialNumber not set."); |
|
| 355 | + } |
|
| 356 | + return $this->_serialNumber; |
|
| 357 | + } |
|
| 358 | + |
|
| 359 | + /** |
|
| 360 | + * Get validity period. |
|
| 361 | + * |
|
| 362 | + * @return AttCertValidityPeriod |
|
| 363 | + */ |
|
| 364 | + public function validityPeriod() |
|
| 365 | + { |
|
| 366 | + return $this->_attrCertValidityPeriod; |
|
| 367 | + } |
|
| 368 | + |
|
| 369 | + /** |
|
| 370 | + * Get attributes. |
|
| 371 | + * |
|
| 372 | + * @return Attributes |
|
| 373 | + */ |
|
| 374 | + public function attributes() |
|
| 375 | + { |
|
| 376 | + return $this->_attributes; |
|
| 377 | + } |
|
| 378 | + |
|
| 379 | + /** |
|
| 380 | + * Check whether issuer unique identifier is present. |
|
| 381 | + * |
|
| 382 | + * @return bool |
|
| 383 | + */ |
|
| 384 | + public function hasIssuerUniqueID() |
|
| 385 | + { |
|
| 386 | + return isset($this->_issuerUniqueID); |
|
| 387 | + } |
|
| 388 | + |
|
| 389 | + /** |
|
| 390 | + * Get issuer unique identifier. |
|
| 391 | + * |
|
| 392 | + * @return UniqueIdentifier |
|
| 393 | + */ |
|
| 394 | + public function issuerUniqueID() |
|
| 395 | + { |
|
| 396 | + if (!$this->hasIssuerUniqueID()) { |
|
| 397 | + throw new \LogicException("issuerUniqueID not set."); |
|
| 398 | + } |
|
| 399 | + return $this->_issuerUniqueID; |
|
| 400 | + } |
|
| 401 | + |
|
| 402 | + /** |
|
| 403 | + * Get extensions. |
|
| 404 | + * |
|
| 405 | + * @return Extensions |
|
| 406 | + */ |
|
| 407 | + public function extensions() |
|
| 408 | + { |
|
| 409 | + return $this->_extensions; |
|
| 410 | + } |
|
| 411 | + |
|
| 412 | + /** |
|
| 413 | + * Get ASN.1 structure. |
|
| 414 | + * |
|
| 415 | + * @return Sequence |
|
| 416 | + */ |
|
| 417 | + public function toASN1() |
|
| 418 | + { |
|
| 419 | + $elements = array(new Integer($this->_version), $this->_holder->toASN1(), |
|
| 420 | + $this->_issuer->toASN1(), $this->signature()->toASN1(), |
|
| 421 | + new Integer($this->serialNumber()), |
|
| 422 | + $this->_attrCertValidityPeriod->toASN1(), |
|
| 423 | + $this->_attributes->toASN1()); |
|
| 424 | + if (isset($this->_issuerUniqueID)) { |
|
| 425 | + $elements[] = $this->_issuerUniqueID->toASN1(); |
|
| 426 | + } |
|
| 427 | + if (count($this->_extensions)) { |
|
| 428 | + $elements[] = $this->_extensions->toASN1(); |
|
| 429 | + } |
|
| 430 | + return new Sequence(...$elements); |
|
| 431 | + } |
|
| 432 | + |
|
| 433 | + /** |
|
| 434 | + * Create signed attribute certificate. |
|
| 435 | + * |
|
| 436 | + * @param SignatureAlgorithmIdentifier $algo Signature algorithm |
|
| 437 | + * @param PrivateKeyInfo $privkey_info Private key |
|
| 438 | + * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 439 | + * @return AttributeCertificate |
|
| 440 | + */ |
|
| 441 | + public function sign(SignatureAlgorithmIdentifier $algo, |
|
| 442 | + PrivateKeyInfo $privkey_info, Crypto $crypto = null) |
|
| 443 | + { |
|
| 444 | + $crypto = $crypto ?: Crypto::getDefault(); |
|
| 445 | + $aci = clone $this; |
|
| 446 | + if (!isset($aci->_serialNumber)) { |
|
| 447 | + $aci->_serialNumber = 0; |
|
| 448 | + } |
|
| 449 | + $aci->_signature = $algo; |
|
| 450 | + $data = $aci->toASN1()->toDER(); |
|
| 451 | + $signature = $crypto->sign($data, $privkey_info, $algo); |
|
| 452 | + return new AttributeCertificate($aci, $algo, $signature); |
|
| 453 | + } |
|
| 454 | 454 | } |
@@ -17,172 +17,172 @@ |
||
| 17 | 17 | */ |
| 18 | 18 | class IssuerSerial |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * Issuer name. |
|
| 22 | - * |
|
| 23 | - * @var GeneralNames $_issuer |
|
| 24 | - */ |
|
| 25 | - protected $_issuer; |
|
| 20 | + /** |
|
| 21 | + * Issuer name. |
|
| 22 | + * |
|
| 23 | + * @var GeneralNames $_issuer |
|
| 24 | + */ |
|
| 25 | + protected $_issuer; |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * Serial number. |
|
| 29 | - * |
|
| 30 | - * @var string|int $_serial |
|
| 31 | - */ |
|
| 32 | - protected $_serial; |
|
| 27 | + /** |
|
| 28 | + * Serial number. |
|
| 29 | + * |
|
| 30 | + * @var string|int $_serial |
|
| 31 | + */ |
|
| 32 | + protected $_serial; |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Issuer unique ID. |
|
| 36 | - * |
|
| 37 | - * @var UniqueIdentifier|null $_issuerUID |
|
| 38 | - */ |
|
| 39 | - protected $_issuerUID; |
|
| 34 | + /** |
|
| 35 | + * Issuer unique ID. |
|
| 36 | + * |
|
| 37 | + * @var UniqueIdentifier|null $_issuerUID |
|
| 38 | + */ |
|
| 39 | + protected $_issuerUID; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * Constructor. |
|
| 43 | - * |
|
| 44 | - * @param GeneralNames $issuer |
|
| 45 | - * @param string|int $serial |
|
| 46 | - * @param UniqueIdentifier|null $uid |
|
| 47 | - */ |
|
| 48 | - public function __construct(GeneralNames $issuer, $serial, |
|
| 49 | - UniqueIdentifier $uid = null) |
|
| 50 | - { |
|
| 51 | - $this->_issuer = $issuer; |
|
| 52 | - $this->_serial = $serial; |
|
| 53 | - $this->_issuerUID = $uid; |
|
| 54 | - } |
|
| 41 | + /** |
|
| 42 | + * Constructor. |
|
| 43 | + * |
|
| 44 | + * @param GeneralNames $issuer |
|
| 45 | + * @param string|int $serial |
|
| 46 | + * @param UniqueIdentifier|null $uid |
|
| 47 | + */ |
|
| 48 | + public function __construct(GeneralNames $issuer, $serial, |
|
| 49 | + UniqueIdentifier $uid = null) |
|
| 50 | + { |
|
| 51 | + $this->_issuer = $issuer; |
|
| 52 | + $this->_serial = $serial; |
|
| 53 | + $this->_issuerUID = $uid; |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Initialize from ASN.1. |
|
| 58 | - * |
|
| 59 | - * @param Sequence $seq |
|
| 60 | - * @return self |
|
| 61 | - */ |
|
| 62 | - public static function fromASN1(Sequence $seq) |
|
| 63 | - { |
|
| 64 | - $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence()); |
|
| 65 | - $serial = $seq->at(1) |
|
| 66 | - ->asInteger() |
|
| 67 | - ->number(); |
|
| 68 | - $uid = null; |
|
| 69 | - if ($seq->has(2, Element::TYPE_BIT_STRING)) { |
|
| 70 | - $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString()); |
|
| 71 | - } |
|
| 72 | - return new self($issuer, $serial, $uid); |
|
| 73 | - } |
|
| 56 | + /** |
|
| 57 | + * Initialize from ASN.1. |
|
| 58 | + * |
|
| 59 | + * @param Sequence $seq |
|
| 60 | + * @return self |
|
| 61 | + */ |
|
| 62 | + public static function fromASN1(Sequence $seq) |
|
| 63 | + { |
|
| 64 | + $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence()); |
|
| 65 | + $serial = $seq->at(1) |
|
| 66 | + ->asInteger() |
|
| 67 | + ->number(); |
|
| 68 | + $uid = null; |
|
| 69 | + if ($seq->has(2, Element::TYPE_BIT_STRING)) { |
|
| 70 | + $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString()); |
|
| 71 | + } |
|
| 72 | + return new self($issuer, $serial, $uid); |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * Initialize from a public key certificate. |
|
| 77 | - * |
|
| 78 | - * @param Certificate $cert |
|
| 79 | - * @return self |
|
| 80 | - */ |
|
| 81 | - public static function fromPKC(Certificate $cert) |
|
| 82 | - { |
|
| 83 | - $tbsCert = $cert->tbsCertificate(); |
|
| 84 | - $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer())); |
|
| 85 | - $serial = $tbsCert->serialNumber(); |
|
| 86 | - $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null; |
|
| 87 | - return new self($issuer, $serial, $uid); |
|
| 88 | - } |
|
| 75 | + /** |
|
| 76 | + * Initialize from a public key certificate. |
|
| 77 | + * |
|
| 78 | + * @param Certificate $cert |
|
| 79 | + * @return self |
|
| 80 | + */ |
|
| 81 | + public static function fromPKC(Certificate $cert) |
|
| 82 | + { |
|
| 83 | + $tbsCert = $cert->tbsCertificate(); |
|
| 84 | + $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer())); |
|
| 85 | + $serial = $tbsCert->serialNumber(); |
|
| 86 | + $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null; |
|
| 87 | + return new self($issuer, $serial, $uid); |
|
| 88 | + } |
|
| 89 | 89 | |
| 90 | - /** |
|
| 91 | - * Get issuer name. |
|
| 92 | - * |
|
| 93 | - * @return GeneralNames |
|
| 94 | - */ |
|
| 95 | - public function issuer() |
|
| 96 | - { |
|
| 97 | - return $this->_issuer; |
|
| 98 | - } |
|
| 90 | + /** |
|
| 91 | + * Get issuer name. |
|
| 92 | + * |
|
| 93 | + * @return GeneralNames |
|
| 94 | + */ |
|
| 95 | + public function issuer() |
|
| 96 | + { |
|
| 97 | + return $this->_issuer; |
|
| 98 | + } |
|
| 99 | 99 | |
| 100 | - /** |
|
| 101 | - * Get serial number. |
|
| 102 | - * |
|
| 103 | - * @return int|string |
|
| 104 | - */ |
|
| 105 | - public function serial() |
|
| 106 | - { |
|
| 107 | - return $this->_serial; |
|
| 108 | - } |
|
| 100 | + /** |
|
| 101 | + * Get serial number. |
|
| 102 | + * |
|
| 103 | + * @return int|string |
|
| 104 | + */ |
|
| 105 | + public function serial() |
|
| 106 | + { |
|
| 107 | + return $this->_serial; |
|
| 108 | + } |
|
| 109 | 109 | |
| 110 | - /** |
|
| 111 | - * Check whether issuer unique identifier is present. |
|
| 112 | - * |
|
| 113 | - * @return bool |
|
| 114 | - */ |
|
| 115 | - public function hasIssuerUID() |
|
| 116 | - { |
|
| 117 | - return isset($this->_issuerUID); |
|
| 118 | - } |
|
| 110 | + /** |
|
| 111 | + * Check whether issuer unique identifier is present. |
|
| 112 | + * |
|
| 113 | + * @return bool |
|
| 114 | + */ |
|
| 115 | + public function hasIssuerUID() |
|
| 116 | + { |
|
| 117 | + return isset($this->_issuerUID); |
|
| 118 | + } |
|
| 119 | 119 | |
| 120 | - /** |
|
| 121 | - * Get issuer unique identifier. |
|
| 122 | - * |
|
| 123 | - * @throws \LogicException |
|
| 124 | - * @return UniqueIdentifier |
|
| 125 | - */ |
|
| 126 | - public function issuerUID() |
|
| 127 | - { |
|
| 128 | - if (!$this->hasIssuerUID()) { |
|
| 129 | - throw new \LogicException("issuerUID not set."); |
|
| 130 | - } |
|
| 131 | - return $this->_issuerUID; |
|
| 132 | - } |
|
| 120 | + /** |
|
| 121 | + * Get issuer unique identifier. |
|
| 122 | + * |
|
| 123 | + * @throws \LogicException |
|
| 124 | + * @return UniqueIdentifier |
|
| 125 | + */ |
|
| 126 | + public function issuerUID() |
|
| 127 | + { |
|
| 128 | + if (!$this->hasIssuerUID()) { |
|
| 129 | + throw new \LogicException("issuerUID not set."); |
|
| 130 | + } |
|
| 131 | + return $this->_issuerUID; |
|
| 132 | + } |
|
| 133 | 133 | |
| 134 | - /** |
|
| 135 | - * Generate ASN.1 structure. |
|
| 136 | - * |
|
| 137 | - * @return Sequence |
|
| 138 | - */ |
|
| 139 | - public function toASN1() |
|
| 140 | - { |
|
| 141 | - $elements = array($this->_issuer->toASN1(), new Integer($this->_serial)); |
|
| 142 | - if (isset($this->_issuerUID)) { |
|
| 143 | - $elements[] = $this->_issuerUID->toASN1(); |
|
| 144 | - } |
|
| 145 | - return new Sequence(...$elements); |
|
| 146 | - } |
|
| 134 | + /** |
|
| 135 | + * Generate ASN.1 structure. |
|
| 136 | + * |
|
| 137 | + * @return Sequence |
|
| 138 | + */ |
|
| 139 | + public function toASN1() |
|
| 140 | + { |
|
| 141 | + $elements = array($this->_issuer->toASN1(), new Integer($this->_serial)); |
|
| 142 | + if (isset($this->_issuerUID)) { |
|
| 143 | + $elements[] = $this->_issuerUID->toASN1(); |
|
| 144 | + } |
|
| 145 | + return new Sequence(...$elements); |
|
| 146 | + } |
|
| 147 | 147 | |
| 148 | - /** |
|
| 149 | - * Check whether this IssuerSerial identifies given certificate. |
|
| 150 | - * |
|
| 151 | - * @param Certificate $cert |
|
| 152 | - * @return boolean |
|
| 153 | - */ |
|
| 154 | - public function identifiesPKC(Certificate $cert) |
|
| 155 | - { |
|
| 156 | - $tbs = $cert->tbsCertificate(); |
|
| 157 | - if (!$tbs->issuer()->equals($this->_issuer->firstDN())) { |
|
| 158 | - return false; |
|
| 159 | - } |
|
| 160 | - if (strval($tbs->serialNumber()) != strval($this->_serial)) { |
|
| 161 | - return false; |
|
| 162 | - } |
|
| 163 | - if ($this->_issuerUID && !$this->_checkUniqueID($cert)) { |
|
| 164 | - return false; |
|
| 165 | - } |
|
| 166 | - return true; |
|
| 167 | - } |
|
| 148 | + /** |
|
| 149 | + * Check whether this IssuerSerial identifies given certificate. |
|
| 150 | + * |
|
| 151 | + * @param Certificate $cert |
|
| 152 | + * @return boolean |
|
| 153 | + */ |
|
| 154 | + public function identifiesPKC(Certificate $cert) |
|
| 155 | + { |
|
| 156 | + $tbs = $cert->tbsCertificate(); |
|
| 157 | + if (!$tbs->issuer()->equals($this->_issuer->firstDN())) { |
|
| 158 | + return false; |
|
| 159 | + } |
|
| 160 | + if (strval($tbs->serialNumber()) != strval($this->_serial)) { |
|
| 161 | + return false; |
|
| 162 | + } |
|
| 163 | + if ($this->_issuerUID && !$this->_checkUniqueID($cert)) { |
|
| 164 | + return false; |
|
| 165 | + } |
|
| 166 | + return true; |
|
| 167 | + } |
|
| 168 | 168 | |
| 169 | - /** |
|
| 170 | - * Check whether issuerUID matches given certificate. |
|
| 171 | - * |
|
| 172 | - * @param Certificate $cert |
|
| 173 | - * @return boolean |
|
| 174 | - */ |
|
| 175 | - private function _checkUniqueID(Certificate $cert) |
|
| 176 | - { |
|
| 177 | - if (!$cert->tbsCertificate()->hasIssuerUniqueID()) { |
|
| 178 | - return false; |
|
| 179 | - } |
|
| 180 | - $uid = $cert->tbsCertificate() |
|
| 181 | - ->issuerUniqueID() |
|
| 182 | - ->string(); |
|
| 183 | - if ($this->_issuerUID->string() != $uid) { |
|
| 184 | - return false; |
|
| 185 | - } |
|
| 186 | - return true; |
|
| 187 | - } |
|
| 169 | + /** |
|
| 170 | + * Check whether issuerUID matches given certificate. |
|
| 171 | + * |
|
| 172 | + * @param Certificate $cert |
|
| 173 | + * @return boolean |
|
| 174 | + */ |
|
| 175 | + private function _checkUniqueID(Certificate $cert) |
|
| 176 | + { |
|
| 177 | + if (!$cert->tbsCertificate()->hasIssuerUniqueID()) { |
|
| 178 | + return false; |
|
| 179 | + } |
|
| 180 | + $uid = $cert->tbsCertificate() |
|
| 181 | + ->issuerUniqueID() |
|
| 182 | + ->string(); |
|
| 183 | + if ($this->_issuerUID->string() != $uid) { |
|
| 184 | + return false; |
|
| 185 | + } |
|
| 186 | + return true; |
|
| 187 | + } |
|
| 188 | 188 | } |
@@ -17,281 +17,281 @@ |
||
| 17 | 17 | */ |
| 18 | 18 | class Holder |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * Holder PKC's issuer and serial. |
|
| 22 | - * |
|
| 23 | - * @var IssuerSerial|null $_baseCertificateID |
|
| 24 | - */ |
|
| 25 | - protected $_baseCertificateID; |
|
| 20 | + /** |
|
| 21 | + * Holder PKC's issuer and serial. |
|
| 22 | + * |
|
| 23 | + * @var IssuerSerial|null $_baseCertificateID |
|
| 24 | + */ |
|
| 25 | + protected $_baseCertificateID; |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * Holder PKC's subject. |
|
| 29 | - * |
|
| 30 | - * @var GeneralNames|null $_entityName |
|
| 31 | - */ |
|
| 32 | - protected $_entityName; |
|
| 27 | + /** |
|
| 28 | + * Holder PKC's subject. |
|
| 29 | + * |
|
| 30 | + * @var GeneralNames|null $_entityName |
|
| 31 | + */ |
|
| 32 | + protected $_entityName; |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Linked object. |
|
| 36 | - * |
|
| 37 | - * @var ObjectDigestInfo|null $_objectDigestInfo |
|
| 38 | - */ |
|
| 39 | - protected $_objectDigestInfo; |
|
| 34 | + /** |
|
| 35 | + * Linked object. |
|
| 36 | + * |
|
| 37 | + * @var ObjectDigestInfo|null $_objectDigestInfo |
|
| 38 | + */ |
|
| 39 | + protected $_objectDigestInfo; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * Constructor. |
|
| 43 | - * |
|
| 44 | - * @param IssuerSerial|null $issuer_serial |
|
| 45 | - * @param GeneralNames|null $entity_name |
|
| 46 | - */ |
|
| 47 | - public function __construct(IssuerSerial $issuer_serial = null, |
|
| 48 | - GeneralNames $entity_name = null) |
|
| 49 | - { |
|
| 50 | - $this->_baseCertificateID = $issuer_serial; |
|
| 51 | - $this->_entityName = $entity_name; |
|
| 52 | - } |
|
| 41 | + /** |
|
| 42 | + * Constructor. |
|
| 43 | + * |
|
| 44 | + * @param IssuerSerial|null $issuer_serial |
|
| 45 | + * @param GeneralNames|null $entity_name |
|
| 46 | + */ |
|
| 47 | + public function __construct(IssuerSerial $issuer_serial = null, |
|
| 48 | + GeneralNames $entity_name = null) |
|
| 49 | + { |
|
| 50 | + $this->_baseCertificateID = $issuer_serial; |
|
| 51 | + $this->_entityName = $entity_name; |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * Initialize from a holder's public key certificate. |
|
| 56 | - * |
|
| 57 | - * @param Certificate $cert |
|
| 58 | - * @return self |
|
| 59 | - */ |
|
| 60 | - public static function fromPKC(Certificate $cert) |
|
| 61 | - { |
|
| 62 | - return new self(IssuerSerial::fromPKC($cert)); |
|
| 63 | - } |
|
| 54 | + /** |
|
| 55 | + * Initialize from a holder's public key certificate. |
|
| 56 | + * |
|
| 57 | + * @param Certificate $cert |
|
| 58 | + * @return self |
|
| 59 | + */ |
|
| 60 | + public static function fromPKC(Certificate $cert) |
|
| 61 | + { |
|
| 62 | + return new self(IssuerSerial::fromPKC($cert)); |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * Initialize from ASN.1. |
|
| 67 | - * |
|
| 68 | - * @param Sequence $seq |
|
| 69 | - */ |
|
| 70 | - public static function fromASN1(Sequence $seq) |
|
| 71 | - { |
|
| 72 | - $cert_id = null; |
|
| 73 | - $entity_name = null; |
|
| 74 | - $digest_info = null; |
|
| 75 | - if ($seq->hasTagged(0)) { |
|
| 76 | - $cert_id = IssuerSerial::fromASN1( |
|
| 77 | - $seq->getTagged(0) |
|
| 78 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 79 | - ->asSequence()); |
|
| 80 | - } |
|
| 81 | - if ($seq->hasTagged(1)) { |
|
| 82 | - $entity_name = GeneralNames::fromASN1( |
|
| 83 | - $seq->getTagged(1) |
|
| 84 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 85 | - ->asSequence()); |
|
| 86 | - } |
|
| 87 | - if ($seq->hasTagged(2)) { |
|
| 88 | - $digest_info = ObjectDigestInfo::fromASN1( |
|
| 89 | - $seq->getTagged(2) |
|
| 90 | - ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 91 | - ->asSequence()); |
|
| 92 | - } |
|
| 93 | - $obj = new self($cert_id, $entity_name); |
|
| 94 | - $obj->_objectDigestInfo = $digest_info; |
|
| 95 | - return $obj; |
|
| 96 | - } |
|
| 65 | + /** |
|
| 66 | + * Initialize from ASN.1. |
|
| 67 | + * |
|
| 68 | + * @param Sequence $seq |
|
| 69 | + */ |
|
| 70 | + public static function fromASN1(Sequence $seq) |
|
| 71 | + { |
|
| 72 | + $cert_id = null; |
|
| 73 | + $entity_name = null; |
|
| 74 | + $digest_info = null; |
|
| 75 | + if ($seq->hasTagged(0)) { |
|
| 76 | + $cert_id = IssuerSerial::fromASN1( |
|
| 77 | + $seq->getTagged(0) |
|
| 78 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 79 | + ->asSequence()); |
|
| 80 | + } |
|
| 81 | + if ($seq->hasTagged(1)) { |
|
| 82 | + $entity_name = GeneralNames::fromASN1( |
|
| 83 | + $seq->getTagged(1) |
|
| 84 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 85 | + ->asSequence()); |
|
| 86 | + } |
|
| 87 | + if ($seq->hasTagged(2)) { |
|
| 88 | + $digest_info = ObjectDigestInfo::fromASN1( |
|
| 89 | + $seq->getTagged(2) |
|
| 90 | + ->asImplicit(Element::TYPE_SEQUENCE) |
|
| 91 | + ->asSequence()); |
|
| 92 | + } |
|
| 93 | + $obj = new self($cert_id, $entity_name); |
|
| 94 | + $obj->_objectDigestInfo = $digest_info; |
|
| 95 | + return $obj; |
|
| 96 | + } |
|
| 97 | 97 | |
| 98 | - /** |
|
| 99 | - * Get self with base certificate ID. |
|
| 100 | - * |
|
| 101 | - * @param IssuerSerial $issuer |
|
| 102 | - * @return self |
|
| 103 | - */ |
|
| 104 | - public function withBaseCertificateID(IssuerSerial $issuer) |
|
| 105 | - { |
|
| 106 | - $obj = clone $this; |
|
| 107 | - $obj->_baseCertificateID = $issuer; |
|
| 108 | - return $obj; |
|
| 109 | - } |
|
| 98 | + /** |
|
| 99 | + * Get self with base certificate ID. |
|
| 100 | + * |
|
| 101 | + * @param IssuerSerial $issuer |
|
| 102 | + * @return self |
|
| 103 | + */ |
|
| 104 | + public function withBaseCertificateID(IssuerSerial $issuer) |
|
| 105 | + { |
|
| 106 | + $obj = clone $this; |
|
| 107 | + $obj->_baseCertificateID = $issuer; |
|
| 108 | + return $obj; |
|
| 109 | + } |
|
| 110 | 110 | |
| 111 | - /** |
|
| 112 | - * Get self with entity name. |
|
| 113 | - * |
|
| 114 | - * @param GeneralNames $names |
|
| 115 | - * @return self |
|
| 116 | - */ |
|
| 117 | - public function withEntityName(GeneralNames $names) |
|
| 118 | - { |
|
| 119 | - $obj = clone $this; |
|
| 120 | - $obj->_entityName = $names; |
|
| 121 | - return $obj; |
|
| 122 | - } |
|
| 111 | + /** |
|
| 112 | + * Get self with entity name. |
|
| 113 | + * |
|
| 114 | + * @param GeneralNames $names |
|
| 115 | + * @return self |
|
| 116 | + */ |
|
| 117 | + public function withEntityName(GeneralNames $names) |
|
| 118 | + { |
|
| 119 | + $obj = clone $this; |
|
| 120 | + $obj->_entityName = $names; |
|
| 121 | + return $obj; |
|
| 122 | + } |
|
| 123 | 123 | |
| 124 | - /** |
|
| 125 | - * Get self with object digest info. |
|
| 126 | - * |
|
| 127 | - * @param ObjectDigestInfo $odi |
|
| 128 | - * @return self |
|
| 129 | - */ |
|
| 130 | - public function withObjectDigestInfo(ObjectDigestInfo $odi) |
|
| 131 | - { |
|
| 132 | - $obj = clone $this; |
|
| 133 | - $obj->_objectDigestInfo = $odi; |
|
| 134 | - return $obj; |
|
| 135 | - } |
|
| 124 | + /** |
|
| 125 | + * Get self with object digest info. |
|
| 126 | + * |
|
| 127 | + * @param ObjectDigestInfo $odi |
|
| 128 | + * @return self |
|
| 129 | + */ |
|
| 130 | + public function withObjectDigestInfo(ObjectDigestInfo $odi) |
|
| 131 | + { |
|
| 132 | + $obj = clone $this; |
|
| 133 | + $obj->_objectDigestInfo = $odi; |
|
| 134 | + return $obj; |
|
| 135 | + } |
|
| 136 | 136 | |
| 137 | - /** |
|
| 138 | - * Check whether base certificate ID is present. |
|
| 139 | - * |
|
| 140 | - * @return bool |
|
| 141 | - */ |
|
| 142 | - public function hasBaseCertificateID() |
|
| 143 | - { |
|
| 144 | - return isset($this->_baseCertificateID); |
|
| 145 | - } |
|
| 137 | + /** |
|
| 138 | + * Check whether base certificate ID is present. |
|
| 139 | + * |
|
| 140 | + * @return bool |
|
| 141 | + */ |
|
| 142 | + public function hasBaseCertificateID() |
|
| 143 | + { |
|
| 144 | + return isset($this->_baseCertificateID); |
|
| 145 | + } |
|
| 146 | 146 | |
| 147 | - /** |
|
| 148 | - * Get base certificate ID. |
|
| 149 | - * |
|
| 150 | - * @throws \LogicException |
|
| 151 | - * @return IssuerSerial |
|
| 152 | - */ |
|
| 153 | - public function baseCertificateID() |
|
| 154 | - { |
|
| 155 | - if (!$this->hasBaseCertificateID()) { |
|
| 156 | - throw new \LogicException("baseCertificateID not set."); |
|
| 157 | - } |
|
| 158 | - return $this->_baseCertificateID; |
|
| 159 | - } |
|
| 147 | + /** |
|
| 148 | + * Get base certificate ID. |
|
| 149 | + * |
|
| 150 | + * @throws \LogicException |
|
| 151 | + * @return IssuerSerial |
|
| 152 | + */ |
|
| 153 | + public function baseCertificateID() |
|
| 154 | + { |
|
| 155 | + if (!$this->hasBaseCertificateID()) { |
|
| 156 | + throw new \LogicException("baseCertificateID not set."); |
|
| 157 | + } |
|
| 158 | + return $this->_baseCertificateID; |
|
| 159 | + } |
|
| 160 | 160 | |
| 161 | - /** |
|
| 162 | - * Check whether entity name is present. |
|
| 163 | - * |
|
| 164 | - * @return bool |
|
| 165 | - */ |
|
| 166 | - public function hasEntityName() |
|
| 167 | - { |
|
| 168 | - return isset($this->_entityName); |
|
| 169 | - } |
|
| 161 | + /** |
|
| 162 | + * Check whether entity name is present. |
|
| 163 | + * |
|
| 164 | + * @return bool |
|
| 165 | + */ |
|
| 166 | + public function hasEntityName() |
|
| 167 | + { |
|
| 168 | + return isset($this->_entityName); |
|
| 169 | + } |
|
| 170 | 170 | |
| 171 | - /** |
|
| 172 | - * Get entity name. |
|
| 173 | - * |
|
| 174 | - * @throws \LogicException |
|
| 175 | - * @return GeneralNames |
|
| 176 | - */ |
|
| 177 | - public function entityName() |
|
| 178 | - { |
|
| 179 | - if (!$this->hasEntityName()) { |
|
| 180 | - throw new \LogicException("entityName not set."); |
|
| 181 | - } |
|
| 182 | - return $this->_entityName; |
|
| 183 | - } |
|
| 171 | + /** |
|
| 172 | + * Get entity name. |
|
| 173 | + * |
|
| 174 | + * @throws \LogicException |
|
| 175 | + * @return GeneralNames |
|
| 176 | + */ |
|
| 177 | + public function entityName() |
|
| 178 | + { |
|
| 179 | + if (!$this->hasEntityName()) { |
|
| 180 | + throw new \LogicException("entityName not set."); |
|
| 181 | + } |
|
| 182 | + return $this->_entityName; |
|
| 183 | + } |
|
| 184 | 184 | |
| 185 | - /** |
|
| 186 | - * Check whether object digest info is present. |
|
| 187 | - * |
|
| 188 | - * @return bool |
|
| 189 | - */ |
|
| 190 | - public function hasObjectDigestInfo() |
|
| 191 | - { |
|
| 192 | - return isset($this->_objectDigestInfo); |
|
| 193 | - } |
|
| 185 | + /** |
|
| 186 | + * Check whether object digest info is present. |
|
| 187 | + * |
|
| 188 | + * @return bool |
|
| 189 | + */ |
|
| 190 | + public function hasObjectDigestInfo() |
|
| 191 | + { |
|
| 192 | + return isset($this->_objectDigestInfo); |
|
| 193 | + } |
|
| 194 | 194 | |
| 195 | - /** |
|
| 196 | - * Get object digest info. |
|
| 197 | - * |
|
| 198 | - * @throws \LogicException |
|
| 199 | - * @return ObjectDigestInfo |
|
| 200 | - */ |
|
| 201 | - public function objectDigestInfo() |
|
| 202 | - { |
|
| 203 | - if (!$this->hasObjectDigestInfo()) { |
|
| 204 | - throw new \LogicException("objectDigestInfo not set."); |
|
| 205 | - } |
|
| 206 | - return $this->_objectDigestInfo; |
|
| 207 | - } |
|
| 195 | + /** |
|
| 196 | + * Get object digest info. |
|
| 197 | + * |
|
| 198 | + * @throws \LogicException |
|
| 199 | + * @return ObjectDigestInfo |
|
| 200 | + */ |
|
| 201 | + public function objectDigestInfo() |
|
| 202 | + { |
|
| 203 | + if (!$this->hasObjectDigestInfo()) { |
|
| 204 | + throw new \LogicException("objectDigestInfo not set."); |
|
| 205 | + } |
|
| 206 | + return $this->_objectDigestInfo; |
|
| 207 | + } |
|
| 208 | 208 | |
| 209 | - /** |
|
| 210 | - * Generate ASN.1 structure. |
|
| 211 | - * |
|
| 212 | - * @return Sequence |
|
| 213 | - */ |
|
| 214 | - public function toASN1() |
|
| 215 | - { |
|
| 216 | - $elements = array(); |
|
| 217 | - if (isset($this->_baseCertificateID)) { |
|
| 218 | - $elements[] = new ImplicitlyTaggedType(0, |
|
| 219 | - $this->_baseCertificateID->toASN1()); |
|
| 220 | - } |
|
| 221 | - if (isset($this->_entityName)) { |
|
| 222 | - $elements[] = new ImplicitlyTaggedType(1, |
|
| 223 | - $this->_entityName->toASN1()); |
|
| 224 | - } |
|
| 225 | - if (isset($this->_objectDigestInfo)) { |
|
| 226 | - $elements[] = new ImplicitlyTaggedType(2, |
|
| 227 | - $this->_objectDigestInfo->toASN1()); |
|
| 228 | - } |
|
| 229 | - return new Sequence(...$elements); |
|
| 230 | - } |
|
| 209 | + /** |
|
| 210 | + * Generate ASN.1 structure. |
|
| 211 | + * |
|
| 212 | + * @return Sequence |
|
| 213 | + */ |
|
| 214 | + public function toASN1() |
|
| 215 | + { |
|
| 216 | + $elements = array(); |
|
| 217 | + if (isset($this->_baseCertificateID)) { |
|
| 218 | + $elements[] = new ImplicitlyTaggedType(0, |
|
| 219 | + $this->_baseCertificateID->toASN1()); |
|
| 220 | + } |
|
| 221 | + if (isset($this->_entityName)) { |
|
| 222 | + $elements[] = new ImplicitlyTaggedType(1, |
|
| 223 | + $this->_entityName->toASN1()); |
|
| 224 | + } |
|
| 225 | + if (isset($this->_objectDigestInfo)) { |
|
| 226 | + $elements[] = new ImplicitlyTaggedType(2, |
|
| 227 | + $this->_objectDigestInfo->toASN1()); |
|
| 228 | + } |
|
| 229 | + return new Sequence(...$elements); |
|
| 230 | + } |
|
| 231 | 231 | |
| 232 | - /** |
|
| 233 | - * Check whether Holder identifies given certificate. |
|
| 234 | - * |
|
| 235 | - * @param Certificate $cert |
|
| 236 | - * @return boolean |
|
| 237 | - */ |
|
| 238 | - public function identifiesPKC(Certificate $cert) |
|
| 239 | - { |
|
| 240 | - // if neither baseCertificateID nor entityName are present |
|
| 241 | - if (!$this->_baseCertificateID && !$this->_entityName) { |
|
| 242 | - return false; |
|
| 243 | - } |
|
| 244 | - // if baseCertificateID is present, but doesn't match |
|
| 245 | - if ($this->_baseCertificateID && |
|
| 246 | - !$this->_baseCertificateID->identifiesPKC($cert)) { |
|
| 247 | - return false; |
|
| 248 | - } |
|
| 249 | - // if entityName is present, but doesn't match |
|
| 250 | - if ($this->_entityName && !$this->_checkEntityName($cert)) { |
|
| 251 | - return false; |
|
| 252 | - } |
|
| 253 | - return true; |
|
| 254 | - } |
|
| 232 | + /** |
|
| 233 | + * Check whether Holder identifies given certificate. |
|
| 234 | + * |
|
| 235 | + * @param Certificate $cert |
|
| 236 | + * @return boolean |
|
| 237 | + */ |
|
| 238 | + public function identifiesPKC(Certificate $cert) |
|
| 239 | + { |
|
| 240 | + // if neither baseCertificateID nor entityName are present |
|
| 241 | + if (!$this->_baseCertificateID && !$this->_entityName) { |
|
| 242 | + return false; |
|
| 243 | + } |
|
| 244 | + // if baseCertificateID is present, but doesn't match |
|
| 245 | + if ($this->_baseCertificateID && |
|
| 246 | + !$this->_baseCertificateID->identifiesPKC($cert)) { |
|
| 247 | + return false; |
|
| 248 | + } |
|
| 249 | + // if entityName is present, but doesn't match |
|
| 250 | + if ($this->_entityName && !$this->_checkEntityName($cert)) { |
|
| 251 | + return false; |
|
| 252 | + } |
|
| 253 | + return true; |
|
| 254 | + } |
|
| 255 | 255 | |
| 256 | - /** |
|
| 257 | - * Check whether entityName matches the given certificate. |
|
| 258 | - * |
|
| 259 | - * @param Certificate $cert |
|
| 260 | - * @return boolean |
|
| 261 | - */ |
|
| 262 | - private function _checkEntityName(Certificate $cert) |
|
| 263 | - { |
|
| 264 | - $name = $this->_entityName->firstDN(); |
|
| 265 | - if ($cert->tbsCertificate() |
|
| 266 | - ->subject() |
|
| 267 | - ->equals($name)) { |
|
| 268 | - return true; |
|
| 269 | - } |
|
| 270 | - $exts = $cert->tbsCertificate()->extensions(); |
|
| 271 | - if ($exts->hasSubjectAlternativeName()) { |
|
| 272 | - $ext = $exts->subjectAlternativeName(); |
|
| 273 | - if ($this->_checkEntityAlternativeNames($ext->names())) { |
|
| 274 | - return true; |
|
| 275 | - } |
|
| 276 | - } |
|
| 277 | - return false; |
|
| 278 | - } |
|
| 256 | + /** |
|
| 257 | + * Check whether entityName matches the given certificate. |
|
| 258 | + * |
|
| 259 | + * @param Certificate $cert |
|
| 260 | + * @return boolean |
|
| 261 | + */ |
|
| 262 | + private function _checkEntityName(Certificate $cert) |
|
| 263 | + { |
|
| 264 | + $name = $this->_entityName->firstDN(); |
|
| 265 | + if ($cert->tbsCertificate() |
|
| 266 | + ->subject() |
|
| 267 | + ->equals($name)) { |
|
| 268 | + return true; |
|
| 269 | + } |
|
| 270 | + $exts = $cert->tbsCertificate()->extensions(); |
|
| 271 | + if ($exts->hasSubjectAlternativeName()) { |
|
| 272 | + $ext = $exts->subjectAlternativeName(); |
|
| 273 | + if ($this->_checkEntityAlternativeNames($ext->names())) { |
|
| 274 | + return true; |
|
| 275 | + } |
|
| 276 | + } |
|
| 277 | + return false; |
|
| 278 | + } |
|
| 279 | 279 | |
| 280 | - /** |
|
| 281 | - * Check whether any of the subject alternative names match entityName. |
|
| 282 | - * |
|
| 283 | - * @param GeneralNames $san |
|
| 284 | - * @return boolean |
|
| 285 | - */ |
|
| 286 | - private function _checkEntityAlternativeNames(GeneralNames $san) |
|
| 287 | - { |
|
| 288 | - // only directory names supported for now |
|
| 289 | - $name = $this->_entityName->firstDN(); |
|
| 290 | - foreach ($san->allOf(GeneralName::TAG_DIRECTORY_NAME) as $dn) { |
|
| 291 | - if ($dn instanceof DirectoryName && $dn->dn()->equals($name)) { |
|
| 292 | - return true; |
|
| 293 | - } |
|
| 294 | - } |
|
| 295 | - return false; |
|
| 296 | - } |
|
| 280 | + /** |
|
| 281 | + * Check whether any of the subject alternative names match entityName. |
|
| 282 | + * |
|
| 283 | + * @param GeneralNames $san |
|
| 284 | + * @return boolean |
|
| 285 | + */ |
|
| 286 | + private function _checkEntityAlternativeNames(GeneralNames $san) |
|
| 287 | + { |
|
| 288 | + // only directory names supported for now |
|
| 289 | + $name = $this->_entityName->firstDN(); |
|
| 290 | + foreach ($san->allOf(GeneralName::TAG_DIRECTORY_NAME) as $dn) { |
|
| 291 | + if ($dn instanceof DirectoryName && $dn->dn()->equals($name)) { |
|
| 292 | + return true; |
|
| 293 | + } |
|
| 294 | + } |
|
| 295 | + return false; |
|
| 296 | + } |
|
| 297 | 297 | } |
@@ -16,66 +16,66 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | abstract class AttCertIssuer |
| 18 | 18 | { |
| 19 | - /** |
|
| 20 | - * Generate ASN.1 element. |
|
| 21 | - * |
|
| 22 | - * @return Element |
|
| 23 | - */ |
|
| 24 | - abstract public function toASN1(); |
|
| 19 | + /** |
|
| 20 | + * Generate ASN.1 element. |
|
| 21 | + * |
|
| 22 | + * @return Element |
|
| 23 | + */ |
|
| 24 | + abstract public function toASN1(); |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * Check whether AttCertIssuer identifies given certificate. |
|
| 28 | - * |
|
| 29 | - * @param Certificate $cert |
|
| 30 | - * @return bool |
|
| 31 | - */ |
|
| 32 | - abstract public function identifiesPKC(Certificate $cert); |
|
| 26 | + /** |
|
| 27 | + * Check whether AttCertIssuer identifies given certificate. |
|
| 28 | + * |
|
| 29 | + * @param Certificate $cert |
|
| 30 | + * @return bool |
|
| 31 | + */ |
|
| 32 | + abstract public function identifiesPKC(Certificate $cert); |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Initialize from distinguished name. |
|
| 36 | - * |
|
| 37 | - * This conforms to RFC 5755 which states that only v2Form must be used, |
|
| 38 | - * and issuerName must contain exactly one GeneralName of DirectoryName |
|
| 39 | - * type. |
|
| 40 | - * |
|
| 41 | - * @link https://tools.ietf.org/html/rfc5755#section-4.2.3 |
|
| 42 | - * @param Name $name |
|
| 43 | - * @return self |
|
| 44 | - */ |
|
| 45 | - public static function fromName(Name $name) |
|
| 46 | - { |
|
| 47 | - return new V2Form(new GeneralNames(new DirectoryName($name))); |
|
| 48 | - } |
|
| 34 | + /** |
|
| 35 | + * Initialize from distinguished name. |
|
| 36 | + * |
|
| 37 | + * This conforms to RFC 5755 which states that only v2Form must be used, |
|
| 38 | + * and issuerName must contain exactly one GeneralName of DirectoryName |
|
| 39 | + * type. |
|
| 40 | + * |
|
| 41 | + * @link https://tools.ietf.org/html/rfc5755#section-4.2.3 |
|
| 42 | + * @param Name $name |
|
| 43 | + * @return self |
|
| 44 | + */ |
|
| 45 | + public static function fromName(Name $name) |
|
| 46 | + { |
|
| 47 | + return new V2Form(new GeneralNames(new DirectoryName($name))); |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * Initialize from an issuer's public key certificate. |
|
| 52 | - * |
|
| 53 | - * @param Certificate $cert |
|
| 54 | - * @return self |
|
| 55 | - */ |
|
| 56 | - public static function fromPKC(Certificate $cert) |
|
| 57 | - { |
|
| 58 | - return self::fromName($cert->tbsCertificate()->subject()); |
|
| 59 | - } |
|
| 50 | + /** |
|
| 51 | + * Initialize from an issuer's public key certificate. |
|
| 52 | + * |
|
| 53 | + * @param Certificate $cert |
|
| 54 | + * @return self |
|
| 55 | + */ |
|
| 56 | + public static function fromPKC(Certificate $cert) |
|
| 57 | + { |
|
| 58 | + return self::fromName($cert->tbsCertificate()->subject()); |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - /** |
|
| 62 | - * Initialize from ASN.1. |
|
| 63 | - * |
|
| 64 | - * @param UnspecifiedType $el CHOICE |
|
| 65 | - * @throws \UnexpectedValueException |
|
| 66 | - * @return self |
|
| 67 | - */ |
|
| 68 | - public static function fromASN1(UnspecifiedType $el) |
|
| 69 | - { |
|
| 70 | - if (!$el->isTagged()) { |
|
| 71 | - throw new \UnexpectedValueException("v1Form issuer not supported."); |
|
| 72 | - } |
|
| 73 | - $tagged = $el->asTagged(); |
|
| 74 | - switch ($tagged->tag()) { |
|
| 75 | - case 0: |
|
| 76 | - return V2Form::fromV2ASN1( |
|
| 77 | - $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence()); |
|
| 78 | - } |
|
| 79 | - throw new \UnexpectedValueException("Unsupported issuer type."); |
|
| 80 | - } |
|
| 61 | + /** |
|
| 62 | + * Initialize from ASN.1. |
|
| 63 | + * |
|
| 64 | + * @param UnspecifiedType $el CHOICE |
|
| 65 | + * @throws \UnexpectedValueException |
|
| 66 | + * @return self |
|
| 67 | + */ |
|
| 68 | + public static function fromASN1(UnspecifiedType $el) |
|
| 69 | + { |
|
| 70 | + if (!$el->isTagged()) { |
|
| 71 | + throw new \UnexpectedValueException("v1Form issuer not supported."); |
|
| 72 | + } |
|
| 73 | + $tagged = $el->asTagged(); |
|
| 74 | + switch ($tagged->tag()) { |
|
| 75 | + case 0: |
|
| 76 | + return V2Form::fromV2ASN1( |
|
| 77 | + $tagged->asImplicit(Element::TYPE_SEQUENCE)->asSequence()); |
|
| 78 | + } |
|
| 79 | + throw new \UnexpectedValueException("Unsupported issuer type."); |
|
| 80 | + } |
|
| 81 | 81 | } |
@@ -18,203 +18,203 @@ |
||
| 18 | 18 | */ |
| 19 | 19 | class AttributeCertificate |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * Attribute certificate info. |
|
| 23 | - * |
|
| 24 | - * @var AttributeCertificateInfo $_acinfo |
|
| 25 | - */ |
|
| 26 | - protected $_acinfo; |
|
| 27 | - |
|
| 28 | - /** |
|
| 29 | - * Signature algorithm identifier. |
|
| 30 | - * |
|
| 31 | - * @var SignatureAlgorithmIdentifier $_signatureAlgorithm |
|
| 32 | - */ |
|
| 33 | - protected $_signatureAlgorithm; |
|
| 34 | - |
|
| 35 | - /** |
|
| 36 | - * Signature value. |
|
| 37 | - * |
|
| 38 | - * @var Signature $_signatureValue |
|
| 39 | - */ |
|
| 40 | - protected $_signatureValue; |
|
| 41 | - |
|
| 42 | - /** |
|
| 43 | - * Constructor. |
|
| 44 | - * |
|
| 45 | - * @param AttributeCertificateInfo $acinfo |
|
| 46 | - * @param SignatureAlgorithmIdentifier $algo |
|
| 47 | - * @param Signature $signature |
|
| 48 | - */ |
|
| 49 | - public function __construct(AttributeCertificateInfo $acinfo, |
|
| 50 | - SignatureAlgorithmIdentifier $algo, Signature $signature) |
|
| 51 | - { |
|
| 52 | - $this->_acinfo = $acinfo; |
|
| 53 | - $this->_signatureAlgorithm = $algo; |
|
| 54 | - $this->_signatureValue = $signature; |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - /** |
|
| 58 | - * Initialize from ASN.1. |
|
| 59 | - * |
|
| 60 | - * @param Sequence $seq |
|
| 61 | - * @return self |
|
| 62 | - */ |
|
| 63 | - public static function fromASN1(Sequence $seq) |
|
| 64 | - { |
|
| 65 | - $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence()); |
|
| 66 | - $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); |
|
| 67 | - if (!$algo instanceof SignatureAlgorithmIdentifier) { |
|
| 68 | - throw new \UnexpectedValueException( |
|
| 69 | - "Unsupported signature algorithm " . $algo->oid() . "."); |
|
| 70 | - } |
|
| 71 | - $signature = Signature::fromSignatureData( |
|
| 72 | - $seq->at(2) |
|
| 73 | - ->asBitString() |
|
| 74 | - ->string(), $algo); |
|
| 75 | - return new self($acinfo, $algo, $signature); |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - /** |
|
| 79 | - * Initialize from DER data. |
|
| 80 | - * |
|
| 81 | - * @param string $data |
|
| 82 | - * @return self |
|
| 83 | - */ |
|
| 84 | - public static function fromDER($data) |
|
| 85 | - { |
|
| 86 | - return self::fromASN1(Sequence::fromDER($data)); |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * Initialize from PEM. |
|
| 91 | - * |
|
| 92 | - * @param PEM $pem |
|
| 93 | - * @throws \UnexpectedValueException |
|
| 94 | - * @return self |
|
| 95 | - */ |
|
| 96 | - public static function fromPEM(PEM $pem) |
|
| 97 | - { |
|
| 98 | - if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) { |
|
| 99 | - throw new \UnexpectedValueException("Invalid PEM type."); |
|
| 100 | - } |
|
| 101 | - return self::fromDER($pem->data()); |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - /** |
|
| 105 | - * Get attribute certificate info. |
|
| 106 | - * |
|
| 107 | - * @return AttributeCertificateInfo |
|
| 108 | - */ |
|
| 109 | - public function acinfo() |
|
| 110 | - { |
|
| 111 | - return $this->_acinfo; |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - /** |
|
| 115 | - * Get signature algorithm identifier. |
|
| 116 | - * |
|
| 117 | - * @return SignatureAlgorithmIdentifier |
|
| 118 | - */ |
|
| 119 | - public function signatureAlgorithm() |
|
| 120 | - { |
|
| 121 | - return $this->_signatureAlgorithm; |
|
| 122 | - } |
|
| 123 | - |
|
| 124 | - /** |
|
| 125 | - * Get signature value. |
|
| 126 | - * |
|
| 127 | - * @return Signature |
|
| 128 | - */ |
|
| 129 | - public function signatureValue() |
|
| 130 | - { |
|
| 131 | - return $this->_signatureValue; |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - /** |
|
| 135 | - * Get ASN.1 structure. |
|
| 136 | - * |
|
| 137 | - * @return Sequence |
|
| 138 | - */ |
|
| 139 | - public function toASN1() |
|
| 140 | - { |
|
| 141 | - return new Sequence($this->_acinfo->toASN1(), |
|
| 142 | - $this->_signatureAlgorithm->toASN1(), |
|
| 143 | - $this->_signatureValue->bitString()); |
|
| 144 | - } |
|
| 145 | - |
|
| 146 | - /** |
|
| 147 | - * Get attribute certificate as a DER. |
|
| 148 | - * |
|
| 149 | - * @return string |
|
| 150 | - */ |
|
| 151 | - public function toDER() |
|
| 152 | - { |
|
| 153 | - return $this->toASN1()->toDER(); |
|
| 154 | - } |
|
| 155 | - |
|
| 156 | - /** |
|
| 157 | - * Get attribute certificate as a PEM. |
|
| 158 | - * |
|
| 159 | - * @return PEM |
|
| 160 | - */ |
|
| 161 | - public function toPEM() |
|
| 162 | - { |
|
| 163 | - return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER()); |
|
| 164 | - } |
|
| 165 | - |
|
| 166 | - /** |
|
| 167 | - * Check whether attribute certificate is issued to the subject identified |
|
| 168 | - * by given public key certificate. |
|
| 169 | - * |
|
| 170 | - * @param Certificate $cert Certificate |
|
| 171 | - * @return boolean |
|
| 172 | - */ |
|
| 173 | - public function isHeldBy(Certificate $cert) |
|
| 174 | - { |
|
| 175 | - if (!$this->_acinfo->holder()->identifiesPKC($cert)) { |
|
| 176 | - return false; |
|
| 177 | - } |
|
| 178 | - return true; |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * Check whether attribute certificate is issued by given public key |
|
| 183 | - * certificate. |
|
| 184 | - * |
|
| 185 | - * @param Certificate $cert Certificate |
|
| 186 | - * @return boolean |
|
| 187 | - */ |
|
| 188 | - public function isIssuedBy(Certificate $cert) |
|
| 189 | - { |
|
| 190 | - if (!$this->_acinfo->issuer()->identifiesPKC($cert)) { |
|
| 191 | - return false; |
|
| 192 | - } |
|
| 193 | - return true; |
|
| 194 | - } |
|
| 195 | - |
|
| 196 | - /** |
|
| 197 | - * Verify signature. |
|
| 198 | - * |
|
| 199 | - * @param PublicKeyInfo $pubkey_info Signer's public key |
|
| 200 | - * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 201 | - * @return bool |
|
| 202 | - */ |
|
| 203 | - public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null) |
|
| 204 | - { |
|
| 205 | - $crypto = $crypto ?: Crypto::getDefault(); |
|
| 206 | - $data = $this->_acinfo->toASN1()->toDER(); |
|
| 207 | - return $crypto->verify($data, $this->_signatureValue, $pubkey_info, |
|
| 208 | - $this->_signatureAlgorithm); |
|
| 209 | - } |
|
| 210 | - |
|
| 211 | - /** |
|
| 212 | - * Get attribute certificate as a PEM formatted string. |
|
| 213 | - * |
|
| 214 | - * @return string |
|
| 215 | - */ |
|
| 216 | - public function __toString() |
|
| 217 | - { |
|
| 218 | - return $this->toPEM()->string(); |
|
| 219 | - } |
|
| 21 | + /** |
|
| 22 | + * Attribute certificate info. |
|
| 23 | + * |
|
| 24 | + * @var AttributeCertificateInfo $_acinfo |
|
| 25 | + */ |
|
| 26 | + protected $_acinfo; |
|
| 27 | + |
|
| 28 | + /** |
|
| 29 | + * Signature algorithm identifier. |
|
| 30 | + * |
|
| 31 | + * @var SignatureAlgorithmIdentifier $_signatureAlgorithm |
|
| 32 | + */ |
|
| 33 | + protected $_signatureAlgorithm; |
|
| 34 | + |
|
| 35 | + /** |
|
| 36 | + * Signature value. |
|
| 37 | + * |
|
| 38 | + * @var Signature $_signatureValue |
|
| 39 | + */ |
|
| 40 | + protected $_signatureValue; |
|
| 41 | + |
|
| 42 | + /** |
|
| 43 | + * Constructor. |
|
| 44 | + * |
|
| 45 | + * @param AttributeCertificateInfo $acinfo |
|
| 46 | + * @param SignatureAlgorithmIdentifier $algo |
|
| 47 | + * @param Signature $signature |
|
| 48 | + */ |
|
| 49 | + public function __construct(AttributeCertificateInfo $acinfo, |
|
| 50 | + SignatureAlgorithmIdentifier $algo, Signature $signature) |
|
| 51 | + { |
|
| 52 | + $this->_acinfo = $acinfo; |
|
| 53 | + $this->_signatureAlgorithm = $algo; |
|
| 54 | + $this->_signatureValue = $signature; |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + /** |
|
| 58 | + * Initialize from ASN.1. |
|
| 59 | + * |
|
| 60 | + * @param Sequence $seq |
|
| 61 | + * @return self |
|
| 62 | + */ |
|
| 63 | + public static function fromASN1(Sequence $seq) |
|
| 64 | + { |
|
| 65 | + $acinfo = AttributeCertificateInfo::fromASN1($seq->at(0)->asSequence()); |
|
| 66 | + $algo = AlgorithmIdentifier::fromASN1($seq->at(1)->asSequence()); |
|
| 67 | + if (!$algo instanceof SignatureAlgorithmIdentifier) { |
|
| 68 | + throw new \UnexpectedValueException( |
|
| 69 | + "Unsupported signature algorithm " . $algo->oid() . "."); |
|
| 70 | + } |
|
| 71 | + $signature = Signature::fromSignatureData( |
|
| 72 | + $seq->at(2) |
|
| 73 | + ->asBitString() |
|
| 74 | + ->string(), $algo); |
|
| 75 | + return new self($acinfo, $algo, $signature); |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + /** |
|
| 79 | + * Initialize from DER data. |
|
| 80 | + * |
|
| 81 | + * @param string $data |
|
| 82 | + * @return self |
|
| 83 | + */ |
|
| 84 | + public static function fromDER($data) |
|
| 85 | + { |
|
| 86 | + return self::fromASN1(Sequence::fromDER($data)); |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * Initialize from PEM. |
|
| 91 | + * |
|
| 92 | + * @param PEM $pem |
|
| 93 | + * @throws \UnexpectedValueException |
|
| 94 | + * @return self |
|
| 95 | + */ |
|
| 96 | + public static function fromPEM(PEM $pem) |
|
| 97 | + { |
|
| 98 | + if ($pem->type() !== PEM::TYPE_ATTRIBUTE_CERTIFICATE) { |
|
| 99 | + throw new \UnexpectedValueException("Invalid PEM type."); |
|
| 100 | + } |
|
| 101 | + return self::fromDER($pem->data()); |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + /** |
|
| 105 | + * Get attribute certificate info. |
|
| 106 | + * |
|
| 107 | + * @return AttributeCertificateInfo |
|
| 108 | + */ |
|
| 109 | + public function acinfo() |
|
| 110 | + { |
|
| 111 | + return $this->_acinfo; |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + /** |
|
| 115 | + * Get signature algorithm identifier. |
|
| 116 | + * |
|
| 117 | + * @return SignatureAlgorithmIdentifier |
|
| 118 | + */ |
|
| 119 | + public function signatureAlgorithm() |
|
| 120 | + { |
|
| 121 | + return $this->_signatureAlgorithm; |
|
| 122 | + } |
|
| 123 | + |
|
| 124 | + /** |
|
| 125 | + * Get signature value. |
|
| 126 | + * |
|
| 127 | + * @return Signature |
|
| 128 | + */ |
|
| 129 | + public function signatureValue() |
|
| 130 | + { |
|
| 131 | + return $this->_signatureValue; |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + /** |
|
| 135 | + * Get ASN.1 structure. |
|
| 136 | + * |
|
| 137 | + * @return Sequence |
|
| 138 | + */ |
|
| 139 | + public function toASN1() |
|
| 140 | + { |
|
| 141 | + return new Sequence($this->_acinfo->toASN1(), |
|
| 142 | + $this->_signatureAlgorithm->toASN1(), |
|
| 143 | + $this->_signatureValue->bitString()); |
|
| 144 | + } |
|
| 145 | + |
|
| 146 | + /** |
|
| 147 | + * Get attribute certificate as a DER. |
|
| 148 | + * |
|
| 149 | + * @return string |
|
| 150 | + */ |
|
| 151 | + public function toDER() |
|
| 152 | + { |
|
| 153 | + return $this->toASN1()->toDER(); |
|
| 154 | + } |
|
| 155 | + |
|
| 156 | + /** |
|
| 157 | + * Get attribute certificate as a PEM. |
|
| 158 | + * |
|
| 159 | + * @return PEM |
|
| 160 | + */ |
|
| 161 | + public function toPEM() |
|
| 162 | + { |
|
| 163 | + return new PEM(PEM::TYPE_ATTRIBUTE_CERTIFICATE, $this->toDER()); |
|
| 164 | + } |
|
| 165 | + |
|
| 166 | + /** |
|
| 167 | + * Check whether attribute certificate is issued to the subject identified |
|
| 168 | + * by given public key certificate. |
|
| 169 | + * |
|
| 170 | + * @param Certificate $cert Certificate |
|
| 171 | + * @return boolean |
|
| 172 | + */ |
|
| 173 | + public function isHeldBy(Certificate $cert) |
|
| 174 | + { |
|
| 175 | + if (!$this->_acinfo->holder()->identifiesPKC($cert)) { |
|
| 176 | + return false; |
|
| 177 | + } |
|
| 178 | + return true; |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * Check whether attribute certificate is issued by given public key |
|
| 183 | + * certificate. |
|
| 184 | + * |
|
| 185 | + * @param Certificate $cert Certificate |
|
| 186 | + * @return boolean |
|
| 187 | + */ |
|
| 188 | + public function isIssuedBy(Certificate $cert) |
|
| 189 | + { |
|
| 190 | + if (!$this->_acinfo->issuer()->identifiesPKC($cert)) { |
|
| 191 | + return false; |
|
| 192 | + } |
|
| 193 | + return true; |
|
| 194 | + } |
|
| 195 | + |
|
| 196 | + /** |
|
| 197 | + * Verify signature. |
|
| 198 | + * |
|
| 199 | + * @param PublicKeyInfo $pubkey_info Signer's public key |
|
| 200 | + * @param Crypto|null $crypto Crypto engine, use default if not set |
|
| 201 | + * @return bool |
|
| 202 | + */ |
|
| 203 | + public function verify(PublicKeyInfo $pubkey_info, Crypto $crypto = null) |
|
| 204 | + { |
|
| 205 | + $crypto = $crypto ?: Crypto::getDefault(); |
|
| 206 | + $data = $this->_acinfo->toASN1()->toDER(); |
|
| 207 | + return $crypto->verify($data, $this->_signatureValue, $pubkey_info, |
|
| 208 | + $this->_signatureAlgorithm); |
|
| 209 | + } |
|
| 210 | + |
|
| 211 | + /** |
|
| 212 | + * Get attribute certificate as a PEM formatted string. |
|
| 213 | + * |
|
| 214 | + * @return string |
|
| 215 | + */ |
|
| 216 | + public function __toString() |
|
| 217 | + { |
|
| 218 | + return $this->toPEM()->string(); |
|
| 219 | + } |
|
| 220 | 220 | } |
