Inspection of "Add documentation" - sop/x509 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ff3a63...584877 )

by Joni

created 2017-08-02 06:03 UTC

Status

Indentation +12 added lines, -12 removed lines patch added patch discarded remove patch

@@ -11,17 +11,17 @@
 block discarded – undo
  */
 class AccessIdentityAttributeValue extends SvceAuthInfo
 {
-    const OID = "1.3.6.1.5.5.7.10.2";
+	const OID = "1.3.6.1.5.5.7.10.2";
     
-    /**
-     * Constructor.
-     *
-     * @param GeneralName $service
-     * @param GeneralName $ident
-     */
-    public function __construct(GeneralName $service, GeneralName $ident)
-    {
-        parent::__construct($service, $ident, null);
-        $this->_oid = self::OID;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param GeneralName $service
+	 * @param GeneralName $ident
+	 */
+	public function __construct(GeneralName $service, GeneralName $ident)
+	{
+		parent::__construct($service, $ident, null);
+		$this->_oid = self::OID;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/AttributeCertificate/Attribute/GroupAttributeValue.php 1 patch

Indentation +11 added lines, -11 removed lines patch added patch discarded remove patch

@@ -9,16 +9,16 @@
 block discarded – undo
  */
 class GroupAttributeValue extends IetfAttrSyntax
 {
-    const OID = "1.3.6.1.5.5.7.10.4";
+	const OID = "1.3.6.1.5.5.7.10.4";
     
-    /**
-     * Constructor.
-     *
-     * @param IetfAttrValue ...$values
-     */
-    public function __construct(IetfAttrValue ...$values)
-    {
-        parent::__construct(...$values);
-        $this->_oid = self::OID;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param IetfAttrValue ...$values
+	 */
+	public function __construct(IetfAttrValue ...$values)
+	{
+		parent::__construct(...$values);
+		$this->_oid = self::OID;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/AttributeCertificate/Attributes.php 1 patch

Indentation +196 added lines, -196 removed lines patch added patch discarded remove patch

@@ -24,200 +24,200 @@
 block discarded – undo
  */
 class Attributes implements \Countable, \IteratorAggregate
 {
-    use AttributeContainer;
-    
-    /**
-     * Mapping from OID to attribute value class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_OID_TO_CLASS = array(
-        /* @formatter:off */
-        AccessIdentityAttributeValue::OID => AccessIdentityAttributeValue::class,
-        AuthenticationInfoAttributeValue::OID => AuthenticationInfoAttributeValue::class,
-        ChargingIdentityAttributeValue::OID => ChargingIdentityAttributeValue::class,
-        GroupAttributeValue::OID => GroupAttributeValue::class,
-        AttributeType::OID_ROLE => RoleAttributeValue::class
-        /* @formatter:on */
-    );
-    
-    /**
-     * Constructor.
-     *
-     * @param Attribute ...$attribs
-     */
-    public function __construct(Attribute ...$attribs)
-    {
-        $this->_attributes = $attribs;
-    }
-    
-    /**
-     * Initialize from attribute values.
-     *
-     * @param AttributeValue ...$values
-     * @return self
-     */
-    public static function fromAttributeValues(AttributeValue ...$values)
-    {
-        $attribs = array_map(
-            function (AttributeValue $value) {
-                return $value->toAttribute();
-            }, $values);
-        return new self(...$attribs);
-    }
-    
-    /**
-     * Initialize from ASN.1.
-     *
-     * @param Sequence $seq
-     * @return self
-     */
-    public static function fromASN1(Sequence $seq)
-    {
-        $attribs = array_map(
-            function (UnspecifiedType $el) {
-                return Attribute::fromASN1($el->asSequence());
-            }, $seq->elements());
-        // cast attributes
-        $attribs = array_map(
-            function (Attribute $attr) {
-                $oid = $attr->oid();
-                if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
-                    $cls = self::MAP_OID_TO_CLASS[$oid];
-                    $attr = $attr->castValues($cls);
-                }
-                return $attr;
-            }, $attribs);
-        return new self(...$attribs);
-    }
-    
-    /**
-     * Check whether 'Access Identity' attribute is present.
-     *
-     * @return bool
-     */
-    public function hasAccessIdentity()
-    {
-        return $this->has(AccessIdentityAttributeValue::OID);
-    }
-    
-    /**
-     * Get the first 'Access Identity' attribute value.
-     *
-     * @return AccessIdentityAttributeValue
-     */
-    public function accessIdentity()
-    {
-        return $this->firstOf(AccessIdentityAttributeValue::OID)->first();
-    }
-    
-    /**
-     * Check whether 'Service Authentication Information' attribute is present.
-     *
-     * @return bool
-     */
-    public function hasAuthenticationInformation()
-    {
-        return $this->has(AuthenticationInfoAttributeValue::OID);
-    }
-    
-    /**
-     * Get the first 'Service Authentication Information' attribute value.
-     *
-     * @return AuthenticationInfoAttributeValue
-     */
-    public function authenticationInformation()
-    {
-        return $this->firstOf(AuthenticationInfoAttributeValue::OID)->first();
-    }
-    
-    /**
-     * Check whether 'Charging Identity' attribute is present.
-     *
-     * @return bool
-     */
-    public function hasChargingIdentity()
-    {
-        return $this->has(ChargingIdentityAttributeValue::OID);
-    }
-    
-    /**
-     * Get the first 'Charging Identity' attribute value.
-     *
-     * @return ChargingIdentityAttributeValue
-     */
-    public function chargingIdentity()
-    {
-        return $this->firstOf(ChargingIdentityAttributeValue::OID)->first();
-    }
-    
-    /**
-     * Check whether 'Group' attribute is present.
-     *
-     * @return bool
-     */
-    public function hasGroup()
-    {
-        return $this->has(GroupAttributeValue::OID);
-    }
-    
-    /**
-     * Get the first 'Group' attribute value.
-     *
-     * @return GroupAttributeValue
-     */
-    public function group()
-    {
-        return $this->firstOf(GroupAttributeValue::OID)->first();
-    }
-    
-    /**
-     * Check whether 'Role' attribute is present.
-     *
-     * @return bool
-     */
-    public function hasRole()
-    {
-        return $this->has(AttributeType::OID_ROLE);
-    }
-    
-    /**
-     * Get the first 'Role' attribute value.
-     *
-     * @return RoleAttributeValue
-     */
-    public function role()
-    {
-        return $this->firstOf(AttributeType::OID_ROLE)->first();
-    }
-    
-    /**
-     * Get all 'Role' attribute values.
-     *
-     * @return RoleAttributeValue[]
-     */
-    public function roles()
-    {
-        return array_merge(array(),
-            ...array_map(
-                function (Attribute $attr) {
-                    return $attr->values();
-                }, $this->allOf(AttributeType::OID_ROLE)));
-    }
-    
-    /**
-     * Generate ASN.1 structure.
-     *
-     * @return Sequence
-     */
-    public function toASN1()
-    {
-        $elements = array_map(
-            function (Attribute $attr) {
-                return $attr->toASN1();
-            }, array_values($this->_attributes));
-        return new Sequence(...$elements);
-    }
+	use AttributeContainer;
+    
+	/**
+	 * Mapping from OID to attribute value class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_OID_TO_CLASS = array(
+		/* @formatter:off */
+		AccessIdentityAttributeValue::OID => AccessIdentityAttributeValue::class,
+		AuthenticationInfoAttributeValue::OID => AuthenticationInfoAttributeValue::class,
+		ChargingIdentityAttributeValue::OID => ChargingIdentityAttributeValue::class,
+		GroupAttributeValue::OID => GroupAttributeValue::class,
+		AttributeType::OID_ROLE => RoleAttributeValue::class
+		/* @formatter:on */
+	);
+    
+	/**
+	 * Constructor.
+	 *
+	 * @param Attribute ...$attribs
+	 */
+	public function __construct(Attribute ...$attribs)
+	{
+		$this->_attributes = $attribs;
+	}
+    
+	/**
+	 * Initialize from attribute values.
+	 *
+	 * @param AttributeValue ...$values
+	 * @return self
+	 */
+	public static function fromAttributeValues(AttributeValue ...$values)
+	{
+		$attribs = array_map(
+			function (AttributeValue $value) {
+				return $value->toAttribute();
+			}, $values);
+		return new self(...$attribs);
+	}
+    
+	/**
+	 * Initialize from ASN.1.
+	 *
+	 * @param Sequence $seq
+	 * @return self
+	 */
+	public static function fromASN1(Sequence $seq)
+	{
+		$attribs = array_map(
+			function (UnspecifiedType $el) {
+				return Attribute::fromASN1($el->asSequence());
+			}, $seq->elements());
+		// cast attributes
+		$attribs = array_map(
+			function (Attribute $attr) {
+				$oid = $attr->oid();
+				if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
+					$cls = self::MAP_OID_TO_CLASS[$oid];
+					$attr = $attr->castValues($cls);
+				}
+				return $attr;
+			}, $attribs);
+		return new self(...$attribs);
+	}
+    
+	/**
+	 * Check whether 'Access Identity' attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasAccessIdentity()
+	{
+		return $this->has(AccessIdentityAttributeValue::OID);
+	}
+    
+	/**
+	 * Get the first 'Access Identity' attribute value.
+	 *
+	 * @return AccessIdentityAttributeValue
+	 */
+	public function accessIdentity()
+	{
+		return $this->firstOf(AccessIdentityAttributeValue::OID)->first();
+	}
+    
+	/**
+	 * Check whether 'Service Authentication Information' attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasAuthenticationInformation()
+	{
+		return $this->has(AuthenticationInfoAttributeValue::OID);
+	}
+    
+	/**
+	 * Get the first 'Service Authentication Information' attribute value.
+	 *
+	 * @return AuthenticationInfoAttributeValue
+	 */
+	public function authenticationInformation()
+	{
+		return $this->firstOf(AuthenticationInfoAttributeValue::OID)->first();
+	}
+    
+	/**
+	 * Check whether 'Charging Identity' attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasChargingIdentity()
+	{
+		return $this->has(ChargingIdentityAttributeValue::OID);
+	}
+    
+	/**
+	 * Get the first 'Charging Identity' attribute value.
+	 *
+	 * @return ChargingIdentityAttributeValue
+	 */
+	public function chargingIdentity()
+	{
+		return $this->firstOf(ChargingIdentityAttributeValue::OID)->first();
+	}
+    
+	/**
+	 * Check whether 'Group' attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasGroup()
+	{
+		return $this->has(GroupAttributeValue::OID);
+	}
+    
+	/**
+	 * Get the first 'Group' attribute value.
+	 *
+	 * @return GroupAttributeValue
+	 */
+	public function group()
+	{
+		return $this->firstOf(GroupAttributeValue::OID)->first();
+	}
+    
+	/**
+	 * Check whether 'Role' attribute is present.
+	 *
+	 * @return bool
+	 */
+	public function hasRole()
+	{
+		return $this->has(AttributeType::OID_ROLE);
+	}
+    
+	/**
+	 * Get the first 'Role' attribute value.
+	 *
+	 * @return RoleAttributeValue
+	 */
+	public function role()
+	{
+		return $this->firstOf(AttributeType::OID_ROLE)->first();
+	}
+    
+	/**
+	 * Get all 'Role' attribute values.
+	 *
+	 * @return RoleAttributeValue[]
+	 */
+	public function roles()
+	{
+		return array_merge(array(),
+			...array_map(
+				function (Attribute $attr) {
+					return $attr->values();
+				}, $this->allOf(AttributeType::OID_ROLE)));
+	}
+    
+	/**
+	 * Generate ASN.1 structure.
+	 *
+	 * @return Sequence
+	 */
+	public function toASN1()
+	{
+		$elements = array_map(
+			function (Attribute $attr) {
+				return $attr->toASN1();
+			}, array_values($this->_attributes));
+		return new Sequence(...$elements);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/Policy/PolicyNode.php 1 patch

Indentation +238 added lines, -238 removed lines patch added patch discarded remove patch

@@ -11,265 +11,265 @@
 block discarded – undo
  */
 class PolicyNode implements \IteratorAggregate, \Countable
 {
-    /**
-     * Policy OID.
-     *
-     * @var string
-     */
-    protected $_validPolicy;
+	/**
+	 * Policy OID.
+	 *
+	 * @var string
+	 */
+	protected $_validPolicy;
     
-    /**
-     * List of qualifiers.
-     *
-     * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
-     */
-    protected $_qualifiers;
+	/**
+	 * List of qualifiers.
+	 *
+	 * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
+	 */
+	protected $_qualifiers;
     
-    /**
-     * List of expected policy OIDs.
-     *
-     * @var string[]
-     */
-    protected $_expectedPolicies;
+	/**
+	 * List of expected policy OIDs.
+	 *
+	 * @var string[]
+	 */
+	protected $_expectedPolicies;
     
-    /**
-     * List of child nodes.
-     *
-     * @var PolicyNode[]
-     */
-    protected $_children;
+	/**
+	 * List of child nodes.
+	 *
+	 * @var PolicyNode[]
+	 */
+	protected $_children;
     
-    /**
-     * Reference to the parent node.
-     *
-     * @var PolicyNode|null
-     */
-    protected $_parent;
+	/**
+	 * Reference to the parent node.
+	 *
+	 * @var PolicyNode|null
+	 */
+	protected $_parent;
     
-    /**
-     * Constructor.
-     *
-     * @param string $valid_policy Policy OID
-     * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
-     * @param string[] $expected_policies
-     */
-    public function __construct($valid_policy, array $qualifiers,
-        array $expected_policies)
-    {
-        $this->_validPolicy = $valid_policy;
-        $this->_qualifiers = $qualifiers;
-        $this->_expectedPolicies = $expected_policies;
-        $this->_children = array();
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $valid_policy Policy OID
+	 * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
+	 * @param string[] $expected_policies
+	 */
+	public function __construct($valid_policy, array $qualifiers,
+		array $expected_policies)
+	{
+		$this->_validPolicy = $valid_policy;
+		$this->_qualifiers = $qualifiers;
+		$this->_expectedPolicies = $expected_policies;
+		$this->_children = array();
+	}
     
-    /**
-     * Create initial node for the policy tree.
-     *
-     * @return self
-     */
-    public static function anyPolicyNode()
-    {
-        return new self(PolicyInformation::OID_ANY_POLICY, array(),
-            array(PolicyInformation::OID_ANY_POLICY));
-    }
+	/**
+	 * Create initial node for the policy tree.
+	 *
+	 * @return self
+	 */
+	public static function anyPolicyNode()
+	{
+		return new self(PolicyInformation::OID_ANY_POLICY, array(),
+			array(PolicyInformation::OID_ANY_POLICY));
+	}
     
-    /**
-     * Get the valid policy OID.
-     *
-     * @return string
-     */
-    public function validPolicy()
-    {
-        return $this->_validPolicy;
-    }
+	/**
+	 * Get the valid policy OID.
+	 *
+	 * @return string
+	 */
+	public function validPolicy()
+	{
+		return $this->_validPolicy;
+	}
     
-    /**
-     * Check whether node has anyPolicy as a valid policy.
-     *
-     * @return boolean
-     */
-    public function isAnyPolicy()
-    {
-        return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
-    }
+	/**
+	 * Check whether node has anyPolicy as a valid policy.
+	 *
+	 * @return boolean
+	 */
+	public function isAnyPolicy()
+	{
+		return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
+	}
     
-    /**
-     * Get the qualifier set.
-     *
-     * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
-     */
-    public function qualifiers()
-    {
-        return $this->_qualifiers;
-    }
+	/**
+	 * Get the qualifier set.
+	 *
+	 * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
+	 */
+	public function qualifiers()
+	{
+		return $this->_qualifiers;
+	}
     
-    /**
-     * Check whether node has OID as an expected policy.
-     *
-     * @param string $oid
-     * @return boolean
-     */
-    public function hasExpectedPolicy($oid)
-    {
-        return in_array($oid, $this->_expectedPolicies);
-    }
+	/**
+	 * Check whether node has OID as an expected policy.
+	 *
+	 * @param string $oid
+	 * @return boolean
+	 */
+	public function hasExpectedPolicy($oid)
+	{
+		return in_array($oid, $this->_expectedPolicies);
+	}
     
-    /**
-     * Get the expected policy set.
-     *
-     * @return string[]
-     */
-    public function expectedPolicies()
-    {
-        return $this->_expectedPolicies;
-    }
+	/**
+	 * Get the expected policy set.
+	 *
+	 * @return string[]
+	 */
+	public function expectedPolicies()
+	{
+		return $this->_expectedPolicies;
+	}
     
-    /**
-     * Set expected policies.
-     *
-     * @param string ...$oids Policy OIDs
-     */
-    public function setExpectedPolicies(...$oids)
-    {
-        $this->_expectedPolicies = $oids;
-    }
+	/**
+	 * Set expected policies.
+	 *
+	 * @param string ...$oids Policy OIDs
+	 */
+	public function setExpectedPolicies(...$oids)
+	{
+		$this->_expectedPolicies = $oids;
+	}
     
-    /**
-     * Check whether node has a child node with given valid policy OID.
-     *
-     * @param string $oid
-     * @return boolean
-     */
-    public function hasChildWithValidPolicy($oid)
-    {
-        foreach ($this->_children as $node) {
-            if ($node->validPolicy() == $oid) {
-                return true;
-            }
-        }
-        return false;
-    }
+	/**
+	 * Check whether node has a child node with given valid policy OID.
+	 *
+	 * @param string $oid
+	 * @return boolean
+	 */
+	public function hasChildWithValidPolicy($oid)
+	{
+		foreach ($this->_children as $node) {
+			if ($node->validPolicy() == $oid) {
+				return true;
+			}
+		}
+		return false;
+	}
     
-    /**
-     * Add child node.
-     *
-     * @param PolicyNode $node
-     * @return self
-     */
-    public function addChild(PolicyNode $node)
-    {
-        $id = spl_object_hash($node);
-        $node->_parent = $this;
-        $this->_children[$id] = $node;
-        return $this;
-    }
+	/**
+	 * Add child node.
+	 *
+	 * @param PolicyNode $node
+	 * @return self
+	 */
+	public function addChild(PolicyNode $node)
+	{
+		$id = spl_object_hash($node);
+		$node->_parent = $this;
+		$this->_children[$id] = $node;
+		return $this;
+	}
     
-    /**
-     * Get the child nodes.
-     *
-     * @return PolicyNode[]
-     */
-    public function children()
-    {
-        return array_values($this->_children);
-    }
+	/**
+	 * Get the child nodes.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function children()
+	{
+		return array_values($this->_children);
+	}
     
-    /**
-     * Remove this node from the tree.
-     *
-     * @return self The removed node
-     */
-    public function remove()
-    {
-        if ($this->_parent) {
-            $id = spl_object_hash($this);
-            unset($this->_parent->_children[$id]);
-            unset($this->_parent);
-        }
-        return $this;
-    }
+	/**
+	 * Remove this node from the tree.
+	 *
+	 * @return self The removed node
+	 */
+	public function remove()
+	{
+		if ($this->_parent) {
+			$id = spl_object_hash($this);
+			unset($this->_parent->_children[$id]);
+			unset($this->_parent);
+		}
+		return $this;
+	}
     
-    /**
-     * Check whether node has a parent.
-     *
-     * @return bool
-     */
-    public function hasParent()
-    {
-        return isset($this->_parent);
-    }
+	/**
+	 * Check whether node has a parent.
+	 *
+	 * @return bool
+	 */
+	public function hasParent()
+	{
+		return isset($this->_parent);
+	}
     
-    /**
-     * Get the parent node.
-     *
-     * @return PolicyNode|null
-     */
-    public function parent()
-    {
-        return $this->_parent;
-    }
+	/**
+	 * Get the parent node.
+	 *
+	 * @return PolicyNode|null
+	 */
+	public function parent()
+	{
+		return $this->_parent;
+	}
     
-    /**
-     * Get chain of parent nodes from this node's parent to the root node.
-     *
-     * @return PolicyNode[]
-     */
-    public function parents()
-    {
-        if (!$this->_parent) {
-            return array();
-        }
-        $nodes = $this->_parent->parents();
-        $nodes[] = $this->_parent;
-        return array_reverse($nodes);
-    }
+	/**
+	 * Get chain of parent nodes from this node's parent to the root node.
+	 *
+	 * @return PolicyNode[]
+	 */
+	public function parents()
+	{
+		if (!$this->_parent) {
+			return array();
+		}
+		$nodes = $this->_parent->parents();
+		$nodes[] = $this->_parent;
+		return array_reverse($nodes);
+	}
     
-    /**
-     * Walk tree from this node, applying a callback for each node.
-     *
-     * Nodes are traversed depth-first and callback shall be applied post-order.
-     *
-     * @param callable $fn
-     */
-    public function walkNodes(callable $fn)
-    {
-        foreach ($this->_children as $node) {
-            $node->walkNodes($fn);
-        }
-        $fn($this);
-    }
+	/**
+	 * Walk tree from this node, applying a callback for each node.
+	 *
+	 * Nodes are traversed depth-first and callback shall be applied post-order.
+	 *
+	 * @param callable $fn
+	 */
+	public function walkNodes(callable $fn)
+	{
+		foreach ($this->_children as $node) {
+			$node->walkNodes($fn);
+		}
+		$fn($this);
+	}
     
-    /**
-     * Get the total number of nodes in a tree.
-     *
-     * @return int
-     */
-    public function nodeCount()
-    {
-        $c = 1;
-        foreach ($this->_children as $child) {
-            $c += $child->nodeCount();
-        }
-        return $c;
-    }
+	/**
+	 * Get the total number of nodes in a tree.
+	 *
+	 * @return int
+	 */
+	public function nodeCount()
+	{
+		$c = 1;
+		foreach ($this->_children as $child) {
+			$c += $child->nodeCount();
+		}
+		return $c;
+	}
     
-    /**
-     * Get the number of child nodes.
-     *
-     * @see \Countable::count()
-     */
-    public function count()
-    {
-        return count($this->_children);
-    }
+	/**
+	 * Get the number of child nodes.
+	 *
+	 * @see \Countable::count()
+	 */
+	public function count()
+	{
+		return count($this->_children);
+	}
     
-    /**
-     * Get iterator for the child nodes.
-     *
-     * @see \IteratorAggregate::getIterator()
-     */
-    public function getIterator()
-    {
-        return new \ArrayIterator($this->_children);
-    }
+	/**
+	 * Get iterator for the child nodes.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 */
+	public function getIterator()
+	{
+		return new \ArrayIterator($this->_children);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/CertificationPath.php 1 patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch

@@ -21,171 +21,171 @@
 block discarded – undo
  */
 class CertificationPath implements \Countable, \IteratorAggregate
 {
-    /**
-     * Certification path.
-     *
-     * @var Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Constructor.
-     *
-     * @param Certificate ...$certificates Certificates from the trust anchor
-     *        to the target end-entity certificate
-     */
-    public function __construct(Certificate ...$certificates)
-    {
-        $this->_certificates = $certificates;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Certificate ...$certificates Certificates from the trust anchor
+	 *        to the target end-entity certificate
+	 */
+	public function __construct(Certificate ...$certificates)
+	{
+		$this->_certificates = $certificates;
+	}
     
-    /**
-     * Initialize from a certificate chain.
-     *
-     * @param CertificateChain $chain
-     * @return self
-     */
-    public static function fromCertificateChain(CertificateChain $chain)
-    {
-        return new self(...array_reverse($chain->certificates(), false));
-    }
+	/**
+	 * Initialize from a certificate chain.
+	 *
+	 * @param CertificateChain $chain
+	 * @return self
+	 */
+	public static function fromCertificateChain(CertificateChain $chain)
+	{
+		return new self(...array_reverse($chain->certificates(), false));
+	}
     
-    /**
-     * Build certification path to given target.
-     *
-     * @param Certificate $target Target end-entity certificate
-     * @param CertificateBundle $trust_anchors List of trust anchors
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @return self
-     */
-    public static function toTarget(Certificate $target,
-        CertificateBundle $trust_anchors, CertificateBundle $intermediate = null)
-    {
-        $builder = new CertificationPathBuilder($trust_anchors);
-        return $builder->shortestPathToTarget($target, $intermediate);
-    }
+	/**
+	 * Build certification path to given target.
+	 *
+	 * @param Certificate $target Target end-entity certificate
+	 * @param CertificateBundle $trust_anchors List of trust anchors
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @return self
+	 */
+	public static function toTarget(Certificate $target,
+		CertificateBundle $trust_anchors, CertificateBundle $intermediate = null)
+	{
+		$builder = new CertificationPathBuilder($trust_anchors);
+		return $builder->shortestPathToTarget($target, $intermediate);
+	}
     
-    /**
-     * Build certification path from given trust anchor to target certificate,
-     * using intermediate certificates from given bundle.
-     *
-     * @param Certificate $trust_anchor Trust anchor certificate
-     * @param Certificate $target Target end-entity certificate
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @return self
-     */
-    public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
-        Certificate $target, CertificateBundle $intermediate = null)
-    {
-        return self::toTarget($target, new CertificateBundle($trust_anchor),
-            $intermediate);
-    }
+	/**
+	 * Build certification path from given trust anchor to target certificate,
+	 * using intermediate certificates from given bundle.
+	 *
+	 * @param Certificate $trust_anchor Trust anchor certificate
+	 * @param Certificate $target Target end-entity certificate
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @return self
+	 */
+	public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
+		Certificate $target, CertificateBundle $intermediate = null)
+	{
+		return self::toTarget($target, new CertificateBundle($trust_anchor),
+			$intermediate);
+	}
     
-    /**
-     * Get certificates.
-     *
-     * @return Certificate[]
-     */
-    public function certificates()
-    {
-        return $this->_certificates;
-    }
+	/**
+	 * Get certificates.
+	 *
+	 * @return Certificate[]
+	 */
+	public function certificates()
+	{
+		return $this->_certificates;
+	}
     
-    /**
-     * Get the trust anchor certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     * @return Certificate
-     */
-    public function trustAnchorCertificate()
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certificates[0];
-    }
+	/**
+	 * Get the trust anchor certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 * @return Certificate
+	 */
+	public function trustAnchorCertificate()
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certificates[0];
+	}
     
-    /**
-     * Get the end-entity certificate from the path.
-     *
-     * @throws \LogicException If path is empty
-     * @return Certificate
-     */
-    public function endEntityCertificate()
-    {
-        if (!count($this->_certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
+	/**
+	 * Get the end-entity certificate from the path.
+	 *
+	 * @throws \LogicException If path is empty
+	 * @return Certificate
+	 */
+	public function endEntityCertificate()
+	{
+		if (!count($this->_certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
     
-    /**
-     * Get certification path as a certificate chain.
-     *
-     * @return CertificateChain
-     */
-    public function certificateChain()
-    {
-        return new CertificateChain(
-            ...array_reverse($this->_certificates, false));
-    }
+	/**
+	 * Get certification path as a certificate chain.
+	 *
+	 * @return CertificateChain
+	 */
+	public function certificateChain()
+	{
+		return new CertificateChain(
+			...array_reverse($this->_certificates, false));
+	}
     
-    /**
-     * Check whether certification path starts with one ore more given
-     * certificates in parameter order.
-     *
-     * @param Certificate ...$certs Certificates
-     * @return true
-     */
-    public function startsWith(Certificate ...$certs)
-    {
-        $n = count($certs);
-        if ($n > count($this->_certificates)) {
-            return false;
-        }
-        for ($i = 0; $i < $n; ++$i) {
-            if (!$certs[$i]->equals($this->_certificates[$i])) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * Check whether certification path starts with one ore more given
+	 * certificates in parameter order.
+	 *
+	 * @param Certificate ...$certs Certificates
+	 * @return true
+	 */
+	public function startsWith(Certificate ...$certs)
+	{
+		$n = count($certs);
+		if ($n > count($this->_certificates)) {
+			return false;
+		}
+		for ($i = 0; $i < $n; ++$i) {
+			if (!$certs[$i]->equals($this->_certificates[$i])) {
+				return false;
+			}
+		}
+		return true;
+	}
     
-    /**
-     * Validate certification path.
-     *
-     * @param PathValidationConfig $config
-     * @param Crypto|null $crypto Crypto engine, use default if not set
-     * @throws Exception\PathValidationException
-     * @return PathValidation\PathValidationResult
-     */
-    public function validate(PathValidationConfig $config, Crypto $crypto = null)
-    {
-        $crypto = $crypto ?: Crypto::getDefault();
-        $validator = new PathValidator($crypto, $config, ...$this->_certificates);
-        return $validator->validate();
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @param PathValidationConfig $config
+	 * @param Crypto|null $crypto Crypto engine, use default if not set
+	 * @throws Exception\PathValidationException
+	 * @return PathValidation\PathValidationResult
+	 */
+	public function validate(PathValidationConfig $config, Crypto $crypto = null)
+	{
+		$crypto = $crypto ?: Crypto::getDefault();
+		$validator = new PathValidator($crypto, $config, ...$this->_certificates);
+		return $validator->validate();
+	}
     
-    /**
-     *
-     * @see \Countable::count()
-     * @return int
-     */
-    public function count()
-    {
-        return count($this->_certificates);
-    }
+	/**
+	 *
+	 * @see \Countable::count()
+	 * @return int
+	 */
+	public function count()
+	{
+		return count($this->_certificates);
+	}
     
-    /**
-     * Get iterator for certificates.
-     *
-     * @see \IteratorAggregate::getIterator()
-     * @return \ArrayIterator
-     */
-    public function getIterator()
-    {
-        return new \ArrayIterator($this->_certificates);
-    }
+	/**
+	 * Get iterator for certificates.
+	 *
+	 * @see \IteratorAggregate::getIterator()
+	 * @return \ArrayIterator
+	 */
+	public function getIterator()
+	{
+		return new \ArrayIterator($this->_certificates);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/PathValidator.php 1 patch

Indentation +553 added lines, -553 removed lines patch added patch discarded remove patch

@@ -15,584 +15,584 @@
 block discarded – undo
  */
 class PathValidator
 {
-    /**
-     * Crypto engine.
-     *
-     * @var Crypto $_crypto
-     */
-    protected $_crypto;
+	/**
+	 * Crypto engine.
+	 *
+	 * @var Crypto $_crypto
+	 */
+	protected $_crypto;
     
-    /**
-     * Path validation configuration.
-     *
-     * @var PathValidationConfig $_config
-     */
-    protected $_config;
+	/**
+	 * Path validation configuration.
+	 *
+	 * @var PathValidationConfig $_config
+	 */
+	protected $_config;
     
-    /**
-     * Certification path.
-     *
-     * @var Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certification path.
+	 *
+	 * @var Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Certification path trust anchor.
-     *
-     * @var Certificate $_trustAnchor
-     */
-    protected $_trustAnchor;
+	/**
+	 * Certification path trust anchor.
+	 *
+	 * @var Certificate $_trustAnchor
+	 */
+	protected $_trustAnchor;
     
-    /**
-     * Constructor.
-     *
-     * @param Crypto $crypto Crypto engine
-     * @param PathValidationConfig $config Validation config
-     * @param Certificate ...$certificates Certificates from the trust anchor to
-     *            the end-entity certificate
-     */
-    public function __construct(Crypto $crypto, PathValidationConfig $config,
-        Certificate ...$certificates)
-    {
-        if (!count($certificates)) {
-            throw new \LogicException("No certificates.");
-        }
-        $this->_crypto = $crypto;
-        $this->_config = $config;
-        $this->_certificates = $certificates;
-        // if trust anchor is explicitly given in configuration
-        if ($config->hasTrustAnchor()) {
-            $this->_trustAnchor = $config->trustAnchor();
-        } else {
-            $this->_trustAnchor = $certificates[0];
-        }
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Crypto $crypto Crypto engine
+	 * @param PathValidationConfig $config Validation config
+	 * @param Certificate ...$certificates Certificates from the trust anchor to
+	 *            the end-entity certificate
+	 */
+	public function __construct(Crypto $crypto, PathValidationConfig $config,
+		Certificate ...$certificates)
+	{
+		if (!count($certificates)) {
+			throw new \LogicException("No certificates.");
+		}
+		$this->_crypto = $crypto;
+		$this->_config = $config;
+		$this->_certificates = $certificates;
+		// if trust anchor is explicitly given in configuration
+		if ($config->hasTrustAnchor()) {
+			$this->_trustAnchor = $config->trustAnchor();
+		} else {
+			$this->_trustAnchor = $certificates[0];
+		}
+	}
     
-    /**
-     * Validate certification path.
-     *
-     * @throws PathValidationException
-     * @return PathValidationResult
-     */
-    public function validate()
-    {
-        $n = count($this->_certificates);
-        $state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
-            $n);
-        for ($i = 0; $i < $n; ++$i) {
-            $state = $state->withIndex($i + 1);
-            $cert = $this->_certificates[$i];
-            // process certificate (section 6.1.3.)
-            $state = $this->_processCertificate($state, $cert);
-            if (!$state->isFinal()) {
-                // prepare next certificate (section 6.1.4.)
-                $state = $this->_prepareNext($state, $cert);
-            }
-        }
-        if (!isset($cert)) {
-            throw new \LogicException("No certificates.");
-        }
-        // wrap-up (section 6.1.5.)
-        $state = $this->_wrapUp($state, $cert);
-        // return outputs
-        return $state->getResult($this->_certificates);
-    }
+	/**
+	 * Validate certification path.
+	 *
+	 * @throws PathValidationException
+	 * @return PathValidationResult
+	 */
+	public function validate()
+	{
+		$n = count($this->_certificates);
+		$state = ValidatorState::initialize($this->_config, $this->_trustAnchor,
+			$n);
+		for ($i = 0; $i < $n; ++$i) {
+			$state = $state->withIndex($i + 1);
+			$cert = $this->_certificates[$i];
+			// process certificate (section 6.1.3.)
+			$state = $this->_processCertificate($state, $cert);
+			if (!$state->isFinal()) {
+				// prepare next certificate (section 6.1.4.)
+				$state = $this->_prepareNext($state, $cert);
+			}
+		}
+		if (!isset($cert)) {
+			throw new \LogicException("No certificates.");
+		}
+		// wrap-up (section 6.1.5.)
+		$state = $this->_wrapUp($state, $cert);
+		// return outputs
+		return $state->getResult($this->_certificates);
+	}
     
-    /**
-     * Apply basic certificate processing according to RFC 5280 section 6.1.3.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _processCertificate(ValidatorState $state, Certificate $cert)
-    {
-        // (a.1) verify signature
-        $this->_verifySignature($state, $cert);
-        // (a.2) check validity period
-        $this->_checkValidity($cert);
-        // (a.3) check that certificate is not revoked
-        $this->_checkRevocation($cert);
-        // (a.4) check issuer
-        $this->_checkIssuer($state, $cert);
-        // (b)(c) if certificate is self-issued and it is not
-        // the final certificate in the path, skip this step
-        if (!($cert->isSelfIssued() && !$state->isFinal())) {
-            // (b) check permitted subtrees
-            $this->_checkPermittedSubtrees($state, $cert);
-            // (c) check excluded subtrees
-            $this->_checkExcludedSubtrees($state, $cert);
-        }
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasCertificatePolicies()) {
-            // (d) process policy information
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processPolicies($state,
-                    $cert);
-            }
-        } else {
-            // (e) certificate policies extension not present,
-            // set the valid_policy_tree to NULL
-            $state = $state->withoutValidPolicyTree();
-        }
-        // (f) check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        return $state;
-    }
+	/**
+	 * Apply basic certificate processing according to RFC 5280 section 6.1.3.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.3
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _processCertificate(ValidatorState $state, Certificate $cert)
+	{
+		// (a.1) verify signature
+		$this->_verifySignature($state, $cert);
+		// (a.2) check validity period
+		$this->_checkValidity($cert);
+		// (a.3) check that certificate is not revoked
+		$this->_checkRevocation($cert);
+		// (a.4) check issuer
+		$this->_checkIssuer($state, $cert);
+		// (b)(c) if certificate is self-issued and it is not
+		// the final certificate in the path, skip this step
+		if (!($cert->isSelfIssued() && !$state->isFinal())) {
+			// (b) check permitted subtrees
+			$this->_checkPermittedSubtrees($state, $cert);
+			// (c) check excluded subtrees
+			$this->_checkExcludedSubtrees($state, $cert);
+		}
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasCertificatePolicies()) {
+			// (d) process policy information
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processPolicies($state,
+					$cert);
+			}
+		} else {
+			// (e) certificate policies extension not present,
+			// set the valid_policy_tree to NULL
+			$state = $state->withoutValidPolicyTree();
+		}
+		// (f) check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for the certificate i+1 according to rfc5280 section
-     * 6.1.4.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNext(ValidatorState $state, Certificate $cert)
-    {
-        // (a)(b) if policy mappings extension is present
-        $state = $this->_preparePolicyMappings($state, $cert);
-        // (c) assign working_issuer_name
-        $state = $state->withWorkingIssuerName(
-            $cert->tbsCertificate()
-                ->subject());
-        // (d)(e)(f)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (g) if name constraints extension is present
-        $state = $this->_prepareNameConstraints($state, $cert);
-        // (h) if certificate is not self-issued
-        if (!$cert->isSelfIssued()) {
-            $state = $this->_prepareNonSelfIssued($state);
-        }
-        // (i) if policy constraints extension is present
-        $state = $this->_preparePolicyConstraints($state, $cert);
-        // (j) if inhibit any policy extension is present
-        $state = $this->_prepareInhibitAnyPolicy($state, $cert);
-        // (k) check basic constraints
-        $this->_processBasicContraints($cert);
-        // (l) verify max_path_length
-        $state = $this->_verifyMaxPathLength($state, $cert);
-        // (m) check pathLenContraint
-        $state = $this->_processPathLengthContraint($state, $cert);
-        // (n) check key usage
-        $this->_checkKeyUsage($cert);
-        // (o) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        return $state;
-    }
+	/**
+	 * Apply preparation for the certificate i+1 according to rfc5280 section
+	 * 6.1.4.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.4
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNext(ValidatorState $state, Certificate $cert)
+	{
+		// (a)(b) if policy mappings extension is present
+		$state = $this->_preparePolicyMappings($state, $cert);
+		// (c) assign working_issuer_name
+		$state = $state->withWorkingIssuerName(
+			$cert->tbsCertificate()
+				->subject());
+		// (d)(e)(f)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (g) if name constraints extension is present
+		$state = $this->_prepareNameConstraints($state, $cert);
+		// (h) if certificate is not self-issued
+		if (!$cert->isSelfIssued()) {
+			$state = $this->_prepareNonSelfIssued($state);
+		}
+		// (i) if policy constraints extension is present
+		$state = $this->_preparePolicyConstraints($state, $cert);
+		// (j) if inhibit any policy extension is present
+		$state = $this->_prepareInhibitAnyPolicy($state, $cert);
+		// (k) check basic constraints
+		$this->_processBasicContraints($cert);
+		// (l) verify max_path_length
+		$state = $this->_verifyMaxPathLength($state, $cert);
+		// (m) check pathLenContraint
+		$state = $this->_processPathLengthContraint($state, $cert);
+		// (n) check key usage
+		$this->_checkKeyUsage($cert);
+		// (o) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		return $state;
+	}
     
-    /**
-     * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _wrapUp(ValidatorState $state, Certificate $cert)
-    {
-        $tbs_cert = $cert->tbsCertificate();
-        $extensions = $tbs_cert->extensions();
-        // (a)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (b)
-        if ($extensions->hasPolicyConstraints()) {
-            $ext = $extensions->policyConstraints();
-            if ($ext->hasRequireExplicitPolicy() &&
-                 $ext->requireExplicitPolicy() == 0) {
-                $state = $state->withExplicitPolicy(0);
-            }
-        }
-        // (c)(d)(e)
-        $state = $this->_setPublicKeyState($state, $cert);
-        // (f) process relevant extensions
-        $state = $this->_processExtensions($state, $cert);
-        // (g) intersection of valid_policy_tree and the initial-policy-set
-        $state = $this->_calculatePolicyIntersection($state);
-        // check that explicit_policy > 0 or valid_policy_tree is set
-        if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
-            throw new PathValidationException("No valid policies.");
-        }
-        // path validation succeeded
-        return $state;
-    }
+	/**
+	 * Apply wrap-up procedure according to RFC 5280 section 6.1.5.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.5
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _wrapUp(ValidatorState $state, Certificate $cert)
+	{
+		$tbs_cert = $cert->tbsCertificate();
+		$extensions = $tbs_cert->extensions();
+		// (a)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (b)
+		if ($extensions->hasPolicyConstraints()) {
+			$ext = $extensions->policyConstraints();
+			if ($ext->hasRequireExplicitPolicy() &&
+				 $ext->requireExplicitPolicy() == 0) {
+				$state = $state->withExplicitPolicy(0);
+			}
+		}
+		// (c)(d)(e)
+		$state = $this->_setPublicKeyState($state, $cert);
+		// (f) process relevant extensions
+		$state = $this->_processExtensions($state, $cert);
+		// (g) intersection of valid_policy_tree and the initial-policy-set
+		$state = $this->_calculatePolicyIntersection($state);
+		// check that explicit_policy > 0 or valid_policy_tree is set
+		if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) {
+			throw new PathValidationException("No valid policies.");
+		}
+		// path validation succeeded
+		return $state;
+	}
     
-    /**
-     * Update working_public_key, working_public_key_parameters and
-     * working_public_key_algorithm state variables from certificate.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _setPublicKeyState(ValidatorState $state, Certificate $cert)
-    {
-        $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
-        // assign working_public_key
-        $state = $state->withWorkingPublicKey($pk_info);
-        // assign working_public_key_parameters
-        $params = ValidatorState::getAlgorithmParameters(
-            $pk_info->algorithmIdentifier());
-        if (null !== $params) {
-            $state = $state->withWorkingPublicKeyParameters($params);
-        } else {
-            // if algorithms differ, set parameters to null
-            if ($pk_info->algorithmIdentifier()->oid() !==
-                 $state->workingPublicKeyAlgorithm()->oid()) {
-                $state = $state->withWorkingPublicKeyParameters(null);
-            }
-        }
-        // assign working_public_key_algorithm
-        $state = $state->withWorkingPublicKeyAlgorithm(
-            $pk_info->algorithmIdentifier());
-        return $state;
-    }
+	/**
+	 * Update working_public_key, working_public_key_parameters and
+	 * working_public_key_algorithm state variables from certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _setPublicKeyState(ValidatorState $state, Certificate $cert)
+	{
+		$pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo();
+		// assign working_public_key
+		$state = $state->withWorkingPublicKey($pk_info);
+		// assign working_public_key_parameters
+		$params = ValidatorState::getAlgorithmParameters(
+			$pk_info->algorithmIdentifier());
+		if (null !== $params) {
+			$state = $state->withWorkingPublicKeyParameters($params);
+		} else {
+			// if algorithms differ, set parameters to null
+			if ($pk_info->algorithmIdentifier()->oid() !==
+				 $state->workingPublicKeyAlgorithm()->oid()) {
+				$state = $state->withWorkingPublicKeyParameters(null);
+			}
+		}
+		// assign working_public_key_algorithm
+		$state = $state->withWorkingPublicKeyAlgorithm(
+			$pk_info->algorithmIdentifier());
+		return $state;
+	}
     
-    /**
-     * Verify certificate signature.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _verifySignature(ValidatorState $state, Certificate $cert)
-    {
-        try {
-            $valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
-        } catch (\RuntimeException $e) {
-            throw new PathValidationException(
-                "Failed to verify signature: " . $e->getMessage(), null, $e);
-        }
-        if (!$valid) {
-            throw new PathValidationException(
-                "Certificate signature doesn't match.");
-        }
-    }
+	/**
+	 * Verify certificate signature.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _verifySignature(ValidatorState $state, Certificate $cert)
+	{
+		try {
+			$valid = $cert->verify($state->workingPublicKey(), $this->_crypto);
+		} catch (\RuntimeException $e) {
+			throw new PathValidationException(
+				"Failed to verify signature: " . $e->getMessage(), null, $e);
+		}
+		if (!$valid) {
+			throw new PathValidationException(
+				"Certificate signature doesn't match.");
+		}
+	}
     
-    /**
-     * Check certificate validity.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkValidity(Certificate $cert)
-    {
-        $refdt = $this->_config->dateTime();
-        $validity = $cert->tbsCertificate()->validity();
-        if ($validity->notBefore()
-            ->dateTime()
-            ->diff($refdt)->invert) {
-            throw new PathValidationException(
-                "Certificate validity period has not started.");
-        }
-        if ($refdt->diff($validity->notAfter()
-            ->dateTime())->invert) {
-            throw new PathValidationException("Certificate has expired.");
-        }
-    }
+	/**
+	 * Check certificate validity.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkValidity(Certificate $cert)
+	{
+		$refdt = $this->_config->dateTime();
+		$validity = $cert->tbsCertificate()->validity();
+		if ($validity->notBefore()
+			->dateTime()
+			->diff($refdt)->invert) {
+			throw new PathValidationException(
+				"Certificate validity period has not started.");
+		}
+		if ($refdt->diff($validity->notAfter()
+			->dateTime())->invert) {
+			throw new PathValidationException("Certificate has expired.");
+		}
+	}
     
-    /**
-     * Check certificate revocation.
-     *
-     * @param Certificate $cert
-     */
-    private function _checkRevocation(Certificate $cert)
-    {
-        // @todo Implement CRL handling
-    }
+	/**
+	 * Check certificate revocation.
+	 *
+	 * @param Certificate $cert
+	 */
+	private function _checkRevocation(Certificate $cert)
+	{
+		// @todo Implement CRL handling
+	}
     
-    /**
-     * Check certificate issuer.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkIssuer(ValidatorState $state, Certificate $cert)
-    {
-        if (!$cert->tbsCertificate()
-            ->issuer()
-            ->equals($state->workingIssuerName())) {
-            throw new PathValidationException("Certification issuer mismatch.");
-        }
-    }
+	/**
+	 * Check certificate issuer.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkIssuer(ValidatorState $state, Certificate $cert)
+	{
+		if (!$cert->tbsCertificate()
+			->issuer()
+			->equals($state->workingIssuerName())) {
+			throw new PathValidationException("Certification issuer mismatch.");
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkPermittedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->permittedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkPermittedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->permittedSubtrees();
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     */
-    private function _checkExcludedSubtrees(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        $state->excludedSubtrees();
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 */
+	private function _checkExcludedSubtrees(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		$state->excludedSubtrees();
+	}
     
-    /**
-     * Apply policy mappings handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _preparePolicyMappings(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasPolicyMappings()) {
-            // (a) verify that anyPolicy mapping is not used
-            if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
-                throw new PathValidationException("anyPolicy mapping found.");
-            }
-            // (b) process policy mappings
-            if ($state->hasValidPolicyTree()) {
-                $state = $state->validPolicyTree()->processMappings($state,
-                    $cert);
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy mappings handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyMappings(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasPolicyMappings()) {
+			// (a) verify that anyPolicy mapping is not used
+			if ($extensions->policyMappings()->hasAnyPolicyMapping()) {
+				throw new PathValidationException("anyPolicy mapping found.");
+			}
+			// (b) process policy mappings
+			if ($state->hasValidPolicyTree()) {
+				$state = $state->validPolicyTree()->processMappings($state,
+					$cert);
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Apply name constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareNameConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasNameConstraints()) {
-            $state = $this->_processNameConstraints($state, $cert);
-        }
-        return $state;
-    }
+	/**
+	 * Apply name constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareNameConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasNameConstraints()) {
+			$state = $this->_processNameConstraints($state, $cert);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply preparation for a non-self-signed certificate.
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _prepareNonSelfIssued(ValidatorState $state)
-    {
-        // (h.1)
-        if ($state->explicitPolicy() > 0) {
-            $state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
-        }
-        // (h.2)
-        if ($state->policyMapping() > 0) {
-            $state = $state->withPolicyMapping($state->policyMapping() - 1);
-        }
-        // (h.3)
-        if ($state->inhibitAnyPolicy() > 0) {
-            $state = $state->withInhibitAnyPolicy(
-                $state->inhibitAnyPolicy() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Apply preparation for a non-self-signed certificate.
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _prepareNonSelfIssued(ValidatorState $state)
+	{
+		// (h.1)
+		if ($state->explicitPolicy() > 0) {
+			$state = $state->withExplicitPolicy($state->explicitPolicy() - 1);
+		}
+		// (h.2)
+		if ($state->policyMapping() > 0) {
+			$state = $state->withPolicyMapping($state->policyMapping() - 1);
+		}
+		// (h.3)
+		if ($state->inhibitAnyPolicy() > 0) {
+			$state = $state->withInhibitAnyPolicy(
+				$state->inhibitAnyPolicy() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Apply policy constraints handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _preparePolicyConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if (!$extensions->hasPolicyConstraints()) {
-            return $state;
-        }
-        $ext = $extensions->policyConstraints();
-        // (i.1)
-        if ($ext->hasRequireExplicitPolicy() &&
-             $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
-            $state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
-        }
-        // (i.2)
-        if ($ext->hasInhibitPolicyMapping() &&
-             $ext->inhibitPolicyMapping() < $state->policyMapping()) {
-            $state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
-        }
-        return $state;
-    }
+	/**
+	 * Apply policy constraints handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _preparePolicyConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if (!$extensions->hasPolicyConstraints()) {
+			return $state;
+		}
+		$ext = $extensions->policyConstraints();
+		// (i.1)
+		if ($ext->hasRequireExplicitPolicy() &&
+			 $ext->requireExplicitPolicy() < $state->explicitPolicy()) {
+			$state = $state->withExplicitPolicy($ext->requireExplicitPolicy());
+		}
+		// (i.2)
+		if ($ext->hasInhibitPolicyMapping() &&
+			 $ext->inhibitPolicyMapping() < $state->policyMapping()) {
+			$state = $state->withPolicyMapping($ext->inhibitPolicyMapping());
+		}
+		return $state;
+	}
     
-    /**
-     * Apply inhibit any-policy handling for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _prepareInhibitAnyPolicy(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasInhibitAnyPolicy()) {
-            $ext = $extensions->inhibitAnyPolicy();
-            if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
-                $state = $state->withInhibitAnyPolicy($ext->skipCerts());
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Apply inhibit any-policy handling for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _prepareInhibitAnyPolicy(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasInhibitAnyPolicy()) {
+			$ext = $extensions->inhibitAnyPolicy();
+			if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
+				$state = $state->withInhibitAnyPolicy($ext->skipCerts());
+			}
+		}
+		return $state;
+	}
     
-    /**
-     * Verify maximum certification path length for the preparation step.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @throws PathValidationException
-     * @return ValidatorState
-     */
-    private function _verifyMaxPathLength(ValidatorState $state,
-        Certificate $cert)
-    {
-        if (!$cert->isSelfIssued()) {
-            if ($state->maxPathLength() <= 0) {
-                throw new PathValidationException(
-                    "Certification path length exceeded.");
-            }
-            $state = $state->withMaxPathLength($state->maxPathLength() - 1);
-        }
-        return $state;
-    }
+	/**
+	 * Verify maximum certification path length for the preparation step.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 * @return ValidatorState
+	 */
+	private function _verifyMaxPathLength(ValidatorState $state,
+		Certificate $cert)
+	{
+		if (!$cert->isSelfIssued()) {
+			if ($state->maxPathLength() <= 0) {
+				throw new PathValidationException(
+					"Certification path length exceeded.");
+			}
+			$state = $state->withMaxPathLength($state->maxPathLength() - 1);
+		}
+		return $state;
+	}
     
-    /**
-     * Check key usage extension for the preparation step.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _checkKeyUsage(Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasKeyUsage()) {
-            $ext = $extensions->keyUsage();
-            if (!$ext->isKeyCertSign()) {
-                throw new PathValidationException("keyCertSign usage not set.");
-            }
-        }
-    }
+	/**
+	 * Check key usage extension for the preparation step.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _checkKeyUsage(Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasKeyUsage()) {
+			$ext = $extensions->keyUsage();
+			if (!$ext->isKeyCertSign()) {
+				throw new PathValidationException("keyCertSign usage not set.");
+			}
+		}
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processNameConstraints(ValidatorState $state,
-        Certificate $cert)
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processNameConstraints(ValidatorState $state,
+		Certificate $cert)
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     * Process basic constraints extension.
-     *
-     * @param Certificate $cert
-     * @throws PathValidationException
-     */
-    private function _processBasicContraints(Certificate $cert)
-    {
-        if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
-            $extensions = $cert->tbsCertificate()->extensions();
-            if (!$extensions->hasBasicConstraints()) {
-                throw new PathValidationException(
-                    "v3 certificate must have basicConstraints extension.");
-            }
-            // verify that cA is set to TRUE
-            if (!$extensions->basicConstraints()->isCA()) {
-                throw new PathValidationException(
-                    "Certificate is not a CA certificate.");
-            }
-        }
-    }
+	/**
+	 * Process basic constraints extension.
+	 *
+	 * @param Certificate $cert
+	 * @throws PathValidationException
+	 */
+	private function _processBasicContraints(Certificate $cert)
+	{
+		if ($cert->tbsCertificate()->version() == TBSCertificate::VERSION_3) {
+			$extensions = $cert->tbsCertificate()->extensions();
+			if (!$extensions->hasBasicConstraints()) {
+				throw new PathValidationException(
+					"v3 certificate must have basicConstraints extension.");
+			}
+			// verify that cA is set to TRUE
+			if (!$extensions->basicConstraints()->isCA()) {
+				throw new PathValidationException(
+					"Certificate is not a CA certificate.");
+			}
+		}
+	}
     
-    /**
-     * Process pathLenConstraint.
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processPathLengthContraint(ValidatorState $state,
-        Certificate $cert)
-    {
-        $extensions = $cert->tbsCertificate()->extensions();
-        if ($extensions->hasBasicConstraints()) {
-            $ext = $extensions->basicConstraints();
-            if ($ext->hasPathLen()) {
-                if ($ext->pathLen() < $state->maxPathLength()) {
-                    $state = $state->withMaxPathLength($ext->pathLen());
-                }
-            }
-        }
-        return $state;
-    }
+	/**
+	 * Process pathLenConstraint.
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processPathLengthContraint(ValidatorState $state,
+		Certificate $cert)
+	{
+		$extensions = $cert->tbsCertificate()->extensions();
+		if ($extensions->hasBasicConstraints()) {
+			$ext = $extensions->basicConstraints();
+			if ($ext->hasPathLen()) {
+				if ($ext->pathLen() < $state->maxPathLength()) {
+					$state = $state->withMaxPathLength($ext->pathLen());
+				}
+			}
+		}
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @param Certificate $cert
-     * @return ValidatorState
-     */
-    private function _processExtensions(ValidatorState $state, Certificate $cert)
-    {
-        // @todo Implement
-        return $state;
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @param Certificate $cert
+	 * @return ValidatorState
+	 */
+	private function _processExtensions(ValidatorState $state, Certificate $cert)
+	{
+		// @todo Implement
+		return $state;
+	}
     
-    /**
-     *
-     * @param ValidatorState $state
-     * @return ValidatorState
-     */
-    private function _calculatePolicyIntersection(ValidatorState $state)
-    {
-        // (i) If the valid_policy_tree is NULL, the intersection is NULL
-        if (!$state->hasValidPolicyTree()) {
-            return $state;
-        }
-        // (ii) If the valid_policy_tree is not NULL and
-        // the user-initial-policy-set is any-policy, the intersection
-        // is the entire valid_policy_tree
-        $initial_policies = $this->_config->policySet();
-        if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
-            return $state;
-        }
-        // (iii) If the valid_policy_tree is not NULL and the
-        // user-initial-policy-set is not any-policy, calculate
-        // the intersection of the valid_policy_tree and the
-        // user-initial-policy-set as follows
-        return $state->validPolicyTree()->calculateIntersection($state,
-            $initial_policies);
-    }
+	/**
+	 *
+	 * @param ValidatorState $state
+	 * @return ValidatorState
+	 */
+	private function _calculatePolicyIntersection(ValidatorState $state)
+	{
+		// (i) If the valid_policy_tree is NULL, the intersection is NULL
+		if (!$state->hasValidPolicyTree()) {
+			return $state;
+		}
+		// (ii) If the valid_policy_tree is not NULL and
+		// the user-initial-policy-set is any-policy, the intersection
+		// is the entire valid_policy_tree
+		$initial_policies = $this->_config->policySet();
+		if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) {
+			return $state;
+		}
+		// (iii) If the valid_policy_tree is not NULL and the
+		// user-initial-policy-set is not any-policy, calculate
+		// the intersection of the valid_policy_tree and the
+		// user-initial-policy-set as follows
+		return $state->validPolicyTree()->calculateIntersection($state,
+			$initial_policies);
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/ValidatorState.php 1 patch

Indentation +480 added lines, -480 removed lines patch added patch discarded remove patch

@@ -18,484 +18,484 @@
 block discarded – undo
  */
 class ValidatorState
 {
-    /**
-     * Length of the certification path (n).
-     *
-     * @var int $_pathLength
-     */
-    protected $_pathLength;
-    
-    /**
-     * Current index in the certification path in the range of 1..n (i).
-     *
-     * @var int $_index
-     */
-    protected $_index;
-    
-    /**
-     * Valid policy tree (valid_policy_tree).
-     *
-     * A tree of certificate policies with their optional qualifiers.
-     * Each of the leaves of the tree represents a valid policy at this stage in
-     * the certification path validation.
-     * Once the tree is set to NULL, policy processing ceases.
-     *
-     * @var PolicyTree|null $_validPolicyTree
-     */
-    protected $_validPolicyTree;
-    
-    /**
-     * Permitted subtrees (permitted_subtrees).
-     *
-     * A set of root names for each name type defining a set of subtrees within
-     * which all subject names in subsequent certificates in the certification
-     * path must fall.
-     *
-     * @var mixed $_permittedSubtrees
-     */
-    protected $_permittedSubtrees;
-    
-    /**
-     * Excluded subtrees (excluded_subtrees).
-     *
-     * A set of root names for each name type defining a set of subtrees within
-     * which no subject name in subsequent certificates in the certification
-     * path may fall.
-     *
-     * @var mixed $_excludedSubtrees
-     */
-    protected $_excludedSubtrees;
-    
-    /**
-     * Explicit policy (explicit_policy).
-     *
-     * An integer that indicates if a non-NULL valid_policy_tree is required.
-     *
-     * @var int $_explicitPolicy
-     */
-    protected $_explicitPolicy;
-    
-    /**
-     * Inhibit anyPolicy (inhibit_anyPolicy).
-     *
-     * An integer that indicates whether the anyPolicy policy identifier is
-     * considered a match.
-     *
-     * @var int $_inhibitAnyPolicy
-     */
-    protected $_inhibitAnyPolicy;
-    
-    /**
-     * Policy mapping (policy_mapping).
-     *
-     * An integer that indicates if policy mapping is permitted.
-     *
-     * @var int $_policyMapping
-     */
-    protected $_policyMapping;
-    
-    /**
-     * Working public key algorithm (working_public_key_algorithm).
-     *
-     * The digital signature algorithm used to verify the signature of a
-     * certificate.
-     *
-     * @var AlgorithmIdentifierType $_workingPublicKeyAlgorithm
-     */
-    protected $_workingPublicKeyAlgorithm;
-    
-    /**
-     * Working public key (working_public_key).
-     *
-     * The public key used to verify the signature of a certificate.
-     *
-     * @var PublicKeyInfo $_workingPublicKey
-     */
-    protected $_workingPublicKey;
-    
-    /**
-     * Working public key parameters (working_public_key_parameters).
-     *
-     * Parameters associated with the current public key that may be required to
-     * verify a signature.
-     *
-     * @var Element|null $_workingPublicKeyParameters
-     */
-    protected $_workingPublicKeyParameters;
-    
-    /**
-     * Working issuer name (working_issuer_name).
-     *
-     * The issuer distinguished name expected in the next certificate in the
-     * chain.
-     *
-     * @var Name $_workingIssuerName
-     */
-    protected $_workingIssuerName;
-    
-    /**
-     * Maximum certification path length (max_path_length).
-     *
-     * @var int $_maxPathLength
-     */
-    protected $_maxPathLength;
-    
-    /**
-     * Constructor.
-     */
-    protected function __construct()
-    {
-    }
-    
-    /**
-     * Initialize variables according to RFC 5280 6.1.2.
-     *
-     * @link https://tools.ietf.org/html/rfc5280#section-6.1.2
-     * @param PathValidationConfig $config
-     * @param Certificate $trust_anchor Trust anchor certificate
-     * @param int $n Number of certificates in the certification path
-     * @return self
-     */
-    public static function initialize(PathValidationConfig $config,
-        Certificate $trust_anchor, $n)
-    {
-        $state = new self();
-        $state->_pathLength = $n;
-        $state->_index = 1;
-        $state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
-        $state->_permittedSubtrees = null;
-        $state->_excludedSubtrees = null;
-        $state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
-        $state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
-        $state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
-        $state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
-        $tbsCert = $trust_anchor->tbsCertificate();
-        $state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
-        $state->_workingPublicKeyParameters = self::getAlgorithmParameters(
-            $state->_workingPublicKey->algorithmIdentifier());
-        $state->_workingIssuerName = $tbsCert->issuer();
-        $state->_maxPathLength = $config->maxLength();
-        return $state;
-    }
-    
-    /**
-     * Get self with current certification path index set.
-     *
-     * @param int $index
-     * @return self
-     */
-    public function withIndex($index)
-    {
-        $state = clone $this;
-        $state->_index = $index;
-        return $state;
-    }
-    
-    /**
-     * Get self with valid_policy_tree.
-     *
-     * @param PolicyTree $policy_tree
-     * @return self
-     */
-    public function withValidPolicyTree(PolicyTree $policy_tree)
-    {
-        $state = clone $this;
-        $state->_validPolicyTree = $policy_tree;
-        return $state;
-    }
-    
-    /**
-     * Get self with valid_policy_tree set to null.
-     *
-     * @return self
-     */
-    public function withoutValidPolicyTree()
-    {
-        $state = clone $this;
-        $state->_validPolicyTree = null;
-        return $state;
-    }
-    
-    /**
-     * Get self with explicit_policy.
-     *
-     * @param int $num
-     * @return self
-     */
-    public function withExplicitPolicy($num)
-    {
-        $state = clone $this;
-        $state->_explicitPolicy = $num;
-        return $state;
-    }
-    
-    /**
-     * Get self with inhibit_anyPolicy.
-     *
-     * @param int $num
-     * @return self
-     */
-    public function withInhibitAnyPolicy($num)
-    {
-        $state = clone $this;
-        $state->_inhibitAnyPolicy = $num;
-        return $state;
-    }
-    
-    /**
-     * Get self with policy_mapping.
-     *
-     * @param int $num
-     * @return self
-     */
-    public function withPolicyMapping($num)
-    {
-        $state = clone $this;
-        $state->_policyMapping = $num;
-        return $state;
-    }
-    
-    /**
-     * Get self with working_public_key_algorithm.
-     *
-     * @param AlgorithmIdentifierType $algo
-     * @return self
-     */
-    public function withWorkingPublicKeyAlgorithm(AlgorithmIdentifierType $algo)
-    {
-        $state = clone $this;
-        $state->_workingPublicKeyAlgorithm = $algo;
-        return $state;
-    }
-    
-    /**
-     * Get self with working_public_key.
-     *
-     * @param PublicKeyInfo $pubkey_info
-     * @return self
-     */
-    public function withWorkingPublicKey(PublicKeyInfo $pubkey_info)
-    {
-        $state = clone $this;
-        $state->_workingPublicKey = $pubkey_info;
-        return $state;
-    }
-    
-    /**
-     * Get self with working_public_key_parameters.
-     *
-     * @param Element|null $params
-     * @return self
-     */
-    public function withWorkingPublicKeyParameters(Element $params = null)
-    {
-        $state = clone $this;
-        $state->_workingPublicKeyParameters = $params;
-        return $state;
-    }
-    
-    /**
-     * Get self with working_issuer_name.
-     *
-     * @param Name $issuer
-     * @return self
-     */
-    public function withWorkingIssuerName(Name $issuer)
-    {
-        $state = clone $this;
-        $state->_workingIssuerName = $issuer;
-        return $state;
-    }
-    
-    /**
-     * Get self with max_path_length.
-     *
-     * @param int $length
-     * @return self
-     */
-    public function withMaxPathLength($length)
-    {
-        $state = clone $this;
-        $state->_maxPathLength = $length;
-        return $state;
-    }
-    
-    /**
-     * Get the certification path length (n).
-     *
-     * @return int
-     */
-    public function pathLength()
-    {
-        return $this->_pathLength;
-    }
-    
-    /**
-     * Get the current index in certification path in the range of 1..n.
-     *
-     * @return int
-     */
-    public function index()
-    {
-        return $this->_index;
-    }
-    
-    /**
-     * Check whether valid_policy_tree is present.
-     *
-     * @return bool
-     */
-    public function hasValidPolicyTree()
-    {
-        return isset($this->_validPolicyTree);
-    }
-    
-    /**
-     * Get valid_policy_tree.
-     *
-     * @throws \LogicException
-     * @return PolicyTree
-     */
-    public function validPolicyTree()
-    {
-        if (!$this->hasValidPolicyTree()) {
-            throw new \LogicException("valid_policy_tree not set.");
-        }
-        return $this->_validPolicyTree;
-    }
-    
-    /**
-     * Get permitted_subtrees.
-     *
-     * @return mixed
-     */
-    public function permittedSubtrees()
-    {
-        return $this->_permittedSubtrees;
-    }
-    
-    /**
-     * Get excluded_subtrees.
-     *
-     * @return mixed
-     */
-    public function excludedSubtrees()
-    {
-        return $this->_excludedSubtrees;
-    }
-    
-    /**
-     * Get explicit_policy.
-     *
-     * @return int
-     */
-    public function explicitPolicy()
-    {
-        return $this->_explicitPolicy;
-    }
-    
-    /**
-     * Get inhibit_anyPolicy.
-     *
-     * @return int
-     */
-    public function inhibitAnyPolicy()
-    {
-        return $this->_inhibitAnyPolicy;
-    }
-    
-    /**
-     * Get policy_mapping.
-     *
-     * @return int
-     */
-    public function policyMapping()
-    {
-        return $this->_policyMapping;
-    }
-    
-    /**
-     * Get working_public_key_algorithm.
-     *
-     * @return AlgorithmIdentifierType
-     */
-    public function workingPublicKeyAlgorithm()
-    {
-        return $this->_workingPublicKeyAlgorithm;
-    }
-    
-    /**
-     * Get working_public_key.
-     *
-     * @return PublicKeyInfo
-     */
-    public function workingPublicKey()
-    {
-        return $this->_workingPublicKey;
-    }
-    
-    /**
-     * Get working_public_key_parameters.
-     *
-     * @return Element|null
-     */
-    public function workingPublicKeyParameters()
-    {
-        return $this->_workingPublicKeyParameters;
-    }
-    
-    /**
-     * Get working_issuer_name.
-     *
-     * @return Name
-     */
-    public function workingIssuerName()
-    {
-        return $this->_workingIssuerName;
-    }
-    
-    /**
-     * Get maximum certification path length.
-     *
-     * @return int
-     */
-    public function maxPathLength()
-    {
-        return $this->_maxPathLength;
-    }
-    
-    /**
-     * Check whether processing the final certificate of the certification path.
-     *
-     * @return bool
-     */
-    public function isFinal()
-    {
-        return $this->_index == $this->_pathLength;
-    }
-    
-    /**
-     * Get the path validation result.
-     *
-     * @param Certificate[] $certificates Certificates in a certification path
-     * @return PathValidationResult
-     */
-    public function getResult(array $certificates)
-    {
-        return new PathValidationResult($certificates, $this->_validPolicyTree,
-            $this->_workingPublicKey, $this->_workingPublicKeyAlgorithm,
-            $this->_workingPublicKeyParameters);
-    }
-    
-    /**
-     * Get ASN.1 parameters from algorithm identifier.
-     *
-     * @param AlgorithmIdentifierType $algo
-     * @return Element|null ASN.1 element or null if parameters are omitted
-     */
-    public static function getAlgorithmParameters(AlgorithmIdentifierType $algo)
-    {
-        $seq = $algo->toASN1();
-        return $seq->has(1) ? $seq->at(1)->asElement() : null;
-    }
+	/**
+	 * Length of the certification path (n).
+	 *
+	 * @var int $_pathLength
+	 */
+	protected $_pathLength;
+    
+	/**
+	 * Current index in the certification path in the range of 1..n (i).
+	 *
+	 * @var int $_index
+	 */
+	protected $_index;
+    
+	/**
+	 * Valid policy tree (valid_policy_tree).
+	 *
+	 * A tree of certificate policies with their optional qualifiers.
+	 * Each of the leaves of the tree represents a valid policy at this stage in
+	 * the certification path validation.
+	 * Once the tree is set to NULL, policy processing ceases.
+	 *
+	 * @var PolicyTree|null $_validPolicyTree
+	 */
+	protected $_validPolicyTree;
+    
+	/**
+	 * Permitted subtrees (permitted_subtrees).
+	 *
+	 * A set of root names for each name type defining a set of subtrees within
+	 * which all subject names in subsequent certificates in the certification
+	 * path must fall.
+	 *
+	 * @var mixed $_permittedSubtrees
+	 */
+	protected $_permittedSubtrees;
+    
+	/**
+	 * Excluded subtrees (excluded_subtrees).
+	 *
+	 * A set of root names for each name type defining a set of subtrees within
+	 * which no subject name in subsequent certificates in the certification
+	 * path may fall.
+	 *
+	 * @var mixed $_excludedSubtrees
+	 */
+	protected $_excludedSubtrees;
+    
+	/**
+	 * Explicit policy (explicit_policy).
+	 *
+	 * An integer that indicates if a non-NULL valid_policy_tree is required.
+	 *
+	 * @var int $_explicitPolicy
+	 */
+	protected $_explicitPolicy;
+    
+	/**
+	 * Inhibit anyPolicy (inhibit_anyPolicy).
+	 *
+	 * An integer that indicates whether the anyPolicy policy identifier is
+	 * considered a match.
+	 *
+	 * @var int $_inhibitAnyPolicy
+	 */
+	protected $_inhibitAnyPolicy;
+    
+	/**
+	 * Policy mapping (policy_mapping).
+	 *
+	 * An integer that indicates if policy mapping is permitted.
+	 *
+	 * @var int $_policyMapping
+	 */
+	protected $_policyMapping;
+    
+	/**
+	 * Working public key algorithm (working_public_key_algorithm).
+	 *
+	 * The digital signature algorithm used to verify the signature of a
+	 * certificate.
+	 *
+	 * @var AlgorithmIdentifierType $_workingPublicKeyAlgorithm
+	 */
+	protected $_workingPublicKeyAlgorithm;
+    
+	/**
+	 * Working public key (working_public_key).
+	 *
+	 * The public key used to verify the signature of a certificate.
+	 *
+	 * @var PublicKeyInfo $_workingPublicKey
+	 */
+	protected $_workingPublicKey;
+    
+	/**
+	 * Working public key parameters (working_public_key_parameters).
+	 *
+	 * Parameters associated with the current public key that may be required to
+	 * verify a signature.
+	 *
+	 * @var Element|null $_workingPublicKeyParameters
+	 */
+	protected $_workingPublicKeyParameters;
+    
+	/**
+	 * Working issuer name (working_issuer_name).
+	 *
+	 * The issuer distinguished name expected in the next certificate in the
+	 * chain.
+	 *
+	 * @var Name $_workingIssuerName
+	 */
+	protected $_workingIssuerName;
+    
+	/**
+	 * Maximum certification path length (max_path_length).
+	 *
+	 * @var int $_maxPathLength
+	 */
+	protected $_maxPathLength;
+    
+	/**
+	 * Constructor.
+	 */
+	protected function __construct()
+	{
+	}
+    
+	/**
+	 * Initialize variables according to RFC 5280 6.1.2.
+	 *
+	 * @link https://tools.ietf.org/html/rfc5280#section-6.1.2
+	 * @param PathValidationConfig $config
+	 * @param Certificate $trust_anchor Trust anchor certificate
+	 * @param int $n Number of certificates in the certification path
+	 * @return self
+	 */
+	public static function initialize(PathValidationConfig $config,
+		Certificate $trust_anchor, $n)
+	{
+		$state = new self();
+		$state->_pathLength = $n;
+		$state->_index = 1;
+		$state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode());
+		$state->_permittedSubtrees = null;
+		$state->_excludedSubtrees = null;
+		$state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1;
+		$state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1;
+		$state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1;
+		$state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm();
+		$tbsCert = $trust_anchor->tbsCertificate();
+		$state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo();
+		$state->_workingPublicKeyParameters = self::getAlgorithmParameters(
+			$state->_workingPublicKey->algorithmIdentifier());
+		$state->_workingIssuerName = $tbsCert->issuer();
+		$state->_maxPathLength = $config->maxLength();
+		return $state;
+	}
+    
+	/**
+	 * Get self with current certification path index set.
+	 *
+	 * @param int $index
+	 * @return self
+	 */
+	public function withIndex($index)
+	{
+		$state = clone $this;
+		$state->_index = $index;
+		return $state;
+	}
+    
+	/**
+	 * Get self with valid_policy_tree.
+	 *
+	 * @param PolicyTree $policy_tree
+	 * @return self
+	 */
+	public function withValidPolicyTree(PolicyTree $policy_tree)
+	{
+		$state = clone $this;
+		$state->_validPolicyTree = $policy_tree;
+		return $state;
+	}
+    
+	/**
+	 * Get self with valid_policy_tree set to null.
+	 *
+	 * @return self
+	 */
+	public function withoutValidPolicyTree()
+	{
+		$state = clone $this;
+		$state->_validPolicyTree = null;
+		return $state;
+	}
+    
+	/**
+	 * Get self with explicit_policy.
+	 *
+	 * @param int $num
+	 * @return self
+	 */
+	public function withExplicitPolicy($num)
+	{
+		$state = clone $this;
+		$state->_explicitPolicy = $num;
+		return $state;
+	}
+    
+	/**
+	 * Get self with inhibit_anyPolicy.
+	 *
+	 * @param int $num
+	 * @return self
+	 */
+	public function withInhibitAnyPolicy($num)
+	{
+		$state = clone $this;
+		$state->_inhibitAnyPolicy = $num;
+		return $state;
+	}
+    
+	/**
+	 * Get self with policy_mapping.
+	 *
+	 * @param int $num
+	 * @return self
+	 */
+	public function withPolicyMapping($num)
+	{
+		$state = clone $this;
+		$state->_policyMapping = $num;
+		return $state;
+	}
+    
+	/**
+	 * Get self with working_public_key_algorithm.
+	 *
+	 * @param AlgorithmIdentifierType $algo
+	 * @return self
+	 */
+	public function withWorkingPublicKeyAlgorithm(AlgorithmIdentifierType $algo)
+	{
+		$state = clone $this;
+		$state->_workingPublicKeyAlgorithm = $algo;
+		return $state;
+	}
+    
+	/**
+	 * Get self with working_public_key.
+	 *
+	 * @param PublicKeyInfo $pubkey_info
+	 * @return self
+	 */
+	public function withWorkingPublicKey(PublicKeyInfo $pubkey_info)
+	{
+		$state = clone $this;
+		$state->_workingPublicKey = $pubkey_info;
+		return $state;
+	}
+    
+	/**
+	 * Get self with working_public_key_parameters.
+	 *
+	 * @param Element|null $params
+	 * @return self
+	 */
+	public function withWorkingPublicKeyParameters(Element $params = null)
+	{
+		$state = clone $this;
+		$state->_workingPublicKeyParameters = $params;
+		return $state;
+	}
+    
+	/**
+	 * Get self with working_issuer_name.
+	 *
+	 * @param Name $issuer
+	 * @return self
+	 */
+	public function withWorkingIssuerName(Name $issuer)
+	{
+		$state = clone $this;
+		$state->_workingIssuerName = $issuer;
+		return $state;
+	}
+    
+	/**
+	 * Get self with max_path_length.
+	 *
+	 * @param int $length
+	 * @return self
+	 */
+	public function withMaxPathLength($length)
+	{
+		$state = clone $this;
+		$state->_maxPathLength = $length;
+		return $state;
+	}
+    
+	/**
+	 * Get the certification path length (n).
+	 *
+	 * @return int
+	 */
+	public function pathLength()
+	{
+		return $this->_pathLength;
+	}
+    
+	/**
+	 * Get the current index in certification path in the range of 1..n.
+	 *
+	 * @return int
+	 */
+	public function index()
+	{
+		return $this->_index;
+	}
+    
+	/**
+	 * Check whether valid_policy_tree is present.
+	 *
+	 * @return bool
+	 */
+	public function hasValidPolicyTree()
+	{
+		return isset($this->_validPolicyTree);
+	}
+    
+	/**
+	 * Get valid_policy_tree.
+	 *
+	 * @throws \LogicException
+	 * @return PolicyTree
+	 */
+	public function validPolicyTree()
+	{
+		if (!$this->hasValidPolicyTree()) {
+			throw new \LogicException("valid_policy_tree not set.");
+		}
+		return $this->_validPolicyTree;
+	}
+    
+	/**
+	 * Get permitted_subtrees.
+	 *
+	 * @return mixed
+	 */
+	public function permittedSubtrees()
+	{
+		return $this->_permittedSubtrees;
+	}
+    
+	/**
+	 * Get excluded_subtrees.
+	 *
+	 * @return mixed
+	 */
+	public function excludedSubtrees()
+	{
+		return $this->_excludedSubtrees;
+	}
+    
+	/**
+	 * Get explicit_policy.
+	 *
+	 * @return int
+	 */
+	public function explicitPolicy()
+	{
+		return $this->_explicitPolicy;
+	}
+    
+	/**
+	 * Get inhibit_anyPolicy.
+	 *
+	 * @return int
+	 */
+	public function inhibitAnyPolicy()
+	{
+		return $this->_inhibitAnyPolicy;
+	}
+    
+	/**
+	 * Get policy_mapping.
+	 *
+	 * @return int
+	 */
+	public function policyMapping()
+	{
+		return $this->_policyMapping;
+	}
+    
+	/**
+	 * Get working_public_key_algorithm.
+	 *
+	 * @return AlgorithmIdentifierType
+	 */
+	public function workingPublicKeyAlgorithm()
+	{
+		return $this->_workingPublicKeyAlgorithm;
+	}
+    
+	/**
+	 * Get working_public_key.
+	 *
+	 * @return PublicKeyInfo
+	 */
+	public function workingPublicKey()
+	{
+		return $this->_workingPublicKey;
+	}
+    
+	/**
+	 * Get working_public_key_parameters.
+	 *
+	 * @return Element|null
+	 */
+	public function workingPublicKeyParameters()
+	{
+		return $this->_workingPublicKeyParameters;
+	}
+    
+	/**
+	 * Get working_issuer_name.
+	 *
+	 * @return Name
+	 */
+	public function workingIssuerName()
+	{
+		return $this->_workingIssuerName;
+	}
+    
+	/**
+	 * Get maximum certification path length.
+	 *
+	 * @return int
+	 */
+	public function maxPathLength()
+	{
+		return $this->_maxPathLength;
+	}
+    
+	/**
+	 * Check whether processing the final certificate of the certification path.
+	 *
+	 * @return bool
+	 */
+	public function isFinal()
+	{
+		return $this->_index == $this->_pathLength;
+	}
+    
+	/**
+	 * Get the path validation result.
+	 *
+	 * @param Certificate[] $certificates Certificates in a certification path
+	 * @return PathValidationResult
+	 */
+	public function getResult(array $certificates)
+	{
+		return new PathValidationResult($certificates, $this->_validPolicyTree,
+			$this->_workingPublicKey, $this->_workingPublicKeyAlgorithm,
+			$this->_workingPublicKeyParameters);
+	}
+    
+	/**
+	 * Get ASN.1 parameters from algorithm identifier.
+	 *
+	 * @param AlgorithmIdentifierType $algo
+	 * @return Element|null ASN.1 element or null if parameters are omitted
+	 */
+	public static function getAlgorithmParameters(AlgorithmIdentifierType $algo)
+	{
+		$seq = $algo->toASN1();
+		return $seq->has(1) ? $seq->at(1)->asElement() : null;
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathValidation/PathValidationResult.php 1 patch

Indentation +74 added lines, -74 removed lines patch added patch discarded remove patch

@@ -13,85 +13,85 @@
 block discarded – undo
  */
 class PathValidationResult
 {
-    /**
-     * Certificates in a certification path.
-     *
-     * @var \X509\Certificate\Certificate[] $_certificates
-     */
-    protected $_certificates;
+	/**
+	 * Certificates in a certification path.
+	 *
+	 * @var \X509\Certificate\Certificate[] $_certificates
+	 */
+	protected $_certificates;
     
-    /**
-     * Valid policy tree.
-     *
-     * @var \X509\CertificationPath\Policy\PolicyTree|null $_policyTree
-     */
-    protected $_policyTree;
+	/**
+	 * Valid policy tree.
+	 *
+	 * @var \X509\CertificationPath\Policy\PolicyTree|null $_policyTree
+	 */
+	protected $_policyTree;
     
-    /**
-     * End-entity certificate's public key.
-     *
-     * @var PublicKeyInfo
-     */
-    protected $_publicKeyInfo;
+	/**
+	 * End-entity certificate's public key.
+	 *
+	 * @var PublicKeyInfo
+	 */
+	protected $_publicKeyInfo;
     
-    /**
-     * Public key algorithm.
-     *
-     * @var AlgorithmIdentifierType
-     */
-    protected $_publicKeyAlgo;
+	/**
+	 * Public key algorithm.
+	 *
+	 * @var AlgorithmIdentifierType
+	 */
+	protected $_publicKeyAlgo;
     
-    /**
-     * Public key parameters.
-     *
-     * @var Element|null $_publicKeyParameters
-     */
-    protected $_publicKeyParameters;
+	/**
+	 * Public key parameters.
+	 *
+	 * @var Element|null $_publicKeyParameters
+	 */
+	protected $_publicKeyParameters;
     
-    /**
-     * Constructor.
-     *
-     * @param \X509\Certificate\Certificate[] $certificates Certificates in a
-     *        certification path
-     * @param \X509\CertificationPath\Policy\PolicyTree|null $policy_tree Valid
-     *        policy tree
-     * @param PublicKeyInfo $pubkey_info Public key of the end-entity
-     *        certificate
-     * @param AlgorithmIdentifierType $algo Public key algorithm of the
-     *        end-entity certificate
-     * @param Element|null $params Algorithm parameters
-     */
-    public function __construct(array $certificates, $policy_tree,
-        PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
-        Element $params = null)
-    {
-        $this->_certificates = array_values($certificates);
-        $this->_policyTree = $policy_tree;
-        $this->_publicKeyInfo = $pubkey_info;
-        $this->_publicKeyAlgo = $algo;
-        $this->_publicKeyParameters = $params;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \X509\Certificate\Certificate[] $certificates Certificates in a
+	 *        certification path
+	 * @param \X509\CertificationPath\Policy\PolicyTree|null $policy_tree Valid
+	 *        policy tree
+	 * @param PublicKeyInfo $pubkey_info Public key of the end-entity
+	 *        certificate
+	 * @param AlgorithmIdentifierType $algo Public key algorithm of the
+	 *        end-entity certificate
+	 * @param Element|null $params Algorithm parameters
+	 */
+	public function __construct(array $certificates, $policy_tree,
+		PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
+		Element $params = null)
+	{
+		$this->_certificates = array_values($certificates);
+		$this->_policyTree = $policy_tree;
+		$this->_publicKeyInfo = $pubkey_info;
+		$this->_publicKeyAlgo = $algo;
+		$this->_publicKeyParameters = $params;
+	}
     
-    /**
-     * Get end-entity certificate.
-     *
-     * @return \X509\Certificate\Certificate
-     */
-    public function certificate()
-    {
-        return $this->_certificates[count($this->_certificates) - 1];
-    }
+	/**
+	 * Get end-entity certificate.
+	 *
+	 * @return \X509\Certificate\Certificate
+	 */
+	public function certificate()
+	{
+		return $this->_certificates[count($this->_certificates) - 1];
+	}
     
-    /**
-     * Get certificate policies of the end-entity certificate.
-     *
-     * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
-     */
-    public function policies()
-    {
-        if (!$this->_policyTree) {
-            return array();
-        }
-        return $this->_policyTree->policiesAtDepth(count($this->_certificates));
-    }
+	/**
+	 * Get certificate policies of the end-entity certificate.
+	 *
+	 * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
+	 */
+	public function policies()
+	{
+		if (!$this->_policyTree) {
+			return array();
+		}
+		return $this->_policyTree->policiesAtDepth(count($this->_certificates));
+	}
 }

Please login to merge, or discard this patch.

lib/X509/CertificationPath/PathBuilding/CertificationPathBuilder.php 1 patch

Indentation +128 added lines, -128 removed lines patch added patch discarded remove patch

@@ -14,137 +14,137 @@
 block discarded – undo
  */
 class CertificationPathBuilder
 {
-    /**
-     * Trust anchors.
-     *
-     * @var CertificateBundle
-     */
-    protected $_trustList;
+	/**
+	 * Trust anchors.
+	 *
+	 * @var CertificateBundle
+	 */
+	protected $_trustList;
     
-    /**
-     * Constructor.
-     *
-     * @param CertificateBundle $trust_list List of trust anchors
-     */
-    public function __construct(CertificateBundle $trust_list)
-    {
-        $this->_trustList = $trust_list;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param CertificateBundle $trust_list List of trust anchors
+	 */
+	public function __construct(CertificateBundle $trust_list)
+	{
+		$this->_trustList = $trust_list;
+	}
     
-    /**
-     * Get all certification paths to given target certificate from
-     * any trust anchor.
-     *
-     * @param Certificate $target Target certificate
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @return CertificationPath[]
-     */
-    public function allPathsToTarget(Certificate $target,
-        CertificateBundle $intermediate = null)
-    {
-        $paths = $this->_resolvePathsToTarget($target, $intermediate);
-        // map paths to CertificationPath objects
-        return array_map(
-            function ($certs) {
-                return new CertificationPath(...$certs);
-            }, $paths);
-    }
+	/**
+	 * Get all certification paths to given target certificate from
+	 * any trust anchor.
+	 *
+	 * @param Certificate $target Target certificate
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @return CertificationPath[]
+	 */
+	public function allPathsToTarget(Certificate $target,
+		CertificateBundle $intermediate = null)
+	{
+		$paths = $this->_resolvePathsToTarget($target, $intermediate);
+		// map paths to CertificationPath objects
+		return array_map(
+			function ($certs) {
+				return new CertificationPath(...$certs);
+			}, $paths);
+	}
     
-    /**
-     * Resolve all possible certification paths from any trust anchor to
-     * the target certificate, using optional intermediate certificates.
-     *
-     * Helper method for allPathsToTarget to be called recursively.
-     *
-     * @todo Implement loop detection
-     * @param Certificate $target
-     * @param CertificateBundle $intermediate
-     * @return array[] Array of arrays containing path certificates
-     */
-    private function _resolvePathsToTarget(Certificate $target,
-        CertificateBundle $intermediate = null)
-    {
-        // array of possible paths
-        $paths = array();
-        // signed by certificate in the trust list
-        foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
-            // if target is self-signed, path consists of only
-            // the target certificate
-            if ($target->equals($issuer)) {
-                $paths[] = array($target);
-            } else {
-                $paths[] = array($issuer, $target);
-            }
-        }
-        if (isset($intermediate)) {
-            // signed by intermediate certificate
-            foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
-                // intermediate certificate must not be self-signed
-                if ($issuer->isSelfIssued()) {
-                    continue;
-                }
-                // resolve paths to issuer
-                $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
-                foreach ($subpaths as $path) {
-                    $paths[] = array_merge($path, array($target));
-                }
-            }
-        }
-        return $paths;
-    }
+	/**
+	 * Resolve all possible certification paths from any trust anchor to
+	 * the target certificate, using optional intermediate certificates.
+	 *
+	 * Helper method for allPathsToTarget to be called recursively.
+	 *
+	 * @todo Implement loop detection
+	 * @param Certificate $target
+	 * @param CertificateBundle $intermediate
+	 * @return array[] Array of arrays containing path certificates
+	 */
+	private function _resolvePathsToTarget(Certificate $target,
+		CertificateBundle $intermediate = null)
+	{
+		// array of possible paths
+		$paths = array();
+		// signed by certificate in the trust list
+		foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
+			// if target is self-signed, path consists of only
+			// the target certificate
+			if ($target->equals($issuer)) {
+				$paths[] = array($target);
+			} else {
+				$paths[] = array($issuer, $target);
+			}
+		}
+		if (isset($intermediate)) {
+			// signed by intermediate certificate
+			foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
+				// intermediate certificate must not be self-signed
+				if ($issuer->isSelfIssued()) {
+					continue;
+				}
+				// resolve paths to issuer
+				$subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
+				foreach ($subpaths as $path) {
+					$paths[] = array_merge($path, array($target));
+				}
+			}
+		}
+		return $paths;
+	}
     
-    /**
-     * Get shortest path to given target certificate from any trust anchor.
-     *
-     * @param Certificate $target Target certificate
-     * @param CertificateBundle|null $intermediate Optional intermediate
-     *        certificates
-     * @throws PathBuildingException
-     * @return CertificationPath
-     */
-    public function shortestPathToTarget(Certificate $target,
-        CertificateBundle $intermediate = null)
-    {
-        $paths = $this->allPathsToTarget($target, $intermediate);
-        if (!count($paths)) {
-            throw new PathBuildingException("No certification paths.");
-        }
-        usort($paths,
-            function ($a, $b) {
-                return count($a) < count($b) ? -1 : 1;
-            });
-        return reset($paths);
-    }
+	/**
+	 * Get shortest path to given target certificate from any trust anchor.
+	 *
+	 * @param Certificate $target Target certificate
+	 * @param CertificateBundle|null $intermediate Optional intermediate
+	 *        certificates
+	 * @throws PathBuildingException
+	 * @return CertificationPath
+	 */
+	public function shortestPathToTarget(Certificate $target,
+		CertificateBundle $intermediate = null)
+	{
+		$paths = $this->allPathsToTarget($target, $intermediate);
+		if (!count($paths)) {
+			throw new PathBuildingException("No certification paths.");
+		}
+		usort($paths,
+			function ($a, $b) {
+				return count($a) < count($b) ? -1 : 1;
+			});
+		return reset($paths);
+	}
     
-    /**
-     * Find all issuers of the target certificate from a given bundle.
-     *
-     * @param Certificate $target Target certificate
-     * @param CertificateBundle $bundle Certificates to search
-     * @return Certificate[]
-     */
-    protected function _findIssuers(Certificate $target,
-        CertificateBundle $bundle)
-    {
-        $issuers = array();
-        $issuer_name = $target->tbsCertificate()->issuer();
-        $extensions = $target->tbsCertificate()->extensions();
-        // find by authority key identifier
-        if ($extensions->hasAuthorityKeyIdentifier()) {
-            $ext = $extensions->authorityKeyIdentifier();
-            if ($ext->hasKeyIdentifier()) {
-                foreach ($bundle->allBySubjectKeyIdentifier(
-                    $ext->keyIdentifier()) as $issuer) {
-                    // check that issuer name matches
-                    if ($issuer->tbsCertificate()
-                        ->subject()
-                        ->equals($issuer_name)) {
-                        $issuers[] = $issuer;
-                    }
-                }
-            }
-        }
-        return $issuers;
-    }
+	/**
+	 * Find all issuers of the target certificate from a given bundle.
+	 *
+	 * @param Certificate $target Target certificate
+	 * @param CertificateBundle $bundle Certificates to search
+	 * @return Certificate[]
+	 */
+	protected function _findIssuers(Certificate $target,
+		CertificateBundle $bundle)
+	{
+		$issuers = array();
+		$issuer_name = $target->tbsCertificate()->issuer();
+		$extensions = $target->tbsCertificate()->extensions();
+		// find by authority key identifier
+		if ($extensions->hasAuthorityKeyIdentifier()) {
+			$ext = $extensions->authorityKeyIdentifier();
+			if ($ext->hasKeyIdentifier()) {
+				foreach ($bundle->allBySubjectKeyIdentifier(
+					$ext->keyIdentifier()) as $issuer) {
+					// check that issuer name matches
+					if ($issuer->tbsCertificate()
+						->subject()
+						->equals($issuer_name)) {
+						$issuers[] = $issuer;
+					}
+				}
+			}
+		}
+		return $issuers;
+	}
 }

Please login to merge, or discard this patch.

GitHub Access Token became invalid

Push — master ( ff3a63...584877 )

Status

Category

Indentation +12 added lines, -12 removed lines patch added patch discarded remove patch

Indentation +11 added lines, -11 removed lines patch added patch discarded remove patch

Indentation +196 added lines, -196 removed lines patch added patch discarded remove patch

Indentation +238 added lines, -238 removed lines patch added patch discarded remove patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch

Indentation +553 added lines, -553 removed lines patch added patch discarded remove patch

Indentation +480 added lines, -480 removed lines patch added patch discarded remove patch

Indentation +74 added lines, -74 removed lines patch added patch discarded remove patch

Indentation +128 added lines, -128 removed lines patch added patch discarded remove patch

		@@ -11,17 +11,17 @@
		block discarded – undo
11	11	*/
12	12	class AccessIdentityAttributeValue extends SvceAuthInfo
13	13	{
14		- const OID = "1.3.6.1.5.5.7.10.2";
	14	+ const OID = "1.3.6.1.5.5.7.10.2";
15	15
16		- /**
17		- * Constructor.
18		- *
19		- * @param GeneralName $service
20		- * @param GeneralName $ident
21		- */
22		- public function __construct(GeneralName $service, GeneralName $ident)
23		- {
24		- parent::__construct($service, $ident, null);
25		- $this->_oid = self::OID;
26		- }
	16	+ /**
	17	+ * Constructor.
	18	+ *
	19	+ * @param GeneralName $service
	20	+ * @param GeneralName $ident
	21	+ */
	22	+ public function __construct(GeneralName $service, GeneralName $ident)
	23	+ {
	24	+ parent::__construct($service, $ident, null);
	25	+ $this->_oid = self::OID;
	26	+ }
27	27	}

		@@ -9,16 +9,16 @@
		block discarded – undo
9	9	*/
10	10	class GroupAttributeValue extends IetfAttrSyntax
11	11	{
12		- const OID = "1.3.6.1.5.5.7.10.4";
	12	+ const OID = "1.3.6.1.5.5.7.10.4";
13	13
14		- /**
15		- * Constructor.
16		- *
17		- * @param IetfAttrValue ...$values
18		- */
19		- public function __construct(IetfAttrValue ...$values)
20		- {
21		- parent::__construct(...$values);
22		- $this->_oid = self::OID;
23		- }
	14	+ /**
	15	+ * Constructor.
	16	+ *
	17	+ * @param IetfAttrValue ...$values
	18	+ */
	19	+ public function __construct(IetfAttrValue ...$values)
	20	+ {
	21	+ parent::__construct(...$values);
	22	+ $this->_oid = self::OID;
	23	+ }
24	24	}

		@@ -24,200 +24,200 @@
		block discarded – undo
24	24	*/
25	25	class Attributes implements \Countable, \IteratorAggregate
26	26	{
27		- use AttributeContainer;
28		-
29		- /**
30		- * Mapping from OID to attribute value class name.
31		- *
32		- * @internal
33		- *
34		- * @var array
35		- */
36		- const MAP_OID_TO_CLASS = array(
37		- /* @formatter:off */
38		- AccessIdentityAttributeValue::OID => AccessIdentityAttributeValue::class,
39		- AuthenticationInfoAttributeValue::OID => AuthenticationInfoAttributeValue::class,
40		- ChargingIdentityAttributeValue::OID => ChargingIdentityAttributeValue::class,
41		- GroupAttributeValue::OID => GroupAttributeValue::class,
42		- AttributeType::OID_ROLE => RoleAttributeValue::class
43		- /* @formatter:on */
44		- );
45		-
46		- /**
47		- * Constructor.
48		- *
49		- * @param Attribute ...$attribs
50		- */
51		- public function __construct(Attribute ...$attribs)
52		- {
53		- $this->_attributes = $attribs;
54		- }
55		-
56		- /**
57		- * Initialize from attribute values.
58		- *
59		- * @param AttributeValue ...$values
60		- * @return self
61		- */
62		- public static function fromAttributeValues(AttributeValue ...$values)
63		- {
64		- $attribs = array_map(
65		- function (AttributeValue $value) {
66		- return $value->toAttribute();
67		- }, $values);
68		- return new self(...$attribs);
69		- }
70		-
71		- /**
72		- * Initialize from ASN.1.
73		- *
74		- * @param Sequence $seq
75		- * @return self
76		- */
77		- public static function fromASN1(Sequence $seq)
78		- {
79		- $attribs = array_map(
80		- function (UnspecifiedType $el) {
81		- return Attribute::fromASN1($el->asSequence());
82		- }, $seq->elements());
83		- // cast attributes
84		- $attribs = array_map(
85		- function (Attribute $attr) {
86		- $oid = $attr->oid();
87		- if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
88		- $cls = self::MAP_OID_TO_CLASS[$oid];
89		- $attr = $attr->castValues($cls);
90		- }
91		- return $attr;
92		- }, $attribs);
93		- return new self(...$attribs);
94		- }
95		-
96		- /**
97		- * Check whether 'Access Identity' attribute is present.
98		- *
99		- * @return bool
100		- */
101		- public function hasAccessIdentity()
102		- {
103		- return $this->has(AccessIdentityAttributeValue::OID);
104		- }
105		-
106		- /**
107		- * Get the first 'Access Identity' attribute value.
108		- *
109		- * @return AccessIdentityAttributeValue
110		- */
111		- public function accessIdentity()
112		- {
113		- return $this->firstOf(AccessIdentityAttributeValue::OID)->first();
114		- }
115		-
116		- /**
117		- * Check whether 'Service Authentication Information' attribute is present.
118		- *
119		- * @return bool
120		- */
121		- public function hasAuthenticationInformation()
122		- {
123		- return $this->has(AuthenticationInfoAttributeValue::OID);
124		- }
125		-
126		- /**
127		- * Get the first 'Service Authentication Information' attribute value.
128		- *
129		- * @return AuthenticationInfoAttributeValue
130		- */
131		- public function authenticationInformation()
132		- {
133		- return $this->firstOf(AuthenticationInfoAttributeValue::OID)->first();
134		- }
135		-
136		- /**
137		- * Check whether 'Charging Identity' attribute is present.
138		- *
139		- * @return bool
140		- */
141		- public function hasChargingIdentity()
142		- {
143		- return $this->has(ChargingIdentityAttributeValue::OID);
144		- }
145		-
146		- /**
147		- * Get the first 'Charging Identity' attribute value.
148		- *
149		- * @return ChargingIdentityAttributeValue
150		- */
151		- public function chargingIdentity()
152		- {
153		- return $this->firstOf(ChargingIdentityAttributeValue::OID)->first();
154		- }
155		-
156		- /**
157		- * Check whether 'Group' attribute is present.
158		- *
159		- * @return bool
160		- */
161		- public function hasGroup()
162		- {
163		- return $this->has(GroupAttributeValue::OID);
164		- }
165		-
166		- /**
167		- * Get the first 'Group' attribute value.
168		- *
169		- * @return GroupAttributeValue
170		- */
171		- public function group()
172		- {
173		- return $this->firstOf(GroupAttributeValue::OID)->first();
174		- }
175		-
176		- /**
177		- * Check whether 'Role' attribute is present.
178		- *
179		- * @return bool
180		- */
181		- public function hasRole()
182		- {
183		- return $this->has(AttributeType::OID_ROLE);
184		- }
185		-
186		- /**
187		- * Get the first 'Role' attribute value.
188		- *
189		- * @return RoleAttributeValue
190		- */
191		- public function role()
192		- {
193		- return $this->firstOf(AttributeType::OID_ROLE)->first();
194		- }
195		-
196		- /**
197		- * Get all 'Role' attribute values.
198		- *
199		- * @return RoleAttributeValue[]
200		- */
201		- public function roles()
202		- {
203		- return array_merge(array(),
204		- ...array_map(
205		- function (Attribute $attr) {
206		- return $attr->values();
207		- }, $this->allOf(AttributeType::OID_ROLE)));
208		- }
209		-
210		- /**
211		- * Generate ASN.1 structure.
212		- *
213		- * @return Sequence
214		- */
215		- public function toASN1()
216		- {
217		- $elements = array_map(
218		- function (Attribute $attr) {
219		- return $attr->toASN1();
220		- }, array_values($this->_attributes));
221		- return new Sequence(...$elements);
222		- }
	27	+ use AttributeContainer;
	28	+
	29	+ /**
	30	+ * Mapping from OID to attribute value class name.
	31	+ *
	32	+ * @internal
	33	+ *
	34	+ * @var array
	35	+ */
	36	+ const MAP_OID_TO_CLASS = array(
	37	+ /* @formatter:off */
	38	+ AccessIdentityAttributeValue::OID => AccessIdentityAttributeValue::class,
	39	+ AuthenticationInfoAttributeValue::OID => AuthenticationInfoAttributeValue::class,
	40	+ ChargingIdentityAttributeValue::OID => ChargingIdentityAttributeValue::class,
	41	+ GroupAttributeValue::OID => GroupAttributeValue::class,
	42	+ AttributeType::OID_ROLE => RoleAttributeValue::class
	43	+ /* @formatter:on */
	44	+ );
	45	+
	46	+ /**
	47	+ * Constructor.
	48	+ *
	49	+ * @param Attribute ...$attribs
	50	+ */
	51	+ public function __construct(Attribute ...$attribs)
	52	+ {
	53	+ $this->_attributes = $attribs;
	54	+ }
	55	+
	56	+ /**
	57	+ * Initialize from attribute values.
	58	+ *
	59	+ * @param AttributeValue ...$values
	60	+ * @return self
	61	+ */
	62	+ public static function fromAttributeValues(AttributeValue ...$values)
	63	+ {
	64	+ $attribs = array_map(
	65	+ function (AttributeValue $value) {
	66	+ return $value->toAttribute();
	67	+ }, $values);
	68	+ return new self(...$attribs);
	69	+ }
	70	+
	71	+ /**
	72	+ * Initialize from ASN.1.
	73	+ *
	74	+ * @param Sequence $seq
	75	+ * @return self
	76	+ */
	77	+ public static function fromASN1(Sequence $seq)
	78	+ {
	79	+ $attribs = array_map(
	80	+ function (UnspecifiedType $el) {
	81	+ return Attribute::fromASN1($el->asSequence());
	82	+ }, $seq->elements());
	83	+ // cast attributes
	84	+ $attribs = array_map(
	85	+ function (Attribute $attr) {
	86	+ $oid = $attr->oid();
	87	+ if (array_key_exists($oid, self::MAP_OID_TO_CLASS)) {
	88	+ $cls = self::MAP_OID_TO_CLASS[$oid];
	89	+ $attr = $attr->castValues($cls);
	90	+ }
	91	+ return $attr;
	92	+ }, $attribs);
	93	+ return new self(...$attribs);
	94	+ }
	95	+
	96	+ /**
	97	+ * Check whether 'Access Identity' attribute is present.
	98	+ *
	99	+ * @return bool
	100	+ */
	101	+ public function hasAccessIdentity()
	102	+ {
	103	+ return $this->has(AccessIdentityAttributeValue::OID);
	104	+ }
	105	+
	106	+ /**
	107	+ * Get the first 'Access Identity' attribute value.
	108	+ *
	109	+ * @return AccessIdentityAttributeValue
	110	+ */
	111	+ public function accessIdentity()
	112	+ {
	113	+ return $this->firstOf(AccessIdentityAttributeValue::OID)->first();
	114	+ }
	115	+
	116	+ /**
	117	+ * Check whether 'Service Authentication Information' attribute is present.
	118	+ *
	119	+ * @return bool
	120	+ */
	121	+ public function hasAuthenticationInformation()
	122	+ {
	123	+ return $this->has(AuthenticationInfoAttributeValue::OID);
	124	+ }
	125	+
	126	+ /**
	127	+ * Get the first 'Service Authentication Information' attribute value.
	128	+ *
	129	+ * @return AuthenticationInfoAttributeValue
	130	+ */
	131	+ public function authenticationInformation()
	132	+ {
	133	+ return $this->firstOf(AuthenticationInfoAttributeValue::OID)->first();
	134	+ }
	135	+
	136	+ /**
	137	+ * Check whether 'Charging Identity' attribute is present.
	138	+ *
	139	+ * @return bool
	140	+ */
	141	+ public function hasChargingIdentity()
	142	+ {
	143	+ return $this->has(ChargingIdentityAttributeValue::OID);
	144	+ }
	145	+
	146	+ /**
	147	+ * Get the first 'Charging Identity' attribute value.
	148	+ *
	149	+ * @return ChargingIdentityAttributeValue
	150	+ */
	151	+ public function chargingIdentity()
	152	+ {
	153	+ return $this->firstOf(ChargingIdentityAttributeValue::OID)->first();
	154	+ }
	155	+
	156	+ /**
	157	+ * Check whether 'Group' attribute is present.
	158	+ *
	159	+ * @return bool
	160	+ */
	161	+ public function hasGroup()
	162	+ {
	163	+ return $this->has(GroupAttributeValue::OID);
	164	+ }
	165	+
	166	+ /**
	167	+ * Get the first 'Group' attribute value.
	168	+ *
	169	+ * @return GroupAttributeValue
	170	+ */
	171	+ public function group()
	172	+ {
	173	+ return $this->firstOf(GroupAttributeValue::OID)->first();
	174	+ }
	175	+
	176	+ /**
	177	+ * Check whether 'Role' attribute is present.
	178	+ *
	179	+ * @return bool
	180	+ */
	181	+ public function hasRole()
	182	+ {
	183	+ return $this->has(AttributeType::OID_ROLE);
	184	+ }
	185	+
	186	+ /**
	187	+ * Get the first 'Role' attribute value.
	188	+ *
	189	+ * @return RoleAttributeValue
	190	+ */
	191	+ public function role()
	192	+ {
	193	+ return $this->firstOf(AttributeType::OID_ROLE)->first();
	194	+ }
	195	+
	196	+ /**
	197	+ * Get all 'Role' attribute values.
	198	+ *
	199	+ * @return RoleAttributeValue[]
	200	+ */
	201	+ public function roles()
	202	+ {
	203	+ return array_merge(array(),
	204	+ ...array_map(
	205	+ function (Attribute $attr) {
	206	+ return $attr->values();
	207	+ }, $this->allOf(AttributeType::OID_ROLE)));
	208	+ }
	209	+
	210	+ /**
	211	+ * Generate ASN.1 structure.
	212	+ *
	213	+ * @return Sequence
	214	+ */
	215	+ public function toASN1()
	216	+ {
	217	+ $elements = array_map(
	218	+ function (Attribute $attr) {
	219	+ return $attr->toASN1();
	220	+ }, array_values($this->_attributes));
	221	+ return new Sequence(...$elements);
	222	+ }
223	223	}

		@@ -11,265 +11,265 @@
		block discarded – undo
11	11	*/
12	12	class PolicyNode implements \IteratorAggregate, \Countable
13	13	{
14		- /**
15		- * Policy OID.
16		- *
17		- * @var string
18		- */
19		- protected $_validPolicy;
	14	+ /**
	15	+ * Policy OID.
	16	+ *
	17	+ * @var string
	18	+ */
	19	+ protected $_validPolicy;
20	20
21		- /**
22		- * List of qualifiers.
23		- *
24		- * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
25		- */
26		- protected $_qualifiers;
	21	+ /**
	22	+ * List of qualifiers.
	23	+ *
	24	+ * @var \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
	25	+ */
	26	+ protected $_qualifiers;
27	27
28		- /**
29		- * List of expected policy OIDs.
30		- *
31		- * @var string[]
32		- */
33		- protected $_expectedPolicies;
	28	+ /**
	29	+ * List of expected policy OIDs.
	30	+ *
	31	+ * @var string[]
	32	+ */
	33	+ protected $_expectedPolicies;
34	34
35		- /**
36		- * List of child nodes.
37		- *
38		- * @var PolicyNode[]
39		- */
40		- protected $_children;
	35	+ /**
	36	+ * List of child nodes.
	37	+ *
	38	+ * @var PolicyNode[]
	39	+ */
	40	+ protected $_children;
41	41
42		- /**
43		- * Reference to the parent node.
44		- *
45		- * @var PolicyNode\|null
46		- */
47		- protected $_parent;
	42	+ /**
	43	+ * Reference to the parent node.
	44	+ *
	45	+ * @var PolicyNode\|null
	46	+ */
	47	+ protected $_parent;
48	48
49		- /**
50		- * Constructor.
51		- *
52		- * @param string $valid_policy Policy OID
53		- * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
54		- * @param string[] $expected_policies
55		- */
56		- public function __construct($valid_policy, array $qualifiers,
57		- array $expected_policies)
58		- {
59		- $this->_validPolicy = $valid_policy;
60		- $this->_qualifiers = $qualifiers;
61		- $this->_expectedPolicies = $expected_policies;
62		- $this->_children = array();
63		- }
	49	+ /**
	50	+ * Constructor.
	51	+ *
	52	+ * @param string $valid_policy Policy OID
	53	+ * @param \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[] $qualifiers
	54	+ * @param string[] $expected_policies
	55	+ */
	56	+ public function __construct($valid_policy, array $qualifiers,
	57	+ array $expected_policies)
	58	+ {
	59	+ $this->_validPolicy = $valid_policy;
	60	+ $this->_qualifiers = $qualifiers;
	61	+ $this->_expectedPolicies = $expected_policies;
	62	+ $this->_children = array();
	63	+ }
64	64
65		- /**
66		- * Create initial node for the policy tree.
67		- *
68		- * @return self
69		- */
70		- public static function anyPolicyNode()
71		- {
72		- return new self(PolicyInformation::OID_ANY_POLICY, array(),
73		- array(PolicyInformation::OID_ANY_POLICY));
74		- }
	65	+ /**
	66	+ * Create initial node for the policy tree.
	67	+ *
	68	+ * @return self
	69	+ */
	70	+ public static function anyPolicyNode()
	71	+ {
	72	+ return new self(PolicyInformation::OID_ANY_POLICY, array(),
	73	+ array(PolicyInformation::OID_ANY_POLICY));
	74	+ }
75	75
76		- /**
77		- * Get the valid policy OID.
78		- *
79		- * @return string
80		- */
81		- public function validPolicy()
82		- {
83		- return $this->_validPolicy;
84		- }
	76	+ /**
	77	+ * Get the valid policy OID.
	78	+ *
	79	+ * @return string
	80	+ */
	81	+ public function validPolicy()
	82	+ {
	83	+ return $this->_validPolicy;
	84	+ }
85	85
86		- /**
87		- * Check whether node has anyPolicy as a valid policy.
88		- *
89		- * @return boolean
90		- */
91		- public function isAnyPolicy()
92		- {
93		- return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
94		- }
	86	+ /**
	87	+ * Check whether node has anyPolicy as a valid policy.
	88	+ *
	89	+ * @return boolean
	90	+ */
	91	+ public function isAnyPolicy()
	92	+ {
	93	+ return PolicyInformation::OID_ANY_POLICY == $this->_validPolicy;
	94	+ }
95	95
96		- /**
97		- * Get the qualifier set.
98		- *
99		- * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
100		- */
101		- public function qualifiers()
102		- {
103		- return $this->_qualifiers;
104		- }
	96	+ /**
	97	+ * Get the qualifier set.
	98	+ *
	99	+ * @return \X509\Certificate\Extension\CertificatePolicy\PolicyQualifierInfo[]
	100	+ */
	101	+ public function qualifiers()
	102	+ {
	103	+ return $this->_qualifiers;
	104	+ }
105	105
106		- /**
107		- * Check whether node has OID as an expected policy.
108		- *
109		- * @param string $oid
110		- * @return boolean
111		- */
112		- public function hasExpectedPolicy($oid)
113		- {
114		- return in_array($oid, $this->_expectedPolicies);
115		- }
	106	+ /**
	107	+ * Check whether node has OID as an expected policy.
	108	+ *
	109	+ * @param string $oid
	110	+ * @return boolean
	111	+ */
	112	+ public function hasExpectedPolicy($oid)
	113	+ {
	114	+ return in_array($oid, $this->_expectedPolicies);
	115	+ }
116	116
117		- /**
118		- * Get the expected policy set.
119		- *
120		- * @return string[]
121		- */
122		- public function expectedPolicies()
123		- {
124		- return $this->_expectedPolicies;
125		- }
	117	+ /**
	118	+ * Get the expected policy set.
	119	+ *
	120	+ * @return string[]
	121	+ */
	122	+ public function expectedPolicies()
	123	+ {
	124	+ return $this->_expectedPolicies;
	125	+ }
126	126
127		- /**
128		- * Set expected policies.
129		- *
130		- * @param string ...$oids Policy OIDs
131		- */
132		- public function setExpectedPolicies(...$oids)
133		- {
134		- $this->_expectedPolicies = $oids;
135		- }
	127	+ /**
	128	+ * Set expected policies.
	129	+ *
	130	+ * @param string ...$oids Policy OIDs
	131	+ */
	132	+ public function setExpectedPolicies(...$oids)
	133	+ {
	134	+ $this->_expectedPolicies = $oids;
	135	+ }
136	136
137		- /**
138		- * Check whether node has a child node with given valid policy OID.
139		- *
140		- * @param string $oid
141		- * @return boolean
142		- */
143		- public function hasChildWithValidPolicy($oid)
144		- {
145		- foreach ($this->_children as $node) {
146		- if ($node->validPolicy() == $oid) {
147		- return true;
148		- }
149		- }
150		- return false;
151		- }
	137	+ /**
	138	+ * Check whether node has a child node with given valid policy OID.
	139	+ *
	140	+ * @param string $oid
	141	+ * @return boolean
	142	+ */
	143	+ public function hasChildWithValidPolicy($oid)
	144	+ {
	145	+ foreach ($this->_children as $node) {
	146	+ if ($node->validPolicy() == $oid) {
	147	+ return true;
	148	+ }
	149	+ }
	150	+ return false;
	151	+ }
152	152
153		- /**
154		- * Add child node.
155		- *
156		- * @param PolicyNode $node
157		- * @return self
158		- */
159		- public function addChild(PolicyNode $node)
160		- {
161		- $id = spl_object_hash($node);
162		- $node->_parent = $this;
163		- $this->_children[$id] = $node;
164		- return $this;
165		- }
	153	+ /**
	154	+ * Add child node.
	155	+ *
	156	+ * @param PolicyNode $node
	157	+ * @return self
	158	+ */
	159	+ public function addChild(PolicyNode $node)
	160	+ {
	161	+ $id = spl_object_hash($node);
	162	+ $node->_parent = $this;
	163	+ $this->_children[$id] = $node;
	164	+ return $this;
	165	+ }
166	166
167		- /**
168		- * Get the child nodes.
169		- *
170		- * @return PolicyNode[]
171		- */
172		- public function children()
173		- {
174		- return array_values($this->_children);
175		- }
	167	+ /**
	168	+ * Get the child nodes.
	169	+ *
	170	+ * @return PolicyNode[]
	171	+ */
	172	+ public function children()
	173	+ {
	174	+ return array_values($this->_children);
	175	+ }
176	176
177		- /**
178		- * Remove this node from the tree.
179		- *
180		- * @return self The removed node
181		- */
182		- public function remove()
183		- {
184		- if ($this->_parent) {
185		- $id = spl_object_hash($this);
186		- unset($this->_parent->_children[$id]);
187		- unset($this->_parent);
188		- }
189		- return $this;
190		- }
	177	+ /**
	178	+ * Remove this node from the tree.
	179	+ *
	180	+ * @return self The removed node
	181	+ */
	182	+ public function remove()
	183	+ {
	184	+ if ($this->_parent) {
	185	+ $id = spl_object_hash($this);
	186	+ unset($this->_parent->_children[$id]);
	187	+ unset($this->_parent);
	188	+ }
	189	+ return $this;
	190	+ }
191	191
192		- /**
193		- * Check whether node has a parent.
194		- *
195		- * @return bool
196		- */
197		- public function hasParent()
198		- {
199		- return isset($this->_parent);
200		- }
	192	+ /**
	193	+ * Check whether node has a parent.
	194	+ *
	195	+ * @return bool
	196	+ */
	197	+ public function hasParent()
	198	+ {
	199	+ return isset($this->_parent);
	200	+ }
201	201
202		- /**
203		- * Get the parent node.
204		- *
205		- * @return PolicyNode\|null
206		- */
207		- public function parent()
208		- {
209		- return $this->_parent;
210		- }
	202	+ /**
	203	+ * Get the parent node.
	204	+ *
	205	+ * @return PolicyNode\|null
	206	+ */
	207	+ public function parent()
	208	+ {
	209	+ return $this->_parent;
	210	+ }
211	211
212		- /**
213		- * Get chain of parent nodes from this node's parent to the root node.
214		- *
215		- * @return PolicyNode[]
216		- */
217		- public function parents()
218		- {
219		- if (!$this->_parent) {
220		- return array();
221		- }
222		- $nodes = $this->_parent->parents();
223		- $nodes[] = $this->_parent;
224		- return array_reverse($nodes);
225		- }
	212	+ /**
	213	+ * Get chain of parent nodes from this node's parent to the root node.
	214	+ *
	215	+ * @return PolicyNode[]
	216	+ */
	217	+ public function parents()
	218	+ {
	219	+ if (!$this->_parent) {
	220	+ return array();
	221	+ }
	222	+ $nodes = $this->_parent->parents();
	223	+ $nodes[] = $this->_parent;
	224	+ return array_reverse($nodes);
	225	+ }
226	226
227		- /**
228		- * Walk tree from this node, applying a callback for each node.
229		- *
230		- * Nodes are traversed depth-first and callback shall be applied post-order.
231		- *
232		- * @param callable $fn
233		- */
234		- public function walkNodes(callable $fn)
235		- {
236		- foreach ($this->_children as $node) {
237		- $node->walkNodes($fn);
238		- }
239		- $fn($this);
240		- }
	227	+ /**
	228	+ * Walk tree from this node, applying a callback for each node.
	229	+ *
	230	+ * Nodes are traversed depth-first and callback shall be applied post-order.
	231	+ *
	232	+ * @param callable $fn
	233	+ */
	234	+ public function walkNodes(callable $fn)
	235	+ {
	236	+ foreach ($this->_children as $node) {
	237	+ $node->walkNodes($fn);
	238	+ }
	239	+ $fn($this);
	240	+ }
241	241
242		- /**
243		- * Get the total number of nodes in a tree.
244		- *
245		- * @return int
246		- */
247		- public function nodeCount()
248		- {
249		- $c = 1;
250		- foreach ($this->_children as $child) {
251		- $c += $child->nodeCount();
252		- }
253		- return $c;
254		- }
	242	+ /**
	243	+ * Get the total number of nodes in a tree.
	244	+ *
	245	+ * @return int
	246	+ */
	247	+ public function nodeCount()
	248	+ {
	249	+ $c = 1;
	250	+ foreach ($this->_children as $child) {
	251	+ $c += $child->nodeCount();
	252	+ }
	253	+ return $c;
	254	+ }
255	255
256		- /**
257		- * Get the number of child nodes.
258		- *
259		- * @see \Countable::count()
260		- */
261		- public function count()
262		- {
263		- return count($this->_children);
264		- }
	256	+ /**
	257	+ * Get the number of child nodes.
	258	+ *
	259	+ * @see \Countable::count()
	260	+ */
	261	+ public function count()
	262	+ {
	263	+ return count($this->_children);
	264	+ }
265	265
266		- /**
267		- * Get iterator for the child nodes.
268		- *
269		- * @see \IteratorAggregate::getIterator()
270		- */
271		- public function getIterator()
272		- {
273		- return new \ArrayIterator($this->_children);
274		- }
	266	+ /**
	267	+ * Get iterator for the child nodes.
	268	+ *
	269	+ * @see \IteratorAggregate::getIterator()
	270	+ */
	271	+ public function getIterator()
	272	+ {
	273	+ return new \ArrayIterator($this->_children);
	274	+ }
275	275	}

		@@ -21,171 +21,171 @@
		block discarded – undo
21	21	*/
22	22	class CertificationPath implements \Countable, \IteratorAggregate
23	23	{
24		- /**
25		- * Certification path.
26		- *
27		- * @var Certificate[] $_certificates
28		- */
29		- protected $_certificates;
	24	+ /**
	25	+ * Certification path.
	26	+ *
	27	+ * @var Certificate[] $_certificates
	28	+ */
	29	+ protected $_certificates;
30	30
31		- /**
32		- * Constructor.
33		- *
34		- * @param Certificate ...$certificates Certificates from the trust anchor
35		- * to the target end-entity certificate
36		- */
37		- public function __construct(Certificate ...$certificates)
38		- {
39		- $this->_certificates = $certificates;
40		- }
	31	+ /**
	32	+ * Constructor.
	33	+ *
	34	+ * @param Certificate ...$certificates Certificates from the trust anchor
	35	+ * to the target end-entity certificate
	36	+ */
	37	+ public function __construct(Certificate ...$certificates)
	38	+ {
	39	+ $this->_certificates = $certificates;
	40	+ }
41	41
42		- /**
43		- * Initialize from a certificate chain.
44		- *
45		- * @param CertificateChain $chain
46		- * @return self
47		- */
48		- public static function fromCertificateChain(CertificateChain $chain)
49		- {
50		- return new self(...array_reverse($chain->certificates(), false));
51		- }
	42	+ /**
	43	+ * Initialize from a certificate chain.
	44	+ *
	45	+ * @param CertificateChain $chain
	46	+ * @return self
	47	+ */
	48	+ public static function fromCertificateChain(CertificateChain $chain)
	49	+ {
	50	+ return new self(...array_reverse($chain->certificates(), false));
	51	+ }
52	52
53		- /**
54		- * Build certification path to given target.
55		- *
56		- * @param Certificate $target Target end-entity certificate
57		- * @param CertificateBundle $trust_anchors List of trust anchors
58		- * @param CertificateBundle\|null $intermediate Optional intermediate
59		- * certificates
60		- * @return self
61		- */
62		- public static function toTarget(Certificate $target,
63		- CertificateBundle $trust_anchors, CertificateBundle $intermediate = null)
64		- {
65		- $builder = new CertificationPathBuilder($trust_anchors);
66		- return $builder->shortestPathToTarget($target, $intermediate);
67		- }
	53	+ /**
	54	+ * Build certification path to given target.
	55	+ *
	56	+ * @param Certificate $target Target end-entity certificate
	57	+ * @param CertificateBundle $trust_anchors List of trust anchors
	58	+ * @param CertificateBundle\|null $intermediate Optional intermediate
	59	+ * certificates
	60	+ * @return self
	61	+ */
	62	+ public static function toTarget(Certificate $target,
	63	+ CertificateBundle $trust_anchors, CertificateBundle $intermediate = null)
	64	+ {
	65	+ $builder = new CertificationPathBuilder($trust_anchors);
	66	+ return $builder->shortestPathToTarget($target, $intermediate);
	67	+ }
68	68
69		- /**
70		- * Build certification path from given trust anchor to target certificate,
71		- * using intermediate certificates from given bundle.
72		- *
73		- * @param Certificate $trust_anchor Trust anchor certificate
74		- * @param Certificate $target Target end-entity certificate
75		- * @param CertificateBundle\|null $intermediate Optional intermediate
76		- * certificates
77		- * @return self
78		- */
79		- public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
80		- Certificate $target, CertificateBundle $intermediate = null)
81		- {
82		- return self::toTarget($target, new CertificateBundle($trust_anchor),
83		- $intermediate);
84		- }
	69	+ /**
	70	+ * Build certification path from given trust anchor to target certificate,
	71	+ * using intermediate certificates from given bundle.
	72	+ *
	73	+ * @param Certificate $trust_anchor Trust anchor certificate
	74	+ * @param Certificate $target Target end-entity certificate
	75	+ * @param CertificateBundle\|null $intermediate Optional intermediate
	76	+ * certificates
	77	+ * @return self
	78	+ */
	79	+ public static function fromTrustAnchorToTarget(Certificate $trust_anchor,
	80	+ Certificate $target, CertificateBundle $intermediate = null)
	81	+ {
	82	+ return self::toTarget($target, new CertificateBundle($trust_anchor),
	83	+ $intermediate);
	84	+ }
85	85
86		- /**
87		- * Get certificates.
88		- *
89		- * @return Certificate[]
90		- */
91		- public function certificates()
92		- {
93		- return $this->_certificates;
94		- }
	86	+ /**
	87	+ * Get certificates.
	88	+ *
	89	+ * @return Certificate[]
	90	+ */
	91	+ public function certificates()
	92	+ {
	93	+ return $this->_certificates;
	94	+ }
95	95
96		- /**
97		- * Get the trust anchor certificate from the path.
98		- *
99		- * @throws \LogicException If path is empty
100		- * @return Certificate
101		- */
102		- public function trustAnchorCertificate()
103		- {
104		- if (!count($this->_certificates)) {
105		- throw new \LogicException("No certificates.");
106		- }
107		- return $this->_certificates[0];
108		- }
	96	+ /**
	97	+ * Get the trust anchor certificate from the path.
	98	+ *
	99	+ * @throws \LogicException If path is empty
	100	+ * @return Certificate
	101	+ */
	102	+ public function trustAnchorCertificate()
	103	+ {
	104	+ if (!count($this->_certificates)) {
	105	+ throw new \LogicException("No certificates.");
	106	+ }
	107	+ return $this->_certificates[0];
	108	+ }
109	109
110		- /**
111		- * Get the end-entity certificate from the path.
112		- *
113		- * @throws \LogicException If path is empty
114		- * @return Certificate
115		- */
116		- public function endEntityCertificate()
117		- {
118		- if (!count($this->_certificates)) {
119		- throw new \LogicException("No certificates.");
120		- }
121		- return $this->_certificates[count($this->_certificates) - 1];
122		- }
	110	+ /**
	111	+ * Get the end-entity certificate from the path.
	112	+ *
	113	+ * @throws \LogicException If path is empty
	114	+ * @return Certificate
	115	+ */
	116	+ public function endEntityCertificate()
	117	+ {
	118	+ if (!count($this->_certificates)) {
	119	+ throw new \LogicException("No certificates.");
	120	+ }
	121	+ return $this->_certificates[count($this->_certificates) - 1];
	122	+ }
123	123
124		- /**
125		- * Get certification path as a certificate chain.
126		- *
127		- * @return CertificateChain
128		- */
129		- public function certificateChain()
130		- {
131		- return new CertificateChain(
132		- ...array_reverse($this->_certificates, false));
133		- }
	124	+ /**
	125	+ * Get certification path as a certificate chain.
	126	+ *
	127	+ * @return CertificateChain
	128	+ */
	129	+ public function certificateChain()
	130	+ {
	131	+ return new CertificateChain(
	132	+ ...array_reverse($this->_certificates, false));
	133	+ }
134	134
135		- /**
136		- * Check whether certification path starts with one ore more given
137		- * certificates in parameter order.
138		- *
139		- * @param Certificate ...$certs Certificates
140		- * @return true
141		- */
142		- public function startsWith(Certificate ...$certs)
143		- {
144		- $n = count($certs);
145		- if ($n > count($this->_certificates)) {
146		- return false;
147		- }
148		- for ($i = 0; $i < $n; ++$i) {
149		- if (!$certs[$i]->equals($this->_certificates[$i])) {
150		- return false;
151		- }
152		- }
153		- return true;
154		- }
	135	+ /**
	136	+ * Check whether certification path starts with one ore more given
	137	+ * certificates in parameter order.
	138	+ *
	139	+ * @param Certificate ...$certs Certificates
	140	+ * @return true
	141	+ */
	142	+ public function startsWith(Certificate ...$certs)
	143	+ {
	144	+ $n = count($certs);
	145	+ if ($n > count($this->_certificates)) {
	146	+ return false;
	147	+ }
	148	+ for ($i = 0; $i < $n; ++$i) {
	149	+ if (!$certs[$i]->equals($this->_certificates[$i])) {
	150	+ return false;
	151	+ }
	152	+ }
	153	+ return true;
	154	+ }
155	155
156		- /**
157		- * Validate certification path.
158		- *
159		- * @param PathValidationConfig $config
160		- * @param Crypto\|null $crypto Crypto engine, use default if not set
161		- * @throws Exception\PathValidationException
162		- * @return PathValidation\PathValidationResult
163		- */
164		- public function validate(PathValidationConfig $config, Crypto $crypto = null)
165		- {
166		- $crypto = $crypto ?: Crypto::getDefault();
167		- $validator = new PathValidator($crypto, $config, ...$this->_certificates);
168		- return $validator->validate();
169		- }
	156	+ /**
	157	+ * Validate certification path.
	158	+ *
	159	+ * @param PathValidationConfig $config
	160	+ * @param Crypto\|null $crypto Crypto engine, use default if not set
	161	+ * @throws Exception\PathValidationException
	162	+ * @return PathValidation\PathValidationResult
	163	+ */
	164	+ public function validate(PathValidationConfig $config, Crypto $crypto = null)
	165	+ {
	166	+ $crypto = $crypto ?: Crypto::getDefault();
	167	+ $validator = new PathValidator($crypto, $config, ...$this->_certificates);
	168	+ return $validator->validate();
	169	+ }
170	170
171		- /**
172		- *
173		- * @see \Countable::count()
174		- * @return int
175		- */
176		- public function count()
177		- {
178		- return count($this->_certificates);
179		- }
	171	+ /**
	172	+ *
	173	+ * @see \Countable::count()
	174	+ * @return int
	175	+ */
	176	+ public function count()
	177	+ {
	178	+ return count($this->_certificates);
	179	+ }
180	180
181		- /**
182		- * Get iterator for certificates.
183		- *
184		- * @see \IteratorAggregate::getIterator()
185		- * @return \ArrayIterator
186		- */
187		- public function getIterator()
188		- {
189		- return new \ArrayIterator($this->_certificates);
190		- }
	181	+ /**
	182	+ * Get iterator for certificates.
	183	+ *
	184	+ * @see \IteratorAggregate::getIterator()
	185	+ * @return \ArrayIterator
	186	+ */
	187	+ public function getIterator()
	188	+ {
	189	+ return new \ArrayIterator($this->_certificates);
	190	+ }
191	191	}

		@@ -13,85 +13,85 @@
		block discarded – undo
13	13	*/
14	14	class PathValidationResult
15	15	{
16		- /**
17		- * Certificates in a certification path.
18		- *
19		- * @var \X509\Certificate\Certificate[] $_certificates
20		- */
21		- protected $_certificates;
	16	+ /**
	17	+ * Certificates in a certification path.
	18	+ *
	19	+ * @var \X509\Certificate\Certificate[] $_certificates
	20	+ */
	21	+ protected $_certificates;
22	22
23		- /**
24		- * Valid policy tree.
25		- *
26		- * @var \X509\CertificationPath\Policy\PolicyTree\|null $_policyTree
27		- */
28		- protected $_policyTree;
	23	+ /**
	24	+ * Valid policy tree.
	25	+ *
	26	+ * @var \X509\CertificationPath\Policy\PolicyTree\|null $_policyTree
	27	+ */
	28	+ protected $_policyTree;
29	29
30		- /**
31		- * End-entity certificate's public key.
32		- *
33		- * @var PublicKeyInfo
34		- */
35		- protected $_publicKeyInfo;
	30	+ /**
	31	+ * End-entity certificate's public key.
	32	+ *
	33	+ * @var PublicKeyInfo
	34	+ */
	35	+ protected $_publicKeyInfo;
36	36
37		- /**
38		- * Public key algorithm.
39		- *
40		- * @var AlgorithmIdentifierType
41		- */
42		- protected $_publicKeyAlgo;
	37	+ /**
	38	+ * Public key algorithm.
	39	+ *
	40	+ * @var AlgorithmIdentifierType
	41	+ */
	42	+ protected $_publicKeyAlgo;
43	43
44		- /**
45		- * Public key parameters.
46		- *
47		- * @var Element\|null $_publicKeyParameters
48		- */
49		- protected $_publicKeyParameters;
	44	+ /**
	45	+ * Public key parameters.
	46	+ *
	47	+ * @var Element\|null $_publicKeyParameters
	48	+ */
	49	+ protected $_publicKeyParameters;
50	50
51		- /**
52		- * Constructor.
53		- *
54		- * @param \X509\Certificate\Certificate[] $certificates Certificates in a
55		- * certification path
56		- * @param \X509\CertificationPath\Policy\PolicyTree\|null $policy_tree Valid
57		- * policy tree
58		- * @param PublicKeyInfo $pubkey_info Public key of the end-entity
59		- * certificate
60		- * @param AlgorithmIdentifierType $algo Public key algorithm of the
61		- * end-entity certificate
62		- * @param Element\|null $params Algorithm parameters
63		- */
64		- public function __construct(array $certificates, $policy_tree,
65		- PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
66		- Element $params = null)
67		- {
68		- $this->_certificates = array_values($certificates);
69		- $this->_policyTree = $policy_tree;
70		- $this->_publicKeyInfo = $pubkey_info;
71		- $this->_publicKeyAlgo = $algo;
72		- $this->_publicKeyParameters = $params;
73		- }
	51	+ /**
	52	+ * Constructor.
	53	+ *
	54	+ * @param \X509\Certificate\Certificate[] $certificates Certificates in a
	55	+ * certification path
	56	+ * @param \X509\CertificationPath\Policy\PolicyTree\|null $policy_tree Valid
	57	+ * policy tree
	58	+ * @param PublicKeyInfo $pubkey_info Public key of the end-entity
	59	+ * certificate
	60	+ * @param AlgorithmIdentifierType $algo Public key algorithm of the
	61	+ * end-entity certificate
	62	+ * @param Element\|null $params Algorithm parameters
	63	+ */
	64	+ public function __construct(array $certificates, $policy_tree,
	65	+ PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo,
	66	+ Element $params = null)
	67	+ {
	68	+ $this->_certificates = array_values($certificates);
	69	+ $this->_policyTree = $policy_tree;
	70	+ $this->_publicKeyInfo = $pubkey_info;
	71	+ $this->_publicKeyAlgo = $algo;
	72	+ $this->_publicKeyParameters = $params;
	73	+ }
74	74
75		- /**
76		- * Get end-entity certificate.
77		- *
78		- * @return \X509\Certificate\Certificate
79		- */
80		- public function certificate()
81		- {
82		- return $this->_certificates[count($this->_certificates) - 1];
83		- }
	75	+ /**
	76	+ * Get end-entity certificate.
	77	+ *
	78	+ * @return \X509\Certificate\Certificate
	79	+ */
	80	+ public function certificate()
	81	+ {
	82	+ return $this->_certificates[count($this->_certificates) - 1];
	83	+ }
84	84
85		- /**
86		- * Get certificate policies of the end-entity certificate.
87		- *
88		- * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
89		- */
90		- public function policies()
91		- {
92		- if (!$this->_policyTree) {
93		- return array();
94		- }
95		- return $this->_policyTree->policiesAtDepth(count($this->_certificates));
96		- }
	85	+ /**
	86	+ * Get certificate policies of the end-entity certificate.
	87	+ *
	88	+ * @return \X509\Certificate\Extension\CertificatePolicy\PolicyInformation[]
	89	+ */
	90	+ public function policies()
	91	+ {
	92	+ if (!$this->_policyTree) {
	93	+ return array();
	94	+ }
	95	+ return $this->_policyTree->policiesAtDepth(count($this->_certificates));
	96	+ }
97	97	}

		@@ -14,137 +14,137 @@
		block discarded – undo
14	14	*/
15	15	class CertificationPathBuilder
16	16	{
17		- /**
18		- * Trust anchors.
19		- *
20		- * @var CertificateBundle
21		- */
22		- protected $_trustList;
	17	+ /**
	18	+ * Trust anchors.
	19	+ *
	20	+ * @var CertificateBundle
	21	+ */
	22	+ protected $_trustList;
23	23
24		- /**
25		- * Constructor.
26		- *
27		- * @param CertificateBundle $trust_list List of trust anchors
28		- */
29		- public function __construct(CertificateBundle $trust_list)
30		- {
31		- $this->_trustList = $trust_list;
32		- }
	24	+ /**
	25	+ * Constructor.
	26	+ *
	27	+ * @param CertificateBundle $trust_list List of trust anchors
	28	+ */
	29	+ public function __construct(CertificateBundle $trust_list)
	30	+ {
	31	+ $this->_trustList = $trust_list;
	32	+ }
33	33
34		- /**
35		- * Get all certification paths to given target certificate from
36		- * any trust anchor.
37		- *
38		- * @param Certificate $target Target certificate
39		- * @param CertificateBundle\|null $intermediate Optional intermediate
40		- * certificates
41		- * @return CertificationPath[]
42		- */
43		- public function allPathsToTarget(Certificate $target,
44		- CertificateBundle $intermediate = null)
45		- {
46		- $paths = $this->_resolvePathsToTarget($target, $intermediate);
47		- // map paths to CertificationPath objects
48		- return array_map(
49		- function ($certs) {
50		- return new CertificationPath(...$certs);
51		- }, $paths);
52		- }
	34	+ /**
	35	+ * Get all certification paths to given target certificate from
	36	+ * any trust anchor.
	37	+ *
	38	+ * @param Certificate $target Target certificate
	39	+ * @param CertificateBundle\|null $intermediate Optional intermediate
	40	+ * certificates
	41	+ * @return CertificationPath[]
	42	+ */
	43	+ public function allPathsToTarget(Certificate $target,
	44	+ CertificateBundle $intermediate = null)
	45	+ {
	46	+ $paths = $this->_resolvePathsToTarget($target, $intermediate);
	47	+ // map paths to CertificationPath objects
	48	+ return array_map(
	49	+ function ($certs) {
	50	+ return new CertificationPath(...$certs);
	51	+ }, $paths);
	52	+ }
53	53
54		- /**
55		- * Resolve all possible certification paths from any trust anchor to
56		- * the target certificate, using optional intermediate certificates.
57		- *
58		- * Helper method for allPathsToTarget to be called recursively.
59		- *
60		- * @todo Implement loop detection
61		- * @param Certificate $target
62		- * @param CertificateBundle $intermediate
63		- * @return array[] Array of arrays containing path certificates
64		- */
65		- private function _resolvePathsToTarget(Certificate $target,
66		- CertificateBundle $intermediate = null)
67		- {
68		- // array of possible paths
69		- $paths = array();
70		- // signed by certificate in the trust list
71		- foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
72		- // if target is self-signed, path consists of only
73		- // the target certificate
74		- if ($target->equals($issuer)) {
75		- $paths[] = array($target);
76		- } else {
77		- $paths[] = array($issuer, $target);
78		- }
79		- }
80		- if (isset($intermediate)) {
81		- // signed by intermediate certificate
82		- foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
83		- // intermediate certificate must not be self-signed
84		- if ($issuer->isSelfIssued()) {
85		- continue;
86		- }
87		- // resolve paths to issuer
88		- $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
89		- foreach ($subpaths as $path) {
90		- $paths[] = array_merge($path, array($target));
91		- }
92		- }
93		- }
94		- return $paths;
95		- }
	54	+ /**
	55	+ * Resolve all possible certification paths from any trust anchor to
	56	+ * the target certificate, using optional intermediate certificates.
	57	+ *
	58	+ * Helper method for allPathsToTarget to be called recursively.
	59	+ *
	60	+ * @todo Implement loop detection
	61	+ * @param Certificate $target
	62	+ * @param CertificateBundle $intermediate
	63	+ * @return array[] Array of arrays containing path certificates
	64	+ */
	65	+ private function _resolvePathsToTarget(Certificate $target,
	66	+ CertificateBundle $intermediate = null)
	67	+ {
	68	+ // array of possible paths
	69	+ $paths = array();
	70	+ // signed by certificate in the trust list
	71	+ foreach ($this->_findIssuers($target, $this->_trustList) as $issuer) {
	72	+ // if target is self-signed, path consists of only
	73	+ // the target certificate
	74	+ if ($target->equals($issuer)) {
	75	+ $paths[] = array($target);
	76	+ } else {
	77	+ $paths[] = array($issuer, $target);
	78	+ }
	79	+ }
	80	+ if (isset($intermediate)) {
	81	+ // signed by intermediate certificate
	82	+ foreach ($this->_findIssuers($target, $intermediate) as $issuer) {
	83	+ // intermediate certificate must not be self-signed
	84	+ if ($issuer->isSelfIssued()) {
	85	+ continue;
	86	+ }
	87	+ // resolve paths to issuer
	88	+ $subpaths = $this->_resolvePathsToTarget($issuer, $intermediate);
	89	+ foreach ($subpaths as $path) {
	90	+ $paths[] = array_merge($path, array($target));
	91	+ }
	92	+ }
	93	+ }
	94	+ return $paths;
	95	+ }
96	96
97		- /**
98		- * Get shortest path to given target certificate from any trust anchor.
99		- *
100		- * @param Certificate $target Target certificate
101		- * @param CertificateBundle\|null $intermediate Optional intermediate
102		- * certificates
103		- * @throws PathBuildingException
104		- * @return CertificationPath
105		- */
106		- public function shortestPathToTarget(Certificate $target,
107		- CertificateBundle $intermediate = null)
108		- {
109		- $paths = $this->allPathsToTarget($target, $intermediate);
110		- if (!count($paths)) {
111		- throw new PathBuildingException("No certification paths.");
112		- }
113		- usort($paths,
114		- function ($a, $b) {
115		- return count($a) < count($b) ? -1 : 1;
116		- });
117		- return reset($paths);
118		- }
	97	+ /**
	98	+ * Get shortest path to given target certificate from any trust anchor.
	99	+ *
	100	+ * @param Certificate $target Target certificate
	101	+ * @param CertificateBundle\|null $intermediate Optional intermediate
	102	+ * certificates
	103	+ * @throws PathBuildingException
	104	+ * @return CertificationPath
	105	+ */
	106	+ public function shortestPathToTarget(Certificate $target,
	107	+ CertificateBundle $intermediate = null)
	108	+ {
	109	+ $paths = $this->allPathsToTarget($target, $intermediate);
	110	+ if (!count($paths)) {
	111	+ throw new PathBuildingException("No certification paths.");
	112	+ }
	113	+ usort($paths,
	114	+ function ($a, $b) {
	115	+ return count($a) < count($b) ? -1 : 1;
	116	+ });
	117	+ return reset($paths);
	118	+ }
119	119
120		- /**
121		- * Find all issuers of the target certificate from a given bundle.
122		- *
123		- * @param Certificate $target Target certificate
124		- * @param CertificateBundle $bundle Certificates to search
125		- * @return Certificate[]
126		- */
127		- protected function _findIssuers(Certificate $target,
128		- CertificateBundle $bundle)
129		- {
130		- $issuers = array();
131		- $issuer_name = $target->tbsCertificate()->issuer();
132		- $extensions = $target->tbsCertificate()->extensions();
133		- // find by authority key identifier
134		- if ($extensions->hasAuthorityKeyIdentifier()) {
135		- $ext = $extensions->authorityKeyIdentifier();
136		- if ($ext->hasKeyIdentifier()) {
137		- foreach ($bundle->allBySubjectKeyIdentifier(
138		- $ext->keyIdentifier()) as $issuer) {
139		- // check that issuer name matches
140		- if ($issuer->tbsCertificate()
141		- ->subject()
142		- ->equals($issuer_name)) {
143		- $issuers[] = $issuer;
144		- }
145		- }
146		- }
147		- }
148		- return $issuers;
149		- }
	120	+ /**
	121	+ * Find all issuers of the target certificate from a given bundle.
	122	+ *
	123	+ * @param Certificate $target Target certificate
	124	+ * @param CertificateBundle $bundle Certificates to search
	125	+ * @return Certificate[]
	126	+ */
	127	+ protected function _findIssuers(Certificate $target,
	128	+ CertificateBundle $bundle)
	129	+ {
	130	+ $issuers = array();
	131	+ $issuer_name = $target->tbsCertificate()->issuer();
	132	+ $extensions = $target->tbsCertificate()->extensions();
	133	+ // find by authority key identifier
	134	+ if ($extensions->hasAuthorityKeyIdentifier()) {
	135	+ $ext = $extensions->authorityKeyIdentifier();
	136	+ if ($ext->hasKeyIdentifier()) {
	137	+ foreach ($bundle->allBySubjectKeyIdentifier(
	138	+ $ext->keyIdentifier()) as $issuer) {
	139	+ // check that issuer name matches
	140	+ if ($issuer->tbsCertificate()
	141	+ ->subject()
	142	+ ->equals($issuer_name)) {
	143	+ $issuers[] = $issuer;
	144	+ }
	145	+ }
	146	+ }
	147	+ }
	148	+ return $issuers;
	149	+ }
150	150	}

sop / x509

GitHub Access Token became invalid

Push — master ( ff3a63...584877 )

Status

Category

Indentation +12 added lines, -12 removed lines patch added patch discarded remove patch

Indentation +11 added lines, -11 removed lines patch added patch discarded remove patch

Indentation +196 added lines, -196 removed lines patch added patch discarded remove patch

Indentation +238 added lines, -238 removed lines patch added patch discarded remove patch

Indentation +155 added lines, -155 removed lines patch added patch discarded remove patch

Indentation +553 added lines, -553 removed lines patch added patch discarded remove patch

Indentation +480 added lines, -480 removed lines patch added patch discarded remove patch

Indentation +74 added lines, -74 removed lines patch added patch discarded remove patch

Indentation +128 added lines, -128 removed lines patch added patch discarded remove patch