sop /
x509
@@ -17,164 +17,164 @@ |
||
| 17 | 17 | */ |
| 18 | 18 | class PolicyMappingsExtension extends Extension implements \Countable, \IteratorAggregate |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * Policy mappings. |
|
| 22 | - * |
|
| 23 | - * @var PolicyMapping[] |
|
| 24 | - */ |
|
| 25 | - protected $_mappings; |
|
| 20 | + /** |
|
| 21 | + * Policy mappings. |
|
| 22 | + * |
|
| 23 | + * @var PolicyMapping[] |
|
| 24 | + */ |
|
| 25 | + protected $_mappings; |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * Constructor. |
|
| 29 | - * |
|
| 30 | - * @param bool $critical |
|
| 31 | - * @param PolicyMapping ...$mappings One or more PolicyMapping objects |
|
| 32 | - */ |
|
| 33 | - public function __construct(bool $critical, PolicyMapping ...$mappings) |
|
| 34 | - { |
|
| 35 | - parent::__construct(self::OID_POLICY_MAPPINGS, $critical); |
|
| 36 | - $this->_mappings = $mappings; |
|
| 37 | - } |
|
| 27 | + /** |
|
| 28 | + * Constructor. |
|
| 29 | + * |
|
| 30 | + * @param bool $critical |
|
| 31 | + * @param PolicyMapping ...$mappings One or more PolicyMapping objects |
|
| 32 | + */ |
|
| 33 | + public function __construct(bool $critical, PolicyMapping ...$mappings) |
|
| 34 | + { |
|
| 35 | + parent::__construct(self::OID_POLICY_MAPPINGS, $critical); |
|
| 36 | + $this->_mappings = $mappings; |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * Get all mappings. |
|
| 41 | - * |
|
| 42 | - * @return PolicyMapping[] |
|
| 43 | - */ |
|
| 44 | - public function mappings(): array |
|
| 45 | - { |
|
| 46 | - return $this->_mappings; |
|
| 47 | - } |
|
| 39 | + /** |
|
| 40 | + * Get all mappings. |
|
| 41 | + * |
|
| 42 | + * @return PolicyMapping[] |
|
| 43 | + */ |
|
| 44 | + public function mappings(): array |
|
| 45 | + { |
|
| 46 | + return $this->_mappings; |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - /** |
|
| 50 | - * Get mappings flattened into a single array of arrays of subject domains |
|
| 51 | - * keyed by issuer domain. |
|
| 52 | - * |
|
| 53 | - * Eg. if policy mappings contains multiple mappings with the same issuer |
|
| 54 | - * domain policy, their corresponding subject domain policies are placed |
|
| 55 | - * under the same key. |
|
| 56 | - * |
|
| 57 | - * @return (string[])[] |
|
| 58 | - */ |
|
| 59 | - public function flattenedMappings(): array |
|
| 60 | - { |
|
| 61 | - $mappings = []; |
|
| 62 | - foreach ($this->_mappings as $mapping) { |
|
| 63 | - $idp = $mapping->issuerDomainPolicy(); |
|
| 64 | - if (!isset($mappings[$idp])) { |
|
| 65 | - $mappings[$idp] = []; |
|
| 66 | - } |
|
| 67 | - array_push($mappings[$idp], $mapping->subjectDomainPolicy()); |
|
| 68 | - } |
|
| 69 | - return $mappings; |
|
| 70 | - } |
|
| 49 | + /** |
|
| 50 | + * Get mappings flattened into a single array of arrays of subject domains |
|
| 51 | + * keyed by issuer domain. |
|
| 52 | + * |
|
| 53 | + * Eg. if policy mappings contains multiple mappings with the same issuer |
|
| 54 | + * domain policy, their corresponding subject domain policies are placed |
|
| 55 | + * under the same key. |
|
| 56 | + * |
|
| 57 | + * @return (string[])[] |
|
| 58 | + */ |
|
| 59 | + public function flattenedMappings(): array |
|
| 60 | + { |
|
| 61 | + $mappings = []; |
|
| 62 | + foreach ($this->_mappings as $mapping) { |
|
| 63 | + $idp = $mapping->issuerDomainPolicy(); |
|
| 64 | + if (!isset($mappings[$idp])) { |
|
| 65 | + $mappings[$idp] = []; |
|
| 66 | + } |
|
| 67 | + array_push($mappings[$idp], $mapping->subjectDomainPolicy()); |
|
| 68 | + } |
|
| 69 | + return $mappings; |
|
| 70 | + } |
|
| 71 | 71 | |
| 72 | - /** |
|
| 73 | - * Get all subject domain policy OIDs that are mapped to given issuer |
|
| 74 | - * domain policy OID. |
|
| 75 | - * |
|
| 76 | - * @param string $oid Issuer domain policy |
|
| 77 | - * |
|
| 78 | - * @return string[] List of OIDs in dotted format |
|
| 79 | - */ |
|
| 80 | - public function issuerMappings(string $oid): array |
|
| 81 | - { |
|
| 82 | - $oids = []; |
|
| 83 | - foreach ($this->_mappings as $mapping) { |
|
| 84 | - if ($mapping->issuerDomainPolicy() === $oid) { |
|
| 85 | - $oids[] = $mapping->subjectDomainPolicy(); |
|
| 86 | - } |
|
| 87 | - } |
|
| 88 | - return $oids; |
|
| 89 | - } |
|
| 72 | + /** |
|
| 73 | + * Get all subject domain policy OIDs that are mapped to given issuer |
|
| 74 | + * domain policy OID. |
|
| 75 | + * |
|
| 76 | + * @param string $oid Issuer domain policy |
|
| 77 | + * |
|
| 78 | + * @return string[] List of OIDs in dotted format |
|
| 79 | + */ |
|
| 80 | + public function issuerMappings(string $oid): array |
|
| 81 | + { |
|
| 82 | + $oids = []; |
|
| 83 | + foreach ($this->_mappings as $mapping) { |
|
| 84 | + if ($mapping->issuerDomainPolicy() === $oid) { |
|
| 85 | + $oids[] = $mapping->subjectDomainPolicy(); |
|
| 86 | + } |
|
| 87 | + } |
|
| 88 | + return $oids; |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - /** |
|
| 92 | - * Get all mapped issuer domain policy OIDs. |
|
| 93 | - * |
|
| 94 | - * @return string[] |
|
| 95 | - */ |
|
| 96 | - public function issuerDomainPolicies(): array |
|
| 97 | - { |
|
| 98 | - $idps = array_map( |
|
| 99 | - function (PolicyMapping $mapping) { |
|
| 100 | - return $mapping->issuerDomainPolicy(); |
|
| 101 | - }, $this->_mappings); |
|
| 102 | - return array_values(array_unique($idps)); |
|
| 103 | - } |
|
| 91 | + /** |
|
| 92 | + * Get all mapped issuer domain policy OIDs. |
|
| 93 | + * |
|
| 94 | + * @return string[] |
|
| 95 | + */ |
|
| 96 | + public function issuerDomainPolicies(): array |
|
| 97 | + { |
|
| 98 | + $idps = array_map( |
|
| 99 | + function (PolicyMapping $mapping) { |
|
| 100 | + return $mapping->issuerDomainPolicy(); |
|
| 101 | + }, $this->_mappings); |
|
| 102 | + return array_values(array_unique($idps)); |
|
| 103 | + } |
|
| 104 | 104 | |
| 105 | - /** |
|
| 106 | - * Check whether policy mappings have anyPolicy mapped. |
|
| 107 | - * |
|
| 108 | - * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either |
|
| 109 | - * to or from the special value anyPolicy". |
|
| 110 | - * |
|
| 111 | - * @return bool |
|
| 112 | - */ |
|
| 113 | - public function hasAnyPolicyMapping(): bool |
|
| 114 | - { |
|
| 115 | - foreach ($this->_mappings as $mapping) { |
|
| 116 | - if (PolicyInformation::OID_ANY_POLICY === $mapping->issuerDomainPolicy()) { |
|
| 117 | - return true; |
|
| 118 | - } |
|
| 119 | - if (PolicyInformation::OID_ANY_POLICY === $mapping->subjectDomainPolicy()) { |
|
| 120 | - return true; |
|
| 121 | - } |
|
| 122 | - } |
|
| 123 | - return false; |
|
| 124 | - } |
|
| 105 | + /** |
|
| 106 | + * Check whether policy mappings have anyPolicy mapped. |
|
| 107 | + * |
|
| 108 | + * RFC 5280 section 4.2.1.5 states that "Policies MUST NOT be mapped either |
|
| 109 | + * to or from the special value anyPolicy". |
|
| 110 | + * |
|
| 111 | + * @return bool |
|
| 112 | + */ |
|
| 113 | + public function hasAnyPolicyMapping(): bool |
|
| 114 | + { |
|
| 115 | + foreach ($this->_mappings as $mapping) { |
|
| 116 | + if (PolicyInformation::OID_ANY_POLICY === $mapping->issuerDomainPolicy()) { |
|
| 117 | + return true; |
|
| 118 | + } |
|
| 119 | + if (PolicyInformation::OID_ANY_POLICY === $mapping->subjectDomainPolicy()) { |
|
| 120 | + return true; |
|
| 121 | + } |
|
| 122 | + } |
|
| 123 | + return false; |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * Get the number of mappings. |
|
| 128 | - * |
|
| 129 | - * @see \Countable::count() |
|
| 130 | - * |
|
| 131 | - * @return int |
|
| 132 | - */ |
|
| 133 | - public function count(): int |
|
| 134 | - { |
|
| 135 | - return count($this->_mappings); |
|
| 136 | - } |
|
| 126 | + /** |
|
| 127 | + * Get the number of mappings. |
|
| 128 | + * |
|
| 129 | + * @see \Countable::count() |
|
| 130 | + * |
|
| 131 | + * @return int |
|
| 132 | + */ |
|
| 133 | + public function count(): int |
|
| 134 | + { |
|
| 135 | + return count($this->_mappings); |
|
| 136 | + } |
|
| 137 | 137 | |
| 138 | - /** |
|
| 139 | - * Get iterator for policy mappings. |
|
| 140 | - * |
|
| 141 | - * @see \IteratorAggregate::getIterator() |
|
| 142 | - * |
|
| 143 | - * @return \ArrayIterator |
|
| 144 | - */ |
|
| 145 | - public function getIterator(): \ArrayIterator |
|
| 146 | - { |
|
| 147 | - return new \ArrayIterator($this->_mappings); |
|
| 148 | - } |
|
| 138 | + /** |
|
| 139 | + * Get iterator for policy mappings. |
|
| 140 | + * |
|
| 141 | + * @see \IteratorAggregate::getIterator() |
|
| 142 | + * |
|
| 143 | + * @return \ArrayIterator |
|
| 144 | + */ |
|
| 145 | + public function getIterator(): \ArrayIterator |
|
| 146 | + { |
|
| 147 | + return new \ArrayIterator($this->_mappings); |
|
| 148 | + } |
|
| 149 | 149 | |
| 150 | - /** |
|
| 151 | - * {@inheritdoc} |
|
| 152 | - */ |
|
| 153 | - protected static function _fromDER(string $data, bool $critical): Extension |
|
| 154 | - { |
|
| 155 | - $mappings = array_map( |
|
| 156 | - function (UnspecifiedType $el) { |
|
| 157 | - return PolicyMapping::fromASN1($el->asSequence()); |
|
| 158 | - }, UnspecifiedType::fromDER($data)->asSequence()->elements()); |
|
| 159 | - if (!count($mappings)) { |
|
| 160 | - throw new \UnexpectedValueException( |
|
| 161 | - 'PolicyMappings must have at least one mapping.'); |
|
| 162 | - } |
|
| 163 | - return new self($critical, ...$mappings); |
|
| 164 | - } |
|
| 150 | + /** |
|
| 151 | + * {@inheritdoc} |
|
| 152 | + */ |
|
| 153 | + protected static function _fromDER(string $data, bool $critical): Extension |
|
| 154 | + { |
|
| 155 | + $mappings = array_map( |
|
| 156 | + function (UnspecifiedType $el) { |
|
| 157 | + return PolicyMapping::fromASN1($el->asSequence()); |
|
| 158 | + }, UnspecifiedType::fromDER($data)->asSequence()->elements()); |
|
| 159 | + if (!count($mappings)) { |
|
| 160 | + throw new \UnexpectedValueException( |
|
| 161 | + 'PolicyMappings must have at least one mapping.'); |
|
| 162 | + } |
|
| 163 | + return new self($critical, ...$mappings); |
|
| 164 | + } |
|
| 165 | 165 | |
| 166 | - /** |
|
| 167 | - * {@inheritdoc} |
|
| 168 | - */ |
|
| 169 | - protected function _valueASN1(): Element |
|
| 170 | - { |
|
| 171 | - if (!count($this->_mappings)) { |
|
| 172 | - throw new \LogicException('No mappings.'); |
|
| 173 | - } |
|
| 174 | - $elements = array_map( |
|
| 175 | - function (PolicyMapping $mapping) { |
|
| 176 | - return $mapping->toASN1(); |
|
| 177 | - }, $this->_mappings); |
|
| 178 | - return new Sequence(...$elements); |
|
| 179 | - } |
|
| 166 | + /** |
|
| 167 | + * {@inheritdoc} |
|
| 168 | + */ |
|
| 169 | + protected function _valueASN1(): Element |
|
| 170 | + { |
|
| 171 | + if (!count($this->_mappings)) { |
|
| 172 | + throw new \LogicException('No mappings.'); |
|
| 173 | + } |
|
| 174 | + $elements = array_map( |
|
| 175 | + function (PolicyMapping $mapping) { |
|
| 176 | + return $mapping->toASN1(); |
|
| 177 | + }, $this->_mappings); |
|
| 178 | + return new Sequence(...$elements); |
|
| 179 | + } |
|
| 180 | 180 | } |
@@ -19,173 +19,173 @@ |
||
| 19 | 19 | */ |
| 20 | 20 | class IssuerSerial |
| 21 | 21 | { |
| 22 | - /** |
|
| 23 | - * Issuer name. |
|
| 24 | - * |
|
| 25 | - * @var GeneralNames |
|
| 26 | - */ |
|
| 27 | - protected $_issuer; |
|
| 28 | - |
|
| 29 | - /** |
|
| 30 | - * Serial number as a base 10 integer. |
|
| 31 | - * |
|
| 32 | - * @var string |
|
| 33 | - */ |
|
| 34 | - protected $_serial; |
|
| 35 | - |
|
| 36 | - /** |
|
| 37 | - * Issuer unique ID. |
|
| 38 | - * |
|
| 39 | - * @var null|UniqueIdentifier |
|
| 40 | - */ |
|
| 41 | - protected $_issuerUID; |
|
| 42 | - |
|
| 43 | - /** |
|
| 44 | - * Constructor. |
|
| 45 | - * |
|
| 46 | - * @param GeneralNames $issuer |
|
| 47 | - * @param int|string $serial |
|
| 48 | - * @param null|UniqueIdentifier $uid |
|
| 49 | - */ |
|
| 50 | - public function __construct(GeneralNames $issuer, $serial, |
|
| 51 | - ?UniqueIdentifier $uid = null) |
|
| 52 | - { |
|
| 53 | - $this->_issuer = $issuer; |
|
| 54 | - $this->_serial = strval($serial); |
|
| 55 | - $this->_issuerUID = $uid; |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - /** |
|
| 59 | - * Initialize from ASN.1. |
|
| 60 | - * |
|
| 61 | - * @param Sequence $seq |
|
| 62 | - * |
|
| 63 | - * @return self |
|
| 64 | - */ |
|
| 65 | - public static function fromASN1(Sequence $seq): IssuerSerial |
|
| 66 | - { |
|
| 67 | - $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence()); |
|
| 68 | - $serial = $seq->at(1)->asInteger()->number(); |
|
| 69 | - $uid = null; |
|
| 70 | - if ($seq->has(2, Element::TYPE_BIT_STRING)) { |
|
| 71 | - $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString()); |
|
| 72 | - } |
|
| 73 | - return new self($issuer, $serial, $uid); |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - /** |
|
| 77 | - * Initialize from a public key certificate. |
|
| 78 | - * |
|
| 79 | - * @param Certificate $cert |
|
| 80 | - * |
|
| 81 | - * @return self |
|
| 82 | - */ |
|
| 83 | - public static function fromPKC(Certificate $cert): IssuerSerial |
|
| 84 | - { |
|
| 85 | - $tbsCert = $cert->tbsCertificate(); |
|
| 86 | - $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer())); |
|
| 87 | - $serial = $tbsCert->serialNumber(); |
|
| 88 | - $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null; |
|
| 89 | - return new self($issuer, $serial, $uid); |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * Get issuer name. |
|
| 94 | - * |
|
| 95 | - * @return GeneralNames |
|
| 96 | - */ |
|
| 97 | - public function issuer(): GeneralNames |
|
| 98 | - { |
|
| 99 | - return $this->_issuer; |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - /** |
|
| 103 | - * Get serial number. |
|
| 104 | - * |
|
| 105 | - * @return string |
|
| 106 | - */ |
|
| 107 | - public function serial(): string |
|
| 108 | - { |
|
| 109 | - return $this->_serial; |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - /** |
|
| 113 | - * Check whether issuer unique identifier is present. |
|
| 114 | - * |
|
| 115 | - * @return bool |
|
| 116 | - */ |
|
| 117 | - public function hasIssuerUID(): bool |
|
| 118 | - { |
|
| 119 | - return isset($this->_issuerUID); |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - /** |
|
| 123 | - * Get issuer unique identifier. |
|
| 124 | - * |
|
| 125 | - * @throws \LogicException If not set |
|
| 126 | - * |
|
| 127 | - * @return UniqueIdentifier |
|
| 128 | - */ |
|
| 129 | - public function issuerUID(): UniqueIdentifier |
|
| 130 | - { |
|
| 131 | - if (!$this->hasIssuerUID()) { |
|
| 132 | - throw new \LogicException('issuerUID not set.'); |
|
| 133 | - } |
|
| 134 | - return $this->_issuerUID; |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - /** |
|
| 138 | - * Generate ASN.1 structure. |
|
| 139 | - * |
|
| 140 | - * @return Sequence |
|
| 141 | - */ |
|
| 142 | - public function toASN1(): Sequence |
|
| 143 | - { |
|
| 144 | - $elements = [$this->_issuer->toASN1(), new Integer($this->_serial)]; |
|
| 145 | - if (isset($this->_issuerUID)) { |
|
| 146 | - $elements[] = $this->_issuerUID->toASN1(); |
|
| 147 | - } |
|
| 148 | - return new Sequence(...$elements); |
|
| 149 | - } |
|
| 150 | - |
|
| 151 | - /** |
|
| 152 | - * Check whether this IssuerSerial identifies given certificate. |
|
| 153 | - * |
|
| 154 | - * @param Certificate $cert |
|
| 155 | - * |
|
| 156 | - * @return bool |
|
| 157 | - */ |
|
| 158 | - public function identifiesPKC(Certificate $cert): bool |
|
| 159 | - { |
|
| 160 | - $tbs = $cert->tbsCertificate(); |
|
| 161 | - if (!$tbs->issuer()->equals($this->_issuer->firstDN())) { |
|
| 162 | - return false; |
|
| 163 | - } |
|
| 164 | - if ($tbs->serialNumber() !== $this->_serial) { |
|
| 165 | - return false; |
|
| 166 | - } |
|
| 167 | - if ($this->_issuerUID && !$this->_checkUniqueID($cert)) { |
|
| 168 | - return false; |
|
| 169 | - } |
|
| 170 | - return true; |
|
| 171 | - } |
|
| 172 | - |
|
| 173 | - /** |
|
| 174 | - * Check whether issuerUID matches given certificate. |
|
| 175 | - * |
|
| 176 | - * @param Certificate $cert |
|
| 177 | - * |
|
| 178 | - * @return bool |
|
| 179 | - */ |
|
| 180 | - private function _checkUniqueID(Certificate $cert): bool |
|
| 181 | - { |
|
| 182 | - if (!$cert->tbsCertificate()->hasIssuerUniqueID()) { |
|
| 183 | - return false; |
|
| 184 | - } |
|
| 185 | - $uid = $cert->tbsCertificate()->issuerUniqueID()->string(); |
|
| 186 | - if ($this->_issuerUID->string() !== $uid) { |
|
| 187 | - return false; |
|
| 188 | - } |
|
| 189 | - return true; |
|
| 190 | - } |
|
| 22 | + /** |
|
| 23 | + * Issuer name. |
|
| 24 | + * |
|
| 25 | + * @var GeneralNames |
|
| 26 | + */ |
|
| 27 | + protected $_issuer; |
|
| 28 | + |
|
| 29 | + /** |
|
| 30 | + * Serial number as a base 10 integer. |
|
| 31 | + * |
|
| 32 | + * @var string |
|
| 33 | + */ |
|
| 34 | + protected $_serial; |
|
| 35 | + |
|
| 36 | + /** |
|
| 37 | + * Issuer unique ID. |
|
| 38 | + * |
|
| 39 | + * @var null|UniqueIdentifier |
|
| 40 | + */ |
|
| 41 | + protected $_issuerUID; |
|
| 42 | + |
|
| 43 | + /** |
|
| 44 | + * Constructor. |
|
| 45 | + * |
|
| 46 | + * @param GeneralNames $issuer |
|
| 47 | + * @param int|string $serial |
|
| 48 | + * @param null|UniqueIdentifier $uid |
|
| 49 | + */ |
|
| 50 | + public function __construct(GeneralNames $issuer, $serial, |
|
| 51 | + ?UniqueIdentifier $uid = null) |
|
| 52 | + { |
|
| 53 | + $this->_issuer = $issuer; |
|
| 54 | + $this->_serial = strval($serial); |
|
| 55 | + $this->_issuerUID = $uid; |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + /** |
|
| 59 | + * Initialize from ASN.1. |
|
| 60 | + * |
|
| 61 | + * @param Sequence $seq |
|
| 62 | + * |
|
| 63 | + * @return self |
|
| 64 | + */ |
|
| 65 | + public static function fromASN1(Sequence $seq): IssuerSerial |
|
| 66 | + { |
|
| 67 | + $issuer = GeneralNames::fromASN1($seq->at(0)->asSequence()); |
|
| 68 | + $serial = $seq->at(1)->asInteger()->number(); |
|
| 69 | + $uid = null; |
|
| 70 | + if ($seq->has(2, Element::TYPE_BIT_STRING)) { |
|
| 71 | + $uid = UniqueIdentifier::fromASN1($seq->at(2)->asBitString()); |
|
| 72 | + } |
|
| 73 | + return new self($issuer, $serial, $uid); |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + /** |
|
| 77 | + * Initialize from a public key certificate. |
|
| 78 | + * |
|
| 79 | + * @param Certificate $cert |
|
| 80 | + * |
|
| 81 | + * @return self |
|
| 82 | + */ |
|
| 83 | + public static function fromPKC(Certificate $cert): IssuerSerial |
|
| 84 | + { |
|
| 85 | + $tbsCert = $cert->tbsCertificate(); |
|
| 86 | + $issuer = new GeneralNames(new DirectoryName($tbsCert->issuer())); |
|
| 87 | + $serial = $tbsCert->serialNumber(); |
|
| 88 | + $uid = $tbsCert->hasIssuerUniqueID() ? $tbsCert->issuerUniqueID() : null; |
|
| 89 | + return new self($issuer, $serial, $uid); |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * Get issuer name. |
|
| 94 | + * |
|
| 95 | + * @return GeneralNames |
|
| 96 | + */ |
|
| 97 | + public function issuer(): GeneralNames |
|
| 98 | + { |
|
| 99 | + return $this->_issuer; |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + /** |
|
| 103 | + * Get serial number. |
|
| 104 | + * |
|
| 105 | + * @return string |
|
| 106 | + */ |
|
| 107 | + public function serial(): string |
|
| 108 | + { |
|
| 109 | + return $this->_serial; |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + /** |
|
| 113 | + * Check whether issuer unique identifier is present. |
|
| 114 | + * |
|
| 115 | + * @return bool |
|
| 116 | + */ |
|
| 117 | + public function hasIssuerUID(): bool |
|
| 118 | + { |
|
| 119 | + return isset($this->_issuerUID); |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + /** |
|
| 123 | + * Get issuer unique identifier. |
|
| 124 | + * |
|
| 125 | + * @throws \LogicException If not set |
|
| 126 | + * |
|
| 127 | + * @return UniqueIdentifier |
|
| 128 | + */ |
|
| 129 | + public function issuerUID(): UniqueIdentifier |
|
| 130 | + { |
|
| 131 | + if (!$this->hasIssuerUID()) { |
|
| 132 | + throw new \LogicException('issuerUID not set.'); |
|
| 133 | + } |
|
| 134 | + return $this->_issuerUID; |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + /** |
|
| 138 | + * Generate ASN.1 structure. |
|
| 139 | + * |
|
| 140 | + * @return Sequence |
|
| 141 | + */ |
|
| 142 | + public function toASN1(): Sequence |
|
| 143 | + { |
|
| 144 | + $elements = [$this->_issuer->toASN1(), new Integer($this->_serial)]; |
|
| 145 | + if (isset($this->_issuerUID)) { |
|
| 146 | + $elements[] = $this->_issuerUID->toASN1(); |
|
| 147 | + } |
|
| 148 | + return new Sequence(...$elements); |
|
| 149 | + } |
|
| 150 | + |
|
| 151 | + /** |
|
| 152 | + * Check whether this IssuerSerial identifies given certificate. |
|
| 153 | + * |
|
| 154 | + * @param Certificate $cert |
|
| 155 | + * |
|
| 156 | + * @return bool |
|
| 157 | + */ |
|
| 158 | + public function identifiesPKC(Certificate $cert): bool |
|
| 159 | + { |
|
| 160 | + $tbs = $cert->tbsCertificate(); |
|
| 161 | + if (!$tbs->issuer()->equals($this->_issuer->firstDN())) { |
|
| 162 | + return false; |
|
| 163 | + } |
|
| 164 | + if ($tbs->serialNumber() !== $this->_serial) { |
|
| 165 | + return false; |
|
| 166 | + } |
|
| 167 | + if ($this->_issuerUID && !$this->_checkUniqueID($cert)) { |
|
| 168 | + return false; |
|
| 169 | + } |
|
| 170 | + return true; |
|
| 171 | + } |
|
| 172 | + |
|
| 173 | + /** |
|
| 174 | + * Check whether issuerUID matches given certificate. |
|
| 175 | + * |
|
| 176 | + * @param Certificate $cert |
|
| 177 | + * |
|
| 178 | + * @return bool |
|
| 179 | + */ |
|
| 180 | + private function _checkUniqueID(Certificate $cert): bool |
|
| 181 | + { |
|
| 182 | + if (!$cert->tbsCertificate()->hasIssuerUniqueID()) { |
|
| 183 | + return false; |
|
| 184 | + } |
|
| 185 | + $uid = $cert->tbsCertificate()->issuerUniqueID()->string(); |
|
| 186 | + if ($this->_issuerUID->string() !== $uid) { |
|
| 187 | + return false; |
|
| 188 | + } |
|
| 189 | + return true; |
|
| 190 | + } |
|
| 191 | 191 | } |
