sop /
x509
@@ -18,81 +18,81 @@ |
||
| 18 | 18 | */ |
| 19 | 19 | class PathValidationResult |
| 20 | 20 | { |
| 21 | - /** |
|
| 22 | - * Certificates in a certification path. |
|
| 23 | - * |
|
| 24 | - * @var Certificate[] |
|
| 25 | - */ |
|
| 26 | - protected $_certificates; |
|
| 21 | + /** |
|
| 22 | + * Certificates in a certification path. |
|
| 23 | + * |
|
| 24 | + * @var Certificate[] |
|
| 25 | + */ |
|
| 26 | + protected $_certificates; |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * Valid policy tree. |
|
| 30 | - * |
|
| 31 | - * @var null|PolicyTree |
|
| 32 | - */ |
|
| 33 | - protected $_policyTree; |
|
| 28 | + /** |
|
| 29 | + * Valid policy tree. |
|
| 30 | + * |
|
| 31 | + * @var null|PolicyTree |
|
| 32 | + */ |
|
| 33 | + protected $_policyTree; |
|
| 34 | 34 | |
| 35 | - /** |
|
| 36 | - * End-entity certificate's public key. |
|
| 37 | - * |
|
| 38 | - * @var PublicKeyInfo |
|
| 39 | - */ |
|
| 40 | - protected $_publicKeyInfo; |
|
| 35 | + /** |
|
| 36 | + * End-entity certificate's public key. |
|
| 37 | + * |
|
| 38 | + * @var PublicKeyInfo |
|
| 39 | + */ |
|
| 40 | + protected $_publicKeyInfo; |
|
| 41 | 41 | |
| 42 | - /** |
|
| 43 | - * Public key algorithm. |
|
| 44 | - * |
|
| 45 | - * @var AlgorithmIdentifierType |
|
| 46 | - */ |
|
| 47 | - protected $_publicKeyAlgo; |
|
| 42 | + /** |
|
| 43 | + * Public key algorithm. |
|
| 44 | + * |
|
| 45 | + * @var AlgorithmIdentifierType |
|
| 46 | + */ |
|
| 47 | + protected $_publicKeyAlgo; |
|
| 48 | 48 | |
| 49 | - /** |
|
| 50 | - * Public key parameters. |
|
| 51 | - * |
|
| 52 | - * @var null|Element |
|
| 53 | - */ |
|
| 54 | - protected $_publicKeyParameters; |
|
| 49 | + /** |
|
| 50 | + * Public key parameters. |
|
| 51 | + * |
|
| 52 | + * @var null|Element |
|
| 53 | + */ |
|
| 54 | + protected $_publicKeyParameters; |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Constructor. |
|
| 58 | - * |
|
| 59 | - * @param Certificate[] $certificates Certificates in a certification path |
|
| 60 | - * @param null|PolicyTree $policy_tree Valid policy tree |
|
| 61 | - * @param PublicKeyInfo $pubkey_info Public key of the end-entity certificate |
|
| 62 | - * @param AlgorithmIdentifierType $algo Public key algorithm of the end-entity certificate |
|
| 63 | - * @param null|Element $params Algorithm parameters |
|
| 64 | - */ |
|
| 65 | - public function __construct(array $certificates, ?PolicyTree $policy_tree, |
|
| 66 | - PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo, |
|
| 67 | - ?Element $params = null) |
|
| 68 | - { |
|
| 69 | - $this->_certificates = array_values($certificates); |
|
| 70 | - $this->_policyTree = $policy_tree; |
|
| 71 | - $this->_publicKeyInfo = $pubkey_info; |
|
| 72 | - $this->_publicKeyAlgo = $algo; |
|
| 73 | - $this->_publicKeyParameters = $params; |
|
| 74 | - } |
|
| 56 | + /** |
|
| 57 | + * Constructor. |
|
| 58 | + * |
|
| 59 | + * @param Certificate[] $certificates Certificates in a certification path |
|
| 60 | + * @param null|PolicyTree $policy_tree Valid policy tree |
|
| 61 | + * @param PublicKeyInfo $pubkey_info Public key of the end-entity certificate |
|
| 62 | + * @param AlgorithmIdentifierType $algo Public key algorithm of the end-entity certificate |
|
| 63 | + * @param null|Element $params Algorithm parameters |
|
| 64 | + */ |
|
| 65 | + public function __construct(array $certificates, ?PolicyTree $policy_tree, |
|
| 66 | + PublicKeyInfo $pubkey_info, AlgorithmIdentifierType $algo, |
|
| 67 | + ?Element $params = null) |
|
| 68 | + { |
|
| 69 | + $this->_certificates = array_values($certificates); |
|
| 70 | + $this->_policyTree = $policy_tree; |
|
| 71 | + $this->_publicKeyInfo = $pubkey_info; |
|
| 72 | + $this->_publicKeyAlgo = $algo; |
|
| 73 | + $this->_publicKeyParameters = $params; |
|
| 74 | + } |
|
| 75 | 75 | |
| 76 | - /** |
|
| 77 | - * Get end-entity certificate. |
|
| 78 | - * |
|
| 79 | - * @return Certificate |
|
| 80 | - */ |
|
| 81 | - public function certificate(): Certificate |
|
| 82 | - { |
|
| 83 | - return $this->_certificates[count($this->_certificates) - 1]; |
|
| 84 | - } |
|
| 76 | + /** |
|
| 77 | + * Get end-entity certificate. |
|
| 78 | + * |
|
| 79 | + * @return Certificate |
|
| 80 | + */ |
|
| 81 | + public function certificate(): Certificate |
|
| 82 | + { |
|
| 83 | + return $this->_certificates[count($this->_certificates) - 1]; |
|
| 84 | + } |
|
| 85 | 85 | |
| 86 | - /** |
|
| 87 | - * Get certificate policies of the end-entity certificate. |
|
| 88 | - * |
|
| 89 | - * @return PolicyInformation[] |
|
| 90 | - */ |
|
| 91 | - public function policies(): array |
|
| 92 | - { |
|
| 93 | - if (!$this->_policyTree) { |
|
| 94 | - return []; |
|
| 95 | - } |
|
| 96 | - return $this->_policyTree->policiesAtDepth(count($this->_certificates)); |
|
| 97 | - } |
|
| 86 | + /** |
|
| 87 | + * Get certificate policies of the end-entity certificate. |
|
| 88 | + * |
|
| 89 | + * @return PolicyInformation[] |
|
| 90 | + */ |
|
| 91 | + public function policies(): array |
|
| 92 | + { |
|
| 93 | + if (!$this->_policyTree) { |
|
| 94 | + return []; |
|
| 95 | + } |
|
| 96 | + return $this->_policyTree->policiesAtDepth(count($this->_certificates)); |
|
| 97 | + } |
|
| 98 | 98 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\PathValidation; |
| 6 | 6 | |
@@ -14,282 +14,282 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class PathValidationConfig |
| 16 | 16 | { |
| 17 | - /** |
|
| 18 | - * Maximum allowed certification path length. |
|
| 19 | - * |
|
| 20 | - * @var int |
|
| 21 | - */ |
|
| 22 | - protected $_maxLength; |
|
| 17 | + /** |
|
| 18 | + * Maximum allowed certification path length. |
|
| 19 | + * |
|
| 20 | + * @var int |
|
| 21 | + */ |
|
| 22 | + protected $_maxLength; |
|
| 23 | 23 | |
| 24 | - /** |
|
| 25 | - * Reference time. |
|
| 26 | - * |
|
| 27 | - * @var \DateTimeImmutable |
|
| 28 | - */ |
|
| 29 | - protected $_dateTime; |
|
| 24 | + /** |
|
| 25 | + * Reference time. |
|
| 26 | + * |
|
| 27 | + * @var \DateTimeImmutable |
|
| 28 | + */ |
|
| 29 | + protected $_dateTime; |
|
| 30 | 30 | |
| 31 | - /** |
|
| 32 | - * List of acceptable policy identifiers. |
|
| 33 | - * |
|
| 34 | - * @var string[] |
|
| 35 | - */ |
|
| 36 | - protected $_policySet; |
|
| 31 | + /** |
|
| 32 | + * List of acceptable policy identifiers. |
|
| 33 | + * |
|
| 34 | + * @var string[] |
|
| 35 | + */ |
|
| 36 | + protected $_policySet; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * Trust anchor certificate. |
|
| 40 | - * |
|
| 41 | - * If not set, path validation uses the first certificate of the path. |
|
| 42 | - * |
|
| 43 | - * @var null|Certificate |
|
| 44 | - */ |
|
| 45 | - protected $_trustAnchor; |
|
| 38 | + /** |
|
| 39 | + * Trust anchor certificate. |
|
| 40 | + * |
|
| 41 | + * If not set, path validation uses the first certificate of the path. |
|
| 42 | + * |
|
| 43 | + * @var null|Certificate |
|
| 44 | + */ |
|
| 45 | + protected $_trustAnchor; |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * Whether policy mapping in inhibited. |
|
| 49 | - * |
|
| 50 | - * Setting this to true disallows policy mapping. |
|
| 51 | - * |
|
| 52 | - * @var bool |
|
| 53 | - */ |
|
| 54 | - protected $_policyMappingInhibit; |
|
| 47 | + /** |
|
| 48 | + * Whether policy mapping in inhibited. |
|
| 49 | + * |
|
| 50 | + * Setting this to true disallows policy mapping. |
|
| 51 | + * |
|
| 52 | + * @var bool |
|
| 53 | + */ |
|
| 54 | + protected $_policyMappingInhibit; |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Whether the path must be valid for at least one policy in the |
|
| 58 | - * initial policy set. |
|
| 59 | - * |
|
| 60 | - * @var bool |
|
| 61 | - */ |
|
| 62 | - protected $_explicitPolicy; |
|
| 56 | + /** |
|
| 57 | + * Whether the path must be valid for at least one policy in the |
|
| 58 | + * initial policy set. |
|
| 59 | + * |
|
| 60 | + * @var bool |
|
| 61 | + */ |
|
| 62 | + protected $_explicitPolicy; |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * Whether anyPolicy OID processing should be inhibited. |
|
| 66 | - * |
|
| 67 | - * Setting this to true disallows the usage of anyPolicy. |
|
| 68 | - * |
|
| 69 | - * @var bool |
|
| 70 | - */ |
|
| 71 | - protected $_anyPolicyInhibit; |
|
| 64 | + /** |
|
| 65 | + * Whether anyPolicy OID processing should be inhibited. |
|
| 66 | + * |
|
| 67 | + * Setting this to true disallows the usage of anyPolicy. |
|
| 68 | + * |
|
| 69 | + * @var bool |
|
| 70 | + */ |
|
| 71 | + protected $_anyPolicyInhibit; |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * @todo Implement |
|
| 75 | - * |
|
| 76 | - * @var mixed |
|
| 77 | - */ |
|
| 78 | - protected $_permittedSubtrees; |
|
| 73 | + /** |
|
| 74 | + * @todo Implement |
|
| 75 | + * |
|
| 76 | + * @var mixed |
|
| 77 | + */ |
|
| 78 | + protected $_permittedSubtrees; |
|
| 79 | 79 | |
| 80 | - /** |
|
| 81 | - * @todo Implement |
|
| 82 | - * |
|
| 83 | - * @var mixed |
|
| 84 | - */ |
|
| 85 | - protected $_excludedSubtrees; |
|
| 80 | + /** |
|
| 81 | + * @todo Implement |
|
| 82 | + * |
|
| 83 | + * @var mixed |
|
| 84 | + */ |
|
| 85 | + protected $_excludedSubtrees; |
|
| 86 | 86 | |
| 87 | - /** |
|
| 88 | - * Constructor. |
|
| 89 | - * |
|
| 90 | - * @param \DateTimeImmutable $dt Reference date and time |
|
| 91 | - * @param int $max_length Maximum certification path length |
|
| 92 | - */ |
|
| 93 | - public function __construct(\DateTimeImmutable $dt, int $max_length) |
|
| 94 | - { |
|
| 95 | - $this->_dateTime = $dt; |
|
| 96 | - $this->_maxLength = $max_length; |
|
| 97 | - $this->_policySet = [PolicyInformation::OID_ANY_POLICY]; |
|
| 98 | - $this->_policyMappingInhibit = false; |
|
| 99 | - $this->_explicitPolicy = false; |
|
| 100 | - $this->_anyPolicyInhibit = false; |
|
| 101 | - } |
|
| 87 | + /** |
|
| 88 | + * Constructor. |
|
| 89 | + * |
|
| 90 | + * @param \DateTimeImmutable $dt Reference date and time |
|
| 91 | + * @param int $max_length Maximum certification path length |
|
| 92 | + */ |
|
| 93 | + public function __construct(\DateTimeImmutable $dt, int $max_length) |
|
| 94 | + { |
|
| 95 | + $this->_dateTime = $dt; |
|
| 96 | + $this->_maxLength = $max_length; |
|
| 97 | + $this->_policySet = [PolicyInformation::OID_ANY_POLICY]; |
|
| 98 | + $this->_policyMappingInhibit = false; |
|
| 99 | + $this->_explicitPolicy = false; |
|
| 100 | + $this->_anyPolicyInhibit = false; |
|
| 101 | + } |
|
| 102 | 102 | |
| 103 | - /** |
|
| 104 | - * Get default configuration. |
|
| 105 | - * |
|
| 106 | - * @return self |
|
| 107 | - */ |
|
| 108 | - public static function defaultConfig(): self |
|
| 109 | - { |
|
| 110 | - return new self(new \DateTimeImmutable(), 3); |
|
| 111 | - } |
|
| 103 | + /** |
|
| 104 | + * Get default configuration. |
|
| 105 | + * |
|
| 106 | + * @return self |
|
| 107 | + */ |
|
| 108 | + public static function defaultConfig(): self |
|
| 109 | + { |
|
| 110 | + return new self(new \DateTimeImmutable(), 3); |
|
| 111 | + } |
|
| 112 | 112 | |
| 113 | - /** |
|
| 114 | - * Get self with maximum path length. |
|
| 115 | - * |
|
| 116 | - * @param int $length |
|
| 117 | - * |
|
| 118 | - * @return self |
|
| 119 | - */ |
|
| 120 | - public function withMaxLength(int $length): self |
|
| 121 | - { |
|
| 122 | - $obj = clone $this; |
|
| 123 | - $obj->_maxLength = $length; |
|
| 124 | - return $obj; |
|
| 125 | - } |
|
| 113 | + /** |
|
| 114 | + * Get self with maximum path length. |
|
| 115 | + * |
|
| 116 | + * @param int $length |
|
| 117 | + * |
|
| 118 | + * @return self |
|
| 119 | + */ |
|
| 120 | + public function withMaxLength(int $length): self |
|
| 121 | + { |
|
| 122 | + $obj = clone $this; |
|
| 123 | + $obj->_maxLength = $length; |
|
| 124 | + return $obj; |
|
| 125 | + } |
|
| 126 | 126 | |
| 127 | - /** |
|
| 128 | - * Get self with reference date and time. |
|
| 129 | - * |
|
| 130 | - * @param \DateTimeImmutable $dt |
|
| 131 | - * |
|
| 132 | - * @return self |
|
| 133 | - */ |
|
| 134 | - public function withDateTime(\DateTimeImmutable $dt): self |
|
| 135 | - { |
|
| 136 | - $obj = clone $this; |
|
| 137 | - $obj->_dateTime = $dt; |
|
| 138 | - return $obj; |
|
| 139 | - } |
|
| 127 | + /** |
|
| 128 | + * Get self with reference date and time. |
|
| 129 | + * |
|
| 130 | + * @param \DateTimeImmutable $dt |
|
| 131 | + * |
|
| 132 | + * @return self |
|
| 133 | + */ |
|
| 134 | + public function withDateTime(\DateTimeImmutable $dt): self |
|
| 135 | + { |
|
| 136 | + $obj = clone $this; |
|
| 137 | + $obj->_dateTime = $dt; |
|
| 138 | + return $obj; |
|
| 139 | + } |
|
| 140 | 140 | |
| 141 | - /** |
|
| 142 | - * Get self with trust anchor certificate. |
|
| 143 | - * |
|
| 144 | - * @param Certificate $ca |
|
| 145 | - * |
|
| 146 | - * @return self |
|
| 147 | - */ |
|
| 148 | - public function withTrustAnchor(Certificate $ca): self |
|
| 149 | - { |
|
| 150 | - $obj = clone $this; |
|
| 151 | - $obj->_trustAnchor = $ca; |
|
| 152 | - return $obj; |
|
| 153 | - } |
|
| 141 | + /** |
|
| 142 | + * Get self with trust anchor certificate. |
|
| 143 | + * |
|
| 144 | + * @param Certificate $ca |
|
| 145 | + * |
|
| 146 | + * @return self |
|
| 147 | + */ |
|
| 148 | + public function withTrustAnchor(Certificate $ca): self |
|
| 149 | + { |
|
| 150 | + $obj = clone $this; |
|
| 151 | + $obj->_trustAnchor = $ca; |
|
| 152 | + return $obj; |
|
| 153 | + } |
|
| 154 | 154 | |
| 155 | - /** |
|
| 156 | - * Get self with initial-policy-mapping-inhibit set. |
|
| 157 | - * |
|
| 158 | - * @param bool $flag |
|
| 159 | - * |
|
| 160 | - * @return self |
|
| 161 | - */ |
|
| 162 | - public function withPolicyMappingInhibit(bool $flag): self |
|
| 163 | - { |
|
| 164 | - $obj = clone $this; |
|
| 165 | - $obj->_policyMappingInhibit = $flag; |
|
| 166 | - return $obj; |
|
| 167 | - } |
|
| 155 | + /** |
|
| 156 | + * Get self with initial-policy-mapping-inhibit set. |
|
| 157 | + * |
|
| 158 | + * @param bool $flag |
|
| 159 | + * |
|
| 160 | + * @return self |
|
| 161 | + */ |
|
| 162 | + public function withPolicyMappingInhibit(bool $flag): self |
|
| 163 | + { |
|
| 164 | + $obj = clone $this; |
|
| 165 | + $obj->_policyMappingInhibit = $flag; |
|
| 166 | + return $obj; |
|
| 167 | + } |
|
| 168 | 168 | |
| 169 | - /** |
|
| 170 | - * Get self with initial-explicit-policy set. |
|
| 171 | - * |
|
| 172 | - * @param bool $flag |
|
| 173 | - * |
|
| 174 | - * @return self |
|
| 175 | - */ |
|
| 176 | - public function withExplicitPolicy(bool $flag): self |
|
| 177 | - { |
|
| 178 | - $obj = clone $this; |
|
| 179 | - $obj->_explicitPolicy = $flag; |
|
| 180 | - return $obj; |
|
| 181 | - } |
|
| 169 | + /** |
|
| 170 | + * Get self with initial-explicit-policy set. |
|
| 171 | + * |
|
| 172 | + * @param bool $flag |
|
| 173 | + * |
|
| 174 | + * @return self |
|
| 175 | + */ |
|
| 176 | + public function withExplicitPolicy(bool $flag): self |
|
| 177 | + { |
|
| 178 | + $obj = clone $this; |
|
| 179 | + $obj->_explicitPolicy = $flag; |
|
| 180 | + return $obj; |
|
| 181 | + } |
|
| 182 | 182 | |
| 183 | - /** |
|
| 184 | - * Get self with initial-any-policy-inhibit set. |
|
| 185 | - * |
|
| 186 | - * @param bool $flag |
|
| 187 | - * |
|
| 188 | - * @return self |
|
| 189 | - */ |
|
| 190 | - public function withAnyPolicyInhibit(bool $flag): self |
|
| 191 | - { |
|
| 192 | - $obj = clone $this; |
|
| 193 | - $obj->_anyPolicyInhibit = $flag; |
|
| 194 | - return $obj; |
|
| 195 | - } |
|
| 183 | + /** |
|
| 184 | + * Get self with initial-any-policy-inhibit set. |
|
| 185 | + * |
|
| 186 | + * @param bool $flag |
|
| 187 | + * |
|
| 188 | + * @return self |
|
| 189 | + */ |
|
| 190 | + public function withAnyPolicyInhibit(bool $flag): self |
|
| 191 | + { |
|
| 192 | + $obj = clone $this; |
|
| 193 | + $obj->_anyPolicyInhibit = $flag; |
|
| 194 | + return $obj; |
|
| 195 | + } |
|
| 196 | 196 | |
| 197 | - /** |
|
| 198 | - * Get self with user-initial-policy-set set to policy OIDs. |
|
| 199 | - * |
|
| 200 | - * @param string ...$policies List of policy OIDs |
|
| 201 | - * |
|
| 202 | - * @return self |
|
| 203 | - */ |
|
| 204 | - public function withPolicySet(string ...$policies): self |
|
| 205 | - { |
|
| 206 | - $obj = clone $this; |
|
| 207 | - $obj->_policySet = $policies; |
|
| 208 | - return $obj; |
|
| 209 | - } |
|
| 197 | + /** |
|
| 198 | + * Get self with user-initial-policy-set set to policy OIDs. |
|
| 199 | + * |
|
| 200 | + * @param string ...$policies List of policy OIDs |
|
| 201 | + * |
|
| 202 | + * @return self |
|
| 203 | + */ |
|
| 204 | + public function withPolicySet(string ...$policies): self |
|
| 205 | + { |
|
| 206 | + $obj = clone $this; |
|
| 207 | + $obj->_policySet = $policies; |
|
| 208 | + return $obj; |
|
| 209 | + } |
|
| 210 | 210 | |
| 211 | - /** |
|
| 212 | - * Get maximum certification path length. |
|
| 213 | - * |
|
| 214 | - * @return int |
|
| 215 | - */ |
|
| 216 | - public function maxLength(): int |
|
| 217 | - { |
|
| 218 | - return $this->_maxLength; |
|
| 219 | - } |
|
| 211 | + /** |
|
| 212 | + * Get maximum certification path length. |
|
| 213 | + * |
|
| 214 | + * @return int |
|
| 215 | + */ |
|
| 216 | + public function maxLength(): int |
|
| 217 | + { |
|
| 218 | + return $this->_maxLength; |
|
| 219 | + } |
|
| 220 | 220 | |
| 221 | - /** |
|
| 222 | - * Get reference date and time. |
|
| 223 | - * |
|
| 224 | - * @return \DateTimeImmutable |
|
| 225 | - */ |
|
| 226 | - public function dateTime(): \DateTimeImmutable |
|
| 227 | - { |
|
| 228 | - return $this->_dateTime; |
|
| 229 | - } |
|
| 221 | + /** |
|
| 222 | + * Get reference date and time. |
|
| 223 | + * |
|
| 224 | + * @return \DateTimeImmutable |
|
| 225 | + */ |
|
| 226 | + public function dateTime(): \DateTimeImmutable |
|
| 227 | + { |
|
| 228 | + return $this->_dateTime; |
|
| 229 | + } |
|
| 230 | 230 | |
| 231 | - /** |
|
| 232 | - * Get user-initial-policy-set. |
|
| 233 | - * |
|
| 234 | - * @return string[] Array of OID's |
|
| 235 | - */ |
|
| 236 | - public function policySet(): array |
|
| 237 | - { |
|
| 238 | - return $this->_policySet; |
|
| 239 | - } |
|
| 231 | + /** |
|
| 232 | + * Get user-initial-policy-set. |
|
| 233 | + * |
|
| 234 | + * @return string[] Array of OID's |
|
| 235 | + */ |
|
| 236 | + public function policySet(): array |
|
| 237 | + { |
|
| 238 | + return $this->_policySet; |
|
| 239 | + } |
|
| 240 | 240 | |
| 241 | - /** |
|
| 242 | - * Check whether trust anchor certificate is set. |
|
| 243 | - * |
|
| 244 | - * @return bool |
|
| 245 | - */ |
|
| 246 | - public function hasTrustAnchor(): bool |
|
| 247 | - { |
|
| 248 | - return isset($this->_trustAnchor); |
|
| 249 | - } |
|
| 241 | + /** |
|
| 242 | + * Check whether trust anchor certificate is set. |
|
| 243 | + * |
|
| 244 | + * @return bool |
|
| 245 | + */ |
|
| 246 | + public function hasTrustAnchor(): bool |
|
| 247 | + { |
|
| 248 | + return isset($this->_trustAnchor); |
|
| 249 | + } |
|
| 250 | 250 | |
| 251 | - /** |
|
| 252 | - * Get trust anchor certificate. |
|
| 253 | - * |
|
| 254 | - * @throws \LogicException If not set |
|
| 255 | - * |
|
| 256 | - * @return Certificate |
|
| 257 | - */ |
|
| 258 | - public function trustAnchor(): Certificate |
|
| 259 | - { |
|
| 260 | - if (!$this->hasTrustAnchor()) { |
|
| 261 | - throw new \LogicException('No trust anchor.'); |
|
| 262 | - } |
|
| 263 | - return $this->_trustAnchor; |
|
| 264 | - } |
|
| 251 | + /** |
|
| 252 | + * Get trust anchor certificate. |
|
| 253 | + * |
|
| 254 | + * @throws \LogicException If not set |
|
| 255 | + * |
|
| 256 | + * @return Certificate |
|
| 257 | + */ |
|
| 258 | + public function trustAnchor(): Certificate |
|
| 259 | + { |
|
| 260 | + if (!$this->hasTrustAnchor()) { |
|
| 261 | + throw new \LogicException('No trust anchor.'); |
|
| 262 | + } |
|
| 263 | + return $this->_trustAnchor; |
|
| 264 | + } |
|
| 265 | 265 | |
| 266 | - /** |
|
| 267 | - * Get initial-policy-mapping-inhibit. |
|
| 268 | - * |
|
| 269 | - * @return bool |
|
| 270 | - */ |
|
| 271 | - public function policyMappingInhibit(): bool |
|
| 272 | - { |
|
| 273 | - return $this->_policyMappingInhibit; |
|
| 274 | - } |
|
| 266 | + /** |
|
| 267 | + * Get initial-policy-mapping-inhibit. |
|
| 268 | + * |
|
| 269 | + * @return bool |
|
| 270 | + */ |
|
| 271 | + public function policyMappingInhibit(): bool |
|
| 272 | + { |
|
| 273 | + return $this->_policyMappingInhibit; |
|
| 274 | + } |
|
| 275 | 275 | |
| 276 | - /** |
|
| 277 | - * Get initial-explicit-policy. |
|
| 278 | - * |
|
| 279 | - * @return bool |
|
| 280 | - */ |
|
| 281 | - public function explicitPolicy(): bool |
|
| 282 | - { |
|
| 283 | - return $this->_explicitPolicy; |
|
| 284 | - } |
|
| 276 | + /** |
|
| 277 | + * Get initial-explicit-policy. |
|
| 278 | + * |
|
| 279 | + * @return bool |
|
| 280 | + */ |
|
| 281 | + public function explicitPolicy(): bool |
|
| 282 | + { |
|
| 283 | + return $this->_explicitPolicy; |
|
| 284 | + } |
|
| 285 | 285 | |
| 286 | - /** |
|
| 287 | - * Get initial-any-policy-inhibit. |
|
| 288 | - * |
|
| 289 | - * @return bool |
|
| 290 | - */ |
|
| 291 | - public function anyPolicyInhibit(): bool |
|
| 292 | - { |
|
| 293 | - return $this->_anyPolicyInhibit; |
|
| 294 | - } |
|
| 286 | + /** |
|
| 287 | + * Get initial-any-policy-inhibit. |
|
| 288 | + * |
|
| 289 | + * @return bool |
|
| 290 | + */ |
|
| 291 | + public function anyPolicyInhibit(): bool |
|
| 292 | + { |
|
| 293 | + return $this->_anyPolicyInhibit; |
|
| 294 | + } |
|
| 295 | 295 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\PathValidation; |
| 6 | 6 | |
@@ -17,599 +17,599 @@ |
||
| 17 | 17 | */ |
| 18 | 18 | class PathValidator |
| 19 | 19 | { |
| 20 | - /** |
|
| 21 | - * Crypto engine. |
|
| 22 | - * |
|
| 23 | - * @var Crypto |
|
| 24 | - */ |
|
| 25 | - protected $_crypto; |
|
| 20 | + /** |
|
| 21 | + * Crypto engine. |
|
| 22 | + * |
|
| 23 | + * @var Crypto |
|
| 24 | + */ |
|
| 25 | + protected $_crypto; |
|
| 26 | 26 | |
| 27 | - /** |
|
| 28 | - * Path validation configuration. |
|
| 29 | - * |
|
| 30 | - * @var PathValidationConfig |
|
| 31 | - */ |
|
| 32 | - protected $_config; |
|
| 27 | + /** |
|
| 28 | + * Path validation configuration. |
|
| 29 | + * |
|
| 30 | + * @var PathValidationConfig |
|
| 31 | + */ |
|
| 32 | + protected $_config; |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * Certification path. |
|
| 36 | - * |
|
| 37 | - * @var Certificate[] |
|
| 38 | - */ |
|
| 39 | - protected $_certificates; |
|
| 34 | + /** |
|
| 35 | + * Certification path. |
|
| 36 | + * |
|
| 37 | + * @var Certificate[] |
|
| 38 | + */ |
|
| 39 | + protected $_certificates; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * Certification path trust anchor. |
|
| 43 | - * |
|
| 44 | - * @var Certificate |
|
| 45 | - */ |
|
| 46 | - protected $_trustAnchor; |
|
| 41 | + /** |
|
| 42 | + * Certification path trust anchor. |
|
| 43 | + * |
|
| 44 | + * @var Certificate |
|
| 45 | + */ |
|
| 46 | + protected $_trustAnchor; |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * Constructor. |
|
| 50 | - * |
|
| 51 | - * @param Crypto $crypto Crypto engine |
|
| 52 | - * @param PathValidationConfig $config Validation config |
|
| 53 | - * @param Certificate ...$certificates Certificates from the trust anchor to |
|
| 54 | - * the end-entity certificate |
|
| 55 | - */ |
|
| 56 | - public function __construct(Crypto $crypto, PathValidationConfig $config, |
|
| 57 | - Certificate ...$certificates) |
|
| 58 | - { |
|
| 59 | - if (!count($certificates)) { |
|
| 60 | - throw new \LogicException('No certificates.'); |
|
| 61 | - } |
|
| 62 | - $this->_crypto = $crypto; |
|
| 63 | - $this->_config = $config; |
|
| 64 | - $this->_certificates = $certificates; |
|
| 65 | - // if trust anchor is explicitly given in configuration |
|
| 66 | - if ($config->hasTrustAnchor()) { |
|
| 67 | - $this->_trustAnchor = $config->trustAnchor(); |
|
| 68 | - } else { |
|
| 69 | - $this->_trustAnchor = $certificates[0]; |
|
| 70 | - } |
|
| 71 | - } |
|
| 48 | + /** |
|
| 49 | + * Constructor. |
|
| 50 | + * |
|
| 51 | + * @param Crypto $crypto Crypto engine |
|
| 52 | + * @param PathValidationConfig $config Validation config |
|
| 53 | + * @param Certificate ...$certificates Certificates from the trust anchor to |
|
| 54 | + * the end-entity certificate |
|
| 55 | + */ |
|
| 56 | + public function __construct(Crypto $crypto, PathValidationConfig $config, |
|
| 57 | + Certificate ...$certificates) |
|
| 58 | + { |
|
| 59 | + if (!count($certificates)) { |
|
| 60 | + throw new \LogicException('No certificates.'); |
|
| 61 | + } |
|
| 62 | + $this->_crypto = $crypto; |
|
| 63 | + $this->_config = $config; |
|
| 64 | + $this->_certificates = $certificates; |
|
| 65 | + // if trust anchor is explicitly given in configuration |
|
| 66 | + if ($config->hasTrustAnchor()) { |
|
| 67 | + $this->_trustAnchor = $config->trustAnchor(); |
|
| 68 | + } else { |
|
| 69 | + $this->_trustAnchor = $certificates[0]; |
|
| 70 | + } |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * Validate certification path. |
|
| 75 | - * |
|
| 76 | - * @throws PathValidationException |
|
| 77 | - * |
|
| 78 | - * @return PathValidationResult |
|
| 79 | - */ |
|
| 80 | - public function validate(): PathValidationResult |
|
| 81 | - { |
|
| 82 | - $n = count($this->_certificates); |
|
| 83 | - $state = ValidatorState::initialize( |
|
| 84 | - $this->_config, $this->_trustAnchor, $n); |
|
| 85 | - for ($i = 0; $i < $n; ++$i) { |
|
| 86 | - $state = $state->withIndex($i + 1); |
|
| 87 | - $cert = $this->_certificates[$i]; |
|
| 88 | - // process certificate (section 6.1.3.) |
|
| 89 | - $state = $this->_processCertificate($state, $cert); |
|
| 90 | - if (!$state->isFinal()) { |
|
| 91 | - // prepare next certificate (section 6.1.4.) |
|
| 92 | - $state = $this->_prepareNext($state, $cert); |
|
| 93 | - } |
|
| 94 | - } |
|
| 95 | - if (!isset($cert)) { |
|
| 96 | - throw new \LogicException('No certificates.'); |
|
| 97 | - } |
|
| 98 | - // wrap-up (section 6.1.5.) |
|
| 99 | - $state = $this->_wrapUp($state, $cert); |
|
| 100 | - // return outputs |
|
| 101 | - return $state->getResult($this->_certificates); |
|
| 102 | - } |
|
| 73 | + /** |
|
| 74 | + * Validate certification path. |
|
| 75 | + * |
|
| 76 | + * @throws PathValidationException |
|
| 77 | + * |
|
| 78 | + * @return PathValidationResult |
|
| 79 | + */ |
|
| 80 | + public function validate(): PathValidationResult |
|
| 81 | + { |
|
| 82 | + $n = count($this->_certificates); |
|
| 83 | + $state = ValidatorState::initialize( |
|
| 84 | + $this->_config, $this->_trustAnchor, $n); |
|
| 85 | + for ($i = 0; $i < $n; ++$i) { |
|
| 86 | + $state = $state->withIndex($i + 1); |
|
| 87 | + $cert = $this->_certificates[$i]; |
|
| 88 | + // process certificate (section 6.1.3.) |
|
| 89 | + $state = $this->_processCertificate($state, $cert); |
|
| 90 | + if (!$state->isFinal()) { |
|
| 91 | + // prepare next certificate (section 6.1.4.) |
|
| 92 | + $state = $this->_prepareNext($state, $cert); |
|
| 93 | + } |
|
| 94 | + } |
|
| 95 | + if (!isset($cert)) { |
|
| 96 | + throw new \LogicException('No certificates.'); |
|
| 97 | + } |
|
| 98 | + // wrap-up (section 6.1.5.) |
|
| 99 | + $state = $this->_wrapUp($state, $cert); |
|
| 100 | + // return outputs |
|
| 101 | + return $state->getResult($this->_certificates); |
|
| 102 | + } |
|
| 103 | 103 | |
| 104 | - /** |
|
| 105 | - * Apply basic certificate processing according to RFC 5280 section 6.1.3. |
|
| 106 | - * |
|
| 107 | - * @see https://tools.ietf.org/html/rfc5280#section-6.1.3 |
|
| 108 | - * |
|
| 109 | - * @param ValidatorState $state |
|
| 110 | - * @param Certificate $cert |
|
| 111 | - * |
|
| 112 | - * @throws PathValidationException |
|
| 113 | - * |
|
| 114 | - * @return ValidatorState |
|
| 115 | - */ |
|
| 116 | - private function _processCertificate(ValidatorState $state, |
|
| 117 | - Certificate $cert): ValidatorState |
|
| 118 | - { |
|
| 119 | - // (a.1) verify signature |
|
| 120 | - $this->_verifySignature($state, $cert); |
|
| 121 | - // (a.2) check validity period |
|
| 122 | - $this->_checkValidity($cert); |
|
| 123 | - // (a.3) check that certificate is not revoked |
|
| 124 | - $this->_checkRevocation($cert); |
|
| 125 | - // (a.4) check issuer |
|
| 126 | - $this->_checkIssuer($state, $cert); |
|
| 127 | - // (b)(c) if certificate is self-issued and it is not |
|
| 128 | - // the final certificate in the path, skip this step |
|
| 129 | - if (!($cert->isSelfIssued() && !$state->isFinal())) { |
|
| 130 | - // (b) check permitted subtrees |
|
| 131 | - $this->_checkPermittedSubtrees($state, $cert); |
|
| 132 | - // (c) check excluded subtrees |
|
| 133 | - $this->_checkExcludedSubtrees($state, $cert); |
|
| 134 | - } |
|
| 135 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 136 | - if ($extensions->hasCertificatePolicies()) { |
|
| 137 | - // (d) process policy information |
|
| 138 | - if ($state->hasValidPolicyTree()) { |
|
| 139 | - $state = $state->validPolicyTree()->processPolicies($state, $cert); |
|
| 140 | - } |
|
| 141 | - } else { |
|
| 142 | - // (e) certificate policies extension not present, |
|
| 143 | - // set the valid_policy_tree to NULL |
|
| 144 | - $state = $state->withoutValidPolicyTree(); |
|
| 145 | - } |
|
| 146 | - // (f) check that explicit_policy > 0 or valid_policy_tree is set |
|
| 147 | - if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) { |
|
| 148 | - throw new PathValidationException('No valid policies.'); |
|
| 149 | - } |
|
| 150 | - return $state; |
|
| 151 | - } |
|
| 104 | + /** |
|
| 105 | + * Apply basic certificate processing according to RFC 5280 section 6.1.3. |
|
| 106 | + * |
|
| 107 | + * @see https://tools.ietf.org/html/rfc5280#section-6.1.3 |
|
| 108 | + * |
|
| 109 | + * @param ValidatorState $state |
|
| 110 | + * @param Certificate $cert |
|
| 111 | + * |
|
| 112 | + * @throws PathValidationException |
|
| 113 | + * |
|
| 114 | + * @return ValidatorState |
|
| 115 | + */ |
|
| 116 | + private function _processCertificate(ValidatorState $state, |
|
| 117 | + Certificate $cert): ValidatorState |
|
| 118 | + { |
|
| 119 | + // (a.1) verify signature |
|
| 120 | + $this->_verifySignature($state, $cert); |
|
| 121 | + // (a.2) check validity period |
|
| 122 | + $this->_checkValidity($cert); |
|
| 123 | + // (a.3) check that certificate is not revoked |
|
| 124 | + $this->_checkRevocation($cert); |
|
| 125 | + // (a.4) check issuer |
|
| 126 | + $this->_checkIssuer($state, $cert); |
|
| 127 | + // (b)(c) if certificate is self-issued and it is not |
|
| 128 | + // the final certificate in the path, skip this step |
|
| 129 | + if (!($cert->isSelfIssued() && !$state->isFinal())) { |
|
| 130 | + // (b) check permitted subtrees |
|
| 131 | + $this->_checkPermittedSubtrees($state, $cert); |
|
| 132 | + // (c) check excluded subtrees |
|
| 133 | + $this->_checkExcludedSubtrees($state, $cert); |
|
| 134 | + } |
|
| 135 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 136 | + if ($extensions->hasCertificatePolicies()) { |
|
| 137 | + // (d) process policy information |
|
| 138 | + if ($state->hasValidPolicyTree()) { |
|
| 139 | + $state = $state->validPolicyTree()->processPolicies($state, $cert); |
|
| 140 | + } |
|
| 141 | + } else { |
|
| 142 | + // (e) certificate policies extension not present, |
|
| 143 | + // set the valid_policy_tree to NULL |
|
| 144 | + $state = $state->withoutValidPolicyTree(); |
|
| 145 | + } |
|
| 146 | + // (f) check that explicit_policy > 0 or valid_policy_tree is set |
|
| 147 | + if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) { |
|
| 148 | + throw new PathValidationException('No valid policies.'); |
|
| 149 | + } |
|
| 150 | + return $state; |
|
| 151 | + } |
|
| 152 | 152 | |
| 153 | - /** |
|
| 154 | - * Apply preparation for the certificate i+1 according to rfc5280 section |
|
| 155 | - * 6.1.4. |
|
| 156 | - * |
|
| 157 | - * @see https://tools.ietf.org/html/rfc5280#section-6.1.4 |
|
| 158 | - * |
|
| 159 | - * @param ValidatorState $state |
|
| 160 | - * @param Certificate $cert |
|
| 161 | - * |
|
| 162 | - * @return ValidatorState |
|
| 163 | - */ |
|
| 164 | - private function _prepareNext(ValidatorState $state, |
|
| 165 | - Certificate $cert): ValidatorState |
|
| 166 | - { |
|
| 167 | - // (a)(b) if policy mappings extension is present |
|
| 168 | - $state = $this->_preparePolicyMappings($state, $cert); |
|
| 169 | - // (c) assign working_issuer_name |
|
| 170 | - $state = $state->withWorkingIssuerName( |
|
| 171 | - $cert->tbsCertificate()->subject()); |
|
| 172 | - // (d)(e)(f) |
|
| 173 | - $state = $this->_setPublicKeyState($state, $cert); |
|
| 174 | - // (g) if name constraints extension is present |
|
| 175 | - $state = $this->_prepareNameConstraints($state, $cert); |
|
| 176 | - // (h) if certificate is not self-issued |
|
| 177 | - if (!$cert->isSelfIssued()) { |
|
| 178 | - $state = $this->_prepareNonSelfIssued($state); |
|
| 179 | - } |
|
| 180 | - // (i) if policy constraints extension is present |
|
| 181 | - $state = $this->_preparePolicyConstraints($state, $cert); |
|
| 182 | - // (j) if inhibit any policy extension is present |
|
| 183 | - $state = $this->_prepareInhibitAnyPolicy($state, $cert); |
|
| 184 | - // (k) check basic constraints |
|
| 185 | - $this->_processBasicContraints($cert); |
|
| 186 | - // (l) verify max_path_length |
|
| 187 | - $state = $this->_verifyMaxPathLength($state, $cert); |
|
| 188 | - // (m) check pathLenContraint |
|
| 189 | - $state = $this->_processPathLengthContraint($state, $cert); |
|
| 190 | - // (n) check key usage |
|
| 191 | - $this->_checkKeyUsage($cert); |
|
| 192 | - // (o) process relevant extensions |
|
| 193 | - return $this->_processExtensions($state, $cert); |
|
| 194 | - } |
|
| 153 | + /** |
|
| 154 | + * Apply preparation for the certificate i+1 according to rfc5280 section |
|
| 155 | + * 6.1.4. |
|
| 156 | + * |
|
| 157 | + * @see https://tools.ietf.org/html/rfc5280#section-6.1.4 |
|
| 158 | + * |
|
| 159 | + * @param ValidatorState $state |
|
| 160 | + * @param Certificate $cert |
|
| 161 | + * |
|
| 162 | + * @return ValidatorState |
|
| 163 | + */ |
|
| 164 | + private function _prepareNext(ValidatorState $state, |
|
| 165 | + Certificate $cert): ValidatorState |
|
| 166 | + { |
|
| 167 | + // (a)(b) if policy mappings extension is present |
|
| 168 | + $state = $this->_preparePolicyMappings($state, $cert); |
|
| 169 | + // (c) assign working_issuer_name |
|
| 170 | + $state = $state->withWorkingIssuerName( |
|
| 171 | + $cert->tbsCertificate()->subject()); |
|
| 172 | + // (d)(e)(f) |
|
| 173 | + $state = $this->_setPublicKeyState($state, $cert); |
|
| 174 | + // (g) if name constraints extension is present |
|
| 175 | + $state = $this->_prepareNameConstraints($state, $cert); |
|
| 176 | + // (h) if certificate is not self-issued |
|
| 177 | + if (!$cert->isSelfIssued()) { |
|
| 178 | + $state = $this->_prepareNonSelfIssued($state); |
|
| 179 | + } |
|
| 180 | + // (i) if policy constraints extension is present |
|
| 181 | + $state = $this->_preparePolicyConstraints($state, $cert); |
|
| 182 | + // (j) if inhibit any policy extension is present |
|
| 183 | + $state = $this->_prepareInhibitAnyPolicy($state, $cert); |
|
| 184 | + // (k) check basic constraints |
|
| 185 | + $this->_processBasicContraints($cert); |
|
| 186 | + // (l) verify max_path_length |
|
| 187 | + $state = $this->_verifyMaxPathLength($state, $cert); |
|
| 188 | + // (m) check pathLenContraint |
|
| 189 | + $state = $this->_processPathLengthContraint($state, $cert); |
|
| 190 | + // (n) check key usage |
|
| 191 | + $this->_checkKeyUsage($cert); |
|
| 192 | + // (o) process relevant extensions |
|
| 193 | + return $this->_processExtensions($state, $cert); |
|
| 194 | + } |
|
| 195 | 195 | |
| 196 | - /** |
|
| 197 | - * Apply wrap-up procedure according to RFC 5280 section 6.1.5. |
|
| 198 | - * |
|
| 199 | - * @see https://tools.ietf.org/html/rfc5280#section-6.1.5 |
|
| 200 | - * |
|
| 201 | - * @param ValidatorState $state |
|
| 202 | - * @param Certificate $cert |
|
| 203 | - * |
|
| 204 | - * @throws PathValidationException |
|
| 205 | - * |
|
| 206 | - * @return ValidatorState |
|
| 207 | - */ |
|
| 208 | - private function _wrapUp(ValidatorState $state, |
|
| 209 | - Certificate $cert): ValidatorState |
|
| 210 | - { |
|
| 211 | - $tbs_cert = $cert->tbsCertificate(); |
|
| 212 | - $extensions = $tbs_cert->extensions(); |
|
| 213 | - // (a) |
|
| 214 | - if ($state->explicitPolicy() > 0) { |
|
| 215 | - $state = $state->withExplicitPolicy($state->explicitPolicy() - 1); |
|
| 216 | - } |
|
| 217 | - // (b) |
|
| 218 | - if ($extensions->hasPolicyConstraints()) { |
|
| 219 | - $ext = $extensions->policyConstraints(); |
|
| 220 | - if ($ext->hasRequireExplicitPolicy() && |
|
| 221 | - 0 === $ext->requireExplicitPolicy()) { |
|
| 222 | - $state = $state->withExplicitPolicy(0); |
|
| 223 | - } |
|
| 224 | - } |
|
| 225 | - // (c)(d)(e) |
|
| 226 | - $state = $this->_setPublicKeyState($state, $cert); |
|
| 227 | - // (f) process relevant extensions |
|
| 228 | - $state = $this->_processExtensions($state, $cert); |
|
| 229 | - // (g) intersection of valid_policy_tree and the initial-policy-set |
|
| 230 | - $state = $this->_calculatePolicyIntersection($state); |
|
| 231 | - // check that explicit_policy > 0 or valid_policy_tree is set |
|
| 232 | - if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) { |
|
| 233 | - throw new PathValidationException('No valid policies.'); |
|
| 234 | - } |
|
| 235 | - // path validation succeeded |
|
| 236 | - return $state; |
|
| 237 | - } |
|
| 196 | + /** |
|
| 197 | + * Apply wrap-up procedure according to RFC 5280 section 6.1.5. |
|
| 198 | + * |
|
| 199 | + * @see https://tools.ietf.org/html/rfc5280#section-6.1.5 |
|
| 200 | + * |
|
| 201 | + * @param ValidatorState $state |
|
| 202 | + * @param Certificate $cert |
|
| 203 | + * |
|
| 204 | + * @throws PathValidationException |
|
| 205 | + * |
|
| 206 | + * @return ValidatorState |
|
| 207 | + */ |
|
| 208 | + private function _wrapUp(ValidatorState $state, |
|
| 209 | + Certificate $cert): ValidatorState |
|
| 210 | + { |
|
| 211 | + $tbs_cert = $cert->tbsCertificate(); |
|
| 212 | + $extensions = $tbs_cert->extensions(); |
|
| 213 | + // (a) |
|
| 214 | + if ($state->explicitPolicy() > 0) { |
|
| 215 | + $state = $state->withExplicitPolicy($state->explicitPolicy() - 1); |
|
| 216 | + } |
|
| 217 | + // (b) |
|
| 218 | + if ($extensions->hasPolicyConstraints()) { |
|
| 219 | + $ext = $extensions->policyConstraints(); |
|
| 220 | + if ($ext->hasRequireExplicitPolicy() && |
|
| 221 | + 0 === $ext->requireExplicitPolicy()) { |
|
| 222 | + $state = $state->withExplicitPolicy(0); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | + // (c)(d)(e) |
|
| 226 | + $state = $this->_setPublicKeyState($state, $cert); |
|
| 227 | + // (f) process relevant extensions |
|
| 228 | + $state = $this->_processExtensions($state, $cert); |
|
| 229 | + // (g) intersection of valid_policy_tree and the initial-policy-set |
|
| 230 | + $state = $this->_calculatePolicyIntersection($state); |
|
| 231 | + // check that explicit_policy > 0 or valid_policy_tree is set |
|
| 232 | + if (!($state->explicitPolicy() > 0 || $state->hasValidPolicyTree())) { |
|
| 233 | + throw new PathValidationException('No valid policies.'); |
|
| 234 | + } |
|
| 235 | + // path validation succeeded |
|
| 236 | + return $state; |
|
| 237 | + } |
|
| 238 | 238 | |
| 239 | - /** |
|
| 240 | - * Update working_public_key, working_public_key_parameters and |
|
| 241 | - * working_public_key_algorithm state variables from certificate. |
|
| 242 | - * |
|
| 243 | - * @param ValidatorState $state |
|
| 244 | - * @param Certificate $cert |
|
| 245 | - * |
|
| 246 | - * @return ValidatorState |
|
| 247 | - */ |
|
| 248 | - private function _setPublicKeyState(ValidatorState $state, |
|
| 249 | - Certificate $cert): ValidatorState |
|
| 250 | - { |
|
| 251 | - $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo(); |
|
| 252 | - // assign working_public_key |
|
| 253 | - $state = $state->withWorkingPublicKey($pk_info); |
|
| 254 | - // assign working_public_key_parameters |
|
| 255 | - $params = ValidatorState::getAlgorithmParameters( |
|
| 256 | - $pk_info->algorithmIdentifier()); |
|
| 257 | - if (null !== $params) { |
|
| 258 | - $state = $state->withWorkingPublicKeyParameters($params); |
|
| 259 | - } else { |
|
| 260 | - // if algorithms differ, set parameters to null |
|
| 261 | - if ($pk_info->algorithmIdentifier()->oid() !== |
|
| 262 | - $state->workingPublicKeyAlgorithm()->oid()) { |
|
| 263 | - $state = $state->withWorkingPublicKeyParameters(null); |
|
| 264 | - } |
|
| 265 | - } |
|
| 266 | - // assign working_public_key_algorithm |
|
| 267 | - return $state->withWorkingPublicKeyAlgorithm( |
|
| 268 | - $pk_info->algorithmIdentifier()); |
|
| 269 | - } |
|
| 239 | + /** |
|
| 240 | + * Update working_public_key, working_public_key_parameters and |
|
| 241 | + * working_public_key_algorithm state variables from certificate. |
|
| 242 | + * |
|
| 243 | + * @param ValidatorState $state |
|
| 244 | + * @param Certificate $cert |
|
| 245 | + * |
|
| 246 | + * @return ValidatorState |
|
| 247 | + */ |
|
| 248 | + private function _setPublicKeyState(ValidatorState $state, |
|
| 249 | + Certificate $cert): ValidatorState |
|
| 250 | + { |
|
| 251 | + $pk_info = $cert->tbsCertificate()->subjectPublicKeyInfo(); |
|
| 252 | + // assign working_public_key |
|
| 253 | + $state = $state->withWorkingPublicKey($pk_info); |
|
| 254 | + // assign working_public_key_parameters |
|
| 255 | + $params = ValidatorState::getAlgorithmParameters( |
|
| 256 | + $pk_info->algorithmIdentifier()); |
|
| 257 | + if (null !== $params) { |
|
| 258 | + $state = $state->withWorkingPublicKeyParameters($params); |
|
| 259 | + } else { |
|
| 260 | + // if algorithms differ, set parameters to null |
|
| 261 | + if ($pk_info->algorithmIdentifier()->oid() !== |
|
| 262 | + $state->workingPublicKeyAlgorithm()->oid()) { |
|
| 263 | + $state = $state->withWorkingPublicKeyParameters(null); |
|
| 264 | + } |
|
| 265 | + } |
|
| 266 | + // assign working_public_key_algorithm |
|
| 267 | + return $state->withWorkingPublicKeyAlgorithm( |
|
| 268 | + $pk_info->algorithmIdentifier()); |
|
| 269 | + } |
|
| 270 | 270 | |
| 271 | - /** |
|
| 272 | - * Verify certificate signature. |
|
| 273 | - * |
|
| 274 | - * @param ValidatorState $state |
|
| 275 | - * @param Certificate $cert |
|
| 276 | - * |
|
| 277 | - * @throws PathValidationException |
|
| 278 | - */ |
|
| 279 | - private function _verifySignature(ValidatorState $state, |
|
| 280 | - Certificate $cert): void |
|
| 281 | - { |
|
| 282 | - try { |
|
| 283 | - $valid = $cert->verify($state->workingPublicKey(), $this->_crypto); |
|
| 284 | - } catch (\RuntimeException $e) { |
|
| 285 | - throw new PathValidationException( |
|
| 286 | - 'Failed to verify signature: ' . $e->getMessage(), 0, $e); |
|
| 287 | - } |
|
| 288 | - if (!$valid) { |
|
| 289 | - throw new PathValidationException( |
|
| 290 | - "Certificate signature doesn't match."); |
|
| 291 | - } |
|
| 292 | - } |
|
| 271 | + /** |
|
| 272 | + * Verify certificate signature. |
|
| 273 | + * |
|
| 274 | + * @param ValidatorState $state |
|
| 275 | + * @param Certificate $cert |
|
| 276 | + * |
|
| 277 | + * @throws PathValidationException |
|
| 278 | + */ |
|
| 279 | + private function _verifySignature(ValidatorState $state, |
|
| 280 | + Certificate $cert): void |
|
| 281 | + { |
|
| 282 | + try { |
|
| 283 | + $valid = $cert->verify($state->workingPublicKey(), $this->_crypto); |
|
| 284 | + } catch (\RuntimeException $e) { |
|
| 285 | + throw new PathValidationException( |
|
| 286 | + 'Failed to verify signature: ' . $e->getMessage(), 0, $e); |
|
| 287 | + } |
|
| 288 | + if (!$valid) { |
|
| 289 | + throw new PathValidationException( |
|
| 290 | + "Certificate signature doesn't match."); |
|
| 291 | + } |
|
| 292 | + } |
|
| 293 | 293 | |
| 294 | - /** |
|
| 295 | - * Check certificate validity. |
|
| 296 | - * |
|
| 297 | - * @param Certificate $cert |
|
| 298 | - * |
|
| 299 | - * @throws PathValidationException |
|
| 300 | - */ |
|
| 301 | - private function _checkValidity(Certificate $cert): void |
|
| 302 | - { |
|
| 303 | - $refdt = $this->_config->dateTime(); |
|
| 304 | - $validity = $cert->tbsCertificate()->validity(); |
|
| 305 | - if ($validity->notBefore()->dateTime()->diff($refdt)->invert) { |
|
| 306 | - throw new PathValidationException( |
|
| 307 | - 'Certificate validity period has not started.'); |
|
| 308 | - } |
|
| 309 | - if ($refdt->diff($validity->notAfter()->dateTime())->invert) { |
|
| 310 | - throw new PathValidationException('Certificate has expired.'); |
|
| 311 | - } |
|
| 312 | - } |
|
| 294 | + /** |
|
| 295 | + * Check certificate validity. |
|
| 296 | + * |
|
| 297 | + * @param Certificate $cert |
|
| 298 | + * |
|
| 299 | + * @throws PathValidationException |
|
| 300 | + */ |
|
| 301 | + private function _checkValidity(Certificate $cert): void |
|
| 302 | + { |
|
| 303 | + $refdt = $this->_config->dateTime(); |
|
| 304 | + $validity = $cert->tbsCertificate()->validity(); |
|
| 305 | + if ($validity->notBefore()->dateTime()->diff($refdt)->invert) { |
|
| 306 | + throw new PathValidationException( |
|
| 307 | + 'Certificate validity period has not started.'); |
|
| 308 | + } |
|
| 309 | + if ($refdt->diff($validity->notAfter()->dateTime())->invert) { |
|
| 310 | + throw new PathValidationException('Certificate has expired.'); |
|
| 311 | + } |
|
| 312 | + } |
|
| 313 | 313 | |
| 314 | - /** |
|
| 315 | - * Check certificate revocation. |
|
| 316 | - * |
|
| 317 | - * @param Certificate $cert |
|
| 318 | - */ |
|
| 319 | - private function _checkRevocation(Certificate $cert) |
|
| 320 | - { |
|
| 321 | - // @todo Implement CRL handling |
|
| 322 | - } |
|
| 314 | + /** |
|
| 315 | + * Check certificate revocation. |
|
| 316 | + * |
|
| 317 | + * @param Certificate $cert |
|
| 318 | + */ |
|
| 319 | + private function _checkRevocation(Certificate $cert) |
|
| 320 | + { |
|
| 321 | + // @todo Implement CRL handling |
|
| 322 | + } |
|
| 323 | 323 | |
| 324 | - /** |
|
| 325 | - * Check certificate issuer. |
|
| 326 | - * |
|
| 327 | - * @param ValidatorState $state |
|
| 328 | - * @param Certificate $cert |
|
| 329 | - * |
|
| 330 | - * @throws PathValidationException |
|
| 331 | - */ |
|
| 332 | - private function _checkIssuer(ValidatorState $state, Certificate $cert): void |
|
| 333 | - { |
|
| 334 | - if (!$cert->tbsCertificate()->issuer()->equals($state->workingIssuerName())) { |
|
| 335 | - throw new PathValidationException('Certification issuer mismatch.'); |
|
| 336 | - } |
|
| 337 | - } |
|
| 324 | + /** |
|
| 325 | + * Check certificate issuer. |
|
| 326 | + * |
|
| 327 | + * @param ValidatorState $state |
|
| 328 | + * @param Certificate $cert |
|
| 329 | + * |
|
| 330 | + * @throws PathValidationException |
|
| 331 | + */ |
|
| 332 | + private function _checkIssuer(ValidatorState $state, Certificate $cert): void |
|
| 333 | + { |
|
| 334 | + if (!$cert->tbsCertificate()->issuer()->equals($state->workingIssuerName())) { |
|
| 335 | + throw new PathValidationException('Certification issuer mismatch.'); |
|
| 336 | + } |
|
| 337 | + } |
|
| 338 | 338 | |
| 339 | - /** |
|
| 340 | - * @param ValidatorState $state |
|
| 341 | - * @param Certificate $cert |
|
| 342 | - */ |
|
| 343 | - private function _checkPermittedSubtrees(ValidatorState $state, Certificate $cert) |
|
| 344 | - { |
|
| 345 | - // @todo Implement |
|
| 346 | - $state->permittedSubtrees(); |
|
| 347 | - } |
|
| 339 | + /** |
|
| 340 | + * @param ValidatorState $state |
|
| 341 | + * @param Certificate $cert |
|
| 342 | + */ |
|
| 343 | + private function _checkPermittedSubtrees(ValidatorState $state, Certificate $cert) |
|
| 344 | + { |
|
| 345 | + // @todo Implement |
|
| 346 | + $state->permittedSubtrees(); |
|
| 347 | + } |
|
| 348 | 348 | |
| 349 | - /** |
|
| 350 | - * @param ValidatorState $state |
|
| 351 | - * @param Certificate $cert |
|
| 352 | - */ |
|
| 353 | - private function _checkExcludedSubtrees(ValidatorState $state, Certificate $cert) |
|
| 354 | - { |
|
| 355 | - // @todo Implement |
|
| 356 | - $state->excludedSubtrees(); |
|
| 357 | - } |
|
| 349 | + /** |
|
| 350 | + * @param ValidatorState $state |
|
| 351 | + * @param Certificate $cert |
|
| 352 | + */ |
|
| 353 | + private function _checkExcludedSubtrees(ValidatorState $state, Certificate $cert) |
|
| 354 | + { |
|
| 355 | + // @todo Implement |
|
| 356 | + $state->excludedSubtrees(); |
|
| 357 | + } |
|
| 358 | 358 | |
| 359 | - /** |
|
| 360 | - * Apply policy mappings handling for the preparation step. |
|
| 361 | - * |
|
| 362 | - * @param ValidatorState $state |
|
| 363 | - * @param Certificate $cert |
|
| 364 | - * |
|
| 365 | - * @throws PathValidationException |
|
| 366 | - * |
|
| 367 | - * @return ValidatorState |
|
| 368 | - */ |
|
| 369 | - private function _preparePolicyMappings(ValidatorState $state, |
|
| 370 | - Certificate $cert): ValidatorState |
|
| 371 | - { |
|
| 372 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 373 | - if ($extensions->hasPolicyMappings()) { |
|
| 374 | - // (a) verify that anyPolicy mapping is not used |
|
| 375 | - if ($extensions->policyMappings()->hasAnyPolicyMapping()) { |
|
| 376 | - throw new PathValidationException('anyPolicy mapping found.'); |
|
| 377 | - } |
|
| 378 | - // (b) process policy mappings |
|
| 379 | - if ($state->hasValidPolicyTree()) { |
|
| 380 | - $state = $state->validPolicyTree()->processMappings($state, $cert); |
|
| 381 | - } |
|
| 382 | - } |
|
| 383 | - return $state; |
|
| 384 | - } |
|
| 359 | + /** |
|
| 360 | + * Apply policy mappings handling for the preparation step. |
|
| 361 | + * |
|
| 362 | + * @param ValidatorState $state |
|
| 363 | + * @param Certificate $cert |
|
| 364 | + * |
|
| 365 | + * @throws PathValidationException |
|
| 366 | + * |
|
| 367 | + * @return ValidatorState |
|
| 368 | + */ |
|
| 369 | + private function _preparePolicyMappings(ValidatorState $state, |
|
| 370 | + Certificate $cert): ValidatorState |
|
| 371 | + { |
|
| 372 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 373 | + if ($extensions->hasPolicyMappings()) { |
|
| 374 | + // (a) verify that anyPolicy mapping is not used |
|
| 375 | + if ($extensions->policyMappings()->hasAnyPolicyMapping()) { |
|
| 376 | + throw new PathValidationException('anyPolicy mapping found.'); |
|
| 377 | + } |
|
| 378 | + // (b) process policy mappings |
|
| 379 | + if ($state->hasValidPolicyTree()) { |
|
| 380 | + $state = $state->validPolicyTree()->processMappings($state, $cert); |
|
| 381 | + } |
|
| 382 | + } |
|
| 383 | + return $state; |
|
| 384 | + } |
|
| 385 | 385 | |
| 386 | - /** |
|
| 387 | - * Apply name constraints handling for the preparation step. |
|
| 388 | - * |
|
| 389 | - * @param ValidatorState $state |
|
| 390 | - * @param Certificate $cert |
|
| 391 | - * |
|
| 392 | - * @return ValidatorState |
|
| 393 | - */ |
|
| 394 | - private function _prepareNameConstraints(ValidatorState $state, |
|
| 395 | - Certificate $cert): ValidatorState |
|
| 396 | - { |
|
| 397 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 398 | - if ($extensions->hasNameConstraints()) { |
|
| 399 | - $state = $this->_processNameConstraints($state, $cert); |
|
| 400 | - } |
|
| 401 | - return $state; |
|
| 402 | - } |
|
| 386 | + /** |
|
| 387 | + * Apply name constraints handling for the preparation step. |
|
| 388 | + * |
|
| 389 | + * @param ValidatorState $state |
|
| 390 | + * @param Certificate $cert |
|
| 391 | + * |
|
| 392 | + * @return ValidatorState |
|
| 393 | + */ |
|
| 394 | + private function _prepareNameConstraints(ValidatorState $state, |
|
| 395 | + Certificate $cert): ValidatorState |
|
| 396 | + { |
|
| 397 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 398 | + if ($extensions->hasNameConstraints()) { |
|
| 399 | + $state = $this->_processNameConstraints($state, $cert); |
|
| 400 | + } |
|
| 401 | + return $state; |
|
| 402 | + } |
|
| 403 | 403 | |
| 404 | - /** |
|
| 405 | - * Apply preparation for a non-self-signed certificate. |
|
| 406 | - * |
|
| 407 | - * @param ValidatorState $state |
|
| 408 | - * |
|
| 409 | - * @return ValidatorState |
|
| 410 | - */ |
|
| 411 | - private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState |
|
| 412 | - { |
|
| 413 | - // (h.1) |
|
| 414 | - if ($state->explicitPolicy() > 0) { |
|
| 415 | - $state = $state->withExplicitPolicy($state->explicitPolicy() - 1); |
|
| 416 | - } |
|
| 417 | - // (h.2) |
|
| 418 | - if ($state->policyMapping() > 0) { |
|
| 419 | - $state = $state->withPolicyMapping($state->policyMapping() - 1); |
|
| 420 | - } |
|
| 421 | - // (h.3) |
|
| 422 | - if ($state->inhibitAnyPolicy() > 0) { |
|
| 423 | - $state = $state->withInhibitAnyPolicy($state->inhibitAnyPolicy() - 1); |
|
| 424 | - } |
|
| 425 | - return $state; |
|
| 426 | - } |
|
| 404 | + /** |
|
| 405 | + * Apply preparation for a non-self-signed certificate. |
|
| 406 | + * |
|
| 407 | + * @param ValidatorState $state |
|
| 408 | + * |
|
| 409 | + * @return ValidatorState |
|
| 410 | + */ |
|
| 411 | + private function _prepareNonSelfIssued(ValidatorState $state): ValidatorState |
|
| 412 | + { |
|
| 413 | + // (h.1) |
|
| 414 | + if ($state->explicitPolicy() > 0) { |
|
| 415 | + $state = $state->withExplicitPolicy($state->explicitPolicy() - 1); |
|
| 416 | + } |
|
| 417 | + // (h.2) |
|
| 418 | + if ($state->policyMapping() > 0) { |
|
| 419 | + $state = $state->withPolicyMapping($state->policyMapping() - 1); |
|
| 420 | + } |
|
| 421 | + // (h.3) |
|
| 422 | + if ($state->inhibitAnyPolicy() > 0) { |
|
| 423 | + $state = $state->withInhibitAnyPolicy($state->inhibitAnyPolicy() - 1); |
|
| 424 | + } |
|
| 425 | + return $state; |
|
| 426 | + } |
|
| 427 | 427 | |
| 428 | - /** |
|
| 429 | - * Apply policy constraints handling for the preparation step. |
|
| 430 | - * |
|
| 431 | - * @param ValidatorState $state |
|
| 432 | - * @param Certificate $cert |
|
| 433 | - * |
|
| 434 | - * @return ValidatorState |
|
| 435 | - */ |
|
| 436 | - private function _preparePolicyConstraints(ValidatorState $state, |
|
| 437 | - Certificate $cert): ValidatorState |
|
| 438 | - { |
|
| 439 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 440 | - if (!$extensions->hasPolicyConstraints()) { |
|
| 441 | - return $state; |
|
| 442 | - } |
|
| 443 | - $ext = $extensions->policyConstraints(); |
|
| 444 | - // (i.1) |
|
| 445 | - if ($ext->hasRequireExplicitPolicy() && |
|
| 446 | - $ext->requireExplicitPolicy() < $state->explicitPolicy()) { |
|
| 447 | - $state = $state->withExplicitPolicy($ext->requireExplicitPolicy()); |
|
| 448 | - } |
|
| 449 | - // (i.2) |
|
| 450 | - if ($ext->hasInhibitPolicyMapping() && |
|
| 451 | - $ext->inhibitPolicyMapping() < $state->policyMapping()) { |
|
| 452 | - $state = $state->withPolicyMapping($ext->inhibitPolicyMapping()); |
|
| 453 | - } |
|
| 454 | - return $state; |
|
| 455 | - } |
|
| 428 | + /** |
|
| 429 | + * Apply policy constraints handling for the preparation step. |
|
| 430 | + * |
|
| 431 | + * @param ValidatorState $state |
|
| 432 | + * @param Certificate $cert |
|
| 433 | + * |
|
| 434 | + * @return ValidatorState |
|
| 435 | + */ |
|
| 436 | + private function _preparePolicyConstraints(ValidatorState $state, |
|
| 437 | + Certificate $cert): ValidatorState |
|
| 438 | + { |
|
| 439 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 440 | + if (!$extensions->hasPolicyConstraints()) { |
|
| 441 | + return $state; |
|
| 442 | + } |
|
| 443 | + $ext = $extensions->policyConstraints(); |
|
| 444 | + // (i.1) |
|
| 445 | + if ($ext->hasRequireExplicitPolicy() && |
|
| 446 | + $ext->requireExplicitPolicy() < $state->explicitPolicy()) { |
|
| 447 | + $state = $state->withExplicitPolicy($ext->requireExplicitPolicy()); |
|
| 448 | + } |
|
| 449 | + // (i.2) |
|
| 450 | + if ($ext->hasInhibitPolicyMapping() && |
|
| 451 | + $ext->inhibitPolicyMapping() < $state->policyMapping()) { |
|
| 452 | + $state = $state->withPolicyMapping($ext->inhibitPolicyMapping()); |
|
| 453 | + } |
|
| 454 | + return $state; |
|
| 455 | + } |
|
| 456 | 456 | |
| 457 | - /** |
|
| 458 | - * Apply inhibit any-policy handling for the preparation step. |
|
| 459 | - * |
|
| 460 | - * @param ValidatorState $state |
|
| 461 | - * @param Certificate $cert |
|
| 462 | - * |
|
| 463 | - * @return ValidatorState |
|
| 464 | - */ |
|
| 465 | - private function _prepareInhibitAnyPolicy(ValidatorState $state, |
|
| 466 | - Certificate $cert): ValidatorState |
|
| 467 | - { |
|
| 468 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 469 | - if ($extensions->hasInhibitAnyPolicy()) { |
|
| 470 | - $ext = $extensions->inhibitAnyPolicy(); |
|
| 471 | - if ($ext->skipCerts() < $state->inhibitAnyPolicy()) { |
|
| 472 | - $state = $state->withInhibitAnyPolicy($ext->skipCerts()); |
|
| 473 | - } |
|
| 474 | - } |
|
| 475 | - return $state; |
|
| 476 | - } |
|
| 457 | + /** |
|
| 458 | + * Apply inhibit any-policy handling for the preparation step. |
|
| 459 | + * |
|
| 460 | + * @param ValidatorState $state |
|
| 461 | + * @param Certificate $cert |
|
| 462 | + * |
|
| 463 | + * @return ValidatorState |
|
| 464 | + */ |
|
| 465 | + private function _prepareInhibitAnyPolicy(ValidatorState $state, |
|
| 466 | + Certificate $cert): ValidatorState |
|
| 467 | + { |
|
| 468 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 469 | + if ($extensions->hasInhibitAnyPolicy()) { |
|
| 470 | + $ext = $extensions->inhibitAnyPolicy(); |
|
| 471 | + if ($ext->skipCerts() < $state->inhibitAnyPolicy()) { |
|
| 472 | + $state = $state->withInhibitAnyPolicy($ext->skipCerts()); |
|
| 473 | + } |
|
| 474 | + } |
|
| 475 | + return $state; |
|
| 476 | + } |
|
| 477 | 477 | |
| 478 | - /** |
|
| 479 | - * Verify maximum certification path length for the preparation step. |
|
| 480 | - * |
|
| 481 | - * @param ValidatorState $state |
|
| 482 | - * @param Certificate $cert |
|
| 483 | - * |
|
| 484 | - * @throws PathValidationException |
|
| 485 | - * |
|
| 486 | - * @return ValidatorState |
|
| 487 | - */ |
|
| 488 | - private function _verifyMaxPathLength(ValidatorState $state, |
|
| 489 | - Certificate $cert): ValidatorState |
|
| 490 | - { |
|
| 491 | - if (!$cert->isSelfIssued()) { |
|
| 492 | - if ($state->maxPathLength() <= 0) { |
|
| 493 | - throw new PathValidationException( |
|
| 494 | - 'Certification path length exceeded.'); |
|
| 495 | - } |
|
| 496 | - $state = $state->withMaxPathLength($state->maxPathLength() - 1); |
|
| 497 | - } |
|
| 498 | - return $state; |
|
| 499 | - } |
|
| 478 | + /** |
|
| 479 | + * Verify maximum certification path length for the preparation step. |
|
| 480 | + * |
|
| 481 | + * @param ValidatorState $state |
|
| 482 | + * @param Certificate $cert |
|
| 483 | + * |
|
| 484 | + * @throws PathValidationException |
|
| 485 | + * |
|
| 486 | + * @return ValidatorState |
|
| 487 | + */ |
|
| 488 | + private function _verifyMaxPathLength(ValidatorState $state, |
|
| 489 | + Certificate $cert): ValidatorState |
|
| 490 | + { |
|
| 491 | + if (!$cert->isSelfIssued()) { |
|
| 492 | + if ($state->maxPathLength() <= 0) { |
|
| 493 | + throw new PathValidationException( |
|
| 494 | + 'Certification path length exceeded.'); |
|
| 495 | + } |
|
| 496 | + $state = $state->withMaxPathLength($state->maxPathLength() - 1); |
|
| 497 | + } |
|
| 498 | + return $state; |
|
| 499 | + } |
|
| 500 | 500 | |
| 501 | - /** |
|
| 502 | - * Check key usage extension for the preparation step. |
|
| 503 | - * |
|
| 504 | - * @param Certificate $cert |
|
| 505 | - * |
|
| 506 | - * @throws PathValidationException |
|
| 507 | - */ |
|
| 508 | - private function _checkKeyUsage(Certificate $cert): void |
|
| 509 | - { |
|
| 510 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 511 | - if ($extensions->hasKeyUsage()) { |
|
| 512 | - $ext = $extensions->keyUsage(); |
|
| 513 | - if (!$ext->isKeyCertSign()) { |
|
| 514 | - throw new PathValidationException('keyCertSign usage not set.'); |
|
| 515 | - } |
|
| 516 | - } |
|
| 517 | - } |
|
| 501 | + /** |
|
| 502 | + * Check key usage extension for the preparation step. |
|
| 503 | + * |
|
| 504 | + * @param Certificate $cert |
|
| 505 | + * |
|
| 506 | + * @throws PathValidationException |
|
| 507 | + */ |
|
| 508 | + private function _checkKeyUsage(Certificate $cert): void |
|
| 509 | + { |
|
| 510 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 511 | + if ($extensions->hasKeyUsage()) { |
|
| 512 | + $ext = $extensions->keyUsage(); |
|
| 513 | + if (!$ext->isKeyCertSign()) { |
|
| 514 | + throw new PathValidationException('keyCertSign usage not set.'); |
|
| 515 | + } |
|
| 516 | + } |
|
| 517 | + } |
|
| 518 | 518 | |
| 519 | - /** |
|
| 520 | - * @param ValidatorState $state |
|
| 521 | - * @param Certificate $cert |
|
| 522 | - * |
|
| 523 | - * @return ValidatorState |
|
| 524 | - */ |
|
| 525 | - private function _processNameConstraints(ValidatorState $state, |
|
| 526 | - Certificate $cert): ValidatorState |
|
| 527 | - { |
|
| 528 | - // @todo Implement |
|
| 529 | - return $state; |
|
| 530 | - } |
|
| 519 | + /** |
|
| 520 | + * @param ValidatorState $state |
|
| 521 | + * @param Certificate $cert |
|
| 522 | + * |
|
| 523 | + * @return ValidatorState |
|
| 524 | + */ |
|
| 525 | + private function _processNameConstraints(ValidatorState $state, |
|
| 526 | + Certificate $cert): ValidatorState |
|
| 527 | + { |
|
| 528 | + // @todo Implement |
|
| 529 | + return $state; |
|
| 530 | + } |
|
| 531 | 531 | |
| 532 | - /** |
|
| 533 | - * Process basic constraints extension. |
|
| 534 | - * |
|
| 535 | - * @param Certificate $cert |
|
| 536 | - * |
|
| 537 | - * @throws PathValidationException |
|
| 538 | - */ |
|
| 539 | - private function _processBasicContraints(Certificate $cert): void |
|
| 540 | - { |
|
| 541 | - if (TBSCertificate::VERSION_3 === $cert->tbsCertificate()->version()) { |
|
| 542 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 543 | - if (!$extensions->hasBasicConstraints()) { |
|
| 544 | - throw new PathValidationException( |
|
| 545 | - 'v3 certificate must have basicConstraints extension.'); |
|
| 546 | - } |
|
| 547 | - // verify that cA is set to TRUE |
|
| 548 | - if (!$extensions->basicConstraints()->isCA()) { |
|
| 549 | - throw new PathValidationException( |
|
| 550 | - 'Certificate is not a CA certificate.'); |
|
| 551 | - } |
|
| 552 | - } |
|
| 553 | - } |
|
| 532 | + /** |
|
| 533 | + * Process basic constraints extension. |
|
| 534 | + * |
|
| 535 | + * @param Certificate $cert |
|
| 536 | + * |
|
| 537 | + * @throws PathValidationException |
|
| 538 | + */ |
|
| 539 | + private function _processBasicContraints(Certificate $cert): void |
|
| 540 | + { |
|
| 541 | + if (TBSCertificate::VERSION_3 === $cert->tbsCertificate()->version()) { |
|
| 542 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 543 | + if (!$extensions->hasBasicConstraints()) { |
|
| 544 | + throw new PathValidationException( |
|
| 545 | + 'v3 certificate must have basicConstraints extension.'); |
|
| 546 | + } |
|
| 547 | + // verify that cA is set to TRUE |
|
| 548 | + if (!$extensions->basicConstraints()->isCA()) { |
|
| 549 | + throw new PathValidationException( |
|
| 550 | + 'Certificate is not a CA certificate.'); |
|
| 551 | + } |
|
| 552 | + } |
|
| 553 | + } |
|
| 554 | 554 | |
| 555 | - /** |
|
| 556 | - * Process pathLenConstraint. |
|
| 557 | - * |
|
| 558 | - * @param ValidatorState $state |
|
| 559 | - * @param Certificate $cert |
|
| 560 | - * |
|
| 561 | - * @return ValidatorState |
|
| 562 | - */ |
|
| 563 | - private function _processPathLengthContraint(ValidatorState $state, |
|
| 564 | - Certificate $cert): ValidatorState |
|
| 565 | - { |
|
| 566 | - $extensions = $cert->tbsCertificate()->extensions(); |
|
| 567 | - if ($extensions->hasBasicConstraints()) { |
|
| 568 | - $ext = $extensions->basicConstraints(); |
|
| 569 | - if ($ext->hasPathLen()) { |
|
| 570 | - if ($ext->pathLen() < $state->maxPathLength()) { |
|
| 571 | - $state = $state->withMaxPathLength($ext->pathLen()); |
|
| 572 | - } |
|
| 573 | - } |
|
| 574 | - } |
|
| 575 | - return $state; |
|
| 576 | - } |
|
| 555 | + /** |
|
| 556 | + * Process pathLenConstraint. |
|
| 557 | + * |
|
| 558 | + * @param ValidatorState $state |
|
| 559 | + * @param Certificate $cert |
|
| 560 | + * |
|
| 561 | + * @return ValidatorState |
|
| 562 | + */ |
|
| 563 | + private function _processPathLengthContraint(ValidatorState $state, |
|
| 564 | + Certificate $cert): ValidatorState |
|
| 565 | + { |
|
| 566 | + $extensions = $cert->tbsCertificate()->extensions(); |
|
| 567 | + if ($extensions->hasBasicConstraints()) { |
|
| 568 | + $ext = $extensions->basicConstraints(); |
|
| 569 | + if ($ext->hasPathLen()) { |
|
| 570 | + if ($ext->pathLen() < $state->maxPathLength()) { |
|
| 571 | + $state = $state->withMaxPathLength($ext->pathLen()); |
|
| 572 | + } |
|
| 573 | + } |
|
| 574 | + } |
|
| 575 | + return $state; |
|
| 576 | + } |
|
| 577 | 577 | |
| 578 | - /** |
|
| 579 | - * @param ValidatorState $state |
|
| 580 | - * @param Certificate $cert |
|
| 581 | - * |
|
| 582 | - * @return ValidatorState |
|
| 583 | - */ |
|
| 584 | - private function _processExtensions(ValidatorState $state, |
|
| 585 | - Certificate $cert): ValidatorState |
|
| 586 | - { |
|
| 587 | - // @todo Implement |
|
| 588 | - return $state; |
|
| 589 | - } |
|
| 578 | + /** |
|
| 579 | + * @param ValidatorState $state |
|
| 580 | + * @param Certificate $cert |
|
| 581 | + * |
|
| 582 | + * @return ValidatorState |
|
| 583 | + */ |
|
| 584 | + private function _processExtensions(ValidatorState $state, |
|
| 585 | + Certificate $cert): ValidatorState |
|
| 586 | + { |
|
| 587 | + // @todo Implement |
|
| 588 | + return $state; |
|
| 589 | + } |
|
| 590 | 590 | |
| 591 | - /** |
|
| 592 | - * @param ValidatorState $state |
|
| 593 | - * |
|
| 594 | - * @return ValidatorState |
|
| 595 | - */ |
|
| 596 | - private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState |
|
| 597 | - { |
|
| 598 | - // (i) If the valid_policy_tree is NULL, the intersection is NULL |
|
| 599 | - if (!$state->hasValidPolicyTree()) { |
|
| 600 | - return $state; |
|
| 601 | - } |
|
| 602 | - // (ii) If the valid_policy_tree is not NULL and |
|
| 603 | - // the user-initial-policy-set is any-policy, the intersection |
|
| 604 | - // is the entire valid_policy_tree |
|
| 605 | - $initial_policies = $this->_config->policySet(); |
|
| 606 | - if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) { |
|
| 607 | - return $state; |
|
| 608 | - } |
|
| 609 | - // (iii) If the valid_policy_tree is not NULL and the |
|
| 610 | - // user-initial-policy-set is not any-policy, calculate |
|
| 611 | - // the intersection of the valid_policy_tree and the |
|
| 612 | - // user-initial-policy-set as follows |
|
| 613 | - return $state->validPolicyTree()->calculateIntersection($state, $initial_policies); |
|
| 614 | - } |
|
| 591 | + /** |
|
| 592 | + * @param ValidatorState $state |
|
| 593 | + * |
|
| 594 | + * @return ValidatorState |
|
| 595 | + */ |
|
| 596 | + private function _calculatePolicyIntersection(ValidatorState $state): ValidatorState |
|
| 597 | + { |
|
| 598 | + // (i) If the valid_policy_tree is NULL, the intersection is NULL |
|
| 599 | + if (!$state->hasValidPolicyTree()) { |
|
| 600 | + return $state; |
|
| 601 | + } |
|
| 602 | + // (ii) If the valid_policy_tree is not NULL and |
|
| 603 | + // the user-initial-policy-set is any-policy, the intersection |
|
| 604 | + // is the entire valid_policy_tree |
|
| 605 | + $initial_policies = $this->_config->policySet(); |
|
| 606 | + if (in_array(PolicyInformation::OID_ANY_POLICY, $initial_policies)) { |
|
| 607 | + return $state; |
|
| 608 | + } |
|
| 609 | + // (iii) If the valid_policy_tree is not NULL and the |
|
| 610 | + // user-initial-policy-set is not any-policy, calculate |
|
| 611 | + // the intersection of the valid_policy_tree and the |
|
| 612 | + // user-initial-policy-set as follows |
|
| 613 | + return $state->validPolicyTree()->calculateIntersection($state, $initial_policies); |
|
| 614 | + } |
|
| 615 | 615 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\PathValidation; |
| 6 | 6 | |
@@ -1,6 +1,6 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\Policy; |
| 6 | 6 | |
@@ -98,7 +98,7 @@ discard block |
||
| 98 | 98 | // is not in the user-initial-policy-set and is not anyPolicy, |
| 99 | 99 | // delete this node and all its children. |
| 100 | 100 | $valid_policy_node_set = array_filter($valid_policy_node_set, |
| 101 | - function (PolicyNode $node) use ($policies) { |
|
| 101 | + function(PolicyNode $node) use ($policies) { |
|
| 102 | 102 | if ($node->isAnyPolicy()) { |
| 103 | 103 | return true; |
| 104 | 104 | } |
@@ -110,7 +110,7 @@ discard block |
||
| 110 | 110 | }); |
| 111 | 111 | // array of valid policy OIDs |
| 112 | 112 | $valid_policy_set = array_map( |
| 113 | - function (PolicyNode $node) { |
|
| 113 | + function(PolicyNode $node) { |
|
| 114 | 114 | return $node->validPolicy(); |
| 115 | 115 | }, $valid_policy_node_set); |
| 116 | 116 | // 3. If the valid_policy_tree includes a node of depth n with |
@@ -385,7 +385,7 @@ discard block |
||
| 385 | 385 | } |
| 386 | 386 | // for each node in a tree |
| 387 | 387 | $this->_root->walkNodes( |
| 388 | - function (PolicyNode $node) use (&$set) { |
|
| 388 | + function(PolicyNode $node) use (&$set) { |
|
| 389 | 389 | $parents = $node->parents(); |
| 390 | 390 | // node has parents |
| 391 | 391 | if (count($parents)) { |
@@ -10,413 +10,413 @@ |
||
| 10 | 10 | |
| 11 | 11 | class PolicyTree |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * Root node at depth zero. |
|
| 15 | - * |
|
| 16 | - * @var null|PolicyNode |
|
| 17 | - */ |
|
| 18 | - protected $_root; |
|
| 13 | + /** |
|
| 14 | + * Root node at depth zero. |
|
| 15 | + * |
|
| 16 | + * @var null|PolicyNode |
|
| 17 | + */ |
|
| 18 | + protected $_root; |
|
| 19 | 19 | |
| 20 | - /** |
|
| 21 | - * Constructor. |
|
| 22 | - * |
|
| 23 | - * @param PolicyNode $root Initial root node |
|
| 24 | - */ |
|
| 25 | - public function __construct(PolicyNode $root) |
|
| 26 | - { |
|
| 27 | - $this->_root = $root; |
|
| 28 | - } |
|
| 20 | + /** |
|
| 21 | + * Constructor. |
|
| 22 | + * |
|
| 23 | + * @param PolicyNode $root Initial root node |
|
| 24 | + */ |
|
| 25 | + public function __construct(PolicyNode $root) |
|
| 26 | + { |
|
| 27 | + $this->_root = $root; |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | - /** |
|
| 31 | - * Process policy information from the certificate. |
|
| 32 | - * |
|
| 33 | - * Certificate policies extension must be present. |
|
| 34 | - * |
|
| 35 | - * @param ValidatorState $state |
|
| 36 | - * @param Certificate $cert |
|
| 37 | - * |
|
| 38 | - * @return ValidatorState |
|
| 39 | - */ |
|
| 40 | - public function processPolicies(ValidatorState $state, |
|
| 41 | - Certificate $cert): ValidatorState |
|
| 42 | - { |
|
| 43 | - $policies = $cert->tbsCertificate()->extensions()->certificatePolicies(); |
|
| 44 | - $tree = clone $this; |
|
| 45 | - // (d.1) for each policy P not equal to anyPolicy |
|
| 46 | - foreach ($policies as $policy) { |
|
| 47 | - if ($policy->isAnyPolicy()) { |
|
| 48 | - $tree->_processAnyPolicy($policy, $cert, $state); |
|
| 49 | - } else { |
|
| 50 | - $tree->_processPolicy($policy, $state); |
|
| 51 | - } |
|
| 52 | - } |
|
| 53 | - // if whole tree is pruned |
|
| 54 | - if (!$tree->_pruneTree($state->index() - 1)) { |
|
| 55 | - return $state->withoutValidPolicyTree(); |
|
| 56 | - } |
|
| 57 | - return $state->withValidPolicyTree($tree); |
|
| 58 | - } |
|
| 30 | + /** |
|
| 31 | + * Process policy information from the certificate. |
|
| 32 | + * |
|
| 33 | + * Certificate policies extension must be present. |
|
| 34 | + * |
|
| 35 | + * @param ValidatorState $state |
|
| 36 | + * @param Certificate $cert |
|
| 37 | + * |
|
| 38 | + * @return ValidatorState |
|
| 39 | + */ |
|
| 40 | + public function processPolicies(ValidatorState $state, |
|
| 41 | + Certificate $cert): ValidatorState |
|
| 42 | + { |
|
| 43 | + $policies = $cert->tbsCertificate()->extensions()->certificatePolicies(); |
|
| 44 | + $tree = clone $this; |
|
| 45 | + // (d.1) for each policy P not equal to anyPolicy |
|
| 46 | + foreach ($policies as $policy) { |
|
| 47 | + if ($policy->isAnyPolicy()) { |
|
| 48 | + $tree->_processAnyPolicy($policy, $cert, $state); |
|
| 49 | + } else { |
|
| 50 | + $tree->_processPolicy($policy, $state); |
|
| 51 | + } |
|
| 52 | + } |
|
| 53 | + // if whole tree is pruned |
|
| 54 | + if (!$tree->_pruneTree($state->index() - 1)) { |
|
| 55 | + return $state->withoutValidPolicyTree(); |
|
| 56 | + } |
|
| 57 | + return $state->withValidPolicyTree($tree); |
|
| 58 | + } |
|
| 59 | 59 | |
| 60 | - /** |
|
| 61 | - * Process policy mappings from the certificate. |
|
| 62 | - * |
|
| 63 | - * @param ValidatorState $state |
|
| 64 | - * @param Certificate $cert |
|
| 65 | - * |
|
| 66 | - * @return ValidatorState |
|
| 67 | - */ |
|
| 68 | - public function processMappings(ValidatorState $state, |
|
| 69 | - Certificate $cert): ValidatorState |
|
| 70 | - { |
|
| 71 | - $tree = clone $this; |
|
| 72 | - if ($state->policyMapping() > 0) { |
|
| 73 | - $tree->_applyMappings($cert, $state); |
|
| 74 | - } elseif (0 === $state->policyMapping()) { |
|
| 75 | - $tree->_deleteMappings($cert, $state); |
|
| 76 | - } |
|
| 77 | - // if whole tree is pruned |
|
| 78 | - if (!$tree->_root) { |
|
| 79 | - return $state->withoutValidPolicyTree(); |
|
| 80 | - } |
|
| 81 | - return $state->withValidPolicyTree($tree); |
|
| 82 | - } |
|
| 60 | + /** |
|
| 61 | + * Process policy mappings from the certificate. |
|
| 62 | + * |
|
| 63 | + * @param ValidatorState $state |
|
| 64 | + * @param Certificate $cert |
|
| 65 | + * |
|
| 66 | + * @return ValidatorState |
|
| 67 | + */ |
|
| 68 | + public function processMappings(ValidatorState $state, |
|
| 69 | + Certificate $cert): ValidatorState |
|
| 70 | + { |
|
| 71 | + $tree = clone $this; |
|
| 72 | + if ($state->policyMapping() > 0) { |
|
| 73 | + $tree->_applyMappings($cert, $state); |
|
| 74 | + } elseif (0 === $state->policyMapping()) { |
|
| 75 | + $tree->_deleteMappings($cert, $state); |
|
| 76 | + } |
|
| 77 | + // if whole tree is pruned |
|
| 78 | + if (!$tree->_root) { |
|
| 79 | + return $state->withoutValidPolicyTree(); |
|
| 80 | + } |
|
| 81 | + return $state->withValidPolicyTree($tree); |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | - /** |
|
| 85 | - * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g. |
|
| 86 | - * |
|
| 87 | - * @param ValidatorState $state |
|
| 88 | - * @param array $policies |
|
| 89 | - * |
|
| 90 | - * @return ValidatorState |
|
| 91 | - */ |
|
| 92 | - public function calculateIntersection(ValidatorState $state, |
|
| 93 | - array $policies): ValidatorState |
|
| 94 | - { |
|
| 95 | - $tree = clone $this; |
|
| 96 | - $valid_policy_node_set = $tree->_validPolicyNodeSet(); |
|
| 97 | - // 2. If the valid_policy of any node in the valid_policy_node_set |
|
| 98 | - // is not in the user-initial-policy-set and is not anyPolicy, |
|
| 99 | - // delete this node and all its children. |
|
| 100 | - $valid_policy_node_set = array_filter($valid_policy_node_set, |
|
| 101 | - function (PolicyNode $node) use ($policies) { |
|
| 102 | - if ($node->isAnyPolicy()) { |
|
| 103 | - return true; |
|
| 104 | - } |
|
| 105 | - if (in_array($node->validPolicy(), $policies)) { |
|
| 106 | - return true; |
|
| 107 | - } |
|
| 108 | - $node->remove(); |
|
| 109 | - return false; |
|
| 110 | - }); |
|
| 111 | - // array of valid policy OIDs |
|
| 112 | - $valid_policy_set = array_map( |
|
| 113 | - function (PolicyNode $node) { |
|
| 114 | - return $node->validPolicy(); |
|
| 115 | - }, $valid_policy_node_set); |
|
| 116 | - // 3. If the valid_policy_tree includes a node of depth n with |
|
| 117 | - // the valid_policy anyPolicy and the user-initial-policy-set |
|
| 118 | - // is not any-policy |
|
| 119 | - foreach ($tree->_nodesAtDepth($state->index()) as $node) { |
|
| 120 | - if ($node->hasParent() && $node->isAnyPolicy()) { |
|
| 121 | - // a. Set P-Q to the qualifier_set in the node of depth n |
|
| 122 | - // with valid_policy anyPolicy. |
|
| 123 | - $pq = $node->qualifiers(); |
|
| 124 | - // b. For each P-OID in the user-initial-policy-set that is not |
|
| 125 | - // the valid_policy of a node in the valid_policy_node_set, |
|
| 126 | - // create a child node whose parent is the node of depth n-1 |
|
| 127 | - // with the valid_policy anyPolicy. |
|
| 128 | - $poids = array_diff($policies, $valid_policy_set); |
|
| 129 | - foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) { |
|
| 130 | - if ($parent->isAnyPolicy()) { |
|
| 131 | - // Set the values in the child node as follows: |
|
| 132 | - // set the valid_policy to P-OID, set the qualifier_set |
|
| 133 | - // to P-Q, and set the expected_policy_set to {P-OID}. |
|
| 134 | - foreach ($poids as $poid) { |
|
| 135 | - $parent->addChild(new PolicyNode($poid, $pq, [$poid])); |
|
| 136 | - } |
|
| 137 | - break; |
|
| 138 | - } |
|
| 139 | - } |
|
| 140 | - // c. Delete the node of depth n with the |
|
| 141 | - // valid_policy anyPolicy. |
|
| 142 | - $node->remove(); |
|
| 143 | - } |
|
| 144 | - } |
|
| 145 | - // 4. If there is a node in the valid_policy_tree of depth n-1 or less |
|
| 146 | - // without any child nodes, delete that node. Repeat this step until |
|
| 147 | - // there are no nodes of depth n-1 or less without children. |
|
| 148 | - if (!$tree->_pruneTree($state->index() - 1)) { |
|
| 149 | - return $state->withoutValidPolicyTree(); |
|
| 150 | - } |
|
| 151 | - return $state->withValidPolicyTree($tree); |
|
| 152 | - } |
|
| 84 | + /** |
|
| 85 | + * Calculate policy intersection as specified in Wrap-Up Procedure 6.1.5.g. |
|
| 86 | + * |
|
| 87 | + * @param ValidatorState $state |
|
| 88 | + * @param array $policies |
|
| 89 | + * |
|
| 90 | + * @return ValidatorState |
|
| 91 | + */ |
|
| 92 | + public function calculateIntersection(ValidatorState $state, |
|
| 93 | + array $policies): ValidatorState |
|
| 94 | + { |
|
| 95 | + $tree = clone $this; |
|
| 96 | + $valid_policy_node_set = $tree->_validPolicyNodeSet(); |
|
| 97 | + // 2. If the valid_policy of any node in the valid_policy_node_set |
|
| 98 | + // is not in the user-initial-policy-set and is not anyPolicy, |
|
| 99 | + // delete this node and all its children. |
|
| 100 | + $valid_policy_node_set = array_filter($valid_policy_node_set, |
|
| 101 | + function (PolicyNode $node) use ($policies) { |
|
| 102 | + if ($node->isAnyPolicy()) { |
|
| 103 | + return true; |
|
| 104 | + } |
|
| 105 | + if (in_array($node->validPolicy(), $policies)) { |
|
| 106 | + return true; |
|
| 107 | + } |
|
| 108 | + $node->remove(); |
|
| 109 | + return false; |
|
| 110 | + }); |
|
| 111 | + // array of valid policy OIDs |
|
| 112 | + $valid_policy_set = array_map( |
|
| 113 | + function (PolicyNode $node) { |
|
| 114 | + return $node->validPolicy(); |
|
| 115 | + }, $valid_policy_node_set); |
|
| 116 | + // 3. If the valid_policy_tree includes a node of depth n with |
|
| 117 | + // the valid_policy anyPolicy and the user-initial-policy-set |
|
| 118 | + // is not any-policy |
|
| 119 | + foreach ($tree->_nodesAtDepth($state->index()) as $node) { |
|
| 120 | + if ($node->hasParent() && $node->isAnyPolicy()) { |
|
| 121 | + // a. Set P-Q to the qualifier_set in the node of depth n |
|
| 122 | + // with valid_policy anyPolicy. |
|
| 123 | + $pq = $node->qualifiers(); |
|
| 124 | + // b. For each P-OID in the user-initial-policy-set that is not |
|
| 125 | + // the valid_policy of a node in the valid_policy_node_set, |
|
| 126 | + // create a child node whose parent is the node of depth n-1 |
|
| 127 | + // with the valid_policy anyPolicy. |
|
| 128 | + $poids = array_diff($policies, $valid_policy_set); |
|
| 129 | + foreach ($tree->_nodesAtDepth($state->index() - 1) as $parent) { |
|
| 130 | + if ($parent->isAnyPolicy()) { |
|
| 131 | + // Set the values in the child node as follows: |
|
| 132 | + // set the valid_policy to P-OID, set the qualifier_set |
|
| 133 | + // to P-Q, and set the expected_policy_set to {P-OID}. |
|
| 134 | + foreach ($poids as $poid) { |
|
| 135 | + $parent->addChild(new PolicyNode($poid, $pq, [$poid])); |
|
| 136 | + } |
|
| 137 | + break; |
|
| 138 | + } |
|
| 139 | + } |
|
| 140 | + // c. Delete the node of depth n with the |
|
| 141 | + // valid_policy anyPolicy. |
|
| 142 | + $node->remove(); |
|
| 143 | + } |
|
| 144 | + } |
|
| 145 | + // 4. If there is a node in the valid_policy_tree of depth n-1 or less |
|
| 146 | + // without any child nodes, delete that node. Repeat this step until |
|
| 147 | + // there are no nodes of depth n-1 or less without children. |
|
| 148 | + if (!$tree->_pruneTree($state->index() - 1)) { |
|
| 149 | + return $state->withoutValidPolicyTree(); |
|
| 150 | + } |
|
| 151 | + return $state->withValidPolicyTree($tree); |
|
| 152 | + } |
|
| 153 | 153 | |
| 154 | - /** |
|
| 155 | - * Get policies at given policy tree depth. |
|
| 156 | - * |
|
| 157 | - * @param int $i Depth in range 1..n |
|
| 158 | - * |
|
| 159 | - * @return PolicyInformation[] |
|
| 160 | - */ |
|
| 161 | - public function policiesAtDepth(int $i): array |
|
| 162 | - { |
|
| 163 | - $policies = []; |
|
| 164 | - foreach ($this->_nodesAtDepth($i) as $node) { |
|
| 165 | - $policies[] = new PolicyInformation( |
|
| 166 | - $node->validPolicy(), ...$node->qualifiers()); |
|
| 167 | - } |
|
| 168 | - return $policies; |
|
| 169 | - } |
|
| 154 | + /** |
|
| 155 | + * Get policies at given policy tree depth. |
|
| 156 | + * |
|
| 157 | + * @param int $i Depth in range 1..n |
|
| 158 | + * |
|
| 159 | + * @return PolicyInformation[] |
|
| 160 | + */ |
|
| 161 | + public function policiesAtDepth(int $i): array |
|
| 162 | + { |
|
| 163 | + $policies = []; |
|
| 164 | + foreach ($this->_nodesAtDepth($i) as $node) { |
|
| 165 | + $policies[] = new PolicyInformation( |
|
| 166 | + $node->validPolicy(), ...$node->qualifiers()); |
|
| 167 | + } |
|
| 168 | + return $policies; |
|
| 169 | + } |
|
| 170 | 170 | |
| 171 | - /** |
|
| 172 | - * Process single policy information. |
|
| 173 | - * |
|
| 174 | - * @param PolicyInformation $policy |
|
| 175 | - * @param ValidatorState $state |
|
| 176 | - */ |
|
| 177 | - protected function _processPolicy(PolicyInformation $policy, |
|
| 178 | - ValidatorState $state): void |
|
| 179 | - { |
|
| 180 | - $p_oid = $policy->oid(); |
|
| 181 | - $i = $state->index(); |
|
| 182 | - $match_count = 0; |
|
| 183 | - // (d.1.i) for each node of depth i-1 in the valid_policy_tree... |
|
| 184 | - foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 185 | - // ...where P-OID is in the expected_policy_set |
|
| 186 | - if ($node->hasExpectedPolicy($p_oid)) { |
|
| 187 | - $node->addChild(new PolicyNode( |
|
| 188 | - $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 189 | - ++$match_count; |
|
| 190 | - } |
|
| 191 | - } |
|
| 192 | - // (d.1.ii) if there was no match in step (i)... |
|
| 193 | - if (!$match_count) { |
|
| 194 | - // ...and the valid_policy_tree includes a node of depth i-1 with |
|
| 195 | - // the valid_policy anyPolicy |
|
| 196 | - foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 197 | - if ($node->isAnyPolicy()) { |
|
| 198 | - $node->addChild(new PolicyNode( |
|
| 199 | - $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 200 | - } |
|
| 201 | - } |
|
| 202 | - } |
|
| 203 | - } |
|
| 171 | + /** |
|
| 172 | + * Process single policy information. |
|
| 173 | + * |
|
| 174 | + * @param PolicyInformation $policy |
|
| 175 | + * @param ValidatorState $state |
|
| 176 | + */ |
|
| 177 | + protected function _processPolicy(PolicyInformation $policy, |
|
| 178 | + ValidatorState $state): void |
|
| 179 | + { |
|
| 180 | + $p_oid = $policy->oid(); |
|
| 181 | + $i = $state->index(); |
|
| 182 | + $match_count = 0; |
|
| 183 | + // (d.1.i) for each node of depth i-1 in the valid_policy_tree... |
|
| 184 | + foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 185 | + // ...where P-OID is in the expected_policy_set |
|
| 186 | + if ($node->hasExpectedPolicy($p_oid)) { |
|
| 187 | + $node->addChild(new PolicyNode( |
|
| 188 | + $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 189 | + ++$match_count; |
|
| 190 | + } |
|
| 191 | + } |
|
| 192 | + // (d.1.ii) if there was no match in step (i)... |
|
| 193 | + if (!$match_count) { |
|
| 194 | + // ...and the valid_policy_tree includes a node of depth i-1 with |
|
| 195 | + // the valid_policy anyPolicy |
|
| 196 | + foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 197 | + if ($node->isAnyPolicy()) { |
|
| 198 | + $node->addChild(new PolicyNode( |
|
| 199 | + $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 200 | + } |
|
| 201 | + } |
|
| 202 | + } |
|
| 203 | + } |
|
| 204 | 204 | |
| 205 | - /** |
|
| 206 | - * Process anyPolicy policy information. |
|
| 207 | - * |
|
| 208 | - * @param PolicyInformation $policy |
|
| 209 | - * @param Certificate $cert |
|
| 210 | - * @param ValidatorState $state |
|
| 211 | - */ |
|
| 212 | - protected function _processAnyPolicy(PolicyInformation $policy, |
|
| 213 | - Certificate $cert, ValidatorState $state): void |
|
| 214 | - { |
|
| 215 | - $i = $state->index(); |
|
| 216 | - // if (a) inhibit_anyPolicy is greater than 0 or |
|
| 217 | - // (b) i<n and the certificate is self-issued |
|
| 218 | - if (!($state->inhibitAnyPolicy() > 0 || |
|
| 219 | - ($i < $state->pathLength() && $cert->isSelfIssued()))) { |
|
| 220 | - return; |
|
| 221 | - } |
|
| 222 | - // for each node in the valid_policy_tree of depth i-1 |
|
| 223 | - foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 224 | - // for each value in the expected_policy_set |
|
| 225 | - foreach ($node->expectedPolicies() as $p_oid) { |
|
| 226 | - // that does not appear in a child node |
|
| 227 | - if (!$node->hasChildWithValidPolicy($p_oid)) { |
|
| 228 | - $node->addChild(new PolicyNode( |
|
| 229 | - $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 230 | - } |
|
| 231 | - } |
|
| 232 | - } |
|
| 233 | - } |
|
| 205 | + /** |
|
| 206 | + * Process anyPolicy policy information. |
|
| 207 | + * |
|
| 208 | + * @param PolicyInformation $policy |
|
| 209 | + * @param Certificate $cert |
|
| 210 | + * @param ValidatorState $state |
|
| 211 | + */ |
|
| 212 | + protected function _processAnyPolicy(PolicyInformation $policy, |
|
| 213 | + Certificate $cert, ValidatorState $state): void |
|
| 214 | + { |
|
| 215 | + $i = $state->index(); |
|
| 216 | + // if (a) inhibit_anyPolicy is greater than 0 or |
|
| 217 | + // (b) i<n and the certificate is self-issued |
|
| 218 | + if (!($state->inhibitAnyPolicy() > 0 || |
|
| 219 | + ($i < $state->pathLength() && $cert->isSelfIssued()))) { |
|
| 220 | + return; |
|
| 221 | + } |
|
| 222 | + // for each node in the valid_policy_tree of depth i-1 |
|
| 223 | + foreach ($this->_nodesAtDepth($i - 1) as $node) { |
|
| 224 | + // for each value in the expected_policy_set |
|
| 225 | + foreach ($node->expectedPolicies() as $p_oid) { |
|
| 226 | + // that does not appear in a child node |
|
| 227 | + if (!$node->hasChildWithValidPolicy($p_oid)) { |
|
| 228 | + $node->addChild(new PolicyNode( |
|
| 229 | + $p_oid, $policy->qualifiers(), [$p_oid])); |
|
| 230 | + } |
|
| 231 | + } |
|
| 232 | + } |
|
| 233 | + } |
|
| 234 | 234 | |
| 235 | - /** |
|
| 236 | - * Apply policy mappings to the policy tree. |
|
| 237 | - * |
|
| 238 | - * @param Certificate $cert |
|
| 239 | - * @param ValidatorState $state |
|
| 240 | - */ |
|
| 241 | - protected function _applyMappings(Certificate $cert, ValidatorState $state): void |
|
| 242 | - { |
|
| 243 | - $policy_mappings = $cert->tbsCertificate()->extensions()->policyMappings(); |
|
| 244 | - // (6.1.4. b.1.) for each node in the valid_policy_tree of depth i... |
|
| 245 | - foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) { |
|
| 246 | - $match_count = 0; |
|
| 247 | - foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 248 | - // ...where ID-P is the valid_policy |
|
| 249 | - if ($node->validPolicy() === $idp) { |
|
| 250 | - // set expected_policy_set to the set of subjectDomainPolicy |
|
| 251 | - // values that are specified as equivalent to ID-P by |
|
| 252 | - // the policy mappings extension |
|
| 253 | - $node->setExpectedPolicies(...$sdps); |
|
| 254 | - ++$match_count; |
|
| 255 | - } |
|
| 256 | - } |
|
| 257 | - // if no node of depth i in the valid_policy_tree has |
|
| 258 | - // a valid_policy of ID-P... |
|
| 259 | - if (!$match_count) { |
|
| 260 | - $this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps); |
|
| 261 | - } |
|
| 262 | - } |
|
| 263 | - } |
|
| 235 | + /** |
|
| 236 | + * Apply policy mappings to the policy tree. |
|
| 237 | + * |
|
| 238 | + * @param Certificate $cert |
|
| 239 | + * @param ValidatorState $state |
|
| 240 | + */ |
|
| 241 | + protected function _applyMappings(Certificate $cert, ValidatorState $state): void |
|
| 242 | + { |
|
| 243 | + $policy_mappings = $cert->tbsCertificate()->extensions()->policyMappings(); |
|
| 244 | + // (6.1.4. b.1.) for each node in the valid_policy_tree of depth i... |
|
| 245 | + foreach ($policy_mappings->flattenedMappings() as $idp => $sdps) { |
|
| 246 | + $match_count = 0; |
|
| 247 | + foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 248 | + // ...where ID-P is the valid_policy |
|
| 249 | + if ($node->validPolicy() === $idp) { |
|
| 250 | + // set expected_policy_set to the set of subjectDomainPolicy |
|
| 251 | + // values that are specified as equivalent to ID-P by |
|
| 252 | + // the policy mappings extension |
|
| 253 | + $node->setExpectedPolicies(...$sdps); |
|
| 254 | + ++$match_count; |
|
| 255 | + } |
|
| 256 | + } |
|
| 257 | + // if no node of depth i in the valid_policy_tree has |
|
| 258 | + // a valid_policy of ID-P... |
|
| 259 | + if (!$match_count) { |
|
| 260 | + $this->_applyAnyPolicyMapping($cert, $state, $idp, $sdps); |
|
| 261 | + } |
|
| 262 | + } |
|
| 263 | + } |
|
| 264 | 264 | |
| 265 | - /** |
|
| 266 | - * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1). |
|
| 267 | - * |
|
| 268 | - * @param Certificate $cert |
|
| 269 | - * @param ValidatorState $state |
|
| 270 | - * @param string $idp OID of the issuer domain policy |
|
| 271 | - * @param array $sdps Array of subject domain policy OIDs |
|
| 272 | - */ |
|
| 273 | - protected function _applyAnyPolicyMapping(Certificate $cert, |
|
| 274 | - ValidatorState $state, string $idp, array $sdps): void |
|
| 275 | - { |
|
| 276 | - // (6.1.4. b.1.) ...but there is a node of depth i with |
|
| 277 | - // a valid_policy of anyPolicy |
|
| 278 | - foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 279 | - if ($node->isAnyPolicy()) { |
|
| 280 | - // then generate a child node of the node of depth i-1 |
|
| 281 | - // that has a valid_policy of anyPolicy as follows... |
|
| 282 | - foreach ($this->_nodesAtDepth($state->index() - 1) as $subnode) { |
|
| 283 | - if ($subnode->isAnyPolicy()) { |
|
| 284 | - // try to fetch qualifiers of anyPolicy certificate policy |
|
| 285 | - try { |
|
| 286 | - $qualifiers = $cert->tbsCertificate() |
|
| 287 | - ->extensions()->certificatePolicies() |
|
| 288 | - ->anyPolicy()->qualifiers(); |
|
| 289 | - } catch (\LogicException $e) { |
|
| 290 | - // if there's no policies or no qualifiers |
|
| 291 | - $qualifiers = []; |
|
| 292 | - } |
|
| 293 | - $subnode->addChild(new PolicyNode($idp, $qualifiers, $sdps)); |
|
| 294 | - // bail after first anyPolicy has been processed |
|
| 295 | - break; |
|
| 296 | - } |
|
| 297 | - } |
|
| 298 | - // bail after first anyPolicy has been processed |
|
| 299 | - break; |
|
| 300 | - } |
|
| 301 | - } |
|
| 302 | - } |
|
| 265 | + /** |
|
| 266 | + * Apply anyPolicy mapping to the policy tree as specified in 6.1.4 (b)(1). |
|
| 267 | + * |
|
| 268 | + * @param Certificate $cert |
|
| 269 | + * @param ValidatorState $state |
|
| 270 | + * @param string $idp OID of the issuer domain policy |
|
| 271 | + * @param array $sdps Array of subject domain policy OIDs |
|
| 272 | + */ |
|
| 273 | + protected function _applyAnyPolicyMapping(Certificate $cert, |
|
| 274 | + ValidatorState $state, string $idp, array $sdps): void |
|
| 275 | + { |
|
| 276 | + // (6.1.4. b.1.) ...but there is a node of depth i with |
|
| 277 | + // a valid_policy of anyPolicy |
|
| 278 | + foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 279 | + if ($node->isAnyPolicy()) { |
|
| 280 | + // then generate a child node of the node of depth i-1 |
|
| 281 | + // that has a valid_policy of anyPolicy as follows... |
|
| 282 | + foreach ($this->_nodesAtDepth($state->index() - 1) as $subnode) { |
|
| 283 | + if ($subnode->isAnyPolicy()) { |
|
| 284 | + // try to fetch qualifiers of anyPolicy certificate policy |
|
| 285 | + try { |
|
| 286 | + $qualifiers = $cert->tbsCertificate() |
|
| 287 | + ->extensions()->certificatePolicies() |
|
| 288 | + ->anyPolicy()->qualifiers(); |
|
| 289 | + } catch (\LogicException $e) { |
|
| 290 | + // if there's no policies or no qualifiers |
|
| 291 | + $qualifiers = []; |
|
| 292 | + } |
|
| 293 | + $subnode->addChild(new PolicyNode($idp, $qualifiers, $sdps)); |
|
| 294 | + // bail after first anyPolicy has been processed |
|
| 295 | + break; |
|
| 296 | + } |
|
| 297 | + } |
|
| 298 | + // bail after first anyPolicy has been processed |
|
| 299 | + break; |
|
| 300 | + } |
|
| 301 | + } |
|
| 302 | + } |
|
| 303 | 303 | |
| 304 | - /** |
|
| 305 | - * Delete nodes as specified in 6.1.4 (b)(2). |
|
| 306 | - * |
|
| 307 | - * @param Certificate $cert |
|
| 308 | - * @param ValidatorState $state |
|
| 309 | - */ |
|
| 310 | - protected function _deleteMappings(Certificate $cert, |
|
| 311 | - ValidatorState $state): void |
|
| 312 | - { |
|
| 313 | - $idps = $cert->tbsCertificate()->extensions() |
|
| 314 | - ->policyMappings()->issuerDomainPolicies(); |
|
| 315 | - // delete each node of depth i in the valid_policy_tree |
|
| 316 | - // where ID-P is the valid_policy |
|
| 317 | - foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 318 | - if (in_array($node->validPolicy(), $idps)) { |
|
| 319 | - $node->remove(); |
|
| 320 | - } |
|
| 321 | - } |
|
| 322 | - $this->_pruneTree($state->index() - 1); |
|
| 323 | - } |
|
| 304 | + /** |
|
| 305 | + * Delete nodes as specified in 6.1.4 (b)(2). |
|
| 306 | + * |
|
| 307 | + * @param Certificate $cert |
|
| 308 | + * @param ValidatorState $state |
|
| 309 | + */ |
|
| 310 | + protected function _deleteMappings(Certificate $cert, |
|
| 311 | + ValidatorState $state): void |
|
| 312 | + { |
|
| 313 | + $idps = $cert->tbsCertificate()->extensions() |
|
| 314 | + ->policyMappings()->issuerDomainPolicies(); |
|
| 315 | + // delete each node of depth i in the valid_policy_tree |
|
| 316 | + // where ID-P is the valid_policy |
|
| 317 | + foreach ($this->_nodesAtDepth($state->index()) as $node) { |
|
| 318 | + if (in_array($node->validPolicy(), $idps)) { |
|
| 319 | + $node->remove(); |
|
| 320 | + } |
|
| 321 | + } |
|
| 322 | + $this->_pruneTree($state->index() - 1); |
|
| 323 | + } |
|
| 324 | 324 | |
| 325 | - /** |
|
| 326 | - * Prune tree starting from given depth. |
|
| 327 | - * |
|
| 328 | - * @param int $depth |
|
| 329 | - * |
|
| 330 | - * @return int The number of nodes left in a tree |
|
| 331 | - */ |
|
| 332 | - protected function _pruneTree(int $depth): int |
|
| 333 | - { |
|
| 334 | - if (!$this->_root) { |
|
| 335 | - return 0; |
|
| 336 | - } |
|
| 337 | - for ($i = $depth; $i > 0; --$i) { |
|
| 338 | - foreach ($this->_nodesAtDepth($i) as $node) { |
|
| 339 | - if (!count($node)) { |
|
| 340 | - $node->remove(); |
|
| 341 | - } |
|
| 342 | - } |
|
| 343 | - } |
|
| 344 | - // if root has no children left |
|
| 345 | - if (!count($this->_root)) { |
|
| 346 | - $this->_root = null; |
|
| 347 | - return 0; |
|
| 348 | - } |
|
| 349 | - return $this->_root->nodeCount(); |
|
| 350 | - } |
|
| 325 | + /** |
|
| 326 | + * Prune tree starting from given depth. |
|
| 327 | + * |
|
| 328 | + * @param int $depth |
|
| 329 | + * |
|
| 330 | + * @return int The number of nodes left in a tree |
|
| 331 | + */ |
|
| 332 | + protected function _pruneTree(int $depth): int |
|
| 333 | + { |
|
| 334 | + if (!$this->_root) { |
|
| 335 | + return 0; |
|
| 336 | + } |
|
| 337 | + for ($i = $depth; $i > 0; --$i) { |
|
| 338 | + foreach ($this->_nodesAtDepth($i) as $node) { |
|
| 339 | + if (!count($node)) { |
|
| 340 | + $node->remove(); |
|
| 341 | + } |
|
| 342 | + } |
|
| 343 | + } |
|
| 344 | + // if root has no children left |
|
| 345 | + if (!count($this->_root)) { |
|
| 346 | + $this->_root = null; |
|
| 347 | + return 0; |
|
| 348 | + } |
|
| 349 | + return $this->_root->nodeCount(); |
|
| 350 | + } |
|
| 351 | 351 | |
| 352 | - /** |
|
| 353 | - * Get all nodes at given depth. |
|
| 354 | - * |
|
| 355 | - * @param int $i |
|
| 356 | - * |
|
| 357 | - * @return PolicyNode[] |
|
| 358 | - */ |
|
| 359 | - protected function _nodesAtDepth(int $i): array |
|
| 360 | - { |
|
| 361 | - if (!$this->_root) { |
|
| 362 | - return []; |
|
| 363 | - } |
|
| 364 | - $depth = 0; |
|
| 365 | - $nodes = [$this->_root]; |
|
| 366 | - while ($depth < $i) { |
|
| 367 | - $nodes = self::_gatherChildren(...$nodes); |
|
| 368 | - if (!count($nodes)) { |
|
| 369 | - break; |
|
| 370 | - } |
|
| 371 | - ++$depth; |
|
| 372 | - } |
|
| 373 | - return $nodes; |
|
| 374 | - } |
|
| 352 | + /** |
|
| 353 | + * Get all nodes at given depth. |
|
| 354 | + * |
|
| 355 | + * @param int $i |
|
| 356 | + * |
|
| 357 | + * @return PolicyNode[] |
|
| 358 | + */ |
|
| 359 | + protected function _nodesAtDepth(int $i): array |
|
| 360 | + { |
|
| 361 | + if (!$this->_root) { |
|
| 362 | + return []; |
|
| 363 | + } |
|
| 364 | + $depth = 0; |
|
| 365 | + $nodes = [$this->_root]; |
|
| 366 | + while ($depth < $i) { |
|
| 367 | + $nodes = self::_gatherChildren(...$nodes); |
|
| 368 | + if (!count($nodes)) { |
|
| 369 | + break; |
|
| 370 | + } |
|
| 371 | + ++$depth; |
|
| 372 | + } |
|
| 373 | + return $nodes; |
|
| 374 | + } |
|
| 375 | 375 | |
| 376 | - /** |
|
| 377 | - * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1. |
|
| 378 | - * |
|
| 379 | - * @return PolicyNode[] |
|
| 380 | - */ |
|
| 381 | - protected function _validPolicyNodeSet(): array |
|
| 382 | - { |
|
| 383 | - // 1. Determine the set of policy nodes whose parent nodes have |
|
| 384 | - // a valid_policy of anyPolicy. This is the valid_policy_node_set. |
|
| 385 | - $set = []; |
|
| 386 | - if (!$this->_root) { |
|
| 387 | - return $set; |
|
| 388 | - } |
|
| 389 | - // for each node in a tree |
|
| 390 | - $this->_root->walkNodes( |
|
| 391 | - function (PolicyNode $node) use (&$set) { |
|
| 392 | - $parents = $node->parents(); |
|
| 393 | - // node has parents |
|
| 394 | - if (count($parents)) { |
|
| 395 | - // check that each ancestor is an anyPolicy node |
|
| 396 | - foreach ($parents as $ancestor) { |
|
| 397 | - if (!$ancestor->isAnyPolicy()) { |
|
| 398 | - return; |
|
| 399 | - } |
|
| 400 | - } |
|
| 401 | - $set[] = $node; |
|
| 402 | - } |
|
| 403 | - }); |
|
| 404 | - return $set; |
|
| 405 | - } |
|
| 376 | + /** |
|
| 377 | + * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1. |
|
| 378 | + * |
|
| 379 | + * @return PolicyNode[] |
|
| 380 | + */ |
|
| 381 | + protected function _validPolicyNodeSet(): array |
|
| 382 | + { |
|
| 383 | + // 1. Determine the set of policy nodes whose parent nodes have |
|
| 384 | + // a valid_policy of anyPolicy. This is the valid_policy_node_set. |
|
| 385 | + $set = []; |
|
| 386 | + if (!$this->_root) { |
|
| 387 | + return $set; |
|
| 388 | + } |
|
| 389 | + // for each node in a tree |
|
| 390 | + $this->_root->walkNodes( |
|
| 391 | + function (PolicyNode $node) use (&$set) { |
|
| 392 | + $parents = $node->parents(); |
|
| 393 | + // node has parents |
|
| 394 | + if (count($parents)) { |
|
| 395 | + // check that each ancestor is an anyPolicy node |
|
| 396 | + foreach ($parents as $ancestor) { |
|
| 397 | + if (!$ancestor->isAnyPolicy()) { |
|
| 398 | + return; |
|
| 399 | + } |
|
| 400 | + } |
|
| 401 | + $set[] = $node; |
|
| 402 | + } |
|
| 403 | + }); |
|
| 404 | + return $set; |
|
| 405 | + } |
|
| 406 | 406 | |
| 407 | - /** |
|
| 408 | - * Gather all children of given nodes to a flattened array. |
|
| 409 | - * |
|
| 410 | - * @param PolicyNode ...$nodes |
|
| 411 | - * |
|
| 412 | - * @return PolicyNode[] |
|
| 413 | - */ |
|
| 414 | - private static function _gatherChildren(PolicyNode ...$nodes): array |
|
| 415 | - { |
|
| 416 | - $children = []; |
|
| 417 | - foreach ($nodes as $node) { |
|
| 418 | - $children = array_merge($children, $node->children()); |
|
| 419 | - } |
|
| 420 | - return $children; |
|
| 421 | - } |
|
| 407 | + /** |
|
| 408 | + * Gather all children of given nodes to a flattened array. |
|
| 409 | + * |
|
| 410 | + * @param PolicyNode ...$nodes |
|
| 411 | + * |
|
| 412 | + * @return PolicyNode[] |
|
| 413 | + */ |
|
| 414 | + private static function _gatherChildren(PolicyNode ...$nodes): array |
|
| 415 | + { |
|
| 416 | + $children = []; |
|
| 417 | + foreach ($nodes as $node) { |
|
| 418 | + $children = array_merge($children, $node->children()); |
|
| 419 | + } |
|
| 420 | + return $children; |
|
| 421 | + } |
|
| 422 | 422 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\Policy; |
| 6 | 6 | |
@@ -16,267 +16,267 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | class PolicyNode implements \IteratorAggregate, \Countable |
| 18 | 18 | { |
| 19 | - /** |
|
| 20 | - * Policy OID. |
|
| 21 | - * |
|
| 22 | - * @var string |
|
| 23 | - */ |
|
| 24 | - protected $_validPolicy; |
|
| 19 | + /** |
|
| 20 | + * Policy OID. |
|
| 21 | + * |
|
| 22 | + * @var string |
|
| 23 | + */ |
|
| 24 | + protected $_validPolicy; |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * List of qualifiers. |
|
| 28 | - * |
|
| 29 | - * @var PolicyQualifierInfo[] |
|
| 30 | - */ |
|
| 31 | - protected $_qualifiers; |
|
| 26 | + /** |
|
| 27 | + * List of qualifiers. |
|
| 28 | + * |
|
| 29 | + * @var PolicyQualifierInfo[] |
|
| 30 | + */ |
|
| 31 | + protected $_qualifiers; |
|
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * List of expected policy OIDs. |
|
| 35 | - * |
|
| 36 | - * @var string[] |
|
| 37 | - */ |
|
| 38 | - protected $_expectedPolicies; |
|
| 33 | + /** |
|
| 34 | + * List of expected policy OIDs. |
|
| 35 | + * |
|
| 36 | + * @var string[] |
|
| 37 | + */ |
|
| 38 | + protected $_expectedPolicies; |
|
| 39 | 39 | |
| 40 | - /** |
|
| 41 | - * List of child nodes. |
|
| 42 | - * |
|
| 43 | - * @var PolicyNode[] |
|
| 44 | - */ |
|
| 45 | - protected $_children; |
|
| 40 | + /** |
|
| 41 | + * List of child nodes. |
|
| 42 | + * |
|
| 43 | + * @var PolicyNode[] |
|
| 44 | + */ |
|
| 45 | + protected $_children; |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * Reference to the parent node. |
|
| 49 | - * |
|
| 50 | - * @var null|PolicyNode |
|
| 51 | - */ |
|
| 52 | - protected $_parent; |
|
| 47 | + /** |
|
| 48 | + * Reference to the parent node. |
|
| 49 | + * |
|
| 50 | + * @var null|PolicyNode |
|
| 51 | + */ |
|
| 52 | + protected $_parent; |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * Constructor. |
|
| 56 | - * |
|
| 57 | - * @param string $valid_policy Policy OID |
|
| 58 | - * @param PolicyQualifierInfo[] $qualifiers |
|
| 59 | - * @param string[] $expected_policies |
|
| 60 | - */ |
|
| 61 | - public function __construct(string $valid_policy, array $qualifiers, |
|
| 62 | - array $expected_policies) |
|
| 63 | - { |
|
| 64 | - $this->_validPolicy = $valid_policy; |
|
| 65 | - $this->_qualifiers = $qualifiers; |
|
| 66 | - $this->_expectedPolicies = $expected_policies; |
|
| 67 | - $this->_children = []; |
|
| 68 | - } |
|
| 54 | + /** |
|
| 55 | + * Constructor. |
|
| 56 | + * |
|
| 57 | + * @param string $valid_policy Policy OID |
|
| 58 | + * @param PolicyQualifierInfo[] $qualifiers |
|
| 59 | + * @param string[] $expected_policies |
|
| 60 | + */ |
|
| 61 | + public function __construct(string $valid_policy, array $qualifiers, |
|
| 62 | + array $expected_policies) |
|
| 63 | + { |
|
| 64 | + $this->_validPolicy = $valid_policy; |
|
| 65 | + $this->_qualifiers = $qualifiers; |
|
| 66 | + $this->_expectedPolicies = $expected_policies; |
|
| 67 | + $this->_children = []; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - /** |
|
| 71 | - * Create initial node for the policy tree. |
|
| 72 | - * |
|
| 73 | - * @return self |
|
| 74 | - */ |
|
| 75 | - public static function anyPolicyNode(): self |
|
| 76 | - { |
|
| 77 | - return new self(PolicyInformation::OID_ANY_POLICY, [], |
|
| 78 | - [PolicyInformation::OID_ANY_POLICY]); |
|
| 79 | - } |
|
| 70 | + /** |
|
| 71 | + * Create initial node for the policy tree. |
|
| 72 | + * |
|
| 73 | + * @return self |
|
| 74 | + */ |
|
| 75 | + public static function anyPolicyNode(): self |
|
| 76 | + { |
|
| 77 | + return new self(PolicyInformation::OID_ANY_POLICY, [], |
|
| 78 | + [PolicyInformation::OID_ANY_POLICY]); |
|
| 79 | + } |
|
| 80 | 80 | |
| 81 | - /** |
|
| 82 | - * Get the valid policy OID. |
|
| 83 | - * |
|
| 84 | - * @return string |
|
| 85 | - */ |
|
| 86 | - public function validPolicy(): string |
|
| 87 | - { |
|
| 88 | - return $this->_validPolicy; |
|
| 89 | - } |
|
| 81 | + /** |
|
| 82 | + * Get the valid policy OID. |
|
| 83 | + * |
|
| 84 | + * @return string |
|
| 85 | + */ |
|
| 86 | + public function validPolicy(): string |
|
| 87 | + { |
|
| 88 | + return $this->_validPolicy; |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - /** |
|
| 92 | - * Check whether node has anyPolicy as a valid policy. |
|
| 93 | - * |
|
| 94 | - * @return bool |
|
| 95 | - */ |
|
| 96 | - public function isAnyPolicy(): bool |
|
| 97 | - { |
|
| 98 | - return PolicyInformation::OID_ANY_POLICY === $this->_validPolicy; |
|
| 99 | - } |
|
| 91 | + /** |
|
| 92 | + * Check whether node has anyPolicy as a valid policy. |
|
| 93 | + * |
|
| 94 | + * @return bool |
|
| 95 | + */ |
|
| 96 | + public function isAnyPolicy(): bool |
|
| 97 | + { |
|
| 98 | + return PolicyInformation::OID_ANY_POLICY === $this->_validPolicy; |
|
| 99 | + } |
|
| 100 | 100 | |
| 101 | - /** |
|
| 102 | - * Get the qualifier set. |
|
| 103 | - * |
|
| 104 | - * @return PolicyQualifierInfo[] |
|
| 105 | - */ |
|
| 106 | - public function qualifiers(): array |
|
| 107 | - { |
|
| 108 | - return $this->_qualifiers; |
|
| 109 | - } |
|
| 101 | + /** |
|
| 102 | + * Get the qualifier set. |
|
| 103 | + * |
|
| 104 | + * @return PolicyQualifierInfo[] |
|
| 105 | + */ |
|
| 106 | + public function qualifiers(): array |
|
| 107 | + { |
|
| 108 | + return $this->_qualifiers; |
|
| 109 | + } |
|
| 110 | 110 | |
| 111 | - /** |
|
| 112 | - * Check whether node has OID as an expected policy. |
|
| 113 | - * |
|
| 114 | - * @param string $oid |
|
| 115 | - * |
|
| 116 | - * @return bool |
|
| 117 | - */ |
|
| 118 | - public function hasExpectedPolicy(string $oid): bool |
|
| 119 | - { |
|
| 120 | - return in_array($oid, $this->_expectedPolicies); |
|
| 121 | - } |
|
| 111 | + /** |
|
| 112 | + * Check whether node has OID as an expected policy. |
|
| 113 | + * |
|
| 114 | + * @param string $oid |
|
| 115 | + * |
|
| 116 | + * @return bool |
|
| 117 | + */ |
|
| 118 | + public function hasExpectedPolicy(string $oid): bool |
|
| 119 | + { |
|
| 120 | + return in_array($oid, $this->_expectedPolicies); |
|
| 121 | + } |
|
| 122 | 122 | |
| 123 | - /** |
|
| 124 | - * Get the expected policy set. |
|
| 125 | - * |
|
| 126 | - * @return string[] |
|
| 127 | - */ |
|
| 128 | - public function expectedPolicies(): array |
|
| 129 | - { |
|
| 130 | - return $this->_expectedPolicies; |
|
| 131 | - } |
|
| 123 | + /** |
|
| 124 | + * Get the expected policy set. |
|
| 125 | + * |
|
| 126 | + * @return string[] |
|
| 127 | + */ |
|
| 128 | + public function expectedPolicies(): array |
|
| 129 | + { |
|
| 130 | + return $this->_expectedPolicies; |
|
| 131 | + } |
|
| 132 | 132 | |
| 133 | - /** |
|
| 134 | - * Set expected policies. |
|
| 135 | - * |
|
| 136 | - * @param string ...$oids Policy OIDs |
|
| 137 | - */ |
|
| 138 | - public function setExpectedPolicies(string ...$oids): void |
|
| 139 | - { |
|
| 140 | - $this->_expectedPolicies = $oids; |
|
| 141 | - } |
|
| 133 | + /** |
|
| 134 | + * Set expected policies. |
|
| 135 | + * |
|
| 136 | + * @param string ...$oids Policy OIDs |
|
| 137 | + */ |
|
| 138 | + public function setExpectedPolicies(string ...$oids): void |
|
| 139 | + { |
|
| 140 | + $this->_expectedPolicies = $oids; |
|
| 141 | + } |
|
| 142 | 142 | |
| 143 | - /** |
|
| 144 | - * Check whether node has a child node with given valid policy OID. |
|
| 145 | - * |
|
| 146 | - * @param string $oid |
|
| 147 | - * |
|
| 148 | - * @return bool |
|
| 149 | - */ |
|
| 150 | - public function hasChildWithValidPolicy(string $oid): bool |
|
| 151 | - { |
|
| 152 | - foreach ($this->_children as $node) { |
|
| 153 | - if ($node->validPolicy() === $oid) { |
|
| 154 | - return true; |
|
| 155 | - } |
|
| 156 | - } |
|
| 157 | - return false; |
|
| 158 | - } |
|
| 143 | + /** |
|
| 144 | + * Check whether node has a child node with given valid policy OID. |
|
| 145 | + * |
|
| 146 | + * @param string $oid |
|
| 147 | + * |
|
| 148 | + * @return bool |
|
| 149 | + */ |
|
| 150 | + public function hasChildWithValidPolicy(string $oid): bool |
|
| 151 | + { |
|
| 152 | + foreach ($this->_children as $node) { |
|
| 153 | + if ($node->validPolicy() === $oid) { |
|
| 154 | + return true; |
|
| 155 | + } |
|
| 156 | + } |
|
| 157 | + return false; |
|
| 158 | + } |
|
| 159 | 159 | |
| 160 | - /** |
|
| 161 | - * Add child node. |
|
| 162 | - * |
|
| 163 | - * @param PolicyNode $node |
|
| 164 | - * |
|
| 165 | - * @return self |
|
| 166 | - */ |
|
| 167 | - public function addChild(PolicyNode $node): self |
|
| 168 | - { |
|
| 169 | - $id = spl_object_hash($node); |
|
| 170 | - $node->_parent = $this; |
|
| 171 | - $this->_children[$id] = $node; |
|
| 172 | - return $this; |
|
| 173 | - } |
|
| 160 | + /** |
|
| 161 | + * Add child node. |
|
| 162 | + * |
|
| 163 | + * @param PolicyNode $node |
|
| 164 | + * |
|
| 165 | + * @return self |
|
| 166 | + */ |
|
| 167 | + public function addChild(PolicyNode $node): self |
|
| 168 | + { |
|
| 169 | + $id = spl_object_hash($node); |
|
| 170 | + $node->_parent = $this; |
|
| 171 | + $this->_children[$id] = $node; |
|
| 172 | + return $this; |
|
| 173 | + } |
|
| 174 | 174 | |
| 175 | - /** |
|
| 176 | - * Get the child nodes. |
|
| 177 | - * |
|
| 178 | - * @return PolicyNode[] |
|
| 179 | - */ |
|
| 180 | - public function children(): array |
|
| 181 | - { |
|
| 182 | - return array_values($this->_children); |
|
| 183 | - } |
|
| 175 | + /** |
|
| 176 | + * Get the child nodes. |
|
| 177 | + * |
|
| 178 | + * @return PolicyNode[] |
|
| 179 | + */ |
|
| 180 | + public function children(): array |
|
| 181 | + { |
|
| 182 | + return array_values($this->_children); |
|
| 183 | + } |
|
| 184 | 184 | |
| 185 | - /** |
|
| 186 | - * Remove this node from the tree. |
|
| 187 | - * |
|
| 188 | - * @return self The removed node |
|
| 189 | - */ |
|
| 190 | - public function remove(): self |
|
| 191 | - { |
|
| 192 | - if ($this->_parent) { |
|
| 193 | - $id = spl_object_hash($this); |
|
| 194 | - unset($this->_parent->_children[$id], $this->_parent); |
|
| 195 | - } |
|
| 196 | - return $this; |
|
| 197 | - } |
|
| 185 | + /** |
|
| 186 | + * Remove this node from the tree. |
|
| 187 | + * |
|
| 188 | + * @return self The removed node |
|
| 189 | + */ |
|
| 190 | + public function remove(): self |
|
| 191 | + { |
|
| 192 | + if ($this->_parent) { |
|
| 193 | + $id = spl_object_hash($this); |
|
| 194 | + unset($this->_parent->_children[$id], $this->_parent); |
|
| 195 | + } |
|
| 196 | + return $this; |
|
| 197 | + } |
|
| 198 | 198 | |
| 199 | - /** |
|
| 200 | - * Check whether node has a parent. |
|
| 201 | - * |
|
| 202 | - * @return bool |
|
| 203 | - */ |
|
| 204 | - public function hasParent(): bool |
|
| 205 | - { |
|
| 206 | - return isset($this->_parent); |
|
| 207 | - } |
|
| 199 | + /** |
|
| 200 | + * Check whether node has a parent. |
|
| 201 | + * |
|
| 202 | + * @return bool |
|
| 203 | + */ |
|
| 204 | + public function hasParent(): bool |
|
| 205 | + { |
|
| 206 | + return isset($this->_parent); |
|
| 207 | + } |
|
| 208 | 208 | |
| 209 | - /** |
|
| 210 | - * Get the parent node. |
|
| 211 | - * |
|
| 212 | - * @return null|PolicyNode |
|
| 213 | - */ |
|
| 214 | - public function parent(): ?PolicyNode |
|
| 215 | - { |
|
| 216 | - return $this->_parent; |
|
| 217 | - } |
|
| 209 | + /** |
|
| 210 | + * Get the parent node. |
|
| 211 | + * |
|
| 212 | + * @return null|PolicyNode |
|
| 213 | + */ |
|
| 214 | + public function parent(): ?PolicyNode |
|
| 215 | + { |
|
| 216 | + return $this->_parent; |
|
| 217 | + } |
|
| 218 | 218 | |
| 219 | - /** |
|
| 220 | - * Get chain of parent nodes from this node's parent to the root node. |
|
| 221 | - * |
|
| 222 | - * @return PolicyNode[] |
|
| 223 | - */ |
|
| 224 | - public function parents(): array |
|
| 225 | - { |
|
| 226 | - if (!$this->_parent) { |
|
| 227 | - return []; |
|
| 228 | - } |
|
| 229 | - $nodes = $this->_parent->parents(); |
|
| 230 | - $nodes[] = $this->_parent; |
|
| 231 | - return array_reverse($nodes); |
|
| 232 | - } |
|
| 219 | + /** |
|
| 220 | + * Get chain of parent nodes from this node's parent to the root node. |
|
| 221 | + * |
|
| 222 | + * @return PolicyNode[] |
|
| 223 | + */ |
|
| 224 | + public function parents(): array |
|
| 225 | + { |
|
| 226 | + if (!$this->_parent) { |
|
| 227 | + return []; |
|
| 228 | + } |
|
| 229 | + $nodes = $this->_parent->parents(); |
|
| 230 | + $nodes[] = $this->_parent; |
|
| 231 | + return array_reverse($nodes); |
|
| 232 | + } |
|
| 233 | 233 | |
| 234 | - /** |
|
| 235 | - * Walk tree from this node, applying a callback for each node. |
|
| 236 | - * |
|
| 237 | - * Nodes are traversed depth-first and callback shall be applied post-order. |
|
| 238 | - * |
|
| 239 | - * @param callable $fn |
|
| 240 | - */ |
|
| 241 | - public function walkNodes(callable $fn): void |
|
| 242 | - { |
|
| 243 | - foreach ($this->_children as $node) { |
|
| 244 | - $node->walkNodes($fn); |
|
| 245 | - } |
|
| 246 | - $fn($this); |
|
| 247 | - } |
|
| 234 | + /** |
|
| 235 | + * Walk tree from this node, applying a callback for each node. |
|
| 236 | + * |
|
| 237 | + * Nodes are traversed depth-first and callback shall be applied post-order. |
|
| 238 | + * |
|
| 239 | + * @param callable $fn |
|
| 240 | + */ |
|
| 241 | + public function walkNodes(callable $fn): void |
|
| 242 | + { |
|
| 243 | + foreach ($this->_children as $node) { |
|
| 244 | + $node->walkNodes($fn); |
|
| 245 | + } |
|
| 246 | + $fn($this); |
|
| 247 | + } |
|
| 248 | 248 | |
| 249 | - /** |
|
| 250 | - * Get the total number of nodes in a tree. |
|
| 251 | - * |
|
| 252 | - * @return int |
|
| 253 | - */ |
|
| 254 | - public function nodeCount(): int |
|
| 255 | - { |
|
| 256 | - $c = 1; |
|
| 257 | - foreach ($this->_children as $child) { |
|
| 258 | - $c += $child->nodeCount(); |
|
| 259 | - } |
|
| 260 | - return $c; |
|
| 261 | - } |
|
| 249 | + /** |
|
| 250 | + * Get the total number of nodes in a tree. |
|
| 251 | + * |
|
| 252 | + * @return int |
|
| 253 | + */ |
|
| 254 | + public function nodeCount(): int |
|
| 255 | + { |
|
| 256 | + $c = 1; |
|
| 257 | + foreach ($this->_children as $child) { |
|
| 258 | + $c += $child->nodeCount(); |
|
| 259 | + } |
|
| 260 | + return $c; |
|
| 261 | + } |
|
| 262 | 262 | |
| 263 | - /** |
|
| 264 | - * Get the number of child nodes. |
|
| 265 | - * |
|
| 266 | - * @see \Countable::count() |
|
| 267 | - */ |
|
| 268 | - public function count(): int |
|
| 269 | - { |
|
| 270 | - return count($this->_children); |
|
| 271 | - } |
|
| 263 | + /** |
|
| 264 | + * Get the number of child nodes. |
|
| 265 | + * |
|
| 266 | + * @see \Countable::count() |
|
| 267 | + */ |
|
| 268 | + public function count(): int |
|
| 269 | + { |
|
| 270 | + return count($this->_children); |
|
| 271 | + } |
|
| 272 | 272 | |
| 273 | - /** |
|
| 274 | - * Get iterator for the child nodes. |
|
| 275 | - * |
|
| 276 | - * @see \IteratorAggregate::getIterator() |
|
| 277 | - */ |
|
| 278 | - public function getIterator(): \ArrayIterator |
|
| 279 | - { |
|
| 280 | - return new \ArrayIterator($this->_children); |
|
| 281 | - } |
|
| 273 | + /** |
|
| 274 | + * Get iterator for the child nodes. |
|
| 275 | + * |
|
| 276 | + * @see \IteratorAggregate::getIterator() |
|
| 277 | + */ |
|
| 278 | + public function getIterator(): \ArrayIterator |
|
| 279 | + { |
|
| 280 | + return new \ArrayIterator($this->_children); |
|
| 281 | + } |
|
| 282 | 282 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath; |
| 6 | 6 | |
@@ -24,178 +24,178 @@ |
||
| 24 | 24 | */ |
| 25 | 25 | class CertificationPath implements \Countable, \IteratorAggregate |
| 26 | 26 | { |
| 27 | - /** |
|
| 28 | - * Certification path. |
|
| 29 | - * |
|
| 30 | - * @var Certificate[] |
|
| 31 | - */ |
|
| 32 | - protected $_certificates; |
|
| 33 | - |
|
| 34 | - /** |
|
| 35 | - * Constructor. |
|
| 36 | - * |
|
| 37 | - * @param Certificate ...$certificates Certificates from the trust anchor |
|
| 38 | - * to the target end-entity certificate |
|
| 39 | - */ |
|
| 40 | - public function __construct(Certificate ...$certificates) |
|
| 41 | - { |
|
| 42 | - $this->_certificates = $certificates; |
|
| 43 | - } |
|
| 44 | - |
|
| 45 | - /** |
|
| 46 | - * Initialize from a certificate chain. |
|
| 47 | - * |
|
| 48 | - * @param CertificateChain $chain |
|
| 49 | - * |
|
| 50 | - * @return self |
|
| 51 | - */ |
|
| 52 | - public static function fromCertificateChain(CertificateChain $chain): self |
|
| 53 | - { |
|
| 54 | - return new self(...array_reverse($chain->certificates(), false)); |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - /** |
|
| 58 | - * Build certification path to given target. |
|
| 59 | - * |
|
| 60 | - * @param Certificate $target Target end-entity certificate |
|
| 61 | - * @param CertificateBundle $trust_anchors List of trust anchors |
|
| 62 | - * @param null|CertificateBundle $intermediate Optional intermediate certificates |
|
| 63 | - * |
|
| 64 | - * @return self |
|
| 65 | - */ |
|
| 66 | - public static function toTarget(Certificate $target, |
|
| 67 | - CertificateBundle $trust_anchors, ?CertificateBundle $intermediate = null): self |
|
| 68 | - { |
|
| 69 | - $builder = new CertificationPathBuilder($trust_anchors); |
|
| 70 | - return $builder->shortestPathToTarget($target, $intermediate); |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - /** |
|
| 74 | - * Build certification path from given trust anchor to target certificate, |
|
| 75 | - * using intermediate certificates from given bundle. |
|
| 76 | - * |
|
| 77 | - * @param Certificate $trust_anchor Trust anchor certificate |
|
| 78 | - * @param Certificate $target Target end-entity certificate |
|
| 79 | - * @param null|CertificateBundle $intermediate Optional intermediate certificates |
|
| 80 | - * |
|
| 81 | - * @return self |
|
| 82 | - */ |
|
| 83 | - public static function fromTrustAnchorToTarget(Certificate $trust_anchor, |
|
| 84 | - Certificate $target, ?CertificateBundle $intermediate = null): self |
|
| 85 | - { |
|
| 86 | - return self::toTarget($target, new CertificateBundle($trust_anchor), |
|
| 87 | - $intermediate); |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - /** |
|
| 91 | - * Get certificates. |
|
| 92 | - * |
|
| 93 | - * @return Certificate[] |
|
| 94 | - */ |
|
| 95 | - public function certificates(): array |
|
| 96 | - { |
|
| 97 | - return $this->_certificates; |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - /** |
|
| 101 | - * Get the trust anchor certificate from the path. |
|
| 102 | - * |
|
| 103 | - * @throws \LogicException If path is empty |
|
| 104 | - * |
|
| 105 | - * @return Certificate |
|
| 106 | - */ |
|
| 107 | - public function trustAnchorCertificate(): Certificate |
|
| 108 | - { |
|
| 109 | - if (!count($this->_certificates)) { |
|
| 110 | - throw new \LogicException('No certificates.'); |
|
| 111 | - } |
|
| 112 | - return $this->_certificates[0]; |
|
| 113 | - } |
|
| 114 | - |
|
| 115 | - /** |
|
| 116 | - * Get the end-entity certificate from the path. |
|
| 117 | - * |
|
| 118 | - * @throws \LogicException If path is empty |
|
| 119 | - * |
|
| 120 | - * @return Certificate |
|
| 121 | - */ |
|
| 122 | - public function endEntityCertificate(): Certificate |
|
| 123 | - { |
|
| 124 | - if (!count($this->_certificates)) { |
|
| 125 | - throw new \LogicException('No certificates.'); |
|
| 126 | - } |
|
| 127 | - return $this->_certificates[count($this->_certificates) - 1]; |
|
| 128 | - } |
|
| 129 | - |
|
| 130 | - /** |
|
| 131 | - * Get certification path as a certificate chain. |
|
| 132 | - * |
|
| 133 | - * @return CertificateChain |
|
| 134 | - */ |
|
| 135 | - public function certificateChain(): CertificateChain |
|
| 136 | - { |
|
| 137 | - return new CertificateChain(...array_reverse($this->_certificates, false)); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - /** |
|
| 141 | - * Check whether certification path starts with one ore more given |
|
| 142 | - * certificates in parameter order. |
|
| 143 | - * |
|
| 144 | - * @param Certificate ...$certs Certificates |
|
| 145 | - * |
|
| 146 | - * @return bool |
|
| 147 | - */ |
|
| 148 | - public function startsWith(Certificate ...$certs): bool |
|
| 149 | - { |
|
| 150 | - $n = count($certs); |
|
| 151 | - if ($n > count($this->_certificates)) { |
|
| 152 | - return false; |
|
| 153 | - } |
|
| 154 | - for ($i = 0; $i < $n; ++$i) { |
|
| 155 | - if (!$certs[$i]->equals($this->_certificates[$i])) { |
|
| 156 | - return false; |
|
| 157 | - } |
|
| 158 | - } |
|
| 159 | - return true; |
|
| 160 | - } |
|
| 161 | - |
|
| 162 | - /** |
|
| 163 | - * Validate certification path. |
|
| 164 | - * |
|
| 165 | - * @param PathValidationConfig $config |
|
| 166 | - * @param null|Crypto $crypto Crypto engine, use default if not set |
|
| 167 | - * |
|
| 168 | - * @throws Exception\PathValidationException |
|
| 169 | - * |
|
| 170 | - * @return PathValidationResult |
|
| 171 | - */ |
|
| 172 | - public function validate(PathValidationConfig $config, |
|
| 173 | - ?Crypto $crypto = null): PathValidationResult |
|
| 174 | - { |
|
| 175 | - $crypto = $crypto ?? Crypto::getDefault(); |
|
| 176 | - $validator = new PathValidator($crypto, $config, ...$this->_certificates); |
|
| 177 | - return $validator->validate(); |
|
| 178 | - } |
|
| 179 | - |
|
| 180 | - /** |
|
| 181 | - * @see \Countable::count() |
|
| 182 | - * |
|
| 183 | - * @return int |
|
| 184 | - */ |
|
| 185 | - public function count(): int |
|
| 186 | - { |
|
| 187 | - return count($this->_certificates); |
|
| 188 | - } |
|
| 189 | - |
|
| 190 | - /** |
|
| 191 | - * Get iterator for certificates. |
|
| 192 | - * |
|
| 193 | - * @see \IteratorAggregate::getIterator() |
|
| 194 | - * |
|
| 195 | - * @return \ArrayIterator |
|
| 196 | - */ |
|
| 197 | - public function getIterator(): \ArrayIterator |
|
| 198 | - { |
|
| 199 | - return new \ArrayIterator($this->_certificates); |
|
| 200 | - } |
|
| 27 | + /** |
|
| 28 | + * Certification path. |
|
| 29 | + * |
|
| 30 | + * @var Certificate[] |
|
| 31 | + */ |
|
| 32 | + protected $_certificates; |
|
| 33 | + |
|
| 34 | + /** |
|
| 35 | + * Constructor. |
|
| 36 | + * |
|
| 37 | + * @param Certificate ...$certificates Certificates from the trust anchor |
|
| 38 | + * to the target end-entity certificate |
|
| 39 | + */ |
|
| 40 | + public function __construct(Certificate ...$certificates) |
|
| 41 | + { |
|
| 42 | + $this->_certificates = $certificates; |
|
| 43 | + } |
|
| 44 | + |
|
| 45 | + /** |
|
| 46 | + * Initialize from a certificate chain. |
|
| 47 | + * |
|
| 48 | + * @param CertificateChain $chain |
|
| 49 | + * |
|
| 50 | + * @return self |
|
| 51 | + */ |
|
| 52 | + public static function fromCertificateChain(CertificateChain $chain): self |
|
| 53 | + { |
|
| 54 | + return new self(...array_reverse($chain->certificates(), false)); |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + /** |
|
| 58 | + * Build certification path to given target. |
|
| 59 | + * |
|
| 60 | + * @param Certificate $target Target end-entity certificate |
|
| 61 | + * @param CertificateBundle $trust_anchors List of trust anchors |
|
| 62 | + * @param null|CertificateBundle $intermediate Optional intermediate certificates |
|
| 63 | + * |
|
| 64 | + * @return self |
|
| 65 | + */ |
|
| 66 | + public static function toTarget(Certificate $target, |
|
| 67 | + CertificateBundle $trust_anchors, ?CertificateBundle $intermediate = null): self |
|
| 68 | + { |
|
| 69 | + $builder = new CertificationPathBuilder($trust_anchors); |
|
| 70 | + return $builder->shortestPathToTarget($target, $intermediate); |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + /** |
|
| 74 | + * Build certification path from given trust anchor to target certificate, |
|
| 75 | + * using intermediate certificates from given bundle. |
|
| 76 | + * |
|
| 77 | + * @param Certificate $trust_anchor Trust anchor certificate |
|
| 78 | + * @param Certificate $target Target end-entity certificate |
|
| 79 | + * @param null|CertificateBundle $intermediate Optional intermediate certificates |
|
| 80 | + * |
|
| 81 | + * @return self |
|
| 82 | + */ |
|
| 83 | + public static function fromTrustAnchorToTarget(Certificate $trust_anchor, |
|
| 84 | + Certificate $target, ?CertificateBundle $intermediate = null): self |
|
| 85 | + { |
|
| 86 | + return self::toTarget($target, new CertificateBundle($trust_anchor), |
|
| 87 | + $intermediate); |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + /** |
|
| 91 | + * Get certificates. |
|
| 92 | + * |
|
| 93 | + * @return Certificate[] |
|
| 94 | + */ |
|
| 95 | + public function certificates(): array |
|
| 96 | + { |
|
| 97 | + return $this->_certificates; |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + /** |
|
| 101 | + * Get the trust anchor certificate from the path. |
|
| 102 | + * |
|
| 103 | + * @throws \LogicException If path is empty |
|
| 104 | + * |
|
| 105 | + * @return Certificate |
|
| 106 | + */ |
|
| 107 | + public function trustAnchorCertificate(): Certificate |
|
| 108 | + { |
|
| 109 | + if (!count($this->_certificates)) { |
|
| 110 | + throw new \LogicException('No certificates.'); |
|
| 111 | + } |
|
| 112 | + return $this->_certificates[0]; |
|
| 113 | + } |
|
| 114 | + |
|
| 115 | + /** |
|
| 116 | + * Get the end-entity certificate from the path. |
|
| 117 | + * |
|
| 118 | + * @throws \LogicException If path is empty |
|
| 119 | + * |
|
| 120 | + * @return Certificate |
|
| 121 | + */ |
|
| 122 | + public function endEntityCertificate(): Certificate |
|
| 123 | + { |
|
| 124 | + if (!count($this->_certificates)) { |
|
| 125 | + throw new \LogicException('No certificates.'); |
|
| 126 | + } |
|
| 127 | + return $this->_certificates[count($this->_certificates) - 1]; |
|
| 128 | + } |
|
| 129 | + |
|
| 130 | + /** |
|
| 131 | + * Get certification path as a certificate chain. |
|
| 132 | + * |
|
| 133 | + * @return CertificateChain |
|
| 134 | + */ |
|
| 135 | + public function certificateChain(): CertificateChain |
|
| 136 | + { |
|
| 137 | + return new CertificateChain(...array_reverse($this->_certificates, false)); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + /** |
|
| 141 | + * Check whether certification path starts with one ore more given |
|
| 142 | + * certificates in parameter order. |
|
| 143 | + * |
|
| 144 | + * @param Certificate ...$certs Certificates |
|
| 145 | + * |
|
| 146 | + * @return bool |
|
| 147 | + */ |
|
| 148 | + public function startsWith(Certificate ...$certs): bool |
|
| 149 | + { |
|
| 150 | + $n = count($certs); |
|
| 151 | + if ($n > count($this->_certificates)) { |
|
| 152 | + return false; |
|
| 153 | + } |
|
| 154 | + for ($i = 0; $i < $n; ++$i) { |
|
| 155 | + if (!$certs[$i]->equals($this->_certificates[$i])) { |
|
| 156 | + return false; |
|
| 157 | + } |
|
| 158 | + } |
|
| 159 | + return true; |
|
| 160 | + } |
|
| 161 | + |
|
| 162 | + /** |
|
| 163 | + * Validate certification path. |
|
| 164 | + * |
|
| 165 | + * @param PathValidationConfig $config |
|
| 166 | + * @param null|Crypto $crypto Crypto engine, use default if not set |
|
| 167 | + * |
|
| 168 | + * @throws Exception\PathValidationException |
|
| 169 | + * |
|
| 170 | + * @return PathValidationResult |
|
| 171 | + */ |
|
| 172 | + public function validate(PathValidationConfig $config, |
|
| 173 | + ?Crypto $crypto = null): PathValidationResult |
|
| 174 | + { |
|
| 175 | + $crypto = $crypto ?? Crypto::getDefault(); |
|
| 176 | + $validator = new PathValidator($crypto, $config, ...$this->_certificates); |
|
| 177 | + return $validator->validate(); |
|
| 178 | + } |
|
| 179 | + |
|
| 180 | + /** |
|
| 181 | + * @see \Countable::count() |
|
| 182 | + * |
|
| 183 | + * @return int |
|
| 184 | + */ |
|
| 185 | + public function count(): int |
|
| 186 | + { |
|
| 187 | + return count($this->_certificates); |
|
| 188 | + } |
|
| 189 | + |
|
| 190 | + /** |
|
| 191 | + * Get iterator for certificates. |
|
| 192 | + * |
|
| 193 | + * @see \IteratorAggregate::getIterator() |
|
| 194 | + * |
|
| 195 | + * @return \ArrayIterator |
|
| 196 | + */ |
|
| 197 | + public function getIterator(): \ArrayIterator |
|
| 198 | + { |
|
| 199 | + return new \ArrayIterator($this->_certificates); |
|
| 200 | + } |
|
| 201 | 201 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\CertificationPath\Exception; |
| 6 | 6 | |
@@ -12,114 +12,114 @@ |
||
| 12 | 12 | */ |
| 13 | 13 | class ACValidationConfig |
| 14 | 14 | { |
| 15 | - /** |
|
| 16 | - * Certification path of the AC holder. |
|
| 17 | - * |
|
| 18 | - * @var CertificationPath |
|
| 19 | - */ |
|
| 20 | - protected $_holderPath; |
|
| 15 | + /** |
|
| 16 | + * Certification path of the AC holder. |
|
| 17 | + * |
|
| 18 | + * @var CertificationPath |
|
| 19 | + */ |
|
| 20 | + protected $_holderPath; |
|
| 21 | 21 | |
| 22 | - /** |
|
| 23 | - * Certification path of the AC issuer. |
|
| 24 | - * |
|
| 25 | - * @var CertificationPath |
|
| 26 | - */ |
|
| 27 | - protected $_issuerPath; |
|
| 22 | + /** |
|
| 23 | + * Certification path of the AC issuer. |
|
| 24 | + * |
|
| 25 | + * @var CertificationPath |
|
| 26 | + */ |
|
| 27 | + protected $_issuerPath; |
|
| 28 | 28 | |
| 29 | - /** |
|
| 30 | - * Evaluation reference time. |
|
| 31 | - * |
|
| 32 | - * @var \DateTimeImmutable |
|
| 33 | - */ |
|
| 34 | - protected $_evalTime; |
|
| 29 | + /** |
|
| 30 | + * Evaluation reference time. |
|
| 31 | + * |
|
| 32 | + * @var \DateTimeImmutable |
|
| 33 | + */ |
|
| 34 | + protected $_evalTime; |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Permitted targets. |
|
| 38 | - * |
|
| 39 | - * @var Target[] |
|
| 40 | - */ |
|
| 41 | - protected $_targets; |
|
| 36 | + /** |
|
| 37 | + * Permitted targets. |
|
| 38 | + * |
|
| 39 | + * @var Target[] |
|
| 40 | + */ |
|
| 41 | + protected $_targets; |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * Constructor. |
|
| 45 | - * |
|
| 46 | - * @param CertificationPath $holder_path Certification path of the AC holder |
|
| 47 | - * @param CertificationPath $issuer_path Certification path of the AC issuer |
|
| 48 | - */ |
|
| 49 | - public function __construct(CertificationPath $holder_path, |
|
| 50 | - CertificationPath $issuer_path) |
|
| 51 | - { |
|
| 52 | - $this->_holderPath = $holder_path; |
|
| 53 | - $this->_issuerPath = $issuer_path; |
|
| 54 | - $this->_evalTime = new \DateTimeImmutable(); |
|
| 55 | - $this->_targets = []; |
|
| 56 | - } |
|
| 43 | + /** |
|
| 44 | + * Constructor. |
|
| 45 | + * |
|
| 46 | + * @param CertificationPath $holder_path Certification path of the AC holder |
|
| 47 | + * @param CertificationPath $issuer_path Certification path of the AC issuer |
|
| 48 | + */ |
|
| 49 | + public function __construct(CertificationPath $holder_path, |
|
| 50 | + CertificationPath $issuer_path) |
|
| 51 | + { |
|
| 52 | + $this->_holderPath = $holder_path; |
|
| 53 | + $this->_issuerPath = $issuer_path; |
|
| 54 | + $this->_evalTime = new \DateTimeImmutable(); |
|
| 55 | + $this->_targets = []; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * Get certification path of the AC's holder. |
|
| 60 | - * |
|
| 61 | - * @return CertificationPath |
|
| 62 | - */ |
|
| 63 | - public function holderPath(): CertificationPath |
|
| 64 | - { |
|
| 65 | - return $this->_holderPath; |
|
| 66 | - } |
|
| 58 | + /** |
|
| 59 | + * Get certification path of the AC's holder. |
|
| 60 | + * |
|
| 61 | + * @return CertificationPath |
|
| 62 | + */ |
|
| 63 | + public function holderPath(): CertificationPath |
|
| 64 | + { |
|
| 65 | + return $this->_holderPath; |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - /** |
|
| 69 | - * Get certification path of the AC's issuer. |
|
| 70 | - * |
|
| 71 | - * @return CertificationPath |
|
| 72 | - */ |
|
| 73 | - public function issuerPath(): CertificationPath |
|
| 74 | - { |
|
| 75 | - return $this->_issuerPath; |
|
| 76 | - } |
|
| 68 | + /** |
|
| 69 | + * Get certification path of the AC's issuer. |
|
| 70 | + * |
|
| 71 | + * @return CertificationPath |
|
| 72 | + */ |
|
| 73 | + public function issuerPath(): CertificationPath |
|
| 74 | + { |
|
| 75 | + return $this->_issuerPath; |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * Get self with given evaluation reference time. |
|
| 80 | - * |
|
| 81 | - * @param \DateTimeImmutable $dt |
|
| 82 | - * |
|
| 83 | - * @return self |
|
| 84 | - */ |
|
| 85 | - public function withEvaluationTime(\DateTimeImmutable $dt): self |
|
| 86 | - { |
|
| 87 | - $obj = clone $this; |
|
| 88 | - $obj->_evalTime = $dt; |
|
| 89 | - return $obj; |
|
| 90 | - } |
|
| 78 | + /** |
|
| 79 | + * Get self with given evaluation reference time. |
|
| 80 | + * |
|
| 81 | + * @param \DateTimeImmutable $dt |
|
| 82 | + * |
|
| 83 | + * @return self |
|
| 84 | + */ |
|
| 85 | + public function withEvaluationTime(\DateTimeImmutable $dt): self |
|
| 86 | + { |
|
| 87 | + $obj = clone $this; |
|
| 88 | + $obj->_evalTime = $dt; |
|
| 89 | + return $obj; |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - /** |
|
| 93 | - * Get the evaluation reference time. |
|
| 94 | - * |
|
| 95 | - * @return \DateTimeImmutable |
|
| 96 | - */ |
|
| 97 | - public function evaluationTime(): \DateTimeImmutable |
|
| 98 | - { |
|
| 99 | - return $this->_evalTime; |
|
| 100 | - } |
|
| 92 | + /** |
|
| 93 | + * Get the evaluation reference time. |
|
| 94 | + * |
|
| 95 | + * @return \DateTimeImmutable |
|
| 96 | + */ |
|
| 97 | + public function evaluationTime(): \DateTimeImmutable |
|
| 98 | + { |
|
| 99 | + return $this->_evalTime; |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - /** |
|
| 103 | - * Get self with permitted targets. |
|
| 104 | - * |
|
| 105 | - * @param Target ...$targets |
|
| 106 | - * |
|
| 107 | - * @return self |
|
| 108 | - */ |
|
| 109 | - public function withTargets(Target ...$targets): self |
|
| 110 | - { |
|
| 111 | - $obj = clone $this; |
|
| 112 | - $obj->_targets = $targets; |
|
| 113 | - return $obj; |
|
| 114 | - } |
|
| 102 | + /** |
|
| 103 | + * Get self with permitted targets. |
|
| 104 | + * |
|
| 105 | + * @param Target ...$targets |
|
| 106 | + * |
|
| 107 | + * @return self |
|
| 108 | + */ |
|
| 109 | + public function withTargets(Target ...$targets): self |
|
| 110 | + { |
|
| 111 | + $obj = clone $this; |
|
| 112 | + $obj->_targets = $targets; |
|
| 113 | + return $obj; |
|
| 114 | + } |
|
| 115 | 115 | |
| 116 | - /** |
|
| 117 | - * Get array of permitted targets. |
|
| 118 | - * |
|
| 119 | - * @return Target[] |
|
| 120 | - */ |
|
| 121 | - public function targets(): array |
|
| 122 | - { |
|
| 123 | - return $this->_targets; |
|
| 124 | - } |
|
| 116 | + /** |
|
| 117 | + * Get array of permitted targets. |
|
| 118 | + * |
|
| 119 | + * @return Target[] |
|
| 120 | + */ |
|
| 121 | + public function targets(): array |
|
| 122 | + { |
|
| 123 | + return $this->_targets; |
|
| 124 | + } |
|
| 125 | 125 | } |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\AttributeCertificate\Validation; |
| 6 | 6 | |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -declare(strict_types = 1); |
|
| 3 | +declare(strict_types=1); |
|
| 4 | 4 | |
| 5 | 5 | namespace Sop\X509\AttributeCertificate\Validation\Exception; |
| 6 | 6 | |
