/**
* Apply inhibit any-policy handling for the preparation step.
*
* @param ValidatorState $state
* @param Certificate $cert
* @return ValidatorState
*/
private function _prepareInhibitAnyPolicy(ValidatorState $state, Certificate $cert)
{
$extensions = $cert->tbsCertificate()->extensions();
if ($extensions->hasInhibitAnyPolicy()) {
$ext = $extensions->inhibitAnyPolicy();
if ($ext->skipCerts() < $state->inhibitAnyPolicy()) {
$state = $state->withInhibitAnyPolicy($ext->skipCerts());
}
}
return $state;
}
/**
* Process anyPolicy policy information.
*
* @param PolicyInformation $policy
* @param Certificate $cert
* @param ValidatorState $state
*/
protected function _processAnyPolicy(PolicyInformation $policy, Certificate $cert, ValidatorState $state)
{
$i = $state->index();
// if (a) inhibit_anyPolicy is greater than 0 or
// (b) i<n and the certificate is self-issued
if (!($state->inhibitAnyPolicy() > 0 || $i < $state->pathLength() && $cert->isSelfIssued())) {
return;
}
// for each node in the valid_policy_tree of depth i-1
foreach ($this->_nodesAtDepth($i - 1) as $node) {
// for each value in the expected_policy_set
foreach ($node->expectedPolicies() as $p_oid) {
// that does not appear in a child node
if (!$node->hasChildWithValidPolicy($p_oid)) {
$node->addChild(new PolicyNode($p_oid, $policy->qualifiers(), array($p_oid)));
}
}
}
}
