protected static function validate($certPem, $caCertPem, $crlPem = NULL, $crlDistCertPem = NULL)
 {
     $caCertObj = X509Util::loadCACert($caCertPem);
     $certObj = new \File_X509();
     $certObj->loadCA($caCertPem);
     if ($crlPem !== NULL) {
         $crlObj = new \File_X509();
         if ($crlDistCertPem) {
             $crlDistCertObj = X509Util::loadCrlDistCert($crlDistCertPem, NULL, $caCertPem);
             if ($crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING) !== $caCertObj->getSubjectDN(FILE_X509_DN_STRING)) {
                 throw new InvalidCertException(sprintf("CRL distributor (%s) does not act on behalf of this CA (%s)", $crlDistCertObj->getSubjectDN(FILE_X509_DN_STRING), $caCertObj->getSubjectDN(FILE_X509_DN_STRING)));
             }
             try {
                 self::validate($crlDistCertPem, $caCertPem);
             } catch (InvalidCertException $ie) {
                 throw new InvalidCertException("CRL distributor has an invalid certificate", 0, $ie);
             }
             $crlObj->loadCA($crlDistCertPem);
         }
         $crlObj->loadCA($caCertPem);
         $crlObj->loadCRL($crlPem);
         if (!$crlObj->validateSignature()) {
             throw new InvalidCertException("CRL signature is invalid");
         }
     }
     $parsedCert = $certObj->loadX509($certPem);
     if ($crlPem !== NULL) {
         if (empty($parsedCert)) {
             throw new InvalidCertException("Identity is invalid. Empty certificate.");
         }
         if (empty($parsedCert['tbsCertificate']['serialNumber'])) {
             throw new InvalidCertException("Identity is invalid. No serial number.");
         }
         $revoked = $crlObj->getRevoked($parsedCert['tbsCertificate']['serialNumber']->toString());
         if (!empty($revoked)) {
             throw new InvalidCertException("Identity is invalid. Certificate revoked.");
         }
     }
     if (!$certObj->validateSignature()) {
         throw new InvalidCertException("Identity is invalid. Certificate is not signed by proper CA.");
     }
     if (!$certObj->validateDate(Time::getTime())) {
         throw new ExpiredCertException("Identity is invalid. Certificate expired.");
     }
 }