/**
* Verify AC's signature and issuer's certification.
*
* @throws ACValidationException
* @return Certificate Certificate of the AC's issuer
*/
private function _verifyIssuer()
{
$path = $this->_config->issuerPath();
$config = PathValidationConfig::defaultConfig()->withMaxLength(count($path))->withDateTime($this->_config->evaluationTime());
try {
$issuer = $path->validate($this->_crypto, $config)->certificate();
} catch (PathValidationException $e) {
throw new ACValidationException("Failed to validate issuer PKC's certification path.", null, $e);
}
if (!$this->_ac->isIssuedBy($issuer)) {
throw new ACValidationException("Name mismatch of AC's issuer PKC.");
}
$pubkey_info = $issuer->tbsCertificate()->subjectPublicKeyInfo();
if (!$this->_ac->verify($this->_crypto, $pubkey_info)) {
throw new ACValidationException("Failed to verify signature.");
}
return $issuer;
}
