/** * Get chain of parent nodes from this node's parent to the root node. * * @return PolicyNode[] */ public function parents() { if (!$this->_parent) { return array(); } $nodes = $this->_parent->parents(); $nodes[] = $this->_parent; return array_reverse($nodes); }
/** * Get the valid policy node set as specified in spec 6.1.5.(g)(iii)1. * * @return PolicyNode[] */ protected function _validPolicyNodeSet() { // 1. Determine the set of policy nodes whose parent nodes have // a valid_policy of anyPolicy. This is the valid_policy_node_set. $set = array(); if (!$this->_root) { return $set; } // for each node in a tree $this->_root->walkNodes(function (PolicyNode $node) use(&$set) { $parents = $node->parents(); // node has parents if (count($parents)) { // check that each ancestor is an anyPolicy node foreach ($parents as $ancestor) { if (!$ancestor->isAnyPolicy()) { return; } } $set[] = $node; } }); return $set; }
/** * Initialize variables according to RFC 5280 6.1.2. * * @link https://tools.ietf.org/html/rfc5280#section-6.1.2 * @param PathValidationConfig $config * @param Certificate $trust_anchor Trust anchor certificate * @param int $n Number of certificates in the certification path * @return self */ public static function initialize(PathValidationConfig $config, Certificate $trust_anchor, $n) { $state = new self(); $state->_pathLength = $n; $state->_index = 1; $state->_validPolicyTree = new PolicyTree(PolicyNode::anyPolicyNode()); $state->_permittedSubtrees = null; $state->_excludedSubtrees = null; $state->_explicitPolicy = $config->explicitPolicy() ? 0 : $n + 1; $state->_inhibitAnyPolicy = $config->anyPolicyInhibit() ? 0 : $n + 1; $state->_policyMapping = $config->policyMappingInhibit() ? 0 : $n + 1; $state->_workingPublicKeyAlgorithm = $trust_anchor->signatureAlgorithm(); $tbsCert = $trust_anchor->tbsCertificate(); $state->_workingPublicKey = $tbsCert->subjectPublicKeyInfo(); $state->_workingPublicKeyParameters = self::getAlgorithmParameters($state->_workingPublicKey->algorithmIdentifier()); $state->_workingIssuerName = $tbsCert->issuer(); $state->_maxPathLength = $config->maxLength(); return $state; }