@@ -46,13 +46,21 @@ public function __construct(
4646
4747 /**
4848 * Validate a certificate against the CRL Distribution Points found in its
49- * data. Returns an array with at least a 'status' key ({@see CrlValidationStatus})
49+ * data. Returns an array with a 'status' key (always {@see CrlValidationStatus})
5050 * and optionally 'revoked_at' (ISO 8601) when the certificate is revoked.
51+ *
52+ * @return array{status: CrlValidationStatus, revoked_at?: string}
5153 */
5254 public function validate (array $ crlUrls , string $ certPem ): array {
5355 return $ this ->validateFromUrlsWithDetails ($ crlUrls , $ certPem );
5456 }
5557
58+ /**
59+ * Internal validation worker that iterates through CRL distribution points
60+ * and returns the validation status from the first accessible/conclusive point.
61+ *
62+ * @return array{status: CrlValidationStatus, revoked_at?: string}
63+ */
5664 private function validateFromUrlsWithDetails (array $ crlUrls , string $ certPem ): array {
5765 $ externalValidationEnabled = $ this ->appConfig ->getValueBool (Application::APP_ID , 'crl_external_validation_enabled ' , true );
5866
@@ -106,6 +114,11 @@ private function validateFromUrlsWithDetails(array $crlUrls, string $certPem): a
106114 return ['status ' => CrlValidationStatus::VALIDATION_FAILED ];
107115 }
108116
117+ /**
118+ * Download and validate CRL content from a single source URL.
119+ *
120+ * @return array{status: CrlValidationStatus, revoked_at?: string}
121+ */
109122 private function downloadAndValidateWithDetails (string $ crlUrl , string $ certPem , bool $ isLocal ): array {
110123 try {
111124 if ($ isLocal ) {
@@ -226,6 +239,11 @@ protected function isSerialNumberInCrl(string $crlText, string $serialNumber): b
226239 return preg_match ('/Serial Number: 0* ' . preg_quote ($ normalizedSerial , '/ ' ) . '/ ' , $ crlText ) === 1 ;
227240 }
228241
242+ /**
243+ * Check if certificate serial is revoked in the provided CRL content.
244+ *
245+ * @return array{status: CrlValidationStatus, revoked_at?: string}
246+ */
229247 private function checkCertificateInCrlWithDetails (string $ certPem , string $ crlContent ): array {
230248 try {
231249 $ certResource = openssl_x509_read ($ certPem );
0 commit comments