Tls12Checker::checkAvailableCiphers() - Code Metrics - Inspection of "feat(Extension): support API extensions" - commercetools/commercetools-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( b6cb2c...9ca58c )

by Jens

created 2018-08-15 11:27 UTC

Tls12Checker::checkAvailableCiphers() A

↳ Parent: Project

Complexity

Conditions	3
Paths	3

Size

Total Lines	10
Code Lines	8

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	8
c	1
b	0
f	0
dl	0
loc	10
rs	10
cc	3
nc	3
nop	0

#!/usr/bin/env php

<?php

class Tls12Checker
{
    const API_URI = 'api-tls12.commercetools.com';

    const URIS = [
        'auth-tls12.commercetools.com',
        'api-tls12.commercetools.com',
        'auth-tls12.commercetools.co',
        'api-tls12.commercetools.co',
        'api.sphere.io',
        'api.commercetools.co',
    ];

    public function allowedCiphers()
    {
        return [
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
        ];
    }

    /**
     * @return array
     * @throws \Exception
     */
    private function getSupportedCiphers()
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);
        $tlsInfo = json_decode($response, true);

        if ($response === false) {
            throw new \Exception('Connection not connect using TLS 1.2', 1);
        }

        return isset($tlsInfo['given_cipher_suites']) ? $tlsInfo['given_cipher_suites'] : [];
    }

    /**
     * @throws \Exception
     */
    private function checkCiphers()
    {
        $supportedCiphers = $this->getSupportedCiphers();
        $allowedCiphers = $this->allowedCiphers();

        $diff = array_diff($allowedCiphers, $supportedCiphers);

        if (count($diff) < count($allowedCiphers)) {
            return;
        };
        throw new \Exception('None of the allowed cipher suites are supported by curl: ' . implode(', ', $allowedCiphers), 1);
    }

    /**
     * @param string $apiUri
     * @param string $cipher
     * @throws Exception
     */
    private function checkApiConnection($apiUri = self::API_URI, $cipher = null)
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://' . $apiUri);
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        if (!is_null($cipher)) {
            curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $cipher);
        }
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);

        if ($response == false) {
            throw new \Exception('Could not connect not connect to API using TLS 1.2' . (is_null($cipher) ? '' : ' with cipher ' . $cipher), 1);
        }
    }

    private function checkCurlVersion()
    {
        $curlVersion = curl_version();
        $supportsTLS12 = true;
        if (version_compare(curl_version()['version'], '7.34.0', '<')) {
            $supportsTLS12 = false;
        }
        echo 'Curl version: ' . ($supportsTLS12 ? "\033[32m" : "\033[31m") . curl_version()['version'] . "\033[0m" . ($supportsTLS12 ? '' : '(TLS 1.2 not supported)') . PHP_EOL;

        if (isset($curlVersion['ssl_version'])) {
            echo 'Curl SSL Library: ' . curl_version()['ssl_version'] . PHP_EOL;
        }
    }

    /**
     * @return int
     */
    public function check()
    {
        $this->checkCurlVersion();

        echo "Checking TLS 1.2 connection ... ";
        try {
            $this->checkCiphers();
            foreach (self::URIS as $uri) {
                $this->checkApiConnection($uri);
            }
        } catch (\Exception $exception) {
            echo "\033[31mFailed\033[0m" . PHP_EOL;
            echo $exception->getMessage() . PHP_EOL;
            return (int)$exception->getCode();
        }

        echo "\033[32mOK\033[0m" . PHP_EOL;

        return 0;
    }

//    private function availableCiphers()
//    {
//        $localCiphers = explode(' ', exec('openssl ciphers \'ALL:eNULL\' | tr \':\' \' \''));
//        $allowedCiphers = [];
//        foreach ($localCiphers as $localCipher) {
//            exec('echo -n | openssl s_client -connect ' . self::API_URI . ':443 -cipher ' . $localCipher . ' -tls1_2 2>&1', $dummy, $status);
//            if ($status === 0) {
//                $allowedCiphers[] = $localCipher;
//            }
//        }
//
//        return $allowedCiphers;
//    }
//
//    private function checkAvailableCiphers()
//    {
//        $availableCiphers = $this->availableCiphers();
//        foreach ($availableCiphers as $cipher) {
//            echo 'Testing ' . $cipher . '...';
//            try {
//                $this->checkApiConnection(self::API_URI, $cipher);
//                echo "\033[32mOK\033[0m" . PHP_EOL;
//            } catch (\Exception $exception) {
//                echo "\033[31mFailed\033[0m" . PHP_EOL;
//            }
//        }
//    }
}

$checker = new Tls12Checker();
exit($checker->check());


1			#!/usr/bin/env php
			0 ignored issues – show Coding Style Compatibility introduced 2018-07-23 11:33 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 4 and the first side effect is on line 1. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			<?php
3
4			class Tls12Checker
5			{
6			const API_URI = 'api-tls12.commercetools.com';
7
8			const URIS = [
9			'auth-tls12.commercetools.com',
10			'api-tls12.commercetools.com',
11			'auth-tls12.commercetools.co',
12			'api-tls12.commercetools.co',
13			'api.sphere.io',
14			'api.commercetools.co',
15			];
16
17			public function allowedCiphers()
18			{
19			return [
20			'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
21			'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
22			'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
23			'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
24			'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
25			'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
26			'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
27			'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
28			'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
29			'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
30			];
31			}
32
33			/**
34			* @return array
35			* @throws \Exception
36			*/
37			private function getSupportedCiphers()
38			{
39			$ch = curl_init();
40			curl_setopt($ch, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
41			curl_setopt($ch, CURLOPT_SSLVERSION, 6);
42			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
43			$response = curl_exec($ch);
44			curl_close($ch);
45			$tlsInfo = json_decode($response, true);
46
47			if ($response === false) {
48			throw new \Exception('Connection not connect using TLS 1.2', 1);
49			}
50
51			return isset($tlsInfo['given_cipher_suites']) ? $tlsInfo['given_cipher_suites'] : [];
52			}
53
54			/**
55			* @throws \Exception
56			*/
57			private function checkCiphers()
58			{
59			$supportedCiphers = $this->getSupportedCiphers();
60			$allowedCiphers = $this->allowedCiphers();
61
62			$diff = array_diff($allowedCiphers, $supportedCiphers);
63
64			if (count($diff) < count($allowedCiphers)) {
65			return;
66			};
67			throw new \Exception('None of the allowed cipher suites are supported by curl: ' . implode(', ', $allowedCiphers), 1);
68			}
69
70			/**
71			* @param string $apiUri
72			* @param string $cipher
73			* @throws Exception
74			*/
75			private function checkApiConnection($apiUri = self::API_URI, $cipher = null)
76			{
77			$ch = curl_init();
78			curl_setopt($ch, CURLOPT_URL, 'https://' . $apiUri);
79			curl_setopt($ch, CURLOPT_SSLVERSION, 6);
80			if (!is_null($cipher)) {
81			curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $cipher);
82			}
83			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
84			$response = curl_exec($ch);
85			curl_close($ch);
86
87			if ($response == false) {
88			throw new \Exception('Could not connect not connect to API using TLS 1.2' . (is_null($cipher) ? '' : ' with cipher ' . $cipher), 1);
89			}
90			}
91
92			private function checkCurlVersion()
93			{
94			$curlVersion = curl_version();
95			$supportsTLS12 = true;
96			if (version_compare(curl_version()['version'], '7.34.0', '<')) {
97			$supportsTLS12 = false;
98			}
99			echo 'Curl version: ' . ($supportsTLS12 ? "\033[32m" : "\033[31m") . curl_version()['version'] . "\033[0m" . ($supportsTLS12 ? '' : '(TLS 1.2 not supported)') . PHP_EOL;
100
101			if (isset($curlVersion['ssl_version'])) {
102			echo 'Curl SSL Library: ' . curl_version()['ssl_version'] . PHP_EOL;
103			}
104			}
105
106			/**
107			* @return int
108			*/
109			public function check()
110			{
111			$this->checkCurlVersion();
112
113			echo "Checking TLS 1.2 connection ... ";
114			try {
115			$this->checkCiphers();
116			foreach (self::URIS as $uri) {
117			$this->checkApiConnection($uri);
118			}
119			} catch (\Exception $exception) {
120			echo "\033[31mFailed\033[0m" . PHP_EOL;
121			echo $exception->getMessage() . PHP_EOL;
122			return (int)$exception->getCode();
123			}
124
125			echo "\033[32mOK\033[0m" . PHP_EOL;
126
127			return 0;
128			}
129
130			// private function availableCiphers()
131			// {
132			// $localCiphers = explode(' ', exec('openssl ciphers \'ALL:eNULL\' \| tr \':\' \' \''));
133			// $allowedCiphers = [];
134			// foreach ($localCiphers as $localCipher) {
135			// exec('echo -n \| openssl s_client -connect ' . self::API_URI . ':443 -cipher ' . $localCipher . ' -tls1_2 2>&1', $dummy, $status);
136			// if ($status === 0) {
137			// $allowedCiphers[] = $localCipher;
138			// }
139			// }
140			//
141			// return $allowedCiphers;
142			// }
143			//
144			// private function checkAvailableCiphers()
145			// {
146			// $availableCiphers = $this->availableCiphers();
147			// foreach ($availableCiphers as $cipher) {
148			// echo 'Testing ' . $cipher . '...';
149			// try {
150			// $this->checkApiConnection(self::API_URI, $cipher);
151			// echo "\033[32mOK\033[0m" . PHP_EOL;
152			// } catch (\Exception $exception) {
153			// echo "\033[31mFailed\033[0m" . PHP_EOL;
154			// }
155			// }
156			// }
157			}
158
159			$checker = new Tls12Checker();
160			exit($checker->check());
161

commercetools / commercetools-php-sdk

Push — develop ( b6cb2c...9ca58c )

Tls12Checker::checkAvailableCiphers() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like