Tls12Checker::availableCiphers() - Code Metrics - Inspection of "TLS 1.2 check (#405)" - commercetools/commercetools-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( 1f08f8...eba565 )

by Jens

created 2018-07-23 11:56 UTC

Tls12Checker::availableCiphers() A

↳ Parent: Tls12Checker

Complexity

Conditions	3
Paths	3

Size

Total Lines	12
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	7
c	1
b	0
f	0
dl	0
loc	12
rs	10
cc	3
nc	3
nop	0

#!/usr/bin/env php

<?php

class Tls12Checker
{
    const API_URI = 'api.escemo.com';

    public function allowedCiphers()
    {
        return [
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
        ];
    }

    /**
     * @return array
     * @throws \Exception
     */
    private function getSupportedCiphers()
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);
        $tlsInfo = json_decode($response, true);

        if ($response === false) {
            throw new \Exception('Connection not connect using TLS 1.2', 1);
        }

        return isset($tlsInfo['given_cipher_suites']) ? $tlsInfo['given_cipher_suites'] : [];
    }

    /**
     * @throws \Exception
     */
    private function checkCiphers()
    {
        $supportedCiphers = $this->getSupportedCiphers();
        $allowedCiphers = $this->allowedCiphers();

        $diff = array_diff($allowedCiphers, $supportedCiphers);

        if (count($diff) < count($allowedCiphers)) {
            return;
        };
        throw new \Exception('None of the allowed cipher suites are supported by curl: ' . implode(', ', $allowedCiphers), 1);
    }

    /**
     * @throws \Exception
     */
    private function checkApiConnection($cipher = null)
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://' . self::API_URI);
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        if (!is_null($cipher)) {
            curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $cipher);
        }
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);

        if ($response == false) {
            throw new \Exception('Could not connect not connect to API using TLS 1.2' . (is_null($cipher) ? '' : ' with cipher ' . $cipher), 1);
        }
    }

    private function checkCurlVersion()
    {
        $curlVersion = curl_version();
        $supportsTLS12 = true;
        if (version_compare(curl_version()['version'], '7.34.0', '<')) {
            $supportsTLS12 = false;
        }
        echo 'Curl version: ' . ($supportsTLS12 ? "\033[32m" : "\033[31m") . curl_version()['version'] . "\033[0m" . ($supportsTLS12 ? '' : '(TLS 1.2 not supported)') . PHP_EOL;

        if (isset($curlVersion['ssl_version'])) {
            echo 'Curl SSL Library: ' . curl_version()['ssl_version'] . PHP_EOL;
        }
    }

    /**
     * @return int
     */
    public function check()
    {
        $this->checkCurlVersion();

        echo "Checking TLS 1.2 connection ... ";
        try {
            $this->checkCiphers();
            $this->checkApiConnection();
        } catch (\Exception $exception) {
            echo "\033[31mFailed\033[0m" . PHP_EOL;
            echo $exception->getMessage() . PHP_EOL;
            return (int)$exception->getCode();
        }

        echo "\033[32mOK\033[0m" . PHP_EOL;

        return 0;
    }

    private function availableCiphers()
    {
        $localCiphers = explode(' ', exec('openssl ciphers \'ALL:eNULL\' | tr \':\' \' \''));
        $allowedCiphers = [];
        foreach ($localCiphers as $localCipher) {
            exec('echo -n | openssl s_client -connect ' . self::API_URI . ':443 -cipher ' . $localCipher . ' -tls1_2 2>&1', $dummy, $status);
            if ($status === 0) {
                $allowedCiphers[] = $localCipher;
            }
        }

        return $allowedCiphers;
    }

    private function checkAvailableCiphers()

    {
        $availableCiphers = $this->availableCiphers();
        foreach ($availableCiphers as $cipher) {
            echo 'Testing ' . $cipher . '...';
            try {
                $this->checkApiConnection($cipher);
                echo "\033[32mOK\033[0m" . PHP_EOL;
            } catch (\Exception $exception) {
                echo "\033[31mFailed\033[0m" . PHP_EOL;
            }
        }
    }
}

$checker = new Tls12Checker();
exit($checker->check());


1			#!/usr/bin/env php
			0 ignored issues – show Coding Style Compatibility introduced 2018-07-23 11:33 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 4 and the first side effect is on line 1. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			<?php
3
4			class Tls12Checker
5			{
6			const API_URI = 'api.escemo.com';
7
8			public function allowedCiphers()
9			{
10			return [
11			'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
12			'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
13			'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
14			'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
15			'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
16			'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
17			'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
18			'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
19			'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
20			'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
21			];
22			}
23
24			/**
25			* @return array
26			* @throws \Exception
27			*/
28			private function getSupportedCiphers()
29			{
30			$ch = curl_init();
31			curl_setopt($ch, CURLOPT_URL, "https://www.howsmyssl.com/a/check");
32			curl_setopt($ch, CURLOPT_SSLVERSION, 6);
33			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
34			$response = curl_exec($ch);
35			curl_close($ch);
36			$tlsInfo = json_decode($response, true);
37
38			if ($response === false) {
39			throw new \Exception('Connection not connect using TLS 1.2', 1);
40			}
41
42			return isset($tlsInfo['given_cipher_suites']) ? $tlsInfo['given_cipher_suites'] : [];
43			}
44
45			/**
46			* @throws \Exception
47			*/
48			private function checkCiphers()
49			{
50			$supportedCiphers = $this->getSupportedCiphers();
51			$allowedCiphers = $this->allowedCiphers();
52
53			$diff = array_diff($allowedCiphers, $supportedCiphers);
54
55			if (count($diff) < count($allowedCiphers)) {
56			return;
57			};
58			throw new \Exception('None of the allowed cipher suites are supported by curl: ' . implode(', ', $allowedCiphers), 1);
59			}
60
61			/**
62			* @throws \Exception
63			*/
64			private function checkApiConnection($cipher = null)
65			{
66			$ch = curl_init();
67			curl_setopt($ch, CURLOPT_URL, 'https://' . self::API_URI);
68			curl_setopt($ch, CURLOPT_SSLVERSION, 6);
69			if (!is_null($cipher)) {
70			curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $cipher);
71			}
72			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
73			$response = curl_exec($ch);
74			curl_close($ch);
75
76			if ($response == false) {
77			throw new \Exception('Could not connect not connect to API using TLS 1.2' . (is_null($cipher) ? '' : ' with cipher ' . $cipher), 1);
78			}
79			}
80
81			private function checkCurlVersion()
82			{
83			$curlVersion = curl_version();
84			$supportsTLS12 = true;
85			if (version_compare(curl_version()['version'], '7.34.0', '<')) {
86			$supportsTLS12 = false;
87			}
88			echo 'Curl version: ' . ($supportsTLS12 ? "\033[32m" : "\033[31m") . curl_version()['version'] . "\033[0m" . ($supportsTLS12 ? '' : '(TLS 1.2 not supported)') . PHP_EOL;
89
90			if (isset($curlVersion['ssl_version'])) {
91			echo 'Curl SSL Library: ' . curl_version()['ssl_version'] . PHP_EOL;
92			}
93			}
94
95			/**
96			* @return int
97			*/
98			public function check()
99			{
100			$this->checkCurlVersion();
101
102			echo "Checking TLS 1.2 connection ... ";
103			try {
104			$this->checkCiphers();
105			$this->checkApiConnection();
106			} catch (\Exception $exception) {
107			echo "\033[31mFailed\033[0m" . PHP_EOL;
108			echo $exception->getMessage() . PHP_EOL;
109			return (int)$exception->getCode();
110			}
111
112			echo "\033[32mOK\033[0m" . PHP_EOL;
113
114			return 0;
115			}
116
117			private function availableCiphers()
118			{
119			$localCiphers = explode(' ', exec('openssl ciphers \'ALL:eNULL\' \| tr \':\' \' \''));
120			$allowedCiphers = [];
121			foreach ($localCiphers as $localCipher) {
122			exec('echo -n \| openssl s_client -connect ' . self::API_URI . ':443 -cipher ' . $localCipher . ' -tls1_2 2>&1', $dummy, $status);
123			if ($status === 0) {
124			$allowedCiphers[] = $localCipher;
125			}
126			}
127
128			return $allowedCiphers;
129			}
130
131			private function checkAvailableCiphers()
			0 ignored issues – show Unused Code introduced 2018-07-23 11:33 UTC by Report Bug Copy Issue Report The method `checkAvailableCiphers()` is not used, and could be removed. This check looks for private methods that have been defined, but are not used inside the class. Loading history...
132			{
133			$availableCiphers = $this->availableCiphers();
134			foreach ($availableCiphers as $cipher) {
135			echo 'Testing ' . $cipher . '...';
136			try {
137			$this->checkApiConnection($cipher);
138			echo "\033[32mOK\033[0m" . PHP_EOL;
139			} catch (\Exception $exception) {
140			echo "\033[31mFailed\033[0m" . PHP_EOL;
141			}
142			}
143			}
144			}
145
146			$checker = new Tls12Checker();
147			exit($checker->check());
148

commercetools / commercetools-php-sdk

Push — develop ( 1f08f8...eba565 )

Tls12Checker::availableCiphers() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like