|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace LiquidWeb\SslCertificate; |
|
4
|
|
|
|
|
5
|
|
|
use Throwable; |
|
6
|
|
|
use phpseclib\File\X509; |
|
7
|
|
|
use LiquidWeb\SslCertificate\Exceptions\Handler; |
|
8
|
|
|
|
|
9
|
|
|
class Downloader |
|
10
|
|
|
{ |
|
11
|
9 |
|
public static function downloadCertificateFromUrl(string $url, int $timeout = 30): array |
|
12
|
|
|
{ |
|
13
|
|
|
// Trusted variable to keep track of SSL trust |
|
14
|
9 |
|
$trusted = true; |
|
15
|
9 |
|
$sslConfig = StreamConfig::configSecure(); |
|
16
|
9 |
|
$parsedUrl = new Url($url); |
|
17
|
8 |
|
$client = null; |
|
18
|
|
|
|
|
19
|
|
|
try { |
|
20
|
8 |
|
$client = stream_socket_client( |
|
21
|
8 |
|
"ssl://{$parsedUrl->getTestURL()}", |
|
22
|
|
|
$errorNumber, |
|
23
|
|
|
$errorDescription, |
|
24
|
|
|
$timeout, |
|
25
|
8 |
|
STREAM_CLIENT_CONNECT, |
|
26
|
8 |
|
$sslConfig->getContext() |
|
27
|
|
|
); |
|
28
|
3 |
|
unset($sslConfig); |
|
29
|
5 |
|
} catch (Throwable $thrown) { |
|
30
|
|
|
// Try agian in insecure mode |
|
31
|
5 |
|
$sslConfig = StreamConfig::configInsecure(); |
|
32
|
5 |
|
$trusted = false; |
|
33
|
|
|
|
|
34
|
|
|
try { |
|
35
|
|
|
// As the URL failed verification we set to false |
|
36
|
5 |
|
$client = stream_socket_client( |
|
37
|
5 |
|
"ssl://{$parsedUrl->getTestURL()}", |
|
38
|
|
|
$errorNumber, |
|
39
|
|
|
$errorDescription, |
|
40
|
|
|
$timeout, |
|
41
|
5 |
|
STREAM_CLIENT_CONNECT, |
|
42
|
5 |
|
$sslConfig->getContext() |
|
43
|
|
|
); |
|
44
|
1 |
|
unset($sslConfig); |
|
45
|
4 |
|
} catch (Throwable $thrown) { |
|
46
|
4 |
|
(new Handler($thrown))->downloadHandler($parsedUrl); |
|
47
|
|
|
} |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
4 |
|
return self::prepareCertificateResponse($client, $trusted, $parsedUrl->getIp(), $parsedUrl->getTestURL()); |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
4 |
|
private static function prepareCertificateResponse($resultClient, bool $trusted, string $domainIp, string $testedUrl): array |
|
54
|
|
|
{ |
|
55
|
4 |
|
$response = stream_context_get_options($resultClient); |
|
56
|
4 |
|
$connectionInfo = stream_get_meta_data($resultClient)['crypto']; |
|
57
|
4 |
|
unset($resultClient); |
|
58
|
4 |
|
$mainCert = openssl_x509_parse($response['ssl']['peer_certificate'], true); |
|
59
|
|
|
|
|
60
|
4 |
|
$full_chain = []; |
|
61
|
4 |
|
if (count($response['ssl']['peer_certificate_chain']) > 1) { |
|
62
|
3 |
|
foreach ($response['ssl']['peer_certificate_chain'] as $cert) { |
|
63
|
3 |
|
$parsedCert = openssl_x509_parse($cert, true); |
|
64
|
3 |
|
$isChain = ! ($parsedCert['hash'] === $mainCert['hash']); |
|
65
|
3 |
|
if ($isChain === true) { |
|
66
|
3 |
|
array_push($full_chain, $parsedCert); |
|
67
|
|
|
} |
|
68
|
|
|
} |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
return [ |
|
72
|
4 |
|
'inputDomain' => $parsedUrl, |
|
|
|
|
|
|
73
|
|
|
'tested' => $testedUrl, |
|
74
|
|
|
'trusted' => $trusted, |
|
75
|
|
|
'dns-resolves-to' => $domainIp, |
|
76
|
|
|
'cert' => $mainCert, |
|
77
|
|
|
'full_chain' => $full_chain, |
|
78
|
|
|
'connection' => $connectionInfo, |
|
79
|
|
|
]; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
public static function downloadRevocationListFromUrl(string $url): array |
|
83
|
|
|
{ |
|
84
|
|
|
$parsedUrl = new Url($url); |
|
85
|
|
|
$csrConfig = StreamConfig::configCrl(); |
|
86
|
|
|
$file = file_get_contents($parsedUrl->getValidatedURL(), false, $csrConfig->getContext()); |
|
87
|
|
|
unset($csrConfig, $parsedUrl); |
|
88
|
|
|
$x509 = new X509(); |
|
89
|
|
|
$crl = $x509->loadCRL($file); // see ev2009a.crl |
|
90
|
|
|
unset($x509, $file); |
|
91
|
|
|
|
|
92
|
|
|
return $crl; |
|
93
|
|
|
} |
|
94
|
|
|
} |
|
95
|
|
|
|
liquidweb /
ssl-certificate
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.