SslCertificate - Code Metrics - Inspection of "Update to fix bug with CloudFlare domains/SSLs" - liquidweb/ssl-certificate - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ecd45b...16c344 )

by Daniel

created 2017-01-06 18:08 UTC

SslCertificate C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	309
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	5

Test Coverage

Coverage

3.03%

Importance

Changes

Metric	Value
dl	0
loc	309
ccs	4
cts	132
cp	0.0303
rs	6.8
c	0
b	0
f	0
wmc	55
lcom	2
cbo	5

32 Methods

Rating	Name	Size	Complexity
A	createForHostName()	6	1
A	extractCrlLinks()	7	1
A	parseCrlLinks()	14	2
A	getRevokedDate()	8	3
A	isClrRevoked()	15	4
A	parseCertChains()	9	2
A	__construct()	18	2
A	hasSslChain()	8	3
A	getTestedDomain()	4	1
A	getCertificateFields()	4	1
A	getCertificateChains()	4	1
A	getSerialNumber()	4	1
A	hasCrlLink()	4	1
A	getCrlLinks()	8	2
A	getCrl()	8	2
A	isRevoked()	4	1
A	getCrlRevokedTime()	6	2
A	getResolvedIp()	4	1
A	getIssuer()	4	1
A	getDomain()	8	2
A	getCertificateDomain()	4	1
A	getSignatureAlgorithm()	4	1
A	getAdditionalDomains()	8	1
A	getConnectionMeta()	4	1
A	validFromDate()	4	1
A	expirationDate()	4	1
A	isExpired()	4	1
A	isTrusted()	4	1
A	isValid()	17	4
A	isValidUntil()	8	2
B	appliesToUrl()	21	5
A	wildcardHostCoversHost()	10	2

How to fix Complexity

<?php

namespace LiquidWeb\SslCertificate;

use Carbon\Carbon;
use phpseclib\Math\BigInteger;

class SslCertificate
{
    /** @var bool */
    protected $trusted;

    /** @var bool */
    protected $revoked;

    /** @var string */
    protected $ip;

    /** @var BigInteger */
    protected $serial;

    /** @var string */
    protected $inputDomain;

    /** @var string */
    protected $testedDomain;

    /** @var array */
    protected $certificateFields = [];

    /** @var array */
    protected $certificateChains = [];

    /** @var array */
    protected $connectionMeta = [];

    /** @var SslRevocationList */
    protected $crl;

    /** @var array */
    protected $crlLinks = [];

    /** @var Carbon */
    protected $revokedTime;

    public static function createForHostName(string $url, int $timeout = 30): SslCertificate
    {
        $downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);

        return new static($downloadResults);
    }

    private static function extractCrlLinks($rawCrlPoints): string
    {
        $tempCrlItem = explode('URI:', $rawCrlPoints);
        $cleanCrlItem = trim($tempCrlItem[1]);

        return $cleanCrlItem;
    }

    private static function parseCrlLinks($rawCrlInput): array
    {
        $crlLinks = [];
        $crlRawItems = explode('Full Name:', $rawCrlInput);
        // Remove the stuff before the first 'Full Name:' item
        array_splice($crlRawItems, 0, 1);
        foreach ($crlRawItems as $item) {
            $crlLink = self::extractCrlLinks($item);
            array_push($crlLinks, $crlLink);
            unset($crlLink);
        }

        return $crlLinks;
    }

    private function getRevokedDate()
    {
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                return new Carbon($broke['revocationDate']['utcTime']);
            }
        }
    }

    private function isClrRevoked()
    {
        if (! $this->hasCrlLink()) {
            return;
        }
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                $this->trusted = false;

                return true;
            }
        }

        return false;
    }

    private static function parseCertChains(array $chains): array
    {
        $output = [];
        foreach ($chains as $cert) {
            array_push($output, new SslChain($cert));
        }

        return $output;
    }

    public function __construct(array $downloadResults)
    {
        $this->inputDomain = $downloadResults['inputDomain'];
        $this->testedDomain = $downloadResults['tested'];
        $this->trusted = $downloadResults['trusted'];
        $this->ip = $downloadResults['dns-resolves-to'];
        $this->certificateFields = $downloadResults['cert'];
        $this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
        $this->connectionMeta = $downloadResults['connection'];
        $this->serial = new BigInteger($downloadResults['cert']['serialNumber']);

        if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
            $this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
            $this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
            $this->revoked = $this->isClrRevoked();
            $this->revokedTime = $this->getRevokedDate();
        }
    }

    public function hasSslChain(): bool
    {
        if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
            return true;
        }

        return false;
    }

    public function getTestedDomain(): string
    {
        return $this->testedDomain;
    }

    public function getCertificateFields(): array
    {
        return $this->certificateFields;
    }

    public function getCertificateChains(): array
    {
        return $this->certificateChains;
    }

    public function getSerialNumber(): string
    {
        return strtoupper($this->serial->toHex());
    }

    public function hasCrlLink(): bool
    {
        return isset($this->certificateFields['extensions']['crlDistributionPoints']);
    }

    public function getCrlLinks()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crlLinks;
    }

    public function getCrl()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crl;
    }

    public function isRevoked()
    {
        return $this->revoked;
    }

    public function getCrlRevokedTime()
    {
        if ($this->isRevoked()) {
            return $this->revokedTime;
        }
    }

    public function getResolvedIp(): string
    {
        return $this->ip;
    }

    public function getIssuer(): string
    {
        return $this->certificateFields['issuer']['CN'];
    }

    public function getDomain(): string
    {
        $certDomain = $this->getCertificateDomain();
        if (str_contains($certDomain, $this->inputDomain) === false) {
          return $this->inputDomain;
        }
        return $certDomain ?? '';
    }

    public function getCertificateDomain(): string
    {
        return $this->certificateFields['subject']['CN'];
    }

    public function getSignatureAlgorithm(): string
    {
        return $this->certificateFields['signatureTypeSN'] ?? '';
    }

    public function getAdditionalDomains(): array
    {
        $additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');

        return array_map(function (string $domain) {
            return str_replace('DNS:', '', $domain);
        }, $additionalDomains);
    }

    public function getConnectionMeta(): array
    {
        return $this->connectionMeta;
    }

    public function validFromDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
    }

    public function expirationDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
    }

    public function isExpired(): bool
    {
        return $this->expirationDate()->isPast();
    }

    public function isTrusted(): bool
    {
        return $this->trusted;
    }

    public function isValid(string $url = null): bool
    {
        // Verify SSL not expired
        if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
            return false;
        }
        // If a URL is provided verify the SSL applies to the domain
        if ($this->appliesToUrl($url ?? $this->getDomain()) === false) {
            return false;
        }
        // Check SerialNumber for CRL list
        if ($this->isRevoked()) {
            return false;
        }

        return true;
    }

    public function isValidUntil(Carbon $carbon, string $url = null): bool
    {
        if ($this->expirationDate()->gt($carbon)) {
            return false;
        }

        return $this->isValid($url);
    }

    public function appliesToUrl(string $url): bool
    {
        if (starts_with($url, '*.') === true) {
            $url = substr($url, 2);
        }
        $host = (new Url($url))->getHostName();

        $certificateHosts = array_merge([$this->getDomain()], $this->getAdditionalDomains());

        foreach ($certificateHosts as $certificateHost) {
            if ($host === $certificateHost) {
                return true;
            }

            if ($this->wildcardHostCoversHost($certificateHost, $host)) {
                return true;
            }
        }

        return false;
    }

    protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
    {
        if (! starts_with($wildcardHost, '*')) {
            return false;
        }

        $wildcardHostWithoutWildcard = substr($wildcardHost, 2);

        return ends_with($host, $wildcardHostWithoutWildcard);
    }
}


GitHub Access Token became invalid

Push — master ( ecd45b...16c344 )

SslCertificate C

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

32 Methods

How to fix Complexity

Complex Class

1		<?php
2
3		namespace LiquidWeb\SslCertificate;
4
5		use Carbon\Carbon;
6		use phpseclib\Math\BigInteger;
7
8		class SslCertificate
9		{
10		/** @var bool */
11		protected $trusted;
12
13		/** @var bool */
14		protected $revoked;
15
16		/** @var string */
17		protected $ip;
18
19		/** @var BigInteger */
20		protected $serial;
21
22		/** @var string */
23		protected $inputDomain;
24
25		/** @var string */
26		protected $testedDomain;
27
28		/** @var array */
29		protected $certificateFields = [];
30
31		/** @var array */
32		protected $certificateChains = [];
33
34		/** @var array */
35		protected $connectionMeta = [];
36
37		/** @var SslRevocationList */
38		protected $crl;
39
40		/** @var array */
41		protected $crlLinks = [];
42
43		/** @var Carbon */
44		protected $revokedTime;
45
46	2	public static function createForHostName(string $url, int $timeout = 30): SslCertificate
47		{
48	2	$downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);
49
50		return new static($downloadResults);
51		}
52
53		private static function extractCrlLinks($rawCrlPoints): string
54		{
55		$tempCrlItem = explode('URI:', $rawCrlPoints);
56		$cleanCrlItem = trim($tempCrlItem[1]);
57
58		return $cleanCrlItem;
59		}
60
61		private static function parseCrlLinks($rawCrlInput): array
62		{
63		$crlLinks = [];
64		$crlRawItems = explode('Full Name:', $rawCrlInput);
65		// Remove the stuff before the first 'Full Name:' item
66		array_splice($crlRawItems, 0, 1);
67		foreach ($crlRawItems as $item) {
68		$crlLink = self::extractCrlLinks($item);
69		array_push($crlLinks, $crlLink);
70		unset($crlLink);
71		}
72
73		return $crlLinks;
74		}
75
76		private function getRevokedDate()
77		{
78		foreach ($this->crl->getRevokedList() as $broke) {
79		if ($this->serial->equals($broke['userCertificate'])) {
80		return new Carbon($broke['revocationDate']['utcTime']);
81		}
82		}
83		}
84
85		private function isClrRevoked()
86		{
87		if (! $this->hasCrlLink()) {
88		return;
89		}
90		foreach ($this->crl->getRevokedList() as $broke) {
91		if ($this->serial->equals($broke['userCertificate'])) {
92		$this->trusted = false;
93
94		return true;
95		}
96		}
97
98		return false;
99		}
100
101		private static function parseCertChains(array $chains): array
102		{
103		$output = [];
104		foreach ($chains as $cert) {
105		array_push($output, new SslChain($cert));
106		}
107
108		return $output;
109		}
110
111	21	public function __construct(array $downloadResults)
112		{
113	21	$this->inputDomain = $downloadResults['inputDomain'];
114		$this->testedDomain = $downloadResults['tested'];
115		$this->trusted = $downloadResults['trusted'];
116		$this->ip = $downloadResults['dns-resolves-to'];
117		$this->certificateFields = $downloadResults['cert'];
118		$this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
119		$this->connectionMeta = $downloadResults['connection'];
120		$this->serial = new BigInteger($downloadResults['cert']['serialNumber']);
121
122		if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
123		$this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
124		$this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
125		$this->revoked = $this->isClrRevoked();
126		$this->revokedTime = $this->getRevokedDate();
127		}
128		}
129
130		public function hasSslChain(): bool
131		{
132		if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
133		return true;
134		}
135
136		return false;
137		}
138
139		public function getTestedDomain(): string
140		{
141		return $this->testedDomain;
142		}
143
144		public function getCertificateFields(): array
145		{
146		return $this->certificateFields;
147		}
148
149		public function getCertificateChains(): array
150		{
151		return $this->certificateChains;
152		}
153
154		public function getSerialNumber(): string
155		{
156		return strtoupper($this->serial->toHex());
157		}
158
159		public function hasCrlLink(): bool
160		{
161		return isset($this->certificateFields['extensions']['crlDistributionPoints']);
162		}
163
164		public function getCrlLinks()
165		{
166		if (! $this->hasCrlLink()) {
167		return;
168		}
169
170		return $this->crlLinks;
171		}
172
173		public function getCrl()
174		{
175		if (! $this->hasCrlLink()) {
176		return;
177		}
178
179		return $this->crl;
180		}
181
182		public function isRevoked()
183		{
184		return $this->revoked;
185		}
186
187		public function getCrlRevokedTime()
188		{
189		if ($this->isRevoked()) {
190		return $this->revokedTime;
191		}
192		}
193
194		public function getResolvedIp(): string
195		{
196		return $this->ip;
197		}
198
199		public function getIssuer(): string
200		{
201		return $this->certificateFields['issuer']['CN'];
202		}
203
204		public function getDomain(): string
205		{
206		$certDomain = $this->getCertificateDomain();
207		if (str_contains($certDomain, $this->inputDomain) === false) {
208		return $this->inputDomain;
209		}
210		return $certDomain ?? '';
211		}
212
213		public function getCertificateDomain(): string
214		{
215		return $this->certificateFields['subject']['CN'];
216		}
217
218		public function getSignatureAlgorithm(): string
219		{
220		return $this->certificateFields['signatureTypeSN'] ?? '';
221		}
222
223		public function getAdditionalDomains(): array
224		{
225		$additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');
226
227		return array_map(function (string $domain) {
228		return str_replace('DNS:', '', $domain);
229		}, $additionalDomains);
230		}
231
232		public function getConnectionMeta(): array
233		{
234		return $this->connectionMeta;
235		}
236
237		public function validFromDate(): Carbon
238		{
239		return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
240		}
241
242		public function expirationDate(): Carbon
243		{
244		return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
245		}
246
247		public function isExpired(): bool
248		{
249		return $this->expirationDate()->isPast();
250		}
251
252		public function isTrusted(): bool
253		{
254		return $this->trusted;
255		}
256
257		public function isValid(string $url = null): bool
258		{
259		// Verify SSL not expired
260		if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
261		return false;
262		}
263		// If a URL is provided verify the SSL applies to the domain
264		if ($this->appliesToUrl($url ?? $this->getDomain()) === false) {
265		return false;
266		}
267		// Check SerialNumber for CRL list
268		if ($this->isRevoked()) {
269		return false;
270		}
271
272		return true;
273		}
274
275		public function isValidUntil(Carbon $carbon, string $url = null): bool
276		{
277		if ($this->expirationDate()->gt($carbon)) {
278		return false;
279		}
280
281		return $this->isValid($url);
282		}
283
284		public function appliesToUrl(string $url): bool
285		{
286		if (starts_with($url, '*.') === true) {
287		$url = substr($url, 2);
288		}
289		$host = (new Url($url))->getHostName();
290
291		$certificateHosts = array_merge([$this->getDomain()], $this->getAdditionalDomains());
292
293		foreach ($certificateHosts as $certificateHost) {
294		if ($host === $certificateHost) {
295		return true;
296		}
297
298		if ($this->wildcardHostCoversHost($certificateHost, $host)) {
299		return true;
300		}
301		}
302
303		return false;
304		}
305
306		protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
307		{
308		if (! starts_with($wildcardHost, '*')) {
309		return false;
310		}
311
312		$wildcardHostWithoutWildcard = substr($wildcardHost, 2);
313
314		return ends_with($host, $wildcardHostWithoutWildcard);
315		}
316		}
317

liquidweb / ssl-certificate

GitHub Access Token became invalid

Push — master ( ecd45b...16c344 )

SslCertificate C

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

32 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like