SslCertificate - Code Metrics - Inspection of "Merge branch 'self-signed-test' into master-LW" - liquidweb/ssl-certificate - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 32b081...146d37 )

by Daniel

created 2017-03-02 22:10 UTC

SslCertificate C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	339
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	5

Test Coverage

Coverage

91.11%

Importance

Changes

Metric	Value
dl	0
loc	339
ccs	123
cts	135
cp	0.9111
rs	6.0975
c	0
b	0
f	0
wmc	60
lcom	2
cbo	5

34 Methods

Rating	Name	Size	Complexity
A	createForHostName()	6	1
A	extractCrlLinks()	7	1
A	parseCrlLinks()	14	2
A	getRevokedDate()	8	3
A	isClrRevoked()	15	4
A	parseCertChains()	9	2
A	__construct()	18	2
A	hasSslChain()	8	3
A	getAdditionalDomains()	8	1
A	getCertificateFields()	4	1
A	getCertificateChains()	4	1
A	getSerialNumber()	4	1
A	hasCrlLink()	4	1
A	getCrlLinks()	8	2
A	getCrl()	8	2
A	isRevoked()	4	1
A	getCrlRevokedTime()	6	2
A	getResolvedIp()	4	1
A	getIssuer()	4	1
A	getDomain()	9	2
A	getTestedDomain()	4	1
A	getInputDomain()	4	1
A	getCertificateDomain()	4	1
A	getSignatureAlgorithm()	4	1
A	getConnectionMeta()	4	1
A	validFromDate()	4	1
A	expirationDate()	4	1
A	isExpired()	4	1
A	isTrusted()	4	1
A	isValid()	17	4
A	isValidUntil()	8	2
B	isSelfSigned()	23	4
B	appliesToUrl()	21	5
A	wildcardHostCoversHost()	10	2

How to fix Complexity

<?php

namespace LiquidWeb\SslCertificate;

use Carbon\Carbon;
use phpseclib\Math\BigInteger;

class SslCertificate
{
    /** @var bool */
    protected $trusted;

    /** @var bool */
    protected $revoked;

    /** @var string */
    protected $ip;

    /** @var BigInteger */
    protected $serial;

    /** @var string */
    protected $inputDomain;

    /** @var string */
    protected $testedDomain;

    /** @var array */
    protected $certificateFields = [];

    /** @var array */
    protected $certificateChains = [];

    /** @var array */
    protected $connectionMeta = [];

    /** @var SslRevocationList */
    protected $crl;

    /** @var array */
    protected $crlLinks = [];

    /** @var Carbon */
    protected $revokedTime;

    public static function createForHostName(string $url, int $timeout = 30): SslCertificate
    {
        $downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);

        return new static($downloadResults);
    }

    private static function extractCrlLinks($rawCrlPoints): string
    {
        $tempCrlItem = explode('URI:', $rawCrlPoints);
        $cleanCrlItem = trim($tempCrlItem[1]);

        return $cleanCrlItem;
    }

    private static function parseCrlLinks($rawCrlInput): array
    {
        $crlLinks = [];
        $crlRawItems = explode('Full Name:', $rawCrlInput);
        // Remove the stuff before the first 'Full Name:' item
        array_splice($crlRawItems, 0, 1);
        foreach ($crlRawItems as $item) {
            $crlLink = self::extractCrlLinks($item);
            array_push($crlLinks, $crlLink);
            unset($crlLink);
        }

        return $crlLinks;
    }

    private function getRevokedDate()
    {
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                return new Carbon($broke['revocationDate']['utcTime']);
            }
        }
    }

    private function isClrRevoked()
    {
        if (! $this->hasCrlLink()) {
            return;
        }
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                $this->trusted = false;

                return true;
            }
        }

        return false;
    }

    private static function parseCertChains(array $chains): array
    {
        $output = [];
        foreach ($chains as $cert) {
            array_push($output, new SslChain($cert));
        }

        return $output;
    }

    public function __construct(array $downloadResults)
    {
        $this->inputDomain = $downloadResults['inputDomain'];
        $this->testedDomain = $downloadResults['tested'];
        $this->trusted = $downloadResults['trusted'];
        $this->ip = $downloadResults['dns-resolves-to'];
        $this->certificateFields = $downloadResults['cert'];
        $this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
        $this->connectionMeta = $downloadResults['connection'];
        $this->serial = new BigInteger($downloadResults['cert']['serialNumber']);

        if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
            $this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
            $this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
            $this->revoked = $this->isClrRevoked();
            $this->revokedTime = $this->getRevokedDate();
        }
    }

    public function hasSslChain(): bool
    {
        if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
            return true;
        }

        return false;
    }

    public function getCertificateFields(): array
    {
        return $this->certificateFields;
    }

    public function getCertificateChains(): array
    {
        return $this->certificateChains;
    }

    public function getSerialNumber(): string
    {
        return strtoupper($this->serial->toHex());
    }

    public function hasCrlLink(): bool
    {
        return isset($this->certificateFields['extensions']['crlDistributionPoints']);
    }

    public function getCrlLinks()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crlLinks;
    }

    public function getCrl()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crl;
    }

    public function isRevoked()
    {
        return $this->revoked;
    }

    public function getCrlRevokedTime()
    {
        if ($this->isRevoked()) {
            return $this->revokedTime;
        }
    }

    public function getResolvedIp(): string
    {
        return $this->ip;
    }

    public function getIssuer(): string
    {
        return $this->certificateFields['issuer']['CN'];
    }
    
    public function getDomain(): string
    {
        $certDomain = $this->getCertificateDomain();
        if (str_contains($certDomain, $this->inputDomain) === false) {
            return $this->inputDomain;
        }

        return $certDomain ?? '';
    }

    public function getTestedDomain(): string
    {
        return $this->testedDomain;
    }

    public function getInputDomain(): string
    {
        return $this->inputDomain;
    }

    public function getCertificateDomain(): string
    {
        return $this->certificateFields['subject']['CN'];
    }

    public function getAdditionalDomains(): array
    {
        $additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');

        return array_map(function (string $domain) {
            return str_replace('DNS:', '', $domain);
        }, $additionalDomains);
    }

    public function getSignatureAlgorithm(): string
    {
        return $this->certificateFields['signatureTypeSN'] ?? '';
    }

    public function getConnectionMeta(): array
    {
        return $this->connectionMeta;
    }

    public function validFromDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
    }

    public function expirationDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
    }

    public function isExpired(): bool
    {
        return $this->expirationDate()->isPast();
    }

    public function isTrusted(): bool
    {
        return $this->trusted;
    }

    public function isValid(string $url = null): bool
    {
        // Verify SSL not expired
        if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
            return false;
        }
        // Verify the SSL applies to the domain; use $url if provided, other wise use input
        if ($this->appliesToUrl($url ?? $this->inputDomain) === false) {
            return false;
        }
        // Check SerialNumber for CRL list
        if ($this->isRevoked()) {
            return false;
        }

        return true;
    }

    public function isValidUntil(Carbon $carbon, string $url = null): bool
    {
        if ($this->expirationDate()->gt($carbon)) {
            return false;
        }

        return $this->isValid($url);
    }

    public function isSelfSigned()
    {
      // Get the issuer data
      $url = $this->getIssuer();
      // make sure we don't include wildcard if it's there...
      if (starts_with($url, '*.') === true) {
          $url = substr($url, 2);
      }
      //Try to parse the string
      try {
        $issuerUrl = new Url($url);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
      } catch (\Exception $e) {
        // if we hit this exception then the string is not likely a URL
        return false;
      }
      // If it is a domain, run appliesToUrl($this->getIssuer())

      if ($this->appliesToUrl($url) === true) {
          return true;
      }
      
      // default to return null; this means maybe
      return null;
    }

    public function appliesToUrl(string $url): bool
    {
        if (starts_with($url, '*.') === true) {
            $url = substr($url, 2);
        }
        $host = (new Url($url))->getHostName();

        $certificateHosts = array_merge([$this->getCertificateDomain()], $this->getAdditionalDomains());

        foreach ($certificateHosts as $certificateHost) {
            if ($host === $certificateHost) {
                return true;
            }

            if ($this->wildcardHostCoversHost($certificateHost, $host)) {
                return true;
            }
        }

        return false;
    }

    protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
    {
        if (! starts_with($wildcardHost, '*')) {
            return false;
        }

        $wildcardHostWithoutWildcard = substr($wildcardHost, 2);

        return ends_with($host, $wildcardHostWithoutWildcard);
    }
}


GitHub Access Token became invalid

Push — master ( 32b081...146d37 )

SslCertificate C

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

34 Methods

How to fix Complexity

Complex Class

1		<?php
2
3		namespace LiquidWeb\SslCertificate;
4
5		use Carbon\Carbon;
6		use phpseclib\Math\BigInteger;
7
8		class SslCertificate
9		{
10		/** @var bool */
11		protected $trusted;
12
13		/** @var bool */
14		protected $revoked;
15
16		/** @var string */
17		protected $ip;
18
19		/** @var BigInteger */
20		protected $serial;
21
22		/** @var string */
23		protected $inputDomain;
24
25		/** @var string */
26		protected $testedDomain;
27
28		/** @var array */
29		protected $certificateFields = [];
30
31		/** @var array */
32		protected $certificateChains = [];
33
34		/** @var array */
35		protected $connectionMeta = [];
36
37		/** @var SslRevocationList */
38		protected $crl;
39
40		/** @var array */
41		protected $crlLinks = [];
42
43		/** @var Carbon */
44		protected $revokedTime;
45
46	2	public static function createForHostName(string $url, int $timeout = 30): SslCertificate
47		{
48	2	$downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);
49
50	2	return new static($downloadResults);
51		}
52
53	3	private static function extractCrlLinks($rawCrlPoints): string
54		{
55	3	$tempCrlItem = explode('URI:', $rawCrlPoints);
56	3	$cleanCrlItem = trim($tempCrlItem[1]);
57
58	3	return $cleanCrlItem;
59		}
60
61	3	private static function parseCrlLinks($rawCrlInput): array
62		{
63	3	$crlLinks = [];
64	3	$crlRawItems = explode('Full Name:', $rawCrlInput);
65		// Remove the stuff before the first 'Full Name:' item
66	3	array_splice($crlRawItems, 0, 1);
67	3	foreach ($crlRawItems as $item) {
68	3	$crlLink = self::extractCrlLinks($item);
69	3	array_push($crlLinks, $crlLink);
70	3	unset($crlLink);
71		}
72
73	3	return $crlLinks;
74		}
75
76	3	private function getRevokedDate()
77		{
78	3	foreach ($this->crl->getRevokedList() as $broke) {
79	3	if ($this->serial->equals($broke['userCertificate'])) {
80	3	return new Carbon($broke['revocationDate']['utcTime']);
81		}
82		}
83	2	}
84
85	3	private function isClrRevoked()
86		{
87	3	if (! $this->hasCrlLink()) {
88		return;
89		}
90	3	foreach ($this->crl->getRevokedList() as $broke) {
91	3	if ($this->serial->equals($broke['userCertificate'])) {
92	1	$this->trusted = false;
93
94	3	return true;
95		}
96		}
97
98	2	return false;
99		}
100
101	23	private static function parseCertChains(array $chains): array
102		{
103	23	$output = [];
104	23	foreach ($chains as $cert) {
105	23	array_push($output, new SslChain($cert));
106		}
107
108	23	return $output;
109		}
110
111	23	public function __construct(array $downloadResults)
112		{
113	23	$this->inputDomain = $downloadResults['inputDomain'];
114	23	$this->testedDomain = $downloadResults['tested'];
115	23	$this->trusted = $downloadResults['trusted'];
116	23	$this->ip = $downloadResults['dns-resolves-to'];
117	23	$this->certificateFields = $downloadResults['cert'];
118	23	$this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
119	23	$this->connectionMeta = $downloadResults['connection'];
120	23	$this->serial = new BigInteger($downloadResults['cert']['serialNumber']);
121
122	23	if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
123	3	$this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
124	3	$this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
125	3	$this->revoked = $this->isClrRevoked();
126	3	$this->revokedTime = $this->getRevokedDate();
127		}
128	23	}
129
130	2	public function hasSslChain(): bool
131		{
132	2	if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
133	1	return true;
134		}
135
136	1	return false;
137		}
138
139	1	public function getCertificateFields(): array
140		{
141	1	return $this->certificateFields;
142		}
143
144	1	public function getCertificateChains(): array
145		{
146	1	return $this->certificateChains;
147		}
148
149	1	public function getSerialNumber(): string
150		{
151	1	return strtoupper($this->serial->toHex());
152		}
153
154	3	public function hasCrlLink(): bool
155		{
156	3	return isset($this->certificateFields['extensions']['crlDistributionPoints']);
157		}
158
159	3	public function getCrlLinks()
160		{
161	3	if (! $this->hasCrlLink()) {
162		return;
163		}
164
165	3	return $this->crlLinks;
166		}
167
168		public function getCrl()
169		{
170		if (! $this->hasCrlLink()) {
171		return;
172		}
173
174		return $this->crl;
175		}
176
177	6	public function isRevoked()
178		{
179	6	return $this->revoked;
180		}
181
182	1	public function getCrlRevokedTime()
183		{
184	1	if ($this->isRevoked()) {
185	1	return $this->revokedTime;
186		}
187		}
188
189	1	public function getResolvedIp(): string
190		{
191	1	return $this->ip;
192		}
193
194	1	public function getIssuer(): string
195		{
196	1	return $this->certificateFields['issuer']['CN'];
197		}
198
199	3	public function getDomain(): string
200		{
201	3	$certDomain = $this->getCertificateDomain();
202	3	if (str_contains($certDomain, $this->inputDomain) === false) {
203		return $this->inputDomain;
204		}
205
206	3	return $certDomain ?? '';
207		}
208
209	1	public function getTestedDomain(): string
210		{
211	1	return $this->testedDomain;
212		}
213
214		public function getInputDomain(): string
215		{
216		return $this->inputDomain;
217		}
218
219	8	public function getCertificateDomain(): string
220		{
221	8	return $this->certificateFields['subject']['CN'];
222		}
223
224	7	public function getAdditionalDomains(): array
225		{
226	7	$additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');
227
228	7	return array_map(function (string $domain) {
229	7	return str_replace('DNS:', '', $domain);
230	7	}, $additionalDomains);
231		}
232
233	1	public function getSignatureAlgorithm(): string
234		{
235	1	return $this->certificateFields['signatureTypeSN'] ?? '';
236		}
237
238		public function getConnectionMeta(): array
239		{
240		return $this->connectionMeta;
241		}
242
243	6	public function validFromDate(): Carbon
244		{
245	6	return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
246		}
247
248	7	public function expirationDate(): Carbon
249		{
250	7	return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
251		}
252
253	1	public function isExpired(): bool
254		{
255	1	return $this->expirationDate()->isPast();
256		}
257
258	1	public function isTrusted(): bool
259		{
260	1	return $this->trusted;
261		}
262
263	5	public function isValid(string $url = null): bool
264		{
265		// Verify SSL not expired
266	5	if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
267	2	return false;
268		}
269		// Verify the SSL applies to the domain; use $url if provided, other wise use input
270	5	if ($this->appliesToUrl($url ?? $this->inputDomain) === false) {
271	1	return false;
272		}
273		// Check SerialNumber for CRL list
274	5	if ($this->isRevoked()) {
275	1	return false;
276		}
277
278	4	return true;
279		}
280
281	1	public function isValidUntil(Carbon $carbon, string $url = null): bool
282		{
283	1	if ($this->expirationDate()->gt($carbon)) {
284	1	return false;
285		}
286
287	1	return $this->isValid($url);
288		}
289
290	6	public function isSelfSigned()
291		{
292	6	// Get the issuer data
293	1	$url = $this->getIssuer();
294		// make sure we don't include wildcard if it's there...
295	6	if (starts_with($url, '*.') === true) {
296		$url = substr($url, 2);
297	6	}
298		//Try to parse the string
299	6	try {
300	6	$issuerUrl = new Url($url);
		0 ignored issues – show Unused Code introduced 2017-03-02 22:51 UTC by Report Bug Copy Issue Report `$issuerUrl` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
301	5	} catch (\Exception $e) {
302		// if we hit this exception then the string is not likely a URL
303		return false;
304	2	}
305	2	// If it is a domain, run appliesToUrl($this->getIssuer())
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-03-02 22:51 UTC by Report Bug Copy Issue Report `37%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
306		if ($this->appliesToUrl($url) === true) {
307		return true;
308		}
309	1
310		// default to return null; this means maybe
311		return null;
312	2	}
313
314	2	public function appliesToUrl(string $url): bool
315	1	{
316		if (starts_with($url, '*.') === true) {
317		$url = substr($url, 2);
318	2	}
319		$host = (new Url($url))->getHostName();
320	2
321		$certificateHosts = array_merge([$this->getCertificateDomain()], $this->getAdditionalDomains());
322
323		foreach ($certificateHosts as $certificateHost) {
324		if ($host === $certificateHost) {
325		return true;
326		}
327
328		if ($this->wildcardHostCoversHost($certificateHost, $host)) {
329		return true;
330		}
331		}
332
333		return false;
334		}
335
336		protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
337		{
338		if (! starts_with($wildcardHost, '*')) {
339		return false;
340		}
341
342		$wildcardHostWithoutWildcard = substr($wildcardHost, 2);
343
344		return ends_with($host, $wildcardHostWithoutWildcard);
345		}
346		}
347

liquidweb / ssl-certificate

GitHub Access Token became invalid

Push — master ( 32b081...146d37 )

SslCertificate C

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

34 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like