SslCertificate - Code Metrics - Inspection of "Update to PHPunit 6.1 and fix tests" - liquidweb/ssl-certificate - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 81a457...ca7640 )

by Daniel

created 2017-05-20 16:09 UTC

SslCertificate C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	342
Duplicated Lines	2.34 %

Coupling/Cohesion

Components	2
Dependencies	5

Test Coverage

Coverage

88.36%

Importance

Changes

Metric	Value
dl	8
loc	342
ccs	129
cts	146
cp	0.8836
rs	6.0975
c	0
b	0
f	0
wmc	60
lcom	2
cbo	5

34 Methods

Rating	Name	Duplication	Size	Complexity
A	createForHostName()	0	6	1
A	getConnectionMeta()	0	4	1
A	extractCrlLinks()	0	7	1
A	parseCrlLinks()	0	14	2
A	getCertificateDomain()	0	4	1
A	validFromDate()	0	4	1
A	expirationDate()	0	4	1
A	isExpired()	0	4	1
A	isTrusted()	0	4	1
A	isValidUntil()	0	8	2
A	parseCertChains()	0	9	2
B	withSslCrlCheck()	0	21	5
A	__construct()	0	15	2
A	hasSslChain()	0	8	3
A	getCertificateFields()	0	4	1
A	getCertificateChains()	0	4	1
A	getSerialNumber()	0	4	1
A	hasCrlLink()	0	4	1
A	getCrlLinks()	0	8	2
A	getCrl()	0	8	2
A	isRevoked()	0	4	1
A	getCrlRevokedTime()	0	6	2
A	getResolvedIp()	0	4	1
A	getIssuer()	0	4	1
A	getDomain()	0	9	2
A	getTestedDomain()	0	4	1
A	getInputDomain()	0	4	1
A	getAdditionalDomains()	0	8	1
A	getSignatureAlgorithm()	0	4	1
A	isValid()	0	17	4
A	isValidDate()	8	8	2
B	isSelfSigned()	0	23	4
B	appliesToUrl()	0	21	5
A	wildcardHostCoversHost()	0	10	2

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like SslCertificate often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use SslCertificate, and based on these observations, apply Extract Interface, too.

<?php

namespace LiquidWeb\SslCertificate;

use Carbon\Carbon;
use phpseclib\Math\BigInteger;

class SslCertificate
{
    /** @var bool */
    protected $trusted;

    /** @var bool */
    protected $revoked;

    /** @var string */
    protected $ip;

    /** @var BigInteger */
    protected $serial;

    /** @var string */
    protected $inputDomain;

    /** @var string */
    protected $testedDomain;

    /** @var array */
    protected $certificateFields = [];

    /** @var array */
    protected $certificateChains = [];

    /** @var array */
    protected $connectionMeta = [];

    /** @var array */
    protected $crlLinks = [];

    /** @var SslRevocationList */
    protected $crl = null;

    /** @var Carbon */
    protected $revokedTime = null;

    public static function createForHostName(string $url, int $timeout = 30): SslCertificate
    {
        $downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);

        return new static($downloadResults);
    }

    private static function extractCrlLinks($rawCrlPoints): string
    {
        $tempCrlItem = explode('URI:', $rawCrlPoints);
        $cleanCrlItem = trim($tempCrlItem[1]);

        return $cleanCrlItem;
    }

    private static function parseCrlLinks($rawCrlInput): array
    {
        $crlLinks = [];
        $crlRawItems = explode('Full Name:', $rawCrlInput);
        // Remove the stuff before the first 'Full Name:' item
        array_splice($crlRawItems, 0, 1);
        foreach ($crlRawItems as $item) {
            $crlLink = self::extractCrlLinks($item);
            array_push($crlLinks, $crlLink);
            unset($crlLink);
        }

        return $crlLinks;
    }

    private static function parseCertChains(array $chains): array
    {
        $output = [];
        foreach ($chains as $cert) {
            array_push($output, new SslChain($cert));
        }

        return $output;
    }

    public function withSslCrlCheck(): SslCertificate
    {
        $links = $this->getCrlLinks();
        if (is_null($links) === true || empty($links) === true) {
            return $this;
        }
        $this->crl = SslRevocationList::createFromUrl($links[0]);

        foreach ($this->crl->getRevokedList() as $revoked) {
            if ($this->serial->equals($revoked['userCertificate'])) {
                $this->trusted = false;
                $this->revoked = true;
                $this->revokedTime = new Carbon($revoked['revocationDate']['utcTime']);

                return $this;
            }
        }
        $this->revoked = false;

        return $this;
    }

    public function __construct(array $downloadResults)
    {
        $this->inputDomain = $downloadResults['inputDomain'];
        $this->testedDomain = $downloadResults['tested'];
        $this->trusted = $downloadResults['trusted'];
        $this->ip = $downloadResults['dns-resolves-to'];
        $this->certificateFields = $downloadResults['cert'];
        $this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
        $this->connectionMeta = $downloadResults['connection'];
        $this->serial = new BigInteger($downloadResults['cert']['serialNumber']);

        if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
            $this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
        }
    }

    public function hasSslChain(): bool
    {
        if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
            return true;
        }

        return false;
    }

    public function getCertificateFields(): array
    {
        return $this->certificateFields;
    }

    public function getCertificateChains(): array
    {
        return $this->certificateChains;
    }

    public function getSerialNumber(): string
    {
        return strtoupper($this->serial->toHex());
    }

    public function hasCrlLink(): bool
    {
        return isset($this->certificateFields['extensions']['crlDistributionPoints']);
    }

    public function getCrlLinks()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crlLinks;
    }

    public function getCrl()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crl;
    }

    public function isRevoked()
    {
        return $this->revoked;
    }

    public function getCrlRevokedTime()
    {
        if ($this->isRevoked()) {
            return $this->revokedTime;
        }
    }

    public function getResolvedIp(): string
    {
        return $this->ip;
    }

    public function getIssuer(): string
    {
        return $this->certificateFields['issuer']['CN'];
    }

    public function getDomain(): string
    {
        $certDomain = $this->getCertificateDomain();
        if (str_contains($certDomain, $this->inputDomain) === false) {
            return $this->inputDomain;
        }

        return $certDomain ?? '';
    }

    public function getTestedDomain(): string
    {
        return $this->testedDomain;
    }

    public function getInputDomain(): string
    {
        return $this->inputDomain;
    }

    public function getCertificateDomain(): string
    {
        return $this->certificateFields['subject']['CN'];
    }

    public function getAdditionalDomains(): array
    {
        $additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');

        return array_map(function (string $domain) {
            return str_replace('DNS:', '', $domain);
        }, $additionalDomains);
    }

    public function getSignatureAlgorithm(): string
    {
        return $this->certificateFields['signatureTypeSN'] ?? '';
    }

    public function getConnectionMeta(): array
    {
        return $this->connectionMeta;
    }

    public function validFromDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
    }

    public function expirationDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
    }

    public function isExpired(): bool
    {
        return $this->expirationDate()->isPast();
    }

    public function isTrusted(): bool
    {
        return $this->trusted;
    }

    public function isValid(string $url = null): bool
    {
        // Verify SSL not expired
        if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
            return false;
        }
        // Verify the SSL applies to the domain; use $url if provided, other wise use input
        if ($this->appliesToUrl($url ?? $this->inputDomain) === false) {
            return false;
        }
        // Check SerialNumber for CRL list
        if ($this->isRevoked()) {
            return false;
        }

        return true;
    }

    public function isValidUntil(Carbon $carbon, string $url = null): bool
    {
        if ($this->isValidDate($carbon) === false) {
            return false;
        }

        return $this->isValid($url);
    }

    public function isValidDate(Carbon $carbon): bool

    {
        if ($carbon->between($this->validFromDate(), $this->expirationDate()) === false) {
            return false;
        }

        return true;
    }

    public function isSelfSigned(): bool
    {
        // Get the issuer data
        $url = $this->getIssuer();
      // make sure we don't include wildcard if it's there...
        if (starts_with($url, '*.') === true) {
            $url = substr($url, 2);
        }
      //Try to parse the string
        try {
            $issuerUrl = new Url($url);
        } catch (\Exception $e) {
            // if we hit this exception then the string is not likely a URL
            // If it's not a URL and is valid we can assume it's not self signed
            return false;
        }
      // If it is a domain, run appliesToUrl
        if ($this->appliesToUrl((string) $issuerUrl) === true) {
            return true;
        }

        return false;
    }

    public function appliesToUrl(string $url): bool
    {
        if (starts_with($url, '*.') === true) {
            $url = substr($url, 2);
        }
        $host = (new Url($url))->getHostName();

        $certificateHosts = array_merge([$this->getCertificateDomain()], $this->getAdditionalDomains());

        foreach ($certificateHosts as $certificateHost) {
            if ($host === $certificateHost) {
                return true;
            }

            if ($this->wildcardHostCoversHost($certificateHost, $host)) {
                return true;
            }
        }

        return false;
    }

    protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
    {
        if (! starts_with($wildcardHost, '*')) {
            return false;
        }

        $wildcardHostWithoutWildcard = substr($wildcardHost, 2);

        return ends_with($host, $wildcardHostWithoutWildcard);
    }
}


1			<?php
2
3			namespace LiquidWeb\SslCertificate;
4
5			use Carbon\Carbon;
6			use phpseclib\Math\BigInteger;
7
8			class SslCertificate
9			{
10			/** @var bool */
11			protected $trusted;
12
13			/** @var bool */
14			protected $revoked;
15
16			/** @var string */
17			protected $ip;
18
19			/** @var BigInteger */
20			protected $serial;
21
22			/** @var string */
23			protected $inputDomain;
24
25			/** @var string */
26			protected $testedDomain;
27
28			/** @var array */
29			protected $certificateFields = [];
30
31			/** @var array */
32			protected $certificateChains = [];
33
34			/** @var array */
35			protected $connectionMeta = [];
36
37			/** @var array */
38			protected $crlLinks = [];
39
40			/** @var SslRevocationList */
41			protected $crl = null;
42
43			/** @var Carbon */
44			protected $revokedTime = null;
45
46	3		public static function createForHostName(string $url, int $timeout = 30): SslCertificate
47			{
48	3		$downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);
49
50	3		return new static($downloadResults);
51			}
52
53	4		private static function extractCrlLinks($rawCrlPoints): string
54			{
55	4		$tempCrlItem = explode('URI:', $rawCrlPoints);
56	4		$cleanCrlItem = trim($tempCrlItem[1]);
57
58	4		return $cleanCrlItem;
59			}
60
61	4		private static function parseCrlLinks($rawCrlInput): array
62			{
63	4		$crlLinks = [];
64	4		$crlRawItems = explode('Full Name:', $rawCrlInput);
65			// Remove the stuff before the first 'Full Name:' item
66	4		array_splice($crlRawItems, 0, 1);
67	4		foreach ($crlRawItems as $item) {
68	4		$crlLink = self::extractCrlLinks($item);
69	4		array_push($crlLinks, $crlLink);
70	4		unset($crlLink);
71			}
72
73	4		return $crlLinks;
74			}
75
76	25		private static function parseCertChains(array $chains): array
77			{
78	25		$output = [];
79	25		foreach ($chains as $cert) {
80	24		array_push($output, new SslChain($cert));
81			}
82
83	25		return $output;
84			}
85
86	2		public function withSslCrlCheck(): SslCertificate
87			{
88	2		$links = $this->getCrlLinks();
89	2		if (is_null($links) === true \|\| empty($links) === true) {
90			return $this;
91			}
92	2		$this->crl = SslRevocationList::createFromUrl($links[0]);
93
94	2		foreach ($this->crl->getRevokedList() as $revoked) {
95	2		if ($this->serial->equals($revoked['userCertificate'])) {
96	1		$this->trusted = false;
97	1		$this->revoked = true;
98	1		$this->revokedTime = new Carbon($revoked['revocationDate']['utcTime']);
99
100	2		return $this;
101			}
102			}
103	1		$this->revoked = false;
104
105	1		return $this;
106			}
107
108	25		public function __construct(array $downloadResults)
109			{
110	25		$this->inputDomain = $downloadResults['inputDomain'];
111	25		$this->testedDomain = $downloadResults['tested'];
112	25		$this->trusted = $downloadResults['trusted'];
113	25		$this->ip = $downloadResults['dns-resolves-to'];
114	25		$this->certificateFields = $downloadResults['cert'];
115	25		$this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
116	25		$this->connectionMeta = $downloadResults['connection'];
117	25		$this->serial = new BigInteger($downloadResults['cert']['serialNumber']);
118
119	25		if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
120	4		$this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
121			}
122	25		}
123
124	2		public function hasSslChain(): bool
125			{
126	2		if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
127	1		return true;
128			}
129
130	1		return false;
131			}
132
133	1		public function getCertificateFields(): array
134			{
135	1		return $this->certificateFields;
136			}
137
138	1		public function getCertificateChains(): array
139			{
140	1		return $this->certificateChains;
141			}
142
143	1		public function getSerialNumber(): string
144			{
145	1		return strtoupper($this->serial->toHex());
146			}
147
148	2		public function hasCrlLink(): bool
149			{
150	2		return isset($this->certificateFields['extensions']['crlDistributionPoints']);
151			}
152
153	2		public function getCrlLinks()
154			{
155	2		if (! $this->hasCrlLink()) {
156			return;
157			}
158
159	2		return $this->crlLinks;
160			}
161
162			public function getCrl()
163			{
164			if (! $this->hasCrlLink()) {
165			return;
166			}
167
168			return $this->crl;
169			}
170
171	7		public function isRevoked()
172			{
173	7		return $this->revoked;
174			}
175
176	1		public function getCrlRevokedTime()
177			{
178	1		if ($this->isRevoked()) {
179	1		return $this->revokedTime;
180			}
181			}
182
183	1		public function getResolvedIp(): string
184			{
185	1		return $this->ip;
186			}
187
188	2		public function getIssuer(): string
189			{
190	2		return $this->certificateFields['issuer']['CN'];
191			}
192
193	4		public function getDomain(): string
194			{
195	4		$certDomain = $this->getCertificateDomain();
196	4		if (str_contains($certDomain, $this->inputDomain) === false) {
197			return $this->inputDomain;
198			}
199
200	4		return $certDomain ?? '';
201			}
202
203	1		public function getTestedDomain(): string
204			{
205	1		return $this->testedDomain;
206			}
207
208			public function getInputDomain(): string
209			{
210			return $this->inputDomain;
211			}
212
213	8		public function getCertificateDomain(): string
214			{
215	8		return $this->certificateFields['subject']['CN'];
216			}
217
218	8		public function getAdditionalDomains(): array
219			{
220	8		$additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');
221
222	8		return array_map(function (string $domain) {
223	8		return str_replace('DNS:', '', $domain);
224	8		}, $additionalDomains);
225			}
226
227	1		public function getSignatureAlgorithm(): string
228			{
229	1		return $this->certificateFields['signatureTypeSN'] ?? '';
230			}
231
232			public function getConnectionMeta(): array
233			{
234			return $this->connectionMeta;
235			}
236
237	8		public function validFromDate(): Carbon
238			{
239	8		return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
240			}
241
242	9		public function expirationDate(): Carbon
243			{
244	9		return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
245			}
246
247	1		public function isExpired(): bool
248			{
249	1		return $this->expirationDate()->isPast();
250			}
251
252	1		public function isTrusted(): bool
253			{
254	1		return $this->trusted;
255			}
256
257	6		public function isValid(string $url = null): bool
258			{
259			// Verify SSL not expired
260	6		if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
261	2		return false;
262			}
263			// Verify the SSL applies to the domain; use $url if provided, other wise use input
264	5		if ($this->appliesToUrl($url ?? $this->inputDomain) === false) {
265	1		return false;
266			}
267			// Check SerialNumber for CRL list
268	5		if ($this->isRevoked()) {
269			return false;
270			}
271
272	5		return true;
273			}
274
275	1		public function isValidUntil(Carbon $carbon, string $url = null): bool
276			{
277	1		if ($this->isValidDate($carbon) === false) {
278	1		return false;
279			}
280
281	1		return $this->isValid($url);
282			}
283
284	2	View Code Duplication	public function isValidDate(Carbon $carbon): bool
			1 ignored issue – show Duplication introduced 2017-04-14 03:59 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
285			{
286	2		if ($carbon->between($this->validFromDate(), $this->expirationDate()) === false) {
287	2		return false;
288			}
289
290	2		return true;
291			}
292
293	1		public function isSelfSigned(): bool
294			{
295			// Get the issuer data
296	1		$url = $this->getIssuer();
297			// make sure we don't include wildcard if it's there...
298	1		if (starts_with($url, '*.') === true) {
299			$url = substr($url, 2);
300			}
301			//Try to parse the string
302			try {
303	1		$issuerUrl = new Url($url);
304	1		} catch (\Exception $e) {
305			// if we hit this exception then the string is not likely a URL
306			// If it's not a URL and is valid we can assume it's not self signed
307	1		return false;
308			}
309			// If it is a domain, run appliesToUrl
310			if ($this->appliesToUrl((string) $issuerUrl) === true) {
311			return true;
312			}
313
314			return false;
315			}
316
317	7		public function appliesToUrl(string $url): bool
318			{
319	7		if (starts_with($url, '*.') === true) {
320	1		$url = substr($url, 2);
321			}
322	7		$host = (new Url($url))->getHostName();
323
324	7		$certificateHosts = array_merge([$this->getCertificateDomain()], $this->getAdditionalDomains());
325
326	7		foreach ($certificateHosts as $certificateHost) {
327	7		if ($host === $certificateHost) {
328	5		return true;
329			}
330
331	4		if ($this->wildcardHostCoversHost($certificateHost, $host)) {
332	4		return true;
333			}
334			}
335
336	2		return false;
337			}
338
339	4		protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
340			{
341	4		if (! starts_with($wildcardHost, '*')) {
342	3		return false;
343			}
344
345	2		$wildcardHostWithoutWildcard = substr($wildcardHost, 2);
346
347	2		return ends_with($host, $wildcardHostWithoutWildcard);
348			}
349			}
350

liquidweb / ssl-certificate

GitHub Access Token became invalid