SslCertificate - Code Metrics - Inspection of "Update tests" - liquidweb/ssl-certificate - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( acc914...f1dfdd )

by Daniel

created 2016-12-24 11:57 UTC

SslCertificate B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	296
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	5

Test Coverage

Coverage

92.91%

Importance

Changes

Metric	Value
dl	0
loc	296
ccs	118
cts	127
cp	0.9291
rs	7.4757
c	0
b	0
f	0
wmc	53
lcom	2
cbo	5

31 Methods

Rating	Name	Size	Complexity
A	createForHostName()	6	1
A	extractCrlLinks()	7	1
A	parseCrlLinks()	14	2
A	getRevokedDate()	8	3
A	isClrRevoked()	15	4
A	parseCertChains()	9	2
A	__construct()	17	2
A	hasSslChain()	8	3
A	getTestedDomain()	4	1
A	getCertificateFields()	4	1
A	getCertificateChains()	4	1
A	getSerialNumber()	4	1
A	hasCrlLink()	4	1
A	getCrlLinks()	8	2
A	getCrl()	8	2
A	isRevoked()	4	1
A	getCrlRevokedTime()	6	2
A	getResolvedIp()	4	1
A	getIssuer()	4	1
A	getDomain()	4	1
A	getSignatureAlgorithm()	4	1
A	getAdditionalDomains()	8	1
A	getConnectionMeta()	4	1
A	validFromDate()	4	1
A	expirationDate()	4	1
A	isExpired()	4	1
A	isTrusted()	4	1
A	isValid()	17	4
A	isValidUntil()	8	2
A	wildcardHostCoversHost()	10	2
B	appliesToUrl()	21	5

How to fix Complexity

<?php

namespace LiquidWeb\SslCertificate;

use Carbon\Carbon;
use phpseclib\Math\BigInteger;

class SslCertificate
{
    /** @var bool */
    protected $trusted;

    /** @var bool */
    protected $revoked;

    /** @var string */
    protected $ip;

    /** @var BigInteger */
    protected $serial;

    /** @var string */
    protected $testedDomain;

    /** @var array */
    protected $certificateFields = [];

    /** @var array */
    protected $certificateChains = [];

    /** @var array */
    protected $connectionMeta = [];

    /** @var SslRevocationList */
    protected $crl;

    /** @var array */
    protected $crlLinks = [];

    /** @var Carbon */
    protected $revokedTime;

    public static function createForHostName(string $url, int $timeout = 30): SslCertificate
    {
        $downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);

        return new static($downloadResults);
    }

    private static function extractCrlLinks($rawCrlPoints): string
    {
        $tempCrlItem = explode('URI:', $rawCrlPoints);
        $cleanCrlItem = trim($tempCrlItem[1]);

        return $cleanCrlItem;
    }

    private static function parseCrlLinks($rawCrlInput): array
    {
        $crlLinks = [];
        $crlRawItems = explode('Full Name:', $rawCrlInput);
        // Remove the stuff before the first 'Full Name:' item
        array_splice($crlRawItems, 0, 1);
        foreach ($crlRawItems as $item) {
            $crlLink = self::extractCrlLinks($item);
            array_push($crlLinks, $crlLink);
            unset($crlLink);
        }

        return $crlLinks;
    }

    private function getRevokedDate()
    {
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                return new Carbon($broke['revocationDate']['utcTime']);
            }
        }
    }

    private function isClrRevoked()
    {
        if (! $this->hasCrlLink()) {
            return;
        }
        foreach ($this->crl->getRevokedList() as $broke) {
            if ($this->serial->equals($broke['userCertificate'])) {
                $this->trusted = false;

                return true;
            }
        }

        return false;
    }

    private static function parseCertChains(array $chains): array
    {
        $output = [];
        foreach ($chains as $cert) {
            array_push($output, new SslChain($cert));
        }

        return $output;
    }

    public function __construct(array $downloadResults)
    {
        $this->ip = $downloadResults['dns-resolves-to'];
        $this->serial = new BigInteger($downloadResults['cert']['serialNumber']);
        $this->testedDomain = $downloadResults['tested'];
        $this->trusted = $downloadResults['trusted'];
        $this->certificateFields = $downloadResults['cert'];
        $this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
        $this->connectionMeta = $downloadResults['connection'];

        if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
            $this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
            $this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
            $this->revoked = $this->isClrRevoked();
            $this->revokedTime = $this->getRevokedDate();
        }
    }

    public function hasSslChain(): bool
    {
        if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
            return true;
        }

        return false;
    }

    public function getTestedDomain(): string
    {
        return $this->testedDomain;
    }

    public function getCertificateFields(): array
    {
        return $this->certificateFields;
    }

    public function getCertificateChains(): array
    {
        return $this->certificateChains;
    }

    public function getSerialNumber(): string
    {
        return strtoupper($this->serial->toHex());
    }

    public function hasCrlLink(): bool
    {
        return isset($this->certificateFields['extensions']['crlDistributionPoints']);
    }

    public function getCrlLinks()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crlLinks;
    }

    public function getCrl()
    {
        if (! $this->hasCrlLink()) {
            return;
        }

        return $this->crl;
    }

    public function isRevoked()
    {
        return $this->revoked;
    }

    public function getCrlRevokedTime()
    {
        if ($this->isRevoked()) {
            return $this->revokedTime;
        }
    }

    public function getResolvedIp(): string
    {
        return $this->ip;
    }

    public function getIssuer(): string
    {
        return $this->certificateFields['issuer']['CN'];
    }

    public function getDomain(): string
    {
        return $this->certificateFields['subject']['CN'] ?? '';
    }

    public function getSignatureAlgorithm(): string
    {
        return $this->certificateFields['signatureTypeSN'] ?? '';
    }

    public function getAdditionalDomains(): array
    {
        $additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');

        return array_map(function (string $domain) {
            return str_replace('DNS:', '', $domain);
        }, $additionalDomains);
    }

    public function getConnectionMeta(): array
    {
        return $this->connectionMeta;
    }

    public function validFromDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
    }

    public function expirationDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
    }

    public function isExpired(): bool
    {
        return $this->expirationDate()->isPast();
    }

    public function isTrusted(): bool
    {
        return $this->trusted;
    }

    public function isValid(string $url = null): bool
    {
        // Verify SSL not expired
        if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
            return false;
        }
        // If a URL is provided verify the SSL applies to the domain
        if ($this->appliesToUrl($url ?? $this->getDomain()) === false) {
            return false;
        }
        // Check SerialNumber for CRL list
        if ($this->isRevoked()) {
            return false;
        }

        return true;
    }

    public function isValidUntil(Carbon $carbon, string $url = null): bool
    {
        if ($this->expirationDate()->gt($carbon)) {
            return false;
        }

        return $this->isValid($url);
    }

    public function appliesToUrl(string $url): bool
    {
        if (starts_with($url, '*.') === true) {
            $url = substr($url, 2);
        }
        $host = (new Url($url))->getHostName();

        $certificateHosts = array_merge([$this->getDomain()], $this->getAdditionalDomains());

        foreach ($certificateHosts as $certificateHost) {
            if ($host === $certificateHost) {
                return true;
            }

            if ($this->wildcardHostCoversHost($certificateHost, $host)) {
                return true;
            }
        }

        return false;
    }

    protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
    {
        if (! starts_with($wildcardHost, '*')) {
            return false;
        }

        $wildcardHostWithoutWildcard = substr($wildcardHost, 2);

        return ends_with($host, $wildcardHostWithoutWildcard);
    }
}


GitHub Access Token became invalid

Push — master ( acc914...f1dfdd )

SslCertificate B

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

31 Methods

How to fix Complexity

Complex Class

1		<?php
2
3		namespace LiquidWeb\SslCertificate;
4
5		use Carbon\Carbon;
6		use phpseclib\Math\BigInteger;
7
8		class SslCertificate
9		{
10		/** @var bool */
11		protected $trusted;
12
13		/** @var bool */
14		protected $revoked;
15
16		/** @var string */
17		protected $ip;
18
19		/** @var BigInteger */
20		protected $serial;
21
22		/** @var string */
23		protected $testedDomain;
24
25		/** @var array */
26		protected $certificateFields = [];
27
28		/** @var array */
29		protected $certificateChains = [];
30
31		/** @var array */
32		protected $connectionMeta = [];
33
34		/** @var SslRevocationList */
35		protected $crl;
36
37		/** @var array */
38		protected $crlLinks = [];
39
40		/** @var Carbon */
41		protected $revokedTime;
42
43	2	public static function createForHostName(string $url, int $timeout = 30): SslCertificate
44		{
45	2	$downloadResults = Downloader::downloadCertificateFromUrl($url, $timeout);
46
47	2	return new static($downloadResults);
48		}
49
50	3	private static function extractCrlLinks($rawCrlPoints): string
51		{
52	3	$tempCrlItem = explode('URI:', $rawCrlPoints);
53	3	$cleanCrlItem = trim($tempCrlItem[1]);
54
55	3	return $cleanCrlItem;
56		}
57
58	3	private static function parseCrlLinks($rawCrlInput): array
59		{
60	3	$crlLinks = [];
61	3	$crlRawItems = explode('Full Name:', $rawCrlInput);
62		// Remove the stuff before the first 'Full Name:' item
63	3	array_splice($crlRawItems, 0, 1);
64	3	foreach ($crlRawItems as $item) {
65	3	$crlLink = self::extractCrlLinks($item);
66	3	array_push($crlLinks, $crlLink);
67	3	unset($crlLink);
68		}
69
70	3	return $crlLinks;
71		}
72
73	3	private function getRevokedDate()
74		{
75	3	foreach ($this->crl->getRevokedList() as $broke) {
76	3	if ($this->serial->equals($broke['userCertificate'])) {
77	3	return new Carbon($broke['revocationDate']['utcTime']);
78		}
79		}
80	2	}
81
82	3	private function isClrRevoked()
83		{
84	3	if (! $this->hasCrlLink()) {
85		return;
86		}
87	3	foreach ($this->crl->getRevokedList() as $broke) {
88	3	if ($this->serial->equals($broke['userCertificate'])) {
89	1	$this->trusted = false;
90
91	3	return true;
92		}
93		}
94
95	2	return false;
96		}
97
98	23	private static function parseCertChains(array $chains): array
99		{
100	23	$output = [];
101	23	foreach ($chains as $cert) {
102	23	array_push($output, new SslChain($cert));
103		}
104
105	23	return $output;
106		}
107
108	23	public function __construct(array $downloadResults)
109		{
110	23	$this->ip = $downloadResults['dns-resolves-to'];
111	23	$this->serial = new BigInteger($downloadResults['cert']['serialNumber']);
112	23	$this->testedDomain = $downloadResults['tested'];
113	23	$this->trusted = $downloadResults['trusted'];
114	23	$this->certificateFields = $downloadResults['cert'];
115	23	$this->certificateChains = self::parseCertChains($downloadResults['full_chain']);
116	23	$this->connectionMeta = $downloadResults['connection'];
117
118	23	if (isset($downloadResults['cert']['extensions']['crlDistributionPoints'])) {
119	3	$this->crlLinks = self::parseCrlLinks($downloadResults['cert']['extensions']['crlDistributionPoints']);
120	3	$this->crl = SslRevocationList::createFromUrl($this->getCrlLinks()[0]);
121	3	$this->revoked = $this->isClrRevoked();
122	3	$this->revokedTime = $this->getRevokedDate();
123		}
124	23	}
125
126	2	public function hasSslChain(): bool
127		{
128	2	if (isset($this->certificateChains) && count($this->certificateChains) >= 1) {
129	1	return true;
130		}
131
132	1	return false;
133		}
134
135	1	public function getTestedDomain(): string
136		{
137	1	return $this->testedDomain;
138		}
139
140	1	public function getCertificateFields(): array
141		{
142	1	return $this->certificateFields;
143		}
144
145	1	public function getCertificateChains(): array
146		{
147	1	return $this->certificateChains;
148		}
149
150	1	public function getSerialNumber(): string
151		{
152	1	return strtoupper($this->serial->toHex());
153		}
154
155	3	public function hasCrlLink(): bool
156		{
157	3	return isset($this->certificateFields['extensions']['crlDistributionPoints']);
158		}
159
160	3	public function getCrlLinks()
161		{
162	3	if (! $this->hasCrlLink()) {
163		return;
164		}
165
166	3	return $this->crlLinks;
167		}
168
169		public function getCrl()
170		{
171		if (! $this->hasCrlLink()) {
172		return;
173		}
174
175		return $this->crl;
176		}
177
178	6	public function isRevoked()
179		{
180	6	return $this->revoked;
181		}
182
183	1	public function getCrlRevokedTime()
184		{
185	1	if ($this->isRevoked()) {
186	1	return $this->revokedTime;
187		}
188		}
189
190	1	public function getResolvedIp(): string
191		{
192	1	return $this->ip;
193		}
194
195	1	public function getIssuer(): string
196		{
197	1	return $this->certificateFields['issuer']['CN'];
198		}
199
200	8	public function getDomain(): string
201		{
202	8	return $this->certificateFields['subject']['CN'] ?? '';
203		}
204
205	1	public function getSignatureAlgorithm(): string
206		{
207	1	return $this->certificateFields['signatureTypeSN'] ?? '';
208		}
209
210	7	public function getAdditionalDomains(): array
211		{
212	7	$additionalDomains = explode(', ', $this->certificateFields['extensions']['subjectAltName'] ?? '');
213
214	7	return array_map(function (string $domain) {
215	7	return str_replace('DNS:', '', $domain);
216	7	}, $additionalDomains);
217		}
218
219		public function getConnectionMeta(): array
220		{
221		return $this->connectionMeta;
222		}
223
224	6	public function validFromDate(): Carbon
225		{
226	6	return Carbon::createFromTimestampUTC($this->certificateFields['validFrom_time_t']);
227		}
228
229	7	public function expirationDate(): Carbon
230		{
231	7	return Carbon::createFromTimestampUTC($this->certificateFields['validTo_time_t']);
232		}
233
234	1	public function isExpired(): bool
235		{
236	1	return $this->expirationDate()->isPast();
237		}
238
239	1	public function isTrusted(): bool
240		{
241	1	return $this->trusted;
242		}
243
244	5	public function isValid(string $url = null): bool
245		{
246		// Verify SSL not expired
247	5	if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
248	2	return false;
249		}
250		// If a URL is provided verify the SSL applies to the domain
251	5	if ($this->appliesToUrl($url ?? $this->getDomain()) === false) {
252	1	return false;
253		}
254		// Check SerialNumber for CRL list
255	5	if ($this->isRevoked()) {
256	1	return false;
257		}
258
259	4	return true;
260		}
261
262	1	public function isValidUntil(Carbon $carbon, string $url = null): bool
263		{
264	1	if ($this->expirationDate()->gt($carbon)) {
265	1	return false;
266		}
267
268	1	return $this->isValid($url);
269		}
270
271	6	public function appliesToUrl(string $url): bool
272		{
273	6	if (starts_with($url, '*.') === true) {
274	1	$url = substr($url, 2);
275		}
276	6	$host = (new Url($url))->getHostName();
277
278	6	$certificateHosts = array_merge([$this->getDomain()], $this->getAdditionalDomains());
279
280	6	foreach ($certificateHosts as $certificateHost) {
281	6	if ($host === $certificateHost) {
282	5	return true;
283		}
284
285	2	if ($this->wildcardHostCoversHost($certificateHost, $host)) {
286	2	return true;
287		}
288		}
289
290	1	return false;
291		}
292
293	2	protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
294		{
295	2	if (! starts_with($wildcardHost, '*')) {
296	1	return false;
297		}
298
299	2	$wildcardHostWithoutWildcard = substr($wildcardHost, 2);
300
301	2	return ends_with($host, $wildcardHostWithoutWildcard);
302		}
303		}
304

liquidweb / ssl-certificate

GitHub Access Token became invalid

Push — master ( acc914...f1dfdd )

SslCertificate B

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

31 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like