SslCertificate - Code Metrics - Inspection of "Ability to get details from certificate string or..." - spatie/ssl-certificate - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#117)

unknown

created 2020-01-05 13:56 UTC

SslCertificate B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	270
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes

Metric	Value
dl	0
loc	270
rs	8.5599
c	0
b	0
f	0
wmc	48
lcom	1
cbo	5

28 Methods

Rating	Name	Size	Complexity
A	download()	4	1
A	createForHostName()	4	1
A	createForCertificateString()	4	1
A	__construct()	14	1
A	getRawCertificateFields()	4	1
A	getIssuer()	4	1
A	getDomain()	16	4
A	getSignatureAlgorithm()	4	1
A	getFingerprint()	4	1
A	getFingerprintSha256()	4	1
A	getAdditionalDomains()	8	1
A	validFromDate()	4	1
A	expirationDate()	4	1
A	isExpired()	4	1
A	isValid()	12	3
A	isSelfSigned()	4	1
A	usesSha1Hash()	14	3
A	isValidUntil()	8	2
A	daysUntilExpirationDate()	8	1
A	getDomains()	8	1
A	appliesToUrl()	23	5
A	wildcardHostCoversHost()	20	4
A	getRawCertificateFieldsJson()	4	1
A	getHash()	4	1
A	getRemoteAddress()	4	1
A	__toString()	4	1
A	containsDomain()	16	4
A	isPreCertificate()	12	3

How to fix Complexity

<?php

namespace Spatie\SslCertificate;

use Carbon\Carbon;
use Spatie\Macroable\Macroable;

class SslCertificate
{
    use Macroable;

    /** @var array */
    protected $rawCertificateFields = [];

    /** @var string */
    protected $fingerprint = '';

    /** @var string */
    private $fingerprintSha256 = '';

    /** @var string */
    private $remoteAddress = '';

    public static function download(): Downloader
    {
        return new Downloader();
    }

    public static function createForHostName(string $url, int $timeout = 30): self
    {
        return Downloader::downloadCertificateFromUrl($url, $timeout);
    }

    public static function createForCertificateString(string $certificateString): self
    {
        return Local::certificateAsString($certificateString);
    }

    public function __construct(
        array $rawCertificateFields,
        string $fingerprint = '',
        string $fingerprintSha256 = '',
        string $remoteAddress = '')
    {
        $this->rawCertificateFields = $rawCertificateFields;

        $this->fingerprint = $fingerprint;

        $this->fingerprintSha256 = $fingerprintSha256;

        $this->remoteAddress = $remoteAddress;
    }

    public function getRawCertificateFields(): array
    {
        return $this->rawCertificateFields;
    }

    public function getIssuer(): string
    {
        return $this->rawCertificateFields['issuer']['CN'] ?? '';
    }

    public function getDomain(): string
    {
        if (! array_key_exists('CN', $this->rawCertificateFields['subject'])) {
            return '';
        }

        if (is_string($this->rawCertificateFields['subject']['CN'])) {
            return $this->rawCertificateFields['subject']['CN'];
        }

        if (is_array($this->rawCertificateFields['subject']['CN'])) {
            return $this->rawCertificateFields['subject']['CN'][0];
        }

        return '';
    }

    public function getSignatureAlgorithm(): string
    {
        return $this->rawCertificateFields['signatureTypeSN'] ?? '';
    }

    public function getFingerprint(): string
    {
        return $this->fingerprint;
    }

    /**
     * @return string
     */
    public function getFingerprintSha256(): string
    {
        return $this->fingerprintSha256;
    }

    public function getAdditionalDomains(): array
    {
        $additionalDomains = explode(', ', $this->rawCertificateFields['extensions']['subjectAltName'] ?? '');

        return array_map(function (string $domain) {
            return str_replace('DNS:', '', $domain);
        }, $additionalDomains);
    }

    public function validFromDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->rawCertificateFields['validFrom_time_t']);
    }

    public function expirationDate(): Carbon
    {
        return Carbon::createFromTimestampUTC($this->rawCertificateFields['validTo_time_t']);
    }

    public function isExpired(): bool
    {
        return $this->expirationDate()->isPast();
    }

    public function isValid(string $url = null)
    {
        if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
            return false;
        }

        if (! empty($url)) {
            return $this->appliesToUrl($url ?? $this->getDomain());
        }

        return true;
    }

    public function isSelfSigned(): bool
    {
        return $this->getIssuer() === $this->getDomain();
    }

    public function usesSha1Hash(): bool
    {
        $certificateFields = $this->getRawCertificateFields();

        if ($certificateFields['signatureTypeSN'] === 'RSA-SHA1') {
            return true;
        }

        if ($certificateFields['signatureTypeLN'] === 'sha1WithRSAEncryption') {
            return true;
        }

        return false;
    }

    public function isValidUntil(Carbon $carbon, string $url = null): bool
    {
        if ($this->expirationDate()->lte($carbon)) {
            return false;
        }

        return $this->isValid($url);
    }

    public function daysUntilExpirationDate(): int
    {
        $endDate = $this->expirationDate();

        $interval = Carbon::now()->diff($endDate);

        return (int) $interval->format('%r%a');
    }

    public function getDomains(): array
    {
        $allDomains = $this->getAdditionalDomains();
        $allDomains[] = $this->getDomain();
        $uniqueDomains = array_unique($allDomains);

        return array_values(array_filter($uniqueDomains));
    }

    public function appliesToUrl(string $url): bool
    {
        if (filter_var($url, FILTER_VALIDATE_IP)) {
            $host = $url;
        } else {
            $host = (new Url($url))->getHostName();
        }

        $certificateHosts = $this->getDomains();

        foreach ($certificateHosts as $certificateHost) {
            $certificateHost = str_replace('ip address:', '', strtolower($certificateHost));
            if ($host === $certificateHost) {
                return true;
            }

            if ($this->wildcardHostCoversHost($certificateHost, $host)) {
                return true;
            }
        }

        return false;
    }

    protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
    {
        if ($host === $wildcardHost) {
            return true;
        }

        if (! starts_with($wildcardHost, '*')) {
            return false;
        }

        if (substr_count($wildcardHost, '.') < substr_count($host, '.')) {
            return false;
        }

        $wildcardHostWithoutWildcard = substr($wildcardHost, 1);

        $hostWithDottedPrefix = ".{$host}";

        return ends_with($hostWithDottedPrefix, $wildcardHostWithoutWildcard);
    }

    public function getRawCertificateFieldsJson(): string
    {
        return json_encode($this->getRawCertificateFields());
    }

    public function getHash(): string
    {
        return md5($this->getRawCertificateFieldsJson());
    }

    public function getRemoteAddress(): string
    {
        return $this->remoteAddress;
    }

    public function __toString(): string
    {
        return $this->getRawCertificateFieldsJson();
    }

    public function containsDomain(string $domain): bool
    {
        $certificateHosts = $this->getDomains();

        foreach ($certificateHosts as $certificateHost) {
            if ($certificateHost == $domain) {
                return true;
            }

            if (ends_with($domain, '.'.$certificateHost)) {
                return true;
            }
        }

        return false;
    }

    public function isPreCertificate(): bool
    {
        if (! array_key_exists('extensions', $this->rawCertificateFields)) {
            return false;
        }

        if (! array_key_exists('ct_precert_poison', $this->rawCertificateFields['extensions'])) {
            return false;
        }

        return true;
    }
}


GitHub Access Token became invalid

Pull Request — master (#117)

SslCertificate B

Complexity

Size/Duplication

Coupling/Cohesion

Importance

28 Methods

How to fix Complexity

Complex Class

1			<?php
2
3			namespace Spatie\SslCertificate;
4
5			use Carbon\Carbon;
6			use Spatie\Macroable\Macroable;
7
8			class SslCertificate
9			{
10			use Macroable;
11
12			/** @var array */
13			protected $rawCertificateFields = [];
14
15			/** @var string */
16			protected $fingerprint = '';
17
18			/** @var string */
19			private $fingerprintSha256 = '';
20
21			/** @var string */
22			private $remoteAddress = '';
23
24			public static function download(): Downloader
25			{
26			return new Downloader();
27			}
28
29			public static function createForHostName(string $url, int $timeout = 30): self
30			{
31			return Downloader::downloadCertificateFromUrl($url, $timeout);
32			}
33
34			public static function createForCertificateString(string $certificateString): self
35			{
36			return Local::certificateAsString($certificateString);
37			}
38
39			public function __construct(
40			array $rawCertificateFields,
41			string $fingerprint = '',
42			string $fingerprintSha256 = '',
43			string $remoteAddress = '')
44			{
45			$this->rawCertificateFields = $rawCertificateFields;
46
47			$this->fingerprint = $fingerprint;
48
49			$this->fingerprintSha256 = $fingerprintSha256;
50
51			$this->remoteAddress = $remoteAddress;
52			}
53
54			public function getRawCertificateFields(): array
55			{
56			return $this->rawCertificateFields;
57			}
58
59			public function getIssuer(): string
60			{
61			return $this->rawCertificateFields['issuer']['CN'] ?? '';
62			}
63
64			public function getDomain(): string
65			{
66			if (! array_key_exists('CN', $this->rawCertificateFields['subject'])) {
67			return '';
68			}
69
70			if (is_string($this->rawCertificateFields['subject']['CN'])) {
71			return $this->rawCertificateFields['subject']['CN'];
72			}
73
74			if (is_array($this->rawCertificateFields['subject']['CN'])) {
75			return $this->rawCertificateFields['subject']['CN'][0];
76			}
77
78			return '';
79			}
80
81			public function getSignatureAlgorithm(): string
82			{
83			return $this->rawCertificateFields['signatureTypeSN'] ?? '';
84			}
85
86			public function getFingerprint(): string
87			{
88			return $this->fingerprint;
89			}
90
91			/**
92			* @return string
93			*/
94			public function getFingerprintSha256(): string
95			{
96			return $this->fingerprintSha256;
97			}
98
99			public function getAdditionalDomains(): array
100			{
101			$additionalDomains = explode(', ', $this->rawCertificateFields['extensions']['subjectAltName'] ?? '');
102
103			return array_map(function (string $domain) {
104			return str_replace('DNS:', '', $domain);
105			}, $additionalDomains);
106			}
107
108			public function validFromDate(): Carbon
109			{
110			return Carbon::createFromTimestampUTC($this->rawCertificateFields['validFrom_time_t']);
111			}
112
113			public function expirationDate(): Carbon
114			{
115			return Carbon::createFromTimestampUTC($this->rawCertificateFields['validTo_time_t']);
116			}
117
118			public function isExpired(): bool
119			{
120			return $this->expirationDate()->isPast();
121			}
122
123			public function isValid(string $url = null)
124			{
125			if (! Carbon::now()->between($this->validFromDate(), $this->expirationDate())) {
126			return false;
127			}
128
129			if (! empty($url)) {
130			return $this->appliesToUrl($url ?? $this->getDomain());
131			}
132
133			return true;
134			}
135
136			public function isSelfSigned(): bool
137			{
138			return $this->getIssuer() === $this->getDomain();
139			}
140
141			public function usesSha1Hash(): bool
142			{
143			$certificateFields = $this->getRawCertificateFields();
144
145			if ($certificateFields['signatureTypeSN'] === 'RSA-SHA1') {
146			return true;
147			}
148
149			if ($certificateFields['signatureTypeLN'] === 'sha1WithRSAEncryption') {
150			return true;
151			}
152
153			return false;
154			}
155
156			public function isValidUntil(Carbon $carbon, string $url = null): bool
157			{
158			if ($this->expirationDate()->lte($carbon)) {
159			return false;
160			}
161
162			return $this->isValid($url);
163			}
164
165			public function daysUntilExpirationDate(): int
166			{
167			$endDate = $this->expirationDate();
168
169			$interval = Carbon::now()->diff($endDate);
170
171			return (int) $interval->format('%r%a');
172			}
173
174			public function getDomains(): array
175			{
176			$allDomains = $this->getAdditionalDomains();
177			$allDomains[] = $this->getDomain();
178			$uniqueDomains = array_unique($allDomains);
179
180			return array_values(array_filter($uniqueDomains));
181			}
182
183			public function appliesToUrl(string $url): bool
184			{
185			if (filter_var($url, FILTER_VALIDATE_IP)) {
186			$host = $url;
187			} else {
188			$host = (new Url($url))->getHostName();
189			}
190
191			$certificateHosts = $this->getDomains();
192
193			foreach ($certificateHosts as $certificateHost) {
194			$certificateHost = str_replace('ip address:', '', strtolower($certificateHost));
195			if ($host === $certificateHost) {
196			return true;
197			}
198
199			if ($this->wildcardHostCoversHost($certificateHost, $host)) {
200			return true;
201			}
202			}
203
204			return false;
205			}
206
207			protected function wildcardHostCoversHost(string $wildcardHost, string $host): bool
208			{
209			if ($host === $wildcardHost) {
210			return true;
211			}
212
213			if (! starts_with($wildcardHost, '*')) {
214			return false;
215			}
216
217			if (substr_count($wildcardHost, '.') < substr_count($host, '.')) {
218			return false;
219			}
220
221			$wildcardHostWithoutWildcard = substr($wildcardHost, 1);
222
223			$hostWithDottedPrefix = ".{$host}";
224
225			return ends_with($hostWithDottedPrefix, $wildcardHostWithoutWildcard);
226			}
227
228			public function getRawCertificateFieldsJson(): string
229			{
230			return json_encode($this->getRawCertificateFields());
231			}
232
233			public function getHash(): string
234			{
235			return md5($this->getRawCertificateFieldsJson());
236			}
237
238			public function getRemoteAddress(): string
239			{
240			return $this->remoteAddress;
241			}
242
243			public function __toString(): string
244			{
245			return $this->getRawCertificateFieldsJson();
246			}
247
248			public function containsDomain(string $domain): bool
249			{
250			$certificateHosts = $this->getDomains();
251
252			foreach ($certificateHosts as $certificateHost) {
253			if ($certificateHost == $domain) {
254			return true;
255			}
256
257			if (ends_with($domain, '.'.$certificateHost)) {
258			return true;
259			}
260			}
261
262			return false;
263			}
264
265			public function isPreCertificate(): bool
266			{
267			if (! array_key_exists('extensions', $this->rawCertificateFields)) {
268			return false;
269			}
270
271			if (! array_key_exists('ct_precert_poison', $this->rawCertificateFields['extensions'])) {
272			return false;
273			}
274
275			return true;
276			}
277			}
278

spatie / ssl-certificate

GitHub Access Token became invalid

Pull Request — master (#117)

SslCertificate B

Complexity

Size/Duplication

Coupling/Cohesion

Importance

28 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like