Skip to content

Commit

Permalink
Remove redundant "certificate" and "domain" from check:certificate an…
Browse files Browse the repository at this point in the history 
…d check:domain skip and value options
  • Loading branch information
@flavioheleno
flavioheleno committed Sep 16, 2023
1 parent fb7f1e5 commit d33e07d
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 93 deletions.
28 changes: 14 additions & 14 deletions src/Console/Commands/Check/CheckAllCommand.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,9 +187,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int
'command' => 'check:domain',
'domain' => $domain,
'--fail-fast' => $failFast,
'--skip-domain-expiration-date' => !$checks['domainExpirationDate'],
'--skip-domain-registrar-name' => !$checks['domainRegistrarName'],
'--skip-domain-transfer-prohibited' => !$checks['domainTransferProhibited'],
'--skip-expiration-date' => !$checks['domainExpirationDate'],
'--skip-registrar-name' => !$checks['domainRegistrarName'],
'--skip-transfer-prohibited' => !$checks['domainTransferProhibited'],
'--domain-expiration-threshold' => $domainExpirationThreshold,
'--registrar-name' => $registrarName
]
Expand All @@ -206,26 +206,26 @@ protected function execute(InputInterface $input, OutputInterface $output): int
}

if (
$checks['certificateOcspRevoked'] ||
$checks['certificateExpirationDate'] ||
$checks['certificateFingerprint'] ||
$checks['certificateSerialNumber'] ||
$checks['certificateIssuerName']
$checks['certificateIssuerName'] ||
$checks['certificateOcspRevoked']
) {
$certInput = new ArrayInput(
[
'command' => 'check:certificate',
'domain' => $domain,
'--fail-fast' => $failFast,
'--skip-certificate-expiration-date' => !$checks['certificateOcspRevoked'],
'--skip-certificate-fingerprint' => !$checks['certificateExpirationDate'],
'--skip-certificate-serial-number' => !$checks['certificateFingerprint'],
'--skip-certificate-issuer-name' => !$checks['certificateSerialNumber'],
'--skip-certificate-ocsp-revoked' => !$checks['certificateIssuerName'],
'--certificate-expiration-threshold' => $certificateExpirationThreshold,
'--certificate-fingerprint' => $certificateFingerprint,
'--certificate-serial-number' => $certificateSerialNumber,
'--certificate-issuer-name' => $certificateIssuerName
'--skip-expiration-date' => !$checks['certificateExpirationDate'],
'--skip-fingerprint' => !$checks['certificateFingerprint'],
'--skip-serial-number' => !$checks['certificateSerialNumber'],
'--skip-issuer-name' => !$checks['certificateIssuerName'],
'--skip-ocsp-revoked' => !$checks['certificateOcspRevoked'],
'--expiration-threshold' => $certificateExpirationThreshold,
'--fingerprint' => $certificateFingerprint,
'--serial-number' => $certificateSerialNumber,
'--issuer-name' => $certificateIssuerName
]
);

Expand Down
112 changes: 56 additions & 56 deletions src/Console/Commands/Check/CheckCertificateCommand.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,56 +37,56 @@ final class CheckCertificateCommand extends Command {
protected function configure(): void {
$this
->addOption(
'skip-certificate-expiration-date',
'skip-expiration-date',
null,
InputOption::VALUE_NONE,
'Skip Certificate expiration date validation'
)
->addOption(
'certificate-expiration-threshold',
'expiration-threshold',
null,
InputOption::VALUE_REQUIRED,
'Number of days left to certificate expiration that will trigger an error',
5
)
->addOption(
'skip-certificate-fingerprint',
'skip-fingerprint',
null,
InputOption::VALUE_NONE,
'Skip Certificate Fingerprint validation'
)
->addOption(
'certificate-fingerprint',
'fingerprint',
null,
InputOption::VALUE_REQUIRED,
'Certificate\'s Fingerprint'
)
->addOption(
'skip-certificate-serial-number',
'skip-serial-number',
null,
InputOption::VALUE_NONE,
'Skip Certificate Serial Number validation'
)
->addOption(
'certificate-serial-number',
'serial-number',
null,
InputOption::VALUE_REQUIRED,
'Certificate\'s Serial Number'
)
->addOption(
'skip-certificate-issuer-name',
'skip-issuer-name',
null,
InputOption::VALUE_NONE,
'Skip Certificate issuer name validation'
)
->addOption(
'certificate-issuer-name',
'issuer-name',
null,
InputOption::VALUE_REQUIRED,
'Certificate Authority that issued the TLS Certificate'
)
->addOption(
'skip-certificate-ocsp-revoked',
'skip-ocsp-revoked',
null,
InputOption::VALUE_NONE,
'Skip Certificate OCSP revocation validation'
Expand All @@ -106,17 +106,17 @@ protected function configure(): void {

protected function execute(InputInterface $input, OutputInterface $output): int {
$checks = [
'certificateExpirationDate' => (bool)$input->getOption('skip-certificate-expiration-date') === false,
'certificateFingerprint' => (bool)$input->getOption('skip-certificate-fingerprint') === false,
'certificateSerialNumber' => (bool)$input->getOption('skip-certificate-serial-number') === false,
'certificateIssuerName' => (bool)$input->getOption('skip-certificate-issuer-name') === false,
'certificateOcspRevoked' => (bool)$input->getOption('skip-certificate-ocsp-revoked') === false
'expirationDate' => (bool)$input->getOption('skip-expiration-date') === false,
'fingerprint' => (bool)$input->getOption('skip-fingerprint') === false,
'serialNumber' => (bool)$input->getOption('skip-serial-number') === false,
'issuerName' => (bool)$input->getOption('skip-issuer-name') === false,
'ocspRevoked' => (bool)$input->getOption('skip-ocsp-revoked') === false
];

$certificateExpirationThreshold = (int)$input->getOption('certificate-expiration-threshold');
$certificateFingerprint = (string)$input->getOption('certificate-fingerprint');
$certificateSerialNumber = (string)$input->getOption('certificate-serial-number');
$certificateIssuerName = (string)$input->getOption('certificate-issuer-name');
$expirationThreshold = (int)$input->getOption('expiration-threshold');
$fingerprint = (string)$input->getOption('fingerprint');
$serialNumber = (string)$input->getOption('serial-number');
$issuerName = (string)$input->getOption('issuer-name');

$failFast = (bool)$input->getOption('fail-fast');
$domain = $input->getArgument('domain');
Expand All @@ -129,24 +129,24 @@ protected function execute(InputInterface $input, OutputInterface $output): int
->addRows(
[
[
'Certificate Expiration Date',
($checks['certificateExpirationDate'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
'Expiration Date',
($checks['expirationDate'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
],
[
'Certificate Fingerprint',
($checks['certificateFingerprint'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
'Fingerprint',
($checks['fingerprint'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
],
[
'Certificate Serial Number',
($checks['certificateSerialNumber'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
'Serial Number',
($checks['serialNumber'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
],
[
'Certificate Issuer Name',
($checks['certificateIssuerName'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
'Issuer Name',
($checks['issuerName'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
],
[
'Certificate OCSP Revoked',
($checks['certificateOcspRevoked'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
'OCSP Revoked',
($checks['ocspRevoked'] ? '<fg=green>enabled</>' : '<fg=red>disabled</>')
]
]
)
Expand All @@ -156,16 +156,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int
}

$errors = [];
if ($checks['certificateFingerprint'] === true && trim($certificateFingerprint) === '') {
$errors[] = '<options=bold>--certificate-fingerprint</> option is required unless <options=bold>--skip-certificate-fingerprint</> is set';
if ($checks['fingerprint'] === true && trim($fingerprint) === '') {
$errors[] = '<options=bold>--fingerprint</> option is required unless <options=bold>--skip-fingerprint</> is set';
}

if ($checks['certificateSerialNumber'] === true && trim($certificateSerialNumber) === '') {
$errors[] = '<options=bold>--certificate-serial-number</> option is required unless <options=bold>--skip-certificate-serial-number</> is set';
if ($checks['serialNumber'] === true && trim($serialNumber) === '') {
$errors[] = '<options=bold>--serial-number</> option is required unless <options=bold>--skip-serial-number</> is set';
}

if ($checks['certificateIssuerName'] === true && trim($certificateIssuerName) === '') {
$errors[] = '<options=bold>--certificate-issuer-name</> option is required unless <options=bold>--skip-certificate-issuer-name</> is set';
if ($checks['issuerName'] === true && trim($issuerName) === '') {
$errors[] = '<options=bold>--issuer-name</> option is required unless <options=bold>--skip-issuer-name</> is set';
}

if (filter_var($domain, FILTER_VALIDATE_DOMAIN, ['flags' => FILTER_FLAG_HOSTNAME]) === false) {
Expand All @@ -179,11 +179,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
}

$needCertificate = (
$checks['certificateOcspRevoked'] ||
$checks['certificateExpirationDate'] ||
$checks['certificateFingerprint'] ||
$checks['certificateSerialNumber'] ||
$checks['certificateIssuerName']
$checks['expirationDate'] ||
$checks['fingerprint'] ||
$checks['serialNumber'] ||
$checks['issuerName'] ||
$checks['ocspRevoked']
);

if ($needCertificate === false) {
Expand Down Expand Up @@ -271,7 +271,7 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
}
}

if ($checks['certificateExpirationDate'] === true) {
if ($checks['expirationDate'] === true) {
$output->writeln(
sprintf(
'Certificate expiration date: <options=bold>%s</>',
Expand All @@ -295,12 +295,12 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
}
}

if ($interval->days <= $certificateExpirationThreshold) {
if ($interval->days <= $expirationThreshold) {
$errors[] = sprintf(
'Certificate for domain "%s" will expire in %d days (threshold: %d)',
$domain,
$interval->days,
$certificateExpirationThreshold
$expirationThreshold
);

if ($failFast === true) {
Expand All @@ -319,9 +319,9 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
);
}

if ($checks['certificateFingerprint'] === true) {
$fingerprint = openssl_x509_fingerprint($certInfo[0]['Cert'], 'sha-256');
if ($fingerprint === false) {
if ($checks['fingerprint'] === true) {
$certFingerprint = openssl_x509_fingerprint($certInfo[0]['Cert'], 'sha-256');
if ($certFingerprint === false) {
$errors[] = 'Failed to calculate the Certificate\'s Fingerprint';

if ($failFast === true) {
Expand All @@ -334,17 +334,17 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
$output->writeln(
sprintf(
'Certificate Fingerprint: <options=bold>%s</>',
$fingerprint
$certFingerprint
),
OutputInterface::VERBOSITY_DEBUG
);

if ($fingerprint !== $certificateFingerprint) {
if ($fingerprint !== $certFingerprint) {
$errors[] = sprintf(
'Certificate fingerprint for domain "%s" does not match the expected "%s", found: "%s"',
$domain,
$certificateFingerprint,
$fingerprint
$fingerprint,
$certFingerprint
);

if ($failFast === true) {
Expand All @@ -355,7 +355,7 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
}
}

if ($checks['certificateSerialNumber'] === true) {
if ($checks['serialNumber'] === true) {
if ($parsedCertificate->getSerialNumber() === null) {
$errors[] = 'Failed to retrieve the Certificate\'s Serial Number';

Expand All @@ -374,11 +374,11 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
OutputInterface::VERBOSITY_DEBUG
);

if ($parsedCertificate->getSerialNumber() !== $certificateSerialNumber) {
if ($parsedCertificate->getSerialNumber() !== $serialNumber) {
$errors[] = sprintf(
'Certificate Serial Number for domain "%s" does not match the expected "%s", found: "%s"',
$domain,
$certificateSerialNumber,
$serialNumber,
$parsedCertificate->getSerialNumber()
);

Expand All @@ -390,7 +390,7 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
}
}

if ($checks['certificateIssuerName'] === true) {
if ($checks['issuerName'] === true) {
if ($parsedCertificate->getIssuer() === null) {
$errors[] = 'Failed to retrieve the Certificate\'s Issuer Name';

Expand All @@ -409,11 +409,11 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
OutputInterface::VERBOSITY_DEBUG
);

if ($parsedCertificate->getIssuer() !== $certificateIssuerName) {
if ($parsedCertificate->getIssuer() !== $issuerName) {
$errors[] = sprintf(
'Certificate Issuer Name for domain "%s" does not match the expected "%s", found: "%s"',
$domain,
$certificateIssuerName,
$issuerName,
$parsedCertificate->getIssuer()
);

Expand All @@ -425,7 +425,7 @@ static function (Certificate|null $issuer, string $certificate): Certificate {
}
}

if ($checks['certificateOcspRevoked'] === true) {
if ($checks['ocspRevoked'] === true) {
$certificate = $this->certLoader->fromString($certInfo[0]['Cert']);
$issuerCertificate = $this->certLoader->fromString($certInfo[1]['Cert']);
$ocspResponderUrl = $this->certInfo->extractOcspResponderUrl($certificate);
Expand Down
Loading

0 comments on commit d33e07d

Please sign in to comment.