jinomial/laravel-ssl
Composer 安装命令:
composer require jinomial/laravel-ssl
包简介
An SSL service for Laravel
README 文档
README
An SSL/TLS service and facade for Laravel. Capture peer certificates using 'openssl' or 'stream' drivers, or create your own driver.
| Driver | Description |
|---|---|
| openssl | Executes the openssl command |
| stream | PHP's stream_*() functions |
| file | Parses local certificate files |
Installation
Install the package via composer:
composer require jinomial/laravel-ssl
The default configuration is to use the openssl driver.
'openssl' => [ 'driver' => 'openssl', ],
Publish the config file to change the default driver:
php artisan vendor:publish --provider="Jinomial\LaravelSsl\SslServiceProvider" --tag="laravel-ssl-config"
Usage
Capture the certificate of jinomial.com:443 using the default driver:
use Jinomial\LaravelSsl\Facades\Ssl; // Returns a CertificateCollection $certificates = Ssl::show('google.com'); $cert = $certificates->first(); echo $cert->getCommonName(); // "google.com" echo $cert->isValid() ? 'Valid' : 'Expired/Invalid'; echo $cert->getValidTo()->diffForHumans(); // "in 3 months"
Certificate Helper Methods
The Certificate DTO provides several helpful methods:
| Method | Description |
|---|---|
isValid() |
Returns true if the cert is not expired and verification passed |
isExpired() |
Returns true if the current time is past the validTo date |
getCommonName() |
Get the Common Name (CN) from the subject |
getIssuerCommonName() |
Get the Common Name (CN) from the issuer |
getValidFrom() |
Returns a Carbon instance for the start date |
getValidTo() |
Returns a Carbon instance for the expiration date |
getSubjectAlternativeNames() |
Returns an array of SANs |
getHost() / getPort() |
The connection details used for this certificate |
Advanced Usage
Multiple lookups at once:
$results = Ssl::show([ ['host' => 'google.com', 'port' => '443'], ['host' => 'github.com', 'port' => '443'], ]); // Find a specific result $githubCert = $results->where('host', 'github.com')->first();
Use a specific driver:
$response = Ssl::driver('stream')->show('google.com', '443', [ // Get the certificate only without the CA Chain. \Jinomial\LaravelSsl\Drivers\Stream::OPTION_CHAIN => false, ]);
The openssl driver executes the openssl binary (must be in your $PATH) to retrieve the X509 certificate.
Each response is indexed.
certificate is the return value from openssl_x509_parse().
verification contains the verification code and verification message.
Array
(
[0] => Array
(
[certificate] => Array
(
[name] => /C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
[subject] => Array
(
[C] => US
[ST] => California
[L] => San Francisco
[O] => Cloudflare, Inc.
[CN] => sni.cloudflaressl.com
)
[hash] => c959965e
[issuer] => Array
(
[C] => US
[O] => Cloudflare, Inc.
[CN] => Cloudflare Inc ECC CA-3
)
[version] => 2
[serialNumber] => 7490133585878873344260773043003356172
[serialNumberHex] => 05A28C18F8F74ACBCCF6A4542736740C
[validFrom] => 211004000000Z
[validTo] => 221003235959Z
[validFrom_time_t] => 1633305600
[validTo_time_t] => 1664841599
[signatureTypeSN] => ecdsa-with-SHA256
[signatureTypeLN] => ecdsa-with-SHA256
[signatureTypeNID] => 794
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] =>
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] =>
[2] => sslserver
)
[3] => Array
(
[0] =>
[1] =>
[2] => nssslserver
)
[4] => Array
(
[0] =>
[1] =>
[2] => smimesign
)
[5] => Array
(
[0] =>
[1] =>
[2] => smimeencrypt
)
[6] => Array
(
[0] =>
[1] =>
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] =>
[2] => ocsphelper
)
[9] => Array
(
[0] =>
[1] =>
[2] => timestampsign
)
)
[extensions] => Array
(
[authorityKeyIdentifier] => keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
[subjectKeyIdentifier] => 1B:20:D1:CD:00:32:24:77:9F:F8:22:94:0F:B6:48:7F:39:B1:BE:C8
[subjectAltName] => DNS:*.jinomial.com, DNS:sni.cloudflaressl.com, DNS:jinomial.com
[keyUsage] => Digital Signature
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[crlDistributionPoints] =>
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
[certificatePolicies] => Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
[authorityInfoAccess] => OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
[basicConstraints] => CA:FALSE
[ct_precert_scts] => Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
Timestamp : Oct 4 22:14:44.288 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:48:67:EF:28:F6:F2:B7:C8:F5:0D:7C:3D:
21:7B:D3:C9:37:4E:B2:7C:AC:70:22:9D:7F:4C:75:D1:
27:97:89:9C:02:21:00:D9:44:6B:10:0B:F0:6E:2D:99:
79:77:D7:C8:91:51:C5:E9:50:92:13:EE:99:80:50:FF:
CB:BD:E6:87:5F:47:A6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
Timestamp : Oct 4 22:14:44.292 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:02:92:85:B2:A1:C6:09:18:E5:F4:48:12:
32:C9:D6:FF:AE:F8:85:DC:E0:06:0D:CB:86:62:5C:E1:
24:6B:F3:7D:02:20:03:20:01:0B:91:19:AD:4A:87:18:
FA:5F:A3:98:13:95:CD:EC:8E:1D:63:22:EB:6A:E2:FE:
33:BC:B1:D8:6C:6B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
Timestamp : Oct 4 22:14:44.184 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C3:35:6C:A6:27:01:94:88:CF:85:C6:
3D:33:06:08:DE:BB:14:61:D4:34:8C:AD:A4:24:1B:0F:
FB:A7:17:13:EA:02:21:00:AE:AB:D7:C2:22:B6:FA:FE:
7E:20:DA:94:44:18:41:91:DB:98:AC:EA:F8:03:36:57:
D5:7C:33:4B:71:03:05:9B
)
)
[verification] => Array
(
[code] => 0
[message] => ok
)
)
)
Local File Driver
You can also parse local certificate files using the file driver. This is useful for checking certificates stored on disk.
use Jinomial\LaravelSsl\Facades\Ssl; // Provide a path to a certificate file $certificates = Ssl::driver('file')->show('/path/to/certificate.crt');
The id-ad-caIssuers property can be followed to get the issuer certificate:
$response = Ssl::show( 'http://cacerts.digicert.com/CloudflareIncECCCA-3.crt', 443, ['id-ad-caIssuers' => true] );
stream driver responses
The stream driver uses PHP's stream_* functions and SSL context to capture entire peer certificate chains.
Each response is indexed. The subindex is the chain sequence with 0 being the host, 1 being the issuer (if not self signed), etc. Results are the return value from openssl_x509_parse().
Artisan Commands
Show Certificate
Show details for a specific host:
php artisan ssl:show google.com
Bulk SSL Check
Monitor multiple hosts at once. This command can check hosts provided as arguments or those configured in config/ssl.php.
# Check specific hosts php artisan ssl:check google.com github.com # Check all hosts configured in ssl.monitored_hosts php artisan ssl:check
The command will output a table showing the status, common name, and expiration time for each host.
Custom Drivers
Create a class that extends Jinomial\LaravelSsl\Drivers\Driver.
Implement public function show() according to the Jinomial\LaravelSsl\Contracts\Ssl\Driver contract.
Register a driver factory with the Jinomial\LaravelSsl\SslManager.
/** * Application service provider bootstrap for package services. * * \App\Ssl\Drivers\SslCapture is my custom driver class I made. * The SslManager needs to know how to construct it. */ public function boot(): void { $sslLoader = $this->app->get(\Jinomial\LaravelSsl\SslManager::class); $driverName = 'my-custom-driver'; $sslLoader->extend($driverName, function () use ($driverName) { return new \App\Ssl\Drivers\SslCapture($driverName); }); }
Testing
Run all tests:
composer test
Test suites are separated into "unit" and "integration". Run each suite:
composer test:unit composer test:integration
Tests are grouped into the following groups:
- network
- drivers
- openssl
- manager
- facades
- commands
Run tests for groups:
composer test -- --include=manager,facades
Network tests make remote calls that can take time or fail. Exclude them:
composer test:unit -- --exclude=network
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.
jinomial/laravel-ssl 适用场景与选型建议
jinomial/laravel-ssl 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 19 次下载、GitHub Stars 达 2, 最近一次更新时间为 2021 年 10 月 30 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「ssl」 「tls」 「laravel-ssl」 「jinomial」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 jinomial/laravel-ssl 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 jinomial/laravel-ssl 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 jinomial/laravel-ssl 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A simple package that adds the impersonate operation for admins
OriginPHP Socket
Let's Encrypt / ACME client written in PHP for the CLI.
A flexible FTP, SSL-FTP, and SSH-based SFTP client for PHP. This lib provides helpers that are easy to use to manage the remote files.
SSL Certificates Module for MyAdmin
Transport-agnostic TLS encryption for any connected stream
统计信息
- 总下载量: 19
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-10-30