remove unneccessary dependencies
This commit is contained in:
David Stone
@ -9,11 +9,10 @@
|
||||
|
||||
namespace WP_Ultimo\Domain_Mapping;
|
||||
|
||||
use Spatie\SslCertificate\SslCertificate;
|
||||
use Psr\Log\LogLevel;
|
||||
|
||||
// Exit if accessed directly
|
||||
defined('ABSPATH') || exit;
|
||||
defined( 'ABSPATH' ) || exit;
|
||||
|
||||
/**
|
||||
* Helper class for domain mapping functionality.
|
||||
@ -49,7 +48,7 @@ class Helper {
|
||||
|
||||
$site_url = site_url();
|
||||
|
||||
$is_development_mode = preg_match('#(localhost|staging.*\.|\.local|\.test)#', $site_url);
|
||||
$is_development_mode = preg_match( '#(localhost|staging.*\.|\.local|\.test)#', $site_url );
|
||||
|
||||
/**
|
||||
* Allow plugin developers to add additional tests
|
||||
@ -61,21 +60,19 @@ class Helper {
|
||||
* @param string $site_url The site URL.
|
||||
* @return bool
|
||||
*/
|
||||
return apply_filters('wu_is_development_mode', $is_development_mode, $site_url);
|
||||
|
||||
return apply_filters( 'wu_is_development_mode', $is_development_mode, $site_url );
|
||||
} // end is_development_mode;
|
||||
/**
|
||||
* Gets the local IP address of the network.
|
||||
*
|
||||
* Sometimes, this will be the same address as the public one, but we need different methods.
|
||||
*
|
||||
* @since 2.0.0
|
||||
* @return string|bool
|
||||
*/
|
||||
public static function get_local_network_ip() {
|
||||
|
||||
return isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : false;
|
||||
/**
|
||||
* Gets the local IP address of the network.
|
||||
*
|
||||
* Sometimes, this will be the same address as the public one, but we need different methods.
|
||||
*
|
||||
* @since 2.0.0
|
||||
* @return string|bool
|
||||
*/
|
||||
public static function get_local_network_ip() {
|
||||
|
||||
return isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : false;
|
||||
} // end get_local_network_ip;
|
||||
|
||||
/**
|
||||
@ -90,43 +87,38 @@ class Helper {
|
||||
*/
|
||||
public static function get_network_public_ip() {
|
||||
|
||||
if (self::is_development_mode()) {
|
||||
|
||||
if ( self::is_development_mode() ) {
|
||||
$local_ip = self::get_local_network_ip();
|
||||
|
||||
/**
|
||||
* See more about this filter below, on this same method.
|
||||
*/
|
||||
return apply_filters('wu_get_network_public_ip', $local_ip, true);
|
||||
|
||||
return apply_filters( 'wu_get_network_public_ip', $local_ip, true );
|
||||
} // end if;
|
||||
|
||||
$_ip_address = get_site_transient('wu_public_network_ip');
|
||||
|
||||
if (!$_ip_address) {
|
||||
$_ip_address = get_site_transient( 'wu_public_network_ip' );
|
||||
|
||||
if ( ! $_ip_address ) {
|
||||
$ip_address = false;
|
||||
|
||||
foreach (self::$providers as $provider_url) {
|
||||
foreach ( self::$providers as $provider_url ) {
|
||||
$response = wp_remote_get(
|
||||
$provider_url,
|
||||
array(
|
||||
'timeout' => 5,
|
||||
)
|
||||
);
|
||||
|
||||
$response = wp_remote_get($provider_url, array(
|
||||
'timeout' => 5,
|
||||
));
|
||||
|
||||
if (!is_wp_error($response)) {
|
||||
|
||||
$ip_address = trim(wp_remote_retrieve_body($response));
|
||||
if ( ! is_wp_error( $response ) ) {
|
||||
$ip_address = trim( wp_remote_retrieve_body( $response ) );
|
||||
|
||||
continue;
|
||||
|
||||
} // end if;
|
||||
|
||||
} // end foreach;
|
||||
|
||||
set_site_transient('wu_public_network_ip', $ip_address, 10 * DAY_IN_SECONDS);
|
||||
set_site_transient( 'wu_public_network_ip', $ip_address, 10 * DAY_IN_SECONDS );
|
||||
|
||||
$_ip_address = $ip_address;
|
||||
|
||||
} // end if;
|
||||
|
||||
/**
|
||||
@ -143,10 +135,8 @@ class Helper {
|
||||
* @param bool $local True if this is a local network (localhost, .dev, etc.), false otherwise.
|
||||
* @return string The new IP address.
|
||||
*/
|
||||
return apply_filters('wu_get_network_public_ip', $_ip_address, false);
|
||||
|
||||
return apply_filters( 'wu_get_network_public_ip', $_ip_address, false );
|
||||
} // end get_network_public_ip;
|
||||
|
||||
/**
|
||||
* Checks if a given domain name has a valid associated SSL certificate.
|
||||
*
|
||||
@ -156,24 +146,93 @@ class Helper {
|
||||
* @return boolean
|
||||
*/
|
||||
public static function has_valid_ssl_certificate($domain = '') {
|
||||
|
||||
$is_valid = false;
|
||||
|
||||
// Ensure the domain is not empty.
|
||||
if (empty($domain)) {
|
||||
return $is_valid;
|
||||
}
|
||||
|
||||
// Add 'https://' if not already present to use SSL context properly.
|
||||
$domain = strpos($domain, 'https://') === 0 ? $domain : 'https://' . $domain;
|
||||
|
||||
try {
|
||||
// Create SSL context to fetch the certificate.
|
||||
$context = stream_context_create(
|
||||
array(
|
||||
'ssl' => array(
|
||||
'capture_peer_cert' => true,
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
$certificate = SslCertificate::createForHostName($domain);
|
||||
// Open a stream to the domain over SSL.
|
||||
$stream = @stream_socket_client(
|
||||
'ssl://' . parse_url($domain, PHP_URL_HOST) . ':443',
|
||||
$errno,
|
||||
$errstr,
|
||||
10,
|
||||
STREAM_CLIENT_CONNECT,
|
||||
$context
|
||||
);
|
||||
|
||||
$is_valid = $certificate->isValid($domain); // returns bool;
|
||||
// If stream could not be established, SSL is invalid.
|
||||
if (!$stream) {
|
||||
throw new \Exception($errstr);
|
||||
}
|
||||
|
||||
// Retrieve the certificate and parse its details.
|
||||
$options = stream_context_get_options($context);
|
||||
|
||||
if (isset($options['ssl']['peer_certificate'])) {
|
||||
$cert = openssl_x509_parse($options['ssl']['peer_certificate']);
|
||||
|
||||
if ($cert) {
|
||||
// Verify the certificate's validity period.
|
||||
$current_time = time();
|
||||
$valid_from = $cert['validFrom_time_t'] ?? 0;
|
||||
$valid_to = $cert['validTo_time_t'] ?? 0;
|
||||
|
||||
// Check if the certificate is currently valid.
|
||||
if ($current_time >= $valid_from && $current_time <= $valid_to) {
|
||||
$host = parse_url($domain, PHP_URL_HOST);
|
||||
|
||||
// Check that the domain matches the certificate.
|
||||
$common_name = $cert['subject']['CN'] ?? ''; // Common Name (CN)
|
||||
$alt_names = $cert['extensions']['subjectAltName'] ?? ''; // Subject Alternative Names (SAN)
|
||||
|
||||
// Parse SAN into an array if present.
|
||||
$alt_names_array = array_filter(array_map('trim', explode(',', str_replace('DNS:', '', $alt_names))));
|
||||
$alt_names_array[] = $common_name;
|
||||
// Check if the host matches either the CN, any SAN entry, or supports a wildcard match.
|
||||
if (
|
||||
$host === $common_name ||
|
||||
in_array( $host, $alt_names_array, true )
|
||||
) {
|
||||
$is_valid = true;
|
||||
} else {
|
||||
foreach ($alt_names_array as $alt_name) {
|
||||
if ( strpos($alt_name, '*.') === 0 && str_ends_with( $host, substr($alt_name, 1) )) {
|
||||
$is_valid = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Close the stream after processing.
|
||||
fclose($stream);
|
||||
} catch (\Exception $e) {
|
||||
|
||||
// translators: %s is the error message returned by the checker.
|
||||
wu_log_add('domain-ssl-checks', sprintf(__('Certificate Invalid: %s', 'wp-ultimo'), $e->getMessage()), LogLevel::ERROR);
|
||||
|
||||
} // end try;
|
||||
// Log the error message.
|
||||
wu_log_add(
|
||||
'domain-ssl-checks',
|
||||
sprintf(__('Certificate Invalid: %s', 'wp-ultimo'), $e->getMessage()),
|
||||
LogLevel::ERROR
|
||||
);
|
||||
}
|
||||
|
||||
return $is_valid;
|
||||
|
||||
} // end has_valid_ssl_certificate;
|
||||
|
||||
} // end class Helper;
|
||||
|
||||
Reference in New Issue
Block a user