From 8d1c3b2ea8edd45bd7f6e3936ada7791fa5744bd Mon Sep 17 00:00:00 2001 From: Aaron Gerig Date: Mon, 14 Mar 2022 11:53:47 +0100 Subject: [PATCH] refactor: make HTTPS connection check work without request available (CLI mode) --- .../Check/HttpsConnection.php | 35 +++++++++++++------ .../Resources/config/services/checks.yaml | 2 +- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/PimcoreMonitorBundle/Check/HttpsConnection.php b/src/PimcoreMonitorBundle/Check/HttpsConnection.php index 78f4fbc..d796d87 100644 --- a/src/PimcoreMonitorBundle/Check/HttpsConnection.php +++ b/src/PimcoreMonitorBundle/Check/HttpsConnection.php @@ -7,20 +7,18 @@ use Laminas\Diagnostics\Result\Skip; use Laminas\Diagnostics\Result\Success; use Laminas\Diagnostics\Result\Warning; -use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpFoundation\RequestStack; class HttpsConnection extends AbstractCheck { protected const IDENTIFIER = 'system:https_connection'; protected bool $skip; - protected ?Request $request; + protected array $systemConfig; - public function __construct(bool $skip, RequestStack $requestStack) + public function __construct(bool $skip, array $systemConfig) { $this->skip = $skip; - $this->request = $requestStack->getMainRequest() ?: $requestStack->getCurrentRequest(); + $this->systemConfig = $systemConfig; } /** @@ -32,17 +30,34 @@ public function check(): ResultInterface return new Skip('Check was skipped'); } - if (null === $this->request) { + $host = $this->systemConfig['general']['domain'] ?? null; + + if (null === $host) { return new Warning('HTTPS encryption could not be checked'); } - $enabled = $this->request->isSecure(); + // Create a stream context + $stream = stream_context_create(['ssl' => ['capture_peer_cert' => true]]); + $url = sprintf('https://%s', $host); + + try { + // Bind the resource $url to $stream + $read = fopen($url, 'rb', false, $stream); + + // Get the stream parameters + $params = stream_context_get_params($read); + } catch (\Exception) { + // Ignore exceptions thrown ... + } + + // Check if SSL certificate is present + $cert = $params['options']['ssl']['peer_certificate'] ?? null; - if (! $enabled) { - return new Failure('HTTPS encryption not activated', $enabled); + if (null === $cert) { + return new Failure('HTTPS encryption not activated', false); } - return new Success('HTTPS encryption activated', $enabled); + return new Success('HTTPS encryption activated', true); } /** diff --git a/src/PimcoreMonitorBundle/Resources/config/services/checks.yaml b/src/PimcoreMonitorBundle/Resources/config/services/checks.yaml index cbfce16..72fb25a 100644 --- a/src/PimcoreMonitorBundle/Resources/config/services/checks.yaml +++ b/src/PimcoreMonitorBundle/Resources/config/services/checks.yaml @@ -40,7 +40,7 @@ services: Wvision\Bundle\PimcoreMonitorBundle\Check\HttpsConnection: arguments: - '%pimcore_monitor.checks.https_connection.skip%' - - '@Symfony\Component\HttpFoundation\RequestStack' + - '%pimcore.config%' tags: - { name: pimcore_monitor.check, alias: https_connection }