通过
搜索
搜索jalle19 / certificate-parser
适用于PHP的合适SSL/TLS证书解析库
3.1.0
2017-01-08 13:20 UTC
Requires
- php: >=7.0
- ext-openssl: *
- acmephp/ssl: 1.0.*@beta
Requires (Dev)
- phpunit/phpunit: ^5.6
README
适用于PHP的合适SSL/TLS证书解析库
动机
目前市场上已经存在几个PHP证书解析器,但它们都存在一些不足。有些缺少可配置性(例如,无法将端口更改为443以外的值),有些错误处理能力平庸(或根本没有),而有些不允许解析被认为是无效的证书(例如,已过期或自签名的证书)。
特性
- 完全可配置。此库使用提供者在解析之前获取底层X.509证书。这意味着您还可以解析例如本地PEM文件,而不仅仅是来自远程URL的证书。
- 容错。PHP默认设置在解析证书时引发错误并不意味着您不想解析它。此库可以处理自签名证书和域名不匹配的证书。
- 细粒度错误处理。对于各种故障场景有多种异常类型,因此您可以选择确切地处理每种类型的错误。
要求
- PHP >= 7.0且支持OpenSSL
安装
composer require jalle19/certificate-parser
使用
<?php use AcmePhp\Ssl\Exception\CertificateParsingException; use Jalle19\CertificateParser\Provider\Exception\FileNotFoundException; use Jalle19\CertificateParser\Provider\Exception\ProviderException; use Jalle19\CertificateParser\Provider\Exception\ConnectionTimeoutException; use Jalle19\CertificateParser\Provider\Exception\DomainMismatchException; use Jalle19\CertificateParser\Provider\Exception\NameResolutionException; use Jalle19\CertificateParser\Provider\Exception\CertificateNotFoundException; use Jalle19\CertificateParser\Parser; use Jalle19\CertificateParser\Provider\LocalFileProvider; use Jalle19\CertificateParser\Provider\StreamContext; use Jalle19\CertificateParser\Provider\StreamSocketProvider; require_once(__DIR__ . '/../vendor/autoload.php'); // Create a provider. The provider is used to retrieve the raw certificate details from a URL. // If you don't want DomainMismatchException to be thrown if the peer name doesn't match, pass // false as the last parameter to the constructor. $provider = new StreamSocketProvider('www.google.com'); // You can manipulate the stream context used when fetching the certificate by passing a StreamContext // object to the constructor or using the setter $provider->setStreamContext(new StreamContext()); // Create the parser instance $parser = new Parser(); // Parse the certificate and print some details about it. Handle all exception types separately // to illustrate what can be thrown try { $parserResults = $parser->parse($provider); // Now we can inspect the certificate $certificate = $parserResults->getParsedCertificate(); echo 'Issuer: ' . $certificate->getIssuer() . PHP_EOL; echo 'Subject: ' . $certificate->getSubject() . PHP_EOL; echo 'Subject alternate names: ' . implode(', ', $certificate->getSubjectAlternativeNames()) . PHP_EOL; echo 'Valid until: ' . $certificate->getValidTo()->format('r') . PHP_EOL; // We can also inspect the raw certificate directly $rawCertificate = $parserResults->getRawCertificate(); // We can also get the certificate fingerprint $fingerprint = $parserResults->getFingerprint(); // We can also get the certificate in PEM format (as a string) $pemString = $parserResults->getPemString(); // Let's parse a certificate from a local file instead $parserResults = $parser->parse(new LocalFileProvider(__DIR__ . '/../resources/ssl-cert-snakeoil.pem')); $certificate = $parserResults->getParsedCertificate(); echo PHP_EOL . 'Local file issuer: ' . $certificate->getIssuer() . PHP_EOL; } catch (NameResolutionException $e) { } catch (CertificateNotFoundException $e) { } catch (DomainMismatchException $e) { } catch (ConnectionTimeoutException $e) { } catch (FileNotFoundException $e) { // Thrown by LocalFileProvider if the specified PEM file doesn't exist } catch (ProviderException $e) { // All of the above exceptions inherit from this one, so if you don't what happened you // can just catch this var_dump($e->getMessage()); } catch (CertificateParsingException $e) { // The certificate was successfully retrieved but couldn't be parsed var_dump($e->getMessage()); }
您还可以在examples/目录中找到此示例。如果您使用php examples/example.php运行它,它应该打印出类似以下内容
Issuer: Google Internet Authority G2
Subject: www.google.com
Subject alternate names: www.google.com
Valid until: Thu, 26 Jan 2017 01:13:00 +0000
编写自定义提供者
此库附带两个提供者
StreamSocketProvider- 使用stream_socket_client从远程服务器检索证书LocalFileProvider- 使用本地文件检索证书
如果这些不符合您的需求,请通过实现ProviderInterface接口创建一个新的提供者。
许可证
MIT
鸣谢
- https://github.com/acmephp/ssl 提供实际的解析器
- https://github.com/spatie/ssl-certificate 及其他人提供灵感