public function testGetCertificateNames()
{
$certificate['subject']['commonName'] = 'example.net';
$certificate['extensions']['subjectAltName'] = 'DNS: example.com, IP: 127.0.0.1, DNS: getcomposer.org, Junk: blah, DNS: composer.example.org';
$names = TlsHelper::getCertificateNames($certificate);
$this->assertSame('example.net', $names['cn']);
$this->assertSame(array('example.com', 'getcomposer.org', 'composer.example.org'), $names['san']);
}
/**
* Fetch certificate common name and fingerprint for validation of SAN.
*
* @todo Remove when PHP 5.6 is minimum supported version.
*/
private function getCertificateCnAndFp($url, $options)
{
if (PHP_VERSION_ID >= 50600) {
throw new \BadMethodCallException(sprintf('%s must not be used on PHP >= 5.6', __METHOD__));
}
$context = StreamContextFactory::getContext($url, $options, array('options' => array('ssl' => array('capture_peer_cert' => true, 'verify_peer' => false))));
// Ideally this would just use stream_socket_client() to avoid sending a
// HTTP request but that does not capture the certificate.
if (false === ($handle = @fopen($url, 'rb', false, $context))) {
return;
}
// Close non authenticated connection without reading any content.
fclose($handle);
$handle = null;
$params = stream_context_get_params($context);
if (!empty($params['options']['ssl']['peer_certificate'])) {
$peerCertificate = $params['options']['ssl']['peer_certificate'];
if (TlsHelper::checkCertificateHost($peerCertificate, parse_url($url, PHP_URL_HOST), $commonName)) {
return array('cn' => $commonName, 'fp' => TlsHelper::getCertificateFingerprint($peerCertificate));
}
}
}