Sindbad~EG File Manager
<?php
namespace App\Command;
use App\Entity\Redis\VhostEntity;
use App\Orm\RedisEntityManager;
use App\Repository\Redis\VhostRepository;
use App\Service\Ocsp\OcspFetcher;
use App\Service\Ocsp\OcspResponse;
use Ocsp\Asn1\Der\Decoder;
use Ocsp\Asn1\Element;
use Ocsp\Asn1\Tag;
use Ocsp\Asn1\UniversalTagID;
use Predis\Client;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Command\LockableTrait;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Contracts\HttpClient\HttpClientInterface;
class OcspGenerate extends Command
{
use LockableTrait;
protected static $defaultName = 'app:ocsp-generate';
/**
* @var RedisEntityManager
*/
private $redisEM;
/**
* @var Client
*/
private $predis;
/**
* @var OcspFetcher
*/
private $ocspFetcher;
/**
* @var VhostRepository
*/
private $vhostRepository;
public function __construct(OcspFetcher $ocspFetcher, VhostRepository $vhostRepository, Client $predis, RedisEntityManager $redisEntityManager)
{
parent::__construct();
$this->redisEM = $redisEntityManager;
$this->predis = $predis;
$this->ocspFetcher = $ocspFetcher;
$this->vhostRepository = $vhostRepository;
}
protected function configure(){
$this
->setDescription("Check if we have the OCSP response for each certificate and request a new OCSP Response if needed")
->addOption('force', 'f',InputOption::VALUE_OPTIONAL, 'Force the a refresh of OCSP Response', false)
->setHelp("This comment will check for each certificate we manage on this server if we have a valid (not expired) OCSP response for the stapling on Openresty. It will request an OCSP Response if needed.");
}
protected function execute(InputInterface $input, OutputInterface $output){
if (!$this->lock()) {
$output->writeln('The command is already running in another process.');
return 0;
}
if($input->hasOption('force')){
$force = $input->getOption('force') === true || $input->getOption('force') == 'true'
? true
: false;
} else {
$force = false;
}
foreach($this->vhostRepository->getAllKeys('*') as $k){
$vhost = $this->vhostRepository->get($k);
$output->writeln("Checking $k");
if(!$vhost instanceof VhostEntity){
$output->writeln("Ignoring... $k");
continue;
}
if($vhost->getisSslAvailable() != 1){
$output->writeln("Ignoring... $k (no SSL)");
continue;
}
if(empty($vhost->getRawSslContent())){
$output->writeln("Ignoring... $k (no SSL)");
continue;
}
if(!empty($vhost->getOcsp()) && !$force){
$ocspResponse = $this->ocspFetcher->validateOcsp($vhost->getOcsp());
if($ocspResponse instanceof OcspResponse && $ocspResponse->isValid()
&& $ocspResponse->getNextUpdate() > new \DateTimeImmutable('+2 hours')){
$output->writeln("Ignoring... $k (OCSP already set and valid)");
continue;
}
}
$pemCertificate = $this->ocspFetcher->extractCertificateFromPemString($vhost->getRawSslContent());
if(empty($pemCertificate)){
$output->writeln("Ignoring... $k (cant extract the PEM)");
continue;
}
$ocspResponse = $this->ocspFetcher->fetchOcsp($pemCertificate);
if(!$ocspResponse instanceof OcspResponse){
$output->writeln("Ignoring... $k (cant fetch the OCSP)");
continue;
}
if(!$ocspResponse->isValid()){
$output->writeln("Ignoring... $k (OCSP seems invalid)");
continue;
}
$vhost->setOcsp($ocspResponse->getDerOcspResponse());
$this->redisEM->persist($vhost);
$output->writeln("OK. $k OCSP Updated");
}
return Command::SUCCESS;
}
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists