Skip to content

Commit

Permalink
use regex to check for diff variations of PEM headers in defined keys
Browse files Browse the repository at this point in the history
  • Loading branch information
ashfame committed Oct 26, 2023
1 parent bb456e7 commit 5db62fe
Showing 1 changed file with 16 additions and 12 deletions.
28 changes: 16 additions & 12 deletions src/SiteStatusTests.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,17 @@ public function register_site_status_tests( $tests ): array {
}

public function site_status_test_public_key(): array {
if ( ! defined( 'OIDC_PUBLIC_KEY' ) ) {
$key_not_defined = ! defined( 'OIDC_PUBLIC_KEY' );
$key_has_valid_pem_headers = (bool) preg_match(
'/^-----BEGIN\s.*PUBLIC KEY-----.*-----END\s.*PUBLIC KEY-----$/s',
OIDC_PUBLIC_KEY
);

if ( $key_not_defined ) {
$label = __( 'The public key constant OIDC_PUBLIC_KEY is not defined.', 'openid-connect-server' );
$status = 'critical';
$badge = 'red';
} elseif (
0 === strpos( OIDC_PUBLIC_KEY, '-----BEGIN PUBLIC KEY-----' )
&& '-----END PUBLIC KEY-----' === substr( OIDC_PUBLIC_KEY, - strlen( '-----END PUBLIC KEY-----' ) )
&& strlen( OIDC_PUBLIC_KEY ) > 50
) {
} elseif ( $key_has_valid_pem_headers ) {
$label = __( 'The public key is defined and in the right format', 'openid-connect-server' );
$status = 'good';
$badge = 'green';
Expand Down Expand Up @@ -69,15 +71,17 @@ public function site_status_test_public_key(): array {
}

public function site_status_test_private_key(): array {
if ( ! defined( 'OIDC_PRIVATE_KEY' ) ) {
$key_not_defined = ! defined( 'OIDC_PRIVATE_KEY' );
$key_has_valid_pem_headers = (bool) preg_match(
'/^-----BEGIN\s.*PRIVATE KEY-----.*-----END\s.*PRIVATE KEY-----$/s',
OIDC_PRIVATE_KEY
);

if ( $key_not_defined ) {
$label = __( 'The private key constant OIDC_PRIVATE_KEY is not defined.', 'openid-connect-server' );
$status = 'critical';
$badge = 'red';
} elseif (
0 === strpos( OIDC_PRIVATE_KEY, '-----BEGIN RSA PRIVATE KEY-----' )
&& '-----END RSA PRIVATE KEY-----' === substr( OIDC_PRIVATE_KEY, - strlen( '-----END RSA PRIVATE KEY-----' ) )
&& strlen( OIDC_PRIVATE_KEY ) > 70
) {
} elseif ( $key_has_valid_pem_headers ) {
$label = __( 'The private key is defined and in the right format', 'openid-connect-server' );
$status = 'good';
$badge = 'green';
Expand Down

0 comments on commit 5db62fe

Please sign in to comment.