✨ Add script to generate expired cert for testing

2026-03-28 15:00:06 +01:00 · 2025-10-30 14:57:03 +01:00
parent 96e911b151
commit 49577f2f5e
6 changed files with 92 additions and 8 deletions
--- a/phpmon/Domain/Integrations/Valet/Domains/ValetListable.swift
+++ b/phpmon/Domain/Integrations/Valet/Domains/ValetListable.swift
@@ -12,6 +12,8 @@ protocol ValetListable {

    func getListableName() -> String

+    func getListableTLD() -> String
+
    func getListableSecured() -> Bool

    func getListableCertificateExpiryDate() -> Date?
--- a/phpmon/Domain/Integrations/Valet/Proxies/ValetProxy.swift
+++ b/phpmon/Domain/Integrations/Valet/Proxies/ValetProxy.swift
@@ -56,6 +56,10 @@ class ValetProxy: ValetListable {
        return self.domain
    }

+    func getListableTLD() -> String {
+        return self.tld
+    }
+
    func getListableSecured() -> Bool {
        return self.secured
    }
@@ -96,10 +100,8 @@ class ValetProxy: ValetListable {
        let (exists, expiryDate) = CertificateValidator(container)
            .validateCertificate(at: certificatePath)

-        if exists, let expiryDate {
-            Log.info("Certificate for \(self.domain).\(self.tld) expires at: \(expiryDate).")
-        } else {
-            Log.info("No certificate for \(self.domain).\(self.tld).")
+        if exists, let expiryDate, expiryDate < Date() {
+            Log.warn("Certificate for \(self.domain).\(self.tld) expired at: \(expiryDate). It should be renewed.")
        }

        // Persist the information for the list
--- a/phpmon/Domain/Integrations/Valet/Sites/ValetSite.swift
+++ b/phpmon/Domain/Integrations/Valet/Sites/ValetSite.swift
@@ -141,10 +141,8 @@ class ValetSite: ValetListable {
        let (exists, expiryDate) = CertificateValidator(container)
            .validateCertificate(at: certificatePath)

-        if exists, let expiryDate {
-            Log.info("Certificate for \(self.name).\(self.tld) expires at: \(expiryDate).")
-        } else {
-            Log.info("No certificate for \(self.name).\(self.tld).")
+        if exists, let expiryDate, expiryDate < Date() {
+            Log.warn("Certificate for \(self.name).\(self.tld) expired at: \(expiryDate). It should be renewed.")
        }

        // Persist the information for the list
@@ -319,6 +317,10 @@ class ValetSite: ValetListable {
        return self.name
    }

+    func getListableTLD() -> String {
+        return self.tld
+    }
+
    func getListableSecured() -> Bool {
        return self.secured
    }
--- a/phpmon/en.lproj/Localizable.strings
+++ b/phpmon/en.lproj/Localizable.strings
@@ -919,3 +919,8 @@ If you want to make edits to this file, please do so before upgrading. When you
 "cert_popover.secure_domain_traffic" = "Because this domain has been secured with a certificate, traffic to this domain is served by nginx over HTTPS.";
 "cert_popover.secure_domain_expired" = "The certificate expired on %@. You must renew it to continue using HTTPS without errors.";
 "cert_popover.secure_domain_expiring_later" = "The certificate is valid. It will expire on %@. At that point it will need to be renewed, but you will be notified.";
+
+"cert_alert.title" = "One or more certificates for have expired, and must be renewed.";
+"cert_alert.description" = "Certificates signed with the CA from Laravel Valet are usually valid for only one year. Do you want PHP Monitor to unsecure and re-secure any expired domains? The following certificates are affected:";
+"cert_alert.renew" = "Renew Certificate(s)";
+"cert_alert.cancel" = "Cancel";
--- a/scripts/generate-expired-valet-cert.sh
+++ b/scripts/generate-expired-valet-cert.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Configuration
+DOMAIN="${1:-test.test}"
+VALET_CA_DIR="$HOME/.config/valet/CA"
+VALET_CERT_DIR="$HOME/.config/valet/Certificates"
+
+# Check if Valet CA exists
+if [ ! -f "$VALET_CA_DIR/LaravelValetCASelfSigned.pem" ]; then
+    echo "Error: Valet CA not found at $VALET_CA_DIR"
+    echo "Make sure Laravel Valet is installed and secured."
+    exit 1
+fi
+
+echo "Generating expired certificate for: $DOMAIN"
+
+# Generate private key for the domain
+openssl genrsa -out "$VALET_CERT_DIR/$DOMAIN.key" 2048
+
+# Create certificate signing request (CSR)
+openssl req -new -key "$VALET_CERT_DIR/$DOMAIN.key" \
+    -out "/tmp/$DOMAIN.csr" \
+    -subj "/C=US/ST=Test/L=Test/O=Laravel Valet/CN=$DOMAIN"
+
+# Create extension file for SAN (Subject Alternative Name)
+cat > "/tmp/$DOMAIN.ext" << EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = $DOMAIN
+DNS.2 = *.$DOMAIN
+EOF
+
+# Use faketime to generate certificate with past dates
+# Certificate valid from Jan 1, 2023 to Jan 2, 2023 (expired)
+faketime '2023-01-01' openssl x509 -req \
+    -in "/tmp/$DOMAIN.csr" \
+    -CA "$VALET_CA_DIR/LaravelValetCASelfSigned.pem" \
+    -CAkey "$VALET_CA_DIR/LaravelValetCASelfSigned.key" \
+    -CAcreateserial \
+    -out "$VALET_CERT_DIR/$DOMAIN.crt" \
+    -days 1 \
+    -sha256 \
+    -extfile "/tmp/$DOMAIN.ext"
+
+# Cleanup
+rm "/tmp/$DOMAIN.csr" "/tmp/$DOMAIN.ext"
+
+echo "✓ Expired certificate generated:"
+echo "  Certificate: $VALET_CERT_DIR/$DOMAIN.crt"
+echo "  Key: $VALET_CERT_DIR/$DOMAIN.key"
+echo ""
+echo "Certificate details:"
+openssl x509 -in "$VALET_CERT_DIR/$DOMAIN.crt" -noout -dates
+
+echo ""
+echo "Reloading the domains list should now indicate $DOMAIN is expired."
--- a/scripts/scripts.md
+++ b/scripts/scripts.md
@@ -0,0 +1,13 @@
+# Scripts
+
+## Prerequisites
+
+```
+brew install libfaketime
+```
+
+## Generate expired cert for your domain (e.g., myapp.test)
+
+```
+./generate-expired-valet-cert.sh domain.test
+```