Strip everything but hostnames from cname validations

punkstar · Oct 17, 2017 · 38971ef · 38971ef
1 parent 4aea99f
commit 38971ef
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/src/Punkstar/Ssl/Validator/CommonNameValidator.php b/src/Punkstar/Ssl/Validator/CommonNameValidator.php
@@ -18,7 +18,13 @@ public function __construct(Certificate $certificate)
 
     public function isValid($domain) : bool
     {
-        foreach ($this->getNameVariations($domain) as $nameVariation) {
+        $hostname = parse_url($domain, PHP_URL_HOST);
+
+        if (!$hostname) {
+            $hostname = $domain;
+        }
+
+        foreach ($this->getNameVariations($hostname) as $nameVariation) {
             if (in_array($nameVariation, $this->getAllowedNames(), true)) {
                 return true;
             }

diff --git a/tests/Punkstar/SslTest/Validator/CommonNameValidatorTest.php b/tests/Punkstar/SslTest/Validator/CommonNameValidatorTest.php
@@ -33,6 +33,19 @@ public function testWildcards()
         $this->assertFalse($validator->isValid('www.secure.google.com'));
     }
 
+    /**
+     * @test
+     */
+    public function testWithPorts()
+    {
+        $validator = new CommonNameValidator($this->loadExampleCertificate('wildcard-google-com.crt'));
+
+        $this->assertTrue($validator->isValid('www.google.com:443'));
+        $this->assertTrue($validator->isValid('google.com:443'));
+        $this->assertTrue($validator->isValid('secure.google.com:443'));
+        $this->assertFalse($validator->isValid('www.secure.google.com:443'));
+    }
+
     /**
      * @return Certificate
      */