Merge pull request #1498 from adrum/feature/renew-ca

Add the ability to renew the Certificate Authority certificate

Author: mattstauffer

cli/Valet/Site.php

@@ -437,9 +437,9 @@ public function secured(): array
     /**
      * Get all of the URLs with expiration dates that are currently secured.
      */
-    public function securedWithDates(): array
+    public function securedWithDates($ca = false): array
     {
-        return collect($this->secured())->map(function ($site) {
+        $sites = collect($this->secured())->map(function ($site) {
             $filePath = $this->certificatesPath().'/'.$site.'.crt';
 
             $expiration = $this->cli->run("openssl x509 -enddate -noout -in $filePath");
@@ -450,7 +450,22 @@ public function securedWithDates(): array
                 'site' => $site,
                 'exp' => new DateTime($expiration),
             ];
-        })->unique()->values()->all();
+        })->unique()->values();
+
+        if ($ca) {
+            $filePath = $this->caPath('LaravelValetCASelfSigned.pem');
+
+            $expiration = $this->cli->run("openssl x509 -enddate -noout -in $filePath");
+
+            $expiration = str_replace('notAfter=', '', $expiration);
+
+            $sites->prepend([
+                'site' => 'Certificate Authority',
+                'exp' => new DateTime($expiration),
+            ]);
+        }
+
+        return $sites->all();
     }
 
     public function isSecured(string $site): bool
@@ -502,8 +517,11 @@ public function secure(string $url, ?string $siteConf = null, int $certificateEx
     /**
      * Renews all domains with a trusted TLS certificate.
      */
-    public function renew($expireIn = 368): void
+    public function renew($expireIn = 368, $ca = false): void
     {
+        if ($ca) {
+            $this->removeCa();
+        }
         collect($this->securedWithDates())->each(function ($row) use ($expireIn) {
             $url = $this->domain($row['site']);
 

cli/app.php

@@ -285,9 +285,9 @@ function (ConsoleCommandEvent $event) {
     /**
      * Display all of the currently secured sites.
      */
-    $app->command('secured [--expiring] [--days=]', function (OutputInterface $output, $expiring = null, $days = 60) {
+    $app->command('secured [--expiring] [--days=] [--ca]', function (OutputInterface $output, $expiring = null, $days = 60, $ca = null) {
         $now = (new Datetime)->add(new DateInterval('P'.$days.'D'));
-        $sites = collect(Site::securedWithDates())
+        $sites = collect(Site::securedWithDates($ca))
             ->when($expiring, fn ($collection) => $collection->filter(fn ($row) => $row['exp'] < $now))
             ->map(function ($row) {
                 return [
@@ -301,16 +301,18 @@ function (ConsoleCommandEvent $event) {
     })->descriptions('Display all of the currently secured sites', [
         '--expiring' => 'Limits the results to only sites expiring within the next 60 days.',
         '--days' => 'To be used with --expiring. Limits the results to only sites expiring within the next X days. Default is set to 60.',
+        '--ca' => 'Include the Certificate Authority certificate in the list of site certificates.',
     ]);
 
     /**
      * Renews all domains with a trusted TLS certificate.
      */
-    $app->command('renew [--expireIn=]', function (OutputInterface $output, $expireIn = 368) {
-        Site::renew($expireIn);
+    $app->command('renew [--expireIn=] [--ca]', function (OutputInterface $output, $expireIn = 368, $ca = null) {
+        Site::renew($expireIn, $ca);
         Nginx::restart();
     })->descriptions('Renews all domains with a trusted TLS certificate.', [
         '--expireIn' => 'The amount of days the self signed certificate is valid for. Default is set to "368"',
+        '--ca' => 'Renew the Certificate Authority certificate before renewing the site certificates.',
     ]);
 
     /**