michaelschiemer/src/Framework/Health/Checks/SslHealthCheck.php

<?php

declare(strict_types=1);

namespace App\Framework\Health\Checks;

use App\Framework\Core\ValueObjects\Duration;
use App\Framework\Deployment\Ssl\SslCertificateManager;
use App\Framework\Health\HealthCheckCategory;
use App\Framework\Health\HealthCheckInterface;
use App\Framework\Health\HealthCheckResult;

final readonly class SslHealthCheck implements HealthCheckInterface
{
    public function __construct(
        private SslCertificateManager $sslManager
    ) {
    }

    public function check(): HealthCheckResult
    {
        $startTime = microtime(true);

        try {
            $status = $this->sslManager->getCertificateStatus();
            $responseTime = Duration::fromSeconds(microtime(true) - $startTime);

            $data = [
                'valid' => $status->isValid(),
                'days_until_expiry' => $status->getDaysUntilExpiry(),
                'issuer' => $status->getIssuer(),
                'subject' => $status->getSubject(),
                'response_time_ms' => $responseTime->toMilliseconds(),
            ];

            // Certificate expired or expiring soon
            if (!$status->isValid()) {
                return HealthCheckResult::unhealthy(
                    'SSL Certificate',
                    'Certificate is invalid or expired',
                    $data,
                    $responseTime->toMilliseconds()
                );
            }

            // Warning if expiring within 7 days
            if ($status->getDaysUntilExpiry() <= 7) {
                return HealthCheckResult::warning(
                    'SSL Certificate',
                    "Certificate expiring in {$status->getDaysUntilExpiry()} days",
                    $data,
                    $responseTime->toMilliseconds()
                );
            }

            // Warning if expiring within 30 days
            if ($status->getDaysUntilExpiry() <= 30) {
                return HealthCheckResult::warning(
                    'SSL Certificate',
                    "Certificate expiring in {$status->getDaysUntilExpiry()} days (renewal recommended)",
                    $data,
                    $responseTime->toMilliseconds()
                );
            }

            return HealthCheckResult::healthy(
                'SSL Certificate',
                $data,
                $responseTime->toMilliseconds()
            );

        } catch (\Throwable $e) {
            $responseTime = Duration::fromSeconds(microtime(true) - $startTime);

            return HealthCheckResult::unhealthy(
                'SSL Certificate',
                'SSL check failed: ' . $e->getMessage(),
                [
                    'error_type' => get_class($e),
                ],
                $responseTime->toMilliseconds(),
                $e
            );
        }
    }

    public function getName(): string
    {
        return 'SSL Certificate';
    }

    public function getCategory(): HealthCheckCategory
    {
        return HealthCheckCategory::SECURITY;
    }

    public function getTimeout(): int
    {
        return 5000; // 5 seconds
    }
}