Add 'expireIn=' option and use in the openssl command

cli/Valet/Site.php

@@ -464,9 +464,10 @@ public function secured()
      *
      * @param  string  $url
      * @param  string  $siteConf  pregenerated Nginx config file contents
+     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
      * @return void
      */
-    public function secure($url, $siteConf = null)
+    public function secure($url, $siteConf = null, $caExpireInDays = 368)
     {
         $this->unsecure($url);
 
@@ -476,9 +477,8 @@ public function secure($url, $siteConf = null)
 
         $this->files->ensureDirExists($this->nginxPath(), user());
 
-        $this->createCa();
-
-        $this->createCertificate($url);
+        $this->createCa($caExpireInDays);
+        $this->createCertificate($url, $caExpireInDays);
 
         $this->files->putAsUser(
             $this->nginxPath($url), $this->buildSecureNginxServer($url, $siteConf)
@@ -488,9 +488,10 @@ public function secure($url, $siteConf = null)
     /**
      * If CA and root certificates are nonexistent, create them and trust the root cert.
      *
+     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
      * @return void
      */
-    public function createCa()
+    public function createCa($caExpireInDays)
     {
         $caPemPath = $this->caPath('LaravelValetCASelfSigned.pem');
         $caKeyPath = $this->caPath('LaravelValetCASelfSigned.key');
@@ -515,8 +516,8 @@ public function createCa()
         ));
 
         $this->cli->runAsUser(sprintf(
-            'openssl req -new -newkey rsa:2048 -days 730 -nodes -x509 -subj "/C=/ST=/O=%s/localityName=/commonName=%s/organizationalUnitName=Developers/emailAddress=%s/" -keyout "%s" -out "%s"',
-            $oName, $cName, 'rootcertificate@laravel.valet', $caKeyPath, $caPemPath
+            'openssl req -new -newkey rsa:2048 -days %s -nodes -x509 -subj "/C=/ST=/O=%s/localityName=/commonName=%s/organizationalUnitName=Developers/emailAddress=%s/" -keyout "%s" -out "%s"',
+            $caExpireInDays, $oName, $cName, 'rootcertificate@laravel.valet', $caKeyPath, $caPemPath
         ));
         $this->trustCa($caPemPath);
     }
@@ -525,9 +526,10 @@ public function createCa()
      * Create and trust a certificate for the given URL.
      *
      * @param  string  $url
+     * @param  int  $caExpireInDays  The mount of days the self signed certificate is valid.
      * @return void
      */
-    public function createCertificate($url)
+    public function createCertificate($url, $caExpireInDays)
     {
         $caPemPath = $this->caPath('LaravelValetCASelfSigned.pem');
         $caKeyPath = $this->caPath('LaravelValetCASelfSigned.key');
@@ -547,15 +549,15 @@ public function createCertificate($url)
         }
 
         $result = $this->cli->runAsUser(sprintf(
-            'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
-            $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
+            'openssl x509 -req -sha256 -days %s -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
+            $caExpireInDays, $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
         ));
 
         // If cert could not be created using runAsUser(), use run().
         if (strpos($result, 'Permission denied')) {
             $this->cli->run(sprintf(
-                'openssl x509 -req -sha256 -days 730 -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
-                $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
+                'openssl x509 -req -sha256 -days %s -CA "%s" -CAkey "%s" %s -in "%s" -out "%s" -extensions v3_req -extfile "%s"',
+                $caExpireInDays, $caPemPath, $caKeyPath, $caSrlParam, $csrPath, $crtPath, $confPath
             ));
         }
 

cli/valet.php

@@ -179,15 +179,17 @@
     /**
      * Secure the given domain with a trusted TLS certificate.
      */
-    $app->command('secure [domain]', function ($domain = null) {
+    $app->command('secure [domain] [--expireIn=]', function ($domain = null, $expireIn = null) {
         $url = ($domain ?: Site::host(getcwd())).'.'.Configuration::read()['tld'];
 
-        Site::secure($url);
+        Site::secure($url, null, $expireIn);
 
         Nginx::restart();
 
         info('The ['.$url.'] site has been secured with a fresh TLS certificate.');
-    })->descriptions('Secure the given domain with a trusted TLS certificate');
+    })->descriptions('Secure the given domain with a trusted TLS certificate', [
+        '--expireIn' => 'The amount of days the self signed certificate is valid for. Default is set to "368"',
+    ]);
 
     /**
      * Stop serving the given domain over HTTPS and remove the trusted TLS certificate.

tests/SiteTest.php

@@ -574,7 +574,7 @@ public function useOutput()
         $this->valetHomePath = __DIR__.'/output';
     }
 
-    public function createCa()
+    public function createCa($caExpireInDays)
     {
         // noop
         //
@@ -583,7 +583,7 @@ public function createCa()
         // CA for our faked Site.
     }
 
-    public function createCertificate($urlWithTld)
+    public function createCertificate($urlWithTld, $caExpireInDays)
     {
         // We're not actually going to generate a real certificate
         // here. We are going to do something basic to include
@@ -607,7 +607,7 @@ public function fakeSecure($urlWithTld)
         // forcing a fake creation of a URL (including .tld) and passes
         // through to createCertificate() directly.
         $this->files->ensureDirExists($this->certificatesPath(), user());
-        $this->createCertificate($urlWithTld);
+        $this->createCertificate($urlWithTld, 368);
     }
 
     public function assertNginxExists($urlWithTld)