From f5d43a8867c3c5759b6a160055c62c672f430c27 Mon Sep 17 00:00:00 2001 From: Maksim Kotlyar Date: Thu, 2 Nov 2017 13:54:56 +0200 Subject: [PATCH 1/3] [amqp-lib] Ignore empty ssl options. --- pkg/amqp-lib/AmqpConnectionFactory.php | 16 +++++++++------- pkg/amqp-tools/ConnectionConfig.php | 8 ++++---- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/pkg/amqp-lib/AmqpConnectionFactory.php b/pkg/amqp-lib/AmqpConnectionFactory.php index de9de0318..7b85c6c73 100644 --- a/pkg/amqp-lib/AmqpConnectionFactory.php +++ b/pkg/amqp-lib/AmqpConnectionFactory.php @@ -87,19 +87,21 @@ private function establishConnection() if (false == $this->connection) { if ($this->config->getOption('stream')) { if ($this->config->isSslOn()) { + $sslOptions = array_filter([ + 'cafile' => $this->config->getSslCaCert(), + 'local_cert' => $this->config->getSslCert(), + 'local_pk' => $this->config->getSslKey(), + 'verify_peer' => $this->config->isSslVerify(), + 'verify_peer_name' => $this->config->isSslVerify(), + ], function ($value) { return '' !== $value; }); + $con = new AMQPSSLConnection( $this->config->getHost(), $this->config->getPort(), $this->config->getUser(), $this->config->getPass(), $this->config->getVHost(), - [ - 'cafile' => $this->config->getSslCaCert(), - 'local_cert' => $this->config->getSslCert(), - 'local_pk' => $this->config->getSslKey(), - 'verify_peer' => $this->config->isSslVerify(), - 'verify_peer_name' => $this->config->isSslVerify(), - ], + $sslOptions, [ 'insist' => $this->config->getOption('insist'), 'login_method' => $this->config->getOption('login_method'), diff --git a/pkg/amqp-tools/ConnectionConfig.php b/pkg/amqp-tools/ConnectionConfig.php index 7fb834011..f2b1f42af 100644 --- a/pkg/amqp-tools/ConnectionConfig.php +++ b/pkg/amqp-tools/ConnectionConfig.php @@ -293,7 +293,7 @@ public function isSslVerify() } /** - * @return bool + * @return string */ public function getSslCaCert() { @@ -301,7 +301,7 @@ public function getSslCaCert() } /** - * @return bool + * @return string */ public function getSslCert() { @@ -309,7 +309,7 @@ public function getSslCert() } /** - * @return bool + * @return string */ public function getSslKey() { @@ -320,7 +320,7 @@ public function getSslKey() * @param string $name * @param mixed $default * - * @return bool + * @return mixed */ public function getOption($name, $default = null) { From 46c482e5dd1f09f842d9808a4fe8fb83bded3d29 Mon Sep 17 00:00:00 2001 From: Maksim Kotlyar Date: Thu, 2 Nov 2017 14:04:11 +0200 Subject: [PATCH 2/3] [amqp-tool] Add ssl_passpharse option --- pkg/amqp-tools/ConnectionConfig.php | 17 ++- pkg/amqp-tools/Tests/ConnectionConfigTest.php | 112 ++++++++++-------- 2 files changed, 78 insertions(+), 51 deletions(-) diff --git a/pkg/amqp-tools/ConnectionConfig.php b/pkg/amqp-tools/ConnectionConfig.php index 7fb834011..d2c7a3dbd 100644 --- a/pkg/amqp-tools/ConnectionConfig.php +++ b/pkg/amqp-tools/ConnectionConfig.php @@ -25,6 +25,7 @@ * ssl_cacert - Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer. A string. * ssl_cert - Path to local certificate file on filesystem. It must be a PEM encoded file which contains your certificate and private key. A string * ssl_key - Path to local private key file on filesystem in case of separate files for certificate (local_cert) and private key. A string. + * ssl_passphrase - Passphrase with which your local_cert file was encoded. A string * * 2. null - in this case it tries to connect to localhost with default settings * 3. amqp: same as 2. @@ -81,9 +82,10 @@ public function __construct($config = null) 'qos_prefetch_count' => 1, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ]; $this->addSupportedScheme('amqp'); @@ -158,6 +160,7 @@ public function parse() $config['ssl_cacert'] = (string) $config['ssl_cacert']; $config['ssl_cert'] = (string) $config['ssl_cert']; $config['ssl_key'] = (string) $config['ssl_key']; + $config['ssl_passphrase'] = (string) $config['ssl_passphrase']; $this->config = $config; @@ -316,6 +319,14 @@ public function getSslKey() return $this->getOption('ssl_key'); } + /** + * @return string + */ + public function getSslPassPhrase() + { + return $this->getOption('ssl_passphrase'); + } + /** * @param string $name * @param mixed $default diff --git a/pkg/amqp-tools/Tests/ConnectionConfigTest.php b/pkg/amqp-tools/Tests/ConnectionConfigTest.php index 92b8a4ad4..6fba106ed 100644 --- a/pkg/amqp-tools/Tests/ConnectionConfigTest.php +++ b/pkg/amqp-tools/Tests/ConnectionConfigTest.php @@ -72,9 +72,10 @@ public function testShouldParseEmptyDsnWithDriverSet() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], $config->getConfig()); } @@ -102,9 +103,10 @@ public function testShouldParseCustomDsnWithDriverSet() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], $config->getConfig()); } @@ -143,9 +145,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -168,9 +171,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -193,9 +197,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -218,9 +223,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => true, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -243,9 +249,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -268,9 +275,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -293,9 +301,10 @@ public static function provideConfigs() 'heartbeat' => 23.3, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -318,9 +327,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -343,9 +353,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -368,9 +379,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -393,9 +405,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -418,9 +431,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -449,9 +463,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => false, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; @@ -477,9 +492,10 @@ public static function provideConfigs() 'heartbeat' => 0.0, 'ssl_on' => true, 'ssl_verify' => true, - 'ssl_cacert' => null, - 'ssl_cert' => null, - 'ssl_key' => null, + 'ssl_cacert' => '', + 'ssl_cert' => '', + 'ssl_key' => '', + 'ssl_passphrase' => '', ], ]; } From b0452ae0214f8f02682e04afa0ea447e26297b9e Mon Sep 17 00:00:00 2001 From: Maksim Kotlyar Date: Thu, 2 Nov 2017 14:11:08 +0200 Subject: [PATCH 3/3] [amqp-lib] Use ssl pass pharse option. --- pkg/amqp-lib/AmqpConnectionFactory.php | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/amqp-lib/AmqpConnectionFactory.php b/pkg/amqp-lib/AmqpConnectionFactory.php index 7b85c6c73..f79295352 100644 --- a/pkg/amqp-lib/AmqpConnectionFactory.php +++ b/pkg/amqp-lib/AmqpConnectionFactory.php @@ -93,6 +93,7 @@ private function establishConnection() 'local_pk' => $this->config->getSslKey(), 'verify_peer' => $this->config->isSslVerify(), 'verify_peer_name' => $this->config->isSslVerify(), + 'passphrase' => $this->getConfig()->getSslPassPhrase(), ], function ($value) { return '' !== $value; }); $con = new AMQPSSLConnection(