Source of file WrapperSSL.php

Size: 6,575 Bytes - Last Modified: 2020-10-25T23:00:04+00:00

/root/gitwork/work/tornelib-php-netcurl-6.1/src/Module/Config/WrapperSSL.php

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264
<?php
/**
 * Copyright © Tomas Tornevall / Tornevall Networks. All rights reserved.
 * See LICENSE.md for license details.
 */

namespace TorneLIB\Module\Config;

use Exception;
use TorneLIB\Exception\Constants;
use TorneLIB\Exception\ExceptionHandler;
use TorneLIB\Flags;

/**
 * Class SSL WrapperConfig for SSL related requests. Sets up stream contexts if necessary (for SOAP) and settings
 * for curl, etc.
 *
 * @package TorneLIB\Helpers
 * @since 6.1.0
 */
class WrapperSSL
{
    /**
     * @var string
     */
    private $version = '6.1.0';

    /**
     * @var bool Primary answer from this module if netcurl will be capable to handle SSL based traffic.
     */
    private $capable;

    /**
     * @var array
     */
    private $capabilities = [];

    /**
     * @var array Context of stream. As of PHP 5.6.0 the peer verifications are defaulting to true.
     */
    private $context = [
        'ssl' => [
            'verify_peer' => true,
            'verify_peer_name' => true,
            'verify_host' => true,
            'allow_self_signed' => false,
            'SNI_enabled' => true,
        ],
    ];

    /**
     * @var array
     */
    private $securityLevelChanges = [];

    /**
     * SSL constructor.
     */
    public function __construct()
    {
        try {
            $this->capable = $this->setSslCapabilities();
        } catch (Exception $e) {
            $this->capable = false;
        }

        $this->setContextUserAgent();
    }

    /**
     * Checks if system has SSL capabilities.
     *
     * Replaces getCurlSslAvailable from v6.0 where everything is checked in the same method.
     *
     * @return bool
     * @throws Exception
     * @since 6.1.0
     */
    public function getSslCapabilities()
    {
        if (!($return = $this->capable)) {
            throw new ExceptionHandler(
                'NETCURL Exception: SSL capabilities is missing.',
                Constants::LIB_SSL_UNAVAILABLE
            );
        }

        return $return;
    }

    /**
     * @return bool
     * @since 6.1.0
     */
    private function setSslCapabilities()
    {
        $return = false;

        /** @noinspection PhpUndefinedMethodInspection */
        if (Flags::_isFlag('NETCURL_NOSSL_TEST')) {
            return $return;
        }

        $sslDriverError = [];

        if (!$this->getSslStreamWrapper()) {
            $sslDriverError[] = "SSL Failure: HTTPS wrapper can not be found";
        }
        if (!$this->getCurlSsl()) {
            $sslDriverError[] = 'SSL Failure: Protocol "https" not supported or disabled in libcurl';
        }

        if (!count($sslDriverError)) {
            $return = true;
        }

        return $return;
    }

    /**
     * @return bool
     * @since 6.1.0
     */
    private function getSslStreamWrapper()
    {
        $return = false;

        $streamWrappers = @stream_get_wrappers();
        if (!is_array($streamWrappers)) {
            $streamWrappers = [];
            $this->capabilities[] = 'stream';
        }
        if (in_array('https', array_map("strtolower", $streamWrappers), false)) {
            $return = true;
            $this->capabilities[] = 'curl';
        }

        return $return;
    }

    /**
     * @return bool
     * @since 6.1.0
     * @noinspection PhpComposerExtensionStubsInspection
     */
    private function getCurlSsl()
    {
        $return = false;
        if (function_exists('curl_version') && defined('CURL_VERSION_SSL')) {
            $curlVersionRequest = curl_version();

            if (isset($curlVersionRequest['features'])) {
                $return = ((bool)($curlVersionRequest['features'] & CURL_VERSION_SSL));
            }
        }

        return $return;
    }

    /**
     * If capable throws an exception for a specific driver, but that driver should not be used anyway, get a list of
     * working drivers here.
     *
     * @return array
     * @since 6.1.0
     */
    public function getCapabilities()
    {
        return $this->capabilities;
    }

    /**
     * Simplified SSL verification ruleset. Sets peer, peer_name and verify_host to be strictly verified. To change the
     * values, see getContext() and setContext(). You don't need to run this yourself as it runs on the defaults when
     * nothing else is set.
     *
     * @param bool $verifyBooleanValue Peer verification (default=true, always verify).
     * @param bool $selfsignedBooleanValue Allow self signed vertificates (default=false, never allow this).
     * @return mixed
     * @link https://www.php.net/manual/en/context.ssl.php
     * @since 6.1.0
     */
    public function setStrictVerification($verifyBooleanValue = true, $selfsignedBooleanValue = false)
    {
        $this->context['ssl']['verify_peer'] = $verifyBooleanValue;
        $this->context['ssl']['verify_peer_name'] = $verifyBooleanValue;
        $this->context['ssl']['verify_host'] = $verifyBooleanValue;
        $this->context['ssl']['allow_self_signed'] = $selfsignedBooleanValue;

        if (!$verifyBooleanValue || $selfsignedBooleanValue) {
            $this->securityLevelChanges[microtime(true)] = $this->context;
        }

        return $this;
    }

    /**
     * @return $this
     * @since 6.1.0
     */
    private function setContextUserAgent()
    {
        $this->context['http'] = [
            'user-agent' => sprintf('NETCURL/SSL-%s', $this->version),
        ];

        return $this;
    }

    /**
     * Get prepared stream context array.
     *
     * @return array
     * @since 6.1.0
     */
    public function getSslStreamContext()
    {
        // Create the stream with full context.
        return [
            'stream_context' => stream_context_create($this->context),
        ];
    }

    /**
     * @param $key
     * @return array
     * @since 6.1.0
     */
    public function getContext($key = null)
    {
        $return = $this->context['ssl'];

        if (!empty($key) && isset($this->context['ssl'][$key])) {
            $return = $this->context['ssl'][$key];
        }

        return $return;
    }

    /**
     * Configure your own context on fly. Great to use if you need to add your own cafile, etc.
     *
     * @param $key
     * @param $value
     * @return WrapperSSL
     * @since 6.1.0
     */
    public function setContext($key, $value)
    {
        $this->context['ssl'][$key] = $value;

        return $this;
    }

    /**
     * @return array
     * @since 6.1.0
     */
    public function getSecurityLevelChanges()
    {
        return $this->securityLevelChanges;
    }
}