Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

adding Context to CakeSocket #334

Closed
wants to merge 5 commits into from

3 participants

@pocketcrocodile

#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.

@pocketcrocodile pocketcrocodile #2270 adding Context to CakeSocket
#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.
954ac7f
@pocketcrocodile

#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.

@lorenzo
Owner

I'm not sure what is this trying to fix. using the CakeSocket class with the ssl:// protocol already works. can you explain this a little bit more?

@pocketcrocodile

of course cake socket works with ssl, but it does not give the context back (esp. the ssl cert for checking if we are communicating with the right server). the change is, we now get the certificate back and deliver it in the resonse object to the application.

@markstory
Owner

Shouldn't you be checking for the openssl_x509_export function before trying to use it? Not all installations have openssl installed.

@pocketcrocodile

good point. i'll check this.

@pocketcrocodile

i am getting crazy, but github did not let me update my request.

@markstory
Owner

You should be able to push to the original branch you pushed to. Github will automatically update the pull request.

pocketcrocodile added some commits
@pocketcrocodile pocketcrocodile undo last Change 68b3365
@pocketcrocodile pocketcrocodile check openssl
check if openssl is installed by if php know openssl functions.
1516f9a
@pocketcrocodile

don't know why the change did not appear here, but now it does (and also my earlier changes).

@markstory markstory commented on the diff
lib/Cake/Network/Http/HttpSocket.php
((15 lines not shown))
+ if ($context !== null && is_array($context) &&!empty($context)){
+ $this->config['request']['context'] = set::merge($this->config['request']['context'], $context);
+ }
+ }
+
+/**
+ * checking Fingerprint and setting Fingerprint to contextarray.
+ *
+ * @param string fingerprint fingerprint the certificate should have
+ * return bool
+ * @access protected
+ */
+
+
+ public function checkFingerprint($fingerprint){
+ if (!isset($this->request['context']['ssl']['peer_certificate']))
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@markstory markstory commented on the diff
lib/Cake/Network/Http/HttpSocket.php
@@ -373,6 +383,10 @@ public function request($request = array()) {
}
$responseClass = $this->responseClass;
$this->response = new $responseClass($response);
+
+ if (!empty($context) && isset($context['ssl']['peer_certificate']))
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@markstory markstory commented on the diff
lib/Cake/Network/Http/HttpResponse.php
@@ -419,6 +426,21 @@ public function offsetGet($offset) {
return null;
}
+ public function setContext($context){
+ if (get_resource_type($context) === "OpenSSL X.509" && function_exists(openssl_x509_export)){
+ if (!isset($context))
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@markstory markstory was assigned
@markstory
Owner

Closing in favor of #947

@markstory markstory closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 24, 2011
  1. @pocketcrocodile

    #2270 adding Context to CakeSocket

    pocketcrocodile authored
    #2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
    from fsockopen to stream_socket_client allows giving the connection an
    context. the default behavior is: if the connection is secure we get
    the certificate, parse it and deliver it with the http-response object.
Commits on Nov 25, 2011
  1. @pocketcrocodile
Commits on Nov 28, 2011
  1. @pocketcrocodile

    undo last Change

    pocketcrocodile authored
  2. @pocketcrocodile

    check openssl

    pocketcrocodile authored
    check if openssl is installed by if php know openssl functions.
Commits on Feb 25, 2012
  1. @pocketcrocodile

    added missing branches

    pocketcrocodile authored
    added missing branches
This page is out of date. Refresh to see the latest.
View
21 lib/Cake/Network/CakeSocket.php
@@ -104,12 +104,17 @@ public function connect() {
$scheme = 'ssl://';
}
- if ($this->config['persistent'] == true) {
- $this->connection = @pfsockopen($scheme.$this->config['host'], $this->config['port'], $errNum, $errStr, $this->config['timeout']);
+ if (!empty($this->config['request']['context'])){
+ $mycontext = stream_context_create($this->config['request']['context']);
} else {
- $this->connection = @fsockopen($scheme.$this->config['host'], $this->config['port'], $errNum, $errStr, $this->config['timeout']);
+ $mycontext = stream_context_create();
}
+ if ($this->config['persistent'] == true) {
+ $this->connection = @stream_socket_client($scheme.$this->config['host'].':'. $this->config['port'], &$errNum, &$errStr, $this->config['timeout'], STREAM_CLIENT_PERSISTENT, $mycontext);
+ } else {
+ $this->connection = @stream_socket_client($scheme.$this->config['host'].':'. $this->config['port'], &$errNum, &$errStr, $this->config['timeout'], STREAM_CLIENT_CONNECT, $mycontext);
+ }
if (!empty($errNum) || !empty($errStr)) {
$this->setLastError($errNum, $errStr);
throw new SocketException($errStr, $errNum);
@@ -228,6 +233,16 @@ public function read($length = 1024) {
}
return false;
}
+/**
+ * get Connection Context.
+ *
+ * @return context Array
+ */
+ public function getContext(){
+ return stream_context_get_options($this->connection);
+ }
+
+
/**
* Disconnect the socket from the current connection.
View
23 lib/Cake/Network/Http/HttpResponse.php
@@ -53,6 +53,13 @@ class HttpResponse implements ArrayAccess {
public $httpVersion = 'HTTP/1.1';
/**
+ * context
+ *
+ * @var array
+ */
+ public $context = array();
+
+/**
* Response code
*
* @var integer
@@ -419,6 +426,22 @@ public function offsetGet($offset) {
return null;
}
+ public function setContext($context){
+ if (get_resource_type($context) === "OpenSSL X.509" && function_exists(openssl_x509_export)){
+ if (!isset($context)){
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ return false;
+ }
+ openssl_x509_export($context, &$certstring);
+ $certstring = str_replace('-----BEGIN CERTIFICATE-----', '', $certstring);
+ $certstring = str_replace('-----END CERTIFICATE-----', '', $certstring);
+ $this->context = openssl_x509_parse($context);
+ $this->context['fingerprint']['sha1'] = strtoupper(sha1($certstring));
+ $this->context['fingerprint']['md5'] = strtoupper(md5($certstring));
+ } else {
+ return false;
+ }
+ }
+
/**
* ArrayAccess - 0ffset Set
*
View
58 lib/Cake/Network/Http/HttpSocket.php
@@ -64,7 +64,8 @@ class HttpSocket extends CakeSocket {
),
'raw' => null,
'redirect' => false,
- 'cookies' => array()
+ 'cookies' => array(),
+ 'context' => array()
);
/**
@@ -99,7 +100,8 @@ class HttpSocket extends CakeSocket {
'port' => 80
),
'redirect' => false,
- 'cookies' => array()
+ 'cookies' => array(),
+ 'context' => array()
)
);
@@ -325,6 +327,8 @@ public function request($request = array()) {
return false;
}
+ $this->_configContext($this->request['context']);
+
$this->request['raw'] = '';
if ($this->request['line'] !== false) {
$this->request['raw'] = $this->request['line'];
@@ -362,10 +366,16 @@ public function request($request = array()) {
}
}
+ if (isset($this->request['context'])){
+ $context = $this->getContext();
+ }
+
+
if ($connectionType === 'close') {
$this->disconnect();
}
+
list($plugin, $responseClass) = pluginSplit($this->responseClass, true);
App::uses($this->responseClass, $plugin . 'Network/Http');
if (!class_exists($responseClass)) {
@@ -373,6 +383,10 @@ public function request($request = array()) {
}
$responseClass = $this->responseClass;
$this->response = new $responseClass($response);
+
+ if (!empty($context) && isset($context['ssl']['peer_certificate'])){
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ $this->response->setContext($context['ssl']['peer_certificate']);
+ }
if (!empty($this->response->cookies)) {
if (!isset($this->config['request']['cookies'][$Host])) {
$this->config['request']['cookies'][$Host] = array();
@@ -719,6 +733,46 @@ protected function _parseUri($uri = null, $base = array()) {
}
/**
+ * Sets context-parameter
+ *
+ * @param array $context Context, See http://www.php.net/manual/de/context.php
+ * @access protected
+ */
+ private function _configContext($context = null){
+ if ($this->config['request']['uri']['scheme'] == 'https'){
+ $this->config['request']['context']['ssl'] = array(
+ 'capture_peer_cert' => true,
+ );
+ }
+ if ($context !== null && is_array($context) &&!empty($context)){
+ $this->config['request']['context'] = set::merge($this->config['request']['context'], $context);
+ }
+ }
+
+/**
+ * checking Fingerprint and setting Fingerprint to contextarray.
+ *
+ * @param string fingerprint fingerprint the certificate should have
+ * return bool
+ * @access protected
+ */
+
+
+ public function checkFingerprint($fingerprint){
+ if (!isset($this->request['context']['ssl']['peer_certificate'])){
@markstory Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ return false;
+ }
+ openssl_x509_export($this->request['context']['ssl']['peer_certificate'], &$certstring);
+ $certstring = str_replace('-----BEGIN CERTIFICATE-----', '', $certstring);
+ $certstring = str_replace('-----END CERTIFICATE-----', '', $certstring);
+ $certstring = base64_decode($certstring);
+ $this->request['context']['ssl']['fingerprint']['sha1'] = strtoupper(sha1($certstring));
+ return trim($fingerprint) == $request['context']['ssl']['fingerprint']['sha1'];
+ }
+
+
+
+/**
* This function can be thought of as a reverse to PHP5's http_build_query(). It takes a given query string and turns it into an array and
* supports nesting by using the php bracket syntax. So this menas you can parse queries like:
*
Something went wrong with that request. Please try again.