Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

adding Context to CakeSocket #334

Closed
wants to merge 5 commits into from

3 participants

pocketcrocodile José Lorenzo Rodríguez Mark Story
pocketcrocodile

#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.

pocketcrocodile pocketcrocodile #2270 adding Context to CakeSocket
#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.
954ac7f
pocketcrocodile

#2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
from fsockopen to stream_socket_client allows giving the connection an
context. the default behavior is: if the connection is secure we get
the certificate, parse it and deliver it with the http-response object.

José Lorenzo Rodríguez
Owner

I'm not sure what is this trying to fix. using the CakeSocket class with the ssl:// protocol already works. can you explain this a little bit more?

pocketcrocodile

of course cake socket works with ssl, but it does not give the context back (esp. the ssl cert for checking if we are communicating with the right server). the change is, we now get the certificate back and deliver it in the resonse object to the application.

Mark Story
Owner

Shouldn't you be checking for the openssl_x509_export function before trying to use it? Not all installations have openssl installed.

pocketcrocodile

good point. i'll check this.

pocketcrocodile

i am getting crazy, but github did not let me update my request.

Mark Story
Owner

You should be able to push to the original branch you pushed to. Github will automatically update the pull request.

pocketcrocodile added some commits
pocketcrocodile pocketcrocodile undo last Change 68b3365
pocketcrocodile pocketcrocodile check openssl
check if openssl is installed by if php know openssl functions.
1516f9a
pocketcrocodile

don't know why the change did not appear here, but now it does (and also my earlier changes).

Mark Story markstory commented on the diff
lib/Cake/Network/Http/HttpSocket.php
((15 lines not shown))
+ if ($context !== null && is_array($context) &&!empty($context)){
+ $this->config['request']['context'] = set::merge($this->config['request']['context'], $context);
+ }
+ }
+
+/**
+ * checking Fingerprint and setting Fingerprint to contextarray.
+ *
+ * @param string fingerprint fingerprint the certificate should have
+ * return bool
+ * @access protected
+ */
+
+
+ public function checkFingerprint($fingerprint){
+ if (!isset($this->request['context']['ssl']['peer_certificate']))
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Mark Story markstory commented on the diff
lib/Cake/Network/Http/HttpSocket.php
@@ -373,6 +383,10 @@ public function request($request = array()) {
}
$responseClass = $this->responseClass;
$this->response = new $responseClass($response);
+
+ if (!empty($context) && isset($context['ssl']['peer_certificate']))
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Mark Story markstory commented on the diff
lib/Cake/Network/Http/HttpResponse.php
@@ -419,6 +426,21 @@ public function offsetGet($offset) {
return null;
}
+ public function setContext($context){
+ if (get_resource_type($context) === "OpenSSL X.509" && function_exists(openssl_x509_export)){
+ if (!isset($context))
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Mark Story markstory was assigned
Mark Story
Owner

Closing in favor of #947

Mark Story markstory closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 24, 2011
  1. pocketcrocodile

    #2270 adding Context to CakeSocket

    pocketcrocodile authored
    #2270 adding Context to CakeSocket and HTTP Socket. Changing CakeSocket
    from fsockopen to stream_socket_client allows giving the connection an
    context. the default behavior is: if the connection is secure we get
    the certificate, parse it and deliver it with the http-response object.
Commits on Nov 25, 2011
  1. pocketcrocodile
Commits on Nov 28, 2011
  1. pocketcrocodile

    undo last Change

    pocketcrocodile authored
  2. pocketcrocodile

    check openssl

    pocketcrocodile authored
    check if openssl is installed by if php know openssl functions.
Commits on Feb 25, 2012
  1. pocketcrocodile

    added missing branches

    pocketcrocodile authored
    added missing branches
This page is out of date. Refresh to see the latest.
21 lib/Cake/Network/CakeSocket.php
View
@@ -104,12 +104,17 @@ public function connect() {
$scheme = 'ssl://';
}
- if ($this->config['persistent'] == true) {
- $this->connection = @pfsockopen($scheme.$this->config['host'], $this->config['port'], $errNum, $errStr, $this->config['timeout']);
+ if (!empty($this->config['request']['context'])){
+ $mycontext = stream_context_create($this->config['request']['context']);
} else {
- $this->connection = @fsockopen($scheme.$this->config['host'], $this->config['port'], $errNum, $errStr, $this->config['timeout']);
+ $mycontext = stream_context_create();
}
+ if ($this->config['persistent'] == true) {
+ $this->connection = @stream_socket_client($scheme.$this->config['host'].':'. $this->config['port'], &$errNum, &$errStr, $this->config['timeout'], STREAM_CLIENT_PERSISTENT, $mycontext);
+ } else {
+ $this->connection = @stream_socket_client($scheme.$this->config['host'].':'. $this->config['port'], &$errNum, &$errStr, $this->config['timeout'], STREAM_CLIENT_CONNECT, $mycontext);
+ }
if (!empty($errNum) || !empty($errStr)) {
$this->setLastError($errNum, $errStr);
throw new SocketException($errStr, $errNum);
@@ -228,6 +233,16 @@ public function read($length = 1024) {
}
return false;
}
+/**
+ * get Connection Context.
+ *
+ * @return context Array
+ */
+ public function getContext(){
+ return stream_context_get_options($this->connection);
+ }
+
+
/**
* Disconnect the socket from the current connection.
23 lib/Cake/Network/Http/HttpResponse.php
View
@@ -53,6 +53,13 @@ class HttpResponse implements ArrayAccess {
public $httpVersion = 'HTTP/1.1';
/**
+ * context
+ *
+ * @var array
+ */
+ public $context = array();
+
+/**
* Response code
*
* @var integer
@@ -419,6 +426,22 @@ public function offsetGet($offset) {
return null;
}
+ public function setContext($context){
+ if (get_resource_type($context) === "OpenSSL X.509" && function_exists(openssl_x509_export)){
+ if (!isset($context)){
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ return false;
+ }
+ openssl_x509_export($context, &$certstring);
+ $certstring = str_replace('-----BEGIN CERTIFICATE-----', '', $certstring);
+ $certstring = str_replace('-----END CERTIFICATE-----', '', $certstring);
+ $this->context = openssl_x509_parse($context);
+ $this->context['fingerprint']['sha1'] = strtoupper(sha1($certstring));
+ $this->context['fingerprint']['md5'] = strtoupper(md5($certstring));
+ } else {
+ return false;
+ }
+ }
+
/**
* ArrayAccess - 0ffset Set
*
58 lib/Cake/Network/Http/HttpSocket.php
View
@@ -64,7 +64,8 @@ class HttpSocket extends CakeSocket {
),
'raw' => null,
'redirect' => false,
- 'cookies' => array()
+ 'cookies' => array(),
+ 'context' => array()
);
/**
@@ -99,7 +100,8 @@ class HttpSocket extends CakeSocket {
'port' => 80
),
'redirect' => false,
- 'cookies' => array()
+ 'cookies' => array(),
+ 'context' => array()
)
);
@@ -325,6 +327,8 @@ public function request($request = array()) {
return false;
}
+ $this->_configContext($this->request['context']);
+
$this->request['raw'] = '';
if ($this->request['line'] !== false) {
$this->request['raw'] = $this->request['line'];
@@ -362,10 +366,16 @@ public function request($request = array()) {
}
}
+ if (isset($this->request['context'])){
+ $context = $this->getContext();
+ }
+
+
if ($connectionType === 'close') {
$this->disconnect();
}
+
list($plugin, $responseClass) = pluginSplit($this->responseClass, true);
App::uses($this->responseClass, $plugin . 'Network/Http');
if (!class_exists($responseClass)) {
@@ -373,6 +383,10 @@ public function request($request = array()) {
}
$responseClass = $this->responseClass;
$this->response = new $responseClass($response);
+
+ if (!empty($context) && isset($context['ssl']['peer_certificate'])){
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ $this->response->setContext($context['ssl']['peer_certificate']);
+ }
if (!empty($this->response->cookies)) {
if (!isset($this->config['request']['cookies'][$Host])) {
$this->config['request']['cookies'][$Host] = array();
@@ -719,6 +733,46 @@ protected function _parseUri($uri = null, $base = array()) {
}
/**
+ * Sets context-parameter
+ *
+ * @param array $context Context, See http://www.php.net/manual/de/context.php
+ * @access protected
+ */
+ private function _configContext($context = null){
+ if ($this->config['request']['uri']['scheme'] == 'https'){
+ $this->config['request']['context']['ssl'] = array(
+ 'capture_peer_cert' => true,
+ );
+ }
+ if ($context !== null && is_array($context) &&!empty($context)){
+ $this->config['request']['context'] = set::merge($this->config['request']['context'], $context);
+ }
+ }
+
+/**
+ * checking Fingerprint and setting Fingerprint to contextarray.
+ *
+ * @param string fingerprint fingerprint the certificate should have
+ * return bool
+ * @access protected
+ */
+
+
+ public function checkFingerprint($fingerprint){
+ if (!isset($this->request['context']['ssl']['peer_certificate'])){
Mark Story Owner

Missing braces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ return false;
+ }
+ openssl_x509_export($this->request['context']['ssl']['peer_certificate'], &$certstring);
+ $certstring = str_replace('-----BEGIN CERTIFICATE-----', '', $certstring);
+ $certstring = str_replace('-----END CERTIFICATE-----', '', $certstring);
+ $certstring = base64_decode($certstring);
+ $this->request['context']['ssl']['fingerprint']['sha1'] = strtoupper(sha1($certstring));
+ return trim($fingerprint) == $request['context']['ssl']['fingerprint']['sha1'];
+ }
+
+
+
+/**
* This function can be thought of as a reverse to PHP5's http_build_query(). It takes a given query string and turns it into an array and
* supports nesting by using the php bracket syntax. So this menas you can parse queries like:
*
Something went wrong with that request. Please try again.