-
Notifications
You must be signed in to change notification settings - Fork 99
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #88 from rtm-ctrlz/feat-ssl
feat: add support for SSL
- Loading branch information
Showing
16 changed files
with
406 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<?php | ||
|
||
/* | ||
* Use case | ||
* - self-signed certificates | ||
* - peer name (for certificates checks) will be taken from `host` | ||
* | ||
* See also RabbitMQ config: tests/ssl/rabbitmq.ssl.verify_none.conf | ||
*/ | ||
$clientConfig = [ | ||
'host' => 'rabbitmq.example.com', | ||
// ... | ||
'ssl' => [ | ||
'cafile' => 'ca.pem', | ||
'allow_self_signed' => true, | ||
'verify_peer' => true, | ||
], | ||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<?php | ||
|
||
/* | ||
* Use case | ||
* - self-signed certificates | ||
* - peer name (for certificates checks) should not depend on `host` | ||
* 'rabbitmq.company.ltd' will be used | ||
* | ||
* See also RabbitMQ config: tests/ssl/rabbitmq.ssl.verify_none.conf | ||
*/ | ||
$clientConfig = [ | ||
'host' => 'rabbitmq.example.com', | ||
// ... | ||
'ssl' => [ | ||
'cafile' => 'ca.pem', | ||
'allow_self_signed' => true, | ||
'verify_peer' => true, | ||
'peer_name' => 'rabbitmq.company.ltd', | ||
], | ||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<?php | ||
|
||
/* | ||
* Use case | ||
* - client certificate should be used | ||
* - file `client.pem`: | ||
* - contents both certificate and key | ||
* | ||
* See also RabbitMQ config: tests/ssl/rabbitmq.ssl.verify_peer.conf | ||
*/ | ||
$clientConfig = [ | ||
'host' => 'rabbitmq.example.com', | ||
// ... | ||
'ssl' => [ | ||
'cafile' => 'ca.pem', | ||
'allow_self_signed' => true, | ||
'verify_peer' => true, | ||
'local_cert' => 'client.pem', | ||
], | ||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<?php | ||
|
||
/* | ||
* Use case | ||
* - client certificate should be used | ||
* - file `client.pem`: | ||
* - contents both certificate and key | ||
* - encoded with a passphrase | ||
* | ||
* See also RabbitMQ config: tests/ssl/rabbitmq.ssl.verify_peer.conf | ||
*/ | ||
$clientConfig = [ | ||
'host' => 'rabbitmq.example.com', | ||
// ... | ||
'ssl' => [ | ||
'cafile' => 'ca.pem', | ||
'allow_self_signed' => true, | ||
'verify_peer' => true, | ||
'local_cert' => 'client.pem', | ||
'passphrase' => 'passphrase-for-client.pem', | ||
], | ||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
<?php | ||
|
||
/* | ||
* Use case | ||
* - client certificate should be used | ||
* - file `client.cert` is a client certificate | ||
* - file `client.key`: | ||
* - is a private key client certificate | ||
* - encoded with a passphrase | ||
* | ||
* See also RabbitMQ config: tests/ssl/rabbitmq.ssl.verify_peer.conf | ||
*/ | ||
$clientConfig = [ | ||
'host' => 'rabbitmq.example.com', | ||
// ... | ||
'ssl' => [ | ||
'cafile' => 'ca.pem', | ||
'allow_self_signed' => true, | ||
'verify_peer' => true, | ||
'local_cert' => 'client.cert', | ||
'local_pk' => 'client.key', | ||
'passphrase' => 'passphrase-for-client.key', | ||
], | ||
]; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
<?php | ||
|
||
namespace Bunny; | ||
|
||
use Bunny\Async\Client as AsyncClient; | ||
use Bunny\Exception\ClientException; | ||
use Bunny\Test\Exception\TimeoutException; | ||
use PHPUnit\Framework\TestCase; | ||
|
||
use React\EventLoop\Factory; | ||
|
||
use function dirname; | ||
use function file_exists; | ||
use function getenv; | ||
use function is_file; | ||
use function putenv; | ||
|
||
class SSLTest extends TestCase | ||
{ | ||
|
||
public function testConnect() | ||
{ | ||
$options = $this->getOptions(); | ||
|
||
$client = new Client($options); | ||
$client->connect(); | ||
$client->disconnect(); | ||
|
||
$this->assertTrue(true); | ||
} | ||
|
||
public function testConnectAsync() { | ||
$options = $this->getOptions(); | ||
$loop = Factory::create(); | ||
|
||
$loop->addTimer(5, function () { | ||
throw new TimeoutException(); | ||
}); | ||
|
||
$client = new AsyncClient($loop, $options); | ||
$client->connect()->then(function (AsyncClient $client) { | ||
return $client->disconnect(); | ||
})->then(function () use ($loop) { | ||
$loop->stop(); | ||
})->done(); | ||
|
||
$loop->run(); | ||
|
||
$this->assertTrue(true); | ||
} | ||
|
||
public function testConnectWithMissingClientCert() | ||
{ | ||
$options = $this->getOptions(); | ||
if (!isset($options['ssl']['local_cert'])) { | ||
$this->markTestSkipped('No client certificate is used'); | ||
} | ||
|
||
// let's try without client certificate - it should fail | ||
unset($options['ssl']['local_cert'], $options['ssl']['local_pk']); | ||
|
||
$this->expectException(ClientException::class); | ||
|
||
$client = new Client($options); | ||
$client->connect(); | ||
$client->disconnect(); | ||
} | ||
|
||
public function testConnectToTcpPort() | ||
{ | ||
$options = $this->getOptions(); | ||
unset($options['port']); | ||
|
||
$this->expectException(ClientException::class); | ||
|
||
$client = new Client($options); | ||
$client->connect(); | ||
$client->disconnect(); | ||
} | ||
|
||
public function testConnectWithWrongPeerName() | ||
{ | ||
putenv('SSL_PEER_NAME=not-existsing-peer-name' . time()); | ||
$options = $this->getOptions(); | ||
|
||
$this->expectException(ClientException::class); | ||
|
||
$client = new Client($options); | ||
$client->connect(); | ||
$client->disconnect(); | ||
} | ||
|
||
protected function getOptions() | ||
{ | ||
// should we do SSL-tests | ||
if (empty(getenv('SSL_TEST'))) { | ||
$this->markTestSkipped('Skipped due empty ENV-variable "SSL_TEST"'); | ||
} | ||
|
||
// checking CA-file | ||
$caFile = getenv('SSL_CA'); | ||
if (empty($caFile)) { | ||
$this->fail('Missing CA file ENV-variable: "SSL_CA"'); | ||
} | ||
$testsDir = dirname(__DIR__); | ||
$caFile = $testsDir . '/' . $caFile; | ||
if (!file_exists($caFile) || !is_file($caFile)) { | ||
$this->fail('Missing CA file: "' . $caFile . '"'); | ||
} | ||
|
||
$peerName = getenv('SSL_PEER_NAME'); | ||
if (empty($peerName)) { | ||
// setting default value from tests/ssl/Makefile | ||
$peerName = 'server.rmq'; | ||
} | ||
|
||
// minimal SSL-options | ||
$options = [ | ||
'port' => 5673, | ||
'ssl' => [ | ||
// for tests we are using self-signed certificates | ||
'allow_self_signed' => true, | ||
'cafile' => $caFile, | ||
'peer_name' => $peerName, | ||
], | ||
]; | ||
|
||
|
||
$certFile = getenv('SSL_CLIENT_CERT'); | ||
$keyFile = getenv('SSL_CLIENT_KEY'); | ||
if (!empty($certFile) && !empty($keyFile)) { | ||
$certFile = $testsDir . '/' . $certFile; | ||
$keyFile = $testsDir . '/' . $keyFile; | ||
if (!file_exists($certFile) || !is_file($certFile)) { | ||
$this->fail('Missing certificate file: "' . $certFile . '"'); | ||
} | ||
if (!file_exists($keyFile) || !is_file($keyFile)) { | ||
$this->fail('Missing key file: "' . $keyFile . '"'); | ||
} | ||
$options['ssl']['local_cert'] = $certFile; | ||
$options['ssl']['local_pk'] = $keyFile; | ||
} | ||
return $options; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
/*.key | ||
/*.csr | ||
/*.pem | ||
/*.srl |
Oops, something went wrong.