From 9fd291f9972ff38e30e3b31f8cf5eeead0215f0b Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Wed, 5 Jun 2024 15:03:09 +0200 Subject: [PATCH] Remove in-repo certs, require ca-bundle dep and use it in http client Signed-off-by: Kristian Feldsam --- composer.json | 6 ++-- src/FioApi/Downloader.php | 43 ++++++------------------ src/FioApi/keys/Geotrust_PCA_G3_Root.pem | 24 ------------- tests/FioApi/DownloaderTest.php | 7 ---- 4 files changed, 13 insertions(+), 67 deletions(-) delete mode 100644 src/FioApi/keys/Geotrust_PCA_G3_Root.pem diff --git a/composer.json b/composer.json index b571ade..47ceed0 100644 --- a/composer.json +++ b/composer.json @@ -20,15 +20,13 @@ "require": { "php": "~7.4||~8.0", "ext-curl": "*", - "guzzlehttp/guzzle": "~6.1|~7.0" + "guzzlehttp/guzzle": "~6.1|~7.0", + "composer/ca-bundle": "^1.5" }, "require-dev": { "phpunit/phpunit": "9.5.10", "squizlabs/php_codesniffer": "3.6.1" }, - "suggest": { - "composer/ca-bundle": "Provides regularly updated root certificates list" - }, "autoload": { "psr-4": { "FioApi\\": "src/FioApi" diff --git a/src/FioApi/Downloader.php b/src/FioApi/Downloader.php index 40e1e8b..e96221f 100644 --- a/src/FioApi/Downloader.php +++ b/src/FioApi/Downloader.php @@ -3,9 +3,12 @@ namespace FioApi; +use Composer\CaBundle\CaBundle; use FioApi\Exceptions\InternalErrorException; use FioApi\Exceptions\TooGreedyException; +use GuzzleHttp\Client; use GuzzleHttp\ClientInterface; +use GuzzleHttp\RequestOptions; use Psr\Http\Message\ResponseInterface; class Downloader @@ -13,45 +16,21 @@ class Downloader /** @var UrlBuilder */ protected $urlBuilder; - /** @var \GuzzleHttp\Client */ + /** @var Client */ protected $client; - /** @var string */ - protected $certificatePath; - - public function __construct( - string $token, - \GuzzleHttp\ClientInterface $client = null - ) { + public function __construct(string $token, ClientInterface $client = null) + { $this->urlBuilder = new UrlBuilder($token); $this->client = $client; } - public function setCertificatePath(string $path) - { - $this->certificatePath = $path; - } - - public function getCertificatePath(): string - { - if ($this->certificatePath) { - return $this->certificatePath; - } - - if (class_exists('\Composer\CaBundle\CaBundle')) { - return \Composer\CaBundle\CaBundle::getSystemCaRootBundlePath(); - } elseif (class_exists('\Kdyby\CurlCaBundle\CertificateHelper')) { - return \Kdyby\CurlCaBundle\CertificateHelper::getCaInfoFile(); - } - - //Key downloaded from https://www.geotrust.com/resources/root-certificates/ - return __DIR__ . '/keys/Geotrust_PCA_G3_Root.pem'; - } - public function getClient(): ClientInterface { if (!$this->client) { - $this->client = new \GuzzleHttp\Client(); + $this->client = new Client([ + RequestOptions::VERIFY => CaBundle::getSystemCaRootBundlePath() + ]); } return $this->client; } @@ -79,7 +58,7 @@ public function setLastId(string $id): void $url = $this->urlBuilder->buildSetLastIdUrl($id); try { - $client->request('get', $url, ['verify' => $this->getCertificatePath()]); + $client->request('get', $url); } catch (\GuzzleHttp\Exception\BadResponseException $e) { $this->handleException($e); } @@ -91,7 +70,7 @@ private function downloadTransactionsList(string $url): TransactionList try { /** @var ResponseInterface $response */ - $response = $client->request('get', $url, ['verify' => $this->getCertificatePath()]); + $response = $client->request('get', $url); } catch (\GuzzleHttp\Exception\BadResponseException $e) { $this->handleException($e); } diff --git a/src/FioApi/keys/Geotrust_PCA_G3_Root.pem b/src/FioApi/keys/Geotrust_PCA_G3_Root.pem deleted file mode 100644 index 76b9a31..0000000 --- a/src/FioApi/keys/Geotrust_PCA_G3_Root.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB -mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT -MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ -BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 -BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz -+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm -hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn -5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W -JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL -DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC -huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB -AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB -zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN -kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH -SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G -spki4cErx5z481+oghLrGREt ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/FioApi/DownloaderTest.php b/tests/FioApi/DownloaderTest.php index 106523e..33949c7 100644 --- a/tests/FioApi/DownloaderTest.php +++ b/tests/FioApi/DownloaderTest.php @@ -92,11 +92,4 @@ public function testDownloaderSetsLastId() $this->assertSame('https://fioapi.fio.cz/v1/rest/set-last-id/validToken/123456/', (string) $request->getUri()); } - - public function testDownloaderSetCertificatePath() - { - $downloader = new Downloader('validToken'); - $downloader->setCertificatePath('foo.pem'); - $this->assertSame('foo.pem', $downloader->getCertificatePath()); - } }