Merge pull request #5 from philippe-vandermoere/feature-add-certifica…

…te-chain

add certificate chain

.circleci/config.yml

@@ -2,7 +2,7 @@ version: '2.1'
 executors:
     php:
         docker:
-            - image: php:7.3.8-cli-alpine
+            - image: php:7.3.9-cli-alpine
 
 jobs:
     vendor:
@@ -92,20 +92,20 @@ jobs:
             - setup_remote_docker
             - checkout
             - run:
-                  name: Authenticate to dockerhub
-                  command: echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_LOGIN} --password-stdin
+                name: Authenticate to dockerhub
+                command: echo ${DOCKERHUB_PASSWORD} | docker login -u ${DOCKERHUB_LOGIN} --password-stdin
             - run:
-                  name: Build and push docker image
-                  command: |
-                      version=latest
-                      if [[ ! -z ${CIRCLE_TAG} ]]; then \
-                          version=${CIRCLE_TAG}; \
-                      fi
+                name: Build and push docker image
+                command: |
+                    version=latest
+                    if [[ ! -z ${CIRCLE_TAG} ]]; then \
+                        version=${CIRCLE_TAG}; \
+                    fi
 
-                      docker_tag=${DOCKERHUB_ORGANIZATION}/${CIRCLE_PROJECT_REPONAME}:${version}
+                    docker_tag=${DOCKERHUB_ORGANIZATION}/${CIRCLE_PROJECT_REPONAME}:${version}
 
-                      docker build . -t ${docker_tag}
-                      docker push ${docker_tag}
+                    docker build . -t ${docker_tag}
+                    docker push ${docker_tag}
 
 workflows:
     version: '2.1'
@@ -125,9 +125,9 @@ workflows:
     dockerhub:
         jobs:
             - dockerhub:
-                  context: global
-                  filters:
-                      tags:
-                          only: /^[0-9]+.[0-9]+.[0-9]+$/
-                      branches:
-                          only: master
+                context: global
+                filters:
+                    tags:
+                        only: /^[0-9]+.[0-9]+.[0-9]+$/
+                    branches:
+                        only: master

Dockerfile

@@ -1,4 +1,4 @@
-FROM php:7.3.8-cli-alpine
+FROM php:7.3.9-cli-alpine
 
 WORKDIR /app
 

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM php:7.3.8-cli-alpine
+FROM php:7.3.9-cli-alpine
 
 WORKDIR /app
 

config/certificate.yaml

@@ -1,24 +1,24 @@
 services:
-  _defaults:
-    autowire: true
-    public: false
-    bind:
-      $providers: !tagged certificate.provider
-      $certificateDirectory: '%env(CERTIFICATE_DIRECTORY)%'
+    _defaults:
+        autowire: true
+        public: false
+        bind:
+            $providers: !tagged certificate.provider
+            $certificateDirectory: '%env(CERTIFICATE_DIRECTORY)%'
 
-  _instanceof:
-    App\Certificate\ProviderInterface:
-      tags: ['certificate.provider']
+    _instanceof:
+        App\Certificate\ProviderInterface:
+            tags: ['certificate.provider']
 
-  App\Certificate\CertificateService: ~
+    App\Certificate\CertificateService: ~
 
-  App\Certificate\Provider\SelfSigned: ~
+    App\Certificate\Provider\SelfSigned: ~
 
-  app.github.client:
-    class: Http\Client\Curl\Client
+    app.github.client:
+        class: Http\Client\Curl\Client
 
-  Http\Client\HttpClient $githubClient: '@app.github.client'
+    Http\Client\HttpClient $githubClient: '@app.github.client'
 
-  App\Certificate\Provider\GithubClient: ~
+    App\Certificate\Provider\GithubClient: ~
 
-  App\Certificate\Provider\Github: ~
+    App\Certificate\Provider\Github: ~

config/command.yaml

@@ -1,17 +1,17 @@
 services:
-  _defaults:
-    autowire: true
-    public: false
-    bind:
-      $commands: !tagged console.command
+    _defaults:
+        autowire: true
+        public: false
+        bind:
+            $commands: !tagged console.command
 
-  _instanceof:
-    Symfony\Component\Console\Command\Command:
-      tags: ['console.command']
+    _instanceof:
+        Symfony\Component\Console\Command\Command:
+            tags: ['console.command']
 
-  App\Application:
-    public: true
+    App\Application:
+        public: true
 
-  App\Command\ProxyCommand: ~
+    App\Command\ProxyCommand: ~
 
-  App\Command\ProxyServerCommand: ~
+    App\Command\ProxyServerCommand: ~

config/docker.yaml

@@ -1,17 +1,17 @@
 services:
-  _defaults:
-    autowire: true
-    public: false
-    bind:
-      $dockerSocketPath: '%env(DOCKER_SOCKET)%'
+    _defaults:
+        autowire: true
+        public: false
+        bind:
+            $dockerSocketPath: '%env(DOCKER_SOCKET)%'
 
-  PhilippeVandermoere\DockerPhpSdk\DockerFactory: ~
+    PhilippeVandermoere\DockerPhpSdk\DockerFactory: ~
 
-  app.docker.client:
-    class: Http\Client\Curl\Client
-    factory: ['@PhilippeVandermoere\DockerPhpSdk\DockerFactory', 'createSocketDockerClient']
+    app.docker.client:
+        class: Http\Client\Curl\Client
+        factory: ['@PhilippeVandermoere\DockerPhpSdk\DockerFactory', 'createSocketDockerClient']
 
-  Http\Client\HttpClient $dockerClient: '@app.docker.client'
+    Http\Client\HttpClient $dockerClient: '@app.docker.client'
 
-  PhilippeVandermoere\DockerPhpSdk\DockerService:
-    factory: ['@PhilippeVandermoere\DockerPhpSdk\DockerFactory', 'createDockerService']
+    PhilippeVandermoere\DockerPhpSdk\DockerService:
+        factory: ['@PhilippeVandermoere\DockerPhpSdk\DockerFactory', 'createDockerService']

config/proxy.yaml

@@ -1,16 +1,16 @@
 services:
-  _defaults:
-    autowire: true
-    public: false
-    bind:
-      $dockerLabelDomain: '%env(DOCKER_LABEL_DOMAIN)%'
-      $dockerLabelPort: '%env(DOCKER_LABEL_PORT)%'
-      $dockerLabelPath: '%env(DOCKER_LABEL_PATH)%'
-      $dockerLabelSsl: '%env(DOCKER_LABEL_SSL)%'
-      $dockerLabelCertificateProviderPrefix: '%env(DOCKER_LABEL_CERTIFICATE_PROVIDER_PREFIX)%'
-      $virtualHostDirectory: '%env(VIRTUAL_HOST_DIRECTORY)%'
-      $homepageDirectory: '%env(HOMEPAGE_DIRECTORY)%'
+    _defaults:
+        autowire: true
+        public: false
+        bind:
+            $dockerLabelDomain: '%env(DOCKER_LABEL_DOMAIN)%'
+            $dockerLabelPort: '%env(DOCKER_LABEL_PORT)%'
+            $dockerLabelPath: '%env(DOCKER_LABEL_PATH)%'
+            $dockerLabelSsl: '%env(DOCKER_LABEL_SSL)%'
+            $dockerLabelCertificateProviderPrefix: '%env(DOCKER_LABEL_CERTIFICATE_PROVIDER_PREFIX)%'
+            $virtualHostDirectory: '%env(VIRTUAL_HOST_DIRECTORY)%'
+            $homepageDirectory: '%env(HOMEPAGE_DIRECTORY)%'
 
-  App\Proxy\NginxService: ~
+    App\Proxy\NginxService: ~
 
-  App\Proxy\ProxyService: ~
+    App\Proxy\ProxyService: ~

config/twig.yaml

@@ -1,20 +1,20 @@
 services:
-  _defaults:
-    autowire: true
-    public: false
-    bind:
-      $twigExtensions: !tagged twig.extensions
-      $templatesDirectory: '%rootDirectory%/templates'
-      $httpPort: '%env(int:HTTP_PORT)%'
-      $httpsPort: '%env(int:HTTPS_PORT)%'
+    _defaults:
+        autowire: true
+        public: false
+        bind:
+            $twigExtensions: !tagged twig.extensions
+            $templatesDirectory: '%rootDirectory%/templates'
+            $httpPort: '%env(int:HTTP_PORT)%'
+            $httpsPort: '%env(int:HTTPS_PORT)%'
 
-  _instanceof:
-    Twig\Extension\ExtensionInterface:
-      tags: ['twig.extensions']
+    _instanceof:
+        Twig\Extension\ExtensionInterface:
+            tags: ['twig.extensions']
 
-  App\Twig\TwigFactory: ~
+    App\Twig\TwigFactory: ~
 
-  App\Twig\ProxyExtension: ~
+    App\Twig\ProxyExtension: ~
 
-  Twig\Environment:
-    factory: 'App\Twig\TwigFactory:create'
+    Twig\Environment:
+        factory: 'App\Twig\TwigFactory:create'

phpcs.xml

@@ -7,5 +7,5 @@
     <rule ref="PSR1">
         <exclude name="PSR1.Methods.CamelCapsMethodName"/>
     </rule>
-    <rule ref="PSR2"/>
+    <rule ref="PSR12"/>
 </ruleset>

src/Certificate/Certificate.php

@@ -22,15 +22,23 @@ class Certificate
     /** @var string */
     protected $privateKeyFilename;
 
-    public function __construct(string $domain, string $certificateFilename, string $privateKeyFilename)
-    {
+    /** @var string */
+    protected $certificateChainFilename;
+
+    public function __construct(
+        string $domain,
+        string $certificateFilename,
+        string $privateKeyFilename,
+        string $certificateChainFilename
+    ) {
         if (false === Validator::validateDomain($domain)) {
             throw new \InvalidArgumentException('domain `' . $domain . '` must be respect the RFC.');
         }
 
         $this->domain = $domain;
         $this->certificateFilename = $certificateFilename;
         $this->privateKeyFilename = $privateKeyFilename;
+        $this->certificateChainFilename = $certificateChainFilename;
     }
 
     public function getDomain(): string
@@ -48,6 +56,16 @@ public function getPrivateKeyFilename(): string
         return $this->privateKeyFilename;
     }
 
+    public function getCertificateChainFilename(): string
+    {
+        return $this->certificateChainFilename;
+    }
+
+    public function hasCertificateChain(): bool
+    {
+        return true === \is_file($this->getCertificateChainFilename());
+    }
+
     public function writeCertificate(string $certificate): self
     {
         return $this->writeFileContent($this->getCertificateFilename(), $certificate);
@@ -58,6 +76,13 @@ public function writePrivateKey(string $privateKey): self
         return $this->writeFileContent($this->getPrivateKeyFilename(), $privateKey);
     }
 
+    public function writeCertificateChain(string $certificateChain): self
+    {
+        $this->writeFileContent($this->getCertificateChainFilename(), $certificateChain);
+
+        return $this;
+    }
+
     public function getStartDate(): \DateTimeInterface
     {
         $data = $this->parseCertificate();

src/Certificate/CertificateService.php

@@ -56,7 +56,8 @@ protected function createEmptyCertificate(string $domain): Certificate
         return new Certificate(
             $domain,
             $this->certificateDirectory . '/' . $domain . '/certificate.pem',
-            $this->certificateDirectory . '/' . $domain . '/privatekey.pem'
+            $this->certificateDirectory . '/' . $domain . '/privatekey.pem',
+            $this->certificateDirectory . '/' . $domain . '/chain.pem'
         );
     }
 

src/Certificate/Provider/Github.php

@@ -30,13 +30,24 @@ public function getName(): string
     public function createCertificate(Certificate $certificate, array $options = []): Certificate
     {
         foreach (['token', 'repository', 'certificate_path', 'private_key_path'] as $key) {
-            if (false === isset($options[$key])) {
+            if (false === \array_key_exists($key, $options)) {
                 throw new \InvalidArgumentException('Missing parameter `' . $key . '`.');
             }
         }
 
         echo 'Certificate: Getting from github for domain `' . $certificate->getDomain() . '`.' . PHP_EOL;
 
+        if (true === \array_key_exists('certificate_chain_path', $options)) {
+            $certificate->writeCertificateChain(
+                $this->githubClient->getApiContent(
+                    $options['repository'],
+                    $options['certificate_chain_path'],
+                    $options['token'],
+                    $options['branch'] ?? 'master'
+                )
+            );
+        }
+
         return $certificate
             ->writeCertificate(
                 $this->githubClient->getApiContent(

src/Certificate/Provider/GithubClient.php

@@ -27,7 +27,7 @@ public function __construct(HttpClient $githubClient)
     public function getApiContent(
         string $repository,
         string $path,
-        string $token,
+        string $token = null,
         string $reference = 'master'
     ): string {
         return $this->callApi(
@@ -36,17 +36,22 @@ public function getApiContent(
         );
     }
 
-    protected function callApi(string $route, string $token, string $method = 'GET'): string
+    protected function callApi(string $route, string $token = null, string $method = 'GET'): string
     {
+        $headers = [
+            'Accept' => 'application/vnd.github.v3.raw',
+            'User-Agent' => 'docker-proxy',
+        ];
+
+        if (\is_string($token)) {
+            $headers['Authorization'] = 'token ' . $token;
+        }
+
         $response = $this->githubClient->sendRequest(
             new Request(
                 $method,
                 static::GITHUB_API_URL . $route,
-                [
-                    'Authorization' => 'token ' . $token,
-                    'Accept' => 'application/vnd.github.v3.raw',
-                    'User-Agent' => 'docker-proxy'
-                ]
+                $headers
             )
         );
 

src/Proxy/Server.php

@@ -32,7 +32,7 @@ public function __construct(string $id, string $name, string $ip, int $port)
         }
 
         if (false === Validator::validatePort($port)) {
-            throw new \InvalidArgumentException('port `' . $port .'` must be between 1 and 65535.');
+            throw new \InvalidArgumentException('port `' . $port . '` must be between 1 and 65535.');
         }
 
         $this->id = $id;

src/Twig/ProxyExtension.php

@@ -25,11 +25,11 @@ class ProxyExtension extends AbstractExtension
     public function __construct(int $httpPort, int $httpsPort)
     {
         if (false === Validator::validatePort($httpPort)) {
-            throw new \InvalidArgumentException('httpPort `' . $httpPort .'` must be between 1 and 65535.');
+            throw new \InvalidArgumentException('httpPort `' . $httpPort . '` must be between 1 and 65535.');
         }
 
         if (false === Validator::validatePort($httpsPort)) {
-            throw new \InvalidArgumentException('httpsPort `' . $httpsPort .'` must be between 1 and 65535.');
+            throw new \InvalidArgumentException('httpsPort `' . $httpsPort . '` must be between 1 and 65535.');
         }
 
         $this->httpPort = $httpPort;