Skip to content

Commit

Permalink
Merge pull request #35 from prolic/phpamqplib-ssl-connection
Browse files Browse the repository at this point in the history 
fix ssl connection for php amqplib
  • Loading branch information
@prolic
prolic committed Jun 18, 2017
2 parents 32741c1 + 0e2f05d commit bc002f4
Show file tree
Hide file tree
Showing 11 changed files with 156 additions and 4,016 deletions.
7 changes: 0 additions & 7 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,6 @@ before_script:
- sudo cp $TRAVIS_BUILD_DIR/provision/rabbitmq.config /etc/rabbitmq/
- sudo service rabbitmq-server restart
- echo "extension = amqp.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
- git clone https://github.com/pdezwart/php-amqp.git
- cd php-amqp
- phpize
- ./configure
- make
- sudo make install
- cd ..
- composer self-update
- composer update --prefer-dist $DEPENDENCIES
- sudo rabbitmqctl add_vhost /humus-amqp-test
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ The JSON-RPC part implements [JSON-RPC 2.0 Specification](http://www.jsonrpc.org

Current supported drivers are: [php-amqp](https://github.com/pdezwart/php-amqp) and [PhpAmqpLib](https://github.com/php-amqplib/php-amqplib).

php-amqp needs at least to be v1.9.0
php-amqp needs at least to be v1.9.1
php-amqplib needs at least to be v2.7.0-rc1

This library ships with `container-interop` factories that help you setting up everything.
Expand Down
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
},
"suggest": {
"ext-pcntl": "For process control management",
"ext-amqp": ">= 1.9.0 For usage together with php amqp extension",
"ext-amqp": ">= 1.9.1 For usage together with php amqp extension",
"php-amqplib/php-amqplib": ">= 2.7.0-rc1 For usage together with php-amqplib",
"symfony/console": "For usage of the provided console tool",
"container-interop/container-interop": "For usage of provided factories",
Expand Down
3,906 changes: 16 additions & 3,890 deletions provision/test_certs/cacert.pem
View file

Large diffs are not rendered by default.

35 changes: 18 additions & 17 deletions provision/test_certs/cert.pem
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDAjCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMRUwEwYDVQQDDAxNeVRl
c3RSb290Q0ExDTALBgNVBAcMBDExNjMwHhcNMTYwMjI4MjA1MzE5WhcNMjYwMjI1
MjA1MzE5WjAyMR8wHQYDVQQDDBZ2YWdyYW50LXVidW50dS13aWx5LTY0MQ8wDQYD
VQQKDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlidFz
TzrjhgBUC5JLZDfduKl9oCITKjAvqTKgf6Dp3euFayyjn3owfifKaYUSeWhWFW5g
Kv7rq3xFPMHt3tlTW+S5SBJSmhjIaapbU5zRFezp+7S4FClsqFioBWlTJofH0rZo
uiA6at9Og+q6ZvUBhTIBtVqvxRh7Y72kcqxO6JqbA3/k21c/zYIUW1ZZ0engOLp1
NQGQHSK5VLlmpAW8Ay/ZU9s1E8AjNsIIN8oD3p6ATP2w64KRI6PGf/TKf4jlimqr
PpItqFWrXgpd7XMiC47SKqTZZFwNT3D6kD8pBzWbKNzBikSFrcpyCO3/nKf5CNHF
rvGwUuJhDPj8WUUnAgMBAAGjLzAtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAy+g/mU0YWvLpa
0AJy4pq2ziXs4g8tsdgXn6/Z8paPaVNFMCHJRTHowFJ6a+GwfnixTFckBaJCXn+Q
zR5Xo0v2lNnJiEgJsupRBDdVstZLOWs8M/UoIj/L+spzc8YRPzs0Quzy1v7e4unh
dmcy3GKArcP3z2PeBuvwWovlXnNsb5zxy1fyTH5nWa/k87So8EtRiRAZGN/4+u8g
f4yER/NEQOicwVs7vSe6Ex/bgJll2CUas2ed+/Vh3gO/9jky9Rmak+JuyL8LYIHy
aVaU78D84DgcLiHTneKMUH4i7KlWJTJPSmdR/fpnHWANk9ZiG1TQi88vjX8UdH4L
8rElOpLG
MIIDAjCCAeqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAmMRUwEwYDVQQDDAxNeVRl
c3RSb290Q0ExDTALBgNVBAcMBDExNjMwHhcNMTYwMjI4MjA1MzIwWhcNMjYwMjI1
MjA1MzIwWjAyMR8wHQYDVQQDDBZ2YWdyYW50LXVidW50dS13aWx5LTY0MQ8wDQYD
VQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYBJW
rGEiIeTEiCNm9IES2jDulPHrGRnVntgYioLapzjE2GHq2nS6CM523775wSt7ywGV
FuIFrX6gE/pbisU35VCze/R4icUWn4ogrzTSv955FnGCqOR+/4s2zDUG/sllOIG6
L+ooQAStkR7Q1073DYCsC/ZtjoViLY1LbF8Om8ValuCgiJ4oF6EgbIKptc2lAgZc
PMqm9TNdsD6/QGiztVBtwagqkxRt9Z90M0e9LTirhj6n4VbYHPrNRl73cuWKbKu4
UrHpntO/+QJ7d5cBDY4pzZsLxGUnskLBNv8ndlD0s+jgtpKo/5l9g3Xtnh9i+eGq
gMWejzbdMvNzrHUdAgMBAAGjLzAtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgUgMBMG
A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAHdy8M5vV1yMd4
ZwzpCoMZ9BXYm8HNJ2lohB9AAeqekRNJjN6Z77L2hBl4S9ELcmSF9RU1yBNvhJro
ymubh2J77w/GLjcCH/GyBOncd9/TJ5Ti3NNNTazCHBlCqSo1wHm1x9pgxe7Z77V7
cLZFjlWzdyIQdRsUu/PO8xfJtRhetkzDBQTbZ3nVycHNOYCD2YDXGAKhZhWQgvYF
JuVMjE8nN3xYKEtDL8GCGvh72G5ixvEicDC6FlUNhVdPzGDetmpCkHLt2wrfYmWy
WoWh/WU4o5FlRb1gblgquAku3qGgj1aQZgqGBhbajSQNEd75NULgMWAQutLo3zOW
paNjxrzN
-----END CERTIFICATE-----

51 changes: 26 additions & 25 deletions provision/test_certs/key.pem
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5YnRc08644YAVAuSS2Q33bipfaAiEyowL6kyoH+g6d3rhWss
o596MH4nymmFEnloVhVuYCr+66t8RTzB7d7ZU1vkuUgSUpoYyGmqW1Oc0RXs6fu0
uBQpbKhYqAVpUyaHx9K2aLogOmrfToPqumb1AYUyAbVar8UYe2O9pHKsTuiamwN/
5NtXP82CFFtWWdHp4Di6dTUBkB0iuVS5ZqQFvAMv2VPbNRPAIzbCCDfKA96egEz9
sOuCkSOjxn/0yn+I5Ypqqz6SLahVq14KXe1zIguO0iqk2WRcDU9w+pA/KQc1myjc
wYpEha3Kcgjt/5yn+QjRxa7xsFLiYQz4/FlFJwIDAQABAoIBAQCm2hq1fjdpYmPk
tBCg2vW9J1mVJwz972Hdk1loz72Roq5sam6ldeylSV71ROTle/k68hMstrRdbWdF
ERhLJ/3EGX1Wrawb/UXckOqzvkC0wAJaR4yjbox6HplrcZuRROXYfDP6RqncrQks
ErpSyzp343FpSoHkWRolv2gAHRdht1UN44V0a4q+69kqhH7M3sc8V1YfWxuyJK0B
8oLlt99J+bCHnPBS3XBasBkPpa6AyT5BbsH6p6yzKdeYdotwMlksQ5OtYbbXEB+n
YnkgpEAaGqKbaFN8kEGhKtOaGxB8g1uZKIOeBCV2n3QbICu6nbAfVO7pNzzalQw4
qssjEm1RAoGBAPYDJ9H3OBQw4TIDPt7fqVSxWaXioubSnx0jUHfNm5dPcxf7LuJO
sjKESqavZlxfrCabXqCdujWpTlxBsscVbhALzKfMcusPnNTE8rP/69sADPKHjL7y
VN4BX9J74rXBd1UbIjSFKvmFCNKSGlgtsaYytTzjQk9Cw8HrUzUuoAapAoGBAO7b
ci99WnD++Hp8OPplVmd1DKszSvzs4EDNJgPUp+nVQRzPWnUgPHJAaWhpyi2kld3I
Qxg5avxWfedM1qiKtUiPCsiREqkK2EAOxSQFGzT5d5i9O9wmWpmnmE1lA7/+S+dg
L5nY8stfMio6oOyy0sBRJW+XAMRQ16FmLIcWGt9PAoGAPgrtr/Y5Hl51bLeE05B0
k/dmNH/DtZLIrgCJ+qzP4IkY7aNbX5eZOURDz2XM2t8F+3aTls4wd/gK2xl2jN7K
syFGq8rT8JQvaTmCPAL+6GxK1593z3AuFw8hq2Oy+UOhZMVDCxvKisMSRoiyPCrJ
8rA3JPPrdTHRTMacZX0svoECgYEA0+TzgDOpNxLKJgbrmR6rLy6EZaAkRwpwyqvz
rHRL3cHkeIVujvdhCE4h9JHc3O7kUJKnCudtBJxKJxZgW7ZpqgvTmigwsKvBOdqg
gxrQjwc8VNCTOPMBbsxh7U7Oq9URSxpmQApZIZe67gGC31ioZBnYpw0DjiTVlgYJ
PHGctzsCgYAyaHjtWBKflYYV/1kJvv5iolxxzgRSxKI3Uz/axaU5gEWakPwQjpAI
+lh3o8LZi8uIRyq1Mm8hQ5hlkdDJmfygchg9vsGP+pb0DrXNAOHENPbA8UTGSH01
6V4LGFOFyBfofz5fVbENVEfl4biTilNePr+xxAdQtH3nvouGt48QLw==
MIIEogIBAAKCAQEAx2ASVqxhIiHkxIgjZvSBEtow7pTx6xkZ1Z7YGIqC2qc4xNhh
6tp0ugjOdt+++cEre8sBlRbiBa1+oBP6W4rFN+VQs3v0eInFFp+KIK800r/eeRZx
gqjkfv+LNsw1Bv7JZTiBui/qKEAErZEe0NdO9w2ArAv2bY6FYi2NS2xfDpvFWpbg
oIieKBehIGyCqbXNpQIGXDzKpvUzXbA+v0Bos7VQbcGoKpMUbfWfdDNHvS04q4Y+
p+FW2Bz6zUZe93LlimyruFKx6Z7Tv/kCe3eXAQ2OKc2bC8RlJ7JCwTb/J3ZQ9LPo
4LaSqP+ZfYN17Z4fYvnhqoDFno823TLzc6x1HQIDAQABAoIBAA9wZhsmICN3gnKh
pDQtzOz7znw7NnyhJfn/4fYMi9OIzYGYzARWxGE/m1VjQDOw/MAKWWYFLp2H8N1O
jr2WAm2wqU4s1CKdcJCu7BBZ4PpM91pjHYkjsQYQneQxbg3LnybieFFFsplJU9Np
AHzln2zMM+Gez4duWO/gXSexDa9gx6nEwLjfv4jRl61CRXqSt4g/wnJJ7HgZ5jtG
NBkef0zXkzPSyXnatnL3WmI2ZyMSfcPqF4fojJuEI3ape51sGv7Kxf/nDqXC1oJI
i0xHNVyJTZ2eEEGeDVttRD9p+5EUkanGZR0k4Urty1dD8ktJzqPjUoT1q0Y4AStu
96erybUCgYEA5gMcQ5DBp5l/3cUwTvTyyLOUCGW37tNuvS93aOK6MFne8jfmMGGG
SsRB/3oOcmPs7FL8Mr9X0CjVk94BQ87xbCAG+5ZCU3rhdhCA5rrINRtTGUSB3jyb
+WHFRFS3SVavDlBs/7YXqS/NfNmM6D53ClFsz5e/CC6xmvbQ9QhXyY8CgYEA3ebR
ZtqWEBpqVs9O1Cya9kQKiHpb9hsi3qPVfmBaagVAC2mpxB/NkSHRN66kFZbpZHzd
m9K93Du52+w+/QxfWn+/FYpgv3G96D9HzgdHvVBIGAiSaj/iGq+/6fW+XKDmmTxP
cPu1cCqzlhrk3rwcixIohDZcPHWAUdO2OtF0yJMCgYBz0Y0h2Hoq0ng4S1qP53d4
6DPaJp3/fCd+y6/s+H2Yayh//vXB1tmwPDKfWe58WySpuv+S7hZhkq44zskEQ+f8
8gOSG486Sd3NfXHqvJKjaybkykI6jXpckIasaZwBKczsAENiX2Z6or9t5n21U/7N
C0MnJNnkXN7BkRaWy6SosQKBgCuKDY5L12Pjevf7hzEUa3dklFiBAahBXM8ogExi
pXrl+tICcn/76X7PjtiJGMLvsG26HlVjvUMIKQigyx8lnVQJernERAVsUOHQAMvJ
G+dmaC7nB6t3S2sHDvXd9PMB0x0/+yplCQ2wIzqRnlShvkv/TRnb/K8UMxBbJQdX
b72nAoGAVpTav3TdSq2cIUfiQERgphloT5byzt8k7sIXv76aW820MUU0Su2V96Lz
9/cnVOyLcT4iBaaiZtNQTtJOuIdLDr4ylBJeAT10kbThg/xUf7FdUTYEdfvnjbsM
gx/Viwz1HqPv9hq4NSJqBjVE/7gBWqLsk5SkMt7vAH57i8RpjsM=
-----END RSA PRIVATE KEY-----

10 changes: 5 additions & 5 deletions src/ConnectionOptions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ class ConnectionOptions extends AbstractOptions
protected $key = null;

/**
* @var bool
* @var bool|null
*/
protected $verify = null;

Expand Down Expand Up @@ -259,7 +259,7 @@ public function setHeartbeat(int $heartbeat)
}

/**
* @return string
* @return string|null
*/
public function getCACert()
{
Expand All @@ -275,7 +275,7 @@ public function setCACert(string $cacert)
}

/**
* @return string
* @return string|null
*/
public function getCert()
{
Expand All @@ -291,7 +291,7 @@ public function setCert(string $cert)
}

/**
* @return string
* @return string|null
*/
public function getKey()
{
Expand All @@ -307,7 +307,7 @@ public function setKey(string $key)
}

/**
* @return bool
* @return bool|null
*/
public function getVerify()
{
Expand Down
5 changes: 5 additions & 0 deletions src/Driver/AmqpExtension/Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
use Humus\Amqp\Channel as ChannelInterface;
use Humus\Amqp\Connection as ConnectionInterface;
use Humus\Amqp\ConnectionOptions;
use Humus\Amqp\Exception\InvalidArgumentException;
use Traversable;

/**
Expand Down Expand Up @@ -53,6 +54,10 @@ public function __construct($options)
$options = new ConnectionOptions($options);
}

if (true === $options->getVerify() && null === $options->getCACert()) {
throw new InvalidArgumentException('CA cert not set, so it can\'t be verified.');
}

$this->options = $options;
$this->connection = new \AMQPConnection($options->toArray());
}
Expand Down
26 changes: 13 additions & 13 deletions src/Driver/PhpAmqpLib/SslConnection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
namespace Humus\Amqp\Driver\PhpAmqpLib;

use Humus\Amqp\ConnectionOptions;
use Humus\Amqp\Exception;
use Humus\Amqp\Exception\InvalidArgumentException;
use PhpAmqpLib\Connection\AMQPSSLConnection as BaseAMQPSSLConnection;
use Traversable;

Expand All @@ -43,24 +43,24 @@ public function __construct($options)
$options = new ConnectionOptions($options);
}

if (! $options->getCACert()) {
throw new Exception\InvalidArgumentException('Ca cert file missing in connection options');
if (true === $options->getVerify() && null === $options->getCACert()) {
throw new InvalidArgumentException('CA cert not set, so it can\'t be verified.');
}

if (! $options->getCert()) {
throw new Exception\InvalidArgumentException('Cert file missing in connection options');
$sslOptions = [];

if ($caCert = $options->getCACert()) {
$sslOptions['cafile'] = $caCert;
}

if (null === $options->getVerify()) {
throw new Exception\InvalidArgumentException('SSL verification option is missing connection options');
if ($cert = $options->getCert()) {
$sslOptions['local_cert'] = $cert;
}

$sslOptions = [
'cafile' => $options->getCACert(),
'local_cert' => $options->getCert(),
'verify_peer' => $options->getVerify(),
'verify_peer_name' => $options->getVerify()
];
if (null !== ($verify = $options->getVerify())) {
$sslOptions['verify_peer'] = $verify;
$sslOptions['verify_peer_name'] = $verify;
}

if ($key = $options->getKey()) {
$sslOptions['local_pk'] = $key;
Expand Down
39 changes: 39 additions & 0 deletions tests/AmqpExtension/ConnectionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

use Humus\Amqp\ConnectionOptions;
use Humus\Amqp\Driver\AmqpExtension\Connection;
use Humus\Amqp\Exception\InvalidArgumentException;
use HumusTest\Amqp\AbstractConnectionTest;
use HumusTest\Amqp\AmqpExtension\Helper\CreateConnectionTrait;

Expand Down Expand Up @@ -146,4 +147,42 @@ public function it_connects_with_ssl()

$this->assertFalse($connection->isConnected());
}

/**
* @test
* @group ssl
*/
public function it_connects_with_only_cacert()
{
$options = new ConnectionOptions();

$options->setVhost('/humus-amqp-test');
$options->setPort(5671);
$options->setCACert(__DIR__ . '/../../provision/test_certs/cacert.pem');
$options->setVerify(false);

$connection = new Connection($options);

$connection->connect();

$this->assertTrue($connection->isConnected());
}

/**
* @test
* @group ssl
*/
public function it_throws_if_cacert_not_set_but_verify_is_set_to_true()
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('CA cert not set, so it can\'t be verified.');

$options = new ConnectionOptions();

$options->setVhost('/humus-amqp-test');
$options->setPort(5671);
$options->setVerify(true);

new Connection($options);
}
}
Loading

0 comments on commit bc002f4

Please sign in to comment.