Added certs

Author: slischka

composer.json

@@ -47,5 +47,10 @@
 	"classmap": [
 	  "src/"
 	]
+  },
+  "config": {
+    "allow-plugins": {
+      "dealerdirect/phpcodesniffer-composer-installer": true
+    }
   }
 }

src/Fapi/HttpClient/CurlHttpClient.php

@@ -38,6 +38,10 @@
 use const CURLOPT_RETURNTRANSFER;
 use const CURLOPT_SSL_VERIFYHOST;
 use const CURLOPT_SSL_VERIFYPEER;
+use const CURLOPT_SSLCERT;
+use const CURLOPT_SSLCERTPASSWD;
+use const CURLOPT_SSLKEY;
+use const CURLOPT_SSLKEYPASSWD;
 use const CURLOPT_TIMEOUT;
 use const CURLOPT_URL;
 
@@ -115,10 +119,28 @@ private function processOptions(RequestInterface $request, $handle): void
 	{
 		if ($request->hasHeader('timeout')) {
 			curl_setopt($handle, CURLOPT_TIMEOUT, (int) $request->getHeaderLine('timeout'));
-		} elseif ($request->hasHeader('connect_timeout')) {
+		}
+
+		if ($request->hasHeader('connect_timeout')) {
 			curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, (int) $request->getHeaderLine('connect_timeout'));
 		}
 
+		if ($request->hasHeader('cert')) {
+			curl_setopt($handle, CURLOPT_SSLCERT, $request->getHeader('cert')[0]);
+
+			if ($request->getHeader('cert')[1] ?? false) {
+				curl_setopt($handle, CURLOPT_SSLCERTPASSWD, $request->getHeader('cert')[1]);
+			}
+		}
+
+		if ($request->hasHeader('ssl_key')) {
+			curl_setopt($handle, CURLOPT_SSLKEY, $request->getHeader('ssl_key')[0]);
+
+			if ($request->getHeader('ssl_key')[1] ?? false) {
+				curl_setopt($handle, CURLOPT_SSLKEYPASSWD, $request->getHeader('ssl_key')[1]);
+			}
+		}
+
 		$this->processVerifyOption($request->getHeaderLine('verify'), $handle);
 	}
 
@@ -150,7 +172,9 @@ private function processHeaders(RequestInterface $request, $handle): RequestInte
 	{
 		$request = $request->withoutHeader('timeout')
 			->withoutHeader('connect_timeout')
-			->withoutHeader('verify');
+			->withoutHeader('verify')
+			->withoutHeader('cert')
+			->withoutHeader('ssl_key');
 
 		curl_setopt($handle, CURLOPT_HTTPHEADER, $this->formatHeaders($request->getHeaders()));
 

src/Fapi/HttpClient/GuzzleHttpClient.php

@@ -14,6 +14,7 @@
 use function defined;
 use function strlen;
 use function strncmp;
+use function var_dump;
 use const CURLE_OPERATION_TIMEOUTED;
 
 class GuzzleHttpClient implements IHttpClient
@@ -37,6 +38,8 @@ public function sendRequest(RequestInterface $request): ResponseInterface
 		$request = $request->withoutHeader('timeout')
 			->withoutHeader('connect_timeout')
 			->withoutHeader('verify')
+			->withoutHeader('cert')
+			->withoutHeader('ssl_key')
 			->withHeader('Accept-Encoding', 'gzip');
 
 		try {
@@ -105,6 +108,15 @@ private function processOptions(RequestInterface $request): array
 			$options['verify'] = false;
 		}
 
+		var_dump($request->getHeaderLine('cert'));
+		if ($request->hasHeader('cert')) {
+			$options['cert'] = $request->getHeaderLine('cert');
+		}
+
+		if ($request->hasHeader('ssl_key')) {
+			$options['ssl_key'] = $request->getHeaderLine('ssl_key');
+		}
+
 		return $options;
 	}
 

src/Fapi/HttpClient/HttpRequest.php

@@ -9,11 +9,14 @@
 use Psr\Http\Message\UriInterface;
 use function base64_encode;
 use function count;
+use function file_exists;
 use function http_build_query;
 use function is_array;
 use function is_bool;
 use function is_int;
 use function is_string;
+use function json_encode;
+use function var_dump;
 
 class HttpRequest extends Request
 {
@@ -106,6 +109,18 @@ private static function preProcessHeaders(array $options, &$body): array
 			$data['verify'] = (bool) $value;
 		}
 
+		if (isset($options['cert'])) {
+			$value = $options['cert'];
+			static::validateCertOption($value);
+			$data['cert'] = $value;
+		}
+
+		if (isset($options['ssl_key'])) {
+			$value = $options['ssl_key'];
+			static::validateSslKeyOption($value);
+			$data['ssl_key'] = $value;
+		}
+
 		return $data;
 	}
 
@@ -223,4 +238,76 @@ private static function validateVerify($verify): void
 		}
 	}
 
+	/**
+	 * @param mixed $value
+	 */
+	private static function validateCertOption($value): void
+	{
+		if (!is_string($value) && !is_array($value)) {
+			throw new InvalidArgumentException('Option cert must be a string.');
+		}
+
+		if (is_array($value)) {
+			if (!isset($value[0]) || !isset($value[1])) {
+				throw new InvalidArgumentException(
+					'Option cert must be an array of two elements (cert and key). Provided array: ' . json_encode(
+						$value
+					)
+				);
+			}
+
+			if (!is_string($value[0]) || !is_string($value[1])) {
+				throw new InvalidArgumentException(
+					'Option cert must be an array of two strings (cert and key). Provided array: ' . json_encode($value)
+				);
+			}
+
+			$file = $value[0];
+		} else {
+			$file = $value;
+		}
+
+		var_dump(file_exists($file));
+
+		if (!file_exists($file)) {
+			throw new InvalidArgumentException('Option cert file not found. Provided file: ' . $file);
+		}
+	}
+
+	/**
+	 * @param mixed $value
+	 */
+	private static function validateSslKeyOption($value): void
+	{
+		if (!is_string($value) && !is_array($value)) {
+			throw new InvalidArgumentException('Option ssl_key must be a string.');
+		}
+
+		if (is_array($value)) {
+			if (!isset($value[0]) || !isset($value[1])) {
+				throw new InvalidArgumentException(
+					'Option ssl_key must be an array of two elements (key and password). Provided array: ' . json_encode(
+						$value
+					) . '.'
+				);
+			}
+
+			if (!is_string($value[0]) || !is_string($value[1])) {
+				throw new InvalidArgumentException(
+					'Option ssl_key must be an array of two strings (key and password). Provided array: ' . json_encode(
+						$value
+					) . '.'
+				);
+			}
+
+			$file = $value[0];
+		} else {
+			$file = $value;
+		}
+
+		if (!file_exists($file)) {
+			throw new InvalidArgumentException('Option ssl_key file not found. Provided file: ' . $file);
+		}
+	}
+
 }

tests/Fapi/HttpClientTests/HttpRequestTest.phpt

@@ -106,6 +106,16 @@ final class HttpRequestTest extends TestCase
 					'connect_timeout' => 5,
 				],
 			],
+			[
+				'headers' => [
+					'cert' => __DIR__ . '/certs/private-key.key',
+				],
+			],
+			[
+				'headers' => [
+					'ssl_key' => __DIR__ . '/certs/public-key.pem',
+				],
+			],
 		];
 	}
 
@@ -175,6 +185,36 @@ final class HttpRequestTest extends TestCase
 					'connect_timeout' => 5.0,
 				],
 			],
+			[
+				'headers' => [
+					'cert' => 5,
+				],
+			],
+			[
+				'headers' => [
+					'ssl_key' => 5,
+				],
+			],
+			[
+				'headers' => [
+					'cert' => [1],
+				],
+			],
+			[
+				'headers' => [
+					'ssl_key' => [1],
+				],
+			],
+			[
+				'headers' => [
+					'cert' => [1, 1],
+				],
+			],
+			[
+				'headers' => [
+					'ssl_key' => [1, 1],
+				],
+			],
 		];
 	}
 

tests/Fapi/HttpClientTests/certs/private-key.key

@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDcr/oxgV074ETd
+DkP/0l8LFnRofru+m2wNNG/ttVCioTqwnvR4oYxwq3U9qIBsT0D+Rx/Ef7qcpzqf
+/w9xt6Hosdv6I5jMHGaVQqLiPuV26/a7WvcmU+PpYuEBmbBHjGVJRBwgPtlUW1VL
+M8Pht9YiaagEKvFa6SUidZLfPv+ECohqgH4mgMrEcG/BTnry0/5xQdadRC9o25cl
+NtZIesS5GPeelhggFTkbh/FaxvMXhIAaRXT61cnxgxtfM71h5ObX5Lwle9z5a+Tw
+xgQhSQq1jbHALYvTwsc4Q/NQGXpGNWy599sb7dg5AkPFSSF4ceXBo/2jOaZCqWrt
+FVONZ+blAgMBAAECggEBAJwQbrRXsaFIRiq1jez5znC+3m+PQCHZM55a+NR3pqB7
+uE9y+ZvdUr3S4sRJxxfRLDsl/Rcu5L8nm9PNwhQ/MmamcNQCHGoro3fmed3ZcNia
+og94ktMt/DztygUhtIHEjVQ0sFc1WufG9xiJcPrM0MfhRAo+fBQ4UCSAVO8/U98B
+a4yukrPNeEA03hyjLB9W41pNQfyOtAHqzwDg9Q5XVaGMCLZT1bjCIquUcht5iMva
+tiw3cwdiYIklLTzTCsPPK9A/AlWZyUXL8KxtN0mU0kkwlXqASoXZ2nqdkhjRye/V
+3JXOmlDtDaJCqWDpH2gHLxMCl7OjfPvuD66bAT3H63kCgYEA5zxW/l6oI3gwYW7+
+j6rEjA2n8LikVnyW2e/PZ7pxBH3iBFe2DHx/imeqd/0IzixcM1zZT/V+PTFPQizG
+lOU7stN6Zg/LuRdxneHPyLWCimJP7BBJCWyJkuxKy9psokyBhGSLR/phL3fP7UkB
+o2I3vGmTFu5A0FzXcNH/cXPMdy8CgYEA9FJw3kyzXlInhJ6Cd63mckLPLYDArUsm
+THBoeH2CVTBS5g0bCbl7N1ZxUoYwZPD4lg5V0nWhZALGf+85ULSjX03PMf1cc6WW
+EIbZIo9hX+mGRa/FudDd+TlbtBnn0jucwABuLQi9mIepE55Hu9tw5/FT3cHeZVQc
+cC0T6ulVvisCgYBCzFeFG+sOdAXl356B+h7VJozBKVWv9kXNp00O9fj4BzVnc78P
+VFezr8a66snEZWQtIkFUq+JP4xK2VyD2mlHoktbk7OM5EOCtbzILFQQk3cmgtAOl
+SUlkvAXPZcXEDL3NdQ4XOOkiQUY7kb97Z0AamZT4JtNqXaeO29si9wS12QKBgHYg
+Hd3864Qg6GZgVOgUNiTsVErFw2KFwQCYIIqQ9CDH+myrzXTILuC0dJnXszI6p5W1
+XJ0irmMyTFKykN2KWKrNbe3Xd4mad5GKARWKiSPcPkUXFNwgNhI3PzU2iTTGCaVz
+D9HKNhC3FnIbxsb29AHQViITh7kqD43U3ZpoMkJ9AoGAZ+sg+CPfuo3ZMpbcdb3B
+ZX2UhAvNKxgHvNnHOjO+pvaM7HiH+BT0650brfBWQ0nTG1dt18mCevVk1UM/5hO9
+AtZw06vCLOJ3p3qpgkSlRZ1H7VokG9M8Od0zXqtJrmeLeBq7dfuDisYOuA+NUEbJ
+UM/UHByieS6ywetruz0LpM0=
+-----END RSA PRIVATE KEY-----

tests/Fapi/HttpClientTests/certs/public-key.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSTCCAzGgAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC
+Q1oxDjAMBgNVBAcTBUN6ZWNoMRMwEQYDVQQKEwpFcnN0ZUdyb3VwMRUwEwYDVQQL
+EwxFcnN0ZUh1YlRlYW0xETAPBgNVBAMTCEVyc3RlSHViMSIwIAYJKoZIhvcNAQkB
+FhNpbmZvQGVyc3RlZ3JvdXAuY29tMB4XDTIyMTIxNDA4MDc1N1oXDTI2MDMxNDA4
+MDc1N1owUjEaMBgGA1UEYRMRUFNEQ1otQ05CLTEyMzQ1NjcxCzAJBgNVBAYTAkNa
+MRYwFAYDVQQDEw1UUFAgVGVzdCBRV0FDMQ8wDQYDVQQKEwZNeSBUUFAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcr/oxgV074ETdDkP/0l8LFnRofru+
+m2wNNG/ttVCioTqwnvR4oYxwq3U9qIBsT0D+Rx/Ef7qcpzqf/w9xt6Hosdv6I5jM
+HGaVQqLiPuV26/a7WvcmU+PpYuEBmbBHjGVJRBwgPtlUW1VLM8Pht9YiaagEKvFa
+6SUidZLfPv+ECohqgH4mgMrEcG/BTnry0/5xQdadRC9o25clNtZIesS5GPeelhgg
+FTkbh/FaxvMXhIAaRXT61cnxgxtfM71h5ObX5Lwle9z5a+TwxgQhSQq1jbHALYvT
+wsc4Q/NQGXpGNWy599sb7dg5AkPFSSF4ceXBo/2jOaZCqWrtFVONZ+blAgMBAAGj
+gfcwgfQwCwYDVR0PBAQDAgHGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjCBrwYIKwYBBQUHAQMEgaIwgZ8wCAYGBACORgEBMAsGBgQAjkYBAwIBFDAIBgYE
+AI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgMwZwYGBACBmCcCMF0wTDARBgcEAIGY
+JwEBDAZQU1BfQVMwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9B
+STARBgcEAIGYJwEEDAZQU1BfSUMMBUVyc3RlDAZBVC1FUlMwFAYDVR0RBA0wC4IJ
+bXl0cHAuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBlTMPSwz46GMRBEPcy+25gV7xE
+5aFS5N6sf3YQyFelRJgPxxPxTHo55WelcK4XmXRQKeQ4VoKf4FgP0Cj74+p0N0gw
+wFJDWPGXH3SdjAXPRtG+FOiHwUSoyrmvbL4kk6Vbrd4cF+qe0BlzHzJ2Q6vFLwsk
+NYvWzkY9YjoItB38nAnQhyYgl1yHUK/uDWyrwHVfZn1AeTws/hr/KufORuiQfaTU
+kvAH1nzi7WSJ6AIQCd2exUEPx/O14Y+oCoJhTVd+RpA/9lkcqebceBijj47b2bvv
+QbjymvyTXqHd3L224Y7zVmh95g+CaJ8PRpApdrImfjfDDRy8PaFWx2pd/v0UQgrQ
+lgbO6jE7ah/tS0T5q5JtwnLAiOOqHPaKRvo5WB65jcZ2fvOH/0/oZ89noxp1Ihus
+vvsjqc9k2h9Rvt2pEjVU40HtQZ6XCmWqgFwK3n9CHrKNV/GqgANIZRNcvXKMCUoB
+VoJORVwi2DF4caKSFmyEWuK+5FyCEILtQ60SY/NHVGsUeOuN7OTjZjECARO6p4hz
+Uw+GCIXrzmIjS6ydh/LRef+NK28+xTbjmLHu/wnHg9rrHEnTPd39is+byfS7eeLV
+Dld/0Xrv88C0wxz63dcwAceiahjyz2mbQm765tOf9rK7EqsvT5M8EXFJ3dP4zwqS
+6mNFoIa0XGbAUT3E1w==
+-----END CERTIFICATE-----