Allow cacert.pem file to be specified for HTTP Requests

composer.json

@@ -16,6 +16,7 @@
         "symfony/cache": ">=4.0"
     },
     "require-dev": {
+        "paragonie/certainty": "^2|^3",
         "phpunit/phpunit": "*"
     },
     "autoload": {

src/ActivityPhp/Server/Configuration/HttpConfiguration.php

@@ -39,6 +39,11 @@ class HttpConfiguration extends AbstractConfiguration
      */
     protected $sleep = 5;
 
+    /**
+     * @var string File path for cacert.pem file for TLS validation
+     */
+    protected string $cacertPath = '';
+
     /**
      * Dispatch configuration parameters
      *

src/ActivityPhp/Server/Http/Request.php

@@ -69,18 +69,25 @@ class Request
      * @param float|int $timeout
      * @param string $agent
      */
-    public function __construct($timeout = 10.0, $agent = '')
+    public function __construct(float|int $timeout = 10.0, string $agent = '', string $cacertPath = '')
     {
         $headers = ['Accept' => self::HTTP_HEADER_ACCEPT];
 
         if ($agent) {
             $headers['User-Agent'] = $agent;
         }
 
-        $this->client = new Client([
+        $clientConfig = [
             'timeout' => $timeout,
             'headers' => $headers
-        ]);
+        ];
+        if (!empty($cacertPath)) {
+            if (!is_readable($cacertPath)) {
+                throw new Exception('Cannot read cacert file path: ' . $cacertPath);
+            }
+            $clientConfig['verify'] = $cacertPath;
+        }
+        $this->client = new Client($clientConfig);
     }
 
     /**

src/ActivityPhp/Server/Http/WebFingerFactory.php

@@ -70,7 +70,8 @@ public static function get(string $handle, string $scheme = 'https')
         $content = Util::decodeJson(
             (new Request(
                 self::$server->config('http.timeout'),
-                self::$server->config('http.agent')
+                self::$server->config('http.agent'),
+                self::$server->config('http.cacert') ?? ''
             ))->get($url)
         );
 

tests/ActivityPhp/Server/ServerHttpTest.php

@@ -3,6 +3,7 @@
 namespace ActivityPhpTest\Server;
 
 use ActivityPhp\Server;
+use ParagonIE\Certainty\RemoteFetch;
 use PHPUnit\Framework\TestCase;
 
 class ServerHttpTest extends TestCase
@@ -60,4 +61,21 @@ public function testUserAgentCustomization()
             "MyUserAgent"
         );
     }
+
+    public function testCaCert()
+    {
+        mkdir(__DIR__ . '/tmp');
+        $latestCaCert = (new RemoteFetch(__DIR__ . '/tmp'))
+            ->getLatestBundle(false, false)
+            ->getFilePath();
+        $server = new Server([
+            'http' => [
+                'cacert' => $latestCaCert
+            ]
+        ]);
+        $this->assertSame(
+            $latestCaCert,
+            $server->config('http.cacert')
+        );
+    }
 }