socket/src/TlsPeer.php at e0dcc1a1414282b8f9038b3881e7d8494cd0ba2c · reactphp/socket · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php

namespace React\Socket;

use InvalidArgumentException;

class TlsPeer
{
    /** @var resource of type OpenSSL X.509 */
    private $peerCertificate;

    /** @var resource[] of type OpenSSL X.509 */
    private $peerCertificateChain;

    public function __construct($peerCertificate = null, array $peerCertificateChain = null)
    {
        if ($peerCertificate !== null) {
            static::assertX509Resource($peerCertificate);
            $this->peerCertificate = $peerCertificate;
        }
        if ($peerCertificateChain !== null) {
            foreach ($peerCertificateChain as $resource) {
                static::assertX509Resource($resource);
            }
            $this->peerCertificateChain = $peerCertificateChain;
        }
    }

    public static function fromContextOptions($options)
    {
        if (isset($options['ssl']['peer_certificate'])) {
            $peerCertificate = $options['ssl']['peer_certificate'];
        } else {
            $peerCertificate = null;
        }
        if (isset($options['ssl']['peer_certificate_chain'])) {
            $peerCertificateChain = $options['ssl']['peer_certificate_chain'];
        } else {
            $peerCertificateChain = null;
        }

        return new static($peerCertificate, $peerCertificateChain);
    }

    protected static function assertX509Resource($resource)
    {
        if (! \is_resource($resource)) {
            throw new \InvalidArgumentException(\sprintf(
                'Resource expected, got "%s"',
                \gettype($resource)
            ));
        }
        if (\get_resource_type($resource) !== 'OpenSSL X.509') {
            throw new \InvalidArgumentException(\sprintf(
                'Resource of type "OpenSSL X.509" expected, got "%s"',
                \get_resource_type($resource)
            ));
        }
    }

    /**
     * @return bool
     */
    public function hasPeerCertificate()
    {
        return $this->peerCertificate !== null;
    }

    /**
     * @return null|resource (OpenSSL x509)
     */
    public function getPeerCertificate()
    {
        return $this->peerCertificate;
    }

    /**
     * @return bool
     */
    public function hasPeerCertificateChain()
    {
        return $this->peerCertificateChain !== null;
    }

    /**
     * @return null|array of OpenSSL x509 resources
     */
    public function getPeerCertificateChain()
    {
        return $this->peerCertificateChain;
    }

    protected function free()
    {
        if ($this->peerCertificate) {
            \openssl_x509_free($this->peerCertificate);
            $this->peerCertificate = null;
        }
        if (\is_array($this->peerCertificateChain)) {
            foreach ($this->peerCertificateChain as $cert) {
                \openssl_x509_free($cert);
            }
            $this->peerCertificateChain = null;
        }
    }

    public function __destruct()
    {
        $this->free();
    }
}