From e5faace341d4b204369252ba755a28c55f5dc190 Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Mon, 9 Apr 2018 13:13:41 -0400 Subject: [PATCH] Begin v2 fork. See #17 --- docs/features/LocalCACertBuilder.md | 4 ++-- docs/features/RemoteFetch.md | 12 ++++++------ src/Certainty.php | 8 +++----- src/Fetch.php | 11 ++++++----- test/BundleTest.php | 10 ++++++++-- test/CustomCASupportTest.php | 12 +++++++++++- test/FetchTest.php | 8 +++++++- 7 files changed, 43 insertions(+), 22 deletions(-) diff --git a/docs/features/LocalCACertBuilder.md b/docs/features/LocalCACertBuilder.md index e81f1f3..a9ec263 100644 --- a/docs/features/LocalCACertBuilder.md +++ b/docs/features/LocalCACertBuilder.md @@ -62,7 +62,7 @@ use ParagonIE\Certainty\LocalCACertBuilder; use ParagonIE\Certainty\RemoteFetch; use ParagonIE\ConstantTime\Hex; -$latest = (new RemoteFetch())->getLatestBundle(); +$latest = (new RemoteFetch('/path/to/certainty/data'))->getLatestBundle(); LocalCACertBuilder::fromBundle($latest) ->setSigningKey(Hex::decode('your hex-encoded secret key goes here')) @@ -90,7 +90,7 @@ use ParagonIE\Certainty\LocalCACertBuilder; use ParagonIE\Certainty\RemoteFetch; use ParagonIE\ConstantTime\Hex; -$latest = (new RemoteFetch())->getLatestBundle(); +$latest = (new RemoteFetch('/path/to/certainty/data'))->getLatestBundle(); /* This snippet is mostly identical from the previous one. */ LocalCACertBuilder::fromBundle($latest) diff --git a/docs/features/RemoteFetch.md b/docs/features/RemoteFetch.md index a4157aa..5258fec 100644 --- a/docs/features/RemoteFetch.md +++ b/docs/features/RemoteFetch.md @@ -12,7 +12,7 @@ Using the `RemoteFetch` class is rather straightforward. getLatestBundle(); $ch = curl_init(); @@ -28,7 +28,7 @@ curl_setopt($ch, CURLOPT_CAINFO, $latestCACertBundle->getFilePath()); use ParagonIE\Certainty\RemoteFetch; use GuzzleHttp\Client; -$fetcher = new RemoteFetch(); +$fetcher = new RemoteFetch('/path/to/certainty/data'); $latestCACertBundle = $fetcher->getLatestBundle(); $client = new Client(); @@ -43,7 +43,7 @@ $response = $client->request('POST', '/url', [ getLatestBundle(); $context = stream_context_create([ @@ -93,12 +93,12 @@ object has been created. use ParagonIE\Certainty\RemoteFetch; // Cleaner. -$fetcher = (new RemoteFetch()) +$fetcher = (new RemoteFetch('/path/to/certainty/data')) ->setCacheTimeout(new \DateInterval('PT06H')); // Alternatively, the constructor approach: $fetcher = new RemoteFetch( - '', // use the default save path + '/path/to/certainty/data', RemoteFetch::DEFAULT_URL, null, // automatically selects/configures Guzzle new \DateInterval('PT06H') // 6 hours @@ -117,7 +117,7 @@ Certainty supports this usage. getLatestBundle(); +$latest = (new RemoteFetch('/path/to/certainty/data'))->getLatestBundle(); $latest->createSymlink('/path/to/cacert.pem', true); ``` diff --git a/src/Certainty.php b/src/Certainty.php index 95ac35f..a027f76 100644 --- a/src/Certainty.php +++ b/src/Certainty.php @@ -25,12 +25,10 @@ class Certainty */ public static function getGuzzleClient(Fetch $fetch = null) { - if (\is_null($fetch)) { - $fetch = new Fetch(); + $options = []; + if (!\is_null($fetch)) { + $options['verify'] = $fetch->getLatestBundle()->getFilePath(); } - $options = [ - 'verify' => $fetch->getLatestBundle()->getFilePath() - ]; if (\defined('CURLOPT_SSLVERSION') && \defined('CURL_SSLVERSION_TLSv1_2') && \defined('CURL_SSLVERSION_TLSv1')) { // https://github.com/curl/curl/blob/6aa86c493bd77b70d1f5018e102bc3094290d588/include/curl/curl.h#L1927 diff --git a/src/Fetch.php b/src/Fetch.php index 048047a..8dcc4a2 100644 --- a/src/Fetch.php +++ b/src/Fetch.php @@ -25,14 +25,15 @@ class Fetch * You almost certainly want to use RemoteFetch instead. * * @param string $dataDir Where the certificates and configuration lives + * + * @throws FilesystemException */ - public function __construct($dataDir = '') + public function __construct($dataDir) { - if (!empty($dataDir) && \is_readable($dataDir)) { - $this->dataDirectory = $dataDir; - } else { - $this->dataDirectory = \dirname(__DIR__) . '/data'; + if (!\is_readable($dataDir)) { + throw new FilesystemException('Directory is not readable: ' . $dataDir); } + $this->dataDirectory = $dataDir; } /** diff --git a/test/BundleTest.php b/test/BundleTest.php index 852e243..ad6ed94 100644 --- a/test/BundleTest.php +++ b/test/BundleTest.php @@ -8,11 +8,17 @@ class BundleTest extends TestCase { + /** + * @var string + */ + protected $defaultDir; + /** @var string $link */ protected $link; public function setUp() { + $this->defaultDir = dirname(__DIR__) . '/data'; $this->link = __DIR__ . '/static/symlink-test'; } @@ -37,7 +43,7 @@ public function testCreateSymlink() return; } - $latest = (new Fetch())->getLatestBundle(); + $latest = (new Fetch($this->defaultDir))->getLatestBundle(); $latest->createSymlink($this->link, true); @@ -55,7 +61,7 @@ public function testCreateSymlink() */ public function testGetters() { - $latest = (new Fetch())->getLatestBundle(); + $latest = (new Fetch($this->defaultDir))->getLatestBundle(); $this->assertTrue(\is_string($latest->getFilePath())); $this->assertTrue(\is_string($latest->getSha256Sum())); $this->assertTrue(\is_string($latest->getSignature())); diff --git a/test/CustomCASupportTest.php b/test/CustomCASupportTest.php index 2a10a8e..b082df0 100644 --- a/test/CustomCASupportTest.php +++ b/test/CustomCASupportTest.php @@ -13,6 +13,16 @@ */ class CustomCASupportTest extends TestCase { + /** + * @var string + */ + protected $defaultDir; + + public function setUp() + { + $this->defaultDir = dirname(__DIR__) . '/data'; + } + public function tearDown() { \unlink(__DIR__ . '/static/combined.pem'); @@ -31,7 +41,7 @@ public function testCustom() $validator = new CustomValidator(); $validator::setPublicKey(Hex::encode($publicKey)); - $latest = (new Fetch())->getLatestBundle(); + $latest = (new Fetch($this->defaultDir))->getLatestBundle(); LocalCACertBuilder::fromBundle($latest) ->setCustomValidator(CustomValidator::class) ->setOutputPemFile(__DIR__ . '/static/combined.pem') diff --git a/test/FetchTest.php b/test/FetchTest.php index 9796c95..28e58f7 100644 --- a/test/FetchTest.php +++ b/test/FetchTest.php @@ -8,11 +8,17 @@ class FetchTest extends TestCase { + /** + * @var string + */ + protected $defaultDir; + /** @var string */ protected $root; public function setUp() { + $this->defaultDir = dirname(__DIR__) . '/data'; $this->root = __DIR__ . '/static/'; } @@ -66,7 +72,7 @@ public function testLiveDataDir() { $this->assertInstanceOf( Bundle::class, - (new Fetch())->getLatestBundle(), + (new Fetch($this->defaultDir))->getLatestBundle(), 'The live data directory has no valid signatures.' ); }