crm.fsf.org/20131203/files/sites/all/modules-new/civicrm/vendor/totten/ca-config/src/CA/Config/Curl.php

   1 <?php
   2
   3 /**
   4  * Auto-detect list of certificate-authorities for use by HTTPS clients.
   5  *
   6  * This is designed to provide sane defaults for typical one-way
   7  * authentication.
   8  */
   9 class CA_Config_Curl
  10 {
  11     static private $_singleton;
  12
  13     /**
  14      * Provide a singleton instance to simplify integration. If you prefer
  15      * to manage the lifecycle of the config object, then consider using
  16      * "probe()" or "new" instead.
  17      *
  18      * @return CA_Config_Curl
  19      */
  20     static public function singleton()
  21     {
  22         if (! self::$_singleton) {
  23             global $CA_CONFIG;
  24             self::$_singleton = self::probe($CA_CONFIG ? $CA_CONFIG : array());
  25         }
  26         return self::$_singleton;
  27     }
  28
  29     /**
  30      * Factory fuction which produces a configuration based on a policy and based
  31      * on local system resources.
  32      *
  33      * @param $policy array:
  34      *  - enable_ssl: bool; default: TRUE
  35      *  - verify_peer: bool; default: TRUE
  36      *  - cafile: string, path to aggregated PEM; overrides any system defaults
  37      *  - fallback_cafile: string, path to aggregated PEM; used on systems which lack default; set FALSE to disable
  38      *  - fallback_ttl: int, seconds, the max age of the fallback cafile before it's regarded as stale; default: 5 years
  39      * @return CA_Config_Curl
  40      */
  41     static public function probe($policy = array())
  42     {
  43         if (isset($policy['enable_ssl']) && $policy['enable_ssl'] === FALSE) {
  44             return new CA_Config_Curl(FALSE, FALSE, NULL);
  45         }
  46         $version = curl_version();
  47         if (!in_array('https', $version['protocols'])) {
  48             return new CA_Config_Curl(FALSE, FALSE, NULL);
  49         }
  50         if (isset($policy['verify_peer']) && $policy['verify_peer'] === FALSE) {
  51             return new CA_Config_Curl(TRUE, FALSE, NULL);
  52         }
  53         if (isset($policy['cafile'])) {
  54             if (file_exists($policy['cafile']) && is_readable($policy['cafile'])) {
  55                 return new CA_Config_Curl(TRUE, TRUE, $policy['cafile']);
  56             } else {
  57                 throw new Exception("Certificate Authority file is missing. Please contact the system administrator. See also: " . $policy['cafile']);
  58             }
  59         }
  60
  61         if (!isset($policy['fallback_ttl'])) {
  62             $policy['fallback_ttl'] = 5 * 364 * 24 * 60 * 60;
  63         }
  64         if (!isset($policy['fallback_cafile'])) {
  65             $policy['fallback_cafile'] = dirname(__FILE__) . '/cacert.pem';
  66         }
  67         // can't directly detect if system has CA pre-configured; use heuristic based on OS
  68         if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
  69             // PHP probably doesn't have a default cafile
  70             if (empty($policy['fallback_cafile']) || !file_exists($policy['fallback_cafile'])) {
  71                 throw new Exception("Certificate Authority file is required on Windows. Please contact the system administrator.");
  72             } elseif (time() > filemtime($policy['fallback_cafile']) + $policy['fallback_ttl']) {
  73                 throw new Exception("Certificate Authority file is too old. Please contact the system administrator. See also: " . $policy['fallback_cafile']);
  74             } else {
  75                 return new CA_Config_Curl(TRUE, TRUE, $policy['fallback_cafile']);
  76             }
  77         } else {
  78             // Most PHP builds include a built-in reference to a CA list
  79             return new CA_Config_Curl(TRUE, TRUE, NULL);
  80         }
  81     }
  82
  83     public function __construct($enableSSL, $verifyPeer, $caFile)
  84     {
  85         $this->enableSSL = $enableSSL;
  86         $this->verifyPeer = $verifyPeer;
  87         $this->caFile = $caFile;
  88     }
  89
  90     /**
  91      * Whether SSL is supported at all
  92      *
  93      * @return bool
  94      */
  95     public function isEnableSSL()
  96     {
  97         return $this->enableSSL;
  98     }
  99
 100     /**
 101      * Whether server certifiates should be verified
 102      *
 103      * @return bool
 104      */
 105     public function isVerifyPeer()
 106     {
 107         return $this->verifyPeer;
 108     }
 109
 110     /**
 111      * Path to a CA file (if available/applicable)
 112      *
 113      * @return string
 114      */
 115     public function getCaFile()
 116     {
 117         return $this->caFile;
 118     }
 119
 120     /**
 121      * Format the CA config in a manner appropriate to curl_setopt_array()
 122      *
 123      * @return array
 124      */
 125     public function toCurlOptions()
 126     {
 127         $options = array();
 128         $options[CURLOPT_SSL_VERIFYPEER] = $this->verifyPeer;
 129         $options[CURLOPT_SSL_VERIFYHOST] = $this->verifyPeer ? 2 : 0;
 130         if ($this->caFile) {
 131             $options[CURLOPT_CAINFO] = $this->caFile;
 132         } // else: system default
 133         return $options;
 134     }
 135 }