|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the GestPayWS library. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Manuel Dalla Lana <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the MIT license that is bundled |
|
9
|
|
|
* with this source code in the file LICENSE. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace EndelWar\GestPayWS; |
|
13
|
|
|
|
|
14
|
|
|
class WSCryptDecryptSoapClient |
|
15
|
|
|
{ |
|
16
|
|
|
protected $wsdlUrl = array( |
|
17
|
|
|
'test' => 'https://testecomm.sella.it/gestpay/GestPayWS/WsCryptDecrypt.asmx?wsdl', |
|
18
|
|
|
'production' => 'https://ecomms2s.sella.it/gestpay/GestPayWS/WsCryptDecrypt.asmx?wsdl', |
|
19
|
|
|
); |
|
20
|
|
|
public $wsdlEnvironment; |
|
21
|
|
|
protected $streamContextOption = array(); |
|
22
|
|
|
protected $certificatePeerName = array( |
|
23
|
|
|
'test' => 'testecomm.sella.it', |
|
24
|
|
|
'production' => 'ecomms2s.sella.it', |
|
25
|
|
|
); |
|
26
|
|
|
protected $soapClient; |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* WSCryptDecryptSoapClient constructor. |
|
30
|
|
|
* @param bool|false $testEnv enable the test environment |
|
31
|
|
|
* @param null $caFile path to Certification Authority bundle file |
|
32
|
|
|
*/ |
|
33
|
4 |
|
public function __construct($testEnv = false, $caFile = null) |
|
34
|
|
|
{ |
|
35
|
|
|
$soapClientDefaultOption = array( |
|
36
|
4 |
|
'user_agent' => 'EndelWar-GestPayWS/1.3 (+https://github.com/endelwar/GestPayWS)', |
|
37
|
4 |
|
'stream_context' => $this->getStreamContext($testEnv, $caFile), |
|
38
|
4 |
|
'connection_timeout' => 3000, |
|
39
|
4 |
|
); |
|
40
|
4 |
|
if ($testEnv) { |
|
41
|
4 |
|
$soapClientEnvironmentOption = $this->setTestEnvironment(); |
|
42
|
4 |
|
} else { |
|
43
|
4 |
|
$soapClientEnvironmentOption = $this->setProductionEnvironment(); |
|
44
|
|
|
} |
|
45
|
4 |
|
$soapClientOption = array_merge($soapClientDefaultOption, $soapClientEnvironmentOption); |
|
46
|
4 |
|
$this->soapClient = new \soapClient($this->wsdlUrl[$this->wsdlEnvironment], $soapClientOption); |
|
47
|
4 |
|
} |
|
48
|
|
|
|
|
49
|
|
|
/** |
|
50
|
|
|
* @return array |
|
51
|
|
|
*/ |
|
52
|
4 |
|
private function setTestEnvironment() |
|
53
|
|
|
{ |
|
54
|
4 |
|
$this->wsdlEnvironment = 'test'; |
|
55
|
|
|
$soapClientTestOption = array( |
|
56
|
4 |
|
'trace' => true, |
|
57
|
4 |
|
'cache_wsdl' => WSDL_CACHE_NONE, |
|
58
|
4 |
|
); |
|
59
|
|
|
|
|
60
|
4 |
|
return $soapClientTestOption; |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* @return array |
|
65
|
|
|
*/ |
|
66
|
4 |
|
private function setProductionEnvironment() |
|
67
|
|
|
{ |
|
68
|
4 |
|
$this->wsdlEnvironment = 'production'; |
|
69
|
|
|
|
|
70
|
4 |
|
return array(); |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* @param bool $testEnv |
|
75
|
|
|
* @param string $caFile |
|
|
|
|
|
|
76
|
|
|
* @return resource |
|
77
|
|
|
*/ |
|
78
|
4 |
|
private function getStreamContext($testEnv = false, $caFile = null) |
|
79
|
|
|
{ |
|
80
|
4 |
|
if ($testEnv) { |
|
81
|
4 |
|
$host = $this->certificatePeerName['test']; |
|
82
|
4 |
|
} else { |
|
83
|
4 |
|
$host = $this->certificatePeerName['production']; |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
4 |
|
$this->streamContextOption['ssl']['crypto_method'] = STREAM_CRYPTO_METHOD_TLS_CLIENT; |
|
87
|
4 |
|
$this->streamContextOption['ssl']['verify_peer'] = true; |
|
88
|
4 |
|
$this->streamContextOption['ssl']['SNI_enabled'] = true; |
|
89
|
|
|
|
|
90
|
|
|
// Disable TLS compression to prevent CRIME attacks where supported (PHP 5.4.13 or later). |
|
91
|
4 |
|
if (PHP_VERSION_ID >= 50413) { |
|
92
|
4 |
|
$this->streamContextOption['ssl']['disable_compression'] = true; |
|
93
|
4 |
|
} |
|
94
|
|
|
|
|
95
|
4 |
|
if (PHP_VERSION_ID < 50600) { |
|
96
|
|
|
//CN_match was deprecated in favour of peer_name in PHP 5.6 |
|
97
|
|
|
$this->streamContextOption['ssl']['CN_match'] = $host; |
|
98
|
|
|
$this->streamContextOption['ssl']['SNI_server_name'] = $host; |
|
99
|
|
|
// PHP 5.6 or greater will find the system cert by default. When < 5.6, use the system ca-certificates. |
|
100
|
|
|
if (is_null($caFile)) { |
|
101
|
|
|
$this->streamContextOption['ssl']['cafile'] = $this->getDefaultCABundle(); |
|
102
|
|
|
} else { |
|
103
|
|
|
$this->streamContextOption['ssl']['cafile'] = $caFile; |
|
104
|
|
|
} |
|
105
|
|
|
} else { |
|
106
|
4 |
|
$this->streamContextOption['ssl']['peer_name'] = $host; |
|
107
|
4 |
|
$this->streamContextOption['ssl']['verify_peer_name'] = true; |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
4 |
|
return stream_context_create($this->streamContextOption); |
|
111
|
|
|
} |
|
112
|
|
|
|
|
113
|
|
|
/** |
|
114
|
|
|
* @return \soapClient |
|
115
|
|
|
*/ |
|
116
|
3 |
|
public function getSoapClient() |
|
117
|
|
|
{ |
|
118
|
3 |
|
return $this->soapClient; |
|
119
|
|
|
} |
|
120
|
|
|
|
|
121
|
|
|
/** |
|
122
|
|
|
* Returns the default cacert bundle for the current system. |
|
123
|
|
|
* |
|
124
|
|
|
* First, the openssl.cafile and curl.cainfo php.ini settings are checked. |
|
125
|
|
|
* If those settings are not configured, then the common locations for |
|
126
|
|
|
* bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X |
|
127
|
|
|
* and Windows are checked. If any of these file locations are found on |
|
128
|
|
|
* disk, they will be utilized. |
|
129
|
|
|
* |
|
130
|
|
|
* Note: the result of this function is cached for subsequent calls. |
|
131
|
|
|
* |
|
132
|
|
|
* @throws \RuntimeException if no bundle can be found. |
|
133
|
|
|
* @return string |
|
134
|
|
|
* |
|
135
|
|
|
* @link https://github.com/guzzle/guzzle/blob/6.1.0/src/functions.php#L143 |
|
136
|
|
|
*/ |
|
137
|
1 |
|
public function getDefaultCABundle() |
|
138
|
|
|
{ |
|
139
|
|
|
$cafiles = array( |
|
140
|
|
|
// Red Hat, CentOS, Fedora (provided by the ca-certificates package) |
|
141
|
1 |
|
'/etc/pki/tls/certs/ca-bundle.crt', |
|
142
|
|
|
// Ubuntu, Debian (provided by the ca-certificates package) |
|
143
|
1 |
|
'/etc/ssl/certs/ca-certificates.crt', |
|
144
|
|
|
// FreeBSD (provided by the ca_root_nss package) |
|
145
|
1 |
|
'/usr/local/share/certs/ca-root-nss.crt', |
|
146
|
|
|
// OS X provided by homebrew (using the default path) |
|
147
|
1 |
|
'/usr/local/etc/openssl/cert.pem', |
|
148
|
|
|
// Google app engine |
|
149
|
1 |
|
'/etc/ca-certificates.crt', |
|
150
|
|
|
// Windows? |
|
151
|
1 |
|
'C:\\windows\\system32\\curl-ca-bundle.crt', |
|
152
|
1 |
|
'C:\\windows\\curl-ca-bundle.crt', |
|
153
|
1 |
|
); |
|
154
|
|
|
|
|
155
|
1 |
|
if ($ca = ini_get('openssl.cafile')) { |
|
156
|
|
|
return $ca; |
|
157
|
|
|
} |
|
158
|
1 |
|
if ($ca = ini_get('curl.cainfo')) { |
|
159
|
|
|
return $ca; |
|
160
|
|
|
} |
|
161
|
1 |
|
foreach ($cafiles as $filename) { |
|
162
|
1 |
|
if (file_exists($filename)) { |
|
163
|
1 |
|
return $filename; |
|
164
|
|
|
} |
|
165
|
1 |
|
} |
|
166
|
|
|
throw new \RuntimeException(<<< EOT |
|
167
|
|
|
No system CA bundle could be found in any of the the common system locations. |
|
168
|
|
|
PHP versions earlier than 5.6 are not properly configured to use the system's |
|
169
|
|
|
CA bundle by default. Mozilla provides a commonly used CA bundle which can be |
|
170
|
|
|
downloaded here (provided by the maintainer of cURL): |
|
171
|
|
|
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once |
|
172
|
|
|
you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP |
|
173
|
|
|
ini setting to point to the path to the file. See http://curl.haxx.se/docs/sslcerts.html |
|
174
|
|
|
for more information. |
|
175
|
|
|
EOT |
|
176
|
|
|
); |
|
177
|
|
|
} |
|
178
|
|
|
} |
|
179
|
|
|
|
endelwar /
GestPayWS
Manuel Dalla Lana
This check looks for
@paramannotations where the type inferred by our type inference engine differs from the declared type.It makes a suggestion as to what type it considers more descriptive.
Most often this is a case of a parameter that can be null in addition to its declared types.