Merge pull request #184 from razvanphp/master

edamov · web-flow · commit f404cbcb5479 · 2025-04-24T23:54:55.000+03:00
Add support for DER and P12 certificates
diff --git a/README.md b/README.md
@@ -110,7 +110,7 @@ foreach ($responses as $response) {
 }
 ```
 
-Using Certificate (.pem). Only the initilization differs from JWT code (above). Remember to include the rest of the code by yourself.
+Using Certificate (.pem or .p12). Only the initilization differs from JWT code (above). Remember to include the rest of the code by yourself.
 
 ``` php
 <?php
diff --git a/src/AuthProvider/Certificate.php b/src/AuthProvider/Certificate.php
@@ -76,6 +76,16 @@ public static function create(array $options): Certificate
      */
     public function authenticateClient(Request $request)
     {
+        # OpenSSL (versions 0.9.3 and later) also support "P12" for PKCS#12-encoded files.
+        # see https://curl.se/libcurl/c/CURLOPT_SSLCERTTYPE.html
+        $ext = pathinfo($this->certificatePath, \PATHINFO_EXTENSION);
+        if (preg_match('#^(der|p12)$#i', $ext)) {
+            $request->addOptions(
+                [
+                    CURLOPT_SSLCERTTYPE => strtoupper($ext)
+                ]
+            );
+        }
         $request->addOptions(
             [
                 CURLOPT_SSLCERT        => $this->certificatePath,
diff --git a/tests/AuthProvider/CertificateTest.php b/tests/AuthProvider/CertificateTest.php
@@ -39,6 +39,27 @@ public function testAuthenticatingClient()
         $this->assertSame($request->getOptions()[CURLOPT_SSLCERTPASSWD], $options['certificate_secret']);
     }
 
+    public function testAuthenticatingClientP12()
+    {
+        $certFile = tempnam(sys_get_temp_dir(), "mock_test_cert");
+        rename($certFile, $certFile .= '.p12');
+        try {
+            $options = [
+                'certificate_path' => $certFile,
+                'certificate_secret' => 'secret',
+                'app_bundle_id' => 'com.apple.test',
+            ];
+            $authProvider = Certificate::create($options);
+
+            $request = $this->createRequest();
+            $authProvider->authenticateClient($request);
+
+            $this->assertSame($request->getOptions()[CURLOPT_SSLCERTTYPE], 'P12');
+        } finally {
+            @\unlink($certFile);
+        }
+    }
+
     public function testVoipApnsTopic()
     {
         $options = $this->getOptions();

Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,7 @@ foreach ($responses as $response) {`
`110`	`110`	`}`
`111`	`111`	```
`112`	`112`
`113`		`-Using Certificate (.pem). Only the initilization differs from JWT code (above). Remember to include the rest of the code by yourself.`
	`113`	`+Using Certificate (.pem or .p12). Only the initilization differs from JWT code (above). Remember to include the rest of the code by yourself.`
`114`	`114`
`115`	`115`	``` php
`116`	`116`	`<?php`