setup connection reopening when ssl configuration differs

Signed-off-by: ghlen <[email protected]>

Author: transistive

src/Bolt/BoltConnectionPool.php

@@ -25,6 +25,7 @@
 use Laudis\Neo4j\Contracts\ConnectionInterface;
 use Laudis\Neo4j\Contracts\ConnectionPoolInterface;
 use Laudis\Neo4j\Databags\DatabaseInfo;
+use Laudis\Neo4j\Databags\DriverConfiguration;
 use Laudis\Neo4j\Databags\SessionConfiguration;
 use Laudis\Neo4j\Enum\ConnectionProtocol;
 use Laudis\Neo4j\Neo4j\RoutingTable;
@@ -39,8 +40,14 @@
  */
 final class BoltConnectionPool implements ConnectionPoolInterface
 {
-    /** @var array<string, list<ConnectionInterface<Bolt>>> */
+    /** @var array<string, list<BoltConnection>> */
     private static array $connectionCache = [];
+    private DriverConfiguration $driverConfig;
+
+    public function __construct(DriverConfiguration $driverConfig)
+    {
+        $this->driverConfig = $driverConfig;
+    }
 
     /**
      * @throws Exception
@@ -60,8 +67,20 @@ public function acquire(
             self::$connectionCache[$key] = [];
         }
 
-        foreach (self::$connectionCache[$key] as $connection) {
+        foreach (self::$connectionCache[$key] as $i => $connection) {
             if (!$connection->isOpen()) {
+                $sslConfig = $connection->getDriverConfiguration()->getSslConfiguration();
+                $newSslConfig = $this->driverConfig->getSslConfiguration();
+                if ($sslConfig->getMode() !== $newSslConfig->getMode() ||
+                    $sslConfig->isVerifyPeer() === $newSslConfig->isVerifyPeer()
+                ) {
+                    $connection = $this->openConnection($connectingTo, $socketTimeout, $uri, $table, $authenticate, $userAgent, $config);
+
+                    /** @psalm-suppress PropertyTypeCoercion */
+                    self::$connectionCache[$key][$i] = $connection;
+
+                    return $connection;
+                }
                 $connection->open();
 
                 $authenticate->authenticateBolt($connection->getImplementation(), $connectingTo, $userAgent);
@@ -70,52 +89,7 @@ public function acquire(
             }
         }
 
-        $socket = new StreamSocket($connectingTo->getHost(), $connectingTo->getPort() ?? 7687, $socketTimeout);
-
-        $this->configureSsl($uri, $connectingTo, $socket, $table);
-
-        $bolt = new Bolt($socket);
-        $authenticate->authenticateBolt($bolt, $connectingTo, $userAgent);
-
-        // We create a weak reference to optimise the socket usage. This way the connection can reuse the bolt variable
-        // the first time it tries to connect. Only when this function is finished and the returned connection is closed
-        // will the reference return null, prompting the need to reopen and recreate the bolt object on the same socket.
-        $originalBolt = WeakReference::create($bolt);
-
-        /**
-         * @var array{'name': 0, 'version': 1, 'edition': 2}
-         * @psalm-suppress all
-         */
-        $fields = array_flip($bolt->run(<<<'CYPHER'
-CALL dbms.components()
-YIELD name, versions, edition
-UNWIND versions AS version
-RETURN name, version, edition
-CYPHER
-        )['fields']);
-
-        /** @var array{0: array{0: string, 1: string, 2: string}} $results */
-        $results = $bolt->pullAll();
-
-        $connection = new BoltConnection(
-            $results[0][$fields['name']].'-'.$results[0][$fields['edition']].'/'.$results[0][$fields['version']],
-            $connectingTo,
-            $results[0][$fields['version']],
-            ConnectionProtocol::determineBoltVersion($bolt),
-            $config->getAccessMode(),
-            new DatabaseInfo($config->getDatabase()),
-            static function () use ($socket, $authenticate, $connectingTo, $userAgent, $originalBolt) {
-                $bolt = $originalBolt->get();
-                if ($bolt === null) {
-                    $bolt = new Bolt($socket);
-                    $authenticate->authenticateBolt($bolt, $connectingTo, $userAgent);
-                }
-
-                return $bolt;
-            }
-        );
-
-        $connection->open();
+        $connection = $this->openConnection($connectingTo, $socketTimeout, $uri, $table, $authenticate, $userAgent, $config);
 
         self::$connectionCache[$key][] = $connection;
 
@@ -174,4 +148,64 @@ public function canConnect(UriInterface $uri, AuthenticateInterface $authenticat
 
         return true;
     }
+
+    private function openConnection(
+        UriInterface $connectingTo,
+        float $socketTimeout,
+        UriInterface $uri,
+        ?RoutingTable $table,
+        AuthenticateInterface $authenticate,
+        string $userAgent,
+        SessionConfiguration $config
+    ): BoltConnection {
+        $socket = new StreamSocket($connectingTo->getHost(), $connectingTo->getPort() ?? 7687, $socketTimeout);
+
+        $this->configureSsl($uri, $connectingTo, $socket, $table);
+
+        $bolt = new Bolt($socket);
+        $authenticate->authenticateBolt($bolt, $connectingTo, $userAgent);
+
+        // We create a weak reference to optimise the socket usage. This way the connection can reuse the bolt variable
+        // the first time it tries to connect. Only when this function is finished and the returned connection is closed
+        // will the reference return null, prompting the need to reopen and recreate the bolt object on the same socket.
+        $originalBolt = WeakReference::create($bolt);
+
+        /**
+         * @var array{'name': 0, 'version': 1, 'edition': 2}
+         * @psalm-suppress all
+         */
+        $fields = array_flip($bolt->run(<<<'CYPHER'
+CALL dbms.components()
+YIELD name, versions, edition
+UNWIND versions AS version
+RETURN name, version, edition
+CYPHER
+        )['fields']);
+
+        /** @var array{0: array{0: string, 1: string, 2: string}} $results */
+        $results = $bolt->pullAll();
+
+        $connection = new BoltConnection(
+            $results[0][$fields['name']].'-'.$results[0][$fields['edition']].'/'.$results[0][$fields['version']],
+            $connectingTo,
+            $results[0][$fields['version']],
+            ConnectionProtocol::determineBoltVersion($bolt),
+            $config->getAccessMode(),
+            new DatabaseInfo($config->getDatabase()),
+            $this->driverConfig,
+            static function () use ($socket, $authenticate, $connectingTo, $userAgent, $originalBolt) {
+                $bolt = $originalBolt->get();
+                if ($bolt === null) {
+                    $bolt = new Bolt($socket);
+                    $authenticate->authenticateBolt($bolt, $connectingTo, $userAgent);
+                }
+
+                return $bolt;
+            }
+        );
+
+        $connection->open();
+
+        return $connection;
+    }
 }

src/Common/BoltConnection.php

@@ -17,6 +17,7 @@
 use function call_user_func;
 use Laudis\Neo4j\Contracts\ConnectionInterface;
 use Laudis\Neo4j\Databags\DatabaseInfo;
+use Laudis\Neo4j\Databags\DriverConfiguration;
 use Laudis\Neo4j\Enum\AccessMode;
 use Laudis\Neo4j\Enum\ConnectionProtocol;
 use Psr\Http\Message\UriInterface;
@@ -45,6 +46,8 @@ final class BoltConnection implements ConnectionInterface
      * @psalm-readonly
      */
     private $connector;
+    /** @psalm-readonly */
+    private DriverConfiguration $driverConfiguration;
 
     /**
      * @psalm-mutation-free
@@ -58,6 +61,7 @@ public function __construct(
         ConnectionProtocol $protocol,
         AccessMode $accessMode,
         DatabaseInfo $databaseInfo,
+        DriverConfiguration $config,
         $connector
     ) {
         $this->serverAgent = $serverAgent;
@@ -67,6 +71,7 @@ public function __construct(
         $this->accessMode = $accessMode;
         $this->databaseInfo = $databaseInfo;
         $this->connector = $connector;
+        $this->driverConfiguration = $config;
     }
 
     /**
@@ -148,4 +153,12 @@ public function close(): void
     {
         $this->bolt = null;
     }
+
+    /**
+     * @psalm-mutation-free
+     */
+    public function getDriverConfiguration(): DriverConfiguration
+    {
+        return $this->driverConfiguration;
+    }
 }