setup ssl configurator

transistive · transistive · commit b6627a9d6899 · 2022-01-14T14:51:15.000+01:00
diff --git a/src/Bolt/BoltConnectionPool.php b/src/Bolt/BoltConnectionPool.php
@@ -17,9 +17,6 @@
 use Bolt\Bolt;
 use Bolt\connection\StreamSocket;
 use Exception;
-use function explode;
-use const FILTER_VALIDATE_IP;
-use function filter_var;
 use Laudis\Neo4j\Common\BoltConnection;
 use Laudis\Neo4j\Contracts\AuthenticateInterface;
 use Laudis\Neo4j\Contracts\ConnectionInterface;
@@ -28,7 +25,6 @@
 use Laudis\Neo4j\Databags\DriverConfiguration;
 use Laudis\Neo4j\Databags\SessionConfiguration;
 use Laudis\Neo4j\Enum\ConnectionProtocol;
-use Laudis\Neo4j\Enum\SslMode;
 use Laudis\Neo4j\Neo4j\RoutingTable;
 use Psr\Http\Message\UriInterface;
 use Throwable;
@@ -44,13 +40,15 @@ final class BoltConnectionPool implements ConnectionPoolInterface
     /** @var array<string, list<BoltConnection>> */
     private static array $connectionCache = [];
     private DriverConfiguration $driverConfig;
+    private SslConfigurator $sslConfigurator;
 
     /**
      * @psalm-external-mutation-free
      */
-    public function __construct(DriverConfiguration $driverConfig)
+    public function __construct(DriverConfiguration $driverConfig, SslConfigurator $sslConfigurator)
     {
         $this->driverConfig = $driverConfig;
+        $this->sslConfigurator = $sslConfigurator;
     }
 
     /**
@@ -100,56 +98,12 @@ public function acquire(
         return $connection;
     }
 
-    private function configureSsl(UriInterface $uri, UriInterface $server, StreamSocket $socket, ?RoutingTable $table): void
-    {
-        $sslMode = $this->driverConfig->getSslConfiguration()->getMode();
-        $sslConfig = '';
-        if ($sslMode === SslMode::FROM_URL()) {
-            $scheme = $uri->getScheme();
-            $explosion = explode('+', $scheme, 2);
-            $sslConfig = $explosion[1] ?? '';
-        } elseif ($sslMode === SslMode::ENABLE()) {
-            $sslConfig = 's';
-        } elseif ($sslMode === SslMode::ENABLE_WITH_SELF_SIGNED()) {
-            $sslConfig = 'ssc';
-        }
-
-        if (str_starts_with($sslConfig, 's')) {
-            // We have to pass a different host when working with ssl on aura.
-            // There is a strange behaviour where if we pass the uri host on a single
-            // instance aura deployment, we need to pass the original uri for the
-            // ssl configuration to be valid.
-            if ($table && count($table->getWithRole()) > 1) {
-                $this->enableSsl($server->getHost(), $sslConfig, $socket);
-            } else {
-                $this->enableSsl($uri->getHost(), $sslConfig, $socket);
-            }
-        }
-    }
-
-    private function enableSsl(string $host, string $sslConfig, StreamSocket $sock): void
-    {
-        $options = [
-            'verify_peer' => $this->driverConfig->getSslConfiguration()->isVerifyPeer(),
-            'peer_name' => $host,
-        ];
-        if (!filter_var($host, FILTER_VALIDATE_IP)) {
-            $options['SNI_enabled'] = true;
-        }
-        if ($sslConfig === 's') {
-            $sock->setSslContextOptions($options);
-        } elseif ($sslConfig === 'ssc') {
-            $options['allow_self_signed'] = true;
-            $sock->setSslContextOptions($options);
-        }
-    }
-
     public function canConnect(UriInterface $uri, AuthenticateInterface $authenticate, ?RoutingTable $table = null, ?UriInterface $server = null): bool
     {
         $connectingTo = $server ?? $uri;
         $socket = new StreamSocket($uri->getHost(), $connectingTo->getPort() ?? 7687);
 
-        $this->configureSsl($uri, $connectingTo, $socket, $table);
+        $this->sslConfigurator->configure($uri, $connectingTo, $socket, $table, $this->driverConfig);
 
         try {
             $bolt = new Bolt($socket);
@@ -172,7 +126,7 @@ private function openConnection(
     ): BoltConnection {
         $socket = new StreamSocket($connectingTo->getHost(), $connectingTo->getPort() ?? 7687, $socketTimeout);
 
-        $this->configureSsl($uri, $connectingTo, $socket, $table);
+        $this->sslConfigurator->configure($uri, $connectingTo, $socket, $table, $this->driverConfig);
 
         $bolt = new Bolt($socket);
         $authenticate->authenticateBolt($bolt, $connectingTo, $userAgent);
diff --git a/src/Bolt/BoltDriver.php b/src/Bolt/BoltDriver.php
@@ -97,7 +97,7 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
             return new self(
                 $uri,
                 $authenticate ?? Authenticate::fromUrl(),
-                new BoltConnectionPool($configuration),
+                new BoltConnectionPool($configuration, new SslConfigurator()),
                 $configuration,
                 $formatter,
                 $socketTimeout
@@ -107,7 +107,7 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         return new self(
             $uri,
             $authenticate ?? Authenticate::fromUrl(),
-            new BoltConnectionPool($configuration),
+            new BoltConnectionPool($configuration, new SslConfigurator()),
             $configuration,
             OGMFormatter::create(),
             $socketTimeout
diff --git a/src/Bolt/SslConfigurator.php b/src/Bolt/SslConfigurator.php
@@ -0,0 +1,69 @@
+<?php
+
+/*
+ * This file is part of the Laudis Neo4j package.
+ *
+ * (c) Laudis technologies <http://laudis.tech>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Laudis\Neo4j\Bolt;
+
+use Bolt\connection\StreamSocket;
+use function count;
+use function explode;
+use const FILTER_VALIDATE_IP;
+use function filter_var;
+use Laudis\Neo4j\Databags\DriverConfiguration;
+use Laudis\Neo4j\Enum\SslMode;
+use Laudis\Neo4j\Neo4j\RoutingTable;
+use Psr\Http\Message\UriInterface;
+
+final class SslConfigurator
+{
+    public function configure(UriInterface $uri, UriInterface $server, StreamSocket $socket, ?RoutingTable $table, DriverConfiguration $config): void
+    {
+        $sslMode = $config->getSslConfiguration()->getMode();
+        $sslConfig = '';
+        if ($sslMode === SslMode::FROM_URL()) {
+            $scheme = $uri->getScheme();
+            $explosion = explode('+', $scheme, 2);
+            $sslConfig = $explosion[1] ?? '';
+        } elseif ($sslMode === SslMode::ENABLE()) {
+            $sslConfig = 's';
+        } elseif ($sslMode === SslMode::ENABLE_WITH_SELF_SIGNED()) {
+            $sslConfig = 'ssc';
+        }
+
+        if (str_starts_with($sslConfig, 's')) {
+            // We have to pass a different host when working with ssl on aura.
+            // There is a strange behaviour where if we pass the uri host on a single
+            // instance aura deployment, we need to pass the original uri for the
+            // ssl configuration to be valid.
+            if ($table && count($table->getWithRole()) > 1) {
+                $this->enableSsl($server->getHost(), $sslConfig, $socket, $config);
+            } else {
+                $this->enableSsl($uri->getHost(), $sslConfig, $socket, $config);
+            }
+        }
+    }
+
+    private function enableSsl(string $host, string $sslConfig, StreamSocket $sock, DriverConfiguration $config): void
+    {
+        $options = [
+            'verify_peer' => $config->getSslConfiguration()->isVerifyPeer(),
+            'peer_name' => $host,
+        ];
+        if (!filter_var($host, FILTER_VALIDATE_IP)) {
+            $options['SNI_enabled'] = true;
+        }
+        if ($sslConfig === 's') {
+            $sock->setSslContextOptions($options);
+        } elseif ($sslConfig === 'ssc') {
+            $options['allow_self_signed'] = true;
+            $sock->setSslContextOptions($options);
+        }
+    }
+}
diff --git a/src/Neo4j/Neo4jDriver.php b/src/Neo4j/Neo4jDriver.php
@@ -19,6 +19,7 @@
 use Laudis\Neo4j\Authentication\Authenticate;
 use Laudis\Neo4j\Bolt\BoltConnectionPool;
 use Laudis\Neo4j\Bolt\Session;
+use Laudis\Neo4j\Bolt\SslConfigurator;
 use Laudis\Neo4j\Common\Uri;
 use Laudis\Neo4j\Contracts\AuthenticateInterface;
 use Laudis\Neo4j\Contracts\ConnectionPoolInterface;
@@ -98,7 +99,7 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
             return new self(
                 $uri,
                 $authenticate ?? Authenticate::fromUrl(),
-                new Neo4jConnectionPool(new BoltConnectionPool($configuration)),
+                new Neo4jConnectionPool(new BoltConnectionPool($configuration, new SslConfigurator())),
                 $configuration,
                 $formatter,
                 $socketTimeout
@@ -108,7 +109,7 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         return new self(
             $uri,
             $authenticate ?? Authenticate::fromUrl(),
-            new Neo4jConnectionPool(new BoltConnectionPool($configuration)),
+            new Neo4jConnectionPool(new BoltConnectionPool($configuration, new SslConfigurator())),
             $configuration,
             OGMFormatter::create(),
             $socketTimeout
diff --git a/tests/Unit/SslConfiguratorTest.php b/tests/Unit/SslConfiguratorTest.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Laudis\Neo4j\Tests\Unit;
+
+class SslConfiguratorTest
+{
+
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,8 @@ @@
 +<?php
++
 +namespace Laudis\Neo4j\Tests\Unit;
++
 +class SslConfiguratorTest
 +{
++
 +}