SecureConnector: add optional TlsPeer, this...

reactphp / socket

Async, streaming plaintext TCP/IP and secure TLS socket server and client connections for ReactPHP.

https://reactphp.org/socket/

MIT License

1.2k stars 156 forks source link

SecureConnector: add optional TlsPeer, this... #252

Open Thomas-Gelf opened 3 years ago

Thomas-Gelf commented 3 years ago

...allows to capture your peer certificate and/or it's chain

Thomas-Gelf commented 3 years ago

After various approaches, this seemed to be the most promising one. However, please let me know in case you want to move it elsewhere.

Just in case you're wondering, I also tried to combine this with the Browser, which was pretty tricky. First I applied some getters to various connectors, allowing me to dig a hole down through all those nested Connectors. But then I finally settled with a new ConnectedConnector, allowing me to first connect, get the Connection-instance, retrieve the certificate - and then pass on the already connected/established connection to the Browser:

<?php

final class ConnectedConnector implements ConnectorInterface
{
    private $connection;

    public function __construct(ConnectionInterface $connection)
    {
        $this->connection = $connection;
    }

    public function connect($uri)
    {
        return resolve($this->connection);
    }
}

Thomas-Gelf commented 3 years ago

NB: Checks are failing, but for an unrelated reason

Thomas-Gelf commented 3 years ago

@WyriHaximus: glad that you like it! Use case: different ones. Right now I'm using it for an upcoming Icinga module where I want to ask the user to confirm whether he wants to add an unknown CA certificate to it's trust store. Once the CA is confirmed, the (ReactPHP-based) daemon needs to generate a CSR and to deal with the signing process.

In future I'd love to also use it for already existing components like our certificate monitoring

WyriHaximus commented 3 years ago

@Thomas-Gelf That's pretty amazing! Looking forward to the certificate monitoring component ReactPHP use, feel free to tag me when that comes

clue commented 3 years ago

@Thomas-Gelf Thanks for looking into this and filing this PR! Love to see how @ReactPHP is used as part of @Icinga!

Unfortunately, this PR currently uses the internal Connection API which is not otherwise exposed to the outside at the moment. Do we need to expose this class or can we find a way to somehow expose this using the existing interfaces? I'm also not opposed to expose the underlying stream resource for more direct access, but I still wonder how we could make this work without introducing a BC break.

What are your thoughts on this? I'm also happy to jump on a quick call to discuss this in person if you want (see my profile for details) :+1: