mirror of https://github.com/MISP/MISP
fix: [HttpTool] make linting happy
parent
6d5299cf73
commit
6d1fb2e401
|
@ -1,8 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
namespace App\Lib\Tools;
|
namespace App\Lib\Tools;
|
||||||
|
|
||||||
use App\Lib\Tools\CurlAdvanced;
|
|
||||||
use Cake\Core\Configure;
|
use Cake\Core\Configure;
|
||||||
use Cake\Core\Exception\CakeException;
|
use Cake\Core\Exception\CakeException;
|
||||||
use Cake\Http\Client as CakeClient;
|
use Cake\Http\Client as CakeClient;
|
||||||
|
@ -11,7 +11,6 @@ use Cake\Http\Client\Response;
|
||||||
use Cake\Http\Exception\NotImplementedException;
|
use Cake\Http\Exception\NotImplementedException;
|
||||||
use Cake\I18n\FrozenTime;
|
use Cake\I18n\FrozenTime;
|
||||||
|
|
||||||
|
|
||||||
class HttpTool extends CakeClient
|
class HttpTool extends CakeClient
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
|
@ -27,7 +26,8 @@ class HttpTool extends CakeClient
|
||||||
* - Proxy.host, port, user, pass, method
|
* - Proxy.host, port, user, pass, method
|
||||||
* - Security.min_tls_version
|
* - Security.min_tls_version
|
||||||
*
|
*
|
||||||
* @param mixed $server Server array with custom settings for a specific server, cerebrate, ...
|
* @param array $config configuration parameters of CakeClient
|
||||||
|
* @param array $server Server array with custom settings for a specific server, cerebrate, ...
|
||||||
*/
|
*/
|
||||||
public function __construct(array $config = [], array $server = [])
|
public function __construct(array $config = [], array $server = [])
|
||||||
{
|
{
|
||||||
|
@ -38,10 +38,10 @@ class HttpTool extends CakeClient
|
||||||
parent::__construct($config);
|
parent::__construct($config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* buildDefaultConfigFromSettings
|
* buildDefaultConfigFromSettings
|
||||||
*
|
*
|
||||||
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function buildDefaultConfigFromSettings()
|
public function buildDefaultConfigFromSettings()
|
||||||
{
|
{
|
||||||
|
@ -74,7 +74,6 @@ class HttpTool extends CakeClient
|
||||||
- skip_proxy -
|
- skip_proxy -
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// proxy settings
|
// proxy settings
|
||||||
$proxy = Configure::read('Proxy');
|
$proxy = Configure::read('Proxy');
|
||||||
// proxy array as CakeClient likes it
|
// proxy array as CakeClient likes it
|
||||||
|
@ -83,7 +82,7 @@ class HttpTool extends CakeClient
|
||||||
// 'proxy' => '127.0.0.1:8080']
|
// 'proxy' => '127.0.0.1:8080']
|
||||||
|
|
||||||
if (isset($proxy['host'])) {
|
if (isset($proxy['host'])) {
|
||||||
$this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ":" . (empty($proxy['port']) ? 3128 : $proxy['port'])];
|
$this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ':' . (empty($proxy['port']) ? 3128 : $proxy['port'])];
|
||||||
|
|
||||||
if (isset($proxy['user']) && isset($proxy['password']) && !isset($proxy['method'])) {
|
if (isset($proxy['user']) && isset($proxy['password']) && !isset($proxy['method'])) {
|
||||||
$proxy['method'] = 'basic';
|
$proxy['method'] = 'basic';
|
||||||
|
@ -109,7 +108,8 @@ class HttpTool extends CakeClient
|
||||||
}
|
}
|
||||||
|
|
||||||
// min TLS version
|
// min TLS version
|
||||||
if ($minTlsVersion = Configure::read('Security.min_tls_version')) {
|
$minTlsVersion = Configure::read('Security.min_tls_version');
|
||||||
|
if ($minTlsVersion) {
|
||||||
$version = 0;
|
$version = 0;
|
||||||
switch ($minTlsVersion) {
|
switch ($minTlsVersion) {
|
||||||
case 'tlsv1_0':
|
case 'tlsv1_0':
|
||||||
|
@ -124,8 +124,8 @@ class HttpTool extends CakeClient
|
||||||
case 'tlsv1_3':
|
case 'tlsv1_3':
|
||||||
if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) {
|
if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) {
|
||||||
$version |= STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
|
$version |= STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
|
||||||
} else if ($minTlsVersion === 'tlsv1_3') {
|
} elseif ($minTlsVersion === 'tlsv1_3') {
|
||||||
throw new CakeException("TLSv1.3 is not supported by PHP.");
|
throw new CakeException('TLSv1.3 is not supported by PHP.');
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -135,7 +135,7 @@ class HttpTool extends CakeClient
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add user-agent
|
// Add user-agent
|
||||||
$this->_defaultConfig['headers']['User-Agent'] = "MISP - Threat Intelligence & Sharing Platform";
|
$this->_defaultConfig['headers']['User-Agent'] = 'MISP - Threat Intelligence & Sharing Platform';
|
||||||
// TODO add MISP version? or only do it for server to server communication? (see configFromServer())
|
// TODO add MISP version? or only do it for server to server communication? (see configFromServer())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,18 +143,19 @@ class HttpTool extends CakeClient
|
||||||
* Set HttpTool configuration from Server data, such as Certificate Authority and other
|
* Set HttpTool configuration from Server data, such as Certificate Authority and other
|
||||||
*
|
*
|
||||||
* @param array $server Server array
|
* @param array $server Server array
|
||||||
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function configFromServer(array $server)
|
public function configFromServer(array $server)
|
||||||
{
|
{
|
||||||
if (!empty($server)) {
|
if (!empty($server)) {
|
||||||
if ($server['cert_file']) {
|
if ($server['cert_file']) {
|
||||||
$this->_defaultConfig['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['id'] . '.pem';
|
$this->_defaultConfig['ssl_cafile'] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '.pem';
|
||||||
}
|
}
|
||||||
if ($server['client_cert_file']) {
|
if ($server['client_cert_file']) {
|
||||||
if (!isset($this->_defaultConfig['curl'])) {
|
if (!isset($this->_defaultConfig['curl'])) {
|
||||||
$this->_defaultConfig['curl'] = [];
|
$this->_defaultConfig['curl'] = [];
|
||||||
}
|
}
|
||||||
$this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem';
|
$this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
|
||||||
}
|
}
|
||||||
if ($server['self_signed']) {
|
if ($server['self_signed']) {
|
||||||
$this->_defaultConfig['ssl_verify_peer_name'] = false;
|
$this->_defaultConfig['ssl_verify_peer_name'] = false;
|
||||||
|
@ -179,10 +180,14 @@ class HttpTool extends CakeClient
|
||||||
* Set HttpTool configuration from Feed data
|
* Set HttpTool configuration from Feed data
|
||||||
*
|
*
|
||||||
* @param array|null $feed Feed array
|
* @param array|null $feed Feed array
|
||||||
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function configFromFeed(array $feed = null)
|
public function configFromFeed(array $feed = null)
|
||||||
{
|
{
|
||||||
$this->_defaultConfig['compress'] = 'true';
|
$this->_defaultConfig['compress'] = 'true';
|
||||||
|
if ($feed) {
|
||||||
|
throw new NotImplementedException('configFromFeed() is not implemented'); // FIXME chri write configFromFeed
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -198,7 +203,6 @@ class HttpTool extends CakeClient
|
||||||
$this->_defaultConfig['headers']['MISP-uuid'] = Configure::read('MISP.uuid');
|
$this->_defaultConfig['headers']['MISP-uuid'] = Configure::read('MISP.uuid');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper method for doing requests. This method is there to provide us a wrapper implementing custom MISP options.
|
* Helper method for doing requests. This method is there to provide us a wrapper implementing custom MISP options.
|
||||||
*
|
*
|
||||||
|
@ -215,31 +219,33 @@ class HttpTool extends CakeClient
|
||||||
$options,
|
$options,
|
||||||
[
|
[
|
||||||
'ssl_verify_peer' => false,
|
'ssl_verify_peer' => false,
|
||||||
'ssl_verify_host' => false
|
'ssl_verify_host' => false,
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if (isset($options['skip_proxy']) && $options['skip_proxy'] === true) {
|
if (isset($options['skip_proxy']) && $options['skip_proxy'] === true) {
|
||||||
unset($options['proxy']);
|
unset($options['proxy']);
|
||||||
}
|
}
|
||||||
|
|
||||||
return parent::_doRequest($method, $url, $data, $options);
|
return parent::_doRequest($method, $url, $data, $options);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @deprecated createRequest - return an instance of HttpTool with automatic configuration
|
* @deprecated createRequest - return an instance of HttpTool with automatic configuration
|
||||||
* @deprecated do not use this function, but use the HttpTool directly instead
|
* @deprecated do not use this function, but use the HttpTool directly instead
|
||||||
* @param mixed $config
|
* @param array $config HttpTool configuration
|
||||||
* @return HttpTool
|
* @return self
|
||||||
*/
|
*/
|
||||||
public function createRequest(array $config = []): HttpTool
|
public function createRequest(array $config = []): HttpTool
|
||||||
{
|
{
|
||||||
return new HttpTool($config);
|
return new HttpTool($config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* fetchCertificate - download the SSL certificate from the remote server
|
* fetchCertificate - download the SSL certificate from the remote server
|
||||||
*
|
*
|
||||||
|
* @param string $url the url where the certificate is hosted
|
||||||
|
* @param array $options HttpTool options
|
||||||
* @return array the list of certificates including pem
|
* @return array the list of certificates including pem
|
||||||
*/
|
*/
|
||||||
public function fetchCertificates(string $url, array $options = []): array
|
public function fetchCertificates(string $url, array $options = []): array
|
||||||
|
@ -259,14 +265,15 @@ class HttpTool extends CakeClient
|
||||||
);
|
);
|
||||||
$curl = new CurlAdvanced();
|
$curl = new CurlAdvanced();
|
||||||
$certificates = $curl->getCertificateChain($request, $options);
|
$certificates = $curl->getCertificateChain($request, $options);
|
||||||
|
|
||||||
return $certificates;
|
return $certificates;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* getServerClientCertificateInfo - extract certificate info from a Client certificate from a $server.
|
* getServerClientCertificateInfo - extract certificate info from a Client certificate from a $server.
|
||||||
* @param array $server
|
*
|
||||||
|
* @param array $server the Server array from MISP datamodel
|
||||||
* @return array|void
|
* @return array|void
|
||||||
* @throws Exception
|
|
||||||
*/
|
*/
|
||||||
public static function getServerClientCertificateInfo(array $server): mixed
|
public static function getServerClientCertificateInfo(array $server): mixed
|
||||||
{
|
{
|
||||||
|
@ -274,7 +281,7 @@ class HttpTool extends CakeClient
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$fileAccessTool = new FileAccessTool();
|
$fileAccessTool = new FileAccessTool();
|
||||||
$path = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem';
|
$path = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
|
||||||
$clientCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
|
$clientCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
|
||||||
|
|
||||||
return self::getClientCertificateInfo($clientCertificate);
|
return self::getClientCertificateInfo($clientCertificate);
|
||||||
|
@ -282,9 +289,10 @@ class HttpTool extends CakeClient
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* getServerCaCertificateInfo - extract certificate info from a certificate from a $server.
|
* getServerCaCertificateInfo - extract certificate info from a certificate from a $server.
|
||||||
* @param array $server
|
*
|
||||||
|
* @param array $server the Server array from MISP datamodel
|
||||||
* @return array|void
|
* @return array|void
|
||||||
* @throws Exception
|
* @throws \Cake\Core\Exception\CakeException
|
||||||
*/
|
*/
|
||||||
public static function getServerCaCertificateInfo(array $server): mixed
|
public static function getServerCaCertificateInfo(array $server): mixed
|
||||||
{
|
{
|
||||||
|
@ -293,7 +301,7 @@ class HttpTool extends CakeClient
|
||||||
}
|
}
|
||||||
|
|
||||||
$fileAccessTool = new FileAccessTool();
|
$fileAccessTool = new FileAccessTool();
|
||||||
$path = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem';
|
$path = APP . 'files' . DS . 'certs' . DS . $server['Server']['id'] . '.pem';
|
||||||
$caCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
|
$caCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
|
||||||
$certificate = openssl_x509_read($caCertificate);
|
$certificate = openssl_x509_read($caCertificate);
|
||||||
if (!$certificate) {
|
if (!$certificate) {
|
||||||
|
@ -305,9 +313,10 @@ class HttpTool extends CakeClient
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* getClientCertificateInfo - extract client certificate info from a PEM encoded cert + key, only if the cert+key are valid
|
* getClientCertificateInfo - extract client certificate info from a PEM encoded cert + key, only if the cert+key are valid
|
||||||
|
*
|
||||||
* @param string $certificateContent PEM encoded certificate and private key.
|
* @param string $certificateContent PEM encoded certificate and private key.
|
||||||
* @return array
|
* @return array
|
||||||
* @throws Exception
|
* @throws \Cake\Core\Exception\CakeException
|
||||||
*/
|
*/
|
||||||
public static function getClientCertificateInfo(string $certificateContent): array
|
public static function getClientCertificateInfo(string $certificateContent): array
|
||||||
{
|
{
|
||||||
|
@ -323,14 +332,16 @@ class HttpTool extends CakeClient
|
||||||
if (!$verify) {
|
if (!$verify) {
|
||||||
throw new CakeException('Public and private key do not match.');
|
throw new CakeException('Public and private key do not match.');
|
||||||
}
|
}
|
||||||
|
|
||||||
return self::parseCertificate($certificate);
|
return self::parseCertificate($certificate);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* parseCertificate - extract certificate info from a PEM encoded certificate
|
* parseCertificate - extract certificate info from a PEM encoded certificate
|
||||||
* @param mixed $certificate
|
*
|
||||||
|
* @param mixed $certificate the certificate as returned by `openssl_x509_read()`
|
||||||
* @return array
|
* @return array
|
||||||
* @throws Exception
|
* @throws \Cake\Core\Exception\CakeException
|
||||||
*/
|
*/
|
||||||
public static function parseCertificate(mixed $certificate): array
|
public static function parseCertificate(mixed $certificate): array
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue