Merge pull request #454 from AndreRudolph/3.x

mbabker · web-flow · commit 2239781fd4ba · 2021-11-03T17:34:53.000-05:00
#453: Introduced native tls support
diff --git a/config/services.yaml b/config/services.yaml
@@ -374,6 +374,8 @@ services:
             - '@gos_web_socket.server.builder'
             - '@gos_web_socket.server.event_loop'
             - '@event_dispatcher'
+            - '%gos_web_socket.server.tls.enabled%'
+            - '%gos_web_socket.server.tls.options%'
         calls:
             - [ setLogger, ['@logger'] ]
         tags:
diff --git a/docs/config.md b/docs/config.md
@@ -50,6 +50,17 @@ gos_web_socket:
     # The port on the server which connections for the websocket server are accepted.
     port:                 ~ # Required
 
+    tls:
+
+      # Enables the native tls support that can be configured with the options below.
+      enabled: false
+
+      # The options to set up the tls configuration. See the example below or see https://www.php.net/manual/en/context.ssl.php for all available options.
+      options:
+        local_cert: '/path/to/cert/cert.crt'
+        local_pk: '/path/to/key/mykey.key'
+        verify_peer: false
+
     # Enables checking the Origin header of websocket connections for allowed values.
     origin_check:         false
 
diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php
@@ -198,6 +198,19 @@ private function addServerSection(ArrayNodeDefinition $rootNode): void
                         ->isRequired()
                         ->info('The port on the server which connections for the websocket server are accepted.')
                     ->end()
+                    ->arrayNode('tls')
+                        ->addDefaultsIfNotSet()
+                        ->children()
+                            ->booleanNode('enabled')
+                                ->info('Enables native TLS support.')
+                                ->defaultFalse()
+                            ->end()
+                            ->variableNode('options')
+                                ->info('An array of options for the TLS context, see https://www.php.net/manual/en/context.ssl.php for available options.')
+                                ->defaultValue([])
+                            ->end()
+                        ->end()
+                    ->end()
                     ->booleanNode('origin_check')
                         ->defaultFalse()
                         ->info('Enables checking the Origin header of websocket connections for allowed values.')
diff --git a/src/DependencyInjection/GosWebSocketExtension.php b/src/DependencyInjection/GosWebSocketExtension.php
@@ -277,6 +277,8 @@ private function registerServerConfiguration(array $config, ContainerBuilder $co
     {
         $container->setParameter('gos_web_socket.server.port', $config['server']['port']);
         $container->setParameter('gos_web_socket.server.host', $config['server']['host']);
+        $container->setParameter('gos_web_socket.server.tls.enabled', $config['server']['tls']['enabled']);
+        $container->setParameter('gos_web_socket.server.tls.options', $config['server']['tls']['options']);
         $container->setParameter('gos_web_socket.server.origin_check', $config['server']['origin_check']);
         $container->setParameter('gos_web_socket.server.ip_address_check', $config['server']['ip_address_check']);
         $container->setParameter('gos_web_socket.server.keepalive_ping', $config['server']['keepalive_ping']);
diff --git a/src/Server/Type/WebSocketServer.php b/src/Server/Type/WebSocketServer.php
@@ -9,6 +9,7 @@
 use Psr\Log\LoggerAwareTrait;
 use Ratchet\Server\IoServer;
 use React\EventLoop\LoopInterface;
+use React\Socket\SecureServer;
 use React\Socket\SocketServer;
 use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
 
@@ -22,15 +23,21 @@ final class WebSocketServer implements ServerInterface, LoggerAwareInterface
     private ServerBuilderInterface $serverBuilder;
     private LoopInterface $loop;
     private EventDispatcherInterface $eventDispatcher;
+    private bool $tlsEnabled;
+    private array $tlsOptions;
 
     public function __construct(
         ServerBuilderInterface $serverBuilder,
         LoopInterface $loop,
-        EventDispatcherInterface $eventDispatcher
+        EventDispatcherInterface $eventDispatcher,
+        bool $tlsEnabled = false,
+        array $tlsOptions = []
     ) {
         $this->serverBuilder = $serverBuilder;
         $this->loop = $loop;
         $this->eventDispatcher = $eventDispatcher;
+        $this->tlsEnabled = $tlsEnabled;
+        $this->tlsOptions = $tlsOptions;
     }
 
     public function launch(string $host, int $port, bool $profile): void
@@ -41,6 +48,10 @@ public function launch(string $host, int $port, bool $profile): void
 
         $server = new SocketServer("$host:$port", [], $this->loop);
 
+        if ($this->tlsEnabled) {
+            $server = new SecureServer($server, $this->loop, $this->tlsOptions);
+        }
+
         $app = new IoServer(
             $this->serverBuilder->buildMessageStack(),
             $server,
diff --git a/tests/DependencyInjection/ConfigurationTest.php b/tests/DependencyInjection/ConfigurationTest.php
@@ -246,6 +246,10 @@ public function testConfigWithAServer(): void
             'server' => [
                 'host' => '127.0.0.1',
                 'port' => 8080,
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => false,
                 'ip_address_check' => false,
                 'keepalive_ping' => false,
@@ -283,6 +287,10 @@ public function testConfigWithAServerAndPubSubRouterWithoutArrayResources(): voi
             'server' => [
                 'host' => '127.0.0.1',
                 'port' => 8080,
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => false,
                 'ip_address_check' => false,
                 'keepalive_ping' => false,
@@ -312,6 +320,10 @@ public function testConfigWithAServerAndPubSubRouterWithArrayResources(): void
             'server' => [
                 'host' => '127.0.0.1',
                 'port' => 8080,
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => false,
                 'ip_address_check' => false,
                 'keepalive_ping' => false,
@@ -335,12 +347,43 @@ public function testConfigWithAServerAndPubSubRouterWithArrayResources(): void
         );
     }
 
+    public function testConfigWithServerAndTlsEnabled(): void
+    {
+        $extraConfig = [
+            'server' => [
+                'host' => '127.0.0.1',
+                'port' => 8080,
+                'tls' => [
+                    'enabled' => true,
+                    'options' => [
+                        'verify_peer' => false,
+                    ],
+                ],
+                'origin_check' => false,
+                'ip_address_check' => false,
+                'keepalive_ping' => false,
+                'keepalive_interval' => 30,
+            ],
+        ];
+
+        $config = (new Processor())->processConfiguration(new Configuration([]), [$extraConfig]);
+
+        self::assertEquals(
+            array_merge(self::getBundleDefaultConfig(), $extraConfig),
+            $config
+        );
+    }
+
     public function testConfigWithAllowedOriginsList(): void
     {
         $extraConfig = [
             'server' => [
                 'host' => '127.0.0.1',
                 'port' => 8080,
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => true,
                 'ip_address_check' => false,
                 'keepalive_ping' => false,
@@ -388,6 +431,10 @@ public function testConfigWithBlockedIpAddressList(): void
             'server' => [
                 'host' => '127.0.0.1',
                 'port' => 8080,
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => false,
                 'ip_address_check' => true,
                 'keepalive_ping' => false,
@@ -554,6 +601,10 @@ protected static function getBundleDefaultConfig(): array
             ],
             'shared_config' => true,
             'server' => [
+                'tls' => [
+                    'enabled' => false,
+                    'options' => [],
+                ],
                 'origin_check' => false,
                 'ip_address_check' => false,
                 'keepalive_ping' => false,
diff --git a/tests/Server/Type/WebSocketServerTest.php b/tests/Server/Type/WebSocketServerTest.php
@@ -29,26 +29,18 @@ class WebSocketServerTest extends TestCase
      */
     private $eventDispatcher;
 
-    /**
-     * @var WebSocketServer
-     */
-    private $server;
-
     protected function setUp(): void
     {
         parent::setUp();
 
         $this->serverBuilder = $this->createMock(ServerBuilderInterface::class);
         $this->loop = $this->createMock(LoopInterface::class);
         $this->eventDispatcher = $this->createMock(EventDispatcherInterface::class);
-
-        $this->server = new WebSocketServer(
-            $this->serverBuilder,
-            $this->loop,
-            $this->eventDispatcher
-        );
     }
 
+    /**
+     * @runInSeparateProcess
+     */
     public function testTheServerIsLaunched(): void
     {
         $this->serverBuilder->expects(self::once())
@@ -62,6 +54,27 @@ public function testTheServerIsLaunched(): void
         $this->loop->expects(self::once())
             ->method('run');
 
-        $this->server->launch('127.0.0.1', 1337, false);
+        (new WebSocketServer($this->serverBuilder, $this->loop, $this->eventDispatcher))
+            ->launch('127.0.0.1', 1337, false);
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testTheServerIsLaunchedWithTlsSupport(): void
+    {
+        $this->serverBuilder->expects(self::once())
+            ->method('buildMessageStack')
+            ->willReturn($this->createMock(MessageComponentInterface::class));
+
+        $this->eventDispatcher->expects(self::once())
+            ->method('dispatch')
+            ->with(self::isInstanceOf(ServerLaunchedEvent::class), GosWebSocketEvents::SERVER_LAUNCHED);
+
+        $this->loop->expects(self::once())
+            ->method('run');
+
+        (new WebSocketServer($this->serverBuilder, $this->loop, $this->eventDispatcher, true, ['verify_peer' => false]))
+            ->launch('127.0.0.1', 1337, false);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -277,6 +277,8 @@ private function registerServerConfiguration(array $config, ContainerBuilder $co`
`277`	`277`	`{`
`278`	`278`	`$container->setParameter('gos_web_socket.server.port', $config['server']['port']);`
`279`	`279`	`$container->setParameter('gos_web_socket.server.host', $config['server']['host']);`
	`280`	`+ $container->setParameter('gos_web_socket.server.tls.enabled', $config['server']['tls']['enabled']);`
	`281`	`+ $container->setParameter('gos_web_socket.server.tls.options', $config['server']['tls']['options']);`
`280`	`282`	`$container->setParameter('gos_web_socket.server.origin_check', $config['server']['origin_check']);`
`281`	`283`	`$container->setParameter('gos_web_socket.server.ip_address_check', $config['server']['ip_address_check']);`
`282`	`284`	`$container->setParameter('gos_web_socket.server.keepalive_ping', $config['server']['keepalive_ping']);`