[amqp] Add ssl connection support.

makasim · makasim · commit 0ea5d4b054d2 · 2017-10-27T15:35:05.000+03:00
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,7 @@ bin/jp.php
 bin/php-parse
 bin/google-cloud-batch
 vendor
+var
 .php_cs
 .php_cs.cache
 composer.lock
diff --git a/bin/build-rabbitmq-image.sh b/bin/build-rabbitmq-image.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+(cd docker && docker build --rm --force-rm --no-cache --pull --squash --tag "enqueue/rabbitmq:latest" -f Dockerfile.rabbitmq .)
+(cd docker && docker login --username="$DOCKER_USER" --password="$DOCKER_PASSWORD")
+(cd docker && docker push "enqueue/rabbitmq-ssl:latest")
diff --git a/bin/build-rabbitmq-ssl-image.sh b/bin/build-rabbitmq-ssl-image.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+
+set -e
+set -x
+
+#mkdir -p /tmp/roboconf
+#rm -rf /tmp/roboconf/*
+#
+#(cd /tmp/roboconf && git clone git@github.com:roboconf/rabbitmq-with-ssl-in-docker.git)
+#
+#(cd /tmp/roboconf/rabbitmq-with-ssl-in-docker && docker build --rm --force-rm --no-cache --pull --squash --tag "enqueue/rabbitmq-ssl:latest" .)
+#
+#(cd /tmp/roboconf/rabbitmq-with-ssl-in-docker && docker login --username="$DOCKER_USER" --password="$DOCKER_PASSWORD")
+#(cd /tmp/roboconf/rabbitmq-with-ssl-in-docker && docker push "enqueue/rabbitmq-ssl:latest")
+
+docker run --rm -v "`pwd`/var/rabbitmq_certificates:/enqueue" "enqueue/rabbitmq-ssl:latest" cp /home/testca/cacert.pem /enqueue/cacert.pem
+
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,7 @@ services:
     # build: { context: docker, dockerfile: Dockerfile }
     depends_on:
       - rabbitmq
+      - rabbitmq_ssl
       - mysql
       - redis
       - beanstalkd
@@ -17,6 +18,7 @@ services:
       - './:/mqdev'
     environment:
       - AMQP_DSN=amqp://guest:guest@rabbitmq:5672/mqdev
+      - AMQPS_DSN=amqps://guest:guest@rabbitmq_ssl:5671
       - DOCTINE_DSN=mysql://root:rootpass@mysql/mqdev
       - SYMFONY__RABBITMQ__HOST=rabbitmq
       - SYMFONY__RABBITMQ__USER=guest
@@ -54,8 +56,16 @@ services:
     ports:
       - "15677:15672"
 
+  rabbitmq_ssl:
+    image: enqueue/rabbitmq-ssl:latest
+    environment:
+      - RABBITMQ_DEFAULT_USER=guest
+      - RABBITMQ_DEFAULT_PASS=guest
+    volumes:
+      - './var/rabbitmq_certificates:/home/client'
+
   beanstalkd:
-      image: 'schickling/beanstalkd'
+      image: 'jonbaldie/beanstalkd'
 
   gearmand:
       image: 'artefactual/gearmand'
diff --git a/pkg/amqp-bunny/AmqpConnectionFactory.php b/pkg/amqp-bunny/AmqpConnectionFactory.php
@@ -85,6 +85,10 @@ public function getConfig()
      */
     private function establishConnection()
     {
+        if ($this->config->isSslOn()) {
+            throw new \LogicException('The bunny library does not support SSL connections');
+        }
+
         if (false == $this->client) {
             $bunnyConfig = [];
             $bunnyConfig['host'] = $this->config->getHost();
diff --git a/pkg/amqp-bunny/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php b/pkg/amqp-bunny/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace Enqueue\AmqpBunny\Tests\Spec;
+
+use Enqueue\AmqpBunny\AmqpConnectionFactory;
+use Enqueue\AmqpBunny\AmqpContext;
+use Interop\Queue\PsrContext;
+use Interop\Queue\Spec\SendToAndReceiveFromQueueSpec;
+
+/**
+ * @group functional
+ */
+class AmqpSslSendToAndReceiveFromQueueTest extends SendToAndReceiveFromQueueSpec
+{
+    public function test()
+    {
+        $this->expectException(\LogicException::class);
+        $this->expectExceptionMessage('The bunny library does not support SSL connections');
+        parent::test();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function createContext()
+    {
+        $baseDir = realpath(__DIR__.'/../../../../');
+
+        // guard
+        $this->assertNotEmpty($baseDir);
+
+        $certDir = $baseDir.'/var/rabbitmq_certificates';
+        $this->assertDirectoryExists($certDir);
+
+        $factory = new AmqpConnectionFactory([
+            'dsn' => getenv('AMQPS_DSN'),
+            'ssl_verify' => false,
+            'ssl_cacert' => $certDir.'/cacert.pem',
+            'ssl_cert' => $certDir.'/cert.pem',
+            'ssl_key' => $certDir.'/key.pem',
+        ]);
+
+        return $factory->createContext();
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @param AmqpContext $context
+     */
+    protected function createQueue(PsrContext $context, $queueName)
+    {
+        $queue = $context->createQueue($queueName);
+        $context->declareQueue($queue);
+        $context->purgeQueue($queue);
+
+        return $queue;
+    }
+}
diff --git a/pkg/amqp-ext/AmqpConnectionFactory.php b/pkg/amqp-ext/AmqpConnectionFactory.php
@@ -113,11 +113,20 @@ private function establishConnection()
             $extConfig['read_timeout'] = $this->config->getReadTimeout();
             $extConfig['write_timeout'] = $this->config->getWriteTimeout();
             $extConfig['connect_timeout'] = $this->config->getConnectionTimeout();
+            $extConfig['heartbeat'] = $this->config->getHeartbeat();
+
+            if ($this->config->isSslOn()) {
+                $extConfig['verify'] = $this->config->isSslVerify();
+                $extConfig['cacert'] = $this->config->getSslCaCert();
+                $extConfig['cert'] = $this->config->getSslCert();
+                $extConfig['key'] = $this->config->getSslKey();
+            }
 
             $this->connection = new \AMQPConnection($extConfig);
 
             $this->config->isPersisted() ? $this->connection->pconnect() : $this->connection->connect();
         }
+
         if (false == $this->connection->isConnected()) {
             $this->config->isPersisted() ? $this->connection->preconnect() : $this->connection->reconnect();
         }
diff --git a/pkg/amqp-ext/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php b/pkg/amqp-ext/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Enqueue\AmqpExt\Tests\Spec;
+
+use Enqueue\AmqpExt\AmqpConnectionFactory;
+use Enqueue\AmqpExt\AmqpContext;
+use Interop\Queue\PsrContext;
+use Interop\Queue\Spec\SendToAndReceiveFromQueueSpec;
+
+/**
+ * @group functional
+ */
+class AmqpSslSendToAndReceiveFromQueueTest extends SendToAndReceiveFromQueueSpec
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected function createContext()
+    {
+        $baseDir = realpath(__DIR__.'/../../../../');
+
+        // guard
+        $this->assertNotEmpty($baseDir);
+
+        $certDir = $baseDir.'/var/rabbitmq_certificates';
+        $this->assertDirectoryExists($certDir);
+
+        $factory = new AmqpConnectionFactory([
+            'dsn' => getenv('AMQPS_DSN'),
+            'ssl_verify' => false,
+            'ssl_cacert' => $certDir.'/cacert.pem',
+            'ssl_cert' => $certDir.'/cert.pem',
+            'ssl_key' => $certDir.'/key.pem',
+        ]);
+
+        return $factory->createContext();
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @param AmqpContext $context
+     */
+    protected function createQueue(PsrContext $context, $queueName)
+    {
+        $queue = $context->createQueue($queueName);
+        $context->declareQueue($queue);
+        $context->purgeQueue($queue);
+
+        return $queue;
+    }
+}
diff --git a/pkg/amqp-lib/AmqpConnectionFactory.php b/pkg/amqp-lib/AmqpConnectionFactory.php
@@ -10,6 +10,7 @@
 use PhpAmqpLib\Connection\AMQPLazyConnection;
 use PhpAmqpLib\Connection\AMQPLazySocketConnection;
 use PhpAmqpLib\Connection\AMQPSocketConnection;
+use PhpAmqpLib\Connection\AMQPSSLConnection;
 use PhpAmqpLib\Connection\AMQPStreamConnection;
 
 class AmqpConnectionFactory implements InteropAmqpConnectionFactory, DelayStrategyAware
@@ -84,7 +85,32 @@ private function establishConnection()
     {
         if (false == $this->connection) {
             if ($this->config->getOption('stream')) {
-                if ($this->config->isLazy()) {
+                if ($this->config->isSslOn()) {
+                    $con = new AMQPSSLConnection(
+                        $this->config->getHost(),
+                        $this->config->getPort(),
+                        $this->config->getUser(),
+                        $this->config->getPass(),
+                        $this->config->getVHost(),
+                        [
+                            'cafile' => $this->config->getSslCaCert(),
+                            'local_cert' => $this->config->getSslCert(),
+                            'local_pk' => $this->config->getSslKey(),
+                            'verify_peer' => $this->config->isSslVerify(),
+                            'verify_peer_name' => $this->config->isSslVerify(),
+                        ],
+                        [
+                            'insist' => $this->config->getOption('insist'),
+                            'login_method' => $this->config->getOption('login_method'),
+                            'login_response' => $this->config->getOption('login_response'),
+                            'locale' => $this->config->getOption('locale'),
+                            'connection_timeout' => $this->config->getConnectionTimeout(),
+                            'read_write_timeout' => (int) round(min($this->config->getReadTimeout(), $this->config->getWriteTimeout())),
+                            'keepalive' => $this->config->getOption('keepalive'),
+                            'heartbeat' => (int) round($this->config->getHeartbeat()),
+                        ]
+                    );
+                } elseif ($this->config->isLazy()) {
                     $con = new AMQPLazyConnection(
                         $this->config->getHost(),
                         $this->config->getPort(),
@@ -120,6 +146,10 @@ private function establishConnection()
                     );
                 }
             } else {
+                if ($this->config->isSslOn()) {
+                    throw new \LogicException('The socket connection implementation does not support ssl connections.');
+                }
+
                 if ($this->config->isLazy()) {
                     $con = new AMQPLazySocketConnection(
                         $this->config->getHost(),
diff --git a/pkg/amqp-lib/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php b/pkg/amqp-lib/Tests/Spec/AmqpSslSendToAndReceiveFromQueueTest.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Enqueue\AmqpLib\Tests\Spec;
+
+use Enqueue\AmqpLib\AmqpConnectionFactory;
+use Enqueue\AmqpLib\AmqpContext;
+use Interop\Queue\PsrContext;
+use Interop\Queue\Spec\SendToAndReceiveFromQueueSpec;
+
+/**
+ * @group functional
+ */
+class AmqpSslSendToAndReceiveFromQueueTest extends SendToAndReceiveFromQueueSpec
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected function createContext()
+    {
+        $baseDir = realpath(__DIR__.'/../../../../');
+
+        // guard
+        $this->assertNotEmpty($baseDir);
+
+        $certDir = $baseDir.'/var/rabbitmq_certificates';
+        $this->assertDirectoryExists($certDir);
+
+        $factory = new AmqpConnectionFactory([
+            'dsn' => getenv('AMQPS_DSN'),
+            'ssl_verify' => false,
+            'ssl_cacert' => $certDir.'/cacert.pem',
+            'ssl_cert' => $certDir.'/cert.pem',
+            'ssl_key' => $certDir.'/key.pem',
+        ]);
+
+        return $factory->createContext();
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @param AmqpContext $context
+     */
+    protected function createQueue(PsrContext $context, $queueName)
+    {
+        $queue = $context->createQueue($queueName);
+        $context->declareQueue($queue);
+        $context->purgeQueue($queue);
+
+        return $queue;
+    }
+}
diff --git a/pkg/amqp-tools/ConnectionConfig.php b/pkg/amqp-tools/ConnectionConfig.php
diff --git a/pkg/amqp-tools/Tests/ConnectionConfigTest.php b/pkg/amqp-tools/Tests/ConnectionConfigTest.php
