<?php // The Strawhouse Pattern // // We allow or deny clients according to their IP address. It may keep // spammers and itiots away, but won't stop a real attacker for more // than a heartbeat. // Create context $ctx = new ZMQContext(); // Start an authentication engine for this context. This engine // allows or denies incoming connections (talking to the libzmq // core over a protocol called ZAP). $auth = new ZMQAuth($ctx); // Whitelist our address; any other address will be rejected $auth->allow('127.0.0.1'); // Create and bind server socket $server = $ctx->getSocket(ZMQ::SOCKET_PUSH); $server->setSockOpt(ZMQ::SOCKOPT_ZAP_DOMAIN, 'global'); $server->bind('tcp://*:9000'); // Create and connect client socket $client = $ctx->getSocket(ZMQ::SOCKET_PULL); $client->connect('tcp://127.0.0.1:9000'); // Send a single message from server to client $server->send('Hello'); $message = $client->recv(); assert($message === 'Hello'); echo "Strawhouse test OK\n";
<?php // The Ironhouse Pattern // // Security doesn't get any stronger than this. An attacker is going to // have to break into your systems to see data before/after encryption. // Create context and start authentication engine $ctx = new ZMQContext(); $auth = new ZMQAuth($ctx); $auth->allow('127.0.0.1'); // Tell the authenticator how to handle CURVE requests $auth->configure(ZMQAuth::AUTH_TYPE_CURVE, '*', '.curve'); // We'll generate a new client certificate and save the public part // in the certificate store (in practice this would be done by hand // or some out-of-band process). $clientCert = new ZMQCert(); mkdir('.curve'); $clientCert->setMeta('name', 'Client test certificate'); $clientCert->savePublic('.curve/testcert.pub'); // Prepare the server certificate as we did in Stonehouse $serverCert = new ZMQCert(); $serverKey = $serverCert->getPublicTxt(); // Create and bind server socket $server = $ctx->getSocket(ZMQ::SOCKET_PUSH); $serverCert->apply($server); $server->setSockOpt(ZMQ::SOCKOPT_CURVE_SERVER, true); $server->bind('tcp://127.0.0.1:9000'); // Create and connect client socket $client = $ctx->getSocket(ZMQ::SOCKET_PULL); $clientCert->apply($client); $client->setSockOpt(ZMQ::SOCKOPT_CURVE_SERVERKEY, $serverKey);
<?php // The Stonehouse Pattern // // Where we allow any clients to connect, but we promise clients // that we are who we claim to be, and our conversations won't be // tampered with or modified, or spied on. // Create context and start authentication engine $ctx = new ZMQContext(); $auth = new ZMQAuth($ctx); $auth->allow('127.0.0.1'); // Tell the authenticator how to handle CURVE requests $auth->configure(ZMQAuth::AUTH_TYPE_CURVE, '*', ZMQ::CURVE_ALLOW_ANY); // We need two certificates, one for the client and one for // the server. The client must know the server's public key // to make a CURVE connection. $clientCert = new ZMQCert(); $serverCert = new ZMQCert(); $serverKey = $serverCert->getPublicTxt(); // Create and bind server socket $server = $ctx->getSocket(ZMQ::SOCKET_PUSH); $serverCert->apply($server); $server->setSockOpt(ZMQ::SOCKOPT_CURVE_SERVER, true); $server->bind('tcp://*:9000'); // Create and connect client socket $client = $ctx->getSocket(ZMQ::SOCKET_PULL); $clientCert->apply($client); $client->setSockOpt(ZMQ::SOCKOPT_CURVE_SERVERKEY, $serverKey); $client->connect('tcp://127.0.0.1:9000'); // Send a single message from server to client $server->send('Hello');
<?php // The Woodhouse Pattern // // It may keep some malicious people out but all it takes is a bit // of network sniffing, and they'll be able to fake their way in. // Create context and start authentication engine $ctx = new ZMQContext(); $auth = new ZMQAuth($ctx); $auth->allow('127.0.0.1'); // Tell the authenticator how to handle PLAIN requests $auth->configure(ZMQAuth::AUTH_TYPE_PLAIN, '*', __DIR__ . '/passwords'); // Create and bind server socket $server = $ctx->getSocket(ZMQ::SOCKET_PUSH); $server->setSockOpt(ZMQ::SOCKOPT_PLAIN_SERVER, true); $server->bind('tcp://*:9000'); // Create and connect client socket $client = $ctx->getSocket(ZMQ::SOCKET_PULL); $client->setSockOpt(ZMQ::SOCKOPT_PLAIN_USERNAME, 'admin'); $client->setSockOpt(ZMQ::SOCKOPT_PLAIN_PASSWORD, 'secret'); $client->connect('tcp://127.0.0.1:9000'); // Send a single message from server to client $server->send('Hello'); $message = $client->recv(); assert($message === 'Hello'); echo "Woodhouse test OK\n";