/**
* Check if a LDAP server is up and available.
*
* @param string $server
* @return bool
*/
protected function isServerAvailable($server)
{
$result = $this->tcp->connect($server, $this->config->getPort(), $this->config->getConnectTimeout());
if ($result) {
$this->tcp->close();
}
return $result;
}
function it_should_use_the_connect_timeout_value_from_the_config(TcpSocket $tcp)
{
$tcp->connect('foo', 389, 5)->shouldBeCalled()->willReturn(true);
$tcp->close()->shouldBeCalled();
$config = (new DomainConfiguration('example.com'))->setConnectTimeout(5)->setServers(['foo']);
$this->beConstructedWith($config, $tcp);
$this->getServer()->shouldReturn('foo');
}
/**
* Get an array containing the SSL certificates of the LDAP server. This runs over the standard LDAP port and
* initiates a TlsStart operation.
*
* @param string $server The server name to connect to
* @param int $port The standard LDAP port
* @return array In the form of ['peer_certificate' => '', 'peer_certificate_chain' => []]
*/
public static function getLdapSslCertificates($server, $port = 389)
{
// This is the hex encoded extendedRequest for the STARTTLS operation...
$startTls = hex2bin("301d02010177188016312e332e362e312e342e312e313436362e3230303337");
$certificates = ['peer_certificate' => '', 'peer_certificate_chain' => []];
$tcpSocket = new TcpSocket(['ssl' => ['capture_peer_cert' => true, 'capture_peer_cert_chain' => true, 'allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false]]);
$tcpSocket->connect($server, $port, 5);
$tcpSocket->setOperationTimeout(2);
$tcpSocket->write($startTls);
$tcpSocket->read(10240);
$tcpSocket->enableEncryption(STREAM_CRYPTO_METHOD_TLS_CLIENT);
$info = $tcpSocket->getParams();
if (!$info) {
return $certificates;
}
openssl_x509_export($info['options']['ssl']['peer_certificate'], $certificates['peer_certificate']);
foreach ($info['options']['ssl']['peer_certificate_chain'] as $cert) {
$certChain = '';
openssl_x509_export($cert, $certChain);
$certificates['peer_certificate_chain'][] = $certChain;
}
$tcpSocket->close();
return $certificates;
}