reactphp · boite · Apr 5, 2016 · May 11, 2016 · boite · May 12, 2016
diff --git a/src/SecureConnection.php b/src/SecureConnection.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace React\Socket;
+
+/**
+ * A connection supporting transport layer security.
+ */
+class SecureConnection extends Connection
+{
+    protected $isSecure = false;
+    protected $protocolNumber;
+
+    public function handleData($stream)
+    {
+        if (! $this->isSecure) {
+            $enabled = stream_socket_enable_crypto($stream, true, $this->protocolNumber);
+            if ($enabled === false) {
+                $this
+                    ->err('Failed to complete a secure handshake with the client.')
+                    ->end()
+                ;
+                return;
+            } elseif ($enabled === 0) {
+                return;
+            }
+            $this->isSecure = true;
+            $this->emit('connection', array($this));
+        }
+
+        $data = fread($stream, $this->bufferSize);
+
+        if ('' !== $data && false !== $data) {
+            $this->emit('data', array($data, $this));
+        }
+
+        if (false === $data || !is_resource($stream) || feof($stream)) {
+            $this->end();
+        }
+    }
+
+    /**
+     * Set the STREAM_CRYPTO_METHOD_*_SERVER flags suitable for enabling TLS on
+     * the socket stream handled by this connection.
+     *
+     * @param int $protocolNumber
+     */
+    public function setProtocol($protocolNumber = null)
+    {
+        $this->protocolNumber = $protocolNumber;
+    }
+
+    private function err($message)
+    {
+        $this->emit('error', array(new \RuntimeException($message)));
+        return $this;
+    }
+}
diff --git a/src/Server.php b/src/Server.php
@@ -16,14 +16,26 @@ public function __construct(LoopInterface $loop)
         $this->loop = $loop;
     }
 
-    public function listen($port, $host = '127.0.0.1')
+    public function listen($port, $host = '127.0.0.1', $streamContext = array())
     {
+        if (isset($streamContext['ssl']) && PHP_VERSION_ID < 50600) {
+            throw new \RuntimeException(
+                'Secure connections are not available before PHP 5.6.0'
+            );
+        }
+
         if (strpos($host, ':') !== false) {
             // enclose IPv6 addresses in square brackets before appending port
             $host = '[' . $host . ']';
         }
 
-        $this->master = @stream_socket_server("tcp://$host:$port", $errno, $errstr);
+        $this->master = @stream_socket_server(
+            "tcp://$host:$port",
+            $errno,
+            $errstr,
+            STREAM_SERVER_BIND | STREAM_SERVER_LISTEN,
+            stream_context_create($streamContext)
+        );
         if (false === $this->master) {
             $message = "Could not bind to tcp://$host:$port: $errstr";
             throw new ConnectionException($message, $errno);
@@ -68,6 +80,57 @@ public function shutdown()
 
     public function createConnection($socket)
     {
-        return new Connection($socket, $this->loop);
+        $connection = null;
+        $context = stream_context_get_options($socket);
+
+        if (! isset($context['ssl'])) {
+            $connection = new Connection($socket, $this->loop);
+        } else {
+            $connection = new SecureConnection($socket, $this->loop);
+            $connection->setProtocol($this->getSecureProtocolNumber($context));
+            $scope = $this;
+            $connection->on('connection', function ($dataConn) use ($scope) {
+                $scope->emit('connection', array($dataConn));
+            });
+        }
+
+        return $connection;
+    }
+
+    /**
+     * Get the STREAM_CRYPTO_METHOD_*_SERVER flags suitable for enabling TLS
+     * on a server socket.
+     *
+     * Used the supplied $streamContext['ssl']['crypto_method'] or a default set
+     * which will support as many SSL/TLS protocols as possible.
+     *
+     * @param array $streamContext
+     *
+     * @return int
+     */
+    public function getSecureProtocolNumber($streamContext)
+    {
+        if (isset($streamContext['ssl']['crypto_method'])) {
+            return $streamContext['ssl']['crypto_method'];
+        } elseif (defined('STREAM_CRYPTO_METHOD_ANY_SERVER')) {
+            return constant('STREAM_CRYPTO_METHOD_ANY_SERVER');
+        }
+        $protoNum = 0;
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_SERVER')) {
+            $protoNum |= constant('STREAM_CRYPTO_METHOD_TLSv1_2_SERVER');
+        }
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_1_SERVER')) {
+            $protoNum |= constant('STREAM_CRYPTO_METHOD_TLSv1_1_SERVER');
+        }
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_0_SERVER')) {
+            $protoNum |= constant('STREAM_CRYPTO_METHOD_TLSv1_0_SERVER');
+        }
+        if (defined('STREAM_CRYPTO_METHOD_SSLv3_SERVER')) {
+            $protoNum |= constant('STREAM_CRYPTO_METHOD_SSLv3_SERVER');
+        }
+        if (defined('STREAM_CRYPTO_METHOD_SSLv2_SERVER')) {
+            $protoNum |= constant('STREAM_CRYPTO_METHOD_SSLv2_SERVER');
+        }
+        return $protoNum;
     }
 }