feat: store EPP keys in files

assets/utils/providers/forms/EppConnectorForm.tsx

@@ -109,7 +109,7 @@ export default function EppConnectorForm() {
 ...
 -----END PRIVATE KEY-----`}/>
                         </Form.Item>
-                        <Form.Item name={['authData', 'ssl', 'passphrase']}>
+                        <Form.Item name={['authData', 'auth', 'ssl', 'passphrase']}>
                             <Input placeholder={t`Private key passphrase (optional)`} autoComplete='off'/>
                         </Form.Item>
                     </Col>
@@ -122,7 +122,7 @@ export default function EppConnectorForm() {
                         <Form.Item
                             initialValue={true}
                             help={t`Verify peer`}
-                            name={['authData', 'ssl', 'verify_peer']}
+                            name={['authData', 'auth', 'ssl', 'verify_peer']}
                         >
                             <Switch/>
                         </Form.Item>
@@ -131,7 +131,7 @@ export default function EppConnectorForm() {
                         <Form.Item
                             initialValue={true}
                             help={t`Verify peer name`}
-                            name={['authData', 'ssl', 'verify_peer_name']}
+                            name={['authData', 'auth', 'ssl', 'verify_peer_name']}
                         >
                             <Switch/>
                         </Form.Item>
@@ -140,7 +140,7 @@ export default function EppConnectorForm() {
                         <Form.Item
                             initialValue={false}
                             help={t`Allow self-signed certificates`}
-                            name={['authData', 'ssl', 'allow_self_signed']}
+                            name={['authData', 'auth', 'ssl', 'allow_self_signed']}
                         >
                             <Switch/>
                         </Form.Item>

src/Controller/ConnectorController.php

@@ -79,22 +79,47 @@ class ConnectorController extends AbstractController
             throw new BadRequestHttpException('Provider not found');
         }
 
-        /** @var AbstractProvider $providerClient */
-        $providerClient = $this->locator->get($provider->getConnectorProvider());
-        $authData = $providerClient->verifyAuthData($connector->getAuthData());
-        $connector->setAuthData($authData);
+        if (ConnectorProvider::EPP === $provider) {
+            $filesystem = new Filesystem();
+            $directory = sprintf('%s/%s/', EppClientProvider::EPP_CERTIFICATES_PATH, $connector->getId());
+            $authData = $connector->getAuthData();
 
-        $providerClient->authenticate($authData);
+            unset($authData['file_certificate_pem'], $authData['file_certificate_key']); // Prevent alteration from user
+
+            if (isset($authData['certificate_pem'], $authData['certificate_key'])) {
+                $pemPath = $directory.'client.pem';
+                $keyPath = $directory.'client.key';
+
+                $filesystem->mkdir($directory, 0755);
+                $filesystem->dumpFile($pemPath, $authData['certificate_pem']);
+                $filesystem->dumpFile($keyPath, $authData['certificate_key']);
+                $connector->setAuthData([...$authData, 'file_certificate_pem' => $pemPath, 'file_certificate_key' => $keyPath]);
+            }
+
+            /** @var AbstractProvider $providerClient */
+            $providerClient = $this->locator->get($provider->getConnectorProvider());
+            $authData = $providerClient->verifyAuthData($connector->getAuthData());
+            $connector->setAuthData($authData);
+
+            try {
+                $providerClient->authenticate($authData);
+            } catch (\Throwable $exception) {
+                $filesystem->remove($directory);
+                throw $exception;
+            }
+        } else {
+            /** @var AbstractProvider $providerClient */
+            $providerClient = $this->locator->get($provider->getConnectorProvider());
+            $authData = $providerClient->verifyAuthData($connector->getAuthData());
+            $connector->setAuthData($authData);
+            $providerClient->authenticate($authData);
+        }
 
         $this->logger->info('User {username} authentication data with the {provider} provider has been validated.', [
             'username' => $user->getUserIdentifier(),
             'provider' => $provider->value,
         ]);
 
-        $this->logger->info('The new API connector requested by {username} has been successfully registered.', [
-            'username' => $user->getUserIdentifier(),
-        ]);
-
         $connector->setCreatedAt(new \DateTimeImmutable('now'));
         $this->em->persist($connector);
         $this->em->flush();

src/Dto/Connector/EppClientProviderAuthSSLDto.php

@@ -6,15 +6,15 @@ final class EppClientProviderAuthSSLDto
 {
     public ?string $peer_name = null;
 
-    public ?bool $verify_peer = null;
+    public bool $verify_peer = true;
 
-    public ?bool $verify_peer_name = null;
+    public bool $verify_peer_name = true;
 
-    public ?bool $allow_self_signed = null;
+    public bool $allow_self_signed = false;
 
     public ?int $verify_depth = null;
 
     public ?string $passphrase = null;
 
-    public ?bool $disable_compression = null;
+    public bool $disable_compression = false;
 }

src/Dto/Connector/EppClientProviderDto.php

@@ -44,9 +44,7 @@ final class EppClientProviderDto extends DefaultProviderDto
     ])]
     public array $objURI = [];
 
-    public ?string $certificate_pem = null;
+    public ?string $file_certificate_pem = null;
 
-    public ?string $certificate_key = null;
-
-    public ?EppClientProviderFilesDto $files;
+    public ?string $file_certificate_key = null;
 }

src/Dto/Connector/EppClientProviderFilesDto.php

@@ -1,14 +0,0 @@
-<?php
-
-namespace App\Dto\Connector;
-
-use Symfony\Component\Validator\Constraints as Assert;
-
-final class EppClientProviderFilesDto
-{
-    #[Assert\NotBlank]
-    public string $pem;
-
-    #[Assert\NotBlank]
-    public string $key;
-}

src/Service/Connector/EppClientProvider.php

@@ -15,7 +15,6 @@ use Metaregistrar\EPP\eppHelloRequest;
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
 use Psr\Cache\InvalidArgumentException;
-use Symfony\Component\Filesystem\Filesystem;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
 use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
@@ -25,10 +24,7 @@ class EppClientProvider extends AbstractProvider implements CheckDomainProviderI
     public const EPP_CERTIFICATES_PATH = '../var/epp-certificates/';
 
     protected string $dtoClass = EppClientProviderDto::class;
-    private eppConnection $eppClient;
-    private readonly Filesystem $filesystem;
-    private ?string $file_certificate_pem = null;
-    private ?string $file_certificate_key = null;
+    private ?eppConnection $eppClient = null;
 
     public function __construct(
         CacheItemPoolInterface $cacheItemPool,
@@ -36,7 +32,6 @@ class EppClientProvider extends AbstractProvider implements CheckDomainProviderI
         ValidatorInterface $validator,
     ) {
         parent::__construct($cacheItemPool, $serializer, $validator);
-        $this->filesystem = new Filesystem();
     }
 
     protected function assertAuthentication(): void
@@ -136,7 +131,7 @@ class EppClientProvider extends AbstractProvider implements CheckDomainProviderI
      */
     private function connect(): void
     {
-        if ($this->eppClient->isConnected()) {
+        if ($this->eppClient && $this->eppClient->isConnected()) {
             return;
         }
 
@@ -149,20 +144,14 @@ class EppClientProvider extends AbstractProvider implements CheckDomainProviderI
         $conn->setUsername($this->authData['auth']['username']);
         $conn->setPassword($this->authData['auth']['password']);
 
-        if (isset($this->authData['certificate_pem'], $this->authData['certificate_key'])) {
-            $this->file_certificate_pem = $this->filesystem->tempnam(sys_get_temp_dir(), 'epp_client_', '.pem');
-            $this->filesystem->dumpFile($this->file_certificate_pem, urldecode($this->authData['certificate_pem']));
-
-            $this->file_certificate_key = $this->filesystem->tempnam(sys_get_temp_dir(), 'epp_client_', '.key');
-            $this->filesystem->dumpFile($this->file_certificate_key, urldecode($this->authData['certificate_key']));
-
+        if (isset($this->authData['file_certificate_pem'], $this->authData['file_certificate_key'])) {
             $conn->setSslContext(stream_context_create(['ssl' => [
                 ...$this->authData['auth']['ssl'],
-                'local_cert' => $this->file_certificate_pem,
-                'local_pk' => $this->file_certificate_key,
+                'local_cert' => $this->authData['file_certificate_pem'],
+                'local_pk' => $this->authData['file_certificate_key'],
             ]]));
         } else {
-            unset($this->authData['auth']['ssl']['local_cert'], $this->authData['auth']['ssl']['local_pk']);
+            unset($this->authData['file_certificate_pem'], $this->authData['file_certificate_key']);
             $conn->setSslContext(stream_context_create(['ssl' => $this->authData['auth']['ssl']]));
         }
 
@@ -176,10 +165,6 @@ class EppClientProvider extends AbstractProvider implements CheckDomainProviderI
 
     private function disconnect(): void
     {
-        if (isset($this->authData['certificate_pem'], $this->authData['certificate_key'])) {
-            $this->filesystem->remove($this->file_certificate_pem);
-            $this->filesystem->remove($this->file_certificate_key);
-        }
         $this->eppClient->disconnect();
     }