First commit

sites/all/modules/civicrm/vendor/totten/ca-config/.gitignore

@@ -0,0 +1,3 @@
+*~
+vendor/
+bin/phpunit

sites/all/modules/civicrm/vendor/totten/ca-config/LICENSE.txt

@@ -0,0 +1,24 @@
+Copyright (c) 2012-2013, Tim Otten <to-git@think.hm>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

sites/all/modules/civicrm/vendor/totten/ca-config/README.md

@@ -0,0 +1,51 @@
+CA_Config is a small PHP library for determining a default
+certificate-authority configuration for use by PHP's HTTP/SSL clients.
+
+### Examples
+
+```php
+<?php
+
+// For CURL
+$caConfig = CA_Config_Curl::singleton();
+if ($caConfig->isEnableSSL()) {
+  $ch = curl_init();
+  curl_setopt($ch, CURLOPT_URL, );
+  curl_setopt($ch, CURLOPT_HEADER, 0);
+  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
+  curl_setopt_array($ch, $caConfig->toCurlOptions());
+  $response = curl_exec($ch);
+} else {
+  printf("This system does not support SSL.");
+} 
+
+
+// For PHP Streams
+$caConfig = CA_Config_Stream::singleton();
+if ($caConfig->isEnableSSL()) {
+  $context = stream_context_create(array(
+    'ssl' => $caConfig->toStreamOptions(),
+  ));
+  $data = file_get_contents('https://example.com/', 0, $context);
+} else {
+  printf("This system does not support SSL.");
+}
+```
+
+### Helpers
+
+When requesting an instance, one can use either singleton() or probe(). 
+singleton() is intended for modest apps that don't have a service container. 
+singleton() is just a wrapper for probe() which reads extra configuration
+options from a global variable and returns a single instance.
+
+### Testing
+
+This has not been tested on a broad range of configurations, and the
+underlying problem is that CA configurations are not well-standardized in
+different PHP environments.  To determine if this produces a valid
+configuration in your environment, run the phpunit test suite.
+
+If you encounter problems, feel free to submit a patch or to report the
+problem.

sites/all/modules/civicrm/vendor/totten/ca-config/composer.json

@@ -0,0 +1,23 @@
+{
+    "name": "totten/ca-config",
+    "description": "Default configuration for certificate authorities",
+    "homepage": "https://github.com/totten/ca_config",
+    "license": "BSD-2-Clause",
+    "require": {
+        "php": ">=5.2"
+    },
+    "autoload": {
+        "psr-0": {
+            "CA_Config": "src/"
+         }
+    },
+    "config": {
+        "bin-dir": "bin"
+    },
+    "authors": [
+        {
+            "name": "Tim Otten",
+            "email": "to-git@think.hm"
+        }
+    ]
+}

sites/all/modules/civicrm/vendor/totten/ca-config/phpunit.xml.dist

@@ -0,0 +1,31 @@
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         syntaxCheck="false"
+         bootstrap="tests/bootstrap.php"
+>
+  <testsuites>
+    <testsuite name="CA_Config Test Suite">
+      <directory>./tests/</directory>
+    </testsuite>
+  </testsuites>
+
+  <filter>
+    <whitelist>
+      <directory suffix=".php">./src</directory>
+    </whitelist>
+  </filter>
+</phpunit>
+<!--
+<phpunit bootstrap="tests/bootstrap.php">
+  <php>
+    <include>tests</include>
+  </php>
+</phpunit>
+
+-->

sites/all/modules/civicrm/vendor/totten/ca-config/src/CA/Config/Curl.php

@@ -0,0 +1,135 @@
+<?php
+
+/**
+ * Auto-detect list of certificate-authorities for use by HTTPS clients.
+ *
+ * This is designed to provide sane defaults for typical one-way
+ * authentication.
+ */
+class CA_Config_Curl
+{
+    static private $_singleton;
+
+    /**
+     * Provide a singleton instance to simplify integration. If you prefer
+     * to manage the lifecycle of the config object, then consider using
+     * "probe()" or "new" instead.
+     *
+     * @return CA_Config_Curl
+     */
+    static public function singleton()
+    {
+        if (! self::$_singleton) {
+            global $CA_CONFIG;
+            self::$_singleton = self::probe($CA_CONFIG ? $CA_CONFIG : array());
+        }
+        return self::$_singleton;
+    }
+
+    /**
+     * Factory fuction which produces a configuration based on a policy and based
+     * on local system resources.
+     *
+     * @param $policy array:
+     *  - enable_ssl: bool; default: TRUE
+     *  - verify_peer: bool; default: TRUE
+     *  - cafile: string, path to aggregated PEM; overrides any system defaults
+     *  - fallback_cafile: string, path to aggregated PEM; used on systems which lack default; set FALSE to disable
+     *  - fallback_ttl: int, seconds, the max age of the fallback cafile before it's regarded as stale; default: 5 years
+     * @return CA_Config_Curl
+     */
+    static public function probe($policy = array())
+    {
+        if (isset($policy['enable_ssl']) && $policy['enable_ssl'] === FALSE) {
+            return new CA_Config_Curl(FALSE, FALSE, NULL);
+        }
+        $version = curl_version();
+        if (!in_array('https', $version['protocols'])) {
+            return new CA_Config_Curl(FALSE, FALSE, NULL);
+        }
+        if (isset($policy['verify_peer']) && $policy['verify_peer'] === FALSE) {
+            return new CA_Config_Curl(TRUE, FALSE, NULL);
+        }
+        if (isset($policy['cafile'])) {
+            if (file_exists($policy['cafile']) && is_readable($policy['cafile'])) {
+                return new CA_Config_Curl(TRUE, TRUE, $policy['cafile']);
+            } else {
+                throw new Exception("Certificate Authority file is missing. Please contact the system administrator. See also: " . $policy['cafile']);
+            }
+        }
+
+        if (!isset($policy['fallback_ttl'])) {
+            $policy['fallback_ttl'] = 5 * 364 * 24 * 60 * 60;
+        }
+        if (!isset($policy['fallback_cafile'])) {
+            $policy['fallback_cafile'] = dirname(__FILE__) . '/cacert.pem';
+        }
+        // can't directly detect if system has CA pre-configured; use heuristic based on OS
+        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
+            // PHP probably doesn't have a default cafile
+            if (empty($policy['fallback_cafile']) || !file_exists($policy['fallback_cafile'])) {
+                throw new Exception("Certificate Authority file is required on Windows. Please contact the system administrator.");
+            } elseif (time() > filemtime($policy['fallback_cafile']) + $policy['fallback_ttl']) {
+                throw new Exception("Certificate Authority file is too old. Please contact the system administrator. See also: " . $policy['fallback_cafile']);
+            } else {
+                return new CA_Config_Curl(TRUE, TRUE, $policy['fallback_cafile']);
+            }
+        } else {
+            // Most PHP builds include a built-in reference to a CA list
+            return new CA_Config_Curl(TRUE, TRUE, NULL);
+        }
+    }
+
+    public function __construct($enableSSL, $verifyPeer, $caFile)
+    {
+        $this->enableSSL = $enableSSL;
+        $this->verifyPeer = $verifyPeer;
+        $this->caFile = $caFile;
+    }
+
+    /**
+     * Whether SSL is supported at all
+     *
+     * @return bool
+     */
+    public function isEnableSSL()
+    {
+        return $this->enableSSL;
+    }
+
+    /**
+     * Whether server certifiates should be verified
+     *
+     * @return bool
+     */
+    public function isVerifyPeer()
+    {
+        return $this->verifyPeer;
+    }
+
+    /**
+     * Path to a CA file (if available/applicable)
+     *
+     * @return string
+     */
+    public function getCaFile()
+    {
+        return $this->caFile;
+    }
+
+    /**
+     * Format the CA config in a manner appropriate to curl_setopt_array()
+     *
+     * @return array
+     */
+    public function toCurlOptions()
+    {
+        $options = array();
+        $options[CURLOPT_SSL_VERIFYPEER] = $this->verifyPeer;
+        $options[CURLOPT_SSL_VERIFYHOST] = $this->verifyPeer ? 2 : 0;
+        if ($this->caFile) {
+            $options[CURLOPT_CAINFO] = $this->caFile;
+        } // else: system default
+        return $options;
+    }
+}

sites/all/modules/civicrm/vendor/totten/ca-config/src/CA/Config/Stream.php

@@ -0,0 +1,140 @@
+<?php
+
+/**
+ * Auto-detect list of certificate-authorities for use by HTTPS clients.
+ *
+ * This is designed to provide sane defaults for typical one-way
+ * authentication.
+ *
+ * @code
+ * $caConfig = CA_Config_Stream::singleton();
+ * if ($caConfig->isEnableSSL()) {
+ *   $context = stream_context_create(array(
+ *     'ssl' => $caConfig->toStreamOptions(),
+ *   ));
+ *   $data = file_get_contents('https://example.com/', 0, $context);
+ * } else {
+ *   printf("This system does not support SSL.");
+ * }
+ * @endcode
+ */
+class CA_Config_Stream
+{
+    static private $_singleton;
+
+    /**
+     * Provide a singleton instance to simplify integration. If you prefer
+     * to manage the lifecycle of the config object, then consider using
+     * "probe()" or "new" instead.
+     *
+     * @return CA_Config_Stream
+     */
+    static public function singleton()
+    {
+        if (! self::$_singleton) {
+            global $CA_CONFIG;
+            self::$_singleton = self::probe($CA_CONFIG ? $CA_CONFIG : array());
+        }
+        return self::$_singleton;
+    }
+
+    /**
+     * Factory fuction which produces a configuration based on a policy and based
+     * on local system resources.
+     *
+     * @param $policy array:
+     *  - enable_ssl: bool; default: TRUE
+     *  - verify_peer: bool; default: TRUE
+     *  - cafile: string, path to aggregated PEM; overrides any system defaults
+     *  - fallback_cafile: string, path to aggregated PEM; used on systems which lack default; set FALSE to disable
+     *  - fallback_ttl: int, seconds, the max age of the fallback cafile before it's regarded as stale; default: 5 years
+     * @return CA_Config_Stream
+     */
+    static public function probe($policy = array())
+    {
+        if (isset($policy['enable_ssl']) && $policy['enable_ssl'] === FALSE) {
+            return new CA_Config_Stream(FALSE, FALSE, NULL);
+        }
+        $sw = stream_get_wrappers();
+        if (!extension_loaded('openssl') || !in_array('https', $sw)) {
+            return new CA_Config_Stream(FALSE, FALSE, NULL);
+        }
+        if (isset($policy['verify_peer']) && $policy['verify_peer'] === FALSE) {
+            return new CA_Config_Stream(TRUE, FALSE, NULL);
+        }
+        if (isset($policy['cafile'])) {
+            if (file_exists($policy['cafile']) && is_readable($policy['cafile'])) {
+                return new CA_Config_Stream(TRUE, TRUE, $policy['cafile']);
+            } else {
+                throw new Exception("Certificate Authority file is missing. Please contact the system administrator. See also: " . $policy['cafile']);
+            }
+        }
+
+        if (!isset($policy['fallback_ttl'])) {
+            $policy['fallback_ttl'] = 5 * 364 * 24 * 60 * 60;
+        }
+        if (!isset($policy['fallback_cafile'])) {
+            $policy['fallback_cafile'] = dirname(__FILE__) . '/cacert.pem';
+        }
+
+        if (empty($policy['fallback_cafile']) || !file_exists($policy['fallback_cafile'])) {
+            throw new Exception("Certificate Authority file is required for SSL. Please contact the system administrator.");
+        } elseif (time() > filemtime($policy['fallback_cafile']) + $policy['fallback_ttl']) {
+            throw new Exception("Certificate Authority file is too old. Please contact the system administrator. See also: " . $policy['fallback_cafile']);
+        } else {
+            return new CA_Config_Stream(TRUE, TRUE, $policy['fallback_cafile']);
+        }
+    }
+
+    public function __construct($enableSSL, $verifyPeer, $caFile)
+    {
+        $this->enableSSL = $enableSSL;
+        $this->verifyPeer = $verifyPeer;
+        $this->caFile = $caFile;
+    }
+
+    /**
+     * Whether SSL is supported at all
+     *
+     * @return bool
+     */
+    public function isEnableSSL()
+    {
+        return $this->enableSSL;
+    }
+
+    /**
+     * Whether server certifiates should be verified
+     *
+     * @return bool
+     */
+    public function isVerifyPeer()
+    {
+        return $this->verifyPeer;
+    }
+
+    /**
+     * Path to a CA file (if available/applicable)
+     *
+     * @return string
+     */
+    public function getCaFile()
+    {
+        return $this->caFile;
+    }
+
+    /**
+     * Format the CA config in a manner appropriate to file_get_contents('https://')
+     *
+     * @return array
+     */
+    public function toStreamOptions()
+    {
+        $options = array();
+        $options['verify_peer'] = $this->verifyPeer;
+        if ($this->caFile) {
+            $options['cafile'] = $this->caFile;
+        } // else: system default
+        return $options;
+    }
+}