|
|
|
@ -32,11 +32,44 @@ class Config implements ConfigInterface |
|
|
|
public const PORT_SSL = 8729; |
|
|
|
|
|
|
|
/** |
|
|
|
* Do not use SSL by default |
|
|
|
* If true then use API in SSL mode |
|
|
|
* |
|
|
|
* @see https://wiki.mikrotik.com/wiki/Manual:API-SSL |
|
|
|
*/ |
|
|
|
public const SSL = false; |
|
|
|
|
|
|
|
/** |
|
|
|
* List of additional options for work with SSL context |
|
|
|
* |
|
|
|
* @see https://www.php.net/manual/en/context.ssl.php |
|
|
|
*/ |
|
|
|
public const SSL_OPTIONS = [ |
|
|
|
/* |
|
|
|
* Sets the list of available ciphers. By default RouterOS available via 'ADH:ALL'. |
|
|
|
* |
|
|
|
* @example 'ADH:ALL' // Alias to ADH:ALL@SECLEVEL=1
|
|
|
|
* 'ADH:ALL@SECLEVEL=0' // Everything is permitted. This retains compatibility with previous versions of OpenSSL.
|
|
|
|
* 'ADH:ALL@SECLEVEL=1' // The security level corresponds to a minimum of 80 bits of security.
|
|
|
|
* 'ADH:ALL@SECLEVEL=2' // Security level set to 112 bits of security.
|
|
|
|
* 'ADH:ALL@SECLEVEL=3' // Security level set to 128 bits of security.
|
|
|
|
* 'ADH:ALL@SECLEVEL=4' // Security level set to 192 bits of security.
|
|
|
|
* 'ADH:ALL@SECLEVEL=5' // Security level set to 256 bits of security.
|
|
|
|
* |
|
|
|
* @link https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html |
|
|
|
*/ |
|
|
|
'ciphers' => 'ADH:ALL', // ADH:ALL, ADH:ALL@SECLEVEL=0, ADH:ALL@SECLEVEL=1 ... ADH:ALL@SECLEVEL=5
|
|
|
|
|
|
|
|
// Require verification of SSL certificate used.
|
|
|
|
'verify_peer' => false, |
|
|
|
|
|
|
|
// Require verification of peer name.
|
|
|
|
'verify_peer_name' => false, |
|
|
|
|
|
|
|
// Allow self-signed certificates. Requires verify_peer.
|
|
|
|
'allow_self_signed' => false, |
|
|
|
]; |
|
|
|
|
|
|
|
/** |
|
|
|
* Max timeout for answer from router |
|
|
|
*/ |
|
|
|
public const TIMEOUT = 10; |
|
|
|
@ -60,16 +93,17 @@ class Config implements ConfigInterface |
|
|
|
* List of allowed parameters of config |
|
|
|
*/ |
|
|
|
public const ALLOWED = [ |
|
|
|
'host' => 'string', // Address of Mikrotik RouterOS
|
|
|
|
'user' => 'string', // Username
|
|
|
|
'pass' => 'string', // Password
|
|
|
|
'port' => 'integer', // RouterOS API port number for access (if not set use default or default with SSL if SSL enabled)
|
|
|
|
'ssl' => 'boolean', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
|
|
|
|
'legacy' => 'boolean', // Support of legacy login scheme (true - pre 6.43, false - post 6.43)
|
|
|
|
'timeout' => 'integer', // Max timeout for answer from RouterOS
|
|
|
|
'attempts' => 'integer', // Count of attempts to establish TCP session
|
|
|
|
'delay' => 'integer', // Delay between attempts in seconds
|
|
|
|
'ssh_port' => 'integer', // Number of SSH port
|
|
|
|
'host' => 'string', // Address of Mikrotik RouterOS
|
|
|
|
'user' => 'string', // Username
|
|
|
|
'pass' => 'string', // Password
|
|
|
|
'port' => 'integer', // RouterOS API port number for access (if not set use default or default with SSL if SSL enabled)
|
|
|
|
'ssl' => 'boolean', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
|
|
|
|
'ssl_options' => 'array', // Enable ssl support (if port is not set this parameter must change default port to ssl port)
|
|
|
|
'legacy' => 'boolean', // Support of legacy login scheme (true - pre 6.43, false - post 6.43)
|
|
|
|
'timeout' => 'integer', // Max timeout for answer from RouterOS
|
|
|
|
'attempts' => 'integer', // Count of attempts to establish TCP session
|
|
|
|
'delay' => 'integer', // Delay between attempts in seconds
|
|
|
|
'ssh_port' => 'integer', // Number of SSH port
|
|
|
|
]; |
|
|
|
|
|
|
|
/** |
|
|
|
@ -78,12 +112,13 @@ class Config implements ConfigInterface |
|
|
|
* @var array |
|
|
|
*/ |
|
|
|
private $_parameters = [ |
|
|
|
'legacy' => self::LEGACY, |
|
|
|
'ssl' => self::SSL, |
|
|
|
'timeout' => self::TIMEOUT, |
|
|
|
'attempts' => self::ATTEMPTS, |
|
|
|
'delay' => self::ATTEMPTS_DELAY, |
|
|
|
'ssh_port' => self::SSH_PORT, |
|
|
|
'legacy' => self::LEGACY, |
|
|
|
'ssl' => self::SSL, |
|
|
|
'ssl_options' => self::SSL_OPTIONS, |
|
|
|
'timeout' => self::TIMEOUT, |
|
|
|
'attempts' => self::ATTEMPTS, |
|
|
|
'delay' => self::ATTEMPTS_DELAY, |
|
|
|
'ssh_port' => self::SSH_PORT, |
|
|
|
]; |
|
|
|
|
|
|
|
/** |
|
|
|
@ -102,7 +137,7 @@ class Config implements ConfigInterface |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @inheritDoc |
|
|
|
* {@inheritdoc} |
|
|
|
* |
|
|
|
* @throws \RouterOS\Exceptions\ConfigException when name of configuration key is invalid or not allowed |
|
|
|
*/ |
|
|
|
@ -134,17 +169,18 @@ class Config implements ConfigInterface |
|
|
|
private function getPort(string $parameter) |
|
|
|
{ |
|
|
|
// If client need port number and port is not set
|
|
|
|
if ($parameter === 'port' && (!isset($this->_parameters['port']) || null === $this->_parameters['port'])) { |
|
|
|
if ('port' === $parameter && (!isset($this->_parameters['port']) || null === $this->_parameters['port'])) { |
|
|
|
// then use default with or without ssl encryption
|
|
|
|
return (isset($this->_parameters['ssl']) && $this->_parameters['ssl']) |
|
|
|
? self::PORT_SSL |
|
|
|
: self::PORT; |
|
|
|
} |
|
|
|
|
|
|
|
return null; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @inheritDoc |
|
|
|
* {@inheritdoc} |
|
|
|
* |
|
|
|
* @throws \RouterOS\Exceptions\ConfigException when parameter is not allowed |
|
|
|
*/ |
|
|
|
@ -162,7 +198,7 @@ class Config implements ConfigInterface |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @inheritDoc |
|
|
|
* {@inheritdoc} |
|
|
|
* |
|
|
|
* @throws \RouterOS\Exceptions\ConfigException when parameter is not allowed |
|
|
|
*/ |
|
|
|
@ -177,7 +213,7 @@ class Config implements ConfigInterface |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* @inheritDoc |
|
|
|
* {@inheritdoc} |
|
|
|
*/ |
|
|
|
public function getParameters(): array |
|
|
|
{ |
|
|
|
|
Paul Rock
6 years ago