From e2fdaffb74baca5963e101ca4a66d1674c78392b Mon Sep 17 00:00:00 2001
From: Matt Butcher <technosophos@gmail.com>
Date: Fri, 4 May 2012 17:58:28 -0500
Subject: [PATCH] SSL CDN is configurable with Stream Wrappers now.

---
 src/HPCloud/Storage/ObjectStorage/Container.php    | 14 +++++++++++---
 .../Storage/ObjectStorage/StreamWrapper.php        |  9 ++++++++-
 test/CDNTest.php                                   | 12 ++++++++++++
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/HPCloud/Storage/ObjectStorage/Container.php b/src/HPCloud/Storage/ObjectStorage/Container.php
index 6e6c9cd..ead371b 100644
--- a/src/HPCloud/Storage/ObjectStorage/Container.php
+++ b/src/HPCloud/Storage/ObjectStorage/Container.php
@@ -336,6 +336,8 @@ class Container implements \Countable, \IteratorAggregate {
    *
    * @param string $url
    *   The URL to the CDN for this container.
+   * @param string $sslUrl
+   *   The SSL URL to the CDN for this container.
    */
   public function useCDN($url, $sslUrl) {
     $this->cdnUrl = $url;
@@ -683,10 +685,14 @@ class Container implements \Countable, \IteratorAggregate {
    *
    * @param string $name
    *   The name of the object to load.
+   * @param boolean $requireSSL
+   *   If this is TRUE (the default), then SSL will always be
+   *   used. If this is FALSE, then CDN-based fetching will
+   *   use non-SSL, which is faster.
    * @retval \HPCloud\Storage\ObjectStorage\RemoteObject
    *   A remote object with the content already stored locally.
    */
-  public function object($name) {
+  public function object($name, $requireSSL = TRUE) {
 
     $url = self::objectUrl($this->url, $name);
     $cdn = self::objectUrl($this->cdnUrl, $name);
@@ -702,7 +708,9 @@ class Container implements \Countable, \IteratorAggregate {
       $response = $client->doRequest($url, 'GET', $headers);
     }
     else {
-      $response = $client->doRequest($cdn, 'GET', $headers);
+      $from = $requireSSL ? $cdnSsl : $cdn;
+      // print "Fetching object from $from\n";
+      $response = $client->doRequest($from, 'GET', $headers);
     }
 
     if ($response->status() != 200) {
@@ -763,7 +771,7 @@ class Container implements \Countable, \IteratorAggregate {
       $response = $client->doRequest($url, 'HEAD', $headers);
     }
     else {
-      $response = $client->doRequest($cdn, 'HEAD', $headers);
+      $response = $client->doRequest($cdnSsl, 'HEAD', $headers);
     }
 
     if ($response->status() != 200) {
diff --git a/src/HPCloud/Storage/ObjectStorage/StreamWrapper.php b/src/HPCloud/Storage/ObjectStorage/StreamWrapper.php
index 85e36f0..b6d5760 100644
--- a/src/HPCloud/Storage/ObjectStorage/StreamWrapper.php
+++ b/src/HPCloud/Storage/ObjectStorage/StreamWrapper.php
@@ -248,6 +248,9 @@ use \HPCloud\Storage\ObjectStorage;
  *     - The container must have CDN enabled
  *     - The CDN container must be active ("cdn-enabled")
  *     - Authentication info must be accessible to the stream wrapper.
+ * - cdn_require_ssl: If this is set to FALSE, then CDN-based requests
+ *     may use plain HTTP instead of HTTPS. This will spead up CDN
+ *     fetches at the cost of security.
  *
  * @attention
  *  ADVANCED: You can also pass an HPCloud::Storage::CDN object in use_cdn instead of
@@ -830,12 +833,13 @@ class StreamWrapper {
     $cdnUrl = $this->store->cdnUrl($containerName, FALSE);
     $cdnSslUrl = $this->store->cdnUrl($containerName, TRUE);
     if (!empty($cdnUrl) && !$this->isWriting && !$this->isAppending) {
+      $requireSSL = (boolean) $this->cxt('cdn_require_ssl', TRUE);
       try {
         $newUrl = $this->store->url() . '/' . $containerName;
         $token = $this->store->token();
         $this->container = new \HPCloud\Storage\ObjectStorage\Container($containerName, $newUrl, $token);
         $this->container->useCDN($cdnUrl, $cdnSslUrl);
-        $this->obj = $this->container->object($objectName);
+        $this->obj = $this->container->object($objectName, $requireSSL);
         $this->objStream = $this->obj->stream();
 
         return TRUE;
@@ -1570,6 +1574,9 @@ class StreamWrapper {
    * When use_cdn is set to TRUE, the wrapper tries to use CDN service.
    * In such cases, we need a handle to the CDN object. This initializes
    * that handle, which can later be used to get other information.
+   *
+   * Also note that CDN's default behavior is to fetch over SSL CDN.
+   * To disable this, set 'cdn_require_ssl' to FALSE.
    */
   protected function initializeCDN($token, $catalog) {
     $cdn = $this->cxt('use_cdn', FALSE);
diff --git a/test/CDNTest.php b/test/CDNTest.php
index b75c7bb..2d7a18c 100755
--- a/test/CDNTest.php
+++ b/test/CDNTest.php
@@ -115,10 +115,22 @@ $cxt = stream_context_create(array(
     'use_cdn' => TRUE,
   ),
 ));
+$cxt2 = stream_context_create(array(
+  'swift' => array(
+    //'token' => $token,
+    'tenantid' => $ini['hpcloud.identity.tenantId'],
+    'account' => $ini['hpcloud.identity.account'],
+    'key' => $ini['hpcloud.identity.secret'],
+    'endpoint' => $ini['hpcloud.identity.url'],
+    'use_cdn' => TRUE,
+    'cdn_require_ssl' => FALSE,
+  ),
+));
 
 print "***** TESTING RETURNED DATA" . PHP_EOL;
 $res = array(
   'internal'       => file_get_contents('swift://' . TEST_CONTAINER . '/CDNTest.txt', FALSE, $cxt),
+  'internalNoSSL'  => file_get_contents('swift://' . TEST_CONTAINER . '/CDNTest.txt', FALSE, $cxt2),
   'external'       => file_get_contents($copy->url()),
   'externalSslCdn' => file_get_contents($copy->url(TRUE)),
   'externalCdn'    => file_get_contents($copy->url(TRUE, FALSE)),