Remove the sslCertificateAuthority parameter and its usage; update th…

…e readme for the other parameter.

README.md

@@ -44,6 +44,12 @@ Use the voucher-type requests when you're treating the vouchers as vouchers; use
 For general Omnipay usage instructions, please see the main [Omnipay](https://github.com/omnipay/omnipay)
 repository.
 
+### UK SSL Verification
+
+The CA bundle that comes with the HTTP Client in this driver is very old, and is not aware of the certificate that Tesco's UK API uses.
+You therefore have to supply an alternative CA bundle, via the `sslVerification` parameter.
+You can pass in `false`, which basically switches off verification but this is obviously **insecure**, so do not do it, except maybe while testing.
+
 ## Support
 
 If you are having general issues with Omnipay, we suggest posting on

src/Messages/Uk/Common/AbstractUkApiRequest.php

@@ -4,8 +4,6 @@
 
 use DigiTickets\TescoClubcard\Messages\AbstractMessage;
 use DigiTickets\TescoClubcard\Messages\Common\AbstractApiRequest;
-use SoapClient;
-use SoapVar;
 
 abstract class AbstractUkApiRequest extends AbstractApiRequest
 {
@@ -59,16 +57,17 @@ public function sendData($data)
             'Authorization' => sprintf('appKeyToken=%s&appKey=%s', $this->getAppKeyToken(), $this->getAppKey()),
         );
         try {
-            // @TODO: All this is experimental...
+            // Allow the SSL verification to be overridden. Do NOT supply "false" as the parameter value, except when
+            // you're testing this, because it is insecure.
             $sslVerification = $this->getGateway()->getSslVerification();
             if ($sslVerification) {
-                $sslVerification = ($sslVerification === 'true' ? true : ($sslVerification === 'false' ? false : $sslVerification));
+                $sslVerification = (
+                    $sslVerification === 'true' ? true : (
+                        $sslVerification === 'false' ? false : $sslVerification
+                    )
+                );
                 $this->httpClient->setSslVerification($sslVerification);
             }
-            $sslCertificateAuthority = $this->getGateway()->getSslCertificateAuthority();
-            if ($sslCertificateAuthority) {
-                $this->httpClient->getConfig()->set('ssl.certificate_authority', $sslCertificateAuthority);
-            }
 
             $httpResponse = $this->httpClient->post($this->getUrl(), $headers, $data)->send()->getBody();
             $httpResponse = json_decode($httpResponse); // Decodes to stdClass.

src/UkGateway.php

@@ -15,24 +15,6 @@
 
 class UkGateway extends AbstractTescoClubcardGateway
 {
-    // @TODO: These setters and getters are temporary for now...
-    public function setSslVerification($value)
-    {
-        $this->setParameter('sslVerification', $value);
-    }
-    public function getSslVerification()
-    {
-        return $this->getParameter('sslVerification');
-    }
-    public function setSslCertificateAuthority($value)
-    {
-        $this->setParameter('sslCertificateAuthority', $value);
-    }
-    public function getSslCertificateAuthority()
-    {
-        return $this->getParameter('sslCertificateAuthority');
-    }
-
     public function getName()
     {
         return 'Tesco Clubcard Rewards';
@@ -99,4 +81,20 @@ public function getAuthKey()
     {
         return 'appKeyToken='.$this->getAppKeyToken().'&appKey='.$this->getAppKey();
     }
+
+    /**
+     * Because the http client is very old, it does not have the CA for Tesco's current certificate, so you have to pass
+     * in the path of an alternative CA bundle.
+     *
+     * @param $value
+     */
+    public function setSslVerification($value)
+    {
+        $this->setParameter('sslVerification', $value);
+    }
+
+    public function getSslVerification()
+    {
+        return $this->getParameter('sslVerification');
+    }
 }