summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2011-05-10 15:23:58 +0200
committerChristian Weiske <cweiske@cweiske.de>2011-05-10 15:23:58 +0200
commitc13689813e71413f3c98664568c47c167c00580a (patch)
tree1dc202379157c1c5926d251b13a148238db249fc
parent967ba79ece58dd0164accbf46078964c58fec230 (diff)
downloadsemanticscuttle-c13689813e71413f3c98664568c47c167c00580a.tar.gz
semanticscuttle-c13689813e71413f3c98664568c47c167c00580a.tar.bz2
prepare user interface to register and delete client certificates on the profile page
-rw-r--r--data/templates/editprofile-sslclientcerts.tpl.php18
-rw-r--r--src/SemanticScuttle/Model/User/SslClientCert.php78
-rw-r--r--src/SemanticScuttle/Service/User/SslClientCert.php38
-rw-r--r--www/profile.php15
4 files changed, 142 insertions, 7 deletions
diff --git a/data/templates/editprofile-sslclientcerts.tpl.php b/data/templates/editprofile-sslclientcerts.tpl.php
index e6fc5c3..c43def4 100644
--- a/data/templates/editprofile-sslclientcerts.tpl.php
+++ b/data/templates/editprofile-sslclientcerts.tpl.php
@@ -3,6 +3,7 @@
<table>
<thead>
<tr>
+ <th>Options</th>
<th><?php echo T_('Serial'); ?></th>
<th><?php echo T_('Name'); ?></th>
<th><?php echo T_('Email'); ?></th>
@@ -11,7 +12,8 @@
</thead>
<tbody>
<?php foreach($sslClientCerts as $cert) { ?>
- <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
+ <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
+ <td><a href="#FIXME">delete</a></td>
<td><?php echo htmlspecialchars($cert->sslSerial); ?></td>
<td><?php echo htmlspecialchars($cert->sslName); ?></td>
<td><?php echo htmlspecialchars($cert->sslEmail); ?></td>
@@ -23,3 +25,17 @@
<?php } else { ?>
<p><?php echo T_('No certificates registered'); ?></p>
<?php } ?>
+
+<?php if ($currentCert) { ?>
+ <?php if ($currentCert->isRegistered($sslClientCerts)) { ?>
+ <p><?php echo T_('Your current certificate is already registered with your account.'); ?></p>
+ <?php } else { ?>
+ <p>
+ <a href="#FIXME">
+ <?php echo T_('Register current certificate to automatically login.'); ?>
+ </a>
+ </p>
+ <?php } ?>
+<?php } else { ?>
+ <p><?php echo T_('Your browser does not provide a certificate.'); ?></p>
+<?php } ?>
diff --git a/src/SemanticScuttle/Model/User/SslClientCert.php b/src/SemanticScuttle/Model/User/SslClientCert.php
index ab7b288..383b601 100644
--- a/src/SemanticScuttle/Model/User/SslClientCert.php
+++ b/src/SemanticScuttle/Model/User/SslClientCert.php
@@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert
public $sslName;
public $sslEmail;
+
+
/**
* Creates and returns a new object and fills it with
- * tha passed values from the database.
+ * the passed values from the database.
*
* @param array $arCertRow Database row array
*
@@ -51,6 +53,29 @@ class SemanticScuttle_Model_User_SslClientCert
/**
+ * Loads the user's/browser's client certificate information into
+ * an object and returns it.
+ * Expects that all information is available.
+ * Better check with
+ * SemanticScuttle_Service_User_SslClientCert::hasValidCert() before.
+ *
+ * @return SemanticScuttle_Model_User_SslClientCert
+ *
+ * @see SemanticScuttle_Service_User_SslClientCert::hasValidCert()
+ */
+ public static function fromCurrentCert()
+ {
+ $cert = new self();
+ $cert->sslSerial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+ $cert->sslName = $_SERVER['SSL_CLIENT_S_DN_CN'];
+ $cert->sslEmail = $_SERVER['SSL_CLIENT_S_DN_Email'];
+ return $cert;
+ }
+
+
+
+ /**
* Tells you if this certificate is the one the user is currently browsing
* with.
*
@@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert
&& $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN'];
}
+
+
+ /**
+ * Checks if this certificate is registered (exists) in the certificate
+ * array
+ *
+ * @param array $arCertificates Array of certificate objects
+ *
+ * @return boolean True or false
+ */
+ public function isRegistered($arCertificates)
+ {
+ foreach ($arCertificates as $cert) {
+ if ($cert->equals($this)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+
+
+ /**
+ * Deletes this certificate from database
+ *
+ * @return boolean True if all went well, false if not
+ */
+ public function delete()
+ {
+ $ok = SemanticScuttle_Service_Factory::get('User_SslClientCert')
+ ->delete($this);
+ if ($ok) {
+ $this->id = null;
+ }
+ return $ok;
+ }
+
+
+
+ /**
+ * Compares this certificate with the given one.
+ *
+ * @param SemanticScuttle_Service_Factory $cert Another user certificate
+ *
+ * @return boolean True if both match.
+ */
+ public function equals(SemanticScuttle_Model_User_SslClientCert $cert)
+ {
+ return $this->sslSerial == $cert->sslSerial
+ && $this->sslClientIssuerDn == $cert->sslClientIssuerDn;
+ }
}
?> \ No newline at end of file
diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php
index 3c69788..b6545df 100644
--- a/src/SemanticScuttle/Service/User/SslClientCert.php
+++ b/src/SemanticScuttle/Service/User/SslClientCert.php
@@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
$this->db->sql_freeresult($dbresult);
return $certs;
}
+
+
+
+ /**
+ * Deletes a SSL client certificate.
+ * No security checks are made here.
+ *
+ * @param mixed $cert Certificate object or certificate database id.
+ * Objects are of type
+ * SemanticScuttle_Model_User_SslClientCert
+ *
+ * @return boolean True if all went well, false if it could not be deleted
+ */
+ public function delete($cert)
+ {
+ if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) {
+ $id = (int)$cert->id;
+ } else {
+ $id = (int)$cert;
+ }
+
+ if ($id === 0) {
+ return false;
+ }
+
+ $query = 'DELETE FROM ' . $this->getTableName()
+ .' WHERE uId = ' . $id;
+
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not delete user certificate',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ return true;
+ }
}
?> \ No newline at end of file
diff --git a/www/profile.php b/www/profile.php
index 446c089..5ffc959 100644
--- a/www/profile.php
+++ b/www/profile.php
@@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
$_SESSION['token_stamp'] = time();
$templatename = 'editprofile.tpl.php';
- $tplVars['formaction'] = createURL('profile', $user);
- $tplVars['token'] = $_SESSION['token'];
- $tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get(
- 'User_SslClientCert'
- )->getUserCerts($currentUser->getId());
+
+ $tplVars['formaction'] = createURL('profile', $user);
+ $tplVars['token'] = $_SESSION['token'];
+
+ $scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
+ $tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
+ $tplVars['currentCert'] = null;
+ if ($scert->hasValidCert()) {
+ $tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
+ }
}
$tplVars['objectUser'] = $userinfo;