aboutsummaryrefslogtreecommitdiff
path: root/src/SemanticScuttle/Service/User/SslClientCert.php
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2011-05-09 07:52:44 +0200
committerChristian Weiske <cweiske@cweiske.de>2011-05-09 07:52:44 +0200
commit6447ca718686ea240532c2c56c4a23091c25a006 (patch)
tree6b7727a44a976e2d62df70f35268d3ceca8c89c5 /src/SemanticScuttle/Service/User/SslClientCert.php
parentc7ec370b4712a3d2782c310d486e0d749eed2e0d (diff)
downloadsemanticscuttle-6447ca718686ea240532c2c56c4a23091c25a006.tar.gz
semanticscuttle-6447ca718686ea240532c2c56c4a23091c25a006.tar.bz2
move ssl client cert handling into separate service class
Diffstat (limited to 'src/SemanticScuttle/Service/User/SslClientCert.php')
-rw-r--r--src/SemanticScuttle/Service/User/SslClientCert.php161
1 files changed, 161 insertions, 0 deletions
diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php
new file mode 100644
index 0000000..7b0c1eb
--- /dev/null
+++ b/src/SemanticScuttle/Service/User/SslClientCert.php
@@ -0,0 +1,161 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license AGPL http://www.gnu.org/licenses/agpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * SemanticScuttle SSL client certificate management service
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license AGPL http://www.gnu.org/licenses/agpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbService
+{
+ /**
+ * Creates a new instance, sets database variable and table name.
+ *
+ * @param sql_db $db Database object
+ */
+ protected function __construct($db)
+ {
+ $this->db = $db;
+ $this->tablename = $GLOBALS['tableprefix'] .'users_sslclientcerts';
+ }
+
+ /**
+ * Returns the single service instance
+ *
+ * @param sql_db $db Database object
+ *
+ * @return SemanticScuttle_Service_User
+ */
+ public static function getInstance($db)
+ {
+ static $instance;
+ if (!isset($instance)) {
+ $instance = new self($db);
+ }
+ return $instance;
+ }
+
+ /**
+ * Determines if the browser provided a valid SSL client certificate
+ *
+ * @return boolean True if the client cert is there and is valid
+ */
+ public function hasValidCert()
+ {
+ if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ || !isset($_SERVER['SSL_CLIENT_V_END'])
+ || !isset($_SERVER['SSL_CLIENT_VERIFY'])
+ || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
+ || !isset($_SERVER['SSL_CLIENT_I_DN'])
+ ) {
+ return false;
+ }
+
+ if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
+ return false;
+ }
+
+ return true;
+ }
+
+
+
+ /**
+ * Registers the currently available SSL client certificate
+ * with the given user. As a result, the user will be able to login
+ * using the certifiate
+ *
+ * @param integer $uId User ID to attach the client cert to.
+ *
+ * @return boolean True if registration was well, false if not.
+ */
+ public function registerCurrentCertificate($uId)
+ {
+ //FIXME
+ }
+
+
+ /**
+ * Takes values from the currently available SSL client certificate
+ * and adds the available profile data to the user.
+ *
+ * @param integer $uId User ID to attach the client cert to.
+ *
+ * @return array Array of profile data that were registered.
+ * Database column name as key, new value as value
+ */
+ public function updateProfileFromCurentCert($uId)
+ {
+ $arData = array();
+
+ if (isset($_SERVER['SSL_CLIENT_S_DN_CN'])
+ && trim($_SERVER['SSL_CLIENT_S_DN_CN']) != ''
+ ) {
+ $arData['name'] = trim($_SERVER['SSL_CLIENT_S_DN_CN']);
+ }
+
+ if (count($arData)) {
+ foreach ($arData as $column => $value) {
+ $userservice->_updateuser($uId, $column, $value);
+ }
+ }
+ return $arData;
+ }
+
+
+
+ /**
+ * Tries to detect the user ID from the SSL client certificate passed
+ * to the web server.
+ *
+ * @return mixed Integer user ID if the certificate is valid and
+ * assigned to a user, boolean false otherwise
+ */
+ public function getUserIdFromCert()
+ {
+ if (!$this->hasValidCert()) {
+ return false;
+ }
+
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+
+ $query = 'SELECT uId'
+ . ' FROM ' . $this->getTableName()
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
+ . ' AND sslClientIssuerDn = \''
+ . $this->db->sql_escape($clientIssuerDn)
+ . '\'';
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not load user for client certificate',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ $row = $this->db->sql_fetchrow($dbresult);
+ $this->db->sql_freeresult($dbresult);
+
+ if (!$row) {
+ return false;
+ }
+ return (int)$row['uId'];
+ }
+
+}
+?> \ No newline at end of file