diff options
Diffstat (limited to 'src/SemanticScuttle/Service/User/SslClientCert.php')
| -rw-r--r-- | src/SemanticScuttle/Service/User/SslClientCert.php | 283 |
1 files changed, 283 insertions, 0 deletions
diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php new file mode 100644 index 0000000..a6d43be --- /dev/null +++ b/src/SemanticScuttle/Service/User/SslClientCert.php @@ -0,0 +1,283 @@ +<?php +/** + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * SemanticScuttle SSL client certificate management service + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbService +{ + /** + * Creates a new instance, sets database variable and table name. + * + * @param sql_db $db Database object + */ + protected function __construct($db) + { + $this->db = $db; + $this->tablename = $GLOBALS['tableprefix'] .'users_sslclientcerts'; + } + + /** + * Returns the single service instance + * + * @param sql_db $db Database object + * + * @return SemanticScuttle_Service_User + */ + public static function getInstance($db) + { + static $instance; + if (!isset($instance)) { + $instance = new self($db); + } + return $instance; + } + + /** + * Determines if the browser provided a valid SSL client certificate + * + * @return boolean True if the client cert is there and is valid + */ + public function hasValidCert() + { + if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) + || !isset($_SERVER['SSL_CLIENT_V_END']) + || !isset($_SERVER['SSL_CLIENT_VERIFY']) + || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS' + || !isset($_SERVER['SSL_CLIENT_I_DN']) + ) { + return false; + } + + if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { + return false; + } + + return true; + } + + + + /** + * Registers the currently available SSL client certificate + * with the given user. As a result, the user will be able to login + * using the certifiate + * + * @param integer $uId User ID to attach the client cert to. + * + * @return boolean True if registration was well, false if not. + */ + public function registerCurrentCertificate($uId) + { + $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; + + $query = 'INSERT INTO ' . $this->getTableName() + . ' '. $this->db->sql_build_array( + 'INSERT', array( + 'uId' => $uId, + 'sslSerial' => $serial, + 'sslClientIssuerDn' => $clientIssuerDn, + 'sslName' => $_SERVER['SSL_CLIENT_S_DN_CN'], + 'sslEmail' => $_SERVER['SSL_CLIENT_S_DN_Email'] + ) + ); + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load user for client certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + return true; + } + + + + /** + * Takes values from the currently available SSL client certificate + * and adds the available profile data to the user. + * + * @param integer $uId User ID to attach the client cert to. + * + * @return array Array of profile data that were registered. + * Database column name as key, new value as value + */ + public function updateProfileFromCurentCert($uId) + { + $arData = array(); + + if (isset($_SERVER['SSL_CLIENT_S_DN_CN']) + && trim($_SERVER['SSL_CLIENT_S_DN_CN']) != '' + ) { + $arData['name'] = trim($_SERVER['SSL_CLIENT_S_DN_CN']); + } + + if (count($arData)) { + $us = SemanticScuttle_Service_Factory::get('User'); + foreach ($arData as $column => $value) { + $us->_updateuser($uId, $column, $value); + } + } + return $arData; + } + + + + /** + * Tries to detect the user ID from the SSL client certificate passed + * to the web server. + * + * @return mixed Integer user ID if the certificate is valid and + * assigned to a user, boolean false otherwise + */ + public function getUserIdFromCert() + { + if (!$this->hasValidCert()) { + return false; + } + + $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; + + $query = 'SELECT uId' + . ' FROM ' . $this->getTableName() + . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'' + . ' AND sslClientIssuerDn = \'' + . $this->db->sql_escape($clientIssuerDn) + . '\''; + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load user for client certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if (!$row) { + return false; + } + return (int)$row['uId']; + } + + + + /** + * Fetches the certificate with the given ID from database. + * + * @param integer $id Certificate ID in database + * + * @return SemanticScuttle_Model_User_SslClientCert Certificate object + * or null if not found + */ + public function getCert($id) + { + $query = 'SELECT * FROM ' . $this->getTableName() + . ' WHERE id = ' . (int)$id; + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load SSL client certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return null; + } + + if ($row = $this->db->sql_fetchrow($dbresult)) { + $cert = SemanticScuttle_Model_User_SslClientCert::fromDb($row); + } else { + $cert = null; + } + $this->db->sql_freeresult($dbresult); + return $cert; + } + + + + /** + * Fetches all registered certificates for the user from the database + * and returns it. + * + * @return array Array with all certificates for the user. Empty if + * there are none, SemanticScuttle_Model_User_SslClientCert + * objects otherwise. + */ + public function getUserCerts($uId) + { + $query = 'SELECT * FROM ' . $this->getTableName() + . ' WHERE uId = ' . (int)$uId + . ' ORDER BY sslSerial DESC'; + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load SSL client certificates', + '', __LINE__, __FILE__, $query, $this->db + ); + return array(); + } + + $certs = array(); + while ($row = $this->db->sql_fetchrow($dbresult)) { + $certs[] = SemanticScuttle_Model_User_SslClientCert::fromDb($row); + } + $this->db->sql_freeresult($dbresult); + return $certs; + } + + + + /** + * Deletes a SSL client certificate. + * No security checks are made here. + * + * @param mixed $cert Certificate object or certificate database id. + * Objects are of type + * SemanticScuttle_Model_User_SslClientCert + * + * @return boolean True if all went well, false if it could not be deleted + */ + public function delete($cert) + { + if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) { + $id = (int)$cert->id; + } else { + $id = (int)$cert; + } + + if ($id === 0) { + return false; + } + + $query = 'DELETE FROM ' . $this->getTableName() + .' WHERE id = ' . $id; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not delete user certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + return true; + } +} +?>
\ No newline at end of file |