<?php /** * SemanticScuttle - your social bookmark manager. * * PHP version 5. * * @category Bookmarking * @package SemanticScuttle * @author Christian Weiske <cweiske@cweiske.de> * @license AGPL http://www.gnu.org/licenses/agpl.html * @link http://sourceforge.net/projects/semanticscuttle */ /** * SemanticScuttle SSL client certificate management service * * @category Bookmarking * @package SemanticScuttle * @author Christian Weiske <cweiske@cweiske.de> * @license AGPL http://www.gnu.org/licenses/agpl.html * @link http://sourceforge.net/projects/semanticscuttle */ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbService { /** * Creates a new instance, sets database variable and table name. * * @param sql_db $db Database object */ protected function __construct($db) { $this->db = $db; $this->tablename = $GLOBALS['tableprefix'] .'users_sslclientcerts'; } /** * Returns the single service instance * * @param sql_db $db Database object * * @return SemanticScuttle_Service_User */ public static function getInstance($db) { static $instance; if (!isset($instance)) { $instance = new self($db); } return $instance; } /** * Determines if the browser provided a valid SSL client certificate * * @return boolean True if the client cert is there and is valid */ public function hasValidCert() { if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) || !isset($_SERVER['SSL_CLIENT_V_END']) || !isset($_SERVER['SSL_CLIENT_VERIFY']) || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS' || !isset($_SERVER['SSL_CLIENT_I_DN']) ) { return false; } if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { return false; } return true; } /** * Registers the currently available SSL client certificate * with the given user. As a result, the user will be able to login * using the certifiate * * @param integer $uId User ID to attach the client cert to. * * @return boolean True if registration was well, false if not. */ public function registerCurrentCertificate($uId) { $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; $query = 'INSERT INTO ' . $this->getTableName() . ' '. $this->db->sql_build_array( 'INSERT', array( 'uId' => $uId, 'sslSerial' => $serial, 'sslClientIssuerDn' => $clientIssuerDn, 'sslName' => $_SERVER['SSL_CLIENT_S_DN_CN'], 'sslEmail' => $_SERVER['SSL_CLIENT_S_DN_Email'] ) ); if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not load user for client certificate', '', __LINE__, __FILE__, $query, $this->db ); return false; } return true; } /** * Takes values from the currently available SSL client certificate * and adds the available profile data to the user. * * @param integer $uId User ID to attach the client cert to. * * @return array Array of profile data that were registered. * Database column name as key, new value as value */ public function updateProfileFromCurentCert($uId) { $arData = array(); if (isset($_SERVER['SSL_CLIENT_S_DN_CN']) && trim($_SERVER['SSL_CLIENT_S_DN_CN']) != '' ) { $arData['name'] = trim($_SERVER['SSL_CLIENT_S_DN_CN']); } if (count($arData)) { $us = SemanticScuttle_Service_Factory::get('User'); foreach ($arData as $column => $value) { $us->_updateuser($uId, $column, $value); } } return $arData; } /** * Tries to detect the user ID from the SSL client certificate passed * to the web server. * * @return mixed Integer user ID if the certificate is valid and * assigned to a user, boolean false otherwise */ public function getUserIdFromCert() { if (!$this->hasValidCert()) { return false; } $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; $query = 'SELECT uId' . ' FROM ' . $this->getTableName() . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'' . ' AND sslClientIssuerDn = \'' . $this->db->sql_escape($clientIssuerDn) . '\''; if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not load user for client certificate', '', __LINE__, __FILE__, $query, $this->db ); return false; } $row = $this->db->sql_fetchrow($dbresult); $this->db->sql_freeresult($dbresult); if (!$row) { return false; } return (int)$row['uId']; } /** * Fetches the certificate with the given ID from database. * * @param integer $id Certificate ID in database * * @return SemanticScuttle_Model_User_SslClientCert Certificate object * or null if not found */ public function getCert($id) { $query = 'SELECT * FROM ' . $this->getTableName() . ' WHERE id = ' . (int)$id; if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not load SSL client certificate', '', __LINE__, __FILE__, $query, $this->db ); return null; } if ($row = $this->db->sql_fetchrow($dbresult)) { $cert = SemanticScuttle_Model_User_SslClientCert::fromDb($row); } else { $cert = null; } $this->db->sql_freeresult($dbresult); return $cert; } /** * Fetches all registered certificates for the user from the database * and returns it. * * @return array Array with all certificates for the user. Empty if * there are none, SemanticScuttle_Model_User_SslClientCert * objects otherwise. */ public function getUserCerts($uId) { $query = 'SELECT * FROM ' . $this->getTableName() . ' WHERE uId = ' . (int)$uId . ' ORDER BY sslSerial DESC'; if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not load SSL client certificates', '', __LINE__, __FILE__, $query, $this->db ); return array(); } $certs = array(); while ($row = $this->db->sql_fetchrow($dbresult)) { $certs[] = SemanticScuttle_Model_User_SslClientCert::fromDb($row); } $this->db->sql_freeresult($dbresult); return $certs; } /** * Deletes a SSL client certificate. * No security checks are made here. * * @param mixed $cert Certificate object or certificate database id. * Objects are of type * SemanticScuttle_Model_User_SslClientCert * * @return boolean True if all went well, false if it could not be deleted */ public function delete($cert) { if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) { $id = (int)$cert->id; } else { $id = (int)$cert; } if ($id === 0) { return false; } $query = 'DELETE FROM ' . $this->getTableName() .' WHERE id = ' . $id; if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not delete user certificate', '', __LINE__, __FILE__, $query, $this->db ); return false; } return true; } } ?>