ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
ExpiryWarning.php
Go to the documentation of this file.
1<?php
2
17class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_ProcessingFilter
18{
19
20 private $warndaysbefore = 30;
21 private $renewurl = null;
22
29 public function __construct($config, $reserved)
30 {
31 parent::__construct($config, $reserved);
32
33 assert('is_array($config)');
34
35 if (array_key_exists('warndaysbefore', $config)) {
36 $this->warndaysbefore = $config['warndaysbefore'];
37 if (!is_string($this->warndaysbefore)) {
38 throw new Exception('Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.');
39 }
40 }
41
42 if (array_key_exists('renewurl', $config)) {
43 $this->renewurl = $config['renewurl'];
44 if (!is_string($this->renewurl)) {
45 throw new Exception('Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.');
46 }
47 }
48 }
49
58 public function process(&$state)
59 {
60 assert('is_array($state)');
61
62 if (isset($state['isPassive']) && $state['isPassive'] === true) {
63 // We have a passive request. Skip the warning
64 return;
65 }
66
67 if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
68 ($_SERVER['SSL_CLIENT_CERT'] == '')) {
69 return;
70 }
71
72 $client_cert = $_SERVER['SSL_CLIENT_CERT'];
73 $client_cert_data = openssl_x509_parse($client_cert);
74 if ($client_cert_data == false) {
75 SimpleSAML\Logger::error('authX509: invalid cert');
76 return;
77 }
78 $validTo = $client_cert_data['validTo_time_t'];
79 $now = time();
80 $daysleft = (int)(($validTo - $now) / (24*60*60));
81 if ($daysleft > $this->warndaysbefore) {
82 // We have a certificate that will be valid for some time. Skip the warning
83 return;
84 }
85
86 SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
87 $state['daysleft'] = $daysleft;
88 $state['renewurl'] = $this->renewurl;
89
90 /* Save state and redirect. */
91 $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
92 $url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php');
93 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
94 }
95
96}
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML\Logger\error
static error($string)
Definition: Logger.php:168
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:21
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
sspmod_authX509_Auth_Process_ExpiryWarning
Definition: ExpiryWarning.php:18
sspmod_authX509_Auth_Process_ExpiryWarning\$renewurl
$renewurl
Definition: ExpiryWarning.php:21
sspmod_authX509_Auth_Process_ExpiryWarning\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: ExpiryWarning.php:29
sspmod_authX509_Auth_Process_ExpiryWarning\process
process(&$state)
Process an authentication response.
Definition: ExpiryWarning.php:58
sspmod_authX509_Auth_Process_ExpiryWarning\$warndaysbefore
$warndaysbefore
Definition: ExpiryWarning.php:20
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$url
$url
Definition: proxy_ylocal.php:28
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54