40        assert(
'is_array($info)');
 
   41        assert(
'is_array($config)');
 
   43        if (isset(
$config[
'authX509:x509attributes'])) {
 
   44            $this->x509attributes = 
$config[
'authX509:x509attributes'];
 
   47        if (array_key_exists(
'authX509:ldapusercert', 
$config)) {
 
   48            $this->ldapusercert = 
$config[
'authX509:ldapusercert'];
 
   55            'Authentication source ' . var_export($this->authId, 
true)
 
   74        $t->data[
'errorcode'] = 
$state[
'authX509.error'];
 
   92        assert(
'is_array($state)');
 
   95        if (!isset(
$_SERVER[
'SSL_CLIENT_CERT']) ||
 
   96            (
$_SERVER[
'SSL_CLIENT_CERT'] == 
'')) {
 
   97            $state[
'authX509.error'] = 
"NOCERT";
 
  104        $client_cert = 
$_SERVER[
'SSL_CLIENT_CERT'];
 
  105        $client_cert_data = openssl_x509_parse($client_cert);
 
  106        if ($client_cert_data === 
false) {
 
  108            $state[
'authX509.error'] = 
"INVALIDCERT";
 
  116        foreach ($this->x509attributes as $x509_attr => $ldap_attr) {
 
  118            if (array_key_exists($x509_attr, $client_cert_data[
'subject'])) {
 
  119                $value = $client_cert_data[
'subject'][$x509_attr];
 
  121                $dn = 
$ldapcf->searchfordn($ldap_attr, $value, 
true);
 
  130            $state[
'authX509.error'] = 
"UNKNOWNCERT";
 
  137        if ($this->ldapusercert === 
null) { 
 
  139            assert(
'is_array($attributes)');
 
  147        $ldap_certs = 
$ldapcf->getAttributes($dn, $this->ldapusercert);
 
  148        if ($ldap_certs === 
false) {
 
  150            $state[
'authX509.error'] = 
"UNKNOWNCERT";
 
  158        $merged_ldapcerts = array();
 
  159        foreach ($this->ldapusercert as $attr) {
 
  160            $merged_ldapcerts = array_merge($merged_ldapcerts, $ldap_certs[$attr]);
 
  162        $ldap_certs = $merged_ldapcerts;
 
  164        foreach ($ldap_certs as $ldap_cert) {
 
  166            $ldap_cert_data = openssl_x509_parse($pem);
 
  167            if ($ldap_cert_data === 
false) {
 
  172            if ($ldap_cert_data === $client_cert_data) {
 
  174                assert(
'is_array($attributes)');
 
  184        $state[
'authX509.error'] = 
"UNKNOWNCERT";
 
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
An exception for terminatinating execution or to throw for unit testing.
static getAllErrorCodeMessages()
Get a map of both errorcode titles and descriptions.
static der2pem($der, $type='CERTIFICATE')
Convert data from DER to PEM encoding.
static completeAuth(&$state)
Complete authentication.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
__construct($info, &$config)
Constructor for this authentication source.
authFailed(&$state)
Finish a failed authentication.
authenticate(&$state)
Validate certificate and login.
$ldapusercert
LDAP attribute containing the user certificate.
$x509attributes
x509 attributes to use from the certificate for searching the user in the LDAP directory.
$ldapcf
LDAPConfigHelper object.
authSuccesful(&$state)
Finish a successful authentication.
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']