ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ExpiryWarning.php
Go to the documentation of this file.
1 <?php
2 
17 class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_ProcessingFilter
18 {
19 
20  private $warndaysbefore = 30;
21  private $renewurl = null;
22 
29  public function __construct($config, $reserved)
30  {
31  parent::__construct($config, $reserved);
32 
33  assert(is_array($config));
34 
35  if (array_key_exists('warndaysbefore', $config)) {
36  $this->warndaysbefore = $config['warndaysbefore'];
37  if (!is_string($this->warndaysbefore)) {
38  throw new Exception('Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.');
39  }
40  }
41 
42  if (array_key_exists('renewurl', $config)) {
43  $this->renewurl = $config['renewurl'];
44  if (!is_string($this->renewurl)) {
45  throw new Exception('Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.');
46  }
47  }
48  }
49 
58  public function process(&$state)
59  {
60  assert(is_array($state));
61 
62  if (isset($state['isPassive']) && $state['isPassive'] === true) {
63  // We have a passive request. Skip the warning
64  return;
65  }
66 
67  if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
68  ($_SERVER['SSL_CLIENT_CERT'] == '')) {
69  return;
70  }
71 
72  $client_cert = $_SERVER['SSL_CLIENT_CERT'];
73  $client_cert_data = openssl_x509_parse($client_cert);
74  if ($client_cert_data == false) {
75  SimpleSAML\Logger::error('authX509: invalid cert');
76  return;
77  }
78  $validTo = $client_cert_data['validTo_time_t'];
79  $now = time();
80  $daysleft = (int)(($validTo - $now) / (24*60*60));
81  if ($daysleft > $this->warndaysbefore) {
82  // We have a certificate that will be valid for some time. Skip the warning
83  return;
84  }
85 
86  SimpleSAML\Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
87  $state['daysleft'] = $daysleft;
88  $state['renewurl'] = $this->renewurl;
89 
90  /* Save state and redirect. */
91  $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
92  $url = SimpleSAML\Module::getModuleURL('authX509/expirywarning.php');
93  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
94  }
95 
96 }
sspmod_authX509_Auth_Process_ExpiryWarning
Definition: ExpiryWarning.php:17
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$config
$config
Definition: bootstrap.php:15
sspmod_authX509_Auth_Process_ExpiryWarning\$renewurl
$renewurl
Definition: ExpiryWarning.php:21
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
sspmod_authX509_Auth_Process_ExpiryWarning\process
process(&$state)
Process an authentication response.
Definition: ExpiryWarning.php:58
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
SimpleSAML\Logger\error
static error($string)
Definition: Logger.php:166
sspmod_authX509_Auth_Process_ExpiryWarning\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: ExpiryWarning.php:29
sspmod_authX509_Auth_Process_ExpiryWarning\$warndaysbefore
$warndaysbefore
Definition: ExpiryWarning.php:20
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:21
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194