Code style: spaces, lowercase keywords.

No functional changes. For: #458

Code style: spaces, lowercase keywords.
No functional changes. For: #458
d83d0291 · Thijs Kinkhorst · 078b1e23 · d83d0291 · d83d0291 · d83d0291
Commit d83d0291 authored 8 years ago by Thijs Kinkhorst
--- a/modules/authX509/lib/Auth/Process/ExpiryWarning.php
+++ b/modules/authX509/lib/Auth/Process/ExpiryWarning.php
@@ -56,7 +56,7 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process
    public function process(&$state) {
        assert('is_array($state)');

-        if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
+        if (isset($state['isPassive']) && $state['isPassive'] === true) {
            // We have a passive request. Skip the warning
            return;
        }
@@ -68,7 +68,7 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process

        $client_cert = $_SERVER['SSL_CLIENT_CERT'];
        $client_cert_data = openssl_x509_parse($client_cert);
-        if ($client_cert_data == FALSE) {
+        if ($client_cert_data == false) {
            SimpleSAML\Logger::error('authX509: invalid cert');
            return;
        }

--- a/modules/authX509/lib/Auth/Source/X509userCert.php
+++ b/modules/authX509/lib/Auth/Source/X509userCert.php
@@ -9,233 +9,234 @@
 */
 class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source {

-	/**
-	 * x509 attributes to use from the certificate
-	 * for searching the user in the LDAP directory.
-	 */
-	private $x509attributes = array('UID' => 'uid');
-
-
-	/**
-	 * LDAP attribute containing the user certificate
-	 */
-	private $ldapusercert = array('userCertificate;binary');
-
-
-	/**
-	 * LDAPConfigHelper object
-	 */
-	private $ldapcf;
-
-
-	/**
-	 * Constructor for this authentication source.
-	 *
-	 * All subclasses who implement their own constructor must call this
-	 * constructor before using $config for anything.
-	 *
-	 * @param array $info  Information about this authentication source.
-	 * @param array &$config  Configuration for this authentication source.
-	 */
-	public function __construct($info, &$config) {
-		assert('is_array($info)');
-		assert('is_array($config)');
-
-		if (isset($config['authX509:x509attributes']))
-			$this->x509attributes =
-				$config['authX509:x509attributes'];
-
-		if (array_key_exists('authX509:ldapusercert', $config))
-			$this->ldapusercert =
-				$config['authX509:ldapusercert'];
-
-		parent::__construct($info, $config);
-
-		$this->ldapcf = new sspmod_ldap_ConfigHelper($config,
-			'Authentication source ' . var_export($this->authId, TRUE));
-
-		return;
-	}
-
-
-	/**
-	 * Convert certificate from PEM to DER
-	 *
-	 * @param array $pem_data  PEM-encoded certificate
-	 */
-	private function pem2der($pem_data) {
-		$begin = "CERTIFICATE-----";
-		$end   = "-----END";
-		$pem_data = substr($pem_data,
-			strpos($pem_data, $begin)+strlen($begin));
-		$pem_data = substr($pem_data, 0, strpos($pem_data, $end));
-		$der = base64_decode($pem_data);
-		return $der;
-	}
-
-
-	/**
-	 * Convert certificate from DER to PEM
-	 *
-	 * @param array $der_data  DER-encoded certificate
-	 */
-	private function der2pem($der_data) {
-		$pem = chunk_split(base64_encode($der_data), 64, "\n");
-		$pem = "-----BEGIN CERTIFICATE-----\n".$pem.
-			"-----END CERTIFICATE-----\n";
-		return $pem;
-	}
-
-
-	/**
-	 * Finish a failed authentication.
-	 *
-	 * This function can be overloaded by a child authentication
-	 * class that wish to perform some operations on failure
-	 *
-	 * @param array &$state  Information about the current authentication.
-	 */
-	public function authFailed(&$state) {
-		$config = SimpleSAML_Configuration::getInstance();
-
-		$t = new SimpleSAML_XHTML_Template($config,
-			'authX509:X509error.php');
-		$t->data['errorcode'] = $state['authX509.error'];
-
-		$t->show();
-		exit();
-	}
-
-
-	/**
-	 * Validate certificate and login
-	 *
-	 * This function try to validate the certificate.
-	 * On success, the user is logged in without going through
-	 * o login page.
-	 * On failure, The authX509:X509error.php template is
-	 * loaded.
-	 *
-	 * @param array &$state  Information about the current authentication.
-	 */
-	public function authenticate(&$state) {
-		assert('is_array($state)');
-		$ldapcf = $this->ldapcf;
-
-		if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
-		    ($_SERVER['SSL_CLIENT_CERT'] == '')) {
-			$state['authX509.error'] = "NOCERT";
-			$this->authFailed($state);
-			assert('FALSE'); // NOTREACHED
-			return;
-		}
-
-		$client_cert = $_SERVER['SSL_CLIENT_CERT'];
-		$client_cert_data = openssl_x509_parse($client_cert);
-		if ($client_cert_data == FALSE) {
-			SimpleSAML\Logger::error('authX509: invalid cert');
-			$state['authX509.error'] = "INVALIDCERT";
-			$this->authFailed($state);
-
-			assert('FALSE'); // NOTREACHED
-			return;
-		}
-
-		$dn = NULL;
-		foreach ($this->x509attributes as $x509_attr => $ldap_attr) {
-			/* value is scalar */
-			if (array_key_exists($x509_attr, $client_cert_data['subject'])) {
-				$value = $client_cert_data['subject'][$x509_attr];
-				SimpleSAML\Logger::info('authX509: cert '.
-				                        $x509_attr.' = '.$value);
-				$dn = $ldapcf->searchfordn($ldap_attr, $value, TRUE);
-				if ($dn !== NULL)
-					break;
-			}
-		}
-
-		if ($dn === NULL) {
-			SimpleSAML\Logger::error('authX509: cert has '.
-			                         'no matching user in LDAP');
-			$state['authX509.error'] = "UNKNOWNCERT";
-			$this->authFailed($state);
-
-			assert('FALSE'); /* NOTREACHED */
-			return;
-		}
-
-		if ($this->ldapusercert === NULL) { // do not check for certificate match
-			$attributes = $ldapcf->getAttributes($dn);
-			assert('is_array($attributes)');
-			$state['Attributes'] = $attributes;
-			$this->authSuccesful($state);
-
-			assert('FALSE'); /* NOTREACHED */
-			return;
-		}
-
-		$ldap_certs = $ldapcf->getAttributes($dn, $this->ldapusercert);
-		if ($ldap_certs === FALSE) {
-			SimpleSAML\Logger::error('authX509: no certificate '.
-			                         'found in LDAP for dn='.$dn);
-			$state['authX509.error'] = "UNKNOWNCERT";
-			$this->authFailed($state);
-
-			assert('FALSE'); /* NOTREACHED */
-			return;
-		}
-
-
-		$merged_ldapcerts = array();
-		foreach ($this->ldapusercert as $attr)
-			$merged_ldapcerts = array_merge($merged_ldapcerts,
-			                                $ldap_certs[$attr]);
-		$ldap_certs = $merged_ldapcerts;
-
-		foreach ($ldap_certs as $ldap_cert) {
-			$pem = $this->der2pem($ldap_cert);
-			$ldap_cert_data = openssl_x509_parse($pem);
-			if($ldap_cert_data == FALSE) {
-				SimpleSAML\Logger::error('authX509: cert in '.
-				                         'LDAP in invalid for '.
-				                         'dn = '.$dn);
-				continue;
-			}
-
-			if ($ldap_cert_data === $client_cert_data) {
-				$attributes = $ldapcf->getAttributes($dn);
-				assert('is_array($attributes)');
-				$state['Attributes'] = $attributes;
-				$this->authSuccesful($state);
-
-				assert('FALSE'); /* NOTREACHED */
-				return;
-			}
-		}
-
-		SimpleSAML\Logger::error('authX509: no matching cert in '.
-		                         'LDAP for dn = '.$dn);
-		$state['authX509.error'] = "UNKNOWNCERT";
-		$this->authFailed($state);
-
-		assert('FALSE'); /* NOTREACHED */
-		return;
-	}
-
-
-	/**
-	 * Finish a succesfull authentication.
-	 *
-	 * This function can be overloaded by a child authentication
-	 * class that wish to perform some operations after login.
-	 *
-	 * @param array &$state  Information about the current authentication.
-	 */
-	public function authSuccesful(&$state) {
-		SimpleSAML_Auth_Source::completeAuth($state);
-
-		assert('FALSE'); /* NOTREACHED */
-		return;
-	}
+    /**
+     * x509 attributes to use from the certificate
+     * for searching the user in the LDAP directory.
+     */
+    private $x509attributes = array('UID' => 'uid');
+
+
+    /**
+     * LDAP attribute containing the user certificate
+     */
+    private $ldapusercert = array('userCertificate;binary');
+
+
+    /**
+     * LDAPConfigHelper object
+     */
+    private $ldapcf;
+
+
+    /**
+     * Constructor for this authentication source.
+     *
+     * All subclasses who implement their own constructor must call this
+     * constructor before using $config for anything.
+     *
+     * @param array $info  Information about this authentication source.
+     * @param array &$config  Configuration for this authentication source.
+     */
+    public function __construct($info, &$config) {
+        assert('is_array($info)');
+        assert('is_array($config)');
+
+        if (isset($config['authX509:x509attributes']))
+            $this->x509attributes =
+                $config['authX509:x509attributes'];
+
+        if (array_key_exists('authX509:ldapusercert', $config))
+            $this->ldapusercert =
+                $config['authX509:ldapusercert'];
+
+        parent::__construct($info, $config);
+
+        $this->ldapcf = new sspmod_ldap_ConfigHelper($config,
+            'Authentication source ' . var_export($this->authId, true));
+
+        return;
+    }
+
+
+    /**
+     * Convert certificate from PEM to DER
+     *
+     * @param array $pem_data  PEM-encoded certificate
+     */
+    private function pem2der($pem_data) {
+        $begin = "CERTIFICATE-----";
+        $end   = "-----END";
+        $pem_data = substr($pem_data,
+            strpos($pem_data, $begin)+strlen($begin));
+        $pem_data = substr($pem_data, 0, strpos($pem_data, $end));
+        $der = base64_decode($pem_data);
+        return $der;
+    }
+
+
+    /**
+     * Convert certificate from DER to PEM
+     *
+     * @param array $der_data  DER-encoded certificate
+     */
+    private function der2pem($der_data) {
+        $pem = chunk_split(base64_encode($der_data), 64, "\n");
+        $pem = "-----BEGIN CERTIFICATE-----\n".$pem.
+            "-----END CERTIFICATE-----\n";
+        return $pem;
+    }
+
+
+    /**
+     * Finish a failed authentication.
+     *
+     * This function can be overloaded by a child authentication
+     * class that wish to perform some operations on failure
+     *
+     * @param array &$state  Information about the current authentication.
+     */
+    public function authFailed(&$state) {
+        $config = SimpleSAML_Configuration::getInstance();
+
+        $t = new SimpleSAML_XHTML_Template($config,
+            'authX509:X509error.php');
+        $t->data['errorcode'] = $state['authX509.error'];
+
+        $t->show();
+        exit();
+    }
+
+
+    /**
+     * Validate certificate and login
+     *
+     * This function try to validate the certificate.
+     * On success, the user is logged in without going through
+     * o login page.
+     * On failure, The authX509:X509error.php template is
+     * loaded.
+     *
+     * @param array &$state  Information about the current authentication.
+     */
+    public function authenticate(&$state) {
+        assert('is_array($state)');
+        $ldapcf = $this->ldapcf;
+
+        if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
+            ($_SERVER['SSL_CLIENT_CERT'] == '')) {
+            $state['authX509.error'] = "NOCERT";
+            $this->authFailed($state);
+            assert('false'); // NOTREACHED
+            return;
+        }
+
+        $client_cert = $_SERVER['SSL_CLIENT_CERT'];
+        $client_cert_data = openssl_x509_parse($client_cert);
+        if ($client_cert_data == false) {
+            SimpleSAML\Logger::error('authX509: invalid cert');
+            $state['authX509.error'] = "INVALIDCERT";
+            $this->authFailed($state);
+
+            assert('false'); // NOTREACHED
+            return;
+        }
+
+        $dn = null;
+        foreach ($this->x509attributes as $x509_attr => $ldap_attr) {
+            /* value is scalar */
+            if (array_key_exists($x509_attr, $client_cert_data['subject'])) {
+                $value = $client_cert_data['subject'][$x509_attr];
+                SimpleSAML\Logger::info('authX509: cert '.
+                                        $x509_attr.' = '.$value);
+                $dn = $ldapcf->searchfordn($ldap_attr, $value, true);
+                if ($dn !== null) {
+                    break;
+                }
+            }
+        }
+
+        if ($dn === null) {
+            SimpleSAML\Logger::error('authX509: cert has '.
+                                     'no matching user in LDAP');
+            $state['authX509.error'] = "UNKNOWNCERT";
+            $this->authFailed($state);
+
+            assert('false'); /* NOTREACHED */
+            return;
+        }
+
+        if ($this->ldapusercert === null) { // do not check for certificate match
+            $attributes = $ldapcf->getAttributes($dn);
+            assert('is_array($attributes)');
+            $state['Attributes'] = $attributes;
+            $this->authSuccesful($state);
+
+            assert('false'); /* NOTREACHED */
+            return;
+        }
+
+        $ldap_certs = $ldapcf->getAttributes($dn, $this->ldapusercert);
+        if ($ldap_certs === false) {
+            SimpleSAML\Logger::error('authX509: no certificate '.
+                                     'found in LDAP for dn='.$dn);
+            $state['authX509.error'] = "UNKNOWNCERT";
+            $this->authFailed($state);
+
+            assert('false'); /* NOTREACHED */
+            return;
+        }
+
+
+        $merged_ldapcerts = array();
+        foreach ($this->ldapusercert as $attr)
+            $merged_ldapcerts = array_merge($merged_ldapcerts,
+                                            $ldap_certs[$attr]);
+        $ldap_certs = $merged_ldapcerts;
+
+        foreach ($ldap_certs as $ldap_cert) {
+            $pem = $this->der2pem($ldap_cert);
+            $ldap_cert_data = openssl_x509_parse($pem);
+            if($ldap_cert_data == false) {
+                SimpleSAML\Logger::error('authX509: cert in '.
+                                         'LDAP in invalid for '.
+                                         'dn = '.$dn);
+                continue;
+            }
+
+            if ($ldap_cert_data === $client_cert_data) {
+                $attributes = $ldapcf->getAttributes($dn);
+                assert('is_array($attributes)');
+                $state['Attributes'] = $attributes;
+                $this->authSuccesful($state);
+
+                assert('false'); /* NOTREACHED */
+                return;
+            }
+        }
+
+        SimpleSAML\Logger::error('authX509: no matching cert in '.
+                                 'LDAP for dn = '.$dn);
+        $state['authX509.error'] = "UNKNOWNCERT";
+        $this->authFailed($state);
+
+        assert('false'); /* NOTREACHED */
+        return;
+    }
+
+
+    /**
+     * Finish a succesful authentication.
+     *
+     * This function can be overloaded by a child authentication
+     * class that wish to perform some operations after login.
+     *
+     * @param array &$state  Information about the current authentication.
+     */
+    public function authSuccesful(&$state) {
+        SimpleSAML_Auth_Source::completeAuth($state);
+
+        assert('false'); /* NOTREACHED */
+        return;
+    }

 }
--- a/modules/authX509/templates/X509error.php
+++ b/modules/authX509/templates/X509error.php
@@ -6,7 +6,7 @@ $this->includeAtTemplateBase('includes/header.php');
 ?>

 <?php
-if ($this->data['errorcode'] !== NULL) {
+if ($this->data['errorcode'] !== null) {
 ?>
 	<div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid #e8e8e8; background: #f5f5f5">
 		<img src="/<?php echo $this->data['baseurlpath']; ?>resources/icons/experience/gtk-dialog-error.48x48.png" class="float-l" style="margin: 15px" alt="" />