diff options
| author | Jaime Pérez <jaime.perez@uninett.no> | 2017-01-10 11:51:25 +0100 |
|---|---|---|
| committer | Jaime Pérez <jaime.perez@uninett.no> | 2017-01-10 11:51:25 +0100 |
| commit | 6cbc99456305be7d972c60ac87b5c8626d23e48b (patch) | |
| tree | 5d875bf4fb7b9a39264d4cf5938b25d1c8500452 | |
| parent | d2ab4711ec86b6f5f10d7ebe95b20fb4b9f61a31 (diff) | |
| download | simplesamlphp-6cbc99456305be7d972c60ac87b5c8626d23e48b.zip simplesamlphp-6cbc99456305be7d972c60ac87b5c8626d23e48b.tar.gz simplesamlphp-6cbc99456305be7d972c60ac87b5c8626d23e48b.tar.bz2 | |
Minor formatting and phpdoc fixes.
| -rw-r--r-- | modules/authX509/lib/Auth/Source/X509userCert.php | 99 |
1 files changed, 42 insertions, 57 deletions
diff --git a/modules/authX509/lib/Auth/Source/X509userCert.php b/modules/authX509/lib/Auth/Source/X509userCert.php index 7b323af..3c333c4 100644 --- a/modules/authX509/lib/Auth/Source/X509userCert.php +++ b/modules/authX509/lib/Auth/Source/X509userCert.php @@ -1,8 +1,7 @@ <?php /** - * This class implements x509 certificate authentication with - * certificate validation against an LDAP directory. + * This class implements x509 certificate authentication with certificate validation against an LDAP directory. * * @author Emmanuel Dreyfus <manu@netbsd.org> * @package SimpleSAMLphp @@ -11,14 +10,13 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source { /** - * x509 attributes to use from the certificate - * for searching the user in the LDAP directory. + * x509 attributes to use from the certificate for searching the user in the LDAP directory. */ private $x509attributes = array('UID' => 'uid'); /** - * LDAP attribute containing the user certificate + * LDAP attribute containing the user certificate. */ private $ldapusercert = array('userCertificate;binary'); @@ -32,11 +30,10 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source /** * Constructor for this authentication source. * - * All subclasses who implement their own constructor must call this - * constructor before using $config for anything. + * All subclasses who implement their own constructor must call this constructor before using $config for anything. * - * @param array $info Information about this authentication source. - * @param array &$config Configuration for this authentication source. + * @param array $info Information about this authentication source. + * @param array &$config Configuration for this authentication source. */ public function __construct($info, &$config) { @@ -44,19 +41,19 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source assert('is_array($config)'); if (isset($config['authX509:x509attributes'])) { - $this->x509attributes = - $config['authX509:x509attributes']; + $this->x509attributes = $config['authX509:x509attributes']; } if (array_key_exists('authX509:ldapusercert', $config)) { - $this->ldapusercert = - $config['authX509:ldapusercert']; + $this->ldapusercert = $config['authX509:ldapusercert']; } parent::__construct($info, $config); - $this->ldapcf = new sspmod_ldap_ConfigHelper($config, - 'Authentication source ' . var_export($this->authId, true)); + $this->ldapcf = new sspmod_ldap_ConfigHelper( + $config, + 'Authentication source ' . var_export($this->authId, true) + ); return; } @@ -65,17 +62,15 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source /** * Finish a failed authentication. * - * This function can be overloaded by a child authentication - * class that wish to perform some operations on failure + * This function can be overloaded by a child authentication class that wish to perform some operations on failure. * - * @param array &$state Information about the current authentication. + * @param array &$state Information about the current authentication. */ public function authFailed(&$state) { $config = SimpleSAML_Configuration::getInstance(); - $t = new SimpleSAML_XHTML_Template($config, - 'authX509:X509error.php'); + $t = new SimpleSAML_XHTML_Template($config, 'authX509:X509error.php'); $t->data['errorcode'] = $state['authX509.error']; $t->show(); @@ -84,15 +79,12 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source /** - * Validate certificate and login + * Validate certificate and login. * - * This function try to validate the certificate. - * On success, the user is logged in without going through - * o login page. - * On failure, The authX509:X509error.php template is - * loaded. + * This function try to validate the certificate. On success, the user is logged in without going through the login + * page. On failure, The authX509:X509error.php template is loaded. * - * @param array &$state Information about the current authentication. + * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { @@ -103,28 +95,28 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source ($_SERVER['SSL_CLIENT_CERT'] == '')) { $state['authX509.error'] = "NOCERT"; $this->authFailed($state); - assert('false'); // NOTREACHED + + assert('false'); // should never be reached return; } $client_cert = $_SERVER['SSL_CLIENT_CERT']; $client_cert_data = openssl_x509_parse($client_cert); - if ($client_cert_data == false) { + if ($client_cert_data === false) { SimpleSAML\Logger::error('authX509: invalid cert'); $state['authX509.error'] = "INVALIDCERT"; $this->authFailed($state); - assert('false'); // NOTREACHED + assert('false'); // should never be reached return; } $dn = null; foreach ($this->x509attributes as $x509_attr => $ldap_attr) { - /* value is scalar */ + // value is scalar if (array_key_exists($x509_attr, $client_cert_data['subject'])) { $value = $client_cert_data['subject'][$x509_attr]; - SimpleSAML\Logger::info('authX509: cert '. - $x509_attr.' = '.$value); + SimpleSAML\Logger::info('authX509: cert '. $x509_attr.' = '.$value); $dn = $ldapcf->searchfordn($ldap_attr, $value, true); if ($dn !== null) { break; @@ -133,12 +125,11 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source } if ($dn === null) { - SimpleSAML\Logger::error('authX509: cert has '. - 'no matching user in LDAP'); + SimpleSAML\Logger::error('authX509: cert has no matching user in LDAP.'); $state['authX509.error'] = "UNKNOWNCERT"; $this->authFailed($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } @@ -148,35 +139,32 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source $state['Attributes'] = $attributes; $this->authSuccesful($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } $ldap_certs = $ldapcf->getAttributes($dn, $this->ldapusercert); if ($ldap_certs === false) { - SimpleSAML\Logger::error('authX509: no certificate '. - 'found in LDAP for dn='.$dn); + SimpleSAML\Logger::error('authX509: no certificate found in LDAP for dn='.$dn); $state['authX509.error'] = "UNKNOWNCERT"; $this->authFailed($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } $merged_ldapcerts = array(); - foreach ($this->ldapusercert as $attr) - $merged_ldapcerts = array_merge($merged_ldapcerts, - $ldap_certs[$attr]); + foreach ($this->ldapusercert as $attr) { + $merged_ldapcerts = array_merge($merged_ldapcerts, $ldap_certs[$attr]); + } $ldap_certs = $merged_ldapcerts; foreach ($ldap_certs as $ldap_cert) { $pem = \SimpleSAML\Utils\Crypto::der2pem($ldap_cert); $ldap_cert_data = openssl_x509_parse($pem); - if($ldap_cert_data == false) { - SimpleSAML\Logger::error('authX509: cert in '. - 'LDAP in invalid for '. - 'dn = '.$dn); + if ($ldap_cert_data === false) { + SimpleSAML\Logger::error('authX509: cert in LDAP is invalid for dn='.$dn); continue; } @@ -186,35 +174,32 @@ class sspmod_authX509_Auth_Source_X509userCert extends SimpleSAML_Auth_Source $state['Attributes'] = $attributes; $this->authSuccesful($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } } - SimpleSAML\Logger::error('authX509: no matching cert in '. - 'LDAP for dn = '.$dn); + SimpleSAML\Logger::error('authX509: no matching cert in LDAP for dn='.$dn); $state['authX509.error'] = "UNKNOWNCERT"; $this->authFailed($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } /** - * Finish a succesful authentication. + * Finish a successful authentication. * - * This function can be overloaded by a child authentication - * class that wish to perform some operations after login. + * This function can be overloaded by a child authentication class that wish to perform some operations after login. * - * @param array &$state Information about the current authentication. + * @param array &$state Information about the current authentication. */ public function authSuccesful(&$state) { SimpleSAML_Auth_Source::completeAuth($state); - assert('false'); /* NOTREACHED */ + assert('false'); // should never be reached return; } - } |