| | |
| | | $url .= ':'.$port; |
| | | } |
| | | $url .= $_SERVER['REQUEST_URI']; |
| | | |
| | | return $url; |
| | | } |
| | | |
| | | public function getServerUrl() { |
| | |
| | | } |
| | | } |
| | | |
| | | public function verifyTicket($ticket) { |
| | | $context = array( |
| | | protected function findCaFile() { |
| | | $cafiles = array( |
| | | '/etc/ssl/certs/ca-certificates.crt', |
| | | '/etc/ssl/certs/ca-bundle.crt', |
| | | '/etc/pki/tls/certs/ca-bundle.crt', |
| | | ); |
| | | |
| | | $cafile = NULL; |
| | | foreach($cafiles as $file) { |
| | | if(is_file($file)) { |
| | | $cafile = $file; |
| | | break; |
| | | } |
| | | } |
| | | |
| | | return $cafile; |
| | | } |
| | | |
| | | protected function createStreamContext($hostname) { |
| | | $context = stream_context_create(array( |
| | | 'http' => array( |
| | | 'method' => 'GET', |
| | | 'user_agent' => 'uphpCAS/'.self::VERSION, |
| | |
| | | 'allow_self_signed' => FALSE, |
| | | 'disable_compression' => TRUE, |
| | | ), |
| | | ); |
| | | )); |
| | | |
| | | if(version_compare(PHP_VERSION, '5.6', '<')) { |
| | | $cafiles = array( |
| | | '/etc/ssl/certs/ca-certificates.crt', |
| | | '/etc/ssl/certs/ca-bundle.crt', |
| | | '/etc/pki/tls/certs/ca-bundle.crt', |
| | | ); |
| | | $cafile = NULL; |
| | | foreach($cafiles as $file) { |
| | | if(is_file($file)) { |
| | | $cafile = $file; |
| | | break; |
| | | } |
| | | } |
| | | |
| | | $url = parse_url($this->serverUrl); |
| | | $context['ssl']['cafile'] = $cafile; |
| | | $context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL' |
| | | .':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP'; |
| | | $context['ssl']['CN_match'] = $url['host']; |
| | | stream_context_set_option($context, array( |
| | | 'ssl' => array( |
| | | 'cafile' => $this->findCaFile(), |
| | | 'ciphers' => 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL:!eNULL' |
| | | .':!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP', |
| | | 'CN_match' => $hostname, |
| | | ), |
| | | )); |
| | | } |
| | | |
| | | return $context; |
| | | } |
| | | |
| | | public function verifyTicket($ticket) { |
| | | $url = parse_url($this->serverUrl); |
| | | $context = $this->createStreamContext($url['host']); |
| | | |
| | | $data = file_get_contents($this->serverUrl |
| | | .'/serviceValidate?service='.urlencode($this->serviceUrl) |
| | | .'&ticket='.urlencode($ticket), |
| | | FALSE, stream_context_create($context)); |
| | | .'&ticket='.urlencode($ticket), FALSE, $context); |
| | | if($data === FALSE) { |
| | | throw new JasigException('Authentication error: CAS server is unavailable'); |
| | | } |