mirror of https://github.com/jacekkow/uphpCAS
blame | history | patch | commit | commitdiff | ignore whitespace
Jacek Kowalski
2015-09-03 fa3e92385333620ad1d7c2c74b140fdf2a1ae0a5 
 uphpCAS.php


@@ -112,8 +112,26 @@


      }


   }


   


   public function verifyTicket($ticket) {


      $context = array(


   protected function findCaFile() {


      $cafiles = array(


         '/etc/ssl/certs/ca-certificates.crt',


         '/etc/ssl/certs/ca-bundle.crt',


         '/etc/pki/tls/certs/ca-bundle.crt',


      );


		


      $cafile = NULL;


      foreach($cafiles as $file) {


         if(is_file($file)) {


            $cafile = $file;


            break;


         }


      }


		


      return $cafile;


   }


	


   protected function createStreamContext($hostname) {


      $context = stream_context_create(array(


         'http' => array(


            'method' => 'GET',


            'user_agent' => 'uphpCAS/'.self::VERSION,


@@ -126,33 +144,29 @@


            'allow_self_signed' => FALSE,


            'disable_compression' => TRUE,


         ),


      );


      ));


      


      if(version_compare(PHP_VERSION, '5.6', '<')) {


         $cafiles = array(


            '/etc/ssl/certs/ca-certificates.crt',


            '/etc/ssl/certs/ca-bundle.crt',


            '/etc/pki/tls/certs/ca-bundle.crt',


         );


         $cafile = NULL;


         foreach($cafiles as $file) {


            if(is_file($file)) {


               $cafile = $file;


               break;


            }


         }


			


         $url = parse_url($this->serverUrl);


         $context['ssl']['cafile'] = $cafile;


         $context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL'


               .':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP';


         $context['ssl']['CN_match'] = $url['host'];


         stream_context_set_option($context, array(


            'ssl' => array(


               'cafile' => $this->findCaFile(),


               'ciphers' => 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL:!eNULL'


                  .':!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP',


               'CN_match' => $hostname,


            ),


         ));


      }


		


      return $context;


   }


	


   public function verifyTicket($ticket) {


      $url = parse_url($this->serverUrl);


      $context = $this->createStreamContext($url['host']);


      


      $data = file_get_contents($this->serverUrl


               .'/serviceValidate?service='.urlencode($this->serviceUrl)


               .'&ticket='.urlencode($ticket),


            FALSE, stream_context_create($context));


               .'&ticket='.urlencode($ticket), FALSE, $context);


      if($data === FALSE) {


         throw new JasigException('Authentication error: CAS server is unavailable');


      }