modules/uphpCAS - git.Jacekk.net

			@@ -23,32 +23,34 @@
			if($serviceUrl != NULL) {
			$this->serviceUrl = $serviceUrl;
			} else {
			$url = 'http://';
			$port = 0;
			if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
			$url = 'https://';
			if(isset($_SERVER['SERVER_PORT'])
			&& $_SERVER['SERVER_PORT'] != '443') {
			$port = $_SERVER['SERVER_PORT'];
			}
			} elseif(isset($_SERVER['SERVER_PORT'])
			&& $_SERVER['SERVER_PORT'] != '80') {
			$port = $_SERVER['SERVER_PORT'];
			}

			$url .= $_SERVER['SERVER_NAME'];

			if($port != 0) {
			$url .= ':'.$port;
			}
			$url .= $_SERVER['REQUEST_URI'];

			$this->serviceUrl = $url;
			$this->serviceUrl = $this->getCurrentUrl();
			}

			if($sessionName) {
			$this->sessionName = $sessionName;
			}
			}

			public function getCurrentUrl() {
			$url = 'http://';
			$port = 0;
			if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
			$url = 'https://';
			if(isset($_SERVER['SERVER_PORT'])
			&& $_SERVER['SERVER_PORT'] != '443') {
			$port = $_SERVER['SERVER_PORT'];
			}
			} elseif(isset($_SERVER['SERVER_PORT'])
			&& $_SERVER['SERVER_PORT'] != '80') {
			$port = $_SERVER['SERVER_PORT'];
			}

			$url .= $_SERVER['SERVER_NAME'];

			if($port != 0) {
			$url .= ':'.$port;
			}
			$url .= $_SERVER['REQUEST_URI'];
			}

			public function getServerUrl() {
			@@ -65,7 +67,7 @@
			$this->serviceUrl = $serviceUrl;
			}

			public function getSessionName($sessionName) {
			public function getSessionName() {
			return $this->sessionName;
			}
			public function setSessionName($sessionName) {
			@@ -110,8 +112,26 @@
			}
			}

			public function verifyTicket($ticket) {
			$context = array(
			protected function findCaFile() {
			$cafiles = array(
			'/etc/ssl/certs/ca-certificates.crt',
			'/etc/ssl/certs/ca-bundle.crt',
			'/etc/pki/tls/certs/ca-bundle.crt',
			);

			$cafile = NULL;
			foreach($cafiles as $file) {
			if(is_file($file)) {
			$cafile = $file;
			break;
			}
			}

			return $cafile;
			}

			protected function createStreamContext($hostname) {
			$context = stream_context_create(array(
			'http' => array(
			'method' => 'GET',
			'user_agent' => 'uphpCAS/'.self::VERSION,
			@@ -124,33 +144,29 @@
			'allow_self_signed' => FALSE,
			'disable_compression' => TRUE,
			),
			);
			));

			if(version_compare(PHP_VERSION, '5.6', '<')) {
			$cafiles = array(
			'/etc/ssl/certs/ca-certificates.crt',
			'/etc/ssl/certs/ca-bundle.crt',
			'/etc/pki/tls/certs/ca-bundle.crt',
			);
			$cafile = NULL;
			foreach($cafiles as $file) {
			if(is_file($file)) {
			$cafile = $file;
			break;
			}
			}

			$url = parse_url($this->serverUrl);
			$context['ssl']['cafile'] = $cafile;
			$context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL'
			.':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP';
			$context['ssl']['CN_match'] = $url['host'];
			stream_context_set_option($context, array(
			'ssl' => array(
			'cafile' => $this->findCaFile(),
			'ciphers' => 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL:!eNULL'
			.':!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP',
			'CN_match' => $hostname,
			),
			));
			}

			return $context;
			}

			public function verifyTicket($ticket) {
			$url = parse_url($this->serverUrl);
			$context = $this->createStreamContext($url['host']);

			$data = file_get_contents($this->serverUrl
			.'/serviceValidate?service='.urlencode($this->serviceUrl)
			.'&ticket='.urlencode($ticket),
			FALSE, stream_context_create($context));
			.'&ticket='.urlencode($ticket), FALSE, $context);
			if($data === FALSE) {
			throw new JasigException('Authentication error: CAS server is unavailable');
			}