From 5f67901c1b85a7b230b803666eb494d138d908ba Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <jkowalsk@student.agh.edu.pl> Date: Sun, 06 Sep 2015 14:35:17 +0000 Subject: [PATCH] Remove HHVM from Travis test matrix due to lack of built-in webserver --- uphpCAS.php | 151 ++++++++++++++++++++++++++++++++++---------------- 1 files changed, 103 insertions(+), 48 deletions(-) diff --git a/uphpCAS.php b/uphpCAS.php index bf6ab6a..12f8424 100644 --- a/uphpCAS.php +++ b/uphpCAS.php @@ -14,6 +14,8 @@ protected $serverUrl = ''; protected $serviceUrl; protected $sessionName = 'uphpCAS-user'; + protected $method = 'POST'; + protected $caFile = NULL; function __construct($serverUrl = NULL, $serviceUrl = NULL, $sessionName = NULL) { if($serverUrl != NULL) { @@ -23,32 +25,49 @@ if($serviceUrl != NULL) { $this->serviceUrl = $serviceUrl; } else { - $url = 'http://'; - $port = 0; - if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { - $url = 'https://'; - if(isset($_SERVER['SERVER_PORT']) - && $_SERVER['SERVER_PORT'] != '443') { - $port = $_SERVER['SERVER_PORT']; - } - } elseif(isset($_SERVER['SERVER_PORT']) - && $_SERVER['SERVER_PORT'] != '80') { - $port = $_SERVER['SERVER_PORT']; - } - - $url .= $_SERVER['SERVER_NAME']; - - if($port != 0) { - $url .= ':'.$port; - } - $url .= $_SERVER['REQUEST_URI']; - - $this->serviceUrl = $url; + $this->serviceUrl = $this->getCurrentUrl(); } if($sessionName) { $this->sessionName = $sessionName; } + + if(version_compare(PHP_VERSION, '5.6', '<')) { + $this->caFile = $this->findCaFile(); + } + } + + public function getCurrentUrl() { + $url = 'http://'; + $port = 0; + if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + $url = 'https://'; + if(isset($_SERVER['SERVER_PORT']) + && $_SERVER['SERVER_PORT'] != '443') { + $port = $_SERVER['SERVER_PORT']; + } + } elseif(isset($_SERVER['SERVER_PORT']) + && $_SERVER['SERVER_PORT'] != '80') { + $port = $_SERVER['SERVER_PORT']; + } + + $url .= $_SERVER['SERVER_NAME']; + + if($port != 0) { + $url .= ':'.$port; + } + + $url .= $_SERVER['REQUEST_URI']; + + if(isset($_GET['ticket'])) { + $pos = max( + strrpos($url, '?ticket='), + strrpos($url, '&ticket=') + ); + $url = substr($url, 0, $pos); + } + + return $url; } public function getServerUrl() { @@ -65,23 +84,46 @@ $this->serviceUrl = $serviceUrl; } - public function getSessionName($sessionName) { + public function getSessionName() { return $this->sessionName; } public function setSessionName($sessionName) { $this->sessionName = $sessionName; } + public function getMethod() { + return $this->method; + } + public function setMethod($method) { + if($method != 'GET' && $method != 'POST') { + throw new DomainException('Unsupported CAS response' + .' method: '.$method); + } + $this->method = $method; + } + + public function getCaFile() { + return $this->caFile; + } + public function setCaFile($caFile) { + if(!is_file($caFile)) { + throw new DomainException('Invalid CA file: '.$caFile); + } + $this->caFile = $caFile; + } + public function loginUrl() { - return $this->serverUrl.'/login?method=POST&service='.urlencode($this->serviceUrl); + return $this->serverUrl.'/login?method='.$this->method + .'&service='.urlencode($this->serviceUrl); } public function logoutUrl($returnUrl = NULL) { - return $this->serverUrl.'/logout'.($returnUrl ? '?service='.urlencode($returnUrl) : ''); + return $this->serverUrl.'/logout' + .($returnUrl ? '?service='.urlencode($returnUrl) : ''); } public function logout($returnUrl = NULL) { - session_start(); + @session_start(); if($this->isAuthenticated()) { unset($_SESSION[$this->sessionName]); header('Location: '.$this->logoutUrl($returnUrl)); @@ -97,7 +139,7 @@ } public function authenticate() { - session_start(); + @session_start(); if($this->isAuthenticated()) { return $_SESSION[$this->sessionName]; } elseif(isset($_REQUEST['ticket'])) { @@ -110,7 +152,25 @@ } } - public function verifyTicket($ticket) { + protected function findCaFile() { + $cafiles = array( + '/etc/ssl/certs/ca-certificates.crt', + '/etc/ssl/certs/ca-bundle.crt', + '/etc/pki/tls/certs/ca-bundle.crt', + ); + + $cafile = NULL; + foreach($cafiles as $file) { + if(is_file($file)) { + $cafile = $file; + break; + } + } + + return $cafile; + } + + protected function createStreamContext($hostname) { $context = array( 'http' => array( 'method' => 'GET', @@ -126,31 +186,26 @@ ), ); - if(version_compare(PHP_VERSION, '5.6', '<')) { - $cafiles = array( - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ssl/certs/ca-bundle.crt', - '/etc/pki/tls/certs/ca-bundle.crt', - ); - $cafile = NULL; - foreach($cafiles as $file) { - if(is_file($file)) { - $cafile = $file; - break; - } - } - - $url = parse_url($this->serverUrl); - $context['ssl']['cafile'] = $cafile; - $context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL' - .':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP'; - $context['ssl']['CN_match'] = $url['host']; + if($this->caFile) { + $context['ssl']['cafile'] = $this->caFile; } + + if(version_compare(PHP_VERSION, '5.6', '<')) { + $context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL' + .':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP'; + $context['ssl']['CN_match'] = $hostname; + } + + return stream_context_create($context); + } + + public function verifyTicket($ticket) { + $url = parse_url($this->serverUrl); + $context = $this->createStreamContext($url['host']); $data = file_get_contents($this->serverUrl .'/serviceValidate?service='.urlencode($this->serviceUrl) - .'&ticket='.urlencode($ticket), - FALSE, stream_context_create($context)); + .'&ticket='.urlencode($ticket), FALSE, $context); if($data === FALSE) { throw new JasigException('Authentication error: CAS server is unavailable'); } -- Gitblit v1.9.1