From c13689813e71413f3c98664568c47c167c00580a Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 10 May 2011 15:23:58 +0200 Subject: [PATCH] prepare user interface to register and delete client certificates on the profile page --- .../editprofile-sslclientcerts.tpl.php | 18 ++++- .../Model/User/SslClientCert.php | 78 ++++++++++++++++++- .../Service/User/SslClientCert.php | 38 +++++++++ www/profile.php | 15 ++-- 4 files changed, 142 insertions(+), 7 deletions(-) diff --git a/data/templates/editprofile-sslclientcerts.tpl.php b/data/templates/editprofile-sslclientcerts.tpl.php index e6fc5c3..c43def4 100644 --- a/data/templates/editprofile-sslclientcerts.tpl.php +++ b/data/templates/editprofile-sslclientcerts.tpl.php @@ -3,6 +3,7 @@ + @@ -11,7 +12,8 @@ - isCurrent()) { echo 'class="ssl-current"'; } ?>> + isCurrent()) { echo 'class="ssl-current"'; } ?>> + @@ -23,3 +25,17 @@

+ + + isRegistered($sslClientCerts)) { ?> +

+ +

+ + + +

+ + +

+ diff --git a/src/SemanticScuttle/Model/User/SslClientCert.php b/src/SemanticScuttle/Model/User/SslClientCert.php index ab7b288..383b601 100644 --- a/src/SemanticScuttle/Model/User/SslClientCert.php +++ b/src/SemanticScuttle/Model/User/SslClientCert.php @@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert public $sslName; public $sslEmail; + + /** * Creates and returns a new object and fills it with - * tha passed values from the database. + * the passed values from the database. * * @param array $arCertRow Database row array * @@ -50,6 +52,29 @@ class SemanticScuttle_Model_User_SslClientCert + /** + * Loads the user's/browser's client certificate information into + * an object and returns it. + * Expects that all information is available. + * Better check with + * SemanticScuttle_Service_User_SslClientCert::hasValidCert() before. + * + * @return SemanticScuttle_Model_User_SslClientCert + * + * @see SemanticScuttle_Service_User_SslClientCert::hasValidCert() + */ + public static function fromCurrentCert() + { + $cert = new self(); + $cert->sslSerial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; + $cert->sslName = $_SERVER['SSL_CLIENT_S_DN_CN']; + $cert->sslEmail = $_SERVER['SSL_CLIENT_S_DN_Email']; + return $cert; + } + + + /** * Tells you if this certificate is the one the user is currently browsing * with. @@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert && $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN']; } + + + /** + * Checks if this certificate is registered (exists) in the certificate + * array + * + * @param array $arCertificates Array of certificate objects + * + * @return boolean True or false + */ + public function isRegistered($arCertificates) + { + foreach ($arCertificates as $cert) { + if ($cert->equals($this)) { + return true; + } + } + return false; + } + + + + /** + * Deletes this certificate from database + * + * @return boolean True if all went well, false if not + */ + public function delete() + { + $ok = SemanticScuttle_Service_Factory::get('User_SslClientCert') + ->delete($this); + if ($ok) { + $this->id = null; + } + return $ok; + } + + + + /** + * Compares this certificate with the given one. + * + * @param SemanticScuttle_Service_Factory $cert Another user certificate + * + * @return boolean True if both match. + */ + public function equals(SemanticScuttle_Model_User_SslClientCert $cert) + { + return $this->sslSerial == $cert->sslSerial + && $this->sslClientIssuerDn == $cert->sslClientIssuerDn; + } } ?> \ No newline at end of file diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php index 3c69788..b6545df 100644 --- a/src/SemanticScuttle/Service/User/SslClientCert.php +++ b/src/SemanticScuttle/Service/User/SslClientCert.php @@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi $this->db->sql_freeresult($dbresult); return $certs; } + + + + /** + * Deletes a SSL client certificate. + * No security checks are made here. + * + * @param mixed $cert Certificate object or certificate database id. + * Objects are of type + * SemanticScuttle_Model_User_SslClientCert + * + * @return boolean True if all went well, false if it could not be deleted + */ + public function delete($cert) + { + if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) { + $id = (int)$cert->id; + } else { + $id = (int)$cert; + } + + if ($id === 0) { + return false; + } + + $query = 'DELETE FROM ' . $this->getTableName() + .' WHERE uId = ' . $id; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not delete user certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + return true; + } } ?> \ No newline at end of file diff --git a/www/profile.php b/www/profile.php index 446c089..5ffc959 100644 --- a/www/profile.php +++ b/www/profile.php @@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { $_SESSION['token_stamp'] = time(); $templatename = 'editprofile.tpl.php'; - $tplVars['formaction'] = createURL('profile', $user); - $tplVars['token'] = $_SESSION['token']; - $tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get( - 'User_SslClientCert' - )->getUserCerts($currentUser->getId()); + + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + + $scert = SemanticScuttle_Service_Factory::get('User_SslClientCert'); + $tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId()); + $tplVars['currentCert'] = null; + if ($scert->hasValidCert()) { + $tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert(); + } } $tplVars['objectUser'] = $userinfo;
Options
delete sslSerial); ?> sslName); ?> sslEmail); ?>