prepare user interface to register and delete client certificates on the profile page

data/templates/editprofile-sslclientcerts.tpl.php

@@ -3,6 +3,7 @@
 <table>
  <thead>
   <tr>
+   <th>Options</th>
    <th><?php echo T_('Serial'); ?></th>
    <th><?php echo T_('Name'); ?></th>
    <th><?php echo T_('Email'); ?></th>
@@ -12,6 +13,7 @@
  <tbody>
  <?php foreach($sslClientCerts as $cert) { ?>
   <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
+   <td><a href="#FIXME">delete</a></td>
    <td><?php echo htmlspecialchars($cert->sslSerial); ?></td>
    <td><?php echo htmlspecialchars($cert->sslName); ?></td>
    <td><?php echo htmlspecialchars($cert->sslEmail); ?></td>
@@ -23,3 +25,17 @@
 <?php } else { ?>
  <p><?php echo T_('No certificates registered'); ?></p>
 <?php } ?>
+
+<?php if ($currentCert) { ?>
+ <?php if ($currentCert->isRegistered($sslClientCerts)) { ?>
+  <p><?php echo T_('Your current certificate is already registered with your account.'); ?></p>
+ <?php } else { ?>
+  <p>
+   <a href="#FIXME">
+    <?php echo T_('Register current certificate to automatically login.'); ?>
+   </a>
+  </p>
+ <?php } ?>
+<?php } else { ?>
+ <p><?php echo T_('Your browser does not provide a certificate.'); ?></p>
+<?php } ?>

src/SemanticScuttle/Model/User/SslClientCert.php

@@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert
     public $sslName;
     public $sslEmail;
 
+
+
     /**
      * Creates and returns a new object and fills it with
-     * tha passed values from the database.
+     * the passed values from the database.
      *
      * @param array $arCertRow Database row array
      *
@@ -50,6 +52,29 @@ class SemanticScuttle_Model_User_SslClientCert
 
 
 
+    /**
+     * Loads the user's/browser's client certificate information into
+     * an object and returns it.
+     * Expects that all information is available.
+     * Better check with
+     * SemanticScuttle_Service_User_SslClientCert::hasValidCert() before.
+     *
+     * @return SemanticScuttle_Model_User_SslClientCert
+     *
+     * @see SemanticScuttle_Service_User_SslClientCert::hasValidCert()
+     */
+    public static function fromCurrentCert()
+    {
+        $cert = new self();
+        $cert->sslSerial         = $_SERVER['SSL_CLIENT_M_SERIAL'];
+        $cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+        $cert->sslName           = $_SERVER['SSL_CLIENT_S_DN_CN'];
+        $cert->sslEmail          = $_SERVER['SSL_CLIENT_S_DN_Email'];
+        return $cert;
+    }
+
+
+
     /**
      * Tells you if this certificate is the one the user is currently browsing
      * with.
@@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert
             && $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN'];
     }
 
+
+
+    /**
+     * Checks if this certificate is registered (exists) in the certificate
+     * array
+     *
+     * @param array $arCertificates Array of certificate objects
+     *
+     * @return boolean True or false
+     */
+    public function isRegistered($arCertificates)
+    {
+        foreach ($arCertificates as $cert) {
+            if ($cert->equals($this)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+
+    /**
+     * Deletes this certificate from database
+     *
+     * @return boolean True if all went well, false if not
+     */
+    public function delete()
+    {
+        $ok = SemanticScuttle_Service_Factory::get('User_SslClientCert')
+            ->delete($this);
+        if ($ok) {
+            $this->id = null;
+        }
+        return $ok;
+    }
+
+
+
+    /**
+     * Compares this certificate with the given one.
+     *
+     * @param SemanticScuttle_Service_Factory $cert Another user certificate
+     *
+     * @return boolean True if both match.
+     */
+    public function equals(SemanticScuttle_Model_User_SslClientCert $cert)
+    {
+        return $this->sslSerial == $cert->sslSerial
+            && $this->sslClientIssuerDn == $cert->sslClientIssuerDn;
+    }
 }
 ?>

src/SemanticScuttle/Service/User/SslClientCert.php

@@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
         $this->db->sql_freeresult($dbresult);
         return $certs;
     }
+
+
+
+    /**
+     * Deletes a SSL client certificate.
+     * No security checks are made here.
+     *
+     * @param mixed $cert Certificate object or certificate database id.
+     *                    Objects are of type
+     *                    SemanticScuttle_Model_User_SslClientCert
+     *
+     * @return boolean True if all went well, false if it could not be deleted
+     */
+    public function delete($cert)
+    {
+        if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) {
+            $id = (int)$cert->id;
+        } else {
+            $id = (int)$cert;
+        }
+
+        if ($id === 0) {
+            return false;
+        }
+
+        $query = 'DELETE FROM ' . $this->getTableName()
+            .' WHERE uId = ' . $id;
+
+        if (!($dbresult = $this->db->sql_query($query))) {
+            message_die(
+                GENERAL_ERROR, 'Could not delete user certificate',
+                '', __LINE__, __FILE__, $query, $this->db
+            );
+            return false;
+        }
+
+        return true;
+    }
 }
 ?>

www/profile.php

@@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
 	$_SESSION['token_stamp'] = time();
 
 	$templatename = 'editprofile.tpl.php';
+
 	$tplVars['formaction'] = createURL('profile', $user);
 	$tplVars['token']      = $_SESSION['token'];
-	$tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get(
+
-		'User_SslClientCert'
+    $scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
-	)->getUserCerts($currentUser->getId());
+	$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
+	$tplVars['currentCert']    = null;
+    if ($scert->hasValidCert()) {
+        $tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
+    }
 }
 
 $tplVars['objectUser'] = $userinfo;