prepare user interface to register and delete client certificates on the profile page

This commit is contained in:
Christian Weiske 2011-05-10 15:23:58 +02:00
parent 967ba79ece
commit c13689813e
4 changed files with 142 additions and 7 deletions

View file

@ -3,6 +3,7 @@
<table>
<thead>
<tr>
<th>Options</th>
<th><?php echo T_('Serial'); ?></th>
<th><?php echo T_('Name'); ?></th>
<th><?php echo T_('Email'); ?></th>
@ -11,7 +12,8 @@
</thead>
<tbody>
<?php foreach($sslClientCerts as $cert) { ?>
<tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
<tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
<td><a href="#FIXME">delete</a></td>
<td><?php echo htmlspecialchars($cert->sslSerial); ?></td>
<td><?php echo htmlspecialchars($cert->sslName); ?></td>
<td><?php echo htmlspecialchars($cert->sslEmail); ?></td>
@ -23,3 +25,17 @@
<?php } else { ?>
<p><?php echo T_('No certificates registered'); ?></p>
<?php } ?>
<?php if ($currentCert) { ?>
<?php if ($currentCert->isRegistered($sslClientCerts)) { ?>
<p><?php echo T_('Your current certificate is already registered with your account.'); ?></p>
<?php } else { ?>
<p>
<a href="#FIXME">
<?php echo T_('Register current certificate to automatically login.'); ?>
</a>
</p>
<?php } ?>
<?php } else { ?>
<p><?php echo T_('Your browser does not provide a certificate.'); ?></p>
<?php } ?>

View file

@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert
public $sslName;
public $sslEmail;
/**
* Creates and returns a new object and fills it with
* tha passed values from the database.
* the passed values from the database.
*
* @param array $arCertRow Database row array
*
@ -50,6 +52,29 @@ class SemanticScuttle_Model_User_SslClientCert
/**
* Loads the user's/browser's client certificate information into
* an object and returns it.
* Expects that all information is available.
* Better check with
* SemanticScuttle_Service_User_SslClientCert::hasValidCert() before.
*
* @return SemanticScuttle_Model_User_SslClientCert
*
* @see SemanticScuttle_Service_User_SslClientCert::hasValidCert()
*/
public static function fromCurrentCert()
{
$cert = new self();
$cert->sslSerial = $_SERVER['SSL_CLIENT_M_SERIAL'];
$cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
$cert->sslName = $_SERVER['SSL_CLIENT_S_DN_CN'];
$cert->sslEmail = $_SERVER['SSL_CLIENT_S_DN_Email'];
return $cert;
}
/**
* Tells you if this certificate is the one the user is currently browsing
* with.
@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert
&& $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN'];
}
/**
* Checks if this certificate is registered (exists) in the certificate
* array
*
* @param array $arCertificates Array of certificate objects
*
* @return boolean True or false
*/
public function isRegistered($arCertificates)
{
foreach ($arCertificates as $cert) {
if ($cert->equals($this)) {
return true;
}
}
return false;
}
/**
* Deletes this certificate from database
*
* @return boolean True if all went well, false if not
*/
public function delete()
{
$ok = SemanticScuttle_Service_Factory::get('User_SslClientCert')
->delete($this);
if ($ok) {
$this->id = null;
}
return $ok;
}
/**
* Compares this certificate with the given one.
*
* @param SemanticScuttle_Service_Factory $cert Another user certificate
*
* @return boolean True if both match.
*/
public function equals(SemanticScuttle_Model_User_SslClientCert $cert)
{
return $this->sslSerial == $cert->sslSerial
&& $this->sslClientIssuerDn == $cert->sslClientIssuerDn;
}
}
?>

View file

@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
$this->db->sql_freeresult($dbresult);
return $certs;
}
/**
* Deletes a SSL client certificate.
* No security checks are made here.
*
* @param mixed $cert Certificate object or certificate database id.
* Objects are of type
* SemanticScuttle_Model_User_SslClientCert
*
* @return boolean True if all went well, false if it could not be deleted
*/
public function delete($cert)
{
if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) {
$id = (int)$cert->id;
} else {
$id = (int)$cert;
}
if ($id === 0) {
return false;
}
$query = 'DELETE FROM ' . $this->getTableName()
.' WHERE uId = ' . $id;
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR, 'Could not delete user certificate',
'', __LINE__, __FILE__, $query, $this->db
);
return false;
}
return true;
}
}
?>

View file

@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
$_SESSION['token_stamp'] = time();
$templatename = 'editprofile.tpl.php';
$tplVars['formaction'] = createURL('profile', $user);
$tplVars['token'] = $_SESSION['token'];
$tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get(
'User_SslClientCert'
)->getUserCerts($currentUser->getId());
$tplVars['formaction'] = createURL('profile', $user);
$tplVars['token'] = $_SESSION['token'];
$scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
$tplVars['currentCert'] = null;
if ($scert->hasValidCert()) {
$tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
}
}
$tplVars['objectUser'] = $userinfo;