/**
* storeDB() store the CSR into the database
*
* @param void
* @return void
* @access public
* @throws DBStatementException If inserting the CSR into the DB failed
* @throws DBQueryException inserting the CSR into the DB failed
*/
public function storeDB($owner)
{
$insert = "INSERT INTO csr_cache (csr, uploaded_date, common_name, auth_key, from_ip, type) ";
$insert .= "VALUES(?,?,?,?,?,?)";
$param = array('text', 'text', 'text', 'text', 'text', 'text');
$data = array($this->getPEMContent(), $this->date, $owner->getX509ValidCN(), $this->getPubKeyHash(), $this->ip, $this->getCSRType());
try {
MDB2Wrapper::update($insert, $param, $data);
} catch (DBStatementException $dbse) {
Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not insert CSR into database. Server said: " . $dbse->getMessage());
/* logged the exception, rethrow */
throw $dbse;
} catch (DBQueryException $dbqe) {
Logger::log_event(LOG_INFO, __FILE__ . ":" . __LINE__ . "Could not insert CSR into database. " . "Testing whether it already exists.");
$query = "SELECT * FROM csr_cache WHERE auth_key = :auth_key";
$authKey = $this->getPubKeyHash();
$data = array();
$data['auth_key'] = $authKey;
try {
$res = MDB2Wrapper::execute($query, null, $data);
} catch (Exception $nestedEx) {
Logger::logEvent(LOG_ERR, __CLASS__, "storeDB()", "Verifying if CSR with auth-key {$authKey} already exists " . "failed. Stopping now, rethrowing original exception.");
throw $dbqe;
}
if (count($res) != 1) {
/* inserting failed and CSR does not already exist. Rethrow
* original exception */
throw $dbqe;
}
}
}
function pre_process($person)
{
parent::pre_process($person);
/* can be received when pressing "Back" on the CSR-signing overview */
if (isset($_POST['deleteCSR'])) {
$authToken = Input::sanitizeCertKey($_POST['deleteCSR']);
CSR::deleteFromDB($person, $authToken);
return;
}
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
$emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
$registeredPersonMails = $this->person->getNumEmails();
/** e-mail selection was skipped */
if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') {
$this->tpl->assign('skippedEmail', true);
if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) {
$this->person->regCertEmail($this->person->getEmail());
$this->person->storeRegCertEmails();
}
} else {
if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) {
foreach ($_POST['subjAltName_email'] as $key => $value) {
Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value);
$this->person->regCertEmail(Input::sanitizeText($value));
}
$this->person->storeRegCertEmails();
}
}
}
public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
if (isset($_GET['status_poll'])) {
$order_number = Input::sanitizeCertKey($_GET['status_poll']);
/* assign the order_number again */
$this->tpl->assign('order_number', $order_number);
$this->tpl->assign('status_poll', true);
$anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']);
$this->tpl->assign('ganticsrf', $anticsrf);
if ($this->ca->pollCertStatus($order_number)) {
/* redirect to certificate download area */
CS::setSessionKey("browserCert", $order_number);
header("Location: download_certificate.php");
}
}
/* when the key has been generated in the browser and the
* resulting CSR has been uploaded to the server, we end up
* here.
*/
if (isset($_POST['browserRequest'])) {
$ua = Output::getUserAgent();
switch ($ua) {
case "opera":
case "safari":
case "mozilla":
case "chrome":
$csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest'])));
break;
case "msie_pre_vista":
case "msie_post_vista":
$csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX;
$csr = new CSR_PKCS10($csrContent);
break;
}
if (!empty($csr) && $csr->isValid()) {
try {
$order_number = $this->signCSR($csr);
$this->tpl->assign('order_number', $order_number);
} catch (KeySignException $kse) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage());
Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__);
}
}
}
/**
* Constructor
*
* Note that the person is tied to a session and a simplesaml configuration
* here
*/
function __construct($person = NULL)
{
parent::__construct($person);
/* Find the path to simpelsamlphp and run the autoloader */
try {
$sspdir = Config::get_config('simplesaml_path');
} catch (KeyNotFoundException $knfe) {
echo "Cannot find path to simplesaml. This install is not valid. Aborting.<br />\n";
Logger::logEvent(LOG_ALERT, "Confusa_Auth_IdP", "__construct()", "Trying to instantiate SimpleSAMLphp without a configured path.");
exit(0);
}
require_once $sspdir . '/lib/_autoload.php';
SimpleSAML_Configuration::setConfigDir($sspdir . '/config');
/* start a session needed for the IdP-based AuthN approach */
$this->as = new SimpleSAML_Auth_Simple('default-sp');
$this->session = SimpleSAML_Session::getInstance();
}
public function process()
{
if (!$this->person->isNRENAdmin()) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the accountant.", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
} else {
if (Config::get_config('ca_mode') != CA_COMODO) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . "tried to access the accountant, " . "even though Confusa is not using the Comodo CA.", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] Confusa is not using Comodo CA");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
}
}
/* set fields in template */
if (!$this->account->getLoginName()) {
$this->tpl->assign('login_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('login_name', $this->account->getLoginName());
}
if (!$this->account->getPassword()) {
$this->tpl->assign('password', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('password', $this->translateTag('l10n_label_passwhidden', 'accountant'));
}
if (!$this->account->getAPName()) {
$this->tpl->assign('ap_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
} else {
$this->tpl->assign('ap_name', $this->account->getAPName());
}
$this->tpl->assign('verify_ca', 'yes');
$this->tpl->assign('content', $this->tpl->fetch('accountant.tpl'));
}
/**
* getSubscribers - get an array with subscriber and state
*
* Find all subscribers for the current NREN and return an array containing
* - subscriber name
* - subscriber state (subscribed | unsubscribed | suspended)
*
*/
private function getSubscribers()
{
try {
return $this->person->getNREN()->getSubscriberList();
} catch (DBStatementException $dbse) {
$errorTag = PW::create();
$msg = "Error in query-syntax. Verify that the query matches the database!";
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "getSubscribers()", $msg, __LINE__, $errorTag);
$msg .= "<br />Server said: " . htmlentities($dbse->getMessage());
Framework::error_output("[{$errorTag}]" . $msg);
return;
} catch (DBQueryException $dbqe) {
$errorTag = PW::create();
$msg = "Possible constraint-violation in query. Compare query to db-schema";
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "getSubscribers()", $msg, __LINE__, $errorTag);
$msg .= "<br />Server said: " . htmlentities($dbse->getMessage());
Framework::error_output("[{$errorTag}]" . $msg);
}
}
/**
* Sign the CSR identified by auth_key using the Online-CA's remote API
*
* @param String the auth-key used to identify the CSR in the database
* @param CSR the CSR to be signed
* @return void
* @access public
*
* @fixme make sure all callers of signKey is updated to use CSR.
*/
public function signKey($csr)
{
if (!$this->person->getSubscriber()->isSubscribed()) {
throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
}
$authKey = $csr->getAuthToken();
Logger::logEvent(LOG_INFO, __CLASS__, "signKey()", "Preparing to sign CSR ({$authKey}) " . $this->owner_string, __LINE__);
/* FIXME: better solution */
if ($csr instanceof CSR_PKCS10) {
$this->capiUploadCSR($authKey, $csr->getPEMContent(), ConfusaConstants::$CAPI_FORMAT_PKCS10);
} else {
if ($csr instanceof CSR_SPKAC) {
$this->capiUploadCSR($authKey, $csr->getDERContent(), ConfusaConstants::$CAPI_FORMAT_SPKAC);
}
}
$this->capiAuthorizeCSR();
CS::deleteSessionKey('rawCertList');
$timezone = new DateTimeZone($this->person->getTimezone());
$dt = new DateTime("now", $timezone);
CA::sendMailNotification($this->order_number, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
Logger::log_event(LOG_INFO, "Successfully signed new certificate. " . $this->owner_string);
return $this->order_number;
}
/**
* Sign the CSR with the passed authToken. If signing succeeds, the class
* member authKey is set to the orderNumber/certHash. If not, an error is
* displayer
* @param $authToken pubkey hash of the CSR that is to be signed
*/
private function signCSR($authToken)
{
$csr = CSR::getFromDB($this->person->getX509ValidCN(), $authToken);
if (!isset($csr) || !$csr) {
$errorTag = PW::create();
Framework::error_output("[{$errorTag}] Did not find CSR with auth_token " . htmlentities($auth_token));
$msg = "User " . $this->person->getEPPN() . " ";
$msg .= "tried to delete CSR with auth_token " . $authToken . " but was unsuccessful";
Logger::logEvent(LOG_NOTICE, "Process_CSR", "approveCSR({$authToken})", $msg, __LINE__, $errorTag);
return false;
}
try {
if (!isset($this->ca)) {
Framework::error_output($this->translateTag('l10n_err_noca', 'processcsr'));
return false;
}
$permission = $this->person->mayRequestCertificate();
if ($permission->isPermissionGranted() === false) {
Framework::error_output($this->translateTag('l10n_err_noperm1', 'processcsr') . "<br /><br />" . $permission->getFormattedReasons() . "<br />" . $this->translateTag('l10n_err_noperm2', 'processcsr'));
return;
}
$this->authKey = $this->ca->signKey($csr);
} catch (CGE_ComodoAPIException $capie) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentities($capie));
return false;
} catch (ConfusaGenException $e) {
$msg = $this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br /><i>" . htmlentities($e->getMessage()) . "</i><br />";
Framework::error_output($msg);
return false;
} catch (KeySigningException $kse) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentites($kse->getMessage()));
return false;
}
CSR::deleteFromDB($this->person, $authToken);
}
/**
* decoratePerson - get the supplied attributes and add to the correct
* fields in person
*
* This function is a bit fragile. The reason for this, is that it needs
* to 'bootstrap' the map for person-identifier (e.g. ePPN)
* through various encodings.
*
* One way would be to add a specific mapping for all known NRENs, but
* we'd rather add a generic approach and just try the known encodings
* and see if we find something there.
*
* If, for some reason, a new NREN/IdP fails to correctly decorate the
* person-object, the problem most likely starts here.
*
* @author Henrik Austad <*****@*****.**>
* @author Thomas Zangerl <*****@*****.**>
*
* @throws CGE_CriticalAttributeException If an attribute without which Confusa
* really can not work is not found
* @throws MapNotFoundException If the NREN-map is not found
*
* @param array $attributes
* @param String $idp
* @throws MapNotFoundException
*/
protected function decoratePerson($attributes, $idp)
{
$cnPrefix = "";
$oPrefix = "";
if (Config::get_config('capi_test')) {
$cnPrefix = ConfusaConstants::$CAPI_TEST_CN_PREFIX;
$oPrefix = ConfusaConstants::$CAPI_TEST_O_PREFIX;
}
if (is_null($idp)) {
throw new CGE_CriticalAttributeException("Need the URL of the IdP in order to create an NREN-object!");
}
if (is_null($attributes)) {
throw new CGE_CriticalAttributeException("Cannot find <b>any</b> attributes!");
}
/* From the IdP, find the NREN-details */
$this->person->setNREN(new NREN($idp));
if (is_null($this->person->getNREN()) || !$this->person->getNREN()->isValid()) {
$msg = "Could not map from the identity provider to the NREN. ";
$msg .= "Probably the idp_map in the database is not configured for your idp ({$idp}) ";
$msg .= "Please tell an administrator about that problem!";
throw new CGE_CriticalAttributeException($msg);
}
$nren_id = $this->person->getNREN()->getID();
Logger::logEvent(LOG_INFO, "Confusa_Auth", "decoratePerson(..., {$idp})", "Decorating person with map from NREN {$nren_id}.");
$map = $this->person->getMap();
/* Normal mapping, this is what we want. */
if ($this->mapSanityCheck($map)) {
/* Now that we have the NREN-map, reiterate getMap() in
* case we can find the subscriber-map. */
$this->person->setSubscriber(new Subscriber($attributes[$map['epodn']][0], $this->person->getNREN()));
$new_map = $this->person->getMap();
if ($this->mapSanityCheck($new_map)) {
$map = $new_map;
}
$eppn = Input::sanitizeEPPN($attributes[$map['eppn']][0]);
$this->person->setEPPN($eppn);
if (!is_null($map['eppn'])) {
$this->person->setEPPNKey($map['eppn']);
}
if (!is_null($map['cn'])) {
if (array_key_exists($map['cn'], $attributes)) {
$cn = mysql_real_escape_string($attributes[$map['cn']][0]);
$this->person->setName($cnPrefix . $cn);
}
}
/* end map has cn */
if (!is_null($map['mail'])) {
if (array_key_exists($map['mail'], $attributes)) {
$mail = Input::sanitizeEmail($attributes[$map['mail']]);
$this->person->setEmail($mail);
}
}
/* go through and add the relevant entitlement-parts.
* TODO: cleanup this and move to person::setEntitlement()
*/
if (!is_null($map['entitlement'])) {
if (array_key_exists($map['entitlement'], $attributes)) {
$entitlements = $attributes[$map['entitlement']];
}
}
if (isset($entitlements)) {
$namespace = Config::get_config('entitlement_namespace');
foreach ($entitlements as $key => $entitlementValue) {
$pos = strpos($entitlementValue, $namespace);
/* Note: we *must* check for both false *and*
* type, as we want pos to be 0 */
if ($pos === false || (int) $pos != 0) {
continue;
} else {
$val = explode(":", $entitlementValue);
if (count($val) !== count(explode(":", $namespace)) + 1) {
Framework::error_output("Error with namespace, too many objects in namespace (" . count($val) . ")");
continue;
}
/* only set the part *after*
* entitlement-namespace */
$entitlement = Input::sanitizeEntitlement($val[count($val) - 1]);
/* is the entitlement a valid entitlement? */
if ($entitlement == Config::get_config('entitlement_user') || $entitlement == Config::get_config('entitlement_admin')) {
$this->person->setEntitlement($entitlement);
}
}
}
}
} else {
/* At this point we're on shaky ground as we have to
* 'see if we can find anything'
*
* no map is set, can we find the ePPN in there?
*/
$eppnKey = $this->findEPPN($attributes);
if (!is_null($eppnKey)) {
$eppn = Input::sanitizeEPPN($eppnKey['value']);
$this->person->setEPPN($eppn);
$this->person->setEPPNKey($eppnKey['key']);
}
/* is ePPN registred as NREN admin (from bootstrap) */
if ($this->person->isNRENAdmin()) {
if (is_array($map)) {
Logger::log_event(LOG_WARNING, "Map for NREN {$nren_id} ({$idp}) corrupted. " . "Contains empty fields, consider dropping the map.");
}
$msg = "No NREN map found!";
if (Config::get_config('debug')) {
$msg .= "Raw-dump of supplied attributes:<br />\n";
$msg .= "<br /><pre>\n";
foreach ($attributes as $key => $val) {
$tabs = "\t";
if (strlen($key) < 8) {
$tabs .= "\t\t";
} else {
if (strlen($key) < 16) {
$tabs .= "\t";
}
}
$msg .= htmlentities("{$key}{$tabs}{$val[0]}") . "\n";
}
$msg .= "</pre><br />\n";
}
throw new MapNotFoundException($msg);
}
}
}
public function start()
{
/* From OWASP (prevent clickjacking):
*
* This new (nonstandard) X-FRAME-OPTIONS header is used to mark
* responses that shouldn't be framed. There are two options with
* X-FRAME-OPTIONS. The first is DENY, which prevents everyone from
* framing the content.
*
* This can also be done by apache itself:
* a2enmod headers
* Add to the Virtualhost, directory that hosts confusa:
* Header set X-Frame-Options "DENY"
*/
header('X-Frame-Options: DENY');
/*
* Strict-Transport-Security (RFC 6797)
* Once page has been accessed over HTTPS and this header was present,
* confirmant browsers will force subsequent requests over HTTPS aswell.
*/
header('Strict-Transport-Security: max-age=31536000');
/* Set tpl object to content page */
$this->contentPage->setTpl($this->tpl);
/* check the authentication-thing, catch the login-hook
* This is done via confusa_auth
*/
try {
$this->authenticate();
} catch (CGE_CriticalAttributeException $cae) {
$msg = "<b>" . $this->contentPage->translateMessageTag('fw_error_critical_attribute1') . "</b><br /><br />";
$msg .= htmlentities($cae->getMessage()) . "<br /><br />";
$msg .= $this->contentPage->translateMessageTag('fw_error_critical_attribute2');
Framework::error_output($msg);
$this->renderError = true;
} catch (MapNotFoundException $mnfe) {
$msg = $this->contentPage->translateMessageTag('fw_error_map_notfound');
/* if user is admin */
if ($this->person->isNRENAdmin()) {
$msg .= "<br /><br />";
$msg .= "<a href=\"attributes.php?mode=admin&anticsrf=" . Framework::getAntiCSRF() . "\">";
$msg .= $this->contentPage->translateMessageTag('fw_error_map_updatemap');
$msg .= "</>\n";
}
Framework::error_output($msg);
$this->renderError = true;
} catch (ConfusaGenException $cge) {
Framework::error_output($this->contentPage->translateMessageTag('fw_error_auth') . htmlentities($cge->getMessage()));
$this->renderError = true;
}
if ($this->isCSRFAttempt()) {
Framework::error_output($this->contentPage->translateMessageTag('fw_anticsrf_msg'));
$this->tpl->assign('instance', Config::get_config('system_name'));
$this->tpl->assign('errors', self::$errors);
$this->tpl->display('site.tpl');
exit(0);
}
/* Create a new anti CSRF token and export to the template engine */
$this->current_anticsrf = self::getAntiCSRF();
$this->tpl->assign('ganticsrf', 'anticsrf=' . $this->current_anticsrf);
$this->tpl->assign('panticsrf', '<input type="hidden" name="anticsrf" value="' . $this->current_anticsrf . '" />');
/*
* Try to run the pre-processing
*/
try {
$res = $this->contentPage->pre_process($this->person);
if ($res) {
$this->tpl->assign('extraHeader');
}
} catch (CGE_RemoteCredentialException $rce) {
$msg = $this->contentPage->translateMessageTag('fw_error_remote_credential1');
$msg .= "<i>" . htmlentities($rce->getMessage()) . "</i><br /><br />";
if ($this->person->isNRENAdmin()) {
$msg .= "<div style=\"text-align: center\">";
$msg .= self::translateMessageTag('fw_error_remote_credential2') . "</div>";
} else {
$msg .= Framework::error_output($this->contentPage->translateMessageTag('fw_error_remote_credential3'));
$this->renderError = true;
}
Framework::warning_output($msg);
} catch (KeyNotFoundException $knfe) {
$this->renderError = true;
$errorTag = PW::create(8);
$msg = "[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_keynotfound1');
Logger::logEvent(LOG_NOTICE, "Framework", "start()", "Config-file not properly configured: " . $knfe->getMessage(), __LINE__, $errorTag);
$msg .= htmlentities($knfe->getMessage());
$msg .= "<br />" . $this->contentPage->translateMessageTag('fw_keynotfound2');
Framework::error_output($msg);
} catch (Exception $e) {
Framework::error_output($this->contentPage->translateMessageTag('fw_unhandledexp1') . "<br />" . htmlentities($e->getMessage()));
$this->renderError = true;
}
/* ----------------------------------------------------------------
* Admin messages, trigger on missing elements
*/
if ($this->person->isNRENAdmin()) {
$this->triggerAdminIssues();
}
/* Mode-hook, to catch mode-change regardless of target-page (not only
* index) */
if (isset($_GET['mode'])) {
$new_mode = NORMAL_MODE;
if (htmlentities($_GET['mode']) == 'admin') {
$new_mode = ADMIN_MODE;
}
$this->person->setMode($new_mode);
}
$this->tpl->assign('title_logo', $this->contentPage->translateMessageTag('l10n_title_logo'));
$this->tpl->assign('person', $this->person);
$this->tpl->assign('subscriber', $this->person->getSubscriber());
$this->tpl->assign('nren', $this->person->getNREN());
$this->tpl->assign('is_online', Config::get_config('ca_mode') === CA_COMODO);
/* If we have a renderError, do not allow the user-page to
* render, otherwise, run it, and catch all unhandled exception
*
* The general idea, is that the process() should be
* self-contained wrt to exceptions.
*
* A NREN admin is supposed to be able to "fix stuff" such as for instance
* CGE_CriticalAttributeExceptions and should hence see the pages also if
* renderError is set.
*/
if (!$this->renderError || $this->person->isNRENAdmin()) {
try {
$this->applyNRENBranding();
$this->contentPage->process($this->person);
} catch (KeyNotFoundException $knfe) {
$errorTag = PW::create(8);
$msg = "[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_keynotfound1');
Logger::logEvent(LOG_NOTICE, "Framework", "start()", "Config-file not properly configured: " . $knfe->getMessage(), __LINE__, $errorTag);
$msg .= htmlentities($knfe->getMessage());
$msg .= "<br />" . $this->contentPage->translateMessageTag('fw_keynotfound2');
Framework::error_output($msg);
} catch (Exception $e) {
Logger::logEvent(LOG_INFO, "Framework", "start()", "Unhandleded exception when running contentPage->process()", __LINE__);
Framework::error_output($this->contentPage->translateMessageTag('fw_unhandledexp1') . "<br />\n" . htmlentities($e->getMessage()));
}
} else {
$nren = $this->person->getNREN();
if (isset($nren)) {
/* if all else fails, at least give the user some recovery information */
Framework::message_output($this->contentPage->translateMessageTag('fw_unrecoverable_nren') . htmlentities($this->person->getEPPN()));
} else {
$errorTag = PW::create();
Framework::error_output("[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_unrecoverable_nonren'));
Logger::logEvent(LOG_WARNING, "Framework", "start()", "User contacting us from " . $_SERVER['REMOTE_ADDR'] . " tried to login from IdP that appears to have no NREN-mapping!", __LINE__, $errorTag);
}
}
$this->tpl->assign('logoutUrl', 'logout.php');
// see render_menu($this->person)
$this->tpl->assign('menu', $this->tpl->fetch('menu.tpl'));
$this->tpl->assign('errors', self::$errors);
$this->tpl->assign('messages', self::$messages);
$this->tpl->assign('successes', self::$successes);
$this->tpl->assign('warnings', self::$warnings);
if (Config::get_config('debug')) {
$db_debug_res = "";
$db_debug_res .= "<address>\n";
$db_debug_res .= "During this session, we had ";
$db_debug_res .= MDB2Wrapper::getConnCounter() . " individual DB-connections.<br />\n";
$db_debug_res .= "</address>\n";
$this->tpl->assign('db_debug', $db_debug_res);
}
$this->tpl->display('site.tpl');
if (!$this->renderError) {
$this->contentPage->post_process($this->person);
}
}
function get_consumer_info($consumer_key)
{
$data = $this->store->get('consumers', $consumer_key, '');
if ($data == NULL) {
throw new Exception('No consumer registered for key ' . $consumer_key);
}
if (empty($data['value']['name'])) {
$errorStr = "No consumer name found for consumer with key " . $consumer_key . "!";
Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
throw new Exception($errorStr);
}
if (empty($data['value']['description'])) {
$errorStr = "No consumer description found for consumer with key" . " {$consumer_key}!";
Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
throw new Exception($errorStr);
}
if (empty($data['value']['owner'])) {
$errorStr = "No owner found for consumer with key" . " {$consumer_key}!";
Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
throw new Exception($errorStr);
}
$result = array('name' => $data['value']['name'], 'description' => $data['value']['description'], 'owner' => $data['value']['owner']);
return $result;
}