public function pre_process($person)
{
parent::pre_process($person);
$auth = AuthHandler::getAuthManager($this->person);
$this->discoPath = $auth->getDiscoPath();
/*
* Handle country AuthN redirect. Both can redirect, if they don't, show
* the map.
*/
$nren = NREN_Handler::getNREN($_SERVER['SERVER_NAME']);
if (!empty($nren)) {
$this->redirectToWAYF($nren);
$this->forwardToDisco($nren);
}
/* if not redirected, continue */
if (array_key_exists('country', $_GET)) {
$this->selected_country = htmlentities($_GET['country']);
$nren = NREN_Handler::getNREN($url, 1);
echo "redirecting to idp-part for " . $this->selected_country . ", stopping rendering of this page now\n";
exit(0);
}
/* textual view? */
if (array_key_exists('textual_view', $_GET)) {
if ($_GET['textual_view'] === "yes") {
$this->mapMode = false;
}
} else {
/* ok, show map */
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js', 'js/jquery-jvectormap-1.1.1.min.js', 'js/jquery-jvectormap-europe-mill-en.js'));
}
}
/**
* @throws CGE_CriticalAttributeException If an attribute needed for the operation of Confusa is not found
* @throws MapNotFoundException If the NREN-map for the attributes is not found
*/
public function authenticate()
{
/* if login, trigger SAML-redirect first */
$auth = AuthHandler::getAuthManager($this->person);
$authRequired = $this->contentPage->is_protected() || isset($_GET['start_login']) && $_GET['start_login'] === 'yes';
$auth->authenticate($authRequired);
/* show a warning if the person does not have Confusa
* entitlement and ConfusaAdmin entitlement */
if ($this->person->isAuth()) {
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_user')) == false) {
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin')) == false) {
$entitlement = Config::get_config('entitlement_namespace') . ":";
$entitlement .= Config::get_config('entitlement_user');
$msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1');
$msg .= "<br /><i>{$entitlement}</i><br /><br />";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_2');
if (!is_null($this->person->getSubscriber())) {
$url = $this->person->getSubscriber()->getHelpURL();
$email = $this->person->getSubscriber()->getHelpEmail();
$msg .= "<br />\n";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_3');
$msg .= '<br /><ul><li style="margin: 1em 0 0 2em">';
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_4');
$msg .= "<a href=\"mailto:{$email}\">{$email}</a></li>";
$msg .= '<li style="margin: 1em 0 0 2em">';
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_5');
$msg .= "<a href=\"{$url}\">{$url}</a></li>\n</ul><br />\n";
}
Framework::error_output($msg);
} else {
$entitlement = Config::get_config('entitlement_namespace') . ":";
$entitlement = Config::get_config('entitlement_user');
$msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1');
$msg .= "<br /><i>{$entitlement}</i><br /><br />";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_6');
Framework::warning_output($msg);
}
}
} else {
/* maybe we can guess the NREN from the URL */
$this->person->setNREN(NREN_Handler::getNREN($_SERVER['SERVER_NAME']), 1);
}
/*
* Force reauthentication based on the settings if the session is too
* old */
if (Framework::$sensitive_action) {
$auth->reAuthenticate();
}
}
function queryOrder($nren, $order)
{
echo "Looking for {$order} issued to nren {$nren}\n";
$nren = NREN_Handler::getByID($nren);
if (!$nren) {
echo "\n\tError when retrieving NREN {$nren}, please use correct NREN-ID\n\n";
listNRENs();
return;
}
$person = new Person();
$person->setNREN($nren);
$person->isAuth(true);
$ca = CAHandler::getCA($person);
$status = $ca->pollCertStatus($order, true);
$errors = explode("\n", $status, 2);
if (!is_numeric($errors[0])) {
echo "Malformed response from CA, all bets are off :/\n";
return;
}
echo "Response from CA backend: " . $errors[0] . ":\n";
switch ($errors[0]) {
case 0:
echo "Certificate is currently being processed by Comodo\n";
break;
case 1:
echo "Certificate available, no errors detected\n";
getCert($ca, $order, $person);
break;
case -1:
echo "Request via vulnerable channel (non-https)\n";
break;
case -2:
echo "Unrecognized argument sent to CA backend.\n";
echo $status . "\n";
break;
case "-3":
case "-4":
/* invalid password? */
echo "You are not allowed to log in and view this certificate\n";
$caa = "CA Account problems -";
if (strpos($errors[1], "loginPassword") !== FALSE) {
echo "{$caa} invalid password\n";
}
/* invalid username? */
if (strpos($errors[1], "loginName") !== FALSE) {
echo "{$caa} invalid username\n";
}
if (strpos($errors[1], "ap") !== FALSE) {
echo "{$caa} invalid AP-Name\n";
}
if (strpos($errors[1], "orderNumber") !== FALSE) {
echo "Invalid orderNumber, make sure that the certificate you are looking for" . " are accessible via this NREN-account!\n";
}
break;
case "-13":
echo "The CSR contained a publickey with invalid keysize, make sure it is long enough!\n";
break;
case "-14":
echo "Unknown error\n";
break;
case "-16":
echo "Permission denied when contacting Comodo backend\n";
break;
case "-17":
echo "Confusa used GET insted of POST when contacting CA backend\n";
break;
case "-20":
echo "CSR rejected by CA\n";
break;
case "-21":
echo "Certificate has been revoked\n";
break;
case "-22":
echo "Awaiting payment, certificate on hold\n";
break;
default:
echo "unknown error (" . $errors[0] . ")\n";
break;
}
/* endswitch */
print_r($errors[1]);
echo "\n";
}
