Example #1
0
 /**
  * storeDB() store the CSR into the database
  *
  * @param	void
  * @return void
  * @access	public
  * @throws DBStatementException If inserting the CSR into the DB failed
  * @throws DBQueryException inserting the CSR into the DB failed
  */
 public function storeDB($owner)
 {
     $insert = "INSERT INTO csr_cache (csr, uploaded_date, common_name, auth_key, from_ip, type) ";
     $insert .= "VALUES(?,?,?,?,?,?)";
     $param = array('text', 'text', 'text', 'text', 'text', 'text');
     $data = array($this->getPEMContent(), $this->date, $owner->getX509ValidCN(), $this->getPubKeyHash(), $this->ip, $this->getCSRType());
     try {
         MDB2Wrapper::update($insert, $param, $data);
     } catch (DBStatementException $dbse) {
         Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not insert CSR into database. Server said: " . $dbse->getMessage());
         /* logged the exception, rethrow */
         throw $dbse;
     } catch (DBQueryException $dbqe) {
         Logger::log_event(LOG_INFO, __FILE__ . ":" . __LINE__ . "Could not insert CSR into database. " . "Testing whether it already exists.");
         $query = "SELECT * FROM csr_cache WHERE auth_key = :auth_key";
         $authKey = $this->getPubKeyHash();
         $data = array();
         $data['auth_key'] = $authKey;
         try {
             $res = MDB2Wrapper::execute($query, null, $data);
         } catch (Exception $nestedEx) {
             Logger::logEvent(LOG_ERR, __CLASS__, "storeDB()", "Verifying if CSR with auth-key {$authKey} already exists " . "failed. Stopping now, rethrowing original exception.");
             throw $dbqe;
         }
         if (count($res) != 1) {
             /* inserting failed and CSR does not already exist. Rethrow
              * original exception */
             throw $dbqe;
         }
     }
 }
Example #2
0
 function pre_process($person)
 {
     parent::pre_process($person);
     /* can be received when pressing "Back" on the CSR-signing overview */
     if (isset($_POST['deleteCSR'])) {
         $authToken = Input::sanitizeCertKey($_POST['deleteCSR']);
         CSR::deleteFromDB($person, $authToken);
         return;
     }
     $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
     $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
     $emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
     $registeredPersonMails = $this->person->getNumEmails();
     /** e-mail selection was skipped */
     if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') {
         $this->tpl->assign('skippedEmail', true);
         if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) {
             $this->person->regCertEmail($this->person->getEmail());
             $this->person->storeRegCertEmails();
         }
     } else {
         if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) {
             foreach ($_POST['subjAltName_email'] as $key => $value) {
                 Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value);
                 $this->person->regCertEmail(Input::sanitizeText($value));
             }
             $this->person->storeRegCertEmails();
         }
     }
 }
Example #3
0
 public function pre_process($person)
 {
     parent::pre_process($person);
     $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
     $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
     if (isset($_GET['status_poll'])) {
         $order_number = Input::sanitizeCertKey($_GET['status_poll']);
         /* assign the order_number again */
         $this->tpl->assign('order_number', $order_number);
         $this->tpl->assign('status_poll', true);
         $anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']);
         $this->tpl->assign('ganticsrf', $anticsrf);
         if ($this->ca->pollCertStatus($order_number)) {
             /* redirect to certificate download area */
             CS::setSessionKey("browserCert", $order_number);
             header("Location: download_certificate.php");
         }
     }
     /* when the key has been generated in the browser and the
      * resulting CSR has been uploaded to the server, we end up
      * here.
      */
     if (isset($_POST['browserRequest'])) {
         $ua = Output::getUserAgent();
         switch ($ua) {
             case "opera":
             case "safari":
             case "mozilla":
             case "chrome":
                 $csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest'])));
                 break;
             case "msie_pre_vista":
             case "msie_post_vista":
                 $csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX;
                 $csr = new CSR_PKCS10($csrContent);
                 break;
         }
         if (!empty($csr) && $csr->isValid()) {
             try {
                 $order_number = $this->signCSR($csr);
                 $this->tpl->assign('order_number', $order_number);
             } catch (KeySignException $kse) {
                 Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage());
                 Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: " . $this->person->getEPPN(), __LINE__);
                 unset($_POST['browserSigning']);
             }
         } else {
             Framework::error_output($this->translateTag('l10n_err_parsecsr', 'processcsr'));
             Logger::logEvent(LOG_NOTICE, "CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__);
         }
     }
 }
Example #4
0
 /**
  * Constructor
  *
  * Note that the person is tied to a session and a simplesaml configuration
  * here
  */
 function __construct($person = NULL)
 {
     parent::__construct($person);
     /* Find the path to simpelsamlphp and run the autoloader */
     try {
         $sspdir = Config::get_config('simplesaml_path');
     } catch (KeyNotFoundException $knfe) {
         echo "Cannot find path to simplesaml. This install is not valid. Aborting.<br />\n";
         Logger::logEvent(LOG_ALERT, "Confusa_Auth_IdP", "__construct()", "Trying to instantiate SimpleSAMLphp without a configured path.");
         exit(0);
     }
     require_once $sspdir . '/lib/_autoload.php';
     SimpleSAML_Configuration::setConfigDir($sspdir . '/config');
     /* start a session needed for the IdP-based AuthN approach */
     $this->as = new SimpleSAML_Auth_Simple('default-sp');
     $this->session = SimpleSAML_Session::getInstance();
 }
Example #5
0
 public function process()
 {
     if (!$this->person->isNRENAdmin()) {
         $errorTag = PW::create();
         Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the accountant.", __LINE__, $errorTag);
         $this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin");
         $this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
         return;
     } else {
         if (Config::get_config('ca_mode') != CA_COMODO) {
             $errorTag = PW::create();
             Logger::logEvent(LOG_NOTICE, "Accountant", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . "tried to access the accountant, " . "even though Confusa is not using the Comodo CA.", __LINE__, $errorTag);
             $this->tpl->assign('reason', "[{$errorTag}] Confusa is not using Comodo CA");
             $this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
             return;
         }
     }
     /* set fields in template */
     if (!$this->account->getLoginName()) {
         $this->tpl->assign('login_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
     } else {
         $this->tpl->assign('login_name', $this->account->getLoginName());
     }
     if (!$this->account->getPassword()) {
         $this->tpl->assign('password', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
     } else {
         $this->tpl->assign('password', $this->translateTag('l10n_label_passwhidden', 'accountant'));
     }
     if (!$this->account->getAPName()) {
         $this->tpl->assign('ap_name', $this->translateTag('l10n_fieldval_undefined', 'accountant'));
     } else {
         $this->tpl->assign('ap_name', $this->account->getAPName());
     }
     $this->tpl->assign('verify_ca', 'yes');
     $this->tpl->assign('content', $this->tpl->fetch('accountant.tpl'));
 }
Example #6
0
 /**
  * getSubscribers - get an array with subscriber and state
  *
  * Find all subscribers for the current NREN and return an array containing
  * - subscriber name
  * - subscriber state (subscribed | unsubscribed | suspended)
  *
  */
 private function getSubscribers()
 {
     try {
         return $this->person->getNREN()->getSubscriberList();
     } catch (DBStatementException $dbse) {
         $errorTag = PW::create();
         $msg = "Error in query-syntax. Verify that the query matches the database!";
         Logger::logEvent(LOG_NOTICE, "NRENAdmin", "getSubscribers()", $msg, __LINE__, $errorTag);
         $msg .= "<br />Server said: " . htmlentities($dbse->getMessage());
         Framework::error_output("[{$errorTag}]" . $msg);
         return;
     } catch (DBQueryException $dbqe) {
         $errorTag = PW::create();
         $msg = "Possible constraint-violation in query. Compare query to db-schema";
         Logger::logEvent(LOG_NOTICE, "NRENAdmin", "getSubscribers()", $msg, __LINE__, $errorTag);
         $msg .= "<br />Server said: " . htmlentities($dbse->getMessage());
         Framework::error_output("[{$errorTag}]" . $msg);
     }
 }
Example #7
0
 /**
  * Sign the CSR identified by auth_key using the Online-CA's remote API
  *
  * @param	String the auth-key used to identify the CSR in the database
  * @param	CSR the CSR to be signed
  * @return	void
  * @access	public
  *
  * @fixme	make sure all callers of signKey is updated to use CSR.
  */
 public function signKey($csr)
 {
     if (!$this->person->getSubscriber()->isSubscribed()) {
         throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
     }
     $authKey = $csr->getAuthToken();
     Logger::logEvent(LOG_INFO, __CLASS__, "signKey()", "Preparing to sign CSR ({$authKey}) " . $this->owner_string, __LINE__);
     /* FIXME: better solution */
     if ($csr instanceof CSR_PKCS10) {
         $this->capiUploadCSR($authKey, $csr->getPEMContent(), ConfusaConstants::$CAPI_FORMAT_PKCS10);
     } else {
         if ($csr instanceof CSR_SPKAC) {
             $this->capiUploadCSR($authKey, $csr->getDERContent(), ConfusaConstants::$CAPI_FORMAT_SPKAC);
         }
     }
     $this->capiAuthorizeCSR();
     CS::deleteSessionKey('rawCertList');
     $timezone = new DateTimeZone($this->person->getTimezone());
     $dt = new DateTime("now", $timezone);
     CA::sendMailNotification($this->order_number, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
     Logger::log_event(LOG_INFO, "Successfully signed new certificate. " . $this->owner_string);
     return $this->order_number;
 }
Example #8
0
 /**
  * Sign the CSR with the passed authToken. If signing succeeds, the class
  * member authKey is set to the orderNumber/certHash. If not, an error is
  * displayer
  * @param $authToken pubkey hash of the CSR that is to be signed
  */
 private function signCSR($authToken)
 {
     $csr = CSR::getFromDB($this->person->getX509ValidCN(), $authToken);
     if (!isset($csr) || !$csr) {
         $errorTag = PW::create();
         Framework::error_output("[{$errorTag}] Did not find CSR with auth_token " . htmlentities($auth_token));
         $msg = "User " . $this->person->getEPPN() . " ";
         $msg .= "tried to delete CSR with auth_token " . $authToken . " but was unsuccessful";
         Logger::logEvent(LOG_NOTICE, "Process_CSR", "approveCSR({$authToken})", $msg, __LINE__, $errorTag);
         return false;
     }
     try {
         if (!isset($this->ca)) {
             Framework::error_output($this->translateTag('l10n_err_noca', 'processcsr'));
             return false;
         }
         $permission = $this->person->mayRequestCertificate();
         if ($permission->isPermissionGranted() === false) {
             Framework::error_output($this->translateTag('l10n_err_noperm1', 'processcsr') . "<br /><br />" . $permission->getFormattedReasons() . "<br />" . $this->translateTag('l10n_err_noperm2', 'processcsr'));
             return;
         }
         $this->authKey = $this->ca->signKey($csr);
     } catch (CGE_ComodoAPIException $capie) {
         Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentities($capie));
         return false;
     } catch (ConfusaGenException $e) {
         $msg = $this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br /><i>" . htmlentities($e->getMessage()) . "</i><br />";
         Framework::error_output($msg);
         return false;
     } catch (KeySigningException $kse) {
         Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . htmlentites($kse->getMessage()));
         return false;
     }
     CSR::deleteFromDB($this->person, $authToken);
 }
Example #9
0
 /**
  * decoratePerson - get the supplied attributes and add to the correct
  * fields in person
  *
  * This function is a bit fragile. The reason for this, is that it needs
  * to 'bootstrap' the map for person-identifier (e.g. ePPN)
  * through various encodings.
  *
  * One way would be to add a specific mapping for all known NRENs, but
  * we'd rather add a generic approach and just try the known encodings
  * and see if we find something there.
  *
  * If, for some reason, a new NREN/IdP fails to correctly decorate the
  * person-object, the problem most likely starts here.
  *
  * @author Henrik Austad <henrik.austad@uninett.no>
  * @author Thomas Zangerl <tzangerl@pdc.kth.se>
  *
  * @throws CGE_CriticalAttributeException If an attribute without which Confusa
  *                                        really can not work is not found
  * @throws MapNotFoundException           If the NREN-map is not found
  *
  * @param array	$attributes
  * @param String $idp
  * @throws MapNotFoundException
  */
 protected function decoratePerson($attributes, $idp)
 {
     $cnPrefix = "";
     $oPrefix = "";
     if (Config::get_config('capi_test')) {
         $cnPrefix = ConfusaConstants::$CAPI_TEST_CN_PREFIX;
         $oPrefix = ConfusaConstants::$CAPI_TEST_O_PREFIX;
     }
     if (is_null($idp)) {
         throw new CGE_CriticalAttributeException("Need the URL of the IdP in order to create an NREN-object!");
     }
     if (is_null($attributes)) {
         throw new CGE_CriticalAttributeException("Cannot find <b>any</b> attributes!");
     }
     /* From the IdP, find the NREN-details */
     $this->person->setNREN(new NREN($idp));
     if (is_null($this->person->getNREN()) || !$this->person->getNREN()->isValid()) {
         $msg = "Could not map from the identity provider to the NREN. ";
         $msg .= "Probably the idp_map in the database is not configured for your idp ({$idp}) ";
         $msg .= "Please tell an administrator about that problem!";
         throw new CGE_CriticalAttributeException($msg);
     }
     $nren_id = $this->person->getNREN()->getID();
     Logger::logEvent(LOG_INFO, "Confusa_Auth", "decoratePerson(..., {$idp})", "Decorating person with map from NREN {$nren_id}.");
     $map = $this->person->getMap();
     /* Normal mapping, this is what we want. */
     if ($this->mapSanityCheck($map)) {
         /* Now that we have the NREN-map, reiterate getMap() in
          * case we can find the subscriber-map. */
         $this->person->setSubscriber(new Subscriber($attributes[$map['epodn']][0], $this->person->getNREN()));
         $new_map = $this->person->getMap();
         if ($this->mapSanityCheck($new_map)) {
             $map = $new_map;
         }
         $eppn = Input::sanitizeEPPN($attributes[$map['eppn']][0]);
         $this->person->setEPPN($eppn);
         if (!is_null($map['eppn'])) {
             $this->person->setEPPNKey($map['eppn']);
         }
         if (!is_null($map['cn'])) {
             if (array_key_exists($map['cn'], $attributes)) {
                 $cn = mysql_real_escape_string($attributes[$map['cn']][0]);
                 $this->person->setName($cnPrefix . $cn);
             }
         }
         /* end map has cn */
         if (!is_null($map['mail'])) {
             if (array_key_exists($map['mail'], $attributes)) {
                 $mail = Input::sanitizeEmail($attributes[$map['mail']]);
                 $this->person->setEmail($mail);
             }
         }
         /* go through and add the relevant entitlement-parts.
          * TODO: cleanup this and move to person::setEntitlement()
          */
         if (!is_null($map['entitlement'])) {
             if (array_key_exists($map['entitlement'], $attributes)) {
                 $entitlements = $attributes[$map['entitlement']];
             }
         }
         if (isset($entitlements)) {
             $namespace = Config::get_config('entitlement_namespace');
             foreach ($entitlements as $key => $entitlementValue) {
                 $pos = strpos($entitlementValue, $namespace);
                 /* Note: we *must* check for both false *and*
                  * type, as we want pos to be 0 */
                 if ($pos === false || (int) $pos != 0) {
                     continue;
                 } else {
                     $val = explode(":", $entitlementValue);
                     if (count($val) !== count(explode(":", $namespace)) + 1) {
                         Framework::error_output("Error with namespace, too many objects in namespace (" . count($val) . ")");
                         continue;
                     }
                     /* only set the part *after*
                      * entitlement-namespace */
                     $entitlement = Input::sanitizeEntitlement($val[count($val) - 1]);
                     /* is the entitlement a valid entitlement? */
                     if ($entitlement == Config::get_config('entitlement_user') || $entitlement == Config::get_config('entitlement_admin')) {
                         $this->person->setEntitlement($entitlement);
                     }
                 }
             }
         }
     } else {
         /* At this point we're on shaky ground as we have to
          * 'see if we can find anything'
          *
          *		no map is set, can we find the ePPN in there?
          */
         $eppnKey = $this->findEPPN($attributes);
         if (!is_null($eppnKey)) {
             $eppn = Input::sanitizeEPPN($eppnKey['value']);
             $this->person->setEPPN($eppn);
             $this->person->setEPPNKey($eppnKey['key']);
         }
         /* is ePPN registred as NREN admin (from bootstrap) */
         if ($this->person->isNRENAdmin()) {
             if (is_array($map)) {
                 Logger::log_event(LOG_WARNING, "Map for NREN {$nren_id} ({$idp}) corrupted. " . "Contains empty fields, consider dropping the map.");
             }
             $msg = "No NREN map found!";
             if (Config::get_config('debug')) {
                 $msg .= "Raw-dump of supplied attributes:<br />\n";
                 $msg .= "<br /><pre>\n";
                 foreach ($attributes as $key => $val) {
                     $tabs = "\t";
                     if (strlen($key) < 8) {
                         $tabs .= "\t\t";
                     } else {
                         if (strlen($key) < 16) {
                             $tabs .= "\t";
                         }
                     }
                     $msg .= htmlentities("{$key}{$tabs}{$val[0]}") . "\n";
                 }
                 $msg .= "</pre><br />\n";
             }
             throw new MapNotFoundException($msg);
         }
     }
 }
Example #10
0
 public function start()
 {
     /* From OWASP (prevent clickjacking):
      *
      * This new (nonstandard) X-FRAME-OPTIONS header is used to mark
      * responses that shouldn't be framed. There are two options with
      * X-FRAME-OPTIONS. The first is DENY, which prevents everyone from
      * framing the content.
      *
      * This can also be done by apache itself:
      * a2enmod headers
      * Add to the Virtualhost, directory that hosts confusa:
      * Header set X-Frame-Options "DENY"
      */
     header('X-Frame-Options: DENY');
     /*
      * Strict-Transport-Security (RFC 6797)
      * Once page has been accessed over HTTPS and this header was present,
      * confirmant browsers will force subsequent requests over HTTPS aswell.
      */
     header('Strict-Transport-Security: max-age=31536000');
     /* Set tpl object to content page */
     $this->contentPage->setTpl($this->tpl);
     /* check the authentication-thing, catch the login-hook
      * This is done via confusa_auth
      */
     try {
         $this->authenticate();
     } catch (CGE_CriticalAttributeException $cae) {
         $msg = "<b>" . $this->contentPage->translateMessageTag('fw_error_critical_attribute1') . "</b><br /><br />";
         $msg .= htmlentities($cae->getMessage()) . "<br /><br />";
         $msg .= $this->contentPage->translateMessageTag('fw_error_critical_attribute2');
         Framework::error_output($msg);
         $this->renderError = true;
     } catch (MapNotFoundException $mnfe) {
         $msg = $this->contentPage->translateMessageTag('fw_error_map_notfound');
         /* if user is admin */
         if ($this->person->isNRENAdmin()) {
             $msg .= "<br /><br />";
             $msg .= "<a href=\"attributes.php?mode=admin&anticsrf=" . Framework::getAntiCSRF() . "\">";
             $msg .= $this->contentPage->translateMessageTag('fw_error_map_updatemap');
             $msg .= "</>\n";
         }
         Framework::error_output($msg);
         $this->renderError = true;
     } catch (ConfusaGenException $cge) {
         Framework::error_output($this->contentPage->translateMessageTag('fw_error_auth') . htmlentities($cge->getMessage()));
         $this->renderError = true;
     }
     if ($this->isCSRFAttempt()) {
         Framework::error_output($this->contentPage->translateMessageTag('fw_anticsrf_msg'));
         $this->tpl->assign('instance', Config::get_config('system_name'));
         $this->tpl->assign('errors', self::$errors);
         $this->tpl->display('site.tpl');
         exit(0);
     }
     /* Create a new anti CSRF token and export to the template engine */
     $this->current_anticsrf = self::getAntiCSRF();
     $this->tpl->assign('ganticsrf', 'anticsrf=' . $this->current_anticsrf);
     $this->tpl->assign('panticsrf', '<input type="hidden" name="anticsrf" value="' . $this->current_anticsrf . '" />');
     /*
      * Try to run the pre-processing
      */
     try {
         $res = $this->contentPage->pre_process($this->person);
         if ($res) {
             $this->tpl->assign('extraHeader');
         }
     } catch (CGE_RemoteCredentialException $rce) {
         $msg = $this->contentPage->translateMessageTag('fw_error_remote_credential1');
         $msg .= "<i>" . htmlentities($rce->getMessage()) . "</i><br /><br />";
         if ($this->person->isNRENAdmin()) {
             $msg .= "<div style=\"text-align: center\">";
             $msg .= self::translateMessageTag('fw_error_remote_credential2') . "</div>";
         } else {
             $msg .= Framework::error_output($this->contentPage->translateMessageTag('fw_error_remote_credential3'));
             $this->renderError = true;
         }
         Framework::warning_output($msg);
     } catch (KeyNotFoundException $knfe) {
         $this->renderError = true;
         $errorTag = PW::create(8);
         $msg = "[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_keynotfound1');
         Logger::logEvent(LOG_NOTICE, "Framework", "start()", "Config-file not properly configured: " . $knfe->getMessage(), __LINE__, $errorTag);
         $msg .= htmlentities($knfe->getMessage());
         $msg .= "<br />" . $this->contentPage->translateMessageTag('fw_keynotfound2');
         Framework::error_output($msg);
     } catch (Exception $e) {
         Framework::error_output($this->contentPage->translateMessageTag('fw_unhandledexp1') . "<br />" . htmlentities($e->getMessage()));
         $this->renderError = true;
     }
     /* ----------------------------------------------------------------
      * Admin messages, trigger on missing elements
      */
     if ($this->person->isNRENAdmin()) {
         $this->triggerAdminIssues();
     }
     /* Mode-hook, to catch mode-change regardless of target-page (not only
      * index) */
     if (isset($_GET['mode'])) {
         $new_mode = NORMAL_MODE;
         if (htmlentities($_GET['mode']) == 'admin') {
             $new_mode = ADMIN_MODE;
         }
         $this->person->setMode($new_mode);
     }
     $this->tpl->assign('title_logo', $this->contentPage->translateMessageTag('l10n_title_logo'));
     $this->tpl->assign('person', $this->person);
     $this->tpl->assign('subscriber', $this->person->getSubscriber());
     $this->tpl->assign('nren', $this->person->getNREN());
     $this->tpl->assign('is_online', Config::get_config('ca_mode') === CA_COMODO);
     /* If we have a renderError, do not allow the user-page to
      * render, otherwise, run it, and catch all unhandled exception
      *
      * The general idea, is that the process() should be
      * self-contained wrt to exceptions.
      *
      * A NREN admin is supposed to be able to "fix stuff" such as for instance
      * CGE_CriticalAttributeExceptions and should hence see the pages also if
      * renderError is set.
      */
     if (!$this->renderError || $this->person->isNRENAdmin()) {
         try {
             $this->applyNRENBranding();
             $this->contentPage->process($this->person);
         } catch (KeyNotFoundException $knfe) {
             $errorTag = PW::create(8);
             $msg = "[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_keynotfound1');
             Logger::logEvent(LOG_NOTICE, "Framework", "start()", "Config-file not properly configured: " . $knfe->getMessage(), __LINE__, $errorTag);
             $msg .= htmlentities($knfe->getMessage());
             $msg .= "<br />" . $this->contentPage->translateMessageTag('fw_keynotfound2');
             Framework::error_output($msg);
         } catch (Exception $e) {
             Logger::logEvent(LOG_INFO, "Framework", "start()", "Unhandleded exception when running contentPage->process()", __LINE__);
             Framework::error_output($this->contentPage->translateMessageTag('fw_unhandledexp1') . "<br />\n" . htmlentities($e->getMessage()));
         }
     } else {
         $nren = $this->person->getNREN();
         if (isset($nren)) {
             /* if all else fails, at least give the user some recovery information */
             Framework::message_output($this->contentPage->translateMessageTag('fw_unrecoverable_nren') . htmlentities($this->person->getEPPN()));
         } else {
             $errorTag = PW::create();
             Framework::error_output("[{$errorTag}] " . $this->contentPage->translateMessageTag('fw_unrecoverable_nonren'));
             Logger::logEvent(LOG_WARNING, "Framework", "start()", "User contacting us from " . $_SERVER['REMOTE_ADDR'] . " tried to login from IdP that appears to have no NREN-mapping!", __LINE__, $errorTag);
         }
     }
     $this->tpl->assign('logoutUrl', 'logout.php');
     // see render_menu($this->person)
     $this->tpl->assign('menu', $this->tpl->fetch('menu.tpl'));
     $this->tpl->assign('errors', self::$errors);
     $this->tpl->assign('messages', self::$messages);
     $this->tpl->assign('successes', self::$successes);
     $this->tpl->assign('warnings', self::$warnings);
     if (Config::get_config('debug')) {
         $db_debug_res = "";
         $db_debug_res .= "<address>\n";
         $db_debug_res .= "During this session, we had ";
         $db_debug_res .= MDB2Wrapper::getConnCounter() . " individual DB-connections.<br />\n";
         $db_debug_res .= "</address>\n";
         $this->tpl->assign('db_debug', $db_debug_res);
     }
     $this->tpl->display('site.tpl');
     if (!$this->renderError) {
         $this->contentPage->post_process($this->person);
     }
 }
 function get_consumer_info($consumer_key)
 {
     $data = $this->store->get('consumers', $consumer_key, '');
     if ($data == NULL) {
         throw new Exception('No consumer registered for key ' . $consumer_key);
     }
     if (empty($data['value']['name'])) {
         $errorStr = "No consumer name found for consumer with key " . $consumer_key . "!";
         Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
         throw new Exception($errorStr);
     }
     if (empty($data['value']['description'])) {
         $errorStr = "No consumer description found for consumer with key" . " {$consumer_key}!";
         Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
         throw new Exception($errorStr);
     }
     if (empty($data['value']['owner'])) {
         $errorStr = "No owner found for consumer with key" . " {$consumer_key}!";
         Logger::logEvent(LOG_ERR, __CLASS__, __METHOD__, $errorStr, __LINE__);
         throw new Exception($errorStr);
     }
     $result = array('name' => $data['value']['name'], 'description' => $data['value']['description'], 'owner' => $data['value']['owner']);
     return $result;
 }