public function pre_process($person) { parent::pre_process($person); $auth = AuthHandler::getAuthManager($this->person); $this->discoPath = $auth->getDiscoPath(); /* * Handle country AuthN redirect. Both can redirect, if they don't, show * the map. */ $nren = NREN_Handler::getNREN($_SERVER['SERVER_NAME']); if (!empty($nren)) { $this->redirectToWAYF($nren); $this->forwardToDisco($nren); } /* if not redirected, continue */ if (array_key_exists('country', $_GET)) { $this->selected_country = htmlentities($_GET['country']); $nren = NREN_Handler::getNREN($url, 1); echo "redirecting to idp-part for " . $this->selected_country . ", stopping rendering of this page now\n"; exit(0); } /* textual view? */ if (array_key_exists('textual_view', $_GET)) { if ($_GET['textual_view'] === "yes") { $this->mapMode = false; } } else { /* ok, show map */ $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js', 'js/jquery-jvectormap-1.1.1.min.js', 'js/jquery-jvectormap-europe-mill-en.js')); } }
/** * @throws CGE_CriticalAttributeException If an attribute needed for the operation of Confusa is not found * @throws MapNotFoundException If the NREN-map for the attributes is not found */ public function authenticate() { /* if login, trigger SAML-redirect first */ $auth = AuthHandler::getAuthManager($this->person); $authRequired = $this->contentPage->is_protected() || isset($_GET['start_login']) && $_GET['start_login'] === 'yes'; $auth->authenticate($authRequired); /* show a warning if the person does not have Confusa * entitlement and ConfusaAdmin entitlement */ if ($this->person->isAuth()) { if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_user')) == false) { if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin')) == false) { $entitlement = Config::get_config('entitlement_namespace') . ":"; $entitlement .= Config::get_config('entitlement_user'); $msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1'); $msg .= "<br /><i>{$entitlement}</i><br /><br />"; $msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_2'); if (!is_null($this->person->getSubscriber())) { $url = $this->person->getSubscriber()->getHelpURL(); $email = $this->person->getSubscriber()->getHelpEmail(); $msg .= "<br />\n"; $msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_3'); $msg .= '<br /><ul><li style="margin: 1em 0 0 2em">'; $msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_4'); $msg .= "<a href=\"mailto:{$email}\">{$email}</a></li>"; $msg .= '<li style="margin: 1em 0 0 2em">'; $msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_5'); $msg .= "<a href=\"{$url}\">{$url}</a></li>\n</ul><br />\n"; } Framework::error_output($msg); } else { $entitlement = Config::get_config('entitlement_namespace') . ":"; $entitlement = Config::get_config('entitlement_user'); $msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1'); $msg .= "<br /><i>{$entitlement}</i><br /><br />"; $msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_6'); Framework::warning_output($msg); } } } else { /* maybe we can guess the NREN from the URL */ $this->person->setNREN(NREN_Handler::getNREN($_SERVER['SERVER_NAME']), 1); } /* * Force reauthentication based on the settings if the session is too * old */ if (Framework::$sensitive_action) { $auth->reAuthenticate(); } }
function queryOrder($nren, $order) { echo "Looking for {$order} issued to nren {$nren}\n"; $nren = NREN_Handler::getByID($nren); if (!$nren) { echo "\n\tError when retrieving NREN {$nren}, please use correct NREN-ID\n\n"; listNRENs(); return; } $person = new Person(); $person->setNREN($nren); $person->isAuth(true); $ca = CAHandler::getCA($person); $status = $ca->pollCertStatus($order, true); $errors = explode("\n", $status, 2); if (!is_numeric($errors[0])) { echo "Malformed response from CA, all bets are off :/\n"; return; } echo "Response from CA backend: " . $errors[0] . ":\n"; switch ($errors[0]) { case 0: echo "Certificate is currently being processed by Comodo\n"; break; case 1: echo "Certificate available, no errors detected\n"; getCert($ca, $order, $person); break; case -1: echo "Request via vulnerable channel (non-https)\n"; break; case -2: echo "Unrecognized argument sent to CA backend.\n"; echo $status . "\n"; break; case "-3": case "-4": /* invalid password? */ echo "You are not allowed to log in and view this certificate\n"; $caa = "CA Account problems -"; if (strpos($errors[1], "loginPassword") !== FALSE) { echo "{$caa} invalid password\n"; } /* invalid username? */ if (strpos($errors[1], "loginName") !== FALSE) { echo "{$caa} invalid username\n"; } if (strpos($errors[1], "ap") !== FALSE) { echo "{$caa} invalid AP-Name\n"; } if (strpos($errors[1], "orderNumber") !== FALSE) { echo "Invalid orderNumber, make sure that the certificate you are looking for" . " are accessible via this NREN-account!\n"; } break; case "-13": echo "The CSR contained a publickey with invalid keysize, make sure it is long enough!\n"; break; case "-14": echo "Unknown error\n"; break; case "-16": echo "Permission denied when contacting Comodo backend\n"; break; case "-17": echo "Confusa used GET insted of POST when contacting CA backend\n"; break; case "-20": echo "CSR rejected by CA\n"; break; case "-21": echo "Certificate has been revoked\n"; break; case "-22": echo "Awaiting payment, certificate on hold\n"; break; default: echo "unknown error (" . $errors[0] . ")\n"; break; } /* endswitch */ print_r($errors[1]); echo "\n"; }