/** * Verify a proxy chain from the CAS Server. * * Proxy chains from CAS Server responses are compared against the config * to ensure only allowed proxy chains are validated. * * @param \DOMNodeList $proxy_chain * An XML element containing proxy values, from most recent to first. * * @throws CasValidateException */ private function verifyProxyChain($proxy_chain) { $allowed_proxy_chains_raw = $this->casHelper->getProxyChains(); $allowed_proxy_chains = $this->parseAllowedProxyChains($allowed_proxy_chains_raw); $server_chain = $this->parseServerProxyChain($proxy_chain); $this->casHelper->log("Attempting to verify supplied proxy chain: " . print_r($server_chain, TRUE)); // Loop through the allowed chains, checking the supplied chain for match. foreach ($allowed_proxy_chains as $chain) { // If the lengths mismatch, cannot be a match. if (count($chain) != count($server_chain)) { continue; } // Loop through regex in the chain, matching against supplied URL. $flag = TRUE; foreach ($chain as $index => $regex) { if (preg_match('/^\\/.*\\/[ixASUXu]*$/s', $regex)) { if (!preg_match($regex, $server_chain[$index])) { $flag = FALSE; $this->casHelper->log("Failed to match {$regex} with supplied " . $server_chain[$index]); break; } } else { if (!(strncasecmp($regex, $server_chain[$index], strlen($regex)) == 0)) { $flag = FALSE; $this->casHelper->log("Failed to match {$regex} with supplied " . $server_chain[$index]); break; } } } // If we have a match, return. if ($flag == TRUE) { $this->casHelper->log("Matched allowed chain: " . print_r($chain, TRUE)); return; } } // If we've reached this point, no chain was validated, so throw exception. $this->casHelper->log("Proxy chain did not match allowed list."); throw new CasValidateException("Proxy chain did not match allowed list."); }
/** * Test getting the proxy chain configuration. * * @covers ::getProxyChains * @covers ::__construct */ public function testGetProxyChains() { $config_factory = $this->getConfigFactoryStub(array('cas.settings' => array('server.hostname' => 'example.com', 'server.port' => 443, 'server.path' => '/cas', 'proxy.proxy_chains' => 'https://example.com'))); $cas_helper = new CasHelper($config_factory, $this->urlGenerator, $this->connection, $this->loggerFactory, $this->session); $this->assertEquals('https://example.com', $cas_helper->getProxyChains()); }