static function get($person)
{
if (is_null($person)) {
return false;
}
if (is_null(self::$NRENAccount)) {
self::$NRENAccount = new NRENAccount($person);
}
return self::$NRENAccount;
}
function __construct($pers, $validityPeriod)
{
parent::__construct($pers, $validityPeriod);
$this->account = NRENAccount::get($pers);
if (Config::get_config('capi_test') == true) {
$this->dcs[] = ConfusaConstants::$CAPI_TEST_DC_PREFIX;
}
if (Config::get_config('cert_product') == PRD_ESCIENCE) {
$this->dcs[] = "org";
$this->dcs[] = "terena";
$this->dcs[] = "tcs";
}
}
public function pre_process($person)
{
$res = true;
$this->setPerson($person);
$this->account = NRENAccount::get($this->person);
/* If the caller is not a nren-admin or Confusa is not in online mode, we stop here */
if (!$this->person->isNRENAdmin() || Config::get_config('ca_mode') != CA_COMODO) {
return false;
}
$login_name = false;
$password = false;
$ap_name = false;
if (isset($_POST['account']) && $_POST['account'] === 'edit') {
/* We must use POST as we may pass along a password and
* we do not want to set that statically in the subject-line. */
if (isset($_POST['login_name'])) {
$ln = $_POST['login_name'];
$login_name = Input::sanitizeText(htmlspecialchars($ln));
if ($ln === $login_name) {
$this->account->setLoginName($login_name);
$res = false;
} else {
/* FIXME: l10n */
Framework::error_output("The new login_name contains illegal characters, dropping new login!");
}
}
/* Do not sanitize password, we should allow special characters and
* stuff, we should url-encode it. If Comodo does not sanitize
* their password, it's their business, not ours. */
if (isset($_POST['password']) && $_POST['password'] !== "") {
$this->account->setPassword($_POST['password']);
}
if (isset($_POST['ap_name'])) {
$ap = $_POST['ap_name'];
$ap_name = Input::sanitizeText(htmlspecialchars($ap));
if ($ap === $ap_name) {
$this->account->setAPName($ap_name);
} else {
/* FIXME: l10n */
Framework::error_output("Cleaned ap-name and it contains illegal characters, dropping new name!");
$res = false;
}
}
/* should we validate? */
try {
$validate = false;
if (isset($_POST['verify_ca_cred']) && $_POST['verify_ca_cred'] === "yes") {
$validate = true;
}
if ($this->account->save($validate)) {
/* FIXME: l10n */
Framework::success_output("CA Account details successfully updated!");
} else {
Framework::message_output("No changes to account-details, not updating.");
}
} catch (ConfusaGenException $cge) {
/* FIXME: l10n */
Framework::error_output("Could not update account-data: " . $cge->getMessage());
}
}
parent::pre_process($person);
return $res;
}
function testMultipleNrenMaps()
{
MDB2Wrapper::setMode(MDB2Wrapper::NRENAccountError);
$account = NRENAccount::get(new Person());
$this->assertFalse($account->read(), "NRENAccount received corrupted data but did not fail");
}
