public function authenticate() { if (self::hasModSsl()) { // Fix to support reverseProxy without SSLProxyEngine $clientCert = !empty($_SERVER['SSL_CLIENT_CERT']) ? $_SERVER['SSL_CLIENT_CERT'] : $_SERVER['HTTP_SSL_CLIENT_CERT']; // get Identity $certificate = Custom_Auth_ModSsl_Certificate_Factory::buildCertificate($clientCert); $config = Tinebase_Config::getInstance()->get('modssl'); if (class_exists($config->username_callback)) { $callback = new $config->username_callback($certificate); } else { // fallback to default $callback = new Custom_Auth_ModSsl_UsernameCallback_Standard($certificate); } $this->setIdentity(call_user_func(array($callback, 'getUsername'))); $this->setCredential(null); if ($certificate instanceof Custom_Auth_ModSsl_Certificate_X509) { if (!$certificate->isValid()) { $lines = ''; foreach ($certificate->getStatusErrors() as $line) { $lines .= $line . '#'; } if (Tinebase_Core::isLogLevel(Zend_Log::ERR)) { Tinebase_Core::getLogger()->err(__METHOD__ . '::' . __LINE__ . ' ModSsl authentication for ' . $this->_identity . ' failed: ' . $lines); } return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity, $certificate->getStatusErrors()); } $messages = array('Authentication Successfull'); // If certificate is valid store it in database $controller = Addressbook_Controller_Certificate::getInstance(); try { $controller->create(new Addressbook_Model_Certificate($certificate)); } catch (Tinebase_Exception_Duplicate $e) { // Fail silently if certificate already exists } return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity, $messages); } } return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, 'Unknown User', array('Unknown Authentication Error')); }
private static function pullCertificateFromMessage($msgTempFile) { $return = false; $path = Tinebase_Core::getTempDir(); // if(!$msg) // { // return $return; // } $w = ''; $output = array(); $w = exec('cat ' . $msgTempFile . ' | openssl smime -pk7out | openssl pkcs7 -print_certs', $output); if (!$w == '') { return $return; } $aux1 = ''; // string with output from command... foreach ($output as $line) { $aux1 .= $line . chr(0xa); } // certificates array.. $aux2 = explode('-----BEGIN CERTIFICATE-----', $aux1); array_shift($aux2); // fix certificates.. $aux5 = array(); foreach ($aux2 as $item) { $aux3 = explode('-----END CERTIFICATE-----', $item); $aux4 = '-----BEGIN CERTIFICATE-----' . $aux3[0] . '-----END CERTIFICATE-----'; $aux5[] = $aux4; } // only one no CA certificate .... foreach ($aux5 as $item) { $Data_cert = Custom_Auth_ModSsl_Certificate_Factory::buildCertificate($item, FALSE); if (!$Data_cert->isCA()) { $return = $Data_cert; break; } } return $return; }