$sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY); if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') { error_log("Found no SA in SR!'"); } } if (!isset($ma_url)) { $ma_url = get_first_service_of_type(SR_SERVICE_TYPE::MEMBER_AUTHORITY); if (!isset($ma_url) || is_null($ma_url) || $ma_url == '') { error_log("Found no MA in SR!'"); } } // Store any warnings here for display at the top of the page. $warnings = array(); // Warnings specific to omni 2.2 or newer $warnings22 = array(); $result = ma_lookup_certificate($ma_url, $user, $user->account_id); $has_certificate = !is_null($result); $has_private_key = false; if ($has_certificate && array_key_exists(MA_OUTSIDE_CERT_TABLE_FIELDNAME::PRIVATE_KEY, $result) && !is_null($result[MA_OUTSIDE_CERT_TABLE_FIELDNAME::PRIVATE_KEY])) { $has_private_key = true; } if (!$has_certificate) { // warn that no cert has been generated $warnings[] = '<p class="warn">No certificate has been generated.' . ' Please <a href="kmcert.php?close=1" target="_blank">' . 'generate a certificate' . '</a>.' . '</p>'; } // FIXME: hardcoded path $download_url = 'https://' . $_SERVER['SERVER_NAME'] . '/secure/kmcert.php?close=1'; $download_text = 'Create and download your certificate'; if ($has_certificate) { $download_text = 'Download your certificate'; }
function download_cert($ma_url, $km_signer, $member) { $member_id = $member->member_id; $username = $member->username; $result = ma_lookup_certificate($ma_url, $km_signer, $member_id); $cert_filename = "geni-{$username}.pem"; // Set headers for download header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename={$cert_filename}"); header("Content-Type: application/pem"); header("Content-Transfer-Encoding: binary"); if (key_exists(MA_ARGUMENT::PRIVATE_KEY, $result)) { print $result[MA_ARGUMENT::PRIVATE_KEY]; print "\n"; } print $result[MA_ARGUMENT::CERTIFICATE]; }
function get_jfed_strs($user) { global $portal_jquery_url; global $portal_jqueryui_css_url; global $portal_jqueryui_js_url; $jfed_button_start = null; $jfed_script_text = ''; $jfed_button_part2 = ''; $certkey = ''; $browser = getBrowser(); if (strpos(strtolower($browser["name"]), "chrom") !== false and strpos(strtolower($browser["platform"]), "mac") === 0) { //error_log("User browser: " . $browser["name"] . " version " . $browser["version"] . " on " . $browser["platform"]); // While interesting, this message appears every time a Chrome on Mac user displays this page. Too much. //error_log("User running Chrome on Mac. Can't launch jFed. User should try Safari or Firefox."); $jfed_button_start = "<button type='button' onclick='alert(\"jFed cannot run in Chrome on a Mac. Try Safari or Firefox.\")'"; return array($jfed_script_text, $jfed_button_start, ''); } if (!isset($user)) { $user = geni_loadUser(); } if (!isset($ma_url)) { $ma_url = get_first_service_of_type(SR_SERVICE_TYPE::MEMBER_AUTHORITY); if (!isset($ma_url) || is_null($ma_url) || $ma_url == '') { error_log("Found no MA in SR!'"); return array('', null); } } // Code to set up jfed button $certresult = ma_lookup_certificate($ma_url, $user, $user->account_id); $expiration_key = 'expiration'; $has_certificate = False; $has_key = False; $expired = False; $expiration = NULL; if (!is_null($certresult)) { $has_certificate = True; $has_key = array_key_exists(MA_ARGUMENT::PRIVATE_KEY, $certresult); if (array_key_exists($expiration_key, $certresult)) { $expiration = $certresult[$expiration_key]; $now = new DateTime('now', new DateTimeZone("UTC")); $expired = $expiration < $now; } } if (!$has_certificate or $expired) { $jfed_button_start = "<button type='button' onclick='alert(\"Generate an SSL (Omni) key pair to use jFed.\")'"; $jfed_button_part2 = ''; } else { // Print the script tags needed $params = ''; if ($has_key) { $certstring = $certresult[MA_ARGUMENT::PRIVATE_KEY] . "\n" . $certresult[MA_ARGUMENT::CERTIFICATE]; $certkey = base64_encode($certstring); // $params = ", params: {'login-certificate-string' : '" . base64_encode($certstring) . "' }"; } $jfed_script_text = "\n <script>\n var config = {\n java8_jnlp: 'http://jfed.iminds.be/jfed-geni-java8.jnlp',\n java7_jnlp: 'http://jfed.iminds.be/jfed-geni-java7.jnlp'\n };\n var certkey = '{$certkey}';\n //var slice_urn = 'urn:publicid:IDN+ch.geni.net:CHtest+slice+vm1';\n var slice_urn = ''; // over-ridden in the onclick of the jFed button with the specific slice URN. launchjFed() uses this global. Tom says Gross!\n </script>\n <script src=\"//java.com/js/dtjava.js\"></script>\n <script src='https://authority.ilabt.iminds.be/js/jfed_webstart_geni.js'></script>\n<div id='java7Dialog' title=\"Old Java version detected\" style=\"display: none\">\n<p>The latest version of jFed is only compatible with Java 8 or higher. We detected that you are using an older version.</p>\n<p>Please upgrade to Java 8 to get access to the newest version of jFed. Otherwise, you can use jFed 5.3.2, which is Java 7-compatible.</p>\n</div>\n\n<div id='noJavaDialog' title=\"No Java detected\" style=\"display: none\">\n<p>jFed requires Java to run. We however couldn't detect a Java installation in your browser.</p>\n<p>Please install the latest version of Java to continue.</p>\n</div>\n"; // Brecht has id of 'start' $jfed_button_start = "<button id='jfed' type='button' onclick='"; //launchjFed()'"; $jfed_button_part2 = " launchjFed()'"; } return array($jfed_script_text, $jfed_button_start, $jfed_button_part2); }
$member_id_value = strtolower($member_id_value); $members = ma_lookup_member_id($ma_url, $km_signer, $member_id_key, $member_id_value); } else { error_log("No member_id_key {$member_id_key} given to loadcert.php"); } if (count($members) > 0) { $member = $members[0]; $member_id = $member->member_id; } /* * Now we're done with the optional setting of the passphrase, so * continue by retrieving the key and cert. */ $certificate = NULL; $private_key = NULL; $result = ma_lookup_certificate($ma_url, $km_signer, $member_id); if (isset($result) && key_exists(MA_ARGUMENT::CERTIFICATE, $result)) { $certificate = $result[MA_ARGUMENT::CERTIFICATE]; } if (isset($result) && key_exists(MA_ARGUMENT::PRIVATE_KEY, $result)) { $private_key = $result[MA_ARGUMENT::PRIVATE_KEY]; } $expiration_key = 'expiration'; $expired = False; if (isset($result)) { if (array_key_exists($expiration_key, $result)) { $expiration = $result[$expiration_key]; $now = new DateTime('now', new DateTimeZone("UTC")); $expired = $expiration < $now; } }