Пример #1
0
 protected function _checkCertificateValidity()
 {
     $validator = new Janus_OpenSsl_Certificate_Validator($this->_certificate);
     $validator->setIgnoreSelfSigned(true);
     $validator->validate();
     $this->_response->Warnings = array_merge($this->_response->Warnings, $validator->getWarnings());
     $this->_response->Errors = array_merge($this->_response->Errors, $validator->getErrors());
 }
 public function runForCronTag($cronTag)
 {
     if (!$this->_isExecuteRequired($cronTag)) {
         return array();
     }
     $cronLogger = new sspmod_janus_Cron_Logger();
     try {
         $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
         $srConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
         $rootCertificatesFile = $srConfig->getString('ca_bundle_file');
         $util = new sspmod_janus_AdminUtil();
         $entities = $util->getEntities();
         foreach ($entities as $partialEntity) {
             try {
                 $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
                 $eid = $partialEntity['eid'];
                 if (!$entityController->setEntity($eid)) {
                     $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
                     continue;
                 }
                 $entityController->loadEntity();
                 $entityId = $entityController->getEntity()->getEntityid();
                 $entityType = $entityController->getEntity()->getType();
                 try {
                     try {
                         $certificate = $entityController->getCertificate();
                         // @workaround
                         // Since getCertificate() returns false when certificate does not exist following check is required to skip validation
                         if (empty($certificate)) {
                             throw new Exception('No certificate found');
                         }
                     } catch (Exception $e) {
                         if ($entityType === 'saml20-sp') {
                             $cronLogger->with($entityId)->notice("SP does not have a certificate");
                         } else {
                             if ($entityType === 'saml20-idp') {
                                 $cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?");
                             }
                         }
                         continue;
                     }
                     $validator = new Janus_OpenSsl_Certificate_Validator($certificate);
                     $validator->setIgnoreSelfSigned(true);
                     $validator->validate();
                     $validatorWarnings = $validator->getWarnings();
                     $validatorErrors = $validator->getErrors();
                     foreach ($validatorWarnings as $warning) {
                         $cronLogger->with($entityId)->warn($warning);
                     }
                     foreach ($validatorErrors as $error) {
                         $cronLogger->with($entityId)->error($error);
                     }
                     Janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile);
                     $chain = Janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate);
                     $validator = new Janus_OpenSsl_Certificate_Chain_Validator($chain);
                     $validator->setIgnoreSelfSigned(true);
                     $validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile);
                     $validator->validate();
                     $validatorWarnings = $validator->getWarnings();
                     $validatorErrors = $validator->getErrors();
                     foreach ($validatorWarnings as $warning) {
                         $cronLogger->with($entityId)->warn($warning);
                     }
                     foreach ($validatorErrors as $error) {
                         $cronLogger->with($entityId)->error($error);
                     }
                 } catch (Exception $e) {
                     $cronLogger->with($entityId)->error($e->getMessage());
                 }
             } catch (Exception $e) {
                 $cronLogger->error($e->getMessage() . $e->getTraceAsString());
             }
         }
     } catch (Exception $e) {
         $cronLogger->error($e->getMessage() . $e->getTraceAsString());
     }
     if ($cronLogger->hasErrors()) {
         $this->_mailTechnicalContact($cronTag, $cronLogger);
     }
     return $cronLogger->getSummaryLines();
 }