| 1 |  |  | <?php | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | namespace CILogon\Service; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | use CILogon\Service\Util; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  | /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  |  * MyProxy | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 9 |  |  |  */ | 
            
                                                                        
                            
            
                                    
            
            
                | 10 |  |  | class MyProxy | 
            
                                                                        
                            
            
                                    
            
            
                | 11 |  |  | { | 
            
                                                                        
                            
            
                                    
            
            
                | 12 |  |  |     /** | 
            
                                                                        
                            
            
                                    
            
            
                | 13 |  |  |      * getMyProxyCredential | 
            
                                                                        
                            
            
                                    
            
            
                | 14 |  |  |      * | 
            
                                                                        
                            
            
                                    
            
            
                | 15 |  |  |      * This function gets an X.509 credential (as a string) for a user. | 
            
                                                                        
                            
            
                                    
            
            
                | 16 |  |  |      * | 
            
                                                                        
                            
            
                                    
            
            
                | 17 |  |  |      * @param string $username The MyProxy user name (-l) | 
            
                                                                        
                            
            
                                    
            
            
                | 18 |  |  |      * @param string $passphrase (Optional) The MyProxy password for the | 
            
                                                                        
                            
            
                                    
            
            
                | 19 |  |  |      *        username (-S). Defaults to empty string.  NOTE: If $passphrase | 
            
                                                                        
                            
            
                                    
            
            
                | 20 |  |  |      *        is non-empty, you CANNOT set a $certreq. | 
            
                                                                        
                            
            
                                    
            
            
                | 21 |  |  |      * @param string $server (Optional) The MyProxy server to connect to (-s). | 
            
                                                                        
                            
            
                                    
            
            
                | 22 |  |  |      *        Defaults to MYPROXY_HOST. | 
            
                                                                        
                            
            
                                    
            
            
                | 23 |  |  |      * @param int $port (Optional) The port for the MyProxy server (-p). | 
            
                                                                        
                            
            
                                    
            
            
                | 24 |  |  |      *        Defaults to MYPROXY_PORT. | 
            
                                                                        
                            
            
                                    
            
            
                | 25 |  |  |      * @param int $lifetime (Optional) The life of the proxy in hours (-t). | 
            
                                                                        
                            
            
                                    
            
            
                | 26 |  |  |      *        Defaults to MYPROXY_LIFETIME hours. | 
            
                                                                        
                            
            
                                    
            
            
                | 27 |  |  |      * @param string $usercert (Optional) The X509_USER_CERT environment | 
            
                                                                        
                            
            
                                    
            
            
                | 28 |  |  |      *        variable, OR the X509_USER_PROXY environment variable if | 
            
                                                                        
                            
            
                                    
            
            
                | 29 |  |  |      *        $userkey is set to the empty string.  Defaults to empty string. | 
            
                                                                        
                            
            
                                    
            
            
                | 30 |  |  |      * @param string $userkey (Optional) The X509_USER_KEY environment | 
            
                                                                        
                            
            
                                    
            
            
                | 31 |  |  |      *        variable. Defaults to empty string. | 
            
                                                                        
                            
            
                                    
            
            
                | 32 |  |  |      * @param string $certreq (Optional) A certificate request created by the | 
            
                                                                        
                            
            
                                    
            
            
                | 33 |  |  |      *        openssl req command (--certreq).  Defaults to empty string. | 
            
                                                                        
                            
            
                                    
            
            
                | 34 |  |  |      *        NOTE: If $certreq is non-empty, you CANNOT set a $passphrase. | 
            
                                                                        
                            
            
                                    
            
            
                | 35 |  |  |      * @param string $env (Optional) Extra environment variables in the form | 
            
                                                                        
                            
            
                                    
            
            
                | 36 |  |  |      *        of space-separated 'key=value' pairs. | 
            
                                                                        
                            
            
                                    
            
            
                | 37 |  |  |      * @return string An X509 credential in a string upon success, or | 
            
                                                                        
                            
            
                                    
            
            
                | 38 |  |  |      *         an empty string upon failure. | 
            
                                                                        
                            
            
                                    
            
            
                | 39 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  |     public static function getMyProxyCredential( | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 |  |  |         $username, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 |  |  |         $passphrase = '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 |  |  |         $server = MYPROXY_HOST, | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 |  |  |         $port = MYPROXY_PORT, | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 |  |  |         $lifetime = MYPROXY_LIFETIME, | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  |         $usercert = '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  |         $userkey = '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  |         $certreq = '', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  |         $env = '' | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 |  |  |     ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  |         $retstr = ''; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 |  |  |         // Verify the myproxy-logon binary has been configured | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 |  |  |         if ((!defined('MYPROXY_LOGON')) || (empty(MYPROXY_LOGON))) { | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 |  |  |             Util::sendErrorAlert( | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 |  |  |                 'getMyProxyCredential Error', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 |  |  |                 'MyProxy Error = myproxy-logon binary not configured' | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 |  |  |             ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 |  |  |             return $retstr; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 |  |  |         // Make sure the username passed in is not empty | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 |  |  |         if (strlen($username) == 0) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 |  |  |             Util::sendErrorAlert( | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 |  |  |                 'getMyProxyCredential Error', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 |  |  |                 'MyProxy Error = Missing MyProxy username' | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 |  |  |             ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 |  |  |             return $retstr; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  |         // Don't allow weird port numbers, i.e. negative or over 65535 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 72 |  |  |         if (($port < 0) || ($port > 65535)) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 73 |  |  |             $port = MYPROXY_PORT; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 74 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 75 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 76 |  |  |         // Don't allow weird lifetimes, i.e. negative or over 5 years | 
            
                                                                                                            
                            
            
                                    
            
            
                | 77 |  |  |         if (($lifetime < 0) || ($lifetime > 43800)) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 78 |  |  |             $lifetime = MYPROXY_LIFETIME; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 79 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 80 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 81 |  |  |         // If the usercert (X509_USER_CERT) is specified, check to see if | 
            
                                                                                                            
                            
            
                                    
            
            
                | 82 |  |  |         // the userkey (X509_USER_KEY) was as well.  If not, set userkey to | 
            
                                                                                                            
                            
            
                                    
            
            
                | 83 |  |  |         // usercert, in effect making usercert act like X509_USER_PROXY. Then, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 84 |  |  |         // set the USER_CERT_ENV variable to bundle the two parameters into a | 
            
                                                                                                            
                            
            
                                    
            
            
                | 85 |  |  |         // single variable holding the two X509_USER_* environment variables. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 86 |  |  |         $USER_CERT_ENV = ''; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 87 |  |  |         if (strlen($usercert) > 0) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 88 |  |  |             if (strlen($userkey) == 0) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 89 |  |  |                 $userkey = $usercert; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 90 |  |  |             } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 91 |  |  |             $USER_CERT_ENV = 'X509_USER_CERT=' . escapeshellarg($usercert) . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 92 |  |  |                              ' ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 93 |  |  |                              'X509_USER_KEY='  . escapeshellarg($userkey); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 94 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 95 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 96 |  |  |         // Run the myproxy-logon command and capture the output and any error | 
            
                                                                                                            
                            
            
                                    
            
            
                | 97 |  |  |         unset($output); | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 98 |  |  |         $cmd = '/bin/env ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 99 |  |  |                $USER_CERT_ENV . ' ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 100 |  |  |                $env . ' ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 101 |  |  |                'MYPROXY_SOCKET_TIMEOUT=1 ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 102 |  |  |                MYPROXY_LOGON . ' ' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 103 |  |  |                ' -s ' . escapeshellarg($server) . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 104 |  |  |                " -p $port" . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 105 |  |  |                " -t $lifetime" . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 106 |  |  |                ' -l ' . escapeshellarg($username) . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 107 |  |  |                ' -S -o -' . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 108 |  |  |                ((strlen($certreq) > 0) ? | 
            
                                                                                                            
                            
            
                                    
            
            
                | 109 |  |  |                    (' --certreq - <<< ' . escapeshellarg($certreq)) : '') . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 110 |  |  |                ((strlen($passphrase) > 0) ? | 
            
                                                                                                            
                            
            
                                    
            
            
                | 111 |  |  |                    (' <<< ' . escapeshellarg($passphrase)) : ' -n') . | 
            
                                                                                                            
                            
            
                                    
            
            
                | 112 |  |  |                ' 2>&1'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 113 |  |  |         exec($cmd, $output, $return_val); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 114 |  |  |         $retstr = implode("\n", $output); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 115 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 116 |  |  |         if ($return_val > 0) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 117 |  |  |             Util::sendErrorAlert( | 
            
                                                                                                            
                            
            
                                    
            
            
                | 118 |  |  |                 'getMyProxyCredential Error', | 
            
                                                                                                            
                            
            
                                    
            
            
                | 119 |  |  |                 "MyProxy Error = $return_val\nMyProxy Output= $retstr" | 
            
                                                                                                            
                            
            
                                    
            
            
                | 120 |  |  |             ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 121 |  |  |             $retstr = ''; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 122 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 123 |  |  |  | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 124 |  |  |         return $retstr; | 
            
                                                                        
                            
            
                                    
            
            
                | 125 |  |  |     } | 
            
                                                                        
                            
            
                                    
            
            
                | 126 |  |  |  | 
            
                                                                        
                            
            
                                    
            
            
                | 127 |  |  |     /** | 
            
                                                                        
                            
            
                                    
            
            
                | 128 |  |  |      * getDefaultLifetime | 
            
                                                                        
                            
            
                                    
            
            
                | 129 |  |  |      * | 
            
                                                                        
                            
            
                                    
            
            
                | 130 |  |  |      * This function returns the value of the class defined | 
            
                                                                        
                            
            
                                    
            
            
                | 131 |  |  |      * MYPROXY_LIFETIME as an int, which may be needed in '/secure/getuser' | 
            
                                                                        
                            
            
                                    
            
            
                | 132 |  |  |      * when getting a certificate. | 
            
                                                                        
                            
            
                                    
            
            
                | 133 |  |  |      * | 
            
                                                                        
                            
            
                                    
            
            
                | 134 |  |  |      * @return int The value of MYPROXY_LIFETIME | 
            
                                                                        
                            
            
                                    
            
            
                | 135 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 136 |  |  |     public static function getDefaultLifetime() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 137 |  |  |     { | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 138 |  |  |         return (int)MYPROXY_LIFETIME; | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 139 |  |  |     } | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 140 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 141 |  |  |  |