PageRenderTime 111ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/tine20/library/Prodemge/Tinebase/SscHelper.php

https://gitlab.com/israel.correa/Expresso
PHP | 136 lines | 69 code | 17 blank | 50 comment | 2 complexity | cfd722c774d0733c909de127da3a5e62 MD5 | raw file
Possible License(s): BSD-3-Clause, AGPL-3.0, LGPL-2.1, LGPL-3.0, JSON, Apache-2.0 
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  * Tine 2.0

    4. 

  4.  *

    5. 

  5.  * @package     Prodemge

    6. 

  6.  * @subpackage  Tinebase 

    7. 

  7.  * @license     http://www.gnu.org/licenses/agpl.html AGPL Version 3

    8. 

  8.  * @copyright   Copyright (c) 2007-2011 Metaways Infosystems GmbH (http://www.metaways.de)

    9. 

  9.  * @author      Victor Pinheiro <victor.prodemge.gov.br>

    10. 

  10.  *

    11. 

  11.  */

    12. 

  12. /**

    13. 

  13.  *

    14. 

  14.  * @package     Prodemge

    15. 

  15.  * @subpackage  Tinebase 

    16. 

  16.  */

    17. 

  17. class Prodemge_Tinebase_SscHelper

    18. 

  18. {

    19. 

  19.     /**

    20. 

  20.      * Monta a url de chamada do Sistema Segurança Corporativo com os parametros exigidos

    21. 

  21.      * @param string $operacao:

    22. 

  22.      * @param string $type: 'full' - completa, 'base' - apenas a url base, 'params' - apenas os parametros

    23. 

  23.      * @param string $refererFull: se retorna a url completa ou apenas o contexto

    24. 

  24.      * @return string da url

    25. 

  25.      */

    26. 

  26.     public function getUrlSSC( $operacao = 'login', $type = 'full') {

    27. 

  27.         $referer = "";

    28. 

  28. 

    29. 

  29.         // url do IDP do SSC cadastrado em config.inc.php

    30. 

  30.         $urlIDP = Tinebase_Core::getConfig()->global->plugins->ssc->hostIDP;

    31. 

  31. 

    32. 

  32.         // url do IDP do SSC cadastrado em config.inc.php

    33. 

  33.         $referer = Tinebase_Core::getConfig()->global->plugins->ssc->referer;

    34. 

  34.         // encode base64 exigido pelo SSC

    35. 

  35.         $referer = base64_encode( $referer );

    36. 

  36. 

    37. 

  37.         // xml do SAMLRequest codificado na base64

    38. 

  38.         switch ( $operacao ) {

    39. 

  39.            case "login":

    40. 

  40.                 $xmlBase64 = $this->getXmlLoginBase64();

    41. 

  41.                 break;

    42. 

  42.            case "logout":

    43. 

  43.                $xmlBase64 = $this->getXmlLogoutBase64();

    44. 

  44.                break;

    45. 

  45.            default:

    46. 

  46.                break;

    47. 

  47.         }

    48. 

  48. 

    49. 

  49.         // formata a url com a url do idp mais os parametros exigigos pelo SSC

    50. 

  50.         switch ( $type ) {

    51. 

  51.             // a url completa

    52. 

  52.             case "full":

    53. 

  53.                 $urlSSC  = $urlIDP;

    54. 

  54.                 $urlSSC .= "?Referer=". $referer;

    55. 

  55.                 $urlSSC .= "&SAMLRequest=". $xmlBase64;

    56. 

  56.                 break;

    57. 

  57.             // penas a url base

    58. 

  58.             case 'base':

    59. 

  59.                 $urlSSC = $urlIDP;

    60. 

  60.                 break;

    61. 

  61.             // apenas os parametros formato GET

    62. 

  62.             case 'params':

    63. 

  63.                 $urlSSC = "Referer=". $referer;

    64. 

  64.                 $urlSSC .= "&SAMLRequest=". $xmlBase64;

    65. 

  65.                 break;

    66. 

  66.             // a url completa

    67. 

  67.             default:

    68. 

  68.                 $urlSSC  = $urlIDP;

    69. 

  69.                 $urlSSC .= "?Referer=". $referer;

    70. 

  70.                 $urlSSC .= "&SAMLRequest=". $xmlBase64;

    71. 

  71.                 break;

    72. 

  72.         }

    73. 

  73. 

    74. 

  74.         return $urlSSC;

    75. 

  75.     }

    76. 

  76. 

    77. 

  77.     /**

    78. 

  78.      * Monta o XML esperado no Sistema Seguran�a Corporativo (SSC) ao solicitar o login

    79. 

  79.      * @return string do xml na base64

    80. 

  80.      */

    81. 

  81.     public function getXmlLoginBase64() {

    82. 

  82. 

    83. 

  83.         // parametros necessários para o SAMLRequest

    84. 

  84.         $assertion = Tinebase_Core::getConfig()->global->plugins->ssc->appUrl;

    85. 

  85.         $destination = Tinebase_Core::getConfig()->global->plugins->ssc->hostIDP;

    86. 

  86.         $id = 'ID_'. uniqid();

    87. 

  87.         $issuer = Tinebase_Core::getConfig()->global->plugins->ssc->appUrl;

    88. 

  88.         $datetime = date('Y-m-d\TH:i:s');

    89. 

  89. 

    90. 

  90.         $xml = sprintf('<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="%s" Destination="%s" ID="%s" IssueInstant="%s.724Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">%s</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/></samlp:AuthnRequest>',

    91. 

  91.                 $assertion, $destination, $id, $datetime, $issuer);

    92. 

  92. 

    93. 

  93.         return base64_encode($xml);

    94. 

  94.     }

    95. 

  95. 

    96. 

  96. 

    97. 

  97.     /**

    98. 

  98.      * Monta o XML esperado no Sistema Segurança Corporativo (SSC) ao solicitar o logout

    99. 

  99.      * @return string do xml na base64

    100. 

  100.      */

    101. 

  101.     public function getXmlLogoutBase64() {

    102. 

  102. 

    103. 

  103.         // parametros necessários para o SAMLRequest

    104. 

  104.         $username = Tinebase_Core::getUser();

    105. 

  105.         $id = 'ID_'. session_id();

    106. 

  106.         $issuer = Tinebase_Core::getConfig()->global->plugins->ssc->appUrl;

    107. 

  107.         $datetime = date('Y-m-d\TH:i:s');

    108. 

  108.         $sessionIndex = 0;

    109. 

  109. 

    110. 

  110.         $xml = sprintf('<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="%s" IssueInstant="%s.724Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Destination="%s" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">%s</saml:Issuer> <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">%s</saml:NameID></samlp:LogoutRequest>',

    111. 

  111.                 $id, $datetime, $issuer, $issuer, $username);

    112. 

  112. 

    113. 

  113.         return base64_encode($xml);

    114. 

  114.     }

    115. 

  115. 

    116. 

  116.     /**

    117. 

  117.      * @return string

    118. 

  118.      */

    119. 

  119.     public function getRefererBase64() {

    120. 

  120.         return base64_encode(Tinebase_Core::getConfig()->global->plugins->ssc->referer);        

    121. 

  121.     }

    122. 

  122. 

    123. 

  123.     /**

    124. 

  124.      * @return string

    125. 

  125.      */

    126. 

  126.     public function getHostIdpBase64() {

    127. 

  127.         return Tinebase_Core::getConfig()->global->plugins->ssc->hostIDP;

    128. 

  128.     }

    129. 

  129. 

    130. 

  130.     /**

    131. 

  131.      * @return string

    132. 

  132.      */

    133. 

  133.     public function getUrlLogout(){

    134. 

  134.         return Tinebase_Core::getConfig()->global->plugins->ssc->urlLogout;

    135. 

  135.     }

    136. 

  136. }
    137.