AuthWebID seems to be ready...
This commit is contained in:
parent
ffda037c52
commit
d7b33f9e8f
|
@ -60,22 +60,30 @@ sub authInit {
|
||||||
sub extractFormInfo {
|
sub extractFormInfo {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
# 1. Verify SSL exchange using AuthSSL::extractFormInfo()
|
# 1. Verify SSL exchange
|
||||||
my $tmp = $self->SUPER::extractFormInfo(@_);
|
unless ( $ENV{SSL_CLIENT_S_DN} ) {
|
||||||
return $tmp unless ( $tmp eq PE_OK );
|
$self->_sub( 'userError', "No certificate found for " . $self->ipAddr );
|
||||||
|
$self->lmLog(
|
||||||
|
'No certificate found, be sure to have "SSLOptions +StdEnvVars +ExportCertData" for .pl files',
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
return PE_CERTIFICATEREQUIRED;
|
||||||
|
}
|
||||||
|
|
||||||
# 2. Return an error if SSL_CLIENT_CERT is not set
|
# 2. Return an error if SSL_CLIENT_CERT is not set
|
||||||
$self->abort( 'SSL configuration error',
|
$self->abort(
|
||||||
'Unable to get client certificate, SSL_CLIENT_CERT is not set' )
|
'SSL configuration error',
|
||||||
unless ( $ENV{SSL_CLIENT_CERT} );
|
'Unable to get client certificate, SSL_CLIENT_CERT is not set<br/>'
|
||||||
|
. 'Be sure to have "SSLOptions +StdEnvVars +ExportCertData" for .pl files'
|
||||||
|
) unless ( $ENV{SSL_CLIENT_CERT} );
|
||||||
|
|
||||||
# 3. Verify that certificate is WebID compliant
|
# 3. Verify that certificate is WebID compliant
|
||||||
return PE_BADCREDENTIALS
|
# NB: WebID URI is used as user field
|
||||||
unless ( $self->{webid} =
|
eval {
|
||||||
Web::ID->new( certificate => $ENV{SSL_CLIENT_CERT} ) );
|
$self->{webid} = Web::ID->new( certificate => $ENV{SSL_CLIENT_CERT} )
|
||||||
|
and $self->{user} = $self->{webid}->uri->as_string;
|
||||||
# WebID URI is used as user field
|
};
|
||||||
$self->{user} = $self->{webid}->uri;
|
return PE_BADCERTIFICATE if ( $@ or not( $self->{user} ) );
|
||||||
|
|
||||||
# 4. Verify that FOAF host is in white list
|
# 4. Verify that FOAF host is in white list
|
||||||
return PE_BADPARTNER unless ( $self->{user} =~ $reWebIDWhitelist );
|
return PE_BADPARTNER unless ( $self->{user} =~ $reWebIDWhitelist );
|
||||||
|
|
Loading…
Reference in New Issue
Block a user