1*d10b5556SXylle<?php 2*d10b5556SXylle 3*d10b5556SXylle/** 4*d10b5556SXylle * Licensed to Jasig under one or more contributor license 5*d10b5556SXylle * agreements. See the NOTICE file distributed with this work for 6*d10b5556SXylle * additional information regarding copyright ownership. 7*d10b5556SXylle * 8*d10b5556SXylle * Jasig licenses this file to you under the Apache License, 9*d10b5556SXylle * Version 2.0 (the "License"); you may not use this file except in 10*d10b5556SXylle * compliance with the License. You may obtain a copy of the License at: 11*d10b5556SXylle * 12*d10b5556SXylle * http://www.apache.org/licenses/LICENSE-2.0 13*d10b5556SXylle * 14*d10b5556SXylle * Unless required by applicable law or agreed to in writing, software 15*d10b5556SXylle * distributed under the License is distributed on an "AS IS" BASIS, 16*d10b5556SXylle * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17*d10b5556SXylle * See the License for the specific language governing permissions and 18*d10b5556SXylle * limitations under the License. 19*d10b5556SXylle * 20*d10b5556SXylle * PHP Version 7 21*d10b5556SXylle * 22*d10b5556SXylle * @file CAS/ProxyChain.php 23*d10b5556SXylle * @category Authentication 24*d10b5556SXylle * @package PhpCAS 25*d10b5556SXylle * @author Adam Franco <afranco@middlebury.edu> 26*d10b5556SXylle * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 27*d10b5556SXylle * @link https://wiki.jasig.org/display/CASC/phpCAS 28*d10b5556SXylle */ 29*d10b5556SXylle 30*d10b5556SXylle/** 31*d10b5556SXylle * A normal proxy-chain definition that lists each level of the chain as either 32*d10b5556SXylle * a string or regular expression. 33*d10b5556SXylle * 34*d10b5556SXylle * @class CAS_ProxyChain 35*d10b5556SXylle * @category Authentication 36*d10b5556SXylle * @package PhpCAS 37*d10b5556SXylle * @author Adam Franco <afranco@middlebury.edu> 38*d10b5556SXylle * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 39*d10b5556SXylle * @link https://wiki.jasig.org/display/CASC/phpCAS 40*d10b5556SXylle */ 41*d10b5556SXylle 42*d10b5556SXylleclass CAS_ProxyChain 43*d10b5556SXylleimplements CAS_ProxyChain_Interface 44*d10b5556SXylle{ 45*d10b5556SXylle 46*d10b5556SXylle protected $chain = array(); 47*d10b5556SXylle 48*d10b5556SXylle /** 49*d10b5556SXylle * A chain is an array of strings or regexp strings that will be matched 50*d10b5556SXylle * against. Regexp will be matched with preg_match and strings will be 51*d10b5556SXylle * matched from the beginning. A string must fully match the beginning of 52*d10b5556SXylle * an proxy url. So you can define a full domain as acceptable or go further 53*d10b5556SXylle * down. 54*d10b5556SXylle * Proxies have to be defined in reverse from the service to the user. If a 55*d10b5556SXylle * user hits service A get proxied via B to service C the list of acceptable 56*d10b5556SXylle * proxies on C would be array(B,A); 57*d10b5556SXylle * 58*d10b5556SXylle * @param array $chain A chain of proxies 59*d10b5556SXylle */ 60*d10b5556SXylle public function __construct(array $chain) 61*d10b5556SXylle { 62*d10b5556SXylle // Ensure that we have an indexed array 63*d10b5556SXylle $this->chain = array_values($chain); 64*d10b5556SXylle } 65*d10b5556SXylle 66*d10b5556SXylle /** 67*d10b5556SXylle * Match a list of proxies. 68*d10b5556SXylle * 69*d10b5556SXylle * @param array $list The list of proxies in front of this service. 70*d10b5556SXylle * 71*d10b5556SXylle * @return bool 72*d10b5556SXylle */ 73*d10b5556SXylle public function matches(array $list) 74*d10b5556SXylle { 75*d10b5556SXylle $list = array_values($list); // Ensure that we have an indexed array 76*d10b5556SXylle if ($this->isSizeValid($list)) { 77*d10b5556SXylle $mismatch = false; 78*d10b5556SXylle foreach ($this->chain as $i => $search) { 79*d10b5556SXylle $proxy_url = $list[$i]; 80*d10b5556SXylle if (preg_match('/^\/.*\/[ixASUXu]*$/s', $search)) { 81*d10b5556SXylle if (preg_match($search, $proxy_url)) { 82*d10b5556SXylle phpCAS::trace( 83*d10b5556SXylle "Found regexp " . $search . " matching " . $proxy_url 84*d10b5556SXylle ); 85*d10b5556SXylle } else { 86*d10b5556SXylle phpCAS::trace( 87*d10b5556SXylle "No regexp match " . $search . " != " . $proxy_url 88*d10b5556SXylle ); 89*d10b5556SXylle $mismatch = true; 90*d10b5556SXylle break; 91*d10b5556SXylle } 92*d10b5556SXylle } else { 93*d10b5556SXylle if (strncasecmp($search, $proxy_url, strlen($search)) == 0) { 94*d10b5556SXylle phpCAS::trace( 95*d10b5556SXylle "Found string " . $search . " matching " . $proxy_url 96*d10b5556SXylle ); 97*d10b5556SXylle } else { 98*d10b5556SXylle phpCAS::trace( 99*d10b5556SXylle "No match " . $search . " != " . $proxy_url 100*d10b5556SXylle ); 101*d10b5556SXylle $mismatch = true; 102*d10b5556SXylle break; 103*d10b5556SXylle } 104*d10b5556SXylle } 105*d10b5556SXylle } 106*d10b5556SXylle if (!$mismatch) { 107*d10b5556SXylle phpCAS::trace("Proxy chain matches"); 108*d10b5556SXylle return true; 109*d10b5556SXylle } 110*d10b5556SXylle } else { 111*d10b5556SXylle phpCAS::trace("Proxy chain skipped: size mismatch"); 112*d10b5556SXylle } 113*d10b5556SXylle return false; 114*d10b5556SXylle } 115*d10b5556SXylle 116*d10b5556SXylle /** 117*d10b5556SXylle * Validate the size of the the list as compared to our chain. 118*d10b5556SXylle * 119*d10b5556SXylle * @param array $list List of proxies 120*d10b5556SXylle * 121*d10b5556SXylle * @return bool 122*d10b5556SXylle */ 123*d10b5556SXylle protected function isSizeValid (array $list) 124*d10b5556SXylle { 125*d10b5556SXylle return (sizeof($this->chain) == sizeof($list)); 126*d10b5556SXylle } 127*d10b5556SXylle} 128