1<?php
2
3/**
4 * Licensed to Jasig under one or more contributor license
5 * agreements. See the NOTICE file distributed with this work for
6 * additional information regarding copyright ownership.
7 *
8 * Jasig licenses this file to you under the Apache License,
9 * Version 2.0 (the "License"); you may not use this file except in
10 * compliance with the License. You may obtain a copy of the License at:
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 *
20 * PHP Version 7
21 *
22 * @file     CAS/ProxyChain/AllowedList.php
23 * @category Authentication
24 * @package  PhpCAS
25 * @author   Adam Franco <afranco@middlebury.edu>
26 * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
27 * @link     https://wiki.jasig.org/display/CASC/phpCAS
28 */
29
30
31/**
32 * ProxyChain is a container for storing chains of valid proxies that can
33 * be used to validate proxied requests to a service
34 *
35 * @class    CAS_ProxyChain_AllowedList
36 * @category Authentication
37 * @package  PhpCAS
38 * @author   Adam Franco <afranco@middlebury.edu>
39 * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
40 * @link     https://wiki.jasig.org/display/CASC/phpCAS
41 */
42
43class CAS_ProxyChain_AllowedList
44{
45
46    private $_chains = array();
47
48    /**
49     * Check whether proxies are allowed by configuration
50     *
51     * @return bool
52     */
53    public function isProxyingAllowed()
54    {
55        return (count($this->_chains) > 0);
56    }
57
58    /**
59     * Add a chain of proxies to the list of possible chains
60     *
61     * @param CAS_ProxyChain_Interface $chain A chain of proxies
62     *
63     * @return void
64     */
65    public function allowProxyChain(CAS_ProxyChain_Interface $chain)
66    {
67        $this->_chains[] = $chain;
68    }
69
70    /**
71     * Check if the proxies found in the response match the allowed proxies
72     *
73     * @param array $proxies list of proxies to check
74     *
75     * @return bool whether the proxies match the allowed proxies
76     */
77    public function isProxyListAllowed(array $proxies)
78    {
79        phpCAS::traceBegin();
80        if (empty($proxies)) {
81            phpCAS::trace("No proxies were found in the response");
82            phpCAS::traceEnd(true);
83            return true;
84        } elseif (!$this->isProxyingAllowed()) {
85            phpCAS::trace("Proxies are not allowed");
86            phpCAS::traceEnd(false);
87            return false;
88        } else {
89            $res = $this->contains($proxies);
90            phpCAS::traceEnd($res);
91            return $res;
92        }
93    }
94
95    /**
96     * Validate the proxies from the proxy ticket validation against the
97     * chains that were definded.
98     *
99     * @param array $list List of proxies from the proxy ticket validation.
100     *
101     * @return bool if any chain fully matches the supplied list
102     */
103    public function contains(array $list)
104    {
105        phpCAS::traceBegin();
106        $count = 0;
107        foreach ($this->_chains as $chain) {
108            phpCAS::trace("Checking chain ". $count++);
109            if ($chain->matches($list)) {
110                phpCAS::traceEnd(true);
111                return true;
112            }
113        }
114        phpCAS::trace("No proxy chain matches.");
115        phpCAS::traceEnd(false);
116        return false;
117    }
118}
119?>
120