Index: /branches/2.2.0.1/setup/manageheader.php
===================================================================
--- /branches/2.2.0.1/setup/manageheader.php (revision 3304)
+++ /branches/2.2.0.1/setup/manageheader.php (revision 3991)
@@ -596,4 +596,5 @@
$setup_tpl->set_var('use_https_0',' checked');
$setup_tpl->set_var('div_cert',' style="display:none" ');
+ $setup_tpl->set_var('div_atributo_cpf',' style="display:none" ');
$setup_tpl->set_var('div_criptox',' style="display:none" ');
@@ -614,4 +615,5 @@
default:
$setup_tpl->set_var('certificado_0',' checked');
+ $setup_tpl->set_var('div_atributo_cpf',' style="display:none" ');
$setup_tpl->set_var('div_cripto',' style="display:none" ');
$setup_tpl->set_var('div_criptox',' style="display:none" ');
@@ -623,5 +625,10 @@
break;
}
-
+
+ if($GLOBALS['phpgw_info']['server']['certificado_atributo_cpf'])
+ {
+ $setup_tpl->set_var('certificado_atributo_cpf',$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']);
+ }
+
switch($GLOBALS['phpgw_info']['server']['captcha'])
{
Index: /branches/2.2.0.1/setup/templates/default/manageheader.tpl
===================================================================
--- /branches/2.2.0.1/setup/templates/default/manageheader.tpl (revision 3304)
+++ /branches/2.2.0.1/setup/templates/default/manageheader.tpl (revision 3991)
@@ -22,7 +22,11 @@
document.getElementById('cert_0').checked = true;
}
+ if(xdiv.id == "criptografiax") {
+ document.getElementById("atributo_cpf").style.display='none';
+ }
if( xdiv.id == "certificado" || xdiv.id == "criptografia") {
var xdiv = document.getElementById('criptografia');
document.getElementById('cripto_0').checked = true;
+ document.getElementById("atributo_cpf").style.display='none';
}
if(xdiv.id == "certificado" || xdiv.id == "criptografia" ) {
@@ -41,4 +45,7 @@
{
var xdiv = document.getElementById(zdiv);
+ if(zdiv == "criptografiax") {
+ document.getElementById("atributo_cpf").style.display='';
+ }
if(xdiv.id == "cripto_options") {
document.getElementById('maxcerttxt').value = '10';
@@ -183,8 +190,12 @@
Usar Certificado Digital (para identificar o usuario no processo de login)?
- Obs.: Para habilitar este item o uso do HTTPS deve ter sido habilitado.
+ Obs.: Para habilitar este item o uso do HTTPS deve ter sido habilitado.
NÃO Usar Certificado Digital.
Usar Certificado Digital.
+
+ Nome do atributo , no ldap, para identificar CPF do proprietario do certificado digital
+
+
Index: /branches/2.2.0.1/preferences/handlecertificate.php
===================================================================
--- /branches/2.2.0.1/preferences/handlecertificate.php (revision 3991)
+++ /branches/2.2.0.1/preferences/handlecertificate.php (revision 3991)
@@ -0,0 +1,203 @@
+ True,
+ 'nonavbar' => True,
+ 'currentapp' => 'preferences'
+);
+if(file_exists('../header.inc.php'))
+ {
+ include('../header.inc.php');
+ }
+else
+ {
+ echo '1'.chr(0x0D).chr(0x0A).lang('Error. header.inc.php not found');
+ exit();
+ }
+if($_POST['certificado'])
+ {
+ require_once('../security/classes/CertificadoB.php');
+ require_once('../security/classes/Verifica_Certificado.php');
+ include('../security/classes/Verifica_Certificado_conf.php');
+ $cert =str_replace(chr(0x0A).chr(0x0A),chr(0x0A),$_POST['certificado']);
+ $cert = troca_espaco_por_mais($cert);
+ $c = new certificadoB();
+ $c->certificado($cert);
+ if (!$c->apresentado)
+ {
+ echo '2'.chr(0x0D).chr(0x0A).lang('Fail to get certificate');
+ exit();
+ }
+ $b = new Verifica_Certificado($c->dados,$cert);
+ // Testa se Certificado OK.
+ if(!$b->status)
+ {
+ $msg = '3'.chr(0x0D).chr(0x0A).$b->msgerro;
+ foreach($b->erros_ssl as $linha)
+ {
+ $msg .= "\n" . $linha;
+ }
+ echo $msg;
+ exit();
+ }
+ if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
+ (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
+ (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
+ {
+ $ds = $GLOBALS['phpgw']->common->ldapConnect($GLOBALS['phpgw_info']['server']['ldap_master_host'],
+ $GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
+ $GLOBALS['phpgw_info']['server']['ldap_master_root_pw']);
+ }
+ else
+ {
+ $ds = $GLOBALS['phpgw']->common->ldapConnect();
+ }
+ if (!$ds)
+ {
+ echo '4'.chr(0x0D).chr(0x0A).lang('Failure when get user data to login');
+ exit();
+ }
+ $cert_atrib_cpf = isset($GLOBALS['phpgw_info']['server']['certificado_atributo_cpf'])&&$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']!=''?$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']:"uid";
+ // CPF he valor obrigatório no certificado ICP-BRASIL.
+ $filtro = $cert_atrib_cpf .'='. $c->dados['2.16.76.1.3.1']['CPF'];
+ $atributos = array();
+ if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']) && $GLOBALS['phpgw_info']['server']['atributoexpiracao'])
+ {
+ $atributos[] = $GLOBALS['phpgw_info']['server']['atributoexpiracao'];
+ }
+ else
+ {
+ $atributos[] = 'phpgwlastpasswdchange';
+ }
+ $atributos[] = "userCertificate";
+ $atributos[] = "uid";
+ $sr=ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'],$filtro,$atributos);
+ // Pega resultado ....
+ $info = ldap_get_entries($ds, $sr);
+ // Tem de achar só uma entrada.....ao menos uma....
+ if($info["count"]!=1)
+ {
+ echo '5'.chr(0x0D).chr(0x0A).lang('Invalid data from users directory').'('.$cert_atrib_cpf.' = ' . $c->dados['2.16.76.1.3.1']['CPF'] . ')';
+ ldap_close($ds);
+ exit();
+ }
+ if($info[0]["userCertificate"][0] && $cert == $info[0]["userCertificate"][0] )
+ {
+ //echo '0'.chr(0x0D).chr(0x0A).$info[0]["uid"][0].chr(0x0D).chr(0x0A).$info[0]["cryptpassword"][0];
+ echo '6'.chr(0x0D).chr(0x0A).lang('Certificate already registered');
+ ldap_close($ds);
+ exit();
+ }
+ $user_info = array();
+ $aux1 = $info[0]["dn"];
+ $user_info['userCertificate'] = $cert;
+ if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']) && $GLOBALS['phpgw_info']['server']['atributoexpiracao'])
+ {
+ if(substr($info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1)=="Z")
+ {
+ $user_info[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = '19800101000000Z';
+ }
+ else
+ {
+ $user_info[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = '0';
+ }
+ }
+ else
+ {
+ $user_info['phpgwlastpasswdchange'] = '0';
+ }
+ if(!ldap_modify($ds,$aux1,$user_info))
+ {
+ echo '7'.chr(0x0D).chr(0x0A).lang('Error in Certificate registration'). ' - ' . $aux1;
+ }
+ else
+ {
+ echo '0'.chr(0x0D).chr(0x0A).lang('To conclude your Certificate registration change your password');
+ }
+ ldap_close($ds);
+ exit();
+ }
+else
+ {
+ $GLOBALS['phpgw_info']['flags']['app_header'] = lang('Digital Certificate Registration');
+ $GLOBALS['phpgw']->common->phpgw_header();
+ echo parse_navbar();
+ if ($GLOBALS['phpgw_info']['server']['certificado']==1)
+ {
+ $var_tokens = '';
+ for($ii = 1; $ii < 11; $ii++)
+ {
+ if($GLOBALS['phpgw_info']['server']['test_token' . $ii . '1'])
+ $var_tokens .= $GLOBALS['phpgw_info']['server']['test_token' . $ii . '1'] . ',';
+ }
+ if(!$var_tokens)
+ {
+ $var_tokens = 'ePass2000Lx;/usr/lib/libepsng_p11.so,ePass2000Win;c:/windows/system32/ngp11v211.dll';
+ }
+ $param1 = "
+ ' ' +
+ ";
+ $param2 = "
+ 'token=\"" . substr($var_tokens,0,strlen($var_tokens)) . "\" ' +
+ ";
+ $cod_applet =
+ /* // com debug ativado
+ '';
+ */
+ // sem debug ativado
+ '';
+ echo $cod_applet;
+ echo '