[Mapbender-commits] r2334 - in branches/nimix_dev: http/classes http/php owsproxy/http

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Thu Apr 3 11:14:36 EDT 2008 

Author: nimix
Date: 2008-04-03 11:14:35 -0400 (Thu, 03 Apr 2008)
New Revision: 2334

Modified:
   branches/nimix_dev/http/classes/class_connector.php
   branches/nimix_dev/http/classes/class_wms.php
   branches/nimix_dev/http/php/mod_loadCapabilities.php
   branches/nimix_dev/http/php/mod_loadwms.php
   branches/nimix_dev/http/php/mod_updateWMS.php
   branches/nimix_dev/owsproxy/http/index.php
Log:
add capability to handle ssl conntions with client certificate

Modified: branches/nimix_dev/http/classes/class_connector.php
===================================================================
--- branches/nimix_dev/http/classes/class_connector.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/http/classes/class_connector.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -32,18 +32,20 @@
 
 	var $file;	
 	private $connectionType;
-	private $httpType = "get";
+	private $httpType = "GET";
 	private $httpVersion = "1.0";
 	private $httpPostData;
 	private $httpContentType;
-		
+	private $httpsCertificateFile = "";
+	private $httpsPassphrase = "";
 	/**
 	 * @constructor
 	 * @param String url the URL that will be loaded (optional)
 	 */
-	public function __construct($url){
+	public function __construct($url=""){
 		$this->set("connectionType", CONNECTION);
-		if ($url) {
+		
+		if ($url&&$url!=="") {
 			$this->load($url);
 		}
 	}
@@ -53,13 +55,13 @@
 	 */
 	public function load($url) {
 		switch ($this->connectionType) {
-			case "curl":
+			case "CURL":
 				$this->file = $this->getCURL($url);
 				break;
-			case "http":
+			case "HTTP":
 				$this->file = $this->getHTTP($url);
 				break;
-			case "socket":
+			case "SOCKET":
 				$this->file = $this->getSOCKET($url);
 				break;
 		}
@@ -80,7 +82,7 @@
 		switch ($key) {
 			case "connectionType":
 				if ($this->isValidConnectionType($value)) {
-					$this->connectionType = $value;
+					$this->connectionType = mb_strtoupper($value);
 				}
 				break;
 				
@@ -95,7 +97,7 @@
 							
 			case "httpType":
 				if (in_array(mb_strtoupper($value), array("POST", "GET"))) {
-					$this->httpType = $value;
+					$this->httpType = mb_strtoupper($value);
 				}
 				else {
 					$e = new mb_exception("class_connector.php: invalid http type '" . $value . "'");
@@ -111,6 +113,12 @@
 					$this->httpContentType = $value;
 				}
 				break;
+			case "certificateFile":
+				if(file_exists($value))
+					$this->httpsCertificateFile = $value;
+				break;
+			case "certificatePassphrase":
+				$this->httpsPassphrase = $value;
 		}
 	}	
 	
@@ -150,6 +158,13 @@
 		if(CONNECTION_PASSWORD != ""){
 			curl_setopt ($ch, CURLOPT_PROXYUSERPWD, CONNECTION_USER.':'.CONNECTION_PASSWORD);	
 		}
+		//TODO test curl connection with certificate
+		if($this->httpsCertificateFile !== ""){
+			curl_setopt ($ch, CURLOPT_SSLCERT, $this->httpsCertificateFile);
+		}
+		if($this->httpsPassphrase !== ""){
+			curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $this->httpsPassphrase);
+		}
 		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
 		$file = curl_exec ($ch);
 		curl_close ($ch);
@@ -158,7 +173,34 @@
 	}
 
 	private function getHTTP($url){
-		if ($this->httpType == "get") {
+		if($this->httpsCertificateFile !== "" && $this->httpsPassphrase !== ""){
+			$opts = Array();
+			$opts['http']['method'] = $this->httpType;
+		
+			if($this->httpType == "POST"){
+				//TODO test post connection
+				$urlComponentArray = parse_url($url);
+				$host = $urlComponentArray["host"];
+				$path = $urlComponentArray["path"];
+				
+				$header .= "Host: $host\\r\\n";
+			    if ($this->isValidHttpContentType($this->httpContentType)) {
+			    	$header .= "Content-type: " . $this->httpContentType . "\r\n";
+			    }
+			    $header .= "Content-length: " . strlen($this->httpPostData) . "\r\n";
+			    $header .= "Connection: close\r\n\r\n";
+	
+				$opts['http']['header'] = $header;
+				$opts['http']['content'] = $this->httpPostData;
+			}
+			$opts['ssl']['local_cert'] = $this->httpsCertificateFile;
+			$opts['ssl']['passphrase'] = $this->httpsPassphrase;
+			
+			$context = stream_context_create($opts);
+			
+			return @file_get_contents($url, false, $context);
+		}
+		if ($this->httpType == "GET") {
 			return @file_get_contents($url);
 	 	}
 		else {
@@ -195,6 +237,18 @@
 	}
 
 	private function getSOCKET($url){
+		if($this->httpsCertificateFile !== "" && $this->httpsPassphrase !== ""){
+			//TODO test this connection type!!!
+			$opts = array();
+			$opts['socket']['bindto'] = CONNECTION_PROXY.':'.CONNECTION_PORT;
+			$opts['ssl']['local_cert'] = $this->httpsCertificateFile;
+			$opts['ssl']['passphrase'] = $this->httpsPassphrase;
+			
+			$context = stream_context_create($opts);
+			
+			return @file_get_contents($url, false, $context);	
+		}
+		
 		$r = "";
 		$fp = fsockopen (CONNECTION_PROXY, CONNECTION_PORT, $errno, $errstr, 30);
 		if (!$fp) {

Modified: branches/nimix_dev/http/classes/class_wms.php
===================================================================
--- branches/nimix_dev/http/classes/class_wms.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/http/classes/class_wms.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -39,6 +39,8 @@
 	var $wms_getfeatureinfo;
 	var $wms_getlegendurl;
 	var $wms_upload_url;
+	var $wms_certificateFile;
+	var $wms_certificatePassphrase;
 	  
 	var $fees;
 	var $accessconstraints;
@@ -76,9 +78,15 @@
 	function wms() {
 	} 
 	  
-	function createObjFromXML($url){
+	function createObjFromXML($url, $cert = "", $pass = ""){
 	
-		$x = new connector($url);
+		$x = new connector();
+		if($cert!=="")
+			$x->set("certificateFile", $cert);
+		if($pass!=="")
+			$x->set("certificatePassphrase", $pass);
+		
+		$x->load($url);
 		$data = $x->file;
 		
 		if(!$data){
@@ -94,6 +102,8 @@
 		$admin = new administration();
 		$this->wms_getcapabilities_doc = $admin->char_encode($data);
 		$this->wms_upload_url = $url;
+		$this->wms_certificateFile = $cert;
+		$this->wms_certificatePassphrase = $pass;
 		
 		$this->wms_id = "";
 		$parser = xml_parser_create("");
@@ -884,16 +894,16 @@
 		$sql .= "accessconstraints, contactperson, contactposition, contactorganization, address, city, ";
 		$sql .= "stateorprovince, postcode, country, contactvoicetelephone, contactfacsimiletelephone, contactelectronicmailaddress, ";
 		$sql .= "wms_owner,wms_timestamp, ";
-		$sql .= "wms_supportsld, wms_userlayer, wms_userstyle, wms_remotewfs) ";
-		$sql .= "VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28)";
+		$sql .= "wms_supportsld, wms_userlayer, wms_userstyle, wms_remotewfs, wms_certificatefile, wms_certificatepassphrase) ";
+		$sql .= "VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28, $29, $30)";
 		$v = array($this->wms_version,$this->wms_title,$this->wms_abstract,$this->wms_getcapabilities,
 			$this->wms_getmap,$this->wms_getfeatureinfo,$this->wms_getlegendurl,$this->wms_getcapabilities_doc,
 			$this->wms_upload_url,$this->fees,$this->accessconstraints,$this->contactperson,$this->contactposition,
 			$this->contactorganization,$this->address,$this->city,$this->stateorprovince,$this->postcode,$this->country,
 			$this->contactvoicetelephone,$this->contactfacsimiletelephone,$this->contactelectronicmailaddress,
 			$_SESSION['mb_user_id'],strtotime("now"),
-			$this->wms_supportsld,$this->wms_userlayer,$this->wms_userstyle,$this->wms_remotewfs );
-		$t = array('s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','i','i','s','s','s','s');
+			$this->wms_supportsld,$this->wms_userlayer,$this->wms_userstyle,$this->wms_remotewfs, $this->wms_certificateFile, $this->wms_certificatePassphrase );
+		$t = array('s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','i','i','s','s','s','s', 's', 's');
 		$res = db_prep_query($sql,$v,$t);
 		if(!$res){
 			db_rollback();
@@ -940,6 +950,13 @@
 	    
 	    #Changes JW
 	    $this->wms_id = $myWMS;
+	    
+	    //if wms requires a cetificate set owsproxy string
+		if($this->wms_certificateFile !== "" && $this->wms_certificatePassphrase != "");
+		{
+			$admin = new administration();
+			$admin->setWMSOWSstring(intval($myWMS),"on");	
+		}
 	}
 	function insertLayer($i,$myWMS){
 		global $con;
@@ -1221,14 +1238,17 @@
 		$sql .= "wms_supportsld = $10, ";
 		$sql .= "wms_userlayer = $11, ";
 		$sql .= "wms_userstyle = $12, ";
-		$sql .= "wms_remotewfs = $13 ";
-		$sql .= " WHERE wms_id = $14";
+		$sql .= "wms_remotewfs = $13, ";
+		$sql .= "wms_certificatefile = $14, ";
+		$sql .= "wms_certificatepassphrase = $15 ";
+		$sql .= " WHERE wms_id = $16";
 	
 		$v = array($this->wms_version,$this->wms_getcapabilities,
 			$this->wms_getmap,$this->wms_getfeatureinfo,$this->wms_getlegendurl,
 			$this->wms_getcapabilities_doc,$this->wms_upload_url,$_SESSION["mb_user_id"],strtotime("now"),
-			$this->wms_supportsld,$this->wms_userlayer,$this->wms_userstyle,$this->wms_remotewfs,$myWMS);
-		$t = array('s','s','s','s','s','s','s','i','i','s','s','s','s','i');
+			$this->wms_supportsld,$this->wms_userlayer,$this->wms_userstyle,$this->wms_remotewfs,
+			$this->wms_certificateFile, $this->wms_certificatePassphrase,$myWMS);
+		$t = array('s','s','s','s','s','s','s','i','i','s','s','s','s','s','s','i');
 	
 		$res = db_prep_query($sql,$v,$t);
 		if(!$res){
@@ -1343,6 +1363,14 @@
 			}
 		}
 		db_commit();
+		
+	    //if wms requires a cetificate set owsproxy string
+		if($this->wms_certificateFile !== "" && $this->wms_certificatePassphrase != "");
+		{
+			$admin = new administration();
+			$admin->setWMSOWSstring(intval($myWMS),"on");	
+		}
+		
 		return;	
 	}
 	function updateGuiLayer($i,$myWMS,$gui_id){

Modified: branches/nimix_dev/http/php/mod_loadCapabilities.php
===================================================================
--- branches/nimix_dev/http/php/mod_loadCapabilities.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/http/php/mod_loadCapabilities.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -156,11 +156,17 @@
 	#echo "Load WMS capabilities URL:<br>"
 	
 	if (isset($xml_file)){
-		echo"<input type='text' name='xml_file' size='50' value='".$xml_file."'>";
+		echo"<input type='text' name='xml_file' size='50' value='".$xml_file."'><br /><br />";
 	}else{
 		echo"<input type='text' name='xml_file' size='50' value='http://'>";
 	}
-	echo"<input type='button' name='loadCap' value='Load' onClick='validate(\"guiList\")'>";
+	echo"<input type='button' name='loadCap' value='Load' onClick='validate(\"guiList\")'><br /><br />";
+	echo "<input type='button' onclick='javascript:document.getElementById(\"ssl\").style.display=\"block\";' value='Show advanced SSL options'/><br>";
+	echo "<div id='ssl' style='display:none'>";
+	echo "Certificate file (optional for SSL connection only):<br>";
+	echo "<input type='text' name='cert'><br /><br />";
+	echo "Certificate passphrase  (optional for SSL connection only):<br>";
+	echo "<input type='text' name='pass'><br /></div>";
 	echo "</form>";
 }
 else{

Modified: branches/nimix_dev/http/php/mod_loadwms.php
===================================================================
--- branches/nimix_dev/http/php/mod_loadwms.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/http/php/mod_loadwms.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -22,11 +22,13 @@
 
 $guiList = $_REQUEST["guiList"];
 $xml = $_REQUEST["xml_file"];
+$cert = $_REQUEST["cert"];
+$pass = $_REQUEST["pass"];
 
 echo "file: ".$xml;
 
 $mywms = new wms();
-$mywms->createObjFromXML($xml);      
+$mywms->createObjFromXML($xml, $cert, $pass);
 $mywms->writeObjInDB($guiList);
 $mywms->displayWMS();
 ?>
\ No newline at end of file

Modified: branches/nimix_dev/http/php/mod_updateWMS.php
===================================================================
--- branches/nimix_dev/http/php/mod_updateWMS.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/http/php/mod_updateWMS.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -95,13 +95,23 @@
 	echo "REQUEST=capabilities&WMTVER=1.0.0<br><br>";
 	echo "Link to new WMS Capabilities URL:<br><input size='120' type='text' name='myURL'><br>";
 	echo "<input type='button' value='Preview Capabilities' onclick='window.open(this.form.myURL.value,\"\",\"\")'>&nbsp;";
-	echo "<input type='button' value='Upload Capabilities' onclick='validate()'><br>";
-
+	echo "<input type='button' value='Upload Capabilities' onclick='validate()'><br><br>";
+	echo "<input type='button' onclick='javascript:document.getElementById(\"ssl\").style.display=\"block\";' value='Show advanced SSL options'/><br>";
+	echo "<div id='ssl' style='display:none'>";
+	echo "Certificate file (optional for SSL connection only):<br>";
+	echo "<input type='text' name='cert'><br /><br />";
+	echo "Certificate passphrase  (optional for SSL connection only):<br>";
+	echo "<input type='text' name='pass'><br /></div>";
+	
 /**/
 if(isset($myURL) && $myURL != ''){
-
+	if(!isset($cert))
+		$cert="";
+	if(!isset($pass))
+		$pass="";
+		
 	$mywms = new wms();
-	$mywms->createObjFromXML($myURL);    
+	$mywms->createObjFromXML($myURL, $cert, $pass);    
 	$mywms->optimizeWMS();
 	echo "<br />";  
 	$mywms->updateObjInDB($myWMS);

Modified: branches/nimix_dev/owsproxy/http/index.php
===================================================================
--- branches/nimix_dev/owsproxy/http/index.php	2008-04-03 15:10:00 UTC (rev 2333)
+++ branches/nimix_dev/owsproxy/http/index.php	2008-04-03 15:14:35 UTC (rev 2334)
@@ -36,6 +36,10 @@
 $owsproxyService = $_REQUEST['wms']; //ToDo: change this to 'service' in the apache url-rewriting
 $query = new QueryHandler();
 $n = new administration();
+
+//variables for connections with client certificate
+$certificateFile = "";
+$certPassphrase = "";
 
 // an array with keys and values toLoserCase -> caseinsensitiv
 $reqParams = $query->getRequestParams();
@@ -98,10 +102,6 @@
 			throwE("Permission denied");
 			die();
 		}
-		if($layers===""){
-			throwE("Permission denied");
-			die();
-		}
 		$query->setParam("layers",$layers);
 		$request = $query->getRequest();
 		getImage($request);
@@ -425,15 +425,19 @@
  * @return string url to legend graphic
  */
 function getLegendUrl($wms){
-	global $reqParams;
+	global $reqParams, $certificateFile, $certPassphrase;
 	
 	//get wms id
 	$sql = "SELECT * FROM wms WHERE wms_owsproxy = $1";
 	$v = array($wms);
 	$t = array("s");
 	$res = db_prep_query($sql, $v, $t);	
-	if($row = db_fetch_array($res))
+	if($row = db_fetch_array($res)){
+		$certificateFile = $row["wms_certificatefile"];
+		$certPassphrase = $row["wms_certificatepassphrase"];
+
 		$wmsid = $row["wms_id"];
+	}
 	else{
 		throwE(array("No wms data available."));
 		die();	
@@ -464,7 +468,7 @@
  * @return array array with detailed information about requested wms
  */
 function checkWmsPermission($wms){
-	global $con, $n, $user_id;
+	global $con, $n, $user_id, $certificateFile, $certPassphrase;
 	$myguis = $n->getGuisByPermission($user_id,true);
 	$mywms = $n->getWmsByOwnGuis($myguis);
 
@@ -478,7 +482,9 @@
 		$service["wms_getcapabilities"] = $row["wms_getcapabilities"];	
 		$service["wms_getmap"] = $row["wms_getmap"];
 		$service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
-		$service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+		$service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+		$certificateFile = $row["wms_certificatefile"];
+		$certPassphrase = $row["wms_certificatepassphrase"];
 	}
 	if(!$row || count($mywms) == 0){
 		throwE(array("No wms data available."));
@@ -571,7 +577,13 @@
 	return $ret;
 }
 function getDocumentContent($url){
-	$d = new connector($url);
+	global $certificateFile, $certPassphrase;
+	$d = new connector();
+	if($certificateFile!=="")
+		$d->set("certificateFile", $certificateFile);
+	if($certPassphrase!=="")
+		$d->set("certificatePassphrase", $certPassphrase);
+	$d->load($url);
 	return $d->file;
 }
 ?>
\ No newline at end of file

More information about the Mapbender_commits mailing list