forked from catalyst/moodle-auth_saml2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup.php
76 lines (65 loc) · 2.79 KB
/
setup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Common setup.
*
* @package auth_saml2
* @copyright Brendan Heywood <[email protected]>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
use auth_saml2\event\cert_regenerated;
require_once(__DIR__ . '/setuplib.php');
global $CFG, $saml2auth;
// Tell SSP that we are on 443 if we are terminating SSL elsewhere.
if (isset($CFG->sslproxy) && $CFG->sslproxy) {
$_SERVER['SERVER_PORT'] = '443';
}
$saml2auth = new auth_plugin_saml2();
// Auto create unique certificates for this moodle SP.
//
// This is one area which many SSP instances get horridly wrong and leave the
// default certificates which is very insecure. Here we create a customized
// cert/key pair just-in-time. If for some reason you do want to use existing
// files then just copy them over the files in /sitedata/saml2/.
$saml2auth->get_saml2_directory(); // It will create it if needed.
$missingcertpem = !file_exists($saml2auth->certpem);
$missingcertcrt = !file_exists($saml2auth->certcrt);
if ($missingcertpem || $missingcertcrt) {
// Could not find one or both certificates. Log an error.
$errorstring = "";
$missingcertpem ? $errorstring .= "= Missing cert pem file! =\n" : null;
$missingcertcrt ? $errorstring .= "= Missing cert crt file! = \n" : null;
$errorstring .= "Now regenerating saml2 certificates...";
// @codingStandardsIgnoreStart
if (!PHPUNIT_TEST) { // Don't clutter the unit test output with this error_log message.
error_log($errorstring);
}
// @codingStandardsIgnoreEnd
cert_regenerated::create(['other' => ['reason' => $errorstring]])->trigger();
$error = '';
try {
create_certificates($saml2auth);
} catch (saml2_exception $exception) {
$error = $exception->getMessage() . $exception->getTraceAsString();
}
if ($error && !PHPUNIT_TEST) { // Don't clutter the unit test output with this error_log message.
// @codingStandardsIgnoreStart
error_log($error);
// @codingStandardsIgnoreEnd
}
}
SimpleSAML\Configuration::setConfigDir("$CFG->dirroot/auth/saml2/config");