mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
enable use custom file based saml certificate/private key
This commit is contained in:
parent
09190e05ae
commit
4f5374b2e8
|
@ -1043,6 +1043,11 @@ class SettingsController extends Controller
|
|||
$setting->saml_sp_x509cert = $request->input('saml_sp_x509cert');
|
||||
$setting->saml_sp_privatekey = $request->input('saml_sp_privatekey');
|
||||
}
|
||||
if (!empty($request->input('saml_sp_x509certNew'))) {
|
||||
$setting->saml_sp_x509certNew = $request->input('saml_sp_x509certNew');
|
||||
} else {
|
||||
$setting->saml_sp_x509certNew = "";
|
||||
}
|
||||
$setting->saml_custom_settings = $request->input('saml_custom_settings');
|
||||
|
||||
if ($setting->save()) {
|
||||
|
|
|
@ -5,11 +5,13 @@ namespace App\Http\Requests;
|
|||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use OneLogin\Saml2\IdPMetadataParser as OneLogin_Saml2_IdPMetadataParser;
|
||||
use OneLogin\Saml2\Utils as OneLogin_Saml2_Utils;
|
||||
use App\Models\Setting;
|
||||
|
||||
/**
|
||||
* This handles validating and cleaning SAML settings provided by the user.
|
||||
*
|
||||
* @author Johnson Yi <jyi.dev@outlook.com>
|
||||
* @author Michael Pietsch <skywalker-11@mi-pietsch.de>
|
||||
*
|
||||
* @since 5.0.0
|
||||
*/
|
||||
|
@ -55,7 +57,49 @@ class SettingsSamlRequest extends FormRequest
|
|||
}
|
||||
}
|
||||
|
||||
if ($this->input('saml_sp_regenerate_keypair') == '1' || !$this->has('saml_sp_x509cert')) {
|
||||
$was_custom_x509cert = strpos(Setting::getSettings()->saml_custom_settings, 'sp_x509cert') !== false;
|
||||
|
||||
$custom_x509cert='';
|
||||
$custom_privateKey='';
|
||||
$custom_x509certNew='';
|
||||
if (!empty($this->input('saml_custom_settings'))) {
|
||||
$req_custom_settings = preg_split('/\r\n|\r|\n/', $this->input('saml_custom_settings'));
|
||||
$custom_settings = [];
|
||||
|
||||
foreach ($req_custom_settings as $custom_setting) {
|
||||
$split = explode('=', $custom_setting, 2);
|
||||
|
||||
if (count($split) == 2) {
|
||||
$split[0] = trim($split[0]);
|
||||
$split[1] = trim($split[1]);
|
||||
|
||||
if (!empty($split[0])) {
|
||||
$custom_settings[] = implode('=', $split);
|
||||
}
|
||||
if ($split[0] == 'sp_x509cert') {
|
||||
$custom_x509cert = $split[1];
|
||||
} elseif ($split[0] == 'sp_privateKey') {
|
||||
$custom_privateKey = $split[1];
|
||||
} elseif ($split[0] == 'sp_x509certNew') {
|
||||
//to prepare for Key rollover
|
||||
$custom_x509certNew = $split[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->merge(['saml_custom_settings' => implode(PHP_EOL, $custom_settings) . PHP_EOL]);
|
||||
}
|
||||
|
||||
$cert_updated=false;
|
||||
if (!empty($custom_x509cert) && !empty($custom_privateKey)) {
|
||||
// custom certificate and private key are defined
|
||||
$cert_updated=true;
|
||||
$x509 = openssl_x509_read($custom_x509cert);
|
||||
$pkey = openssl_pkey_get_private($custom_privateKey);
|
||||
} elseif ($this->input('saml_sp_regenerate_keypair') == '1' || !$this->has('saml_sp_x509cert') || $was_custom_x509cert) {
|
||||
// key regeneration requested, no certificate defined yet or previous custom certicate was removed
|
||||
error_log("regen");
|
||||
$cert_updated=true;
|
||||
$dn = [
|
||||
"countryName" => "US",
|
||||
"stateOrProvinceName" => "N/A",
|
||||
|
@ -72,11 +116,14 @@ class SettingsSamlRequest extends FormRequest
|
|||
$csr = openssl_csr_new($dn, $pkey, ['digest_alg' => 'sha256']);
|
||||
|
||||
$x509 = openssl_csr_sign($csr, null, $pkey, 3650, ['digest_alg' => 'sha256']);
|
||||
}
|
||||
|
||||
$errors = [];
|
||||
|
||||
if ($cert_updated) {
|
||||
openssl_x509_export($x509, $x509cert);
|
||||
openssl_pkey_export($pkey, $privateKey);
|
||||
|
||||
$errors = [];
|
||||
while (($error = openssl_error_string() !== false)) {
|
||||
$errors[] = $error;
|
||||
}
|
||||
|
@ -89,24 +136,23 @@ class SettingsSamlRequest extends FormRequest
|
|||
}
|
||||
}
|
||||
|
||||
if (!empty($this->input('saml_custom_settings'))) {
|
||||
$req_custom_settings = preg_split('/\r\n|\r|\n/', $this->input('saml_custom_settings'));
|
||||
$custom_settings = [];
|
||||
if ($custom_x509certNew) {
|
||||
$x509New = openssl_x509_read($custom_x509certNew);
|
||||
openssl_x509_export($x509New, $x509certNew);
|
||||
|
||||
foreach ($req_custom_settings as $custom_setting) {
|
||||
$split = explode('=', $custom_setting, 2);
|
||||
|
||||
if (count($split) == 2) {
|
||||
$split[0] = trim($split[0]);
|
||||
$split[1] = trim($split[1]);
|
||||
|
||||
if (!empty($split[0])) {
|
||||
$custom_settings[] = implode('=', $split);
|
||||
}
|
||||
}
|
||||
while (($error = openssl_error_string() !== false)) {
|
||||
$errors[] = $error;
|
||||
}
|
||||
|
||||
$this->merge(['saml_custom_settings' => implode(PHP_EOL, $custom_settings) . PHP_EOL]);
|
||||
if (!empty($x509certNew)) {
|
||||
$this->merge([
|
||||
'saml_sp_x509certNew' => $x509certNew
|
||||
]);
|
||||
}
|
||||
} else {
|
||||
$this->merge([
|
||||
'saml_sp_x509certNew' => ""
|
||||
]);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
@ -140,6 +140,7 @@ class Saml
|
|||
* Builds settings from Snipe-IT for OneLogin_Saml2_Auth.
|
||||
*
|
||||
* @author Johnson Yi <jyi.dev@outlook.com>
|
||||
* @author Michael Pietsch <skywalker-11@mi-pietsch.de>
|
||||
*
|
||||
* @since 5.0.0
|
||||
*
|
||||
|
@ -158,6 +159,11 @@ class Saml
|
|||
data_set($settings, 'sp.singleLogoutService.url', route('saml.sls'));
|
||||
data_set($settings, 'sp.x509cert', $setting->saml_sp_x509cert);
|
||||
data_set($settings, 'sp.privateKey', $setting->saml_sp_privatekey);
|
||||
if(!empty($setting->saml_sp_x509certNew)) {
|
||||
data_set($settings, 'sp.x509certNew', $setting->saml_sp_x509certNew);
|
||||
} else {
|
||||
data_set($settings, 'sp.x509certNew', "");
|
||||
}
|
||||
|
||||
if (!empty(data_get($settings, 'sp.privateKey'))) {
|
||||
data_set($settings, 'security.logoutRequestSigned', true);
|
||||
|
@ -210,7 +216,6 @@ class Saml
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->_settings = $settings;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
class AddSamlKeyRollover extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::table('settings', function(Blueprint $table) {
|
||||
$table->text('saml_sp_x509certNew')->nullable()->default(NULL);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::table('settings', function(Blueprint $table) {
|
||||
$table->dropColumn('saml_sp_x509certNew');
|
||||
});
|
||||
}
|
||||
}
|
|
@ -145,7 +145,9 @@
|
|||
{{ Form::label('saml_custom_settings', trans('admin/settings/general.saml_custom_settings')) }}
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
{{ Form::textarea('saml_custom_settings', old('saml_custom_settings', $setting->saml_custom_settings), ['class' => 'form-control','placeholder' => 'example.option=false', 'wrap' => 'off', $setting->demoMode]) }}
|
||||
{{ Form::textarea('saml_custom_settings', old('saml_custom_settings', $setting->saml_custom_settings), ['class' => 'form-control','placeholder' => 'example.option=false
|
||||
sp_x509cert=file:///...
|
||||
sp_private_key=file:///', 'wrap' => 'off', $setting->demoMode]) }}
|
||||
<p class="help-block">{{ trans('admin/settings/general.saml_custom_settings_help') }}</p>
|
||||
{!! $errors->first('saml_custom_settings', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue