You are here

class SamlSpSubscriber in SAML Service Provider 3.x

Same name and namespace in other branches
  1. 8.3 src/EventSubscriber/SamlSpSubscriber.php \Drupal\saml_sp\EventSubscriber\SamlSpSubscriber
  2. 8.2 src/EventSubscriber/SamlSpSubscriber.php \Drupal\saml_sp\EventSubscriber\SamlSpSubscriber
  3. 4.x src/EventSubscriber/SamlSpSubscriber.php \Drupal\saml_sp\EventSubscriber\SamlSpSubscriber

Subscribes to relevant events.

Hierarchy

  • class \Drupal\saml_sp\EventSubscriber\SamlSpSubscriber implements \Symfony\Component\EventDispatcher\EventSubscriberInterface

Expanded class hierarchy of SamlSpSubscriber

1 string reference to 'SamlSpSubscriber'
saml_sp.services.yml in ./saml_sp.services.yml
saml_sp.services.yml
1 service uses SamlSpSubscriber
saml_sp_event_subscriber in ./saml_sp.services.yml
Drupal\saml_sp\EventSubscriber\SamlSpSubscriber

File

src/EventSubscriber/SamlSpSubscriber.php, line 16

Namespace

Drupal\saml_sp\EventSubscriber
View source
class SamlSpSubscriber implements EventSubscriberInterface {

  /**
   * Checks to be sure the certificate has not expired.
   */
  public function checkForCertExpiration(GetResponseEvent $event) {
    $config = \Drupal::config('saml_sp.settings');
    $user = \Drupal::currentUser();
    if ($user
      ->hasPermission('configure saml sp') && function_exists('openssl_x509_parse') && !empty($config
      ->get('cert_location')) && file_exists($config
      ->get('cert_location'))) {
      $encoded_cert = trim(file_get_contents($config
        ->get('cert_location')));
      $cert = openssl_x509_parse(Utils::formatCert($encoded_cert));
      $test_time = \Drupal::time()
        ->getRequestTime();
      if ($cert['validTo_time_t'] < $test_time) {
        $markup = new TranslatableMarkup('Your site\'s SAML certificate is expired. Please replace it with another certificate and request an update to your Relying Party Trust (RPT). You can enter in a location for the new certificate/key pair on the <a href="@url">SAML Service Providers</a> page. Until the certificate/key pair is replaced your SAML authentication service will not function.', [
          '@url' => Url::fromRoute('saml_sp.admin')
            ->toString(),
        ]);
        \Drupal::messenger()
          ->addMessage($markup, MessengerInterface::TYPE_ERROR, FALSE);
      }
      elseif ($cert['validTo_time_t'] - $test_time < 60 * 60 * 24 * 30) {
        $markup = new TranslatableMarkup('Your site\'s SAML certificate will expire in %interval. Please replace it with another certificate and request an update to your Relying Party Trust (RPT). You can enter in a location for the new certificate/key pair on the <a href="@url">SAML Service Providers</a> page. Failure to update this certificate and update the Relying Party Trust (RPT) will result in the SAML authentication service not working.', [
          '%interval' => \Drupal::service('date.formatter')
            ->formatInterval($cert['validTo_time_t'] - $test_time, 2),
          '@url' => Url::fromRoute('saml_sp.admin')
            ->toString(),
        ]);
        \Drupal::messenger()
          ->addMessage($markup, MessengerInterface::TYPE_WARNING, FALSE);
      }
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {
    $events[KernelEvents::REQUEST][] = [
      'checkForCertExpiration',
    ];
    return $events;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SamlSpSubscriber::checkForCertExpiration public function Checks to be sure the certificate has not expired.
SamlSpSubscriber::getSubscribedEvents public static function