-
Notifications
You must be signed in to change notification settings - Fork 135
/
setup.php
67 lines (58 loc) · 2.52 KB
/
setup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Common setup.
*
* @package auth_saml2
* @copyright Brendan Heywood <[email protected]>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
use auth_saml2\event\cert_regenerated;
require_once(__DIR__ . '/setuplib.php');
global $CFG, $saml2auth;
// Tell SSP that we are on 443 if we are terminating SSL elsewhere.
if (isset($CFG->sslproxy) && $CFG->sslproxy) {
$_SERVER['SERVER_PORT'] = '443';
}
$saml2auth = new \auth_saml2\auth();
// Auto create unique certificates for this moodle SP.
//
// This is one area which many SSP instances get horridly wrong and leave the
// default certificates which is very insecure. Here we create a customized
// cert/key pair just-in-time. If for some reason you do want to use existing
// files then just copy them over the files in /sitedata/saml2/.
$saml2auth->get_saml2_directory(); // It will create it if needed.
$missingcertpem = !file_exists($saml2auth->certpem);
$missingcertcrt = !file_exists($saml2auth->certcrt);
if ($missingcertpem || $missingcertcrt) {
// Could not find one or both certificates. Log an error.
$errorstring = "";
$missingcertpem ? $errorstring .= "= Missing cert pem file! =\n" : null;
$missingcertcrt ? $errorstring .= "= Missing cert crt file! = \n" : null;
$errorstring .= "Now regenerating saml2 certificates...";
if (!(PHPUNIT_TEST || (defined('BEHAT_TEST') && BEHAT_TEST) ||
defined('BEHAT_SITE_RUNNING'))) {
debugging($errorstring);
}
try {
create_certificates($saml2auth);
} catch (saml2_exception $exception) {
debugging($exception->getMessage(), DEBUG_DEVELOPER, $exception->getTrace());
}
cert_regenerated::create(['other' => ['reason' => $errorstring]])->trigger();
}
SimpleSAML\Configuration::setConfigDir("$CFG->dirroot/auth/saml2/config");