Merge pull request #23 from pajavyskocil/IdPListServiceDB

IdPListsServiceDB

Author: tauceti2

config-templates/module_perun.php

@@ -39,6 +39,12 @@
 	 */
 	//'disco.disableWhitelisting' => true,
 
+	/**
+	 * specify which type of IdPListService will be used
+	 * Expected values: csv, db
+	 */
+	'idpListServiceType' => '',
+
 	/**
 	 * Specify prefix for filtering AuthnContextClassRef
 	 * All AuthnContextClassRef values starts with this prefix will be removed before the request will be send to IdP

config-templates/module_perun_idpListsServiceDB.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ * This is example configuration for connection to database with whitelist/greylist
+ * Copy this file to default config directory and edit the properties.
+ *
+ * @author Pavel Vyskočil <[email protected]>
+ */
+$config = array(
+
+	/*
+	 * Fill the serverName
+	 */
+	'serverName' => 'localhost',
+
+	/*
+	 * If you want to use the default port, please comment this option
+	 */
+	'port' => 3306,
+
+	/*
+	 * Fill the user name
+	 */
+	'userName' => 'proxy',
+
+	/*
+	 * Fill the password
+	 */
+	'password' => 'passwd',
+
+	/*
+	 * Fill the database name
+	 */
+	'databaseName' => 'Proxy',
+
+	/*
+	 * Fill the table name for whiteList
+	 */
+	'whiteListTableName' => 'whiteList',
+
+	/*
+	 * Fill the table name for greyList
+	 */
+	'greyListTableName' => 'greyList',
+
+	/*
+	 * Fill true, if your SQL Server used encrypted connections. False if not
+	 */
+	'encryption' => true/false,
+
+	/*
+	 * The path name to the certificate authority file.
+	 *
+	 * If your SQL Server used encrypted connections, you must fill this option.
+	 */
+	'ssl_ca' => '/example/ca.pem',
+
+	/*
+	 * The path name to the certificate file.
+	 *
+	 * If your SQL Server used encrypted connections, you must fill this option.
+	 */
+	'ssl_cert_path' => '/example/cert.pem',
+
+	/*
+	 * The path name to the key file.
+	 *
+	 * If your SQL Server used encrypted connections, you must fill this option.
+	 */
+	'ssl_key_path' => '/example/key.pem',
+
+	/*
+	 * The pathname to a directory that contains trusted SSL CA certificates in PEM format.
+	 *
+	 * If your SQL Server used encrypted connections, you must fill this option.
+	 */
+	'ssl_ca_path' => '/etc/ssl',
+
+);

config-templates/tables.sql

@@ -0,0 +1,16 @@
+-- Script for creating tables
+CREATE TABLE whiteList (
+	date DATETIME NOT NULL DEFAULT current_timestamp,
+	entityId VARCHAR(255) NOT NULL,
+	reason VARCHAR(255),
+	INDEX (entityId),
+	PRIMARY KEY (entityId)
+);
+
+CREATE TABLE greyList (
+	date DATETIME NOT NULL DEFAULT current_timestamp,
+	entityId VARCHAR(255) NOT NULL,
+	reason VARCHAR(255),
+	INDEX (entityId),
+	PRIMARY KEY (entityId)
+);

lib/DatabaseCommand.php

@@ -0,0 +1,177 @@
+<?php
+include("DatabaseConnector.php");
+/**
+ * Class for working with Database
+ *
+ * @author Pavel Vyskočil <[email protected]>
+ */
+class DatabaseCommand
+{
+
+	const WHITELIST = "whiteList";
+	const GREYLIST = "greyList";
+
+	/**
+	 * Function returns array of all IdPs in whitelist/greylist
+	 * @param string $tableName 'whitelist' or 'greylist'
+	 * @return array of all IdPs, every IdP is represents as array
+	 */
+	public static function getAllIdps($tableName) {
+		$databaseConnector = new DatabaseConnector();
+		$conn = $databaseConnector->getConnection();
+		$whiteListTableName = $databaseConnector->getWhiteListTableName();
+		$greyListTableName = $databaseConnector->getGreyListTableName();
+		$table = null;
+		$listOfIdPs = array();
+		assert($conn != NULL);
+
+		if ($tableName == self::WHITELIST) {
+			$table = $whiteListTableName;
+		} else if ($tableName == self::GREYLIST) {
+			$table = $greyListTableName;
+		}
+
+		$stmt = $conn->prepare("SELECT * FROM " . $table);
+
+		if ($stmt) {
+			$ex =$stmt->execute();
+			if ($ex === false) {
+				SimpleSAML\Logger::error("Error during select all from " . $table);
+			}
+
+			$stmt->bind_result($timestamp, $entityId, $reason);
+			while ($stmt->fetch()) {
+				$idp = array();
+				$idp['timestamp'] = $timestamp;
+				$idp['entityid'] = $entityId;
+				$idp['reason'] = $reason;
+				array_push($listOfIdPs, $idp);
+			}
+
+			$stmt->close();
+		} else {
+			SimpleSAML\Logger::error("Error during preparing statement");
+		}
+
+		$conn->close();
+		return $listOfIdPs;
+	}
+
+	/**
+	 * Function returns array of all entityId in whitelist/greylist
+	 * @param string $tableName 'whitelist' or 'greylist'
+	 * @return array of entityIds
+	 */
+	public static function getAllEntityIds($tableName) {
+		$databaseConnector = new DatabaseConnector();
+		$conn = $databaseConnector->getConnection();
+		$whiteListTableName = $databaseConnector->getWhiteListTableName();
+		$greyListTableName = $databaseConnector->getGreyListTableName();
+		$table = null;
+		$listOfIdPs = array();
+		assert($conn != NULL);
+
+		if ($tableName == self::WHITELIST) {
+			$table = $whiteListTableName;
+		} else if ($tableName == self::GREYLIST) {
+			$table = $greyListTableName;
+		}
+
+		$stmt = $conn->prepare("SELECT * FROM " . $table);
+
+		if ($stmt) {
+			$ex =$stmt->execute();
+			if ($ex === false) {
+				SimpleSAML\Logger::error("Error during select all entityIds from " . $table);
+			}
+
+			$stmt->bind_result($timestamp, $entityId, $reason);
+			while ($stmt->fetch()) {
+				array_push($listOfIdPs, $entityId);
+			}
+
+			$stmt->close();
+		} else {
+			SimpleSAML\Logger::error("Error during preparing statement");
+		}
+
+		$conn->close();
+		return $listOfIdPs;
+	}
+
+
+	/**
+	 * Function inserts the line into table with $tableName
+	 * @param string $tableName  'whitelist' or 'greylist'
+	 * @param string $entityId
+	 * @param string $reason
+	 */
+	public static function insertTolist($tableName, $entityId, $reason) {
+		$databaseConnector = new DatabaseConnector();
+		$conn = $databaseConnector->getConnection();
+		$whiteListTableName = $databaseConnector->getWhiteListTableName();
+		$greyListTableName = $databaseConnector->getGreyListTableName();
+		$table = null;
+		assert($conn != NULL);
+
+		if ($tableName == self::WHITELIST) {
+			$table = $whiteListTableName;
+		} else if ($tableName == self::GREYLIST) {
+			$table = $greyListTableName;
+		}
+
+		$stmt = $conn->prepare("INSERT INTO " . $table . " (entityId, reason) VALUES (?, ?)");
+
+		if ($stmt) {
+			$stmt->bind_param("ss", $entityId, $reason);
+			$ex =$stmt->execute();
+			if ($ex === false) {
+				SimpleSAML\Logger::error("Error during inserting entityId " . $entityId . " into " . $table);
+			}
+
+			SimpleSAML\Logger::debug("EntityId " . $entityId . " was inserted into " . $table);
+			$stmt->close();
+		} else {
+			SimpleSAML\Logger::error("Error during preparing statement");
+		}
+
+		$conn->close();
+	}
+
+	/**
+	 * Function deletes the line from table with $tableName and $entityID
+	 * @param string $tableName 'whitelist' or 'greylist'
+	 * @param string $entityId
+	 */
+	public static function deleteFromList($tableName, $entityId) {
+		$databaseConnector = new DatabaseConnector();
+		$conn = $databaseConnector->getConnection();
+		$whiteListTableName = $databaseConnector->getWhiteListTableName();
+		$greyListTableName = $databaseConnector->getGreyListTableName();
+		$table = null;
+		assert($conn != NULL);
+
+		if ($tableName == self::WHITELIST) {
+			$table = $whiteListTableName;
+		} else if ($tableName == self::GREYLIST) {
+			$table = $greyListTableName;
+		}
+
+		$stmt = $conn->prepare("DELETE FROM " . $table . " WHERE entityId=?");
+
+		if ($stmt) {
+			$stmt->bind_param("s", $entityId);
+			$ex =$stmt->execute();
+			if ($ex === false) {
+				SimpleSAML\Logger::error("Error during deleting entityId " . $entityId . " from " . $table);
+			}
+
+			SimpleSAML\Logger::debug("EntityId " . $entityId . " was deleted from " . $table);
+			$stmt->close();
+		} else {
+			SimpleSAML\Logger::error("Error during preparing statement");
+		}
+
+		$conn->close();
+	}
+}

lib/DatabaseConnector.php

@@ -0,0 +1,96 @@
+<?php
+/**
+ * Class for getting connection to DB
+ *
+ * @author Pavel Vyskočil <[email protected]>
+ */
+class databaseConnector
+{
+	private $serverName;
+	private $port;
+	private $username;
+	private $password;
+	private $databaseName;
+	private $whitelistTableName;
+	private $greyListTableName;
+	private $encryption;
+	private $sslCA;
+	private $sslCert;
+	private $sslKey;
+	private $sslCAPath;
+
+	const CONFIG_FILE_NAME = 'module_perun_idpListsServiceDB.php';
+	const SERVER = 'serverName';
+	const PORT = 'port';
+	const USER = 'userName';
+	const PASSWORD = 'password';
+	const DATABASE = 'databaseName';
+	const WHITELIST_TABLE_NAME = 'whiteListTableName';
+	const GREYLIST_TABLE_NAME = 'greyListTableName';
+	const ENCRYPTION = 'encryption';
+	const SSL_CA = 'ssl_ca';
+	const SSL_CERT = 'ssl_cert_path';
+	const SSL_KEY = 'ssl_key_path';
+	const SSL_CA_PATH = 'ssl_ca_path';
+
+
+	public function __construct()
+	{
+		$conf = SimpleSAML_Configuration::getConfig(self::CONFIG_FILE_NAME);
+		$this->serverName = $conf->getString(self::SERVER);
+		$this->port = $conf->getInteger(self::PORT, null);
+		$this->username = $conf->getString(self::USER);
+		$this->password = $conf->getString(self::PASSWORD);
+		$this->databaseName = $conf->getString(self::DATABASE);
+		$this->whitelistTableName = $conf->getString(self::WHITELIST_TABLE_NAME);
+		$this->greyListTableName = $conf->getString(self::GREYLIST_TABLE_NAME);
+		$this->encryption = $conf->getBoolean(self::ENCRYPTION);
+		$this->sslCA = $conf->getString(self::SSL_CA);
+		$this->sslCert = $conf->getString(self::SSL_CERT);
+		$this->sslKey = $conf->getString(self::SSL_KEY);
+		$this->sslCAPath = $conf->getString(self::SSL_CA_PATH);
+	}
+
+	/**
+	 * Function returns the connection to db
+	 * @return mysqli connection
+	 */
+	public function getConnection()
+	{
+		$conn = mysqli_init();
+		if ($this->encryption === true) {
+			SimpleSAML_Logger::debug("Getting connection with encryption.");
+			mysqli_ssl_set($conn, $this->sslKey, $this->sslCert, $this->sslCA, $this->sslCAPath, null);
+			if ($this->port === null) {
+				mysqli_real_connect($conn, $this->serverName, $this->username, $this->password, $this->databaseName);
+			} else {
+				mysqli_real_connect($conn, $this->serverName, $this->username, $this->password, $this->databaseName, $this->port);
+			}
+		} else {
+			if ($this->port === null) {
+				mysqli_real_connect($conn, $this->serverName, $this->username, $this->password, $this->databaseName);
+			} else {
+				mysqli_real_connect($conn, $this->serverName, $this->username, $this->password, $this->databaseName, $this->port);
+			}
+		}
+		return $conn;
+	}
+
+	/**
+	 * Function returns name of table for whitelist
+	 * @return mixed whitelist table name
+	 */
+	public function getWhiteListTableName()
+	{
+		return $this->whitelistTableName;
+	}
+
+	/**
+	 * Function returns name of table for greylist
+	 * @return mixed whitelist table name
+	 */
+	public function getGreyListTableName()
+	{
+		return $this->greyListTableName;
+	}
+}