From 826513b42654ca09e0c3260545b287c5392c8636 Mon Sep 17 00:00:00 2001
From: Markus Wisgrill <markus@wisgrill.de>
Date: Sat, 21 Dec 2024 23:30:42 +0100
Subject: [PATCH 1/2] verify-peer implemented for self signed certificates on
 keycloak

---
 Keycloak.php         | 11 ++++++++++-
 conf/default.php     |  1 +
 conf/metadata.php    |  1 +
 lang/en/settings.php |  1 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Keycloak.php b/Keycloak.php
index 624970d..4456f56 100644
--- a/Keycloak.php
+++ b/Keycloak.php
@@ -40,7 +40,16 @@ public function getEndpoint(string $endpoint)
     {
         if (!isset($this->discovery)) {
             $plugin = plugin_load('helper', 'oauthkeycloak');
-            $json = file_get_contents($plugin->getConf('openidurl'));
+
+            // wmwm fix certificate error
+            $context = stream_context_create([
+                'ssl' => [
+                    'verify_peer' => $plugin->getConf('verify-peer')
+                  ]
+                ]);
+            $json = file_get_contents($plugin->getConf('openidurl'), false, $context);
+
+            // $json = file_get_contents($plugin->getConf('openidurl'));
             if (!$json) throw new \Exception('Failed accessing ' . $plugin->getConf('openidurl'));
             $this->discovery = json_decode($json, true);
         }
diff --git a/conf/default.php b/conf/default.php
index b4b5185..6a0d594 100644
--- a/conf/default.php
+++ b/conf/default.php
@@ -8,6 +8,7 @@
 $conf['secret'] = '';
 
 $conf['openidurl'] = '';
+$conf['verify-peer'] = 1;
 
 $conf['label'] = 'Keycloak';
 $conf['color'] = '#333333';
diff --git a/conf/metadata.php b/conf/metadata.php
index f94d3e3..a945fc2 100644
--- a/conf/metadata.php
+++ b/conf/metadata.php
@@ -8,6 +8,7 @@
 $meta['secret'] = array('password');
 
 $meta['openidurl'] = array('string');
+$meta['verify-peer']  = array('onoff','_caution' => 'security');
 
 $meta['label'] = array('string');
 $meta['color'] = array('string');
diff --git a/lang/en/settings.php b/lang/en/settings.php
index 8b9419b..da624f8 100644
--- a/lang/en/settings.php
+++ b/lang/en/settings.php
@@ -9,6 +9,7 @@
 $lang['key'] = 'Client ID';
 $lang['secret'] = 'Cient Secret';
 $lang['openidurl'] = 'OpenID Connect Auto Discovery URL';
+$lang['verify-peer'] = 'Verification of SSL certificate is required.';
 
 $lang['label'] = 'Label to display on the login button';
 $lang['color'] = 'Color to use with the login button';

From 860992d02f653dbac93e68dbad62d9c621403b5e Mon Sep 17 00:00:00 2001
From: wisgrill <105050684+wisgrill@users.noreply.github.com>
Date: Sat, 21 Dec 2024 23:33:52 +0100
Subject: [PATCH 2/2] remove comments

---
 Keycloak.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Keycloak.php b/Keycloak.php
index 4456f56..01e59bc 100644
--- a/Keycloak.php
+++ b/Keycloak.php
@@ -41,7 +41,6 @@ public function getEndpoint(string $endpoint)
         if (!isset($this->discovery)) {
             $plugin = plugin_load('helper', 'oauthkeycloak');
 
-            // wmwm fix certificate error
             $context = stream_context_create([
                 'ssl' => [
                     'verify_peer' => $plugin->getConf('verify-peer')
@@ -49,7 +48,6 @@ public function getEndpoint(string $endpoint)
                 ]);
             $json = file_get_contents($plugin->getConf('openidurl'), false, $context);
 
-            // $json = file_get_contents($plugin->getConf('openidurl'));
             if (!$json) throw new \Exception('Failed accessing ' . $plugin->getConf('openidurl'));
             $this->discovery = json_decode($json, true);
         }