email = $x509Data->email; $identity->name = $x509Data->name; $identity->surname = $x509Data->surname; $identity->typedId = $x509Data->serialNumber; $identity->institution = $x509Data->institution; $user->addIdentity($identity); $userHandler->saveUser($user); $session->x509DataToRegister = null; $session->save(); return $user; } /** * We want to extract name and surname from the X.509 certificate, however X.509 * puts name and surname together (inside the CN field). * If name and surname are single words it is possible to retrieve them splitting * on the space character, otherwise the user has to choose the correct combination. * In that case partial X.509 data is temporarily stored into the user session and * the page views/x509-name-surname.php is shown to the user before completing the * registration, in order to allow him/her selecting the correct name and surname. */ if ($session->x509DataToRegister !== null && $session->x509DataToRegister->name !== null) { $user = saveUserFromX509Data($session->x509DataToRegister); } else { if (isset($_SERVER['SSL_CLIENT_VERIFY']) && isset($_SERVER['SSL_CLIENT_V_REMAIN']) && $_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' && $_SERVER['SSL_CLIENT_V_REMAIN'] > 0) { $x509Data = RAP\X509Data::parse($_SERVER); $user = $userHandler->findUserByIdentity(RAP\Identity::X509, $x509Data->serialNumber); if ($user === null) { if ($x509Data->name === null) { $session->x509DataToRegister = $x509Data; $session->save(); header('Location: ' . $BASE_PATH . '/x509-name-surname'); die(); } else { $user = saveUserFromX509Data($x509Data); } } } else { http_response_code(500); die("Unable to verify client certificate"); } } $auditLog->info("LOGIN,X.509," . $user->id); $callbackHandler->manageLoginRedirect($user, $session);