public function validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew = false)
{
phpCAS::traceBegin();
phpCAS::trace($text_response);
$result = false;
// build the URL to validate the ticket
if ($this->getAllowedProxyChains()->isProxyingAllowed()) {
$validate_url = $this->getServerProxyValidateURL() . '&ticket=' . urlencode($this->getTicket());
} else {
$validate_url = $this->getServerServiceValidateURL() . '&ticket=' . urlencode($this->getTicket());
}
if ($this->isProxy()) {
// pass the callback url for CAS proxies
$validate_url .= '&pgtUrl=' . urlencode($this->_getCallbackURL());
}
if ($renew) {
// pass the renew
$validate_url .= '&renew=true';
}
// open and read the URL
if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
phpCAS::trace('could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')');
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, true);
$result = false;
}
// create new DOMDocument object
$dom = new DOMDocument();
// Fix possible whitspace problems
$dom->preserveWhiteSpace = false;
// CAS servers should only return data in utf-8
$dom->encoding = "utf-8";
// read the response of the CAS server into a DOMDocument object
if (!$dom->loadXML($text_response)) {
// read failed
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
if (!($tree_response = $dom->documentElement)) {
// read the root node of the XML tree
// read failed
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
if ($tree_response->localName != 'serviceResponse') {
// insure that tag name is 'serviceResponse'
// bad root node
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
// authentication succeded, extract the user name
$success_elements = $tree_response->getElementsByTagName("authenticationSuccess");
if ($success_elements->item(0)->getElementsByTagName("user")->length == 0) {
// no user specified => error
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, true, $text_response);
$result = false;
} else {
$this->_setUser(trim($success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue));
$this->_readExtraAttributesCas20($success_elements);
// Store the proxies we are sitting behind for authorization checking
$proxyList = array();
if (sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
foreach ($arr as $proxyElem) {
phpCAS::trace("Found Proxy: " . $proxyElem->nodeValue);
$proxyList[] = trim($proxyElem->nodeValue);
}
$this->_setProxies($proxyList);
phpCAS::trace("Storing Proxy List");
}
// Check if the proxies in front of us are allowed
if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
throw new CAS_AuthenticationException($this, 'Proxy not allowed', $validate_url, false, true, $text_response);
$result = false;
} else {
$result = true;
}
}
} else {
if ($tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
// authentication succeded, extract the error code and message
$auth_fail_list = $tree_response->getElementsByTagName("authenticationFailure");
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, false, $text_response, $auth_fail_list->item(0)->getAttribute('code'), trim($auth_fail_list->item(0)->nodeValue));
$result = false;
} else {
throw new CAS_AuthenticationException($this, 'Ticket not validated', $validate_url, false, true, $text_response);
$result = false;
}
}
}
}
}
if ($result) {
$this->_renameSession($this->getTicket());
}
// at this step, Ticket has been validated and $this->_user has been set,
phpCAS::traceEnd($result);
return $result;
}
