1<?php
2
3/*
4 * This file is part of the Symfony package.
5 *
6 * (c) Fabien Potencier <fabien@symfony.com>
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12namespace Symfony\Component\Security\Http\Firewall;
13
14use Psr\Log\LoggerInterface;
15use Symfony\Component\EventDispatcher\EventDispatcherInterface;
16use Symfony\Component\HttpFoundation\Request;
17use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
18use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
19use Symfony\Component\Security\Core\Exception\BadCredentialsException;
20
21/**
22 * X509 authentication listener.
23 *
24 * @author Fabien Potencier <fabien@symfony.com>
25 */
26class X509AuthenticationListener extends AbstractPreAuthenticatedListener
27{
28    private $userKey;
29    private $credentialKey;
30
31    public function __construct(TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, $userKey = 'SSL_CLIENT_S_DN_Email', $credentialKey = 'SSL_CLIENT_S_DN', LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
32    {
33        parent::__construct($tokenStorage, $authenticationManager, $providerKey, $logger, $dispatcher);
34
35        $this->userKey = $userKey;
36        $this->credentialKey = $credentialKey;
37    }
38
39    /**
40     * {@inheritdoc}
41     */
42    protected function getPreAuthenticatedData(Request $request)
43    {
44        $user = null;
45        if ($request->server->has($this->userKey)) {
46            $user = $request->server->get($this->userKey);
47        } elseif (
48            $request->server->has($this->credentialKey)
49            && preg_match('#emailAddress=([^,/@]++@[^,/]++)#', $request->server->get($this->credentialKey), $matches)
50        ) {
51            $user = $matches[1];
52        }
53
54        if (null === $user) {
55            throw new BadCredentialsException(sprintf('SSL credentials not found: "%s", "%s".', $this->userKey, $this->credentialKey));
56        }
57
58        return [$user, $request->server->get($this->credentialKey, '')];
59    }
60}
61