AIRAVATA-2342 Setting cafile_path for all Keycloak API calls
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/12bcfca3 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/12bcfca3 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/12bcfca3 Branch: refs/heads/develop Commit: 12bcfca3e7c820188dc2c12a709b874c39995730 Parents: 9f754b2 Author: Marcus Christie <[email protected]> Authored: Wed May 24 17:32:34 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Wed May 24 17:32:34 2017 -0400 ---------------------------------------------------------------------- app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php | 6 ++++-- app/libraries/Keycloak/Keycloak.php | 8 ++++---- app/libraries/Keycloak/KeycloakUtil.php | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/12bcfca3/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php index 9f9740f..93e7f7d 100644 --- a/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php +++ b/app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php @@ -12,16 +12,18 @@ class BaseKeycloakAPIEndpoint { protected $admin_username; protected $admin_password; protected $verify_peer; + protected $cafile_path; - function __construct($base_endpoint_url, $admin_username, $admin_password, $verify_peer) { + function __construct($base_endpoint_url, $admin_username, $admin_password, $verify_peer, $cafile_path) { $this->base_endpoint_url = $base_endpoint_url; $this->admin_username = $admin_username; $this->admin_password = $admin_password; $this->verify_peer = $verify_peer; + $this->cafile_path = $cafile_path; } protected function getAPIAccessToken($realm) { - return KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $realm, $this->admin_username, $this->admin_password, $this->verify_peer); + return KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $realm, $this->admin_username, $this->admin_password, $this->verify_peer, $this->cafile_path); } } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/12bcfca3/app/libraries/Keycloak/Keycloak.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php index 6a7ecad..7f0d511 100644 --- a/app/libraries/Keycloak/Keycloak.php +++ b/app/libraries/Keycloak/Keycloak.php @@ -49,9 +49,9 @@ class Keycloak { $this->admin_password = $admin_password; $this->gateway_id = $gateway_id; - $this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password, $verify_peer); - $this->roles = new Roles($base_endpoint_url, $admin_username, $admin_password, $verify_peer); - $this->users = new Users($base_endpoint_url, $admin_username, $admin_password, $verify_peer); + $this->role_mapper = new RoleMapper($base_endpoint_url, $admin_username, $admin_password, $verify_peer, $this->cafile_path); + $this->roles = new Roles($base_endpoint_url, $admin_username, $admin_password, $verify_peer, $this->cafile_path); + $this->users = new Users($base_endpoint_url, $admin_username, $admin_password, $verify_peer, $this->cafile_path); } /** @@ -401,7 +401,7 @@ class Keycloak { public function getAdminAuthzToken() { - $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer); + $access_token = KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $this->realm, $this->admin_username, $this->admin_password, $this->verify_peer, $this->cafile_path); $authzToken = new \Airavata\Model\Security\AuthzToken(); $authzToken->accessToken = $access_token; $authzToken->claimsMap['gatewayID'] = $this->gateway_id; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/12bcfca3/app/libraries/Keycloak/KeycloakUtil.php ---------------------------------------------------------------------- diff --git a/app/libraries/Keycloak/KeycloakUtil.php b/app/libraries/Keycloak/KeycloakUtil.php index ce5e779..6628052 100644 --- a/app/libraries/Keycloak/KeycloakUtil.php +++ b/app/libraries/Keycloak/KeycloakUtil.php @@ -6,7 +6,7 @@ use Log; class KeycloakUtil { - public static function getAPIAccessToken($base_endpoint_url, $realm, $admin_username, $admin_password, $verify_peer) { + public static function getAPIAccessToken($base_endpoint_url, $realm, $admin_username, $admin_password, $verify_peer, $cafile_path) { // http://www.keycloak.org/docs/2.5/server_development/topics/admin-rest-api.html // curl -d client_id=admin-cli -d username=username \ @@ -16,6 +16,7 @@ class KeycloakUtil { curl_setopt($r, CURLOPT_RETURNTRANSFER, 1); curl_setopt($r, CURLOPT_ENCODING, 1); curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $verify_peer); + curl_setopt($r, CURLOPT_CAINFO, $cafile_path); // Assemble POST parameters for the request. $post_fields = "client_id=admin-cli&username=" . urlencode($admin_username) . "&password=" . urlencode($admin_password) . "&grant_type=password";
