ConfAssistant - Code Metrics - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

ConfAssistant
last analyzed 2024-12-20 12:44 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	199
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	0
eloc	72
c	0
b	0
f	0
dl	0
loc	199

<?php

/*
 * *****************************************************************************
 * Contributions to this work were made on behalf of the GÉANT project, a 
 * project that has received funding from the European Union’s Framework 
 * Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
 * Horizon 2020 research and innovation programme under Grant Agreements No. 
 * 691567 (GN4-1) and No. 731122 (GN4-2).
 * On behalf of the aforementioned projects, GEANT Association is the sole owner
 * of the copyright in all material which was developed by a member of the GÉANT
 * project. GÉANT Vereniging (Association) is registered with the Chamber of 
 * Commerce in Amsterdam with registration number 40535155 and operates in the 
 * UK as a branch of GÉANT Vereniging.
 * 
 * Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. 
 * UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
 *
 * License: see the web/copyright.inc.php file in the file structure or
 *          <base_url>/copyright.php after deploying the software
 */
?>
<?php

/**
 * This is the main (and currently: only) configuration file for CAT
 *
 * @package Configuration
 */

namespace config;

/**
 * This classes' members hold the configuration for CAT
 *
 * @author Stefan Winter <[email protected]>
 * @author Tomasz Wolniewicz <[email protected]>
 *
 * @package Configuration
 */
class ConfAssistant
{

    /**
     * Defines various general parameters of the roaming consortium.
     * name: the display name of the consortium
     * ssid: an array of default SSIDs for this consortium; they are automatically added to all installers.
     * interworking-consortium-oi: Organisation Identifier of the roaming consortium for Interworking/Hotspot 2.0; 
     *                             a profile with these OIs will be added to all installers
     * interworking-domainname-fallback: This will be used in Windows installers for the DomainName setting if
     *                             the IdP configuration does not supply its own realm
     * homepage: URL of the consortium's general homepage.
     * signer_name: if installers are configured for digital signature, this parameter should contain the "O" name
     *           in the certificate. If left empty, signatures are not advertised even if configured and working
     * allow_self_service_registration: if set to NULL, federation admins need to invite new inst admins manually
     *                                  if set to a federation ID string, e.g. "DE" for Germany, new admins can
     *                                  self-register and will be put into that federation.
     * registration_API_keys: allows select federations to make bulk registrations for new IdPs (e.g. if they have
     *                        an own, opaque, customer management system. The API will be documented at a later stage
     * LOGOS: there are several variants of the consortium logo scattered in the
     *        source. Please change them at the appropriate places:
     *        - web/resources/images/consortium_logo.png
     *        - web/favicon.ico
     *        - devices/ms/Files/eduroam_150.bmp
     *        - devices/ms/Files/eduroam32.ico
     * 
     * @var array
     */
    public const CONSORTIUM = [
        // for technical usages inside the product and things in installers not 
        // reaching the human eye. Please keep this ASCII only. There are some
        // code paths in the product which are only taken when the value is "eduroam"
        'name' => 'eduroam',
        // pretty-print version of the consortium name, for places where this is
        // presented to actual humans.
        'display_name' => 'eduroam®',
        'ssid' => ['eduroam'],
        'homepage' => 'https://www.eduroam.org',
        'signer_name' => 'GÉANT Association',
        'selfservice_registration' => NULL,
#        'deployment-voodoo'         => "Operations Team",
        'ssid' => ['eduroam'],
        'interworking-consortium-oi' => ['001bc50460'],
        'interworking-domainname-fallback' => 'eduroam.org',
        'networks' => [
            'eduroam'     => [
                'ssid' => ['eduroam'], 
                'oi' => [
                    '001bc50460' /* eduroam RCOI */ 
                    ], 
                'condition' => TRUE],
            'OpenRoaming® (%REALM%)' => [
                'ssid' => [],     /* OpenRoaming has left SSIDs behind */
                'oi' => [
                    '5A03BA0000', /* OpenRoaming/AllIdentities/SettlementFree/NoPersonalData/BaselineQoS */
                    '5A03BA0800', /* OpenRoaming/EduIdentities/SettlementFree/NoPersonalData/BaselineQoS */
                    ],
                'condition' => 'internal:openroaming',
                ],
        ],
        'registration_API_keys' => [
        // 'secretvalue' => 'UK',
        // 'othervalue' => 'DE',
        ],
        /*  Please note that many languages that CAT is translated to distinguish
          grammatical gender and if you change this phrase it might get a wrong
          article in some translated strings or look odd. This only affects the
          administrative interface and not end users.
          Since this product has a flagship use for the eduroam consortium
          (which uses the term "Identity Provider"), at least the German
          translation is geared towards *male* declination to match that term.
         */
        'nomenclature_federation' => 'National Roaming Operator',
        'nomenclature_idp' => 'Identity Provider',
        'nomenclature_hotspot' => 'Service Provider',
        'nomenclature_participant' => 'Organisation',
    ];

    /** eduPKI options:
     *
     * at the moment we just have one whic decides wheather we are in the testing
     * or production mode. In future it might make sense to move some other parametrs
     * from code to this place.
     */
    const eduPKI = [

        'testing' => false,
    ];
    /** silverbullet options:
     *         default_maxusers: an institution is not allowed to create more than that amount of users
     *             the value can be overridden as a per-federation option in fed-operator UI
     *         realm_suffix: user credentials have a realm which always includes the inst ID and profile ID and the name
     *             of the federation; for routing aggregation purposes /all/ realms should end with a common suffix though
     *             if left empty, realms would end in the federation name only
     *         server_suffix: the suffix of the auth server's name. It will be auth.<fedname> followed by this suffix
     *         gracetime: admins need to re-login and verify that accounts are still valid. This prevents lazy admins
     *             who forget deletion of people who have lost their eligibility. The number is an integer value in days
     *         CA: the code can either act as its own CA ("embedded") or use API calls to an external CA. This config
     *             value steers where to get certificates from 
     * 
     */
    const SILVERBULLET = [
        'product_name' => 'Hosted Services',
        'subproduct_sp_name' => 'Managed SP',
        'subproduct_idp_name' => 'Managed IdP',
        'documentation' => 'https://wiki.geant.org/pages/viewpage.action?pageId=66650390',
        'default_maxusers' => 200,
        'realm_suffix' => '.hosted.eduroam.org',
        'server_suffix' => '.hosted.eduroam.org',
        'gracetime' => 90,
        'CA' => ["type" => "embedded"], # OCSP URL needs to be configured in openssl.cnf
            # 'CA' => ["type" => "DFN", "SOAP_API_ENDPOINT" => "http://no.idea.where/"],
    ];

    /**
     * Various paths.
     * makensis: path to the makensis executable. If you just fill in "makensis" the one from the system $PATH will be taken.
     * zip: path to the zip executable. If you just fill in "zip" the one from the system $PATH will be taken.
     *   See also NSIS_VERSION further down
     * trust-store-*: if an IdP wants to auto-detect his root CA rather than specifying it properly, we need to have repositories
     *                of "known-good" CAs. Mozilla's trust store is usually good, plus ones we can ship ourselves
     * @var array
     */
    const PATHS = [
        'makensis' => 'makensis',
        'zip' => 'zip',
        'trust-store-mozilla' => '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem',
        'trust-store-custom' => __DIR__ . "/known-roots.pem",
    ];

    /**
     * NSIS version - with version 3 UTF installers will be created
     * see also $PATHS['makensis']
     * 
     * @var integer
     */
    const NSIS_VERSION = 3;
    const MAPPROVIDER = [
        'PROVIDER' => 'OpenLayers', // recognised values: Google, Bing, OpenLayers, None
        'USERNAME' => '' // or equivalent; for Google, this is the APIKEY
    ];

    /**
     * Configures SMS gateway settings
     */
    const SMSSETTINGS = [
        'provider' => 'Nexmo',
        'username' => '...',
        'password' => '...',
    ];
    
    /**
     * Lists the RADIUS servers. They have a built-in DB to log auth requests.
     * We need to query those to get auth stats for silverbullet admins
     *
     * @var array
     */
    const DB = [
        // names don't matter - the source code will iterate through
        // all entries
        'RADIUS_1' => [
            'host' => 'auth-1.hosted.eduroam.org',
            'db' => 'radacct',
            'user' => 'someuser',
            'pass' => 'somepass',
            'readonly' => TRUE,],
        'RADIUS_2' => [
            'host' => 'auth-2.hosted.eduroam.org',
            'db' => 'radacct',
            'user' => 'someuser',
            'pass' => 'somepass',
            'readonly' => TRUE,],
    ];

    /**
     * Determines if DiscoJuice keywords should be used in the discovery service
     * The keywords contain other language variants of the IdP name making it
     * easier to follow keyboard search. Turning this option on will add
     * about 40% size to the IdP list
     */
    const USE_KEYWORDS = true;
    /**
     * Determines if the IdP list for DiscoJouce should be preloaded in the background
     * at the main page load
     */
    const PRELOAD_IDPS = true;
    /**
     * Points to information on what certificates should be used for servers
     * and corresponding CAs
     * If this value is set to an empty string then no link will be displayed.
     */
    const CERT_GUIDELINES = 'https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations';
    
    /**
     * These are warning thresholds used to analyse certificates in profiles
     * These default settings are probably much too low.
     */
    const CERT_WARNINGS = [
        'expiry_warning' => 5184000, // 60 days
        'expiry_critical' => 0, //
    ];

}


1			<?php
2
3			/*
4			* *****************************************************************************
5			* Contributions to this work were made on behalf of the GÉANT project, a
6			* project that has received funding from the European Union’s Framework
7			* Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
8			* Horizon 2020 research and innovation programme under Grant Agreements No.
9			* 691567 (GN4-1) and No. 731122 (GN4-2).
10			* On behalf of the aforementioned projects, GEANT Association is the sole owner
11			* of the copyright in all material which was developed by a member of the GÉANT
12			* project. GÉANT Vereniging (Association) is registered with the Chamber of
13			* Commerce in Amsterdam with registration number 40535155 and operates in the
14			* UK as a branch of GÉANT Vereniging.
15			*
16			* Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands.
17			* UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
18			*
19			* License: see the web/copyright.inc.php file in the file structure or
20			* <base_url>/copyright.php after deploying the software
21			*/
22			?>
23			<?php
24
25			/**
26			* This is the main (and currently: only) configuration file for CAT
27			*
28			* @package Configuration
29			*/
30
31			namespace config;
32
33			/**
34			* This classes' members hold the configuration for CAT
35			*
36			* @author Stefan Winter <[email protected]>
37			* @author Tomasz Wolniewicz <[email protected]>
38			*
39			* @package Configuration
40			*/
41			class ConfAssistant
42			{
43
44			/**
45			* Defines various general parameters of the roaming consortium.
46			* name: the display name of the consortium
47			* ssid: an array of default SSIDs for this consortium; they are automatically added to all installers.
48			* interworking-consortium-oi: Organisation Identifier of the roaming consortium for Interworking/Hotspot 2.0;
49			* a profile with these OIs will be added to all installers
50			* interworking-domainname-fallback: This will be used in Windows installers for the DomainName setting if
51			* the IdP configuration does not supply its own realm
52			* homepage: URL of the consortium's general homepage.
53			* signer_name: if installers are configured for digital signature, this parameter should contain the "O" name
54			* in the certificate. If left empty, signatures are not advertised even if configured and working
55			* allow_self_service_registration: if set to NULL, federation admins need to invite new inst admins manually
56			* if set to a federation ID string, e.g. "DE" for Germany, new admins can
57			* self-register and will be put into that federation.
58			* registration_API_keys: allows select federations to make bulk registrations for new IdPs (e.g. if they have
59			* an own, opaque, customer management system. The API will be documented at a later stage
60			* LOGOS: there are several variants of the consortium logo scattered in the
61			* source. Please change them at the appropriate places:
62			* - web/resources/images/consortium_logo.png
63			* - web/favicon.ico
64			* - devices/ms/Files/eduroam_150.bmp
65			* - devices/ms/Files/eduroam32.ico
66			*
67			* @var array
68			*/
69			public const CONSORTIUM = [
70			// for technical usages inside the product and things in installers not
71			// reaching the human eye. Please keep this ASCII only. There are some
72			// code paths in the product which are only taken when the value is "eduroam"
73			'name' => 'eduroam',
74			// pretty-print version of the consortium name, for places where this is
75			// presented to actual humans.
76			'display_name' => 'eduroam®',
77			'ssid' => ['eduroam'],
78			'homepage' => 'https://www.eduroam.org',
79			'signer_name' => 'GÉANT Association',
80			'selfservice_registration' => NULL,
81			# 'deployment-voodoo' => "Operations Team",
82			'ssid' => ['eduroam'],
83			'interworking-consortium-oi' => ['001bc50460'],
84			'interworking-domainname-fallback' => 'eduroam.org',
85			'networks' => [
86			'eduroam' => [
87			'ssid' => ['eduroam'],
88			'oi' => [
89			'001bc50460' /* eduroam RCOI */
90			],
91			'condition' => TRUE],
92			'OpenRoaming® (%REALM%)' => [
93			'ssid' => [], /* OpenRoaming has left SSIDs behind */
94			'oi' => [
95			'5A03BA0000', /* OpenRoaming/AllIdentities/SettlementFree/NoPersonalData/BaselineQoS */
96			'5A03BA0800', /* OpenRoaming/EduIdentities/SettlementFree/NoPersonalData/BaselineQoS */
97			],
98			'condition' => 'internal:openroaming',
99			],
100			],
101			'registration_API_keys' => [
102			// 'secretvalue' => 'UK',
103			// 'othervalue' => 'DE',
104			],
105			/* Please note that many languages that CAT is translated to distinguish
106			grammatical gender and if you change this phrase it might get a wrong
107			article in some translated strings or look odd. This only affects the
108			administrative interface and not end users.
109			Since this product has a flagship use for the eduroam consortium
110			(which uses the term "Identity Provider"), at least the German
111			translation is geared towards male declination to match that term.
112			*/
113			'nomenclature_federation' => 'National Roaming Operator',
114			'nomenclature_idp' => 'Identity Provider',
115			'nomenclature_hotspot' => 'Service Provider',
116			'nomenclature_participant' => 'Organisation',
117			];
118
119			/** eduPKI options:
120			*
121			* at the moment we just have one whic decides wheather we are in the testing
122			* or production mode. In future it might make sense to move some other parametrs
123			* from code to this place.
124			*/
125			const eduPKI = [
			0 ignored issues – show Coding Style introduced 2024-02-26 09:07 UTC by Report Bug Copy Issue Report This class constant is not uppercase (expected `EDUPKI`). Loading history...
126			'testing' => false,
127			];
128			/** silverbullet options:
129			* default_maxusers: an institution is not allowed to create more than that amount of users
130			* the value can be overridden as a per-federation option in fed-operator UI
131			* realm_suffix: user credentials have a realm which always includes the inst ID and profile ID and the name
132			* of the federation; for routing aggregation purposes /all/ realms should end with a common suffix though
133			* if left empty, realms would end in the federation name only
134			* server_suffix: the suffix of the auth server's name. It will be auth.<fedname> followed by this suffix
135			* gracetime: admins need to re-login and verify that accounts are still valid. This prevents lazy admins
136			* who forget deletion of people who have lost their eligibility. The number is an integer value in days
137			* CA: the code can either act as its own CA ("embedded") or use API calls to an external CA. This config
138			* value steers where to get certificates from
139			*
140			*/
141			const SILVERBULLET = [
142			'product_name' => 'Hosted Services',
143			'subproduct_sp_name' => 'Managed SP',
144			'subproduct_idp_name' => 'Managed IdP',
145			'documentation' => 'https://wiki.geant.org/pages/viewpage.action?pageId=66650390',
146			'default_maxusers' => 200,
147			'realm_suffix' => '.hosted.eduroam.org',
148			'server_suffix' => '.hosted.eduroam.org',
149			'gracetime' => 90,
150			'CA' => ["type" => "embedded"], # OCSP URL needs to be configured in openssl.cnf
151			# 'CA' => ["type" => "DFN", "SOAP_API_ENDPOINT" => "http://no.idea.where/"],
152			];
153
154			/**
155			* Various paths.
156			* makensis: path to the makensis executable. If you just fill in "makensis" the one from the system $PATH will be taken.
157			* zip: path to the zip executable. If you just fill in "zip" the one from the system $PATH will be taken.
158			* See also NSIS_VERSION further down
159			* trust-store-*: if an IdP wants to auto-detect his root CA rather than specifying it properly, we need to have repositories
160			* of "known-good" CAs. Mozilla's trust store is usually good, plus ones we can ship ourselves
161			* @var array
162			*/
163			const PATHS = [
164			'makensis' => 'makensis',
165			'zip' => 'zip',
166			'trust-store-mozilla' => '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem',
167			'trust-store-custom' => __DIR__ . "/known-roots.pem",
168			];
169
170			/**
171			* NSIS version - with version 3 UTF installers will be created
172			* see also $PATHS['makensis']
173			*
174			* @var integer
175			*/
176			const NSIS_VERSION = 3;
177			const MAPPROVIDER = [
178			'PROVIDER' => 'OpenLayers', // recognised values: Google, Bing, OpenLayers, None
179			'USERNAME' => '' // or equivalent; for Google, this is the APIKEY
180			];
181
182			/**
183			* Configures SMS gateway settings
184			*/
185			const SMSSETTINGS = [
186			'provider' => 'Nexmo',
187			'username' => '...',
188			'password' => '...',
189			];
190
191			/**
192			* Lists the RADIUS servers. They have a built-in DB to log auth requests.
193			* We need to query those to get auth stats for silverbullet admins
194			*
195			* @var array
196			*/
197			const DB = [
198			// names don't matter - the source code will iterate through
199			// all entries
200			'RADIUS_1' => [
201			'host' => 'auth-1.hosted.eduroam.org',
202			'db' => 'radacct',
203			'user' => 'someuser',
204			'pass' => 'somepass',
205			'readonly' => TRUE,],
206			'RADIUS_2' => [
207			'host' => 'auth-2.hosted.eduroam.org',
208			'db' => 'radacct',
209			'user' => 'someuser',
210			'pass' => 'somepass',
211			'readonly' => TRUE,],
212			];
213
214			/**
215			* Determines if DiscoJuice keywords should be used in the discovery service
216			* The keywords contain other language variants of the IdP name making it
217			* easier to follow keyboard search. Turning this option on will add
218			* about 40% size to the IdP list
219			*/
220			const USE_KEYWORDS = true;
221			/**
222			* Determines if the IdP list for DiscoJouce should be preloaded in the background
223			* at the main page load
224			*/
225			const PRELOAD_IDPS = true;
226			/**
227			* Points to information on what certificates should be used for servers
228			* and corresponding CAs
229			* If this value is set to an empty string then no link will be displayed.
230			*/
231			const CERT_GUIDELINES = 'https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations';
232
233			/**
234			* These are warning thresholds used to analyse certificates in profiles
235			* These default settings are probably much too low.
236			*/
237			const CERT_WARNINGS = [
238			'expiry_warning' => 5184000, // 60 days
239			'expiry_critical' => 0, //
240			];
241
242			}
243

GEANT / CAT

ConfAssistant last analyzed 2024-12-20 12:44 UTC

Complexity

Size/Duplication

Importance

Duplication Side-by-Side

Filter issues like

ConfAssistant
last analyzed 2024-12-20 12:44 UTC