core\SanityTests

Complexity

Total Complexity

156

Size/Duplication

Total Lines	944
Duplicated Lines	0 %

Importance

Changes	1
Bugs	1	Features	0

29 Methods

Rating	Name	Duplication	Size	Complexity
A	runConstantsTest()	0	18	3
A	testConfigConstants()	0	21	4
A	__construct()	0	19	5
A	testRADIUSProbes()	0	13	4
A	getTestNames()	0	10	3
A	runTest()	0	11	2
A	storeTestResult()	0	5	1
A	testCatBaseUrl()	0	9	4
A	runTests()	0	15	5
A	testPhp()	0	6	2
A	testSecurity()	0	4	2
A	testLogdir()	0	6	2
A	testEapoltest()	0	12	3
C	testGeoip()	0	60	13
A	testOpenssl()	0	12	3
B	testMakensis()	0	29	9
A	testDirectories()	0	30	4
C	testDeviceCache()	0	36	13
F	testDatabases()	0	49	14
B	testSslscan()	0	25	9
A	testLocales()	0	13	4
C	testDefaults()	0	35	13
B	testNSISmodules()	0	27	7
B	testMailer()	0	34	6
A	testUDPhosts()	0	2	1
A	testZip()	0	13	3
A	getExecPath()	0	17	4
A	testSsp()	0	12	5
B	testPhpModules()	0	37	8

<?php

/*
 * *****************************************************************************
 * Contributions to this work were made on behalf of the GÉANT project, a 
 * project that has received funding from the European Union’s Framework 
 * Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
 * Horizon 2020 research and innovation programme under Grant Agreements No. 
 * 691567 (GN4-1) and No. 731122 (GN4-2).
 * On behalf of the aforementioned projects, GEANT Association is the sole owner
 * of the copyright in all material which was developed by a member of the GÉANT
 * project. GÉANT Vereniging (Association) is registered with the Chamber of 
 * Commerce in Amsterdam with registration number 40535155 and operates in the 
 * UK as a branch of GÉANT Vereniging.
 * 
 * Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. 
 * UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
 *
 * License: see the web/copyright.inc.php file in the file structure or
 *          <base_url>/copyright.php after deploying the software
 */

/**
 * 
 * 
 * This is the definition of the CAT class implementing various configuration
 * tests. 
 * Each test is implemented as a private method which needs to be named "test_name_test".
 * The test returns the results by calling the testReturn method, this passing the return
 * code and the explanatory message. Multiple calls to testReturn are allowed.
 *
 * An individual test can be run by the "test" method which takes the test name as an argument
 * multiple tests should be run by the run_all_tests method which takes an array as an argument
 * see method descriptions for more information.
 * 
 * The results of the tests are passed within the $test_result array
 *
 * Some configuration of this class is required, see further down.
 * @author Stefan Winter <stefan.winter@restena.lu>
 * @author Tomasz Wolniewicz <twoln@umk.pl>
 *
 * @license see LICENSE file in root directory
 *
 * @package Utilities
 */

namespace core;

use GeoIp2\Database\Reader;
use \Exception;

The type \Exception was not found. Maybe you did not declare it correctly or list all dependencies?

class SanityTests extends CAT
{
    /* in this section set current CAT requirements */

    /**
     * the minimum required php version 
     * 
     * @var string
     */
    private $needversionPHP = '7.2.0';

    /**
     * the minimum required simpleSAMLphp version
     * 
     * @var array
     */
    private $needversionSSP = ['major' => 1, 'minor' => 15];

    /**
     * all required NSIS modules
     * 
     * @var array<string>
     */
    private $NSISModules = [
        "nsArray.nsh",
        "FileFunc.nsh",
        "LogicLib.nsh",
        "WordFunc.nsh",
        "FileFunc.nsh",
        "x64.nsh",
    ];

    /**
     * set $profile_option_ct to the number of rows returned by 
     * "SELECT * FROM profile_option_dict" 
     * to compare actual vs. expected database structure
     * 
     * @var integer
     */
    private $profileOptionCount;

    /**
     * set $view_admin_ct to the number of rows returned by "desc view_admin" 
     *
     * @var integer
     */
    private $viewAdminCount = 8;

    /* end of config */

    /**
     * array holding the output of all tests that were executed
     * 
     * @var array
     */
    public $out;

    /**
     * temporary storage for the name of the test as it is being run
     * 
     * @var string
     */
    public $name;
    
    /**
     * variable used to signal that no more tests are to be performed
     * 
     * @var boolean
     */
    public $fatalError = false;

    /**
     * initialise the tests. Includes counting the number of expected rows in the profile_option_dict table.
     */
    public function __construct()
    {
        parent::__construct();
        $this->test_result = [];
        $this->test_result['global'] = 0;
        // parse the schema file to find out the number of expected rows...
        $schema = file(dirname(dirname(__FILE__)) . "/schema/schema.sql");
        $this->profileOptionCount = 0;
        $passedTheWindmill = FALSE;
        foreach ($schema as $schemaLine) {
            if (preg_match("/^INSERT INTO \`profile_option_dict\` VALUES/", $schemaLine)) {
                $passedTheWindmill = TRUE;
                continue;
            }
            if ($passedTheWindmill) {
                if (substr($schemaLine, 0, 1) == '(') { // a relevant line in schema
                    $this->profileOptionCount = $this->profileOptionCount + 1;
                } else { // anything else, quit parsing
                    break;
                }
            }
        }
    }

    /**
     * The single test wrapper
     * @param string $test the test name
     * @return void
     */
    public function runTest($test)
    {
        $this->out[$test] = [];
        $this->name = $test;
        $m_name = 'test' . $test;
        $this->test_result[$test] = 0;
        if (!method_exists($this, $m_name)) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Configuration error, no test configured for <strong>$test</strong>.");
            return;
        }
        $this->$m_name();
    }

    /**
     * The multiple tests wrapper
     * @param array $Tests the tests array is a simple string array, where each 
     *                     entry is a test name. The test names can also be 
     *                     given in the format "test=>subtest", which defines a
     *                     conditional execution of the "subtest" if the "test"
     *                     was run earlier and returned a success.
     * @return void
     */
    public function runTests($Tests)
    {
        foreach ($Tests as $testName) {
            $matchArray = [];
            if (preg_match('/(.+)=>(.+)/', $testName, $matchArray)) {
                $tst = $matchArray[1];
                $subtst = $matchArray[2];
                if ($this->test_result[$tst] < \core\common\Entity::L_ERROR) {
                    $this->runTest($subtst);
                }
            } else {
                $this->runTest($testName);
            }
            if ($this->fatalError) {
                return;
            }
        }
    }

    /**
     * enumerates the tests which are defined
     * 
     * @return array
     */
    public function getTestNames()
    {
        $T = get_class_methods($this);
        $out = [];
        foreach ($T as $t) {
            if (preg_match('/^test(.*)$/', $t, $m)) {
                $out[] = $m[1];
            }
        }
        return $out;
    }

    /**
     * This array is used to return the test results.
     * As the 'global' entry it returns the maximum return value
     * from all tests.
     * Individual tests results are teturned as separate entries
     * indexed by test names; each value is an array passing "level" and "message"
     * from each of the tests.
     * $test_result is set by the testReturn method
     *
     * @var array $test_result
     */
    public $test_result;

    /**
     * stores the result of a given test in standardised format
     * 
     * @param int    $level   severity level of the result
     * @param string $message verbal description of the result
     * @return void
     */
    private function storeTestResult($level, $message)
    {
        $this->out[$this->name][] = ['level' => $level, 'message' => $message];
        $this->test_result[$this->name] = max($this->test_result[$this->name], $level);
        $this->test_result['global'] = max($this->test_result['global'], $level);
    }

    /**
     * finds out if a path name is configured as an absolute path or only implicit (e.g. is in $PATH)
     * @param string $pathToCheck the path to check
     * @return array
     */
    private function getExecPath($pathToCheck)
    {
        $the_path = "";
        $exec_is = "UNDEFINED";

        foreach ([\config\Master::PATHS, \config\ConfAssistant::PATHS, \config\Diagnostics::PATHS] as $config) {
            if (!empty($config[$pathToCheck])) {
                $the_path = $config[$pathToCheck];
                if (substr($the_path, 0, 1) == "/") {
                    $exec_is = "EXPLICIT";
                } else {
                    $exec_is = "IMPLICIT";
                }
                return(['exec' => $the_path, 'exec_is' => $exec_is]);
            }
        }
        return(['exec' => $the_path, 'exec_is' => $exec_is]);
    }

    /**
     *  Test for php version
     * 
     * @return void
     */
    private function testPhp()
    {
        if (version_compare(phpversion(), $this->needversionPHP, '>=')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running " . phpversion() . ".");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have " . phpversion() . ".");
        }
    }
    
    /**
     * Check if configuration constants from the template are set
     * in the corresponding config file
     * 
     * @param string $config file basename
     * @return array $failResults
     */
    private function runConstantsTest($config)
    {
        $templateConfig = file_get_contents(ROOT . "/config/$config-template.php");
        $newTemplateConfig = preg_replace("/class *$config/", "class $config" . "_template", $templateConfig);
        file_put_contents(ROOT . "/var/tmp/$config-template.php", $newTemplateConfig);
        include(ROOT . "/var/tmp/$config-template.php");
        unlink(ROOT . "/var/tmp/$config-template.php");
        $rft = new \ReflectionClass("\config\\$config" . "_template");
        $templateConstants = $rft->getConstants();
        $failResults = [];
        foreach ($templateConstants as $constant => $value) {
            try {
                $m = constant("\config\\$config::$constant");

The assignment to $m is dead and can be removed.

            } catch (Exception $e) {
                $failResults[] = "\config\\$config::$constant";
            }
        }
        return $failResults;
    }

    /**
     * Check if all required constants are set
     */
    private function testConfigConstants() {
        set_error_handler(function ($severity, $message, $file, $line) {
            throw new \ErrorException($message, $severity, $severity, $file, $line);
        });
        
        $failCount = 0;
        
        foreach (["Master", "ConfAssistant", "Diagnostics"] as $conf) {
            $failResults = $this->runConstantsTest($conf);
            $failCount = $failCount + count($failResults);
            if (count($failResults) > 0) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, 
                    "<strong>The following constants are not set:</strong>" . implode(', ', $failResults));
            }
        }
        
        restore_error_handler();
        if ($failCount == 0) {
            $this->storeTestResult(\core\common\Entity::L_OK, "<strong>All config constants set</strong>");
        } else {
            $this->fatalError = true;
        }
    }
    /**
     * set for cat_base_url setting
     * 
     * @return void
     */
    private function testCatBaseUrl()
    {
        $rootUrl = substr(\config\Master::PATHS['cat_base_url'], -1) === '/' ? substr(\config\Master::PATHS['cat_base_url'], 0, -1) : \config\Master::PATHS['cat_base_url'];
        preg_match('/(^.*)\/admin\/112365365321.php/', $_SERVER['SCRIPT_NAME'], $m);
        if ($rootUrl === $m[1]) {
            $this->storeTestResult(\core\common\Entity::L_OK, "<strong>cat_base_url</strong> set correctly");
        } else {
            $rootFromScript = $m[1] === '' ? '/' : $m[1];
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>" . \config\Master::PATHS['cat_base_url'] . "</strong> and should be <strong>$rootFromScript</strong>");
        }
    }

    /**
     * check whether the configured RADIUS hosts actually exist
     * 
     * @return void
     */
    private function testRADIUSProbes()
    {
        $probeReturns = [];
        foreach (\config\Diagnostics::RADIUSTESTS['UDP-hosts'] as $oneProbe) {
            $statusServer = new diag\RFC5997Tests($oneProbe['ip'], 1812, $oneProbe['secret']);
            if ($statusServer->statusServerCheck() !== diag\AbstractTest::RETVAL_OK) {
                $probeReturns[] = $oneProbe['display_name'];
            }
        }
        if (count($probeReturns) == 0) {
            $this->storeTestResult(common\Entity::L_OK, "All configured RADIUS/UDP probes are reachable.");
        } else {
            $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: " . implode(', ', $probeReturns));
        }
    }

    /**
     * test for simpleSAMLphp
     * 
     * @return void
     */
    private function testSsp()
    {
        if (!is_file(\config\Master::AUTHENTICATION['ssp-path-to-autoloader'])) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> not found!");
        } else {
            include_once \config\Master::AUTHENTICATION['ssp-path-to-autoloader'];
            $SSPconfig = \SimpleSAML\Configuration::getInstance();
            $sspVersion = explode('.', $SSPconfig->getVersion());
            if ( (int) $sspVersion[0] > $this->needversionSSP['major'] || ((int) $sspVersion[0] == $this->needversionSSP['major'] && (int) $sspVersion[1] >= $this->needversionSSP['minor'])) {
                $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficiently recent. You are running " . implode('.', $sspVersion));
            } else {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least " . implode('.', $this->needversionSSP));
            }
        }
    }

    /**
     * test for security setting
     * 
     * @return void
     */
    private function testSecurity()
    {
        if (in_array("I do not care about security!", \config\Master::SUPERADMINS)) {
            $this->storeTestResult(\core\common\Entity::L_WARN, "You do not care about security. This page should be made accessible to the CAT admin only! See config/Master.php: 'SUPERADMINS'!");
        }
    }

    /**
     * test if zip is available
     * 
     * @return void
     */
    private function testZip()
    {
        $A = $this->getExecPath('zip');
        if ($A['exec'] != "") {
            $fullOutput = [];
            $t = exec($A['exec'] . ' --version', $fullOutput);

The assignment to $t is dead and can be removed.

            if ($A['exec_is'] == "EXPLICIT") {
                $this->storeTestResult(\core\common\Entity::L_OK, "<strong>".$fullOutput[1]."</strong> was found and is configured explicitly in your config.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>".$fullOutput[1]."</strong> was found, but is not configured with an absolute path in your config.");
            }
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>zip</strong> was not found on your system!");
        }
    }

    /**
     * test if eapol_test is available and recent enough
     * 
     * @return void
     */
    private function testEapoltest()
    {
        exec(\config\Diagnostics::PATHS['eapol_test'], $out, $retval);
        if ($retval == 255) {
            $o = preg_grep('/-o<server cert/', $out);
            if (count($o) > 0) {
                $this->storeTestResult(\core\common\Entity::L_OK, "<strong>eapol_test</strong> script found.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>eapol_test</strong> found, but is too old!");
            }
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>eapol_test</strong> not found!");
        }
    }

    /**
     * test if logdir exists and is writable
     * 
     * @return void
     */
    private function testLogdir()
    {
        if (fopen(\config\Master::PATHS['logdir'] . "/debug.log", "a") == FALSE) {
            $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>" . \config\Master::PATHS['logdir'] . "</strong> are not writable!");
        } else {
            $this->storeTestResult(\core\common\Entity::L_OK, "Log directory is writable.");
        }
    }

    /**
     * test for required PHP modules
     * 
     * @return void
     */
    private function testPhpModules()
    {
        if (function_exists('idn_to_ascii')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP can handle internationalisation.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP can <strong>NOT</strong> handle internationalisation (idn_to_ascii() from php7.0-intl).");
        }

        if (function_exists('gettext')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>GNU Gettext</strong> is installed.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GNU Gettext</strong> not found!");
        }

        if (function_exists('openssl_sign')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>OpenSSL</strong> is installed.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>OpenSSL</strong> not found!");
        }

        if (class_exists('\\Gmagick')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>Gmagic</strong> is installed.");
        } elseif (class_exists('\\Imagick')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>Imagick</strong> is installed.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>Gmagic</strong> nor <strong>Imagic</stromg> not found!");
        }
        if (function_exists('ImageCreate')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>GD</strong> is installed.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GD</strong> not found!</a>.");
        }

        if (function_exists('mysqli_connect')) {
            $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>MySQL</strong> is installed.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>MySQL</strong> not found!");
        }
    }

    /**
     * test if GeoIP is installed correctly
     * 
     * @return void
     */
    private function testGeoip()
    {
        $host_4 = '145.0.2.50';
        $host_6 = '2001:610:188:444::50';
        switch (\config\Master::GEOIP['version']) {
            case 0:
                $this->storeTestResult(\core\common\Entity::L_REMARK, "As set in the config, no geolocation service will be used");
                break;
            case 1:
                if (!function_exists('geoip_record_by_name')) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP</strong> (legacy) not found! Get it from your distribution or <a href='http://pecl.php.net/package/geoip'>here</a> or better install GeoIP2 from <a href='https://github.com/maxmind/GeoIP2-php'>here</a>.");
                    return;
                }
                $record = geoip_record_by_name($host_4);
                if ($record === FALSE) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP</strong> (legacy) found but not working properly, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                    return;
                }
                if ($record['city'] != 'Utrecht') {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP</strong> (legacy) found but not working properly, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                    return;
                }
                $this->storeTestResult(\core\common\Entity::L_REMARK, "PHP extension <strong>GeoIP</strong> (legacy) is installed and working. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly. We strongly advise to replace the legacy GeoIP with GeoIP2 from <a href='https://github.com/maxmind/GeoIP2-php'>here</a>.");
                break;
            case 2:
                if (!is_file(\config\Master::GEOIP['geoip2-path-to-autoloader'])) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP2</strong> not found! Get it from <a href='https://github.com/maxmind/GeoIP2-php'>here</a>.");
                    return;
                }
                if (!is_file(\config\Master::GEOIP['geoip2-path-to-db'])) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>GeoIP2 database</strong> not found! See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                    return;
                }
                include_once \config\Master::GEOIP['geoip2-path-to-autoloader'];
                $reader = new Reader(\config\Master::GEOIP['geoip2-path-to-db']);
                try {
                    $record = $reader->city($host_4);
                } catch (Exception $e) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP2</strong> found but not working properly, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it to update the GeoIP database regularly.");
                    return;
                }
                if ($record->city->name != 'Utrecht') {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP2</strong> found but not working properly, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it to update the GeoIP database regularly.");
                    return;
                }
                try {
                    $record = $reader->city($host_6);
                } catch (Exception $e) {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP2</strong> found but not working properly with IPv6, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                    return;
                }
                if ($record->city->name != 'Utrecht') {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "PHP extension <strong>GeoIP2</strong> found but not working properly with IPv6, perhaps you need to download the databases. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                    return;
                }
                $this->storeTestResult(\core\common\Entity::L_OK, "PHP extension <strong>GeoIP2</strong> is installed and working. See utils/GeoIP-update.sh in the CAT distribution and use it tu update the GeoIP database regularly.");
                break;
            default:
                $this->storeTestResult(\core\common\Entity::L_ERROR, 'Check \config\Master::GEOIP[\'version\'], it must be set to either 1 or 2');
                break;
        }
    }

    /**
     * test if openssl is available
     * 
     * @return void
     */
    private function testOpenssl()
    {
        $A = $this->getExecPath('openssl');
        if ($A['exec'] != "") {
            $t = exec($A['exec'] . ' version');
            if ($A['exec_is'] == "EXPLICIT") {
                $this->storeTestResult(\core\common\Entity::L_OK, "<strong>$t</strong> was found and is configured explicitly in your config.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>$t</strong> was found, but is not configured with an absolute path in your config.");
            }
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>openssl</strong> was not found on your system!");
        }
    }

    /**
     * test if sslscan is available
     * 
     * @return void
     */
    private function testSslscan()
    {
        $A = $this->getExecPath('sslscan'); 
        if ($A['exec'] != "" && $A['exec_is'] == "EXPLICIT" && !file_exists($A['exec'])) { 
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>sslscan</strong> is configured explicitly and was not found on your system!");    
        } else {
            exec($A['exec'] . ' --version --xml=-', $output, $res);
            if ($res == 0) {
                $xml = simplexml_load_string(implode($output));
                $resarray = json_decode(json_encode((array)$xml),true);
                $t = 'sslscan';
                if (isset($resarray['@attributes']) and isset($resarray['@attributes']['version'])) {
                    $t = 'sslscan ' . $resarray['@attributes']['version'];
                }
            } else {
                $t = '';
            }
            if ($t != '') {
                if ($A['exec_is'] == "EXPLICIT") {
                    $this->storeTestResult(\core\common\Entity::L_OK, "<strong>$t</strong> was found and is configured explicitly in your config.");
                } else {
                    $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>$t</strong> was found, but is not configured with an absolute path in your config.");
                }
            } else {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>sslscan</strong> was not found on your system!");
            }
        }
    }
    /**
     * test if makensis is available
     * 
     * @return void
     */
    private function testMakensis()
    {
        if (!is_numeric(\config\ConfAssistant::NSIS_VERSION)) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "NSIS_VERSION needs to be numeric!");
            return;
        }
        if (\config\ConfAssistant::NSIS_VERSION < 2) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "NSIS_VERSION needs to be at least 2!");
            return;
        }
        $A = $this->getExecPath('makensis');
        if ($A['exec'] != "") {
            $t = exec($A['exec'] . ' -VERSION');
            if ($A['exec_is'] == "EXPLICIT") {
                $this->storeTestResult(\core\common\Entity::L_OK, "<strong>makensis $t</strong> was found and is configured explicitly in your config.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>makensis $t</strong> was found, but is not configured with an absolute path in your config.");
            }
            $outputArray = [];
            exec($A['exec'] . ' -HELP', $outputArray);
            $t1 = count(preg_grep('/INPUTCHARSET/', $outputArray));
            if ($t1 == 1 && \config\ConfAssistant::NSIS_VERSION == 2) {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "Declared NSIS_VERSION does not seem to match the file pointed to by PATHS['makensis']!");
            }
            if ($t1 == 0 && \config\ConfAssistant::NSIS_VERSION >= 3) {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "Declared NSIS_VERSION does not seem to match the file pointed to by PATHS['makensis']!");
            }
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>makensis</strong> was not found on your system!");
        }
    }

    /**
     * test if all required NSIS modules are available
     * 
     * @return void
     */
    private function testNSISmodules()
    {
        $tmp_dir = \core\common\Entity::createTemporaryDirectory('installer', 0)['dir'];
        if (!chdir($tmp_dir)) {
            $this->loggerInstance->debug(2, "Cannot chdir to $tmp_dir\n");
            $this->storeTestResult(\core\common\Entity::L_ERROR, "NSIS modules test - problem with temporary directory permissions, cannot continue");
            return;
        }
        $exe = 'tt.exe';
        $NSIS_Module_status = [];
        foreach ($this->NSISModules as $module) {
            unset($out);
            exec(\config\ConfAssistant::PATHS['makensis'] . " -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval);
            if ($retval > 0) {
                $NSIS_Module_status[$module] = 0;
            } else {
                $NSIS_Module_status[$module] = 1;
            }
        }
        if (is_file($exe)) {
            unlink($exe);
        }
        foreach ($NSIS_Module_status as $module => $status) {
            if ($status == 1) {
                $this->storeTestResult(\core\common\Entity::L_OK, "NSIS module <strong>$module</strong> was found.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "NSIS module <strong>$module</strong> was not found or is not working correctly.");
            }
        }
    }

    /**
     * test access to downloads directories
     * 
     * @return void
     */
    private function testDirectories()
    {
        $Dir1 = \core\common\Entity::createTemporaryDirectory('installer', 0);
        $dir1 = $Dir1['dir'];
        $base1 = $Dir1['base'];
        if ($dir1) {
            $this->storeTestResult(\core\common\Entity::L_OK, "Installer cache directory is writable.");
            \core\common\Entity::rrmdir($dir1);
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Installer cache directory $base1 does not exist or is not writable!");
            $this->fatalError = true;
        }
        $Dir2 = \core\common\Entity::createTemporaryDirectory('test', 0);
        $dir2 = $Dir2['dir'];
        $base2 = $Dir2['base'];
        if ($dir2) {
            $this->storeTestResult(\core\common\Entity::L_OK, "Test directory is writable.");
            \core\common\Entity::rrmdir($dir2);
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Test directory $base2 does not exist or is not writable!");
            $this->fatalError = true;
        }
        $Dir3 = \core\common\Entity::createTemporaryDirectory('logo', 0);
        $dir3 = $Dir3['dir'];
        $base3 = $Dir3['base'];
        if ($dir3) {
            $this->storeTestResult(\core\common\Entity::L_OK, "Logos cache directory is writable.");
            \core\common\Entity::rrmdir($dir3);
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Logos cache directory $base3 does not exist or is not writable!");
        }
    }

    /**
     * test if all required locales are enabled
     * 
     * @return void
     */
    private function testLocales()
    {
        $locales = shell_exec("locale -a");
        $allthere = "";
        foreach (\config\Master::LANGUAGES as $onelanguage) {
            if (preg_match("/" . $onelanguage['locale'] . "/", $locales) == 0) {
                $allthere .= $onelanguage['locale'] . " ";
            }
        }
        if ($allthere == "") {
            $this->storeTestResult(\core\common\Entity::L_OK, "All of your configured locales are available on your system.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_WARN, "Some of your configured locales (<strong>$allthere</strong>) are not installed and will not be displayed correctly!");
        }
    }

    const DEFAULTS = [
        ["SETTING" => \config\Master::APPEARANCE['from-mail'],
            "DEFVALUE" => "cat-invite@your-cat-installation.example",
            "COMPLAINTSTRING" => "APPEARANCE/from-mail ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['support-contact']['url'],
            "DEFVALUE" => "cat-support@our-cat-installation.example?body=Only%20English%20language%20please!",
            "COMPLAINTSTRING" => "APPEARANCE/support-contact/url ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['support-contact']['display'],
            "DEFVALUE" => "cat-support@our-cat-installation.example",
            "COMPLAINTSTRING" => "APPEARANCE/support-contact/display ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['support-contact']['developer-mail'],
            "DEFVALUE" => "cat-develop@our-cat-installation.example",
            "COMPLAINTSTRING" => "APPEARANCE/support-contact/mail ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['abuse-mail'],
            "DEFVALUE" => "my-abuse-contact@your-cat-installation.example",
            "COMPLAINTSTRING" => "APPEARANCE/abuse-mail ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['MOTD'],
            "DEFVALUE" => "Release Candidate. All bugs to be shot on sight!",
            "COMPLAINTSTRING" => "APPEARANCE/MOTD ",
            "REQUIRED" => FALSE,],
        ["SETTING" => \config\Master::APPEARANCE['webcert_CRLDP'],
            "DEFVALUE" => ['list', 'of', 'CRL', 'pointers'],
            "COMPLAINTSTRING" => "APPEARANCE/webcert_CRLDP ",
            "REQUIRED" => TRUE,],
        ["SETTING" => \config\Master::APPEARANCE['webcert_OCSP'],
            "DEFVALUE" => ['list', 'of', 'OCSP', 'pointers'],
            "COMPLAINTSTRING" => "APPEARANCE/webcert_OCSP ",
            "REQUIRED" => TRUE,],
        ["SETTING" => \config\Master::DB['INST']['host'],
            "DEFVALUE" => "db.host.example",
            "COMPLAINTSTRING" => "DB/INST ",
            "REQUIRED" => TRUE,],
        ["SETTING" => \config\Master::DB['INST']['host'],
            "DEFVALUE" => "db.host.example",
            "COMPLAINTSTRING" => "DB/USER ",
            "REQUIRED" => TRUE,],
        ["SETTING" => \config\Master::DB['EXTERNAL']['host'],
            "DEFVALUE" => "customerdb.otherhost.example",
            "COMPLAINTSTRING" => "DB/EXTERNAL ",
            "REQUIRED" => FALSE,],
    ];

    /**
     * test if defaults in the config have been replaced with some real values
     * 
     * @return void
     */
    private function testDefaults()
    {
        $defaultvalues = "";
        $missingvalues = "";
        // all the checks for equality with a shipped default value
        foreach (SanityTests::DEFAULTS as $oneCheckItem) {
            if ($oneCheckItem['REQUIRED'] && !$oneCheckItem['SETTING']) {
                $missingvalues .= $oneCheckItem["COMPLAINTSTRING"];
            } elseif ($oneCheckItem['SETTING'] == $oneCheckItem["DEFVALUE"]) {
                $defaultvalues .= $oneCheckItem["COMPLAINTSTRING"];
            }
        }
        // additional checks for defaults, which are not simple equality checks
        if (isset(\config\Diagnostics::RADIUSTESTS['UDP-hosts'][0]) && \config\Diagnostics::RADIUSTESTS['UDP-hosts'][0]['ip'] == "192.0.2.1") {
            $defaultvalues .= "RADIUSTESTS/UDP-hosts ";
        }


        if (isset(\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'])) {
            foreach (\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'] as $cadata) {
                foreach ($cadata['certificates'] as $cert_files) {
                    if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['public']) === FALSE) {
                        $defaultvalues .= "CERTIFICATE/" . $cert_files['public'] . " ";
                    }
                    if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['private']) === FALSE) {
                        $defaultvalues .= "CERTIFICATE/" . $cert_files['private'] . " ";
                    }
                }
            }
        }

        if ($defaultvalues != "") {
            $this->storeTestResult(\core\common\Entity::L_WARN, "Your configuration in config/config.php contains unchanged default values or links to inexistent files: <strong>$defaultvalues</strong>!");
        } else {
            $this->storeTestResult(\core\common\Entity::L_OK, "Your configuration does not contain any unchanged defaults, which is a good sign.");
        }
    }

    /**
     * test access to databases
     * 
     * @return void
     */
    private function testDatabases()
    {
        $databaseName1 = 'INST';
        try {
            $db1 = DBConnection::handle($databaseName1);
            $res1 = $db1->exec('SELECT * FROM profile_option_dict');
            if ($res1->num_rows == $this->profileOptionCount) {
                $this->storeTestResult(\core\common\Entity::L_OK, "The $databaseName1 database appears to be OK.");
            } else {
                $this->storeTestResult(\core\common\Entity::L_ERROR, "The $databaseName1 database is reachable but probably not updated to this version of CAT.");
            }
        } catch (Exception $e) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Connection to the  $databaseName1 database failed");
        }

        $databaseName2 = 'USER';
        try {
            $db2 = DBConnection::handle($databaseName2);
            if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED
                $res2 = $db2->exec('desc view_admin');
                if ($res2->num_rows == $this->viewAdminCount) {
                    $this->storeTestResult(\core\common\Entity::L_OK, "The $databaseName2 database appears to be OK.");
                } else {
                    $this->storeTestResult(\core\common\Entity::L_ERROR, "The $databaseName2 is reachable but there is something wrong with the schema");
                }
            } else {
                $this->storeTestResult(\core\common\Entity::L_OK, "The $databaseName2 database appears to be OK.");
            }
        } catch (Exception $e) {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Connection to the  $databaseName2 database failed");
        }

        $databaseName3 = 'EXTERNAL';
        if (!empty(\config\Master::DB[$databaseName3])) {
            try {
                $db3 = DBConnection::handle($databaseName3);
                if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED
                    $res3 = $db3->exec('desc view_admin');
                    if ($res3->num_rows == $this->viewAdminCount) {
                        $this->storeTestResult(\core\common\Entity::L_OK, "The $databaseName3 database appears to be OK.");
                    } else {
                        $this->storeTestResult(\core\common\Entity::L_ERROR, "The $databaseName3 is reachable but there is something wrong with the schema");
                    }
                } else {
                    $this->storeTestResult(\core\common\Entity::L_OK, "The $databaseName3 database appears to be OK.");
                }
            } catch (Exception $e) {

                $this->storeTestResult(\core\common\Entity::L_ERROR, "Connection to the  $databaseName3 database failed");
            }
        }
    }

    /**
     * test devices.php for the no_cache option
     * 
     * @return void
     */
    private function testDeviceCache()
    {
        if ((!empty(\devices\Devices::$Options['no_cache'])) && \devices\Devices::$Options['no_cache']) {
            $global_no_cache = 1;
        } else {
            $global_no_cache = 0;
        }

        if ($global_no_cache == 1) {
            $this->storeTestResult(\core\common\Entity::L_WARN, "Devices no_cache global option is set, this is not a good idea in a production setting\n");
        }
        $Devs = \devices\Devices::listDevices();
        $no_cache_dev = '';
        $no_cache_dev_count = 0;
        if ($global_no_cache) {
            foreach ($Devs as $dev => $D) {
                if (empty($D['options']['no_cache']) || $D['options']['no_cache'] != 0) {
                    $no_cache_dev .= $dev . " ";
                    $no_cache_dev_count++;
                }
            }
        } else {
            foreach ($Devs as $dev => $D) {
                if (!empty($D['options']['no_cache']) && $D['options']['no_cache'] != 0) {
                    $no_cache_dev .= $dev . " ";
                    $no_cache_dev_count++;
                }
            }
        }


        if ($no_cache_dev_count > 1) {
            $this->storeTestResult(\core\common\Entity::L_WARN, "The following devices will not be cached: $no_cache_dev");
        }
        if ($no_cache_dev_count == 1) {
            $this->storeTestResult(\core\common\Entity::L_WARN, "The following device will not be cached: $no_cache_dev");
        }
    }

    /**
     * test if mailer works
     * 
     * @return void
     */
    private function testMailer()
    {
        if (empty(\config\Master::APPEARANCE['abuse-mail']) || \config\Master::APPEARANCE['abuse-mail'] == "my-abuse-contact@your-cat-installation.example") {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "Your abuse-mail has not been set, cannot continue with mailer tests.");
            return;
        }
        $mail = new \PHPMailer\PHPMailer\PHPMailer();
        $mail->isSMTP();
        $mail->Port = 587;
        $mail->SMTPAuth = true;
        $mail->SMTPSecure = 'tls';
        $mail->Host = \config\Master::MAILSETTINGS['host'];
        if (\config\Master::MAILSETTINGS['user'] === NULL && \config\Master::MAILSETTINGS['pass'] === NULL) {
            $mail->SMTPAuth = false;
        } else {
            $mail->SMTPAuth = true;
            $mail->Username = \config\Master::MAILSETTINGS['user'];
            $mail->Password = \config\Master::MAILSETTINGS['pass'];
        }
        $mail->SMTPOptions = \config\Master::MAILSETTINGS['options'];
        $mail->WordWrap = 72;
        $mail->isHTML(FALSE);
        $mail->CharSet = 'UTF-8';
        $mail->From = \config\Master::APPEARANCE['from-mail'];
        $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System";
        $mail->addAddress(\config\Master::APPEARANCE['abuse-mail']);
        $mail->Subject = "testing CAT configuration mail";
        $mail->Body = "Testing CAT mailing\n";
        $sent = $mail->send();
        
        if ($sent) {
            $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check " . \config\Master::APPEARANCE['abuse-mail'] . " mailbox if the message was receiced.");
        } else {
            $this->storeTestResult(\core\common\Entity::L_ERROR, "mailer settings failed, check the Config::MAILSETTINGS");
        }
    }

    /**
     * TODO test if RADIUS connections work
     * 
     * @return void
     */
    private function testUDPhosts()
    {
//        if(empty)
    }
}