Total Complexity | 90 |
Total Lines | 648 |
Duplicated Lines | 0 % |
Changes | 6 | ||
Bugs | 1 | Features | 1 |
Complex classes like DeviceXML often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use DeviceXML, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
46 | abstract class DeviceXML extends \core\DeviceConfig |
||
47 | { |
||
48 | |||
49 | /** |
||
50 | * @var array $AuthMethodElements is used to limit |
||
51 | * XML elements present within ServerSideCredentials and |
||
52 | * ClientSideCredentials to ones which are relevant |
||
53 | * for a given EAP method. |
||
54 | * @var array of XLM element names which are allowed |
||
55 | * EAP method names are defined in core/EAP.php |
||
56 | */ |
||
57 | private $authMethodElements = [ |
||
58 | 'server' => [ |
||
59 | \core\common\EAP::TLS => ['CA', 'ServerID'], |
||
60 | \core\common\EAP::FAST => ['CA', 'ServerID'], |
||
61 | \core\common\EAP::PEAP => ['CA', 'ServerID'], |
||
62 | \core\common\EAP::TTLS => ['CA', 'ServerID'], |
||
63 | \core\common\EAP::PWD => ['ServerID'], |
||
64 | ], |
||
65 | 'client' => [ |
||
66 | \core\common\EAP::TLS => ['UserName', 'Password', 'ClientCertificate'], |
||
67 | \core\common\EAP::NE_MSCHAP2 => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
68 | \core\common\EAP::MSCHAP2 => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
69 | \core\common\EAP::GTC => ['UserName', 'OneTimeToken'], |
||
70 | \core\common\EAP::NE_PAP => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
71 | \core\common\EAP::NE_SILVERBULLET => ['UserName', 'ClientCertificate', 'OuterIdentity'], |
||
72 | \core\common\EAP::NONE => [], |
||
73 | ] |
||
74 | ]; |
||
75 | |||
76 | /** |
||
77 | * construct the device |
||
78 | */ |
||
79 | public function __construct() |
||
80 | { |
||
81 | parent::__construct(); |
||
82 | } |
||
83 | |||
84 | /** |
||
85 | * $langScope can be 'global' when all lang and all lang-specific information |
||
86 | * is dumped or 'single' when only the selected lang (and defaults) are passed |
||
87 | * NOTICE: 'global' is not yet supported |
||
88 | * |
||
89 | * @var string |
||
90 | */ |
||
91 | public $langScope; |
||
92 | |||
93 | /** |
||
94 | * whether all EAP types should be included in the file or only the |
||
95 | * preferred one |
||
96 | * |
||
97 | * @var boolean |
||
98 | */ |
||
99 | public $allEaps = false; |
||
100 | |||
101 | /** |
||
102 | * vendor-specific additional information, this is nit yest fully |
||
103 | * implemented due to lack of use cases. |
||
104 | * |
||
105 | * @var array |
||
106 | */ |
||
107 | public $VendorSpecific; |
||
108 | |||
109 | /** |
||
110 | * A flag to preserve backwards compatibility for eduroamCAT application |
||
111 | */ |
||
112 | public $eduroamCATcompatibility = false; |
||
113 | public $singleEAPProvider = false; |
||
114 | |||
115 | private $eapId; |
||
116 | private $namespace; |
||
117 | private $providerInfo; |
||
118 | private $authMethodsList; |
||
119 | |||
120 | /** |
||
121 | * create HTML code explaining the installer |
||
122 | * |
||
123 | * @return string |
||
124 | */ |
||
125 | public function writeDeviceInfo() |
||
126 | { |
||
127 | \core\common\Entity::intoThePotatoes(); |
||
128 | $out = "<p>"; |
||
129 | $out .= sprintf(_("This is a generic configuration file in the IETF <a href='%s'>EAP Metadata -00</a> XML format."), "https://tools.ietf.org/html/draft-winter-opsawg-eap-metadata-00"); |
||
130 | \core\common\Entity::outOfThePotatoes(); |
||
131 | return $out; |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * create the actual XML file |
||
136 | * |
||
137 | * @return string filename of the generated installer |
||
138 | * @throws Exception |
||
139 | * |
||
140 | */ |
||
141 | public function writeInstaller() |
||
142 | { |
||
143 | \core\common\Entity::intoThePotatoes(); |
||
144 | $rootname = 'EAPIdentityProviderList'; |
||
145 | $dom = new \DOMDocument('1.0', 'utf-8'); |
||
146 | $root = $dom->createElement($rootname); |
||
147 | $dom->appendChild($root); |
||
148 | $ns = $dom->createAttributeNS( 'http://www.w3.org/2001/XMLSchema-instance', 'xsi:noNamespaceSchemaLocation' ); |
||
149 | $ns->value = "eap-metadata.xsd"; |
||
150 | $root->appendChild($ns); |
||
151 | $this->openRoamingToU = sprintf(_("I have read and agree to OpenRoaming Terms of Use at %s."), "https://wballiance.com/openroaming/toc-2020/"); |
||
152 | foreach ($this->languageInstance->getAllTranslations("I have read and agree to OpenRoaming Terms of Use at %s", "device") as $lang => $message) { |
||
153 | $this->openRoamingToUArray[$lang] = sprintf($message, "https://wballiance.com/openroaming/toc-2020/"); |
||
154 | } |
||
155 | |||
156 | if (empty($this->attributes['internal:realm'][0])) { |
||
157 | $this->eapId = 'undefined'; |
||
158 | $this->namespace = 'urn:undefined'; |
||
159 | } else { |
||
160 | $this->eapId = $this->attributes['internal:realm'][0]; |
||
161 | $this->namespace = 'urn:RFC4282:realm'; |
||
162 | } |
||
163 | |||
164 | $this->authMethodsList = $this->getAuthMethodsList(); |
||
165 | $this->loggerInstance->debug(5, $this->attributes['internal:networks'], "NETWORKS:", "\n"); |
||
166 | /* |
||
167 | * This approach is forced by geteduroam compatibility. We pack all networks into a single Provider |
||
168 | * with the exception of the openroaming one which we pack separately. |
||
169 | */ |
||
170 | |||
171 | if ($this->singleEAPProvider === true) { |
||
172 | /* |
||
173 | * if "condition" is set to openroaming, OpenRoaming terms of use must be mentioned |
||
174 | * unless the preagreed is set for openroaming |
||
175 | * if "ask" is set then we generate a separate OR profile which needs to contain the OR ToU |
||
176 | * the ToU is not needed in the eduroam-only profile |
||
177 | */ |
||
178 | $ssids = []; |
||
179 | $ois = []; |
||
180 | $orNetwork = []; |
||
181 | foreach ($this->attributes['internal:networks'] as $netName => $netDefinition) { |
||
182 | if ($netDefinition['condition'] === 'internal:openroaming' && |
||
183 | $this->attributes['internal:openroaming']) { |
||
184 | $this->setORtou(); |
||
185 | if (preg_match("/^ask/",$this->attributes['media:openroaming'][0])) { |
||
186 | $orNetwork = $netDefinition; |
||
187 | continue; |
||
188 | } |
||
189 | } |
||
190 | foreach ($netDefinition['ssid'] as $ssid) { |
||
191 | $ssids[] = $ssid; |
||
192 | } |
||
193 | foreach ($netDefinition['oi'] as $oi) { |
||
194 | $ois[] = $oi; |
||
195 | } |
||
196 | } |
||
197 | |||
198 | if (!empty($orNetwork)) { |
||
199 | $this->addORtou = false; |
||
200 | } |
||
201 | $this->providerInfo = $this->getProviderInfo(); |
||
202 | |||
203 | if (!empty($ssids) || !empty($ois)) { |
||
204 | \core\DeviceXMLmain::marshalObject($dom, $root, 'EAPIdentityProvider', $this->eapIdp($ssids, $ois)); |
||
205 | } |
||
206 | |||
207 | if (!empty($orNetwork)) { |
||
208 | // here we need to add the Tou unless preagreed is set |
||
209 | $this->setORtou(); |
||
210 | $this->providerInfo = $this->getProviderInfo(); |
||
211 | \core\DeviceXMLmain::marshalObject($dom, $root, 'EAPIdentityProvider', $this->eapIdp($orNetwork['ssid'], $orNetwork['oi'])); |
||
212 | } |
||
213 | } else { |
||
214 | |||
215 | foreach ($this->attributes['internal:networks'] as $netName => $netDefinition) { |
||
216 | if ($netDefinition['condition'] === 'internal:openroaming' && |
||
217 | $this->attributes['internal:openroaming']) { |
||
218 | $this->setORtou(); |
||
219 | } else { |
||
220 | $this->addORtou = false; |
||
221 | } |
||
222 | $this->providerInfo = $this->getProviderInfo(); |
||
223 | $ssids = $netDefinition['ssid']; |
||
224 | $ois = $netDefinition['oi']; |
||
225 | if (!empty($ssids) || !empty($ois)) { |
||
226 | \core\DeviceXMLmain::marshalObject($dom, $root, 'EAPIdentityProvider', $this->eapIdp($ssids, $ois)); |
||
227 | } |
||
228 | } |
||
229 | } |
||
230 | |||
231 | if ($dom->schemaValidate(ROOT.'/devices/eap_config/eap-metadata.xsd') === FALSE) { |
||
232 | throw new Exception("Schema validation failed for eap-metadata"); |
||
233 | } |
||
234 | |||
235 | $dom->formatOutput = true; |
||
236 | file_put_contents($this->installerBasename.'.eap-config', $dom->saveXML($dom)); |
||
237 | \core\common\Entity::outOfThePotatoes(); |
||
238 | return($this->installerBasename.'.eap-config'); |
||
239 | } |
||
240 | |||
241 | private function setORtou() { |
||
246 | } |
||
247 | } |
||
248 | |||
249 | /** |
||
250 | * determines the inner authentication. Is it EAP, and which mechanism is used to convey actual auth data |
||
251 | * @param array $eap the EAP type for which we want to get the inner auth |
||
252 | * @return array |
||
253 | */ |
||
254 | private function eapIdp($ssids, $oids) |
||
271 | } |
||
272 | |||
273 | /** |
||
274 | * determines the inner authentication. Is it EAP, and which mechanism is used to convey actual auth data |
||
275 | * @param array $eap the EAP type for which we want to get the inner auth |
||
276 | * @return array |
||
277 | */ |
||
278 | private function innerAuth($eap) |
||
279 | { |
||
280 | $out = []; |
||
281 | $out['EAP'] = 0; |
||
282 | switch ($eap["INNER"]) { |
||
283 | case \core\common\EAP::NE_MSCHAP2: |
||
284 | if ($this->eduroamCATcompatibility === TRUE) { |
||
285 | $out['METHOD'] = \core\common\EAP::MSCHAP2; |
||
286 | $out['EAP'] = 1; |
||
287 | } else { |
||
288 | $out['METHOD'] = $eap["INNER"]; |
||
289 | } |
||
290 | break; |
||
291 | case \core\common\EAP::NE_SILVERBULLET: |
||
292 | $out['METHOD'] = \core\common\EAP::NONE; |
||
293 | break; |
||
294 | default: |
||
295 | $out['METHOD'] = $eap["INNER"]; |
||
296 | break; |
||
297 | } |
||
298 | // override if there is an inner EAP |
||
299 | if ($eap["INNER"] > 0) { // there is an inner EAP method |
||
300 | $out['EAP'] = 1; |
||
301 | } |
||
302 | return $out; |
||
303 | } |
||
304 | |||
305 | /** |
||
306 | * |
||
307 | * @param string $attrName the attribute name |
||
308 | * @return array of values for this attribute |
||
309 | */ |
||
310 | private function getSimpleMLAttribute($attrName) |
||
311 | { |
||
312 | if (empty($this->attributes[$attrName][0])) { |
||
313 | return([]); |
||
314 | } |
||
315 | $attributeList = $this->attributes[$attrName]; |
||
316 | $objs = []; |
||
317 | if ($this->langScope === 'global') { |
||
318 | foreach ($attributeList['langs'] as $language => $value) { |
||
319 | $language = ($language === 'C' ? 'any' : $language); |
||
320 | $obj = new \core\DeviceXMLmain(); |
||
321 | $obj->setValue($value); |
||
322 | $obj->setAttributes(['lang' => $language]); |
||
323 | $objs[] = $obj; |
||
324 | } |
||
325 | } else { |
||
326 | $objs[] = $attributeList[0]; |
||
327 | } |
||
328 | return($objs); |
||
329 | } |
||
330 | |||
331 | /** |
||
332 | * constructs the name of the institution and puts it into the XML. |
||
333 | * consists of the best-language-match inst name, and if the inst has more |
||
334 | * than one profile also the best-language-match profile name |
||
335 | * |
||
336 | * @return \core\DeviceXMLmain[] |
||
337 | */ |
||
338 | private function getDisplayName() |
||
339 | { |
||
340 | $attr = $this->attributes; |
||
341 | $objs = []; |
||
342 | if ($this->langScope === 'global') { |
||
343 | $instNameLangs = $attr['general:instname']['langs']; |
||
344 | if ($attr['internal:profile_count'][0] > 1) { |
||
345 | $profileNameLangs = $attr['profile:name']['langs']; |
||
346 | } |
||
347 | foreach ($instNameLangs as $language => $value) { |
||
348 | $language = ($language === 'C' ? 'any' : $language); |
||
349 | $displayname = new \core\DeviceXMLmain(); |
||
350 | if (isset($profileNameLangs)) { |
||
351 | $langOrC = isset($profileNameLangs[$language]) ? $profileNameLangs[$language] : $profileNameLangs['C']; |
||
352 | $value .= ' - '.$langOrC; |
||
353 | } |
||
354 | $displayname->setValue($value); |
||
355 | $displayname->setAttributes(['lang' => $language]); |
||
356 | $objs[] = $displayname; |
||
357 | } |
||
358 | } else { |
||
359 | $displayname = new \core\DeviceXMLmain(); |
||
360 | $value = $attr['general:instname'][0]; |
||
361 | if ($attr['internal:profile_count'][0] > 1) { |
||
362 | $value .= ' - '.$attr['profile:name'][0]; |
||
363 | } |
||
364 | $displayname->setValue($value); |
||
365 | $objs[] = $displayname; |
||
366 | } |
||
367 | return $objs; |
||
368 | } |
||
369 | |||
370 | /** |
||
371 | * retrieves the provider logo and puts it into the XML structure |
||
372 | * |
||
373 | * @return \core\DeviceXMLmain |
||
374 | */ |
||
375 | private function getProviderLogo() |
||
376 | { |
||
377 | $attr = $this->attributes; |
||
378 | if (isset($attr['general:logo_file'][0])) { |
||
379 | $logoString = base64_encode($attr['general:logo_file'][0]); |
||
380 | $logoMime = 'image/'.$attr['internal:logo_file'][0]['mime']; |
||
381 | $providerlogo = new \core\DeviceXMLmain(); |
||
382 | $providerlogo->setAttributes(['mime' => $logoMime, 'encoding' => 'base64']); |
||
383 | $providerlogo->setValue($logoString); |
||
384 | return $providerlogo; |
||
385 | } |
||
386 | return NULL; |
||
387 | } |
||
388 | |||
389 | /** |
||
390 | * retrieves provider information and puts it into the XML structure. |
||
391 | * contains the profile description and the ToU file, if any |
||
392 | * |
||
393 | * @return \core\DeviceXMLmain |
||
394 | */ |
||
395 | private function getProviderInfo() |
||
396 | { |
||
397 | $providerinfo = new \core\DeviceXMLmain(); |
||
398 | $providerinfo->setChild('DisplayName', $this->getDisplayName()); |
||
399 | $providerinfo->setChild('Description', $this->getSimpleMLAttribute('profile:description')); |
||
400 | $providerinfo->setChild('ProviderLocation', $this->getProviderLocation()); |
||
401 | $providerinfo->setChild('ProviderLogo', $this->getProviderLogo()); |
||
402 | $providerinfo->setChild('TermsOfUse', $this->getProviderTou(), null, 'cdata'); |
||
403 | $providerinfo->setChild('Helpdesk', $this->getHelpdesk()); |
||
404 | return $providerinfo; |
||
405 | } |
||
406 | |||
407 | private function getProviderTou() { |
||
428 | } |
||
429 | |||
430 | /** |
||
431 | * retrieves the location information and puts it into the XML structure |
||
432 | * |
||
433 | * @return \core\DeviceXMLmain[] |
||
434 | */ |
||
435 | private function getProviderLocation() |
||
436 | { |
||
437 | $attr = $this->attributes; |
||
438 | if (isset($attr['general:geo_coordinates'])) { |
||
439 | $attrCoordinates = $attr['general:geo_coordinates']; |
||
440 | $location = []; |
||
441 | foreach ($attrCoordinates as $a) { |
||
442 | $providerlocation = new \core\DeviceXMLmain(); |
||
443 | $b = json_decode($a, true); |
||
444 | $providerlocation->setChild('Longitude', $b['lon']); |
||
445 | $providerlocation->setChild('Latitude', $b['lat']); |
||
446 | $location[] = $providerlocation; |
||
447 | } |
||
448 | return $location; |
||
449 | } |
||
450 | return NULL; |
||
451 | } |
||
452 | |||
453 | /** |
||
454 | * retrieves helpdesk contact information and puts it into the XML structure |
||
455 | * |
||
456 | * @return \core\DeviceXMLmain |
||
457 | */ |
||
458 | private function getHelpdesk() |
||
459 | { |
||
460 | $helpdesk = new \core\DeviceXMLmain(); |
||
461 | $helpdesk->setChild('EmailAddress', $this->getSimpleMLAttribute('support:email')); |
||
462 | $helpdesk->setChild('WebAddress', $this->getSimpleMLAttribute('support:url')); |
||
463 | $helpdesk->setChild('Phone', $this->getSimpleMLAttribute('support:phone')); |
||
464 | return $helpdesk; |
||
465 | } |
||
466 | |||
467 | /** |
||
468 | * determine where this credential should be applicable |
||
469 | * |
||
470 | * @return \core\DeviceXMLmain |
||
471 | */ |
||
472 | private function getCredentialApplicability($ssids, $oids) |
||
473 | { |
||
474 | $setWired = isset($this->attributes['media:wired'][0]) && |
||
475 | $this->attributes['media:wired'][0] == 'on' ? 1 : 0; |
||
476 | $credentialapplicability = new \core\DeviceXMLmain(); |
||
477 | $ieee80211s = []; |
||
478 | foreach ($ssids as $ssid) { |
||
479 | $ieee80211 = new \core\DeviceXMLmain(); |
||
480 | $ieee80211->setChild('SSID', $ssid); |
||
481 | $ieee80211->setChild('MinRSNProto', 'CCMP'); |
||
482 | $ieee80211s[] = $ieee80211; |
||
483 | } |
||
484 | foreach ($oids as $oid) { |
||
485 | $ieee80211 = new \core\DeviceXMLmain(); |
||
486 | $ieee80211->setChild('ConsortiumOID', $oid); |
||
487 | $ieee80211s[] = $ieee80211; |
||
488 | } |
||
489 | $credentialapplicability->setChild('IEEE80211', $ieee80211s); |
||
490 | if ($setWired) { |
||
491 | $credentialapplicability->setChild('IEEE8023', ''); |
||
492 | } |
||
493 | return $credentialapplicability; |
||
494 | } |
||
495 | |||
496 | /** |
||
497 | * retrieves the parameters needed for the given EAP method and creates |
||
498 | * appropriate nodes in the XML structure for them |
||
499 | * |
||
500 | * @param array $eap the EAP type in question |
||
501 | * @return array a recap of the findings |
||
502 | */ |
||
503 | private function getAuthenticationMethodParams($eap) |
||
504 | { |
||
505 | $inner = $this->innerAuth($eap); |
||
506 | $outerMethod = $eap["OUTER"]; |
||
507 | |||
508 | if (isset($inner["METHOD"]) && $inner["METHOD"]) { |
||
509 | $innerauthmethod = new \core\DeviceXMLmain(); |
||
510 | $typeOfInner = ($inner["EAP"] ? 'EAPMethod' : 'NonEAPAuthMethod'); |
||
511 | $eapmethod = new \core\DeviceXMLmain(); |
||
512 | $eapmethod->setChild('Type', abs($inner['METHOD'])); |
||
513 | $innerauthmethod->setChild($typeOfInner, $eapmethod); |
||
514 | return ['inner_method' => $innerauthmethod, 'methodID' => $outerMethod, 'inner_methodID' => $inner['METHOD']]; |
||
515 | } else { |
||
516 | return ['inner_method' => 0, 'methodID' => $outerMethod, 'inner_methodID' => 0]; |
||
517 | } |
||
518 | } |
||
519 | |||
520 | /** |
||
521 | * sets the server-side credentials for a given EAP type |
||
522 | * |
||
523 | * @param \devices\XML\Type $eaptype the EAP type |
||
524 | * @return \core\DeviceXMLmain |
||
525 | */ |
||
526 | private function getServerSideCredentials($eap) |
||
554 | } |
||
555 | |||
556 | /** |
||
557 | * sets the realm information for the client-side credential |
||
558 | * |
||
559 | * @param \core\DeviceXMLmain $clientsidecredential the ClientSideCredential to which the realm info is to be added |
||
560 | * @return void |
||
561 | */ |
||
562 | private function setClientSideRealm($clientsidecredential) |
||
563 | { |
||
564 | $attr = $this->attributes; |
||
565 | $realm = \core\common\Entity::getAttributeValue($attr, 'internal:realm', 0); |
||
566 | if ($realm === NULL) { |
||
567 | return; |
||
568 | } |
||
569 | if (\core\common\Entity::getAttributeValue($attr, 'internal:verify_userinput_suffix', 0) !== 1) { |
||
570 | return; |
||
571 | } |
||
572 | $clientsidecredential->setChild('InnerIdentitySuffix', $realm); |
||
573 | if (\core\common\Entity::getAttributeValue($attr, 'internal:hint_userinput_suffix', 0) === 1) { |
||
574 | $clientsidecredential->setChild('InnerIdentityHint', 'true'); |
||
575 | } |
||
576 | } |
||
577 | |||
578 | /** |
||
579 | * sets the client certificate |
||
580 | * |
||
581 | * @return \core\DeviceXMLmain |
||
582 | */ |
||
583 | private function getClientCertificate() |
||
584 | { |
||
585 | $clientCertificateObject = new \core\DeviceXMLmain(); |
||
586 | $clientCertificateObject->setValue(base64_encode($this->clientCert["certdata"])); |
||
587 | $clientCertificateObject->setAttributes(['format' => 'PKCS12', 'encoding' => 'base64']); |
||
588 | return $clientCertificateObject; |
||
589 | } |
||
590 | |||
591 | /** |
||
592 | * sets the client-side credentials for the given EAP type |
||
593 | * |
||
594 | * @param array $eapParams the EAP parameters |
||
595 | * @return \core\DeviceXMLmain |
||
596 | */ |
||
597 | private function getClientSideCredentials($eap) |
||
598 | { |
||
599 | $children = $this->authMethodElements['client'][$eap]; |
||
600 | $clientsidecredential = new \core\DeviceXMLmain(); |
||
601 | $outerId = $this->determineOuterIdString(); |
||
602 | $this->loggerInstance->debug(5, $eap, "XMLOI:", "\n"); |
||
603 | if (in_array('OuterIdentity', $children)) { |
||
604 | if ($outerId !== NULL) { |
||
605 | $clientsidecredential->setChild('OuterIdentity', $outerId); |
||
606 | } |
||
607 | } |
||
608 | $this->setClientSideRealm($clientsidecredential); |
||
609 | // $clientsidecredential->setChild('EAPType', $eapParams['inner_methodID'] ? $eapParams['inner_methodID'] : $eapParams['methodID']); |
||
610 | |||
611 | // Client Certificate |
||
612 | if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
||
613 | $attr = $this->attributes; |
||
614 | $outerId = \core\common\Entity::getAttributeValue($attr, 'internal:username', 0); |
||
615 | $clientsidecredential->setChild('OuterIdentity', $outerId); |
||
616 | $clientsidecredential->setChild('ClientCertificate', $this->getClientCertificate()); |
||
617 | } |
||
618 | return $clientsidecredential; |
||
619 | } |
||
620 | |||
621 | /** |
||
622 | * sets the EAP method |
||
623 | * |
||
624 | * @param \devices\XML\Type $eaptype the EAP type XMLObject |
||
625 | * @return \core\DeviceXMLmain |
||
626 | */ |
||
627 | private function getEapMethod($eaptype) |
||
643 | } |
||
644 | |||
645 | /** |
||
646 | * determines the authentication method to use |
||
647 | * |
||
648 | * @param array $eap the EAP methods, in array representation |
||
649 | * @return \core\DeviceXMLmain |
||
650 | */ |
||
651 | private function getAuthMethod($eap) |
||
652 | { |
||
653 | $authmethod = new \core\DeviceXMLmain(); |
||
654 | $eapParams = $this->getAuthenticationMethodParams($eap); |
||
655 | $eaptype = new \core\DeviceXMLmain(); |
||
656 | $eaptype->setValue($eapParams['methodID']); |
||
657 | // Type |
||
658 | $authmethod->setChild('EAPMethod', $this->getEapMethod($eaptype)); |
||
659 | |||
660 | // ServerSideCredentials |
||
661 | $authmethod->setChild('ServerSideCredential', $this->getServerSideCredentials($eap['OUTER'])); |
||
662 | |||
663 | // ClientSideCredentials |
||
664 | $authmethod->setChild('ClientSideCredential', $this->getClientSideCredentials($eap['INNER'])); |
||
665 | |||
666 | if ($eapParams['inner_method']) { |
||
667 | $authmethod->setChild('InnerAuthenticationMethod', $eapParams['inner_method']); |
||
668 | } |
||
669 | return $authmethod; |
||
670 | } |
||
671 | |||
672 | private function getAuthMethodsList() { |
||
689 | } |
||
690 | |||
691 | private $openRoamingToUArray; |
||
692 | private $openRoamingToU; |
||
693 | private $addORtou = false; |
||
694 | |||
696 |