GEANT /
CAT
| @@ 101-340 (lines=240) @@ | ||
| 98 | return($installerPath); |
|
| 99 | } |
|
| 100 | ||
| 101 | private function prepareEapConfig($attr) { |
|
| 102 | $outerUser = ''; |
|
| 103 | $outerId = ''; |
|
| 104 | $eap = $this->selectedEap; |
|
| 105 | $w10Ext = ''; |
|
| 106 | // there is only one caller to this function, and it will always call |
|
| 107 | // with exactly one of exactly the EAP types below. Let's assert() that |
|
| 108 | // rather than returning void, otherwise this is a condition that needs |
|
| 109 | // to be caught later on. |
|
| 110 | assert(in_array($eap, [\core\common\EAP::EAPTYPE_TLS, |
|
| 111 | \core\common\EAP::EAPTYPE_PEAP_MSCHAP2, |
|
| 112 | \core\common\EAP::EAPTYPE_PWD, |
|
| 113 | \core\common\EAP::EAPTYPE_TTLS_PAP, |
|
| 114 | \core\common\EAP::EAPTYPE_TTLS_MSCHAP2, |
|
| 115 | \core\common\EAP::EAPTYPE_SILVERBULLET]), new Exception("prepareEapConfig called for an EAP type it cannot handle!")); |
|
| 116 | ||
| 117 | $useAnon = $attr['internal:use_anon_outer'] [0]; |
|
| 118 | if ($useAnon) { |
|
| 119 | $outerUser = $attr['internal:anon_local_value'][0]; |
|
| 120 | $outerId = $outerUser . '@' . $attr['internal:realm'][0]; |
|
| 121 | } |
|
| 122 | // $servers = preg_quote(implode(';',$attr['eap:server_name'])); |
|
| 123 | $servers = implode(';', $attr['eap:server_name']); |
|
| 124 | $caArray = $attr['internal:CAs'][0]; |
|
| 125 | $authorId = "0"; |
|
| 126 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 127 | if ($this->useGeantLink) { |
|
| 128 | $authorId = "67532"; |
|
| 129 | $servers = implode('</ServerName><ServerName>', $attr['eap:server_name']); |
|
| 130 | } else { |
|
| 131 | $authorId = "311"; |
|
| 132 | } |
|
| 133 | } |
|
| 134 | ||
| 135 | $profileFileCont = '<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 136 | <EapMethod> |
|
| 137 | '; |
|
| 138 | ||
| 139 | $profileFileCont .= '<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">' . |
|
| 140 | $this->selectedEap["OUTER"] . '</Type> |
|
| 141 | <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> |
|
| 142 | <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> |
|
| 143 | <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">' . $authorId . '</AuthorId> |
|
| 144 | </EapMethod> |
|
| 145 | '; |
|
| 146 | if ($eap == \core\common\EAP::EAPTYPE_TLS || $eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
| 147 | $profileFileCont .= ' |
|
| 148 | ||
| 149 | <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" |
|
| 150 | xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> |
|
| 151 | <baseEap:Eap> |
|
| 152 | <baseEap:Type>13</baseEap:Type> |
|
| 153 | <eapTls:EapType> |
|
| 154 | <eapTls:CredentialsSource> |
|
| 155 | <eapTls:CertificateStore /> |
|
| 156 | </eapTls:CredentialsSource> |
|
| 157 | <eapTls:ServerValidation> |
|
| 158 | <eapTls:DisableUserPromptForServerValidation>true</eapTls:DisableUserPromptForServerValidation> |
|
| 159 | <eapTls:ServerNames>' . $servers . '</eapTls:ServerNames>'; |
|
| 160 | if ($caArray) { |
|
| 161 | foreach ($caArray as $certAuthority) { |
|
| 162 | if ($certAuthority['root']) { |
|
| 163 | $profileFileCont .= "<eapTls:TrustedRootCA>" . $certAuthority['sha1'] . "</eapTls:TrustedRootCA>\n"; |
|
| 164 | } |
|
| 165 | } |
|
| 166 | } |
|
| 167 | $profileFileCont .= '</eapTls:ServerValidation> |
|
| 168 | '; |
|
| 169 | if (isset($attr['eap-specific:tls_use_other_id']) && $attr['eap-specific:tls_use_other_id'][0] == 'on') { |
|
| 170 | $profileFileCont .= '<eapTls:DifferentUsername>true</eapTls:DifferentUsername>'; |
|
| 171 | $this->tlsOtherUsername = 1; |
|
| 172 | } else { |
|
| 173 | $profileFileCont .= '<eapTls:DifferentUsername>false</eapTls:DifferentUsername>'; |
|
| 174 | } |
|
| 175 | $profileFileCont .= ' |
|
| 176 | </eapTls:EapType> |
|
| 177 | </baseEap:Eap> |
|
| 178 | </Config> |
|
| 179 | '; |
|
| 180 | } elseif ($eap == \core\common\EAP::EAPTYPE_PEAP_MSCHAP2) { |
|
| 181 | if (isset($attr['eap:enable_nea']) && $attr['eap:enable_nea'][0] == 'on') { |
|
| 182 | $nea = 'true'; |
|
| 183 | } else { |
|
| 184 | $nea = 'false'; |
|
| 185 | } |
|
| 186 | $w10Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 187 | <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
| 188 | <Type>25</Type> |
|
| 189 | <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> |
|
| 190 | <ServerValidation> |
|
| 191 | <DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation> |
|
| 192 | <ServerNames>' . $servers . '</ServerNames>'; |
|
| 193 | if ($caArray) { |
|
| 194 | foreach ($caArray as $certAuthority) { |
|
| 195 | if ($certAuthority['root']) { |
|
| 196 | $w10Ext .= "<TrustedRootCA>" . $certAuthority['sha1'] . "</TrustedRootCA>\n"; |
|
| 197 | } |
|
| 198 | } |
|
| 199 | } |
|
| 200 | $w10Ext .= '</ServerValidation> |
|
| 201 | <FastReconnect>true</FastReconnect> |
|
| 202 | <InnerEapOptional>false</InnerEapOptional> |
|
| 203 | <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
| 204 | <Type>26</Type> |
|
| 205 | <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> |
|
| 206 | <UseWinLogonCredentials>false</UseWinLogonCredentials> |
|
| 207 | </EapType> |
|
| 208 | </Eap> |
|
| 209 | <EnableQuarantineChecks>' . $nea . '</EnableQuarantineChecks> |
|
| 210 | <RequireCryptoBinding>false</RequireCryptoBinding> |
|
| 211 | '; |
|
| 212 | if ($useAnon == 1) { |
|
| 213 | $w10Ext .= '<PeapExtensions> |
|
| 214 | <IdentityPrivacy xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"> |
|
| 215 | <EnableIdentityPrivacy>true</EnableIdentityPrivacy> |
|
| 216 | '; |
|
| 217 | if ($outerUser) { |
|
| 218 | $w10Ext .= '<AnonymousUserName>' . $outerUser . '</AnonymousUserName> |
|
| 219 | '; |
|
| 220 | } else { |
|
| 221 | $w10Ext .= '<AnonymousUserName/> |
|
| 222 | '; |
|
| 223 | } |
|
| 224 | $w10Ext .= '</IdentityPrivacy> |
|
| 225 | </PeapExtensions> |
|
| 226 | '; |
|
| 227 | } |
|
| 228 | $w10Ext .= '</EapType> |
|
| 229 | </Eap> |
|
| 230 | </Config> |
|
| 231 | '; |
|
| 232 | } elseif ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 233 | if ($this->useGeantLink) { |
|
| 234 | $innerMethod = 'MSCHAPv2'; |
|
| 235 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
| 236 | $innerMethod = 'PAP'; |
|
| 237 | } |
|
| 238 | $profileFileCont .= ' |
|
| 239 | <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 240 | <EAPIdentityProviderList xmlns="urn:ietf:params:xml:ns:yang:ietf-eap-metadata"> |
|
| 241 | <EAPIdentityProvider ID="' . $this->deviceUUID . '" namespace="urn:UUID"> |
|
| 242 | ||
| 243 | <ProviderInfo> |
|
| 244 | <DisplayName>' . $this->translateString($attr['general:instname'][0], $this->codePage) . '</DisplayName> |
|
| 245 | </ProviderInfo> |
|
| 246 | <AuthenticationMethods> |
|
| 247 | <AuthenticationMethod> |
|
| 248 | <EAPMethod>21</EAPMethod> |
|
| 249 | <ClientSideCredential> |
|
| 250 | <allow-save>true</allow-save> |
|
| 251 | '; |
|
| 252 | if ($useAnon == 1) { |
|
| 253 | if ($outerUser == '') { |
|
| 254 | $profileFileCont .= '<AnonymousIdentity>@</AnonymousIdentity>'; |
|
| 255 | } else { |
|
| 256 | $profileFileCont .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity>'; |
|
| 257 | } |
|
| 258 | } |
|
| 259 | $profileFileCont .= '</ClientSideCredential> |
|
| 260 | <ServerSideCredential> |
|
| 261 | '; |
|
| 262 | ||
| 263 | foreach ($caArray as $ca) { |
|
| 264 | $profileFileCont .= '<CA><format>PEM</format><cert-data>'; |
|
| 265 | $profileFileCont .= base64_encode($ca['der']); |
|
| 266 | $profileFileCont .= '</cert-data></CA> |
|
| 267 | '; |
|
| 268 | } |
|
| 269 | $profileFileCont .= "<ServerName>$servers</ServerName>\n"; |
|
| 270 | ||
| 271 | $profileFileCont .= ' |
|
| 272 | </ServerSideCredential> |
|
| 273 | <InnerAuthenticationMethod> |
|
| 274 | <NonEAPAuthMethod>' . $innerMethod . '</NonEAPAuthMethod> |
|
| 275 | </InnerAuthenticationMethod> |
|
| 276 | <VendorSpecific> |
|
| 277 | <SessionResumption>false</SessionResumption> |
|
| 278 | </VendorSpecific> |
|
| 279 | </AuthenticationMethod> |
|
| 280 | </AuthenticationMethods> |
|
| 281 | </EAPIdentityProvider> |
|
| 282 | </EAPIdentityProviderList> |
|
| 283 | </Config> |
|
| 284 | '; |
|
| 285 | } else { |
|
| 286 | $w10Ext = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 287 | <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"> |
|
| 288 | <ServerValidation> |
|
| 289 | <ServerNames>' . $servers . '</ServerNames> '; |
|
| 290 | if ($caArray) { |
|
| 291 | foreach ($caArray as $certAuthority) { |
|
| 292 | if ($certAuthority['root']) { |
|
| 293 | $w10Ext .= "<TrustedRootCAHash>" . chunk_split($certAuthority['sha1'], 2, ' ') . "</TrustedRootCAHash>\n"; |
|
| 294 | } |
|
| 295 | } |
|
| 296 | } |
|
| 297 | $w10Ext .= '<DisablePrompt>true</DisablePrompt> |
|
| 298 | </ServerValidation> |
|
| 299 | <Phase2Authentication> |
|
| 300 | '; |
|
| 301 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
| 302 | $w10Ext .= '<PAPAuthentication /> '; |
|
| 303 | } |
|
| 304 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 305 | $w10Ext .= '<MSCHAPv2Authentication> |
|
| 306 | <UseWinlogonCredentials>false</UseWinlogonCredentials> |
|
| 307 | </MSCHAPv2Authentication> |
|
| 308 | '; |
|
| 309 | } |
|
| 310 | $w10Ext .= '</Phase2Authentication> |
|
| 311 | <Phase1Identity> |
|
| 312 | '; |
|
| 313 | if ($useAnon == 1) { |
|
| 314 | $w10Ext .= '<IdentityPrivacy>true</IdentityPrivacy> |
|
| 315 | '; |
|
| 316 | if (isset($outerId) && $outerId) { |
|
| 317 | $w10Ext .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity> |
|
| 318 | '; |
|
| 319 | } else { |
|
| 320 | $w10Ext .= '<AnonymousIdentity/> |
|
| 321 | '; |
|
| 322 | } |
|
| 323 | } else { |
|
| 324 | $w10Ext .= '<IdentityPrivacy>false</IdentityPrivacy> |
|
| 325 | '; |
|
| 326 | } |
|
| 327 | $w10Ext .= '</Phase1Identity> |
|
| 328 | </EapTtls> |
|
| 329 | </Config> |
|
| 330 | '; |
|
| 331 | } |
|
| 332 | } elseif ($eap == \core\common\EAP::EAPTYPE_PWD) { |
|
| 333 | $profileFileCont .= '<ConfigBlob></ConfigBlob>'; |
|
| 334 | } |
|
| 335 | ||
| 336 | $profileFileContEnd = '</EapHostConfig></EAPConfig>'; |
|
| 337 | $returnArray = []; |
|
| 338 | $returnArray['w10'] = $profileFileCont . $w10Ext . $profileFileContEnd; |
|
| 339 | return $returnArray; |
|
| 340 | } |
|
| 341 | ||
| 342 | /** |
|
| 343 | * produce PEAP, TLS and TTLS configuration files for Windows 8 |
|
| @@ 99-338 (lines=240) @@ | ||
| 96 | return($installerPath); |
|
| 97 | } |
|
| 98 | ||
| 99 | private function prepareEapConfig($attr) { |
|
| 100 | $outerUser = ''; |
|
| 101 | $outerId = ''; |
|
| 102 | $eap = $this->selectedEap; |
|
| 103 | $wExt = ''; |
|
| 104 | // there is only one caller to this function, and it will always call |
|
| 105 | // with exactly one of exactly the EAP types below. Let's assert() that |
|
| 106 | // rather than returning void, otherwise this is a condition that needs |
|
| 107 | // to be caught later on. |
|
| 108 | assert(in_array($eap, [\core\common\EAP::EAPTYPE_TLS, |
|
| 109 | \core\common\EAP::EAPTYPE_PEAP_MSCHAP2, |
|
| 110 | \core\common\EAP::EAPTYPE_PWD, |
|
| 111 | \core\common\EAP::EAPTYPE_TTLS_PAP, |
|
| 112 | \core\common\EAP::EAPTYPE_TTLS_MSCHAP2, |
|
| 113 | \core\common\EAP::EAPTYPE_SILVERBULLET]), new Exception("prepareEapConfig called for an EAP type it cannot handle!")); |
|
| 114 | ||
| 115 | $useAnon = $attr['internal:use_anon_outer'] [0]; |
|
| 116 | if ($useAnon) { |
|
| 117 | $outerUser = $attr['internal:anon_local_value'][0]; |
|
| 118 | $outerId = $outerUser . '@' . $attr['internal:realm'][0]; |
|
| 119 | } |
|
| 120 | // $servers = preg_quote(implode(';',$attr['eap:server_name'])); |
|
| 121 | $servers = implode(';', $attr['eap:server_name']); |
|
| 122 | $caArray = $attr['internal:CAs'][0]; |
|
| 123 | $authorId = "0"; |
|
| 124 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 125 | if ($this->useGeantLink) { |
|
| 126 | $authorId = "67532"; |
|
| 127 | $servers = implode('</ServerName><ServerName>', $attr['eap:server_name']); |
|
| 128 | } else { |
|
| 129 | $authorId = "311"; |
|
| 130 | } |
|
| 131 | } |
|
| 132 | ||
| 133 | $profileFileCont = '<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 134 | <EapMethod> |
|
| 135 | '; |
|
| 136 | ||
| 137 | $profileFileCont .= '<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">' . |
|
| 138 | $this->selectedEap["OUTER"] . '</Type> |
|
| 139 | <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> |
|
| 140 | <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> |
|
| 141 | <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">' . $authorId . '</AuthorId> |
|
| 142 | </EapMethod> |
|
| 143 | '; |
|
| 144 | if ($eap == \core\common\EAP::EAPTYPE_TLS || $eap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
| 145 | $profileFileCont .= ' |
|
| 146 | ||
| 147 | <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" |
|
| 148 | xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> |
|
| 149 | <baseEap:Eap> |
|
| 150 | <baseEap:Type>13</baseEap:Type> |
|
| 151 | <eapTls:EapType> |
|
| 152 | <eapTls:CredentialsSource> |
|
| 153 | <eapTls:CertificateStore /> |
|
| 154 | </eapTls:CredentialsSource> |
|
| 155 | <eapTls:ServerValidation> |
|
| 156 | <eapTls:DisableUserPromptForServerValidation>true</eapTls:DisableUserPromptForServerValidation> |
|
| 157 | <eapTls:ServerNames>' . $servers . '</eapTls:ServerNames>'; |
|
| 158 | if ($caArray) { |
|
| 159 | foreach ($caArray as $certAuthority) { |
|
| 160 | if ($certAuthority['root']) { |
|
| 161 | $profileFileCont .= "<eapTls:TrustedRootCA>" . $certAuthority['sha1'] . "</eapTls:TrustedRootCA>\n"; |
|
| 162 | } |
|
| 163 | } |
|
| 164 | } |
|
| 165 | $profileFileCont .= '</eapTls:ServerValidation> |
|
| 166 | '; |
|
| 167 | if (isset($attr['eap-specific:tls_use_other_id']) && $attr['eap-specific:tls_use_other_id'][0] == 'on') { |
|
| 168 | $profileFileCont .= '<eapTls:DifferentUsername>true</eapTls:DifferentUsername>'; |
|
| 169 | $this->tlsOtherUsername = 1; |
|
| 170 | } else { |
|
| 171 | $profileFileCont .= '<eapTls:DifferentUsername>false</eapTls:DifferentUsername>'; |
|
| 172 | } |
|
| 173 | $profileFileCont .= ' |
|
| 174 | </eapTls:EapType> |
|
| 175 | </baseEap:Eap> |
|
| 176 | </Config> |
|
| 177 | '; |
|
| 178 | } elseif ($eap == \core\common\EAP::EAPTYPE_PEAP_MSCHAP2) { |
|
| 179 | if (isset($attr['eap:enable_nea']) && $attr['eap:enable_nea'][0] == 'on') { |
|
| 180 | $nea = 'true'; |
|
| 181 | } else { |
|
| 182 | $nea = 'false'; |
|
| 183 | } |
|
| 184 | $wExt = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 185 | <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
| 186 | <Type>25</Type> |
|
| 187 | <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> |
|
| 188 | <ServerValidation> |
|
| 189 | <DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation> |
|
| 190 | <ServerNames>' . $servers . '</ServerNames>'; |
|
| 191 | if ($caArray) { |
|
| 192 | foreach ($caArray as $certAuthority) { |
|
| 193 | if ($certAuthority['root']) { |
|
| 194 | $wExt .= "<TrustedRootCA>" . $certAuthority['sha1'] . "</TrustedRootCA>\n"; |
|
| 195 | } |
|
| 196 | } |
|
| 197 | } |
|
| 198 | $wExt .= '</ServerValidation> |
|
| 199 | <FastReconnect>true</FastReconnect> |
|
| 200 | <InnerEapOptional>false</InnerEapOptional> |
|
| 201 | <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> |
|
| 202 | <Type>26</Type> |
|
| 203 | <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> |
|
| 204 | <UseWinLogonCredentials>false</UseWinLogonCredentials> |
|
| 205 | </EapType> |
|
| 206 | </Eap> |
|
| 207 | <EnableQuarantineChecks>' . $nea . '</EnableQuarantineChecks> |
|
| 208 | <RequireCryptoBinding>false</RequireCryptoBinding> |
|
| 209 | '; |
|
| 210 | if ($useAnon == 1) { |
|
| 211 | $wExt .= '<PeapExtensions> |
|
| 212 | <IdentityPrivacy xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2"> |
|
| 213 | <EnableIdentityPrivacy>true</EnableIdentityPrivacy> |
|
| 214 | '; |
|
| 215 | if ($outerUser) { |
|
| 216 | $wExt .= '<AnonymousUserName>' . $outerUser . '</AnonymousUserName> |
|
| 217 | '; |
|
| 218 | } else { |
|
| 219 | $wExt .= '<AnonymousUserName/> |
|
| 220 | '; |
|
| 221 | } |
|
| 222 | $wExt .= '</IdentityPrivacy> |
|
| 223 | </PeapExtensions> |
|
| 224 | '; |
|
| 225 | } |
|
| 226 | $wExt .= '</EapType> |
|
| 227 | </Eap> |
|
| 228 | </Config> |
|
| 229 | '; |
|
| 230 | } elseif ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP || $eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 231 | if ($this->useGeantLink) { |
|
| 232 | $innerMethod = 'MSCHAPv2'; |
|
| 233 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
| 234 | $innerMethod = 'PAP'; |
|
| 235 | } |
|
| 236 | $profileFileCont .= ' |
|
| 237 | <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 238 | <EAPIdentityProviderList xmlns="urn:ietf:params:xml:ns:yang:ietf-eap-metadata"> |
|
| 239 | <EAPIdentityProvider ID="' . $this->deviceUUID . '" namespace="urn:UUID"> |
|
| 240 | ||
| 241 | <ProviderInfo> |
|
| 242 | <DisplayName>' . $this->translateString($attr['general:instname'][0], $this->codePage) . '</DisplayName> |
|
| 243 | </ProviderInfo> |
|
| 244 | <AuthenticationMethods> |
|
| 245 | <AuthenticationMethod> |
|
| 246 | <EAPMethod>21</EAPMethod> |
|
| 247 | <ClientSideCredential> |
|
| 248 | <allow-save>true</allow-save> |
|
| 249 | '; |
|
| 250 | if ($useAnon == 1) { |
|
| 251 | if ($outerUser == '') { |
|
| 252 | $profileFileCont .= '<AnonymousIdentity>@</AnonymousIdentity>'; |
|
| 253 | } else { |
|
| 254 | $profileFileCont .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity>'; |
|
| 255 | } |
|
| 256 | } |
|
| 257 | $profileFileCont .= '</ClientSideCredential> |
|
| 258 | <ServerSideCredential> |
|
| 259 | '; |
|
| 260 | ||
| 261 | foreach ($caArray as $ca) { |
|
| 262 | $profileFileCont .= '<CA><format>PEM</format><cert-data>'; |
|
| 263 | $profileFileCont .= base64_encode($ca['der']); |
|
| 264 | $profileFileCont .= '</cert-data></CA> |
|
| 265 | '; |
|
| 266 | } |
|
| 267 | $profileFileCont .= "<ServerName>$servers</ServerName>\n"; |
|
| 268 | ||
| 269 | $profileFileCont .= ' |
|
| 270 | </ServerSideCredential> |
|
| 271 | <InnerAuthenticationMethod> |
|
| 272 | <NonEAPAuthMethod>' . $innerMethod . '</NonEAPAuthMethod> |
|
| 273 | </InnerAuthenticationMethod> |
|
| 274 | <VendorSpecific> |
|
| 275 | <SessionResumption>false</SessionResumption> |
|
| 276 | </VendorSpecific> |
|
| 277 | </AuthenticationMethod> |
|
| 278 | </AuthenticationMethods> |
|
| 279 | </EAPIdentityProvider> |
|
| 280 | </EAPIdentityProviderList> |
|
| 281 | </Config> |
|
| 282 | '; |
|
| 283 | } else { |
|
| 284 | $wExt = '<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> |
|
| 285 | <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"> |
|
| 286 | <ServerValidation> |
|
| 287 | <ServerNames>' . $servers . '</ServerNames> '; |
|
| 288 | if ($caArray) { |
|
| 289 | foreach ($caArray as $certAuthority) { |
|
| 290 | if ($certAuthority['root']) { |
|
| 291 | $wExt .= "<TrustedRootCAHash>" . chunk_split($certAuthority['sha1'], 2, ' ') . "</TrustedRootCAHash>\n"; |
|
| 292 | } |
|
| 293 | } |
|
| 294 | } |
|
| 295 | $wExt .= '<DisablePrompt>true</DisablePrompt> |
|
| 296 | </ServerValidation> |
|
| 297 | <Phase2Authentication> |
|
| 298 | '; |
|
| 299 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_PAP) { |
|
| 300 | $wExt .= '<PAPAuthentication /> '; |
|
| 301 | } |
|
| 302 | if ($eap == \core\common\EAP::EAPTYPE_TTLS_MSCHAP2) { |
|
| 303 | $wExt .= '<MSCHAPv2Authentication> |
|
| 304 | <UseWinlogonCredentials>false</UseWinlogonCredentials> |
|
| 305 | </MSCHAPv2Authentication> |
|
| 306 | '; |
|
| 307 | } |
|
| 308 | $wExt .= '</Phase2Authentication> |
|
| 309 | <Phase1Identity> |
|
| 310 | '; |
|
| 311 | if ($useAnon == 1) { |
|
| 312 | $wExt .= '<IdentityPrivacy>true</IdentityPrivacy> |
|
| 313 | '; |
|
| 314 | if (isset($outerId) && $outerId) { |
|
| 315 | $wExt .= '<AnonymousIdentity>' . $outerId . '</AnonymousIdentity> |
|
| 316 | '; |
|
| 317 | } else { |
|
| 318 | $wExt .= '<AnonymousIdentity/> |
|
| 319 | '; |
|
| 320 | } |
|
| 321 | } else { |
|
| 322 | $wExt .= '<IdentityPrivacy>false</IdentityPrivacy> |
|
| 323 | '; |
|
| 324 | } |
|
| 325 | $wExt .= '</Phase1Identity> |
|
| 326 | </EapTtls> |
|
| 327 | </Config> |
|
| 328 | '; |
|
| 329 | } |
|
| 330 | } elseif ($eap == \core\common\EAP::EAPTYPE_PWD) { |
|
| 331 | $profileFileCont .= '<ConfigBlob></ConfigBlob>'; |
|
| 332 | } |
|
| 333 | ||
| 334 | $profileFileContEnd = '</EapHostConfig></EAPConfig>'; |
|
| 335 | $returnArray = []; |
|
| 336 | $returnArray['win'] = $profileFileCont . $wExt . $profileFileContEnd; |
|
| 337 | return $returnArray; |
|
| 338 | } |
|
| 339 | ||
| 340 | /** |
|
| 341 | * produce PEAP, TLS and TTLS configuration files for Windows 8 |
|
