GEANT /
CAT
@@ -20,11 +20,11 @@ discard block |
||
| 20 | 20 | * <base_url>/copyright.php after deploying the software |
| 21 | 21 | * */ |
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * This file is used to pack and send RADSEC credentials. |
|
| 25 | - * |
|
| 26 | - * @author Maja Gorecka-Wolniewicz <[email protected]> |
|
| 27 | - */ |
|
| 23 | + /** |
|
| 24 | + * This file is used to pack and send RADSEC credentials. |
|
| 25 | + * |
|
| 26 | + * @author Maja Gorecka-Wolniewicz <[email protected]> |
|
| 27 | + */ |
|
| 28 | 28 | ?> |
| 29 | 29 | <?php |
| 30 | 30 | |
@@ -36,26 +36,26 @@ discard block |
||
| 36 | 36 | if ($editMode == 'fullaccess') { |
| 37 | 37 | $hotspotProfiles = $my_inst->listDeployments(); |
| 38 | 38 | if (count($hotspotProfiles) > 0) { // no profiles yet. |
| 39 | - foreach ($hotspotProfiles as $counter => $deploymentObject) { |
|
| 40 | - if ($deploymentObject->institution == $_GET['inst_id'] && $deploymentObject->identifier == $_GET['dep_id']) { |
|
| 41 | - $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 42 | - $zip = new ZipArchive; |
|
| 43 | - $zip->open(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip', ZipArchive::CREATE); |
|
| 44 | - if ($deploymentObject->radsec_priv != '') { |
|
| 39 | + foreach ($hotspotProfiles as $counter => $deploymentObject) { |
|
| 40 | + if ($deploymentObject->institution == $_GET['inst_id'] && $deploymentObject->identifier == $_GET['dep_id']) { |
|
| 41 | + $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 42 | + $zip = new ZipArchive; |
|
| 43 | + $zip->open(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip', ZipArchive::CREATE); |
|
| 44 | + if ($deploymentObject->radsec_priv != '') { |
|
| 45 | 45 | $zip->addFromString('priv.key', $deploymentObject->radsec_priv); |
| 46 | - } |
|
| 47 | - $zip->addFromString('cert.pem', $deploymentObject->radsec_cert); |
|
| 48 | - $zip->addFromString('ca.pem', $cacert); |
|
| 49 | - $zip->close(); |
|
| 50 | - $data = file_get_contents(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip'); |
|
| 51 | - unlink(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip'); |
|
| 52 | - if ($data !== FALSE) { |
|
| 46 | + } |
|
| 47 | + $zip->addFromString('cert.pem', $deploymentObject->radsec_cert); |
|
| 48 | + $zip->addFromString('ca.pem', $cacert); |
|
| 49 | + $zip->close(); |
|
| 50 | + $data = file_get_contents(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip'); |
|
| 51 | + unlink(ROOT . '/var/tmp/' . $deploymentObject->identifier.'.zip'); |
|
| 52 | + if ($data !== FALSE) { |
|
| 53 | 53 | header('Content-Type: application/zip'); |
| 54 | 54 | header("Content-Disposition: attachment; filename=\"full_".$deploymentObject->identifier.".zip\""); |
| 55 | 55 | header("Content-Transfer-Encoding: binary"); |
| 56 | 56 | echo $data; |
| 57 | - } |
|
| 58 | - } |
|
| 59 | - } |
|
| 57 | + } |
|
| 58 | + } |
|
| 59 | + } |
|
| 60 | 60 | } |
| 61 | 61 | } |
| 62 | 62 | \ No newline at end of file |
@@ -20,7 +20,7 @@ discard block |
||
| 20 | 20 | $deployment = $validator->existingDeploymentManaged($_GET['deployment_id'], $inst); |
| 21 | 21 | $format = ''; |
| 22 | 22 | if (isset($_GET['as']) && $_GET['as']=='csv') { |
| 23 | - $format = 'csv'; |
|
| 23 | + $format = 'csv'; |
|
| 24 | 24 | } |
| 25 | 25 | if (!isset($_POST['stats'])) { |
| 26 | 26 | $backlog = $_GET['backlog']; |
@@ -47,25 +47,25 @@ discard block |
||
| 47 | 47 | |
| 48 | 48 | $userAuthData = $deployment->retrieveStatistics($backlogTime); |
| 49 | 49 | if ($format == 'csv') { |
| 50 | - header('Content-Type: text/csv'); |
|
| 50 | + header('Content-Type: text/csv'); |
|
| 51 | 51 | header('Content-Disposition: attachment; filename="backlog_'.$deployment->identifier.'_'.$backlog.'"'); |
| 52 | - $fp = fopen('php://output', 'w'); |
|
| 53 | - fputcsv($fp, [_("Timestamp (UTC)"), _("Outer-Identity"), _("Result"), _("MAC Address"), |
|
| 54 | - _("Chargeable-User-Identity"), _("AP Identifier"), _("Protocol")], ';', '"', ''); |
|
| 55 | - foreach ($userAuthData as $oneRecord) { |
|
| 56 | - fputcsv($fp, [$oneRecord['activity_time'], $oneRecord['outer_user'], |
|
| 57 | - ($oneRecord['result'] == "OK" ? _("Success") : _("Failure")), |
|
| 58 | - $oneRecord['mac'], $oneRecord['cui'], |
|
| 59 | - $oneRecord['ap_id'], $oneRecord['prot']], ';', '"', ''); |
|
| 52 | + $fp = fopen('php://output', 'w'); |
|
| 53 | + fputcsv($fp, [_("Timestamp (UTC)"), _("Outer-Identity"), _("Result"), _("MAC Address"), |
|
| 54 | + _("Chargeable-User-Identity"), _("AP Identifier"), _("Protocol")], ';', '"', ''); |
|
| 55 | + foreach ($userAuthData as $oneRecord) { |
|
| 56 | + fputcsv($fp, [$oneRecord['activity_time'], $oneRecord['outer_user'], |
|
| 57 | + ($oneRecord['result'] == "OK" ? _("Success") : _("Failure")), |
|
| 58 | + $oneRecord['mac'], $oneRecord['cui'], |
|
| 59 | + $oneRecord['ap_id'], $oneRecord['prot']], ';', '"', ''); |
|
| 60 | 60 | } |
| 61 | - fclose($fp); |
|
| 61 | + fclose($fp); |
|
| 62 | 62 | } else { |
| 63 | 63 | ?> |
| 64 | 64 | |
| 65 | 65 | <h1><?php $tablecaption = _("Deployment Usage Records"); echo $tablecaption; ?></h1> |
| 66 | 66 | <p><?php echo _("(AP Identifier is a /-separated tuple of NAS-Identifier/NAS-IP-Address/NAS-IPv6-Address/Called-Station-Id)"); |
| 67 | - echo _("Protocol is a protocol used between a client and RADIUS server, for TLS it is a / separated tuple TLS/TLS-Client-Cert-Serial"); |
|
| 68 | - ?></p> |
|
| 67 | + echo _("Protocol is a protocol used between a client and RADIUS server, for TLS it is a / separated tuple TLS/TLS-Client-Cert-Serial"); |
|
| 68 | + ?></p> |
|
| 69 | 69 | <table class='authrecord'> |
| 70 | 70 | <caption><?php echo $tablecaption;?></caption> |
| 71 | 71 | <tr> |
@@ -149,10 +149,10 @@ discard block |
||
| 149 | 149 | $dc[] = 'DC=' . $v; |
| 150 | 150 | } |
| 151 | 151 | if ($DN !== array_reverse($dc)) { |
| 152 | - $dc = array(); |
|
| 153 | - $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
|
| 154 | - $_SESSION['FORM_SETTINGS'] = $settings; |
|
| 155 | - $_SESSION['csr_subject'] = $dn; |
|
| 152 | + $dc = array(); |
|
| 153 | + $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
|
| 154 | + $_SESSION['FORM_SETTINGS'] = $settings; |
|
| 155 | + $_SESSION['csr_subject'] = $dn; |
|
| 156 | 156 | } |
| 157 | 157 | } else { |
| 158 | 158 | $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
@@ -201,15 +201,15 @@ discard block |
||
| 201 | 201 | } else { |
| 202 | 202 | $ou = $serverInfo["names"][$langInstance->getLang()]; |
| 203 | 203 | } |
| 204 | - if (str_contains($ou, ',')) { |
|
| 205 | - $modou = 1; |
|
| 206 | - $ou = str_replace(",", "/,", $ou); |
|
| 207 | - } |
|
| 208 | - $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 209 | - if (strlen($ou) >= 64) { |
|
| 210 | - $ou = substr($ou, 0, 64); |
|
| 211 | - $modou += 2; |
|
| 212 | - } |
|
| 204 | + if (str_contains($ou, ',')) { |
|
| 205 | + $modou = 1; |
|
| 206 | + $ou = str_replace(",", "/,", $ou); |
|
| 207 | + } |
|
| 208 | + $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 209 | + if (strlen($ou) >= 64) { |
|
| 210 | + $ou = substr($ou, 0, 64); |
|
| 211 | + $modou += 2; |
|
| 212 | + } |
|
| 213 | 213 | $DN[] = "O=".iconv('UTF-8', 'ASCII//TRANSLIT', $ou); |
| 214 | 214 | $serverList = explode(",", $serverInfo["servers"]); |
| 215 | 215 | $DN[] = "CN=" . $serverList[0]; |
@@ -234,20 +234,20 @@ discard block |
||
| 234 | 234 | echo "<p style='font-size: large'>" . _("Requesting a certificate with the following properties"); |
| 235 | 235 | echo "<ul>"; |
| 236 | 236 | echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
| 237 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 238 | - if ($modou > 0) { |
|
| 239 | - echo " ("; |
|
| 237 | + echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 238 | + if ($modou > 0) { |
|
| 239 | + echo " ("; |
|
| 240 | 240 | echo _("Organization field adjusted"). ': '; |
| 241 | - $desc = array(); |
|
| 242 | - if ($modou >= 2) { |
|
| 243 | - $desc[] = _("truncated to 64 chars"); |
|
| 244 | - } |
|
| 245 | - if ($modou == 1 || $modou == 3) { |
|
| 246 | - $desc[] = _("commas escaped"); |
|
| 241 | + $desc = array(); |
|
| 242 | + if ($modou >= 2) { |
|
| 243 | + $desc[] = _("truncated to 64 chars"); |
|
| 244 | + } |
|
| 245 | + if ($modou == 1 || $modou == 3) { |
|
| 246 | + $desc[] = _("commas escaped"); |
|
| 247 | 247 | } |
| 248 | - echo implode(', ', $desc); |
|
| 249 | - echo ")"; |
|
| 250 | - } |
|
| 248 | + echo implode(', ', $desc); |
|
| 249 | + echo ")"; |
|
| 250 | + } |
|
| 251 | 251 | echo "</li>"; |
| 252 | 252 | echo "<li>" . _("subjectAltName:DNS : ") . implode(", ", $serverList) . "</li>"; |
| 253 | 253 | echo "<li>" . _("Requester Contact Details: ") . $firstName . " <" . $firstMail . ">" . "</li>"; |
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | " . $Tou['title'] . " |
| 52 | 52 | </h1> |
| 53 | 53 | <div id='tou_1'>" . $Tou['subtitle'] . |
| 54 | - '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 54 | + '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 55 | 55 | </div> |
| 56 | 56 | <div id='all_tou_link'><a href='javascript:showTOU()'>Click here to see the full terms</a></div> |
| 57 | 57 | <div id='tou_2' style='display:none; padding-top:20px; direction:ltr'>" . |
@@ -2,12 +2,12 @@ |
||
| 2 | 2 | define('SOCKET', '/opt/Socket/CAT_requests/queue'); |
| 3 | 3 | |
| 4 | 4 | function cat_socket($obj) { |
| 5 | - $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | - $conn = socket_connect($sock, SOCKET); |
|
| 7 | - if ( $conn ) { |
|
| 8 | - socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | - $out = socket_read ($sock, 2048); |
|
| 10 | - return $out; |
|
| 11 | - } |
|
| 12 | - return 'FAILURE'; |
|
| 5 | + $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | + $conn = socket_connect($sock, SOCKET); |
|
| 7 | + if ( $conn ) { |
|
| 8 | + socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | + $out = socket_read ($sock, 2048); |
|
| 10 | + return $out; |
|
| 11 | + } |
|
| 12 | + return 'FAILURE'; |
|
| 13 | 13 | } |
@@ -372,20 +372,20 @@ discard block |
||
| 372 | 372 | ); |
| 373 | 373 | // Generate a new private (and public) key pair |
| 374 | 374 | $privkey = openssl_pkey_new(array( |
| 375 | - "private_key_bits" => 4096, |
|
| 376 | - "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 375 | + "private_key_bits" => 4096, |
|
| 376 | + "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 377 | 377 | // export private key to $clientprivateKey (as string) |
| 378 | 378 | openssl_pkey_export($privkey, $this->radsec_priv); |
| 379 | 379 | // Generate a certificate signing request |
| 380 | 380 | $csr = openssl_csr_new($dn, $privkey, |
| 381 | - array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 381 | + array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 382 | 382 | // get CA certificate and private key |
| 383 | 383 | $caprivkey = array(file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"), |
| 384 | 384 | \config\Master::MANAGEDSP['capass']); |
| 385 | 385 | $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
| 386 | 386 | $this->setTLSSerialNumber(); |
| 387 | 387 | $clientcert = openssl_csr_sign($csr, $cacert, $caprivkey, \config\Master::MANAGEDSP['daystoexpiry'], |
| 388 | - array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 388 | + array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 389 | 389 | openssl_x509_export($clientcert, $this->radsec_cert); |
| 390 | 390 | } |
| 391 | 391 | /** |
@@ -506,9 +506,9 @@ discard block |
||
| 506 | 506 | */ |
| 507 | 507 | public function renewtls() |
| 508 | 508 | { |
| 509 | - $id = $this->identifier; |
|
| 510 | - $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 509 | + $id = $this->identifier; |
|
| 510 | + $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 512 | 512 | } |
| 513 | 513 | |
| 514 | 514 | /** |
@@ -518,38 +518,38 @@ discard block |
||
| 518 | 518 | */ |
| 519 | 519 | public function tlsfromcsr($csr) |
| 520 | 520 | { |
| 521 | - $id = $this->identifier; |
|
| 522 | - $dn = array(); |
|
| 523 | - $dn['rdnSequence'] = array(); |
|
| 524 | - $dn['rdnSequence'][0] = array(); |
|
| 525 | - $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | - $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | - $dn['rdnSequence'][1] = array(); |
|
| 528 | - $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | - $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | - $dn['rdnSequence'][2] = array(); |
|
| 531 | - $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | - $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | - $csr->setDN($dn); |
|
| 534 | - $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | - $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | - $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | - $ca = new \phpseclib3\File\X509(); |
|
| 538 | - $ca->loadX509($pemca); |
|
| 539 | - $ca->setPrivateKey($cakey); |
|
| 540 | - // Sign the updated request, producing the certificate. |
|
| 541 | - $x509 = new \phpseclib3\File\X509(); |
|
| 542 | - $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | - $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | - $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | - $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | - $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | - $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | - $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | - $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | - $this->radsec_priv = NULL; |
|
| 551 | - //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 521 | + $id = $this->identifier; |
|
| 522 | + $dn = array(); |
|
| 523 | + $dn['rdnSequence'] = array(); |
|
| 524 | + $dn['rdnSequence'][0] = array(); |
|
| 525 | + $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | + $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | + $dn['rdnSequence'][1] = array(); |
|
| 528 | + $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | + $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | + $dn['rdnSequence'][2] = array(); |
|
| 531 | + $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | + $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | + $csr->setDN($dn); |
|
| 534 | + $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | + $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | + $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | + $ca = new \phpseclib3\File\X509(); |
|
| 538 | + $ca->loadX509($pemca); |
|
| 539 | + $ca->setPrivateKey($cakey); |
|
| 540 | + // Sign the updated request, producing the certificate. |
|
| 541 | + $x509 = new \phpseclib3\File\X509(); |
|
| 542 | + $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | + $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | + $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | + $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | + $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | + $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | + $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | + $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | + $this->radsec_priv = NULL; |
|
| 551 | + //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 553 | 553 | } |
| 554 | 554 | /** |
| 555 | 555 | * marks the deployment as deactivated |
@@ -367,7 +367,7 @@ discard block |
||
| 367 | 367 | if (\config\Master::MAILSETTINGS['notify_nro']) { |
| 368 | 368 | foreach ($admins as $id) { |
| 369 | 369 | $user = new User($id); |
| 370 | - /// organisation |
|
| 370 | + /// organisation |
|
| 371 | 371 | $retval = $user->sendMailToUser(sprintf(_("%s in your federation was created"), common\Entity::$nomenclature_participant), $message); |
| 372 | 372 | if ($retval === FALSE) { |
| 373 | 373 | $this->loggerInstance->debug(2, "Mail to federation admin was NOT sent!\n"); |
@@ -434,7 +434,7 @@ discard block |
||
| 434 | 434 | $newReq = new CertificationAuthorityEduPkiServer(); |
| 435 | 435 | $reqserial = $newReq->sendRequestToCa($csr, $revocationPin, $expiryDays); |
| 436 | 436 | if ($reqserial > 0) { |
| 437 | - $this->loggerInstance->writeAudit($user, "NEW", "Certificate request - NRO: ".$this->tld." - serial: ".$reqserial." - subject: ".$csr['SUBJECT']); |
|
| 437 | + $this->loggerInstance->writeAudit($user, "NEW", "Certificate request - NRO: ".$this->tld." - serial: ".$reqserial." - subject: ".$csr['SUBJECT']); |
|
| 438 | 438 | $reqQuery = "INSERT INTO federation_servercerts " |
| 439 | 439 | ."(federation_id, ca_name, request_serial, distinguished_name, status, revocation_pin) " |
| 440 | 440 | ."VALUES (?, 'eduPKI', ?, ?, 'REQUESTED', ?)"; |
@@ -494,7 +494,7 @@ discard block |
||
| 494 | 494 | $result = $this->databaseHandle->exec($query); |
| 495 | 495 | $rows = $result->fetch_all(); |
| 496 | 496 | foreach ($rows as $row) { |
| 497 | - $activeProfiles[] = $row[0]; |
|
| 497 | + $activeProfiles[] = $row[0]; |
|
| 498 | 498 | } |
| 499 | 499 | $query = "SELECT institution.inst_id AS inst_id, profile.profile_id AS profile_id, profile_option.option_value AS cert FROM profile_option JOIN profile ON profile_option.profile_id=profile.profile_id JOIN institution ON profile.inst_id=institution.inst_id WHERE profile_option.option_name='eap:ca_file' and institution.country='".$this->tld."'"; |
| 500 | 500 | $result = $this->databaseHandle->exec($query); |
@@ -579,7 +579,7 @@ discard block |
||
| 579 | 579 | 'country' => strtoupper($idp->federation), |
| 580 | 580 | 'instance' => $idp, |
| 581 | 581 | 'realms' => $idpQuery->realms] |
| 582 | - ; |
|
| 582 | + ; |
|
| 583 | 583 | $returnarray[$idp->identifier] = $idpInfo; |
| 584 | 584 | } |
| 585 | 585 | if ($activeOnly != 0) { // we're only doing this once. |
@@ -159,17 +159,17 @@ |
||
| 159 | 159 | } |
| 160 | 160 | } |
| 161 | 161 | |
| 162 | - /** |
|
| 163 | - * Writes an audit log entry to the audit log file - static version. These audits are semantic logs; they don't record every single modification |
|
| 164 | - * in the database, but provide a logical "who did what" overview. The exact modification SQL statements are logged |
|
| 165 | - * automatically with writeSQLAudit() instead. The log file path is configurable in _config.php. |
|
| 166 | - * |
|
| 167 | - * @param string $user persistent identifier of the user who triggered the action |
|
| 168 | - * @param string $category type of modification, from the fixed vocabulary: "NEW", "OWN", "MOD", "DEL" |
|
| 169 | - * @param string $message message to log into the audit log |
|
| 170 | - * @return boolean TRUE if successful. Will terminate script execution on failure. |
|
| 171 | - * @throws Exception |
|
| 172 | - */ |
|
| 162 | + /** |
|
| 163 | + * Writes an audit log entry to the audit log file - static version. These audits are semantic logs; they don't record every single modification |
|
| 164 | + * in the database, but provide a logical "who did what" overview. The exact modification SQL statements are logged |
|
| 165 | + * automatically with writeSQLAudit() instead. The log file path is configurable in _config.php. |
|
| 166 | + * |
|
| 167 | + * @param string $user persistent identifier of the user who triggered the action |
|
| 168 | + * @param string $category type of modification, from the fixed vocabulary: "NEW", "OWN", "MOD", "DEL" |
|
| 169 | + * @param string $message message to log into the audit log |
|
| 170 | + * @return boolean TRUE if successful. Will terminate script execution on failure. |
|
| 171 | + * @throws Exception |
|
| 172 | + */ |
|
| 173 | 173 | public static function writeAudit_s($user, $category, $message) |
| 174 | 174 | { |
| 175 | 175 | switch ($category) { |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | $deployment->deactivate(); |
| 110 | 110 | } |
| 111 | 111 | header("Location: overview_org.php?inst_id=" . $my_inst->identifier . '&' . urldecode(http_build_query($response)) . '#profilebox_' . |
| 112 | - $deployment->identifier); |
|
| 112 | + $deployment->identifier); |
|
| 113 | 113 | exit(0); |
| 114 | 114 | case web\lib\common\FormElements::BUTTON_REMOVESP: |
| 115 | 115 | $deployment->remove(); |
@@ -140,9 +140,9 @@ discard block |
||
| 140 | 140 | // valid signature |
| 141 | 141 | $data = openssl_x509_parse($deployment->radsec_cert); |
| 142 | 142 | $certdata = array( |
| 143 | - $data['serialNumberHex'], |
|
| 144 | - date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 145 | - ); |
|
| 143 | + $data['serialNumberHex'], |
|
| 144 | + date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 145 | + ); |
|
| 146 | 146 | $torevoke = implode('#', $certdata); |
| 147 | 147 | $response = $deployment->setRADIUSconfig(0, 0, $torevoke); |
| 148 | 148 | $deployment->tlsfromcsr($csr); |
@@ -194,7 +194,7 @@ discard block |
||
| 194 | 194 | } |
| 195 | 195 | header("Location: overview_org.php?inst_id=" . $my_inst->identifier . '&' . urldecode(http_build_query($response)) . '#profilebox_' . $deployment->identifier); |
| 196 | 196 | exit(0); |
| 197 | - default: |
|
| 197 | + default: |
|
| 198 | 198 | throw new Exception("Unknown button action requested!"); |
| 199 | 199 | } |
| 200 | 200 | } |
