GEANT /
CAT
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $Tests = [ |
| 25 | 25 | 'Directories', |
@@ -43,7 +43,7 @@ discard block |
||
| 43 | 43 | |
| 44 | 44 | $uiElements = new \web\lib\admin\UIElements(); |
| 45 | 45 | |
| 46 | -if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == "LOCAL" || \config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] == "LOCAL" ) { |
|
| 46 | +if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == "LOCAL" || \config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] == "LOCAL") { |
|
| 47 | 47 | $Tests[] = 'Makensis'; |
| 48 | 48 | $Tests[] = 'Makensis=>NSISmodules'; |
| 49 | 49 | } |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,11 +66,11 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw); |
@@ -80,15 +80,15 @@ discard block |
||
| 80 | 80 | } |
| 81 | 81 | $this->issuingCert = $issuingCertCandidate; |
| 82 | 82 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 83 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 83 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | } |
| 85 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 85 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 86 | 86 | if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) { |
| 87 | 87 | throw new Exception("The private key did not parse correctly (or is not a PHP8 object)!"); |
| 88 | 88 | } |
| 89 | 89 | $this->issuingKey = $issuingKeyTemp; |
| 90 | 90 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 91 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 91 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 92 | 92 | } |
| 93 | 93 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 94 | 94 | } |
@@ -131,27 +131,27 @@ discard block |
||
| 131 | 131 | // generate stub index.txt file |
| 132 | 132 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 133 | 133 | $tempdir = $tempdirArray['dir']; |
| 134 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 135 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 134 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 135 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 136 | 136 | // serials for our CA are always integers |
| 137 | 137 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 138 | 138 | if (strlen($serialHex) % 2 == 1) { |
| 139 | - $serialHex = "0" . $serialHex; |
|
| 139 | + $serialHex = "0".$serialHex; |
|
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 142 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 143 | 143 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 144 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 144 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 145 | 145 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 146 | 146 | } |
| 147 | 147 | // index.txt.attr is dull but needs to exist |
| 148 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 148 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 149 | 149 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 150 | 150 | // adding "-rmd sha1" to the following command-line makes the |
| 151 | 151 | // choice of signature algorithm for the response explicit |
| 152 | 152 | // but it's only available from openssl-1.1.0 (which we do not |
| 153 | 153 | // want to require just for that one thing). |
| 154 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 154 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 155 | 155 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 156 | 156 | $output = []; |
| 157 | 157 | $return = 999; |
@@ -159,11 +159,11 @@ discard block |
||
| 159 | 159 | if ($return !== 0) { |
| 160 | 160 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 161 | 161 | } |
| 162 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 162 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 163 | 163 | // remove the temp dir! |
| 164 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 165 | - unlink($tempdir . "/index.txt.attr"); |
|
| 166 | - unlink($tempdir . "/index.txt"); |
|
| 164 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 165 | + unlink($tempdir."/index.txt.attr"); |
|
| 166 | + unlink($tempdir."/index.txt"); |
|
| 167 | 167 | rmdir($tempdir); |
| 168 | 168 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 169 | 169 | return $ocsp; |
@@ -22,7 +22,7 @@ discard block |
||
| 22 | 22 | ?> |
| 23 | 23 | <?php |
| 24 | 24 | |
| 25 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 25 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 26 | 26 | |
| 27 | 27 | $validator = new \web\lib\common\InputValidation(); |
| 28 | 28 | $idRaw = $_GET["id"] ?? ""; |
@@ -37,7 +37,7 @@ discard block |
||
| 37 | 37 | // Set data type and caching for 30 days |
| 38 | 38 | $info = new finfo(); |
| 39 | 39 | $filetype = $info->buffer($finalBlob, FILEINFO_MIME_TYPE); |
| 40 | - header("Content-type: " . $filetype); |
|
| 40 | + header("Content-type: ".$filetype); |
|
| 41 | 41 | |
| 42 | 42 | switch ($filetype) { |
| 43 | 43 | case "text/rtf": // fall-through, same treatment |
@@ -54,7 +54,7 @@ discard block |
||
| 54 | 54 | header("Cache-Control: must-revalidate"); |
| 55 | 55 | $offset = 60 * 60 * 24 * 30; |
| 56 | 56 | // gmdate can't possibly fail, because it operates on time() and an integer offset |
| 57 | - $ExpStr = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT"; |
|
| 57 | + $ExpStr = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT"; |
|
| 58 | 58 | header($ExpStr); |
| 59 | 59 | // Print out the image |
| 60 | 60 | echo $finalBlob; |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | $admin = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_INT); |
| 24 | 24 | $sp = filter_input(INPUT_GET, 'sp', FILTER_VALIDATE_INT); |
| 25 | 25 | $givenRealm = filter_input(INPUT_GET, 'realm', FILTER_SANITIZE_STRING); |
@@ -35,7 +35,7 @@ discard block |
||
| 35 | 35 | unset($q_el[$idx]); |
| 36 | 36 | $q_r = preg_replace("/\?.*/", "", $_SERVER['REQUEST_URI']); |
| 37 | 37 | if (count($q_el)) { |
| 38 | - $q_r = $q_r . '?' . implode('&', $q_el); |
|
| 38 | + $q_r = $q_r.'?'.implode('&', $q_el); |
|
| 39 | 39 | } |
| 40 | 40 | $_SERVER['REQUEST_URI'] = $q_r; |
| 41 | 41 | } |
@@ -44,11 +44,11 @@ discard block |
||
| 44 | 44 | $auth->authenticate(); |
| 45 | 45 | } |
| 46 | 46 | if (isset($_SESSION['admin_diag_auth'])) { |
| 47 | - $admin = 1; |
|
| 47 | + $admin = 1; |
|
| 48 | 48 | unset($_SESSION['admin_diag_auth']); |
| 49 | 49 | } |
| 50 | 50 | $Gui = new \web\lib\user\Gui(); |
| 51 | 51 | $skinObject = new \web\lib\user\Skinjob($_REQUEST['skin'] ?? $_SESSION['skin'] ?? $fedskin[0] ?? \config\Master::APPEARANCE['skins'][0]); |
| 52 | -require "../skins/" . $skinObject->skin . "/diag/diag.php"; |
|
| 52 | +require "../skins/".$skinObject->skin."/diag/diag.php"; |
|
| 53 | 53 | |
| 54 | 54 | |
@@ -9,7 +9,7 @@ discard block |
||
| 9 | 9 | * ****************************************************************************** |
| 10 | 10 | */ |
| 11 | 11 | |
| 12 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 12 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 13 | 13 | |
| 14 | 14 | $auth = new \web\lib\admin\Authentication(); |
| 15 | 15 | $auth->authenticate(); |
@@ -29,31 +29,31 @@ discard block |
||
| 29 | 29 | ?> |
| 30 | 30 | |
| 31 | 31 | <h1><?php $tablecaption = _("User Authentication Records"); echo $tablecaption; ?></h1> |
| 32 | -<p><?php echo _("Note that:");?></p> |
|
| 32 | +<p><?php echo _("Note that:"); ?></p> |
|
| 33 | 33 | <ul> |
| 34 | - <li><?php echo _("Authentication records are deleted after six months retention time");?></li> |
|
| 35 | - <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots");?></li> |
|
| 36 | - <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems");?></li> |
|
| 34 | + <li><?php echo _("Authentication records are deleted after six months retention time"); ?></li> |
|
| 35 | + <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots"); ?></li> |
|
| 36 | + <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems"); ?></li> |
|
| 37 | 37 | </ul> |
| 38 | 38 | <table class='authrecord'> |
| 39 | - <caption><?php echo $tablecaption;?></caption> |
|
| 39 | + <caption><?php echo $tablecaption; ?></caption> |
|
| 40 | 40 | <tr> |
| 41 | - <th scope="col"><strong><?php echo _("Timestamp");?></strong></th> |
|
| 42 | - <th scope="col"><strong><?php echo _("Credential");?></strong></th> |
|
| 43 | - <th scope="col"><strong><?php echo _("MAC Address");?></strong></th> |
|
| 44 | - <th scope="col"><strong><?php echo _("Result");?></strong></th> |
|
| 45 | - <th scope="col"><strong><?php echo _("Operator Domain");?></strong></th> |
|
| 41 | + <th scope="col"><strong><?php echo _("Timestamp"); ?></strong></th> |
|
| 42 | + <th scope="col"><strong><?php echo _("Credential"); ?></strong></th> |
|
| 43 | + <th scope="col"><strong><?php echo _("MAC Address"); ?></strong></th> |
|
| 44 | + <th scope="col"><strong><?php echo _("Result"); ?></strong></th> |
|
| 45 | + <th scope="col"><strong><?php echo _("Operator Domain"); ?></strong></th> |
|
| 46 | 46 | </tr> |
| 47 | 47 | <?php |
| 48 | 48 | $userAuthData = $profile->getUserAuthRecords($userInt); |
| 49 | 49 | foreach ($userAuthData as $oneRecord) { |
| 50 | - echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail" )."'>" |
|
| 50 | + echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail")."'>" |
|
| 51 | 51 | . "<td>".$oneRecord['TIMESTAMP']."</td>" |
| 52 | 52 | // $oneRecord['CN'] is a simple string, not an array, so disable Scrutinizer type check here |
| 53 | - . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'],"@"))."</td>" |
|
| 53 | + . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'], "@"))."</td>" |
|
| 54 | 54 | . "<td>".$oneRecord['MAC']."</td>" |
| 55 | 55 | . "<td>".($oneRecord['RESULT'] == "Access-Accept" ? _("Success") : _("Failure"))."</td>" |
| 56 | - . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)",1)."</td>" |
|
| 56 | + . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)", 1)."</td>" |
|
| 57 | 57 | . "</tr>"; |
| 58 | 58 | } |
| 59 | 59 | ?> |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,29 +66,29 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw); |
| 77 | - if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate)|| $rootParsed === FALSE) { |
|
| 77 | + if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate) || $rootParsed === FALSE) { |
|
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly (or not a PHP8 resource)!"); |
| 79 | 79 | } |
| 80 | 80 | $this->issuingCert = $issuingCertCandidate; |
| 81 | 81 | |
| 82 | 82 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 83 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 83 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | } |
| 85 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 85 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 86 | 86 | if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) { |
| 87 | 87 | throw new Exception("The private key did not parse correctly (or not a PHP8 resource)!"); |
| 88 | 88 | } |
| 89 | 89 | $this->issuingKey = $issuingKeyTemp; |
| 90 | 90 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 91 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 91 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 92 | 92 | } |
| 93 | 93 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 94 | 94 | } |
@@ -131,27 +131,27 @@ discard block |
||
| 131 | 131 | // generate stub index.txt file |
| 132 | 132 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 133 | 133 | $tempdir = $tempdirArray['dir']; |
| 134 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 135 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 134 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 135 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 136 | 136 | // serials for our CA are always integers |
| 137 | 137 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 138 | 138 | if (strlen($serialHex) % 2 == 1) { |
| 139 | - $serialHex = "0" . $serialHex; |
|
| 139 | + $serialHex = "0".$serialHex; |
|
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 142 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 143 | 143 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 144 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 144 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 145 | 145 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 146 | 146 | } |
| 147 | 147 | // index.txt.attr is dull but needs to exist |
| 148 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 148 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 149 | 149 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 150 | 150 | // adding "-rmd sha1" to the following command-line makes the |
| 151 | 151 | // choice of signature algorithm for the response explicit |
| 152 | 152 | // but it's only available from openssl-1.1.0 (which we do not |
| 153 | 153 | // want to require just for that one thing). |
| 154 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 154 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 155 | 155 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 156 | 156 | $output = []; |
| 157 | 157 | $return = 999; |
@@ -159,11 +159,11 @@ discard block |
||
| 159 | 159 | if ($return !== 0) { |
| 160 | 160 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 161 | 161 | } |
| 162 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 162 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 163 | 163 | // remove the temp dir! |
| 164 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 165 | - unlink($tempdir . "/index.txt.attr"); |
|
| 166 | - unlink($tempdir . "/index.txt"); |
|
| 164 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 165 | + unlink($tempdir."/index.txt.attr"); |
|
| 166 | + unlink($tempdir."/index.txt"); |
|
| 167 | 167 | rmdir($tempdir); |
| 168 | 168 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 169 | 169 | return $ocsp; |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * License: see the web/copyright.inc.php file in the file structure or |
| 20 | 20 | * <base_url>/copyright.php after deploying the software |
| 21 | 21 | */ |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | $languageInstance = new \core\common\Language(); |
| 24 | 24 | $languageInstance->setTextDomain("diagnostics"); |
| 25 | 25 | $loggerInstance = new \core\common\Logging(); |
@@ -61,43 +61,43 @@ discard block |
||
| 61 | 61 | $select = "<div id='sp_abuse_problem'> |
| 62 | 62 | <select style='margin-left: 0px;' id='select_sp_problem'>"; |
| 63 | 63 | foreach ($sp_problem as $pname => $pdesc) { |
| 64 | - $select = $select . "<option value='$pname'>$pdesc</option>\n"; |
|
| 64 | + $select = $select."<option value='$pname'>$pdesc</option>\n"; |
|
| 65 | 65 | } |
| 66 | - $select = $select . "</select></div>"; |
|
| 66 | + $select = $select."</select></div>"; |
|
| 67 | 67 | $res = " |
| 68 | 68 | <input type='hidden' name='token' id='token' value=''> |
| 69 | 69 | <input type='hidden' name='tests_result' id='tests_result' value=''> |
| 70 | 70 | <table id='sp_questions'> |
| 71 | 71 | <tr id='sp_problem_selector'> |
| 72 | - <td>" . _("Select your problem") . "</td> |
|
| 72 | + <td>" . _("Select your problem")."</td> |
|
| 73 | 73 | <td>$select</td> |
| 74 | 74 | </tr> |
| 75 | 75 | <tr> |
| 76 | - <td>" . _("What is the realm of the IdP in question?") . "</td> |
|
| 76 | + <td>"._("What is the realm of the IdP in question?")."</td> |
|
| 77 | 77 | <td> |
| 78 | 78 | <input type='text' name='admin_realm' id='admin_realm' value='$realmFromURL'> |
| 79 | - <button class='diag_button' id='realm_in_db_admin' style='display: none;' accesskey='R' type='button'>" . |
|
| 80 | - _("Check this realm") . |
|
| 79 | + <button class='diag_button' id='realm_in_db_admin' style='display: none;' accesskey='R' type='button'>". |
|
| 80 | + _("Check this realm"). |
|
| 81 | 81 | "</button> |
| 82 | 82 | <div id='tests_info_area'></div> |
| 83 | 83 | </td> |
| 84 | 84 | </tr> |
| 85 | 85 | <tr class='hidden_row'> |
| 86 | - <td>" . _("What is the authentication timestamp of the user session in question?") . "</td> |
|
| 86 | + <td>" . _("What is the authentication timestamp of the user session in question?")."</td> |
|
| 87 | 87 | <td><input type='text' id='timestamp' name='timestamp'> |
| 88 | 88 | <div id='datepicker'></div> |
| 89 | 89 | </td> |
| 90 | 90 | </tr> |
| 91 | 91 | <tr class='hidden_row'> |
| 92 | - <td>" . _("What is the MAC address of the user session in question?") . "</td> |
|
| 92 | + <td>" . _("What is the MAC address of the user session in question?")."</td> |
|
| 93 | 93 | <td><input type='text' id='mac' name='mac'></td> |
| 94 | 94 | </tr> |
| 95 | 95 | <tr class='hidden_row'> |
| 96 | - <td>" . _("Additional comments") . "</td> |
|
| 96 | + <td>" . _("Additional comments")."</td> |
|
| 97 | 97 | <td><textarea id='freetext' name='freetext' cols='60' rows='5'></textarea></td> |
| 98 | 98 | </tr> |
| 99 | 99 | <tr class='hidden_row'> |
| 100 | - <td>" . _("Please specify an email address on which the IdP can contact you") . "</td> |
|
| 100 | + <td>" . _("Please specify an email address on which the IdP can contact you")."</td> |
|
| 101 | 101 | <td><input type='text' id='email' name='email'></td> |
| 102 | 102 | </tr> |
| 103 | 103 | <tr> |
@@ -105,82 +105,82 @@ discard block |
||
| 105 | 105 | <td></td> |
| 106 | 106 | </tr> |
| 107 | 107 | <tr class='hidden_row' id='send_query_to_idp'> |
| 108 | - <td>" . _("Now you can send your query") . "</td> |
|
| 109 | - <td><button type='submit' class='diag_button' id='submit_idp_query' name='go'>" . _("Send") . "</button></td> |
|
| 108 | + <td>" . _("Now you can send your query")."</td> |
|
| 109 | + <td><button type='submit' class='diag_button' id='submit_idp_query' name='go'>" . _("Send")."</button></td> |
|
| 110 | 110 | </tr> |
| 111 | 111 | </table>"; |
| 112 | - $res = $res . $javascript; |
|
| 112 | + $res = $res.$javascript; |
|
| 113 | 113 | } |
| 114 | 114 | if ($queryType == 'idp') { |
| 115 | 115 | $select = "<div id='idp_reported_problem' style='display:;'> |
| 116 | 116 | <select style='margin-left:0px;' id='select_idp_problem'>"; |
| 117 | 117 | foreach ($idp_problem as $pname => $pdesc) { |
| 118 | - $select = $select . "<option value='$pname'>$pdesc</option>\n"; |
|
| 118 | + $select = $select."<option value='$pname'>$pdesc</option>\n"; |
|
| 119 | 119 | } |
| 120 | - $select = $select . "</select></div>"; |
|
| 120 | + $select = $select."</select></div>"; |
|
| 121 | 121 | $res = " |
| 122 | 122 | <table id='idp_questions'> |
| 123 | 123 | <tr> |
| 124 | - <td>" . _("Select your problem") . "</td> |
|
| 124 | + <td>" . _("Select your problem")."</td> |
|
| 125 | 125 | <td>$select</td> |
| 126 | 126 | </tr> |
| 127 | 127 | <tr> |
| 128 | - <td>" . _("Identify the SP by one of following means") . "</td> |
|
| 128 | + <td>"._("Identify the SP by one of following means")."</td> |
|
| 129 | 129 | <td></td> |
| 130 | 130 | </tr> |
| 131 | 131 | <tr id='by_opname'> |
| 132 | - <td>" . _("SP Operator-Name attribute") . "</td> |
|
| 132 | + <td>" . _("SP Operator-Name attribute")."</td> |
|
| 133 | 133 | <td><input type='text' id='opname' name='opname' value=''></td> |
| 134 | 134 | </tr> |
| 135 | 135 | <tr id='spmanually'> |
| 136 | - <td>" . _("Select the SP manually:") . "</td> |
|
| 136 | + <td>" . _("Select the SP manually:")."</td> |
|
| 137 | 137 | <td> |
| 138 | 138 | <div id='select_asp_country'><a href='' id='asp_countries_list'> |
| 139 | - <span id='opnameselect'>" . _("click to select country and organisation") . "</a></span> |
|
| 139 | + <span id='opnameselect'>" . _("click to select country and organisation")."</a></span> |
|
| 140 | 140 | </div> |
| 141 | 141 | <div id='select_asp_area'></div> |
| 142 | 142 | </td> |
| 143 | 143 | </tr> |
| 144 | 144 | <tr id='asp_desc' style='display: none;'> |
| 145 | - <td>" . _("or") . ' ' . _("at least describe the SP location") . "</td> |
|
| 145 | + <td>" . _("or").' '._("at least describe the SP location")."</td> |
|
| 146 | 146 | <td><input type='text' id='asp_location' name='asp_location' value=''></td> |
| 147 | 147 | </tr> |
| 148 | 148 | <tr> |
| 149 | - <td>" . _("What is the outer ID of the user session in question?") . "</td> |
|
| 149 | + <td>" . _("What is the outer ID of the user session in question?")."</td> |
|
| 150 | 150 | <td><input type='text' id='outer_id' name='outer_id' value=''></td> |
| 151 | 151 | </tr> |
| 152 | 152 | <tr> |
| 153 | - <td>" . _("What is the authentication timestamp of the user session in question?") . "</td> |
|
| 153 | + <td>" . _("What is the authentication timestamp of the user session in question?")."</td> |
|
| 154 | 154 | <td> |
| 155 | 155 | <input type='text' id='timestamp' name='timestamp'> |
| 156 | 156 | <div id='datepicker'></div> |
| 157 | 157 | </td> |
| 158 | 158 | </tr> |
| 159 | 159 | <tr> |
| 160 | - <td>" . _("What is the MAC address of the user session in question?") . "</td> |
|
| 160 | + <td>" . _("What is the MAC address of the user session in question?")."</td> |
|
| 161 | 161 | <td><input type='text' id='mac' name='mac'></td> |
| 162 | 162 | </tr> |
| 163 | 163 | <tr> |
| 164 | - <td>" . _("Additional comments about the problem") . "</td> |
|
| 164 | + <td>" . _("Additional comments about the problem")."</td> |
|
| 165 | 165 | <td><textarea id='freetext' name='freetext' cols='60' rows='5'></textarea></td> |
| 166 | 166 | </tr> |
| 167 | 167 | <tr> |
| 168 | - <td>" . _("Do you have any contact details by which the user wishes to be contacted by the SP?") . "</td> |
|
| 168 | + <td>" . _("Do you have any contact details by which the user wishes to be contacted by the SP?")."</td> |
|
| 169 | 169 | <td><textarea id='c_details' name='c_details' cols='60' rows='5'></textarea></td> |
| 170 | 170 | </tr> |
| 171 | 171 | <tr> |
| 172 | - <td>" . _("Please specify an email address on which the SP can contact you") . "</td> |
|
| 172 | + <td>" . _("Please specify an email address on which the SP can contact you")."</td> |
|
| 173 | 173 | <td><input type='text' id='email' name='email'></td> |
| 174 | 174 | </tr> |
| 175 | 175 | <tr class='hidden_row' id='send_query_to_sp'> |
| 176 | - <td>" . _("Now you can send your query") . "</td> |
|
| 177 | - <td><button type='submit' class='diag_button' id='submit_sp_query' name='go'>" . _("Send") . "</button></td> |
|
| 176 | + <td>" . _("Now you can send your query")."</td> |
|
| 177 | + <td><button type='submit' class='diag_button' id='submit_sp_query' name='go'>" . _("Send")."</button></td> |
|
| 178 | 178 | </tr> |
| 179 | 179 | </table>"; |
| 180 | - $res = $res . $javascript; |
|
| 180 | + $res = $res.$javascript; |
|
| 181 | 181 | } |
| 182 | 182 | if ($queryType == 'idp_send' || $queryType == 'sp_send') { |
| 183 | - include_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 183 | + include_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 184 | 184 | $cat = new \core\CAT(); |
| 185 | 185 | $returnArray = array(); |
| 186 | 186 | if (count((array) $o) > 0) { |
@@ -189,8 +189,8 @@ discard block |
||
| 189 | 189 | switch ($key) { |
| 190 | 190 | case 'realm': |
| 191 | 191 | $pos = strpos($value, '@'); |
| 192 | - if ($pos !== FALSE ) { |
|
| 193 | - $value = substr($value, $pos+1); |
|
| 192 | + if ($pos !== FALSE) { |
|
| 193 | + $value = substr($value, $pos + 1); |
|
| 194 | 194 | } |
| 195 | 195 | case 'email': |
| 196 | 196 | $returnArray[$key] = filter_var($value, FILTER_VALIDATE_EMAIL); |
@@ -231,7 +231,7 @@ discard block |
||
| 231 | 231 | $mail = \core\common\OutsideComm::mailHandle(); |
| 232 | 232 | $emails = ['[email protected]']; |
| 233 | 233 | //$emails = explode(',', $returnArray['idpcontact']); |
| 234 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Notification System"; |
|
| 234 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Notification System"; |
|
| 235 | 235 | foreach ($emails as $email) { |
| 236 | 236 | $mail->addAddress($email); |
| 237 | 237 | } |
@@ -241,11 +241,11 @@ discard block |
||
| 241 | 241 | } else { |
| 242 | 242 | $link = 'http://'; |
| 243 | 243 | } |
| 244 | - $link .= $_SERVER['SERVER_NAME'] . \core\CAT::getRootUrlPath() . '/diag/show_realmcheck.php?token=' . $returnArray['token']; |
|
| 244 | + $link .= $_SERVER['SERVER_NAME'].\core\CAT::getRootUrlPath().'/diag/show_realmcheck.php?token='.$returnArray['token']; |
|
| 245 | 245 | $returnArray['testurl'] = $link; |
| 246 | 246 | $mail->Subject = _('Suspected a technical problem with the IdP'); |
| 247 | - $txt = _("We suspect a technical problem with the IdP handling the realm") . ' ' . |
|
| 248 | - $returnArray['realm'] . ".\n"; |
|
| 247 | + $txt = _("We suspect a technical problem with the IdP handling the realm").' '. |
|
| 248 | + $returnArray['realm'].".\n"; |
|
| 249 | 249 | $txt .= _("The CAT diagnostic test was run for this realm during reporting.\n"); |
| 250 | 250 | $txt .= _("The overall result was "); |
| 251 | 251 | if ($returnArray['tests_result'] == 0) { |
@@ -253,15 +253,15 @@ discard block |
||
| 253 | 253 | } else { |
| 254 | 254 | $txt .= _("failure"); |
| 255 | 255 | } |
| 256 | - $txt .= ".\n" . _("To see details go to "); |
|
| 256 | + $txt .= ".\n"._("To see details go to "); |
|
| 257 | 257 | $txt .= "$link\n\n"; |
| 258 | - $txt .= _("The reported problem details are as follows") . "\n"; |
|
| 259 | - $txt .= _("timestamp") . ": " . $returnArray['timestamp'] . "\n"; |
|
| 260 | - $txt .= _("client MAC address") . ": " . $returnArray['mac'] . "\n"; |
|
| 258 | + $txt .= _("The reported problem details are as follows")."\n"; |
|
| 259 | + $txt .= _("timestamp").": ".$returnArray['timestamp']."\n"; |
|
| 260 | + $txt .= _("client MAC address").": ".$returnArray['mac']."\n"; |
|
| 261 | 261 | if ($returnArray['freetext']) { |
| 262 | - $txt .= _("additional comments") . ': ' . $returnArray['freetext'] . "\n"; |
|
| 262 | + $txt .= _("additional comments").': '.$returnArray['freetext']."\n"; |
|
| 263 | 263 | } |
| 264 | - $txt .= "\n" . _("You can contact the incident reporter at") . ' ' . $returnArray['email']; |
|
| 264 | + $txt .= "\n"._("You can contact the incident reporter at").' '.$returnArray['email']; |
|
| 265 | 265 | |
| 266 | 266 | $mail->Body = $txt; |
| 267 | 267 | $sent = $mail->send(); |
@@ -1,22 +1,22 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 2 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 3 | 3 | /** |
| 4 | 4 | * check if URL responds with 200 |
| 5 | 5 | * |
| 6 | 6 | * @param string $srv server name |
| 7 | 7 | * @return integer or NULL |
| 8 | 8 | */ |
| 9 | -function checkConfigRADIUSDaemon ($srv) { |
|
| 9 | +function checkConfigRADIUSDaemon($srv) { |
|
| 10 | 10 | $ch = curl_init(); |
| 11 | 11 | if ($ch === FALSE) { |
| 12 | 12 | return NULL; |
| 13 | 13 | } |
| 14 | 14 | $timeout = 10; |
| 15 | - curl_setopt ( $ch, CURLOPT_URL, $srv ); |
|
| 16 | - curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 ); |
|
| 17 | - curl_setopt ( $ch, CURLOPT_TIMEOUT, $timeout ); |
|
| 15 | + curl_setopt($ch, CURLOPT_URL, $srv); |
|
| 16 | + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
|
| 17 | + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); |
|
| 18 | 18 | curl_exec($ch); |
| 19 | - $http_code = curl_getinfo( $ch, CURLINFO_HTTP_CODE ); |
|
| 19 | + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); |
|
| 20 | 20 | curl_close($ch); |
| 21 | 21 | if ($http_code == 200) { |
| 22 | 22 | return 1; |
@@ -53,8 +53,8 @@ discard block |
||
| 53 | 53 | } |
| 54 | 54 | $siteStatus = array(); |
| 55 | 55 | foreach (array_keys($brokenDeployments) as $server_id) { |
| 56 | - print "check $server_id " . $radiusSite[$server_id] . "\n"; |
|
| 57 | - $siteStatus[$server_id] = checkConfigRADIUSDaemon('http://' . $radiusSite[$server_id]); |
|
| 56 | + print "check $server_id ".$radiusSite[$server_id]."\n"; |
|
| 57 | + $siteStatus[$server_id] = checkConfigRADIUSDaemon('http://'.$radiusSite[$server_id]); |
|
| 58 | 58 | if ($siteStatus[$server_id]) { |
| 59 | 59 | echo "\ncheck radius\n"; |
| 60 | 60 | echo \config\Diagnostics::RADIUSSPTEST['port']."\n"; |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 168 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 169 | 169 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 170 | 170 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 171 | 171 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 253 | 253 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 254 | 254 | } |
| 255 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 256 | 256 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 257 | 257 | } |
| 258 | 258 | } |
@@ -278,7 +278,7 @@ discard block |
||
| 278 | 278 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 279 | 279 | $returnarray[] = $probValue; |
| 280 | 280 | } |
| 281 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 281 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 282 | 282 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 283 | 283 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 284 | 284 | } |
@@ -326,7 +326,7 @@ discard block |
||
| 326 | 326 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 327 | 327 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 328 | 328 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 329 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 329 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 330 | 330 | if ($clientcert === FALSE) { |
| 331 | 331 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 332 | 332 | } |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 336 | 336 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 337 | 337 | } |
| 338 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 357 | 357 | } |
| 358 | 358 | // first and second sub-match is the full URL... check it |
| 359 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2])); |
|
| 359 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2])); |
|
| 360 | 360 | if ($crlcontent === FALSE) { |
| 361 | 361 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 362 | 362 | } |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 372 | 372 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 373 | 373 | |
| 374 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 374 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 375 | 375 | $descriptorspec = [ |
| 376 | 376 | 0 => ["pipe", "r"], |
| 377 | 377 | 1 => ["pipe", "w"], |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $origLength = strlen($hex); |
| 410 | 410 | for ($i = 1; $i < $origLength; $i++) { |
| 411 | 411 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 412 | - $spaced .= $hex[$i] . " "; |
|
| 412 | + $spaced .= $hex[$i]." "; |
|
| 413 | 413 | } else { |
| 414 | 414 | $spaced .= $hex[$i]; |
| 415 | 415 | } |
@@ -534,19 +534,19 @@ discard block |
||
| 534 | 534 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 535 | 535 | $config = ' |
| 536 | 536 | network={ |
| 537 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 537 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 538 | 538 | key_mgmt=WPA-EAP |
| 539 | 539 | proto=WPA2 |
| 540 | 540 | pairwise=CCMP |
| 541 | 541 | group=CCMP |
| 542 | 542 | '; |
| 543 | 543 | // phase 1 |
| 544 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 544 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 545 | 545 | $logConfig = $config; |
| 546 | 546 | // phase 2 if applicable; all inner methods have passwords |
| 547 | 547 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 548 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 549 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 548 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 549 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 550 | 550 | } |
| 551 | 551 | // all methods set a password, except EAP-TLS |
| 552 | 552 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -562,11 +562,11 @@ discard block |
||
| 562 | 562 | } |
| 563 | 563 | |
| 564 | 564 | // inner identity |
| 565 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 566 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 565 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 566 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 567 | 567 | // outer identity, may be equal |
| 568 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 569 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 568 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 569 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 570 | 570 | // done |
| 571 | 571 | $config .= "}"; |
| 572 | 572 | $logConfig .= "}"; |
@@ -627,13 +627,13 @@ discard block |
||
| 627 | 627 | * @return string the command-line for eapol_test |
| 628 | 628 | */ |
| 629 | 629 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 630 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 631 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 632 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 633 | - " -o serverchain.pem" . |
|
| 634 | - " -c ./udp_login_test.conf" . |
|
| 635 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 636 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 630 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 631 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 632 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 633 | + " -o serverchain.pem". |
|
| 634 | + " -c ./udp_login_test.conf". |
|
| 635 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 636 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 637 | 637 | if ($opName) { |
| 638 | 638 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 639 | 639 | } |
@@ -662,10 +662,10 @@ discard block |
||
| 662 | 662 | * @throws Exception |
| 663 | 663 | */ |
| 664 | 664 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 665 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 665 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 666 | 666 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 667 | 667 | } |
| 668 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 668 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 669 | 669 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 670 | 670 | } |
| 671 | 671 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -679,15 +679,15 @@ discard block |
||
| 679 | 679 | } |
| 680 | 680 | if ($decoded['ca'] == 1) { |
| 681 | 681 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 682 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 683 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 682 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 683 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 684 | 684 | $catRoots[] = $decoded['pem']; |
| 685 | 685 | } else { // save the intermediates to allcerts directory |
| 686 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 686 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 687 | 687 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 688 | 688 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 689 | 689 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 690 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 690 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 691 | 691 | } |
| 692 | 692 | $catIntermediates[] = $decoded['pem']; |
| 693 | 693 | } |
@@ -696,26 +696,26 @@ discard block |
||
| 696 | 696 | // save all intermediate certificates and CRLs to separate files in |
| 697 | 697 | // both root-ca directories |
| 698 | 698 | foreach ($eapIntermediates as $index => $onePem) { |
| 699 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 701 | 701 | } |
| 702 | 702 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 703 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 703 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 705 | 705 | } |
| 706 | 706 | |
| 707 | 707 | $checkstring = ""; |
| 708 | 708 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 709 | 709 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 710 | 710 | $checkstring = "-crl_check_all"; |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
| 716 | 716 | // now c_rehash the root CA directory ... |
| 717 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 717 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 719 | 719 | return $checkstring; |
| 720 | 720 | } |
| 721 | 721 | |
@@ -747,12 +747,12 @@ discard block |
||
| 747 | 747 | // so test if there's something PEMy in the file at all |
| 748 | 748 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 749 | 749 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 750 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 751 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 752 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 753 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 754 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 755 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 750 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 751 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 752 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 753 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 754 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 755 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 756 | 756 | } |
| 757 | 757 | |
| 758 | 758 | // now we do certificate verification against the collected parents |
@@ -817,7 +817,7 @@ discard block |
||
| 817 | 817 | // we are UNHAPPY if no names match! |
| 818 | 818 | $happiness = "UNHAPPY"; |
| 819 | 819 | foreach ($this->expectedServerNames as $expectedName) { |
| 820 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 820 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 821 | 821 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 822 | 822 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 823 | 823 | $happiness = "TOTALLY"; |
@@ -861,11 +861,11 @@ discard block |
||
| 861 | 861 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 862 | 862 | // the config intentionally does not include CA checking. We do this |
| 863 | 863 | // ourselves after getting the chain with -o. |
| 864 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 864 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 865 | 865 | |
| 866 | 866 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 867 | 867 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 868 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 868 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 869 | 869 | $time_start = microtime(true); |
| 870 | 870 | $pflow = []; |
| 871 | 871 | exec($cmdline, $pflow); |
@@ -874,7 +874,7 @@ discard block |
||
| 874 | 874 | } |
| 875 | 875 | $time_stop = microtime(true); |
| 876 | 876 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 877 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 877 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 878 | 878 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 879 | 879 | return [ |
| 880 | 880 | "time" => ($time_stop - $time_start) * 1000, |
@@ -910,7 +910,7 @@ discard block |
||
| 910 | 910 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 911 | 911 | array_pop($packetflow); |
| 912 | 912 | } |
| 913 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 913 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 914 | 914 | $packetcount = array_count_values($packetflow); |
| 915 | 915 | $testresults['packetcount'] = $packetcount; |
| 916 | 916 | $testresults['packetflow'] = $packetflow; |
@@ -950,7 +950,7 @@ discard block |
||
| 950 | 950 | */ |
| 951 | 951 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) { |
| 952 | 952 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 953 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 953 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 954 | 954 | if ($negotiatedTlsVersion === FALSE) { |
| 955 | 955 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 956 | 956 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1008,7 +1008,7 @@ discard block |
||
| 1008 | 1008 | |
| 1009 | 1009 | $x509 = new \core\common\X509(); |
| 1010 | 1010 | // $eap_certarray holds all certs received in EAP conversation |
| 1011 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1011 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1012 | 1012 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1013 | 1013 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1014 | 1014 | } else { |
@@ -1039,10 +1039,10 @@ discard block |
||
| 1039 | 1039 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1040 | 1040 | $servercert[] = $cert; |
| 1041 | 1041 | if (count($servercert) == 1) { |
| 1042 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1042 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1043 | 1043 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1044 | 1044 | } |
| 1045 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1045 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1046 | 1046 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1047 | 1047 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1048 | 1048 | } |
@@ -1112,7 +1112,7 @@ discard block |
||
| 1112 | 1112 | public function autodetectCAWithProbe($outerId) { |
| 1113 | 1113 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 1114 | 1114 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 1115 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 1115 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 1116 | 1116 | if ($clientcert === FALSE) { |
| 1117 | 1117 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 1118 | 1118 | } |
@@ -1127,7 +1127,7 @@ discard block |
||
| 1127 | 1127 | $tmpDir = $temporary['dir']; |
| 1128 | 1128 | chdir($tmpDir); |
| 1129 | 1129 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1130 | - file_put_contents($tmpDir . "/client.p12", $clientcert); |
|
| 1130 | + file_put_contents($tmpDir."/client.p12", $clientcert); |
|
| 1131 | 1131 | $testresults = ['cert_oddities' => []]; |
| 1132 | 1132 | $runtime_results = $this->executeEapolTest($tmpDir, $probeindex, \core\common\EAP::EAPTYPE_ANY, $outerId, $outerId, "eaplab", FALSE, FALSE); |
| 1133 | 1133 | $packetflow_orig = $runtime_results['output']; |
@@ -1143,8 +1143,7 @@ discard block |
||
| 1143 | 1143 | // that's not the case if we do EAP-pwd or could not negotiate an EAP method at |
| 1144 | 1144 | // all |
| 1145 | 1145 | // in that case: no server CA guess possible |
| 1146 | - if (! |
|
| 1147 | - ($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1146 | + if (!($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1148 | 1147 | ) { |
| 1149 | 1148 | return RADIUSTests::RETVAL_INVALID; |
| 1150 | 1149 | } |
@@ -1183,7 +1182,7 @@ discard block |
||
| 1183 | 1182 | // trust, and custom ones we may have configured |
| 1184 | 1183 | $ourRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-custom']); |
| 1185 | 1184 | $mozillaRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-mozilla']); |
| 1186 | - $allRoots = $x509->splitCertificate($ourRoots . "\n" . $mozillaRoots); |
|
| 1185 | + $allRoots = $x509->splitCertificate($ourRoots."\n".$mozillaRoots); |
|
| 1187 | 1186 | foreach ($allRoots as $oneRoot) { |
| 1188 | 1187 | $processedRoot = $x509->processCertificate($oneRoot); |
| 1189 | 1188 | if ($processedRoot['full_details']['subject'] == $currentHighestKnownIssuer) { |
@@ -1225,7 +1224,7 @@ discard block |
||
| 1225 | 1224 | chdir($tmpDir); |
| 1226 | 1225 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1227 | 1226 | if ($clientcertdata !== NULL) { |
| 1228 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1227 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1229 | 1228 | } |
| 1230 | 1229 | $testresults = []; |
| 1231 | 1230 | // initialise the sub-array for cleaner parsing |
@@ -1330,7 +1329,7 @@ discard block |
||
| 1330 | 1329 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1331 | 1330 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1332 | 1331 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1333 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1332 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1334 | 1333 | 'sha1' => $certdata['sha1'], |
| 1335 | 1334 | 'extensions' => $certdata['extensions'] |
| 1336 | 1335 | ]; |
