GEANT /
CAT
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | public function divSilverbullet() { |
| 125 | 125 | $retval = " |
| 126 | 126 | <div id='silverbullet'>" |
| 127 | - .$this->Gui->textTemplates->templates[user\SB_GO_AWAY] . |
|
| 127 | + .$this->Gui->textTemplates->templates[user\SB_GO_AWAY]. |
|
| 128 | 128 | "</div> |
| 129 | 129 | "; |
| 130 | 130 | return $retval; |
@@ -222,7 +222,7 @@ discard block |
||
| 222 | 222 | <div id='profiles'> <!-- this is the profile selection filled during run time --> |
| 223 | 223 | <div id='profiles_h' class='sub_h'>".$this->Gui->textTemplates->templates[user\PROFILE_SELECTION]." |
| 224 | 224 | </div>" . |
| 225 | - "<select id='profile_list'></select><div id='profile_desc' class='profile_desc'></div>" . |
|
| 225 | + "<select id='profile_list'></select><div id='profile_desc' class='profile_desc'></div>". |
|
| 226 | 226 | "</div>"; |
| 227 | 227 | } |
| 228 | 228 | |
@@ -250,7 +250,7 @@ discard block |
||
| 250 | 250 | public function divInstitution($selectButton = TRUE) { |
| 251 | 251 | $retval = "<div id='institution_name'> |
| 252 | 252 | <span id='inst_name_span'></span> <div id='inst_extra_text'></div><!-- this will be filled with the IdP name -->" . |
| 253 | - ($selectButton ? "<a id='select_another' class='signin' href=\"\">".$this->Gui->textTemplates->templates[user\INSTITUTION_SELECTION]."</a>" : "") . |
|
| 253 | + ($selectButton ? "<a id='select_another' class='signin' href=\"\">".$this->Gui->textTemplates->templates[user\INSTITUTION_SELECTION]."</a>" : ""). |
|
| 254 | 254 | "</div>"; |
| 255 | 255 | $retval .= $this->emptyImage('idp_logo', 'IdP Logo'); |
| 256 | 256 | return $retval; |
@@ -112,7 +112,7 @@ discard block |
||
| 112 | 112 | */ |
| 113 | 113 | public function prefilledOptionTable(string $attributePrefix, $fed) |
| 114 | 114 | { |
| 115 | - $retval = "<table id='expandable_$attributePrefix" . "_options'>"; |
|
| 115 | + $retval = "<table id='expandable_$attributePrefix"."_options'>"; |
|
| 116 | 116 | |
| 117 | 117 | $prepopulate = []; |
| 118 | 118 | foreach ($this->listOfOptions as $existingAttribute) { |
@@ -120,7 +120,7 @@ discard block |
||
| 120 | 120 | $prepopulate[] = $existingAttribute; |
| 121 | 121 | } |
| 122 | 122 | } |
| 123 | - if (is_array($prepopulate) && ( count($prepopulate) > 0 || $attributePrefix == "device-specific" || $attributePrefix == "eap-specific" )) { // editing... fill with values |
|
| 123 | + if (is_array($prepopulate) && (count($prepopulate) > 0 || $attributePrefix == "device-specific" || $attributePrefix == "eap-specific")) { // editing... fill with values |
|
| 124 | 124 | $retval .= $this->addOptionEdit($attributePrefix, $prepopulate); |
| 125 | 125 | } else { |
| 126 | 126 | $retval .= $this->addOptionNew($attributePrefix, $fed); |
@@ -153,7 +153,7 @@ discard block |
||
| 153 | 153 | $optiontypearray = $optioninfo->optionType($option['name']); |
| 154 | 154 | $loggerInstance = new \core\common\Logging(); |
| 155 | 155 | $loggerInstance->debug(5, "About to execute optiontext with PREFILL!\n"); |
| 156 | - $retval .= $this->optiontext([$option['name']], ($optiontypearray["type"] == "file" ? 'ROWID-' . $option['level'] . '-' . $option['row'] : $option['value']), $option['lang']); |
|
| 156 | + $retval .= $this->optiontext([$option['name']], ($optiontypearray["type"] == "file" ? 'ROWID-'.$option['level'].'-'.$option['row'] : $option['value']), $option['lang']); |
|
| 157 | 157 | } |
| 158 | 158 | } |
| 159 | 159 | return $retval; |
@@ -252,18 +252,18 @@ discard block |
||
| 252 | 252 | } |
| 253 | 253 | $descriptions["media:force_proxy"] = sprintf(_("The format of this option is: IPv4|IPv6|hostname:port . Forcing your users through a content filter of your own is a significant invasion of user self-determination. It also has technical issues. Please throughly read the discussion at %s before specifying a proxy with this option. This feature is currently experimental and only has an effect in Apple installers."), "https://github.com/GEANT/CAT/issues/96"); |
| 254 | 254 | $descriptions["managedsp:realmforvlan"] = sprintf(_("If you are also using %s, then your own realm is automatically tagged with the VLAN you choose, there is no need to add it here manually."), \core\ProfileSilverbullet::PRODUCTNAME); |
| 255 | - $descriptions["media:openroaming"] = sprintf(_("By opting in to OpenRoaming, you agree to be bound by the %s."), "eduroam Ecosystem Broker OpenRoaming Identity Provider Policy") . |
|
| 256 | - " " . |
|
| 257 | - sprintf(_("Note that your requirement to inform users about the OpenRoaming End User Terms and Conditions is fulfilled when directing your end users to the %s download portal for installer download. Any other means of providing the installers needs to present this information via its own channel."), \config\Master::APPEARANCE['productname']) . |
|
| 258 | - " " . |
|
| 259 | - _("You are also aware that for best technical interoperability, you need to add a DNS entry into the DNS zone of your RADIUS realm.") . |
|
| 260 | - " " . |
|
| 255 | + $descriptions["media:openroaming"] = sprintf(_("By opting in to OpenRoaming, you agree to be bound by the %s."), "eduroam Ecosystem Broker OpenRoaming Identity Provider Policy"). |
|
| 256 | + " ". |
|
| 257 | + sprintf(_("Note that your requirement to inform users about the OpenRoaming End User Terms and Conditions is fulfilled when directing your end users to the %s download portal for installer download. Any other means of providing the installers needs to present this information via its own channel."), \config\Master::APPEARANCE['productname']). |
|
| 258 | + " ". |
|
| 259 | + _("You are also aware that for best technical interoperability, you need to add a DNS entry into the DNS zone of your RADIUS realm."). |
|
| 260 | + " ". |
|
| 261 | 261 | _("Read the instructions in the wiki."); |
| 262 | 262 | \core\common\Entity::outOfThePotatoes(); |
| 263 | 263 | if (!isset($descriptions[$input])) { |
| 264 | 264 | return ""; |
| 265 | 265 | } |
| 266 | - return "<span class='tooltip' id='S$rowid-tooltip-$input' style='display:" . ($isVisible ? "block" : "none") . "' onclick='alert(\"" . $descriptions[$input] . "\")'><img src='../resources/images/icons/question-mark-icon.png" . "'></span>"; |
|
| 266 | + return "<span class='tooltip' id='S$rowid-tooltip-$input' style='display:".($isVisible ? "block" : "none")."' onclick='alert(\"".$descriptions[$input]."\")'><img src='../resources/images/icons/question-mark-icon.png"."'></span>"; |
|
| 267 | 267 | } |
| 268 | 268 | |
| 269 | 269 | /** |
@@ -277,19 +277,19 @@ discard block |
||
| 277 | 277 | private function selectElement($rowid, $list) |
| 278 | 278 | { |
| 279 | 279 | $jsmagic = "onchange=' |
| 280 | - if (/#ML#/.test(document.getElementById(\"option-S" . $rowid . "-select\").value)) { |
|
| 280 | + if (/#ML#/.test(document.getElementById(\"option-S" . $rowid."-select\").value)) { |
|
| 281 | 281 | document.getElementById(\"S$rowid-input-langselect\").style.display = \"block\"; |
| 282 | 282 | } else { |
| 283 | 283 | document.getElementById(\"S$rowid-input-langselect\").style.display = \"none\"; |
| 284 | 284 | }"; |
| 285 | 285 | foreach (array_keys($this->htmlDatatypeTexts) as $key) { |
| 286 | - $jsmagic .= "if (/#" . $key . "#/.test(document.getElementById(\"option-S" . $rowid . "-select\").value)) { |
|
| 287 | - document.getElementById(\"S$rowid-input-file\").style.display = \"" . ($key == \core\Options::TYPECODE_FILE ? "block" : "none") . "\"; |
|
| 288 | - document.getElementById(\"S$rowid-input-text\").style.display = \"" . ($key == \core\Options::TYPECODE_TEXT ? "block" : "none") . "\"; |
|
| 289 | - document.getElementById(\"S$rowid-input-string\").style.display = \"" . ($key == \core\Options::TYPECODE_STRING ? "block" : "none") . "\"; |
|
| 290 | - document.getElementById(\"S$rowid-input-enum_openroaming\").style.display = \"" . ($key == \core\Options::TYPECODE_ENUM_OPENROAMING ? "block" : "none") . "\"; |
|
| 291 | - document.getElementById(\"S$rowid-input-boolean\").style.display = \"" . ($key == \core\Options::TYPECODE_BOOLEAN ? "block" : "none") . "\"; |
|
| 292 | - document.getElementById(\"S$rowid-input-integer\").style.display = \"" . ($key == \core\Options::TYPECODE_INTEGER ? "block" : "none") . "\"; |
|
| 286 | + $jsmagic .= "if (/#".$key."#/.test(document.getElementById(\"option-S".$rowid."-select\").value)) { |
|
| 287 | + document.getElementById(\"S$rowid-input-file\").style.display = \"".($key == \core\Options::TYPECODE_FILE ? "block" : "none")."\"; |
|
| 288 | + document.getElementById(\"S$rowid-input-text\").style.display = \"".($key == \core\Options::TYPECODE_TEXT ? "block" : "none")."\"; |
|
| 289 | + document.getElementById(\"S$rowid-input-string\").style.display = \"".($key == \core\Options::TYPECODE_STRING ? "block" : "none")."\"; |
|
| 290 | + document.getElementById(\"S$rowid-input-enum_openroaming\").style.display = \"".($key == \core\Options::TYPECODE_ENUM_OPENROAMING ? "block" : "none")."\"; |
|
| 291 | + document.getElementById(\"S$rowid-input-boolean\").style.display = \"".($key == \core\Options::TYPECODE_BOOLEAN ? "block" : "none")."\"; |
|
| 292 | + document.getElementById(\"S$rowid-input-integer\").style.display = \"".($key == \core\Options::TYPECODE_INTEGER ? "block" : "none")."\"; |
|
| 293 | 293 | } |
| 294 | 294 | "; |
| 295 | 295 | // hide all tooltips (each is a <span>, and there are no other <span>s) |
@@ -320,7 +320,7 @@ discard block |
||
| 320 | 320 | $value = array_shift($list); |
| 321 | 321 | $listtype = $optioninfo->optionType($value); |
| 322 | 322 | $retval .= $uiElements->displayName($value); |
| 323 | - $retval .= "<input type='hidden' name='option[S$rowid]' value='$value#" . $listtype["type"] . "#" . $listtype["flag"] . "#'/>"; |
|
| 323 | + $retval .= "<input type='hidden' name='option[S$rowid]' value='$value#".$listtype["type"]."#".$listtype["flag"]."#'/>"; |
|
| 324 | 324 | $activelisttype = $listtype; |
| 325 | 325 | $tooltips = $this->tooltip($rowid, $value, TRUE); |
| 326 | 326 | break; |
@@ -328,7 +328,7 @@ discard block |
||
| 328 | 328 | $retval .= "<select id='option-S$rowid-select' name='option[S$rowid]' $jsmagic>"; |
| 329 | 329 | foreach ($list as $value) { |
| 330 | 330 | $listtype = $optioninfo->optionType($value); |
| 331 | - $retval .= "<option id='option-S$rowid-v-$value' value='$value#" . $listtype["type"] . "#" . $listtype["flag"] . "#' "; |
|
| 331 | + $retval .= "<option id='option-S$rowid-v-$value' value='$value#".$listtype["type"]."#".$listtype["flag"]."#' "; |
|
| 332 | 332 | if ($iterator == $this->optionIterator) { |
| 333 | 333 | $retval .= "selected='selected'"; |
| 334 | 334 | $activelisttype = $listtype; |
@@ -336,7 +336,7 @@ discard block |
||
| 336 | 336 | } else { |
| 337 | 337 | $tooltips .= $this->tooltip($rowid, $value, FALSE); |
| 338 | 338 | } |
| 339 | - $retval .= ">" . $uiElements->displayName($value) . "</option>"; |
|
| 339 | + $retval .= ">".$uiElements->displayName($value)."</option>"; |
|
| 340 | 340 | $iterator++; |
| 341 | 341 | } |
| 342 | 342 | |
@@ -362,9 +362,9 @@ discard block |
||
| 362 | 362 | private function selectLanguage($rowid, $makeVisible) |
| 363 | 363 | { |
| 364 | 364 | \core\common\Entity::intoThePotatoes(); |
| 365 | - $retval = "<select style='display:" . ($makeVisible ? "block" : "none") . "' name='value[S$rowid-lang]' id='S" . $rowid . "-input-langselect'> |
|
| 366 | - <option value='' name='select_language' selected>" . _("select language") . "</option> |
|
| 367 | - <option value='C' name='all_languages'>" . _("default/other languages") . "</option>"; |
|
| 365 | + $retval = "<select style='display:".($makeVisible ? "block" : "none")."' name='value[S$rowid-lang]' id='S".$rowid."-input-langselect'> |
|
| 366 | + <option value='' name='select_language' selected>" . _("select language")."</option> |
|
| 367 | + <option value='C' name='all_languages'>" . _("default/other languages")."</option>"; |
|
| 368 | 368 | foreach (\config\Master::LANGUAGES as $langindex => $possibleLang) { |
| 369 | 369 | $thislang = $possibleLang['display']; |
| 370 | 370 | $retval .= "<option value='$langindex' name='$langindex'>$thislang</option>"; |
@@ -385,7 +385,7 @@ discard block |
||
| 385 | 385 | { |
| 386 | 386 | $retval = ""; |
| 387 | 387 | foreach ($this->htmlDatatypeTexts as $key => $type) { |
| 388 | - $retval .= "<" . $type['html'] . " style='display:" . ($activetype['type'] == $key ? "block" : "none") . "' name='value[S$rowid-$key]' id='S" . $rowid . "-input-" . $key . "'" . $type['tail'] . ">"; |
|
| 388 | + $retval .= "<".$type['html']." style='display:".($activetype['type'] == $key ? "block" : "none")."' name='value[S$rowid-$key]' id='S".$rowid."-input-".$key."'".$type['tail'].">"; |
|
| 389 | 389 | } |
| 390 | 390 | return $retval; |
| 391 | 391 | } |
@@ -401,11 +401,11 @@ discard block |
||
| 401 | 401 | { |
| 402 | 402 | // first column: the <select> element with the names of options and their field-toggling JS magic |
| 403 | 403 | $selectorInfo = $this->selectElement($rowid, $list); |
| 404 | - $retval = "<td>" . $selectorInfo["TEXT"] . "</td>"; |
|
| 404 | + $retval = "<td>".$selectorInfo["TEXT"]."</td>"; |
|
| 405 | 405 | // second column: the <select> element for language selection - only visible if the active option is multi-lang |
| 406 | - $retval .= "<td>" . $this->selectLanguage($rowid, $selectorInfo['ACTIVE']['flag'] == "ML") . "</td>"; |
|
| 406 | + $retval .= "<td>".$this->selectLanguage($rowid, $selectorInfo['ACTIVE']['flag'] == "ML")."</td>"; |
|
| 407 | 407 | // third column: the actual input fields; the data type of the active option is visible, all others hidden |
| 408 | - $retval .= "<td>" . $this->inputFields($rowid, $selectorInfo['ACTIVE']) . "</td>"; |
|
| 408 | + $retval .= "<td>".$this->inputFields($rowid, $selectorInfo['ACTIVE'])."</td>"; |
|
| 409 | 409 | return $retval; |
| 410 | 410 | } |
| 411 | 411 | |
@@ -429,20 +429,20 @@ discard block |
||
| 429 | 429 | $retval .= "<td>"; |
| 430 | 430 | $uiElements = new UIElements(); |
| 431 | 431 | $listtype = $optioninfo->optionType($optionName); |
| 432 | - $retval .= "<span style='display:flex;'>" . $uiElements->displayName($optionName); |
|
| 433 | - $retval .= $this->tooltip($rowid, $optionName, TRUE) . "</span>"; |
|
| 434 | - $retval .= "<input type='hidden' id='option-S$rowid-select' name='option[S$rowid]' value='$optionName#" . $listtype["type"] . "#" . $listtype["flag"] . "#' ></td>"; |
|
| 432 | + $retval .= "<span style='display:flex;'>".$uiElements->displayName($optionName); |
|
| 433 | + $retval .= $this->tooltip($rowid, $optionName, TRUE)."</span>"; |
|
| 434 | + $retval .= "<input type='hidden' id='option-S$rowid-select' name='option[S$rowid]' value='$optionName#".$listtype["type"]."#".$listtype["flag"]."#' ></td>"; |
|
| 435 | 435 | |
| 436 | 436 | // language tag if any |
| 437 | 437 | $retval .= "<td>"; |
| 438 | 438 | if ($listtype["flag"] == "ML") { |
| 439 | 439 | |
| 440 | - $language = "(" . strtoupper($optionLang) . ")"; |
|
| 440 | + $language = "(".strtoupper($optionLang).")"; |
|
| 441 | 441 | if ($optionLang == 'C') { |
| 442 | 442 | $language = _("(default/other languages)"); |
| 443 | 443 | } |
| 444 | 444 | $retval .= $language; |
| 445 | - $retval .= "<input type='hidden' name='value[S$rowid-lang]' id='S" . $rowid . "-input-langselect' value='" . $optionLang . "' style='display:block'>"; |
|
| 445 | + $retval .= "<input type='hidden' name='value[S$rowid-lang]' id='S".$rowid."-input-langselect' value='".$optionLang."' style='display:block'>"; |
|
| 446 | 446 | } |
| 447 | 447 | $retval .= "</td>"; |
| 448 | 448 | // attribute content |
@@ -452,12 +452,12 @@ discard block |
||
| 452 | 452 | case \core\Options::TYPECODE_COORDINATES: |
| 453 | 453 | $this->allLocationCount = $this->allLocationCount + 1; |
| 454 | 454 | // display of the locations varies by map provider |
| 455 | - $classname = "\web\lib\admin\Map" . \config\ConfAssistant::MAPPROVIDER['PROVIDER']; |
|
| 455 | + $classname = "\web\lib\admin\Map".\config\ConfAssistant::MAPPROVIDER['PROVIDER']; |
|
| 456 | 456 | $link = $classname::optionListDisplayCode($optionValue, $this->allLocationCount); |
| 457 | - $retval .= "<input readonly style='display:none' type='text' name='value[S$rowid-" . \core\Options::TYPECODE_TEXT . "]' id='S$rowid-input-text' value='$optionValue'>$link"; |
|
| 457 | + $retval .= "<input readonly style='display:none' type='text' name='value[S$rowid-".\core\Options::TYPECODE_TEXT."]' id='S$rowid-input-text' value='$optionValue'>$link"; |
|
| 458 | 458 | break; |
| 459 | 459 | case \core\Options::TYPECODE_FILE: |
| 460 | - $retval .= "<input readonly type='text' name='value[S$rowid-" . \core\Options::TYPECODE_STRING . "]' id='S" . $rowid . "-input-string' style='display:none' value='" . urlencode($optionValue) . "'>"; |
|
| 460 | + $retval .= "<input readonly type='text' name='value[S$rowid-".\core\Options::TYPECODE_STRING."]' id='S".$rowid."-input-string' style='display:none' value='".urlencode($optionValue)."'>"; |
|
| 461 | 461 | $uiElements = new UIElements(); |
| 462 | 462 | switch ($optionName) { |
| 463 | 463 | case "eap:ca_file": |
@@ -479,7 +479,7 @@ discard block |
||
| 479 | 479 | break; |
| 480 | 480 | case \core\Options::TYPECODE_ENUM_OPENROAMING: // is a string after all |
| 481 | 481 | $displayedVariant = $this->enumPrettyPrints[$optionValue]; |
| 482 | - $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-" . $listtype['type'] . "]' id='S" . $rowid . "-input-" . $listtype["type"] . "' value=\"" . htmlspecialchars($optionValue) . "\" style='display:block'>"; |
|
| 482 | + $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-".$listtype['type']."]' id='S".$rowid."-input-".$listtype["type"]."' value=\"".htmlspecialchars($optionValue)."\" style='display:block'>"; |
|
| 483 | 483 | break; |
| 484 | 484 | case \core\Options::TYPECODE_STRING: |
| 485 | 485 | // fall-thorugh is intentional; mostly identical HTML code for the three types |
@@ -487,11 +487,11 @@ discard block |
||
| 487 | 487 | // fall-thorugh is intentional; mostly identical HTML code for the three types |
| 488 | 488 | case \core\Options::TYPECODE_TEXT: |
| 489 | 489 | $displayedVariant = $optionValue; // for all three types, value tag and actual display are identical |
| 490 | - $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-" . $listtype['type'] . "]' id='S" . $rowid . "-input-" . $listtype["type"] . "' value=\"" . htmlspecialchars($optionValue) . "\" style='display:block'>"; |
|
| 490 | + $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-".$listtype['type']."]' id='S".$rowid."-input-".$listtype["type"]."' value=\"".htmlspecialchars($optionValue)."\" style='display:block'>"; |
|
| 491 | 491 | break; |
| 492 | 492 | case \core\Options::TYPECODE_BOOLEAN: |
| 493 | 493 | $displayedVariant = ($optionValue == "on" ? _("on") : _("off")); |
| 494 | - $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-" . $listtype['type'] . "]' id='S" . $rowid . "-input-" . $listtype["type"] . "' value=\"" . htmlspecialchars($optionValue) . "\" style='display:block'>"; |
|
| 494 | + $retval .= "<strong>$displayedVariant</strong><input type='hidden' name='value[S$rowid-".$listtype['type']."]' id='S".$rowid."-input-".$listtype["type"]."' value=\"".htmlspecialchars($optionValue)."\" style='display:block'>"; |
|
| 495 | 495 | break; |
| 496 | 496 | default: |
| 497 | 497 | // this should never happen! |
@@ -537,10 +537,10 @@ discard block |
||
| 537 | 537 | <td> |
| 538 | 538 | <button type='button' class='delete' onclick='"; |
| 539 | 539 | if ($prefillValue !== NULL && $item == "general:geo_coordinates") { |
| 540 | - $funcname = "Map" . \config\ConfAssistant::MAPPROVIDER['PROVIDER'] . 'DeleteCoord'; |
|
| 541 | - $retval .= 'if (typeof ' . $funcname . ' === "function") { ' . $funcname . '(' . $this->allLocationCount . '); } '; |
|
| 540 | + $funcname = "Map".\config\ConfAssistant::MAPPROVIDER['PROVIDER'].'DeleteCoord'; |
|
| 541 | + $retval .= 'if (typeof '.$funcname.' === "function") { '.$funcname.'('.$this->allLocationCount.'); } '; |
|
| 542 | 542 | } |
| 543 | - $retval .= 'deleteOption("option-S' . $rowid . '")'; |
|
| 543 | + $retval .= 'deleteOption("option-S'.$rowid.'")'; |
|
| 544 | 544 | $retval .= "'>-</button> |
| 545 | 545 | </td> |
| 546 | 546 | </tr>"; |
@@ -166,27 +166,27 @@ discard block |
||
| 166 | 166 | { |
| 167 | 167 | // it could match CN or sAN:DNS, we don't care which |
| 168 | 168 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 169 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against Subject: "); |
|
| 169 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against Subject: "); |
|
| 170 | 170 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
| 171 | 171 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 172 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 172 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 173 | 173 | return TRUE; |
| 174 | 174 | } |
| 175 | 175 | } |
| 176 | 176 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 177 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 177 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 178 | 178 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 179 | 179 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 180 | 180 | if (!is_array($testNames)) { |
| 181 | 181 | $testNames = [$testNames]; |
| 182 | 182 | } |
| 183 | 183 | foreach ($testNames as $oneName) { |
| 184 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 184 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 185 | 185 | return TRUE; |
| 186 | 186 | } |
| 187 | 187 | } |
| 188 | 188 | } |
| 189 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 189 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 190 | 190 | |
| 191 | 191 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 192 | 192 | return FALSE; |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 217 | 217 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 219 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 219 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 220 | 220 | if (!isset($this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k])) { |
| 221 | 221 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 222 | 222 | } |
@@ -261,11 +261,11 @@ discard block |
||
| 261 | 261 | // but code analysers want this more explicit, so here is this extra |
| 262 | 262 | // call to escapeshellarg() |
| 263 | 263 | $escapedHost = escapeshellarg($host); |
| 264 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -tls1 -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 264 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -tls1 -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 265 | 265 | $time_start = microtime(true); |
| 266 | 266 | $opensslbabble = []; |
| 267 | 267 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 268 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -no_ssl3 -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 268 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -no_ssl3 -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 269 | 269 | $time_stop = microtime(true); |
| 270 | 270 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 271 | 271 | $testresults['returncode'] = $result; |
@@ -44,8 +44,8 @@ discard block |
||
| 44 | 44 | $operatingSystem = $Gui->detectOS(); |
| 45 | 45 | $Gui->loggerInstance->debug(4, $operatingSystem); |
| 46 | 46 | if ($operatingSystem) { |
| 47 | - print "recognisedOS = '".$operatingSystem['device'] . "';\n"; |
|
| 48 | - print "recognisedOShs20 = '".$operatingSystem['hs20'] . "';\n"; |
|
| 47 | + print "recognisedOS = '".$operatingSystem['device']."';\n"; |
|
| 48 | + print "recognisedOShs20 = '".$operatingSystem['hs20']."';\n"; |
|
| 49 | 49 | $vendorlogo = $Gui->skinObject->findResourceUrl("IMAGES", "vendorlogo/"); |
| 50 | 50 | if ($vendorlogo !== FALSE) { |
| 51 | 51 | print "vendorlogo = '$vendorlogo';\n"; |
@@ -54,7 +54,7 @@ discard block |
||
| 54 | 54 | } |
| 55 | 55 | } |
| 56 | 56 | |
| 57 | -print 'downloadMessage = "'.$Gui->textTemplates->templates[\web\lib\user\DOWNLOAD_MESSAGE] . '";'; |
|
| 57 | +print 'downloadMessage = "'.$Gui->textTemplates->templates[\web\lib\user\DOWNLOAD_MESSAGE].'";'; |
|
| 58 | 58 | //TODO modify this based on OS detection |
| 59 | 59 | $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ""; |
| 60 | 60 | if (preg_match('/Android/', $userAgent)) { |
@@ -83,7 +83,7 @@ discard block |
||
| 83 | 83 | <?php echo $divs->divHeading($visibility); ?> |
| 84 | 84 | <div id="main_page"> |
| 85 | 85 | <div id="loading_ico"> |
| 86 | - <?php echo _("Authenticating") . "..." ?><br><img src="<?php echo $Gui->skinObject->findResourceUrl("IMAGES", "icons/loading51.gif"); ?>" alt="Authenticating ..."/> |
|
| 86 | + <?php echo _("Authenticating")."..." ?><br><img src="<?php echo $Gui->skinObject->findResourceUrl("IMAGES", "icons/loading51.gif"); ?>" alt="Authenticating ..."/> |
|
| 87 | 87 | </div> |
| 88 | 88 | <div id="info_overlay"> <!-- device info --> |
| 89 | 89 | <div id="info_window"></div> |
@@ -115,12 +115,12 @@ discard block |
||
| 115 | 115 | $this->name = $this->languageInstance->getLocalisedValue($this->getAttributes('general:instname')); |
| 116 | 116 | $eligibility = $this->eligibility(); |
| 117 | 117 | if (in_array(IdP::ELIGIBILITY_IDP, $eligibility) && in_array(IdP::ELIGIBILITY_SP, $eligibility)) { |
| 118 | - $eligType = IdP::TYPE_IDPSP . ""; |
|
| 118 | + $eligType = IdP::TYPE_IDPSP.""; |
|
| 119 | 119 | $this->type = $eligType; |
| 120 | 120 | } elseif (in_array(IdP::ELIGIBILITY_IDP, $eligibility)) { |
| 121 | - $eligType = IdP::TYPE_IDP . ""; |
|
| 121 | + $eligType = IdP::TYPE_IDP.""; |
|
| 122 | 122 | } else { |
| 123 | - $eligType = IdP::TYPE_SP . ""; |
|
| 123 | + $eligType = IdP::TYPE_SP.""; |
|
| 124 | 124 | } |
| 125 | 125 | $this->type = $eligType; |
| 126 | 126 | $this->loggerInstance->debug(3, "--- END Constructing new IdP object ... ---\n"); |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | */ |
| 135 | 135 | public function listProfiles(bool $activeOnly = FALSE) |
| 136 | 136 | { |
| 137 | - $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier" . ($activeOnly ? " AND showtime = 1" : ""); |
|
| 137 | + $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier".($activeOnly ? " AND showtime = 1" : ""); |
|
| 138 | 138 | $allProfiles = $this->databaseHandle->exec($query); |
| 139 | 139 | $returnarray = []; |
| 140 | 140 | // SELECT -> resource, not boolean |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | $returnarray[] = $oneProfile; |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - $this->loggerInstance->debug(4, "listProfiles: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 147 | + $this->loggerInstance->debug(4, "listProfiles: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 148 | 148 | return $returnarray; |
| 149 | 149 | } |
| 150 | 150 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | */ |
| 157 | 157 | public function listDeployments(bool $activeOnly = FALSE) |
| 158 | 158 | { |
| 159 | - $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier" . ($activeOnly ? " AND status = " . AbstractDeployment::ACTIVE : ""); |
|
| 159 | + $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier".($activeOnly ? " AND status = ".AbstractDeployment::ACTIVE : ""); |
|
| 160 | 160 | $allDeployments = $this->databaseHandle->exec($query); |
| 161 | 161 | $returnarray = []; |
| 162 | 162 | // SELECT -> resource, not boolean |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | $returnarray[] = new DeploymentManaged($this, $deploymentQuery->deployment_id); |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | - $this->loggerInstance->debug(4, "listDeployments: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 167 | + $this->loggerInstance->debug(4, "listDeployments: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 168 | 168 | return $returnarray; |
| 169 | 169 | } |
| 170 | 170 | |
@@ -197,7 +197,7 @@ discard block |
||
| 197 | 197 | $allProfiles = $this->databaseHandle->exec("SELECT MIN(openroaming) AS maxlevel FROM profile WHERE inst_id = $this->identifier"); |
| 198 | 198 | // SELECT yields a resource, not a boolean |
| 199 | 199 | while ($res = mysqli_fetch_object(/** @scrutinizer ignore-type */ $allProfiles)) { |
| 200 | - return (is_numeric($res->maxlevel) ? (int)$res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO ); // insts without profiles should get a "NO" |
|
| 200 | + return (is_numeric($res->maxlevel) ? (int) $res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO); // insts without profiles should get a "NO" |
|
| 201 | 201 | } |
| 202 | 202 | return AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO; |
| 203 | 203 | } |
@@ -331,7 +331,7 @@ discard block |
||
| 331 | 331 | case AbstractProfile::PROFILETYPE_SILVERBULLET: |
| 332 | 332 | $theProfile = new ProfileSilverbullet($identifier, $this); |
| 333 | 333 | $theProfile->addSupportedEapMethod(new \core\common\EAP(\core\common\EAP::EAPTYPE_SILVERBULLET), 1); |
| 334 | - $theProfile->setRealm($this->identifier . "-" . $theProfile->identifier . "." . strtolower($this->federation) . strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 334 | + $theProfile->setRealm($this->identifier."-".$theProfile->identifier.".".strtolower($this->federation).strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 335 | 335 | return $theProfile; |
| 336 | 336 | default: |
| 337 | 337 | throw new Exception("This type of profile is unknown and can not be added."); |
@@ -473,7 +473,7 @@ discard block |
||
| 473 | 473 | public function getExternalDBId() |
| 474 | 474 | { |
| 475 | 475 | if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
| 476 | - $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = " . self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 476 | + $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = ".self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 477 | 477 | // SELECT -> it's a resource, not a boolean |
| 478 | 478 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $idQuery) == 0) { |
| 479 | 479 | return FALSE; |
@@ -539,16 +539,16 @@ discard block |
||
| 539 | 539 | } |
| 540 | 540 | foreach ($baseline as $lang => $value) { |
| 541 | 541 | if (!key_exists($lang, $newvalues)) { |
| 542 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] DELETED"; |
|
| 542 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] DELETED"; |
|
| 543 | 543 | } else { |
| 544 | 544 | if ($value != $newvalues[$lang]) { |
| 545 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] CHANGED from '" . $baseline[$lang] . "' to '" . $newvalues[$lang] . "'"; |
|
| 545 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] CHANGED from '".$baseline[$lang]."' to '".$newvalues[$lang]."'"; |
|
| 546 | 546 | } |
| 547 | 547 | } |
| 548 | 548 | } |
| 549 | 549 | foreach ($newvalues as $lang => $value) { |
| 550 | 550 | if (!key_exists($lang, $baseline)) { |
| 551 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] ADDED as '" . $value . "'"; |
|
| 551 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] ADDED as '".$value."'"; |
|
| 552 | 552 | } |
| 553 | 553 | } |
| 554 | 554 | return $retval; |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | $cryptoJson = openssl_encrypt($clearJson, 'AES-256-CBC', $encryptionKey, OPENSSL_RAW_DATA, $initVector); |
| 122 | 122 | $hmac = hash_hmac("sha1", $cryptoJson, $encryptionKey, TRUE); |
| 123 | 123 | |
| 124 | - $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = " . $password . "\nb(IV) = " . base64_encode($initVector) . "\nb(Cipher) = " . base64_encode($cryptoJson) . "\nb(HMAC) = " . base64_encode($hmac)); |
|
| 124 | + $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = ".$password."\nb(IV) = ".base64_encode($initVector)."\nb(Cipher) = ".base64_encode($cryptoJson)."\nb(HMAC) = ".base64_encode($hmac)); |
|
| 125 | 125 | |
| 126 | 126 | // now, generate the container that holds all the crypto data |
| 127 | 127 | $finalArray = [ |
@@ -195,7 +195,7 @@ discard block |
||
| 195 | 195 | private function wiredBlock($eapdetails) |
| 196 | 196 | { |
| 197 | 197 | return [ |
| 198 | - "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet") . "}", |
|
| 198 | + "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet")."}", |
|
| 199 | 199 | "Name" => "eduroam configuration (wired network)", |
| 200 | 200 | "Remove" => false, |
| 201 | 201 | "Type" => "Ethernet", |
@@ -236,7 +236,7 @@ discard block |
||
| 236 | 236 | // if silverbullet, we deliver the client cert inline |
| 237 | 237 | |
| 238 | 238 | if ($selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 239 | - $eaparray['ClientCertRef'] = "[" . $this->clientCert['GUID'] . "]"; |
|
| 239 | + $eaparray['ClientCertRef'] = "[".$this->clientCert['GUID']."]"; |
|
| 240 | 240 | $eaparray['ClientCertType'] = "Ref"; |
| 241 | 241 | } |
| 242 | 242 | |
@@ -271,7 +271,7 @@ discard block |
||
| 271 | 271 | $jsonArray = ["Type" => "UnencryptedConfiguration"]; |
| 272 | 272 | |
| 273 | 273 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
| 274 | - $caRefs[] = "{" . $ca['uuid'] . "}"; |
|
| 274 | + $caRefs[] = "{".$ca['uuid']."}"; |
|
| 275 | 275 | } |
| 276 | 276 | // define CA certificates |
| 277 | 277 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
@@ -281,15 +281,15 @@ discard block |
||
| 281 | 281 | if ($caSanitized1 === FALSE) { |
| 282 | 282 | throw new Exception("Error cropping PEM data at its BEGIN marker."); |
| 283 | 283 | } |
| 284 | - $this->loggerInstance->debug(4, $caSanitized1 . "\n"); |
|
| 284 | + $this->loggerInstance->debug(4, $caSanitized1."\n"); |
|
| 285 | 285 | // remove \n |
| 286 | 286 | $caSanitized = str_replace("\n", "", $caSanitized1); |
| 287 | - $jsonArray["Certificates"][] = ["GUID" => "{" . $ca['uuid'] . "}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 288 | - $this->loggerInstance->debug(3, $caSanitized . "\n"); |
|
| 287 | + $jsonArray["Certificates"][] = ["GUID" => "{".$ca['uuid']."}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 288 | + $this->loggerInstance->debug(3, $caSanitized."\n"); |
|
| 289 | 289 | } |
| 290 | 290 | // if we are doing silverbullet, include the unencrypted(!) P12 as a client certificate |
| 291 | 291 | if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 292 | - $jsonArray["Certificates"][] = ["GUID" => "[" . $this->clientCert['GUID'] . "]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 292 | + $jsonArray["Certificates"][] = ["GUID" => "[".$this->clientCert['GUID']."]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 293 | 293 | } |
| 294 | 294 | $eaparray = $this->eapBlock($caRefs); |
| 295 | 295 | // define Wi-Fi networks |
@@ -312,7 +312,7 @@ discard block |
||
| 312 | 312 | |
| 313 | 313 | file_put_contents('installer_profile', $finalJson); |
| 314 | 314 | |
| 315 | - $fileName = $this->installerBasename . '.onc'; |
|
| 315 | + $fileName = $this->installerBasename.'.onc'; |
|
| 316 | 316 | |
| 317 | 317 | if (!$this->sign) { |
| 318 | 318 | rename("installer_profile", $fileName); |
@@ -323,7 +323,7 @@ discard block |
||
| 323 | 323 | // have the notion of signing |
| 324 | 324 | // but if they ever change their mind, we are prepared |
| 325 | 325 | |
| 326 | - $outputFromSigning = system($this->sign . " installer_profile '$fileName' > /dev/null"); |
|
| 326 | + $outputFromSigning = system($this->sign." installer_profile '$fileName' > /dev/null"); |
|
| 327 | 327 | if ($outputFromSigning === FALSE) { |
| 328 | 328 | $this->loggerInstance->debug(2, "Signing the ONC installer $fileName FAILED!\n"); |
| 329 | 329 | } |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | protected function setSupportedEapMethods($eapArray) |
| 87 | 87 | { |
| 88 | 88 | $this->supportedEapMethods = $eapArray; |
| 89 | - $this->loggerInstance->debug(4, "This device (" . __CLASS__ . ") supports the following EAP methods: "); |
|
| 89 | + $this->loggerInstance->debug(4, "This device (".__CLASS__.") supports the following EAP methods: "); |
|
| 90 | 90 | $this->loggerInstance->debug(4, $this->supportedEapMethods); |
| 91 | 91 | } |
| 92 | 92 | |
@@ -460,7 +460,7 @@ discard block |
||
| 460 | 460 | return $baseName.$inst.'-'.$prof; |
| 461 | 461 | } |
| 462 | 462 | } |
| 463 | - return $baseName . $inst; |
|
| 463 | + return $baseName.$inst; |
|
| 464 | 464 | } |
| 465 | 465 | |
| 466 | 466 | /** |
@@ -590,7 +590,7 @@ discard block |
||
| 590 | 590 | // only add network blocks if their respective condition is met in this profile |
| 591 | 591 | if ($netDetails['condition'] === TRUE || (isset($this->attributes[$netDetails['condition']]) && $this->attributes[$netDetails['condition']] === TRUE)) { |
| 592 | 592 | $networks[$netName] = $netDetails; |
| 593 | - $this->loggerInstance->debug(5,$netName, "\nAdding network: "); |
|
| 593 | + $this->loggerInstance->debug(5, $netName, "\nAdding network: "); |
|
| 594 | 594 | } |
| 595 | 595 | } |
| 596 | 596 | // add locally defined SSIDs |
@@ -17,9 +17,9 @@ discard block |
||
| 17 | 17 | class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 18 | 18 | { |
| 19 | 19 | |
| 20 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 20 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 23 | 23 | private const EDUPKI_RA_ID = 700; |
| 24 | 24 | private const EDUPKI_CERT_PROFILE = "User SOAP"; |
| 25 | 25 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -35,13 +35,13 @@ discard block |
||
| 35 | 35 | parent::__construct(); |
| 36 | 36 | |
| 37 | 37 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) { |
| 38 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 38 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 39 | 39 | } |
| 40 | 40 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) { |
| 41 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 41 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 42 | 42 | } |
| 43 | 43 | if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) { |
| 44 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 44 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
@@ -75,19 +75,19 @@ discard block |
||
| 75 | 75 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 76 | 76 | try { |
| 77 | 77 | $altArray = [# Array mit den Subject Alternative Names |
| 78 | - "email:" . $csr["USERNAME"] |
|
| 78 | + "email:".$csr["USERNAME"] |
|
| 79 | 79 | ]; |
| 80 | 80 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 81 | 81 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 82 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n"); |
|
| 83 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 82 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n"); |
|
| 83 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 84 | 84 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 85 | 85 | $this->loggerInstance->debug(5, $altArray); |
| 86 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n"); |
|
| 87 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 88 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 89 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n"); |
|
| 90 | - $this->loggerInstance->debug(5, "PARAM_8: " . \config\ConfAssistant::SILVERBULLET['product_name'] . "\n"); |
|
| 86 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n"); |
|
| 87 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 88 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 89 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n"); |
|
| 90 | + $this->loggerInstance->debug(5, "PARAM_8: ".\config\ConfAssistant::SILVERBULLET['product_name']."\n"); |
|
| 91 | 91 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 92 | 92 | $soapNewRequest = $soapPub->newRequest( |
| 93 | 93 | CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID |
@@ -109,11 +109,11 @@ discard block |
||
| 109 | 109 | } catch (Exception $e) { |
| 110 | 110 | // PHP 7.1 can do this much better |
| 111 | 111 | if (is_soap_fault($e)) { |
| 112 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 112 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 113 | 113 | $e->faultstring |
| 114 | 114 | }\n"); |
| 115 | 115 | } |
| 116 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 116 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 117 | 117 | } |
| 118 | 118 | try { |
| 119 | 119 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -125,8 +125,8 @@ discard block |
||
| 125 | 125 | $soapReqnum, [ |
| 126 | 126 | "RaID" => CertificationAuthorityEduPki::EDUPKI_RA_ID, |
| 127 | 127 | "Role" => CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE, |
| 128 | - "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . \config\ConfAssistant::CONSORTIUM['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'], |
|
| 129 | - "SubjectAltNames" => ["email:" . $csr["USERNAME"]], |
|
| 128 | + "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".\config\ConfAssistant::CONSORTIUM['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'], |
|
| 129 | + "SubjectAltNames" => ["email:".$csr["USERNAME"]], |
|
| 130 | 130 | "NotBefore" => (new \DateTime())->format('c'), |
| 131 | 131 | "NotAfter" => $expiry->format('c'), |
| 132 | 132 | ] |
@@ -145,7 +145,7 @@ discard block |
||
| 145 | 145 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 146 | 146 | // rather than just using the string. Grr. |
| 147 | 147 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 148 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 148 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 149 | 149 | // retrieve our RA cert from filesystem |
| 150 | 150 | // the RA certificates are not needed right now because we |
| 151 | 151 | // have resorted to S/MIME signatures with openssl command-line |
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 158 | 158 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 159 | 159 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 160 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 160 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 161 | 161 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 162 | 162 | $output = []; |
| 163 | 163 | $return = 999; |
@@ -166,14 +166,14 @@ discard block |
||
| 166 | 166 | throw new Exception("Non-zero return value from openssl smime!"); |
| 167 | 167 | } |
| 168 | 168 | // and get the signature blob back from the filesystem |
| 169 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 169 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 170 | 170 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 171 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 172 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 173 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 171 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 172 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 173 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 174 | 174 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 175 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 176 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 175 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 176 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 177 | 177 | if ($soapIssueCert === FALSE) { |
| 178 | 178 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 179 | 179 | } |
@@ -210,9 +210,9 @@ discard block |
||
| 210 | 210 | throw new Exception("CAInfo has no root certificate for us!"); |
| 211 | 211 | } |
| 212 | 212 | } catch (SoapFault $e) { |
| 213 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 213 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 214 | 214 | } catch (Exception $e) { |
| 215 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 215 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 216 | 216 | } |
| 217 | 217 | return [ |
| 218 | 218 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -245,12 +245,12 @@ discard block |
||
| 245 | 245 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 246 | 246 | // rather than just using the string. Grr. |
| 247 | 247 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 248 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 248 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 249 | 249 | // retrieve our RA cert from filesystem |
| 250 | 250 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 251 | 251 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 252 | 252 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 253 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 253 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 254 | 254 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 255 | 255 | $output = []; |
| 256 | 256 | $return = 999; |
@@ -259,7 +259,7 @@ discard block |
||
| 259 | 259 | throw new Exception("Non-zero return value from openssl smime!"); |
| 260 | 260 | } |
| 261 | 261 | // and get the signature blob back from the filesystem |
| 262 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 262 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 263 | 263 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 264 | 264 | if ($soapIssueRev === FALSE) { |
| 265 | 265 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -267,9 +267,9 @@ discard block |
||
| 267 | 267 | } catch (Exception $e) { |
| 268 | 268 | // PHP 7.1 can do this much better |
| 269 | 269 | if (is_soap_fault($e)) { |
| 270 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 270 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 271 | 271 | } |
| 272 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 272 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 273 | 273 | } |
| 274 | 274 | } |
| 275 | 275 | |
@@ -369,9 +369,9 @@ discard block |
||
| 369 | 369 | */ |
| 370 | 370 | public function soapToXmlInteger($x) |
| 371 | 371 | { |
| 372 | - return '<' . $x[0] . '>' |
|
| 372 | + return '<'.$x[0].'>' |
|
| 373 | 373 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 374 | - . '</' . $x[0] . '>'; |
|
| 374 | + . '</'.$x[0].'>'; |
|
| 375 | 375 | } |
| 376 | 376 | |
| 377 | 377 | /** |
@@ -390,9 +390,9 @@ discard block |
||
| 390 | 390 | // dump private key into directory |
| 391 | 391 | $outstring = ""; |
| 392 | 392 | openssl_pkey_export($privateKey, $outstring); |
| 393 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 393 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 394 | 394 | // PHP can only do one DC in the Subject. But we need three. |
| 395 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 395 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 396 | 396 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 397 | 397 | $output = []; |
| 398 | 398 | $return = 999; |
@@ -132,20 +132,20 @@ discard block |
||
| 132 | 132 | if ($device == "TOTAL") { |
| 133 | 133 | continue; |
| 134 | 134 | } |
| 135 | - $retstring .= "<tr><td>$device</td><td>" . $numbers['ADMIN'] . "</td><td>" . $numbers['SILVERBULLET'] . "</td><td>" . $numbers['USER'] . "</td></tr>"; |
|
| 135 | + $retstring .= "<tr><td>$device</td><td>".$numbers['ADMIN']."</td><td>".$numbers['SILVERBULLET']."</td><td>".$numbers['USER']."</td></tr>"; |
|
| 136 | 136 | } |
| 137 | - $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>" . $data['TOTAL']['ADMIN'] . "</strong></td><td><strong>" . $data['TOTAL']['SILVERBULLET'] . "</strong></td><td><strong>" . $data['TOTAL']['USER'] . "</strong></td></tr>"; |
|
| 137 | + $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>".$data['TOTAL']['ADMIN']."</strong></td><td><strong>".$data['TOTAL']['SILVERBULLET']."</strong></td><td><strong>".$data['TOTAL']['USER']."</strong></td></tr>"; |
|
| 138 | 138 | break; |
| 139 | 139 | case "XML": |
| 140 | 140 | // the calls to date() operate on current date, so there is no chance for a FALSE to be returned. Silencing scrutinizer. |
| 141 | - $retstring .= "<federation id='$this->tld' ts='" . /** @scrutinizer ignore-type */ date("Y-m-d") . "T" . /** @scrutinizer ignore-type */ date("H:i:s") . "'>\n"; |
|
| 141 | + $retstring .= "<federation id='$this->tld' ts='"./** @scrutinizer ignore-type */ date("Y-m-d")."T"./** @scrutinizer ignore-type */ date("H:i:s")."'>\n"; |
|
| 142 | 142 | foreach ($data as $device => $numbers) { |
| 143 | 143 | if ($device == "TOTAL") { |
| 144 | 144 | continue; |
| 145 | 145 | } |
| 146 | - $retstring .= " <device name='" . $device . "'>\n <downloads group='admin'>" . $numbers['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $numbers['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $numbers['USER'] . "</downloads>\n </device>"; |
|
| 146 | + $retstring .= " <device name='".$device."'>\n <downloads group='admin'>".$numbers['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$numbers['SILVERBULLET']."</downloads>\n <downloads group='user'>".$numbers['USER']."</downloads>\n </device>"; |
|
| 147 | 147 | } |
| 148 | - $retstring .= "<total>\n <downloads group='admin'>" . $data['TOTAL']['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $data['TOTAL']['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $data['TOTAL']['USER'] . "</downloads>\n</total>\n"; |
|
| 148 | + $retstring .= "<total>\n <downloads group='admin'>".$data['TOTAL']['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$data['TOTAL']['SILVERBULLET']."</downloads>\n <downloads group='user'>".$data['TOTAL']['USER']."</downloads>\n</total>\n"; |
|
| 149 | 149 | $retstring .= "</federation>"; |
| 150 | 150 | break; |
| 151 | 151 | case "array": |
@@ -237,7 +237,7 @@ discard block |
||
| 237 | 237 | $identifier = $this->databaseHandle->lastID(); |
| 238 | 238 | |
| 239 | 239 | if ($identifier == 0 || !$this->loggerInstance->writeAudit($ownerId, "NEW", "Organisation $identifier")) { |
| 240 | - $text = "<p>Could not create a new " . common\Entity::$nomenclature_participant . "!</p>"; |
|
| 240 | + $text = "<p>Could not create a new ".common\Entity::$nomenclature_participant."!</p>"; |
|
| 241 | 241 | echo $text; |
| 242 | 242 | throw new Exception($text); |
| 243 | 243 | } |
@@ -379,7 +379,7 @@ discard block |
||
| 379 | 379 | return; // no update to fetch |
| 380 | 380 | } |
| 381 | 381 | $certDetails = openssl_x509_parse($entryInQuestion['CERT']); |
| 382 | - $expiry = "20" . $certDetails['validTo'][0] . $certDetails['validTo'][1] . "-" . $certDetails['validTo'][2] . $certDetails['validTo'][3] . "-" . $certDetails['validTo'][4] . $certDetails['validTo'][5]; |
|
| 382 | + $expiry = "20".$certDetails['validTo'][0].$certDetails['validTo'][1]."-".$certDetails['validTo'][2].$certDetails['validTo'][3]."-".$certDetails['validTo'][4].$certDetails['validTo'][5]; |
|
| 383 | 383 | openssl_x509_export($entryInQuestion['CERT'], $pem); |
| 384 | 384 | $updateQuery = "UPDATE federation_servercerts SET status = 'ISSUED', certificate = ?, expiry = ? WHERE ca_name = 'eduPKI' AND request_serial = ?"; |
| 385 | 385 | $this->databaseHandle->exec($updateQuery, "ssi", $pem, $expiry, $reqSerial); |
