View GitHub Repository CAT

Schedule Inspection
Subscribe
Test Setup Failed
Push — master ( a0e404...64401d )
by Tomasz
10:27
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPki.php 1 patch
Spacing   +38 added lines, -38 removed lines patch added patch discarded remove patch 
@@ -17,9 +17,9 @@  discard block
 
 block discarded – undo
17 17 
 class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface
18 18 
 {
19 19
20 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
21 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
22 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
20 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
21 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
22 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
23 23 
     private const EDUPKI_RA_ID = 700;
24 24 
     private const EDUPKI_CERT_PROFILE = "User SOAP";
25 25 
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
 
@@ -35,13 +35,13 @@  discard block
 
 block discarded – undo
35 35 
         parent::__construct();
36 36
37 37 
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) {
38 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT);
38 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT);
39 39 
         }
40 40 
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) {
41 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY);
41 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY);
42 42 
         }
43 43 
         if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) {
44 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT);
44 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT);
45 45 
         }
46 46 
     }
47 47 
 
@@ -75,19 +75,19 @@  discard block
 
 block discarded – undo
75 75 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
76 76 
         try {
77 77 
             $altArray = [# Array mit den Subject Alternative Names
78 
-                "email:" . $csr["USERNAME"]
78 
+                "email:".$csr["USERNAME"]
79 79 
             ];
80 80 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
81 81 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
82 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n");
83 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
82 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n");
83 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
84 84 
             $this->loggerInstance->debug(5, "PARAM_3: ");
85 85 
             $this->loggerInstance->debug(5, $altArray);
86 
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n");
87 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
88 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
89 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n");
90 
-            $this->loggerInstance->debug(5, "PARAM_8: " . \config\ConfAssistant::SILVERBULLET['product_name'] . "\n");
86 
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n");
87 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
88 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
89 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n");
90 
+            $this->loggerInstance->debug(5, "PARAM_8: ".\config\ConfAssistant::SILVERBULLET['product_name']."\n");
91 91 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
92 92 
             $soapNewRequest = $soapPub->newRequest(
93 93 
                     CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID
 
@@ -109,11 +109,11 @@  discard block
 
 block discarded – undo
109 109 
         } catch (Exception $e) {
110 110 
             // PHP 7.1 can do this much better
111 111 
             if (is_soap_fault($e)) {
112 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
112 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
113 113 
                     $e->faultstring
114 114 
                 }\n");
115 115 
             }
116 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
116 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
117 117 
         }
118 118 
         try {
119 119 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -125,8 +125,8 @@  discard block
 
 block discarded – undo
125 125 
                     $soapReqnum, [
126 126 
                 "RaID" => CertificationAuthorityEduPki::EDUPKI_RA_ID,
127 127 
                 "Role" => CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE,
128 
-                "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . \config\ConfAssistant::CONSORTIUM['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'],
129 
-                "SubjectAltNames" => ["email:" . $csr["USERNAME"]],
128 
+                "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".\config\ConfAssistant::CONSORTIUM['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'],
129 
+                "SubjectAltNames" => ["email:".$csr["USERNAME"]],
130 130 
                 "NotBefore" => (new \DateTime())->format('c'),
131 131 
                 "NotAfter" => $expiry->format('c'),
132 132 
                     ]
 
@@ -145,7 +145,7 @@  discard block
 
 block discarded – undo
145 145 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
146 146 
             // rather than just using the string. Grr.
147 147 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
148 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
148 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
149 149 
             // retrieve our RA cert from filesystem
150 150 
             // the RA certificates are not needed right now because we
151 151 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -157,7 +157,7 @@  discard block
 
 block discarded – undo
157 157 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
158 158 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
159 159 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
160 
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
160 
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
161 161 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
162 162 
             $output = [];
163 163 
             $return = 999;
 
@@ -166,14 +166,14 @@  discard block
 
 block discarded – undo
166 166 
                 throw new Exception("Non-zero return value from openssl smime!");
167 167 
             }
168 168 
             // and get the signature blob back from the filesystem
169 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
169 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
170 170 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
171 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
172 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
173 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
171 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
172 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
173 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
174 174 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
175 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
176 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
175 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
176 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
177 177 
             if ($soapIssueCert === FALSE) {
178 178 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
179 179 
             }
 
@@ -210,9 +210,9 @@  discard block
 
 block discarded – undo
210 210 
                 throw new Exception("CAInfo has no root certificate for us!");
211 211 
             }
212 212 
         } catch (SoapFault $e) {
213 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
213 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
214 214 
         } catch (Exception $e) {
215 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
215 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
216 216 
         }
217 217 
         return [
218 218 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -245,12 +245,12 @@  discard block
 
 block discarded – undo
245 245 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
246 246 
             // rather than just using the string. Grr.
247 247 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
248 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
248 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
249 249 
             // retrieve our RA cert from filesystem
250 250 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
251 251 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
252 252 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
253 
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT;
253 
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT;
254 254 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
255 255 
             $output = [];
256 256 
             $return = 999;
 
@@ -259,7 +259,7 @@  discard block
 
 block discarded – undo
259 259 
                 throw new Exception("Non-zero return value from openssl smime!");
260 260 
             }
261 261 
             // and get the signature blob back from the filesystem
262 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
262 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
263 263 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
264 264 
             if ($soapIssueRev === FALSE) {
265 265 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -267,9 +267,9 @@  discard block
 
 block discarded – undo
267 267 
         } catch (Exception $e) {
268 268 
             // PHP 7.1 can do this much better
269 269 
             if (is_soap_fault($e)) {
270 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
270 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
271 271 
             }
272 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
272 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
273 273 
         }
274 274 
     }
275 275 
 
@@ -289,7 +289,7 @@  discard block
 
 block discarded – undo
289 289 
             'http' => [
290 290 
                 'timeout' => 60,
291 291 
                 'user_agent' => 'Stefan',
292 
-                'header'=> array( "Accept-language: en" ),
292 
+                'header'=> array("Accept-language: en"),
293 293 
                 'protocol_version' => 1.1
294 294 
             ],
295 295 
             'ssl' => [
 
@@ -370,9 +370,9 @@  discard block
 
 block discarded – undo
370 370 
      */
371 371 
     public function soapToXmlInteger($x)
372 372 
     {
373 
-        return '<' . $x[0] . '>'
373 
+        return '<'.$x[0].'>'
374 374 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
375 
-                . '</' . $x[0] . '>';
375 
+                . '</'.$x[0].'>';
376 376 
     }
377 377
378 378 
     /**
 
@@ -391,9 +391,9 @@  discard block
 
 block discarded – undo
391 391 
         // dump private key into directory
392 392 
         $outstring = "";
393 393 
         openssl_pkey_export($privateKey, $outstring);
394 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
394 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
395 395 
         // PHP can only do one DC in the Subject. But we need three.
396 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
396 
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
397 397 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
398 398 
         $output = [];
399 399 
         $return = 999;
Please login to merge, or discard this patch.