GEANT /
CAT
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,11 +66,11 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw); |
@@ -80,15 +80,15 @@ discard block |
||
| 80 | 80 | } |
| 81 | 81 | $this->issuingCert = $issuingCertCandidate; |
| 82 | 82 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 83 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 83 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | } |
| 85 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 85 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 86 | 86 | if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) { |
| 87 | 87 | throw new Exception("The private key did not parse correctly (or is not a PHP8 object)!"); |
| 88 | 88 | } |
| 89 | 89 | $this->issuingKey = $issuingKeyTemp; |
| 90 | 90 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 91 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 91 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 92 | 92 | } |
| 93 | 93 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 94 | 94 | } |
@@ -131,27 +131,27 @@ discard block |
||
| 131 | 131 | // generate stub index.txt file |
| 132 | 132 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 133 | 133 | $tempdir = $tempdirArray['dir']; |
| 134 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 135 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 134 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 135 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 136 | 136 | // serials for our CA are always integers |
| 137 | 137 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 138 | 138 | if (strlen($serialHex) % 2 == 1) { |
| 139 | - $serialHex = "0" . $serialHex; |
|
| 139 | + $serialHex = "0".$serialHex; |
|
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 142 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 143 | 143 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 144 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 144 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 145 | 145 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 146 | 146 | } |
| 147 | 147 | // index.txt.attr is dull but needs to exist |
| 148 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 148 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 149 | 149 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 150 | 150 | // adding "-rmd sha1" to the following command-line makes the |
| 151 | 151 | // choice of signature algorithm for the response explicit |
| 152 | 152 | // but it's only available from openssl-1.1.0 (which we do not |
| 153 | 153 | // want to require just for that one thing). |
| 154 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 154 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 155 | 155 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 156 | 156 | $output = []; |
| 157 | 157 | $return = 999; |
@@ -159,11 +159,11 @@ discard block |
||
| 159 | 159 | if ($return !== 0) { |
| 160 | 160 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 161 | 161 | } |
| 162 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 162 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 163 | 163 | // remove the temp dir! |
| 164 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 165 | - unlink($tempdir . "/index.txt.attr"); |
|
| 166 | - unlink($tempdir . "/index.txt"); |
|
| 164 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 165 | + unlink($tempdir."/index.txt.attr"); |
|
| 166 | + unlink($tempdir."/index.txt"); |
|
| 167 | 167 | rmdir($tempdir); |
| 168 | 168 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 169 | 169 | return $ocsp; |
@@ -22,7 +22,7 @@ discard block |
||
| 22 | 22 | ?> |
| 23 | 23 | <?php |
| 24 | 24 | |
| 25 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 25 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 26 | 26 | |
| 27 | 27 | $validator = new \web\lib\common\InputValidation(); |
| 28 | 28 | $idRaw = $_GET["id"] ?? ""; |
@@ -37,7 +37,7 @@ discard block |
||
| 37 | 37 | // Set data type and caching for 30 days |
| 38 | 38 | $info = new finfo(); |
| 39 | 39 | $filetype = $info->buffer($finalBlob, FILEINFO_MIME_TYPE); |
| 40 | - header("Content-type: " . $filetype); |
|
| 40 | + header("Content-type: ".$filetype); |
|
| 41 | 41 | |
| 42 | 42 | switch ($filetype) { |
| 43 | 43 | case "text/rtf": // fall-through, same treatment |
@@ -54,7 +54,7 @@ discard block |
||
| 54 | 54 | header("Cache-Control: must-revalidate"); |
| 55 | 55 | $offset = 60 * 60 * 24 * 30; |
| 56 | 56 | // gmdate can't possibly fail, because it operates on time() and an integer offset |
| 57 | - $ExpStr = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT"; |
|
| 57 | + $ExpStr = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT"; |
|
| 58 | 58 | header($ExpStr); |
| 59 | 59 | // Print out the image |
| 60 | 60 | echo $finalBlob; |
@@ -9,7 +9,7 @@ discard block |
||
| 9 | 9 | * ****************************************************************************** |
| 10 | 10 | */ |
| 11 | 11 | |
| 12 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 12 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 13 | 13 | |
| 14 | 14 | $auth = new \web\lib\admin\Authentication(); |
| 15 | 15 | $auth->authenticate(); |
@@ -29,31 +29,31 @@ discard block |
||
| 29 | 29 | ?> |
| 30 | 30 | |
| 31 | 31 | <h1><?php $tablecaption = _("User Authentication Records"); echo $tablecaption; ?></h1> |
| 32 | -<p><?php echo _("Note that:");?></p> |
|
| 32 | +<p><?php echo _("Note that:"); ?></p> |
|
| 33 | 33 | <ul> |
| 34 | - <li><?php echo _("Authentication records are deleted after six months retention time");?></li> |
|
| 35 | - <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots");?></li> |
|
| 36 | - <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems");?></li> |
|
| 34 | + <li><?php echo _("Authentication records are deleted after six months retention time"); ?></li> |
|
| 35 | + <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots"); ?></li> |
|
| 36 | + <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems"); ?></li> |
|
| 37 | 37 | </ul> |
| 38 | 38 | <table class='authrecord'> |
| 39 | - <caption><?php echo $tablecaption;?></caption> |
|
| 39 | + <caption><?php echo $tablecaption; ?></caption> |
|
| 40 | 40 | <tr> |
| 41 | - <th scope="col"><strong><?php echo _("Timestamp");?></strong></th> |
|
| 42 | - <th scope="col"><strong><?php echo _("Credential");?></strong></th> |
|
| 43 | - <th scope="col"><strong><?php echo _("MAC Address");?></strong></th> |
|
| 44 | - <th scope="col"><strong><?php echo _("Result");?></strong></th> |
|
| 45 | - <th scope="col"><strong><?php echo _("Operator Domain");?></strong></th> |
|
| 41 | + <th scope="col"><strong><?php echo _("Timestamp"); ?></strong></th> |
|
| 42 | + <th scope="col"><strong><?php echo _("Credential"); ?></strong></th> |
|
| 43 | + <th scope="col"><strong><?php echo _("MAC Address"); ?></strong></th> |
|
| 44 | + <th scope="col"><strong><?php echo _("Result"); ?></strong></th> |
|
| 45 | + <th scope="col"><strong><?php echo _("Operator Domain"); ?></strong></th> |
|
| 46 | 46 | </tr> |
| 47 | 47 | <?php |
| 48 | 48 | $userAuthData = $profile->getUserAuthRecords($userInt); |
| 49 | 49 | foreach ($userAuthData as $oneRecord) { |
| 50 | - echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail" )."'>" |
|
| 50 | + echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail")."'>" |
|
| 51 | 51 | . "<td>".$oneRecord['TIMESTAMP']."</td>" |
| 52 | 52 | // $oneRecord['CN'] is a simple string, not an array, so disable Scrutinizer type check here |
| 53 | - . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'],"@"))."</td>" |
|
| 53 | + . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'], "@"))."</td>" |
|
| 54 | 54 | . "<td>".$oneRecord['MAC']."</td>" |
| 55 | 55 | . "<td>".($oneRecord['RESULT'] == "Access-Accept" ? _("Success") : _("Failure"))."</td>" |
| 56 | - . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)",1)."</td>" |
|
| 56 | + . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)", 1)."</td>" |
|
| 57 | 57 | . "</tr>"; |
| 58 | 58 | } |
| 59 | 59 | ?> |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,29 +66,29 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw); |
| 77 | - if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate)|| $rootParsed === FALSE) { |
|
| 77 | + if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate) || $rootParsed === FALSE) { |
|
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly (or not a PHP8 resource)!"); |
| 79 | 79 | } |
| 80 | 80 | $this->issuingCert = $issuingCertCandidate; |
| 81 | 81 | |
| 82 | 82 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 83 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 83 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | } |
| 85 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 85 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 86 | 86 | if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) { |
| 87 | 87 | throw new Exception("The private key did not parse correctly (or not a PHP8 resource)!"); |
| 88 | 88 | } |
| 89 | 89 | $this->issuingKey = $issuingKeyTemp; |
| 90 | 90 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 91 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 91 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 92 | 92 | } |
| 93 | 93 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 94 | 94 | } |
@@ -131,27 +131,27 @@ discard block |
||
| 131 | 131 | // generate stub index.txt file |
| 132 | 132 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 133 | 133 | $tempdir = $tempdirArray['dir']; |
| 134 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 135 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 134 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 135 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 136 | 136 | // serials for our CA are always integers |
| 137 | 137 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 138 | 138 | if (strlen($serialHex) % 2 == 1) { |
| 139 | - $serialHex = "0" . $serialHex; |
|
| 139 | + $serialHex = "0".$serialHex; |
|
| 140 | 140 | } |
| 141 | 141 | |
| 142 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 142 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 143 | 143 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 144 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 144 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 145 | 145 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 146 | 146 | } |
| 147 | 147 | // index.txt.attr is dull but needs to exist |
| 148 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 148 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 149 | 149 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 150 | 150 | // adding "-rmd sha1" to the following command-line makes the |
| 151 | 151 | // choice of signature algorithm for the response explicit |
| 152 | 152 | // but it's only available from openssl-1.1.0 (which we do not |
| 153 | 153 | // want to require just for that one thing). |
| 154 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 154 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 155 | 155 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 156 | 156 | $output = []; |
| 157 | 157 | $return = 999; |
@@ -159,11 +159,11 @@ discard block |
||
| 159 | 159 | if ($return !== 0) { |
| 160 | 160 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 161 | 161 | } |
| 162 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 162 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 163 | 163 | // remove the temp dir! |
| 164 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 165 | - unlink($tempdir . "/index.txt.attr"); |
|
| 166 | - unlink($tempdir . "/index.txt"); |
|
| 164 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 165 | + unlink($tempdir."/index.txt.attr"); |
|
| 166 | + unlink($tempdir."/index.txt"); |
|
| 167 | 167 | rmdir($tempdir); |
| 168 | 168 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 169 | 169 | return $ocsp; |
@@ -1,22 +1,22 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 2 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 3 | 3 | /** |
| 4 | 4 | * check if URL responds with 200 |
| 5 | 5 | * |
| 6 | 6 | * @param string $srv server name |
| 7 | 7 | * @return integer or NULL |
| 8 | 8 | */ |
| 9 | -function checkConfigRADIUSDaemon ($srv) { |
|
| 9 | +function checkConfigRADIUSDaemon($srv) { |
|
| 10 | 10 | $ch = curl_init(); |
| 11 | 11 | if ($ch === FALSE) { |
| 12 | 12 | return NULL; |
| 13 | 13 | } |
| 14 | 14 | $timeout = 10; |
| 15 | - curl_setopt ( $ch, CURLOPT_URL, $srv ); |
|
| 16 | - curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 ); |
|
| 17 | - curl_setopt ( $ch, CURLOPT_TIMEOUT, $timeout ); |
|
| 15 | + curl_setopt($ch, CURLOPT_URL, $srv); |
|
| 16 | + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
|
| 17 | + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); |
|
| 18 | 18 | curl_exec($ch); |
| 19 | - $http_code = curl_getinfo( $ch, CURLINFO_HTTP_CODE ); |
|
| 19 | + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); |
|
| 20 | 20 | curl_close($ch); |
| 21 | 21 | if ($http_code == 200) { |
| 22 | 22 | return 1; |
@@ -53,8 +53,8 @@ discard block |
||
| 53 | 53 | } |
| 54 | 54 | $siteStatus = array(); |
| 55 | 55 | foreach (array_keys($brokenDeployments) as $server_id) { |
| 56 | - print "check $server_id " . $radiusSite[$server_id] . "\n"; |
|
| 57 | - $siteStatus[$server_id] = checkConfigRADIUSDaemon('http://' . $radiusSite[$server_id]); |
|
| 56 | + print "check $server_id ".$radiusSite[$server_id]."\n"; |
|
| 57 | + $siteStatus[$server_id] = checkConfigRADIUSDaemon('http://'.$radiusSite[$server_id]); |
|
| 58 | 58 | if ($siteStatus[$server_id]) { |
| 59 | 59 | echo "\ncheck radius\n"; |
| 60 | 60 | echo \config\Diagnostics::RADIUSSPTEST['port']."\n"; |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | public function divSilverbullet() { |
| 125 | 125 | $retval = " |
| 126 | 126 | <div id='silverbullet'>" |
| 127 | - .$this->Gui->textTemplates->templates[user\SB_GO_AWAY] . |
|
| 127 | + .$this->Gui->textTemplates->templates[user\SB_GO_AWAY]. |
|
| 128 | 128 | "</div> |
| 129 | 129 | "; |
| 130 | 130 | return $retval; |
@@ -222,7 +222,7 @@ discard block |
||
| 222 | 222 | <div id='profiles'> <!-- this is the profile selection filled during run time --> |
| 223 | 223 | <div id='profiles_h' class='sub_h'>".$this->Gui->textTemplates->templates[user\PROFILE_SELECTION]." |
| 224 | 224 | </div>" . |
| 225 | - "<select id='profile_list'></select><div id='profile_desc' class='profile_desc'></div>" . |
|
| 225 | + "<select id='profile_list'></select><div id='profile_desc' class='profile_desc'></div>". |
|
| 226 | 226 | "</div>"; |
| 227 | 227 | } |
| 228 | 228 | |
@@ -250,7 +250,7 @@ discard block |
||
| 250 | 250 | public function divInstitution($selectButton = TRUE) { |
| 251 | 251 | $retval = "<div id='institution_name'> |
| 252 | 252 | <span id='inst_name_span'></span> <div id='inst_extra_text'></div><!-- this will be filled with the IdP name -->" . |
| 253 | - ($selectButton ? "<a id='select_another' class='signin' href=\"\">".$this->Gui->textTemplates->templates[user\INSTITUTION_SELECTION]."</a>" : "") . |
|
| 253 | + ($selectButton ? "<a id='select_another' class='signin' href=\"\">".$this->Gui->textTemplates->templates[user\INSTITUTION_SELECTION]."</a>" : ""). |
|
| 254 | 254 | "</div>"; |
| 255 | 255 | $retval .= $this->emptyImage('idp_logo', 'IdP Logo'); |
| 256 | 256 | return $retval; |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | $cryptoJson = openssl_encrypt($clearJson, 'AES-256-CBC', $encryptionKey, OPENSSL_RAW_DATA, $initVector); |
| 122 | 122 | $hmac = hash_hmac("sha1", $cryptoJson, $encryptionKey, TRUE); |
| 123 | 123 | |
| 124 | - $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = " . $password . "\nb(IV) = " . base64_encode($initVector) . "\nb(Cipher) = " . base64_encode($cryptoJson) . "\nb(HMAC) = " . base64_encode($hmac)); |
|
| 124 | + $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = ".$password."\nb(IV) = ".base64_encode($initVector)."\nb(Cipher) = ".base64_encode($cryptoJson)."\nb(HMAC) = ".base64_encode($hmac)); |
|
| 125 | 125 | |
| 126 | 126 | // now, generate the container that holds all the crypto data |
| 127 | 127 | $finalArray = [ |
@@ -195,7 +195,7 @@ discard block |
||
| 195 | 195 | private function wiredBlock($eapdetails) |
| 196 | 196 | { |
| 197 | 197 | return [ |
| 198 | - "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet") . "}", |
|
| 198 | + "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet")."}", |
|
| 199 | 199 | "Name" => "eduroam configuration (wired network)", |
| 200 | 200 | "Remove" => false, |
| 201 | 201 | "Type" => "Ethernet", |
@@ -236,7 +236,7 @@ discard block |
||
| 236 | 236 | // if silverbullet, we deliver the client cert inline |
| 237 | 237 | |
| 238 | 238 | if ($selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 239 | - $eaparray['ClientCertRef'] = "[" . $this->clientCert['GUID'] . "]"; |
|
| 239 | + $eaparray['ClientCertRef'] = "[".$this->clientCert['GUID']."]"; |
|
| 240 | 240 | $eaparray['ClientCertType'] = "Ref"; |
| 241 | 241 | } |
| 242 | 242 | |
@@ -271,7 +271,7 @@ discard block |
||
| 271 | 271 | $jsonArray = ["Type" => "UnencryptedConfiguration"]; |
| 272 | 272 | |
| 273 | 273 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
| 274 | - $caRefs[] = "{" . $ca['uuid'] . "}"; |
|
| 274 | + $caRefs[] = "{".$ca['uuid']."}"; |
|
| 275 | 275 | } |
| 276 | 276 | // define CA certificates |
| 277 | 277 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
@@ -281,15 +281,15 @@ discard block |
||
| 281 | 281 | if ($caSanitized1 === FALSE) { |
| 282 | 282 | throw new Exception("Error cropping PEM data at its BEGIN marker."); |
| 283 | 283 | } |
| 284 | - $this->loggerInstance->debug(4, $caSanitized1 . "\n"); |
|
| 284 | + $this->loggerInstance->debug(4, $caSanitized1."\n"); |
|
| 285 | 285 | // remove \n |
| 286 | 286 | $caSanitized = str_replace("\n", "", $caSanitized1); |
| 287 | - $jsonArray["Certificates"][] = ["GUID" => "{" . $ca['uuid'] . "}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 288 | - $this->loggerInstance->debug(3, $caSanitized . "\n"); |
|
| 287 | + $jsonArray["Certificates"][] = ["GUID" => "{".$ca['uuid']."}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 288 | + $this->loggerInstance->debug(3, $caSanitized."\n"); |
|
| 289 | 289 | } |
| 290 | 290 | // if we are doing silverbullet, include the unencrypted(!) P12 as a client certificate |
| 291 | 291 | if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 292 | - $jsonArray["Certificates"][] = ["GUID" => "[" . $this->clientCert['GUID'] . "]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 292 | + $jsonArray["Certificates"][] = ["GUID" => "[".$this->clientCert['GUID']."]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 293 | 293 | } |
| 294 | 294 | $eaparray = $this->eapBlock($caRefs); |
| 295 | 295 | // define Wi-Fi networks |
@@ -312,7 +312,7 @@ discard block |
||
| 312 | 312 | |
| 313 | 313 | file_put_contents('installer_profile', $finalJson); |
| 314 | 314 | |
| 315 | - $fileName = $this->installerBasename . '.onc'; |
|
| 315 | + $fileName = $this->installerBasename.'.onc'; |
|
| 316 | 316 | |
| 317 | 317 | if (!$this->sign) { |
| 318 | 318 | rename("installer_profile", $fileName); |
@@ -323,7 +323,7 @@ discard block |
||
| 323 | 323 | // have the notion of signing |
| 324 | 324 | // but if they ever change their mind, we are prepared |
| 325 | 325 | |
| 326 | - $outputFromSigning = system($this->sign . " installer_profile '$fileName' > /dev/null"); |
|
| 326 | + $outputFromSigning = system($this->sign." installer_profile '$fileName' > /dev/null"); |
|
| 327 | 327 | if ($outputFromSigning === FALSE) { |
| 328 | 328 | $this->loggerInstance->debug(2, "Signing the ONC installer $fileName FAILED!\n"); |
| 329 | 329 | } |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | protected function setSupportedEapMethods($eapArray) |
| 87 | 87 | { |
| 88 | 88 | $this->supportedEapMethods = $eapArray; |
| 89 | - $this->loggerInstance->debug(4, "This device (" . __CLASS__ . ") supports the following EAP methods: "); |
|
| 89 | + $this->loggerInstance->debug(4, "This device (".__CLASS__.") supports the following EAP methods: "); |
|
| 90 | 90 | $this->loggerInstance->debug(4, $this->supportedEapMethods); |
| 91 | 91 | } |
| 92 | 92 | |
@@ -460,7 +460,7 @@ discard block |
||
| 460 | 460 | return $baseName.$inst.'-'.$prof; |
| 461 | 461 | } |
| 462 | 462 | } |
| 463 | - return $baseName . $inst; |
|
| 463 | + return $baseName.$inst; |
|
| 464 | 464 | } |
| 465 | 465 | |
| 466 | 466 | /** |
@@ -590,7 +590,7 @@ discard block |
||
| 590 | 590 | // only add network blocks if their respective condition is met in this profile |
| 591 | 591 | if ($netDetails['condition'] === TRUE || (isset($this->attributes[$netDetails['condition']]) && $this->attributes[$netDetails['condition']] === TRUE)) { |
| 592 | 592 | $networks[$netName] = $netDetails; |
| 593 | - $this->loggerInstance->debug(5,$netName, "\nAdding network: "); |
|
| 593 | + $this->loggerInstance->debug(5, $netName, "\nAdding network: "); |
|
| 594 | 594 | } |
| 595 | 595 | } |
| 596 | 596 | // add locally defined SSIDs |
@@ -62,7 +62,7 @@ |
||
| 62 | 62 | they are from the same user group. You are not allowed to share them to an unlimited |
| 63 | 63 | audience (e.g. on a publicly accessible web server).</li> |
| 64 | 64 | <li>If You are an eduroam Identity Provider administrator, you are allowed to download and pass on the Installers to |
| 65 | -your own <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_idp'];?> end users, e.g. on the support web pages of your <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_idp'];?>, on Welcome Package CDs or USB sticks, etc.</li> |
|
| 65 | +your own <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_idp']; ?> end users, e.g. on the support web pages of your <?php echo \config\ConfAssistant::CONSORTIUM['nomenclature_idp']; ?>, on Welcome Package CDs or USB sticks, etc.</li> |
|
| 66 | 66 | <li>If You are a third-party not affiliated with eduroam, you are only allowed to download and pass on |
| 67 | 67 | the Metadata and/or the Installers after having received written permission by the eduroam Operations team.</li> |
| 68 | 68 | </ul> |
