GEANT /
CAT
@@ -167,7 +167,7 @@ discard block |
||
| 167 | 167 | } |
| 168 | 168 | } |
| 169 | 169 | |
| 170 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 170 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 171 | 171 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 172 | 172 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 173 | 173 | |
@@ -257,7 +257,7 @@ discard block |
||
| 257 | 257 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 258 | 258 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 259 | 259 | } |
| 260 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 260 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 261 | 261 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 262 | 262 | } |
| 263 | 263 | } |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 285 | 285 | $returnarray[] = $probValue; |
| 286 | 286 | } |
| 287 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 287 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 288 | 288 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 289 | 289 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 290 | 290 | } |
@@ -334,7 +334,7 @@ discard block |
||
| 334 | 334 | { |
| 335 | 335 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 336 | 336 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 337 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 337 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 338 | 338 | if ($clientcert === FALSE) { |
| 339 | 339 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 340 | 340 | } |
@@ -343,7 +343,7 @@ discard block |
||
| 343 | 343 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 344 | 344 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 345 | 345 | } |
| 346 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 346 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 347 | 347 | } |
| 348 | 348 | |
| 349 | 349 | /** |
@@ -365,7 +365,7 @@ discard block |
||
| 365 | 365 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 366 | 366 | } |
| 367 | 367 | // first and second sub-match is the full URL... check it |
| 368 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2])); |
|
| 368 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2])); |
|
| 369 | 369 | if ($crlcontent === FALSE) { |
| 370 | 370 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 371 | 371 | } |
@@ -380,7 +380,7 @@ discard block |
||
| 380 | 380 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 381 | 381 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 382 | 382 | |
| 383 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 383 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 384 | 384 | $descriptorspec = [ |
| 385 | 385 | 0 => ["pipe", "r"], |
| 386 | 386 | 1 => ["pipe", "w"], |
@@ -419,7 +419,7 @@ discard block |
||
| 419 | 419 | $origLength = strlen($hex); |
| 420 | 420 | for ($i = 1; $i < $origLength; $i++) { |
| 421 | 421 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 422 | - $spaced .= $hex[$i] . " "; |
|
| 422 | + $spaced .= $hex[$i]." "; |
|
| 423 | 423 | } else { |
| 424 | 424 | $spaced .= $hex[$i]; |
| 425 | 425 | } |
@@ -547,19 +547,19 @@ discard block |
||
| 547 | 547 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 548 | 548 | $config = ' |
| 549 | 549 | network={ |
| 550 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 550 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 551 | 551 | key_mgmt=WPA-EAP |
| 552 | 552 | proto=WPA2 |
| 553 | 553 | pairwise=CCMP |
| 554 | 554 | group=CCMP |
| 555 | 555 | '; |
| 556 | 556 | // phase 1 |
| 557 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 557 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 558 | 558 | $logConfig = $config; |
| 559 | 559 | // phase 2 if applicable; all inner methods have passwords |
| 560 | 560 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 561 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 562 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 561 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 562 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 563 | 563 | } |
| 564 | 564 | // all methods set a password, except EAP-TLS |
| 565 | 565 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -575,11 +575,11 @@ discard block |
||
| 575 | 575 | } |
| 576 | 576 | |
| 577 | 577 | // inner identity |
| 578 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 579 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 578 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 579 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 580 | 580 | // outer identity, may be equal |
| 581 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 582 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 581 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 582 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 583 | 583 | // done |
| 584 | 584 | $config .= "}"; |
| 585 | 585 | $logConfig .= "}"; |
@@ -642,13 +642,13 @@ discard block |
||
| 642 | 642 | */ |
| 643 | 643 | private function eapolTestConfig($probeindex, $opName, $frag) |
| 644 | 644 | { |
| 645 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 646 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 647 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 648 | - " -o serverchain.pem" . |
|
| 649 | - " -c ./udp_login_test.conf" . |
|
| 650 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 651 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 645 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 646 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 647 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 648 | + " -o serverchain.pem". |
|
| 649 | + " -c ./udp_login_test.conf". |
|
| 650 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 651 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 652 | 652 | if ($opName) { |
| 653 | 653 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 654 | 654 | } |
@@ -678,10 +678,10 @@ discard block |
||
| 678 | 678 | */ |
| 679 | 679 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) |
| 680 | 680 | { |
| 681 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 681 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 682 | 682 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 683 | 683 | } |
| 684 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 684 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 685 | 685 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 686 | 686 | } |
| 687 | 687 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -695,15 +695,15 @@ discard block |
||
| 695 | 695 | } |
| 696 | 696 | if ($decoded['ca'] == 1) { |
| 697 | 697 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 698 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 699 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 698 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 700 | 700 | $catRoots[] = $decoded['pem']; |
| 701 | 701 | } else { // save the intermediates to allcerts directory |
| 702 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 702 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 703 | 703 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 704 | 704 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 705 | 705 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 706 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 706 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 707 | 707 | } |
| 708 | 708 | $catIntermediates[] = $decoded['pem']; |
| 709 | 709 | } |
@@ -712,26 +712,26 @@ discard block |
||
| 712 | 712 | // save all intermediate certificates and CRLs to separate files in |
| 713 | 713 | // both root-ca directories |
| 714 | 714 | foreach ($eapIntermediates as $index => $onePem) { |
| 715 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 716 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 715 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 716 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 717 | 717 | } |
| 718 | 718 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 719 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 720 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 719 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 720 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 721 | 721 | } |
| 722 | 722 | |
| 723 | 723 | $checkstring = ""; |
| 724 | 724 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 725 | 725 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 726 | 726 | $checkstring = "-crl_check_all"; |
| 727 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 728 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 727 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 728 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 729 | 729 | } |
| 730 | 730 | |
| 731 | 731 | |
| 732 | 732 | // now c_rehash the root CA directory ... |
| 733 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 734 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 733 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 734 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 735 | 735 | return $checkstring; |
| 736 | 736 | } |
| 737 | 737 | |
@@ -764,12 +764,12 @@ discard block |
||
| 764 | 764 | // so test if there's something PEMy in the file at all |
| 765 | 765 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 766 | 766 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 767 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 768 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 769 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 770 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 771 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 772 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 767 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 768 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 769 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 770 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 771 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 772 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 773 | 773 | } |
| 774 | 774 | |
| 775 | 775 | // now we do certificate verification against the collected parents |
@@ -835,7 +835,7 @@ discard block |
||
| 835 | 835 | // we are UNHAPPY if no names match! |
| 836 | 836 | $happiness = "UNHAPPY"; |
| 837 | 837 | foreach ($this->expectedServerNames as $expectedName) { |
| 838 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 838 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 839 | 839 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 840 | 840 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 841 | 841 | $happiness = "TOTALLY"; |
@@ -880,11 +880,11 @@ discard block |
||
| 880 | 880 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 881 | 881 | // the config intentionally does not include CA checking. We do this |
| 882 | 882 | // ourselves after getting the chain with -o. |
| 883 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 883 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 884 | 884 | |
| 885 | 885 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 886 | 886 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 887 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 887 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 888 | 888 | $time_start = microtime(true); |
| 889 | 889 | $pflow = []; |
| 890 | 890 | exec($cmdline, $pflow); |
@@ -893,7 +893,7 @@ discard block |
||
| 893 | 893 | } |
| 894 | 894 | $time_stop = microtime(true); |
| 895 | 895 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 896 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 896 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 897 | 897 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 898 | 898 | return [ |
| 899 | 899 | "time" => ($time_stop - $time_start) * 1000, |
@@ -930,7 +930,7 @@ discard block |
||
| 930 | 930 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 931 | 931 | array_pop($packetflow); |
| 932 | 932 | } |
| 933 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 933 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 934 | 934 | $packetcount = array_count_values($packetflow); |
| 935 | 935 | $testresults['packetcount'] = $packetcount; |
| 936 | 936 | $testresults['packetflow'] = $packetflow; |
@@ -972,7 +972,7 @@ discard block |
||
| 972 | 972 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) |
| 973 | 973 | { |
| 974 | 974 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 975 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 975 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 976 | 976 | if ($negotiatedTlsVersion === FALSE) { |
| 977 | 977 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 978 | 978 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1032,7 +1032,7 @@ discard block |
||
| 1032 | 1032 | |
| 1033 | 1033 | $x509 = new \core\common\X509(); |
| 1034 | 1034 | // $eap_certarray holds all certs received in EAP conversation |
| 1035 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1035 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1036 | 1036 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1037 | 1037 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1038 | 1038 | } else { |
@@ -1062,10 +1062,10 @@ discard block |
||
| 1062 | 1062 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1063 | 1063 | $servercert[] = $cert; |
| 1064 | 1064 | if (count($servercert) == 1) { |
| 1065 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1065 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1066 | 1066 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1067 | 1067 | } |
| 1068 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1068 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1069 | 1069 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1070 | 1070 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1071 | 1071 | } |
@@ -1146,7 +1146,7 @@ discard block |
||
| 1146 | 1146 | chdir($tmpDir); |
| 1147 | 1147 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1148 | 1148 | if ($clientcertdata !== NULL) { |
| 1149 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1149 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1150 | 1150 | } |
| 1151 | 1151 | $testresults = []; |
| 1152 | 1152 | // initialise the sub-array for cleaner parsing |
@@ -1253,7 +1253,7 @@ discard block |
||
| 1253 | 1253 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1254 | 1254 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1255 | 1255 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1256 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1256 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1257 | 1257 | 'sha1' => $certdata['sha1'], |
| 1258 | 1258 | 'extensions' => $certdata['extensions'] |
| 1259 | 1259 | ]; |
@@ -62,24 +62,24 @@ discard block |
||
| 62 | 62 | case "EXTERNAL": |
| 63 | 63 | case "FRONTEND": |
| 64 | 64 | case "DIAGNOSTICS": |
| 65 | - if (!isset(self::${"instance" . $theDb})) { |
|
| 65 | + if (!isset(self::${"instance".$theDb})) { |
|
| 66 | 66 | $class = __CLASS__; |
| 67 | - self::${"instance" . $theDb} = new $class($database); |
|
| 68 | - DBConnection::${"instance" . $theDb}->databaseInstance = $theDb; |
|
| 67 | + self::${"instance".$theDb} = new $class($database); |
|
| 68 | + DBConnection::${"instance".$theDb}->databaseInstance = $theDb; |
|
| 69 | 69 | } |
| 70 | - return self::${"instance" . $theDb}; |
|
| 70 | + return self::${"instance".$theDb}; |
|
| 71 | 71 | case "RADIUS": |
| 72 | - if (!isset(self::${"instance" . $theDb})) { |
|
| 72 | + if (!isset(self::${"instance".$theDb})) { |
|
| 73 | 73 | $class = __CLASS__; |
| 74 | 74 | foreach (\config\ConfAssistant::DB as $name => $oneRadiusAuthDb) { |
| 75 | 75 | $theInstance = new $class($name); |
| 76 | - self::${"instance" . $theDb}[] = $theInstance; |
|
| 76 | + self::${"instance".$theDb}[] = $theInstance; |
|
| 77 | 77 | $theInstance->databaseInstance = $theDb; |
| 78 | 78 | } |
| 79 | 79 | } |
| 80 | - return self::${"instance" . $theDb}; |
|
| 80 | + return self::${"instance".$theDb}; |
|
| 81 | 81 | default: |
| 82 | - throw new Exception("This type of database (" . strtoupper($database) . ") is not known!"); |
|
| 82 | + throw new Exception("This type of database (".strtoupper($database).") is not known!"); |
|
| 83 | 83 | } |
| 84 | 84 | } |
| 85 | 85 | |
@@ -121,18 +121,18 @@ discard block |
||
| 121 | 121 | } |
| 122 | 122 | } |
| 123 | 123 | // log exact query to debug log, if log level is at 5 |
| 124 | - $this->loggerInstance->debug(5, "DB ATTEMPT: " . $querystring . "\n"); |
|
| 124 | + $this->loggerInstance->debug(5, "DB ATTEMPT: ".$querystring."\n"); |
|
| 125 | 125 | if ($types !== NULL) { |
| 126 | - $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: " . /** @scrutinizer ignore-type */ print_r($arguments, true)); |
|
| 126 | + $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: "./** @scrutinizer ignore-type */ print_r($arguments, true)); |
|
| 127 | 127 | } |
| 128 | 128 | |
| 129 | 129 | if ($this->connection->connect_error) { |
| 130 | - throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number" . $this->connection->connect_error . ")!"); |
|
| 130 | + throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number".$this->connection->connect_error.")!"); |
|
| 131 | 131 | } |
| 132 | 132 | if ($types === NULL) { |
| 133 | 133 | $result = $this->connection->query($querystring); |
| 134 | 134 | if ($result === FALSE) { |
| 135 | - throw new Exception("DB: Unable to execute simple statement! Error was --> " . $this->connection->error . " <--"); |
|
| 135 | + throw new Exception("DB: Unable to execute simple statement! Error was --> ".$this->connection->error." <--"); |
|
| 136 | 136 | } |
| 137 | 137 | } else { |
| 138 | 138 | // fancy! prepared statement with dedicated argument list |
@@ -148,7 +148,7 @@ discard block |
||
| 148 | 148 | } |
| 149 | 149 | $prepResult = $statementObject->prepare($querystring); |
| 150 | 150 | if ($prepResult === FALSE) { |
| 151 | - throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> " . $statementObject->error . " <--."); |
|
| 151 | + throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> ".$statementObject->error." <--."); |
|
| 152 | 152 | } |
| 153 | 153 | $this->preparedStatements[$querystring] = $statementObject; |
| 154 | 154 | } |
@@ -161,11 +161,11 @@ discard block |
||
| 161 | 161 | array_unshift($localArray, $types); |
| 162 | 162 | $retval = call_user_func_array([$statementObject, "bind_param"], $localArray); |
| 163 | 163 | if ($retval === FALSE) { |
| 164 | - throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> " . var_export($localArray, TRUE) . " <--. Error was --> " . $statementObject->error . " <--"); |
|
| 164 | + throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> ".var_export($localArray, TRUE)." <--. Error was --> ".$statementObject->error." <--"); |
|
| 165 | 165 | } |
| 166 | 166 | $result = $statementObject->execute(); |
| 167 | 167 | if ($result === FALSE) { |
| 168 | - throw new Exception("DB: Unable to execute prepared statement! Error was --> " . $statementObject->error . " <--"); |
|
| 168 | + throw new Exception("DB: Unable to execute prepared statement! Error was --> ".$statementObject->error." <--"); |
|
| 169 | 169 | } |
| 170 | 170 | $selectResult = $statementObject->get_result(); |
| 171 | 171 | if ($selectResult !== FALSE) { |
@@ -175,14 +175,14 @@ discard block |
||
| 175 | 175 | |
| 176 | 176 | // all cases where $result could be FALSE have been caught earlier |
| 177 | 177 | if ($this->connection->errno) { |
| 178 | - throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was " . $this->connection->errno . "!"); |
|
| 178 | + throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was ".$this->connection->errno."!"); |
|
| 179 | 179 | } |
| 180 | 180 | |
| 181 | 181 | |
| 182 | 182 | if ($isMoreThanSelect) { |
| 183 | - $this->loggerInstance->writeSQLAudit("[DB: " . strtoupper($this->databaseInstance) . "] " . $querystring); |
|
| 183 | + $this->loggerInstance->writeSQLAudit("[DB: ".strtoupper($this->databaseInstance)."] ".$querystring); |
|
| 184 | 184 | if ($types !== NULL) { |
| 185 | - $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: " . /** @scrutinizer ignore-type */ print_r($arguments, true)); |
|
| 185 | + $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: "./** @scrutinizer ignore-type */ print_r($arguments, true)); |
|
| 186 | 186 | } |
| 187 | 187 | } |
| 188 | 188 | return $result; |
@@ -277,13 +277,13 @@ discard block |
||
| 277 | 277 | if (isset(\config\Master::DB[$databaseCapitalised])) { |
| 278 | 278 | $this->connection = new \mysqli(\config\Master::DB[$databaseCapitalised]['host'], \config\Master::DB[$databaseCapitalised]['user'], \config\Master::DB[$databaseCapitalised]['pass'], \config\Master::DB[$databaseCapitalised]['db']); |
| 279 | 279 | if ($this->connection->connect_error) { |
| 280 | - throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ")."); |
|
| 280 | + throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.")."); |
|
| 281 | 281 | } |
| 282 | 282 | $this->readOnly = \config\Master::DB[$databaseCapitalised]['readonly']; |
| 283 | 283 | } else { // one of the RADIUS DBs |
| 284 | 284 | $this->connection = new \mysqli(\config\ConfAssistant::DB[$databaseCapitalised]['host'], \config\ConfAssistant::DB[$databaseCapitalised]['user'], \config\ConfAssistant::DB[$databaseCapitalised]['pass'], \config\ConfAssistant::DB[$databaseCapitalised]['db']); |
| 285 | 285 | if ($this->connection->connect_error) { |
| 286 | - throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ")."); |
|
| 286 | + throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.")."); |
|
| 287 | 287 | } |
| 288 | 288 | $this->readOnly = \config\ConfAssistant::DB[$databaseCapitalised]['readonly']; |
| 289 | 289 | } |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | protected function saveDownloadDetails($idpIdentifier, $profileId, $deviceId, $area, $lang, $eapType) |
| 135 | 135 | { |
| 136 | 136 | if (\config\Master::PATHS['logdir']) { |
| 137 | - $file = fopen(\config\Master::PATHS['logdir'] . "/download_details.log", "a"); |
|
| 137 | + $file = fopen(\config\Master::PATHS['logdir']."/download_details.log", "a"); |
|
| 138 | 138 | if ($file === FALSE) { |
| 139 | 139 | throw new Exception("Unable to open file for append: $file"); |
| 140 | 140 | } |
@@ -181,7 +181,7 @@ discard block |
||
| 181 | 181 | } |
| 182 | 182 | foreach ($new->getAttributes("eap:server_name") as $newName) { |
| 183 | 183 | if (!in_array($newName['value'], $baselineNames)) { |
| 184 | - $retval[AbstractProfile::SERVERNAME_ADDED] .= "#New server name '" . $newName['value'] . "' added"; |
|
| 184 | + $retval[AbstractProfile::SERVERNAME_ADDED] .= "#New server name '".$newName['value']."' added"; |
|
| 185 | 185 | } |
| 186 | 186 | } |
| 187 | 187 | return $retval; |
@@ -205,7 +205,7 @@ discard block |
||
| 205 | 205 | $eaptype = new common\EAP($eapQuery->eap_method_id); |
| 206 | 206 | $eapTypeArray[] = $eaptype; |
| 207 | 207 | } |
| 208 | - $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n" . /** @scrutinizer ignore-type */ print_r($eapTypeArray, true)); |
|
| 208 | + $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n"./** @scrutinizer ignore-type */ print_r($eapTypeArray, true)); |
|
| 209 | 209 | return $eapTypeArray; |
| 210 | 210 | } |
| 211 | 211 | |
@@ -287,16 +287,16 @@ discard block |
||
| 287 | 287 | if (count($this->getAttributes("internal:checkuser_outer")) > 0) { |
| 288 | 288 | // we are supposed to use a specific outer username for checks, |
| 289 | 289 | // which is different from the outer username we put into installers |
| 290 | - return $this->getAttributes("internal:checkuser_value")[0]['value'] . "@" . $realm; |
|
| 290 | + return $this->getAttributes("internal:checkuser_value")[0]['value']."@".$realm; |
|
| 291 | 291 | } |
| 292 | 292 | if (count($this->getAttributes("internal:use_anon_outer")) > 0) { |
| 293 | 293 | // no special check username, but there is an anon outer ID for |
| 294 | 294 | // installers - so let's use that one |
| 295 | - return $this->getAttributes("internal:anon_local_value")[0]['value'] . "@" . $realm; |
|
| 295 | + return $this->getAttributes("internal:anon_local_value")[0]['value']."@".$realm; |
|
| 296 | 296 | } |
| 297 | 297 | // okay, no guidance on outer IDs at all - but we need *something* to |
| 298 | 298 | // test with for the RealmChecks. So: |
| 299 | - return "@" . $realm; |
|
| 299 | + return "@".$realm; |
|
| 300 | 300 | } |
| 301 | 301 | |
| 302 | 302 | /** |
@@ -747,7 +747,7 @@ discard block |
||
| 747 | 747 | public function prepShowtime() |
| 748 | 748 | { |
| 749 | 749 | $properConfig = $this->readyForShowtime(); |
| 750 | - $this->databaseHandle->exec("UPDATE profile SET sufficient_config = " . ($properConfig ? "TRUE" : "FALSE") . " WHERE profile_id = " . $this->identifier); |
|
| 750 | + $this->databaseHandle->exec("UPDATE profile SET sufficient_config = ".($properConfig ? "TRUE" : "FALSE")." WHERE profile_id = ".$this->identifier); |
|
| 751 | 751 | |
| 752 | 752 | $attribs = $this->getCollapsedAttributes(); |
| 753 | 753 | // if not enough info to go live, set FALSE |
@@ -325,7 +325,7 @@ discard block |
||
| 325 | 325 | $invitationObject = new SilverbulletInvitation($token); |
| 326 | 326 | $profile = new ProfileSilverbullet($invitationObject->profile); |
| 327 | 327 | $inst = new IdP($profile->institution); |
| 328 | - $loggerInstance->debug(5, "tokenStatus: done, got " . $invitationObject->invitationTokenStatus . ", " . $invitationObject->profile . ", " . $invitationObject->userId . ", " . $invitationObject->expiry . ", " . $invitationObject->invitationTokenString . "\n"); |
|
| 328 | + $loggerInstance->debug(5, "tokenStatus: done, got ".$invitationObject->invitationTokenStatus.", ".$invitationObject->profile.", ".$invitationObject->userId.", ".$invitationObject->expiry.", ".$invitationObject->invitationTokenString."\n"); |
|
| 329 | 329 | if ($invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_VALID && $invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) { |
| 330 | 330 | throw new Exception("Attempt to generate a SilverBullet installer with an invalid/redeemed/expired token. The user should never have gotten that far!"); |
| 331 | 331 | } |
@@ -338,12 +338,12 @@ discard block |
||
| 338 | 338 | throw new Exception("Despite a valid token, the corresponding user was not found in database or database query error!"); |
| 339 | 339 | } |
| 340 | 340 | $expiryObject = mysqli_fetch_object(/** @scrutinizer ignore-type */ $userrow); |
| 341 | - $loggerInstance->debug(5, "EXP: " . $expiryObject->expiry . "\n"); |
|
| 341 | + $loggerInstance->debug(5, "EXP: ".$expiryObject->expiry."\n"); |
|
| 342 | 342 | $expiryDateObject = date_create_from_format("Y-m-d H:i:s", $expiryObject->expiry); |
| 343 | 343 | if ($expiryDateObject === FALSE) { |
| 344 | 344 | throw new Exception("The expiry date we got from the DB is bogus!"); |
| 345 | 345 | } |
| 346 | - $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s") . "\n"); |
|
| 346 | + $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s")."\n"); |
|
| 347 | 347 | // date_create with no parameters can't fail, i.e. is never FALSE |
| 348 | 348 | $validity = date_diff(/** @scrutinizer ignore-type */ date_create(), $expiryDateObject); |
| 349 | 349 | $expiryDays = $validity->days + 1; |
@@ -382,7 +382,7 @@ discard block |
||
| 382 | 382 | $certString = ""; |
| 383 | 383 | openssl_x509_export($cert, $certString); |
| 384 | 384 | $parsedCert = $x509->processCertificate($certString); |
| 385 | - $loggerInstance->debug(5, "CERTINFO: " . /** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true)); |
|
| 385 | + $loggerInstance->debug(5, "CERTINFO: "./** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true)); |
|
| 386 | 386 | $realExpiryDate = date_create_from_format("U", $parsedCert['full_details']['validTo_time_t'])->format("Y-m-d H:i:s"); |
| 387 | 387 | |
| 388 | 388 | // store new cert info in DB |
@@ -442,7 +442,7 @@ discard block |
||
| 442 | 442 | $username = ""; |
| 443 | 443 | while ($usernameIsUnique === FALSE) { |
| 444 | 444 | $usernameLocalPart = common\Entity::randomString(64 - 1 - strlen($realm), "0123456789abcdefghijklmnopqrstuvwxyz"); |
| 445 | - $username = $usernameLocalPart . "@" . $realm; |
|
| 445 | + $username = $usernameLocalPart."@".$realm; |
|
| 446 | 446 | $uniquenessQuery = $databaseHandle->exec("SELECT cn from silverbullet_certificate WHERE cn = ? AND ca_type = ?", "ss", $username, $certtype); |
| 447 | 447 | // SELECT -> resource, not boolean |
| 448 | 448 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $uniquenessQuery) == 0) { |
@@ -115,12 +115,12 @@ discard block |
||
| 115 | 115 | $this->name = $this->languageInstance->getLocalisedValue($this->getAttributes('general:instname')); |
| 116 | 116 | $eligibility = $this->eligibility(); |
| 117 | 117 | if (in_array(IdP::ELIGIBILITY_IDP, $eligibility) && in_array(IdP::ELIGIBILITY_SP, $eligibility)) { |
| 118 | - $eligType = IdP::TYPE_IDPSP . ""; |
|
| 118 | + $eligType = IdP::TYPE_IDPSP.""; |
|
| 119 | 119 | $this->type = $eligType; |
| 120 | 120 | } elseif (in_array(IdP::ELIGIBILITY_IDP, $eligibility)) { |
| 121 | - $eligType = IdP::TYPE_IDP . ""; |
|
| 121 | + $eligType = IdP::TYPE_IDP.""; |
|
| 122 | 122 | } else { |
| 123 | - $eligType = IdP::TYPE_SP . ""; |
|
| 123 | + $eligType = IdP::TYPE_SP.""; |
|
| 124 | 124 | } |
| 125 | 125 | $this->type = $eligType; |
| 126 | 126 | $this->loggerInstance->debug(3, "--- END Constructing new IdP object ... ---\n"); |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | */ |
| 135 | 135 | public function listProfiles(bool $activeOnly = FALSE) |
| 136 | 136 | { |
| 137 | - $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier" . ($activeOnly ? " AND showtime = 1" : ""); |
|
| 137 | + $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier".($activeOnly ? " AND showtime = 1" : ""); |
|
| 138 | 138 | $allProfiles = $this->databaseHandle->exec($query); |
| 139 | 139 | $returnarray = []; |
| 140 | 140 | // SELECT -> resource, not boolean |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | $returnarray[] = $oneProfile; |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - $this->loggerInstance->debug(4, "listProfiles: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 147 | + $this->loggerInstance->debug(4, "listProfiles: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 148 | 148 | return $returnarray; |
| 149 | 149 | } |
| 150 | 150 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | */ |
| 157 | 157 | public function listDeployments(bool $activeOnly = FALSE) |
| 158 | 158 | { |
| 159 | - $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier" . ($activeOnly ? " AND status = " . AbstractDeployment::ACTIVE : ""); |
|
| 159 | + $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier".($activeOnly ? " AND status = ".AbstractDeployment::ACTIVE : ""); |
|
| 160 | 160 | $allDeployments = $this->databaseHandle->exec($query); |
| 161 | 161 | $returnarray = []; |
| 162 | 162 | // SELECT -> resource, not boolean |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | $returnarray[] = new DeploymentManaged($this, $deploymentQuery->deployment_id); |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | - $this->loggerInstance->debug(4, "listDeployments: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 167 | + $this->loggerInstance->debug(4, "listDeployments: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 168 | 168 | return $returnarray; |
| 169 | 169 | } |
| 170 | 170 | |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | case AbstractProfile::PROFILETYPE_SILVERBULLET: |
| 307 | 307 | $theProfile = new ProfileSilverbullet($identifier, $this); |
| 308 | 308 | $theProfile->addSupportedEapMethod(new \core\common\EAP(\core\common\EAP::EAPTYPE_SILVERBULLET), 1); |
| 309 | - $theProfile->setRealm($this->identifier . "-" . $theProfile->identifier . "." . strtolower($this->federation) . strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 309 | + $theProfile->setRealm($this->identifier."-".$theProfile->identifier.".".strtolower($this->federation).strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 310 | 310 | return $theProfile; |
| 311 | 311 | default: |
| 312 | 312 | throw new Exception("This type of profile is unknown and can not be added."); |
@@ -447,7 +447,7 @@ discard block |
||
| 447 | 447 | public function getExternalDBId() |
| 448 | 448 | { |
| 449 | 449 | if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
| 450 | - $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = " . self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 450 | + $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = ".self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 451 | 451 | // SELECT -> it's a resource, not a boolean |
| 452 | 452 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $idQuery) == 0) { |
| 453 | 453 | return FALSE; |
@@ -513,16 +513,16 @@ discard block |
||
| 513 | 513 | } |
| 514 | 514 | foreach ($baseline as $lang => $value) { |
| 515 | 515 | if (!key_exists($lang, $newvalues)) { |
| 516 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] DELETED"; |
|
| 516 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] DELETED"; |
|
| 517 | 517 | } else { |
| 518 | 518 | if ($value != $newvalues[$lang]) { |
| 519 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] CHANGED from '" . $baseline[$lang] . "' to '" . $newvalues[$lang] . "'"; |
|
| 519 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] CHANGED from '".$baseline[$lang]."' to '".$newvalues[$lang]."'"; |
|
| 520 | 520 | } |
| 521 | 521 | } |
| 522 | 522 | } |
| 523 | 523 | foreach ($newvalues as $lang => $value) { |
| 524 | 524 | if (!key_exists($lang, $baseline)) { |
| 525 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] ADDED as '" . $value . "'"; |
|
| 525 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] ADDED as '".$value."'"; |
|
| 526 | 526 | } |
| 527 | 527 | } |
| 528 | 528 | return $retval; |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,27 +66,27 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
| 77 | - if ($this->issuingCert === FALSE || is_resource($this->issuingCert)|| $rootParsed === FALSE) { |
|
| 77 | + if ($this->issuingCert === FALSE || is_resource($this->issuingCert) || $rootParsed === FALSE) { |
|
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly (or not a PHP8 resource)!"); |
| 79 | 79 | } |
| 80 | 80 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 81 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 81 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | } |
| 83 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 83 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) { |
| 85 | 85 | throw new Exception("The private key did not parse correctly (or not a PHP8 resource)!"); |
| 86 | 86 | } |
| 87 | 87 | $this->issuingKey = $issuingKeyTemp; |
| 88 | 88 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 89 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 89 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 90 | 90 | } |
| 91 | 91 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 92 | 92 | } |
@@ -129,27 +129,27 @@ discard block |
||
| 129 | 129 | // generate stub index.txt file |
| 130 | 130 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 131 | 131 | $tempdir = $tempdirArray['dir']; |
| 132 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 133 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 132 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 133 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 134 | 134 | // serials for our CA are always integers |
| 135 | 135 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 136 | 136 | if (strlen($serialHex) % 2 == 1) { |
| 137 | - $serialHex = "0" . $serialHex; |
|
| 137 | + $serialHex = "0".$serialHex; |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 140 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 141 | 141 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 142 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 142 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 143 | 143 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 144 | 144 | } |
| 145 | 145 | // index.txt.attr is dull but needs to exist |
| 146 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 146 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 147 | 147 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 148 | 148 | // adding "-rmd sha1" to the following command-line makes the |
| 149 | 149 | // choice of signature algorithm for the response explicit |
| 150 | 150 | // but it's only available from openssl-1.1.0 (which we do not |
| 151 | 151 | // want to require just for that one thing). |
| 152 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 152 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 153 | 153 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 154 | 154 | $output = []; |
| 155 | 155 | $return = 999; |
@@ -157,11 +157,11 @@ discard block |
||
| 157 | 157 | if ($return !== 0) { |
| 158 | 158 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 159 | 159 | } |
| 160 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 160 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 161 | 161 | // remove the temp dir! |
| 162 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 163 | - unlink($tempdir . "/index.txt.attr"); |
|
| 164 | - unlink($tempdir . "/index.txt"); |
|
| 162 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 163 | + unlink($tempdir."/index.txt.attr"); |
|
| 164 | + unlink($tempdir."/index.txt"); |
|
| 165 | 165 | rmdir($tempdir); |
| 166 | 166 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 167 | 167 | return $ocsp; |
@@ -254,7 +254,7 @@ discard block |
||
| 254 | 254 | $serverCandidates[IdPlist::geoDistance($adminLocation, ['lat' => $iterator->location_lat, 'lon' => $iterator->location_lon])] = $iterator->server_id; |
| 255 | 255 | } |
| 256 | 256 | if ($clients > $maxSupportedClients * 0.9) { |
| 257 | - $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (" . $iterator->server_id . ") is serving at more than 90% capacity!"); |
|
| 257 | + $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (".$iterator->server_id.") is serving at more than 90% capacity!"); |
|
| 258 | 258 | } |
| 259 | 259 | } |
| 260 | 260 | if (count($serverCandidates) == 0 && $federation != "DEFAULT") { |
@@ -263,7 +263,7 @@ discard block |
||
| 263 | 263 | return $this->findGoodServerLocation($adminLocation, "DEFAULT", $blacklistedServers); |
| 264 | 264 | } |
| 265 | 265 | if (count($serverCandidates) == 0) { |
| 266 | - throw new Exception("No available server found for new SP! $federation " . /** @scrutinizer ignore-type */ print_r($serverCandidates, true)); |
|
| 266 | + throw new Exception("No available server found for new SP! $federation "./** @scrutinizer ignore-type */ print_r($serverCandidates, true)); |
|
| 267 | 267 | } |
| 268 | 268 | // put the nearest server on top of the list |
| 269 | 269 | ksort($serverCandidates); |
@@ -291,7 +291,7 @@ discard block |
||
| 291 | 291 | $foundFreePort1 = 0; |
| 292 | 292 | while ($foundFreePort1 == 0) { |
| 293 | 293 | $portCandidate = random_int(1200, 65535); |
| 294 | - $check = $this->databaseHandle->exec("SELECT port_instance_1 FROM deployment WHERE radius_instance_1 = '" . $ourserver . "' AND port_instance_1 = $portCandidate"); |
|
| 294 | + $check = $this->databaseHandle->exec("SELECT port_instance_1 FROM deployment WHERE radius_instance_1 = '".$ourserver."' AND port_instance_1 = $portCandidate"); |
|
| 295 | 295 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $check) == 0) { |
| 296 | 296 | $foundFreePort1 = $portCandidate; |
| 297 | 297 | } |
@@ -300,14 +300,14 @@ discard block |
||
| 300 | 300 | $foundFreePort2 = 0; |
| 301 | 301 | while ($foundFreePort2 == 0) { |
| 302 | 302 | $portCandidate = random_int(1200, 65535); |
| 303 | - $check = $this->databaseHandle->exec("SELECT port_instance_2 FROM deployment WHERE radius_instance_2 = '" . $ourSecondServer . "' AND port_instance_2 = $portCandidate"); |
|
| 303 | + $check = $this->databaseHandle->exec("SELECT port_instance_2 FROM deployment WHERE radius_instance_2 = '".$ourSecondServer."' AND port_instance_2 = $portCandidate"); |
|
| 304 | 304 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $check) == 0) { |
| 305 | 305 | $foundFreePort2 = $portCandidate; |
| 306 | 306 | } |
| 307 | 307 | } |
| 308 | 308 | // and make up a shared secret that is halfways readable |
| 309 | 309 | $futureSecret = $this->randomString(16, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"); |
| 310 | - $this->databaseHandle->exec("UPDATE deployment SET radius_instance_1 = '" . $ourserver . "', radius_instance_2 = '" . $ourSecondServer . "', port_instance_1 = $foundFreePort1, port_instance_2 = $foundFreePort2, secret = '$futureSecret' WHERE deployment_id = $this->identifier"); |
|
| 310 | + $this->databaseHandle->exec("UPDATE deployment SET radius_instance_1 = '".$ourserver."', radius_instance_2 = '".$ourSecondServer."', port_instance_1 = $foundFreePort1, port_instance_2 = $foundFreePort2, secret = '$futureSecret' WHERE deployment_id = $this->identifier"); |
|
| 311 | 311 | return ["port_instance_1" => $foundFreePort1, "port_instance_2" => $foundFreePort2, "secret" => $futureSecret, "radius_instance_1" => $ourserver, "radius_instance_2" => $ourserver]; |
| 312 | 312 | } |
| 313 | 313 | |
@@ -354,7 +354,7 @@ discard block |
||
| 354 | 354 | */ |
| 355 | 355 | public function deactivate() |
| 356 | 356 | { |
| 357 | - $this->databaseHandle->exec("UPDATE deployment SET status = " . DeploymentManaged::INACTIVE . " WHERE deployment_id = $this->identifier"); |
|
| 357 | + $this->databaseHandle->exec("UPDATE deployment SET status = ".DeploymentManaged::INACTIVE." WHERE deployment_id = $this->identifier"); |
|
| 358 | 358 | } |
| 359 | 359 | |
| 360 | 360 | /** |
@@ -365,7 +365,7 @@ discard block |
||
| 365 | 365 | */ |
| 366 | 366 | public function activate() |
| 367 | 367 | { |
| 368 | - $this->databaseHandle->exec("UPDATE deployment SET status = " . DeploymentManaged::ACTIVE . " WHERE deployment_id = $this->identifier"); |
|
| 368 | + $this->databaseHandle->exec("UPDATE deployment SET status = ".DeploymentManaged::ACTIVE." WHERE deployment_id = $this->identifier"); |
|
| 369 | 369 | } |
| 370 | 370 | |
| 371 | 371 | /** |
@@ -377,7 +377,7 @@ discard block |
||
| 377 | 377 | { |
| 378 | 378 | $customAttrib = $this->getAttributes("managedsp:operatorname"); |
| 379 | 379 | if (count($customAttrib) == 0) { |
| 380 | - return "1sp." . $this->identifier . "-" . $this->institution . \config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 380 | + return "1sp.".$this->identifier."-".$this->institution.\config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 381 | 381 | } |
| 382 | 382 | return $customAttrib[0]["value"]; |
| 383 | 383 | } |
@@ -393,13 +393,13 @@ discard block |
||
| 393 | 393 | { |
| 394 | 394 | |
| 395 | 395 | $hostname = "radius_hostname_$idx"; |
| 396 | - $ch = curl_init("http://" . $this->$hostname); |
|
| 396 | + $ch = curl_init("http://".$this->$hostname); |
|
| 397 | 397 | if ($ch === FALSE) { |
| 398 | 398 | $res = 'FAILURE'; |
| 399 | 399 | } else { |
| 400 | 400 | curl_setopt($ch, CURLOPT_POST, 1); |
| 401 | 401 | curl_setopt($ch, CURLOPT_POSTFIELDS, $post); |
| 402 | - $this->loggerInstance->debug(1, "Posting to http://" . $this->$hostname . ": $post\n"); |
|
| 402 | + $this->loggerInstance->debug(1, "Posting to http://".$this->$hostname.": $post\n"); |
|
| 403 | 403 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); |
| 404 | 404 | curl_setopt($ch, CURLOPT_HEADER, 0); |
| 405 | 405 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
@@ -414,7 +414,7 @@ discard block |
||
| 414 | 414 | $this->loggerInstance->debug(1, $this); |
| 415 | 415 | } |
| 416 | 416 | $this->loggerInstance->debug(1, "Database update"); |
| 417 | - $this->databaseHandle->exec("UPDATE deployment SET radius_status_$idx = " . ($res == 'OK' ? \core\AbstractDeployment::RADIUS_OK : \core\AbstractDeployment::RADIUS_FAILURE) . " WHERE deployment_id = $this->identifier"); |
|
| 417 | + $this->databaseHandle->exec("UPDATE deployment SET radius_status_$idx = ".($res == 'OK' ? \core\AbstractDeployment::RADIUS_OK : \core\AbstractDeployment::RADIUS_FAILURE)." WHERE deployment_id = $this->identifier"); |
|
| 418 | 418 | return $res; |
| 419 | 419 | } |
| 420 | 420 | |
@@ -435,19 +435,19 @@ discard block |
||
| 435 | 435 | } else { |
| 436 | 436 | $txt = $remove ? _('Profile dectivation failed') : _('Profile activation/modification failed'); |
| 437 | 437 | } |
| 438 | - $txt = $txt . ' '; |
|
| 438 | + $txt = $txt.' '; |
|
| 439 | 439 | if (array_count_values($response)[$status] == 2) { |
| 440 | - $txt = $txt . _('on both RADIUS servers: primary and backup') . '.'; |
|
| 440 | + $txt = $txt._('on both RADIUS servers: primary and backup').'.'; |
|
| 441 | 441 | } else { |
| 442 | 442 | if ($response['res[1]'] == $status) { |
| 443 | - $txt = $txt . _('on primary RADIUS server') . '.'; |
|
| 443 | + $txt = $txt._('on primary RADIUS server').'.'; |
|
| 444 | 444 | } else { |
| 445 | - $txt = $txt . _('on backup RADIUS server') . '.'; |
|
| 445 | + $txt = $txt._('on backup RADIUS server').'.'; |
|
| 446 | 446 | } |
| 447 | 447 | } |
| 448 | 448 | $mail = \core\common\OutsideComm::mailHandle(); |
| 449 | 449 | $email = $this->getAttributes("support:email")[0]['value']; |
| 450 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Notification System"; |
|
| 450 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Notification System"; |
|
| 451 | 451 | $mail->addAddress($email); |
| 452 | 452 | if ($status == 'OK') { |
| 453 | 453 | $mail->Subject = _('RADIUS profile update problem fixed'); |
@@ -481,7 +481,7 @@ discard block |
||
| 481 | 481 | return NULL; |
| 482 | 482 | } |
| 483 | 483 | $timeout = 10; |
| 484 | - curl_setopt($ch, CURLOPT_URL, 'http://' . $host); |
|
| 484 | + curl_setopt($ch, CURLOPT_URL, 'http://'.$host); |
|
| 485 | 485 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
| 486 | 486 | curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); |
| 487 | 487 | curl_exec($ch); |
@@ -572,32 +572,32 @@ discard block |
||
| 572 | 572 | { |
| 573 | 573 | $remove = ($this->status == \core\AbstractDeployment::INACTIVE) ? 0 : 1; |
| 574 | 574 | $toPost = ($onlyone ? array($onlyone => '') : array(1 => '', 2 => '')); |
| 575 | - $toPostTemplate = 'instid=' . $this->institution . '&deploymentid=' . $this->identifier . '&secret=' . $this->secret . '&country=' . $this->getAttributes("internal:country")[0]['value'] . '&'; |
|
| 575 | + $toPostTemplate = 'instid='.$this->institution.'&deploymentid='.$this->identifier.'&secret='.$this->secret.'&country='.$this->getAttributes("internal:country")[0]['value'].'&'; |
|
| 576 | 576 | if ($remove) { |
| 577 | - $toPostTemplate = $toPostTemplate . 'remove=1&'; |
|
| 577 | + $toPostTemplate = $toPostTemplate.'remove=1&'; |
|
| 578 | 578 | } else { |
| 579 | 579 | if ($this->getAttributes("managedsp:operatorname")[0]['value'] ?? NULL) { |
| 580 | - $toPostTemplate = $toPostTemplate . 'operatorname=' . $this->getAttributes("managedsp:operatorname")[0]['value'] . '&'; |
|
| 580 | + $toPostTemplate = $toPostTemplate.'operatorname='.$this->getAttributes("managedsp:operatorname")[0]['value'].'&'; |
|
| 581 | 581 | } |
| 582 | 582 | if ($this->getAttributes("managedsp:vlan")[0]['value'] ?? NULL) { |
| 583 | 583 | $allRealms = $this->getAllRealms(); |
| 584 | 584 | if (!empty($allRealms)) { |
| 585 | - $toPostTemplate = $toPostTemplate . 'vlan=' . $this->getAttributes("managedsp:vlan")[0]['value'] . '&'; |
|
| 586 | - $toPostTemplate = $toPostTemplate . 'realmforvlan[]=' . implode('&realmforvlan[]=', $allRealms) . '&'; |
|
| 585 | + $toPostTemplate = $toPostTemplate.'vlan='.$this->getAttributes("managedsp:vlan")[0]['value'].'&'; |
|
| 586 | + $toPostTemplate = $toPostTemplate.'realmforvlan[]='.implode('&realmforvlan[]=', $allRealms).'&'; |
|
| 587 | 587 | } |
| 588 | 588 | } |
| 589 | 589 | } |
| 590 | 590 | foreach (array_keys($toPost) as $key) { |
| 591 | - $elem = 'port' . $key; |
|
| 592 | - $toPost[$key] = $toPostTemplate . 'port=' . $this->$elem; |
|
| 591 | + $elem = 'port'.$key; |
|
| 592 | + $toPost[$key] = $toPostTemplate.'port='.$this->$elem; |
|
| 593 | 593 | } |
| 594 | 594 | $response = array(); |
| 595 | 595 | foreach ($toPost as $key => $value) { |
| 596 | - $this->loggerInstance->debug(1, 'toPost ' . $toPost[$key] . "\n"); |
|
| 597 | - $response['res[' . $key . ']'] = $this->sendToRADIUS($key, $toPost[$key]); |
|
| 596 | + $this->loggerInstance->debug(1, 'toPost '.$toPost[$key]."\n"); |
|
| 597 | + $response['res['.$key.']'] = $this->sendToRADIUS($key, $toPost[$key]); |
|
| 598 | 598 | } |
| 599 | 599 | if ($onlyone) { |
| 600 | - $response['res[' . ($onlyone == 1) ? 2 : 1 . ']'] = \core\AbstractDeployment::RADIUS_OK; |
|
| 600 | + $response['res['.($onlyone == 1) ? 2 : 1.']'] = \core\AbstractDeployment::RADIUS_OK; |
|
| 601 | 601 | } |
| 602 | 602 | foreach (array('OK', 'FAILURE') as $status) { |
| 603 | 603 | if ((($status == 'OK' && $notify) || ($status == 'FAILURE')) && in_array($status, $response)) { |
@@ -17,9 +17,9 @@ discard block |
||
| 17 | 17 | class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 18 | 18 | { |
| 19 | 19 | |
| 20 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 20 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 23 | 23 | private const EDUPKI_RA_ID = 700; |
| 24 | 24 | private const EDUPKI_CERT_PROFILE = "User SOAP"; |
| 25 | 25 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -35,13 +35,13 @@ discard block |
||
| 35 | 35 | parent::__construct(); |
| 36 | 36 | |
| 37 | 37 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) { |
| 38 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 38 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 39 | 39 | } |
| 40 | 40 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) { |
| 41 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 41 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 42 | 42 | } |
| 43 | 43 | if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) { |
| 44 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 44 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
@@ -75,19 +75,19 @@ discard block |
||
| 75 | 75 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 76 | 76 | try { |
| 77 | 77 | $altArray = [# Array mit den Subject Alternative Names |
| 78 | - "email:" . $csr["USERNAME"] |
|
| 78 | + "email:".$csr["USERNAME"] |
|
| 79 | 79 | ]; |
| 80 | 80 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 81 | 81 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 82 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n"); |
|
| 83 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 82 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n"); |
|
| 83 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 84 | 84 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 85 | 85 | $this->loggerInstance->debug(5, $altArray); |
| 86 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n"); |
|
| 87 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 88 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 89 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n"); |
|
| 90 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 86 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n"); |
|
| 87 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 88 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 89 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n"); |
|
| 90 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 91 | 91 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 92 | 92 | $soapNewRequest = $soapPub->newRequest( |
| 93 | 93 | CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID |
@@ -109,11 +109,11 @@ discard block |
||
| 109 | 109 | } catch (Exception $e) { |
| 110 | 110 | // PHP 7.1 can do this much better |
| 111 | 111 | if (is_soap_fault($e)) { |
| 112 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 112 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 113 | 113 | $e->faultstring |
| 114 | 114 | }\n"); |
| 115 | 115 | } |
| 116 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 116 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 117 | 117 | } |
| 118 | 118 | try { |
| 119 | 119 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -125,8 +125,8 @@ discard block |
||
| 125 | 125 | $soapReqnum, [ |
| 126 | 126 | "RaID" => CertificationAuthorityEduPki::EDUPKI_RA_ID, |
| 127 | 127 | "Role" => CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE, |
| 128 | - "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . \config\ConfAssistant::CONSORTIUM['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'], |
|
| 129 | - "SubjectAltNames" => ["email:" . $csr["USERNAME"]], |
|
| 128 | + "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".\config\ConfAssistant::CONSORTIUM['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'], |
|
| 129 | + "SubjectAltNames" => ["email:".$csr["USERNAME"]], |
|
| 130 | 130 | "NotBefore" => (new \DateTime())->format('c'), |
| 131 | 131 | "NotAfter" => $expiry->format('c'), |
| 132 | 132 | ] |
@@ -145,7 +145,7 @@ discard block |
||
| 145 | 145 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 146 | 146 | // rather than just using the string. Grr. |
| 147 | 147 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 148 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 148 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 149 | 149 | // retrieve our RA cert from filesystem |
| 150 | 150 | // the RA certificates are not needed right now because we |
| 151 | 151 | // have resorted to S/MIME signatures with openssl command-line |
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 158 | 158 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 159 | 159 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 160 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 160 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 161 | 161 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 162 | 162 | $output = []; |
| 163 | 163 | $return = 999; |
@@ -166,14 +166,14 @@ discard block |
||
| 166 | 166 | throw new Exception("Non-zero return value from openssl smime!"); |
| 167 | 167 | } |
| 168 | 168 | // and get the signature blob back from the filesystem |
| 169 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 169 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 170 | 170 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 171 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 172 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 173 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 171 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 172 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 173 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 174 | 174 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 175 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 176 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 175 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 176 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 177 | 177 | if ($soapIssueCert === FALSE) { |
| 178 | 178 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 179 | 179 | } |
@@ -210,9 +210,9 @@ discard block |
||
| 210 | 210 | throw new Exception("CAInfo has no root certificate for us!"); |
| 211 | 211 | } |
| 212 | 212 | } catch (SoapFault $e) { |
| 213 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 213 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 214 | 214 | } catch (Exception $e) { |
| 215 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 215 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 216 | 216 | } |
| 217 | 217 | return [ |
| 218 | 218 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -245,12 +245,12 @@ discard block |
||
| 245 | 245 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 246 | 246 | // rather than just using the string. Grr. |
| 247 | 247 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 248 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 248 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 249 | 249 | // retrieve our RA cert from filesystem |
| 250 | 250 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 251 | 251 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 252 | 252 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 253 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 253 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 254 | 254 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 255 | 255 | $output = []; |
| 256 | 256 | $return = 999; |
@@ -259,7 +259,7 @@ discard block |
||
| 259 | 259 | throw new Exception("Non-zero return value from openssl smime!"); |
| 260 | 260 | } |
| 261 | 261 | // and get the signature blob back from the filesystem |
| 262 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 262 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 263 | 263 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 264 | 264 | if ($soapIssueRev === FALSE) { |
| 265 | 265 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -267,9 +267,9 @@ discard block |
||
| 267 | 267 | } catch (Exception $e) { |
| 268 | 268 | // PHP 7.1 can do this much better |
| 269 | 269 | if (is_soap_fault($e)) { |
| 270 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 270 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 271 | 271 | } |
| 272 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 272 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 273 | 273 | } |
| 274 | 274 | } |
| 275 | 275 | |
@@ -369,9 +369,9 @@ discard block |
||
| 369 | 369 | */ |
| 370 | 370 | public function soapToXmlInteger($x) |
| 371 | 371 | { |
| 372 | - return '<' . $x[0] . '>' |
|
| 372 | + return '<'.$x[0].'>' |
|
| 373 | 373 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 374 | - . '</' . $x[0] . '>'; |
|
| 374 | + . '</'.$x[0].'>'; |
|
| 375 | 375 | } |
| 376 | 376 | |
| 377 | 377 | /** |
@@ -390,9 +390,9 @@ discard block |
||
| 390 | 390 | // dump private key into directory |
| 391 | 391 | $outstring = ""; |
| 392 | 392 | openssl_pkey_export($privateKey, $outstring); |
| 393 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 393 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 394 | 394 | // PHP can only do one DC in the Subject. But we need three. |
| 395 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 395 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 396 | 396 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 397 | 397 | $output = []; |
| 398 | 398 | $return = 999; |
@@ -17,9 +17,9 @@ discard block |
||
| 17 | 17 | class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 18 | 18 | { |
| 19 | 19 | |
| 20 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 20 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 23 | 23 | private const EDUPKI_RA_ID = 700; |
| 24 | 24 | private const EDUPKI_CERT_PROFILE = "Radius Server SOAP"; |
| 25 | 25 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -35,13 +35,13 @@ discard block |
||
| 35 | 35 | parent::__construct(); |
| 36 | 36 | |
| 37 | 37 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) { |
| 38 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 38 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 39 | 39 | } |
| 40 | 40 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) { |
| 41 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 41 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 42 | 42 | } |
| 43 | 43 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) { |
| 44 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 44 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
@@ -99,19 +99,19 @@ discard block |
||
| 99 | 99 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 100 | 100 | try { |
| 101 | 101 | $altArray = [# Array mit den Subject Alternative Names |
| 102 | - "email:" . $csr["USERMAIL"] |
|
| 102 | + "email:".$csr["USERMAIL"] |
|
| 103 | 103 | ]; |
| 104 | 104 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 105 | 105 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 106 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n"); |
|
| 107 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 106 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n"); |
|
| 107 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 108 | 108 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 109 | 109 | $this->loggerInstance->debug(5, $altArray); |
| 110 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n"); |
|
| 111 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 112 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 113 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 114 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 110 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n"); |
|
| 111 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 112 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 113 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 114 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 115 | 115 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 116 | 116 | $soapNewRequest = $soapPub->newRequest( |
| 117 | 117 | CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID |
@@ -133,11 +133,11 @@ discard block |
||
| 133 | 133 | } catch (Exception $e) { |
| 134 | 134 | // PHP 7.1 can do this much better |
| 135 | 135 | if (is_soap_fault($e)) { |
| 136 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 136 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 137 | 137 | $e->faultstring |
| 138 | 138 | }\n"); |
| 139 | 139 | } |
| 140 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 140 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 141 | 141 | } |
| 142 | 142 | try { |
| 143 | 143 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 172 | 172 | // rather than just using the string. Grr. |
| 173 | 173 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 174 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 174 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 175 | 175 | // retrieve our RA cert from filesystem |
| 176 | 176 | // the RA certificates are not needed right now because we |
| 177 | 177 | // have resorted to S/MIME signatures with openssl command-line |
@@ -183,7 +183,7 @@ discard block |
||
| 183 | 183 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 184 | 184 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 185 | 185 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 186 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 186 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 187 | 187 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 188 | 188 | $output = []; |
| 189 | 189 | $return = 999; |
@@ -192,21 +192,21 @@ discard block |
||
| 192 | 192 | throw new Exception("Non-zero return value from openssl smime!"); |
| 193 | 193 | } |
| 194 | 194 | // and get the signature blob back from the filesystem |
| 195 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 195 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 196 | 196 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 197 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 198 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 199 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 197 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 198 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 199 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 200 | 200 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 201 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 202 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 201 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 202 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 203 | 203 | if ($soapIssueCert === FALSE) { |
| 204 | 204 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 205 | 205 | } |
| 206 | 206 | } catch (SoapFault $e) { |
| 207 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 207 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 208 | 208 | } catch (Exception $e) { |
| 209 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 209 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 210 | 210 | } |
| 211 | 211 | return $soapReqnum; |
| 212 | 212 | } |
@@ -258,9 +258,9 @@ discard block |
||
| 258 | 258 | throw new Exception("CAInfo has no root certificate for us!"); |
| 259 | 259 | } |
| 260 | 260 | } catch (SoapFault $e) { |
| 261 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 261 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 262 | 262 | } catch (Exception $e) { |
| 263 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 263 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 264 | 264 | } |
| 265 | 265 | return [ |
| 266 | 266 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -293,12 +293,12 @@ discard block |
||
| 293 | 293 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 294 | 294 | // rather than just using the string. Grr. |
| 295 | 295 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 296 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 296 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 297 | 297 | // retrieve our RA cert from filesystem |
| 298 | 298 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 299 | 299 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 300 | 300 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 301 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 301 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 302 | 302 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 303 | 303 | $output = []; |
| 304 | 304 | $return = 999; |
@@ -307,7 +307,7 @@ discard block |
||
| 307 | 307 | throw new Exception("Non-zero return value from openssl smime!"); |
| 308 | 308 | } |
| 309 | 309 | // and get the signature blob back from the filesystem |
| 310 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 310 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 311 | 311 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 312 | 312 | if ($soapIssueRev === FALSE) { |
| 313 | 313 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -315,9 +315,9 @@ discard block |
||
| 315 | 315 | } catch (Exception $e) { |
| 316 | 316 | // PHP 7.1 can do this much better |
| 317 | 317 | if (is_soap_fault($e)) { |
| 318 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 318 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 319 | 319 | } |
| 320 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 320 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 321 | 321 | } |
| 322 | 322 | } |
| 323 | 323 | |
@@ -417,9 +417,9 @@ discard block |
||
| 417 | 417 | */ |
| 418 | 418 | public function soapToXmlInteger($x) |
| 419 | 419 | { |
| 420 | - return '<' . $x[0] . '>' |
|
| 420 | + return '<'.$x[0].'>' |
|
| 421 | 421 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 422 | - . '</' . $x[0] . '>'; |
|
| 422 | + . '</'.$x[0].'>'; |
|
| 423 | 423 | } |
| 424 | 424 | |
| 425 | 425 | /** |
@@ -438,9 +438,9 @@ discard block |
||
| 438 | 438 | // dump private key into directory |
| 439 | 439 | $outstring = ""; |
| 440 | 440 | openssl_pkey_export($privateKey, $outstring); |
| 441 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 441 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 442 | 442 | // PHP can only do one DC in the Subject. But we need three. |
| 443 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 443 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 444 | 444 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 445 | 445 | $output = []; |
| 446 | 446 | $return = 999; |
