GEANT / CAT

web/user/faq.php

Spacing +5 added lines, -5 removed lines

@@ -50,19 +50,19 @@ 
 
 array_push($FAQ, [
     'title' => sprintf(_("Is it safe to use %s installers?"), \config\Master::APPEARANCE['productname']),
-    'text' => sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."), \config\Master::APPEARANCE['productname']) . ' ' . ( isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."), \config\Master::APPEARANCE['productname'], \config\ConfAssistant::CONSORTIUM['signer_name']) : ""),
+    'text' => sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."), \config\Master::APPEARANCE['productname']).' '.(isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."), \config\Master::APPEARANCE['productname'], \config\ConfAssistant::CONSORTIUM['signer_name']) : ""),
 ]);
 
 array_push($FAQ, [
     'title' => _("Windows 'SmartScreen' or 'Internet Explorer' tell me that the file is not commonly downloaded and possibly harmful. Should I be concerned?"),
-    'text' => _("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.") . " " . (isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."), \config\ConfAssistant::CONSORTIUM['signer_name']) . " " : "") . sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."), "<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>")
+    'text' => _("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.")." ".(isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."), \config\ConfAssistant::CONSORTIUM['signer_name'])." " : "").sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."), "<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>")
 ]);
 
 if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == NULL) {
     $text = sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."), \config\ConfAssistant::CONSORTIUM['display_name']);
 } else {
     if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == 'LOCAL') {
-        $diagUrl = \config\Master::PATHS['cat_base_url'] . "diag/";
+        $diagUrl = \config\Master::PATHS['cat_base_url']."diag/";
     } else {
         $diagUrl = \config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'];
     }
@@ -99,8 +99,8 @@ 
     $tocText = "";
     $fullText = "";
     foreach ($FAQ as $faq) {
-        $tocText .= '<a href="#toc' . $counter . '">' . $faq['title'] . "</a><br>\n";
-        $fullText .= "<dt><a name=toc$counter>" . $faq['title'] . "</a></dt>\n<dd>" . $faq['text'] . "</dd>\n";
+        $tocText .= '<a href="#toc'.$counter.'">'.$faq['title']."</a><br>\n";
+        $fullText .= "<dt><a name=toc$counter>".$faq['title']."</a></dt>\n<dd>".$faq['text']."</dd>\n";
         $counter++;
     }
     ?>

core/Options.php

Spacing +4 added lines, -4 removed lines

@@ -142,17 +142,17 @@ 
         foreach (array_keys($this->typeDb) as $name) {
             if ($className === 0) {
                 $tempArray[] = $name;
-            } elseif (preg_match('/^' . $className . ':/', $name) > 0) {
+            } elseif (preg_match('/^'.$className.':/', $name) > 0) {
                 $tempArray[] = $name;
             }
         }
         $returnArray = $tempArray;
         // remove silverbullet-specific options if this deployment is not SB
         foreach ($tempArray as $key => $val) {
-            if (( \config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] != 'LOCAL') && (preg_match('/^fed:silverbullet/', $val) > 0)) {
+            if ((\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] != 'LOCAL') && (preg_match('/^fed:silverbullet/', $val) > 0)) {
                 unset($returnArray[$key]);
             }
-            if (( \config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] != 'LOCAL') && (preg_match('/^fed:minted_ca_file/', $val) > 0)) {
+            if ((\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] != 'LOCAL') && (preg_match('/^fed:minted_ca_file/', $val) > 0)) {
                 unset($returnArray[$key]);
             }
         }
@@ -172,7 +172,7 @@ 
         if (isset($this->typeDb[$optionname])) {
             return $this->typeDb[$optionname];
         }
-        throw new Exception("Metadata about an option was requested, but the option name does not exist in the system: " . htmlentities($optionname));
+        throw new Exception("Metadata about an option was requested, but the option name does not exist in the system: ".htmlentities($optionname));
     }
 
     /**

config/_config.php

Spacing +6 added lines, -6 removed lines

@@ -21,14 +21,14 @@ 
  */
 
 require_once "autoloader.php";
-require_once __DIR__ . "/../packageRoot.php";
+require_once __DIR__."/../packageRoot.php";
 
 // enable Composer autoloader, if exists
-if (file_exists(__DIR__ . "/../vendor/autoload.php") !== FALSE) {
-    include_once __DIR__ . "/../vendor/autoload.php";
+if (file_exists(__DIR__."/../vendor/autoload.php") !== FALSE) {
+    include_once __DIR__."/../vendor/autoload.php";
 }
 
-if (!file_exists(ROOT . "/config/Master.php")) {
+if (!file_exists(ROOT."/config/Master.php")) {
     echo "Master configuration file not found. You need to configure the product! At least config/Master.php is required!";
     throw new Exception("Master config file not found!");
 }
@@ -36,14 +36,14 @@ 
 /* load sub-configs if we are dealing with those in this installation */
 
 if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == 'LOCAL' || \config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_RADIUS'] == 'LOCAL') {
-    if (!file_exists(ROOT . "/config/ConfAssistant.php")) {
+    if (!file_exists(ROOT."/config/ConfAssistant.php")) {
         echo "ConfAssistant configuration file not found. You need to configure the product!";
         throw new Exception("ConfAssistant config file not found!");
     }
 }
 
 if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == 'LOCAL') {
-    if (!file_exists(ROOT . "/config/Diagnostics.php")) {
+    if (!file_exists(ROOT."/config/Diagnostics.php")) {
         echo "Diagnostics configuration file not found. You need to configure the product!";
         throw new Exception("Diagnostics config file not found!");
     }

web/admin/edit_federation_result.php

Spacing +4 added lines, -4 removed lines

@@ -25,7 +25,7 @@ 
  * @author Stefan Winter <stefan.winter@restena.lu>
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $deco = new \web\lib\admin\PageDecoration();
@@ -46,18 +46,18 @@ 
 
 if ($submitGiven == web\lib\common\FormElements::BUTTON_SAVE) { // here we go
     $fed_name = $my_fed->name;
-    echo "<h1>" . sprintf(_("Submitted attributes for %s '%s'"), $uiElements->nomenclatureFed, $fed_name) . "</h1>";
+    echo "<h1>".sprintf(_("Submitted attributes for %s '%s'"), $uiElements->nomenclatureFed, $fed_name)."</h1>";
     echo "<table>";
     echo $optionParser->processSubmittedFields($my_fed, $_POST, $_FILES);
     echo "</table>";
 
     $loggerInstance = new \core\common\Logging();
-    $loggerInstance->writeAudit($_SESSION['user'], "MOD", "FED " . $my_fed->name . " - attributes changed");
+    $loggerInstance->writeAudit($_SESSION['user'], "MOD", "FED ".$my_fed->name." - attributes changed");
 
     // re-instantiate ourselves... profiles need fresh data
 
     $my_fed = $validator->existingFederation($_GET['fed_id'], $_SESSION['user']);
 
-    echo "<br/><form method='post' action='overview_federation.php' accept-charset='UTF-8'><button type='submit'>" . _("Continue to dashboard") . "</button></form>";
+    echo "<br/><form method='post' action='overview_federation.php' accept-charset='UTF-8'><button type='submit'>"._("Continue to dashboard")."</button></form>";
 }
 echo $deco->footer();

utils/installTranslations.php

Spacing +1 added lines, -1 removed lines

@@ -8,7 +8,7 @@
  * License: see the web/copyright.php file in the file structure
  * ******************************************************************************
  */
-require_once dirname(dirname(__FILE__)) . "/config/_config.php";
+require_once dirname(dirname(__FILE__))."/config/_config.php";
 
 const AREAS = ["web_admin", "web_user", "devices", "core", "diagnostics"];
 foreach (\config\Master::LANGUAGES as $lang => $details) {

web/lib/admin/API.php

Braces +1 added lines, -2 removed lines

@@ -607,8 +607,7 @@
         $output = json_encode(["result" => "SUCCESS", "details" => $details], JSON_PRETTY_PRINT);
         if ($output === FALSE) {
             $this->returnError(API::ERROR_INTERNAL_ERROR, "Unable to JSON encode return data: ". json_last_error(). " - ". json_last_error_msg());
-        }
-        else {
+        } else {
             echo $output;
         }
     }

Spacing +14 added lines, -14 removed lines

@@ -253,7 +253,7 @@ 
     const ACTIONS = [
         // Inst-level actions.
         API::ACTION_NEWINST_BY_REF => [
-            "REQ" => [API::AUXATTRIB_EXTERNALID,],
+            "REQ" => [API::AUXATTRIB_EXTERNALID, ],
             "OPT" => [
                 'general:geo_coordinates',
                 'general:logo_file',
@@ -270,7 +270,7 @@ 
             "FLAG" => [],
         ],
         API::ACTION_NEWINST => [
-            "REQ" => [API::AUXATTRIB_INSTTYPE,], // "IdP", "SP" or "IdPSP"
+            "REQ" => [API::AUXATTRIB_INSTTYPE, ], // "IdP", "SP" or "IdPSP"
             "OPT" => [
                 'general:instname',
                 'general:geo_coordinates',
@@ -489,12 +489,12 @@ 
     public function scrub($inputJson, $fedObject) {        
         $optionInstance = \core\Options::instance();
         $parameters = [];
-        $allPossibleAttribs = array_merge(API::ACTIONS[$inputJson['ACTION']]['REQ'], API::ACTIONS[$inputJson['ACTION']]['OPT'],  API::ACTIONS[$inputJson['ACTION']]['FLAG']);
+        $allPossibleAttribs = array_merge(API::ACTIONS[$inputJson['ACTION']]['REQ'], API::ACTIONS[$inputJson['ACTION']]['OPT'], API::ACTIONS[$inputJson['ACTION']]['FLAG']);
         // some actions don't need parameters. Don't get excited when there aren't any.
         if (!isset($inputJson['PARAMETERS'])) {
             return [];
         }
-        \core\common\Logging::debug_s(4, $inputJson['PARAMETERS'], "JSON:\n","\n");
+        \core\common\Logging::debug_s(4, $inputJson['PARAMETERS'], "JSON:\n", "\n");
         foreach ($inputJson['PARAMETERS'] as $number => $oneIncomingParam) {
             // index has to be an integer
             if (!is_int($number)) {
@@ -543,7 +543,7 @@ 
                         break;
                 }   
             } elseif (preg_match("/^FLAG-/", $oneIncomingParam['NAME'])) {
-                if ($oneIncomingParam['VALUE'] != "TRUE" && $oneIncomingParam['VALUE'] != "FALSE" ) {
+                if ($oneIncomingParam['VALUE'] != "TRUE" && $oneIncomingParam['VALUE'] != "FALSE") {
                     // incorrect FLAG value
                     $parameters[$number] = array_merge($oneIncomingParam, ['VERFY_RESULT'=>false, 'VERIFY_DESC'=>"Incorrect FLAG value"]);
                     continue;
@@ -603,8 +603,8 @@ 
 
                 case \core\Options::TYPECODE_COORDINATES:
                     $extension = \core\Options::TYPECODE_TEXT;
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     break;
                 case \core\Options::TYPECODE_TEXT:
                 // Fall-through: they all get the same treatment.
@@ -614,18 +614,18 @@ 
                 // Fall-through: they all get the same treatment.
                 case \core\Options::TYPECODE_INTEGER:
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     if ($optionInfo['flag'] == "ML") {
-                        $coercedInline["value"][$basename . "-lang"] = $oneAttrib['LANG'];
+                        $coercedInline["value"][$basename."-lang"] = $oneAttrib['LANG'];
                     }
                     break;
                 case \core\Options::TYPECODE_FILE:
                     // Binary data is expected in base64 encoding. This is true also for PEM files!
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    file_put_contents($dir['dir'] . "/" . $basename . "-" . $extension, base64_decode($oneAttrib['VALUE']));
-                    $coercedFile["value"]['tmp_name'][$basename . "-" . $extension] = $dir['dir'] . "/" . $basename . "-" . $extension;
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    file_put_contents($dir['dir']."/".$basename."-".$extension, base64_decode($oneAttrib['VALUE']));
+                    $coercedFile["value"]['tmp_name'][$basename."-".$extension] = $dir['dir']."/".$basename."-".$extension;
                     break;
                 default:
                     throw new Exception("We don't seem to know this type code!");
@@ -654,7 +654,7 @@ 
     public function returnSuccess($details) {
         $output = json_encode(["result" => "SUCCESS", "details" => $details], JSON_PRETTY_PRINT);
         if ($output === FALSE) {
-            $this->returnError(API::ERROR_INTERNAL_ERROR, "Unable to JSON encode return data: ". json_last_error(). " - ". json_last_error_msg());
+            $this->returnError(API::ERROR_INTERNAL_ERROR, "Unable to JSON encode return data: ".json_last_error()." - ".json_last_error_msg());
         }
         else {
             echo $output;

web/admin/112365365321.php

Spacing +3 added lines, -3 removed lines

@@ -19,7 +19,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(__DIR__)) . '/config/_config.php';
+require_once dirname(dirname(__DIR__)).'/config/_config.php';
 
 $uiElements = new web\lib\admin\UIElements();
 
@@ -75,7 +75,7 @@ 
                         // filesystem cleanup
                     case web\lib\common\FormElements::BUTTON_DELETE:
                         $i = web\lib\admin\Maintenance::deleteObsoleteTempDirs();
-                        echo "<div class='ca-summary'><table>" . $uiElements->boxRemark(sprintf("Deleted %d cache directories.", $i), "Cache deleted") . "</table></div>";
+                        echo "<div class='ca-summary'><table>".$uiElements->boxRemark(sprintf("Deleted %d cache directories.", $i), "Cache deleted")."</table></div>";
                         break;
                     default:
                         break;
@@ -141,7 +141,7 @@ 
                     $admin_query = $dbHandle->exec("SELECT SUM(downloads_admin) AS admin, SUM(downloads_user) AS user, SUM(downloads_silverbullet) as silverbullet FROM downloads WHERE device_id = '$index'");
                     // SELECT -> mysqli_result, not boolean
                     while ($a = mysqli_fetch_object(/** @scrutinizer ignore-type */ $admin_query)) {
-                        echo "<td>" . $device_array['display'] . "</td><td>" . $a->admin . "</td><td>" . $a->user . "</td><td>" . $a->silverbullet . "</td><td>" . sprintf("%s", $a->user + $a->silverbullet) . "</td>";
+                        echo "<td>".$device_array['display']."</td><td>".$a->admin."</td><td>".$a->user."</td><td>".$a->silverbullet."</td><td>".sprintf("%s", $a->user + $a->silverbullet)."</td>";
                         $gross_admin = $gross_admin + $a->admin;
                         $gross_user = $gross_user + $a->user;
                         $gross_silverbullet = $gross_silverbullet + $a->silverbullet;

utils/SP_consistency_check.php

Indentation +4 added lines, -4 removed lines

@@ -1,10 +1,10 @@
 <?php
 require_once dirname(dirname(__FILE__)) . "/config/_config.php";
 /**
-    * check if URL responds with 200
-    *
-    * @param string $srv server name
-    * @return integer or NULL
+ * check if URL responds with 200
+ *
+ * @param string $srv server name
+ * @return integer or NULL
 */
 function checkConfigRADIUSDaemon ($srv) {
     $ch = curl_init();

Spacing +8 added lines, -8 removed lines

@@ -1,22 +1,22 @@ 
 <?php
-require_once dirname(dirname(__FILE__)) . "/config/_config.php";
+require_once dirname(dirname(__FILE__))."/config/_config.php";
 /**
     * check if URL responds with 200
     *
     * @param string $srv server name
     * @return integer or NULL
 */
-function checkConfigRADIUSDaemon ($srv) {
+function checkConfigRADIUSDaemon($srv) {
     $ch = curl_init();
     if ($ch === FALSE) {
         return NULL;
     }
     $timeout = 10;
-    curl_setopt ( $ch, CURLOPT_URL, $srv );
-    curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 );
-    curl_setopt ( $ch, CURLOPT_TIMEOUT, $timeout );
+    curl_setopt($ch, CURLOPT_URL, $srv);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
     curl_exec($ch);
-    $http_code = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
+    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
     curl_close($ch);
     if ($http_code == 200) {
         return 1;
@@ -53,8 +53,8 @@ 
 }
 $siteStatus = array();
 foreach (array_keys($brokenDeployments) as $server_id) {
-    print "check $server_id " . $radiusSite[$server_id] . "\n";
-    $siteStatus[$server_id]  = checkConfigRADIUSDaemon('http://' . $radiusSite[$server_id]);
+    print "check $server_id ".$radiusSite[$server_id]."\n";
+    $siteStatus[$server_id] = checkConfigRADIUSDaemon('http://'.$radiusSite[$server_id]);
     if ($siteStatus[$server_id]) {
         echo "\ncheck radius\n";
         echo \config\Diagnostics::RADIUSSPTEST['port']."\n";

web/admin/API.php

Indentation +1 added lines, -1 removed lines

@@ -417,7 +417,7 @@
         $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
         $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
         $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+        $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
         if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
             // we need at least one of those
             $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");

Spacing +7 added lines, -7 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 // no SAML auth on this page. The API key authenticates the entity
 
@@ -38,7 +38,7 @@ 
 
 $inputDecoded = json_decode($inputRaw, TRUE);
 if (!is_array($inputDecoded)) {
-    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data." . json_last_error_msg() . $inputRaw);
+    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data.".json_last_error_msg().$inputRaw);
     exit(1);
 }
 
@@ -132,7 +132,7 @@ 
             throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
         }
         $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+        $URL = "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/action_enrollment.php?token=".array_keys($newtokens)[0];
         $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
         // done with the essentials - display in response. But if we also have an email address, send it there
         $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
@@ -169,7 +169,7 @@ 
         if ($found) {
             $adminApi->returnSuccess([]);
         }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP ".$idp->identifier);
         break;
     case web\lib\admin\API::ACTION_STATISTICS_FED:
         $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
@@ -281,10 +281,10 @@ 
                 $outer = "";
                 $profile->setAnonymousIDSupport(FALSE);
             } else {
-                $outer = $outer . "@";
+                $outer = $outer."@";
                 $profile->setAnonymousIDSupport(TRUE);
             }
-            $profile->setRealm($outer . $realm);
+            $profile->setRealm($outer.$realm);
         }
         /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
         $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
@@ -531,7 +531,7 @@ 
         // extract relevant subset of information from cert objects
         $certDetails = [];
         foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            $certDetails[$cert->ca_type.":".$cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
         }
         $adminApi->returnSuccess($certDetails);
         break;

Switch Indentation +406 added lines, -406 removed lines

@@ -91,142 +91,142 @@ 
 
 
 switch ($inputDecoded['ACTION']) {
-    case web\lib\admin\API::ACTION_NEWINST:
-        // create the inst, no admin, no attributes
-        $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
-        if ($typeRaw === FALSE) {
-            throw new Exception("We did not receive a valid participant type!");
-        }
-        $type = $validator->partType($typeRaw);
-        $idp = new \core\IdP($fed->newIdP('TOKEN', $type, "PENDING", "API"));
-        // now add all submitted attributes
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_DELINST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $idp->destroy();
-        $adminApi->returnSuccess([]);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_LIST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $adminApi->returnSuccess($idp->listOwners());
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_ADD:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        // here is the token
-        $mgmt = new core\UserManagement();
-        // we know we have an admin ID but scrutinizer wants this checked more explicitly
-        $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($admin === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
-        $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
-        // done with the essentials - display in response. But if we also have an email address, send it there
-        $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
-        if ($email !== FALSE) {
-            $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
-            $success["EMAIL SENT"] = $sent["SENT"];
-            if ($sent["SENT"] === TRUE) {
-                $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+        case web\lib\admin\API::ACTION_NEWINST:
+            // create the inst, no admin, no attributes
+            $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
+            if ($typeRaw === FALSE) {
+                throw new Exception("We did not receive a valid participant type!");
             }
-        }
-        $adminApi->returnSuccess($success);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_DEL:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $currentAdmins = $idp->listOwners();
-        $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($toBeDeleted === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $found = FALSE;
-        foreach ($currentAdmins as $oneAdmin) {
-            if ($oneAdmin['MAIL'] == $toBeDeleted) {
-                $found = TRUE;
-                $mgmt = new core\UserManagement();
-                $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+            $type = $validator->partType($typeRaw);
+            $idp = new \core\IdP($fed->newIdP('TOKEN', $type, "PENDING", "API"));
+            // now add all submitted attributes
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_DELINST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        }
-        if ($found) {
+            $idp->destroy();
             $adminApi->returnSuccess([]);
-        }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_FED:
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        $adminApi->returnSuccess($fed->downloadStats("array", $detail));
-        break;
-    case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
-        $retArray = [];
-        $noLogo = null;
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        if ($logoFlag === "TRUE") {
-            $noLogo = 'general:logo_file';
-        }
-        if ($idpIdentifier === FALSE) {
-            $allIdPs = $fed->listIdentityProviders(0);
-            foreach ($allIdPs as $instanceId => $oneIdP) {
-                $theIdP = $oneIdP["instance"];
-                $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_LIST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        } else {
+            $adminApi->returnSuccess($idp->listOwners());
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_ADD:
+            // IdP in question
             try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
             } catch (Exception $e) {
                 $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
                 exit(1);
             }
-            $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+            // here is the token
+            $mgmt = new core\UserManagement();
+            // we know we have an admin ID but scrutinizer wants this checked more explicitly
+            $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($admin === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
             }
-        }
-        foreach ($retArray as $instNumber => $oneInstData) {
-            foreach ($oneInstData as $attribNumber => $oneAttrib) {
-                if ($oneAttrib['name'] == "general:logo_file") {
-                    // JSON doesn't cope well with raw binary data, so b64 it
-                    $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+            $newtokens = $mgmt->createTokens(true, [$admin], $idp);
+            $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+            $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
+            // done with the essentials - display in response. But if we also have an email address, send it there
+            $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
+            if ($email !== FALSE) {
+                $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
+                $success["EMAIL SENT"] = $sent["SENT"];
+                if ($sent["SENT"] === TRUE) {
+                    $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+                }
+            }
+            $adminApi->returnSuccess($success);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_DEL:
+            // IdP in question
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $currentAdmins = $idp->listOwners();
+            $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($toBeDeleted === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $found = FALSE;
+            foreach ($currentAdmins as $oneAdmin) {
+                if ($oneAdmin['MAIL'] == $toBeDeleted) {
+                    $found = TRUE;
+                    $mgmt = new core\UserManagement();
+                    $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+                }
+            }
+            if ($found) {
+                $adminApi->returnSuccess([]);
+            }
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_FED:
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            $adminApi->returnSuccess($fed->downloadStats("array", $detail));
+            break;
+        case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
+            $retArray = [];
+            $noLogo = null;
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            if ($logoFlag === "TRUE") {
+                $noLogo = 'general:logo_file';
+            }
+            if ($idpIdentifier === FALSE) {
+                $allIdPs = $fed->listIdentityProviders(0);
+                foreach ($allIdPs as $instanceId => $oneIdP) {
+                    $theIdP = $oneIdP["instance"];
+                    $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
                 }
-                if ($attribNumber == "PROFILES") {
-                    // scan for included fed:logo_file and b64 escape it, t2oo
-                    foreach ($oneAttrib as $profileNumber => $profileContent) {
-                            foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
-                                    if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
-                                            $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
-                                    }
-                            }
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+                }
+            }
+            foreach ($retArray as $instNumber => $oneInstData) {
+                foreach ($oneInstData as $attribNumber => $oneAttrib) {
+                    if ($oneAttrib['name'] == "general:logo_file") {
+                        // JSON doesn't cope well with raw binary data, so b64 it
+                        $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+                    }
+                    if ($attribNumber == "PROFILES") {
+                        // scan for included fed:logo_file and b64 escape it, t2oo
+                        foreach ($oneAttrib as $profileNumber => $profileContent) {
+                                foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
+                                        if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
+                                                $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
+                                        }
+                                }
+                        }
                     }
                 }
             }
-        }
         
 /*        
                     $retArray[$idpIdentifier] = [];
@@ -237,102 +237,102 @@ 
  * 
  */        
         
-        $adminApi->returnSuccess($retArray);
-        break;
-    case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
-    // fall-through intended: both get mostly identical treatment
-    case web\lib\admin\API::ACTION_NEWPROF_SB:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
-            $type = "RADIUS";
-        } else {
-            $type = "SILVERBULLET";
-        }
-        $profile = $idp->newProfile($type);
-        if ($profile === NULL) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
-            exit(1);
-        }
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
-            // auto-accept ToU?
-            if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
-                $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
-            }
-            // we're done at this point
-            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+            $adminApi->returnSuccess($retArray);
             break;
-        }
-        if (!$profile instanceof core\ProfileRADIUS) {
-            throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
-        }
-        /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
-          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
-        $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
-        $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
-        if ($realm !== FALSE) {
-            if ($outer === FALSE) {
-                $outer = "";
-                $profile->setAnonymousIDSupport(FALSE);
+        case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
+        // fall-through intended: both get mostly identical treatment
+        case web\lib\admin\API::ACTION_NEWPROF_SB:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
+                $type = "RADIUS";
             } else {
-                $outer = $outer . "@";
-                $profile->setAnonymousIDSupport(TRUE);
+                $type = "SILVERBULLET";
             }
-            $profile->setRealm($outer . $realm);
-        }
-        /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
-        $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
-        if ($testuser !== FALSE) {
-            $profile->setRealmCheckUser(TRUE, $testuser);
-        }
-        /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
+            $profile = $idp->newProfile($type);
+            if ($profile === NULL) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
+                exit(1);
+            }
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
+                // auto-accept ToU?
+                if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
+                    $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
+                }
+                // we're done at this point
+                $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+                break;
+            }
+            if (!$profile instanceof core\ProfileRADIUS) {
+                throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
+            }
+            /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
+          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
+            $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
+            $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
+            if ($realm !== FALSE) {
+                if ($outer === FALSE) {
+                    $outer = "";
+                    $profile->setAnonymousIDSupport(FALSE);
+                } else {
+                    $outer = $outer . "@";
+                    $profile->setAnonymousIDSupport(TRUE);
+                }
+                $profile->setRealm($outer . $realm);
+            }
+            /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
+            $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
+            if ($testuser !== FALSE) {
+                $profile->setRealmCheckUser(TRUE, $testuser);
+            }
+            /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
           const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */
-        $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
-        $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
-        if ($enforce !== FALSE) {
-            $profile->setInputVerificationPreference($enforce, $hint);
-        }
-        /* const AUXATTRIB_PROFILE_EAPTYPE */
-        $iterator = 1;
-        foreach ($scrubbedParameters as $oneParam) {
-            if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
-                $type = new \core\common\EAP($oneParam["VALUE"]);
-                $profile->addSupportedEapMethod($type, $iterator);
-                $iterator = $iterator + 1;
+            $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
+            $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
+            if ($enforce !== FALSE) {
+                $profile->setInputVerificationPreference($enforce, $hint);
             }
-        }
-        // reinstantiate $profile freshly from DB - it was updated in the process
-        $profileFresh = new core\ProfileRADIUS($profile->identifier);
-        $profileFresh->prepShowtime();
-        $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_ENDUSER_NEW:
-    // fall-through intentional, those two actions are doing nearly identical things
-    case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
-        $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
-        if ($expiryRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+            /* const AUXATTRIB_PROFILE_EAPTYPE */
+            $iterator = 1;
+            foreach ($scrubbedParameters as $oneParam) {
+                if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
+                    $type = new \core\common\EAP($oneParam["VALUE"]);
+                    $profile->addSupportedEapMethod($type, $iterator);
+                    $iterator = $iterator + 1;
+                }
+            }
+            // reinstantiate $profile freshly from DB - it was updated in the process
+            $profileFresh = new core\ProfileRADIUS($profile->identifier);
+            $profileFresh->prepShowtime();
+            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
             break;
-        }
-        $expiry = new DateTime($expiryRaw);
-        try {
-            switch ($inputDecoded['ACTION']) {
+        case web\lib\admin\API::ACTION_ENDUSER_NEW:
+        // fall-through intentional, those two actions are doing nearly identical things
+        case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
+            $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
+            if ($expiryRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+                break;
+            }
+            $expiry = new DateTime($expiryRaw);
+            try {
+                switch ($inputDecoded['ACTION']) {
                 case web\lib\admin\API::ACTION_ENDUSER_NEW:
                     $retval = $profile->addUser($user, $expiry);
                     break;
@@ -345,7 +345,7 @@ 
                         $retval = 1; // function doesn't have any failure vectors not raising an Exception and doesn't return a value
                     }
                     break;
-            }
+                }
         } catch (Exception $e) {
             $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
             exit(1);
@@ -356,25 +356,25 @@ 
         }
         $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
-    // fall-through intended: both actions are very similar
-    case \web\lib\admin\API::ACTION_TOKEN_NEW:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
-        if ($userId === FALSE) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
-            exit(1);
-        }
-        $additionalInfo = [];
-        switch ($inputDecoded['ACTION']) { // this is where the two differ
+        case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
+        // fall-through intended: both actions are very similar
+        case \web\lib\admin\API::ACTION_TOKEN_NEW:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
+            if ($userId === FALSE) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
+                exit(1);
+            }
+            $additionalInfo = [];
+            switch ($inputDecoded['ACTION']) { // this is where the two differ
             case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
                 $result = $profile->deactivateUser($userId);
                 break;
@@ -407,7 +407,7 @@ 
                     }
                 }
                 break;
-        }
+            }
 
         if ($result !== TRUE) {
             $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user.");
@@ -415,69 +415,69 @@ 
         }
         $adminApi->returnSuccess($additionalInfo);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
-        $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
-        if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
-            // we need at least one of those
-            $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
-            break;
-        }
-        if ($certSerial !== FALSE) { // we got a cert serial
-            $serial = explode(":", $certSerial);
-            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+        case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
             }
-        if ($certCN !== FALSE) { // we got a cert CN
-            $cert = new \core\SilverbulletCertificate($certCN);
-        }
-        if ($cert !== NULL) { // we found a cert; verify it and extract userId
-            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-            if ($cert->profileId != $profile->identifier) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+            list($idp, $profile) = $evaluation;
+            $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
+            $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+		    $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+            if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
+                // we need at least one of those
+                $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
+                break;
             }
-            $userId = $cert->userId;
-        }
-        if ($userId !== FALSE) {
-            $userList = $profile->getUserById($userId);
-        }
-        if ($userName !== FALSE) {
-            $userList = $profile->getUserByName($userName);
-        }
-        if (count($userList) === 1) {
-            foreach ($userList as $oneUserId => $oneUserName) {
-                return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+            if ($certSerial !== FALSE) { // we got a cert serial
+                $serial = explode(":", $certSerial);
+                $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+                }
+            if ($certCN !== FALSE) { // we got a cert CN
+                $cert = new \core\SilverbulletCertificate($certCN);
             }
-        }
-        $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
-        break;
-    case \web\lib\admin\API::ACTION_ENDUSER_LIST:
-    // fall-through: those two are similar
-    case \web\lib\admin\API::ACTION_TOKEN_LIST:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $allUsers = $profile->listAllUsers();
-        // this is where they differ
-        switch ($inputDecoded['ACTION']) {
+            if ($cert !== NULL) { // we found a cert; verify it and extract userId
+                if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+                }
+                if ($cert->profileId != $profile->identifier) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+                }
+                $userId = $cert->userId;
+            }
+            if ($userId !== FALSE) {
+                $userList = $profile->getUserById($userId);
+            }
+            if ($userName !== FALSE) {
+                $userList = $profile->getUserByName($userName);
+            }
+            if (count($userList) === 1) {
+                foreach ($userList as $oneUserId => $oneUserName) {
+                    return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+                }
+            }
+            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
+            break;
+        case \web\lib\admin\API::ACTION_ENDUSER_LIST:
+        // fall-through: those two are similar
+        case \web\lib\admin\API::ACTION_TOKEN_LIST:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $allUsers = $profile->listAllUsers();
+            // this is where they differ
+            switch ($inputDecoded['ACTION']) {
             case \web\lib\admin\API::ACTION_ENDUSER_LIST:
                 $adminApi->returnSuccess($allUsers);
                 break;
@@ -496,123 +496,123 @@ 
                     $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus];
                 }
                 $adminApi->returnSuccess($infoSet);
-        }
-        break;
-    case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
-        $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
-        if ($tokenRaw === FALSE) {
-            exit(1);
-        }
-        $token = new core\SilverbulletInvitation($tokenRaw);
-        if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
-            exit(1);
-        }
-        $token->revokeInvitation();
-        $adminApi->returnSuccess([]);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_LIST:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        if ($prof_id === FALSE || !is_int($user_id)) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $invitations = $profile->userStatus($user_id);
-        // now pull out cert information from the object
-        $certs = [];
-        foreach ($invitations as $oneInvitation) {
-            $certs = array_merge($certs, $oneInvitation->associatedCertificates);
-        }
-        // extract relevant subset of information from cert objects
-        $certDetails = [];
-        foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
-        }
-        $adminApi->returnSuccess($certDetails);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_REVOKE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $cert->revokeCertificate();
-        $adminApi->returnSuccess([]);
+            }
         break;
-    case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
-        if ($annotationRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+        case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
+            $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
+            if ($tokenRaw === FALSE) {
+                exit(1);
+            }
+            $token = new core\SilverbulletInvitation($tokenRaw);
+            if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
+                exit(1);
+            }
+            $token->revokeInvitation();
+            $adminApi->returnSuccess([]);
             break;
-        }
-        $annotation = json_decode($annotationRaw, TRUE);
-        $cert->annotate($annotation);
-        $adminApi->returnSuccess([]);
-
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_INST:
-        $retArray = [];
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        if ($idpIdentifier === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        } else {
-            try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
-            } catch (Exception $e) {
-                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+        case \web\lib\admin\API::ACTION_CERT_LIST:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            if ($prof_id === FALSE || !is_int($user_id)) {
                 exit(1);
             }
-            $retArray[$idpIdentifier] = [];
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-        }
-        $adminApi->returnSuccess($retArray);
-        break;
-    default:
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
+            list($idp, $profile) = $evaluation;
+            $invitations = $profile->userStatus($user_id);
+            // now pull out cert information from the object
+            $certs = [];
+            foreach ($invitations as $oneInvitation) {
+                $certs = array_merge($certs, $oneInvitation->associatedCertificates);
+            }
+            // extract relevant subset of information from cert objects
+            $certDetails = [];
+            foreach ($certs as $cert) {
+                $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            }
+            $adminApi->returnSuccess($certDetails);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_REVOKE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $cert->revokeCertificate();
+            $adminApi->returnSuccess([]);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
+            if ($annotationRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+                break;
+            }
+            $annotation = json_decode($annotationRaw, TRUE);
+            $cert->annotate($annotation);
+            $adminApi->returnSuccess([]);
+
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_INST:
+            $retArray = [];
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            if ($idpIdentifier === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = [];
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+                }
+            }
+            $adminApi->returnSuccess($retArray);
+            break;
+        default:
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
 }
\ No newline at end of file