@@ -16,9 +16,9 @@ discard block |
||
16 | 16 | |
17 | 17 | class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface { |
18 | 18 | |
19 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
20 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
21 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
19 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
20 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
21 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
22 | 22 | private const EDUPKI_RA_ID = 700; |
23 | 23 | private const EDUPKI_CERT_PROFILE = "Radius Server SOAP"; |
24 | 24 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -33,13 +33,13 @@ discard block |
||
33 | 33 | parent::__construct(); |
34 | 34 | |
35 | 35 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) { |
36 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
36 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
37 | 37 | } |
38 | 38 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) { |
39 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
39 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
40 | 40 | } |
41 | 41 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) { |
42 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
42 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
43 | 43 | } |
44 | 44 | } |
45 | 45 | |
@@ -68,19 +68,19 @@ discard block |
||
68 | 68 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
69 | 69 | try { |
70 | 70 | $altArray = [# Array mit den Subject Alternative Names |
71 | - "email:" . $csr["USERMAIL"] |
|
71 | + "email:".$csr["USERMAIL"] |
|
72 | 72 | ]; |
73 | 73 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
74 | 74 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
75 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n"); |
|
76 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR"] . "\n"); |
|
75 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n"); |
|
76 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR"]."\n"); |
|
77 | 77 | $this->loggerInstance->debug(5, "PARAM_3: "); |
78 | 78 | $this->loggerInstance->debug(5, $altArray); |
79 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n"); |
|
80 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
81 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
82 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
83 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
79 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n"); |
|
80 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
81 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
82 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
83 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
84 | 84 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
85 | 85 | $soapNewRequest = $soapPub->newRequest( |
86 | 86 | CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID |
@@ -102,11 +102,11 @@ discard block |
||
102 | 102 | } catch (Exception $e) { |
103 | 103 | // PHP 7.1 can do this much better |
104 | 104 | if (is_soap_fault($e)) { |
105 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
105 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
106 | 106 | $e->faultstring |
107 | 107 | }\n"); |
108 | 108 | } |
109 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
109 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
110 | 110 | } |
111 | 111 | try { |
112 | 112 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -140,7 +140,7 @@ discard block |
||
140 | 140 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
141 | 141 | // rather than just using the string. Grr. |
142 | 142 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
143 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
143 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
144 | 144 | // retrieve our RA cert from filesystem |
145 | 145 | // the RA certificates are not needed right now because we |
146 | 146 | // have resorted to S/MIME signatures with openssl command-line |
@@ -152,7 +152,7 @@ discard block |
||
152 | 152 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
153 | 153 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
154 | 154 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
155 | - $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
155 | + $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
156 | 156 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
157 | 157 | $output = []; |
158 | 158 | $return = 999; |
@@ -161,14 +161,14 @@ discard block |
||
161 | 161 | throw new Exception("Non-zero return value from openssl smime!"); |
162 | 162 | } |
163 | 163 | // and get the signature blob back from the filesystem |
164 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
164 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
165 | 165 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
166 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
167 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
168 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
166 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
167 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
168 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
169 | 169 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
170 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
171 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
170 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
171 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
172 | 172 | if ($soapIssueCert === FALSE) { |
173 | 173 | throw new Exception("The locally approved request was NOT processed by the CA."); |
174 | 174 | } |
@@ -205,9 +205,9 @@ discard block |
||
205 | 205 | throw new Exception("CAInfo has no root certificate for us!"); |
206 | 206 | } |
207 | 207 | } catch (SoapFault $e) { |
208 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
208 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
209 | 209 | } catch (Exception $e) { |
210 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
210 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
211 | 211 | } |
212 | 212 | return [ |
213 | 213 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -239,12 +239,12 @@ discard block |
||
239 | 239 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
240 | 240 | // rather than just using the string. Grr. |
241 | 241 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
242 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
242 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
243 | 243 | // retrieve our RA cert from filesystem |
244 | 244 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
245 | 245 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
246 | 246 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
247 | - $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
247 | + $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
248 | 248 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
249 | 249 | $output = []; |
250 | 250 | $return = 999; |
@@ -253,7 +253,7 @@ discard block |
||
253 | 253 | throw new Exception("Non-zero return value from openssl smime!"); |
254 | 254 | } |
255 | 255 | // and get the signature blob back from the filesystem |
256 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
256 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
257 | 257 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
258 | 258 | if ($soapIssueRev === FALSE) { |
259 | 259 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -261,9 +261,9 @@ discard block |
||
261 | 261 | } catch (Exception $e) { |
262 | 262 | // PHP 7.1 can do this much better |
263 | 263 | if (is_soap_fault($e)) { |
264 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
264 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
265 | 265 | } |
266 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
266 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
267 | 267 | } |
268 | 268 | } |
269 | 269 | |
@@ -360,9 +360,9 @@ discard block |
||
360 | 360 | * @return string the integer as string in an XML fragment |
361 | 361 | */ |
362 | 362 | public function soapToXmlInteger($x) { |
363 | - return '<' . $x[0] . '>' |
|
363 | + return '<'.$x[0].'>' |
|
364 | 364 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
365 | - . '</' . $x[0] . '>'; |
|
365 | + . '</'.$x[0].'>'; |
|
366 | 366 | } |
367 | 367 | |
368 | 368 | /** |
@@ -380,9 +380,9 @@ discard block |
||
380 | 380 | // dump private key into directory |
381 | 381 | $outstring = ""; |
382 | 382 | openssl_pkey_export($privateKey, $outstring); |
383 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
383 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
384 | 384 | // PHP can only do one DC in the Subject. But we need three. |
385 | - $execCmd = CONFIG['PATHS']['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
385 | + $execCmd = CONFIG['PATHS']['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
386 | 386 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
387 | 387 | $output = []; |
388 | 388 | $return = 999; |