Passed
Push — release_2_0 ( 5cfef1...c174a1 )
by Stefan
13:34
created
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +35 added lines, -35 removed lines patch added patch discarded remove patch
@@ -16,9 +16,9 @@  discard block
 block discarded – undo
16 16
 
17 17
 class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface {
18 18
 
19
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
20
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
21
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
19
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
20
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
21
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
22 22
     private const EDUPKI_RA_ID = 700;
23 23
     private const EDUPKI_CERT_PROFILE = "Radius Server SOAP";
24 24
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
@@ -33,13 +33,13 @@  discard block
 block discarded – undo
33 33
         parent::__construct();
34 34
 
35 35
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
36
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
36
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
37 37
         }
38 38
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
39
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
39
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
40 40
         }
41 41
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
42
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
42
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
43 43
         }
44 44
     }
45 45
 
@@ -68,19 +68,19 @@  discard block
 block discarded – undo
68 68
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
69 69
         try {
70 70
             $altArray = [# Array mit den Subject Alternative Names
71
-                 "email:" . $csr["USERMAIL"]
71
+                 "email:".$csr["USERMAIL"]
72 72
             ];
73 73
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
74 74
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
75
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
76
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR"] . "\n");
75
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
76
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR"]."\n");
77 77
             $this->loggerInstance->debug(5, "PARAM_3: ");
78 78
             $this->loggerInstance->debug(5, $altArray);
79
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n");
80
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
81
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
82
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
83
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
79
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n");
80
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
81
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
82
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
83
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
84 84
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
85 85
             $soapNewRequest = $soapPub->newRequest(
86 86
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
@@ -102,11 +102,11 @@  discard block
 block discarded – undo
102 102
         } catch (Exception $e) {
103 103
             // PHP 7.1 can do this much better
104 104
             if (is_soap_fault($e)) {
105
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
105
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
106 106
                     $e->faultstring
107 107
                 }\n");
108 108
             }
109
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
109
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
110 110
         }
111 111
         try {
112 112
             $soap = $this->initEduPKISoapSession("RA");
@@ -140,7 +140,7 @@  discard block
 block discarded – undo
140 140
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
141 141
             // rather than just using the string. Grr.
142 142
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
143
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
143
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
144 144
             // retrieve our RA cert from filesystem                    
145 145
             // the RA certificates are not needed right now because we
146 146
             // have resorted to S/MIME signatures with openssl command-line
@@ -152,7 +152,7 @@  discard block
 block discarded – undo
152 152
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
153 153
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
154 154
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
155
-            $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
155
+            $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
156 156
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
157 157
             $output = [];
158 158
             $return = 999;
@@ -161,14 +161,14 @@  discard block
 block discarded – undo
161 161
                 throw new Exception("Non-zero return value from openssl smime!");
162 162
             }
163 163
             // and get the signature blob back from the filesystem
164
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
164
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
165 165
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
166
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
167
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
168
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
166
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
167
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
168
+            $this->loggerInstance->debug(5, $detachedSig."\n");
169 169
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
170
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
171
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
170
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
171
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
172 172
             if ($soapIssueCert === FALSE) {
173 173
                 throw new Exception("The locally approved request was NOT processed by the CA.");
174 174
             }
@@ -205,9 +205,9 @@  discard block
 block discarded – undo
205 205
                 throw new Exception("CAInfo has no root certificate for us!");
206 206
             }
207 207
         } catch (SoapFault $e) {
208
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
208
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
209 209
         } catch (Exception $e) {
210
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
210
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
211 211
         }
212 212
         return [
213 213
             "CERT" => openssl_x509_read($parsedCert['pem']),
@@ -239,12 +239,12 @@  discard block
 block discarded – undo
239 239
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
240 240
             // rather than just using the string. Grr.
241 241
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
242
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
242
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
243 243
             // retrieve our RA cert from filesystem
244 244
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
245 245
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
246 246
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
247
-            $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
247
+            $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
248 248
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
249 249
             $output = [];
250 250
             $return = 999;
@@ -253,7 +253,7 @@  discard block
 block discarded – undo
253 253
                 throw new Exception("Non-zero return value from openssl smime!");
254 254
             }
255 255
             // and get the signature blob back from the filesystem
256
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
256
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
257 257
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
258 258
             if ($soapIssueRev === FALSE) {
259 259
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
@@ -261,9 +261,9 @@  discard block
 block discarded – undo
261 261
         } catch (Exception $e) {
262 262
             // PHP 7.1 can do this much better
263 263
             if (is_soap_fault($e)) {
264
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
264
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
265 265
             }
266
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
266
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
267 267
         }
268 268
     }
269 269
 
@@ -360,9 +360,9 @@  discard block
 block discarded – undo
360 360
      * @return string the integer as string in an XML fragment
361 361
      */
362 362
     public function soapToXmlInteger($x) {
363
-        return '<' . $x[0] . '>'
363
+        return '<'.$x[0].'>'
364 364
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
365
-                . '</' . $x[0] . '>';
365
+                . '</'.$x[0].'>';
366 366
     }
367 367
 
368 368
     /**
@@ -380,9 +380,9 @@  discard block
 block discarded – undo
380 380
         // dump private key into directory
381 381
         $outstring = "";
382 382
         openssl_pkey_export($privateKey, $outstring);
383
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
383
+        file_put_contents($tempdir."/pkey.pem", $outstring);
384 384
         // PHP can only do one DC in the Subject. But we need three.
385
-        $execCmd = CONFIG['PATHS']['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
385
+        $execCmd = CONFIG['PATHS']['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
386 386
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
387 387
         $output = [];
388 388
         $return = 999;
Please login to merge, or discard this patch.