View GitHub Repository CAT

Schedule Inspection
Subscribe
Passed
Push — release_2_1 ( 645d9f...61624e )
by Stefan
08:41
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +32 added lines, -32 removed lines patch added patch discarded remove patch 
@@ -27,9 +27,9 @@  discard block
 
 block discarded – undo
27 27 
     #private const EDUPKI_ENDPOINT_PUBLIC = "https://pki.edupki.org/edupki-ca/cgi-bin/pub/soap?wsdl=1";
28 28 
     #private const EDUPKI_ENDPOINT_RA = "https://ra.edupki.org/edupki-ca/cgi-bin/ra/soap?wsdl=1";
29 29
30 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
30 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
33 33 
     private const EDUPKI_RA_ID = 700;
34 34 
     private const EDUPKI_CERT_PROFILE_BOTH = "Radius Server SOAP";
35 35 
     private const EDUPKI_CERT_PROFILE_IDP = "Radius Server SOAP";
 
@@ -49,13 +49,13 @@  discard block
 
 block discarded – undo
49 49 
         parent::__construct();
50 50
51 51 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
52 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
52 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
53 53 
         }
54 54 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
55 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
55 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
56 56 
         }
57 57 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
58 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
58 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
59 59 
         }
60 60 
     }
61 61 
 
@@ -122,22 +122,22 @@  discard block
 
 block discarded – undo
122 122 
                 throw new Exception("Unexpected policies requested.");
123 123 
             }
124 124 
             $altArray = [# Array mit den Subject Alternative Names
125 
-                "email:" . $csr["USERMAIL"]
125 
+                "email:".$csr["USERMAIL"]
126 126 
             ];
127 127 
             foreach ($csr["ALTNAMES"] as $oneAltName) {
128 
-                $altArray[] = "DNS:" . $oneAltName;
128 
+                $altArray[] = "DNS:".$oneAltName;
129 129 
             }
130 130 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
131 131 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
132 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
133 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
132 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
133 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
134 134 
             $this->loggerInstance->debug(5, "PARAM_3: ");
135 135 
             $this->loggerInstance->debug(5, $altArray);
136 
-            $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n");
137 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
138 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
139 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
140 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
136 
+            $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n");
137 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
138 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
139 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
140 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
141 141 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
142 142 
             $soapNewRequest = $soapPub->newRequest(
143 143 
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
 
@@ -159,11 +159,11 @@  discard block
 
 block discarded – undo
159 159 
         } catch (Exception $e) {
160 160 
             // PHP 7.1 can do this much better
161 161 
             if (is_soap_fault($e)) {
162 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
162 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
163 163 
                     $e->faultstring
164 164 
                 }\n");
165 165 
             }
166 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
166 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
167 167 
         }
168 168 
         try {
169 169 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -197,7 +197,7 @@  discard block
 
 block discarded – undo
197 197 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
198 198 
             // rather than just using the string. Grr.
199 199 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
200 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
200 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
201 201 
             // retrieve our RA cert from filesystem
202 202 
             // the RA certificates are not needed right now because we
203 203 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -209,16 +209,16 @@  discard block
 
 block discarded – undo
209 209 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
210 210 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
211 211 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
212 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY -signer " . ROOT . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
212 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT.CertificationAuthorityEduPkiServer::LOCATION_RA_KEY - signer " . ROOT . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
213 213 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
214 214 
             $output = [];
215 215 
             $return = 999;
216 216 
             exec($execCmd, $output, $return);
217 217 
             if ($return !== 0) {
218 
-                throw new Exception("Non-zero return value from openssl smime!");
218 
+                throw new Exception("Non - zero return value from openssl smime!");
219 219 
             }
220 220 
             // and get the signature blob back from the filesystem
221 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
221 
+            $detachedSig = trim(file_get_contents($tempdir['dir'] . " / signature.txt"));
222 222 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
223 223 
             $this->loggerInstance->debug(5, $soapReqnum . "\n");
224 224 
             $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
 
@@ -319,21 +319,21 @@  discard block
 
 block discarded – undo
319 319 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
320 320 
             // rather than just using the string. Grr.
321 321 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
322 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
322 
+            file_put_contents($tempdir['dir'] . " / content.txt", $soapRawRevRequest);
323 323 
             // retrieve our RA cert from filesystem
324 324 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
325 325 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
326 326 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
327 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
327 
+        $execCmd = \config\Master::PATHS['openssl'] . " smime - sign - binary - in " . $tempdir['dir'] . " / content.txt - out " . $tempdir['dir'] . " / signature.txt - outform pem - inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
328 328 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
329 329 
             $output = [];
330 330 
             $return = 999;
331 331 
             exec($execCmd, $output, $return);
332 332 
             if ($return !== 0) {
333 
-                throw new Exception("Non-zero return value from openssl smime!");
333 
+                throw new Exception("Non - zero return value from openssl smime!");
334 334 
             }
335 335 
             // and get the signature blob back from the filesystem
336 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
336 
+            $detachedSig = trim(file_get_contents($tempdir['dir'] . " / signature.txt"));
337 337 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
338 338 
             if ($soapIssueRev === FALSE) {
339 339 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -368,7 +368,7 @@  discard block
 
 block discarded – undo
368 368 
             'ssl' => [
369 369 
                 'verify_peer' => true,
370 370 
                 'verify_peer_name' => true,
371 
-                // below is the CA "/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2"
371 
+                // below is the CA " / C = DE / O = Deutsche Telekom AG / OU = T - TeleSec Trust Center / CN = Deutsche Telekom Root CA 2"
372 372 
                 'cafile' => CertificationAuthorityEduPkiServer::LOCATION_WEBROOT,
373 373 
                 'verify_depth' => 5,
374 374 
                 'capture_peer_cert' => true,
 
@@ -464,20 +464,20 @@  discard block
 
 block discarded – undo
464 464 
         // dump private key into directory
465 465 
         $outstring = "";
466 466 
         openssl_pkey_export($privateKey, $outstring);
467 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
467 
+        file_put_contents($tempdir . " / pkey.pem", $outstring);
468 468 
         // PHP can only do one DC in the Subject. But we need three.
469 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
469 
+        $execCmd = \config\Master::PATHS['openssl'] . " req - new -sha256 - key $tempdir / pkey.pem - out $tempdir / request.csr - subj / DC = test / DC = test / DC = eduroam / C = $fed / O = " . \config\ConfAssistant::CONSORTIUM['name'] . " / OU = $fed / CN = $username / emailAddress = $username";
470 470 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
471 471 
         $output = [];
472 472 
         $return = 999;
473 473 
         exec($execCmd, $output, $return);
474 474 
         if ($return !== 0) {
475 
-            throw new Exception("Non-zero return value from openssl req!");
475 
+            throw new Exception("Non - zero return value from openssl req!");
476 476 
         }
477 
-        $newCsr = file_get_contents("$tempdir/request.csr");
477 
+        $newCsr = file_get_contents("$tempdir / request.csr");
478 478 
         // remove the temp dir!
479 
-        unlink("$tempdir/pkey.pem");
480 
-        unlink("$tempdir/request.csr");
479 
+        unlink("$tempdir / pkey.pem");
480 
+        unlink("$tempdir / request.csr");
481 481 
         rmdir($tempdir);
482 482 
         if ($newCsr === FALSE) {
483 483 
             throw new Exception("Unable to create a CSR!");
Please login to merge, or discard this patch.