GEANT /
CAT
@@ -25,7 +25,7 @@ |
||
| 25 | 25 | * @author Stefan Winter <[email protected]> |
| 26 | 26 | * @package Core |
| 27 | 27 | */ |
| 28 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 28 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 29 | 29 | |
| 30 | 30 | $Gui = new \web\lib\user\Gui(); |
| 31 | 31 | // ... unless overwritten by direct GET/POST parameter in the request or a SESSION setting |
@@ -117,7 +117,7 @@ discard block |
||
| 117 | 117 | $cryptoJson = openssl_encrypt($clearJson, 'AES-256-CBC', $encryptionKey, OPENSSL_RAW_DATA, $initVector); |
| 118 | 118 | $hmac = hash_hmac("sha1", $cryptoJson, $encryptionKey, TRUE); |
| 119 | 119 | |
| 120 | - $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = " . $password . "\nb(IV) = " . base64_encode($initVector) . "\nb(Cipher) = " . base64_encode($cryptoJson) . "\nb(HMAC) = " . base64_encode($hmac)); |
|
| 120 | + $this->loggerInstance->debug(4, "Clear = $clearJson\nSalt = $salt\nPW = ".$password."\nb(IV) = ".base64_encode($initVector)."\nb(Cipher) = ".base64_encode($cryptoJson)."\nb(HMAC) = ".base64_encode($hmac)); |
|
| 121 | 121 | |
| 122 | 122 | // now, generate the container that holds all the crypto data |
| 123 | 123 | $finalArray = [ |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | */ |
| 189 | 189 | private function wiredBlock($eapdetails) { |
| 190 | 190 | return [ |
| 191 | - "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet") . "}", |
|
| 191 | + "GUID" => \core\common\Entity::uuid('', "wired-dot1x-ethernet")."}", |
|
| 192 | 192 | "Name" => "eduroam configuration (wired network)", |
| 193 | 193 | "Remove" => false, |
| 194 | 194 | "Type" => "Ethernet", |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | // if silverbullet, we deliver the client cert inline |
| 229 | 229 | |
| 230 | 230 | if ($selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 231 | - $eaparray['ClientCertRef'] = "[" . $this->clientCert['GUID'] . "]"; |
|
| 231 | + $eaparray['ClientCertRef'] = "[".$this->clientCert['GUID']."]"; |
|
| 232 | 232 | $eaparray['ClientCertType'] = "Ref"; |
| 233 | 233 | } |
| 234 | 234 | |
@@ -261,7 +261,7 @@ discard block |
||
| 261 | 261 | $jsonArray = ["Type" => "UnencryptedConfiguration"]; |
| 262 | 262 | |
| 263 | 263 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
| 264 | - $caRefs[] = "{" . $ca['uuid'] . "}"; |
|
| 264 | + $caRefs[] = "{".$ca['uuid']."}"; |
|
| 265 | 265 | } |
| 266 | 266 | // define CA certificates |
| 267 | 267 | foreach ($this->attributes['internal:CAs'][0] as $ca) { |
@@ -271,15 +271,15 @@ discard block |
||
| 271 | 271 | if ($caSanitized1 === FALSE) { |
| 272 | 272 | throw new Exception("Error cropping PEM data at its BEGIN marker."); |
| 273 | 273 | } |
| 274 | - $this->loggerInstance->debug(4, $caSanitized1 . "\n"); |
|
| 274 | + $this->loggerInstance->debug(4, $caSanitized1."\n"); |
|
| 275 | 275 | // remove \n |
| 276 | 276 | $caSanitized = str_replace("\n", "", $caSanitized1); |
| 277 | - $jsonArray["Certificates"][] = ["GUID" => "{" . $ca['uuid'] . "}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 278 | - $this->loggerInstance->debug(3, $caSanitized . "\n"); |
|
| 277 | + $jsonArray["Certificates"][] = ["GUID" => "{".$ca['uuid']."}", "Remove" => false, "Type" => "Authority", "X509" => $caSanitized]; |
|
| 278 | + $this->loggerInstance->debug(3, $caSanitized."\n"); |
|
| 279 | 279 | } |
| 280 | 280 | // if we are doing silverbullet, include the unencrypted(!) P12 as a client certificate |
| 281 | 281 | if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
| 282 | - $jsonArray["Certificates"][] = ["GUID" => "[" . $this->clientCert['GUID'] . "]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 282 | + $jsonArray["Certificates"][] = ["GUID" => "[".$this->clientCert['GUID']."]", "PKCS12" => base64_encode($this->clientCert['certdataclear']), "Remove" => false, "Type" => "Client"]; |
|
| 283 | 283 | } |
| 284 | 284 | $eaparray = $this->eapBlock($caRefs); |
| 285 | 285 | // define Wi-Fi networks |
@@ -300,7 +300,7 @@ discard block |
||
| 300 | 300 | |
| 301 | 301 | file_put_contents('installer_profile', $finalJson); |
| 302 | 302 | |
| 303 | - $fileName = $this->installerBasename . '.onc'; |
|
| 303 | + $fileName = $this->installerBasename.'.onc'; |
|
| 304 | 304 | |
| 305 | 305 | if (!$this->sign) { |
| 306 | 306 | rename("installer_profile", $fileName); |
@@ -311,7 +311,7 @@ discard block |
||
| 311 | 311 | // have the notion of signing |
| 312 | 312 | // but if they ever change their mind, we are prepared |
| 313 | 313 | |
| 314 | - $outputFromSigning = system($this->sign . " installer_profile '$fileName' > /dev/null"); |
|
| 314 | + $outputFromSigning = system($this->sign." installer_profile '$fileName' > /dev/null"); |
|
| 315 | 315 | if ($outputFromSigning === FALSE) { |
| 316 | 316 | $this->loggerInstance->debug(2, "Signing the ONC installer $fileName FAILED!\n"); |
| 317 | 317 | } |
@@ -138,8 +138,8 @@ |
||
| 138 | 138 | */ |
| 139 | 139 | private function zipInstaller() { |
| 140 | 140 | // one can always access $this->attributes to check things |
| 141 | - $fileName = $this->installerBasename . '.zip'; |
|
| 142 | - $output = system('zip -q ' . $fileName . ' *'); |
|
| 141 | + $fileName = $this->installerBasename.'.zip'; |
|
| 142 | + $output = system('zip -q '.$fileName.' *'); |
|
| 143 | 143 | if ($output === FALSE) { |
| 144 | 144 | $this->loggerInstance->debug(2, "unable to zip the installer\n"); |
| 145 | 145 | } |
@@ -30,7 +30,7 @@ |
||
| 30 | 30 | final public function __construct() { |
| 31 | 31 | parent::__construct(); |
| 32 | 32 | $this->setSupportedEapMethods([\core\common\EAP::EAPTYPE_NONE]); |
| 33 | - $this->loggerInstance->debug(4,"RedirectEx called"); |
|
| 33 | + $this->loggerInstance->debug(4, "RedirectEx called"); |
|
| 34 | 34 | } |
| 35 | 35 | |
| 36 | 36 | /** |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | } else { |
| 147 | 147 | $this->databaseHandle->exec("INSERT INTO ownership (user_id, institution_id, blesslevel, orig_mail) VALUES(?, ?, ?, ?)", "siss", $owner, $catId, $level, $destMail); |
| 148 | 148 | } |
| 149 | - $this->loggerInstance->writeAudit((string) $owner, "OWN", "IdP " . $invitationDetails->cat_institution_id . " - added user as owner"); |
|
| 149 | + $this->loggerInstance->writeAudit((string) $owner, "OWN", "IdP ".$invitationDetails->cat_institution_id." - added user as owner"); |
|
| 150 | 150 | common\Entity::outOfThePotatoes(); |
| 151 | 151 | return new IdP($invitationDetails->cat_institution_id); |
| 152 | 152 | } |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | $idp = new IdP($fed->newIdP($invitationDetails->invite_fortype, $owner, $invitationDetails->invite_issuer_level, $invitationDetails->invite_dest_mail, $bestnameguess)); |
| 169 | 169 | } |
| 170 | 170 | $idp->addAttribute("general:instname", 'C', $bestnameguess); |
| 171 | - $this->loggerInstance->writeAudit($owner, "NEW", "IdP " . $idp->identifier . " - created from invitation"); |
|
| 171 | + $this->loggerInstance->writeAudit($owner, "NEW", "IdP ".$idp->identifier." - created from invitation"); |
|
| 172 | 172 | |
| 173 | 173 | // in case we have more admins in the queue which were invited to |
| 174 | 174 | // administer the same inst but haven't redeemed their invitations |
@@ -182,7 +182,7 @@ discard block |
||
| 182 | 182 | WHERE invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0 AND name = ? AND country = ? AND ( cat_institution_id IS NULL OR external_db_uniquehandle IS NULL ) ", "ss", $invitationDetails->name, $invitationDetails->country); |
| 183 | 183 | // SELECT -> resource, no boolean |
| 184 | 184 | while ($pendingDetail = mysqli_fetch_object(/** @scrutinizer ignore-type */ $otherPending)) { |
| 185 | - $this->databaseHandle->exec("UPDATE invitations SET cat_institution_id = " . $idp->identifier . " WHERE id = " . $pendingDetail->id); |
|
| 185 | + $this->databaseHandle->exec("UPDATE invitations SET cat_institution_id = ".$idp->identifier." WHERE id = ".$pendingDetail->id); |
|
| 186 | 186 | } |
| 187 | 187 | |
| 188 | 188 | common\Entity::outOfThePotatoes(); |
@@ -281,9 +281,9 @@ discard block |
||
| 281 | 281 | $retval = []; |
| 282 | 282 | $invitations = $this->databaseHandle->exec("SELECT cat_institution_id, country, name, invite_issuer_level, invite_dest_mail, invite_token , TIMESTAMPADD(DAY, 1, invite_created) as expiry |
| 283 | 283 | FROM invitations |
| 284 | - WHERE cat_institution_id " . ( $idpIdentifier != 0 ? "= $idpIdentifier" : "IS NULL") . " AND invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0"); |
|
| 284 | + WHERE cat_institution_id " . ($idpIdentifier != 0 ? "= $idpIdentifier" : "IS NULL")." AND invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0"); |
|
| 285 | 285 | // SELECT -> resource, not boolean |
| 286 | - $this->loggerInstance->debug(4, "Retrieving pending invitations for " . ($idpIdentifier != 0 ? "IdP $idpIdentifier" : "IdPs awaiting initial creation" ) . ".\n"); |
|
| 286 | + $this->loggerInstance->debug(4, "Retrieving pending invitations for ".($idpIdentifier != 0 ? "IdP $idpIdentifier" : "IdPs awaiting initial creation").".\n"); |
|
| 287 | 287 | while ($invitationQuery = mysqli_fetch_object(/** @scrutinizer ignore-type */ $invitations)) { |
| 288 | 288 | $retval[] = ["country" => $invitationQuery->country, "name" => $invitationQuery->name, "mail" => $invitationQuery->invite_dest_mail, "token" => $invitationQuery->invite_token, "expiry" => $invitationQuery->expiry]; |
| 289 | 289 | } |
@@ -35,7 +35,7 @@ |
||
| 35 | 35 | <div id="user_page" style="display:block"> |
| 36 | 36 | <?php echo $divs->divPagetitle("eduroam CAT Copyright and Licensing", ""); ?> |
| 37 | 37 | <div style="padding:20px"> |
| 38 | - <?php require dirname(dirname(__DIR__)) . "/copyright.inc.php"; ?> |
|
| 38 | + <?php require dirname(dirname(__DIR__))."/copyright.inc.php"; ?> |
|
| 39 | 39 | </div> |
| 40 | 40 | </div> |
| 41 | 41 | </div> |
@@ -43,10 +43,10 @@ discard block |
||
| 43 | 43 | $operatingSystem = $Gui->detectOS(); |
| 44 | 44 | $Gui->loggerInstance->debug(4, $operatingSystem); |
| 45 | 45 | if ($operatingSystem) { |
| 46 | - print "recognisedOS = '" . $operatingSystem['device'] . "';\n"; |
|
| 46 | + print "recognisedOS = '".$operatingSystem['device']."';\n"; |
|
| 47 | 47 | } |
| 48 | 48 | |
| 49 | -print 'downloadMessage = "' . $Gui->textTemplates->templates[\web\lib\user\DOWNLOAD_MESSAGE] . '";'; |
|
| 49 | +print 'downloadMessage = "'.$Gui->textTemplates->templates[\web\lib\user\DOWNLOAD_MESSAGE].'";'; |
|
| 50 | 50 | //TODO modify this based on OS detection |
| 51 | 51 | $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ""; |
| 52 | 52 | if (preg_match('/Android/', $userAgent)) { |
@@ -75,7 +75,7 @@ discard block |
||
| 75 | 75 | <?php echo $divs->divHeading($visibility); ?> |
| 76 | 76 | <div id="main_page"> |
| 77 | 77 | <div id="loading_ico"> |
| 78 | - <?php echo _("Authenticating") . "..." ?><br><img src="<?php echo $Gui->skinObject->findResourceUrl("IMAGES", "icons/loading51.gif"); ?>" alt="Authenticating ..."/> |
|
| 78 | + <?php echo _("Authenticating")."..." ?><br><img src="<?php echo $Gui->skinObject->findResourceUrl("IMAGES", "icons/loading51.gif"); ?>" alt="Authenticating ..."/> |
|
| 79 | 79 | </div> |
| 80 | 80 | <div id="info_overlay"> <!-- device info --> |
| 81 | 81 | <div id="info_window"></div> |
@@ -92,7 +92,7 @@ discard block |
||
| 92 | 92 | nsArray::Set Delete_files "GEANTLink-ARM64.msi" |
| 93 | 93 | File "GEANTLink-ARM64.msi" |
| 94 | 94 | IfSilent +2 |
| 95 | - MessageBox MB_OK "<?php WindowsCommon::echoNsis( _("An additional piece of software 'GEANTlink' needs to be installed. This installation requires Administrator rights; you will be prompted to give permission for that action."))?>" |
|
| 95 | + MessageBox MB_OK "<?php WindowsCommon::echoNsis(_("An additional piece of software 'GEANTlink' needs to be installed. This installation requires Administrator rights; you will be prompted to give permission for that action."))?>" |
|
| 96 | 96 | !insertmacro debug_cat 1 "Run GEANTLink installer" |
| 97 | 97 | !insertmacro debug_cat 3 'Execute: msiexec.exe /i "$OUTDIR\GEANTLink-$Platform.msi" REBOOT=Supress' |
| 98 | 98 | ClearErrors |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | Pop $rebootRequired |
| 105 | 105 | ${Else} |
| 106 | 106 | IfSilent +2 |
| 107 | - MessageBox MB_OK "<?php WindowsCommon::echoNsis( _("Error installing GEANTLink.\$\\nEmbedded installer didn't complete succesfully."))?>" |
|
| 107 | + MessageBox MB_OK "<?php WindowsCommon::echoNsis(_("Error installing GEANTLink.\$\\nEmbedded installer didn't complete succesfully."))?>" |
|
| 108 | 108 | Quit |
| 109 | 109 | ${EndIf} |
| 110 | 110 | Cont2: |
@@ -88,24 +88,24 @@ discard block |
||
| 88 | 88 | $reqAuthenticator = random_bytes(16); |
| 89 | 89 | $packetIdentifier = random_bytes(1); |
| 90 | 90 | // construct Status-Server packet |
| 91 | - $prePacket = RFC5997Tests::PACKET_TYPE_STATUS_SERVER . |
|
| 92 | - $packetIdentifier . |
|
| 93 | - RFC5997Tests::PACKET_LENGTH . |
|
| 94 | - $reqAuthenticator . |
|
| 95 | - RFC5997Tests::ATTRIBUTE_NAS_IDENTIFIER . |
|
| 96 | - RFC5997Tests::LENGTH_NAS_IDENTIFIER . |
|
| 91 | + $prePacket = RFC5997Tests::PACKET_TYPE_STATUS_SERVER. |
|
| 92 | + $packetIdentifier. |
|
| 93 | + RFC5997Tests::PACKET_LENGTH. |
|
| 94 | + $reqAuthenticator. |
|
| 95 | + RFC5997Tests::ATTRIBUTE_NAS_IDENTIFIER. |
|
| 96 | + RFC5997Tests::LENGTH_NAS_IDENTIFIER. |
|
| 97 | 97 | RFC5997Tests::VALUE_NAS_IDENTIFIER; |
| 98 | - $sigPacket = $prePacket . |
|
| 99 | - RFC5997Tests::ATTRIBUTE_MESSAGE_AUTHENTICATOR . |
|
| 100 | - RFC5997Tests::LENGTH_MESSAGE_AUTHENTICATOR . |
|
| 98 | + $sigPacket = $prePacket. |
|
| 99 | + RFC5997Tests::ATTRIBUTE_MESSAGE_AUTHENTICATOR. |
|
| 100 | + RFC5997Tests::LENGTH_MESSAGE_AUTHENTICATOR. |
|
| 101 | 101 | "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"; |
| 102 | - $authPacket = $prePacket . |
|
| 103 | - RFC5997Tests::ATTRIBUTE_MESSAGE_AUTHENTICATOR . |
|
| 104 | - RFC5997Tests::LENGTH_MESSAGE_AUTHENTICATOR . |
|
| 102 | + $authPacket = $prePacket. |
|
| 103 | + RFC5997Tests::ATTRIBUTE_MESSAGE_AUTHENTICATOR. |
|
| 104 | + RFC5997Tests::LENGTH_MESSAGE_AUTHENTICATOR. |
|
| 105 | 105 | hash_hmac("md5", $sigPacket, $this->secret, TRUE); |
| 106 | 106 | $connectErrorNumber = 0; |
| 107 | 107 | $connectErrorString = ""; |
| 108 | - $netHandle = fsockopen("udp://" . $this->ipAddr, $this->port, $connectErrorNumber, $connectErrorString, RFC5997Tests::CONNECTION_TIMEOUT); |
|
| 108 | + $netHandle = fsockopen("udp://".$this->ipAddr, $this->port, $connectErrorNumber, $connectErrorString, RFC5997Tests::CONNECTION_TIMEOUT); |
|
| 109 | 109 | if ($netHandle === FALSE) { |
| 110 | 110 | throw new Exception("Unable to establish UDP socket resource. Error number was $connectErrorNumber, '$connectErrorString'"); |
| 111 | 111 | } |
@@ -123,11 +123,11 @@ discard block |
||
| 123 | 123 | return AbstractTest::RETVAL_INVALID; |
| 124 | 124 | } |
| 125 | 125 | // check the response authenticator to prevent spoofing. |
| 126 | - $sigResponse = RFC5997Tests::PACKET_TYPE_ACCESS_ACCEPT . |
|
| 127 | - $packetIdentifier . |
|
| 128 | - $read[2] . $read[3] . |
|
| 129 | - $reqAuthenticator . |
|
| 130 | - substr($read, 20) . |
|
| 126 | + $sigResponse = RFC5997Tests::PACKET_TYPE_ACCESS_ACCEPT. |
|
| 127 | + $packetIdentifier. |
|
| 128 | + $read[2].$read[3]. |
|
| 129 | + $reqAuthenticator. |
|
| 130 | + substr($read, 20). |
|
| 131 | 131 | $this->secret; |
| 132 | 132 | $expected = hash("md5", $sigResponse, TRUE); |
| 133 | 133 | if ($expected != substr($read, 4, 16)) { |
