|
@@ -325,7 +325,7 @@ discard block |
|
|
block discarded – undo |
|
325
|
325
|
$invitationObject = new SilverbulletInvitation($token); |
|
326
|
326
|
$profile = new ProfileSilverbullet($invitationObject->profile); |
|
327
|
327
|
$inst = new IdP($profile->institution); |
|
328
|
|
- $loggerInstance->debug(5, "tokenStatus: done, got " . $invitationObject->invitationTokenStatus . ", " . $invitationObject->profile . ", " . $invitationObject->userId . ", " . $invitationObject->expiry . ", " . $invitationObject->invitationTokenString . "\n"); |
|
|
328
|
+ $loggerInstance->debug(5, "tokenStatus: done, got ".$invitationObject->invitationTokenStatus.", ".$invitationObject->profile.", ".$invitationObject->userId.", ".$invitationObject->expiry.", ".$invitationObject->invitationTokenString."\n"); |
|
329
|
329
|
if ($invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_VALID && $invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) { |
|
330
|
330
|
throw new Exception("Attempt to generate a SilverBullet installer with an invalid/redeemed/expired token. The user should never have gotten that far!"); |
|
331
|
331
|
} |
|
@@ -338,12 +338,12 @@ discard block |
|
|
block discarded – undo |
|
338
|
338
|
throw new Exception("Despite a valid token, the corresponding user was not found in database or database query error!"); |
|
339
|
339
|
} |
|
340
|
340
|
$expiryObject = mysqli_fetch_object(/** @scrutinizer ignore-type */ $userrow); |
|
341
|
|
- $loggerInstance->debug(5, "EXP: " . $expiryObject->expiry . "\n"); |
|
|
341
|
+ $loggerInstance->debug(5, "EXP: ".$expiryObject->expiry."\n"); |
|
342
|
342
|
$expiryDateObject = date_create_from_format("Y-m-d H:i:s", $expiryObject->expiry); |
|
343
|
343
|
if ($expiryDateObject === FALSE) { |
|
344
|
344
|
throw new Exception("The expiry date we got from the DB is bogus!"); |
|
345
|
345
|
} |
|
346
|
|
- $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s") . "\n"); |
|
|
346
|
+ $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s")."\n"); |
|
347
|
347
|
// date_create with no parameters can't fail, i.e. is never FALSE |
|
348
|
348
|
$validity = date_diff(/** @scrutinizer ignore-type */ date_create(), $expiryDateObject); |
|
349
|
349
|
$expiryDays = $validity->days + 1; |
|
@@ -377,14 +377,14 @@ discard block |
|
|
block discarded – undo |
|
377
|
377
|
$exportedCertClear = ""; |
|
378
|
378
|
openssl_pkcs12_export($cert, $exportedCertClear, $privateKey, "", ['extracerts' => [$issuingCaPem, $rootCaPem]]); |
|
379
|
379
|
$pkey_3des = ""; |
|
380
|
|
- openssl_pkey_export($privateKey, $pkey_3des, $importPassword, [ "encrypt_key_cipher" => OPENSSL_CIPHER_3DES ]); |
|
|
380
|
+ openssl_pkey_export($privateKey, $pkey_3des, $importPassword, ["encrypt_key_cipher" => OPENSSL_CIPHER_3DES]); |
|
381
|
381
|
// store resulting cert CN and expiry date in separate columns into DB - do not store the cert data itself as it contains the private key! |
|
382
|
382
|
// we need the *real* expiry date, not just the day-approximation |
|
383
|
383
|
$x509 = new \core\common\X509(); |
|
384
|
384
|
$certString = ""; |
|
385
|
385
|
openssl_x509_export($cert, $certString); |
|
386
|
386
|
$parsedCert = $x509->processCertificate($certString); |
|
387
|
|
- $loggerInstance->debug(5, "CERTINFO: " . /** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true)); |
|
|
387
|
+ $loggerInstance->debug(5, "CERTINFO: "./** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true)); |
|
388
|
388
|
$realExpiryDate = date_create_from_format("U", $parsedCert['full_details']['validTo_time_t'])->format("Y-m-d H:i:s"); |
|
389
|
389
|
|
|
390
|
390
|
// store new cert info in DB |
|
@@ -396,7 +396,7 @@ discard block |
|
|
block discarded – undo |
|
396
|
396
|
// let the RADIUS users know the actual username for CUI generation |
|
397
|
397
|
$radiusDbs = DBConnection::handle("RADIUS"); // is an array of server conns |
|
398
|
398
|
foreach ($radiusDbs as $oneRadiusDb) { |
|
399
|
|
- $oneRadiusDb->exec("INSERT IGNORE INTO radcheck (username, attribute, op, value) VALUES (?, 'CUI-Source-Username', ':=', ?)", "ss", ($profile->getUserById($invitationObject->userId))[$invitationObject->userId] , $csr["USERNAME"]); |
|
|
399
|
+ $oneRadiusDb->exec("INSERT IGNORE INTO radcheck (username, attribute, op, value) VALUES (?, 'CUI-Source-Username', ':=', ?)", "ss", ($profile->getUserById($invitationObject->userId))[$invitationObject->userId], $csr["USERNAME"]); |
|
400
|
400
|
} |
|
401
|
401
|
|
|
402
|
402
|
// return PKCS#12 data stream |
|
@@ -453,7 +453,7 @@ discard block |
|
|
block discarded – undo |
|
453
|
453
|
$username = ""; |
|
454
|
454
|
while ($usernameIsUnique === FALSE) { |
|
455
|
455
|
$usernameLocalPart = common\Entity::randomString(64 - 1 - strlen($realm), "0123456789abcdefghijklmnopqrstuvwxyz"); |
|
456
|
|
- $username = $usernameLocalPart . "@" . $realm; |
|
|
456
|
+ $username = $usernameLocalPart."@".$realm; |
|
457
|
457
|
$uniquenessQuery = $databaseHandle->exec("SELECT cn from silverbullet_certificate WHERE cn = ? AND ca_type = ?", "ss", $username, $certtype); |
|
458
|
458
|
// SELECT -> resource, not boolean |
|
459
|
459
|
if (mysqli_num_rows(/** @scrutinizer ignore-type */ $uniquenessQuery) == 0) { |
GEANT /
CAT
