View GitHub Repository CAT

Schedule Inspection
Subscribe
Passed
Push — release_2_1 ( 1fde73...fd72d6 )
by Tomasz
22:47
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +38 added lines, -38 removed lines patch added patch discarded remove patch 
@@ -27,9 +27,9 @@  discard block
 
 block discarded – undo
27 27 
     #private const EDUPKI_ENDPOINT_PUBLIC = "https://pki.edupki.org/edupki-ca/cgi-bin/pub/soap?wsdl=1";
28 28 
     #private const EDUPKI_ENDPOINT_RA = "https://ra.edupki.org/edupki-ca/cgi-bin/ra/soap?wsdl=1";
29 29
30 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
30 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
33 33 
     private const EDUPKI_RA_ID = 700;
34 34 
     private const EDUPKI_CERT_PROFILE_BOTH = "Radius Server SOAP";
35 35 
     private const EDUPKI_CERT_PROFILE_IDP = "Radius Server SOAP";
 
@@ -49,13 +49,13 @@  discard block
 
 block discarded – undo
49 49 
         parent::__construct();
50 50
51 51 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
52 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
52 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
53 53 
         }
54 54 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
55 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
55 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
56 56 
         }
57 57 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
58 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
58 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
59 59 
         }
60 60 
     }
61 61 
 
@@ -122,22 +122,22 @@  discard block
 
 block discarded – undo
122 122 
                 throw new Exception("Unexpected policies requested.");
123 123 
             }
124 124 
             $altArray = [# Array mit den Subject Alternative Names
125 
-                "email:" . $csr["USERMAIL"]
125 
+                "email:".$csr["USERMAIL"]
126 126 
             ];
127 127 
             foreach ($csr["ALTNAMES"] as $oneAltName) {
128 
-                $altArray[] = "DNS:" . $oneAltName;
128 
+                $altArray[] = "DNS:".$oneAltName;
129 129 
             }
130 130 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
131 131 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
132 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
133 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
132 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
133 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
134 134 
             $this->loggerInstance->debug(5, "PARAM_3: ");
135 135 
             $this->loggerInstance->debug(5, $altArray);
136 
-            $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n");
137 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
138 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
139 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
140 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
136 
+            $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n");
137 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
138 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
139 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
140 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
141 141 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
142 142 
             $soapNewRequest = $soapPub->newRequest(
143 143 
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
 
@@ -159,11 +159,11 @@  discard block
 
 block discarded – undo
159 159 
         } catch (Exception $e) {
160 160 
             // PHP 7.1 can do this much better
161 161 
             if (is_soap_fault($e)) {
162 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
162 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
163 163 
                     $e->faultstring
164 164 
                 }\n");
165 165 
             }
166 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
166 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
167 167 
         }
168 168 
         try {
169 169 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -195,7 +195,7 @@  discard block
 
 block discarded – undo
195 195 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
196 196 
             // rather than just using the string. Grr.
197 197 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
198 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
198 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
199 199 
             // retrieve our RA cert from filesystem
200 200 
             // the RA certificates are not needed right now because we
201 201 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -207,7 +207,7 @@  discard block
 
 block discarded – undo
207 207 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
208 208 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
209 209 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
210 
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
210 
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
211 211 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
212 212 
             $output = [];
213 213 
             $return = 999;
 
@@ -216,21 +216,21 @@  discard block
 
 block discarded – undo
216 216 
                 throw new Exception("Non-zero return value from openssl smime!");
217 217 
             }
218 218 
             // and get the signature blob back from the filesystem
219 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
219 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
220 220 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
221 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
222 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
223 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
221 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
222 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
223 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
224 224 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
225 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
226 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
225 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
226 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
227 227 
             if ($soapIssueCert === FALSE) {
228 228 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
229 229 
             }
230 230 
         } catch (SoapFault $e) {
231 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
231 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
232 232 
         } catch (Exception $e) {
233 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
233 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
234 234 
         }
235 235 
         return $soapReqnum;
236 236 
     }
 
@@ -282,9 +282,9 @@  discard block
 
 block discarded – undo
282 282 
                 throw new Exception("CAInfo has no root certificate for us!");
283 283 
             }
284 284 
         } catch (SoapFault $e) {
285 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
285 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
286 286 
         } catch (Exception $e) {
287 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
287 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
288 288 
         }
289 289 
         return [
290 290 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -317,12 +317,12 @@  discard block
 
 block discarded – undo
317 317 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
318 318 
             // rather than just using the string. Grr.
319 319 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
320 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
320 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
321 321 
             // retrieve our RA cert from filesystem
322 322 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
323 323 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
324 324 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
325 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
325 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
326 326 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
327 327 
             $output = [];
328 328 
             $return = 999;
 
@@ -331,7 +331,7 @@  discard block
 
 block discarded – undo
331 331 
                 throw new Exception("Non-zero return value from openssl smime!");
332 332 
             }
333 333 
             // and get the signature blob back from the filesystem
334 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
334 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
335 335 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
336 336 
             if ($soapIssueRev === FALSE) {
337 337 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -339,9 +339,9 @@  discard block
 
 block discarded – undo
339 339 
         } catch (Exception $e) {
340 340 
             // PHP 7.1 can do this much better
341 341 
             if (is_soap_fault($e)) {
342 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
342 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
343 343 
             }
344 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
344 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
345 345 
         }
346 346 
     }
347 347 
 
@@ -441,9 +441,9 @@  discard block
 
 block discarded – undo
441 441 
      */
442 442 
     public function soapToXmlInteger($x)
443 443 
     {
444 
-        return '<' . $x[0] . '>'
444 
+        return '<'.$x[0].'>'
445 445 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
446 
-                . '</' . $x[0] . '>';
446 
+                . '</'.$x[0].'>';
447 447 
     }
448 448
449 449 
     /**
 
@@ -462,9 +462,9 @@  discard block
 
 block discarded – undo
462 462 
         // dump private key into directory
463 463 
         $outstring = "";
464 464 
         openssl_pkey_export($privateKey, $outstring);
465 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
465 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
466 466 
         // PHP can only do one DC in the Subject. But we need three.
467 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
467 
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
468 468 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
469 469 
         $output = [];
470 470 
         $return = 999;
Please login to merge, or discard this patch.