View GitHub Repository CAT

Schedule Inspection
Subscribe
Passed
Push — release_2_1 ( 7f34c3...f371be )
by Stefan
18:42
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +38 added lines, -38 removed lines patch added patch discarded remove patch 
@@ -27,9 +27,9 @@  discard block
 
 block discarded – undo
27 27 
     #private const EDUPKI_ENDPOINT_PUBLIC = "https://pki.edupki.org/edupki-ca/cgi-bin/pub/soap?wsdl=1";
28 28 
     #private const EDUPKI_ENDPOINT_RA = "https://ra.edupki.org/edupki-ca/cgi-bin/ra/soap?wsdl=1";
29 29
30 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
30 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
31 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
32 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
33 33 
     private const EDUPKI_RA_ID = 700;
34 34 
     private const EDUPKI_CERT_PROFILE_BOTH = "Radius Server SOAP";
35 35 
     private const EDUPKI_CERT_PROFILE_IDP = "Radius Server SOAP";
 
@@ -49,13 +49,13 @@  discard block
 
 block discarded – undo
49 49 
         parent::__construct();
50 50
51 51 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
52 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
52 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
53 53 
         }
54 54 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
55 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
55 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
56 56 
         }
57 57 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
58 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
58 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
59 59 
         }
60 60 
     }
61 61 
 
@@ -122,22 +122,22 @@  discard block
 
 block discarded – undo
122 122 
                 throw new Exception("Unexpected policies requested.");
123 123 
             }
124 124 
             $altArray = [# Array mit den Subject Alternative Names
125 
-                "email:" . $csr["USERMAIL"]
125 
+                "email:".$csr["USERMAIL"]
126 126 
             ];
127 127 
             foreach ($csr["ALTNAMES"] as $oneAltName) {
128 
-                $altArray[] = "DNS:" . $oneAltName;
128 
+                $altArray[] = "DNS:".$oneAltName;
129 129 
             }
130 130 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
131 131 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
132 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
133 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
132 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
133 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
134 134 
             $this->loggerInstance->debug(5, "PARAM_3: ");
135 135 
             $this->loggerInstance->debug(5, $altArray);
136 
-            $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n");
137 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
138 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
139 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
140 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
136 
+            $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n");
137 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
138 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
139 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
140 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
141 141 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
142 142 
             $soapNewRequest = $soapPub->newRequest(
143 143 
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
 
@@ -159,11 +159,11 @@  discard block
 
 block discarded – undo
159 159 
         } catch (Exception $e) {
160 160 
             // PHP 7.1 can do this much better
161 161 
             if (is_soap_fault($e)) {
162 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
162 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
163 163 
                     $e->faultstring
164 164 
                 }\n");
165 165 
             }
166 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
166 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
167 167 
         }
168 168 
         try {
169 169 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -197,7 +197,7 @@  discard block
 
 block discarded – undo
197 197 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
198 198 
             // rather than just using the string. Grr.
199 199 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
200 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
200 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
201 201 
             // retrieve our RA cert from filesystem
202 202 
             // the RA certificates are not needed right now because we
203 203 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -209,7 +209,7 @@  discard block
 
 block discarded – undo
209 209 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
210 210 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
211 211 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
212 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . ROOT . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
212 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT.CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".ROOT.CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
213 213 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
214 214 
             $output = [];
215 215 
             $return = 999;
 
@@ -218,21 +218,21 @@  discard block
 
 block discarded – undo
218 218 
                 throw new Exception("Non-zero return value from openssl smime!");
219 219 
             }
220 220 
             // and get the signature blob back from the filesystem
221 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
221 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
222 222 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
223 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
224 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
225 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
223 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
224 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
225 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
226 226 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
227 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
228 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
227 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
228 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
229 229 
             if ($soapIssueCert === FALSE) {
230 230 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
231 231 
             }
232 232 
         } catch (SoapFault $e) {
233 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
233 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
234 234 
         } catch (Exception $e) {
235 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
235 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
236 236 
         }
237 237 
         return $soapReqnum;
238 238 
     }
 
@@ -284,9 +284,9 @@  discard block
 
 block discarded – undo
284 284 
                 throw new Exception("CAInfo has no root certificate for us!");
285 285 
             }
286 286 
         } catch (SoapFault $e) {
287 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
287 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
288 288 
         } catch (Exception $e) {
289 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
289 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
290 290 
         }
291 291 
         return [
292 292 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -319,12 +319,12 @@  discard block
 
 block discarded – undo
319 319 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
320 320 
             // rather than just using the string. Grr.
321 321 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
322 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
322 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
323 323 
             // retrieve our RA cert from filesystem
324 324 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
325 325 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
326 326 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
327 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
327 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
328 328 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
329 329 
             $output = [];
330 330 
             $return = 999;
 
@@ -333,7 +333,7 @@  discard block
 
 block discarded – undo
333 333 
                 throw new Exception("Non-zero return value from openssl smime!");
334 334 
             }
335 335 
             // and get the signature blob back from the filesystem
336 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
336 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
337 337 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
338 338 
             if ($soapIssueRev === FALSE) {
339 339 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -341,9 +341,9 @@  discard block
 
 block discarded – undo
341 341 
         } catch (Exception $e) {
342 342 
             // PHP 7.1 can do this much better
343 343 
             if (is_soap_fault($e)) {
344 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
344 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
345 345 
             }
346 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
346 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
347 347 
         }
348 348 
     }
349 349 
 
@@ -443,9 +443,9 @@  discard block
 
 block discarded – undo
443 443 
      */
444 444 
     public function soapToXmlInteger($x)
445 445 
     {
446 
-        return '<' . $x[0] . '>'
446 
+        return '<'.$x[0].'>'
447 447 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
448 
-                . '</' . $x[0] . '>';
448 
+                . '</'.$x[0].'>';
449 449 
     }
450 450
451 451 
     /**
 
@@ -464,9 +464,9 @@  discard block
 
 block discarded – undo
464 464 
         // dump private key into directory
465 465 
         $outstring = "";
466 466 
         openssl_pkey_export($privateKey, $outstring);
467 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
467 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
468 468 
         // PHP can only do one DC in the Subject. But we need three.
469 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
469 
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
470 470 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
471 471 
         $output = [];
472 472 
         $return = 999;
Please login to merge, or discard this patch.