GEANT /
CAT
@@ -15,10 +15,10 @@ discard block |
||
| 15 | 15 | |
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface { |
| 17 | 17 | |
| 18 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 19 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 21 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 18 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 19 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 21 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 22 | 22 | |
| 23 | 23 | /** |
| 24 | 24 | * string with the PEM variant of the root CA |
@@ -59,11 +59,11 @@ discard block |
||
| 59 | 59 | parent::__construct(); |
| 60 | 60 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 61 | 61 | if ($this->rootPem === FALSE) { |
| 62 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 62 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 63 | 63 | } |
| 64 | 64 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 65 | 65 | if ($this->issuingCertRaw === FALSE) { |
| 66 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 66 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 67 | 67 | } |
| 68 | 68 | $rootParsed = openssl_x509_read($this->rootPem); |
| 69 | 69 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -71,15 +71,15 @@ discard block |
||
| 71 | 71 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 72 | 72 | } |
| 73 | 73 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 74 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 74 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 75 | 75 | } |
| 76 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 76 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 77 | 77 | if ($issuingKeyTemp === FALSE) { |
| 78 | 78 | throw new Exception("The private key did not parse correctly!"); |
| 79 | 79 | } |
| 80 | 80 | $this->issuingKey = $issuingKeyTemp; |
| 81 | 81 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 82 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 82 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 83 | 83 | } |
| 84 | 84 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 85 | 85 | } |
@@ -112,26 +112,26 @@ discard block |
||
| 112 | 112 | // generate stub index.txt file |
| 113 | 113 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 114 | 114 | $tempdir = $tempdirArray['dir']; |
| 115 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 116 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 115 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 116 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 117 | 117 | $serialHex = strtoupper(dechex($cert->serial)); |
| 118 | 118 | if (strlen($serialHex) % 2 == 1) { |
| 119 | - $serialHex = "0" . $serialHex; |
|
| 119 | + $serialHex = "0".$serialHex; |
|
| 120 | 120 | } |
| 121 | 121 | |
| 122 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 122 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 123 | 123 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 124 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 124 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 125 | 125 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 126 | 126 | } |
| 127 | 127 | // index.txt.attr is dull but needs to exist |
| 128 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 128 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 129 | 129 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 130 | 130 | // adding "-rmd sha1" to the following command-line makes the |
| 131 | 131 | // choice of signature algorithm for the response explicit |
| 132 | 132 | // but it's only available from openssl-1.1.0 (which we do not |
| 133 | 133 | // want to require just for that one thing). |
| 134 | - $execCmd = CONFIG['PATHS']['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 134 | + $execCmd = CONFIG['PATHS']['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 135 | 135 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 136 | 136 | $output = []; |
| 137 | 137 | $return = 999; |
@@ -139,11 +139,11 @@ discard block |
||
| 139 | 139 | if ($return !== 0) { |
| 140 | 140 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 141 | 141 | } |
| 142 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 142 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 143 | 143 | // remove the temp dir! |
| 144 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 145 | - unlink($tempdir . "/index.txt.attr"); |
|
| 146 | - unlink($tempdir . "/index.txt"); |
|
| 144 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 145 | + unlink($tempdir."/index.txt.attr"); |
|
| 146 | + unlink($tempdir."/index.txt"); |
|
| 147 | 147 | rmdir($tempdir); |
| 148 | 148 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 149 | 149 | return $ocsp; |
@@ -163,7 +163,7 @@ |
||
| 163 | 163 | * @return CertificationAuthorityInterface engine to use |
| 164 | 164 | */ |
| 165 | 165 | public static function getCaEngine($type) { |
| 166 | - switch ($type) { |
|
| 166 | + switch ($type) { |
|
| 167 | 167 | case \devices\Devices::SUPPORT_EMBEDDED_RSA: |
| 168 | 168 | $caEngine = new CertificationAuthorityEmbeddedRSA(); |
| 169 | 169 | break; |
@@ -15,10 +15,10 @@ discard block |
||
| 15 | 15 | |
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface { |
| 17 | 17 | |
| 18 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 19 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 21 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 18 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 19 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 21 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 22 | 22 | |
| 23 | 23 | /** |
| 24 | 24 | * string with the PEM variant of the root CA |
@@ -59,11 +59,11 @@ discard block |
||
| 59 | 59 | parent::__construct(); |
| 60 | 60 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 61 | 61 | if ($this->rootPem === FALSE) { |
| 62 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 62 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 63 | 63 | } |
| 64 | 64 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 65 | 65 | if ($this->issuingCertRaw === FALSE) { |
| 66 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 66 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 67 | 67 | } |
| 68 | 68 | $rootParsed = openssl_x509_read($this->rootPem); |
| 69 | 69 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -71,15 +71,15 @@ discard block |
||
| 71 | 71 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 72 | 72 | } |
| 73 | 73 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 74 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 74 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 75 | 75 | } |
| 76 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 76 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 77 | 77 | if ($issuingKeyTemp === FALSE) { |
| 78 | 78 | throw new Exception("The private key did not parse correctly!"); |
| 79 | 79 | } |
| 80 | 80 | $this->issuingKey = $issuingKeyTemp; |
| 81 | 81 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 82 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 82 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 83 | 83 | } |
| 84 | 84 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 85 | 85 | } |
@@ -112,26 +112,26 @@ discard block |
||
| 112 | 112 | // generate stub index.txt file |
| 113 | 113 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 114 | 114 | $tempdir = $tempdirArray['dir']; |
| 115 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 116 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 115 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 116 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 117 | 117 | $serialHex = strtoupper(dechex($cert->serial)); |
| 118 | 118 | if (strlen($serialHex) % 2 == 1) { |
| 119 | - $serialHex = "0" . $serialHex; |
|
| 119 | + $serialHex = "0".$serialHex; |
|
| 120 | 120 | } |
| 121 | 121 | |
| 122 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 122 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 123 | 123 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 124 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 124 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 125 | 125 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 126 | 126 | } |
| 127 | 127 | // index.txt.attr is dull but needs to exist |
| 128 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 128 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 129 | 129 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 130 | 130 | // adding "-rmd sha1" to the following command-line makes the |
| 131 | 131 | // choice of signature algorithm for the response explicit |
| 132 | 132 | // but it's only available from openssl-1.1.0 (which we do not |
| 133 | 133 | // want to require just for that one thing). |
| 134 | - $execCmd = CONFIG['PATHS']['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 134 | + $execCmd = CONFIG['PATHS']['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 135 | 135 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 136 | 136 | $output = []; |
| 137 | 137 | $return = 999; |
@@ -139,11 +139,11 @@ discard block |
||
| 139 | 139 | if ($return !== 0) { |
| 140 | 140 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 141 | 141 | } |
| 142 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 142 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 143 | 143 | // remove the temp dir! |
| 144 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 145 | - unlink($tempdir . "/index.txt.attr"); |
|
| 146 | - unlink($tempdir . "/index.txt"); |
|
| 144 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 145 | + unlink($tempdir."/index.txt.attr"); |
|
| 146 | + unlink($tempdir."/index.txt"); |
|
| 147 | 147 | rmdir($tempdir); |
| 148 | 148 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 149 | 149 | return $ocsp; |
@@ -16,9 +16,9 @@ discard block |
||
| 16 | 16 | |
| 17 | 17 | class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface { |
| 18 | 18 | |
| 19 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 20 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 21 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 19 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 20 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 21 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 22 | 22 | private const EDUPKI_RA_ID = 700; |
| 23 | 23 | private const EDUPKI_CERT_PROFILE = "User SOAP"; |
| 24 | 24 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -28,13 +28,13 @@ discard block |
||
| 28 | 28 | parent::__construct(); |
| 29 | 29 | |
| 30 | 30 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) { |
| 31 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 31 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT); |
|
| 32 | 32 | } |
| 33 | 33 | if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) { |
| 34 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 34 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY); |
|
| 35 | 35 | } |
| 36 | 36 | if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) { |
| 37 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 37 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT); |
|
| 38 | 38 | } |
| 39 | 39 | } |
| 40 | 40 | |
@@ -48,19 +48,19 @@ discard block |
||
| 48 | 48 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 49 | 49 | try { |
| 50 | 50 | $altArray = [# Array mit den Subject Alternative Names |
| 51 | - "email:" . $csr["USERNAME"] |
|
| 51 | + "email:".$csr["USERNAME"] |
|
| 52 | 52 | ]; |
| 53 | 53 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 54 | 54 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 55 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n"); |
|
| 56 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR"] . "\n"); |
|
| 55 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n"); |
|
| 56 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR"]."\n"); |
|
| 57 | 57 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 58 | 58 | $this->loggerInstance->debug(5, $altArray); |
| 59 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n"); |
|
| 60 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 61 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 62 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n"); |
|
| 63 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 59 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n"); |
|
| 60 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 61 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 62 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n"); |
|
| 63 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 64 | 64 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 65 | 65 | $soapNewRequest = $soapPub->newRequest( |
| 66 | 66 | CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID |
@@ -82,11 +82,11 @@ discard block |
||
| 82 | 82 | } catch (Exception $e) { |
| 83 | 83 | // PHP 7.1 can do this much better |
| 84 | 84 | if (is_soap_fault($e)) { |
| 85 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 85 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 86 | 86 | $e->faultstring |
| 87 | 87 | }\n"); |
| 88 | 88 | } |
| 89 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 89 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 90 | 90 | } |
| 91 | 91 | try { |
| 92 | 92 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -98,8 +98,8 @@ discard block |
||
| 98 | 98 | $soapReqnum, [ |
| 99 | 99 | "RaID" => SilverbulletCertificate::EDUPKI_RA_ID, |
| 100 | 100 | "Role" => SilverbulletCertificate::EDUPKI_CERT_PROFILE, |
| 101 | - "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'], |
|
| 102 | - "SubjectAltNames" => ["email:" . $csr["USERNAME"]], |
|
| 101 | + "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'], |
|
| 102 | + "SubjectAltNames" => ["email:".$csr["USERNAME"]], |
|
| 103 | 103 | "NotBefore" => (new \DateTime())->format('c'), |
| 104 | 104 | "NotAfter" => $expiry->format('c'), |
| 105 | 105 | ] |
@@ -118,7 +118,7 @@ discard block |
||
| 118 | 118 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 119 | 119 | // rather than just using the string. Grr. |
| 120 | 120 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 121 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 121 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 122 | 122 | // retrieve our RA cert from filesystem |
| 123 | 123 | // the RA certificates are not needed right now because we |
| 124 | 124 | // have resorted to S/MIME signatures with openssl command-line |
@@ -130,7 +130,7 @@ discard block |
||
| 130 | 130 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 131 | 131 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 132 | 132 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 133 | - $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 133 | + $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 134 | 134 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 135 | 135 | $output = []; |
| 136 | 136 | $return = 999; |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | throw new Exception("Non-zero return value from openssl smime!"); |
| 140 | 140 | } |
| 141 | 141 | // and get the signature blob back from the filesystem |
| 142 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 142 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 143 | 143 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 144 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 145 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 146 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 144 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 145 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 146 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 147 | 147 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 148 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 149 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 148 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 149 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 150 | 150 | if ($soapIssueCert === FALSE) { |
| 151 | 151 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 152 | 152 | } |
@@ -183,9 +183,9 @@ discard block |
||
| 183 | 183 | throw new Exception("CAInfo has no root certificate for us!"); |
| 184 | 184 | } |
| 185 | 185 | } catch (SoapFault $e) { |
| 186 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 186 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 187 | 187 | } catch (Exception $e) { |
| 188 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 188 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 189 | 189 | } |
| 190 | 190 | return [ |
| 191 | 191 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -210,12 +210,12 @@ discard block |
||
| 210 | 210 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 211 | 211 | // rather than just using the string. Grr. |
| 212 | 212 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 213 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 213 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 214 | 214 | // retrieve our RA cert from filesystem |
| 215 | 215 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 216 | 216 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 217 | 217 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 218 | - $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 218 | + $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT; |
|
| 219 | 219 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 220 | 220 | $output = []; |
| 221 | 221 | $return = 999; |
@@ -224,7 +224,7 @@ discard block |
||
| 224 | 224 | throw new Exception("Non-zero return value from openssl smime!"); |
| 225 | 225 | } |
| 226 | 226 | // and get the signature blob back from the filesystem |
| 227 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 227 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 228 | 228 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 229 | 229 | if ($soapIssueRev === FALSE) { |
| 230 | 230 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -232,9 +232,9 @@ discard block |
||
| 232 | 232 | } catch (Exception $e) { |
| 233 | 233 | // PHP 7.1 can do this much better |
| 234 | 234 | if (is_soap_fault($e)) { |
| 235 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 235 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 236 | 236 | } |
| 237 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 237 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 238 | 238 | } |
| 239 | 239 | } |
| 240 | 240 | |
@@ -331,9 +331,9 @@ discard block |
||
| 331 | 331 | * @return string the integer as string in an XML fragment |
| 332 | 332 | */ |
| 333 | 333 | public function soapToXmlInteger($x) { |
| 334 | - return '<' . $x[0] . '>' |
|
| 334 | + return '<'.$x[0].'>' |
|
| 335 | 335 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 336 | - . '</' . $x[0] . '>'; |
|
| 336 | + . '</'.$x[0].'>'; |
|
| 337 | 337 | } |
| 338 | 338 | |
| 339 | 339 | public function generateCompatibleCsr($privateKey, $fed, $username): array { |
@@ -342,9 +342,9 @@ discard block |
||
| 342 | 342 | // dump private key into directory |
| 343 | 343 | $outstring = ""; |
| 344 | 344 | openssl_pkey_export($privateKey, $outstring); |
| 345 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 345 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 346 | 346 | // PHP can only do one DC in the Subject. But we need three. |
| 347 | - $execCmd = CONFIG['PATHS']['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 347 | + $execCmd = CONFIG['PATHS']['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 348 | 348 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 349 | 349 | $output = []; |
| 350 | 350 | $return = 999; |
