View GitHub Repository CAT

Schedule Inspection
Subscribe
Passed
Push — release_2_1 ( 6db961...66aac5 )
by Stefan
09:11
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +38 added lines, -38 removed lines patch added patch discarded remove patch 
@@ -24,9 +24,9 @@  discard block
 
 block discarded – undo
24 24 
     #private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
25 25
26 26
27 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
28 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
29 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
27 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
28 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
29 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
30 30 
     private const EDUPKI_RA_ID = 700;
31 31 
     private const EDUPKI_CERT_PROFILE = "Radius Server SOAP";
32 32 
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
 
@@ -42,13 +42,13 @@  discard block
 
 block discarded – undo
42 42 
         parent::__construct();
43 43
44 44 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
45 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
45 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
46 46 
         }
47 47 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
48 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
48 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
49 49 
         }
50 50 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
51 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
51 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
52 52 
         }
53 53 
     }
54 54 
 
@@ -106,22 +106,22 @@  discard block
 
 block discarded – undo
106 106 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
107 107 
         try {
108 108 
             $altArray = [# Array mit den Subject Alternative Names
109 
-                "email:" . $csr["USERMAIL"]
109 
+                "email:".$csr["USERMAIL"]
110 110 
             ];
111 111 
             foreach ($csr["ALTNAMES"] as $oneAltName) {
112 
-                $altArray[] = "DNS:" . $oneAltName;
112 
+                $altArray[] = "DNS:".$oneAltName;
113 113 
             }
114 114 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
115 115 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
116 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
117 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
116 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
117 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
118 118 
             $this->loggerInstance->debug(5, "PARAM_3: ");
119 119 
             $this->loggerInstance->debug(5, $altArray);
120 
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n");
121 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
122 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
123 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
124 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
120 
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n");
121 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
122 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
123 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
124 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
125 125 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
126 126 
             $soapNewRequest = $soapPub->newRequest(
127 127 
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
 
@@ -143,11 +143,11 @@  discard block
 
 block discarded – undo
143 143 
         } catch (Exception $e) {
144 144 
             // PHP 7.1 can do this much better
145 145 
             if (is_soap_fault($e)) {
146 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
146 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
147 147 
                     $e->faultstring
148 148 
                 }\n");
149 149 
             }
150 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
150 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
151 151 
         }
152 152 
         try {
153 153 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -181,7 +181,7 @@  discard block
 
 block discarded – undo
181 181 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
182 182 
             // rather than just using the string. Grr.
183 183 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
184 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
184 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
185 185 
             // retrieve our RA cert from filesystem
186 186 
             // the RA certificates are not needed right now because we
187 187 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -193,7 +193,7 @@  discard block
 
 block discarded – undo
193 193 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
194 194 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
195 195 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
196 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
196 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
197 197 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
198 198 
             $output = [];
199 199 
             $return = 999;
 
@@ -202,21 +202,21 @@  discard block
 
 block discarded – undo
202 202 
                 throw new Exception("Non-zero return value from openssl smime!");
203 203 
             }
204 204 
             // and get the signature blob back from the filesystem
205 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
205 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
206 206 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
207 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
208 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
209 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
207 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
208 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
209 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
210 210 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
211 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
212 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
211 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
212 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
213 213 
             if ($soapIssueCert === FALSE) {
214 214 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
215 215 
             }
216 216 
         } catch (SoapFault $e) {
217 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
217 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
218 218 
         } catch (Exception $e) {
219 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
219 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
220 220 
         }
221 221 
         return $soapReqnum;
222 222 
     }
 
@@ -268,9 +268,9 @@  discard block
 
 block discarded – undo
268 268 
                 throw new Exception("CAInfo has no root certificate for us!");
269 269 
             }
270 270 
         } catch (SoapFault $e) {
271 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
271 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
272 272 
         } catch (Exception $e) {
273 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
273 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
274 274 
         }
275 275 
         return [
276 276 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -303,12 +303,12 @@  discard block
 
 block discarded – undo
303 303 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
304 304 
             // rather than just using the string. Grr.
305 305 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
306 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
306 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
307 307 
             // retrieve our RA cert from filesystem
308 308 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
309 309 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
310 310 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
311 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
311 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
312 312 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
313 313 
             $output = [];
314 314 
             $return = 999;
 
@@ -317,7 +317,7 @@  discard block
 
 block discarded – undo
317 317 
                 throw new Exception("Non-zero return value from openssl smime!");
318 318 
             }
319 319 
             // and get the signature blob back from the filesystem
320 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
320 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
321 321 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
322 322 
             if ($soapIssueRev === FALSE) {
323 323 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -325,9 +325,9 @@  discard block
 
 block discarded – undo
325 325 
         } catch (Exception $e) {
326 326 
             // PHP 7.1 can do this much better
327 327 
             if (is_soap_fault($e)) {
328 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
328 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
329 329 
             }
330 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
330 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
331 331 
         }
332 332 
     }
333 333 
 
@@ -427,9 +427,9 @@  discard block
 
 block discarded – undo
427 427 
      */
428 428 
     public function soapToXmlInteger($x)
429 429 
     {
430 
-        return '<' . $x[0] . '>'
430 
+        return '<'.$x[0].'>'
431 431 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
432 
-                . '</' . $x[0] . '>';
432 
+                . '</'.$x[0].'>';
433 433 
     }
434 434
435 435 
     /**
 
@@ -448,9 +448,9 @@  discard block
 
 block discarded – undo
448 448 
         // dump private key into directory
449 449 
         $outstring = "";
450 450 
         openssl_pkey_export($privateKey, $outstring);
451 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
451 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
452 452 
         // PHP can only do one DC in the Subject. But we need three.
453 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
453 
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
454 454 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
455 455 
         $output = [];
456 456 
         $return = 999;
Please login to merge, or discard this patch.