GEANT /
CAT
@@ -89,7 +89,7 @@ discard block |
||
| 89 | 89 | |
| 90 | 90 | // realm is automatically calculated, then stored in DB |
| 91 | 91 | |
| 92 | - $this->realm = "opaquehash@$myInst->identifier-$this->identifier." . strtolower($myInst->federation) . CONFIG_CONFASSISTANT['SILVERBULLET']['realm_suffix']; |
|
| 92 | + $this->realm = "opaquehash@$myInst->identifier-$this->identifier.".strtolower($myInst->federation).CONFIG_CONFASSISTANT['SILVERBULLET']['realm_suffix']; |
|
| 93 | 93 | $localValueIfAny = ""; |
| 94 | 94 | |
| 95 | 95 | // but there's some common internal attributes populated directly |
@@ -106,10 +106,10 @@ discard block |
||
| 106 | 106 | |
| 107 | 107 | // and we need to populate eap:server_name and eap:ca_file with the NRO-specific EAP information |
| 108 | 108 | $silverbulletAttributes = [ |
| 109 | - "eap:server_name" => "auth." . strtolower($myFed->tld) . CONFIG_CONFASSISTANT['SILVERBULLET']['server_suffix'], |
|
| 109 | + "eap:server_name" => "auth.".strtolower($myFed->tld).CONFIG_CONFASSISTANT['SILVERBULLET']['server_suffix'], |
|
| 110 | 110 | ]; |
| 111 | 111 | $x509 = new \core\common\X509(); |
| 112 | - $caHandle = fopen(dirname(__FILE__) . "/../config/SilverbulletServerCerts/" . strtoupper($myFed->tld) . "/root.pem", "r"); |
|
| 112 | + $caHandle = fopen(dirname(__FILE__)."/../config/SilverbulletServerCerts/".strtoupper($myFed->tld)."/root.pem", "r"); |
|
| 113 | 113 | if ($caHandle !== FALSE) { |
| 114 | 114 | $cAFile = fread($caHandle, 16000000); |
| 115 | 115 | $silverbulletAttributes["eap:ca_file"] = $x509->der2pem(($x509->pem2der($cAFile))); |
@@ -129,26 +129,26 @@ discard block |
||
| 129 | 129 | $this->loggerInstance->debug(3, "--- END Constructing new Profile object ... ---\n"); |
| 130 | 130 | |
| 131 | 131 | $this->termsAndConditions = "<h2>Product Definition</h2> |
| 132 | - <p>" . \core\ProfileSilverbullet::PRODUCTNAME . " outsources the technical setup of " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'] . " " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . " functions to the " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'] . " Operations Team. The system includes</p> |
|
| 132 | + <p>" . \core\ProfileSilverbullet::PRODUCTNAME." outsources the technical setup of ".CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']." ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution']." functions to the ".CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']." Operations Team. The system includes</p> |
|
| 133 | 133 | <ul> |
| 134 | 134 | <li>a web-based user management interface where user accounts and access credentials can be created and revoked (there is a limit to the number of active users)</li> |
| 135 | 135 | <li>a technical infrastructure ('CA') which issues and revokes credentials</li> |
| 136 | - <li>a technical infrastructure ('RADIUS') which verifies access credentials and subsequently grants access to " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'] . "</li> |
|
| 136 | + <li>a technical infrastructure ('RADIUS') which verifies access credentials and subsequently grants access to " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']."</li> |
|
| 137 | 137 | </ul> |
| 138 | 138 | <h2>User Account Liability</h2> |
| 139 | - <p>As an " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'] . " " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . " administrator using this system, you are authorized to create user accounts according to your local " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . " policy. You are fully responsible for the accounts you issue and are the data controller for all user information you deposit in this system; the system is a data processor.</p>"; |
|
| 139 | + <p>As an " . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']." ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution']." administrator using this system, you are authorized to create user accounts according to your local ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution']." policy. You are fully responsible for the accounts you issue and are the data controller for all user information you deposit in this system; the system is a data processor.</p>"; |
|
| 140 | 140 | $this->termsAndConditions .= "<p>Your responsibilities include that you</p> |
| 141 | 141 | <ul> |
| 142 | - <li>only issue accounts to members of your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . ", as defined by your local policy.</li> |
|
| 142 | + <li>only issue accounts to members of your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'].", as defined by your local policy.</li> |
|
| 143 | 143 | <li>must make sure that all accounts that you issue can be linked by you to actual human end users</li> |
| 144 | - <li>have to immediately revoke accounts of users when they leave or otherwise stop being a member of your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . "</li> |
|
| 144 | + <li>have to immediately revoke accounts of users when they leave or otherwise stop being a member of your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution']."</li> |
|
| 145 | 145 | <li>will act upon notifications about possible network abuse by your users and will appropriately sanction them</li> |
| 146 | 146 | </ul> |
| 147 | 147 | <p>"; |
| 148 | - $this->termsAndConditions .= "Failure to comply with these requirements may make your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_federation'] . " act on your behalf, which you authorise, and will ultimately lead to the deletion of your " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution'] . " (and all the users you create inside) in this system."; |
|
| 148 | + $this->termsAndConditions .= "Failure to comply with these requirements may make your ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_federation']." act on your behalf, which you authorise, and will ultimately lead to the deletion of your ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_institution']." (and all the users you create inside) in this system."; |
|
| 149 | 149 | $this->termsAndConditions .= "</p> |
| 150 | 150 | <h2>Privacy</h2> |
| 151 | - <p>With " . \core\ProfileSilverbullet::PRODUCTNAME . ", we are necessarily storing personally identifiable information about the end users you create. While the actual human is only identifiable with your help, we consider all the user data as relevant in terms of privacy jurisdiction. Please note that</p> |
|
| 151 | + <p>With " . \core\ProfileSilverbullet::PRODUCTNAME.", we are necessarily storing personally identifiable information about the end users you create. While the actual human is only identifiable with your help, we consider all the user data as relevant in terms of privacy jurisdiction. Please note that</p> |
|
| 152 | 152 | <ul> |
| 153 | 153 | <li>You are the only one who needs to be able to make a link to the human behind the usernames you create. The usernames you create in the system have to be rich enough to allow you to make that identification step. Also consider situations when you are unavailable or leave the organisation and someone else needs to perform the matching to an individual.</li> |
| 154 | 154 | <li>The identifiers we create in the credentials are not linked to the usernames you add to the system; they are randomly generated pseudonyms.</li> |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | */ |
| 130 | 130 | protected function saveDownloadDetails($idpIdentifier, $profileId, $deviceId, $area, $lang, $eapType) { |
| 131 | 131 | if (CONFIG['PATHS']['logdir']) { |
| 132 | - $file = fopen(CONFIG['PATHS']['logdir'] . "/download_details.log", "a"); |
|
| 132 | + $file = fopen(CONFIG['PATHS']['logdir']."/download_details.log", "a"); |
|
| 133 | 133 | if ($file === FALSE) { |
| 134 | 134 | throw new Exception("Unable to open file for append: $file"); |
| 135 | 135 | } |
@@ -155,7 +155,7 @@ discard block |
||
| 155 | 155 | $eaptype = new common\EAP($eapQuery->eap_method_id); |
| 156 | 156 | $eapTypeArray[] = $eaptype; |
| 157 | 157 | } |
| 158 | - $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n" . print_r($eapTypeArray, true)); |
|
| 158 | + $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n".print_r($eapTypeArray, true)); |
|
| 159 | 159 | return $eapTypeArray; |
| 160 | 160 | } |
| 161 | 161 | |
@@ -210,7 +210,7 @@ discard block |
||
| 210 | 210 | foreach ($new as $attrib) { |
| 211 | 211 | $ignore = ""; |
| 212 | 212 | foreach ($existing as $approvedAttrib) { |
| 213 | - if (($attrib["name"] == $approvedAttrib["name"] && $approvedAttrib["level"] != $newlevel) && ($approvedAttrib["name"] != "device-specific:redirect") ){ |
|
| 213 | + if (($attrib["name"] == $approvedAttrib["name"] && $approvedAttrib["level"] != $newlevel) && ($approvedAttrib["name"] != "device-specific:redirect")) { |
|
| 214 | 214 | $ignore = "YES"; |
| 215 | 215 | } |
| 216 | 216 | } |
@@ -253,16 +253,16 @@ discard block |
||
| 253 | 253 | if (count($this->getAttributes("internal:checkuser_outer")) > 0) { |
| 254 | 254 | // we are supposed to use a specific outer username for checks, |
| 255 | 255 | // which is different from the outer username we put into installers |
| 256 | - return $this->getAttributes("internal:checkuser_value")[0]['value'] . "@" . $realm; |
|
| 256 | + return $this->getAttributes("internal:checkuser_value")[0]['value']."@".$realm; |
|
| 257 | 257 | } |
| 258 | 258 | if (count($this->getAttributes("internal:use_anon_outer")) > 0) { |
| 259 | 259 | // no special check username, but there is an anon outer ID for |
| 260 | 260 | // installers - so let's use that one |
| 261 | - return $this->getAttributes("internal:anon_local_value")[0]['value'] . "@" . $realm; |
|
| 261 | + return $this->getAttributes("internal:anon_local_value")[0]['value']."@".$realm; |
|
| 262 | 262 | } |
| 263 | 263 | // okay, no guidance on outer IDs at all - but we need *something* to |
| 264 | 264 | // test with for the RealmChecks. So: |
| 265 | - return "@" . $realm; |
|
| 265 | + return "@".$realm; |
|
| 266 | 266 | } |
| 267 | 267 | |
| 268 | 268 | /** |
@@ -342,7 +342,7 @@ discard block |
||
| 342 | 342 | * @param boolean $shallwe TRUE to enable outer identities (needs valid $realm), FALSE to disable |
| 343 | 343 | * @return void |
| 344 | 344 | */ |
| 345 | - abstract public function setAnonymousIDSupport($shallwe) ; |
|
| 345 | + abstract public function setAnonymousIDSupport($shallwe); |
|
| 346 | 346 | |
| 347 | 347 | /** |
| 348 | 348 | * Log a new download for our stats |
@@ -696,7 +696,7 @@ discard block |
||
| 696 | 696 | */ |
| 697 | 697 | public function prepShowtime() { |
| 698 | 698 | $properConfig = $this->readyForShowtime(); |
| 699 | - $this->databaseHandle->exec("UPDATE profile SET sufficient_config = " . ($properConfig ? "TRUE" : "FALSE") . " WHERE profile_id = " . $this->identifier); |
|
| 699 | + $this->databaseHandle->exec("UPDATE profile SET sufficient_config = ".($properConfig ? "TRUE" : "FALSE")." WHERE profile_id = ".$this->identifier); |
|
| 700 | 700 | |
| 701 | 701 | $attribs = $this->getCollapsedAttributes(); |
| 702 | 702 | // if not enough info to go live, set FALSE |
@@ -126,20 +126,20 @@ discard block |
||
| 126 | 126 | if ($device == "TOTAL") { |
| 127 | 127 | continue; |
| 128 | 128 | } |
| 129 | - $retstring .= "<tr><td>$device</td><td>" . $numbers['ADMIN'] . "</td><td>" . $numbers['SILVERBULLET'] . "</td><td>" . $numbers['USER'] . "</td></tr>"; |
|
| 129 | + $retstring .= "<tr><td>$device</td><td>".$numbers['ADMIN']."</td><td>".$numbers['SILVERBULLET']."</td><td>".$numbers['USER']."</td></tr>"; |
|
| 130 | 130 | } |
| 131 | - $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>" . $data['TOTAL']['ADMIN'] . "</strong></td><td><strong>" . $data['TOTAL']['SILVERBULLET'] . "</strong></td><td><strong>" . $data['TOTAL']['USER'] . "</strong></td></tr>"; |
|
| 131 | + $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>".$data['TOTAL']['ADMIN']."</strong></td><td><strong>".$data['TOTAL']['SILVERBULLET']."</strong></td><td><strong>".$data['TOTAL']['USER']."</strong></td></tr>"; |
|
| 132 | 132 | break; |
| 133 | 133 | case "XML": |
| 134 | 134 | // the calls to date() operate on current date, so there is no chance for a FALSE to be returned. Silencing scrutinizer. |
| 135 | - $retstring .= "<federation id='$this->tld' ts='" . /** @scrutinizer ignore-type */ date("Y-m-d") . "T" . /** @scrutinizer ignore-type */ date("H:i:s") . "'>\n"; |
|
| 135 | + $retstring .= "<federation id='$this->tld' ts='"./** @scrutinizer ignore-type */ date("Y-m-d")."T"./** @scrutinizer ignore-type */ date("H:i:s")."'>\n"; |
|
| 136 | 136 | foreach ($data as $device => $numbers) { |
| 137 | 137 | if ($device == "TOTAL") { |
| 138 | 138 | continue; |
| 139 | 139 | } |
| 140 | - $retstring .= " <device name='" . $device . "'>\n <downloads group='admin'>" . $numbers['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $numbers['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $numbers['USER'] . "</downloads>\n </device>"; |
|
| 140 | + $retstring .= " <device name='".$device."'>\n <downloads group='admin'>".$numbers['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$numbers['SILVERBULLET']."</downloads>\n <downloads group='user'>".$numbers['USER']."</downloads>\n </device>"; |
|
| 141 | 141 | } |
| 142 | - $retstring .= "<total>\n <downloads group='admin'>" . $data['TOTAL']['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $data['TOTAL']['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $data['TOTAL']['USER'] . "</downloads>\n</total>\n"; |
|
| 142 | + $retstring .= "<total>\n <downloads group='admin'>".$data['TOTAL']['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$data['TOTAL']['SILVERBULLET']."</downloads>\n <downloads group='user'>".$data['TOTAL']['USER']."</downloads>\n</total>\n"; |
|
| 143 | 143 | $retstring .= "</federation>"; |
| 144 | 144 | break; |
| 145 | 145 | case "array": |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | $identifier = $this->databaseHandle->lastID(); |
| 222 | 222 | |
| 223 | 223 | if ($identifier == 0 || !$this->loggerInstance->writeAudit($ownerId, "NEW", "IdP $identifier")) { |
| 224 | - $text = "<p>Could not create a new " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_inst'] . "!</p>"; |
|
| 224 | + $text = "<p>Could not create a new ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_inst']."!</p>"; |
|
| 225 | 225 | echo $text; |
| 226 | 226 | throw new Exception($text); |
| 227 | 227 | } |
@@ -37,7 +37,7 @@ |
||
| 37 | 37 | foreach ($idps as $idp) { |
| 38 | 38 | $idpTitle[$idp['entityID']] = $idp['title']; |
| 39 | 39 | $d = self::getIdpDistance($idp, $here); |
| 40 | - $resultSet[$idp['entityID']] = $d . " " . $idp['title']; |
|
| 40 | + $resultSet[$idp['entityID']] = $d." ".$idp['title']; |
|
| 41 | 41 | } |
| 42 | 42 | asort($resultSet); |
| 43 | 43 | $outarray = []; |
@@ -149,7 +149,7 @@ discard block |
||
| 149 | 149 | $this->activationsTotal = $invitationRow->quantity; |
| 150 | 150 | $certificatesResult = $this->databaseHandle->exec("SELECT `serial_number`, `ca_type` FROM `silverbullet_certificate` WHERE `silverbullet_invitation_id` = ? ORDER BY `revocation_status`, `expiry` DESC", "i", $this->identifier); |
| 151 | 151 | $certificatesNumber = ($certificatesResult ? $certificatesResult->num_rows : 0); |
| 152 | - $this->loggerInstance->debug(5, "At token validation level, " . $certificatesNumber . " certificates exist.\n"); |
|
| 152 | + $this->loggerInstance->debug(5, "At token validation level, ".$certificatesNumber." certificates exist.\n"); |
|
| 153 | 153 | // SELECT -> resource, no boolean |
| 154 | 154 | while ($runner = mysqli_fetch_object(/** @scrutinizer ignore-type */ $certificatesResult)) { |
| 155 | 155 | $this->associatedCertificates[] = new \core\SilverbulletCertificate($runner->serial_number, $runner->ca_type); |
@@ -208,7 +208,7 @@ discard block |
||
| 208 | 208 | throw new Exception("Uh. Something went seriously wrong with URL path mangling."); |
| 209 | 209 | } |
| 210 | 210 | } |
| 211 | - $link = $link . $relPath; |
|
| 211 | + $link = $link.$relPath; |
|
| 212 | 212 | |
| 213 | 213 | if (preg_match('/admin$/', $link)) { |
| 214 | 214 | $link = substr($link, 0, -6); |
@@ -217,7 +217,7 @@ discard block |
||
| 217 | 217 | } |
| 218 | 218 | } |
| 219 | 219 | |
| 220 | - return $link . '/accountstatus/accountstatus.php?token=' . $this->invitationTokenString; |
|
| 220 | + return $link.'/accountstatus/accountstatus.php?token='.$this->invitationTokenString; |
|
| 221 | 221 | } |
| 222 | 222 | |
| 223 | 223 | /** |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | $text .= sprintf(_("A new %s access credential has been created for you by your network administrator."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 245 | 245 | $text .= " "; |
| 246 | 246 | $text .= sprintf(_("Please follow the following link with the device you want to enable for %s to get a custom %s installation program just for you. You can click on the link, copy and paste it into a browser or scan the attached QR code."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 247 | - $text .= "\n\n" . $this->link() . "\n\n"; // gets replaced with the token value by getBody() |
|
| 247 | + $text .= "\n\n".$this->link()."\n\n"; // gets replaced with the token value by getBody() |
|
| 248 | 248 | $text .= sprintf(_("Please keep this email or bookmark this link for future use. After picking up your %s installation program, you can use the same link to get status information about your %s account."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 249 | 249 | $text .= "\n\n"; |
| 250 | 250 | $text .= _("Regards,"); |
@@ -46,12 +46,12 @@ discard block |
||
| 46 | 46 | // SELECT -> returns resource, not a boolean |
| 47 | 47 | while ($oneAffectedPayload = mysqli_fetch_object(/** @scrutinizer ignore-type */ $affectedPayloads)) { |
| 48 | 48 | if ($oneAffectedPayload->option_lang !== NULL) { |
| 49 | - echo "[SKIP] The option in row " . $oneAffectedPayload->row . " of table $tableName appears to be converted already. Not touching it.\n"; |
|
| 49 | + echo "[SKIP] The option in row ".$oneAffectedPayload->row." of table $tableName appears to be converted already. Not touching it.\n"; |
|
| 50 | 50 | continue; |
| 51 | 51 | } |
| 52 | 52 | $decoded = unserialize($oneAffectedPayload->option_value); |
| 53 | 53 | if ($decoded === FALSE || !isset($decoded["lang"]) || !isset($decoded['content'])) { |
| 54 | - echo "[WARN] Please check row " . $oneAffectedPayload->row . " of table $tableName - this entry did not successfully unserialize() even though it is a multi-lang attribute!\n"; |
|
| 54 | + echo "[WARN] Please check row ".$oneAffectedPayload->row." of table $tableName - this entry did not successfully unserialize() even though it is a multi-lang attribute!\n"; |
|
| 55 | 55 | continue; |
| 56 | 56 | } |
| 57 | 57 | // pry apart lang and content into their own columns |
@@ -60,7 +60,7 @@ discard block |
||
| 60 | 60 | $row = $oneAffectedPayload->row; |
| 61 | 61 | $rewrittenPayload = $dbInstance->exec("UPDATE $tableName SET option_lang = ?, option_value = ? WHERE row = ?", "ssi", $theLang, $theContent, $row); |
| 62 | 62 | if ($rewrittenPayload !== FALSE) { |
| 63 | - echo "[ OK ] " . $oneAffectedPayload->option_value . " ---> $theLang # $theContent\n"; |
|
| 63 | + echo "[ OK ] ".$oneAffectedPayload->option_value." ---> $theLang # $theContent\n"; |
|
| 64 | 64 | continue; |
| 65 | 65 | } |
| 66 | 66 | echo "[FAIL] Unknown error executing the payload update for row $row of table $tableName. Did you run the 'ALTER TABLE' statements?\n"; |
@@ -83,7 +83,7 @@ discard block |
||
| 83 | 83 | |
| 84 | 84 | $rewrittenPayload = $dbInstance->exec("UPDATE institution_option SET option_value = ? WHERE row = ?", "si", $newstyle, $row); |
| 85 | 85 | if ($rewrittenPayload !== FALSE) { |
| 86 | - echo "[ OK ] " . $oneAffectedPayload->option_value . " ---> $newstyle\n"; |
|
| 86 | + echo "[ OK ] ".$oneAffectedPayload->option_value." ---> $newstyle\n"; |
|
| 87 | 87 | continue; |
| 88 | 88 | } |
| 89 | 89 | echo "[FAIL] Unknown error executing the payload update for row $row of table institution_option.\n"; |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | $conditionString = "WHERE "; |
| 97 | 97 | $typeString = ""; |
| 98 | 98 | foreach ($eap_options as $index => $name) { |
| 99 | - $conditionString .= ($index == 0 ? "" : "OR ") . "option_name = ? "; |
|
| 99 | + $conditionString .= ($index == 0 ? "" : "OR ")."option_name = ? "; |
|
| 100 | 100 | $typeString .= "s"; |
| 101 | 101 | } |
| 102 | 102 | $idpWideOptionsQuery = $dbInstance->exec("SELECT institution_id, option_name, option_lang, option_value FROM institution_option $conditionString", $typeString, $eap_options[0], $eap_options[1]); |
@@ -105,11 +105,11 @@ discard block |
||
| 105 | 105 | |
| 106 | 106 | while ($oneAttrib = mysqli_fetch_object(/** @scrutinizer ignore-type */ $idpWideOptionsQuery)) { |
| 107 | 107 | if (!isset($profiles[$oneAttrib->institution_id])) { |
| 108 | - $idp = new \core\IdP((int)$oneAttrib->institution_id); |
|
| 108 | + $idp = new \core\IdP((int) $oneAttrib->institution_id); |
|
| 109 | 109 | $profiles[$oneAttrib->institution_id] = ['IdP' => $idp, 'Profiles' => $idp->listProfiles()]; |
| 110 | - echo "Debug: IdP " . $idp->identifier . " has profiles "; |
|
| 110 | + echo "Debug: IdP ".$idp->identifier." has profiles "; |
|
| 111 | 111 | foreach ($profiles[$oneAttrib->institution_id]['Profiles'] as $oneProfileObject) { |
| 112 | - echo $oneProfileObject->identifier . " "; |
|
| 112 | + echo $oneProfileObject->identifier." "; |
|
| 113 | 113 | } |
| 114 | 114 | echo "\n"; |
| 115 | 115 | } |
@@ -121,12 +121,12 @@ discard block |
||
| 121 | 121 | foreach ($relevantAttributes as $relevantAttribute) { |
| 122 | 122 | if ($relevantAttribute['level'] == 'Profile') { |
| 123 | 123 | $hasOnProfileLevel = TRUE; |
| 124 | - echo "[SKIP] EAP option " . $oneAttrib->option_name . " for IdP " . $profiles[$oneAttrib->institution_id]['IdP']->name . " (ID " . $profiles[$oneAttrib->institution_id]['IdP']->identifier . "), profile " . $oneProfileObject->name . " (ID " . $oneProfileObject->identifier . ") because Profile has EAP override.\n"; |
|
| 124 | + echo "[SKIP] EAP option ".$oneAttrib->option_name." for IdP ".$profiles[$oneAttrib->institution_id]['IdP']->name." (ID ".$profiles[$oneAttrib->institution_id]['IdP']->identifier."), profile ".$oneProfileObject->name." (ID ".$oneProfileObject->identifier.") because Profile has EAP override.\n"; |
|
| 125 | 125 | } |
| 126 | 126 | } |
| 127 | 127 | if ($hasOnProfileLevel === FALSE) { // only add if profile didn't previously override IdP wide anyway! |
| 128 | 128 | $oneProfileObject->addAttribute($oneAttrib->option_name, $oneAttrib->option_lang, $oneAttrib->option_value); |
| 129 | - echo "[OK ] Added profile EAP option " . $oneAttrib->option_name . " for IdP " . $profiles[$oneAttrib->institution_id]['IdP']->name . " (ID " . $profiles[$oneAttrib->institution_id]['IdP']->identifier . "), profile " . $oneProfileObject->name . " (ID " . $oneProfileObject->identifier . ").\n"; |
|
| 129 | + echo "[OK ] Added profile EAP option ".$oneAttrib->option_name." for IdP ".$profiles[$oneAttrib->institution_id]['IdP']->name." (ID ".$profiles[$oneAttrib->institution_id]['IdP']->identifier."), profile ".$oneProfileObject->name." (ID ".$oneProfileObject->identifier.").\n"; |
|
| 130 | 130 | } |
| 131 | 131 | } |
| 132 | 132 | } |
@@ -136,5 +136,5 @@ discard block |
||
| 136 | 136 | $optLang = $oneAttrib->option_lang; |
| 137 | 137 | $optValue = $oneAttrib->option_value; |
| 138 | 138 | $deletionQuery = $dbInstance->exec("DELETE FROM institution_option WHERE institution_id = ? AND option_name = ? and option_lang = ? and option_value = ?", "isss", $instId, $optName, $optLang, $optValue); |
| 139 | - echo "[OK ] Deleted IdP-wide EAP option $optName for IdP " . $profiles[$instId]['IdP']->name . " (ID " . $profiles[$instId]['IdP']->identifier . ").\n"; |
|
| 139 | + echo "[OK ] Deleted IdP-wide EAP option $optName for IdP ".$profiles[$instId]['IdP']->name." (ID ".$profiles[$instId]['IdP']->identifier.").\n"; |
|
| 140 | 140 | } |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | exec("openssl ocsp -reqin $derFilePath -req_text", $output, $retval); |
| 110 | 110 | |
| 111 | 111 | if ($retval !== 0) { |
| 112 | - instantDeath("openssl ocsp returned a non-zero return code. The DER data is probably bogus. B64 representation of DER data is: " . base64_encode($ocspRequestDer)); |
|
| 112 | + instantDeath("openssl ocsp returned a non-zero return code. The DER data is probably bogus. B64 representation of DER data is: ".base64_encode($ocspRequestDer)); |
|
| 113 | 113 | } |
| 114 | 114 | if ($output === NULL) { // this can't really happen, but makes Scrutinizer happier |
| 115 | 115 | $output = []; |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | * back (if we have it). |
| 140 | 140 | */ |
| 141 | 141 | if (strcasecmp($nameHash, OUR_NAME_HASH) != 0 || strcasecmp($keyHash, OUR_KEY_HASH) != 0) { |
| 142 | - instantDeath("The request is about a different Issuer name / public key. Expected vs. actual name hash: " . OUR_NAME_HASH . " / $nameHash, " . OUR_KEY_HASH . " / $keyHash"); |
|
| 142 | + instantDeath("The request is about a different Issuer name / public key. Expected vs. actual name hash: ".OUR_NAME_HASH." / $nameHash, ".OUR_KEY_HASH." / $keyHash"); |
|
| 143 | 143 | } |
| 144 | -error_log("base64-encoded request: " . base64_encode($ocspRequestDer)); |
|
| 144 | +error_log("base64-encoded request: ".base64_encode($ocspRequestDer)); |
|
| 145 | 145 | |
| 146 | -$response = fopen(__DIR__ . "/statements/" . $serialHex . ".der", "r"); |
|
| 146 | +$response = fopen(__DIR__."/statements/".$serialHex.".der", "r"); |
|
| 147 | 147 | if ($response === FALSE) { // not found |
| 148 | 148 | // first lets load the unauthorised response, which is the default reply |
| 149 | - $unauthResponse = fopen(__DIR__ . "/statements/UNAUTHORIZED.der", "r"); |
|
| 149 | + $unauthResponse = fopen(__DIR__."/statements/UNAUTHORIZED.der", "r"); |
|
| 150 | 150 | if ($unauthResponse === FALSE) { |
| 151 | 151 | instantDeath("Unable to open our canned UNAUTHORIZED response!"); |
| 152 | 152 | } |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | |
| 189 | 189 | $responseContent = fread($response, 1000000); |
| 190 | 190 | fclose($response); |
| 191 | -error_log("base64-encoded response: " . base64_encode($responseContent)); |
|
| 191 | +error_log("base64-encoded response: ".base64_encode($responseContent)); |
|
| 192 | 192 | header('Content-Type: application/ocsp-response'); |
| 193 | -header('Content-Length: ' . strlen($responseContent)); |
|
| 193 | +header('Content-Length: '.strlen($responseContent)); |
|
| 194 | 194 | echo $responseContent; |
@@ -24,6 +24,6 @@ |
||
| 24 | 24 | /** |
| 25 | 25 | * This script deletes obsolete directories from installer cache and siverbullet directory |
| 26 | 26 | */ |
| 27 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 27 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 28 | 28 | |
| 29 | 29 | web\lib\admin\Maintenance::deleteObsoleteTempDirs(); |
@@ -42,7 +42,7 @@ |
||
| 42 | 42 | $certObject->triggerNewOCSPStatement(); |
| 43 | 43 | } |
| 44 | 44 | |
| 45 | - /* |
|
| 45 | + /* |
|
| 46 | 46 | * and then writes all recently updated statements to a temporary directory. The |
| 47 | 47 | * calling script ocsp_update.sh should then scp all the files to their |
| 48 | 48 | * destination. |
@@ -28,11 +28,11 @@ discard block |
||
| 28 | 28 | * It works on two CAs, the RSA and ECDSA variant. There is a separate temp |
| 29 | 29 | * subdir for both ( temp_ocsp_RSA and temp_ocsp_ECDSA ). |
| 30 | 30 | */ |
| 31 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 32 | -if (file_exists(__DIR__ . "/semaphore")) { |
|
| 31 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 32 | +if (file_exists(__DIR__."/semaphore")) { |
|
| 33 | 33 | exit(1); // another instance is still busy doing stuff. Don't interfere. |
| 34 | 34 | } |
| 35 | -file_put_contents(__DIR__ . "/semaphore", "BUSY"); |
|
| 35 | +file_put_contents(__DIR__."/semaphore", "BUSY"); |
|
| 36 | 36 | $dbLink = \core\DBConnection::handle("INST"); |
| 37 | 37 | $allSerials = $dbLink->exec("SELECT serial_number, ca_type FROM silverbullet_certificate WHERE serial_number IS NOT NULL AND expiry > NOW() AND OCSP_timestamp < DATE_SUB(NOW(), INTERVAL 1 WEEK)"); |
| 38 | 38 | // SELECT query -> always returns a mysql_result, not boolean |
@@ -58,8 +58,8 @@ discard block |
||
| 58 | 58 | # echo "Writing OCSP statement for serial number $statementRow->serial_number\n"; |
| 59 | 59 | $filename = strtoupper(dechex($statementRow->serial_number)).".der"; |
| 60 | 60 | if (strlen($filename) % 2 == 1) { |
| 61 | - $filename = "0" . $filename; |
|
| 61 | + $filename = "0".$filename; |
|
| 62 | 62 | } |
| 63 | 63 | file_put_contents($tempdirBase."_".$statementRow->ca_type."/".$filename, $statementRow->OCSP); |
| 64 | 64 | } |
| 65 | -unlink(__DIR__ . "/semaphore"); |
|
| 66 | 65 | \ No newline at end of file |
| 66 | +unlink(__DIR__."/semaphore"); |
|
| 67 | 67 | \ No newline at end of file |
