GEANT /
CAT
@@ -181,9 +181,9 @@ discard block |
||
| 181 | 181 | </legend> |
| 182 | 182 | <?php |
| 183 | 183 | if ($wizardStyle) { |
| 184 | - echo "<p>" . _("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>"; |
|
| 184 | + echo "<p>" . _("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>"; |
|
| 185 | 185 | } |
| 186 | - ?> |
|
| 186 | + ?> |
|
| 187 | 187 | <h3><?php echo _("Profile Name and RADIUS realm"); ?> |
| 188 | 188 | </h3> |
| 189 | 189 | <?php |
@@ -330,7 +330,7 @@ discard block |
||
| 330 | 330 | |
| 331 | 331 | <?php |
| 332 | 332 | echo $wizard->displayHelp("redirect"); |
| 333 | - ?> |
|
| 333 | + ?> |
|
| 334 | 334 | <p> |
| 335 | 335 | |
| 336 | 336 | <?php |
@@ -89,13 +89,13 @@ discard block |
||
| 89 | 89 | $ssidlist .= ", '<strong>" . $ssid . "</strong>'"; |
| 90 | 90 | } |
| 91 | 91 | $ssidlist = substr($ssidlist, 2); |
| 92 | - $h .= sprintf(ngettext("We will always configure this SSID for WPA2/AES: %s.", "We will always configure these SSIDs for WPA2/AES: %s.", count(\config\ConfAssistant::CONSORTIUM['ssid'])), $ssidlist); |
|
| 93 | - $h .= "<br/>" . sprintf(_("It is also possible to define custom additional SSIDs with the option '%s' below."), $this->displayName("media:SSID")); |
|
| 92 | + $h .= sprintf(ngettext("We will always configure this SSID for WPA2/AES: %s.", "We will always configure these SSIDs for WPA2/AES: %s.", count(\config\ConfAssistant::CONSORTIUM['ssid'])), $ssidlist); |
|
| 93 | + $h .= "<br/>" . sprintf(_("It is also possible to define custom additional SSIDs with the option '%s' below."), $this->displayName("media:SSID")); |
|
| 94 | 94 | } else { |
| 95 | - $h .= _("Please configure which SSIDs should be configured in the installers."); |
|
| 95 | + $h .= _("Please configure which SSIDs should be configured in the installers."); |
|
| 96 | 96 | } |
| 97 | - $h .= " " . _("By default, we will only configure the SSIDs with WPA2/AES encryption. By using the '(with WPA/TKIP)' option you can specify that we should include legacy support for WPA/TKIP where possible."); |
|
| 98 | - $h .= "</li>"; |
|
| 97 | + $h .= " " . _("By default, we will only configure the SSIDs with WPA2/AES encryption. By using the '(with WPA/TKIP)' option you can specify that we should include legacy support for WPA/TKIP where possible."); |
|
| 98 | + $h .= "</li>"; |
|
| 99 | 99 | |
| 100 | 100 | $h .= "<li>"; |
| 101 | 101 | $h .= "<strong>" . ( count(\config\ConfAssistant::CONSORTIUM['ssid']) > 0 ? _("Additional Hotspot 2.0 / Passpoint Consortia:") : _("Hotspot 2.0 / Passpoint Consortia:")) . " </strong>"; |
@@ -135,19 +135,19 @@ discard block |
||
| 135 | 135 | "<p>" . _("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.") . "</p>". |
| 136 | 136 | "<p>" . _("You can also tell us your RADIUS realm. "); |
| 137 | 137 | if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] !== NULL) { |
| 138 | - $h .= sprintf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), \config\ConfAssistant::CONSORTIUM['display_name']); |
|
| 138 | + $h .= sprintf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), \config\ConfAssistant::CONSORTIUM['display_name']); |
|
| 139 | 139 | } |
| 140 | 140 | $h .= _("It is required to enter the realm name if you want to support anonymous outer identities (see below).") . "</p>"; |
| 141 | 141 | $this->helpMessage['profile'] = $h; |
| 142 | 142 | |
| 143 | 143 | // REALM |
| 144 | 144 | $h = "<p>".sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types")."</p>". |
| 145 | - "<p>"._("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.")."</p>". |
|
| 146 | - "<p>"._("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.")."</p>"; |
|
| 145 | + "<p>"._("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.")."</p>". |
|
| 146 | + "<p>"._("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.")."</p>"; |
|
| 147 | 147 | $this->helpMessage['realm'] = $h; |
| 148 | 148 | |
| 149 | 149 | // REDIRECT |
| 150 | - $h ="<p>"._("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>"; |
|
| 150 | + $h ="<p>"._("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>"; |
|
| 151 | 151 | $this->helpMessage['redirect'] = $h; |
| 152 | 152 | |
| 153 | 153 | // EAP |
@@ -348,19 +348,19 @@ discard block |
||
| 348 | 348 | ); |
| 349 | 349 | // Generate a new private (and public) key pair |
| 350 | 350 | $privkey = openssl_pkey_new(array( |
| 351 | - "private_key_bits" => 4096, |
|
| 352 | - "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 351 | + "private_key_bits" => 4096, |
|
| 352 | + "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 353 | 353 | // export private key to $clientprivateKey (as string) |
| 354 | 354 | openssl_pkey_export($privkey, $this->radsec_priv); |
| 355 | 355 | // Generate a certificate signing request |
| 356 | 356 | $csr = openssl_csr_new($dn, $privkey, |
| 357 | - array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 357 | + array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 358 | 358 | // get CA certificate and private key |
| 359 | 359 | $caprivkey = array(file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"), |
| 360 | 360 | \config\Master::MANAGEDSP['capass']); |
| 361 | 361 | $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
| 362 | 362 | $clientcert = openssl_csr_sign($csr, $cacert, $caprivkey, \config\Master::MANAGEDSP['daystoexpiry'], |
| 363 | - array('digest_alg'=>'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), rand()); |
|
| 363 | + array('digest_alg'=>'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), rand()); |
|
| 364 | 364 | openssl_x509_export($clientcert, $this->radsec_cert); |
| 365 | 365 | } |
| 366 | 366 | /** |
@@ -479,9 +479,9 @@ discard block |
||
| 479 | 479 | */ |
| 480 | 480 | public function renewtls() |
| 481 | 481 | { |
| 482 | - $id = $this->identifier; |
|
| 483 | - $futureTlsClient = $this->createTLScredentials(); |
|
| 484 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ? WHERE deployment_id = ?", "ssi", $this->radsec_priv, $this->radsec_cert, $id); |
|
| 482 | + $id = $this->identifier; |
|
| 483 | + $futureTlsClient = $this->createTLScredentials(); |
|
| 484 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ? WHERE deployment_id = ?", "ssi", $this->radsec_priv, $this->radsec_cert, $id); |
|
| 485 | 485 | } |
| 486 | 486 | /** |
| 487 | 487 | * marks the deployment as deactivated |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | $deployment->deactivate(); |
| 110 | 110 | } |
| 111 | 111 | header("Location: overview_org.php?inst_id=" . $my_inst->identifier . '&' . urldecode(http_build_query($response)) . '#profilebox_' . |
| 112 | - $deployment->identifier); |
|
| 112 | + $deployment->identifier); |
|
| 113 | 113 | exit(0); |
| 114 | 114 | case web\lib\common\FormElements::BUTTON_REMOVESP: |
| 115 | 115 | $deployment->remove(); |
@@ -118,9 +118,9 @@ discard block |
||
| 118 | 118 | case web\lib\common\FormElements::BUTTON_RENEWTLS: |
| 119 | 119 | $data = openssl_x509_parse($deployment->radsec_cert); |
| 120 | 120 | $certdata = array( |
| 121 | - strtoupper(dechex($data['serialNumber'])), |
|
| 122 | - date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 123 | - ); |
|
| 121 | + strtoupper(dechex($data['serialNumber'])), |
|
| 122 | + date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 123 | + ); |
|
| 124 | 124 | $torevoke = implode('#', $certdata); |
| 125 | 125 | $response = $deployment->setRADIUSconfig(0, 0, $torevoke); |
| 126 | 126 | $deployment->renewtls(); |
@@ -440,7 +440,7 @@ discard block |
||
| 440 | 440 | <?php |
| 441 | 441 | if ($deploymentObject->radsec_cert != NULL) { |
| 442 | 442 | echo _('If your certificate is close to expiry or you need to create new RADSEC over TLS credentials') . '<br>' . |
| 443 | - _('click on "Renew RADSEC over TLS credentials" button'); |
|
| 443 | + _('click on "Renew RADSEC over TLS credentials" button'); |
|
| 444 | 444 | } |
| 445 | 445 | ?> |
| 446 | 446 | </td></tr> |
@@ -556,7 +556,7 @@ discard block |
||
| 556 | 556 | } |
| 557 | 557 | } |
| 558 | 558 | } |
| 559 | - ?> |
|
| 559 | + ?> |
|
| 560 | 560 | </form> |
| 561 | 561 | <div align="right"> |
| 562 | 562 | <form action='edit_hotspot.php?inst_id=<?php echo $deploymentObject->institution; ?>&deployment_id=<?php echo $deploymentObject->identifier; ?>' method='post' accept-charset='UTF-8'> |
@@ -644,9 +644,9 @@ discard block |
||
| 644 | 644 | foreach (array($dsp->host1_v4, $dsp->host2_v4) as $host) { |
| 645 | 645 | $connection = @fsockopen($host, \config\Master::MANAGEDSP['radiusconfigport']); |
| 646 | 646 | if (is_resource($connection)) { |
| 647 | - fclose($connection); |
|
| 647 | + fclose($connection); |
|
| 648 | 648 | } else { |
| 649 | - return false; |
|
| 649 | + return false; |
|
| 650 | 650 | } |
| 651 | 651 | } |
| 652 | 652 | return true; |
@@ -879,7 +879,7 @@ discard block |
||
| 879 | 879 | </button> |
| 880 | 880 | <span style='color: red;'> |
| 881 | 881 | <?php if ($hasMail == 0) { |
| 882 | - echo _("Helpdesk mail address is required but missing!"); |
|
| 882 | + echo _("Helpdesk mail address is required but missing!"); |
|
| 883 | 883 | } |
| 884 | 884 | ?> |
| 885 | 885 | </span> |
@@ -92,7 +92,7 @@ discard block |
||
| 92 | 92 | /* Messages */ |
| 93 | 93 | $messages = [ |
| 94 | 94 | 'WRONG_SUBJECT' => _('Submitted Certificate Signing Request contains subject field that does not start with') . ' ' . |
| 95 | - $subject_prefix . '<br>' . _("See CSR generation rules below."), |
|
| 95 | + $subject_prefix . '<br>' . _("See CSR generation rules below."), |
|
| 96 | 96 | 'WRONG_CSR' => _('Submitted Certificate Signing Request is broken - unable to extract the public key from CSR') |
| 97 | 97 | ]; |
| 98 | 98 | $settings = array(); |
@@ -127,9 +127,9 @@ discard block |
||
| 127 | 127 | $dc[] = 'DC=' . $v; |
| 128 | 128 | } |
| 129 | 129 | if ($DN !== array_reverse($dc)) { |
| 130 | - $dc = array(); |
|
| 131 | - $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
|
| 132 | - $_SESSION['FORM_SETTINGS'] = $settings; |
|
| 130 | + $dc = array(); |
|
| 131 | + $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
|
| 132 | + $_SESSION['FORM_SETTINGS'] = $settings; |
|
| 133 | 133 | } |
| 134 | 134 | } else { |
| 135 | 135 | $_SESSION['CSR_ERRORS'] = 'WRONG_SUBJECT'; |
@@ -176,15 +176,15 @@ discard block |
||
| 176 | 176 | } else { |
| 177 | 177 | $ou = $serverInfo["names"][$langInstance->getLang()]; |
| 178 | 178 | } |
| 179 | - if (str_contains($ou, ',')) { |
|
| 180 | - $modou = 1; |
|
| 181 | - $ou = str_replace(",", "/,", $ou); |
|
| 182 | - } |
|
| 183 | - $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 184 | - if (strlen($ou) >= 64) { |
|
| 185 | - $ou = substr($ou, 0, 64); |
|
| 186 | - $modou += 2; |
|
| 187 | - } |
|
| 179 | + if (str_contains($ou, ',')) { |
|
| 180 | + $modou = 1; |
|
| 181 | + $ou = str_replace(",", "/,", $ou); |
|
| 182 | + } |
|
| 183 | + $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 184 | + if (strlen($ou) >= 64) { |
|
| 185 | + $ou = substr($ou, 0, 64); |
|
| 186 | + $modou += 2; |
|
| 187 | + } |
|
| 188 | 188 | $DN[] = "O=".iconv('UTF-8', 'ASCII//TRANSLIT', $ou); |
| 189 | 189 | $serverList = explode(",", $serverInfo["servers"]); |
| 190 | 190 | $DN[] = "CN=" . $serverList[0]; |
@@ -209,20 +209,20 @@ discard block |
||
| 209 | 209 | echo "<p style='font-size: large'>" . _("Requesting a certificate with the following properties"); |
| 210 | 210 | echo "<ul>"; |
| 211 | 211 | echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
| 212 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 213 | - if ($modou > 0) { |
|
| 214 | - echo " ("; |
|
| 212 | + echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 213 | + if ($modou > 0) { |
|
| 214 | + echo " ("; |
|
| 215 | 215 | echo _("Organization field adjusted"). ': '; |
| 216 | - $desc = array(); |
|
| 217 | - if ($modou >= 2) { |
|
| 218 | - $desc[] = _("truncated to 64 chars"); |
|
| 219 | - } |
|
| 220 | - if ($modou == 1 || $modou == 3) { |
|
| 221 | - $desc[] = _("commas escaped"); |
|
| 216 | + $desc = array(); |
|
| 217 | + if ($modou >= 2) { |
|
| 218 | + $desc[] = _("truncated to 64 chars"); |
|
| 219 | + } |
|
| 220 | + if ($modou == 1 || $modou == 3) { |
|
| 221 | + $desc[] = _("commas escaped"); |
|
| 222 | 222 | } |
| 223 | - echo implode(', ', $desc); |
|
| 224 | - echo ")"; |
|
| 225 | - } |
|
| 223 | + echo implode(', ', $desc); |
|
| 224 | + echo ")"; |
|
| 225 | + } |
|
| 226 | 226 | echo "</li>"; |
| 227 | 227 | echo "<li>" . _("subjectAltName:DNS : ") . implode(", ", $serverList) . "</li>"; |
| 228 | 228 | echo "<li>" . _("Requester Contact Details: ") . $firstName . " <" . $firstMail . ">" . "</li>"; |
