View GitHub Repository CAT

Schedule Inspection
Subscribe
Test Failed
Push — master ( 1baaa8...6f819a )
by Maja
11:30
created
Status
Category
Toggle Patches
core/CertificationAuthorityEduPkiServer.php 1 patch
Spacing   +42 added lines, -42 removed lines patch added patch discarded remove patch 
@@ -35,10 +35,10 @@  discard block
 
 block discarded – undo
35 35 
     public function __construct()
36 36 
     {
37 37
38 
-        if ( \config\ConfAssistant::eduPKI['testing'] === true ) {
39 
-            $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
40 
-            $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
41 
-            $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
38 
+        if (\config\ConfAssistant::eduPKI['testing'] === true) {
39 
+            $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
40 
+            $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
41 
+            $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
42 42 
             $this->eduPkiRaId = 700;
43 43 
             $this->eduPkiCertProfileBoth = "Radius Server SOAP";
44 44 
             $this->eduPkiCertProfileIdp = "Radius Server SOAP";
 
@@ -47,9 +47,9 @@  discard block
 
 block discarded – undo
47 47 
             $this->eduPkiEndpointPublic = "https://pki.edupki.org/edupki-test-ca/cgi-bin/pub/soap?wsdl=1";
48 48 
             $this->eduPkiEndpointRa = "https://ra.edupki.org/edupki-test-ca/cgi-bin/ra/soap?wsdl=1";
49 49 
         } else {
50 
-            $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.pem";
51 
-            $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.clearkey";
52 
-            $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
50 
+            $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.pem";
51 
+            $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.clearkey";
52 
+            $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
53 53 
             $this->eduPkiRaId = 100;
54 54 
             $this->eduPkiCertProfileBoth = "eduroam IdP and SP";
55 55 
             $this->eduPkiCertProfileIdp = "eduroam IdP";
 
@@ -63,13 +63,13 @@  discard block
 
 block discarded – undo
63 63 
         parent::__construct();
64 64
65 65 
         if (stat($this->locationRaCert) === FALSE) {
66 
-            throw new Exception("RA operator PEM file not found: " . $this->locationRaCert);
66 
+            throw new Exception("RA operator PEM file not found: ".$this->locationRaCert);
67 67 
         }
68 68 
         if (stat($this->locationRaKey) === FALSE) {
69 
-            throw new Exception("RA operator private key file not found: " . $this->locationRaKey);
69 
+            throw new Exception("RA operator private key file not found: ".$this->locationRaKey);
70 70 
         }
71 71 
         if (stat($this->locationWebRoot) === FALSE) {
72 
-            throw new Exception("CA website root CA file not found: " . $this->locationWebRoot);
72 
+            throw new Exception("CA website root CA file not found: ".$this->locationWebRoot);
73 73 
         }
74 74 
     }
75 75 
 
@@ -136,27 +136,27 @@  discard block
 
 block discarded – undo
136 136 
                 throw new Exception("Unexpected policies requested.");
137 137 
             }
138 138 
             $altArray = [# Array mit den Subject Alternative Names
139 
-                "email:" . $csr["USERMAIL"]
139 
+                "email:".$csr["USERMAIL"]
140 140 
             ];
141 141 
             foreach ($csr["ALTNAMES"] as $oneAltName) {
142 142 
                 if (!empty($oneAltName) && preg_match('/(?=^.{1,254}$)(^(?:(?!\d|-)[a-z0-9\-]{1,63}(?<!-)\.)+(?:[a-z]{2,})$)/i', $oneAltName) > 0) {
143 
-                    $altArray[] = "DNS:" . $oneAltName;
143 
+                    $altArray[] = "DNS:".$oneAltName;
144 144 
                 } else {
145 
-                    $altArray[] = "IP:" . $oneAltName;
145 
+                    $altArray[] = "IP:".$oneAltName;
146 146 
                 }
147 147 
             }
148 148 
             //print '<pre>'; print_r($csr); print '</pre>'; exit;
149 149 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
150 150 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
151 
-            $this->loggerInstance->debug(5, "PARAM_1: " . $this->eduPkiRaId . "\n");
152 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
151 
+            $this->loggerInstance->debug(5, "PARAM_1: ".$this->eduPkiRaId."\n");
152 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
153 153 
             $this->loggerInstance->debug(5, "PARAM_3: ");
154 154 
             $this->loggerInstance->debug(5, $altArray);
155 
-            $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n");
156 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
157 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
158 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
159 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
155 
+            $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n");
156 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
157 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
158 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
159 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
160 160 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
161 161 
             $soapNewRequest = $soapPub->newRequest(
162 162 
                     $this->eduPkiRaId, # RA-ID
 
@@ -185,7 +185,7 @@  discard block
 
 block discarded – undo
185 185 
                 #}\n");
186 186 
                 return 0;
187 187 
             }
188 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
188 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
189 189 
         }
190 190 
         try {
191 191 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -217,7 +217,7 @@  discard block
 
 block discarded – undo
217 217 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
218 218 
             // rather than just using the string. Grr.
219 219 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
220 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
220 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
221 221 
             // retrieve our RA cert from filesystem
222 222 
             // the RA certificates are not needed right now because we
223 223 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -229,7 +229,7 @@  discard block
 
 block discarded – undo
229 229 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
230 230 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
231 231 
             $this->loggerInstance->debug(2, "Actual content to be signed is this:\n  $soapCleartext\n");
232 
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert;
232 
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert;
233 233 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
234 234 
             $output = [];
235 235 
             $return = 999;
 
@@ -238,21 +238,21 @@  discard block
 
 block discarded – undo
238 238 
                 throw new Exception("Non-zero return value from openssl smime!");
239 239 
             }
240 240 
             // and get the signature blob back from the filesystem
241 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
241 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
242 242 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
243 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
244 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
245 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
243 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
244 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
245 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
246 246 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
247 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
248 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
247 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
248 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
249 249 
             if ($soapIssueCert === FALSE) {
250 250 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
251 251 
             }
252 252 
         } catch (SoapFault $e) {
253 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
253 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
254 254 
         } catch (Exception $e) {
255 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
255 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
256 256 
         }
257 257 
         return $soapReqnum;
258 258 
     }
 
@@ -304,9 +304,9 @@  discard block
 
 block discarded – undo
304 304 
                 throw new Exception("CAInfo has no root certificate for us!");
305 305 
             }
306 306 
         } catch (SoapFault $e) {
307 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
307 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
308 308 
         } catch (Exception $e) {
309 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
309 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
310 310 
         }
311 311 
         return [
312 312 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -339,12 +339,12 @@  discard block
 
 block discarded – undo
339 339 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
340 340 
             // rather than just using the string. Grr.
341 341 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
342 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
342 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
343 343 
             // retrieve our RA cert from filesystem
344 344 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
345 345 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
346 346 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
347 
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert;
347 
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert;
348 348 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
349 349 
             $output = [];
350 350 
             $return = 999;
 
@@ -353,7 +353,7 @@  discard block
 
 block discarded – undo
353 353 
                 throw new Exception("Non-zero return value from openssl smime!");
354 354 
             }
355 355 
             // and get the signature blob back from the filesystem
356 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
356 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
357 357 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
358 358 
             if ($soapIssueRev === FALSE) {
359 359 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -361,9 +361,9 @@  discard block
 
 block discarded – undo
361 361 
         } catch (Exception $e) {
362 362 
             // PHP 7.1 can do this much better
363 363 
             if (is_soap_fault($e)) {
364 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
364 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
365 365 
             }
366 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
366 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
367 367 
         }
368 368 
     }
369 369 
 
@@ -465,9 +465,9 @@  discard block
 
 block discarded – undo
465 465 
      */
466 466 
     public function soapToXmlInteger($x)
467 467 
     {
468 
-        return '<' . $x[0] . '>'
468 
+        return '<'.$x[0].'>'
469 469 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
470 
-                . '</' . $x[0] . '>';
470 
+                . '</'.$x[0].'>';
471 471 
     }
472 472
473 473 
     /**
 
@@ -486,9 +486,9 @@  discard block
 
 block discarded – undo
486 486 
         // dump private key into directory
487 487 
         $outstring = "";
488 488 
         openssl_pkey_export($privateKey, $outstring);
489 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
489 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
490 490 
         // PHP can only do one DC in the Subject. But we need three.
491 
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
491 
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
492 492 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
493 493 
         $output = [];
494 494 
         $return = 999;
Please login to merge, or discard this patch.