GEANT /
CAT
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | |
| 97 | 97 | // realm is automatically calculated, then stored in DB |
| 98 | 98 | |
| 99 | - $this->realm = "opaquehash@$myInst->identifier-$this->identifier." . strtolower($myInst->federation) . \config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 99 | + $this->realm = "opaquehash@$myInst->identifier-$this->identifier.".strtolower($myInst->federation).\config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 100 | 100 | $localValueIfAny = ""; |
| 101 | 101 | |
| 102 | 102 | // but there's some common internal attributes populated directly |
@@ -113,11 +113,11 @@ discard block |
||
| 113 | 113 | |
| 114 | 114 | // and we need to populate eap:server_name and eap:ca_file with the NRO-specific EAP information |
| 115 | 115 | $silverbulletAttributes = [ |
| 116 | - "eap:server_name" => "auth." . strtolower($myFed->tld) . \config\ConfAssistant::SILVERBULLET['server_suffix'], |
|
| 116 | + "eap:server_name" => "auth.".strtolower($myFed->tld).\config\ConfAssistant::SILVERBULLET['server_suffix'], |
|
| 117 | 117 | ]; |
| 118 | 118 | $temp = array_merge($this->addInternalAttributes($internalAttributes), $this->addInternalAttributes($silverbulletAttributes)); |
| 119 | 119 | $x509 = new \core\common\X509(); |
| 120 | - $caHandle = fopen(dirname(__FILE__) . "/../config/SilverbulletServerCerts/" . strtoupper($myFed->tld) . "/root.pem", "r"); |
|
| 120 | + $caHandle = fopen(dirname(__FILE__)."/../config/SilverbulletServerCerts/".strtoupper($myFed->tld)."/root.pem", "r"); |
|
| 121 | 121 | if ($caHandle !== FALSE) { |
| 122 | 122 | $cAFile = fread($caHandle, 16000000); |
| 123 | 123 | foreach ($x509->splitCertificate($cAFile) as $oneCa) { |
@@ -273,7 +273,7 @@ discard block |
||
| 273 | 273 | if (empty($certNames)) { |
| 274 | 274 | return []; |
| 275 | 275 | } |
| 276 | - $namesCondensed = "'" . implode("' OR username = '", $certNames) . "'"; |
|
| 276 | + $namesCondensed = "'".implode("' OR username = '", $certNames)."'"; |
|
| 277 | 277 | $serverHandles = DBConnection::handle("RADIUS"); |
| 278 | 278 | $returnarray = []; |
| 279 | 279 | foreach ($serverHandles as $oneDbServer) { |
@@ -132,20 +132,20 @@ discard block |
||
| 132 | 132 | if ($device == "TOTAL") { |
| 133 | 133 | continue; |
| 134 | 134 | } |
| 135 | - $retstring .= "<tr><td>$device</td><td>" . $numbers['ADMIN'] . "</td><td>" . $numbers['SILVERBULLET'] . "</td><td>" . $numbers['USER'] . "</td></tr>"; |
|
| 135 | + $retstring .= "<tr><td>$device</td><td>".$numbers['ADMIN']."</td><td>".$numbers['SILVERBULLET']."</td><td>".$numbers['USER']."</td></tr>"; |
|
| 136 | 136 | } |
| 137 | - $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>" . $data['TOTAL']['ADMIN'] . "</strong></td><td><strong>" . $data['TOTAL']['SILVERBULLET'] . "</strong></td><td><strong>" . $data['TOTAL']['USER'] . "</strong></td></tr>"; |
|
| 137 | + $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>".$data['TOTAL']['ADMIN']."</strong></td><td><strong>".$data['TOTAL']['SILVERBULLET']."</strong></td><td><strong>".$data['TOTAL']['USER']."</strong></td></tr>"; |
|
| 138 | 138 | break; |
| 139 | 139 | case "XML": |
| 140 | 140 | // the calls to date() operate on current date, so there is no chance for a FALSE to be returned. Silencing scrutinizer. |
| 141 | - $retstring .= "<federation id='$this->tld' ts='" . /** @scrutinizer ignore-type */ date("Y-m-d") . "T" . /** @scrutinizer ignore-type */ date("H:i:s") . "'>\n"; |
|
| 141 | + $retstring .= "<federation id='$this->tld' ts='"./** @scrutinizer ignore-type */ date("Y-m-d")."T"./** @scrutinizer ignore-type */ date("H:i:s")."'>\n"; |
|
| 142 | 142 | foreach ($data as $device => $numbers) { |
| 143 | 143 | if ($device == "TOTAL") { |
| 144 | 144 | continue; |
| 145 | 145 | } |
| 146 | - $retstring .= " <device name='" . $device . "'>\n <downloads group='admin'>" . $numbers['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $numbers['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $numbers['USER'] . "</downloads>\n </device>"; |
|
| 146 | + $retstring .= " <device name='".$device."'>\n <downloads group='admin'>".$numbers['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$numbers['SILVERBULLET']."</downloads>\n <downloads group='user'>".$numbers['USER']."</downloads>\n </device>"; |
|
| 147 | 147 | } |
| 148 | - $retstring .= "<total>\n <downloads group='admin'>" . $data['TOTAL']['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $data['TOTAL']['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $data['TOTAL']['USER'] . "</downloads>\n</total>\n"; |
|
| 148 | + $retstring .= "<total>\n <downloads group='admin'>".$data['TOTAL']['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$data['TOTAL']['SILVERBULLET']."</downloads>\n <downloads group='user'>".$data['TOTAL']['USER']."</downloads>\n</total>\n"; |
|
| 149 | 149 | $retstring .= "</federation>"; |
| 150 | 150 | break; |
| 151 | 151 | case "array": |
@@ -237,7 +237,7 @@ discard block |
||
| 237 | 237 | $identifier = $this->databaseHandle->lastID(); |
| 238 | 238 | |
| 239 | 239 | if ($identifier == 0 || !$this->loggerInstance->writeAudit($ownerId, "NEW", "Organisation $identifier")) { |
| 240 | - $text = "<p>Could not create a new " . \config\ConfAssistant::CONSORTIUM['nomenclature_inst'] . "!</p>"; |
|
| 240 | + $text = "<p>Could not create a new ".\config\ConfAssistant::CONSORTIUM['nomenclature_inst']."!</p>"; |
|
| 241 | 241 | echo $text; |
| 242 | 242 | throw new Exception($text); |
| 243 | 243 | } |
@@ -379,7 +379,7 @@ discard block |
||
| 379 | 379 | return; // no update to fetch |
| 380 | 380 | } |
| 381 | 381 | $certDetails = openssl_x509_parse($entryInQuestion['CERT']); |
| 382 | - $expiry = "20" . $certDetails['validTo'][0] . $certDetails['validTo'][1] . "-" . $certDetails['validTo'][2] . $certDetails['validTo'][3] . "-" . $certDetails['validTo'][4] . $certDetails['validTo'][5]; |
|
| 382 | + $expiry = "20".$certDetails['validTo'][0].$certDetails['validTo'][1]."-".$certDetails['validTo'][2].$certDetails['validTo'][3]."-".$certDetails['validTo'][4].$certDetails['validTo'][5]; |
|
| 383 | 383 | openssl_x509_export($entryInQuestion['CERT'], $pem); |
| 384 | 384 | $updateQuery = "UPDATE federation_servercerts SET status = 'ISSUED', certificate = ?, expiry = ? WHERE ca_name = 'eduPKI' AND request_serial = ?"; |
| 385 | 385 | $this->databaseHandle->exec($updateQuery, "ssi", $pem, $expiry, $reqSerial); |
@@ -75,9 +75,9 @@ discard block |
||
| 75 | 75 | $loggerInstance = new \core\common\Logging(); |
| 76 | 76 | $olddomain = textdomain(NULL); |
| 77 | 77 | $loggerInstance->debug(4, "set_locale($domain)\n"); |
| 78 | - $loggerInstance->debug(4, ROOT . "\n"); |
|
| 78 | + $loggerInstance->debug(4, ROOT."\n"); |
|
| 79 | 79 | textdomain($domain); |
| 80 | - bindtextdomain($domain, ROOT . "/translation/"); |
|
| 80 | + bindtextdomain($domain, ROOT."/translation/"); |
|
| 81 | 81 | return $olddomain; |
| 82 | 82 | } |
| 83 | 83 | |
@@ -128,7 +128,7 @@ discard block |
||
| 128 | 128 | |
| 129 | 129 | // check if this language is supported by the CAT config |
| 130 | 130 | foreach (\config\Master::LANGUAGES as $language => $value) { |
| 131 | - if (preg_match("/^" . $language . ".*/", $tryLang)) { |
|
| 131 | + if (preg_match("/^".$language.".*/", $tryLang)) { |
|
| 132 | 132 | $localeTmp = $value['locale']; |
| 133 | 133 | $langIndex = $language; // ??? |
| 134 | 134 | break; |
@@ -143,7 +143,7 @@ discard block |
||
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | } |
| 146 | - putenv("LC_ALL=" . $theLocale); |
|
| 146 | + putenv("LC_ALL=".$theLocale); |
|
| 147 | 147 | $_SESSION['language'] = $langIndex; |
| 148 | 148 | $loggerInstance = new \core\common\Logging(); |
| 149 | 149 | $loggerInstance->debug(4, "selected lang:$langIndex:$theLocale\n"); |
@@ -88,7 +88,7 @@ |
||
| 88 | 88 | public function der2pem($derData) |
| 89 | 89 | { |
| 90 | 90 | $pem = chunk_split(base64_encode($derData), 64, "\n"); |
| 91 | - $pem = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n"; |
|
| 91 | + $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n"; |
|
| 92 | 92 | return $pem; |
| 93 | 93 | } |
| 94 | 94 | |
@@ -110,7 +110,7 @@ discard block |
||
| 110 | 110 | public function __construct() |
| 111 | 111 | { |
| 112 | 112 | $this->loggerInstance = new Logging(); |
| 113 | - $this->loggerInstance->debug(3, "--- BEGIN constructing class " . get_class($this) . " .\n"); |
|
| 113 | + $this->loggerInstance->debug(3, "--- BEGIN constructing class ".get_class($this)." .\n"); |
|
| 114 | 114 | $this->languageInstance = new Language(); |
| 115 | 115 | Entity::intoThePotatoes("core"); |
| 116 | 116 | // some config elements are displayable. We need some dummies to |
@@ -129,13 +129,13 @@ discard block |
||
| 129 | 129 | $dummy_organisation2a = _("organization"); |
| 130 | 130 | $dummy_organisation3 = _("entity"); |
| 131 | 131 | // and do something useless with the strings so that there's no "unused" complaint |
| 132 | - if (strlen($dummy_NRO . $dummy_inst1 . $dummy_inst2 . $dummy_inst3 . $dummy_hotspot1 . $dummy_hotspot2 . $dummy_hotspot3 . $dummy_organisation1 . $dummy_organisation2 . $dummy_organisation2a . $dummy_organisation3) < 0) { |
|
| 132 | + if (strlen($dummy_NRO.$dummy_inst1.$dummy_inst2.$dummy_inst3.$dummy_hotspot1.$dummy_hotspot2.$dummy_hotspot3.$dummy_organisation1.$dummy_organisation2.$dummy_organisation2a.$dummy_organisation3) < 0) { |
|
| 133 | 133 | throw new Exception("Strings are usually not shorter than 0 characters. We've encountered a string blackhole."); |
| 134 | 134 | } |
| 135 | - $xyzVariableFed = \config\ConfAssistant::CONSORTIUM['nomenclature_federation'] . ""; |
|
| 136 | - $xyzVariableInst = \config\ConfAssistant::CONSORTIUM['nomenclature_institution'] . ""; |
|
| 137 | - $xyzVariableHotspot = \config\ConfAssistant::CONSORTIUM['nomenclature_hotspot'] . ""; |
|
| 138 | - $xyzVariableParticipant = \config\ConfAssistant::CONSORTIUM['nomenclature_participant'] . ""; |
|
| 135 | + $xyzVariableFed = \config\ConfAssistant::CONSORTIUM['nomenclature_federation'].""; |
|
| 136 | + $xyzVariableInst = \config\ConfAssistant::CONSORTIUM['nomenclature_institution'].""; |
|
| 137 | + $xyzVariableHotspot = \config\ConfAssistant::CONSORTIUM['nomenclature_hotspot'].""; |
|
| 138 | + $xyzVariableParticipant = \config\ConfAssistant::CONSORTIUM['nomenclature_participant'].""; |
|
| 139 | 139 | Entity::$nomenclature_fed = _($xyzVariableFed); |
| 140 | 140 | Entity::$nomenclature_inst = _($xyzVariableInst); |
| 141 | 141 | Entity::$nomenclature_hotspot = _($xyzVariableHotspot); |
@@ -151,7 +151,7 @@ discard block |
||
| 151 | 151 | */ |
| 152 | 152 | public function __destruct() |
| 153 | 153 | { |
| 154 | - (new Logging())->debug(5, "--- KILL Destructing class " . get_class($this) . " .\n"); |
|
| 154 | + (new Logging())->debug(5, "--- KILL Destructing class ".get_class($this)." .\n"); |
|
| 155 | 155 | } |
| 156 | 156 | |
| 157 | 157 | /** |
@@ -184,7 +184,7 @@ discard block |
||
| 184 | 184 | public static function createTemporaryDirectory($purpose = 'installer', $failIsFatal = 1) |
| 185 | 185 | { |
| 186 | 186 | $loggerInstance = new Logging(); |
| 187 | - $name = md5(time() . rand()); |
|
| 187 | + $name = md5(time().rand()); |
|
| 188 | 188 | $path = ROOT; |
| 189 | 189 | switch ($purpose) { |
| 190 | 190 | case 'silverbullet': |
@@ -202,7 +202,7 @@ discard block |
||
| 202 | 202 | default: |
| 203 | 203 | throw new Exception("unable to create temporary directory due to unknown purpose: $purpose\n"); |
| 204 | 204 | } |
| 205 | - $tmpDir = $path . '/' . $name; |
|
| 205 | + $tmpDir = $path.'/'.$name; |
|
| 206 | 206 | $loggerInstance->debug(4, "temp dir: $purpose : $tmpDir\n"); |
| 207 | 207 | if (!mkdir($tmpDir, 0700, true)) { |
| 208 | 208 | if ($failIsFatal) { |
@@ -223,7 +223,7 @@ discard block |
||
| 223 | 223 | */ |
| 224 | 224 | public static function rrmdir($dir) |
| 225 | 225 | { |
| 226 | - foreach (glob($dir . '/*') as $file) { |
|
| 226 | + foreach (glob($dir.'/*') as $file) { |
|
| 227 | 227 | if (is_dir($file)) { |
| 228 | 228 | Entity::rrmdir($file); |
| 229 | 229 | } else { |
@@ -249,12 +249,12 @@ discard block |
||
| 249 | 249 | } |
| 250 | 250 | // these substr() are guaranteed to yield actual string data, as the |
| 251 | 251 | // base string is an MD5 hash - has sufficient length |
| 252 | - $uuid = /** @scrutinizer ignore-type */ substr($chars, 0, 8) . '-'; |
|
| 253 | - $uuid .= /** @scrutinizer ignore-type */ substr($chars, 8, 4) . '-'; |
|
| 254 | - $uuid .= /** @scrutinizer ignore-type */ substr($chars, 12, 4) . '-'; |
|
| 255 | - $uuid .= /** @scrutinizer ignore-type */ substr($chars, 16, 4) . '-'; |
|
| 252 | + $uuid = /** @scrutinizer ignore-type */ substr($chars, 0, 8).'-'; |
|
| 253 | + $uuid .= /** @scrutinizer ignore-type */ substr($chars, 8, 4).'-'; |
|
| 254 | + $uuid .= /** @scrutinizer ignore-type */ substr($chars, 12, 4).'-'; |
|
| 255 | + $uuid .= /** @scrutinizer ignore-type */ substr($chars, 16, 4).'-'; |
|
| 256 | 256 | $uuid .= /** @scrutinizer ignore-type */ substr($chars, 20, 12); |
| 257 | - return $prefix . $uuid; |
|
| 257 | + return $prefix.$uuid; |
|
| 258 | 258 | } |
| 259 | 259 | |
| 260 | 260 | /** |
@@ -295,7 +295,7 @@ discard block |
||
| 295 | 295 | for ($i = count($trace); $i--; $i > 0) { |
| 296 | 296 | if (isset($trace[$i - 1]['class']) && preg_match('/Entity/', $trace[$i - 1]['class'])) { |
| 297 | 297 | if ($showTrace) { |
| 298 | - echo "FOUND caller: " . print_r($trace[$i], true) . " - class is " . $trace[$i]['class']; |
|
| 298 | + echo "FOUND caller: ".print_r($trace[$i], true)." - class is ".$trace[$i]['class']; |
|
| 299 | 299 | } |
| 300 | 300 | $caller = $trace[$i]; |
| 301 | 301 | break; |
@@ -305,8 +305,8 @@ discard block |
||
| 305 | 305 | // otherwise, on the filename relative to ROOT |
| 306 | 306 | $myName = $caller['class'] ?? substr($caller['file'], strlen(ROOT)); |
| 307 | 307 | if ($showTrace === TRUE) { |
| 308 | - echo "<pre>" . print_r($trace, true) . "</pre>"; |
|
| 309 | - echo "CLASS = " . $myName . "<br/>"; |
|
| 308 | + echo "<pre>".print_r($trace, true)."</pre>"; |
|
| 309 | + echo "CLASS = ".$myName."<br/>"; |
|
| 310 | 310 | } |
| 311 | 311 | if (preg_match("/diag/", $myName) == 1) { |
| 312 | 312 | $ret = "diagnostics"; |
@@ -340,10 +340,10 @@ discard block |
||
| 340 | 340 | if ($catalogue === NULL) { |
| 341 | 341 | $theCatalogue = Entity::determineOwnCatalogue($trace); |
| 342 | 342 | textdomain($theCatalogue); |
| 343 | - bindtextdomain($theCatalogue, ROOT . "/translation/"); |
|
| 343 | + bindtextdomain($theCatalogue, ROOT."/translation/"); |
|
| 344 | 344 | } else { |
| 345 | 345 | textdomain($catalogue); |
| 346 | - bindtextdomain($catalogue, ROOT . "/translation/"); |
|
| 346 | + bindtextdomain($catalogue, ROOT."/translation/"); |
|
| 347 | 347 | } |
| 348 | 348 | } |
| 349 | 349 | |
@@ -49,7 +49,7 @@ discard block |
||
| 49 | 49 | */ |
| 50 | 50 | private function writeToFile($filename, $message) |
| 51 | 51 | { |
| 52 | - file_put_contents(\config\Master::PATHS['logdir'] . "/$filename", sprintf("%-015s", microtime(TRUE)) . $message, FILE_APPEND); |
|
| 52 | + file_put_contents(\config\Master::PATHS['logdir']."/$filename", sprintf("%-015s", microtime(TRUE)).$message, FILE_APPEND); |
|
| 53 | 53 | } |
| 54 | 54 | |
| 55 | 55 | /** |
@@ -81,7 +81,7 @@ discard block |
||
| 81 | 81 | } else { |
| 82 | 82 | $output .= var_export($stuff, TRUE); |
| 83 | 83 | } |
| 84 | - $output = $prefix . $output . $suffix; |
|
| 84 | + $output = $prefix.$output.$suffix; |
|
| 85 | 85 | $this->writeToFile("debug.log", $output); |
| 86 | 86 | |
| 87 | 87 | return; |
@@ -129,6 +129,6 @@ discard block |
||
| 129 | 129 | $logTextStep1 = preg_replace("/[\n\r]/", "", $query); |
| 130 | 130 | $logTextStep2 = preg_replace("/ +/", " ", $logTextStep1); |
| 131 | 131 | $logTextStep3 = iconv("UTF-8", "UTF-8//IGNORE", $logTextStep2); |
| 132 | - $this->writeToFile("audit-SQL.log", " " . $logTextStep3 . "\n"); |
|
| 132 | + $this->writeToFile("audit-SQL.log", " ".$logTextStep3."\n"); |
|
| 133 | 133 | } |
| 134 | 134 | } |
| 135 | 135 | \ No newline at end of file |
@@ -69,7 +69,7 @@ discard block |
||
| 69 | 69 | $returnArray = []; |
| 70 | 70 | $returnArray['status'] = $status; |
| 71 | 71 | $returnArray['data'] = $data; |
| 72 | - $returnArray['tou'] = "Please consult Terms of Use at: //" . $host . \core\CAT::getRootUrlPath() . "/tou.php"; |
|
| 72 | + $returnArray['tou'] = "Please consult Terms of Use at: //".$host.\core\CAT::getRootUrlPath()."/tou.php"; |
|
| 73 | 73 | if (!empty($otherData)) { |
| 74 | 74 | $returnArray['otherdata'] = $otherData; |
| 75 | 75 | } |
@@ -311,8 +311,8 @@ discard block |
||
| 311 | 311 | public function sendLogo($identifier, $type, $width, $height) |
| 312 | 312 | { |
| 313 | 313 | $logo = $this->getLogo($identifier, $type, $width, $height); |
| 314 | - $blob = $logo === NULL ? file_get_contents(ROOT . '/web/resources/images/empty.png') : $logo['blob']; |
|
| 315 | - header("Content-type: " . $logo['filetype']); |
|
| 314 | + $blob = $logo === NULL ? file_get_contents(ROOT.'/web/resources/images/empty.png') : $logo['blob']; |
|
| 315 | + header("Content-type: ".$logo['filetype']); |
|
| 316 | 316 | header("Cache-Control:max-age=36000, must-revalidate"); |
| 317 | 317 | header($logo['expires']); |
| 318 | 318 | echo $blob; |
@@ -65,8 +65,8 @@ discard block |
||
| 65 | 65 | parent::__construct(); |
| 66 | 66 | $Dev = \devices\Devices::listDevices(); |
| 67 | 67 | if (isset($Dev[$blueprint])) { |
| 68 | - $this->loggerInstance->debug(4, "loaded: devices/" . $Dev[$blueprint]['directory'] . "/" . $Dev[$blueprint]['module'] . ".php\n"); |
|
| 69 | - $class_name = "\devices\\" . $Dev[$blueprint]['directory'] . "\Device" . $Dev[$blueprint]['module']; |
|
| 68 | + $this->loggerInstance->debug(4, "loaded: devices/".$Dev[$blueprint]['directory']."/".$Dev[$blueprint]['module'].".php\n"); |
|
| 69 | + $class_name = "\devices\\".$Dev[$blueprint]['directory']."\Device".$Dev[$blueprint]['module']; |
|
| 70 | 70 | $this->device = new $class_name(); |
| 71 | 71 | if (!$this->device) { |
| 72 | 72 | $this->loggerInstance->debug(2, "module loading failed"); |
@@ -75,7 +75,7 @@ discard block |
||
| 75 | 75 | } else { |
| 76 | 76 | echo("unknown devicename:$blueprint\n"); |
| 77 | 77 | } |
| 78 | - $this->device->module_path = ROOT . '/devices/' . $Dev[$blueprint]['directory']; |
|
| 78 | + $this->device->module_path = ROOT.'/devices/'.$Dev[$blueprint]['directory']; |
|
| 79 | 79 | $this->device->signer = isset($Dev[$blueprint]['signer']) ? $Dev[$blueprint]['signer'] : 0; |
| 80 | 80 | $this->device->device_id = $blueprint; |
| 81 | 81 | $options = \devices\Devices::$Options; |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,11 +66,11 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -78,15 +78,15 @@ discard block |
||
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 79 | 79 | } |
| 80 | 80 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 81 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 81 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | } |
| 83 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 83 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | if ($issuingKeyTemp === FALSE) { |
| 85 | 85 | throw new Exception("The private key did not parse correctly!"); |
| 86 | 86 | } |
| 87 | 87 | $this->issuingKey = $issuingKeyTemp; |
| 88 | 88 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 89 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 89 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 90 | 90 | } |
| 91 | 91 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 92 | 92 | } |
@@ -129,27 +129,27 @@ discard block |
||
| 129 | 129 | // generate stub index.txt file |
| 130 | 130 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 131 | 131 | $tempdir = $tempdirArray['dir']; |
| 132 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 133 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 132 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 133 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 134 | 134 | // serials for our CA are always integers |
| 135 | 135 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 136 | 136 | if (strlen($serialHex) % 2 == 1) { |
| 137 | - $serialHex = "0" . $serialHex; |
|
| 137 | + $serialHex = "0".$serialHex; |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 140 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 141 | 141 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 142 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 142 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 143 | 143 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 144 | 144 | } |
| 145 | 145 | // index.txt.attr is dull but needs to exist |
| 146 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 146 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 147 | 147 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 148 | 148 | // adding "-rmd sha1" to the following command-line makes the |
| 149 | 149 | // choice of signature algorithm for the response explicit |
| 150 | 150 | // but it's only available from openssl-1.1.0 (which we do not |
| 151 | 151 | // want to require just for that one thing). |
| 152 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 152 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 153 | 153 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 154 | 154 | $output = []; |
| 155 | 155 | $return = 999; |
@@ -157,11 +157,11 @@ discard block |
||
| 157 | 157 | if ($return !== 0) { |
| 158 | 158 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 159 | 159 | } |
| 160 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 160 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 161 | 161 | // remove the temp dir! |
| 162 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 163 | - unlink($tempdir . "/index.txt.attr"); |
|
| 164 | - unlink($tempdir . "/index.txt"); |
|
| 162 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 163 | + unlink($tempdir."/index.txt.attr"); |
|
| 164 | + unlink($tempdir."/index.txt"); |
|
| 165 | 165 | rmdir($tempdir); |
| 166 | 166 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 167 | 167 | return $ocsp; |
