GEANT /
CAT
@@ -148,27 +148,27 @@ discard block |
||
| 148 | 148 | { |
| 149 | 149 | // it could match CN or sAN:DNS, we don't care which |
| 150 | 150 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 151 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against Subject: "); |
|
| 151 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against Subject: "); |
|
| 152 | 152 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
| 153 | 153 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 154 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 154 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 155 | 155 | return TRUE; |
| 156 | 156 | } |
| 157 | 157 | } |
| 158 | 158 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 159 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 159 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 160 | 160 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 161 | 161 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 162 | 162 | if (!is_array($testNames)) { |
| 163 | 163 | $testNames = [$testNames]; |
| 164 | 164 | } |
| 165 | 165 | foreach ($testNames as $oneName) { |
| 166 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 166 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 167 | 167 | return TRUE; |
| 168 | 168 | } |
| 169 | 169 | } |
| 170 | 170 | } |
| 171 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 171 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 172 | 172 | |
| 173 | 173 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 174 | 174 | return FALSE; |
@@ -198,7 +198,7 @@ discard block |
||
| 198 | 198 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 199 | 199 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 200 | 200 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 201 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 201 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 202 | 202 | if (!isset($this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k])) { |
| 203 | 203 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 204 | 204 | } |
@@ -242,11 +242,11 @@ discard block |
||
| 242 | 242 | // but code analysers want this more explicit, so here is this extra |
| 243 | 243 | // call to escapeshellarg() |
| 244 | 244 | $escapedHost = escapeshellarg($host); |
| 245 | - $this->loggerInstance->debug(4, \config\Main::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -tls1 -CApath " . ROOT . "/config/ca-certs/ $arg 2>&1\n"); |
|
| 245 | + $this->loggerInstance->debug(4, \config\Main::PATHS['openssl']." s_client -connect ".$escapedHost." -tls1 -CApath ".ROOT."/config/ca-certs/ $arg 2>&1\n"); |
|
| 246 | 246 | $time_start = microtime(true); |
| 247 | 247 | $opensslbabble = []; |
| 248 | 248 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 249 | - exec(\config\Main::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -no_ssl3 -CApath " . ROOT . "/config/ca-certs/ $arg 2>&1", $opensslbabble, $result); |
|
| 249 | + exec(\config\Main::PATHS['openssl']." s_client -connect ".$escapedHost." -no_ssl3 -CApath ".ROOT."/config/ca-certs/ $arg 2>&1", $opensslbabble, $result); |
|
| 250 | 250 | $time_stop = microtime(true); |
| 251 | 251 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 252 | 252 | $testresults['returncode'] = $result; |
@@ -62,24 +62,24 @@ discard block |
||
| 62 | 62 | case "EXTERNAL": |
| 63 | 63 | case "FRONTEND": |
| 64 | 64 | case "DIAGNOSTICS": |
| 65 | - if (!isset(self::${"instance" . $theDb})) { |
|
| 65 | + if (!isset(self::${"instance".$theDb})) { |
|
| 66 | 66 | $class = __CLASS__; |
| 67 | - self::${"instance" . $theDb} = new $class($database); |
|
| 68 | - DBConnection::${"instance" . $theDb}->databaseInstance = $theDb; |
|
| 67 | + self::${"instance".$theDb} = new $class($database); |
|
| 68 | + DBConnection::${"instance".$theDb}->databaseInstance = $theDb; |
|
| 69 | 69 | } |
| 70 | - return self::${"instance" . $theDb}; |
|
| 70 | + return self::${"instance".$theDb}; |
|
| 71 | 71 | case "RADIUS": |
| 72 | - if (!isset(self::${"instance" . $theDb})) { |
|
| 72 | + if (!isset(self::${"instance".$theDb})) { |
|
| 73 | 73 | $class = __CLASS__; |
| 74 | 74 | foreach (\config\ConfAssistant::DB as $name => $oneRadiusAuthDb) { |
| 75 | 75 | $theInstance = new $class($name); |
| 76 | - self::${"instance" . $theDb}[] = $theInstance; |
|
| 76 | + self::${"instance".$theDb}[] = $theInstance; |
|
| 77 | 77 | $theInstance->databaseInstance = $theDb; |
| 78 | 78 | } |
| 79 | 79 | } |
| 80 | - return self::${"instance" . $theDb}; |
|
| 80 | + return self::${"instance".$theDb}; |
|
| 81 | 81 | default: |
| 82 | - throw new Exception("This type of database (" . strtoupper($database) . ") is not known!"); |
|
| 82 | + throw new Exception("This type of database (".strtoupper($database).") is not known!"); |
|
| 83 | 83 | } |
| 84 | 84 | } |
| 85 | 85 | |
@@ -121,18 +121,18 @@ discard block |
||
| 121 | 121 | } |
| 122 | 122 | } |
| 123 | 123 | // log exact query to debug log, if log level is at 5 |
| 124 | - $this->loggerInstance->debug(5, "DB ATTEMPT: " . $querystring . "\n"); |
|
| 124 | + $this->loggerInstance->debug(5, "DB ATTEMPT: ".$querystring."\n"); |
|
| 125 | 125 | if ($types !== NULL) { |
| 126 | - $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: " . print_r($arguments, true)); |
|
| 126 | + $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: ".print_r($arguments, true)); |
|
| 127 | 127 | } |
| 128 | 128 | |
| 129 | 129 | if ($this->connection->connect_error) { |
| 130 | - throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number" . $this->connection->connect_error . ")!"); |
|
| 130 | + throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number".$this->connection->connect_error.")!"); |
|
| 131 | 131 | } |
| 132 | 132 | if ($types === NULL) { |
| 133 | 133 | $result = $this->connection->query($querystring); |
| 134 | 134 | if ($result === FALSE) { |
| 135 | - throw new Exception("DB: Unable to execute simple statement! Error was --> " . $this->connection->error . " <--"); |
|
| 135 | + throw new Exception("DB: Unable to execute simple statement! Error was --> ".$this->connection->error." <--"); |
|
| 136 | 136 | } |
| 137 | 137 | } else { |
| 138 | 138 | // fancy! prepared statement with dedicated argument list |
@@ -148,7 +148,7 @@ discard block |
||
| 148 | 148 | } |
| 149 | 149 | $prepResult = $statementObject->prepare($querystring); |
| 150 | 150 | if ($prepResult === FALSE) { |
| 151 | - throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> " . $statementObject->error . " <--."); |
|
| 151 | + throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> ".$statementObject->error." <--."); |
|
| 152 | 152 | } |
| 153 | 153 | $this->preparedStatements[$querystring] = $statementObject; |
| 154 | 154 | } |
@@ -161,11 +161,11 @@ discard block |
||
| 161 | 161 | array_unshift($localArray, $types); |
| 162 | 162 | $retval = call_user_func_array([$statementObject, "bind_param"], $localArray); |
| 163 | 163 | if ($retval === FALSE) { |
| 164 | - throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> " . var_export($localArray, TRUE) . " <--. Error was --> " . $statementObject->error . " <--"); |
|
| 164 | + throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> ".var_export($localArray, TRUE)." <--. Error was --> ".$statementObject->error." <--"); |
|
| 165 | 165 | } |
| 166 | 166 | $result = $statementObject->execute(); |
| 167 | 167 | if ($result === FALSE) { |
| 168 | - throw new Exception("DB: Unable to execute prepared statement! Error was --> " . $statementObject->error . " <--"); |
|
| 168 | + throw new Exception("DB: Unable to execute prepared statement! Error was --> ".$statementObject->error." <--"); |
|
| 169 | 169 | } |
| 170 | 170 | $selectResult = $statementObject->get_result(); |
| 171 | 171 | if ($selectResult !== FALSE) { |
@@ -175,14 +175,14 @@ discard block |
||
| 175 | 175 | |
| 176 | 176 | // all cases where $result could be FALSE have been caught earlier |
| 177 | 177 | if ($this->connection->errno) { |
| 178 | - throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was " . $this->connection->errno . "!"); |
|
| 178 | + throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was ".$this->connection->errno."!"); |
|
| 179 | 179 | } |
| 180 | 180 | |
| 181 | 181 | |
| 182 | 182 | if ($isMoreThanSelect) { |
| 183 | - $this->loggerInstance->writeSQLAudit("[DB: " . strtoupper($this->databaseInstance) . "] " . $querystring); |
|
| 183 | + $this->loggerInstance->writeSQLAudit("[DB: ".strtoupper($this->databaseInstance)."] ".$querystring); |
|
| 184 | 184 | if ($types !== NULL) { |
| 185 | - $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: " . print_r($arguments, true)); |
|
| 185 | + $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: ".print_r($arguments, true)); |
|
| 186 | 186 | } |
| 187 | 187 | } |
| 188 | 188 | return $result; |
@@ -277,13 +277,13 @@ discard block |
||
| 277 | 277 | if (isset(\config\Main::DB[$databaseCapitalised])) { |
| 278 | 278 | $this->connection = new \mysqli(\config\Main::DB[$databaseCapitalised]['host'], \config\Main::DB[$databaseCapitalised]['user'], \config\Main::DB[$databaseCapitalised]['pass'], \config\Main::DB[$databaseCapitalised]['db']); |
| 279 | 279 | if ($this->connection->connect_error) { |
| 280 | - throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ")."); |
|
| 280 | + throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.")."); |
|
| 281 | 281 | } |
| 282 | 282 | $this->readOnly = \config\Main::DB[$databaseCapitalised]['readonly']; |
| 283 | 283 | } else { // one of the RADIUS DBs |
| 284 | 284 | $this->connection = new \mysqli(\config\ConfAssistant::DB[$databaseCapitalised]['host'], \config\ConfAssistant::DB[$databaseCapitalised]['user'], \config\ConfAssistant::DB[$databaseCapitalised]['pass'], \config\ConfAssistant::DB[$databaseCapitalised]['db']); |
| 285 | 285 | if ($this->connection->connect_error) { |
| 286 | - throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ")."); |
|
| 286 | + throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.")."); |
|
| 287 | 287 | } |
| 288 | 288 | $this->readOnly = \config\ConfAssistant::DB[$databaseCapitalised]['readonly']; |
| 289 | 289 | } |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | protected function setSupportedEapMethods($eapArray) |
| 86 | 86 | { |
| 87 | 87 | $this->supportedEapMethods = $eapArray; |
| 88 | - $this->loggerInstance->debug(4, "This device (" . __CLASS__ . ") supports the following EAP methods: "); |
|
| 88 | + $this->loggerInstance->debug(4, "This device (".__CLASS__.") supports the following EAP methods: "); |
|
| 89 | 89 | $this->loggerInstance->debug(4, $this->supportedEapMethods); |
| 90 | 90 | } |
| 91 | 91 | |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | break 2; |
| 138 | 138 | } |
| 139 | 139 | } |
| 140 | - $longestSuffix = $candidate . $longestSuffix; |
|
| 140 | + $longestSuffix = $candidate.$longestSuffix; |
|
| 141 | 141 | } |
| 142 | 142 | return $longestSuffix; |
| 143 | 143 | } |
@@ -175,7 +175,7 @@ discard block |
||
| 175 | 175 | throw new Exception("No EAP type available."); |
| 176 | 176 | } |
| 177 | 177 | $this->attributes = $this->getProfileAttributes($profile); |
| 178 | - $this->deviceUUID = common\Entity::uuid('', 'CAT' . $profile->institution . "-" . $profile->identifier . "-" . $this->device_id); |
|
| 178 | + $this->deviceUUID = common\Entity::uuid('', 'CAT'.$profile->institution."-".$profile->identifier."-".$this->device_id); |
|
| 179 | 179 | |
| 180 | 180 | |
| 181 | 181 | // if we are instantiating a Silverbullet profile AND have been given |
@@ -200,8 +200,8 @@ discard block |
||
| 200 | 200 | // create temporary directory, its full path will be saved in $this->FPATH; |
| 201 | 201 | $tempDir = \core\common\Entity::createTemporaryDirectory($purpose); |
| 202 | 202 | $this->FPATH = $tempDir['dir']; |
| 203 | - mkdir($tempDir['dir'] . '/tmp'); |
|
| 204 | - chdir($tempDir['dir'] . '/tmp'); |
|
| 203 | + mkdir($tempDir['dir'].'/tmp'); |
|
| 204 | + chdir($tempDir['dir'].'/tmp'); |
|
| 205 | 205 | $caList = []; |
| 206 | 206 | $x509 = new \core\common\X509(); |
| 207 | 207 | if (isset($this->attributes['eap:ca_file'])) { |
@@ -239,7 +239,7 @@ discard block |
||
| 239 | 239 | $this->support_url_substitute = sprintf(_("your local %s support page"), \config\ConfAssistant::CONSORTIUM['display_name']); |
| 240 | 240 | |
| 241 | 241 | if ($this->signer && $this->options['sign']) { |
| 242 | - $this->sign = ROOT . '/signer/' . $this->signer; |
|
| 242 | + $this->sign = ROOT.'/signer/'.$this->signer; |
|
| 243 | 243 | } |
| 244 | 244 | $this->installerBasename = $this->getInstallerBasename(); |
| 245 | 245 | common\Entity::outOfThePotatoes(); |
@@ -299,10 +299,10 @@ discard block |
||
| 299 | 299 | */ |
| 300 | 300 | protected function findSourceFile($file) |
| 301 | 301 | { |
| 302 | - if (is_file($this->module_path . '/Files/' . $this->device_id . '/' . $file)) { |
|
| 303 | - return $this->module_path . '/Files/' . $this->device_id . '/' . $file; |
|
| 304 | - } elseif (is_file($this->module_path . '/Files/' . $file)) { |
|
| 305 | - return $this->module_path . '/Files/' . $file; |
|
| 302 | + if (is_file($this->module_path.'/Files/'.$this->device_id.'/'.$file)) { |
|
| 303 | + return $this->module_path.'/Files/'.$this->device_id.'/'.$file; |
|
| 304 | + } elseif (is_file($this->module_path.'/Files/'.$file)) { |
|
| 305 | + return $this->module_path.'/Files/'.$file; |
|
| 306 | 306 | } else { |
| 307 | 307 | $this->loggerInstance->debug(2, "requested file $file does not exist\n"); |
| 308 | 308 | return FALSE; |
@@ -426,17 +426,17 @@ discard block |
||
| 426 | 426 | */ |
| 427 | 427 | private function getInstallerBasename() |
| 428 | 428 | { |
| 429 | - $baseName = $this->customTranslit(\config\ConfAssistant::CONSORTIUM['name']) . "-" . $this->getDeviceId(); |
|
| 429 | + $baseName = $this->customTranslit(\config\ConfAssistant::CONSORTIUM['name'])."-".$this->getDeviceId(); |
|
| 430 | 430 | if (isset($this->attributes['profile:customsuffix'][1])) { |
| 431 | 431 | // this string will end up as a filename on a filesystem, so always |
| 432 | 432 | // take a latin-based language variant if available |
| 433 | 433 | // and then scrub non-ASCII just in case |
| 434 | - return $baseName . $this->customTranslit($this->attributes['profile:customsuffix'][1]); |
|
| 434 | + return $baseName.$this->customTranslit($this->attributes['profile:customsuffix'][1]); |
|
| 435 | 435 | } |
| 436 | 436 | // Okay, no custom suffix. |
| 437 | 437 | // Use the configured inst name and apply shortening heuristics |
| 438 | 438 | $lang_pointer = \config\Main::LANGUAGES[$this->languageInstance->getLang()]['latin_based'] == TRUE ? 0 : 1; |
| 439 | - $this->loggerInstance->debug(5, "getInstallerBasename1:" . $this->attributes['general:instname'][$lang_pointer] . "\n"); |
|
| 439 | + $this->loggerInstance->debug(5, "getInstallerBasename1:".$this->attributes['general:instname'][$lang_pointer]."\n"); |
|
| 440 | 440 | $inst = $this->customTranslit($this->attributes['general:instname'][$lang_pointer]); |
| 441 | 441 | $this->loggerInstance->debug(4, "getInstallerBasename2:$inst\n"); |
| 442 | 442 | $Inst_a = explode('_', $inst); |
@@ -451,10 +451,10 @@ discard block |
||
| 451 | 451 | if (!empty($this->attributes['profile:name']) && !empty($this->attributes['profile:name'][$lang_pointer])) { |
| 452 | 452 | $profTemp = $this->customTranslit($this->attributes['profile:name'][$lang_pointer]); |
| 453 | 453 | $prof = preg_replace('/_+$/', '', $profTemp); |
| 454 | - return $baseName . $inst . '-' . $prof; |
|
| 454 | + return $baseName.$inst.'-'.$prof; |
|
| 455 | 455 | } |
| 456 | 456 | } |
| 457 | - return $baseName . $inst; |
|
| 457 | + return $baseName.$inst; |
|
| 458 | 458 | } |
| 459 | 459 | |
| 460 | 460 | /** |
@@ -638,7 +638,7 @@ discard block |
||
| 638 | 638 | $ext = 'unsupported'; |
| 639 | 639 | } |
| 640 | 640 | $this->loggerInstance->debug(5, "saveLogoFile: $mime : $ext\n"); |
| 641 | - $fileName = 'logo-' . $type . $iterator . '.' . $ext; |
|
| 641 | + $fileName = 'logo-'.$type.$iterator.'.'.$ext; |
|
| 642 | 642 | $fileHandle = fopen($fileName, "w"); |
| 643 | 643 | if (!$fileHandle) { |
| 644 | 644 | $this->loggerInstance->debug(2, "saveLogoFile failed for: $fileName\n"); |
@@ -665,13 +665,13 @@ discard block |
||
| 665 | 665 | $mime = $finfo->buffer($blob); |
| 666 | 666 | $ext = isset($this->mime_extensions[$mime]) ? $this->mime_extensions[$mime] : 'usupported'; |
| 667 | 667 | $this->loggerInstance->debug(5, "saveInfoFile: $mime : $ext\n"); |
| 668 | - $fileHandle = fopen('local-info.' . $ext, "w"); |
|
| 668 | + $fileHandle = fopen('local-info.'.$ext, "w"); |
|
| 669 | 669 | if ($fileHandle === FALSE) { |
| 670 | 670 | throw new Exception("problem opening the file"); |
| 671 | 671 | } |
| 672 | 672 | fwrite($fileHandle, $blob); |
| 673 | 673 | fclose($fileHandle); |
| 674 | - return(['name' => 'local-info.' . $ext, 'mime' => $ext]); |
|
| 674 | + return(['name' => 'local-info.'.$ext, 'mime' => $ext]); |
|
| 675 | 675 | } |
| 676 | 676 | |
| 677 | 677 | /** |
@@ -725,9 +725,9 @@ discard block |
||
| 725 | 725 | { |
| 726 | 726 | $outerId = NULL; |
| 727 | 727 | if (isset($this->attributes['internal:use_anon_outer']) && $this->attributes['internal:use_anon_outer'][0] == "1" && isset($this->attributes['internal:realm'])) { |
| 728 | - $outerId = "@" . $this->attributes['internal:realm'][0]; |
|
| 728 | + $outerId = "@".$this->attributes['internal:realm'][0]; |
|
| 729 | 729 | if (isset($this->attributes['internal:anon_local_value'])) { |
| 730 | - $outerId = $this->attributes['internal:anon_local_value'][0] . $outerId; |
|
| 730 | + $outerId = $this->attributes['internal:anon_local_value'][0].$outerId; |
|
| 731 | 731 | } |
| 732 | 732 | } |
| 733 | 733 | return $outerId; |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,11 +66,11 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -78,15 +78,15 @@ discard block |
||
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 79 | 79 | } |
| 80 | 80 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 81 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 81 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | } |
| 83 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 83 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | if ($issuingKeyTemp === FALSE) { |
| 85 | 85 | throw new Exception("The private key did not parse correctly!"); |
| 86 | 86 | } |
| 87 | 87 | $this->issuingKey = $issuingKeyTemp; |
| 88 | 88 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 89 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 89 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 90 | 90 | } |
| 91 | 91 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 92 | 92 | } |
@@ -129,27 +129,27 @@ discard block |
||
| 129 | 129 | // generate stub index.txt file |
| 130 | 130 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 131 | 131 | $tempdir = $tempdirArray['dir']; |
| 132 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 133 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 132 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 133 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 134 | 134 | // serials for our CA are always integers |
| 135 | 135 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 136 | 136 | if (strlen($serialHex) % 2 == 1) { |
| 137 | - $serialHex = "0" . $serialHex; |
|
| 137 | + $serialHex = "0".$serialHex; |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 140 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 141 | 141 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 142 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 142 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 143 | 143 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 144 | 144 | } |
| 145 | 145 | // index.txt.attr is dull but needs to exist |
| 146 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 146 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 147 | 147 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 148 | 148 | // adding "-rmd sha1" to the following command-line makes the |
| 149 | 149 | // choice of signature algorithm for the response explicit |
| 150 | 150 | // but it's only available from openssl-1.1.0 (which we do not |
| 151 | 151 | // want to require just for that one thing). |
| 152 | - $execCmd = \config\Main::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 152 | + $execCmd = \config\Main::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 153 | 153 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 154 | 154 | $output = []; |
| 155 | 155 | $return = 999; |
@@ -157,11 +157,11 @@ discard block |
||
| 157 | 157 | if ($return !== 0) { |
| 158 | 158 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 159 | 159 | } |
| 160 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 160 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 161 | 161 | // remove the temp dir! |
| 162 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 163 | - unlink($tempdir . "/index.txt.attr"); |
|
| 164 | - unlink($tempdir . "/index.txt"); |
|
| 162 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 163 | + unlink($tempdir."/index.txt.attr"); |
|
| 164 | + unlink($tempdir."/index.txt"); |
|
| 165 | 165 | rmdir($tempdir); |
| 166 | 166 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 167 | 167 | return $ocsp; |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | protected function saveDownloadDetails($idpIdentifier, $profileId, $deviceId, $area, $lang, $eapType) |
| 135 | 135 | { |
| 136 | 136 | if (\config\Main::PATHS['logdir']) { |
| 137 | - $file = fopen(\config\Main::PATHS['logdir'] . "/download_details.log", "a"); |
|
| 137 | + $file = fopen(\config\Main::PATHS['logdir']."/download_details.log", "a"); |
|
| 138 | 138 | if ($file === FALSE) { |
| 139 | 139 | throw new Exception("Unable to open file for append: $file"); |
| 140 | 140 | } |
@@ -169,9 +169,9 @@ discard block |
||
| 169 | 169 | } |
| 170 | 170 | // check if a CA with identical DN was added - alert NRO if so |
| 171 | 171 | if (array_search($ca['subject'], $baselineCA) !== FALSE) { |
| 172 | - $retval[AbstractProfile::CA_CLASH_ADDED] .= "#SHA1 for CA with DN '" . print_r($ca['subject'], TRUE) . "' has SHA1 fingerprints (pre-existing) " . /** @scrutinizer ignore-type */ array_search($ca['subject'], $baselineCA) . " and (added) " . $ca['sha1']; |
|
| 172 | + $retval[AbstractProfile::CA_CLASH_ADDED] .= "#SHA1 for CA with DN '".print_r($ca['subject'], TRUE)."' has SHA1 fingerprints (pre-existing) "./** @scrutinizer ignore-type */ array_search($ca['subject'], $baselineCA)." and (added) ".$ca['sha1']; |
|
| 173 | 173 | } else { |
| 174 | - $retval[AbstractProfile::CA_ADDED] .= "#CA with DN '" . print_r($ca['subject'], TRUE) . "' and SHA1 fingerprint " . $ca['sha1'] . " was added as trust anchor"; |
|
| 174 | + $retval[AbstractProfile::CA_ADDED] .= "#CA with DN '".print_r($ca['subject'], TRUE)."' and SHA1 fingerprint ".$ca['sha1']." was added as trust anchor"; |
|
| 175 | 175 | } |
| 176 | 176 | } |
| 177 | 177 | // check if a servername was added |
@@ -181,7 +181,7 @@ discard block |
||
| 181 | 181 | } |
| 182 | 182 | foreach ($new->getAttributes("eap:server_name") as $newName) { |
| 183 | 183 | if (!in_array($newName['value'], $baselineNames)) { |
| 184 | - $retval[AbstractProfile::SERVERNAME_ADDED] .= "#New server name '" . $newName['value'] . "' added"; |
|
| 184 | + $retval[AbstractProfile::SERVERNAME_ADDED] .= "#New server name '".$newName['value']."' added"; |
|
| 185 | 185 | } |
| 186 | 186 | } |
| 187 | 187 | return $retval; |
@@ -205,7 +205,7 @@ discard block |
||
| 205 | 205 | $eaptype = new common\EAP($eapQuery->eap_method_id); |
| 206 | 206 | $eapTypeArray[] = $eaptype; |
| 207 | 207 | } |
| 208 | - $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n" . print_r($eapTypeArray, true)); |
|
| 208 | + $this->loggerInstance->debug(4, "This profile supports the following EAP types:\n".print_r($eapTypeArray, true)); |
|
| 209 | 209 | return $eapTypeArray; |
| 210 | 210 | } |
| 211 | 211 | |
@@ -287,16 +287,16 @@ discard block |
||
| 287 | 287 | if (count($this->getAttributes("internal:checkuser_outer")) > 0) { |
| 288 | 288 | // we are supposed to use a specific outer username for checks, |
| 289 | 289 | // which is different from the outer username we put into installers |
| 290 | - return $this->getAttributes("internal:checkuser_value")[0]['value'] . "@" . $realm; |
|
| 290 | + return $this->getAttributes("internal:checkuser_value")[0]['value']."@".$realm; |
|
| 291 | 291 | } |
| 292 | 292 | if (count($this->getAttributes("internal:use_anon_outer")) > 0) { |
| 293 | 293 | // no special check username, but there is an anon outer ID for |
| 294 | 294 | // installers - so let's use that one |
| 295 | - return $this->getAttributes("internal:anon_local_value")[0]['value'] . "@" . $realm; |
|
| 295 | + return $this->getAttributes("internal:anon_local_value")[0]['value']."@".$realm; |
|
| 296 | 296 | } |
| 297 | 297 | // okay, no guidance on outer IDs at all - but we need *something* to |
| 298 | 298 | // test with for the RealmChecks. So: |
| 299 | - return "@" . $realm; |
|
| 299 | + return "@".$realm; |
|
| 300 | 300 | } |
| 301 | 301 | |
| 302 | 302 | /** |
@@ -744,7 +744,7 @@ discard block |
||
| 744 | 744 | public function prepShowtime() |
| 745 | 745 | { |
| 746 | 746 | $properConfig = $this->readyForShowtime(); |
| 747 | - $this->databaseHandle->exec("UPDATE profile SET sufficient_config = " . ($properConfig ? "TRUE" : "FALSE") . " WHERE profile_id = " . $this->identifier); |
|
| 747 | + $this->databaseHandle->exec("UPDATE profile SET sufficient_config = ".($properConfig ? "TRUE" : "FALSE")." WHERE profile_id = ".$this->identifier); |
|
| 748 | 748 | |
| 749 | 749 | $attribs = $this->getCollapsedAttributes(); |
| 750 | 750 | // if not enough info to go live, set FALSE |
@@ -17,9 +17,9 @@ discard block |
||
| 17 | 17 | class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 18 | 18 | { |
| 19 | 19 | |
| 20 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 20 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 23 | 23 | private const EDUPKI_RA_ID = 700; |
| 24 | 24 | private const EDUPKI_CERT_PROFILE = "Radius Server SOAP"; |
| 25 | 25 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -35,13 +35,13 @@ discard block |
||
| 35 | 35 | parent::__construct(); |
| 36 | 36 | |
| 37 | 37 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) { |
| 38 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 38 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 39 | 39 | } |
| 40 | 40 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) { |
| 41 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 41 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 42 | 42 | } |
| 43 | 43 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) { |
| 44 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 44 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
@@ -96,19 +96,19 @@ discard block |
||
| 96 | 96 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 97 | 97 | try { |
| 98 | 98 | $altArray = [# Array mit den Subject Alternative Names |
| 99 | - "email:" . $csr["USERMAIL"] |
|
| 99 | + "email:".$csr["USERMAIL"] |
|
| 100 | 100 | ]; |
| 101 | 101 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 102 | 102 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 103 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n"); |
|
| 104 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR"] . "\n"); |
|
| 103 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n"); |
|
| 104 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR"]."\n"); |
|
| 105 | 105 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 106 | 106 | $this->loggerInstance->debug(5, $altArray); |
| 107 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n"); |
|
| 108 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 109 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 110 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 111 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 107 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n"); |
|
| 108 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 109 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 110 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 111 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 112 | 112 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 113 | 113 | $soapNewRequest = $soapPub->newRequest( |
| 114 | 114 | CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID |
@@ -130,11 +130,11 @@ discard block |
||
| 130 | 130 | } catch (Exception $e) { |
| 131 | 131 | // PHP 7.1 can do this much better |
| 132 | 132 | if (is_soap_fault($e)) { |
| 133 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 133 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 134 | 134 | $e->faultstring |
| 135 | 135 | }\n"); |
| 136 | 136 | } |
| 137 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 137 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 138 | 138 | } |
| 139 | 139 | try { |
| 140 | 140 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 169 | 169 | // rather than just using the string. Grr. |
| 170 | 170 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 171 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 171 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 172 | 172 | // retrieve our RA cert from filesystem |
| 173 | 173 | // the RA certificates are not needed right now because we |
| 174 | 174 | // have resorted to S/MIME signatures with openssl command-line |
@@ -180,7 +180,7 @@ discard block |
||
| 180 | 180 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 181 | 181 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 182 | 182 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 183 | - $execCmd = \config\Main::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 183 | + $execCmd = \config\Main::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 184 | 184 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 185 | 185 | $output = []; |
| 186 | 186 | $return = 999; |
@@ -189,21 +189,21 @@ discard block |
||
| 189 | 189 | throw new Exception("Non-zero return value from openssl smime!"); |
| 190 | 190 | } |
| 191 | 191 | // and get the signature blob back from the filesystem |
| 192 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 192 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 193 | 193 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 194 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 195 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 196 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 194 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 195 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 196 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 197 | 197 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 198 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 199 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 198 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 199 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 200 | 200 | if ($soapIssueCert === FALSE) { |
| 201 | 201 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 202 | 202 | } |
| 203 | 203 | } catch (SoapFault $e) { |
| 204 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 204 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 205 | 205 | } catch (Exception $e) { |
| 206 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 206 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 207 | 207 | } |
| 208 | 208 | return $soapReqnum; |
| 209 | 209 | } |
@@ -255,9 +255,9 @@ discard block |
||
| 255 | 255 | throw new Exception("CAInfo has no root certificate for us!"); |
| 256 | 256 | } |
| 257 | 257 | } catch (SoapFault $e) { |
| 258 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 258 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 259 | 259 | } catch (Exception $e) { |
| 260 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 260 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 261 | 261 | } |
| 262 | 262 | return [ |
| 263 | 263 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -290,12 +290,12 @@ discard block |
||
| 290 | 290 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 291 | 291 | // rather than just using the string. Grr. |
| 292 | 292 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 293 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 293 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 294 | 294 | // retrieve our RA cert from filesystem |
| 295 | 295 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 296 | 296 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 297 | 297 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 298 | - $execCmd = \config\Main::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 298 | + $execCmd = \config\Main::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 299 | 299 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 300 | 300 | $output = []; |
| 301 | 301 | $return = 999; |
@@ -304,7 +304,7 @@ discard block |
||
| 304 | 304 | throw new Exception("Non-zero return value from openssl smime!"); |
| 305 | 305 | } |
| 306 | 306 | // and get the signature blob back from the filesystem |
| 307 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 307 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 308 | 308 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 309 | 309 | if ($soapIssueRev === FALSE) { |
| 310 | 310 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -312,9 +312,9 @@ discard block |
||
| 312 | 312 | } catch (Exception $e) { |
| 313 | 313 | // PHP 7.1 can do this much better |
| 314 | 314 | if (is_soap_fault($e)) { |
| 315 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 315 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 316 | 316 | } |
| 317 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 317 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 318 | 318 | } |
| 319 | 319 | } |
| 320 | 320 | |
@@ -414,9 +414,9 @@ discard block |
||
| 414 | 414 | */ |
| 415 | 415 | public function soapToXmlInteger($x) |
| 416 | 416 | { |
| 417 | - return '<' . $x[0] . '>' |
|
| 417 | + return '<'.$x[0].'>' |
|
| 418 | 418 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 419 | - . '</' . $x[0] . '>'; |
|
| 419 | + . '</'.$x[0].'>'; |
|
| 420 | 420 | } |
| 421 | 421 | |
| 422 | 422 | /** |
@@ -435,9 +435,9 @@ discard block |
||
| 435 | 435 | // dump private key into directory |
| 436 | 436 | $outstring = ""; |
| 437 | 437 | openssl_pkey_export($privateKey, $outstring); |
| 438 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 438 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 439 | 439 | // PHP can only do one DC in the Subject. But we need three. |
| 440 | - $execCmd = \config\Main::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 440 | + $execCmd = \config\Main::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 441 | 441 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 442 | 442 | $output = []; |
| 443 | 443 | $return = 999; |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | $this->installerPath = $cache['path']; |
| 87 | 87 | if ($this->installerPath !== NULL && $token === NULL && $password === NULL) { |
| 88 | 88 | $this->loggerInstance->debug(4, "Using cached installer for: $device\n"); |
| 89 | - $installerProperties['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=$profileId&device=$device&generatedfor=$generatedFor"; |
|
| 89 | + $installerProperties['link'] = "API.php?action=downloadInstaller&lang=".$this->languageInstance->getLang()."&profile=$profileId&device=$device&generatedfor=$generatedFor"; |
|
| 90 | 90 | $installerProperties['mime'] = $cache['mime']; |
| 91 | 91 | } else { |
| 92 | 92 | $myInstaller = $this->generateNewInstaller($device, $profile, $generatedFor, $token, $password); |
@@ -177,7 +177,7 @@ discard block |
||
| 177 | 177 | $this->loggerInstance->debug(5, "generateNewInstaller() - Device setup done"); |
| 178 | 178 | $installer = $dev->writeInstaller(); |
| 179 | 179 | $this->loggerInstance->debug(5, "generateNewInstaller() - writeInstaller complete"); |
| 180 | - $iPath = $dev->FPATH . '/tmp/' . $installer; |
|
| 180 | + $iPath = $dev->FPATH.'/tmp/'.$installer; |
|
| 181 | 181 | if ($iPath && is_file($iPath)) { |
| 182 | 182 | if (isset($dev->options['mime'])) { |
| 183 | 183 | $out['mime'] = $dev->options['mime']; |
@@ -185,17 +185,17 @@ discard block |
||
| 185 | 185 | $info = new \finfo(); |
| 186 | 186 | $out['mime'] = $info->file($iPath, FILEINFO_MIME_TYPE); |
| 187 | 187 | } |
| 188 | - $this->installerPath = $dev->FPATH . '/' . $installer; |
|
| 188 | + $this->installerPath = $dev->FPATH.'/'.$installer; |
|
| 189 | 189 | rename($iPath, $this->installerPath); |
| 190 | 190 | $integerEap = (new \core\common\EAP($dev->selectedEap))->getIntegerRep(); |
| 191 | 191 | $profile->updateCache($device, $this->installerPath, $out['mime'], $integerEap); |
| 192 | 192 | if (\config\Main::DEBUG_LEVEL < 4) { |
| 193 | - \core\common\Entity::rrmdir($dev->FPATH . '/tmp'); |
|
| 193 | + \core\common\Entity::rrmdir($dev->FPATH.'/tmp'); |
|
| 194 | 194 | } |
| 195 | - $this->loggerInstance->debug(4, "Generated installer: " . $this->installerPath . ": for: $device, EAP:" . $integerEap . "\n"); |
|
| 196 | - $out['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=" . $profile->identifier . "&device=$device&generatedfor=$generatedFor"; |
|
| 195 | + $this->loggerInstance->debug(4, "Generated installer: ".$this->installerPath.": for: $device, EAP:".$integerEap."\n"); |
|
| 196 | + $out['link'] = "API.php?action=downloadInstaller&lang=".$this->languageInstance->getLang()."&profile=".$profile->identifier."&device=$device&generatedfor=$generatedFor"; |
|
| 197 | 197 | } else { |
| 198 | - $this->loggerInstance->debug(2, "Installer generation failed for: " . $profile->identifier . ":$device:" . $this->languageInstance->getLang() . "\n"); |
|
| 198 | + $this->loggerInstance->debug(2, "Installer generation failed for: ".$profile->identifier.":$device:".$this->languageInstance->getLang()."\n"); |
|
| 199 | 199 | $out['link'] = 0; |
| 200 | 200 | } |
| 201 | 201 | } |
@@ -314,13 +314,13 @@ discard block |
||
| 314 | 314 | $file = $this->installerPath; |
| 315 | 315 | $filetype = $output['mime']; |
| 316 | 316 | $this->loggerInstance->debug(4, "installer MIME type:$filetype\n"); |
| 317 | - header("Content-type: " . $filetype); |
|
| 317 | + header("Content-type: ".$filetype); |
|
| 318 | 318 | if ($filetype !== "application/x-wifi-config") { // for those installers to work on Android, Content-Disposition MUST NOT be set |
| 319 | - header('Content-Disposition: inline; filename="' . basename($file) . '"'); |
|
| 319 | + header('Content-Disposition: inline; filename="'.basename($file).'"'); |
|
| 320 | 320 | } else { |
| 321 | 321 | header('Content-Transfer-Encoding: base64'); |
| 322 | 322 | } |
| 323 | - header('Content-Length: ' . filesize($file)); |
|
| 323 | + header('Content-Length: '.filesize($file)); |
|
| 324 | 324 | ob_clean(); |
| 325 | 325 | flush(); |
| 326 | 326 | readfile($file); |
@@ -342,7 +342,7 @@ discard block |
||
| 342 | 342 | $filetype = $info->buffer($inputImage, FILEINFO_MIME_TYPE); |
| 343 | 343 | $offset = 60 * 60 * 24 * 30; |
| 344 | 344 | // gmdate cannot fail here - time() is its default argument (and integer), and we are adding an integer to it |
| 345 | - $expiresString = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT"; |
|
| 345 | + $expiresString = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT"; |
|
| 346 | 346 | $blob = $inputImage; |
| 347 | 347 | |
| 348 | 348 | if ($resize === TRUE) { |
@@ -403,7 +403,7 @@ discard block |
||
| 403 | 403 | $filetype = 'image/png'; // default, only one code path where it can become different |
| 404 | 404 | list($width, $height, $resize) = $this->testForResize($widthIn, $heightIn); |
| 405 | 405 | if ($resize) { |
| 406 | - $logoFile = ROOT . '/web/downloads/logos/' . $identifier . '_' . $width . '_' . $height . '.png'; |
|
| 406 | + $logoFile = ROOT.'/web/downloads/logos/'.$identifier.'_'.$width.'_'.$height.'.png'; |
|
| 407 | 407 | } |
| 408 | 408 | if (is_file($logoFile)) { // $logoFile could be an empty string but then we will get a FALSE |
| 409 | 409 | $this->loggerInstance->debug(4, "Using cached logo $logoFile for: $identifier\n"); |
@@ -501,7 +501,7 @@ discard block |
||
| 501 | 501 | if (!isset($device['match'])) { |
| 502 | 502 | continue; |
| 503 | 503 | } |
| 504 | - if (preg_match('/' . $device['match'] . '/', $browser)) { |
|
| 504 | + if (preg_match('/'.$device['match'].'/', $browser)) { |
|
| 505 | 505 | return $this->returnDevice($devId, $device); |
| 506 | 506 | } |
| 507 | 507 | } |
@@ -16,10 +16,10 @@ discard block |
||
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 17 | 17 | { |
| 18 | 18 | |
| 19 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 19 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 21 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 22 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 23 | 23 | |
| 24 | 24 | /** |
| 25 | 25 | * string with the PEM variant of the root CA |
@@ -66,11 +66,11 @@ discard block |
||
| 66 | 66 | parent::__construct(); |
| 67 | 67 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 68 | 68 | if ($this->rootPem === FALSE) { |
| 69 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 69 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 70 | 70 | } |
| 71 | 71 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 72 | 72 | if ($this->issuingCertRaw === FALSE) { |
| 73 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 73 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 74 | 74 | } |
| 75 | 75 | $rootParsed = openssl_x509_read($this->rootPem); |
| 76 | 76 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -78,15 +78,15 @@ discard block |
||
| 78 | 78 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 79 | 79 | } |
| 80 | 80 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 81 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 81 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | } |
| 83 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 83 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 84 | 84 | if ($issuingKeyTemp === FALSE) { |
| 85 | 85 | throw new Exception("The private key did not parse correctly!"); |
| 86 | 86 | } |
| 87 | 87 | $this->issuingKey = $issuingKeyTemp; |
| 88 | 88 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 89 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 89 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 90 | 90 | } |
| 91 | 91 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 92 | 92 | } |
@@ -129,27 +129,27 @@ discard block |
||
| 129 | 129 | // generate stub index.txt file |
| 130 | 130 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 131 | 131 | $tempdir = $tempdirArray['dir']; |
| 132 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 133 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 132 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 133 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 134 | 134 | // serials for our CA are always integers |
| 135 | 135 | $serialHex = strtoupper(dechex((int) $cert->serial)); |
| 136 | 136 | if (strlen($serialHex) % 2 == 1) { |
| 137 | - $serialHex = "0" . $serialHex; |
|
| 137 | + $serialHex = "0".$serialHex; |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 140 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 141 | 141 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 142 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 142 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 143 | 143 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 144 | 144 | } |
| 145 | 145 | // index.txt.attr is dull but needs to exist |
| 146 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 146 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 147 | 147 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 148 | 148 | // adding "-rmd sha1" to the following command-line makes the |
| 149 | 149 | // choice of signature algorithm for the response explicit |
| 150 | 150 | // but it's only available from openssl-1.1.0 (which we do not |
| 151 | 151 | // want to require just for that one thing). |
| 152 | - $execCmd = \config\Main::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 152 | + $execCmd = \config\Main::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 153 | 153 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 154 | 154 | $output = []; |
| 155 | 155 | $return = 999; |
@@ -157,11 +157,11 @@ discard block |
||
| 157 | 157 | if ($return !== 0) { |
| 158 | 158 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 159 | 159 | } |
| 160 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 160 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 161 | 161 | // remove the temp dir! |
| 162 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 163 | - unlink($tempdir . "/index.txt.attr"); |
|
| 164 | - unlink($tempdir . "/index.txt"); |
|
| 162 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 163 | + unlink($tempdir."/index.txt.attr"); |
|
| 164 | + unlink($tempdir."/index.txt"); |
|
| 165 | 165 | rmdir($tempdir); |
| 166 | 166 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 167 | 167 | return $ocsp; |
@@ -104,7 +104,7 @@ discard block |
||
| 104 | 104 | parent::__construct(); |
| 105 | 105 | common\Entity::intoThePotatoes(); |
| 106 | 106 | |
| 107 | - $this->catVersionString = sprintf(_("Unreleased %s Git Revision"), "<a href='https://github.com/GEANT/CAT/tree/master/Changes.md'>") . "</a>"; |
|
| 107 | + $this->catVersionString = sprintf(_("Unreleased %s Git Revision"), "<a href='https://github.com/GEANT/CAT/tree/master/Changes.md'>")."</a>"; |
|
| 108 | 108 | if (CAT::RELEASE_VERSION) { |
| 109 | 109 | $major = CAT::VERSION_MAJOR; |
| 110 | 110 | $minor = CAT::VERSION_MINOR; |
@@ -118,14 +118,14 @@ discard block |
||
| 118 | 118 | if (CAT::VERSION_EXTRA != "") { |
| 119 | 119 | $temp_version .= "-$extra"; |
| 120 | 120 | } |
| 121 | - $this->catVersionString = sprintf(_("Release <a href='%s'>%s</a>"), "https://github.com/GEANT/CAT/tree/" . $branch . "/Changes.md", $temp_version); |
|
| 121 | + $this->catVersionString = sprintf(_("Release <a href='%s'>%s</a>"), "https://github.com/GEANT/CAT/tree/".$branch."/Changes.md", $temp_version); |
|
| 122 | 122 | } |
| 123 | 123 | $product = \config\Main::APPEARANCE['productname']; |
| 124 | 124 | $minYear = self::COPYRIGHT_MIN_YEAR; |
| 125 | 125 | $maxYear = self::COPYRIGHT_MAX_YEAR; |
| 126 | 126 | $holder = self::COPYRIGHT_HOLDER; |
| 127 | 127 | $consortia = self::COPYRIGHT_CONSORTIA; |
| 128 | - $this->catCopyright = "$product - " . $this->catVersionString . " © $minYear-$maxYear $holder<br/>on behalf of $consortia; and others <a href='copyright.php'>Full Copyright and Licenses</a>"; |
|
| 128 | + $this->catCopyright = "$product - ".$this->catVersionString." © $minYear-$maxYear $holder<br/>on behalf of $consortia; and others <a href='copyright.php'>Full Copyright and Licenses</a>"; |
|
| 129 | 129 | |
| 130 | 130 | |
| 131 | 131 | /* Federations are created in DB with bootstrapFederation, and listed via listFederations |
@@ -617,7 +617,7 @@ discard block |
||
| 617 | 617 | * @return \core\ExternalEduroamDBData|\core\ExternalNothing |
| 618 | 618 | */ |
| 619 | 619 | public static function determineExternalConnection() { |
| 620 | - if(\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { |
|
| 620 | + if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { |
|
| 621 | 621 | return new ExternalEduroamDBData(); |
| 622 | 622 | } |
| 623 | 623 | return new ExternalNothing(); |
