Passed
Push — release_2_0 ( e1eae3...fcc83f )
by Stefan
07:43 queued 10s
created
core/diag/RADIUSTests.php 1 patch
Spacing   +53 added lines, -53 removed lines patch added patch discarded remove patch
@@ -34,7 +34,7 @@  discard block
 block discarded – undo
34 34
 
35 35
 use \Exception;
36 36
 
37
-require_once dirname(dirname(__DIR__)) . "/config/_config.php";
37
+require_once dirname(dirname(__DIR__))."/config/_config.php";
38 38
 
39 39
 /**
40 40
  * Test suite to verify that an EAP setup is actually working as advertised in
@@ -165,7 +165,7 @@  discard block
 block discarded – undo
165 165
             }
166 166
         }
167 167
 
168
-        $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true));
168
+        $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true));
169 169
         $this->loggerInstance->debug(4, print_r($expectedServerNames, true));
170 170
         $this->loggerInstance->debug(4, print_r($expectedCABundle, true));
171 171
 
@@ -252,7 +252,7 @@  discard block
 block discarded – undo
252 252
                 $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME;
253 253
                 continue; // otherwise we'd ALSO complain that it's not a real hostname
254 254
             }
255
-            if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
255
+            if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
256 256
                 $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME;
257 257
             }
258 258
         }
@@ -277,7 +277,7 @@  discard block
 block discarded – undo
277 277
         if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) {
278 278
             $returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE;
279 279
         }
280
-        $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE));
280
+        $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE));
281 281
         if ($intermediateCa['basicconstraints_set'] == 0) {
282 282
             $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS;
283 283
         }
@@ -324,7 +324,7 @@  discard block
 block discarded – undo
324 324
     public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) {
325 325
         // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy
326 326
         // the following PEM data is one of the SENSE EAPLab client certs (not secret at all)
327
-        $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12");
327
+        $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12");
328 328
         if ($clientcert === FALSE) {
329 329
             throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!");
330 330
         }
@@ -333,7 +333,7 @@  discard block
 block discarded – undo
333 333
         if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) {
334 334
             return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert);
335 335
         }
336
-        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
336
+        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
337 337
     }
338 338
 
339 339
     /**
@@ -353,7 +353,7 @@  discard block
 block discarded – undo
353 353
             return RADIUSTests::CERTPROB_NO_CDP_HTTP;
354 354
         }
355 355
         // first and second sub-match is the full URL... check it
356
-        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]));
356
+        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]));
357 357
         if ($crlcontent === FALSE) {
358 358
             return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
359 359
         }
@@ -384,7 +384,7 @@  discard block
 block discarded – undo
384 384
         fclose($pipes[1]);
385 385
         fclose($pipes[2]);
386 386
         $retval = proc_close($process);
387
-        if ($retval != 0 || !preg_match("/BEGIN X509 CRL/",$pem)) {
387
+        if ($retval != 0 || !preg_match("/BEGIN X509 CRL/", $pem)) {
388 388
             // this was not a real CRL
389 389
             return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
390 390
         }
@@ -406,7 +406,7 @@  discard block
 block discarded – undo
406 406
         $origLength = strlen($hex);
407 407
         for ($i = 1; $i < $origLength; $i++) {
408 408
             if ($i % 2 == 1 && $i != strlen($hex)) {
409
-                $spaced .= $hex[$i] . " ";
409
+                $spaced .= $hex[$i]." ";
410 410
             } else {
411 411
                 $spaced .= $hex[$i];
412 412
             }
@@ -489,19 +489,19 @@  discard block
 block discarded – undo
489 489
         $eapText = \core\common\EAP::eapDisplayName($eaptype);
490 490
         $config = '
491 491
 network={
492
-  ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing"
492
+  ssid="' . CONFIG['APPEARANCE']['productname'].' testing"
493 493
   key_mgmt=WPA-EAP
494 494
   proto=WPA2
495 495
   pairwise=CCMP
496 496
   group=CCMP
497 497
   ';
498 498
 // phase 1
499
-        $config .= 'eap=' . $eapText['OUTER'] . "\n";
499
+        $config .= 'eap='.$eapText['OUTER']."\n";
500 500
         $logConfig = $config;
501 501
 // phase 2 if applicable; all inner methods have passwords
502 502
         if (isset($eapText['INNER']) && $eapText['INNER'] != "") {
503
-            $config .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
504
-            $logConfig .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
503
+            $config .= '  phase2="auth='.$eapText['INNER']."\"\n";
504
+            $logConfig .= '  phase2="auth='.$eapText['INNER']."\"\n";
505 505
         }
506 506
 // all methods set a password, except EAP-TLS
507 507
         if ($eaptype != \core\common\EAP::EAPTYPE_TLS) {
@@ -517,11 +517,11 @@  discard block
 block discarded – undo
517 517
         }
518 518
 
519 519
 // inner identity
520
-        $config .= '  identity="' . $inner . "\"\n";
521
-        $logConfig .= '  identity="' . $inner . "\"\n";
520
+        $config .= '  identity="'.$inner."\"\n";
521
+        $logConfig .= '  identity="'.$inner."\"\n";
522 522
 // outer identity, may be equal
523
-        $config .= '  anonymous_identity="' . $outer . "\"\n";
524
-        $logConfig .= '  anonymous_identity="' . $outer . "\"\n";
523
+        $config .= '  anonymous_identity="'.$outer."\"\n";
524
+        $logConfig .= '  anonymous_identity="'.$outer."\"\n";
525 525
 // done
526 526
         $config .= "}";
527 527
         $logConfig .= "}";
@@ -582,13 +582,13 @@  discard block
 block discarded – undo
582 582
      * @return string the command-line for eapol_test
583 583
      */
584 584
     private function eapolTestConfig($probeindex, $opName, $frag) {
585
-        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] .
586
-                " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] .
587
-                " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] .
588
-                " -o serverchain.pem" .
589
-                " -c ./udp_login_test.conf" .
590
-                " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " .
591
-                " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " ";
585
+        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'].
586
+                " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'].
587
+                " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'].
588
+                " -o serverchain.pem".
589
+                " -c ./udp_login_test.conf".
590
+                " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ".
591
+                " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." ";
592 592
         if ($opName) {
593 593
             $cmdline .= '-N126:s:"1cat.eduroam.org" ';
594 594
         }
@@ -617,10 +617,10 @@  discard block
 block discarded – undo
617 617
      * @throws Exception
618 618
      */
619 619
     private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) {
620
-        if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) {
620
+        if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) {
621 621
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n");
622 622
         }
623
-        if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) {
623
+        if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) {
624 624
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n");
625 625
         }
626 626
 // make a copy of the EAP-received chain and add the configured intermediates, if any
@@ -634,15 +634,15 @@  discard block
 block discarded – undo
634 634
             }
635 635
             if ($decoded['ca'] == 1) {
636 636
                 if ($decoded['root'] == 1) { // save CAT roots to the root directory
637
-                    file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
638
-                    file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
637
+                    file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']);
638
+                    file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']);
639 639
                     $catRoots[] = $decoded['pem'];
640 640
                 } else { // save the intermediates to allcerts directory
641
-                    file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']);
641
+                    file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']);
642 642
                     $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded));
643 643
                     if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) {
644 644
                         $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
645
-                        file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]);
645
+                        file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]);
646 646
                     }
647 647
                     $catIntermediates[] = $decoded['pem'];
648 648
                 }
@@ -651,26 +651,26 @@  discard block
 block discarded – undo
651 651
         // save all intermediate certificates and CRLs to separate files in 
652 652
         // both root-ca directories
653 653
         foreach ($eapIntermediates as $index => $onePem) {
654
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem);
655
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem);
654
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem);
655
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem);
656 656
         }
657 657
         foreach ($eapIntermediateCRLs as $index => $onePem) {
658
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
659
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
658
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
659
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
660 660
         }
661 661
 
662 662
         $checkstring = "";
663 663
         if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) {
664 664
             $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
665 665
             $checkstring = "-crl_check_all";
666
-            file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
667
-            file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
666
+            file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
667
+            file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
668 668
         }
669 669
 
670 670
 
671 671
 // now c_rehash the root CA directory ...
672
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null");
673
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null");
672
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null");
673
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null");
674 674
         return $checkstring;
675 675
     }
676 676
 
@@ -701,12 +701,12 @@  discard block
 block discarded – undo
701 701
 // the error log will complain if we run this test against an empty file of certs
702 702
 // so test if there's something PEMy in the file at all
703 703
         if (filesize("$tmpDir/serverchain.pem") > 10) {
704
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
705
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
706
-            $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n");
707
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
708
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
709
-            $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n");
704
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
705
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
706
+            $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n");
707
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
708
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
709
+            $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n");
710 710
         }
711 711
 
712 712
 
@@ -772,7 +772,7 @@  discard block
 block discarded – undo
772 772
         // we are UNHAPPY if no names match!
773 773
         $happiness = "UNHAPPY";
774 774
         foreach ($this->expectedServerNames as $expectedName) {
775
-            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE));
775
+            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE));
776 776
             if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) {
777 777
                 $this->loggerInstance->debug(4, "Totally happy!");
778 778
                 $happiness = "TOTALLY";
@@ -816,11 +816,11 @@  discard block
 block discarded – undo
816 816
         $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password);
817 817
         // the config intentionally does not include CA checking. We do this
818 818
         // ourselves after getting the chain with -o.
819
-        file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]);
819
+        file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]);
820 820
 
821 821
         $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag);
822 822
         $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n");
823
-        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n");
823
+        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n");
824 824
         $time_start = microtime(true);
825 825
         $pflow = [];
826 826
         exec($cmdline, $pflow);
@@ -863,7 +863,7 @@  discard block
 block discarded – undo
863 863
         if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) {
864 864
             array_pop($packetflow);
865 865
         }
866
-        $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE));
866
+        $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE));
867 867
         $packetcount = array_count_values($packetflow);
868 868
         $testresults['packetcount'] = $packetcount;
869 869
         $testresults['packetflow'] = $packetflow;
@@ -941,7 +941,7 @@  discard block
 block discarded – undo
941 941
         $x509 = new \core\common\X509();
942 942
         $eapCertArray = [];
943 943
 // $eap_certarray holds all certs received in EAP conversation
944
-        $incomingData = file_get_contents($tmpDir . "/serverchain.pem");
944
+        $incomingData = file_get_contents($tmpDir."/serverchain.pem");
945 945
         if ($incomingData !== FALSE && strlen($incomingData) > 0) {
946 946
             $eapCertArray = $x509->splitCertificate($incomingData);
947 947
         } else {
@@ -971,10 +971,10 @@  discard block
 block discarded – undo
971 971
                 case RADIUSTests::SERVER_CA_SELFSIGNED:
972 972
                     $servercert[] = $cert;
973 973
                     if (count($servercert) == 1) {
974
-                        if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) {
974
+                        if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) {
975 975
                             $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n");
976 976
                         }
977
-                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true));
977
+                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true));
978 978
                     } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) {
979 979
                         $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS;
980 980
                     }
@@ -1054,7 +1054,7 @@  discard block
 block discarded – undo
1054 1054
         chdir($tmpDir);
1055 1055
         $this->loggerInstance->debug(4, "temp dir: $tmpDir\n");
1056 1056
         if ($clientcertdata !== NULL) {
1057
-            file_put_contents($tmpDir . "/client.p12", $clientcertdata);
1057
+            file_put_contents($tmpDir."/client.p12", $clientcertdata);
1058 1058
         }
1059 1059
         $testresults = [];
1060 1060
         // initialise the sub-array for cleaner parsing
@@ -1150,7 +1150,7 @@  discard block
 block discarded – undo
1150 1150
                     'issuer' => $this->printDN($certdata['issuer']),
1151 1151
                     'validFrom' => $this->printTm($certdata['validFrom_time_t']),
1152 1152
                     'validTo' => $this->printTm($certdata['validTo_time_t']),
1153
-                    'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']),
1153
+                    'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']),
1154 1154
                     'sha1' => $certdata['sha1'],
1155 1155
                     'extensions' => $certdata['extensions']
1156 1156
                 ];
Please login to merge, or discard this patch.