GEANT /
CAT
@@ -374,7 +374,7 @@ |
||
| 374 | 374 | throw new Exception("Unknown test requested: default case reached!"); |
| 375 | 375 | } |
| 376 | 376 | $returnarray['datetime'] = date("Y-m-d H:i:s"); |
| 377 | -if ($token!= '' && is_dir($jsonDir.'/'.$token)) { |
|
| 377 | +if ($token != '' && is_dir($jsonDir.'/'.$token)) { |
|
| 378 | 378 | @mkdir($jsonDir.'/'.$token, 0777, true); |
| 379 | 379 | } |
| 380 | 380 | $json_data = json_encode($returnarray); |
@@ -132,7 +132,7 @@ discard block |
||
| 132 | 132 | $expectedName = $addr['hostname']; |
| 133 | 133 | $protocols = []; |
| 134 | 134 | if (isset($addr['protocols'])) { |
| 135 | - foreach($addr['protocols'] as $protocol) { |
|
| 135 | + foreach ($addr['protocols'] as $protocol) { |
|
| 136 | 136 | if ($protocol['enabled']) { |
| 137 | 137 | $protocols[] = $protocol['type']; |
| 138 | 138 | } |
@@ -213,7 +213,7 @@ discard block |
||
| 213 | 213 | $json_data = json_encode($returnArray); |
| 214 | 214 | |
| 215 | 215 | if ($token) { |
| 216 | - $loggerInstance->debug(4, 'JSON data written to ' .$jsonDir.'/'.$token); |
|
| 216 | + $loggerInstance->debug(4, 'JSON data written to '.$jsonDir.'/'.$token); |
|
| 217 | 217 | file_put_contents($jsonDir.'/'.$token.'/realm', $json_data); |
| 218 | 218 | } |
| 219 | 219 | echo($json_data); |
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -231,7 +231,7 @@ discard block |
||
| 231 | 231 | if (in_array("TLS1.3", $protocols) && count($protocols) > 1) { |
| 232 | 232 | $prot .= ' -no_tls1_3'; |
| 233 | 233 | } |
| 234 | - $add .= ' ' . $prot; |
|
| 234 | + $add .= ' '.$prot; |
|
| 235 | 235 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 236 | 236 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 237 | 237 | if ($cert['expected'] == 'PASS') { |
@@ -273,11 +273,11 @@ discard block |
||
| 273 | 273 | // but code analysers want this more explicit, so here is this extra |
| 274 | 274 | // call to escapeshellarg() |
| 275 | 275 | $escapedHost = escapeshellarg($host); |
| 276 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 276 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 277 | 277 | $time_start = microtime(true); |
| 278 | 278 | $opensslbabble = []; |
| 279 | 279 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 280 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 280 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 281 | 281 | $time_stop = microtime(true); |
| 282 | 282 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 283 | 283 | $testresults['returncode'] = $result; |
@@ -292,7 +292,7 @@ discard block |
||
| 292 | 292 | <table><tr> |
| 293 | 293 | <td class='icon_td'>"; |
| 294 | 294 | $out[] = "<img src='".$this->stateIcons[$this->globalLevelStatic]."' id='main_static_ico' class='icon'></td><td id='main_static_result'>". |
| 295 | - $this->globalInfo[$this->globalLevelStatic].' '. _("See the appropriate tab for details.").'</td> |
|
| 295 | + $this->globalInfo[$this->globalLevelStatic].' '._("See the appropriate tab for details.").'</td> |
|
| 296 | 296 | </tr></table>'; |
| 297 | 297 | if ($this->naptr > 0) { |
| 298 | 298 | $out[] = "<hr><strong>"._("Dynamic connectivity tests")."</strong> |
@@ -323,7 +323,7 @@ discard block |
||
| 323 | 323 | <td class='icon_td'><img src='".$this->stateIcons[$result->level]."' id='src".$hostindex."_img'></td> |
| 324 | 324 | <td id='src$hostindex' colspan=2> |
| 325 | 325 | "; |
| 326 | - $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf (_("elapsed time: %sms."), $result->time_millisec).'<p>'.$result->message.'</p>'; |
|
| 326 | + $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf(_("elapsed time: %sms."), $result->time_millisec).'<p>'.$result->message.'</p>'; |
|
| 327 | 327 | |
| 328 | 328 | if ($result->level > \core\common\Entity::L_OK && property_exists($result, 'cert_oddities')) { |
| 329 | 329 | foreach ($result->cert_oddities as $oddities) { |
@@ -373,10 +373,10 @@ discard block |
||
| 373 | 373 | if (isset($this->protocolsMap[$capath->IP]) && $this->protocolsMap[$capath->IP] != '') { |
| 374 | 374 | $prots = explode(';', $this->protocolsMap[$capath->IP]); |
| 375 | 375 | if (!empty($prots)) { |
| 376 | - $capathtest[] = ' ' . _("supported TLS protocols: "); |
|
| 376 | + $capathtest[] = ' '._("supported TLS protocols: "); |
|
| 377 | 377 | $capathtest[] = implode(', ', $prots); |
| 378 | 378 | if (!in_array("TLS1.3", $prots)) { |
| 379 | - $capathtest[] = ' ' . '<font color="red">' . _("not supported: ") . 'TLS1.3</font>'; |
|
| 379 | + $capathtest[] = ' '.'<font color="red">'._("not supported: ").'TLS1.3</font>'; |
|
| 380 | 380 | } |
| 381 | 381 | } |
| 382 | 382 | } |
@@ -399,7 +399,7 @@ discard block |
||
| 399 | 399 | if ($capath->certdata->validTo) { |
| 400 | 400 | $certdesc .= '<li>'.$this->certFields['validTo'].' '. |
| 401 | 401 | date_create_from_format('ymdGis', |
| 402 | - substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s'). ' UTC'; |
|
| 402 | + substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s').' UTC'; |
|
| 403 | 403 | } |
| 404 | 404 | if ($capath->certdata->extensions) { |
| 405 | 405 | if ($capath->certdata->extensions->subjectaltname) { |
@@ -422,7 +422,7 @@ discard block |
||
| 422 | 422 | } else { |
| 423 | 423 | $certdesc = '<br>'; |
| 424 | 424 | } |
| 425 | - $capathtest[] = '<div>'.($capath->message!='' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 425 | + $capathtest[] = '<div>'.($capath->message != '' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 426 | 426 | $capathtest[] = '</td> |
| 427 | 427 | </tr> |
| 428 | 428 | </table>'; |
@@ -449,7 +449,7 @@ discard block |
||
| 449 | 449 | $srefused = 0; |
| 450 | 450 | $cliinfo = ''; |
| 451 | 451 | $cliinfo .= '<li>'._('Client certificate').' <b>'.$ca->clientcertinfo->from. |
| 452 | - '</b>'.', '.$ca->clientcertinfo->message . |
|
| 452 | + '</b>'.', '.$ca->clientcertinfo->message. |
|
| 453 | 453 | '<br> (CA: '.$ca->clientcertinfo->issuer.')<ul>'; |
| 454 | 454 | foreach ($ca->certificate as $certificate) { |
| 455 | 455 | if ($certificate->returncode == \core\diag\RADIUSTests::RETVAL_CONNECTION_REFUSED) { |
@@ -515,7 +515,7 @@ discard block |
||
| 515 | 515 | } else { |
| 516 | 516 | $cliinfo = _('Test failed'); |
| 517 | 517 | $clientstest[] = "<table><tr><td class='icon_td' id='srcclient".$hostindex."_img'><img src='". |
| 518 | - $this->stateIcons[\core\common\Entity::L_WARN]."'></td>" . |
|
| 518 | + $this->stateIcons[\core\common\Entity::L_WARN]."'></td>". |
|
| 519 | 519 | "<td id='srcclient$hostindex'>$cliinfo</td></tr></table>"; |
| 520 | 520 | } |
| 521 | 521 | } else { |
