GEANT / CAT

web/admin/API.php

Indentation +1 added lines, -1 removed lines

@@ -417,7 +417,7 @@
         $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
         $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
         $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+        $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
         if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
             // we need at least one of those
             $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");

Switch Indentation +412 added lines, -412 removed lines

@@ -84,149 +84,149 @@ 
 }
 
 switch ($inputDecoded['ACTION']) {
-    case web\lib\admin\API::ACTION_NEWINST:
-        // create the inst, no admin, no attributes
-        $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
-        if ($typeRaw === FALSE) {
-            throw new Exception("We did not receive a valid participant type!");
-        }
-        $type = $validator->partType($typeRaw);
-        $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
-        // now add all submitted attributes
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_DELINST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $idp->destroy();
-        $adminApi->returnSuccess([]);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_LIST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $adminApi->returnSuccess($idp->listOwners());
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_ADD:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        // here is the token
-        $mgmt = new core\UserManagement();
-        // we know we have an admin ID but scrutinizer wants this checked more explicitly
-        $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($admin === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
-        $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
-        // done with the essentials - display in response. But if we also have an email address, send it there
-        $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
-        if ($email !== FALSE) {
-            $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
-            $success["EMAIL SENT"] = $sent["SENT"];
-            if ($sent["SENT"] === TRUE) {
-                $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+        case web\lib\admin\API::ACTION_NEWINST:
+            // create the inst, no admin, no attributes
+            $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
+            if ($typeRaw === FALSE) {
+                throw new Exception("We did not receive a valid participant type!");
             }
-        }
-        $adminApi->returnSuccess($success);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_DEL:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $currentAdmins = $idp->listOwners();
-        $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($toBeDeleted === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $found = FALSE;
-        foreach ($currentAdmins as $oneAdmin) {
-            if ($oneAdmin['MAIL'] == $toBeDeleted) {
-                $found = TRUE;
-                $mgmt = new core\UserManagement();
-                $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+            $type = $validator->partType($typeRaw);
+            $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
+            // now add all submitted attributes
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_DELINST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        }
-        if ($found) {
+            $idp->destroy();
             $adminApi->returnSuccess([]);
-        }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_FED:
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        $adminApi->returnSuccess($fed->downloadStats("array", $detail));
-        break;
-    case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
-        $retArray = [];
-        $noLogo = null;
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        $idpStatFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_ADD_STATS);
-        if ($logoFlag === "TRUE") {
-            $noLogo = 'general:logo_file';
-        }
-        if ($idpIdentifier === FALSE) {
-            $allIdPs = $fed->listIdentityProviders(0);
-            if ($idpStatFlag === "TRUE") {
-                $fedStats = $fed->downloadStats('array', $detail);
-            }
-            foreach ($allIdPs as $instanceId => $oneIdP) {
-                $theIdP = $oneIdP["instance"];
-                $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
-                if ($idpStatFlag === "TRUE") {
-                    $retArray[$instanceId]['STAT'] = $fedStats[$instanceId];
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_LIST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $adminApi->returnSuccess($idp->listOwners());
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_ADD:
+            // IdP in question
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            // here is the token
+            $mgmt = new core\UserManagement();
+            // we know we have an admin ID but scrutinizer wants this checked more explicitly
+            $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($admin === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $newtokens = $mgmt->createTokens(true, [$admin], $idp);
+            $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+            $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
+            // done with the essentials - display in response. But if we also have an email address, send it there
+            $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
+            if ($email !== FALSE) {
+                $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
+                $success["EMAIL SENT"] = $sent["SENT"];
+                if ($sent["SENT"] === TRUE) {
+                    $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
                 }
             }
-        } else {
+            $adminApi->returnSuccess($success);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_DEL:
+            // IdP in question
             try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
             } catch (Exception $e) {
                 $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
                 exit(1);
             }
-            $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+            $currentAdmins = $idp->listOwners();
+            $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($toBeDeleted === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
             }
-        }
-        foreach ($retArray as $instNumber => $oneInstData) {
-            foreach ($oneInstData as $attribNumber => $oneAttrib) {
-                if ($oneAttrib['name'] == "general:logo_file") {
-                    // JSON doesn't cope well with raw binary data, so b64 it
-                    $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+            $found = FALSE;
+            foreach ($currentAdmins as $oneAdmin) {
+                if ($oneAdmin['MAIL'] == $toBeDeleted) {
+                    $found = TRUE;
+                    $mgmt = new core\UserManagement();
+                    $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+                }
+            }
+            if ($found) {
+                $adminApi->returnSuccess([]);
+            }
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_FED:
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            $adminApi->returnSuccess($fed->downloadStats("array", $detail));
+            break;
+        case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
+            $retArray = [];
+            $noLogo = null;
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            $idpStatFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_ADD_STATS);
+            if ($logoFlag === "TRUE") {
+                $noLogo = 'general:logo_file';
+            }
+            if ($idpIdentifier === FALSE) {
+                $allIdPs = $fed->listIdentityProviders(0);
+                if ($idpStatFlag === "TRUE") {
+                    $fedStats = $fed->downloadStats('array', $detail);
                 }
-                if ($attribNumber == "PROFILES") {
-                    // scan for included fed:logo_file and b64 escape it, t2oo
-                    foreach ($oneAttrib as $profileNumber => $profileContent) {
-                            foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
-                                    if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
-                                            $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
-                                    }
-                            }
+                foreach ($allIdPs as $instanceId => $oneIdP) {
+                    $theIdP = $oneIdP["instance"];
+                    $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
+                    if ($idpStatFlag === "TRUE") {
+                        $retArray[$instanceId]['STAT'] = $fedStats[$instanceId];
+                    }
+                }
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+                }
+            }
+            foreach ($retArray as $instNumber => $oneInstData) {
+                foreach ($oneInstData as $attribNumber => $oneAttrib) {
+                    if ($oneAttrib['name'] == "general:logo_file") {
+                        // JSON doesn't cope well with raw binary data, so b64 it
+                        $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+                    }
+                    if ($attribNumber == "PROFILES") {
+                        // scan for included fed:logo_file and b64 escape it, t2oo
+                        foreach ($oneAttrib as $profileNumber => $profileContent) {
+                                foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
+                                        if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
+                                                $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
+                                        }
+                                }
+                        }
                     }
                 }
             }
-        }
         
 /*        
                     $retArray[$idpIdentifier] = [];
@@ -237,102 +237,102 @@ 
  * 
  */        
         
-        $adminApi->returnSuccess($retArray);
-        break;
-    case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
-    // fall-through intended: both get mostly identical treatment
-    case web\lib\admin\API::ACTION_NEWPROF_SB:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
-            $type = "RADIUS";
-        } else {
-            $type = "SILVERBULLET";
-        }
-        $profile = $idp->newProfile($type);
-        if ($profile === NULL) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
-            exit(1);
-        }
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
-            // auto-accept ToU?
-            if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
-                $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
-            }
-            // we're done at this point
-            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+            $adminApi->returnSuccess($retArray);
             break;
-        }
-        if (!$profile instanceof core\ProfileRADIUS) {
-            throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
-        }
-        /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
-          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
-        $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
-        $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
-        if ($realm !== FALSE) {
-            if ($outer === FALSE) {
-                $outer = "";
-                $profile->setAnonymousIDSupport(FALSE);
+        case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
+        // fall-through intended: both get mostly identical treatment
+        case web\lib\admin\API::ACTION_NEWPROF_SB:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
+                $type = "RADIUS";
             } else {
-                $outer = $outer . "@";
-                $profile->setAnonymousIDSupport(TRUE);
+                $type = "SILVERBULLET";
             }
-            $profile->setRealm($outer . $realm);
-        }
-        /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
-        $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
-        if ($testuser !== FALSE) {
-            $profile->setRealmCheckUser(TRUE, $testuser);
-        }
-        /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
+            $profile = $idp->newProfile($type);
+            if ($profile === NULL) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
+                exit(1);
+            }
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
+                // auto-accept ToU?
+                if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
+                    $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
+                }
+                // we're done at this point
+                $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+                break;
+            }
+            if (!$profile instanceof core\ProfileRADIUS) {
+                throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
+            }
+            /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
+          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
+            $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
+            $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
+            if ($realm !== FALSE) {
+                if ($outer === FALSE) {
+                    $outer = "";
+                    $profile->setAnonymousIDSupport(FALSE);
+                } else {
+                    $outer = $outer . "@";
+                    $profile->setAnonymousIDSupport(TRUE);
+                }
+                $profile->setRealm($outer . $realm);
+            }
+            /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
+            $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
+            if ($testuser !== FALSE) {
+                $profile->setRealmCheckUser(TRUE, $testuser);
+            }
+            /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
           const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */
-        $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
-        $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
-        if ($enforce !== FALSE) {
-            $profile->setInputVerificationPreference($enforce, $hint);
-        }
-        /* const AUXATTRIB_PROFILE_EAPTYPE */
-        $iterator = 1;
-        foreach ($scrubbedParameters as $oneParam) {
-            if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
-                $type = new \core\common\EAP($oneParam["VALUE"]);
-                $profile->addSupportedEapMethod($type, $iterator);
-                $iterator = $iterator + 1;
+            $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
+            $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
+            if ($enforce !== FALSE) {
+                $profile->setInputVerificationPreference($enforce, $hint);
             }
-        }
-        // reinstantiate $profile freshly from DB - it was updated in the process
-        $profileFresh = new core\ProfileRADIUS($profile->identifier);
-        $profileFresh->prepShowtime();
-        $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_ENDUSER_NEW:
-    // fall-through intentional, those two actions are doing nearly identical things
-    case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
-        $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
-        if ($expiryRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+            /* const AUXATTRIB_PROFILE_EAPTYPE */
+            $iterator = 1;
+            foreach ($scrubbedParameters as $oneParam) {
+                if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
+                    $type = new \core\common\EAP($oneParam["VALUE"]);
+                    $profile->addSupportedEapMethod($type, $iterator);
+                    $iterator = $iterator + 1;
+                }
+            }
+            // reinstantiate $profile freshly from DB - it was updated in the process
+            $profileFresh = new core\ProfileRADIUS($profile->identifier);
+            $profileFresh->prepShowtime();
+            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
             break;
-        }
-        $expiry = new DateTime($expiryRaw);
-        try {
-            switch ($inputDecoded['ACTION']) {
+        case web\lib\admin\API::ACTION_ENDUSER_NEW:
+        // fall-through intentional, those two actions are doing nearly identical things
+        case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
+            $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
+            if ($expiryRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+                break;
+            }
+            $expiry = new DateTime($expiryRaw);
+            try {
+                switch ($inputDecoded['ACTION']) {
                 case web\lib\admin\API::ACTION_ENDUSER_NEW:
                     $retval = $profile->addUser($user, $expiry);
                     break;
@@ -345,7 +345,7 @@ 
                         $retval = 1; // function doesn't have any failure vectors not raising an Exception and doesn't return a value
                     }
                     break;
-            }
+                }
         } catch (Exception $e) {
             $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
             exit(1);
@@ -356,25 +356,25 @@ 
         }
         $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
-    // fall-through intended: both actions are very similar
-    case \web\lib\admin\API::ACTION_TOKEN_NEW:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
-        if ($userId === FALSE) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
-            exit(1);
-        }
-        $additionalInfo = [];
-        switch ($inputDecoded['ACTION']) { // this is where the two differ
+        case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
+        // fall-through intended: both actions are very similar
+        case \web\lib\admin\API::ACTION_TOKEN_NEW:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
+            if ($userId === FALSE) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
+                exit(1);
+            }
+            $additionalInfo = [];
+            switch ($inputDecoded['ACTION']) { // this is where the two differ
             case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
                 $result = $profile->deactivateUser($userId);
                 break;
@@ -407,7 +407,7 @@ 
                     }
                 }
                 break;
-        }
+            }
 
         if ($result !== TRUE) {
             $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user.");
@@ -415,69 +415,69 @@ 
         }
         $adminApi->returnSuccess($additionalInfo);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
-        $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
-        if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
-            // we need at least one of those
-            $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
-            break;
-        }
-        if ($certSerial !== FALSE) { // we got a cert serial
-            $serial = explode(":", $certSerial);
-            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+        case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
             }
-        if ($certCN !== FALSE) { // we got a cert CN
-            $cert = new \core\SilverbulletCertificate($certCN);
-        }
-        if ($cert !== NULL) { // we found a cert; verify it and extract userId
-            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-            if ($cert->profileId != $profile->identifier) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+            list($idp, $profile) = $evaluation;
+            $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
+            $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+		    $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+            if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
+                // we need at least one of those
+                $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
+                break;
             }
-            $userId = $cert->userId;
-        }
-        if ($userId !== FALSE) {
-            $userList = $profile->getUserById($userId);
-        }
-        if ($userName !== FALSE) {
-            $userList = $profile->getUserByName($userName);
-        }
-        if (count($userList) === 1) {
-            foreach ($userList as $oneUserId => $oneUserName) {
-                return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+            if ($certSerial !== FALSE) { // we got a cert serial
+                $serial = explode(":", $certSerial);
+                $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+                }
+            if ($certCN !== FALSE) { // we got a cert CN
+                $cert = new \core\SilverbulletCertificate($certCN);
             }
-        }
-        $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
-        break;
-    case \web\lib\admin\API::ACTION_ENDUSER_LIST:
-    // fall-through: those two are similar
-    case \web\lib\admin\API::ACTION_TOKEN_LIST:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $allUsers = $profile->listAllUsers();
-        // this is where they differ
-        switch ($inputDecoded['ACTION']) {
+            if ($cert !== NULL) { // we found a cert; verify it and extract userId
+                if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+                }
+                if ($cert->profileId != $profile->identifier) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+                }
+                $userId = $cert->userId;
+            }
+            if ($userId !== FALSE) {
+                $userList = $profile->getUserById($userId);
+            }
+            if ($userName !== FALSE) {
+                $userList = $profile->getUserByName($userName);
+            }
+            if (count($userList) === 1) {
+                foreach ($userList as $oneUserId => $oneUserName) {
+                    return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+                }
+            }
+            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
+            break;
+        case \web\lib\admin\API::ACTION_ENDUSER_LIST:
+        // fall-through: those two are similar
+        case \web\lib\admin\API::ACTION_TOKEN_LIST:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $allUsers = $profile->listAllUsers();
+            // this is where they differ
+            switch ($inputDecoded['ACTION']) {
             case \web\lib\admin\API::ACTION_ENDUSER_LIST:
                 $adminApi->returnSuccess($allUsers);
                 break;
@@ -496,123 +496,123 @@ 
                     $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus];
                 }
                 $adminApi->returnSuccess($infoSet);
-        }
-        break;
-    case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
-        $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
-        if ($tokenRaw === FALSE) {
-            exit(1);
-        }
-        $token = new core\SilverbulletInvitation($tokenRaw);
-        if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
-            exit(1);
-        }
-        $token->revokeInvitation();
-        $adminApi->returnSuccess([]);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_LIST:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        if ($prof_id === FALSE || !is_int($user_id)) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $invitations = $profile->userStatus($user_id);
-        // now pull out cert information from the object
-        $certs = [];
-        foreach ($invitations as $oneInvitation) {
-            $certs = array_merge($certs, $oneInvitation->associatedCertificates);
-        }
-        // extract relevant subset of information from cert objects
-        $certDetails = [];
-        foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
-        }
-        $adminApi->returnSuccess($certDetails);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_REVOKE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $cert->revokeCertificate();
-        $adminApi->returnSuccess([]);
+            }
         break;
-    case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
-        if ($annotationRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+        case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
+            $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
+            if ($tokenRaw === FALSE) {
+                exit(1);
+            }
+            $token = new core\SilverbulletInvitation($tokenRaw);
+            if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
+                exit(1);
+            }
+            $token->revokeInvitation();
+            $adminApi->returnSuccess([]);
             break;
-        }
-        $annotation = json_decode($annotationRaw, TRUE);
-        $cert->annotate($annotation);
-        $adminApi->returnSuccess([]);
-
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_INST:
-        $retArray = [];
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        if ($idpIdentifier === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        } else {
-            try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
-            } catch (Exception $e) {
-                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+        case \web\lib\admin\API::ACTION_CERT_LIST:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            if ($prof_id === FALSE || !is_int($user_id)) {
                 exit(1);
             }
-            $retArray[$idpIdentifier] = [];
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-        }
-        $adminApi->returnSuccess($retArray);
-        break;
-    default:
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
+            list($idp, $profile) = $evaluation;
+            $invitations = $profile->userStatus($user_id);
+            // now pull out cert information from the object
+            $certs = [];
+            foreach ($invitations as $oneInvitation) {
+                $certs = array_merge($certs, $oneInvitation->associatedCertificates);
+            }
+            // extract relevant subset of information from cert objects
+            $certDetails = [];
+            foreach ($certs as $cert) {
+                $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            }
+            $adminApi->returnSuccess($certDetails);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_REVOKE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $cert->revokeCertificate();
+            $adminApi->returnSuccess([]);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
+            if ($annotationRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+                break;
+            }
+            $annotation = json_decode($annotationRaw, TRUE);
+            $cert->annotate($annotation);
+            $adminApi->returnSuccess([]);
+
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_INST:
+            $retArray = [];
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            if ($idpIdentifier === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = [];
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+                }
+            }
+            $adminApi->returnSuccess($retArray);
+            break;
+        default:
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
 }
\ No newline at end of file

Spacing +7 added lines, -7 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 // no SAML auth on this page. The API key authenticates the entity
 
@@ -38,7 +38,7 @@ 
 
 $inputDecoded = json_decode($inputRaw, TRUE);
 if (!is_array($inputDecoded)) {
-    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data." . json_last_error_msg() . $inputRaw);
+    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data.".json_last_error_msg().$inputRaw);
     exit(1);
 }
 
@@ -132,7 +132,7 @@ 
             throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
         }
         $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+        $URL = "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/action_enrollment.php?token=".array_keys($newtokens)[0];
         $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
         // done with the essentials - display in response. But if we also have an email address, send it there
         $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
@@ -169,7 +169,7 @@ 
         if ($found) {
             $adminApi->returnSuccess([]);
         }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP ".$idp->identifier);
         break;
     case web\lib\admin\API::ACTION_STATISTICS_FED:
         $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
@@ -281,10 +281,10 @@ 
                 $outer = "";
                 $profile->setAnonymousIDSupport(FALSE);
             } else {
-                $outer = $outer . "@";
+                $outer = $outer."@";
                 $profile->setAnonymousIDSupport(TRUE);
             }
-            $profile->setRealm($outer . $realm);
+            $profile->setRealm($outer.$realm);
         }
         /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
         $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
@@ -531,7 +531,7 @@ 
         // extract relevant subset of information from cert objects
         $certDetails = [];
         foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            $certDetails[$cert->ca_type.":".$cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
         }
         $adminApi->returnSuccess($certDetails);
         break;

devices/PP_OSU_XML/DevicePPOSUXML.php

Spacing +9 added lines, -9 removed lines

@@ -92,10 +92,10 @@ 
         <NodeName>AAAServerTrustRoot</NodeName>';
         foreach ($this->attributes['internal:CAs'][0] as $oneCert) {
             $retval .= '<Node>
-                         <NodeName>' . $oneCert['uuid'] . '</NodeName>
+                         <NodeName>' . $oneCert['uuid'].'</NodeName>
                              <Node>
                                <NodeName>CertSHA256Fingerprint</NodeName>
-                               <Value>' . $oneCert['sha256'] . '</Value>
+                               <Value>' . $oneCert['sha256'].'</Value>
                              </Node>
                        </Node>
                   ';
@@ -114,7 +114,7 @@ 
         $now = new \DateTime();
         return '<Node>
           <NodeName>CreationDate</NodeName>
-          <Value>' . $now->format("Y-m-d") . "T" . $now->format("H:i:s") . "Z" . '</Value>
+          <Value>' . $now->format("Y-m-d")."T".$now->format("H:i:s")."Z".'</Value>
         </Node>';
     }
 
@@ -128,11 +128,11 @@ 
         <NodeName>HomeSP</NodeName>
         <Node>
           <NodeName>FriendlyName</NodeName>
-          <Value>' . sprintf(_("%s via Passpoint"), \config\ConfAssistant::CONSORTIUM['display_name']) . '</Value>
+          <Value>' . sprintf(_("%s via Passpoint"), \config\ConfAssistant::CONSORTIUM['display_name']).'</Value>
         </Node>
         <Node>
           <NodeName>FQDN</NodeName>
-          <Value>' . $this->attributes['eap:server_name'][0] /* what, only one FQDN allowed? */ . '</Value>
+          <Value>' . $this->attributes['eap:server_name'][0] /* what, only one FQDN allowed? */.'</Value>
         </Node>
         <Node>
           <NodeName>RoamingConsortiumOI</NodeName>
@@ -148,7 +148,7 @@ 
                 $oiList .= ",";
             }
         }
-        $retval .= $oiList . '</Value>
+        $retval .= $oiList.'</Value>
         </Node>
       </Node>
 ';
@@ -165,7 +165,7 @@ 
         <NodeName>Credential</NodeName>
         <Node>
               <NodeName>Realm</NodeName>
-              <Value>' . $this->attributes['internal:realm'][0] . '</Value>
+              <Value>' . $this->attributes['internal:realm'][0].'</Value>
             </Node>';
         /* the example file I got did not include CreationDate, so omit it
          * 
@@ -180,7 +180,7 @@ 
             </Node>
             <Node>
               <NodeName>CertSHA256Fingerprint</NodeName>
-              <Value>' . strtoupper($this->clientCert["sha256"]) /* the actual cert has to go... where? */ . '</Value>
+              <Value>' . strtoupper($this->clientCert["sha256"]) /* the actual cert has to go... where? */.'</Value>
             </Node>
           </Node>
       </Node>
@@ -298,7 +298,7 @@ 
         // foresee signing.
         // but if they ever change their mind, we are prepared
 
-        $outputFromSigning = system($this->sign . " installer_profile '$fileName' > /dev/null");
+        $outputFromSigning = system($this->sign." installer_profile '$fileName' > /dev/null");
         if ($outputFromSigning === FALSE) {
             $this->loggerInstance->debug(2, "Signing the ONC installer $fileName FAILED!\n");
         }

devices/linux/DeviceLinuxSh.php

Indentation +1 added lines, -1 removed lines

@@ -201,7 +201,7 @@
         }
 
         if (!empty($this->attributes['internal:realm'][0])) {
-           $config['USER_REALM'] = $this->attributes['internal:realm'][0];
+            $config['USER_REALM'] = $this->attributes['internal:realm'][0];
         }
 
         if(!empty($this->attributes['internal:hint_userinput_suffix'][0]) && $this->attributes['internal:hint_userinput_suffix'][0] == 1) {

Braces +1 added lines, -2 removed lines

@@ -203,8 +203,7 @@
 
         if ($this->selectedEap == \core\common\EAP::EAPTYPE_TLS && isset($this->attributes['eap-specific:tls_use_other_id']) && $this->attributes['eap-specific:tls_use_other_id'][0] == 'on') {
             $configRaw['USE_OTHER_TLS_ID'] = true;
-        }
-        else {
+        } else {
             $configRaw['USE_OTHER_TLS_ID'] = false;
         }
 

Spacing +8 added lines, -8 removed lines

@@ -51,7 +51,7 @@ 
         $installerPath = $this->installerBasename.".sh";
         $this->copyFile("eduroam_linux_main.sh", $installerPath);
 
-        if ( !file_exists($installerPath) ) {
+        if (!file_exists($installerPath)) {
             throw new Exception('File not found.');
         }
 
@@ -68,7 +68,7 @@ 
             fwrite($installer, 'printf -v INIT_CONFIRMATION "$INIT_CONFIRMATION_TMP" "$ORGANISATION"'."\n\n");
             fwrite($installer, 'main "$@"; exit'."\n");
         } catch (Exception $e) {
-            echo 'Error message: ' .$e->getMessage();
+            echo 'Error message: '.$e->getMessage();
         } finally {
             fclose($installer);
             return($installerPath);
@@ -204,11 +204,11 @@ 
            $config['USER_REALM'] = $this->attributes['internal:realm'][0];
         }
 
-        if(!empty($this->attributes['internal:hint_userinput_suffix'][0]) && $this->attributes['internal:hint_userinput_suffix'][0] == 1) {
+        if (!empty($this->attributes['internal:hint_userinput_suffix'][0]) && $this->attributes['internal:hint_userinput_suffix'][0] == 1) {
             $configRaw['HINT_USER_INPUT'] = true;
         }
 
-        if(!empty($this->attributes['internal:verify_userinput_suffix'][0]) && $this->attributes['internal:verify_userinput_suffix'][0] == 1) {
+        if (!empty($this->attributes['internal:verify_userinput_suffix'][0]) && $this->attributes['internal:verify_userinput_suffix'][0] == 1) {
             $configRaw['VERIFY_USER_REALM_INPUT'] = true;
         } else {
             $configRaw['VERIFY_USER_REALM_INPUT'] = false;
@@ -219,7 +219,7 @@ 
         }
 
         foreach ($configRaw as $name => $value) {
-            fwrite($file, $name ."=". $value."\n");
+            fwrite($file, $name."=".$value."\n");
         }
 
         if ($tou === '') {
@@ -283,7 +283,7 @@ 
             }
             $out .= "'DNS:$oneServer'";
         }
-        return "(".$out. ")";
+        return "(".$out.")";
     }
 
     /**
@@ -323,7 +323,7 @@ 
      *
      * @return string
      */
-    private function mkCAfile(){
+    private function mkCAfile() {
         $out = '';
         $cAlist = $this->attributes['internal:CAs'][0];
         foreach ($cAlist as $oneCa) {
@@ -339,7 +339,7 @@ 
      */
     private function mkIntro() {
         \core\common\Entity::intoThePotatoes();
-        $out = _("This installer has been prepared for %s").'\n\n'._("More information and comments:").'\n\nE-Mail: %s\nWWW: %s\n\n' .
+        $out = _("This installer has been prepared for %s").'\n\n'._("More information and comments:").'\n\nE-Mail: %s\nWWW: %s\n\n'.
             _("Installer created with software from the GEANT project.");
         \core\common\Entity::outOfThePotatoes();
         return $out;

core/ProfileSilverbullet.php

Spacing +4 added lines, -4 removed lines

@@ -96,7 +96,7 @@ 
 
 // realm is automatically calculated, then stored in DB
 
-        $this->realm = "opaquehash@$myInst->identifier-$this->identifier." . strtolower($myInst->federation) . \config\ConfAssistant::SILVERBULLET['realm_suffix'];
+        $this->realm = "opaquehash@$myInst->identifier-$this->identifier.".strtolower($myInst->federation).\config\ConfAssistant::SILVERBULLET['realm_suffix'];
         $localValueIfAny = "";
 
 // but there's some common internal attributes populated directly
@@ -113,11 +113,11 @@ 
 
         // and we need to populate eap:server_name and eap:ca_file with the NRO-specific EAP information
         $silverbulletAttributes = [
-            "eap:server_name" => "auth." . strtolower($myFed->tld) . \config\ConfAssistant::SILVERBULLET['server_suffix'],
+            "eap:server_name" => "auth.".strtolower($myFed->tld).\config\ConfAssistant::SILVERBULLET['server_suffix'],
         ];
         $temp = array_merge($this->addInternalAttributes($internalAttributes), $this->addInternalAttributes($silverbulletAttributes));
         $x509 = new \core\common\X509();
-        $caHandle = fopen(dirname(__FILE__) . "/../config/SilverbulletServerCerts/" . strtoupper($myFed->tld) . "/root.pem", "r");
+        $caHandle = fopen(dirname(__FILE__)."/../config/SilverbulletServerCerts/".strtoupper($myFed->tld)."/root.pem", "r");
         if ($caHandle !== FALSE) {
             $cAFile = fread($caHandle, 16000000);
             foreach ($x509->splitCertificate($cAFile) as $oneCa) {
@@ -273,7 +273,7 @@ 
         if (empty($certNames)) {
             return [];
         }
-        $namesCondensed = "'" . implode("' OR username = '", $certNames) . "'";
+        $namesCondensed = "'".implode("' OR username = '", $certNames)."'";
         $serverHandles = DBConnection::handle("RADIUS");
         $returnarray = [];
         foreach ($serverHandles as $oneDbServer) {

core/common/X509.php

Spacing +1 added lines, -1 removed lines

@@ -88,7 +88,7 @@
     public function der2pem($derData)
     {
         $pem = chunk_split(base64_encode($derData), 64, "\n");
-        $pem = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+        $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
         return $pem;
     }
 

core/DeviceFactory.php

Spacing +3 added lines, -3 removed lines

@@ -65,8 +65,8 @@ 
         parent::__construct();
         $Dev = \devices\Devices::listDevices();
         if (isset($Dev[$blueprint])) {
-            $this->loggerInstance->debug(4, "loaded: devices/" . $Dev[$blueprint]['directory'] . "/" . $Dev[$blueprint]['module'] . ".php\n");
-            $class_name = "\devices\\" . $Dev[$blueprint]['directory'] . "\Device" . $Dev[$blueprint]['module'];
+            $this->loggerInstance->debug(4, "loaded: devices/".$Dev[$blueprint]['directory']."/".$Dev[$blueprint]['module'].".php\n");
+            $class_name = "\devices\\".$Dev[$blueprint]['directory']."\Device".$Dev[$blueprint]['module'];
             $this->device = new $class_name();
             if (!$this->device) {
                 $this->loggerInstance->debug(2, "module loading failed");
@@ -75,7 +75,7 @@ 
         } else {
             echo("unknown devicename:$blueprint\n");
         }
-        $this->device->module_path = ROOT . '/devices/' . $Dev[$blueprint]['directory'];
+        $this->device->module_path = ROOT.'/devices/'.$Dev[$blueprint]['directory'];
         $this->device->signer = isset($Dev[$blueprint]['signer']) ? $Dev[$blueprint]['signer'] : 0;
         $this->device->device_id = $blueprint;
         $options = \devices\Devices::$Options;

core/diag/Sociopath.php

Spacing +5 added lines, -5 removed lines

@@ -108,7 +108,7 @@ 
                 "TXT" => _("If you use more than one device: do your other devices still work?"),
                 "FACTOR_YES" => 0.33, // seems that all is okay with the account as such
                 "FACTOR_NO" => 3, // now that is suspicious indeed
-                "VERDICTLECTURE" => _("If all devices stopped working simultaneously, there may be a problem with your account as such. Maybe your account expired, or you were forced to change the password? These questions are best answered by your Identity Provider [MGW: display contact info]"),],
+                "VERDICTLECTURE" => _("If all devices stopped working simultaneously, there may be a problem with your account as such. Maybe your account expired, or you were forced to change the password? These questions are best answered by your Identity Provider [MGW: display contact info]"), ],
             6 => ["AREA" => AbstractTest::INFRA_SP_80211,
                 "TXT" => _("Is the place you are currently at heavily crowded, or is a network-intensive workload going on?"),
                 "FACTOR_YES" => 3,
@@ -144,11 +144,11 @@ 
         $questionDetails = $this->qaArray[$questionNumber];
         if ($answer === TRUE) {
             $this->possibleFailureReasons[$questionDetails['AREA']] = $this->possibleFailureReasons[$questionDetails['AREA']] * $questionDetails["FACTOR_YES"];
-            $this->loggerInstance->debug(3, "Adjusting " . $questionDetails['AREA'] . " by " . $questionDetails["FACTOR_YES"] . "\n");
+            $this->loggerInstance->debug(3, "Adjusting ".$questionDetails['AREA']." by ".$questionDetails["FACTOR_YES"]."\n");
             $factor = $questionDetails["FACTOR_YES"];
         } elseif ($answer === FALSE) {
             $this->possibleFailureReasons[$questionDetails['AREA']] = $this->possibleFailureReasons[$questionDetails['AREA']] * $questionDetails["FACTOR_NO"];
-            $this->loggerInstance->debug(3, "Adjusting " . $questionDetails['AREA'] . " by " . $questionDetails["FACTOR_NO"] . "\n");
+            $this->loggerInstance->debug(3, "Adjusting ".$questionDetails['AREA']." by ".$questionDetails["FACTOR_NO"]."\n");
             $factor = $questionDetails["FACTOR_NO"];
         } else {
             $factor = 1;
@@ -183,7 +183,7 @@ 
         // if both are identical, take any of the questions in the pool of both
         foreach ($this->qaArray as $questionNumber => $questionDetails) {
             // if we find a question we didn't ask before AND it is related to our currently high-scoring problem area, ask it
-            if (!array_key_exists($questionNumber, $this->previousQuestions) && ( $questionDetails["AREA"] == $highestCategory || $questionDetails["AREA"] == $nextCategory)) {
+            if (!array_key_exists($questionNumber, $this->previousQuestions) && ($questionDetails["AREA"] == $highestCategory || $questionDetails["AREA"] == $nextCategory)) {
                 return json_encode(["NEXTEXISTS" => TRUE, "NUMBER" => $questionNumber, "TEXT" => $questionDetails["TXT"]]);
             }
         }
@@ -211,7 +211,7 @@ 
         $text = $this->genericVerdictTexts[$area];
         foreach ($this->previousQuestions as $number => $factor) {
             if ($this->qaArray[$number]["AREA"] == $area && $factor > 1) {
-                $text .= "\n\n" . $this->qaArray[$number]["VERDICTLECTURE"];
+                $text .= "\n\n".$this->qaArray[$number]["VERDICTLECTURE"];
             }
         }
         return $text;

core/diag/Telepath.php

Spacing +3 added lines, -3 removed lines

@@ -113,7 +113,7 @@ 
         if ($this->idPFederation === NULL && preg_match("/\.(..)$/", $realm, $matches)) {
             $this->idPFederation = strtoupper($matches[1]);
         }
-        $this->loggerInstance->debug(4, "XYZ: IdP-side NRO is " . $this->idPFederation . "\n");
+        $this->loggerInstance->debug(4, "XYZ: IdP-side NRO is ".$this->idPFederation."\n");
     }
     /* The eduroam OT monitoring has the following return codes:
      * 
@@ -443,12 +443,12 @@ 
                     break;
                 case \core\AbstractProfile::READINESS_LEVEL_NOTREADY:
                     $this->additionalFindings[AbstractTest::INFRA_IDP_RADIUS][] = ["Profile" => "UNCONCLUSIVE"];
-                    $this->testsuite = new RADIUSTests($this->realm, "anonymous@" . $this->realm);
+                    $this->testsuite = new RADIUSTests($this->realm, "anonymous@".$this->realm);
                     break;
                 default:
             }
         } else {
-            $this->testsuite = new RADIUSTests($this->realm, "anonymous@" . $this->realm);
+            $this->testsuite = new RADIUSTests($this->realm, "anonymous@".$this->realm);
         }
     }
 

core/diag/RFC7585Tests.php

Indentation -1 removed lines

@@ -197,7 +197,6 @@
      * - RETVAL_NOTCONFIGURED; needs \config\Diagnostics::RADIUSTESTS['TLS-discoverytag']
      * - RETVAL_INVALID (at least one format error)
      * - RETVAL_OK (all fine)
-
      * @return int one of two RETVALs above
      */
     public function relevantNAPTRcompliance()

Spacing +4 added lines, -4 removed lines

@@ -438,7 +438,7 @@ 
             $this->relevantNAPTRhostnameResolution();
         }
         foreach ($this->NAPTR_hostname_records as $hostindex => $addr) {
-            $host = ($addr['family'] == "IPv6" ? "[" : "") . $addr['IP'] . ($addr['family'] == "IPv6" ? "]" : "") . ":" . $addr['port'];
+            $host = ($addr['family'] == "IPv6" ? "[" : "").$addr['IP'].($addr['family'] == "IPv6" ? "]" : "").":".$addr['port'];
             $this->NAPTR_hostname_records[$hostindex]['protocols'] = $this->execSslscan($hostindex, $host);
             foreach ($this->NAPTR_hostname_records[$hostindex]['protocols'] as $protocol) {
                 if ($protocol['type'] == 'TLS1.3' && $protocol['enabled'] == 1) {
@@ -458,13 +458,13 @@ 
      */
     private function execSslscan($hostindex, $host)
     {
-        $this->loggerInstance->debug(4, \config\Master::PATHS['sslscan'] . " --no-heartbleed --no-fallback --connect-timeout=5 --no-ciphersuites --xml=- " . $host . "\n");
+        $this->loggerInstance->debug(4, \config\Master::PATHS['sslscan']." --no-heartbleed --no-fallback --connect-timeout=5 --no-ciphersuites --xml=- ".$host."\n");
         $sslscanbabble = [];
         $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures
-        exec(\config\Master::PATHS['sslscan'] . " --no-heartbleed --no-fallback --connect-timeout=5 --no-ciphersuites --xml=- " . $host ." 2>&1", $sslscanbabble, $result);
+        exec(\config\Master::PATHS['sslscan']." --no-heartbleed --no-fallback --connect-timeout=5 --no-ciphersuites --xml=- ".$host." 2>&1", $sslscanbabble, $result);
         $this->loggerInstance->debug(4, 'sslscan result '.implode($sslscanbabble));
         $xml = simplexml_load_string(implode($sslscanbabble));  
-        $resarray = json_decode(json_encode((array)$xml),true);
+        $resarray = json_decode(json_encode((array) $xml), true);
         $prots = [];
         if (!isset($resarray['ssltest'])) {
             $this->NAPTR_hostname_records[$hostindex]['unavailable'] = 1;