GEANT /
CAT
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | $this->test_result = []; |
| 130 | 130 | $this->test_result['global'] = 0; |
| 131 | 131 | // parse the schema file to find out the number of expected rows... |
| 132 | - $schema = file(dirname(dirname(__FILE__)) . "/schema/schema.sql"); |
|
| 132 | + $schema = file(dirname(dirname(__FILE__))."/schema/schema.sql"); |
|
| 133 | 133 | $this->profileOptionCount = 0; |
| 134 | 134 | $passedTheWindmill = FALSE; |
| 135 | 135 | foreach ($schema as $schemaLine) { |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | { |
| 157 | 157 | $this->out[$test] = []; |
| 158 | 158 | $this->name = $test; |
| 159 | - $m_name = 'test' . $test; |
|
| 159 | + $m_name = 'test'.$test; |
|
| 160 | 160 | $this->test_result[$test] = 0; |
| 161 | 161 | if (!method_exists($this, $m_name)) { |
| 162 | 162 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Configuration error, no test configured for <strong>$test</strong>."); |
@@ -269,9 +269,9 @@ discard block |
||
| 269 | 269 | private function testPhp() |
| 270 | 270 | { |
| 271 | 271 | if (version_compare(phpversion(), $this->needversionPHP, '>=')) { |
| 272 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running " . phpversion() . "."); |
|
| 272 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running ".phpversion()."."); |
|
| 273 | 273 | } else { |
| 274 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have " . phpversion() . "."); |
|
| 274 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have ".phpversion()."."); |
|
| 275 | 275 | } |
| 276 | 276 | } |
| 277 | 277 | |
@@ -284,12 +284,12 @@ discard block |
||
| 284 | 284 | */ |
| 285 | 285 | private function runConstantsTest($config) |
| 286 | 286 | { |
| 287 | - $templateConfig = file_get_contents(ROOT . "/config/$config-template.php"); |
|
| 288 | - $newTemplateConfig = preg_replace("/class *$config/", "class $config" . "_template", $templateConfig); |
|
| 289 | - file_put_contents(ROOT . "/var/tmp/$config-template.php", $newTemplateConfig); |
|
| 290 | - include(ROOT . "/var/tmp/$config-template.php"); |
|
| 291 | - unlink(ROOT . "/var/tmp/$config-template.php"); |
|
| 292 | - $rft = new \ReflectionClass("\config\\$config" . "_template"); |
|
| 287 | + $templateConfig = file_get_contents(ROOT."/config/$config-template.php"); |
|
| 288 | + $newTemplateConfig = preg_replace("/class *$config/", "class $config"."_template", $templateConfig); |
|
| 289 | + file_put_contents(ROOT."/var/tmp/$config-template.php", $newTemplateConfig); |
|
| 290 | + include(ROOT."/var/tmp/$config-template.php"); |
|
| 291 | + unlink(ROOT."/var/tmp/$config-template.php"); |
|
| 292 | + $rft = new \ReflectionClass("\config\\$config"."_template"); |
|
| 293 | 293 | $templateConstants = $rft->getConstants(); |
| 294 | 294 | $failResults = []; |
| 295 | 295 | foreach ($templateConstants as $constant => $value) { |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | * Check if all required constants are set |
| 307 | 307 | */ |
| 308 | 308 | private function testConfigConstants() { |
| 309 | - set_error_handler(function ($severity, $message, $file, $line) { |
|
| 309 | + set_error_handler(function($severity, $message, $file, $line) { |
|
| 310 | 310 | throw new \ErrorException($message, $severity, $severity, $file, $line); |
| 311 | 311 | }); |
| 312 | 312 | |
@@ -317,7 +317,7 @@ discard block |
||
| 317 | 317 | $failCount = $failCount + count($failResults); |
| 318 | 318 | if (count($failResults) > 0) { |
| 319 | 319 | $this->storeTestResult(\core\common\Entity::L_ERROR, |
| 320 | - "<strong>The following constants are not set:</strong>" . implode(', ', $failResults)); |
|
| 320 | + "<strong>The following constants are not set:</strong>".implode(', ', $failResults)); |
|
| 321 | 321 | } |
| 322 | 322 | } |
| 323 | 323 | |
@@ -341,7 +341,7 @@ discard block |
||
| 341 | 341 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>cat_base_url</strong> set correctly"); |
| 342 | 342 | } else { |
| 343 | 343 | $rootFromScript = $m[1] === '' ? '/' : $m[1]; |
| 344 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>" . \config\Master::PATHS['cat_base_url'] . "</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 344 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>".\config\Master::PATHS['cat_base_url']."</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 345 | 345 | } |
| 346 | 346 | } |
| 347 | 347 | |
@@ -362,7 +362,7 @@ discard block |
||
| 362 | 362 | if (count($probeReturns) == 0) { |
| 363 | 363 | $this->storeTestResult(common\Entity::L_OK, "All configured RADIUS/UDP probes are reachable."); |
| 364 | 364 | } else { |
| 365 | - $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: " . implode(', ', $probeReturns)); |
|
| 365 | + $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: ".implode(', ', $probeReturns)); |
|
| 366 | 366 | } |
| 367 | 367 | } |
| 368 | 368 | |
@@ -380,9 +380,9 @@ discard block |
||
| 380 | 380 | $SSPconfig = \SimpleSAML\Configuration::getInstance(); |
| 381 | 381 | $sspVersion = explode('.', $SSPconfig->getVersion()); |
| 382 | 382 | if ((int) $sspVersion[0] >= $this->needversionSSP['major'] && (int) $sspVersion[1] >= $this->needversionSSP['minor']) { |
| 383 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficiently recent. You are running " . implode('.', $sspVersion)); |
|
| 383 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficiently recent. You are running ".implode('.', $sspVersion)); |
|
| 384 | 384 | } else { |
| 385 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least " . implode('.', $this->needversionSSP)); |
|
| 385 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least ".implode('.', $this->needversionSSP)); |
|
| 386 | 386 | } |
| 387 | 387 | } |
| 388 | 388 | } |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $A = $this->getExecPath('zip'); |
| 410 | 410 | if ($A['exec'] != "") { |
| 411 | 411 | $fullOutput = []; |
| 412 | - $t = exec($A['exec'] . ' --version', $fullOutput); |
|
| 412 | + $t = exec($A['exec'].' --version', $fullOutput); |
|
| 413 | 413 | if ($A['exec_is'] == "EXPLICIT") { |
| 414 | 414 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>".$fullOutput[1]."</strong> was found and is configured explicitly in your config."); |
| 415 | 415 | } else { |
@@ -447,8 +447,8 @@ discard block |
||
| 447 | 447 | */ |
| 448 | 448 | private function testLogdir() |
| 449 | 449 | { |
| 450 | - if (fopen(\config\Master::PATHS['logdir'] . "/debug.log", "a") == FALSE) { |
|
| 451 | - $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>" . \config\Master::PATHS['logdir'] . "</strong> are not writable!"); |
|
| 450 | + if (fopen(\config\Master::PATHS['logdir']."/debug.log", "a") == FALSE) { |
|
| 451 | + $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>".\config\Master::PATHS['logdir']."</strong> are not writable!"); |
|
| 452 | 452 | } else { |
| 453 | 453 | $this->storeTestResult(\core\common\Entity::L_OK, "Log directory is writable."); |
| 454 | 454 | } |
@@ -576,7 +576,7 @@ discard block |
||
| 576 | 576 | { |
| 577 | 577 | $A = $this->getExecPath('openssl'); |
| 578 | 578 | if ($A['exec'] != "") { |
| 579 | - $t = exec($A['exec'] . ' version'); |
|
| 579 | + $t = exec($A['exec'].' version'); |
|
| 580 | 580 | if ($A['exec_is'] == "EXPLICIT") { |
| 581 | 581 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>$t</strong> was found and is configured explicitly in your config."); |
| 582 | 582 | } else { |
@@ -598,13 +598,13 @@ discard block |
||
| 598 | 598 | if ($A['exec'] != "" && $A['exec_is'] == "EXPLICIT" && !file_exists($A['exec'])) { |
| 599 | 599 | $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>sslscan</strong> is configured explicitly and was not found on your system!"); |
| 600 | 600 | } else { |
| 601 | - exec($A['exec'] . ' --version --xml=-', $output, $res); |
|
| 601 | + exec($A['exec'].' --version --xml=-', $output, $res); |
|
| 602 | 602 | if ($res == 0) { |
| 603 | 603 | $xml = simplexml_load_string(implode($output)); |
| 604 | - $resarray = json_decode(json_encode((array)$xml),true); |
|
| 604 | + $resarray = json_decode(json_encode((array) $xml), true); |
|
| 605 | 605 | $t = 'sslscan'; |
| 606 | 606 | if (isset($resarray['@attributes']) and isset($resarray['@attributes']['version'])) { |
| 607 | - $t = 'sslscan ' . $resarray['@attributes']['version']; |
|
| 607 | + $t = 'sslscan '.$resarray['@attributes']['version']; |
|
| 608 | 608 | } |
| 609 | 609 | } else { |
| 610 | 610 | $t = ''; |
@@ -637,14 +637,14 @@ discard block |
||
| 637 | 637 | } |
| 638 | 638 | $A = $this->getExecPath('makensis'); |
| 639 | 639 | if ($A['exec'] != "") { |
| 640 | - $t = exec($A['exec'] . ' -VERSION'); |
|
| 640 | + $t = exec($A['exec'].' -VERSION'); |
|
| 641 | 641 | if ($A['exec_is'] == "EXPLICIT") { |
| 642 | 642 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>makensis $t</strong> was found and is configured explicitly in your config."); |
| 643 | 643 | } else { |
| 644 | 644 | $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>makensis $t</strong> was found, but is not configured with an absolute path in your config."); |
| 645 | 645 | } |
| 646 | 646 | $outputArray = []; |
| 647 | - exec($A['exec'] . ' -HELP', $outputArray); |
|
| 647 | + exec($A['exec'].' -HELP', $outputArray); |
|
| 648 | 648 | $t1 = count(preg_grep('/INPUTCHARSET/', $outputArray)); |
| 649 | 649 | if ($t1 == 1 && \config\ConfAssistant::NSIS_VERSION == 2) { |
| 650 | 650 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Declared NSIS_VERSION does not seem to match the file pointed to by PATHS['makensis']!"); |
@@ -674,7 +674,7 @@ discard block |
||
| 674 | 674 | $NSIS_Module_status = []; |
| 675 | 675 | foreach ($this->NSISModules as $module) { |
| 676 | 676 | unset($out); |
| 677 | - exec(\config\ConfAssistant::PATHS['makensis'] . " -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 677 | + exec(\config\ConfAssistant::PATHS['makensis']." -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 678 | 678 | if ($retval > 0) { |
| 679 | 679 | $NSIS_Module_status[$module] = 0; |
| 680 | 680 | } else { |
@@ -741,8 +741,8 @@ discard block |
||
| 741 | 741 | $locales = shell_exec("locale -a"); |
| 742 | 742 | $allthere = ""; |
| 743 | 743 | foreach (\config\Master::LANGUAGES as $onelanguage) { |
| 744 | - if (preg_match("/" . $onelanguage['locale'] . "/", $locales) == 0) { |
|
| 745 | - $allthere .= $onelanguage['locale'] . " "; |
|
| 744 | + if (preg_match("/".$onelanguage['locale']."/", $locales) == 0) { |
|
| 745 | + $allthere .= $onelanguage['locale']." "; |
|
| 746 | 746 | } |
| 747 | 747 | } |
| 748 | 748 | if ($allthere == "") { |
@@ -756,47 +756,47 @@ discard block |
||
| 756 | 756 | ["SETTING" => \config\Master::APPEARANCE['from-mail'], |
| 757 | 757 | "DEFVALUE" => "[email protected]", |
| 758 | 758 | "COMPLAINTSTRING" => "APPEARANCE/from-mail ", |
| 759 | - "REQUIRED" => FALSE,], |
|
| 759 | + "REQUIRED" => FALSE, ], |
|
| 760 | 760 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['url'], |
| 761 | 761 | "DEFVALUE" => "[email protected]?body=Only%20English%20language%20please!", |
| 762 | 762 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/url ", |
| 763 | - "REQUIRED" => FALSE,], |
|
| 763 | + "REQUIRED" => FALSE, ], |
|
| 764 | 764 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['display'], |
| 765 | 765 | "DEFVALUE" => "[email protected]", |
| 766 | 766 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/display ", |
| 767 | - "REQUIRED" => FALSE,], |
|
| 767 | + "REQUIRED" => FALSE, ], |
|
| 768 | 768 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['developer-mail'], |
| 769 | 769 | "DEFVALUE" => "[email protected]", |
| 770 | 770 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/mail ", |
| 771 | - "REQUIRED" => FALSE,], |
|
| 771 | + "REQUIRED" => FALSE, ], |
|
| 772 | 772 | ["SETTING" => \config\Master::APPEARANCE['abuse-mail'], |
| 773 | 773 | "DEFVALUE" => "[email protected]", |
| 774 | 774 | "COMPLAINTSTRING" => "APPEARANCE/abuse-mail ", |
| 775 | - "REQUIRED" => FALSE,], |
|
| 775 | + "REQUIRED" => FALSE, ], |
|
| 776 | 776 | ["SETTING" => \config\Master::APPEARANCE['MOTD'], |
| 777 | 777 | "DEFVALUE" => "Release Candidate. All bugs to be shot on sight!", |
| 778 | 778 | "COMPLAINTSTRING" => "APPEARANCE/MOTD ", |
| 779 | - "REQUIRED" => FALSE,], |
|
| 779 | + "REQUIRED" => FALSE, ], |
|
| 780 | 780 | ["SETTING" => \config\Master::APPEARANCE['webcert_CRLDP'], |
| 781 | 781 | "DEFVALUE" => ['list', 'of', 'CRL', 'pointers'], |
| 782 | 782 | "COMPLAINTSTRING" => "APPEARANCE/webcert_CRLDP ", |
| 783 | - "REQUIRED" => TRUE,], |
|
| 783 | + "REQUIRED" => TRUE, ], |
|
| 784 | 784 | ["SETTING" => \config\Master::APPEARANCE['webcert_OCSP'], |
| 785 | 785 | "DEFVALUE" => ['list', 'of', 'OCSP', 'pointers'], |
| 786 | 786 | "COMPLAINTSTRING" => "APPEARANCE/webcert_OCSP ", |
| 787 | - "REQUIRED" => TRUE,], |
|
| 787 | + "REQUIRED" => TRUE, ], |
|
| 788 | 788 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 789 | 789 | "DEFVALUE" => "db.host.example", |
| 790 | 790 | "COMPLAINTSTRING" => "DB/INST ", |
| 791 | - "REQUIRED" => TRUE,], |
|
| 791 | + "REQUIRED" => TRUE, ], |
|
| 792 | 792 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 793 | 793 | "DEFVALUE" => "db.host.example", |
| 794 | 794 | "COMPLAINTSTRING" => "DB/USER ", |
| 795 | - "REQUIRED" => TRUE,], |
|
| 795 | + "REQUIRED" => TRUE, ], |
|
| 796 | 796 | ["SETTING" => \config\Master::DB['EXTERNAL']['host'], |
| 797 | 797 | "DEFVALUE" => "customerdb.otherhost.example", |
| 798 | 798 | "COMPLAINTSTRING" => "DB/EXTERNAL ", |
| 799 | - "REQUIRED" => FALSE,], |
|
| 799 | + "REQUIRED" => FALSE, ], |
|
| 800 | 800 | ]; |
| 801 | 801 | |
| 802 | 802 | /** |
@@ -825,11 +825,11 @@ discard block |
||
| 825 | 825 | if (isset(\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'])) { |
| 826 | 826 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'] as $cadata) { |
| 827 | 827 | foreach ($cadata['certificates'] as $cert_files) { |
| 828 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['public']) === FALSE) { |
|
| 829 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['public'] . " "; |
|
| 828 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['public']) === FALSE) { |
|
| 829 | + $defaultvalues .= "CERTIFICATE/".$cert_files['public']." "; |
|
| 830 | 830 | } |
| 831 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['private']) === FALSE) { |
|
| 832 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['private'] . " "; |
|
| 831 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['private']) === FALSE) { |
|
| 832 | + $defaultvalues .= "CERTIFICATE/".$cert_files['private']." "; |
|
| 833 | 833 | } |
| 834 | 834 | } |
| 835 | 835 | } |
@@ -922,14 +922,14 @@ discard block |
||
| 922 | 922 | if ($global_no_cache) { |
| 923 | 923 | foreach ($Devs as $dev => $D) { |
| 924 | 924 | if (empty($D['options']['no_cache']) || $D['options']['no_cache'] != 0) { |
| 925 | - $no_cache_dev .= $dev . " "; |
|
| 925 | + $no_cache_dev .= $dev." "; |
|
| 926 | 926 | $no_cache_dev_count++; |
| 927 | 927 | } |
| 928 | 928 | } |
| 929 | 929 | } else { |
| 930 | 930 | foreach ($Devs as $dev => $D) { |
| 931 | 931 | if (!empty($D['options']['no_cache']) && $D['options']['no_cache'] != 0) { |
| 932 | - $no_cache_dev .= $dev . " "; |
|
| 932 | + $no_cache_dev .= $dev." "; |
|
| 933 | 933 | $no_cache_dev_count++; |
| 934 | 934 | } |
| 935 | 935 | } |
@@ -968,13 +968,13 @@ discard block |
||
| 968 | 968 | $mail->isHTML(FALSE); |
| 969 | 969 | $mail->CharSet = 'UTF-8'; |
| 970 | 970 | $mail->From = \config\Master::APPEARANCE['from-mail']; |
| 971 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 971 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 972 | 972 | $mail->addAddress(\config\Master::APPEARANCE['abuse-mail']); |
| 973 | 973 | $mail->Subject = "testing CAT configuration mail"; |
| 974 | 974 | $mail->Body = "Testing CAT mailing\n"; |
| 975 | 975 | $sent = $mail->send(); |
| 976 | 976 | if ($sent) { |
| 977 | - $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check " . \config\Master::APPEARANCE['abuse-mail'] . " mailbox if the message was receiced."); |
|
| 977 | + $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check ".\config\Master::APPEARANCE['abuse-mail']." mailbox if the message was receiced."); |
|
| 978 | 978 | } else { |
| 979 | 979 | $this->storeTestResult(\core\common\Entity::L_ERROR, "mailer settings failed, check the Config::MAILSETTINGS"); |
| 980 | 980 | } |
@@ -206,7 +206,7 @@ |
||
| 206 | 206 | $json_data = json_encode($returnArray); |
| 207 | 207 | |
| 208 | 208 | if ($token) { |
| 209 | - $loggerInstance->debug(4, 'JSON data written to ' .$jsonDir.'/'.$token); |
|
| 209 | + $loggerInstance->debug(4, 'JSON data written to '.$jsonDir.'/'.$token); |
|
| 210 | 210 | file_put_contents($jsonDir.'/'.$token.'/realm', $json_data); |
| 211 | 211 | } |
| 212 | 212 | header("Content-type: application/json; utf-8"); |
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 229 | 229 | } |
| 230 | 230 | // tls1_3 connections have a problem in strdout/stderr buffering |
| 231 | - $add .= ' ' . "-no_ssl3 -no_tls1_3"; |
|
| 231 | + $add .= ' '."-no_ssl3 -no_tls1_3"; |
|
| 232 | 232 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 233 | 233 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 234 | 234 | if ($cert['expected'] == 'PASS') { |
@@ -270,11 +270,11 @@ discard block |
||
| 270 | 270 | // but code analysers want this more explicit, so here is this extra |
| 271 | 271 | // call to escapeshellarg() |
| 272 | 272 | $escapedHost = escapeshellarg($host); |
| 273 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 273 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 274 | 274 | $time_start = microtime(true); |
| 275 | 275 | $opensslbabble = []; |
| 276 | 276 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 277 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 277 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 278 | 278 | $time_stop = microtime(true); |
| 279 | 279 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 280 | 280 | $testresults['returncode'] = $result; |
@@ -396,7 +396,7 @@ discard block |
||
| 396 | 396 | private function propertyCheckPolicy($cert) |
| 397 | 397 | { |
| 398 | 398 | $oids = []; |
| 399 | - if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 399 | + if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 400 | 400 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-acceptableOIDs'] as $key => $oid) { |
| 401 | 401 | if (preg_match("/Policy: $oid/", $cert['extensions']['certificatePolicies'])) { |
| 402 | 402 | $oids[$key] = $oid; |
@@ -125,6 +125,6 @@ |
||
| 125 | 125 | ]; |
| 126 | 126 | const TIMEOUTS = [ |
| 127 | 127 | 'ajax_radius_tests' => 15000, // miliseconds |
| 128 | - 'crl_download' => 10, // seconds |
|
| 128 | + 'crl_download' => 10, // seconds |
|
| 129 | 129 | ]; |
| 130 | 130 | } |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 168 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 169 | 169 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 170 | 170 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 171 | 171 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 253 | 253 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 254 | 254 | } |
| 255 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 256 | 256 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 257 | 257 | } |
| 258 | 258 | } |
@@ -278,7 +278,7 @@ discard block |
||
| 278 | 278 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 279 | 279 | $returnarray[] = $probValue; |
| 280 | 280 | } |
| 281 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 281 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 282 | 282 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 283 | 283 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 284 | 284 | } |
@@ -326,7 +326,7 @@ discard block |
||
| 326 | 326 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 327 | 327 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 328 | 328 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 329 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 329 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 330 | 330 | if ($clientcert === FALSE) { |
| 331 | 331 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 332 | 332 | } |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 336 | 336 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 337 | 337 | } |
| 338 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 357 | 357 | } |
| 358 | 358 | // first and second sub-match is the full URL... check it |
| 359 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 359 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 360 | 360 | if ($crlcontent === FALSE) { |
| 361 | 361 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 362 | 362 | } |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 372 | 372 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 373 | 373 | |
| 374 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 374 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 375 | 375 | $descriptorspec = [ |
| 376 | 376 | 0 => ["pipe", "r"], |
| 377 | 377 | 1 => ["pipe", "w"], |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $origLength = strlen($hex); |
| 410 | 410 | for ($i = 1; $i < $origLength; $i++) { |
| 411 | 411 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 412 | - $spaced .= $hex[$i] . " "; |
|
| 412 | + $spaced .= $hex[$i]." "; |
|
| 413 | 413 | } else { |
| 414 | 414 | $spaced .= $hex[$i]; |
| 415 | 415 | } |
@@ -534,19 +534,19 @@ discard block |
||
| 534 | 534 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 535 | 535 | $config = ' |
| 536 | 536 | network={ |
| 537 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 537 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 538 | 538 | key_mgmt=WPA-EAP |
| 539 | 539 | proto=WPA2 |
| 540 | 540 | pairwise=CCMP |
| 541 | 541 | group=CCMP |
| 542 | 542 | '; |
| 543 | 543 | // phase 1 |
| 544 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 544 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 545 | 545 | $logConfig = $config; |
| 546 | 546 | // phase 2 if applicable; all inner methods have passwords |
| 547 | 547 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 548 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 549 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 548 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 549 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 550 | 550 | } |
| 551 | 551 | // all methods set a password, except EAP-TLS |
| 552 | 552 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -562,11 +562,11 @@ discard block |
||
| 562 | 562 | } |
| 563 | 563 | |
| 564 | 564 | // inner identity |
| 565 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 566 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 565 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 566 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 567 | 567 | // outer identity, may be equal |
| 568 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 569 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 568 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 569 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 570 | 570 | // done |
| 571 | 571 | $config .= "}"; |
| 572 | 572 | $logConfig .= "}"; |
@@ -627,13 +627,13 @@ discard block |
||
| 627 | 627 | * @return string the command-line for eapol_test |
| 628 | 628 | */ |
| 629 | 629 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 630 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 631 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 632 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 633 | - " -o serverchain.pem" . |
|
| 634 | - " -c ./udp_login_test.conf" . |
|
| 635 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 636 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 630 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 631 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 632 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 633 | + " -o serverchain.pem". |
|
| 634 | + " -c ./udp_login_test.conf". |
|
| 635 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 636 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 637 | 637 | if ($opName) { |
| 638 | 638 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 639 | 639 | } |
@@ -662,10 +662,10 @@ discard block |
||
| 662 | 662 | * @throws Exception |
| 663 | 663 | */ |
| 664 | 664 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 665 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 665 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 666 | 666 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 667 | 667 | } |
| 668 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 668 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 669 | 669 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 670 | 670 | } |
| 671 | 671 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -679,15 +679,15 @@ discard block |
||
| 679 | 679 | } |
| 680 | 680 | if ($decoded['ca'] == 1) { |
| 681 | 681 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 682 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 683 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 682 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 683 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 684 | 684 | $catRoots[] = $decoded['pem']; |
| 685 | 685 | } else { // save the intermediates to allcerts directory |
| 686 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 686 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 687 | 687 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 688 | 688 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 689 | 689 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 690 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 690 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 691 | 691 | } |
| 692 | 692 | $catIntermediates[] = $decoded['pem']; |
| 693 | 693 | } |
@@ -696,26 +696,26 @@ discard block |
||
| 696 | 696 | // save all intermediate certificates and CRLs to separate files in |
| 697 | 697 | // both root-ca directories |
| 698 | 698 | foreach ($eapIntermediates as $index => $onePem) { |
| 699 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 701 | 701 | } |
| 702 | 702 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 703 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 703 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 705 | 705 | } |
| 706 | 706 | |
| 707 | 707 | $checkstring = ""; |
| 708 | 708 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 709 | 709 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 710 | 710 | $checkstring = "-crl_check_all"; |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
| 716 | 716 | // now c_rehash the root CA directory ... |
| 717 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 717 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 719 | 719 | return $checkstring; |
| 720 | 720 | } |
| 721 | 721 | |
@@ -746,12 +746,12 @@ discard block |
||
| 746 | 746 | // so test if there's something PEMy in the file at all |
| 747 | 747 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 748 | 748 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 749 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 752 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 749 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 752 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 755 | 755 | } |
| 756 | 756 | |
| 757 | 757 | // now we do certificate verification against the collected parents |
@@ -817,7 +817,7 @@ discard block |
||
| 817 | 817 | // we are UNHAPPY if no names match! |
| 818 | 818 | $happiness = "UNHAPPY"; |
| 819 | 819 | foreach ($this->expectedServerNames as $expectedName) { |
| 820 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 820 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 821 | 821 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 822 | 822 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 823 | 823 | $happiness = "TOTALLY"; |
@@ -861,11 +861,11 @@ discard block |
||
| 861 | 861 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 862 | 862 | // the config intentionally does not include CA checking. We do this |
| 863 | 863 | // ourselves after getting the chain with -o. |
| 864 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 864 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 865 | 865 | |
| 866 | 866 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 867 | 867 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 868 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 868 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 869 | 869 | $time_start = microtime(true); |
| 870 | 870 | $pflow = []; |
| 871 | 871 | exec($cmdline, $pflow); |
@@ -874,7 +874,7 @@ discard block |
||
| 874 | 874 | } |
| 875 | 875 | $time_stop = microtime(true); |
| 876 | 876 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 877 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 877 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 878 | 878 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 879 | 879 | return [ |
| 880 | 880 | "time" => ($time_stop - $time_start) * 1000, |
@@ -909,7 +909,7 @@ discard block |
||
| 909 | 909 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 910 | 910 | array_pop($packetflow); |
| 911 | 911 | } |
| 912 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 912 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 913 | 913 | $packetcount = array_count_values($packetflow); |
| 914 | 914 | $testresults['packetcount'] = $packetcount; |
| 915 | 915 | $testresults['packetflow'] = $packetflow; |
@@ -949,7 +949,7 @@ discard block |
||
| 949 | 949 | */ |
| 950 | 950 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) { |
| 951 | 951 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 952 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 952 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 953 | 953 | if ($negotiatedTlsVersion === FALSE) { |
| 954 | 954 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 955 | 955 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1007,7 +1007,7 @@ discard block |
||
| 1007 | 1007 | |
| 1008 | 1008 | $x509 = new \core\common\X509(); |
| 1009 | 1009 | // $eap_certarray holds all certs received in EAP conversation |
| 1010 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1010 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1011 | 1011 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1012 | 1012 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1013 | 1013 | } else { |
@@ -1037,10 +1037,10 @@ discard block |
||
| 1037 | 1037 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1038 | 1038 | $servercert[] = $cert; |
| 1039 | 1039 | if (count($servercert) == 1) { |
| 1040 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1040 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1041 | 1041 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1042 | 1042 | } |
| 1043 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1043 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1044 | 1044 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1045 | 1045 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1046 | 1046 | } |
@@ -1110,7 +1110,7 @@ discard block |
||
| 1110 | 1110 | public function autodetectCAWithProbe($outerId) { |
| 1111 | 1111 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 1112 | 1112 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 1113 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 1113 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 1114 | 1114 | if ($clientcert === FALSE) { |
| 1115 | 1115 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 1116 | 1116 | } |
@@ -1125,7 +1125,7 @@ discard block |
||
| 1125 | 1125 | $tmpDir = $temporary['dir']; |
| 1126 | 1126 | chdir($tmpDir); |
| 1127 | 1127 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1128 | - file_put_contents($tmpDir . "/client.p12", $clientcert); |
|
| 1128 | + file_put_contents($tmpDir."/client.p12", $clientcert); |
|
| 1129 | 1129 | $testresults = ['cert_oddities' => []]; |
| 1130 | 1130 | $runtime_results = $this->executeEapolTest($tmpDir, $probeindex, \core\common\EAP::EAPTYPE_ANY, $outerId, $outerId, "eaplab", FALSE, FALSE); |
| 1131 | 1131 | $packetflow_orig = $runtime_results['output']; |
@@ -1141,8 +1141,7 @@ discard block |
||
| 1141 | 1141 | // that's not the case if we do EAP-pwd or could not negotiate an EAP method at |
| 1142 | 1142 | // all |
| 1143 | 1143 | // in that case: no server CA guess possible |
| 1144 | - if (! |
|
| 1145 | - ($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1144 | + if (!($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1146 | 1145 | ) { |
| 1147 | 1146 | return RADIUSTests::RETVAL_INVALID; |
| 1148 | 1147 | } |
@@ -1182,7 +1181,7 @@ discard block |
||
| 1182 | 1181 | // trust, and custom ones we may have configured |
| 1183 | 1182 | $ourRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-custom']); |
| 1184 | 1183 | $mozillaRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-mozilla']); |
| 1185 | - $allRoots = $x509->splitCertificate($ourRoots . "\n" . $mozillaRoots); |
|
| 1184 | + $allRoots = $x509->splitCertificate($ourRoots."\n".$mozillaRoots); |
|
| 1186 | 1185 | foreach ($allRoots as $oneRoot) { |
| 1187 | 1186 | $processedRoot = $x509->processCertificate($oneRoot); |
| 1188 | 1187 | if ($processedRoot['full_details']['subject'] == $currentHighestKnownIssuer) { |
@@ -1226,7 +1225,7 @@ discard block |
||
| 1226 | 1225 | chdir($tmpDir); |
| 1227 | 1226 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1228 | 1227 | if ($clientcertdata !== NULL) { |
| 1229 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1228 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1230 | 1229 | } |
| 1231 | 1230 | $testresults = []; |
| 1232 | 1231 | // initialise the sub-array for cleaner parsing |
@@ -1331,7 +1330,7 @@ discard block |
||
| 1331 | 1330 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1332 | 1331 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1333 | 1332 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1334 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1333 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1335 | 1334 | 'sha1' => $certdata['sha1'], |
| 1336 | 1335 | 'public_key_length' => $certdata['public_key_length'], |
| 1337 | 1336 | 'extensions' => $certdata['extensions'] |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(__DIR__)) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(__DIR__))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $loggerInstance = new \core\common\Logging(); |
| 25 | 25 | |
@@ -69,13 +69,13 @@ discard block |
||
| 69 | 69 | $dnsChecksOR = new \core\diag\RFC7585Tests($check_realm, "aaa+auth:radius.tls.tcp"); |
| 70 | 70 | } |
| 71 | 71 | } else { |
| 72 | - $error_message = _("You asked for a realm check, but we don't know the realm for this profile!") . "</p>"; |
|
| 72 | + $error_message = _("You asked for a realm check, but we don't know the realm for this profile!")."</p>"; |
|
| 73 | 73 | } |
| 74 | 74 | } else { // someone else's realm, and we don't know anything about it... only shallow checks |
| 75 | 75 | $check_realm = $validator->realm($realm ?? $_SESSION['check_realm'] ?? ""); |
| 76 | 76 | if ($check_realm !== FALSE) { |
| 77 | 77 | $_SESSION['check_realm'] = $check_realm; |
| 78 | - $testsuite = new \core\diag\RADIUSTests($check_realm, "@" . $check_realm); |
|
| 78 | + $testsuite = new \core\diag\RADIUSTests($check_realm, "@".$check_realm); |
|
| 79 | 79 | $dnsChecks = new \core\diag\RFC7585Tests($check_realm); |
| 80 | 80 | } else { |
| 81 | 81 | $error_message = _("No valid realm name given, cannot execute any checks!"); |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | var listofcas = "<?php echo _("You should update your list of accredited CAs") ?>"; |
| 123 | 123 | var getitfrom = "<?php echo _("Get it from here.") ?>"; |
| 124 | 124 | var listsource = "<?php echo \config\Diagnostics::RADIUSTESTS['accreditedCAsURL'] ?>"; |
| 125 | - var moretext = "<?php echo _("more") . "»" ?>"; |
|
| 125 | + var moretext = "<?php echo _("more")."»" ?>"; |
|
| 126 | 126 | var lesstext = "<?php echo "«" ?>"; |
| 127 | 127 | var morealltext = "<?php echo _("Show detailed information for all tests") ?>"; |
| 128 | 128 | var eof_error = "<?php echo \core\diag\RADIUSTests::CERTPROB_UNEXPECTED_EOF ?>"; |
@@ -273,10 +273,10 @@ discard block |
||
| 273 | 273 | |
| 274 | 274 | cliinfo = cliinfo + '<li>'; |
| 275 | 275 | if (data.ca[key].certificate[c].finalerror && data.ca[key].certificate[c].finalerror==2) { |
| 276 | - cliinfo = cliinfo + ' <?php echo _("this test was skipped - no appropriate client certificate");?>' + '</ul></li>'; |
|
| 276 | + cliinfo = cliinfo + ' <?php echo _("this test was skipped - no appropriate client certificate"); ?>' + '</ul></li>'; |
|
| 277 | 277 | } else { |
| 278 | 278 | cliinfo = cliinfo + '<table><tbody><tr><td class="icon_td"><img class="icon" src="' + icons[level] + '" style="width: 24px;"></td><td>' + state; |
| 279 | - cliinfo = cliinfo + ' <?php echo "(" . sprintf(_("elapsed time: %sms."), "'+data.ca[key].certificate[c].time_millisec+' ") . ")"; ?>' + add + '</td></tr>'; |
|
| 279 | + cliinfo = cliinfo + ' <?php echo "(".sprintf(_("elapsed time: %sms."), "'+data.ca[key].certificate[c].time_millisec+' ").")"; ?>' + add + '</td></tr>'; |
|
| 280 | 280 | cliinfo = cliinfo + '</tbody></table></ul></li>'; |
| 281 | 281 | } |
| 282 | 282 | |
@@ -475,7 +475,7 @@ discard block |
||
| 475 | 475 | }); |
| 476 | 476 | } |
| 477 | 477 | o = o + cert_data + '</table>'; |
| 478 | - $("#eap_test" + data.hostindex).append('<strong><img style="position: relative; top: 2px;" src="' + icons[v.level] + '"><span style="position: relative; top: -5px; <?php echo $start;?>: 1em">' + v.eap + ' – <?php printf(_("elapsed time: %sms."), "'+v.time_millisec+' ") ?></span></strong><div class="more" style="padding-<?php echo $start;?>: 40px"><div class="morecontent"><div style="display:none; background: #eee;">' + o + '</div><a href="" class="morelink">' + moretext + '</a></div></div>'); |
|
| 478 | + $("#eap_test" + data.hostindex).append('<strong><img style="position: relative; top: 2px;" src="' + icons[v.level] + '"><span style="position: relative; top: -5px; <?php echo $start; ?>: 1em">' + v.eap + ' – <?php printf(_("elapsed time: %sms."), "'+v.time_millisec+' ") ?></span></strong><div class="more" style="padding-<?php echo $start; ?>: 40px"><div class="morecontent"><div style="display:none; background: #eee;">' + o + '</div><a href="" class="morelink">' + moretext + '</a></div></div>'); |
|
| 479 | 479 | }); |
| 480 | 480 | } |
| 481 | 481 | |
@@ -486,8 +486,8 @@ discard block |
||
| 486 | 486 | <?php |
| 487 | 487 | foreach (\config\Diagnostics::RADIUSTESTS['UDP-hosts'] as $hostindex => $host) { |
| 488 | 488 | print " |
| 489 | -$(\"#live_src" . $hostindex . "_img\").attr('src',icon_loading); |
|
| 490 | -$(\"#live_src" . $hostindex . "_img\").show(); |
|
| 489 | +$(\"#live_src" . $hostindex."_img\").attr('src',icon_loading); |
|
| 490 | +$(\"#live_src" . $hostindex."_img\").show(); |
|
| 491 | 491 | $.ajax({ |
| 492 | 492 | url: 'radius_tests.php?src=0&hostindex=$hostindex&realm='+realm, |
| 493 | 493 | type: 'POST', |
@@ -520,15 +520,15 @@ discard block |
||
| 520 | 520 | <?php |
| 521 | 521 | foreach (\config\Diagnostics::RADIUSTESTS['UDP-hosts'] as $hostindex => $host) { |
| 522 | 522 | if ($testedProfile !== NULL) { |
| 523 | - $extraarg = "profile_id: " . $testedProfile->identifier . ", "; |
|
| 523 | + $extraarg = "profile_id: ".$testedProfile->identifier.", "; |
|
| 524 | 524 | } else { |
| 525 | 525 | $extraarg = ""; |
| 526 | 526 | } |
| 527 | 527 | print " |
| 528 | -$(\"#src" . $hostindex . "_img\").attr('src',icon_loading); |
|
| 528 | +$(\"#src" . $hostindex."_img\").attr('src',icon_loading); |
|
| 529 | 529 | $(\"#src$hostindex\").html(''); |
| 530 | 530 | running_ajax_stat++; |
| 531 | -$.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'udp', $extraarg realm: realm, src: $hostindex, lang: '" . $gui->languageInstance->getLang() . "', hostindex: '$hostindex'}, hostindex: '$hostindex', error: error_handler, success: udp, dataType: 'json'}); |
|
| 531 | +$.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'udp', $extraarg realm: realm, src: $hostindex, lang: '".$gui->languageInstance->getLang()."', hostindex: '$hostindex'}, hostindex: '$hostindex', error: error_handler, success: udp, dataType: 'json'}); |
|
| 532 | 532 | "; |
| 533 | 533 | } |
| 534 | 534 | |
@@ -586,7 +586,7 @@ discard block |
||
| 586 | 586 | if ($check_realm === FALSE) { |
| 587 | 587 | print "<p>$error_message</p>"; |
| 588 | 588 | } else { |
| 589 | - print "<h1>" . sprintf(_("Realm testing for: %s"), $check_realm) . "</h1>\n"; |
|
| 589 | + print "<h1>".sprintf(_("Realm testing for: %s"), $check_realm)."</h1>\n"; |
|
| 590 | 590 | ?> |
| 591 | 591 | <div id="debug_out" style="display: none"></div> |
| 592 | 592 | <div id="tabs" style="min-width: 600px; max-width:1000px"> |
@@ -608,25 +608,25 @@ discard block |
||
| 608 | 608 | // NAPTR existence check |
| 609 | 609 | if ($dynType == "") { |
| 610 | 610 | $rfc7585suite = $dnsChecks; |
| 611 | - echo "<strong>" . _("DNS checks") . "</strong><div>"; |
|
| 611 | + echo "<strong>"._("DNS checks")."</strong><div>"; |
|
| 612 | 612 | } else { |
| 613 | 613 | if (count($orrealm) == 0) { |
| 614 | 614 | continue; |
| 615 | 615 | } |
| 616 | 616 | $rfc7585suite = $dnsChecksOR; |
| 617 | - echo "<strong>" . _("OpenRoaming DNS checks") . "</strong><div>"; |
|
| 617 | + echo "<strong>"._("OpenRoaming DNS checks")."</strong><div>"; |
|
| 618 | 618 | } |
| 619 | 619 | $naptr = $rfc7585suite->relevantNAPTR(); |
| 620 | 620 | if ($naptr == \core\diag\RADIUSTests::RETVAL_NOTCONFIGURED) { |
| 621 | 621 | if ($dynType == "") { |
| 622 | - echo "<tr><td>" . _("Dynamic discovery test is not configured") . "</td><td>"; |
|
| 622 | + echo "<tr><td>"._("Dynamic discovery test is not configured")."</td><td>"; |
|
| 623 | 623 | } else { |
| 624 | - echo "<tr><td>" . _("OpenRoaming connectivity test is not configured") . "</td><td>"; |
|
| 624 | + echo "<tr><td>"._("OpenRoaming connectivity test is not configured")."</td><td>"; |
|
| 625 | 625 | } |
| 626 | 626 | } else { |
| 627 | 627 | echo "<table>"; |
| 628 | 628 | // output in friendly words |
| 629 | - echo "<tr><td>" . _("Checking NAPTR existence:") . "</td><td>"; |
|
| 629 | + echo "<tr><td>"._("Checking NAPTR existence:")."</td><td>"; |
|
| 630 | 630 | switch ($naptr) { |
| 631 | 631 | case \core\diag\RFC7585Tests::RETVAL_NONAPTR: |
| 632 | 632 | echo _("This realm has no NAPTR records."); |
@@ -641,7 +641,7 @@ discard block |
||
| 641 | 641 | |
| 642 | 642 | // compliance checks for NAPTRs |
| 643 | 643 | if ($naptr > 0) { |
| 644 | - echo "<tr><td>" . _("Checking NAPTR compliance (flag = S and regex = {empty}):") . "</td><td>"; |
|
| 644 | + echo "<tr><td>"._("Checking NAPTR compliance (flag = S and regex = {empty}):")."</td><td>"; |
|
| 645 | 645 | $naptr_valid = $rfc7585suite->relevantNAPTRcompliance(); |
| 646 | 646 | switch ($naptr_valid) { |
| 647 | 647 | case \core\diag\RADIUSTests::RETVAL_OK: |
@@ -656,7 +656,7 @@ discard block |
||
| 656 | 656 | // SRV resolution |
| 657 | 657 | if ($naptr > 0 && $naptr_valid == \core\diag\RADIUSTests::RETVAL_OK) { |
| 658 | 658 | $srv = $rfc7585suite->relevantNAPTRsrvResolution(); |
| 659 | - echo "<tr><td>" . _("Checking SRVs:") . "</td><td>"; |
|
| 659 | + echo "<tr><td>"._("Checking SRVs:")."</td><td>"; |
|
| 660 | 660 | switch ($srv) { |
| 661 | 661 | case \core\diag\RADIUSTests::RETVAL_SKIPPED: |
| 662 | 662 | echo _("This check was skipped."); |
@@ -672,7 +672,7 @@ discard block |
||
| 672 | 672 | // IP addresses for the hosts |
| 673 | 673 | if ($naptr > 0 && $naptr_valid == \core\diag\RADIUSTests::RETVAL_OK && $srv > 0) { |
| 674 | 674 | $hosts = $rfc7585suite->relevantNAPTRhostnameResolution(); |
| 675 | - echo "<tr><td>" . _("Checking IP address resolution:") . "</td><td>"; |
|
| 675 | + echo "<tr><td>"._("Checking IP address resolution:")."</td><td>"; |
|
| 676 | 676 | switch ($srv) { |
| 677 | 677 | case \core\diag\RADIUSTests::RETVAL_SKIPPED: |
| 678 | 678 | echo _("This check was skipped."); |
@@ -689,12 +689,12 @@ discard block |
||
| 689 | 689 | echo "</table><br/>"; |
| 690 | 690 | if ($dynType == "") { |
| 691 | 691 | if (count($testsuite->listerrors()) == 0) { |
| 692 | - echo sprintf(_("Realm is <strong>%s</strong> "), _(($naptr > 0 ? "DYNAMIC" : "STATIC"))) . _("with no DNS errors encountered. Congratulations!"); |
|
| 692 | + echo sprintf(_("Realm is <strong>%s</strong> "), _(($naptr > 0 ? "DYNAMIC" : "STATIC")))._("with no DNS errors encountered. Congratulations!"); |
|
| 693 | 693 | } else { |
| 694 | - echo sprintf(_("Realm is <strong>%s</strong> "), _(($naptr > 0 ? "DYNAMIC" : "STATIC"))) . _("but there were DNS errors! Check them!") . " " . _("You should re-run the tests after fixing the errors; more errors might be uncovered at that point. The exact error causes are listed below."); |
|
| 694 | + echo sprintf(_("Realm is <strong>%s</strong> "), _(($naptr > 0 ? "DYNAMIC" : "STATIC")))._("but there were DNS errors! Check them!")." "._("You should re-run the tests after fixing the errors; more errors might be uncovered at that point. The exact error causes are listed below."); |
|
| 695 | 695 | echo "<div class='notacceptable'><table>"; |
| 696 | 696 | foreach ($testsuite->listerrors() as $details) { |
| 697 | - echo "<tr><td>" . $details['TYPE'] . "</td><td>" . $details['TARGET'] . "</td></tr>"; |
|
| 697 | + echo "<tr><td>".$details['TYPE']."</td><td>".$details['TARGET']."</td></tr>"; |
|
| 698 | 698 | } |
| 699 | 699 | echo "</table></div>"; |
| 700 | 700 | } |
@@ -713,7 +713,7 @@ discard block |
||
| 713 | 713 | $("#dynamic_tests").show(); |
| 714 | 714 | '; |
| 715 | 715 | foreach ($rfc7585suite->NAPTR_hostname_records as $hostindex => $addr) { |
| 716 | - $host = ($addr['family'] == "IPv6" ? "[" : "") . $addr['IP'] . ($addr['family'] == "IPv6" ? "]" : "") . ":" . $addr['port']; |
|
| 716 | + $host = ($addr['family'] == "IPv6" ? "[" : "").$addr['IP'].($addr['family'] == "IPv6" ? "]" : "").":".$addr['port']; |
|
| 717 | 717 | $expectedName = $addr['hostname']; |
| 718 | 718 | $ssltest = 1; |
| 719 | 719 | if (isset($addr['unavailable']) && $addr['unavailable']) { |
@@ -722,9 +722,9 @@ discard block |
||
| 722 | 722 | //$rfc6614suite = new \core\diag\RFC6614Tests([$host], $expectedName, $consortiumName); |
| 723 | 723 | print " |
| 724 | 724 | running_ajax_dyn++; |
| 725 | - $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'capath', realm: realm, src: '$host', lang: '" . $gui->languageInstance->getLang() . "', hostindex: '$hostindex', expectedname: '$expectedName', ssltest: $ssltest }, hostindex: '$hostindex', error: error_handler, success: capath, dataType: 'json'}); |
|
| 725 | + $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'capath', realm: realm, src: '$host', lang: '".$gui->languageInstance->getLang()."', hostindex: '$hostindex', expectedname: '$expectedName', ssltest: $ssltest }, hostindex: '$hostindex', error: error_handler, success: capath, dataType: 'json'}); |
|
| 726 | 726 | running_ajax_dyn++; |
| 727 | - $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'clients', realm: realm, src: '$host', lang: '" . $gui->languageInstance->getLang() . "', hostindex: '$hostindex', ssltest: $ssltest }, hostindex: '$hostindex', error: error_handler, success: clients, dataType: 'json'}); |
|
| 727 | + $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'clients', realm: realm, src: '$host', lang: '".$gui->languageInstance->getLang()."', hostindex: '$hostindex', ssltest: $ssltest }, hostindex: '$hostindex', error: error_handler, success: clients, dataType: 'json'}); |
|
| 728 | 728 | "; |
| 729 | 729 | } |
| 730 | 730 | echo "} |
@@ -740,11 +740,11 @@ discard block |
||
| 740 | 740 | $("#openroaming_tests").show(); |
| 741 | 741 | '; |
| 742 | 742 | foreach ($rfc7585suite->NAPTR_hostname_records as $hostindex => $addr) { |
| 743 | - $host = ($addr['family'] == "IPv6" ? "[" : "") . $addr['IP'] . ($addr['family'] == "IPv6" ? "]" : "") . ":" . $addr['port']; |
|
| 743 | + $host = ($addr['family'] == "IPv6" ? "[" : "").$addr['IP'].($addr['family'] == "IPv6" ? "]" : "").":".$addr['port']; |
|
| 744 | 744 | $expectedName = $addr['hostname']; |
| 745 | 745 | print " |
| 746 | 746 | running_ajax_openroaming++; |
| 747 | - $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'openroamingcapath', realm: realm, src: '$host', lang: '" . $gui->languageInstance->getLang() . "', hostindex: '$hostindex', expectedname: '$expectedName', ssltest: $ssltest, protocols: '$protstr' }, hostindex: '$hostindex', openroaming: true, error: error_handler, success: capath, dataType: 'json'}); |
|
| 747 | + $.ajax({url:'radius_tests.php', timeout: ajax_timeout, data:{test_type: 'openroamingcapath', realm: realm, src: '$host', lang: '".$gui->languageInstance->getLang()."', hostindex: '$hostindex', expectedname: '$expectedName', ssltest: $ssltest, protocols: '$protstr' }, hostindex: '$hostindex', openroaming: true, error: error_handler, success: capath, dataType: 'json'}); |
|
| 748 | 748 | "; |
| 749 | 749 | } |
| 750 | 750 | echo "} |
@@ -757,18 +757,18 @@ discard block |
||
| 757 | 757 | $naptrs[1] = $naptr; |
| 758 | 758 | } |
| 759 | 759 | } |
| 760 | - echo "<strong>" . _("Static connectivity tests") . "</strong> |
|
| 760 | + echo "<strong>"._("Static connectivity tests")."</strong> |
|
| 761 | 761 | <table><tr> |
| 762 | 762 | <td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='main_static_ico' class='icon'></td><td id='main_static_result' style='display:none'> </td> |
| 763 | 763 | </tr></table>"; |
| 764 | 764 | if ($naptrs[0] > 0) { |
| 765 | - echo "<hr><strong>" . _("Dynamic connectivity tests") . "</strong> |
|
| 765 | + echo "<hr><strong>"._("Dynamic connectivity tests")."</strong> |
|
| 766 | 766 | <table><tr> |
| 767 | 767 | <td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='main_dynamic_ico' class='icon'></td><td id='main_dynamic_result' style='display:none'> </td> |
| 768 | 768 | </tr></table>"; |
| 769 | 769 | } |
| 770 | 770 | if (isset($orrealm) && count($orrealm) && ($naptrs[1] > 0)) { |
| 771 | - echo "<hr><strong>" . _("OpenRoaming connectivity tests") . "</strong> |
|
| 771 | + echo "<hr><strong>"._("OpenRoaming connectivity tests")."</strong> |
|
| 772 | 772 | <table><tr> |
| 773 | 773 | <td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='main_openroaming_ico' class='icon'></td><td id='main_openroaming_result' style='display:none'> </td> |
| 774 | 774 | </tr></table>"; |
@@ -788,12 +788,12 @@ discard block |
||
| 788 | 788 | print "<p>"; |
| 789 | 789 | foreach (\config\Diagnostics::RADIUSTESTS['UDP-hosts'] as $hostindex => $host) { |
| 790 | 790 | print "<hr>"; |
| 791 | - printf(_("Testing from: %s"), "<strong>" . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$hostindex]['display_name'] . "</strong>"); |
|
| 791 | + printf(_("Testing from: %s"), "<strong>".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$hostindex]['display_name']."</strong>"); |
|
| 792 | 792 | print "<table id='results$hostindex' style='width:100%' class='udp_results'> |
| 793 | 793 | <tr> |
| 794 | -<td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='src" . $hostindex . "_img'></td> |
|
| 794 | +<td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='src".$hostindex."_img'></td> |
|
| 795 | 795 | <td id='src$hostindex' colspan=2> |
| 796 | -" . _("testing...") . " |
|
| 796 | +"._("testing...")." |
|
| 797 | 797 | </td> |
| 798 | 798 | </tr> |
| 799 | 799 | </table>"; |
@@ -804,7 +804,7 @@ discard block |
||
| 804 | 804 | |
| 805 | 805 | </div> |
| 806 | 806 | <?php |
| 807 | - for ($i=3; $i<5; $i++) { |
|
| 807 | + for ($i = 3; $i < 5; $i++) { |
|
| 808 | 808 | if ($i == 3 && $naptrs[0] <= 0) { |
| 809 | 809 | continue; |
| 810 | 810 | } |
@@ -819,15 +819,15 @@ discard block |
||
| 819 | 819 | $rfc7585suite = $dnsChecksOR; |
| 820 | 820 | } |
| 821 | 821 | ?> |
| 822 | - <div id="tabs-<?php echo $i;?>"> |
|
| 823 | - <button id="run_<?php if ($i==3) echo 'd'; else echo 'o';?>_tests"; onclick="run_<?php if ($i==3) echo 'dynamic'; else echo 'openroaming';?>()"><?php if ($i==3) echo _("Repeat dynamic connectivity tests"); else echo _("Repeat OpenRoaming connectivity tests");?></button> |
|
| 822 | + <div id="tabs-<?php echo $i; ?>"> |
|
| 823 | + <button id="run_<?php if ($i == 3) echo 'd'; else echo 'o'; ?>_tests"; onclick="run_<?php if ($i == 3) echo 'dynamic'; else echo 'openroaming'; ?>()"><?php if ($i == 3) echo _("Repeat dynamic connectivity tests"); else echo _("Repeat OpenRoaming connectivity tests"); ?></button> |
|
| 824 | 824 | |
| 825 | 825 | <?php |
| 826 | 826 | echo "<div id='"; |
| 827 | - if ($i==3) { echo 'dynamic'; } else { echo 'openroaming'; } |
|
| 827 | + if ($i == 3) { echo 'dynamic'; } else { echo 'openroaming'; } |
|
| 828 | 828 | echo "_tests'><fieldset class='option_container'> |
| 829 | 829 | <legend><strong>"; |
| 830 | - if ($i==3) { |
|
| 830 | + if ($i == 3) { |
|
| 831 | 831 | echo _("DYNAMIC connectivity tests"); |
| 832 | 832 | } else { |
| 833 | 833 | echo _("OpenRoaming connectivity tests"); |
@@ -841,11 +841,11 @@ discard block |
||
| 841 | 841 | } |
| 842 | 842 | $resultstoprint = []; |
| 843 | 843 | if (count($rfc7585suite->NAPTR_hostname_records) > 0) { |
| 844 | - $resultstoprint[] = '<div style="align:'.$end.'; display: none;" id="' . $prefix1 . '_result_fail">' . _("Some errors were found during the tests, see below") . '</div><div style="align:'.$end.'; display: none;" id="' . $prefix1 . '_result_pass">' . _("All tests passed, congratulations!") . '</div>'; |
|
| 845 | - $resultstoprint[] = '<div style="align:'.$end.';"><a href="" class="moreall">' . _('Show detailed information for all tests') . '</a></div>' . '<p><strong>' . _("Checking server handshake...") . "</strong><p>"; |
|
| 844 | + $resultstoprint[] = '<div style="align:'.$end.'; display: none;" id="'.$prefix1.'_result_fail">'._("Some errors were found during the tests, see below").'</div><div style="align:'.$end.'; display: none;" id="'.$prefix1.'_result_pass">'._("All tests passed, congratulations!").'</div>'; |
|
| 845 | + $resultstoprint[] = '<div style="align:'.$end.';"><a href="" class="moreall">'._('Show detailed information for all tests').'</a></div>'.'<p><strong>'._("Checking server handshake...")."</strong><p>"; |
|
| 846 | 846 | foreach ($rfc7585suite->NAPTR_hostname_records as $hostindex => $addr) { |
| 847 | - $bracketaddr = ($addr["family"] == "IPv6" ? "[" . $addr["IP"] . "]" : $addr["IP"]); |
|
| 848 | - $resultstoprint[] = '<p><strong>' . $bracketaddr . ' TCP/' . $addr['port'] . '</strong> (' . $addr['hostname'] . ')'; |
|
| 847 | + $bracketaddr = ($addr["family"] == "IPv6" ? "[".$addr["IP"]."]" : $addr["IP"]); |
|
| 848 | + $resultstoprint[] = '<p><strong>'.$bracketaddr.' TCP/'.$addr['port'].'</strong> ('.$addr['hostname'].')'; |
|
| 849 | 849 | $prots = []; |
| 850 | 850 | if (isset($addr['protocols'])) { |
| 851 | 851 | foreach ($addr['protocols'] as $protocol) { |
@@ -855,18 +855,18 @@ discard block |
||
| 855 | 855 | } |
| 856 | 856 | } |
| 857 | 857 | if (!empty($prots)) { |
| 858 | - $resultstoprint[] = ' ' . _("supported TLS protocols: "); |
|
| 858 | + $resultstoprint[] = ' '._("supported TLS protocols: "); |
|
| 859 | 859 | $resultstoprint[] = implode(', ', $prots); |
| 860 | 860 | if (!isset($addr['istls13']) || !$addr['istls13']) { |
| 861 | - $resultstoprint[] = ' ' . '<font color="red">' . _("not supported: ") . 'TLS1.3</font>'; |
|
| 861 | + $resultstoprint[] = ' '.'<font color="red">'._("not supported: ").'TLS1.3</font>'; |
|
| 862 | 862 | } |
| 863 | 863 | } |
| 864 | 864 | $resultstoprint[] = '<ul style="list-style-type: none;" class="caresult"><li>'; |
| 865 | - $resultstoprint[] = "<table id='" . $prefix2 . "caresults$hostindex' style='width:100%'> |
|
| 865 | + $resultstoprint[] = "<table id='".$prefix2."caresults$hostindex' style='width:100%'> |
|
| 866 | 866 | <tr> |
| 867 | -<td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='" . $prefix2 . "srcca$hostindex" . "_img'></td> |
|
| 868 | -<td id='" . $prefix2 . "srcca$hostindex'> |
|
| 869 | -" . _("testing...") . " |
|
| 867 | +<td class='icon_td'><img src='../resources/images/icons/loading51.gif' id='".$prefix2."srcca$hostindex"."_img'></td> |
|
| 868 | +<td id='" . $prefix2."srcca$hostindex'> |
|
| 869 | +"._("testing...")." |
|
| 870 | 870 | </td> |
| 871 | 871 | </tr> |
| 872 | 872 | </table>"; |
@@ -874,26 +874,26 @@ discard block |
||
| 874 | 874 | } |
| 875 | 875 | $clientstest = []; |
| 876 | 876 | foreach ($rfc7585suite->NAPTR_hostname_records as $hostindex => $addr) { |
| 877 | - $clientstest[] = '<p><strong>' . $addr['IP'] . ' TCP/' . $addr['port'] . '</strong></p><ol>'; |
|
| 878 | - $clientstest[] = "<span id='" . $prefix2 . "clientresults$hostindex'><table style='width:100%'> |
|
| 877 | + $clientstest[] = '<p><strong>'.$addr['IP'].' TCP/'.$addr['port'].'</strong></p><ol>'; |
|
| 878 | + $clientstest[] = "<span id='".$prefix2."clientresults$hostindex'><table style='width:100%'> |
|
| 879 | 879 | <tr> |
| 880 | 880 | <td class='icon_td'>"; |
| 881 | - if ($i == 4 ) { |
|
| 881 | + if ($i == 4) { |
|
| 882 | 882 | $clientstest[] = "<!--"; |
| 883 | 883 | } |
| 884 | - $clientstest[] = "<img src='../resources/images/icons/loading51.gif' id='" . $prefix2 . "srcclient$hostindex" . "_img'></td> |
|
| 885 | -<td id='" . $prefix2 . "srcclient$hostindex'> |
|
| 886 | -" . _("testing..."); |
|
| 884 | + $clientstest[] = "<img src='../resources/images/icons/loading51.gif' id='".$prefix2."srcclient$hostindex"."_img'></td> |
|
| 885 | +<td id='" . $prefix2."srcclient$hostindex'> |
|
| 886 | +"._("testing..."); |
|
| 887 | 887 | |
| 888 | - if ($i == 4 ) { |
|
| 889 | - $clientstest[] = "-->" . _("not implemented yet"); |
|
| 888 | + if ($i == 4) { |
|
| 889 | + $clientstest[] = "-->"._("not implemented yet"); |
|
| 890 | 890 | } |
| 891 | 891 | $clientstest[] = "</td></tr></table></span>"; |
| 892 | 892 | $clientstest[] = '</ol>'; |
| 893 | 893 | } |
| 894 | 894 | echo '<div style="align:'.$end.';">'; |
| 895 | 895 | echo join('', $resultstoprint); |
| 896 | - echo '<span id="' . $prefix2 . 'clientstest" style="display: none;"><p><hr><b>' . _('Checking if certificates from CAs are accepted...') . '</b><p>' . _('A few client certificates will be tested to check if servers are resistant to some certificate problems.') . '<p>'; |
|
| 896 | + echo '<span id="'.$prefix2.'clientstest" style="display: none;"><p><hr><b>'._('Checking if certificates from CAs are accepted...').'</b><p>'._('A few client certificates will be tested to check if servers are resistant to some certificate problems.').'<p>'; |
|
| 897 | 897 | print join('', $clientstest); |
| 898 | 898 | echo '</span>'; |
| 899 | 899 | echo '</div>'; |
@@ -907,7 +907,7 @@ discard block |
||
| 907 | 907 | // check if truncates/dies on Operator-Name |
| 908 | 908 | if ($my_profile !== NULL) { |
| 909 | 909 | echo "<div id='tabs-n'><fieldset class='option_container'> |
| 910 | - <legend><strong>" . _("Live login test") . "</strong></legend>"; |
|
| 910 | + <legend><strong>" . _("Live login test")."</strong></legend>"; |
|
| 911 | 911 | $prof_compl = $my_profile->getEapMethodsinOrderOfPreference(1); |
| 912 | 912 | if (count($prof_compl) > 0) { |
| 913 | 913 | $passwordReqired = FALSE; |
@@ -920,34 +920,34 @@ discard block |
||
| 920 | 920 | $clientCertRequired = TRUE; |
| 921 | 921 | } |
| 922 | 922 | } |
| 923 | - echo "<div id='disposable_credential_container'><p>" . _("If you enter an existing login credential here, you can test the actual authentication from various checkpoints all over the world.") . "</p> |
|
| 924 | - <p>" . _("The test will use all EAP types you have set in your profile information to check whether the right CAs and server names are used, and of course whether the login with these credentials and the given EAP type actually worked. If you have set anonymous outer ID, the test will use that.") . "</p> |
|
| 925 | - <p>" . _("Note: the tool purposefully does not offer you to save these credentials, and they will never be saved in any way on the server side. Please use only <strong>temporary test accounts</strong> here; permanently valid test accounts in the wild are considered harmful!") . "</p></div> |
|
| 923 | + echo "<div id='disposable_credential_container'><p>"._("If you enter an existing login credential here, you can test the actual authentication from various checkpoints all over the world.")."</p> |
|
| 924 | + <p>" . _("The test will use all EAP types you have set in your profile information to check whether the right CAs and server names are used, and of course whether the login with these credentials and the given EAP type actually worked. If you have set anonymous outer ID, the test will use that.")."</p> |
|
| 925 | + <p>" . _("Note: the tool purposefully does not offer you to save these credentials, and they will never be saved in any way on the server side. Please use only <strong>temporary test accounts</strong> here; permanently valid test accounts in the wild are considered harmful!")."</p></div> |
|
| 926 | 926 | <form enctype='multipart/form-data' id='live_form' accept-charset='UTF-8'> |
| 927 | 927 | <input type='hidden' name='test_type' value='udp_login'> |
| 928 | - <input type='hidden' name='lang' value='" . $gui->languageInstance->getLang() . "'> |
|
| 929 | - <input type='hidden' name='profile_id' value='" . $my_profile->identifier . "'> |
|
| 928 | + <input type='hidden' name='lang' value='" . $gui->languageInstance->getLang()."'> |
|
| 929 | + <input type='hidden' name='profile_id' value='" . $my_profile->identifier."'> |
|
| 930 | 930 | <table id='live_tests'>"; |
| 931 | 931 | // if any password based EAP methods are available enable this section |
| 932 | 932 | if ($passwordReqired) { |
| 933 | - echo "<tr><td colspan='2'><strong>" . _("Password-based EAP types") . "</strong></td></tr> |
|
| 934 | - <tr><td>" . _("Real (inner) username:") . "</td><td><input type='text' id='username' class='mandatory' name='username'/></td></tr>"; |
|
| 935 | - echo "<tr><td>" . _("Anonymous outer ID (optional):") . "</td><td><input type='text' id='outer_username' name='outer_username'/></td></tr>"; |
|
| 936 | - echo "<tr><td>" . _("Password:") . "</td><td><input type='text' id='password' class='mandatory' name='password'/></td></tr>"; |
|
| 933 | + echo "<tr><td colspan='2'><strong>"._("Password-based EAP types")."</strong></td></tr> |
|
| 934 | + <tr><td>" . _("Real (inner) username:")."</td><td><input type='text' id='username' class='mandatory' name='username'/></td></tr>"; |
|
| 935 | + echo "<tr><td>"._("Anonymous outer ID (optional):")."</td><td><input type='text' id='outer_username' name='outer_username'/></td></tr>"; |
|
| 936 | + echo "<tr><td>"._("Password:")."</td><td><input type='text' id='password' class='mandatory' name='password'/></td></tr>"; |
|
| 937 | 937 | } |
| 938 | 938 | // ask for cert + privkey if TLS-based method is active |
| 939 | 939 | if ($clientCertRequired) { |
| 940 | - echo "<tr><td colspan='2'><strong>" . _("Certificate-based EAP types") . "</strong></td></tr> |
|
| 941 | - <tr><td>" . _("Certificate file (.p12 or .pfx):") . "</td><td><input type='file' id='cert' accept='application/x-pkcs12' name='cert'/></td></tr> |
|
| 942 | - <tr><td>" . _("Certificate password, if any:") . "</td><td><input type='text' id='privkey' name='privkey_pass'/></td></tr> |
|
| 943 | - <tr><td>" . _("Username, if different from certificate Subject:") . "</td><td><input type='text' id='tls_username' name='tls_username'/></td></tr>"; |
|
| 940 | + echo "<tr><td colspan='2'><strong>"._("Certificate-based EAP types")."</strong></td></tr> |
|
| 941 | + <tr><td>" . _("Certificate file (.p12 or .pfx):")."</td><td><input type='file' id='cert' accept='application/x-pkcs12' name='cert'/></td></tr> |
|
| 942 | + <tr><td>" . _("Certificate password, if any:")."</td><td><input type='text' id='privkey' name='privkey_pass'/></td></tr> |
|
| 943 | + <tr><td>" . _("Username, if different from certificate Subject:")."</td><td><input type='text' id='tls_username' name='tls_username'/></td></tr>"; |
|
| 944 | 944 | } |
| 945 | - echo "<tr><td colspan='2'><button id='submit_credentials'>" . _("Submit credentials") . "</button></td></tr></table></form>"; |
|
| 945 | + echo "<tr><td colspan='2'><button id='submit_credentials'>"._("Submit credentials")."</button></td></tr></table></form>"; |
|
| 946 | 946 | echo "<div id='live_login_results' style='display:none'>"; |
| 947 | 947 | foreach (\config\Diagnostics::RADIUSTESTS['UDP-hosts'] as $hostindex => $host) { |
| 948 | 948 | print "<hr>"; |
| 949 | - printf(_("Testing from: %s"), "<strong>" . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$hostindex]['display_name'] . "</strong>"); |
|
| 950 | - print "<span style='position:relative'><img src='../resources/images/icons/loading51.gif' id='live_src" . $hostindex . "_img' style='width:24px; position: absolute; $start: 20px; bottom: 0px; '></span>"; |
|
| 949 | + printf(_("Testing from: %s"), "<strong>".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$hostindex]['display_name']."</strong>"); |
|
| 950 | + print "<span style='position:relative'><img src='../resources/images/icons/loading51.gif' id='live_src".$hostindex."_img' style='width:24px; position: absolute; $start: 20px; bottom: 0px; '></span>"; |
|
| 951 | 951 | print "<div id='eap_test$hostindex' class='eap_test_results'></div>"; |
| 952 | 952 | } |
| 953 | 953 | echo "</div>"; |
@@ -962,9 +962,9 @@ discard block |
||
| 962 | 962 | } |
| 963 | 963 | |
| 964 | 964 | if (isset($_POST['comefrom'])) { |
| 965 | - $return = htmlspecialchars_decode($_POST['comefrom']) . ( $inst_id ? "?inst_id=" . $inst_id : "" ); |
|
| 965 | + $return = htmlspecialchars_decode($_POST['comefrom']).($inst_id ? "?inst_id=".$inst_id : ""); |
|
| 966 | 966 | echo "<form method='post' action='$return' accept-charset='UTF-8'> |
| 967 | - <button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_CLOSE . "'>" . sprintf(_("Return to %s administrator area"), core\common\Entity::$nomenclature_idp) . "</button>" |
|
| 967 | + <button type='submit' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_CLOSE."'>".sprintf(_("Return to %s administrator area"), core\common\Entity::$nomenclature_idp)."</button>" |
|
| 968 | 968 | . "</form>"; |
| 969 | 969 | } |
| 970 | 970 | if ($check_realm !== FALSE) { |
@@ -174,7 +174,7 @@ discard block |
||
| 174 | 174 | 'bg' => ['display' => 'Български', 'locale' => 'bg_BG.utf8', 'latin_based' => FALSE, 'rtl' => FALSE], |
| 175 | 175 | 'ca' => ['display' => 'Català', 'locale' => 'ca_ES.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
| 176 | 176 | 'cs' => ['display' => 'Čeština', 'locale' => 'cs_CZ.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
| 177 | - 'cy' => ['display' => 'Cymraeg', 'locale' => 'cy_GB.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
|
| 177 | + 'cy' => ['display' => 'Cymraeg', 'locale' => 'cy_GB.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
|
| 178 | 178 | 'de' => ['display' => 'Deutsch', 'locale' => 'de_DE.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
| 179 | 179 | 'el' => ['display' => 'Ελληνικά', 'locale' => 'el_GR.utf8', 'latin_based' => FALSE, 'rtl' => FALSE], |
| 180 | 180 | 'en' => ['display' => 'English(GB)', 'locale' => 'en_GB.utf8', 'latin_based' => TRUE, 'rtl' => FALSE], |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | 'db' => 'cat', |
| 222 | 222 | 'user' => 'kitty', |
| 223 | 223 | 'pass' => 'somepass', |
| 224 | - 'readonly' => FALSE,], |
|
| 224 | + 'readonly' => FALSE, ], |
|
| 225 | 225 | // this DB stores diagnostics data. The connection details can be |
| 226 | 226 | // identical to INST as there is no table overlap |
| 227 | 227 | 'DIAGNOSTICS' => [ |
@@ -229,7 +229,7 @@ discard block |
||
| 229 | 229 | 'db' => 'cat', |
| 230 | 230 | 'user' => 'kitty', |
| 231 | 231 | 'pass' => 'somepass', |
| 232 | - 'readonly' => FALSE,], |
|
| 232 | + 'readonly' => FALSE, ], |
|
| 233 | 233 | // this slice of DB user is about the downloads table. The corresponding |
| 234 | 234 | // DB user should have write access to update statistics and the cache |
| 235 | 235 | // locations of installers. |
@@ -239,7 +239,7 @@ discard block |
||
| 239 | 239 | 'db' => 'cat', |
| 240 | 240 | 'user' => 'kitty', |
| 241 | 241 | 'pass' => 'somepass', |
| 242 | - 'readonly' => FALSE,], |
|
| 242 | + 'readonly' => FALSE, ], |
|
| 243 | 243 | // this slice of DB use is about user management in the user_options |
| 244 | 244 | // table. Giving the corresponding user only read-only access means that |
| 245 | 245 | // all user properties have to "magically" occur in the table by OOB |
@@ -250,7 +250,7 @@ discard block |
||
| 250 | 250 | 'db' => 'cat', |
| 251 | 251 | 'user' => 'kitty', |
| 252 | 252 | 'pass' => 'somepass', |
| 253 | - 'readonly' => FALSE,], |
|
| 253 | + 'readonly' => FALSE, ], |
|
| 254 | 254 | /* If you use this tool in conjunction with an external customer management database, you can configure that every |
| 255 | 255 | * institution entry in CAT MUST correspond to a customer entry in an external database. If you want this, set this |
| 256 | 256 | * config variable to TRUE. |
@@ -276,7 +276,7 @@ discard block |
||
| 276 | 276 | 'db' => 'customer_db', |
| 277 | 277 | 'user' => 'customerservice', |
| 278 | 278 | 'pass' => '2lame4u', |
| 279 | - 'readonly' => TRUE,], |
|
| 279 | + 'readonly' => TRUE, ], |
|
| 280 | 280 | /* |
| 281 | 281 | * EXTERNAL_SOURCE is the source only used in the caching script, if you |
| 282 | 282 | * do not use local caching then these settings are irrelevant |
@@ -286,7 +286,7 @@ discard block |
||
| 286 | 286 | 'db' => 'customer_db', |
| 287 | 287 | 'user' => 'customerservice', |
| 288 | 288 | 'pass' => '2lame4u', |
| 289 | - 'readonly' => TRUE,], |
|
| 289 | + 'readonly' => TRUE, ], |
|
| 290 | 290 | |
| 291 | 291 | 'enforce-external-sync' => TRUE, |
| 292 | 292 | ]; |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | */ |
| 28 | 28 | ?> |
| 29 | 29 | <?php |
| 30 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 30 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 31 | 31 | $auth = new \web\lib\admin\Authentication(); |
| 32 | 32 | $deco = new \web\lib\admin\PageDecoration(); |
| 33 | 33 | $validator = new \web\lib\common\InputValidation(); |
@@ -105,10 +105,10 @@ discard block |
||
| 105 | 105 | $fed = $validator->existingFederation($_POST['NRO-list']); |
| 106 | 106 | $country = strtoupper($fed->tld); |
| 107 | 107 | $DN[] = "C=$country"; |
| 108 | - $DN[] = "O=NRO of " . iconv('UTF-8', 'ASCII//TRANSLIT', $cat->knownFederations[strtoupper($fed->tld)]); |
|
| 108 | + $DN[] = "O=NRO of ".iconv('UTF-8', 'ASCII//TRANSLIT', $cat->knownFederations[strtoupper($fed->tld)]); |
|
| 109 | 109 | $serverInfo = $externalDb->listExternalTlsServersFederation($fed->tld); |
| 110 | 110 | $serverList = explode(",", array_key_first($serverInfo)); |
| 111 | - $DN[] = "CN=" . $serverList[0]; |
|
| 111 | + $DN[] = "CN=".$serverList[0]; |
|
| 112 | 112 | $policies[] = "eduroam IdP"; |
| 113 | 113 | $policies[] = "eduroam SP"; |
| 114 | 114 | $firstName = $serverInfo[array_key_first($serverInfo)][0]["name"]; |
@@ -135,14 +135,14 @@ discard block |
||
| 135 | 135 | $modou = 1; |
| 136 | 136 | $ou = str_replace(",", "/,", $ou); |
| 137 | 137 | } |
| 138 | - $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 138 | + $ou = preg_replace('/\s+/', ' ', $ou); |
|
| 139 | 139 | if (strlen($ou) >= 64) { |
| 140 | 140 | $ou = substr($ou, 0, 64); |
| 141 | 141 | $modou += 2; |
| 142 | 142 | } |
| 143 | 143 | $DN[] = "O=".iconv('UTF-8', 'ASCII//TRANSLIT', $ou); |
| 144 | 144 | $serverList = explode(",", $serverInfo["servers"]); |
| 145 | - $DN[] = "CN=" . $serverList[0]; |
|
| 145 | + $DN[] = "CN=".$serverList[0]; |
|
| 146 | 146 | switch ($serverInfo["type"]) { |
| 147 | 147 | case core\IdP::TYPE_IDPSP: |
| 148 | 148 | $policies[] = "eduroam IdP"; |
@@ -161,13 +161,13 @@ discard block |
||
| 161 | 161 | default: |
| 162 | 162 | throw new Exception("Sorry: Unknown level of issuance requested."); |
| 163 | 163 | } |
| 164 | - echo "<p style='font-size: large'>" . _("Requesting a certificate with the following properties"); |
|
| 164 | + echo "<p style='font-size: large'>"._("Requesting a certificate with the following properties"); |
|
| 165 | 165 | echo "<ul>"; |
| 166 | - echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
|
| 167 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN); |
|
| 166 | + echo "<li>"._("Policy OIDs: ").implode(", ", $policies)."</li>"; |
|
| 167 | + echo "<li>"._("Distinguished Name: ").implode(", ", $DN); |
|
| 168 | 168 | if ($modou > 0) { |
| 169 | 169 | echo " ("; |
| 170 | - echo _("Organization field adjusted"). ': '; |
|
| 170 | + echo _("Organization field adjusted").': '; |
|
| 171 | 171 | $desc = array(); |
| 172 | 172 | if ($modou >= 2) { |
| 173 | 173 | $desc[] = _("truncated to 64 chars"); |
@@ -179,8 +179,8 @@ discard block |
||
| 179 | 179 | echo ")"; |
| 180 | 180 | } |
| 181 | 181 | echo "</li>"; |
| 182 | - echo "<li>" . _("subjectAltName:DNS : ") . implode(", ", $serverList) . "</li>"; |
|
| 183 | - echo "<li>" . _("Requester Contact Details: ") . $firstName . " <" . $firstMail . ">" . "</li>"; |
|
| 182 | + echo "<li>"._("subjectAltName:DNS : ").implode(", ", $serverList)."</li>"; |
|
| 183 | + echo "<li>"._("Requester Contact Details: ").$firstName." <".$firstMail.">"."</li>"; |
|
| 184 | 184 | echo "</ul></p>"; |
| 185 | 185 | |
| 186 | 186 | $vettedCsr = $validator->string($_POST['CSR'], true); |
@@ -196,7 +196,7 @@ discard block |
||
| 196 | 196 | $loggerInstance->debug(2, $DN, "CERT DN: ", "\n"); |
| 197 | 197 | // our certs can be good for max 5 years |
| 198 | 198 | $fed->requestCertificate($user->identifier, $newCsrWithMeta, $expiryDays); |
| 199 | - echo "<p>" . _("The certificate was requested.") . "</p>"; |
|
| 199 | + echo "<p>"._("The certificate was requested.")."</p>"; |
|
| 200 | 200 | ?> |
| 201 | 201 | <form action="overview_certificates.php" method="GET"> |
| 202 | 202 | <button type="submit"><?php echo _("Back to Certificate Overview"); ?></button> |
@@ -214,23 +214,23 @@ discard block |
||
| 214 | 214 | switch (count($feds)) { |
| 215 | 215 | case 0: |
| 216 | 216 | echo "<div>"; |
| 217 | - echo $uiElements->boxRemark("<strong>" . sprintf(_("None of your %s servers has complete information in the database."),$uiElements->nomenclatureFed)."</strong>" . _("At least the DNS names of TLS servers and a role-based contact mail address are required.")); |
|
| 217 | + echo $uiElements->boxRemark("<strong>".sprintf(_("None of your %s servers has complete information in the database."), $uiElements->nomenclatureFed)."</strong>"._("At least the DNS names of TLS servers and a role-based contact mail address are required.")); |
|
| 218 | 218 | echo "</div>"; |
| 219 | 219 | break; |
| 220 | 220 | case 1: |
| 221 | - echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>' . sprintf(_("Certificate for %s") ." ", $uiElements->nomenclatureFed) . '</input>'; |
|
| 222 | - echo " <strong>" . $cat->knownFederations[$feds[0]->tld] . "</strong>"; |
|
| 223 | - echo '<input type="hidden" name="NRO-list" id="NRO-list" value="' . $feds[0]->tld . '"/>'; |
|
| 221 | + echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>'.sprintf(_("Certificate for %s")." ", $uiElements->nomenclatureFed).'</input>'; |
|
| 222 | + echo " <strong>".$cat->knownFederations[$feds[0]->tld]."</strong>"; |
|
| 223 | + echo '<input type="hidden" name="NRO-list" id="NRO-list" value="'.$feds[0]->tld.'"/>'; |
|
| 224 | 224 | break; |
| 225 | 225 | default: |
| 226 | - echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>' . sprintf(_("Certificate for %s") ." ", $uiElements->nomenclatureFed) . '</input>'; |
|
| 226 | + echo '<input type="radio" name="LEVEL" id="NRO" value="NRO" checked>'.sprintf(_("Certificate for %s")." ", $uiElements->nomenclatureFed).'</input>'; |
|
| 227 | 227 | ?> |
| 228 | 228 | <select name="NRO-list" id="NRO-list"> |
| 229 | 229 | <option value="notset"><?php echo _("---PLEASE CHOOSE---"); ?></option> |
| 230 | 230 | <?php |
| 231 | 231 | foreach ($feds as $oneFed) { |
| 232 | 232 | #echo '<option value="' . strtoupper($oneFed->tld) . '">' . $cat->knownFederations[$oneFed->tld] . "</option>"; |
| 233 | - echo '<option value="AAA' . strtoupper($oneFed->tld) . '">' . $oneIdP["names"][$langObject->getLang()] . "</option>"; |
|
| 233 | + echo '<option value="AAA'.strtoupper($oneFed->tld).'">'.$oneIdP["names"][$langObject->getLang()]."</option>"; |
|
| 234 | 234 | |
| 235 | 235 | } |
| 236 | 236 | ?> |
@@ -241,13 +241,13 @@ discard block |
||
| 241 | 241 | ?> |
| 242 | 242 | <script> |
| 243 | 243 | var instservers = []; |
| 244 | - var nroservers = '<?php echo str_replace(",", ", ", array_key_first($serverInfo));?>'; |
|
| 244 | + var nroservers = '<?php echo str_replace(",", ", ", array_key_first($serverInfo)); ?>'; |
|
| 245 | 245 | <?php |
| 246 | 246 | $allIdPs = []; |
| 247 | 247 | foreach ($allAuthorizedFeds as $oneFed) { |
| 248 | 248 | foreach ($externalDb->listExternalTlsServersInstitution($oneFed['value']) as $id => $oneIdP) { |
| 249 | - $allIdPs[$id] = '[' . substr($id, 0, 2) . '] ' . $oneIdP["names"][$langObject->getLang()]; |
|
| 250 | - echo "instservers['" . $id . "']='" . str_replace(",", ", ", $oneIdP["servers"]) . "';\n"; |
|
| 249 | + $allIdPs[$id] = '['.substr($id, 0, 2).'] '.$oneIdP["names"][$langObject->getLang()]; |
|
| 250 | + echo "instservers['".$id."']='".str_replace(",", ", ", $oneIdP["servers"])."';\n"; |
|
| 251 | 251 | } |
| 252 | 252 | } |
| 253 | 253 | ?> |
@@ -275,7 +275,7 @@ discard block |
||
| 275 | 275 | <option value="notset"><?php echo _("---PLEASE CHOOSE---"); ?></option> |
| 276 | 276 | <?php |
| 277 | 277 | foreach ($allIdPs as $id => $name) { |
| 278 | - echo '<option value="' . $id . '">' . $name . "</option>"; |
|
| 278 | + echo '<option value="'.$id.'">'.$name."</option>"; |
|
| 279 | 279 | } |
| 280 | 280 | ?> |
| 281 | 281 | </select> |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | <?php |
| 285 | 285 | echo _('According to the above settings you will receive') |
| 286 | 286 | ?> |
| 287 | - <span id='certlevel'><?php echo _('NRO level certificate');?></span> |
|
| 287 | + <span id='certlevel'><?php echo _('NRO level certificate'); ?></span> |
|
| 288 | 288 | |
| 289 | 289 | </span>for server names: |
| 290 | 290 | <span id='serversinfo'><?php echo str_replace(",", ", ", array_key_first($serverInfo)); ?></span> |
@@ -292,7 +292,7 @@ discard block |
||
| 292 | 292 | <?php |
| 293 | 293 | } else { |
| 294 | 294 | echo "<div>"; |
| 295 | - echo $uiElements->boxRemark(sprintf(_("<strong>No organisation inside your %s has complete information in the database</strong>."." "._("At least the DNS names of TLS servers and a role-based contact mail address are required.")),$uiElements->nomenclatureFed), "No TLS capable org!", true); |
|
| 295 | + echo $uiElements->boxRemark(sprintf(_("<strong>No organisation inside your %s has complete information in the database</strong>."." "._("At least the DNS names of TLS servers and a role-based contact mail address are required.")), $uiElements->nomenclatureFed), "No TLS capable org!", true); |
|
| 296 | 296 | echo "</div>"; |
| 297 | 297 | } |
| 298 | 298 | ?> |
@@ -302,7 +302,7 @@ discard block |
||
| 302 | 302 | <h2><?php echo _("2. CSR generation"); ?></h2> |
| 303 | 303 | <p><?php echo _("One way to generate an acceptable certificate request is via this openssl one-liner:"); ?></p> |
| 304 | 304 | <?php |
| 305 | - echo "openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /". implode('/', array_reverse($DN)) ."/C=XY/O=WillBeReplaced/CN=will.be.replaced"; |
|
| 305 | + echo "openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /".implode('/', array_reverse($DN))."/C=XY/O=WillBeReplaced/CN=will.be.replaced"; |
|
| 306 | 306 | ?> |
| 307 | 307 | <h2><?php echo _("3. Submission"); ?></h2> |
| 308 | 308 | <?php echo _("Please paste your CSR here:"); ?><br/><textarea name="CSR" id="CSR" rows="20" cols="85"/></textarea><br/> |
@@ -331,7 +331,7 @@ discard block |
||
| 331 | 331 | // for now (no OpenRoaming client certs available) only run server-side tests |
| 332 | 332 | foreach ($listOfIPs as $oneIP) { |
| 333 | 333 | $connectionResult = $connectionTests->cApathCheck($oneIP); |
| 334 | - if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 334 | + if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 335 | 335 | $allHostsOkay = FALSE; |
| 336 | 336 | } else { |
| 337 | 337 | $oneHostOkay = TRUE; |
@@ -945,7 +945,7 @@ discard block |
||
| 945 | 945 | $profileStatus = self::CERT_STATUS_NONE; |
| 946 | 946 | foreach ($rows as $row) { |
| 947 | 947 | $encodedCert = $row[0]; |
| 948 | - $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t']- time(); |
|
| 948 | + $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t'] - time(); |
|
| 949 | 949 | if ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_critical']) { |
| 950 | 950 | $certStatus = self::CERT_STATUS_ERROR; |
| 951 | 951 | } elseif ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_warning']) { |
