GEANT /
CAT
@@ -17,9 +17,9 @@ discard block |
||
| 17 | 17 | class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface |
| 18 | 18 | { |
| 19 | 19 | |
| 20 | - private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | - private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | - private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 20 | + private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 21 | + private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 22 | + private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 23 | 23 | private const EDUPKI_RA_ID = 700; |
| 24 | 24 | private const EDUPKI_CERT_PROFILE = "Radius Server SOAP"; |
| 25 | 25 | private const EDUPKI_RA_PKEY_PASSPHRASE = "..."; |
@@ -35,13 +35,13 @@ discard block |
||
| 35 | 35 | parent::__construct(); |
| 36 | 36 | |
| 37 | 37 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) { |
| 38 | - throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 38 | + throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT); |
|
| 39 | 39 | } |
| 40 | 40 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) { |
| 41 | - throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 41 | + throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY); |
|
| 42 | 42 | } |
| 43 | 43 | if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) { |
| 44 | - throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 44 | + throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT); |
|
| 45 | 45 | } |
| 46 | 46 | } |
| 47 | 47 | |
@@ -99,22 +99,22 @@ discard block |
||
| 99 | 99 | // initialise connection to eduPKI CA / eduroam RA and send the request to them |
| 100 | 100 | try { |
| 101 | 101 | $altArray = [# Array mit den Subject Alternative Names |
| 102 | - "email:" . $csr["USERMAIL"] |
|
| 102 | + "email:".$csr["USERMAIL"] |
|
| 103 | 103 | ]; |
| 104 | 104 | foreach ($csr["ALTNAMES"] as $oneAltName) { |
| 105 | - $altArray[] = "DNS:" . $oneAltName; |
|
| 105 | + $altArray[] = "DNS:".$oneAltName; |
|
| 106 | 106 | } |
| 107 | 107 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 108 | 108 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 109 | - $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n"); |
|
| 110 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 109 | + $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n"); |
|
| 110 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 111 | 111 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 112 | 112 | $this->loggerInstance->debug(5, $altArray); |
| 113 | - $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n"); |
|
| 114 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 115 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 116 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 117 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 113 | + $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n"); |
|
| 114 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 115 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 116 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 117 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 118 | 118 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 119 | 119 | $soapNewRequest = $soapPub->newRequest( |
| 120 | 120 | CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID |
@@ -136,11 +136,11 @@ discard block |
||
| 136 | 136 | } catch (Exception $e) { |
| 137 | 137 | // PHP 7.1 can do this much better |
| 138 | 138 | if (is_soap_fault($e)) { |
| 139 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 139 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 140 | 140 | $e->faultstring |
| 141 | 141 | }\n"); |
| 142 | 142 | } |
| 143 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 143 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 144 | 144 | } |
| 145 | 145 | try { |
| 146 | 146 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -174,7 +174,7 @@ discard block |
||
| 174 | 174 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 175 | 175 | // rather than just using the string. Grr. |
| 176 | 176 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 177 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 177 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 178 | 178 | // retrieve our RA cert from filesystem |
| 179 | 179 | // the RA certificates are not needed right now because we |
| 180 | 180 | // have resorted to S/MIME signatures with openssl command-line |
@@ -186,7 +186,7 @@ discard block |
||
| 186 | 186 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 187 | 187 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 188 | 188 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 189 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 189 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 190 | 190 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 191 | 191 | $output = []; |
| 192 | 192 | $return = 999; |
@@ -195,21 +195,21 @@ discard block |
||
| 195 | 195 | throw new Exception("Non-zero return value from openssl smime!"); |
| 196 | 196 | } |
| 197 | 197 | // and get the signature blob back from the filesystem |
| 198 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 198 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 199 | 199 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 200 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 201 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 202 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 200 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 201 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 202 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 203 | 203 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 204 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 205 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 204 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 205 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 206 | 206 | if ($soapIssueCert === FALSE) { |
| 207 | 207 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 208 | 208 | } |
| 209 | 209 | } catch (SoapFault $e) { |
| 210 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 210 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 211 | 211 | } catch (Exception $e) { |
| 212 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 212 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 213 | 213 | } |
| 214 | 214 | return $soapReqnum; |
| 215 | 215 | } |
@@ -261,9 +261,9 @@ discard block |
||
| 261 | 261 | throw new Exception("CAInfo has no root certificate for us!"); |
| 262 | 262 | } |
| 263 | 263 | } catch (SoapFault $e) { |
| 264 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 264 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 265 | 265 | } catch (Exception $e) { |
| 266 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 266 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 267 | 267 | } |
| 268 | 268 | return [ |
| 269 | 269 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -296,12 +296,12 @@ discard block |
||
| 296 | 296 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 297 | 297 | // rather than just using the string. Grr. |
| 298 | 298 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 299 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 299 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 300 | 300 | // retrieve our RA cert from filesystem |
| 301 | 301 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 302 | 302 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 303 | 303 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 304 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 304 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT; |
|
| 305 | 305 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 306 | 306 | $output = []; |
| 307 | 307 | $return = 999; |
@@ -310,7 +310,7 @@ discard block |
||
| 310 | 310 | throw new Exception("Non-zero return value from openssl smime!"); |
| 311 | 311 | } |
| 312 | 312 | // and get the signature blob back from the filesystem |
| 313 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 313 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 314 | 314 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 315 | 315 | if ($soapIssueRev === FALSE) { |
| 316 | 316 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -318,9 +318,9 @@ discard block |
||
| 318 | 318 | } catch (Exception $e) { |
| 319 | 319 | // PHP 7.1 can do this much better |
| 320 | 320 | if (is_soap_fault($e)) { |
| 321 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 321 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 322 | 322 | } |
| 323 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 323 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 324 | 324 | } |
| 325 | 325 | } |
| 326 | 326 | |
@@ -420,9 +420,9 @@ discard block |
||
| 420 | 420 | */ |
| 421 | 421 | public function soapToXmlInteger($x) |
| 422 | 422 | { |
| 423 | - return '<' . $x[0] . '>' |
|
| 423 | + return '<'.$x[0].'>' |
|
| 424 | 424 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 425 | - . '</' . $x[0] . '>'; |
|
| 425 | + . '</'.$x[0].'>'; |
|
| 426 | 426 | } |
| 427 | 427 | |
| 428 | 428 | /** |
@@ -441,9 +441,9 @@ discard block |
||
| 441 | 441 | // dump private key into directory |
| 442 | 442 | $outstring = ""; |
| 443 | 443 | openssl_pkey_export($privateKey, $outstring); |
| 444 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 444 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 445 | 445 | // PHP can only do one DC in the Subject. But we need three. |
| 446 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 446 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 447 | 447 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 448 | 448 | $output = []; |
| 449 | 449 | $return = 999; |
@@ -126,7 +126,7 @@ discard block |
||
| 126 | 126 | return $this->counter; |
| 127 | 127 | } |
| 128 | 128 | |
| 129 | - $cachedNumber = @file_get_contents(ROOT . "/var/tmp/cachedSPNumber.serialised"); |
|
| 129 | + $cachedNumber = @file_get_contents(ROOT."/var/tmp/cachedSPNumber.serialised"); |
|
| 130 | 130 | if ($cachedNumber !== FALSE) { |
| 131 | 131 | $numberData = unserialize($cachedNumber); |
| 132 | 132 | $now = new \DateTime(); |
@@ -139,7 +139,7 @@ discard block |
||
| 139 | 139 | } else { // data in cache is too old or doesn't exist. We really need to ask the database |
| 140 | 140 | $list = $this->listAllServiceProviders(); |
| 141 | 141 | $this->counter = count($list); |
| 142 | - file_put_contents(ROOT . "/var/tmp/cachedSPNumber.serialised", serialize(["number" => $this->counter, "timestamp" => new \DateTime()])); |
|
| 142 | + file_put_contents(ROOT."/var/tmp/cachedSPNumber.serialised", serialize(["number" => $this->counter, "timestamp" => new \DateTime()])); |
|
| 143 | 143 | return $this->counter; |
| 144 | 144 | } |
| 145 | 145 | } |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | $returnarray = []; |
| 189 | 189 | $query = "SELECT id_institution AS id, country, inst_realm as realmlist, name AS collapsed_name, contact AS collapsed_contact, type FROM view_active_institution WHERE country = ?"; |
| 190 | 190 | if ($eduroamDbType !== NULL) { |
| 191 | - $query .= " AND ( type = '" . ExternalEduroamDBData::TYPE_IDPSP . "' OR type = '" . $eduroamDbType . "')"; |
|
| 191 | + $query .= " AND ( type = '".ExternalEduroamDBData::TYPE_IDPSP."' OR type = '".$eduroamDbType."')"; |
|
| 192 | 192 | } |
| 193 | 193 | $externals = $this->db->exec($query, "s", $tld); |
| 194 | 194 | // was a SELECT query, so a resource and not a boolean |
@@ -291,7 +291,7 @@ discard block |
||
| 291 | 291 | $instServerTransaction = $this->db->exec($query, "s", $tld); |
| 292 | 292 | while ($instServerResponses = mysqli_fetch_object(/** @scrutinizer ignore-type */ $instServerTransaction)) { |
| 293 | 293 | $contactList = $this->dissectCollapsedContacts($instServerResponses->contacts); |
| 294 | - $retval[$instServerResponses->ROid . $instServerResponses->instid] = [ |
|
| 294 | + $retval[$instServerResponses->ROid.$instServerResponses->instid] = [ |
|
| 295 | 295 | "names" => splitNames($instServerResponses->inst_name), |
| 296 | 296 | "type" => $instServerResponses->type, |
| 297 | 297 | "servers" => $instServerResponses->servers, |
