View GitHub Repository CAT

Schedule Inspection
Subscribe
Passed
Push — master ( a08f00...1be873 )
by Stefan
06:49
created
Status
Category
Toggle Patches
core/CertficationAuthorityEduPki.php 1 patch
Spacing   +37 added lines, -37 removed lines patch added patch discarded remove patch 
@@ -16,9 +16,9 @@  discard block
 
 block discarded – undo
16 16
17 17 
 class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface {
18 18
19 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
20 
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
21 
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
19 
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
20 
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
21 
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
22 22 
     private const EDUPKI_RA_ID = 700;
23 23 
     private const EDUPKI_CERT_PROFILE = "User SOAP";
24 24 
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
 
@@ -28,13 +28,13 @@  discard block
 
 block discarded – undo
28 28 
         parent::__construct();
29 29
30 30 
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) {
31 
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT);
31 
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT);
32 32 
         }
33 33 
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) {
34 
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY);
34 
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY);
35 35 
         }
36 36 
         if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) {
37 
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT);
37 
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT);
38 38 
         }
39 39 
     }
40 40 
 
@@ -48,19 +48,19 @@  discard block
 
 block discarded – undo
48 48 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
49 49 
         try {
50 50 
             $altArray = [# Array mit den Subject Alternative Names
51 
-                "email:" . $csr["USERNAME"]
51 
+                "email:".$csr["USERNAME"]
52 52 
             ];
53 53 
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
54 54 
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
55 
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n");
56 
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR"] . "\n");
55 
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n");
56 
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR"]."\n");
57 57 
             $this->loggerInstance->debug(5, "PARAM_3: ");
58 58 
             $this->loggerInstance->debug(5, $altArray);
59 
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n");
60 
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
61 
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
62 
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n");
63 
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
59 
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n");
60 
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
61 
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
62 
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n");
63 
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
64 64 
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
65 65 
             $soapNewRequest = $soapPub->newRequest(
66 66 
                     CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID
 
@@ -82,11 +82,11 @@  discard block
 
 block discarded – undo
82 82 
         } catch (Exception $e) {
83 83 
             // PHP 7.1 can do this much better
84 84 
             if (is_soap_fault($e)) {
85 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
85 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
86 86 
                     $e->faultstring
87 87 
                 }\n");
88 88 
             }
89 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
89 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
90 90 
         }
91 91 
         try {
92 92 
             $soap = $this->initEduPKISoapSession("RA");
 
@@ -98,8 +98,8 @@  discard block
 
 block discarded – undo
98 98 
                     $soapReqnum, [
99 99 
                 "RaID" => CertificationAuthorityEduPki::EDUPKI_RA_ID,
100 100 
                 "Role" => CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE,
101 
-                "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'],
102 
-                "SubjectAltNames" => ["email:" . $csr["USERNAME"]],
101 
+                "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'],
102 
+                "SubjectAltNames" => ["email:".$csr["USERNAME"]],
103 103 
                 "NotBefore" => (new \DateTime())->format('c'),
104 104 
                 "NotAfter" => $expiry->format('c'),
105 105 
                     ]
 
@@ -118,7 +118,7 @@  discard block
 
 block discarded – undo
118 118 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
119 119 
             // rather than just using the string. Grr.
120 120 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
121 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
121 
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
122 122 
             // retrieve our RA cert from filesystem
123 123 
             // the RA certificates are not needed right now because we
124 124 
             // have resorted to S/MIME signatures with openssl command-line
 
@@ -130,7 +130,7 @@  discard block
 
 block discarded – undo
130 130 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
131 131 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
132 132 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
133 
-            $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
133 
+            $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
134 134 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
135 135 
             $output = [];
136 136 
             $return = 999;
 
@@ -139,14 +139,14 @@  discard block
 
 block discarded – undo
139 139 
                 throw new Exception("Non-zero return value from openssl smime!");
140 140 
             }
141 141 
             // and get the signature blob back from the filesystem
142 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
142 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
143 143 
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
144 
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
145 
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
146 
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
144 
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
145 
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
146 
+            $this->loggerInstance->debug(5, $detachedSig."\n");
147 147 
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
148 
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
149 
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
148 
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
149 
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
150 150 
             if ($soapIssueCert === FALSE) {
151 151 
                 throw new Exception("The locally approved request was NOT processed by the CA.");
152 152 
             }
 
@@ -183,9 +183,9 @@  discard block
 
 block discarded – undo
183 183 
                 throw new Exception("CAInfo has no root certificate for us!");
184 184 
             }
185 185 
         } catch (SoapFault $e) {
186 
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
186 
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
187 187 
         } catch (Exception $e) {
188 
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
188 
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
189 189 
         }
190 190 
         return [
191 191 
             "CERT" => openssl_x509_read($parsedCert['pem']),
 
@@ -210,12 +210,12 @@  discard block
 
 block discarded – undo
210 210 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
211 211 
             // rather than just using the string. Grr.
212 212 
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
213 
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
213 
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
214 214 
             // retrieve our RA cert from filesystem
215 215 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
216 216 
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
217 217 
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
218 
-            $execCmd = CONFIG['PATHS']['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT;
218 
+            $execCmd = CONFIG['PATHS']['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT;
219 219 
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
220 220 
             $output = [];
221 221 
             $return = 999;
 
@@ -224,7 +224,7 @@  discard block
 
 block discarded – undo
224 224 
                 throw new Exception("Non-zero return value from openssl smime!");
225 225 
             }
226 226 
             // and get the signature blob back from the filesystem
227 
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
227 
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
228 228 
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
229 229 
             if ($soapIssueRev === FALSE) {
230 230 
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
 
@@ -232,9 +232,9 @@  discard block
 
 block discarded – undo
232 232 
         } catch (Exception $e) {
233 233 
             // PHP 7.1 can do this much better
234 234 
             if (is_soap_fault($e)) {
235 
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
235 
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
236 236 
             }
237 
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
237 
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
238 238 
         }
239 239 
     }
240 240 
 
@@ -331,9 +331,9 @@  discard block
 
 block discarded – undo
331 331 
      * @return string the integer as string in an XML fragment
332 332 
      */
333 333 
     public function soapToXmlInteger($x) {
334 
-        return '<' . $x[0] . '>'
334 
+        return '<'.$x[0].'>'
335 335 
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
336 
-                . '</' . $x[0] . '>';
336 
+                . '</'.$x[0].'>';
337 337 
     }
338 338
339 339 
     public function generateCompatibleCsr($privateKey, $fed, $username): array {
 
@@ -342,9 +342,9 @@  discard block
 
 block discarded – undo
342 342 
         // dump private key into directory
343 343 
         $outstring = "";
344 344 
         openssl_pkey_export($privateKey, $outstring);
345 
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
345 
+        file_put_contents($tempdir."/pkey.pem", $outstring);
346 346 
         // PHP can only do one DC in the Subject. But we need three.
347 
-        $execCmd = CONFIG['PATHS']['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
347 
+        $execCmd = CONFIG['PATHS']['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name']."/OU=$fed/CN=$username/emailAddress=$username";
348 348 
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
349 349 
         $output = [];
350 350 
         $return = 999;
Please login to merge, or discard this patch.