GEANT /
CAT
@@ -39,7 +39,7 @@ discard block |
||
| 39 | 39 | * @param int $timeout the timeout to download |
| 40 | 40 | * @return string|boolean the data we got back, or FALSE on failure |
| 41 | 41 | */ |
| 42 | - public static function downloadFile($url, $timeout=0) |
|
| 42 | + public static function downloadFile($url, $timeout = 0) |
|
| 43 | 43 | { |
| 44 | 44 | $loggerInstance = new \core\common\Logging(); |
| 45 | 45 | if (!preg_match("/:\/\//", $url)) { |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no MX."); |
| 130 | 130 | return OutsideComm::MAILDOMAIN_NO_MX; |
| 131 | 131 | } |
| 132 | - $loggerInstance->debug(5, "Domain: $domain MX: " . /** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 132 | + $loggerInstance->debug(5, "Domain: $domain MX: "./** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 133 | 133 | // create a pool of A and AAAA records for all the MXes |
| 134 | 134 | $ipAddrs = []; |
| 135 | 135 | foreach ($mx as $onemx) { |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | $ipAddrs[] = $oneipv4['ip']; |
| 140 | 140 | } |
| 141 | 141 | foreach ($v6list as $oneipv6) { |
| 142 | - $ipAddrs[] = "[" . $oneipv6['ipv6'] . "]"; |
|
| 142 | + $ipAddrs[] = "[".$oneipv6['ipv6']."]"; |
|
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | if (count($ipAddrs) == 0) { |
| 146 | 146 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no mailserver hosts."); |
| 147 | 147 | return OutsideComm::MAILDOMAIN_NO_HOST; |
| 148 | 148 | } |
| 149 | - $loggerInstance->debug(5, "Domain: $domain Addrs: " . /** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 149 | + $loggerInstance->debug(5, "Domain: $domain Addrs: "./** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 150 | 150 | // connect to all hosts. If all can't connect, return MAILDOMAIN_NO_CONNECT. |
| 151 | 151 | // If at least one does not support STARTTLS or one of the hosts doesn't connect |
| 152 | 152 | // , return MAILDOMAIN_NO_STARTTLS (one which we can't connect to we also |
@@ -199,7 +199,7 @@ discard block |
||
| 199 | 199 | switch (\config\ConfAssistant::SMSSETTINGS['provider']) { |
| 200 | 200 | case 'Nexmo': |
| 201 | 201 | // taken from https://docs.nexmo.com/messaging/sms-api |
| 202 | - $url = 'https://rest.nexmo.com/sms/json?' . http_build_query( |
|
| 202 | + $url = 'https://rest.nexmo.com/sms/json?'.http_build_query( |
|
| 203 | 203 | [ |
| 204 | 204 | 'api_key' => \config\ConfAssistant::SMSSETTINGS['username'], |
| 205 | 205 | 'api_secret' => \config\ConfAssistant::SMSSETTINGS['password'], |
@@ -230,14 +230,14 @@ discard block |
||
| 230 | 230 | $loggerInstance->debug(2, 'Problem with SMS invitation: no message was sent!'); |
| 231 | 231 | return OutsideComm::SMS_NOTSENT; |
| 232 | 232 | } |
| 233 | - $loggerInstance->debug(2, 'Total of ' . $messageCount . ' messages were attempted to send.'); |
|
| 233 | + $loggerInstance->debug(2, 'Total of '.$messageCount.' messages were attempted to send.'); |
|
| 234 | 234 | |
| 235 | 235 | $totalFailures = 0; |
| 236 | 236 | foreach ($decoded_response['messages'] as $message) { |
| 237 | 237 | if ($message['status'] == 0) { |
| 238 | - $loggerInstance->debug(2, $message['message-id'] . ": Success"); |
|
| 238 | + $loggerInstance->debug(2, $message['message-id'].": Success"); |
|
| 239 | 239 | } else { |
| 240 | - $loggerInstance->debug(2, $message['message-id'] . ": Failed (failure code = " . $message['status'] . ")"); |
|
| 240 | + $loggerInstance->debug(2, $message['message-id'].": Failed (failure code = ".$message['status'].")"); |
|
| 241 | 241 | $totalFailures++; |
| 242 | 242 | } |
| 243 | 243 | } |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | $proto = "https://"; |
| 307 | 307 | } |
| 308 | 308 | // then, send out the mail |
| 309 | - $message = _("Hello,") . "\n\n" . wordwrap($introTexts[$introtext] . " " . $validity, 72) . "\n\n"; |
|
| 309 | + $message = _("Hello,")."\n\n".wordwrap($introTexts[$introtext]." ".$validity, 72)."\n\n"; |
|
| 310 | 310 | // default means we don't have a Reply-To. |
| 311 | 311 | $replyToMessage = wordwrap(_("manually. Please do not reply to this mail; this is a send-only address.")); |
| 312 | 312 | |
@@ -314,8 +314,8 @@ discard block |
||
| 314 | 314 | // see if we are supposed to add a custom message |
| 315 | 315 | $customtext = $federation->getAttributes('fed:custominvite'); |
| 316 | 316 | if (count($customtext) > 0) { |
| 317 | - $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72) . "\n---------------------------------" . |
|
| 318 | - wordwrap($customtext[0]['value'], 72) . "\n---------------------------------\n\n"; |
|
| 317 | + $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72)."\n---------------------------------". |
|
| 318 | + wordwrap($customtext[0]['value'], 72)."\n---------------------------------\n\n"; |
|
| 319 | 319 | } |
| 320 | 320 | // and add Reply-To already now |
| 321 | 321 | foreach ($federation->listFederationAdmins() as $fedadmin_id) { |
@@ -331,19 +331,19 @@ discard block |
||
| 331 | 331 | } |
| 332 | 332 | $productname = \config\Master::APPEARANCE['productname']; |
| 333 | 333 | $consortium = \config\ConfAssistant::CONSORTIUM['display_name']; |
| 334 | - $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72) . "\n\n" . |
|
| 335 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/action_enrollment.php?token=$newtoken\n\n" . |
|
| 336 | - wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72) . "\n\n" . |
|
| 337 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/\n\n" . |
|
| 338 | - _("and enter the invitation token") . "\n\n" . |
|
| 339 | - $newtoken . "\n\n$replyToMessage\n\n" . |
|
| 340 | - wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72) . "\n\n" . |
|
| 341 | - wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72) . "\n\n" . |
|
| 334 | + $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72)."\n\n". |
|
| 335 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/action_enrollment.php?token=$newtoken\n\n". |
|
| 336 | + wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72)."\n\n". |
|
| 337 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/\n\n". |
|
| 338 | + _("and enter the invitation token")."\n\n". |
|
| 339 | + $newtoken."\n\n$replyToMessage\n\n". |
|
| 340 | + wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72)."\n\n". |
|
| 341 | + wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72)."\n\n". |
|
| 342 | 342 | sprintf(_("Sincerely,\n\nYour friendly folks from %s Operations"), $consortium); |
| 343 | 343 | |
| 344 | 344 | |
| 345 | 345 | // who to whom? |
| 346 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 346 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 347 | 347 | |
| 348 | 348 | if (isset(\config\Master::APPEARANCE['invitation-bcc-mail']) && \config\Master::APPEARANCE['invitation-bcc-mail'] !== NULL) { |
| 349 | 349 | $mail->addBCC(\config\Master::APPEARANCE['invitation-bcc-mail']); |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | <table><tr> |
| 297 | 297 | <td class='icon_td'>"; |
| 298 | 298 | $out[] = "<img src='".$this->stateIcons[$this->globalLevelStatic]."' id='main_static_ico' class='icon'></td><td id='main_static_result'>". |
| 299 | - $this->globalInfo[$this->globalLevelStatic].' '. _("See the appropriate tab for details.").'</td> |
|
| 299 | + $this->globalInfo[$this->globalLevelStatic].' '._("See the appropriate tab for details.").'</td> |
|
| 300 | 300 | </tr></table>'; |
| 301 | 301 | if ($this->naptr > 0) { |
| 302 | 302 | $out[] = "<hr><strong>"._("Dynamic connectivity tests")."</strong> |
@@ -328,7 +328,7 @@ discard block |
||
| 328 | 328 | <td class='icon_td'><img src='".$this->stateIcons[$result->level]."' id='src".$hostindex."_img'></td> |
| 329 | 329 | <td id='src$hostindex' colspan=2> |
| 330 | 330 | "; |
| 331 | - $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf (_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 331 | + $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf(_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 332 | 332 | |
| 333 | 333 | if ($result->level > \core\common\Entity::L_OK && property_exists($result, 'cert_oddities')) { |
| 334 | 334 | foreach ($result->cert_oddities as $oddities) { |
@@ -345,9 +345,9 @@ discard block |
||
| 345 | 345 | } |
| 346 | 346 | } |
| 347 | 347 | if ($result->server_cert->extensions) { |
| 348 | - $certdesc .= '<li>' . _('Extensions') . '<ul>'; |
|
| 348 | + $certdesc .= '<li>'._('Extensions').'<ul>'; |
|
| 349 | 349 | foreach ($result->server_cert->extensions as $ekey => $eval) { |
| 350 | - $certdesc .= '<li>' . $ekey . ': ' . $eval; |
|
| 350 | + $certdesc .= '<li>'.$ekey.': '.$eval; |
|
| 351 | 351 | } |
| 352 | 352 | $certdesc .= '</ul>'; |
| 353 | 353 | } |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | $more .= '<span class="morecontent"><span>'.$certdesc. |
| 356 | 356 | '</span><a href="" class="morelink">'._("show server certificate details").'»</a></span></div>'; |
| 357 | 357 | } |
| 358 | - if ($more != '' ) { |
|
| 358 | + if ($more != '') { |
|
| 359 | 359 | $out[] = '<tr><td> </td><td colspan="2">'.$more.'</td></tr>'; |
| 360 | 360 | } |
| 361 | 361 | $out[] = "</table></ul>"; |
@@ -379,10 +379,10 @@ discard block |
||
| 379 | 379 | if (isset($this->protocolsMap[$capath->IP]) && $this->protocolsMap[$capath->IP] != '') { |
| 380 | 380 | $prots = explode(';', $this->protocolsMap[$capath->IP]); |
| 381 | 381 | if (!empty($prots)) { |
| 382 | - $capathtest[] = ' ' . _("supported TLS protocols: "); |
|
| 382 | + $capathtest[] = ' '._("supported TLS protocols: "); |
|
| 383 | 383 | $capathtest[] = implode(', ', $prots); |
| 384 | 384 | if (!in_array("TLS1.3", $prots)) { |
| 385 | - $capathtest[] = ' ' . '<font color="red">' . _("not supported: ") . 'TLS1.3</font>'; |
|
| 385 | + $capathtest[] = ' '.'<font color="red">'._("not supported: ").'TLS1.3</font>'; |
|
| 386 | 386 | } |
| 387 | 387 | } |
| 388 | 388 | } |
@@ -405,7 +405,7 @@ discard block |
||
| 405 | 405 | if ($capath->certdata->validTo) { |
| 406 | 406 | $certdesc .= '<li>'.$this->certFields['validTo'].' '. |
| 407 | 407 | date_create_from_format('ymdGis', |
| 408 | - substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s'). ' UTC'; |
|
| 408 | + substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s').' UTC'; |
|
| 409 | 409 | } |
| 410 | 410 | if ($capath->certdata->extensions) { |
| 411 | 411 | if ($capath->certdata->extensions->subjectaltname) { |
@@ -428,7 +428,7 @@ discard block |
||
| 428 | 428 | } else { |
| 429 | 429 | $certdesc = '<br>'; |
| 430 | 430 | } |
| 431 | - $capathtest[] = '<div>'.($capath->message!='' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 431 | + $capathtest[] = '<div>'.($capath->message != '' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 432 | 432 | $capathtest[] = '</td> |
| 433 | 433 | </tr> |
| 434 | 434 | </table>'; |
@@ -455,7 +455,7 @@ discard block |
||
| 455 | 455 | $srefused = 0; |
| 456 | 456 | $cliinfo = ''; |
| 457 | 457 | $cliinfo .= '<li>'._('Client certificate').' <b>'.$ca->clientcertinfo->from. |
| 458 | - '</b>'.', '.$ca->clientcertinfo->message . |
|
| 458 | + '</b>'.', '.$ca->clientcertinfo->message. |
|
| 459 | 459 | '<br> (CA: '.$ca->clientcertinfo->issuer.')<ul>'; |
| 460 | 460 | foreach ($ca->certificate as $certificate) { |
| 461 | 461 | if ($certificate->returncode == \core\diag\RADIUSTests::RETVAL_CONNECTION_REFUSED) { |
@@ -521,7 +521,7 @@ discard block |
||
| 521 | 521 | } else { |
| 522 | 522 | $cliinfo = _('Test failed'); |
| 523 | 523 | $clientstest[] = "<table><tr><td class='icon_td' id='srcclient".$hostindex."_img'><img src='". |
| 524 | - $this->stateIcons[\core\common\Entity::L_WARN]."'></td>" . |
|
| 524 | + $this->stateIcons[\core\common\Entity::L_WARN]."'></td>". |
|
| 525 | 525 | "<td id='srcclient$hostindex'>$cliinfo</td></tr></table>"; |
| 526 | 526 | } |
| 527 | 527 | } else { |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | $this->test_result = []; |
| 130 | 130 | $this->test_result['global'] = 0; |
| 131 | 131 | // parse the schema file to find out the number of expected rows... |
| 132 | - $schema = file(dirname(dirname(__FILE__)) . "/schema/schema.sql"); |
|
| 132 | + $schema = file(dirname(dirname(__FILE__))."/schema/schema.sql"); |
|
| 133 | 133 | $this->profileOptionCount = 0; |
| 134 | 134 | $passedTheWindmill = FALSE; |
| 135 | 135 | foreach ($schema as $schemaLine) { |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | { |
| 157 | 157 | $this->out[$test] = []; |
| 158 | 158 | $this->name = $test; |
| 159 | - $m_name = 'test' . $test; |
|
| 159 | + $m_name = 'test'.$test; |
|
| 160 | 160 | $this->test_result[$test] = 0; |
| 161 | 161 | if (!method_exists($this, $m_name)) { |
| 162 | 162 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Configuration error, no test configured for <strong>$test</strong>."); |
@@ -269,9 +269,9 @@ discard block |
||
| 269 | 269 | private function testPhp() |
| 270 | 270 | { |
| 271 | 271 | if (version_compare(phpversion(), $this->needversionPHP, '>=')) { |
| 272 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running " . phpversion() . "."); |
|
| 272 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running ".phpversion()."."); |
|
| 273 | 273 | } else { |
| 274 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have " . phpversion() . "."); |
|
| 274 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have ".phpversion()."."); |
|
| 275 | 275 | } |
| 276 | 276 | } |
| 277 | 277 | |
@@ -284,12 +284,12 @@ discard block |
||
| 284 | 284 | */ |
| 285 | 285 | private function runConstantsTest($config) |
| 286 | 286 | { |
| 287 | - $templateConfig = file_get_contents(ROOT . "/config/$config-template.php"); |
|
| 288 | - $newTemplateConfig = preg_replace("/class *$config/", "class $config" . "_template", $templateConfig); |
|
| 289 | - file_put_contents(ROOT . "/var/tmp/$config-template.php", $newTemplateConfig); |
|
| 290 | - include(ROOT . "/var/tmp/$config-template.php"); |
|
| 291 | - unlink(ROOT . "/var/tmp/$config-template.php"); |
|
| 292 | - $rft = new \ReflectionClass("\config\\$config" . "_template"); |
|
| 287 | + $templateConfig = file_get_contents(ROOT."/config/$config-template.php"); |
|
| 288 | + $newTemplateConfig = preg_replace("/class *$config/", "class $config"."_template", $templateConfig); |
|
| 289 | + file_put_contents(ROOT."/var/tmp/$config-template.php", $newTemplateConfig); |
|
| 290 | + include(ROOT."/var/tmp/$config-template.php"); |
|
| 291 | + unlink(ROOT."/var/tmp/$config-template.php"); |
|
| 292 | + $rft = new \ReflectionClass("\config\\$config"."_template"); |
|
| 293 | 293 | $templateConstants = $rft->getConstants(); |
| 294 | 294 | $failResults = []; |
| 295 | 295 | foreach ($templateConstants as $constant => $value) { |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | * Check if all required constants are set |
| 307 | 307 | */ |
| 308 | 308 | private function testConfigConstants() { |
| 309 | - set_error_handler(function ($severity, $message, $file, $line) { |
|
| 309 | + set_error_handler(function($severity, $message, $file, $line) { |
|
| 310 | 310 | throw new \ErrorException($message, $severity, $severity, $file, $line); |
| 311 | 311 | }); |
| 312 | 312 | |
@@ -317,7 +317,7 @@ discard block |
||
| 317 | 317 | $failCount = $failCount + count($failResults); |
| 318 | 318 | if (count($failResults) > 0) { |
| 319 | 319 | $this->storeTestResult(\core\common\Entity::L_ERROR, |
| 320 | - "<strong>The following constants are not set:</strong>" . implode(', ', $failResults)); |
|
| 320 | + "<strong>The following constants are not set:</strong>".implode(', ', $failResults)); |
|
| 321 | 321 | } |
| 322 | 322 | } |
| 323 | 323 | |
@@ -341,7 +341,7 @@ discard block |
||
| 341 | 341 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>cat_base_url</strong> set correctly"); |
| 342 | 342 | } else { |
| 343 | 343 | $rootFromScript = $m[1] === '' ? '/' : $m[1]; |
| 344 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>" . \config\Master::PATHS['cat_base_url'] . "</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 344 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>".\config\Master::PATHS['cat_base_url']."</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 345 | 345 | } |
| 346 | 346 | } |
| 347 | 347 | |
@@ -362,7 +362,7 @@ discard block |
||
| 362 | 362 | if (count($probeReturns) == 0) { |
| 363 | 363 | $this->storeTestResult(common\Entity::L_OK, "All configured RADIUS/UDP probes are reachable."); |
| 364 | 364 | } else { |
| 365 | - $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: " . implode(', ', $probeReturns)); |
|
| 365 | + $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: ".implode(', ', $probeReturns)); |
|
| 366 | 366 | } |
| 367 | 367 | } |
| 368 | 368 | |
@@ -380,9 +380,9 @@ discard block |
||
| 380 | 380 | $SSPconfig = \SimpleSAML\Configuration::getInstance(); |
| 381 | 381 | $sspVersion = explode('.', $SSPconfig->getVersion()); |
| 382 | 382 | if ((int) $sspVersion[0] >= $this->needversionSSP['major'] && (int) $sspVersion[1] >= $this->needversionSSP['minor']) { |
| 383 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficiently recent. You are running " . implode('.', $sspVersion)); |
|
| 383 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficiently recent. You are running ".implode('.', $sspVersion)); |
|
| 384 | 384 | } else { |
| 385 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least " . implode('.', $this->needversionSSP)); |
|
| 385 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least ".implode('.', $this->needversionSSP)); |
|
| 386 | 386 | } |
| 387 | 387 | } |
| 388 | 388 | } |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $A = $this->getExecPath('zip'); |
| 410 | 410 | if ($A['exec'] != "") { |
| 411 | 411 | $fullOutput = []; |
| 412 | - $t = exec($A['exec'] . ' --version', $fullOutput); |
|
| 412 | + $t = exec($A['exec'].' --version', $fullOutput); |
|
| 413 | 413 | if ($A['exec_is'] == "EXPLICIT") { |
| 414 | 414 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>".$fullOutput[1]."</strong> was found and is configured explicitly in your config."); |
| 415 | 415 | } else { |
@@ -447,8 +447,8 @@ discard block |
||
| 447 | 447 | */ |
| 448 | 448 | private function testLogdir() |
| 449 | 449 | { |
| 450 | - if (fopen(\config\Master::PATHS['logdir'] . "/debug.log", "a") == FALSE) { |
|
| 451 | - $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>" . \config\Master::PATHS['logdir'] . "</strong> are not writable!"); |
|
| 450 | + if (fopen(\config\Master::PATHS['logdir']."/debug.log", "a") == FALSE) { |
|
| 451 | + $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>".\config\Master::PATHS['logdir']."</strong> are not writable!"); |
|
| 452 | 452 | } else { |
| 453 | 453 | $this->storeTestResult(\core\common\Entity::L_OK, "Log directory is writable."); |
| 454 | 454 | } |
@@ -576,7 +576,7 @@ discard block |
||
| 576 | 576 | { |
| 577 | 577 | $A = $this->getExecPath('openssl'); |
| 578 | 578 | if ($A['exec'] != "") { |
| 579 | - $t = exec($A['exec'] . ' version'); |
|
| 579 | + $t = exec($A['exec'].' version'); |
|
| 580 | 580 | if ($A['exec_is'] == "EXPLICIT") { |
| 581 | 581 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>$t</strong> was found and is configured explicitly in your config."); |
| 582 | 582 | } else { |
@@ -598,13 +598,13 @@ discard block |
||
| 598 | 598 | if ($A['exec'] != "" && $A['exec_is'] == "EXPLICIT" && !file_exists($A['exec'])) { |
| 599 | 599 | $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>sslscan</strong> is configured explicitly and was not found on your system!"); |
| 600 | 600 | } else { |
| 601 | - exec($A['exec'] . ' --version --xml=-', $output, $res); |
|
| 601 | + exec($A['exec'].' --version --xml=-', $output, $res); |
|
| 602 | 602 | if ($res == 0) { |
| 603 | 603 | $xml = simplexml_load_string(implode($output)); |
| 604 | - $resarray = json_decode(json_encode((array)$xml),true); |
|
| 604 | + $resarray = json_decode(json_encode((array) $xml), true); |
|
| 605 | 605 | $t = 'sslscan'; |
| 606 | 606 | if (isset($resarray['@attributes']) and isset($resarray['@attributes']['version'])) { |
| 607 | - $t = 'sslscan ' . $resarray['@attributes']['version']; |
|
| 607 | + $t = 'sslscan '.$resarray['@attributes']['version']; |
|
| 608 | 608 | } |
| 609 | 609 | } else { |
| 610 | 610 | $t = ''; |
@@ -637,14 +637,14 @@ discard block |
||
| 637 | 637 | } |
| 638 | 638 | $A = $this->getExecPath('makensis'); |
| 639 | 639 | if ($A['exec'] != "") { |
| 640 | - $t = exec($A['exec'] . ' -VERSION'); |
|
| 640 | + $t = exec($A['exec'].' -VERSION'); |
|
| 641 | 641 | if ($A['exec_is'] == "EXPLICIT") { |
| 642 | 642 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>makensis $t</strong> was found and is configured explicitly in your config."); |
| 643 | 643 | } else { |
| 644 | 644 | $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>makensis $t</strong> was found, but is not configured with an absolute path in your config."); |
| 645 | 645 | } |
| 646 | 646 | $outputArray = []; |
| 647 | - exec($A['exec'] . ' -HELP', $outputArray); |
|
| 647 | + exec($A['exec'].' -HELP', $outputArray); |
|
| 648 | 648 | $t1 = count(preg_grep('/INPUTCHARSET/', $outputArray)); |
| 649 | 649 | if ($t1 == 1 && \config\ConfAssistant::NSIS_VERSION == 2) { |
| 650 | 650 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Declared NSIS_VERSION does not seem to match the file pointed to by PATHS['makensis']!"); |
@@ -674,7 +674,7 @@ discard block |
||
| 674 | 674 | $NSIS_Module_status = []; |
| 675 | 675 | foreach ($this->NSISModules as $module) { |
| 676 | 676 | unset($out); |
| 677 | - exec(\config\ConfAssistant::PATHS['makensis'] . " -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 677 | + exec(\config\ConfAssistant::PATHS['makensis']." -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 678 | 678 | if ($retval > 0) { |
| 679 | 679 | $NSIS_Module_status[$module] = 0; |
| 680 | 680 | } else { |
@@ -741,8 +741,8 @@ discard block |
||
| 741 | 741 | $locales = shell_exec("locale -a"); |
| 742 | 742 | $allthere = ""; |
| 743 | 743 | foreach (\config\Master::LANGUAGES as $onelanguage) { |
| 744 | - if (preg_match("/" . $onelanguage['locale'] . "/", $locales) == 0) { |
|
| 745 | - $allthere .= $onelanguage['locale'] . " "; |
|
| 744 | + if (preg_match("/".$onelanguage['locale']."/", $locales) == 0) { |
|
| 745 | + $allthere .= $onelanguage['locale']." "; |
|
| 746 | 746 | } |
| 747 | 747 | } |
| 748 | 748 | if ($allthere == "") { |
@@ -756,47 +756,47 @@ discard block |
||
| 756 | 756 | ["SETTING" => \config\Master::APPEARANCE['from-mail'], |
| 757 | 757 | "DEFVALUE" => "[email protected]", |
| 758 | 758 | "COMPLAINTSTRING" => "APPEARANCE/from-mail ", |
| 759 | - "REQUIRED" => FALSE,], |
|
| 759 | + "REQUIRED" => FALSE, ], |
|
| 760 | 760 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['url'], |
| 761 | 761 | "DEFVALUE" => "[email protected]?body=Only%20English%20language%20please!", |
| 762 | 762 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/url ", |
| 763 | - "REQUIRED" => FALSE,], |
|
| 763 | + "REQUIRED" => FALSE, ], |
|
| 764 | 764 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['display'], |
| 765 | 765 | "DEFVALUE" => "[email protected]", |
| 766 | 766 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/display ", |
| 767 | - "REQUIRED" => FALSE,], |
|
| 767 | + "REQUIRED" => FALSE, ], |
|
| 768 | 768 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['developer-mail'], |
| 769 | 769 | "DEFVALUE" => "[email protected]", |
| 770 | 770 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/mail ", |
| 771 | - "REQUIRED" => FALSE,], |
|
| 771 | + "REQUIRED" => FALSE, ], |
|
| 772 | 772 | ["SETTING" => \config\Master::APPEARANCE['abuse-mail'], |
| 773 | 773 | "DEFVALUE" => "[email protected]", |
| 774 | 774 | "COMPLAINTSTRING" => "APPEARANCE/abuse-mail ", |
| 775 | - "REQUIRED" => FALSE,], |
|
| 775 | + "REQUIRED" => FALSE, ], |
|
| 776 | 776 | ["SETTING" => \config\Master::APPEARANCE['MOTD'], |
| 777 | 777 | "DEFVALUE" => "Release Candidate. All bugs to be shot on sight!", |
| 778 | 778 | "COMPLAINTSTRING" => "APPEARANCE/MOTD ", |
| 779 | - "REQUIRED" => FALSE,], |
|
| 779 | + "REQUIRED" => FALSE, ], |
|
| 780 | 780 | ["SETTING" => \config\Master::APPEARANCE['webcert_CRLDP'], |
| 781 | 781 | "DEFVALUE" => ['list', 'of', 'CRL', 'pointers'], |
| 782 | 782 | "COMPLAINTSTRING" => "APPEARANCE/webcert_CRLDP ", |
| 783 | - "REQUIRED" => TRUE,], |
|
| 783 | + "REQUIRED" => TRUE, ], |
|
| 784 | 784 | ["SETTING" => \config\Master::APPEARANCE['webcert_OCSP'], |
| 785 | 785 | "DEFVALUE" => ['list', 'of', 'OCSP', 'pointers'], |
| 786 | 786 | "COMPLAINTSTRING" => "APPEARANCE/webcert_OCSP ", |
| 787 | - "REQUIRED" => TRUE,], |
|
| 787 | + "REQUIRED" => TRUE, ], |
|
| 788 | 788 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 789 | 789 | "DEFVALUE" => "db.host.example", |
| 790 | 790 | "COMPLAINTSTRING" => "DB/INST ", |
| 791 | - "REQUIRED" => TRUE,], |
|
| 791 | + "REQUIRED" => TRUE, ], |
|
| 792 | 792 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 793 | 793 | "DEFVALUE" => "db.host.example", |
| 794 | 794 | "COMPLAINTSTRING" => "DB/USER ", |
| 795 | - "REQUIRED" => TRUE,], |
|
| 795 | + "REQUIRED" => TRUE, ], |
|
| 796 | 796 | ["SETTING" => \config\Master::DB['EXTERNAL']['host'], |
| 797 | 797 | "DEFVALUE" => "customerdb.otherhost.example", |
| 798 | 798 | "COMPLAINTSTRING" => "DB/EXTERNAL ", |
| 799 | - "REQUIRED" => FALSE,], |
|
| 799 | + "REQUIRED" => FALSE, ], |
|
| 800 | 800 | ]; |
| 801 | 801 | |
| 802 | 802 | /** |
@@ -825,11 +825,11 @@ discard block |
||
| 825 | 825 | if (isset(\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'])) { |
| 826 | 826 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'] as $cadata) { |
| 827 | 827 | foreach ($cadata['certificates'] as $cert_files) { |
| 828 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['public']) === FALSE) { |
|
| 829 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['public'] . " "; |
|
| 828 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['public']) === FALSE) { |
|
| 829 | + $defaultvalues .= "CERTIFICATE/".$cert_files['public']." "; |
|
| 830 | 830 | } |
| 831 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['private']) === FALSE) { |
|
| 832 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['private'] . " "; |
|
| 831 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['private']) === FALSE) { |
|
| 832 | + $defaultvalues .= "CERTIFICATE/".$cert_files['private']." "; |
|
| 833 | 833 | } |
| 834 | 834 | } |
| 835 | 835 | } |
@@ -922,14 +922,14 @@ discard block |
||
| 922 | 922 | if ($global_no_cache) { |
| 923 | 923 | foreach ($Devs as $dev => $D) { |
| 924 | 924 | if (empty($D['options']['no_cache']) || $D['options']['no_cache'] != 0) { |
| 925 | - $no_cache_dev .= $dev . " "; |
|
| 925 | + $no_cache_dev .= $dev." "; |
|
| 926 | 926 | $no_cache_dev_count++; |
| 927 | 927 | } |
| 928 | 928 | } |
| 929 | 929 | } else { |
| 930 | 930 | foreach ($Devs as $dev => $D) { |
| 931 | 931 | if (!empty($D['options']['no_cache']) && $D['options']['no_cache'] != 0) { |
| 932 | - $no_cache_dev .= $dev . " "; |
|
| 932 | + $no_cache_dev .= $dev." "; |
|
| 933 | 933 | $no_cache_dev_count++; |
| 934 | 934 | } |
| 935 | 935 | } |
@@ -968,13 +968,13 @@ discard block |
||
| 968 | 968 | $mail->isHTML(FALSE); |
| 969 | 969 | $mail->CharSet = 'UTF-8'; |
| 970 | 970 | $mail->From = \config\Master::APPEARANCE['from-mail']; |
| 971 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 971 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 972 | 972 | $mail->addAddress(\config\Master::APPEARANCE['abuse-mail']); |
| 973 | 973 | $mail->Subject = "testing CAT configuration mail"; |
| 974 | 974 | $mail->Body = "Testing CAT mailing\n"; |
| 975 | 975 | $sent = $mail->send(); |
| 976 | 976 | if ($sent) { |
| 977 | - $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check " . \config\Master::APPEARANCE['abuse-mail'] . " mailbox if the message was receiced."); |
|
| 977 | + $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check ".\config\Master::APPEARANCE['abuse-mail']." mailbox if the message was receiced."); |
|
| 978 | 978 | } else { |
| 979 | 979 | $this->storeTestResult(\core\common\Entity::L_ERROR, "mailer settings failed, check the Config::MAILSETTINGS"); |
| 980 | 980 | } |
@@ -206,7 +206,7 @@ |
||
| 206 | 206 | $json_data = json_encode($returnArray); |
| 207 | 207 | |
| 208 | 208 | if ($token) { |
| 209 | - $loggerInstance->debug(4, 'JSON data written to ' .$jsonDir.'/'.$token); |
|
| 209 | + $loggerInstance->debug(4, 'JSON data written to '.$jsonDir.'/'.$token); |
|
| 210 | 210 | file_put_contents($jsonDir.'/'.$token.'/realm', $json_data); |
| 211 | 211 | } |
| 212 | 212 | header("Content-type: application/json; utf-8"); |
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 229 | 229 | } |
| 230 | 230 | // tls1_3 connections have a problem in strdout/stderr buffering |
| 231 | - $add .= ' ' . "-no_ssl3 -no_tls1_3"; |
|
| 231 | + $add .= ' '."-no_ssl3 -no_tls1_3"; |
|
| 232 | 232 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 233 | 233 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 234 | 234 | if ($cert['expected'] == 'PASS') { |
@@ -270,11 +270,11 @@ discard block |
||
| 270 | 270 | // but code analysers want this more explicit, so here is this extra |
| 271 | 271 | // call to escapeshellarg() |
| 272 | 272 | $escapedHost = escapeshellarg($host); |
| 273 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 273 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 274 | 274 | $time_start = microtime(true); |
| 275 | 275 | $opensslbabble = []; |
| 276 | 276 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 277 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 277 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 278 | 278 | $time_stop = microtime(true); |
| 279 | 279 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 280 | 280 | $testresults['returncode'] = $result; |
@@ -396,7 +396,7 @@ discard block |
||
| 396 | 396 | private function propertyCheckPolicy($cert) |
| 397 | 397 | { |
| 398 | 398 | $oids = []; |
| 399 | - if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 399 | + if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 400 | 400 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-acceptableOIDs'] as $key => $oid) { |
| 401 | 401 | if (preg_match("/Policy: $oid/", $cert['extensions']['certificatePolicies'])) { |
| 402 | 402 | $oids[$key] = $oid; |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | } |
| 167 | 167 | |
| 168 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . /** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 168 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, "./** @scrutinizer ignore-type */ print_r($supportedEapTypes, true)); |
|
| 169 | 169 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedServerNames, true)); |
| 170 | 170 | $this->loggerInstance->debug(4, /** @scrutinizer ignore-type */ print_r($expectedCABundle, true)); |
| 171 | 171 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 253 | 253 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 254 | 254 | } |
| 255 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 256 | 256 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 257 | 257 | } |
| 258 | 258 | } |
@@ -278,7 +278,7 @@ discard block |
||
| 278 | 278 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 279 | 279 | $returnarray[] = $probValue; |
| 280 | 280 | } |
| 281 | - $this->loggerInstance->debug(4, "CERT IS: " . /** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 281 | + $this->loggerInstance->debug(4, "CERT IS: "./** @scrutinizer ignore-type */ print_r($intermediateCa, TRUE)); |
|
| 282 | 282 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 283 | 283 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 284 | 284 | } |
@@ -326,7 +326,7 @@ discard block |
||
| 326 | 326 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 327 | 327 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 328 | 328 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 329 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 329 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 330 | 330 | if ($clientcert === FALSE) { |
| 331 | 331 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 332 | 332 | } |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 336 | 336 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 337 | 337 | } |
| 338 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 357 | 357 | } |
| 358 | 358 | // first and second sub-match is the full URL... check it |
| 359 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 359 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]), \config\Diagnostics::TIMEOUTS['crl_download']); |
|
| 360 | 360 | if ($crlcontent === FALSE) { |
| 361 | 361 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 362 | 362 | } |
@@ -371,7 +371,7 @@ discard block |
||
| 371 | 371 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 372 | 372 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 373 | 373 | |
| 374 | - $proc = \config\Master::PATHS['openssl'] . " crl -inform der"; |
|
| 374 | + $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
|
| 375 | 375 | $descriptorspec = [ |
| 376 | 376 | 0 => ["pipe", "r"], |
| 377 | 377 | 1 => ["pipe", "w"], |
@@ -409,7 +409,7 @@ discard block |
||
| 409 | 409 | $origLength = strlen($hex); |
| 410 | 410 | for ($i = 1; $i < $origLength; $i++) { |
| 411 | 411 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 412 | - $spaced .= $hex[$i] . " "; |
|
| 412 | + $spaced .= $hex[$i]." "; |
|
| 413 | 413 | } else { |
| 414 | 414 | $spaced .= $hex[$i]; |
| 415 | 415 | } |
@@ -534,19 +534,19 @@ discard block |
||
| 534 | 534 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 535 | 535 | $config = ' |
| 536 | 536 | network={ |
| 537 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 537 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 538 | 538 | key_mgmt=WPA-EAP |
| 539 | 539 | proto=WPA2 |
| 540 | 540 | pairwise=CCMP |
| 541 | 541 | group=CCMP |
| 542 | 542 | '; |
| 543 | 543 | // phase 1 |
| 544 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 544 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 545 | 545 | $logConfig = $config; |
| 546 | 546 | // phase 2 if applicable; all inner methods have passwords |
| 547 | 547 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 548 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 549 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 548 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 549 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 550 | 550 | } |
| 551 | 551 | // all methods set a password, except EAP-TLS |
| 552 | 552 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -562,11 +562,11 @@ discard block |
||
| 562 | 562 | } |
| 563 | 563 | |
| 564 | 564 | // inner identity |
| 565 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 566 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 565 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 566 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 567 | 567 | // outer identity, may be equal |
| 568 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 569 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 568 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 569 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 570 | 570 | // done |
| 571 | 571 | $config .= "}"; |
| 572 | 572 | $logConfig .= "}"; |
@@ -627,13 +627,13 @@ discard block |
||
| 627 | 627 | * @return string the command-line for eapol_test |
| 628 | 628 | */ |
| 629 | 629 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 630 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 631 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 632 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 633 | - " -o serverchain.pem" . |
|
| 634 | - " -c ./udp_login_test.conf" . |
|
| 635 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 636 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 630 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 631 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 632 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 633 | + " -o serverchain.pem". |
|
| 634 | + " -c ./udp_login_test.conf". |
|
| 635 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 636 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 637 | 637 | if ($opName) { |
| 638 | 638 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 639 | 639 | } |
@@ -662,10 +662,10 @@ discard block |
||
| 662 | 662 | * @throws Exception |
| 663 | 663 | */ |
| 664 | 664 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 665 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 665 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 666 | 666 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 667 | 667 | } |
| 668 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 668 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 669 | 669 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 670 | 670 | } |
| 671 | 671 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -679,15 +679,15 @@ discard block |
||
| 679 | 679 | } |
| 680 | 680 | if ($decoded['ca'] == 1) { |
| 681 | 681 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 682 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 683 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 682 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 683 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 684 | 684 | $catRoots[] = $decoded['pem']; |
| 685 | 685 | } else { // save the intermediates to allcerts directory |
| 686 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 686 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 687 | 687 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 688 | 688 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 689 | 689 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 690 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 690 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 691 | 691 | } |
| 692 | 692 | $catIntermediates[] = $decoded['pem']; |
| 693 | 693 | } |
@@ -696,26 +696,26 @@ discard block |
||
| 696 | 696 | // save all intermediate certificates and CRLs to separate files in |
| 697 | 697 | // both root-ca directories |
| 698 | 698 | foreach ($eapIntermediates as $index => $onePem) { |
| 699 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 699 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 700 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 701 | 701 | } |
| 702 | 702 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 703 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 703 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 704 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 705 | 705 | } |
| 706 | 706 | |
| 707 | 707 | $checkstring = ""; |
| 708 | 708 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 709 | 709 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 710 | 710 | $checkstring = "-crl_check_all"; |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
| 716 | 716 | // now c_rehash the root CA directory ... |
| 717 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 717 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 718 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 719 | 719 | return $checkstring; |
| 720 | 720 | } |
| 721 | 721 | |
@@ -746,12 +746,12 @@ discard block |
||
| 746 | 746 | // so test if there's something PEMy in the file at all |
| 747 | 747 | // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert. |
| 748 | 748 | if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) { |
| 749 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . /** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 752 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . /** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 749 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 750 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 751 | + $this->loggerInstance->debug(4, "Chain verify pass 1: "./** @scrutinizer ignore-type */ print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 752 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 753 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 754 | + $this->loggerInstance->debug(4, "Chain verify pass 2: "./** @scrutinizer ignore-type */ print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 755 | 755 | } |
| 756 | 756 | |
| 757 | 757 | // now we do certificate verification against the collected parents |
@@ -817,7 +817,7 @@ discard block |
||
| 817 | 817 | // we are UNHAPPY if no names match! |
| 818 | 818 | $happiness = "UNHAPPY"; |
| 819 | 819 | foreach ($this->expectedServerNames as $expectedName) { |
| 820 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . /** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE) . /** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 820 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: "./** @scrutinizer ignore-type */ print_r($servercert['CN'], TRUE)./** @scrutinizer ignore-type */ print_r($servercert['sAN_DNS'], TRUE)); |
|
| 821 | 821 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 822 | 822 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 823 | 823 | $happiness = "TOTALLY"; |
@@ -861,11 +861,11 @@ discard block |
||
| 861 | 861 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 862 | 862 | // the config intentionally does not include CA checking. We do this |
| 863 | 863 | // ourselves after getting the chain with -o. |
| 864 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 864 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 865 | 865 | |
| 866 | 866 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 867 | 867 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 868 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 868 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 869 | 869 | $time_start = microtime(true); |
| 870 | 870 | $pflow = []; |
| 871 | 871 | exec($cmdline, $pflow); |
@@ -874,7 +874,7 @@ discard block |
||
| 874 | 874 | } |
| 875 | 875 | $time_stop = microtime(true); |
| 876 | 876 | $output = print_r($this->redact($password, $pflow), TRUE); |
| 877 | - file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 877 | + file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output); |
|
| 878 | 878 | $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n"); |
| 879 | 879 | return [ |
| 880 | 880 | "time" => ($time_stop - $time_start) * 1000, |
@@ -909,7 +909,7 @@ discard block |
||
| 909 | 909 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 910 | 910 | array_pop($packetflow); |
| 911 | 911 | } |
| 912 | - $this->loggerInstance->debug(5, "Packetflow: " . /** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 912 | + $this->loggerInstance->debug(5, "Packetflow: "./** @scrutinizer ignore-type */ print_r($packetflow, TRUE)); |
|
| 913 | 913 | $packetcount = array_count_values($packetflow); |
| 914 | 914 | $testresults['packetcount'] = $packetcount; |
| 915 | 915 | $testresults['packetflow'] = $packetflow; |
@@ -949,7 +949,7 @@ discard block |
||
| 949 | 949 | */ |
| 950 | 950 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) { |
| 951 | 951 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 952 | - $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion" . "\n"); |
|
| 952 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 953 | 953 | if ($negotiatedTlsVersion === FALSE) { |
| 954 | 954 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 955 | 955 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1007,7 +1007,7 @@ discard block |
||
| 1007 | 1007 | |
| 1008 | 1008 | $x509 = new \core\common\X509(); |
| 1009 | 1009 | // $eap_certarray holds all certs received in EAP conversation |
| 1010 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1010 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1011 | 1011 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1012 | 1012 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1013 | 1013 | } else { |
@@ -1037,10 +1037,10 @@ discard block |
||
| 1037 | 1037 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1038 | 1038 | $servercert[] = $cert; |
| 1039 | 1039 | if (count($servercert) == 1) { |
| 1040 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 1040 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 1041 | 1041 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1042 | 1042 | } |
| 1043 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . /** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1043 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: "./** @scrutinizer ignore-type */ print_r($servercert[0], true)); |
|
| 1044 | 1044 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1045 | 1045 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1046 | 1046 | } |
@@ -1110,7 +1110,7 @@ discard block |
||
| 1110 | 1110 | public function autodetectCAWithProbe($outerId) { |
| 1111 | 1111 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 1112 | 1112 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 1113 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 1113 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 1114 | 1114 | if ($clientcert === FALSE) { |
| 1115 | 1115 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 1116 | 1116 | } |
@@ -1125,7 +1125,7 @@ discard block |
||
| 1125 | 1125 | $tmpDir = $temporary['dir']; |
| 1126 | 1126 | chdir($tmpDir); |
| 1127 | 1127 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1128 | - file_put_contents($tmpDir . "/client.p12", $clientcert); |
|
| 1128 | + file_put_contents($tmpDir."/client.p12", $clientcert); |
|
| 1129 | 1129 | $testresults = ['cert_oddities' => []]; |
| 1130 | 1130 | $runtime_results = $this->executeEapolTest($tmpDir, $probeindex, \core\common\EAP::EAPTYPE_ANY, $outerId, $outerId, "eaplab", FALSE, FALSE); |
| 1131 | 1131 | $packetflow_orig = $runtime_results['output']; |
@@ -1141,8 +1141,7 @@ discard block |
||
| 1141 | 1141 | // that's not the case if we do EAP-pwd or could not negotiate an EAP method at |
| 1142 | 1142 | // all |
| 1143 | 1143 | // in that case: no server CA guess possible |
| 1144 | - if (! |
|
| 1145 | - ($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1144 | + if (!($radiusResult == RADIUSTests::RETVAL_CONVERSATION_REJECT && $negotiatedEapType) || $radiusResult == RADIUSTests::RETVAL_OK |
|
| 1146 | 1145 | ) { |
| 1147 | 1146 | return RADIUSTests::RETVAL_INVALID; |
| 1148 | 1147 | } |
@@ -1182,7 +1181,7 @@ discard block |
||
| 1182 | 1181 | // trust, and custom ones we may have configured |
| 1183 | 1182 | $ourRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-custom']); |
| 1184 | 1183 | $mozillaRoots = file_get_contents(\config\ConfAssistant::PATHS['trust-store-mozilla']); |
| 1185 | - $allRoots = $x509->splitCertificate($ourRoots . "\n" . $mozillaRoots); |
|
| 1184 | + $allRoots = $x509->splitCertificate($ourRoots."\n".$mozillaRoots); |
|
| 1186 | 1185 | foreach ($allRoots as $oneRoot) { |
| 1187 | 1186 | $processedRoot = $x509->processCertificate($oneRoot); |
| 1188 | 1187 | if ($processedRoot['full_details']['subject'] == $currentHighestKnownIssuer) { |
@@ -1226,7 +1225,7 @@ discard block |
||
| 1226 | 1225 | chdir($tmpDir); |
| 1227 | 1226 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1228 | 1227 | if ($clientcertdata !== NULL) { |
| 1229 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1228 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1230 | 1229 | } |
| 1231 | 1230 | $testresults = []; |
| 1232 | 1231 | // initialise the sub-array for cleaner parsing |
@@ -1331,7 +1330,7 @@ discard block |
||
| 1331 | 1330 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1332 | 1331 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1333 | 1332 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1334 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1333 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1335 | 1334 | 'sha1' => $certdata['sha1'], |
| 1336 | 1335 | 'public_key_length' => $certdata['public_key_length'], |
| 1337 | 1336 | 'extensions' => $certdata['extensions'] |
