Inspection of "Merge branch 'release_2_0' of github.com:GEANT/CAT..." - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — release_2_0 ( 371434...42a179 )

by Stefan

created 2019-04-02 13:16 UTC

Status

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch

@@ -34,7 +34,7 @@  discard block
 block discarded – undo
 
 use \Exception;
 
-require_once dirname(dirname(__DIR__)) . "/config/_config.php";
+require_once dirname(dirname(__DIR__))."/config/_config.php";
 
 /**
  * Test suite to verify that an EAP setup is actually working as advertised in
@@ -165,7 +165,7 @@  discard block
 block discarded – undo
             }
         }
 
-        $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true));
+        $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true));
         $this->loggerInstance->debug(4, print_r($expectedServerNames, true));
         $this->loggerInstance->debug(4, print_r($expectedCABundle, true));
 
@@ -252,7 +252,7 @@  discard block
 block discarded – undo
                 $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME;
                 continue; // otherwise we'd ALSO complain that it's not a real hostname
             }
-            if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
+            if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
                 $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME;
             }
         }
@@ -277,7 +277,7 @@  discard block
 block discarded – undo
         if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) {
             $returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE;
         }
-        $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE));
+        $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE));
         if ($intermediateCa['basicconstraints_set'] == 0) {
             $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS;
         }
@@ -324,7 +324,7 @@  discard block
 block discarded – undo
     public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) {
         // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy
         // the following PEM data is one of the SENSE EAPLab client certs (not secret at all)
-        $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12");
+        $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12");
         if ($clientcert === FALSE) {
             throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!");
         }
@@ -333,7 +333,7 @@  discard block
 block discarded – undo
         if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) {
             return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert);
         }
-        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
+        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
     }
 
     /**
@@ -353,7 +353,7 @@  discard block
 block discarded – undo
             return RADIUSTests::CERTPROB_NO_CDP_HTTP;
         }
         // first and second sub-match is the full URL... check it
-        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]));
+        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]));
         if ($crlcontent === FALSE) {
             return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
         }
@@ -384,7 +384,7 @@  discard block
 block discarded – undo
         fclose($pipes[1]);
         fclose($pipes[2]);
         $retval = proc_close($process);
-        if ($retval != 0 || !preg_match("/BEGIN X509 CRL/",$pem)) {
+        if ($retval != 0 || !preg_match("/BEGIN X509 CRL/", $pem)) {
             // this was not a real CRL
             return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
         }
@@ -406,7 +406,7 @@  discard block
 block discarded – undo
         $origLength = strlen($hex);
         for ($i = 1; $i < $origLength; $i++) {
             if ($i % 2 == 1 && $i != strlen($hex)) {
-                $spaced .= $hex[$i] . " ";
+                $spaced .= $hex[$i]." ";
             } else {
                 $spaced .= $hex[$i];
             }
@@ -489,19 +489,19 @@  discard block
 block discarded – undo
         $eapText = \core\common\EAP::eapDisplayName($eaptype);
         $config = '
 network={
-  ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing"
+  ssid="' . CONFIG['APPEARANCE']['productname'].' testing"
   key_mgmt=WPA-EAP
   proto=WPA2
   pairwise=CCMP
   group=CCMP
   ';
 // phase 1
-        $config .= 'eap=' . $eapText['OUTER'] . "\n";
+        $config .= 'eap='.$eapText['OUTER']."\n";
         $logConfig = $config;
 // phase 2 if applicable; all inner methods have passwords
         if (isset($eapText['INNER']) && $eapText['INNER'] != "") {
-            $config .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
-            $logConfig .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
+            $config .= '  phase2="auth='.$eapText['INNER']."\"\n";
+            $logConfig .= '  phase2="auth='.$eapText['INNER']."\"\n";
         }
 // all methods set a password, except EAP-TLS
         if ($eaptype != \core\common\EAP::EAPTYPE_TLS) {
@@ -517,11 +517,11 @@  discard block
 block discarded – undo
         }
 
 // inner identity
-        $config .= '  identity="' . $inner . "\"\n";
-        $logConfig .= '  identity="' . $inner . "\"\n";
+        $config .= '  identity="'.$inner."\"\n";
+        $logConfig .= '  identity="'.$inner."\"\n";
 // outer identity, may be equal
-        $config .= '  anonymous_identity="' . $outer . "\"\n";
-        $logConfig .= '  anonymous_identity="' . $outer . "\"\n";
+        $config .= '  anonymous_identity="'.$outer."\"\n";
+        $logConfig .= '  anonymous_identity="'.$outer."\"\n";
 // done
         $config .= "}";
         $logConfig .= "}";
@@ -582,13 +582,13 @@  discard block
 block discarded – undo
      * @return string the command-line for eapol_test
      */
     private function eapolTestConfig($probeindex, $opName, $frag) {
-        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] .
-                " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] .
-                " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] .
-                " -o serverchain.pem" .
-                " -c ./udp_login_test.conf" .
-                " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " .
-                " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " ";
+        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'].
+                " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'].
+                " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'].
+                " -o serverchain.pem".
+                " -c ./udp_login_test.conf".
+                " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ".
+                " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." ";
         if ($opName) {
             $cmdline .= '-N126:s:"1cat.eduroam.org" ';
         }
@@ -617,10 +617,10 @@  discard block
 block discarded – undo
      * @throws Exception
      */
     private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) {
-        if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) {
+        if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) {
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n");
         }
-        if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) {
+        if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) {
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n");
         }
 // make a copy of the EAP-received chain and add the configured intermediates, if any
@@ -634,15 +634,15 @@  discard block
 block discarded – undo
             }
             if ($decoded['ca'] == 1) {
                 if ($decoded['root'] == 1) { // save CAT roots to the root directory
-                    file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
-                    file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']);
                     $catRoots[] = $decoded['pem'];
                 } else { // save the intermediates to allcerts directory
-                    file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']);
                     $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded));
                     if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) {
                         $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
-                        file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]);
+                        file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]);
                     }
                     $catIntermediates[] = $decoded['pem'];
                 }
@@ -651,26 +651,26 @@  discard block
 block discarded – undo
         // save all intermediate certificates and CRLs to separate files in 
         // both root-ca directories
         foreach ($eapIntermediates as $index => $onePem) {
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem);
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem);
         }
         foreach ($eapIntermediateCRLs as $index => $onePem) {
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
         }
 
         $checkstring = "";
         if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) {
             $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
             $checkstring = "-crl_check_all";
-            file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
-            file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
+            file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
+            file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
         }
 
 
 // now c_rehash the root CA directory ...
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null");
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null");
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null");
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null");
         return $checkstring;
     }
 
@@ -701,12 +701,12 @@  discard block
 block discarded – undo
 // the error log will complain if we run this test against an empty file of certs
 // so test if there's something PEMy in the file at all
         if (filesize("$tmpDir/serverchain.pem") > 10) {
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
-            $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n");
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
-            $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n");
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
+            $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n");
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
+            $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n");
         }
 
 
@@ -772,7 +772,7 @@  discard block
 block discarded – undo
         // we are UNHAPPY if no names match!
         $happiness = "UNHAPPY";
         foreach ($this->expectedServerNames as $expectedName) {
-            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE));
+            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE));
             if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) {
                 $this->loggerInstance->debug(4, "Totally happy!");
                 $happiness = "TOTALLY";
@@ -816,11 +816,11 @@  discard block
 block discarded – undo
         $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password);
         // the config intentionally does not include CA checking. We do this
         // ourselves after getting the chain with -o.
-        file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]);
+        file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]);
 
         $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag);
         $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n");
-        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n");
+        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n");
         $time_start = microtime(true);
         $pflow = [];
         exec($cmdline, $pflow);
@@ -863,7 +863,7 @@  discard block
 block discarded – undo
         if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) {
             array_pop($packetflow);
         }
-        $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE));
+        $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE));
         $packetcount = array_count_values($packetflow);
         $testresults['packetcount'] = $packetcount;
         $testresults['packetflow'] = $packetflow;
@@ -940,7 +940,7 @@  discard block
 block discarded – undo
         
         $x509 = new \core\common\X509();
 // $eap_certarray holds all certs received in EAP conversation
-        $incomingData = file_get_contents($tmpDir . "/serverchain.pem");
+        $incomingData = file_get_contents($tmpDir."/serverchain.pem");
         if ($incomingData !== FALSE && strlen($incomingData) > 0) {
             $eapCertArray = $x509->splitCertificate($incomingData);
         } else {
@@ -970,10 +970,10 @@  discard block
 block discarded – undo
                 case RADIUSTests::SERVER_CA_SELFSIGNED:
                     $servercert[] = $cert;
                     if (count($servercert) == 1) {
-                        if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) {
+                        if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) {
                             $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n");
                         }
-                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true));
+                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true));
                     } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) {
                         $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS;
                     }
@@ -1053,7 +1053,7 @@  discard block
 block discarded – undo
         chdir($tmpDir);
         $this->loggerInstance->debug(4, "temp dir: $tmpDir\n");
         if ($clientcertdata !== NULL) {
-            file_put_contents($tmpDir . "/client.p12", $clientcertdata);
+            file_put_contents($tmpDir."/client.p12", $clientcertdata);
         }
         $testresults = [];
         // initialise the sub-array for cleaner parsing
@@ -1149,7 +1149,7 @@  discard block
 block discarded – undo
                     'issuer' => $this->printDN($certdata['issuer']),
                     'validFrom' => $this->printTm($certdata['validFrom_time_t']),
                     'validTo' => $this->printTm($certdata['validTo_time_t']),
-                    'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']),
+                    'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']),
                     'sha1' => $certdata['sha1'],
                     'extensions' => $certdata['extensions']
                 ];

Please login to merge, or discard this patch.

		@@ -34,7 +34,7 @@ discard block
		block discarded – undo
34	34
35	35	use \Exception;
36	36
37		-require_once dirname(dirname(__DIR__)) . "/config/_config.php";
	37	+require_once dirname(dirname(__DIR__))."/config/_config.php";
38	38
39	39	/**
40	40	* Test suite to verify that an EAP setup is actually working as advertised in
		@@ -165,7 +165,7 @@ discard block
		block discarded – undo
165	165	}
166	166	}
167	167
168		- $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true));
	168	+ $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true));
169	169	$this->loggerInstance->debug(4, print_r($expectedServerNames, true));
170	170	$this->loggerInstance->debug(4, print_r($expectedCABundle, true));
171	171
		@@ -252,7 +252,7 @@ discard block
		block discarded – undo
252	252	$returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME;
253	253	continue; // otherwise we'd ALSO complain that it's not a real hostname
254	254	}
255		- if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
	255	+ if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
256	256	$returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME;
257	257	}
258	258	}
		@@ -277,7 +277,7 @@ discard block
		block discarded – undo
277	277	if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) {
278	278	$returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE;
279	279	}
280		- $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE));
	280	+ $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE));
281	281	if ($intermediateCa['basicconstraints_set'] == 0) {
282	282	$returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS;
283	283	}
		@@ -324,7 +324,7 @@ discard block
		block discarded – undo
324	324	public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) {
325	325	// for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy
326	326	// the following PEM data is one of the SENSE EAPLab client certs (not secret at all)
327		- $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12");
	327	+ $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12");
328	328	if ($clientcert === FALSE) {
329	329	throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!");
330	330	}
		@@ -333,7 +333,7 @@ discard block
		block discarded – undo
333	333	if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) {
334	334	return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert);
335	335	}
336		- return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
	336	+ return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
337	337	}
338	338
339	339	/**
		@@ -353,7 +353,7 @@ discard block
		block discarded – undo
353	353	return RADIUSTests::CERTPROB_NO_CDP_HTTP;
354	354	}
355	355	// first and second sub-match is the full URL... check it
356		- $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]));
	356	+ $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]));
357	357	if ($crlcontent === FALSE) {
358	358	return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
359	359	}
		@@ -384,7 +384,7 @@ discard block
		block discarded – undo
384	384	fclose($pipes[1]);
385	385	fclose($pipes[2]);
386	386	$retval = proc_close($process);
387		- if ($retval != 0 \|\| !preg_match("/BEGIN X509 CRL/",$pem)) {
	387	+ if ($retval != 0 \|\| !preg_match("/BEGIN X509 CRL/", $pem)) {
388	388	// this was not a real CRL
389	389	return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
390	390	}
		@@ -406,7 +406,7 @@ discard block
		block discarded – undo
406	406	$origLength = strlen($hex);
407	407	for ($i = 1; $i < $origLength; $i++) {
408	408	if ($i % 2 == 1 && $i != strlen($hex)) {
409		- $spaced .= $hex[$i] . " ";
	409	+ $spaced .= $hex[$i]." ";
410	410	} else {
411	411	$spaced .= $hex[$i];
412	412	}
		@@ -489,19 +489,19 @@ discard block
		block discarded – undo
489	489	$eapText = \core\common\EAP::eapDisplayName($eaptype);
490	490	$config = '
491	491	network={
492		- ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing"
	492	+ ssid="' . CONFIG['APPEARANCE']['productname'].' testing"
493	493	key_mgmt=WPA-EAP
494	494	proto=WPA2
495	495	pairwise=CCMP
496	496	group=CCMP
497	497	';
498	498	// phase 1
499		- $config .= 'eap=' . $eapText['OUTER'] . "\n";
	499	+ $config .= 'eap='.$eapText['OUTER']."\n";
500	500	$logConfig = $config;
501	501	// phase 2 if applicable; all inner methods have passwords
502	502	if (isset($eapText['INNER']) && $eapText['INNER'] != "") {
503		- $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n";
504		- $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n";
	503	+ $config .= ' phase2="auth='.$eapText['INNER']."\"\n";
	504	+ $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n";
505	505	}
506	506	// all methods set a password, except EAP-TLS
507	507	if ($eaptype != \core\common\EAP::EAPTYPE_TLS) {
		@@ -517,11 +517,11 @@ discard block
		block discarded – undo
517	517	}
518	518
519	519	// inner identity
520		- $config .= ' identity="' . $inner . "\"\n";
521		- $logConfig .= ' identity="' . $inner . "\"\n";
	520	+ $config .= ' identity="'.$inner."\"\n";
	521	+ $logConfig .= ' identity="'.$inner."\"\n";
522	522	// outer identity, may be equal
523		- $config .= ' anonymous_identity="' . $outer . "\"\n";
524		- $logConfig .= ' anonymous_identity="' . $outer . "\"\n";
	523	+ $config .= ' anonymous_identity="'.$outer."\"\n";
	524	+ $logConfig .= ' anonymous_identity="'.$outer."\"\n";
525	525	// done
526	526	$config .= "}";
527	527	$logConfig .= "}";
		@@ -582,13 +582,13 @@ discard block
		block discarded – undo
582	582	* @return string the command-line for eapol_test
583	583	*/
584	584	private function eapolTestConfig($probeindex, $opName, $frag) {
585		- $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] .
586		- " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] .
587		- " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] .
588		- " -o serverchain.pem" .
589		- " -c ./udp_login_test.conf" .
590		- " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " .
591		- " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " ";
	585	+ $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'].
	586	+ " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'].
	587	+ " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'].
	588	+ " -o serverchain.pem".
	589	+ " -c ./udp_login_test.conf".
	590	+ " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ".
	591	+ " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." ";
592	592	if ($opName) {
593	593	$cmdline .= '-N126:s:"1cat.eduroam.org" ';
594	594	}
		@@ -617,10 +617,10 @@ discard block
		block discarded – undo
617	617	* @throws Exception
618	618	*/
619	619	private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) {
620		- if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) {
	620	+ if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) {
621	621	throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n");
622	622	}
623		- if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) {
	623	+ if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) {
624	624	throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n");
625	625	}
626	626	// make a copy of the EAP-received chain and add the configured intermediates, if any
		@@ -634,15 +634,15 @@ discard block
		block discarded – undo
634	634	}
635	635	if ($decoded['ca'] == 1) {
636	636	if ($decoded['root'] == 1) { // save CAT roots to the root directory
637		- file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
638		- file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
	637	+ file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']);
	638	+ file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']);
639	639	$catRoots[] = $decoded['pem'];
640	640	} else { // save the intermediates to allcerts directory
641		- file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']);
	641	+ file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']);
642	642	$intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded));
643	643	if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) {
644	644	$this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
645		- file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]);
	645	+ file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]);
646	646	}
647	647	$catIntermediates[] = $decoded['pem'];
648	648	}
		@@ -651,26 +651,26 @@ discard block
		block discarded – undo
651	651	// save all intermediate certificates and CRLs to separate files in
652	652	// both root-ca directories
653	653	foreach ($eapIntermediates as $index => $onePem) {
654		- file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem);
655		- file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem);
	654	+ file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem);
	655	+ file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem);
656	656	}
657	657	foreach ($eapIntermediateCRLs as $index => $onePem) {
658		- file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
659		- file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
	658	+ file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
	659	+ file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
660	660	}
661	661
662	662	$checkstring = "";
663	663	if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) {
664	664	$this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
665	665	$checkstring = "-crl_check_all";
666		- file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
667		- file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
	666	+ file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
	667	+ file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
668	668	}
669	669
670	670
671	671	// now c_rehash the root CA directory ...
672		- system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null");
673		- system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null");
	672	+ system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null");
	673	+ system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null");
674	674	return $checkstring;
675	675	}
676	676
		@@ -701,12 +701,12 @@ discard block
		block discarded – undo
701	701	// the error log will complain if we run this test against an empty file of certs
702	702	// so test if there's something PEMy in the file at all
703	703	if (filesize("$tmpDir/serverchain.pem") > 10) {
704		- exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
705		- $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
706		- $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n");
707		- exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
708		- $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
709		- $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n");
	704	+ exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
	705	+ $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
	706	+ $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n");
	707	+ exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
	708	+ $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
	709	+ $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n");
710	710	}
711	711
712	712
		@@ -772,7 +772,7 @@ discard block
		block discarded – undo
772	772	// we are UNHAPPY if no names match!
773	773	$happiness = "UNHAPPY";
774	774	foreach ($this->expectedServerNames as $expectedName) {
775		- $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE));
	775	+ $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE));
776	776	if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) {
777	777	$this->loggerInstance->debug(4, "Totally happy!");
778	778	$happiness = "TOTALLY";
		@@ -816,11 +816,11 @@ discard block
		block discarded – undo
816	816	$theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password);
817	817	// the config intentionally does not include CA checking. We do this
818	818	// ourselves after getting the chain with -o.
819		- file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]);
	819	+ file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]);
820	820
821	821	$cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag);
822	822	$this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n");
823		- $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n");
	823	+ $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n");
824	824	$time_start = microtime(true);
825	825	$pflow = [];
826	826	exec($cmdline, $pflow);
		@@ -863,7 +863,7 @@ discard block
		block discarded – undo
863	863	if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) {
864	864	array_pop($packetflow);
865	865	}
866		- $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE));
	866	+ $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE));
867	867	$packetcount = array_count_values($packetflow);
868	868	$testresults['packetcount'] = $packetcount;
869	869	$testresults['packetflow'] = $packetflow;
		@@ -940,7 +940,7 @@ discard block
		block discarded – undo
940	940
941	941	$x509 = new \core\common\X509();
942	942	// $eap_certarray holds all certs received in EAP conversation
943		- $incomingData = file_get_contents($tmpDir . "/serverchain.pem");
	943	+ $incomingData = file_get_contents($tmpDir."/serverchain.pem");
944	944	if ($incomingData !== FALSE && strlen($incomingData) > 0) {
945	945	$eapCertArray = $x509->splitCertificate($incomingData);
946	946	} else {
		@@ -970,10 +970,10 @@ discard block
		block discarded – undo
970	970	case RADIUSTests::SERVER_CA_SELFSIGNED:
971	971	$servercert[] = $cert;
972	972	if (count($servercert) == 1) {
973		- if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) {
	973	+ if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) {
974	974	$this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n");
975	975	}
976		- $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true));
	976	+ $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true));
977	977	} elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) {
978	978	$testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS;
979	979	}
		@@ -1053,7 +1053,7 @@ discard block
		block discarded – undo
1053	1053	chdir($tmpDir);
1054	1054	$this->loggerInstance->debug(4, "temp dir: $tmpDir\n");
1055	1055	if ($clientcertdata !== NULL) {
1056		- file_put_contents($tmpDir . "/client.p12", $clientcertdata);
	1056	+ file_put_contents($tmpDir."/client.p12", $clientcertdata);
1057	1057	}
1058	1058	$testresults = [];
1059	1059	// initialise the sub-array for cleaner parsing
		@@ -1149,7 +1149,7 @@ discard block
		block discarded – undo
1149	1149	'issuer' => $this->printDN($certdata['issuer']),
1150	1150	'validFrom' => $this->printTm($certdata['validFrom_time_t']),
1151	1151	'validTo' => $this->printTm($certdata['validTo_time_t']),
1152		- 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']),
	1152	+ 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']),
1153	1153	'sha1' => $certdata['sha1'],
1154	1154	'extensions' => $certdata['extensions']
1155	1155	];

GEANT / CAT

Push — release_2_0 ( 371434...42a179 )

Status

Category

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch