GEANT / CAT

core/SilverbulletCertificate.php

Spacing +21 added lines, -21 removed lines

@@ -144,7 +144,7 @@ 
     public function annotate($annotation) {
         $encoded = json_encode($annotation);
         $this->annotation = $encoded;
-        $this->databaseHandle->exec("UPDATE silverbullet_certificate SET extrainfo = ? WHERE serial_number = ?", "si", $encoded, $this->serial );
+        $this->databaseHandle->exec("UPDATE silverbullet_certificate SET extrainfo = ? WHERE serial_number = ?", "si", $encoded, $this->serial);
     }
     /**
      * we don't use caching in SB, so this function does nothing
@@ -170,7 +170,7 @@ 
         $invitationObject = new SilverbulletInvitation($token);
         $profile = new ProfileSilverbullet($invitationObject->profile);
         $inst = new IdP($profile->institution);
-        $loggerInstance->debug(5, "tokenStatus: done, got " . $invitationObject->invitationTokenStatus . ", " . $invitationObject->profile . ", " . $invitationObject->userId . ", " . $invitationObject->expiry . ", " . $invitationObject->invitationTokenString . "\n");
+        $loggerInstance->debug(5, "tokenStatus: done, got ".$invitationObject->invitationTokenStatus.", ".$invitationObject->profile.", ".$invitationObject->userId.", ".$invitationObject->expiry.", ".$invitationObject->invitationTokenString."\n");
         if ($invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_VALID && $invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
             throw new Exception("Attempt to generate a SilverBullet installer with an invalid/redeemed/expired token. The user should never have gotten that far!");
         }
@@ -183,12 +183,12 @@ 
             throw new Exception("Despite a valid token, the corresponding user was not found in database or database query error!");
         }
         $expiryObject = mysqli_fetch_object(/** @scrutinizer ignore-type */ $userrow);
-        $loggerInstance->debug(5, "EXP: " . $expiryObject->expiry . "\n");
+        $loggerInstance->debug(5, "EXP: ".$expiryObject->expiry."\n");
         $expiryDateObject = date_create_from_format("Y-m-d H:i:s", $expiryObject->expiry);
         if ($expiryDateObject === FALSE) {
             throw new Exception("The expiry date we got from the DB is bogus!");
         }
-        $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s") . "\n");
+        $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s")."\n");
         // date_create with no parameters can't fail, i.e. is never FALSE
         $validity = date_diff(/** @scrutinizer ignore-type */ date_create(), $expiryDateObject);
         $expiryDays = $validity->days + 1;
@@ -237,7 +237,7 @@ 
         $certString = "";
         openssl_x509_export($cert, $certString);
         $parsedCert = $x509->processCertificate($certString);
-        $loggerInstance->debug(5, "CERTINFO: " . print_r($parsedCert['full_details'], true));
+        $loggerInstance->debug(5, "CERTINFO: ".print_r($parsedCert['full_details'], true));
         $realExpiryDate = date_create_from_format("U", $parsedCert['full_details']['validTo_time_t'])->format("Y-m-d H:i:s");
 
         // store new cert info in DB
@@ -295,26 +295,26 @@ 
                 $cat = new CAT();
                 $tempdirArray = $cat->createTemporaryDirectory("test");
                 $tempdir = $tempdirArray['dir'];
-                $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z";
-                $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z";
+                $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z";
+                $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z";
                 $serialHex = strtoupper(dechex($this->serial));
                 if (strlen($serialHex) % 2 == 1) {
-                    $serialHex = "0" . $serialHex;
+                    $serialHex = "0".$serialHex;
                 }
 
-                $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . CONFIG_CONFASSISTANT['CONSORTIUM']['name'] . "/OU=$federation/CN=$this->username\n";
+                $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".CONFIG_CONFASSISTANT['CONSORTIUM']['name']."/OU=$federation/CN=$this->username\n";
                 $logHandle->debug(4, "index.txt contents-to-be: $indexStatement");
-                if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) {
+                if (!file_put_contents($tempdir."/index.txt", $indexStatement)) {
                     $logHandle->debug(1, "Unable to write openssl index.txt file for revocation handling!");
                 }
                 // index.txt.attr is dull but needs to exist
-                file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n");
+                file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n");
                 // call "openssl ocsp" to manufacture our own OCSP statement
                 // adding "-rmd sha1" to the following command-line makes the
                 // choice of signature algorithm for the response explicit
                 // but it's only available from openssl-1.1.0 (which we do not
                 // want to require just for that one thing).
-                $execCmd = CONFIG['PATHS']['openssl'] . " ocsp -issuer " . ROOT . "/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . ROOT . "/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -rsigner " . ROOT . "/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -rkey " . ROOT . "/config/SilverbulletClientCerts/real-".$this->ca_type.".key -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
+                $execCmd = CONFIG['PATHS']['openssl']." ocsp -issuer ".ROOT."/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".ROOT."/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -rsigner ".ROOT."/config/SilverbulletClientCerts/real-".$this->ca_type.".pem -rkey ".ROOT."/config/SilverbulletClientCerts/real-".$this->ca_type.".key -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
                 $logHandle->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n");
                 $output = [];
                 $return = 999;
@@ -322,11 +322,11 @@ 
                 if ($return !== 0) {
                     throw new Exception("Non-zero return value from openssl ocsp!");
                 }
-                $ocsp = file_get_contents($tempdir . "/$serialHex.response.der");
+                $ocsp = file_get_contents($tempdir."/$serialHex.response.der");
                 // remove the temp dir!
-                unlink($tempdir . "/$serialHex.response.der");
-                unlink($tempdir . "/index.txt.attr");
-                unlink($tempdir . "/index.txt");
+                unlink($tempdir."/$serialHex.response.der");
+                unlink($tempdir."/index.txt.attr");
+                unlink($tempdir."/index.txt");
                 rmdir($tempdir);
                 break;
             default:
@@ -380,7 +380,7 @@ 
         $username = "";
         while ($usernameIsUnique === FALSE) {
             $usernameLocalPart = common\Entity::randomString(64 - 1 - strlen($realm), "0123456789abcdefghijklmnopqrstuvwxyz");
-            $username = $usernameLocalPart . "@" . $realm;
+            $username = $usernameLocalPart."@".$realm;
             $uniquenessQuery = $databaseHandle->exec("SELECT cn from silverbullet_certificate WHERE cn = ?", "s", $username);
             // SELECT -> resource, not boolean
             if (mysqli_num_rows(/** @scrutinizer ignore-type */ $uniquenessQuery) == 0) {
@@ -432,10 +432,10 @@ 
         $databaseHandle = DBConnection::handle("INST");
         switch (CONFIG_CONFASSISTANT['SILVERBULLET']['CA']['type']) {
             case "embedded":
-                $rootCaPem = file_get_contents(ROOT . "/config/SilverbulletClientCerts/rootca-$certtype.pem");
-                $issuingCaPem = file_get_contents(ROOT . "/config/SilverbulletClientCerts/real-$certtype.pem");
+                $rootCaPem = file_get_contents(ROOT."/config/SilverbulletClientCerts/rootca-$certtype.pem");
+                $issuingCaPem = file_get_contents(ROOT."/config/SilverbulletClientCerts/real-$certtype.pem");
                 $issuingCa = openssl_x509_read($issuingCaPem);
-                $issuingCaKey = openssl_pkey_get_private("file://" . ROOT . "/config/SilverbulletClientCerts/real-$certtype.key");
+                $issuingCaKey = openssl_pkey_get_private("file://".ROOT."/config/SilverbulletClientCerts/real-$certtype.key");
                 $nonDupSerialFound = FALSE;
                 do {
                     $serial = random_int(1000000000, PHP_INT_MAX);
@@ -457,7 +457,7 @@ 
                         throw new Exception("Unknown cert type!");
                 }
                 return [
-                    "CERT" => openssl_csr_sign($csr, $issuingCa, $issuingCaKey, $expiryDays, ['digest_alg' => $alg, 'config' => dirname(__DIR__) . "/config/SilverbulletClientCerts/openssl-$certtype.cnf"], $serial),
+                    "CERT" => openssl_csr_sign($csr, $issuingCa, $issuingCaKey, $expiryDays, ['digest_alg' => $alg, 'config' => dirname(__DIR__)."/config/SilverbulletClientCerts/openssl-$certtype.cnf"], $serial),
                     "SERIAL" => $serial,
                     "ISSUER" => $issuingCaPem,
                     "ROOT" => $rootCaPem,