GEANT /
CAT
@@ -371,9 +371,9 @@ |
||
| 371 | 371 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 372 | 372 | $proc = \config\Master::PATHS['openssl']." crl -inform der"; |
| 373 | 373 | $descriptorspec = [ |
| 374 | - 0 => ["pipe", "r"], |
|
| 375 | - 1 => ["pipe", "w"], |
|
| 376 | - 2 => ["pipe", "w"], |
|
| 374 | + 0 => ["pipe", "r"], |
|
| 375 | + 1 => ["pipe", "w"], |
|
| 376 | + 2 => ["pipe", "w"], |
|
| 377 | 377 | ]; |
| 378 | 378 | $process = proc_open($proc, $descriptorspec, $pipes); |
| 379 | 379 | if (!is_resource($process)) { |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | } |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true)); |
|
| 167 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true)); |
|
| 168 | 168 | $this->loggerInstance->debug(4, print_r($expectedServerNames, true)); |
| 169 | 169 | $this->loggerInstance->debug(4, print_r($expectedCABundle, true)); |
| 170 | 170 | |
@@ -251,7 +251,7 @@ discard block |
||
| 251 | 251 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 252 | 252 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 253 | 253 | } |
| 254 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 254 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 255 | 255 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 256 | 256 | } |
| 257 | 257 | } |
@@ -277,7 +277,7 @@ discard block |
||
| 277 | 277 | $probValue = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 278 | 278 | $returnarray[] = $probValue; |
| 279 | 279 | } |
| 280 | - $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE)); |
|
| 280 | + $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE)); |
|
| 281 | 281 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 282 | 282 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 283 | 283 | } |
@@ -325,7 +325,7 @@ discard block |
||
| 325 | 325 | public function udpReachability($probeindex, $opnameCheck = TRUE, $frag = TRUE) { |
| 326 | 326 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 327 | 327 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 328 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 328 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 329 | 329 | if ($clientcert === FALSE) { |
| 330 | 330 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 331 | 331 | } |
@@ -334,7 +334,7 @@ discard block |
||
| 334 | 334 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 335 | 335 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 336 | 336 | } |
| 337 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 337 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 338 | 338 | } |
| 339 | 339 | |
| 340 | 340 | /** |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 356 | 356 | } |
| 357 | 357 | // first and second sub-match is the full URL... check it |
| 358 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2])); |
|
| 358 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2])); |
|
| 359 | 359 | if ($crlcontent === FALSE) { |
| 360 | 360 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 361 | 361 | } |
@@ -386,7 +386,7 @@ discard block |
||
| 386 | 386 | fclose($pipes[1]); |
| 387 | 387 | fclose($pipes[2]); |
| 388 | 388 | $retval = proc_close($process); |
| 389 | - if ($retval != 0 || !preg_match("/BEGIN X509 CRL/",$pem)) { |
|
| 389 | + if ($retval != 0 || !preg_match("/BEGIN X509 CRL/", $pem)) { |
|
| 390 | 390 | // this was not a real CRL |
| 391 | 391 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 392 | 392 | } |
@@ -408,7 +408,7 @@ discard block |
||
| 408 | 408 | $origLength = strlen($hex); |
| 409 | 409 | for ($i = 1; $i < $origLength; $i++) { |
| 410 | 410 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 411 | - $spaced .= $hex[$i] . " "; |
|
| 411 | + $spaced .= $hex[$i]." "; |
|
| 412 | 412 | } else { |
| 413 | 413 | $spaced .= $hex[$i]; |
| 414 | 414 | } |
@@ -492,19 +492,19 @@ discard block |
||
| 492 | 492 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 493 | 493 | $config = ' |
| 494 | 494 | network={ |
| 495 | - ssid="' . \config\Master::APPEARANCE['productname'] . ' testing" |
|
| 495 | + ssid="' . \config\Master::APPEARANCE['productname'].' testing" |
|
| 496 | 496 | key_mgmt=WPA-EAP |
| 497 | 497 | proto=WPA2 |
| 498 | 498 | pairwise=CCMP |
| 499 | 499 | group=CCMP |
| 500 | 500 | '; |
| 501 | 501 | // phase 1 |
| 502 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 502 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 503 | 503 | $logConfig = $config; |
| 504 | 504 | // phase 2 if applicable; all inner methods have passwords |
| 505 | 505 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 506 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 507 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 506 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 507 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 508 | 508 | } |
| 509 | 509 | // all methods set a password, except EAP-TLS |
| 510 | 510 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -520,11 +520,11 @@ discard block |
||
| 520 | 520 | } |
| 521 | 521 | |
| 522 | 522 | // inner identity |
| 523 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 524 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 523 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 524 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 525 | 525 | // outer identity, may be equal |
| 526 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 527 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 526 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 527 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 528 | 528 | // done |
| 529 | 529 | $config .= "}"; |
| 530 | 530 | $logConfig .= "}"; |
@@ -585,13 +585,13 @@ discard block |
||
| 585 | 585 | * @return string the command-line for eapol_test |
| 586 | 586 | */ |
| 587 | 587 | private function eapolTestConfig($probeindex, $opName, $frag) { |
| 588 | - $cmdline = \config\Diagnostics::PATHS['eapol_test'] . |
|
| 589 | - " -a " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip'] . |
|
| 590 | - " -s " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret'] . |
|
| 591 | - " -o serverchain.pem" . |
|
| 592 | - " -c ./udp_login_test.conf" . |
|
| 593 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 594 | - " -t " . \config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 588 | + $cmdline = \config\Diagnostics::PATHS['eapol_test']. |
|
| 589 | + " -a ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['ip']. |
|
| 590 | + " -s ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['secret']. |
|
| 591 | + " -o serverchain.pem". |
|
| 592 | + " -c ./udp_login_test.conf". |
|
| 593 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 594 | + " -t ".\config\Diagnostics::RADIUSTESTS['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 595 | 595 | if ($opName) { |
| 596 | 596 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 597 | 597 | } |
@@ -620,10 +620,10 @@ discard block |
||
| 620 | 620 | * @throws Exception |
| 621 | 621 | */ |
| 622 | 622 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) { |
| 623 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 623 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 624 | 624 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 625 | 625 | } |
| 626 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 626 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 627 | 627 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 628 | 628 | } |
| 629 | 629 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -637,15 +637,15 @@ discard block |
||
| 637 | 637 | } |
| 638 | 638 | if ($decoded['ca'] == 1) { |
| 639 | 639 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 640 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 641 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 640 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 641 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 642 | 642 | $catRoots[] = $decoded['pem']; |
| 643 | 643 | } else { // save the intermediates to allcerts directory |
| 644 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 644 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 645 | 645 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 646 | 646 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 647 | 647 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 648 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 648 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 649 | 649 | } |
| 650 | 650 | $catIntermediates[] = $decoded['pem']; |
| 651 | 651 | } |
@@ -654,26 +654,26 @@ discard block |
||
| 654 | 654 | // save all intermediate certificates and CRLs to separate files in |
| 655 | 655 | // both root-ca directories |
| 656 | 656 | foreach ($eapIntermediates as $index => $onePem) { |
| 657 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 658 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 657 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 658 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 659 | 659 | } |
| 660 | 660 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 661 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 662 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 661 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 662 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 663 | 663 | } |
| 664 | 664 | |
| 665 | 665 | $checkstring = ""; |
| 666 | 666 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 667 | 667 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 668 | 668 | $checkstring = "-crl_check_all"; |
| 669 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 670 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 669 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 670 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 671 | 671 | } |
| 672 | 672 | |
| 673 | 673 | |
| 674 | 674 | // now c_rehash the root CA directory ... |
| 675 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 676 | - system(\config\Diagnostics::PATHS['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 675 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 676 | + system(\config\Diagnostics::PATHS['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 677 | 677 | return $checkstring; |
| 678 | 678 | } |
| 679 | 679 | |
@@ -704,12 +704,12 @@ discard block |
||
| 704 | 704 | // the error log will complain if we run this test against an empty file of certs |
| 705 | 705 | // so test if there's something PEMy in the file at all |
| 706 | 706 | if (filesize("$tmpDir/serverchain.pem") > 10) { |
| 707 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 708 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 709 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 710 | - exec(\config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 711 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 712 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 707 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 708 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 709 | + $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 710 | + exec(\config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 711 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 712 | + $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 713 | 713 | } |
| 714 | 714 | |
| 715 | 715 | |
@@ -775,7 +775,7 @@ discard block |
||
| 775 | 775 | // we are UNHAPPY if no names match! |
| 776 | 776 | $happiness = "UNHAPPY"; |
| 777 | 777 | foreach ($this->expectedServerNames as $expectedName) { |
| 778 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE)); |
|
| 778 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE)); |
|
| 779 | 779 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 780 | 780 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 781 | 781 | $happiness = "TOTALLY"; |
@@ -819,11 +819,11 @@ discard block |
||
| 819 | 819 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 820 | 820 | // the config intentionally does not include CA checking. We do this |
| 821 | 821 | // ourselves after getting the chain with -o. |
| 822 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 822 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 823 | 823 | |
| 824 | 824 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 825 | 825 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 826 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 826 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 827 | 827 | $time_start = microtime(true); |
| 828 | 828 | $pflow = []; |
| 829 | 829 | exec($cmdline, $pflow); |
@@ -866,7 +866,7 @@ discard block |
||
| 866 | 866 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 867 | 867 | array_pop($packetflow); |
| 868 | 868 | } |
| 869 | - $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE)); |
|
| 869 | + $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE)); |
|
| 870 | 870 | $packetcount = array_count_values($packetflow); |
| 871 | 871 | $testresults['packetcount'] = $packetcount; |
| 872 | 872 | $testresults['packetflow'] = $packetflow; |
@@ -943,7 +943,7 @@ discard block |
||
| 943 | 943 | |
| 944 | 944 | $x509 = new \core\common\X509(); |
| 945 | 945 | // $eap_certarray holds all certs received in EAP conversation |
| 946 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 946 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 947 | 947 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 948 | 948 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 949 | 949 | } else { |
@@ -973,10 +973,10 @@ discard block |
||
| 973 | 973 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 974 | 974 | $servercert[] = $cert; |
| 975 | 975 | if (count($servercert) == 1) { |
| 976 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $cert['pem'] . "\n") === FALSE) { |
|
| 976 | + if (file_put_contents($tmpDir."/incomingserver.pem", $cert['pem']."\n") === FALSE) { |
|
| 977 | 977 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 978 | 978 | } |
| 979 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true)); |
|
| 979 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true)); |
|
| 980 | 980 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 981 | 981 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 982 | 982 | } |
@@ -1056,7 +1056,7 @@ discard block |
||
| 1056 | 1056 | chdir($tmpDir); |
| 1057 | 1057 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1058 | 1058 | if ($clientcertdata !== NULL) { |
| 1059 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1059 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1060 | 1060 | } |
| 1061 | 1061 | $testresults = []; |
| 1062 | 1062 | // initialise the sub-array for cleaner parsing |
@@ -1152,7 +1152,7 @@ discard block |
||
| 1152 | 1152 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1153 | 1153 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1154 | 1154 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1155 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1155 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1156 | 1156 | 'sha1' => $certdata['sha1'], |
| 1157 | 1157 | 'extensions' => $certdata['extensions'] |
| 1158 | 1158 | ]; |
@@ -104,11 +104,11 @@ discard block |
||
| 104 | 104 | $this->possibleFailureReasons = $_SESSION["SUSPECTS"] ?? []; // if we know nothing, don't talk to anyone |
| 105 | 105 | $this->additionalFindings = $_SESSION["EVIDENCE"] ?? []; |
| 106 | 106 | |
| 107 | - $this->subjectPrefix = _("[eduroam Diagnostics]") . " "; |
|
| 107 | + $this->subjectPrefix = _("[eduroam Diagnostics]")." "; |
|
| 108 | 108 | $this->finalGreeting = "\n" |
| 109 | 109 | . _("(This service is in an early stage. We apologise if this is a false alert. If this is the case, please send an email report to [email protected], forwarding the entire message (including the 'SUSPECTS' and 'EVIDENCE' data at the end), and explain why this is a false positive.)") |
| 110 | 110 | . "\n" |
| 111 | - . _("Yours sincerely,") . "\n" |
|
| 111 | + . _("Yours sincerely,")."\n" |
|
| 112 | 112 | . "\n" |
| 113 | 113 | . _("Ed U. Roam, the eduroam diagnostics algorithm"); |
| 114 | 114 | |
@@ -119,13 +119,13 @@ discard block |
||
| 119 | 119 | "bcc" => [], |
| 120 | 120 | "reply-to" => [Logopath::EDUROAM_OT], |
| 121 | 121 | "subject" => _("[POLICYVIOLATION NATIONAL] IdP with no entry in eduroam database"), |
| 122 | - "body" => _("Dear NRO administrator,") . "\n" |
|
| 122 | + "body" => _("Dear NRO administrator,")."\n" |
|
| 123 | 123 | . "\n" |
| 124 | - . wordwrap(sprintf(_("an end-user requested diagnostics for realm %s. Real-time connectivity checks determined that the realm exists, but we were unable to find an IdP with that realm in the eduroam database."), "foo.bar")) . "\n" |
|
| 124 | + . wordwrap(sprintf(_("an end-user requested diagnostics for realm %s. Real-time connectivity checks determined that the realm exists, but we were unable to find an IdP with that realm in the eduroam database."), "foo.bar"))."\n" |
|
| 125 | 125 | . "\n" |
| 126 | - . _("By not listing IdPs in the eduroam database, you are violating the eduroam policy.") . "\n" |
|
| 126 | + . _("By not listing IdPs in the eduroam database, you are violating the eduroam policy.")."\n" |
|
| 127 | 127 | . "\n" |
| 128 | - . _("Additionally, this creates operational issues. In particular, we are unable to direct end users to their IdP for further diagnosis/instructions because there are no contact points for that IdP in the database.") . "\n" |
|
| 128 | + . _("Additionally, this creates operational issues. In particular, we are unable to direct end users to their IdP for further diagnosis/instructions because there are no contact points for that IdP in the database.")."\n" |
|
| 129 | 129 | . "\n" |
| 130 | 130 | . "Please stop the policy violation ASAP by listing the IdP which is associated to this realm.", |
| 131 | 131 | ], |
@@ -279,7 +279,7 @@ discard block |
||
| 279 | 279 | |
| 280 | 280 | $handle = \core\common\OutsideComm::mailHandle(); |
| 281 | 281 | // let's identify outselves |
| 282 | - $handle->FromName = \config\Master::APPEARANCE['productname'] . " Real-Time Diagnostics System"; |
|
| 282 | + $handle->FromName = \config\Master::APPEARANCE['productname']." Real-Time Diagnostics System"; |
|
| 283 | 283 | // add recipients |
| 284 | 284 | foreach (Logopath::CATEGORYBINDING as $arrayName => $functionName) { |
| 285 | 285 | foreach ($theMail[$arrayName] as $onePrincipal) { |
@@ -120,7 +120,7 @@ discard block |
||
| 120 | 120 | $this->test_result = []; |
| 121 | 121 | $this->test_result['global'] = 0; |
| 122 | 122 | // parse the schema file to find out the number of expected rows... |
| 123 | - $schema = file(dirname(dirname(__FILE__)) . "/schema/schema.sql"); |
|
| 123 | + $schema = file(dirname(dirname(__FILE__))."/schema/schema.sql"); |
|
| 124 | 124 | $this->profileOptionCount = 0; |
| 125 | 125 | $passedTheWindmill = FALSE; |
| 126 | 126 | foreach ($schema as $schemaLine) { |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | public function runTest($test) { |
| 147 | 147 | $this->out[$test] = []; |
| 148 | 148 | $this->name = $test; |
| 149 | - $m_name = 'test' . $test; |
|
| 149 | + $m_name = 'test'.$test; |
|
| 150 | 150 | $this->test_result[$test] = 0; |
| 151 | 151 | if (!method_exists($this, $m_name)) { |
| 152 | 152 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Configuration error, no test configured for <strong>$test</strong>."); |
@@ -234,7 +234,7 @@ discard block |
||
| 234 | 234 | $matchArray = []; |
| 235 | 235 | preg_match('/([^ ]+) ?/', $config[$pathToCheck], $matchArray); |
| 236 | 236 | $exe = $matchArray[1]; |
| 237 | - $the_path = exec("which " . $config[$pathToCheck]); |
|
| 237 | + $the_path = exec("which ".$config[$pathToCheck]); |
|
| 238 | 238 | if ($the_path == $exe) { |
| 239 | 239 | $exec_is = "EXPLICIT"; |
| 240 | 240 | } else { |
@@ -253,9 +253,9 @@ discard block |
||
| 253 | 253 | */ |
| 254 | 254 | private function testPhp() { |
| 255 | 255 | if (version_compare(phpversion(), $this->needversionPHP, '>=')) { |
| 256 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running " . phpversion() . "."); |
|
| 256 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>PHP</strong> is sufficiently recent. You are running ".phpversion()."."); |
|
| 257 | 257 | } else { |
| 258 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have " . phpversion() . "."); |
|
| 258 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>PHP</strong> is too old. We need at least $this->needversionPHP, but you only have ".phpversion()."."); |
|
| 259 | 259 | } |
| 260 | 260 | } |
| 261 | 261 | |
@@ -271,7 +271,7 @@ discard block |
||
| 271 | 271 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>cat_base_url</strong> set correctly"); |
| 272 | 272 | } else { |
| 273 | 273 | $rootFromScript = $m[1] === '' ? '/' : $m[1]; |
| 274 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>" . \config\Master::PATHS['cat_base_url'] . "</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 274 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>cat_base_url</strong> is set to <strong>".\config\Master::PATHS['cat_base_url']."</strong> and should be <strong>$rootFromScript</strong>"); |
|
| 275 | 275 | } |
| 276 | 276 | } |
| 277 | 277 | |
@@ -291,7 +291,7 @@ discard block |
||
| 291 | 291 | if (count($probeReturns) == 0) { |
| 292 | 292 | $this->storeTestResult(common\Entity::L_OK, "All configured RADIUS/UDP probes are reachable."); |
| 293 | 293 | } else { |
| 294 | - $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: ".implode(', ',$probeReturns)); |
|
| 294 | + $this->storeTestResult(common\Entity::L_ERROR, "The following RADIUS probes are NOT reachable: ".implode(', ', $probeReturns)); |
|
| 295 | 295 | } |
| 296 | 296 | } |
| 297 | 297 | |
@@ -308,9 +308,9 @@ discard block |
||
| 308 | 308 | $SSPconfig = \SimpleSAML\Configuration::getInstance(); |
| 309 | 309 | $sspVersion = explode('.', $SSPconfig->getVersion()); |
| 310 | 310 | if ((int) $sspVersion[0] >= $this->needversionSSP['major'] && (int) $sspVersion[1] >= $this->needversionSSP['minor']) { |
| 311 | - $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficently recent. You are running " . implode('.', $sspVersion)); |
|
| 311 | + $this->storeTestResult(\core\common\Entity::L_OK, "<strong>simpleSAMLphp</strong> is sufficently recent. You are running ".implode('.', $sspVersion)); |
|
| 312 | 312 | } else { |
| 313 | - $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least " . implode('.', $this->needversionSSP)); |
|
| 313 | + $this->storeTestResult(\core\common\Entity::L_ERROR, "<strong>simpleSAMLphp</strong> is too old. We need at least ".implode('.', $this->needversionSSP)); |
|
| 314 | 314 | } |
| 315 | 315 | } |
| 316 | 316 | } |
@@ -364,8 +364,8 @@ discard block |
||
| 364 | 364 | * @return void |
| 365 | 365 | */ |
| 366 | 366 | private function testLogdir() { |
| 367 | - if (fopen(\config\Master::PATHS['logdir'] . "/debug.log", "a") == FALSE) { |
|
| 368 | - $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>" . \config\Master::PATHS['logdir'] . "</strong> are not writable!"); |
|
| 367 | + if (fopen(\config\Master::PATHS['logdir']."/debug.log", "a") == FALSE) { |
|
| 368 | + $this->storeTestResult(\core\common\Entity::L_WARN, "Log files in <strong>".\config\Master::PATHS['logdir']."</strong> are not writable!"); |
|
| 369 | 369 | } else { |
| 370 | 370 | $this->storeTestResult(\core\common\Entity::L_OK, "Log directory is writable."); |
| 371 | 371 | } |
@@ -489,7 +489,7 @@ discard block |
||
| 489 | 489 | private function testOpenssl() { |
| 490 | 490 | $A = $this->getExecPath('openssl'); |
| 491 | 491 | if ($A['exec'] != "") { |
| 492 | - $t = exec($A['exec'] . ' version'); |
|
| 492 | + $t = exec($A['exec'].' version'); |
|
| 493 | 493 | if ($A['exec_is'] == "EXPLICIT") { |
| 494 | 494 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>$t</strong> was found and is configured explicitly in your config."); |
| 495 | 495 | } else { |
@@ -516,14 +516,14 @@ discard block |
||
| 516 | 516 | } |
| 517 | 517 | $A = $this->getExecPath('makensis'); |
| 518 | 518 | if ($A['exec'] != "") { |
| 519 | - $t = exec($A['exec'] . ' -VERSION'); |
|
| 519 | + $t = exec($A['exec'].' -VERSION'); |
|
| 520 | 520 | if ($A['exec_is'] == "EXPLICIT") { |
| 521 | 521 | $this->storeTestResult(\core\common\Entity::L_OK, "<strong>makensis $t</strong> was found and is configured explicitly in your config."); |
| 522 | 522 | } else { |
| 523 | 523 | $this->storeTestResult(\core\common\Entity::L_WARN, "<strong>makensis $t</strong> was found, but is not configured with an absolute path in your config."); |
| 524 | 524 | } |
| 525 | 525 | $outputArray = []; |
| 526 | - exec($A['exec'] . ' -HELP', $outputArray); |
|
| 526 | + exec($A['exec'].' -HELP', $outputArray); |
|
| 527 | 527 | $t1 = count(preg_grep('/INPUTCHARSET/', $outputArray)); |
| 528 | 528 | if ($t1 == 1 && \config\ConfAssistant::NSIS_VERSION == 2) { |
| 529 | 529 | $this->storeTestResult(\core\common\Entity::L_ERROR, "Declared NSIS_VERSION does not seem to match the file pointed to by PATHS['makensis']!"); |
@@ -552,7 +552,7 @@ discard block |
||
| 552 | 552 | $NSIS_Module_status = []; |
| 553 | 553 | foreach ($this->NSISModules as $module) { |
| 554 | 554 | unset($out); |
| 555 | - exec(\config\ConfAssistant::PATHS['makensis'] . " -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 555 | + exec(\config\ConfAssistant::PATHS['makensis']." -V1 '-X!include $module' '-XOutFile $exe' '-XSection X' '-XSectionEnd'", $out, $retval); |
|
| 556 | 556 | if ($retval > 0) { |
| 557 | 557 | $NSIS_Module_status[$module] = 0; |
| 558 | 558 | } else { |
@@ -615,8 +615,8 @@ discard block |
||
| 615 | 615 | $locales = shell_exec("locale -a"); |
| 616 | 616 | $allthere = ""; |
| 617 | 617 | foreach (\config\Master::LANGUAGES as $onelanguage) { |
| 618 | - if (preg_match("/" . $onelanguage['locale'] . "/", $locales) == 0) { |
|
| 619 | - $allthere .= $onelanguage['locale'] . " "; |
|
| 618 | + if (preg_match("/".$onelanguage['locale']."/", $locales) == 0) { |
|
| 619 | + $allthere .= $onelanguage['locale']." "; |
|
| 620 | 620 | } |
| 621 | 621 | } |
| 622 | 622 | if ($allthere == "") { |
@@ -630,47 +630,47 @@ discard block |
||
| 630 | 630 | ["SETTING" => \config\Master::APPEARANCE['from-mail'], |
| 631 | 631 | "DEFVALUE" => "[email protected]", |
| 632 | 632 | "COMPLAINTSTRING" => "APPEARANCE/from-mail ", |
| 633 | - "REQUIRED" => FALSE,], |
|
| 633 | + "REQUIRED" => FALSE, ], |
|
| 634 | 634 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['url'], |
| 635 | 635 | "DEFVALUE" => "[email protected]?body=Only%20English%20language%20please!", |
| 636 | 636 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/url ", |
| 637 | - "REQUIRED" => FALSE,], |
|
| 637 | + "REQUIRED" => FALSE, ], |
|
| 638 | 638 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['display'], |
| 639 | 639 | "DEFVALUE" => "[email protected]", |
| 640 | 640 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/display ", |
| 641 | - "REQUIRED" => FALSE,], |
|
| 641 | + "REQUIRED" => FALSE, ], |
|
| 642 | 642 | ["SETTING" => \config\Master::APPEARANCE['support-contact']['developer-mail'], |
| 643 | 643 | "DEFVALUE" => "[email protected]", |
| 644 | 644 | "COMPLAINTSTRING" => "APPEARANCE/support-contact/mail ", |
| 645 | - "REQUIRED" => FALSE,], |
|
| 645 | + "REQUIRED" => FALSE, ], |
|
| 646 | 646 | ["SETTING" => \config\Master::APPEARANCE['abuse-mail'], |
| 647 | 647 | "DEFVALUE" => "[email protected]", |
| 648 | 648 | "COMPLAINTSTRING" => "APPEARANCE/abuse-mail ", |
| 649 | - "REQUIRED" => FALSE,], |
|
| 649 | + "REQUIRED" => FALSE, ], |
|
| 650 | 650 | ["SETTING" => \config\Master::APPEARANCE['MOTD'], |
| 651 | 651 | "DEFVALUE" => "Release Candidate. All bugs to be shot on sight!", |
| 652 | 652 | "COMPLAINTSTRING" => "APPEARANCE/MOTD ", |
| 653 | - "REQUIRED" => FALSE,], |
|
| 653 | + "REQUIRED" => FALSE, ], |
|
| 654 | 654 | ["SETTING" => \config\Master::APPEARANCE['webcert_CRLDP'], |
| 655 | 655 | "DEFVALUE" => ['list', 'of', 'CRL', 'pointers'], |
| 656 | 656 | "COMPLAINTSTRING" => "APPEARANCE/webcert_CRLDP ", |
| 657 | - "REQUIRED" => TRUE,], |
|
| 657 | + "REQUIRED" => TRUE, ], |
|
| 658 | 658 | ["SETTING" => \config\Master::APPEARANCE['webcert_OCSP'], |
| 659 | 659 | "DEFVALUE" => ['list', 'of', 'OCSP', 'pointers'], |
| 660 | 660 | "COMPLAINTSTRING" => "APPEARANCE/webcert_OCSP ", |
| 661 | - "REQUIRED" => TRUE,], |
|
| 661 | + "REQUIRED" => TRUE, ], |
|
| 662 | 662 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 663 | 663 | "DEFVALUE" => "db.host.example", |
| 664 | 664 | "COMPLAINTSTRING" => "DB/INST ", |
| 665 | - "REQUIRED" => TRUE,], |
|
| 665 | + "REQUIRED" => TRUE, ], |
|
| 666 | 666 | ["SETTING" => \config\Master::DB['INST']['host'], |
| 667 | 667 | "DEFVALUE" => "db.host.example", |
| 668 | 668 | "COMPLAINTSTRING" => "DB/USER ", |
| 669 | - "REQUIRED" => TRUE,], |
|
| 669 | + "REQUIRED" => TRUE, ], |
|
| 670 | 670 | ["SETTING" => \config\Master::DB['EXTERNAL']['host'], |
| 671 | 671 | "DEFVALUE" => "customerdb.otherhost.example", |
| 672 | 672 | "COMPLAINTSTRING" => "DB/EXTERNAL ", |
| 673 | - "REQUIRED" => FALSE,], |
|
| 673 | + "REQUIRED" => FALSE, ], |
|
| 674 | 674 | ]; |
| 675 | 675 | |
| 676 | 676 | /** |
@@ -696,11 +696,11 @@ discard block |
||
| 696 | 696 | |
| 697 | 697 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-clientcerts'] as $cadata) { |
| 698 | 698 | foreach ($cadata['certificates'] as $cert_files) { |
| 699 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['public']) === FALSE) { |
|
| 700 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['public'] . " "; |
|
| 699 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['public']) === FALSE) { |
|
| 700 | + $defaultvalues .= "CERTIFICATE/".$cert_files['public']." "; |
|
| 701 | 701 | } |
| 702 | - if (file_get_contents(ROOT . "/config/cli-certs/" . $cert_files['private']) === FALSE) { |
|
| 703 | - $defaultvalues .= "CERTIFICATE/" . $cert_files['private'] . " "; |
|
| 702 | + if (file_get_contents(ROOT."/config/cli-certs/".$cert_files['private']) === FALSE) { |
|
| 703 | + $defaultvalues .= "CERTIFICATE/".$cert_files['private']." "; |
|
| 704 | 704 | } |
| 705 | 705 | } |
| 706 | 706 | } |
@@ -790,14 +790,14 @@ discard block |
||
| 790 | 790 | if ($global_no_cache) { |
| 791 | 791 | foreach ($Devs as $dev => $D) { |
| 792 | 792 | if (empty($D['options']['no_cache']) || $D['options']['no_cache'] != 0) { |
| 793 | - $no_cache_dev .= $dev . " "; |
|
| 793 | + $no_cache_dev .= $dev." "; |
|
| 794 | 794 | $no_cache_dev_count++; |
| 795 | 795 | } |
| 796 | 796 | } |
| 797 | 797 | } else { |
| 798 | 798 | foreach ($Devs as $dev => $D) { |
| 799 | 799 | if (!empty($D['options']['no_cache']) && $D['options']['no_cache'] != 0) { |
| 800 | - $no_cache_dev .= $dev . " "; |
|
| 800 | + $no_cache_dev .= $dev." "; |
|
| 801 | 801 | $no_cache_dev_count++; |
| 802 | 802 | } |
| 803 | 803 | } |
@@ -835,13 +835,13 @@ discard block |
||
| 835 | 835 | $mail->isHTML(FALSE); |
| 836 | 836 | $mail->CharSet = 'UTF-8'; |
| 837 | 837 | $mail->From = \config\Master::APPEARANCE['from-mail']; |
| 838 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 838 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 839 | 839 | $mail->addAddress(\config\Master::APPEARANCE['abuse-mail']); |
| 840 | 840 | $mail->Subject = "testing CAT configuration mail"; |
| 841 | 841 | $mail->Body = "Testing CAT mailing\n"; |
| 842 | 842 | $sent = $mail->send(); |
| 843 | 843 | if ($sent) { |
| 844 | - $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check " . \config\Master::APPEARANCE['abuse-mail'] . " mailbox if the message was receiced."); |
|
| 844 | + $this->storeTestResult(\core\common\Entity::L_OK, "mailer settings appear to be working, check ".\config\Master::APPEARANCE['abuse-mail']." mailbox if the message was receiced."); |
|
| 845 | 845 | } else { |
| 846 | 846 | $this->storeTestResult(\core\common\Entity::L_ERROR, "mailer settings failed, check the Config::MAILSETTINGS"); |
| 847 | 847 | } |
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | * @return void |
| 46 | 46 | */ |
| 47 | 47 | private function writeToFile($filename, $message) { |
| 48 | - file_put_contents(\config\Master::PATHS['logdir'] . "/$filename", sprintf("%-015s", microtime(TRUE)) . $message, FILE_APPEND); |
|
| 48 | + file_put_contents(\config\Master::PATHS['logdir']."/$filename", sprintf("%-015s", microtime(TRUE)).$message, FILE_APPEND); |
|
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | /** |
@@ -76,7 +76,7 @@ discard block |
||
| 76 | 76 | } else { |
| 77 | 77 | $output .= var_export($stuff, TRUE); |
| 78 | 78 | } |
| 79 | - $output = $prefix . $output . $suffix; |
|
| 79 | + $output = $prefix.$output.$suffix; |
|
| 80 | 80 | $this->writeToFile("debug.log", $output); |
| 81 | 81 | |
| 82 | 82 | return; |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | $logTextStep1 = preg_replace("/[\n\r]/", "", $query); |
| 123 | 123 | $logTextStep2 = preg_replace("/ +/", " ", $logTextStep1); |
| 124 | 124 | $logTextStep3 = iconv("UTF-8", "UTF-8//IGNORE", $logTextStep2); |
| 125 | - $this->writeToFile("audit-SQL.log", " " . $logTextStep3 . "\n"); |
|
| 125 | + $this->writeToFile("audit-SQL.log", " ".$logTextStep3."\n"); |
|
| 126 | 126 | } |
| 127 | 127 | |
| 128 | 128 | } |
@@ -70,9 +70,9 @@ discard block |
||
| 70 | 70 | $loggerInstance = new \core\common\Logging(); |
| 71 | 71 | $olddomain = textdomain(NULL); |
| 72 | 72 | $loggerInstance->debug(4, "set_locale($domain)\n"); |
| 73 | - $loggerInstance->debug(4, ROOT . "\n"); |
|
| 73 | + $loggerInstance->debug(4, ROOT."\n"); |
|
| 74 | 74 | textdomain($domain); |
| 75 | - bindtextdomain($domain, ROOT . "/translation/"); |
|
| 75 | + bindtextdomain($domain, ROOT."/translation/"); |
|
| 76 | 76 | return $olddomain; |
| 77 | 77 | } |
| 78 | 78 | |
@@ -94,7 +94,7 @@ discard block |
||
| 94 | 94 | $langConverted[] = $hardSetLang; |
| 95 | 95 | } |
| 96 | 96 | if (!empty($_REQUEST['lang'])) { |
| 97 | - $recoverLang = filter_input(INPUT_GET,'lang', FILTER_SANITIZE_STRING) ?? filter_input(INPUT_POST, 'lang', FILTER_SANITIZE_STRING); |
|
| 97 | + $recoverLang = filter_input(INPUT_GET, 'lang', FILTER_SANITIZE_STRING) ?? filter_input(INPUT_POST, 'lang', FILTER_SANITIZE_STRING); |
|
| 98 | 98 | $langConverted[] = $recoverLang; |
| 99 | 99 | } |
| 100 | 100 | \core\CAT::sessionStart(); |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | $langConverted[] = $_SESSION['language']; |
| 103 | 103 | } |
| 104 | 104 | if (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
| 105 | - $langs = explode(",", filter_input(INPUT_SERVER,"HTTP_ACCEPT_LANGUAGE", FILTER_SANITIZE_STRING)); |
|
| 105 | + $langs = explode(",", filter_input(INPUT_SERVER, "HTTP_ACCEPT_LANGUAGE", FILTER_SANITIZE_STRING)); |
|
| 106 | 106 | foreach ($langs as $lang) { |
| 107 | 107 | $result = []; |
| 108 | 108 | preg_match("/(.*);+.*/", $lang, $result); |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | |
| 123 | 123 | // check if this language is supported by the CAT config |
| 124 | 124 | foreach (\config\Master::LANGUAGES as $language => $value) { |
| 125 | - if (preg_match("/^" . $language . ".*/", $tryLang)) { |
|
| 125 | + if (preg_match("/^".$language.".*/", $tryLang)) { |
|
| 126 | 126 | $localeTmp = $value['locale']; |
| 127 | 127 | $langIndex = $language; // ??? |
| 128 | 128 | break; |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | } |
| 138 | 138 | } |
| 139 | 139 | } |
| 140 | - putenv("LC_ALL=" . $theLocale); |
|
| 140 | + putenv("LC_ALL=".$theLocale); |
|
| 141 | 141 | $_SESSION['language'] = $langIndex; |
| 142 | 142 | $loggerInstance = new \core\common\Logging(); |
| 143 | 143 | $loggerInstance->debug(4, "selected lang:$langIndex:$theLocale\n"); |
@@ -82,7 +82,7 @@ discard block |
||
| 82 | 82 | */ |
| 83 | 83 | protected function setSupportedEapMethods($eapArray) { |
| 84 | 84 | $this->supportedEapMethods = $eapArray; |
| 85 | - $this->loggerInstance->debug(4, "This device (" . __CLASS__ . ") supports the following EAP methods: "); |
|
| 85 | + $this->loggerInstance->debug(4, "This device (".__CLASS__.") supports the following EAP methods: "); |
|
| 86 | 86 | $this->loggerInstance->debug(4, $this->supportedEapMethods); |
| 87 | 87 | } |
| 88 | 88 | |
@@ -127,7 +127,7 @@ discard block |
||
| 127 | 127 | throw new Exception("No EAP type available."); |
| 128 | 128 | } |
| 129 | 129 | $this->attributes = $this->getProfileAttributes($profile); |
| 130 | - $this->deviceUUID = common\Entity::uuid('', 'CAT' . $profile->institution . "-" . $profile->identifier . "-" . $this->device_id); |
|
| 130 | + $this->deviceUUID = common\Entity::uuid('', 'CAT'.$profile->institution."-".$profile->identifier."-".$this->device_id); |
|
| 131 | 131 | |
| 132 | 132 | |
| 133 | 133 | // if we are instantiating a Silverbullet profile AND have been given |
@@ -151,8 +151,8 @@ discard block |
||
| 151 | 151 | // create temporary directory, its full path will be saved in $this->FPATH; |
| 152 | 152 | $tempDir = \core\common\Entity::createTemporaryDirectory($purpose); |
| 153 | 153 | $this->FPATH = $tempDir['dir']; |
| 154 | - mkdir($tempDir['dir'] . '/tmp'); |
|
| 155 | - chdir($tempDir['dir'] . '/tmp'); |
|
| 154 | + mkdir($tempDir['dir'].'/tmp'); |
|
| 155 | + chdir($tempDir['dir'].'/tmp'); |
|
| 156 | 156 | $caList = []; |
| 157 | 157 | $x509 = new \core\common\X509(); |
| 158 | 158 | if (isset($this->attributes['eap:ca_file'])) { |
@@ -172,7 +172,7 @@ discard block |
||
| 172 | 172 | } |
| 173 | 173 | if (isset($this->attributes['general:logo_file'])) { |
| 174 | 174 | $this->loggerInstance->debug(5, "saving IDP logo\n"); |
| 175 | - $this->attributes['internal:logo_file'] = $this->saveLogoFile($this->attributes['general:logo_file'],'idp'); |
|
| 175 | + $this->attributes['internal:logo_file'] = $this->saveLogoFile($this->attributes['general:logo_file'], 'idp'); |
|
| 176 | 176 | } |
| 177 | 177 | if (isset($this->attributes['fed:logo_file'])) { |
| 178 | 178 | $this->loggerInstance->debug(5, "saving FED logo\n"); |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | $this->support_url_substitute = sprintf(_("your local %s support page"), \config\ConfAssistant::CONSORTIUM['display_name']); |
| 189 | 189 | |
| 190 | 190 | if ($this->signer && $this->options['sign']) { |
| 191 | - $this->sign = ROOT . '/signer/' . $this->signer; |
|
| 191 | + $this->sign = ROOT.'/signer/'.$this->signer; |
|
| 192 | 192 | } |
| 193 | 193 | $this->installerBasename = $this->getInstallerBasename(); |
| 194 | 194 | common\Entity::outOfThePotatoes(); |
@@ -244,10 +244,10 @@ discard block |
||
| 244 | 244 | * @return string|boolean the filename as found, with path, or FALSE if it does not exist |
| 245 | 245 | */ |
| 246 | 246 | private function findSourceFile($file) { |
| 247 | - if (is_file($this->module_path . '/Files/' . $this->device_id . '/' . $file)) { |
|
| 248 | - return $this->module_path . '/Files/' . $this->device_id . '/' . $file; |
|
| 249 | - } elseif (is_file($this->module_path . '/Files/' . $file)) { |
|
| 250 | - return $this->module_path . '/Files/' . $file; |
|
| 247 | + if (is_file($this->module_path.'/Files/'.$this->device_id.'/'.$file)) { |
|
| 248 | + return $this->module_path.'/Files/'.$this->device_id.'/'.$file; |
|
| 249 | + } elseif (is_file($this->module_path.'/Files/'.$file)) { |
|
| 250 | + return $this->module_path.'/Files/'.$file; |
|
| 251 | 251 | } else { |
| 252 | 252 | $this->loggerInstance->debug(2, "requested file $file does not exist\n"); |
| 253 | 253 | return FALSE; |
@@ -320,7 +320,7 @@ discard block |
||
| 320 | 320 | |
| 321 | 321 | $this->loggerInstance->debug(5, "translateFile($source_name, $output_name, $encoding)\n"); |
| 322 | 322 | ob_start(); |
| 323 | - $this->loggerInstance->debug(5, $this->module_path . '/Files/' . $this->device_id . '/' . $source_name . "\n"); |
|
| 323 | + $this->loggerInstance->debug(5, $this->module_path.'/Files/'.$this->device_id.'/'.$source_name."\n"); |
|
| 324 | 324 | $source = $this->findSourceFile($source_name); |
| 325 | 325 | |
| 326 | 326 | if ($source !== FALSE) { // if there is no file found, don't attempt to include an uninitialised variable |
@@ -328,7 +328,7 @@ discard block |
||
| 328 | 328 | } |
| 329 | 329 | $output = ob_get_clean(); |
| 330 | 330 | if ($encoding !== 0) { |
| 331 | - $outputClean = iconv('UTF-8', $encoding . '//TRANSLIT', $output); |
|
| 331 | + $outputClean = iconv('UTF-8', $encoding.'//TRANSLIT', $output); |
|
| 332 | 332 | if ($outputClean) { |
| 333 | 333 | $output = $outputClean; |
| 334 | 334 | } |
@@ -368,7 +368,7 @@ discard block |
||
| 368 | 368 | return $sourceString; |
| 369 | 369 | } |
| 370 | 370 | if (\config\ConfAssistant::NSIS_VERSION < 3) { |
| 371 | - $output_c = iconv('UTF-8', $encoding . '//TRANSLIT', $sourceString); |
|
| 371 | + $output_c = iconv('UTF-8', $encoding.'//TRANSLIT', $sourceString); |
|
| 372 | 372 | } else { |
| 373 | 373 | $output_c = $sourceString; |
| 374 | 374 | } |
@@ -462,17 +462,17 @@ discard block |
||
| 462 | 462 | */ |
| 463 | 463 | private function getInstallerBasename() { |
| 464 | 464 | |
| 465 | - $baseName = $this->customTranslit(\config\ConfAssistant::CONSORTIUM['name']) . "-" . $this->getDeviceId(); |
|
| 465 | + $baseName = $this->customTranslit(\config\ConfAssistant::CONSORTIUM['name'])."-".$this->getDeviceId(); |
|
| 466 | 466 | if (isset($this->attributes['profile:customsuffix'][1])) { |
| 467 | 467 | // this string will end up as a filename on a filesystem, so always |
| 468 | 468 | // take a latin-based language variant if available |
| 469 | 469 | // and then scrub non-ASCII just in case |
| 470 | - return $baseName . $this->customTranslit($this->attributes['profile:customsuffix'][1]); |
|
| 470 | + return $baseName.$this->customTranslit($this->attributes['profile:customsuffix'][1]); |
|
| 471 | 471 | } |
| 472 | 472 | // Okay, no custom suffix. |
| 473 | 473 | // Use the configured inst name and apply shortening heuristics |
| 474 | 474 | $lang_pointer = \config\Master::LANGUAGES[$this->languageInstance->getLang()]['latin_based'] == TRUE ? 0 : 1; |
| 475 | - $this->loggerInstance->debug(5, "getInstallerBasename1:" . $this->attributes['general:instname'][$lang_pointer] . "\n"); |
|
| 475 | + $this->loggerInstance->debug(5, "getInstallerBasename1:".$this->attributes['general:instname'][$lang_pointer]."\n"); |
|
| 476 | 476 | $inst = $this->customTranslit($this->attributes['general:instname'][$lang_pointer]); |
| 477 | 477 | $this->loggerInstance->debug(4, "getInstallerBasename2:$inst\n"); |
| 478 | 478 | $Inst_a = explode('_', $inst); |
@@ -487,10 +487,10 @@ discard block |
||
| 487 | 487 | if (!empty($this->attributes['profile:name']) && !empty($this->attributes['profile:name'][$lang_pointer])) { |
| 488 | 488 | $profTemp = $this->customTranslit($this->attributes['profile:name'][$lang_pointer]); |
| 489 | 489 | $prof = preg_replace('/_+$/', '', $profTemp); |
| 490 | - return $baseName . $inst . '-' . $prof; |
|
| 490 | + return $baseName.$inst.'-'.$prof; |
|
| 491 | 491 | } |
| 492 | 492 | } |
| 493 | - return $baseName . $inst; |
|
| 493 | + return $baseName.$inst; |
|
| 494 | 494 | } |
| 495 | 495 | |
| 496 | 496 | /** |
@@ -558,13 +558,13 @@ discard block |
||
| 558 | 558 | * @return array |
| 559 | 559 | */ |
| 560 | 560 | private function getConsortia() { |
| 561 | - if(!isset(\config\ConfAssistant::CONSORTIUM['interworking-consortium-oi'])) { |
|
| 561 | + if (!isset(\config\ConfAssistant::CONSORTIUM['interworking-consortium-oi'])) { |
|
| 562 | 562 | return ([]); |
| 563 | 563 | } |
| 564 | 564 | $consortia = \config\ConfAssistant::CONSORTIUM['interworking-consortium-oi']; |
| 565 | 565 | if (isset($this->attributes['media:consortium_OI'])) { |
| 566 | 566 | foreach ($this->attributes['media:consortium_OI'] as $new_oi) { |
| 567 | - if(!in_array($new_oi, $consortia)) { |
|
| 567 | + if (!in_array($new_oi, $consortia)) { |
|
| 568 | 568 | $consortia[] = $new_oi; |
| 569 | 569 | } |
| 570 | 570 | } |
@@ -590,7 +590,7 @@ discard block |
||
| 590 | 590 | * @return array list of filenames and the mime types |
| 591 | 591 | * @throws Exception |
| 592 | 592 | */ |
| 593 | - private function saveLogoFile($logos,$type) { |
|
| 593 | + private function saveLogoFile($logos, $type) { |
|
| 594 | 594 | $iterator = 0; |
| 595 | 595 | $returnarray = []; |
| 596 | 596 | foreach ($logos as $blob) { |
@@ -603,7 +603,7 @@ discard block |
||
| 603 | 603 | $ext = 'unsupported'; |
| 604 | 604 | } |
| 605 | 605 | $this->loggerInstance->debug(5, "saveLogoFile: $mime : $ext\n"); |
| 606 | - $fileName = 'logo-' . $type . $iterator . '.' . $ext; |
|
| 606 | + $fileName = 'logo-'.$type.$iterator.'.'.$ext; |
|
| 607 | 607 | $fileHandle = fopen($fileName, "w"); |
| 608 | 608 | if (!$fileHandle) { |
| 609 | 609 | $this->loggerInstance->debug(2, "saveLogoFile failed for: $fileName\n"); |
@@ -629,13 +629,13 @@ discard block |
||
| 629 | 629 | $mime = $finfo->buffer($blob); |
| 630 | 630 | $ext = isset($this->mime_extensions[$mime]) ? $this->mime_extensions[$mime] : 'usupported'; |
| 631 | 631 | $this->loggerInstance->debug(5, "saveInfoFile: $mime : $ext\n"); |
| 632 | - $fileHandle = fopen('local-info.' . $ext, "w"); |
|
| 632 | + $fileHandle = fopen('local-info.'.$ext, "w"); |
|
| 633 | 633 | if ($fileHandle === FALSE) { |
| 634 | 634 | throw new Exception("problem opening the file"); |
| 635 | 635 | } |
| 636 | 636 | fwrite($fileHandle, $blob); |
| 637 | 637 | fclose($fileHandle); |
| 638 | - return(['name' => 'local-info.' . $ext, 'mime' => $ext]); |
|
| 638 | + return(['name' => 'local-info.'.$ext, 'mime' => $ext]); |
|
| 639 | 639 | } |
| 640 | 640 | |
| 641 | 641 | /** |
@@ -686,9 +686,9 @@ discard block |
||
| 686 | 686 | protected function determineOuterIdString() { |
| 687 | 687 | $outerId = NULL; |
| 688 | 688 | if (isset($this->attributes['internal:use_anon_outer']) && $this->attributes['internal:use_anon_outer'][0] == "1" && isset($this->attributes['internal:realm'])) { |
| 689 | - $outerId = "@" . $this->attributes['internal:realm'][0]; |
|
| 689 | + $outerId = "@".$this->attributes['internal:realm'][0]; |
|
| 690 | 690 | if (isset($this->attributes['internal:anon_local_value'])) { |
| 691 | - $outerId = $this->attributes['internal:anon_local_value'][0] . $outerId; |
|
| 691 | + $outerId = $this->attributes['internal:anon_local_value'][0].$outerId; |
|
| 692 | 692 | } |
| 693 | 693 | } |
| 694 | 694 | return $outerId; |
@@ -15,10 +15,10 @@ discard block |
||
| 15 | 15 | |
| 16 | 16 | class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface { |
| 17 | 17 | |
| 18 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 19 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 21 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 18 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem"; |
|
| 19 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key"; |
|
| 21 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf"; |
|
| 22 | 22 | |
| 23 | 23 | /** |
| 24 | 24 | * string with the PEM variant of the root CA |
@@ -64,11 +64,11 @@ discard block |
||
| 64 | 64 | parent::__construct(); |
| 65 | 65 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
| 66 | 66 | if ($this->rootPem === FALSE) { |
| 67 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 67 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA); |
|
| 68 | 68 | } |
| 69 | 69 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
| 70 | 70 | if ($this->issuingCertRaw === FALSE) { |
| 71 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 71 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA); |
|
| 72 | 72 | } |
| 73 | 73 | $rootParsed = openssl_x509_read($this->rootPem); |
| 74 | 74 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -76,15 +76,15 @@ discard block |
||
| 76 | 76 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 77 | 77 | } |
| 78 | 78 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 79 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 79 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 80 | 80 | } |
| 81 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 81 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | if ($issuingKeyTemp === FALSE) { |
| 83 | 83 | throw new Exception("The private key did not parse correctly!"); |
| 84 | 84 | } |
| 85 | 85 | $this->issuingKey = $issuingKeyTemp; |
| 86 | 86 | if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) { |
| 87 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 87 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG); |
|
| 88 | 88 | } |
| 89 | 89 | $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG; |
| 90 | 90 | } |
@@ -126,27 +126,27 @@ discard block |
||
| 126 | 126 | // generate stub index.txt file |
| 127 | 127 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 128 | 128 | $tempdir = $tempdirArray['dir']; |
| 129 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 130 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 129 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 130 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 131 | 131 | // serials for our CA are always integers |
| 132 | - $serialHex = strtoupper(dechex((int)$cert->serial)); |
|
| 132 | + $serialHex = strtoupper(dechex((int) $cert->serial)); |
|
| 133 | 133 | if (strlen($serialHex) % 2 == 1) { |
| 134 | - $serialHex = "0" . $serialHex; |
|
| 134 | + $serialHex = "0".$serialHex; |
|
| 135 | 135 | } |
| 136 | 136 | |
| 137 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 137 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 138 | 138 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 139 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 139 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 140 | 140 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 141 | 141 | } |
| 142 | 142 | // index.txt.attr is dull but needs to exist |
| 143 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 143 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 144 | 144 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 145 | 145 | // adding "-rmd sha1" to the following command-line makes the |
| 146 | 146 | // choice of signature algorithm for the response explicit |
| 147 | 147 | // but it's only available from openssl-1.1.0 (which we do not |
| 148 | 148 | // want to require just for that one thing). |
| 149 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 149 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 150 | 150 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 151 | 151 | $output = []; |
| 152 | 152 | $return = 999; |
@@ -154,11 +154,11 @@ discard block |
||
| 154 | 154 | if ($return !== 0) { |
| 155 | 155 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 156 | 156 | } |
| 157 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 157 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 158 | 158 | // remove the temp dir! |
| 159 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 160 | - unlink($tempdir . "/index.txt.attr"); |
|
| 161 | - unlink($tempdir . "/index.txt"); |
|
| 159 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 160 | + unlink($tempdir."/index.txt.attr"); |
|
| 161 | + unlink($tempdir."/index.txt"); |
|
| 162 | 162 | rmdir($tempdir); |
| 163 | 163 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 164 | 164 | return $ocsp; |
@@ -15,10 +15,10 @@ discard block |
||
| 15 | 15 | |
| 16 | 16 | class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface { |
| 17 | 17 | |
| 18 | - private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 19 | - private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 20 | - private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 21 | - private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 18 | + private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem"; |
|
| 19 | + private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem"; |
|
| 20 | + private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key"; |
|
| 21 | + private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf"; |
|
| 22 | 22 | |
| 23 | 23 | /** |
| 24 | 24 | * string with the PEM variant of the root CA |
@@ -64,11 +64,11 @@ discard block |
||
| 64 | 64 | parent::__construct(); |
| 65 | 65 | $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
| 66 | 66 | if ($this->rootPem === FALSE) { |
| 67 | - throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 67 | + throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA); |
|
| 68 | 68 | } |
| 69 | 69 | $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
| 70 | 70 | if ($this->issuingCertRaw === FALSE) { |
| 71 | - throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 71 | + throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA); |
|
| 72 | 72 | } |
| 73 | 73 | $rootParsed = openssl_x509_read($this->rootPem); |
| 74 | 74 | $this->issuingCert = openssl_x509_read($this->issuingCertRaw); |
@@ -76,15 +76,15 @@ discard block |
||
| 76 | 76 | throw new Exception("At least one CA PEM file did not parse correctly!"); |
| 77 | 77 | } |
| 78 | 78 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) { |
| 79 | - throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 79 | + throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 80 | 80 | } |
| 81 | - $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 81 | + $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY); |
|
| 82 | 82 | if ($issuingKeyTemp === FALSE) { |
| 83 | 83 | throw new Exception("The private key did not parse correctly!"); |
| 84 | 84 | } |
| 85 | 85 | $this->issuingKey = $issuingKeyTemp; |
| 86 | 86 | if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) { |
| 87 | - throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 87 | + throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG); |
|
| 88 | 88 | } |
| 89 | 89 | $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG; |
| 90 | 90 | } |
@@ -126,27 +126,27 @@ discard block |
||
| 126 | 126 | // generate stub index.txt file |
| 127 | 127 | $tempdirArray = \core\common\Entity::createTemporaryDirectory("test"); |
| 128 | 128 | $tempdir = $tempdirArray['dir']; |
| 129 | - $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z"; |
|
| 130 | - $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z"; |
|
| 129 | + $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z"; |
|
| 130 | + $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z"; |
|
| 131 | 131 | // serials for our CA are always integers |
| 132 | - $serialHex = strtoupper(dechex((int)$cert->serial)); |
|
| 132 | + $serialHex = strtoupper(dechex((int) $cert->serial)); |
|
| 133 | 133 | if (strlen($serialHex) % 2 == 1) { |
| 134 | - $serialHex = "0" . $serialHex; |
|
| 134 | + $serialHex = "0".$serialHex; |
|
| 135 | 135 | } |
| 136 | 136 | |
| 137 | - $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n"; |
|
| 137 | + $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n"; |
|
| 138 | 138 | $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement"); |
| 139 | - if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) { |
|
| 139 | + if (!file_put_contents($tempdir."/index.txt", $indexStatement)) { |
|
| 140 | 140 | $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!"); |
| 141 | 141 | } |
| 142 | 142 | // index.txt.attr is dull but needs to exist |
| 143 | - file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n"); |
|
| 143 | + file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n"); |
|
| 144 | 144 | // call "openssl ocsp" to manufacture our own OCSP statement |
| 145 | 145 | // adding "-rmd sha1" to the following command-line makes the |
| 146 | 146 | // choice of signature algorithm for the response explicit |
| 147 | 147 | // but it's only available from openssl-1.1.0 (which we do not |
| 148 | 148 | // want to require just for that one thing). |
| 149 | - $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 149 | + $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der"; |
|
| 150 | 150 | $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n"); |
| 151 | 151 | $output = []; |
| 152 | 152 | $return = 999; |
@@ -154,11 +154,11 @@ discard block |
||
| 154 | 154 | if ($return !== 0) { |
| 155 | 155 | throw new Exception("Non-zero return value from openssl ocsp!"); |
| 156 | 156 | } |
| 157 | - $ocsp = file_get_contents($tempdir . "/$serialHex.response.der"); |
|
| 157 | + $ocsp = file_get_contents($tempdir."/$serialHex.response.der"); |
|
| 158 | 158 | // remove the temp dir! |
| 159 | - unlink($tempdir . "/$serialHex.response.der"); |
|
| 160 | - unlink($tempdir . "/index.txt.attr"); |
|
| 161 | - unlink($tempdir . "/index.txt"); |
|
| 159 | + unlink($tempdir."/$serialHex.response.der"); |
|
| 160 | + unlink($tempdir."/index.txt.attr"); |
|
| 161 | + unlink($tempdir."/index.txt"); |
|
| 162 | 162 | rmdir($tempdir); |
| 163 | 163 | $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial); |
| 164 | 164 | return $ocsp; |
@@ -50,19 +50,19 @@ discard block |
||
| 50 | 50 | |
| 51 | 51 | array_push($FAQ, [ |
| 52 | 52 | 'title' => sprintf(_("Is it safe to use %s installers?"), \config\Master::APPEARANCE['productname']), |
| 53 | - 'text' => sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."), \config\Master::APPEARANCE['productname']) . ' ' . ( isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."), \config\Master::APPEARANCE['productname'], \config\ConfAssistant::CONSORTIUM['signer_name']) : ""), |
|
| 53 | + 'text' => sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."), \config\Master::APPEARANCE['productname']).' '.(isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."), \config\Master::APPEARANCE['productname'], \config\ConfAssistant::CONSORTIUM['signer_name']) : ""), |
|
| 54 | 54 | ]); |
| 55 | 55 | |
| 56 | 56 | array_push($FAQ, [ |
| 57 | 57 | 'title' => _("Windows 'SmartScreen' or 'Internet Explorer' tell me that the file is not commonly downloaded and possibly harmful. Should I be concerned?"), |
| 58 | - 'text' => _("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.") . " " . (isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."), \config\ConfAssistant::CONSORTIUM['signer_name']) . " " : "") . sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."), "<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>") |
|
| 58 | + 'text' => _("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.")." ".(isset(\config\ConfAssistant::CONSORTIUM['signer_name']) && \config\ConfAssistant::CONSORTIUM['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."), \config\ConfAssistant::CONSORTIUM['signer_name'])." " : "").sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."), "<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>") |
|
| 59 | 59 | ]); |
| 60 | 60 | |
| 61 | 61 | if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == NULL) { |
| 62 | 62 | $text = sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."), \config\ConfAssistant::CONSORTIUM['display_name']); |
| 63 | 63 | } else { |
| 64 | 64 | if (\config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS'] == 'LOCAL') { |
| 65 | - $diagUrl = \config\Master::PATHS['cat_base_url'] . "diag/"; |
|
| 65 | + $diagUrl = \config\Master::PATHS['cat_base_url']."diag/"; |
|
| 66 | 66 | } else { |
| 67 | 67 | $diagUrl = \config\Master::FUNCTIONALITY_LOCATIONS['DIAGNOSTICS']; |
| 68 | 68 | } |
@@ -99,8 +99,8 @@ discard block |
||
| 99 | 99 | $tocText = ""; |
| 100 | 100 | $fullText = ""; |
| 101 | 101 | foreach ($FAQ as $faq) { |
| 102 | - $tocText .= '<a href="#toc' . $counter . '">' . $faq['title'] . "</a><br>\n"; |
|
| 103 | - $fullText .= "<dt><a name=toc$counter>" . $faq['title'] . "</a></dt>\n<dd>" . $faq['text'] . "</dd>\n"; |
|
| 102 | + $tocText .= '<a href="#toc'.$counter.'">'.$faq['title']."</a><br>\n"; |
|
| 103 | + $fullText .= "<dt><a name=toc$counter>".$faq['title']."</a></dt>\n<dd>".$faq['text']."</dd>\n"; |
|
| 104 | 104 | $counter++; |
| 105 | 105 | } |
| 106 | 106 | ?> |
