GEANT /
CAT
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | <div id="tabs-2"> |
| 151 | 151 | <!--<button id="run_s_tests" onclick="run_udp()"><?php echo _("Repeat static connectivity tests") ?></button>--> |
| 152 | 152 | <p> |
| 153 | - <?php print $realmTests->printStatic();?> |
|
| 153 | + <?php print $realmTests->printStatic(); ?> |
|
| 154 | 154 | |
| 155 | 155 | <!-- tabs-2 end --> |
| 156 | 156 | </div> |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | ?> |
| 161 | 161 | <div id="tabs-3"> |
| 162 | 162 | <!--<button id="run_d_tests" onclick="run_dynamic()"><?php echo _("Repeat dynamic connectivity tests") ?></button>--> |
| 163 | - <?php print $realmTests->printDynamic();?> |
|
| 163 | + <?php print $realmTests->printDynamic(); ?> |
|
| 164 | 164 | <!-- tabs-3 end --> |
| 165 | 165 | </div> |
| 166 | 166 | <?php |
@@ -39,7 +39,7 @@ discard block |
||
| 39 | 39 | * @param int $timeout the timeout to download |
| 40 | 40 | * @return string|boolean the data we got back, or FALSE on failure |
| 41 | 41 | */ |
| 42 | - public static function downloadFile($url, $timeout=0) |
|
| 42 | + public static function downloadFile($url, $timeout = 0) |
|
| 43 | 43 | { |
| 44 | 44 | $loggerInstance = new \core\common\Logging(); |
| 45 | 45 | if (!preg_match("/:\/\//", $url)) { |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no MX."); |
| 130 | 130 | return OutsideComm::MAILDOMAIN_NO_MX; |
| 131 | 131 | } |
| 132 | - $loggerInstance->debug(5, "Domain: $domain MX: " . /** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 132 | + $loggerInstance->debug(5, "Domain: $domain MX: "./** @scrutinizer ignore-type */ print_r($mx, TRUE)); |
|
| 133 | 133 | // create a pool of A and AAAA records for all the MXes |
| 134 | 134 | $ipAddrs = []; |
| 135 | 135 | foreach ($mx as $onemx) { |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | $ipAddrs[] = $oneipv4['ip']; |
| 140 | 140 | } |
| 141 | 141 | foreach ($v6list as $oneipv6) { |
| 142 | - $ipAddrs[] = "[" . $oneipv6['ipv6'] . "]"; |
|
| 142 | + $ipAddrs[] = "[".$oneipv6['ipv6']."]"; |
|
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | if (count($ipAddrs) == 0) { |
| 146 | 146 | $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no mailserver hosts."); |
| 147 | 147 | return OutsideComm::MAILDOMAIN_NO_HOST; |
| 148 | 148 | } |
| 149 | - $loggerInstance->debug(5, "Domain: $domain Addrs: " . /** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 149 | + $loggerInstance->debug(5, "Domain: $domain Addrs: "./** @scrutinizer ignore-type */ print_r($ipAddrs, TRUE)); |
|
| 150 | 150 | // connect to all hosts. If all can't connect, return MAILDOMAIN_NO_CONNECT. |
| 151 | 151 | // If at least one does not support STARTTLS or one of the hosts doesn't connect |
| 152 | 152 | // , return MAILDOMAIN_NO_STARTTLS (one which we can't connect to we also |
@@ -199,7 +199,7 @@ discard block |
||
| 199 | 199 | switch (\config\ConfAssistant::SMSSETTINGS['provider']) { |
| 200 | 200 | case 'Nexmo': |
| 201 | 201 | // taken from https://docs.nexmo.com/messaging/sms-api |
| 202 | - $url = 'https://rest.nexmo.com/sms/json?' . http_build_query( |
|
| 202 | + $url = 'https://rest.nexmo.com/sms/json?'.http_build_query( |
|
| 203 | 203 | [ |
| 204 | 204 | 'api_key' => \config\ConfAssistant::SMSSETTINGS['username'], |
| 205 | 205 | 'api_secret' => \config\ConfAssistant::SMSSETTINGS['password'], |
@@ -230,14 +230,14 @@ discard block |
||
| 230 | 230 | $loggerInstance->debug(2, 'Problem with SMS invitation: no message was sent!'); |
| 231 | 231 | return OutsideComm::SMS_NOTSENT; |
| 232 | 232 | } |
| 233 | - $loggerInstance->debug(2, 'Total of ' . $messageCount . ' messages were attempted to send.'); |
|
| 233 | + $loggerInstance->debug(2, 'Total of '.$messageCount.' messages were attempted to send.'); |
|
| 234 | 234 | |
| 235 | 235 | $totalFailures = 0; |
| 236 | 236 | foreach ($decoded_response['messages'] as $message) { |
| 237 | 237 | if ($message['status'] == 0) { |
| 238 | - $loggerInstance->debug(2, $message['message-id'] . ": Success"); |
|
| 238 | + $loggerInstance->debug(2, $message['message-id'].": Success"); |
|
| 239 | 239 | } else { |
| 240 | - $loggerInstance->debug(2, $message['message-id'] . ": Failed (failure code = " . $message['status'] . ")"); |
|
| 240 | + $loggerInstance->debug(2, $message['message-id'].": Failed (failure code = ".$message['status'].")"); |
|
| 241 | 241 | $totalFailures++; |
| 242 | 242 | } |
| 243 | 243 | } |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | $proto = "https://"; |
| 307 | 307 | } |
| 308 | 308 | // then, send out the mail |
| 309 | - $message = _("Hello,") . "\n\n" . wordwrap($introTexts[$introtext] . " " . $validity, 72) . "\n\n"; |
|
| 309 | + $message = _("Hello,")."\n\n".wordwrap($introTexts[$introtext]." ".$validity, 72)."\n\n"; |
|
| 310 | 310 | // default means we don't have a Reply-To. |
| 311 | 311 | $replyToMessage = wordwrap(_("manually. Please do not reply to this mail; this is a send-only address.")); |
| 312 | 312 | |
@@ -314,8 +314,8 @@ discard block |
||
| 314 | 314 | // see if we are supposed to add a custom message |
| 315 | 315 | $customtext = $federation->getAttributes('fed:custominvite'); |
| 316 | 316 | if (count($customtext) > 0) { |
| 317 | - $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72) . "\n---------------------------------" . |
|
| 318 | - wordwrap($customtext[0]['value'], 72) . "\n---------------------------------\n\n"; |
|
| 317 | + $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72)."\n---------------------------------". |
|
| 318 | + wordwrap($customtext[0]['value'], 72)."\n---------------------------------\n\n"; |
|
| 319 | 319 | } |
| 320 | 320 | // and add Reply-To already now |
| 321 | 321 | foreach ($federation->listFederationAdmins() as $fedadmin_id) { |
@@ -331,19 +331,19 @@ discard block |
||
| 331 | 331 | } |
| 332 | 332 | $productname = \config\Master::APPEARANCE['productname']; |
| 333 | 333 | $consortium = \config\ConfAssistant::CONSORTIUM['display_name']; |
| 334 | - $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72) . "\n\n" . |
|
| 335 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/action_enrollment.php?token=$newtoken\n\n" . |
|
| 336 | - wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72) . "\n\n" . |
|
| 337 | - $proto . $_SERVER['SERVER_NAME'] . \config\Master::PATHS['cat_base_url'] . "admin/\n\n" . |
|
| 338 | - _("and enter the invitation token") . "\n\n" . |
|
| 339 | - $newtoken . "\n\n$replyToMessage\n\n" . |
|
| 340 | - wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72) . "\n\n" . |
|
| 341 | - wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72) . "\n\n" . |
|
| 334 | + $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72)."\n\n". |
|
| 335 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/action_enrollment.php?token=$newtoken\n\n". |
|
| 336 | + wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), $productname), 72)."\n\n". |
|
| 337 | + $proto.$_SERVER['SERVER_NAME'].\config\Master::PATHS['cat_base_url']."admin/\n\n". |
|
| 338 | + _("and enter the invitation token")."\n\n". |
|
| 339 | + $newtoken."\n\n$replyToMessage\n\n". |
|
| 340 | + wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72)."\n\n". |
|
| 341 | + wordwrap(sprintf(_("We wish you a lot of fun with the %s."), $productname), 72)."\n\n". |
|
| 342 | 342 | sprintf(_("Sincerely,\n\nYour friendly folks from %s Operations"), $consortium); |
| 343 | 343 | |
| 344 | 344 | |
| 345 | 345 | // who to whom? |
| 346 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Invitation System"; |
|
| 346 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Invitation System"; |
|
| 347 | 347 | |
| 348 | 348 | if (isset(\config\Master::APPEARANCE['invitation-bcc-mail']) && \config\Master::APPEARANCE['invitation-bcc-mail'] !== NULL) { |
| 349 | 349 | $mail->addBCC(\config\Master::APPEARANCE['invitation-bcc-mail']); |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | <table><tr> |
| 297 | 297 | <td class='icon_td'>"; |
| 298 | 298 | $out[] = "<img src='".$this->stateIcons[$this->globalLevelStatic]."' id='main_static_ico' class='icon'></td><td id='main_static_result'>". |
| 299 | - $this->globalInfo[$this->globalLevelStatic].' '. _("See the appropriate tab for details.").'</td> |
|
| 299 | + $this->globalInfo[$this->globalLevelStatic].' '._("See the appropriate tab for details.").'</td> |
|
| 300 | 300 | </tr></table>'; |
| 301 | 301 | if ($this->naptr > 0) { |
| 302 | 302 | $out[] = "<hr><strong>"._("Dynamic connectivity tests")."</strong> |
@@ -328,7 +328,7 @@ discard block |
||
| 328 | 328 | <td class='icon_td'><img src='".$this->stateIcons[$result->level]."' id='src".$hostindex."_img'></td> |
| 329 | 329 | <td id='src$hostindex' colspan=2> |
| 330 | 330 | "; |
| 331 | - $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf (_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 331 | + $out[] = '<strong>'.($result->server ? $result->server : _("Connected to undetermined server")).'</strong><br/>'.sprintf(_("elapsed time: %sms."), $result->time_millisec).'<div>'.$result->message.'</div>'; |
|
| 332 | 332 | |
| 333 | 333 | if ($result->level > \core\common\Entity::L_OK && property_exists($result, 'cert_oddities')) { |
| 334 | 334 | foreach ($result->cert_oddities as $oddities) { |
@@ -345,9 +345,9 @@ discard block |
||
| 345 | 345 | } |
| 346 | 346 | } |
| 347 | 347 | if ($result->server_cert->extensions) { |
| 348 | - $certdesc .= '<li>' . _('Extensions') . '<ul>'; |
|
| 348 | + $certdesc .= '<li>'._('Extensions').'<ul>'; |
|
| 349 | 349 | foreach ($result->server_cert->extensions as $ekey => $eval) { |
| 350 | - $certdesc .= '<li>' . $ekey . ': ' . $eval; |
|
| 350 | + $certdesc .= '<li>'.$ekey.': '.$eval; |
|
| 351 | 351 | } |
| 352 | 352 | $certdesc .= '</ul>'; |
| 353 | 353 | } |
@@ -355,7 +355,7 @@ discard block |
||
| 355 | 355 | $more .= '<span class="morecontent"><span>'.$certdesc. |
| 356 | 356 | '</span><a href="" class="morelink">'._("show server certificate details").'»</a></span></div>'; |
| 357 | 357 | } |
| 358 | - if ($more != '' ) { |
|
| 358 | + if ($more != '') { |
|
| 359 | 359 | $out[] = '<tr><td> </td><td colspan="2">'.$more.'</td></tr>'; |
| 360 | 360 | } |
| 361 | 361 | $out[] = "</table></ul>"; |
@@ -379,10 +379,10 @@ discard block |
||
| 379 | 379 | if (isset($this->protocolsMap[$capath->IP]) && $this->protocolsMap[$capath->IP] != '') { |
| 380 | 380 | $prots = explode(';', $this->protocolsMap[$capath->IP]); |
| 381 | 381 | if (!empty($prots)) { |
| 382 | - $capathtest[] = ' ' . _("supported TLS protocols: "); |
|
| 382 | + $capathtest[] = ' '._("supported TLS protocols: "); |
|
| 383 | 383 | $capathtest[] = implode(', ', $prots); |
| 384 | 384 | if (!in_array("TLS1.3", $prots)) { |
| 385 | - $capathtest[] = ' ' . '<font color="red">' . _("not supported: ") . 'TLS1.3</font>'; |
|
| 385 | + $capathtest[] = ' '.'<font color="red">'._("not supported: ").'TLS1.3</font>'; |
|
| 386 | 386 | } |
| 387 | 387 | } |
| 388 | 388 | } |
@@ -405,7 +405,7 @@ discard block |
||
| 405 | 405 | if ($capath->certdata->validTo) { |
| 406 | 406 | $certdesc .= '<li>'.$this->certFields['validTo'].' '. |
| 407 | 407 | date_create_from_format('ymdGis', |
| 408 | - substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s'). ' UTC'; |
|
| 408 | + substr($capath->certdata->validTo, 0, -1))->format('Y-m-d H:i:s').' UTC'; |
|
| 409 | 409 | } |
| 410 | 410 | if ($capath->certdata->extensions) { |
| 411 | 411 | if ($capath->certdata->extensions->subjectaltname) { |
@@ -428,7 +428,7 @@ discard block |
||
| 428 | 428 | } else { |
| 429 | 429 | $certdesc = '<br>'; |
| 430 | 430 | } |
| 431 | - $capathtest[] = '<div>'.($capath->message!='' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 431 | + $capathtest[] = '<div>'.($capath->message != '' ? $capath->message : _('Test failed')).'</div>'.$more; |
|
| 432 | 432 | $capathtest[] = '</td> |
| 433 | 433 | </tr> |
| 434 | 434 | </table>'; |
@@ -455,7 +455,7 @@ discard block |
||
| 455 | 455 | $srefused = 0; |
| 456 | 456 | $cliinfo = ''; |
| 457 | 457 | $cliinfo .= '<li>'._('Client certificate').' <b>'.$ca->clientcertinfo->from. |
| 458 | - '</b>'.', '.$ca->clientcertinfo->message . |
|
| 458 | + '</b>'.', '.$ca->clientcertinfo->message. |
|
| 459 | 459 | '<br> (CA: '.$ca->clientcertinfo->issuer.')<ul>'; |
| 460 | 460 | foreach ($ca->certificate as $certificate) { |
| 461 | 461 | if ($certificate->returncode == \core\diag\RADIUSTests::RETVAL_CONNECTION_REFUSED) { |
@@ -521,7 +521,7 @@ discard block |
||
| 521 | 521 | } else { |
| 522 | 522 | $cliinfo = _('Test failed'); |
| 523 | 523 | $clientstest[] = "<table><tr><td class='icon_td' id='srcclient".$hostindex."_img'><img src='". |
| 524 | - $this->stateIcons[\core\common\Entity::L_WARN]."'></td>" . |
|
| 524 | + $this->stateIcons[\core\common\Entity::L_WARN]."'></td>". |
|
| 525 | 525 | "<td id='srcclient$hostindex'>$cliinfo</td></tr></table>"; |
| 526 | 526 | } |
| 527 | 527 | } else { |
@@ -206,7 +206,7 @@ |
||
| 206 | 206 | $json_data = json_encode($returnArray); |
| 207 | 207 | |
| 208 | 208 | if ($token) { |
| 209 | - $loggerInstance->debug(4, 'JSON data written to ' .$jsonDir.'/'.$token); |
|
| 209 | + $loggerInstance->debug(4, 'JSON data written to '.$jsonDir.'/'.$token); |
|
| 210 | 210 | file_put_contents($jsonDir.'/'.$token.'/realm', $json_data); |
| 211 | 211 | } |
| 212 | 212 | header("Content-type: application/json; utf-8"); |
@@ -168,27 +168,27 @@ discard block |
||
| 168 | 168 | { |
| 169 | 169 | // it could match CN or sAN:DNS, we don't care which |
| 170 | 170 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['subject'])) { |
| 171 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . |
|
| 172 | - " against Subject: " . $this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 171 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName. |
|
| 172 | + " against Subject: ".$this->TLS_CA_checks_result[$host]['certdata']['subject']); |
|
| 173 | 173 | // we are checking against accidental misconfig, not attacks, so loosely checking against end of string is appropriate |
| 174 | - if (preg_match("/CN=" . $this->expectedName . "/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 174 | + if (preg_match("/CN=".$this->expectedName."/", $this->TLS_CA_checks_result[$host]['certdata']['subject']) === 1) { |
|
| 175 | 175 | return TRUE; |
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | if (isset($this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname'])) { |
| 179 | - $this->loggerInstance->debug(4, "Checking expected server name " . $this->expectedName . " against sANs: "); |
|
| 179 | + $this->loggerInstance->debug(4, "Checking expected server name ".$this->expectedName." against sANs: "); |
|
| 180 | 180 | $this->loggerInstance->debug(4, $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']); |
| 181 | 181 | $testNames = $this->TLS_CA_checks_result[$host]['certdata']['extensions']['subjectaltname']; |
| 182 | 182 | if (!is_array($testNames)) { |
| 183 | 183 | $testNames = [$testNames]; |
| 184 | 184 | } |
| 185 | 185 | foreach ($testNames as $oneName) { |
| 186 | - if (preg_match("/" . $this->expectedName . "/", $oneName) === 1) { |
|
| 186 | + if (preg_match("/".$this->expectedName."/", $oneName) === 1) { |
|
| 187 | 187 | return TRUE; |
| 188 | 188 | } |
| 189 | 189 | } |
| 190 | 190 | } |
| 191 | - $this->loggerInstance->debug(3, "Tried to check expected server name " . $this->expectedName . " but neither CN nor sANs matched."); |
|
| 191 | + $this->loggerInstance->debug(3, "Tried to check expected server name ".$this->expectedName." but neither CN nor sANs matched."); |
|
| 192 | 192 | |
| 193 | 193 | $this->TLS_CA_checks_result[$host]['cert_oddity'] = RADIUSTests::CERTPROB_DYN_SERVER_NAME_MISMATCH; |
| 194 | 194 | return FALSE; |
@@ -218,9 +218,9 @@ discard block |
||
| 218 | 218 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 219 | 219 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 220 | 220 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 221 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 222 | - if (!file_exists(ROOT . '/config/cli-certs/' . $cert['public']) ||!file_exists(ROOT . |
|
| 223 | - '/config/cli-certs/' . $cert['private'])) { |
|
| 221 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 222 | + if (!file_exists(ROOT.'/config/cli-certs/'.$cert['public']) || !file_exists(ROOT. |
|
| 223 | + '/config/cli-certs/'.$cert['private'])) { |
|
| 224 | 224 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['finalerror'] = 2; |
| 225 | 225 | continue; |
| 226 | 226 | } |
@@ -228,7 +228,7 @@ discard block |
||
| 228 | 228 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 229 | 229 | } |
| 230 | 230 | // tls1_3 connections have a problem in strdout/stderr buffering |
| 231 | - $add .= ' ' . "-no_ssl3 -no_tls1_3"; |
|
| 231 | + $add .= ' '."-no_ssl3 -no_tls1_3"; |
|
| 232 | 232 | $opensslbabble = $this->execOpensslClient($host, $add, $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]); |
| 233 | 233 | $res = $this->opensslClientsResult($host, $opensslbabble, $this->TLS_clients_checks_result, $type, $k); |
| 234 | 234 | if ($cert['expected'] == 'PASS') { |
@@ -270,11 +270,11 @@ discard block |
||
| 270 | 270 | // but code analysers want this more explicit, so here is this extra |
| 271 | 271 | // call to escapeshellarg() |
| 272 | 272 | $escapedHost = escapeshellarg($host); |
| 273 | - $this->loggerInstance->debug(4, \config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 273 | + $this->loggerInstance->debug(4, \config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1\n"); |
|
| 274 | 274 | $time_start = microtime(true); |
| 275 | 275 | $opensslbabble = []; |
| 276 | 276 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 277 | - exec(\config\Master::PATHS['openssl'] . " s_client -connect " . $escapedHost . " -CApath " . ROOT . "/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 277 | + exec(\config\Master::PATHS['openssl']." s_client -connect ".$escapedHost." -CApath ".ROOT."/config/ca-certs/$this->consortium/ $arg 2>&1", $opensslbabble, $result); |
|
| 278 | 278 | $time_stop = microtime(true); |
| 279 | 279 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 280 | 280 | $testresults['returncode'] = $result; |
@@ -396,7 +396,7 @@ discard block |
||
| 396 | 396 | private function propertyCheckPolicy($cert) |
| 397 | 397 | { |
| 398 | 398 | $oids = []; |
| 399 | - if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 399 | + if (isset($cert['extensions']['certificatePolicies']) && $cert['extensions']['certificatePolicies']) { |
|
| 400 | 400 | foreach (\config\Diagnostics::RADIUSTESTS['TLS-acceptableOIDs'] as $key => $oid) { |
| 401 | 401 | if (preg_match("/Policy: $oid/", $cert['extensions']['certificatePolicies'])) { |
| 402 | 402 | $oids[$key] = $oid; |
@@ -331,7 +331,7 @@ discard block |
||
| 331 | 331 | // for now (no OpenRoaming client certs available) only run server-side tests |
| 332 | 332 | foreach ($listOfIPs as $oneIP) { |
| 333 | 333 | $connectionResult = $connectionTests->cApathCheck($oneIP); |
| 334 | - if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 334 | + if ($connectionResult != \core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
| 335 | 335 | $allHostsOkay = FALSE; |
| 336 | 336 | } else { |
| 337 | 337 | $oneHostOkay = TRUE; |
@@ -945,7 +945,7 @@ discard block |
||
| 945 | 945 | $profileStatus = self::CERT_STATUS_NONE; |
| 946 | 946 | foreach ($rows as $row) { |
| 947 | 947 | $encodedCert = $row[0]; |
| 948 | - $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t']- time(); |
|
| 948 | + $tm = $x509->processCertificate(base64_decode($encodedCert))['full_details']['validTo_time_t'] - time(); |
|
| 949 | 949 | if ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_critical']) { |
| 950 | 950 | $certStatus = self::CERT_STATUS_ERROR; |
| 951 | 951 | } elseif ($tm < \config\ConfAssistant::CERT_WARNINGS['expiry_warning']) { |
@@ -49,15 +49,15 @@ |
||
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
| 52 | - case "SELF-REGISTER": |
|
| 53 | - $token = "SELF-REGISTER"; |
|
| 54 | - $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | - $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | - break; |
|
| 57 | - default: |
|
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | - $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | - $checkval = $usermgmt->checkTokenValidity($token); |
|
| 52 | + case "SELF-REGISTER": |
|
| 53 | + $token = "SELF-REGISTER"; |
|
| 54 | + $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 55 | + $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
|
| 56 | + break; |
|
| 57 | + default: |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 59 | + $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
|
| 60 | + $checkval = $usermgmt->checkTokenValidity($token); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
@@ -30,7 +30,7 @@ discard block |
||
| 30 | 30 | ?> |
| 31 | 31 | <?php |
| 32 | 32 | |
| 33 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 33 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 34 | 34 | |
| 35 | 35 | $auth = new \web\lib\admin\Authentication(); |
| 36 | 36 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -41,11 +41,11 @@ discard block |
||
| 41 | 41 | $auth->authenticate(); |
| 42 | 42 | |
| 43 | 43 | if (!isset($_GET['token'])) { |
| 44 | - $elements->errorPage(_("Error creating new IdP binding!"),_("This page needs to be called with a valid invitation token!")); |
|
| 44 | + $elements->errorPage(_("Error creating new IdP binding!"), _("This page needs to be called with a valid invitation token!")); |
|
| 45 | 45 | } |
| 46 | 46 | |
| 47 | 47 | if (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL && $_GET['token'] == "SELF-REGISTER") { |
| 48 | - $elements->errorPage(_("Error creating new IdP binding!"),_("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 48 | + $elements->errorPage(_("Error creating new IdP binding!"), _("You tried to register in self-service, but this deployment does not allow self-service!")); |
|
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | switch ($_GET['token']) { |
@@ -55,23 +55,23 @@ discard block |
||
| 55 | 55 | $federation = \config\ConfAssistant::CONSORTIUM['selfservice_registration']; |
| 56 | 56 | break; |
| 57 | 57 | default: |
| 58 | - $tokenUnfiltered = $validator->token(filter_input(INPUT_GET,'token')); |
|
| 58 | + $tokenUnfiltered = $validator->token(filter_input(INPUT_GET, 'token')); |
|
| 59 | 59 | $token = htmlspecialchars(strip_tags($tokenUnfiltered)); |
| 60 | 60 | $checkval = $usermgmt->checkTokenValidity($token); |
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | if ($checkval < 0) { |
| 64 | 64 | echo $deco->pageheader(_("Error creating new IdP binding!"), "ADMIN-IDP"); |
| 65 | - echo "<h1>" . _("Error creating new IdP binding!") . "</h1>"; |
|
| 65 | + echo "<h1>"._("Error creating new IdP binding!")."</h1>"; |
|
| 66 | 66 | switch ($checkval) { |
| 67 | 67 | case \core\UserManagement::TOKENSTATUS_FAIL_ALREADYCONSUMED: |
| 68 | - echo "<p>" . sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant) . "</p>"; |
|
| 68 | + echo "<p>".sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureParticipant)."</p>"; |
|
| 69 | 69 | break; |
| 70 | 70 | case \core\UserManagement::TOKENSTATUS_FAIL_EXPIRED: |
| 71 | - echo "<p>" . sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed) . "</p>"; |
|
| 71 | + echo "<p>".sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed)."</p>"; |
|
| 72 | 72 | break; |
| 73 | 73 | default: |
| 74 | - echo "<p>" . _("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.") . "</p>"; |
|
| 74 | + echo "<p>"._("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.")."</p>"; |
|
| 75 | 75 | } |
| 76 | 76 | echo $deco->footer(); |
| 77 | 77 | throw new Exception("Terminating because something is wrong with the token we received."); |
@@ -86,12 +86,12 @@ discard block |
||
| 86 | 86 | case "SELF-REGISTER": |
| 87 | 87 | $fed = new \core\Federation($federation); |
| 88 | 88 | $newidp = new \core\IdP($fed->newIdP(core\IdP::TYPE_IDPSP, $user, "FED", "SELFSERVICE")); |
| 89 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - selfservice registration"); |
|
| 89 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - selfservice registration"); |
|
| 90 | 90 | break; |
| 91 | 91 | default: |
| 92 | 92 | $newidp = $usermgmt->createIdPFromToken($token, $user); |
| 93 | 93 | $usermgmt->invalidateToken($token); |
| 94 | - $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - Token used and invalidated"); |
|
| 94 | + $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - Token used and invalidated"); |
|
| 95 | 95 | break; |
| 96 | 96 | } |
| 97 | 97 | |
@@ -115,12 +115,12 @@ discard block |
||
| 115 | 115 | $this->name = $this->languageInstance->getLocalisedValue($this->getAttributes('general:instname')); |
| 116 | 116 | $eligibility = $this->eligibility($instQuery->type); |
| 117 | 117 | if (in_array(IdP::ELIGIBILITY_IDP, $eligibility) && in_array(IdP::ELIGIBILITY_SP, $eligibility)) { |
| 118 | - $eligType = IdP::TYPE_IDPSP . ""; |
|
| 118 | + $eligType = IdP::TYPE_IDPSP.""; |
|
| 119 | 119 | $this->type = $eligType; |
| 120 | 120 | } elseif (in_array(IdP::ELIGIBILITY_IDP, $eligibility)) { |
| 121 | - $eligType = IdP::TYPE_IDP . ""; |
|
| 121 | + $eligType = IdP::TYPE_IDP.""; |
|
| 122 | 122 | } else { |
| 123 | - $eligType = IdP::TYPE_SP . ""; |
|
| 123 | + $eligType = IdP::TYPE_SP.""; |
|
| 124 | 124 | } |
| 125 | 125 | $this->type = $eligType; |
| 126 | 126 | $this->loggerInstance->debug(4, "--- END Constructing new IdP object $instId ... ---\n"); |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | */ |
| 135 | 135 | public function listProfiles(bool $activeOnly = FALSE) |
| 136 | 136 | { |
| 137 | - $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier" . ($activeOnly ? " AND showtime = 1" : ""); |
|
| 137 | + $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier".($activeOnly ? " AND showtime = 1" : ""); |
|
| 138 | 138 | $allProfiles = $this->databaseHandle->exec($query); |
| 139 | 139 | $returnarray = []; |
| 140 | 140 | // SELECT -> resource, not boolean |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | $returnarray[] = $oneProfile; |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - $this->loggerInstance->debug(4, "listProfiles: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 147 | + $this->loggerInstance->debug(4, "listProfiles: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 148 | 148 | return $returnarray; |
| 149 | 149 | } |
| 150 | 150 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | */ |
| 157 | 157 | public function listDeployments(bool $activeOnly = FALSE) |
| 158 | 158 | { |
| 159 | - $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier" . ($activeOnly ? " AND status = " . AbstractDeployment::ACTIVE : ""); |
|
| 159 | + $query = "SELECT deployment_id FROM deployment WHERE inst_id = $this->identifier".($activeOnly ? " AND status = ".AbstractDeployment::ACTIVE : ""); |
|
| 160 | 160 | $allDeployments = $this->databaseHandle->exec($query); |
| 161 | 161 | $returnarray = []; |
| 162 | 162 | // SELECT -> resource, not boolean |
@@ -164,7 +164,7 @@ discard block |
||
| 164 | 164 | $returnarray[] = new DeploymentManaged($this, $deploymentQuery->deployment_id); |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | - $this->loggerInstance->debug(4, "listDeployments: " . /** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 167 | + $this->loggerInstance->debug(4, "listDeployments: "./** @scrutinizer ignore-type */ print_r($returnarray, true)); |
|
| 168 | 168 | return $returnarray; |
| 169 | 169 | } |
| 170 | 170 | |
@@ -190,7 +190,7 @@ discard block |
||
| 190 | 190 | $redirectProfileIds = []; |
| 191 | 191 | $allProfileLevels = $this->databaseHandle->exec("SELECT profile_id, sufficient_config + showtime AS maxlevel FROM profile WHERE inst_id = $this->identifier ORDER BY maxlevel DESC"); |
| 192 | 192 | // SELECT yields a resource, not a boolean |
| 193 | - if ($allProfileLevels->num_rows == 0 ) { |
|
| 193 | + if ($allProfileLevels->num_rows == 0) { |
|
| 194 | 194 | return self::PROFILES_INCOMPLETE; |
| 195 | 195 | } |
| 196 | 196 | $allProfilesArray = $allProfileLevels->fetch_all(MYSQLI_ASSOC); |
@@ -218,7 +218,7 @@ discard block |
||
| 218 | 218 | $allProfiles = $this->databaseHandle->exec("SELECT MIN(openroaming) AS maxlevel FROM profile WHERE inst_id = $this->identifier"); |
| 219 | 219 | // SELECT yields a resource, not a boolean |
| 220 | 220 | while ($res = mysqli_fetch_object(/** @scrutinizer ignore-type */ $allProfiles)) { |
| 221 | - return (is_numeric($res->maxlevel) ? (int)$res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO ); // insts without profiles should get a "NO" |
|
| 221 | + return (is_numeric($res->maxlevel) ? (int) $res->maxlevel : AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO); // insts without profiles should get a "NO" |
|
| 222 | 222 | } |
| 223 | 223 | return AbstractProfile::OVERALL_OPENROAMING_LEVEL_NO; |
| 224 | 224 | } |
@@ -349,7 +349,7 @@ discard block |
||
| 349 | 349 | case AbstractProfile::PROFILETYPE_SILVERBULLET: |
| 350 | 350 | $theProfile = new ProfileSilverbullet($identifier, $this); |
| 351 | 351 | $theProfile->addSupportedEapMethod(new \core\common\EAP(\core\common\EAP::EAPTYPE_SILVERBULLET), 1); |
| 352 | - $theProfile->setRealm($this->identifier . "-" . $theProfile->identifier . "." . strtolower($this->federation) . strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 352 | + $theProfile->setRealm($this->identifier."-".$theProfile->identifier.".".strtolower($this->federation).strtolower(\config\ConfAssistant::SILVERBULLET['realm_suffix'])); |
|
| 353 | 353 | return $theProfile; |
| 354 | 354 | default: |
| 355 | 355 | throw new Exception("This type of profile is unknown and can not be added."); |
@@ -492,7 +492,7 @@ discard block |
||
| 492 | 492 | public function getExternalDBId() |
| 493 | 493 | { |
| 494 | 494 | if (\config\ConfAssistant::CONSORTIUM['name'] == "eduroam" && isset(\config\ConfAssistant::CONSORTIUM['deployment-voodoo']) && \config\ConfAssistant::CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
| 495 | - $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = " . self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 495 | + $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = ".self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 496 | 496 | // SELECT -> it's a resource, not a boolean |
| 497 | 497 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $idQuery) == 0) { |
| 498 | 498 | return FALSE; |
@@ -558,16 +558,16 @@ discard block |
||
| 558 | 558 | } |
| 559 | 559 | foreach ($baseline as $lang => $value) { |
| 560 | 560 | if (!key_exists($lang, $newvalues)) { |
| 561 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] DELETED"; |
|
| 561 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] DELETED"; |
|
| 562 | 562 | } else { |
| 563 | 563 | if ($value != $newvalues[$lang]) { |
| 564 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] CHANGED from '" . $baseline[$lang] . "' to '" . $newvalues[$lang] . "'"; |
|
| 564 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] CHANGED from '".$baseline[$lang]."' to '".$newvalues[$lang]."'"; |
|
| 565 | 565 | } |
| 566 | 566 | } |
| 567 | 567 | } |
| 568 | 568 | foreach ($newvalues as $lang => $value) { |
| 569 | 569 | if (!key_exists($lang, $baseline)) { |
| 570 | - $retval[IdP::INSTNAME_CHANGED] .= "#[Language " . strtoupper($lang) . "] ADDED as '" . $value . "'"; |
|
| 570 | + $retval[IdP::INSTNAME_CHANGED] .= "#[Language ".strtoupper($lang)."] ADDED as '".$value."'"; |
|
| 571 | 571 | } |
| 572 | 572 | } |
| 573 | 573 | return $retval; |
@@ -35,10 +35,10 @@ discard block |
||
| 35 | 35 | public function __construct() |
| 36 | 36 | { |
| 37 | 37 | |
| 38 | - if ( \config\ConfAssistant::eduPKI['testing'] === true ) { |
|
| 39 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 38 | + if (\config\ConfAssistant::eduPKI['testing'] === true) { |
|
| 39 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 42 | 42 | $this->eduPkiRaId = 700; |
| 43 | 43 | $this->eduPkiCertProfileBoth = "Radius Server SOAP"; |
| 44 | 44 | $this->eduPkiCertProfileIdp = "Radius Server SOAP"; |
@@ -47,9 +47,9 @@ discard block |
||
| 47 | 47 | $this->eduPkiEndpointPublic = "https://pki.edupki.org/edupki-test-ca/cgi-bin/pub/soap?wsdl=1"; |
| 48 | 48 | $this->eduPkiEndpointRa = "https://ra.edupki.org/edupki-test-ca/cgi-bin/ra/soap?wsdl=1"; |
| 49 | 49 | } else { |
| 50 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 50 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 53 | 53 | $this->eduPkiRaId = 100; |
| 54 | 54 | $this->eduPkiCertProfileBoth = "eduroam IdP and SP"; |
| 55 | 55 | $this->eduPkiCertProfileIdp = "eduroam IdP"; |
@@ -63,13 +63,13 @@ discard block |
||
| 63 | 63 | parent::__construct(); |
| 64 | 64 | |
| 65 | 65 | if (stat($this->locationRaCert) === FALSE) { |
| 66 | - throw new Exception("RA operator PEM file not found: " . $this->locationRaCert); |
|
| 66 | + throw new Exception("RA operator PEM file not found: ".$this->locationRaCert); |
|
| 67 | 67 | } |
| 68 | 68 | if (stat($this->locationRaKey) === FALSE) { |
| 69 | - throw new Exception("RA operator private key file not found: " . $this->locationRaKey); |
|
| 69 | + throw new Exception("RA operator private key file not found: ".$this->locationRaKey); |
|
| 70 | 70 | } |
| 71 | 71 | if (stat($this->locationWebRoot) === FALSE) { |
| 72 | - throw new Exception("CA website root CA file not found: " . $this->locationWebRoot); |
|
| 72 | + throw new Exception("CA website root CA file not found: ".$this->locationWebRoot); |
|
| 73 | 73 | } |
| 74 | 74 | } |
| 75 | 75 | |
@@ -136,22 +136,22 @@ discard block |
||
| 136 | 136 | throw new Exception("Unexpected policies requested."); |
| 137 | 137 | } |
| 138 | 138 | $altArray = [# Array mit den Subject Alternative Names |
| 139 | - "email:" . $csr["USERMAIL"] |
|
| 139 | + "email:".$csr["USERMAIL"] |
|
| 140 | 140 | ]; |
| 141 | 141 | foreach ($csr["ALTNAMES"] as $oneAltName) { |
| 142 | - $altArray[] = "DNS:" . $oneAltName; |
|
| 142 | + $altArray[] = "DNS:".$oneAltName; |
|
| 143 | 143 | } |
| 144 | 144 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 145 | 145 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 146 | - $this->loggerInstance->debug(5, "PARAM_1: " . $this->eduPkiRaId . "\n"); |
|
| 147 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 146 | + $this->loggerInstance->debug(5, "PARAM_1: ".$this->eduPkiRaId."\n"); |
|
| 147 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 148 | 148 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 149 | 149 | $this->loggerInstance->debug(5, $altArray); |
| 150 | - $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n"); |
|
| 151 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 152 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 153 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 154 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 150 | + $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n"); |
|
| 151 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 152 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 153 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 154 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 155 | 155 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 156 | 156 | $soapNewRequest = $soapPub->newRequest( |
| 157 | 157 | $this->eduPkiRaId, # RA-ID |
@@ -173,11 +173,11 @@ discard block |
||
| 173 | 173 | } catch (Exception $e) { |
| 174 | 174 | // PHP 7.1 can do this much better |
| 175 | 175 | if (is_soap_fault($e)) { |
| 176 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: { |
|
| 176 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: { |
|
| 177 | 177 | $e->faultstring |
| 178 | 178 | }\n"); |
| 179 | 179 | } |
| 180 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 180 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 181 | 181 | } |
| 182 | 182 | try { |
| 183 | 183 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -209,7 +209,7 @@ discard block |
||
| 209 | 209 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 210 | 210 | // rather than just using the string. Grr. |
| 211 | 211 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 212 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 212 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 213 | 213 | // retrieve our RA cert from filesystem |
| 214 | 214 | // the RA certificates are not needed right now because we |
| 215 | 215 | // have resorted to S/MIME signatures with openssl command-line |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 222 | 222 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 223 | 223 | $this->loggerInstance->debug(2, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 224 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 224 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 225 | 225 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 226 | 226 | $output = []; |
| 227 | 227 | $return = 999; |
@@ -230,21 +230,21 @@ discard block |
||
| 230 | 230 | throw new Exception("Non-zero return value from openssl smime!"); |
| 231 | 231 | } |
| 232 | 232 | // and get the signature blob back from the filesystem |
| 233 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 233 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 234 | 234 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 235 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 236 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 237 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 235 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 236 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 237 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 238 | 238 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 239 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 240 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 239 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 240 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 241 | 241 | if ($soapIssueCert === FALSE) { |
| 242 | 242 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 243 | 243 | } |
| 244 | 244 | } catch (SoapFault $e) { |
| 245 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 245 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 246 | 246 | } catch (Exception $e) { |
| 247 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 247 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 248 | 248 | } |
| 249 | 249 | return $soapReqnum; |
| 250 | 250 | } |
@@ -296,9 +296,9 @@ discard block |
||
| 296 | 296 | throw new Exception("CAInfo has no root certificate for us!"); |
| 297 | 297 | } |
| 298 | 298 | } catch (SoapFault $e) { |
| 299 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 299 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 300 | 300 | } catch (Exception $e) { |
| 301 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 301 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 302 | 302 | } |
| 303 | 303 | return [ |
| 304 | 304 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -331,12 +331,12 @@ discard block |
||
| 331 | 331 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 332 | 332 | // rather than just using the string. Grr. |
| 333 | 333 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 334 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 334 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 335 | 335 | // retrieve our RA cert from filesystem |
| 336 | 336 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 337 | 337 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 338 | 338 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 339 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 339 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 340 | 340 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 341 | 341 | $output = []; |
| 342 | 342 | $return = 999; |
@@ -345,7 +345,7 @@ discard block |
||
| 345 | 345 | throw new Exception("Non-zero return value from openssl smime!"); |
| 346 | 346 | } |
| 347 | 347 | // and get the signature blob back from the filesystem |
| 348 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 348 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 349 | 349 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 350 | 350 | if ($soapIssueRev === FALSE) { |
| 351 | 351 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -353,9 +353,9 @@ discard block |
||
| 353 | 353 | } catch (Exception $e) { |
| 354 | 354 | // PHP 7.1 can do this much better |
| 355 | 355 | if (is_soap_fault($e)) { |
| 356 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 356 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 357 | 357 | } |
| 358 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 358 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 359 | 359 | } |
| 360 | 360 | } |
| 361 | 361 | |
@@ -455,9 +455,9 @@ discard block |
||
| 455 | 455 | */ |
| 456 | 456 | public function soapToXmlInteger($x) |
| 457 | 457 | { |
| 458 | - return '<' . $x[0] . '>' |
|
| 458 | + return '<'.$x[0].'>' |
|
| 459 | 459 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 460 | - . '</' . $x[0] . '>'; |
|
| 460 | + . '</'.$x[0].'>'; |
|
| 461 | 461 | } |
| 462 | 462 | |
| 463 | 463 | /** |
@@ -476,9 +476,9 @@ discard block |
||
| 476 | 476 | // dump private key into directory |
| 477 | 477 | $outstring = ""; |
| 478 | 478 | openssl_pkey_export($privateKey, $outstring); |
| 479 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 479 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 480 | 480 | // PHP can only do one DC in the Subject. But we need three. |
| 481 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 481 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 482 | 482 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 483 | 483 | $output = []; |
| 484 | 484 | $return = 999; |
