GEANT /
CAT
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | " . $Tou['title'] . " |
| 52 | 52 | </h1> |
| 53 | 53 | <div id='tou_1'>" . $Tou['subtitle'] . |
| 54 | - '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 54 | + '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 55 | 55 | </div> |
| 56 | 56 | <div id='all_tou_link'><a href='javascript:showTOU()'>Click here to see the full terms</a></div> |
| 57 | 57 | <div id='tou_2' style='display:none; padding-top:20px; direction:ltr'>" . |
@@ -31,7 +31,7 @@ discard block |
||
| 31 | 31 | * the receiving end to strip this marker and not add the title by itself. |
| 32 | 32 | * |
| 33 | 33 | */ |
| 34 | -require_once dirname(dirname(dirname((dirname(dirname(__FILE__)))))) . "/config/_config.php"; |
|
| 34 | +require_once dirname(dirname(dirname((dirname(dirname(__FILE__))))))."/config/_config.php"; |
|
| 35 | 35 | |
| 36 | 36 | $Gui = new \web\lib\user\Gui(); |
| 37 | 37 | |
@@ -41,46 +41,46 @@ discard block |
||
| 41 | 41 | $subpage = $_REQUEST['subpage']; |
| 42 | 42 | switch ($page) { |
| 43 | 43 | case 'about': |
| 44 | - include_once dirname(dirname(dirname(dirname(__FILE__)))) . "/user/about_cat.inc.php"; |
|
| 44 | + include_once dirname(dirname(dirname(dirname(__FILE__))))."/user/about_cat.inc.php"; |
|
| 45 | 45 | $out = "<div class='padding'>$out</div>"; |
| 46 | 46 | break; |
| 47 | 47 | case 'tou': |
| 48 | - include_once dirname(dirname(dirname(dirname(__FILE__)))) . "/user/tou.inc.php"; |
|
| 48 | + include_once dirname(dirname(dirname(dirname(__FILE__))))."/user/tou.inc.php"; |
|
| 49 | 49 | $out = "no_title<div> |
| 50 | 50 | <h1> |
| 51 | - " . $Tou['title'] . " |
|
| 51 | + " . $Tou['title']." |
|
| 52 | 52 | </h1> |
| 53 | -<div id='tou_1'>" . $Tou['subtitle'] . |
|
| 54 | - '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 53 | +<div id='tou_1'>" . $Tou['subtitle']. |
|
| 54 | + '<div style="direction:ltr">'.$Tou['short']."</div> |
|
| 55 | 55 | </div> |
| 56 | 56 | <div id='all_tou_link'><a href='javascript:showTOU()'>Click here to see the full terms</a></div> |
| 57 | 57 | <div id='tou_2' style='display:none; padding-top:20px; direction:ltr'>" . |
| 58 | - $Tou['full'] . " |
|
| 58 | + $Tou['full']." |
|
| 59 | 59 | </div> |
| 60 | 60 | </div> |
| 61 | 61 | "; |
| 62 | 62 | break; |
| 63 | 63 | case 'help': |
| 64 | - include_once dirname(dirname(dirname(dirname(__FILE__)))) . "/user/faq.inc.php"; |
|
| 64 | + include_once dirname(dirname(dirname(dirname(__FILE__))))."/user/faq.inc.php"; |
|
| 65 | 65 | switch ($subpage) { |
| 66 | 66 | case 'contact': |
| 67 | 67 | case 'idp_not_listed': |
| 68 | 68 | case 'device_not_listed': |
| 69 | 69 | case 'what_is_eduroam': |
| 70 | - $out = "no_title<div><h1>" . _("Help") . "</h1>"; |
|
| 70 | + $out = "no_title<div><h1>"._("Help")."</h1>"; |
|
| 71 | 71 | foreach ($Faq as $faqItem) { |
| 72 | 72 | if (!empty($faqItem['id']) && $faqItem['id'] == $subpage) { |
| 73 | - $out .= "<div><h3>" . $faqItem['title'] . "</h3>\n"; |
|
| 74 | - $out .= "" . $faqItem['text'] . "</div>\n"; |
|
| 73 | + $out .= "<div><h3>".$faqItem['title']."</h3>\n"; |
|
| 74 | + $out .= "".$faqItem['text']."</div>\n"; |
|
| 75 | 75 | } |
| 76 | 76 | } |
| 77 | 77 | $out .= "</div>"; |
| 78 | 78 | break; |
| 79 | 79 | case 'faq': |
| 80 | - $out = "no_title<div><h1>" . _("Frequently Asked Questions") . "</h1>"; |
|
| 80 | + $out = "no_title<div><h1>"._("Frequently Asked Questions")."</h1>"; |
|
| 81 | 81 | foreach ($Faq as $faqItem) { |
| 82 | - $out .= "<div><h3>" . $faqItem['title'] . "</h3>\n"; |
|
| 83 | - $out .= "" . $faqItem['text'] . "</div>\n"; |
|
| 82 | + $out .= "<div><h3>".$faqItem['title']."</h3>\n"; |
|
| 83 | + $out .= "".$faqItem['text']."</div>\n"; |
|
| 84 | 84 | } |
| 85 | 85 | $out .= "</div>"; |
| 86 | 86 | break; |
@@ -104,15 +104,15 @@ discard block |
||
| 104 | 104 | $rn = uniqid(); |
| 105 | 105 | $_SESSION['remindIdP'] = $rn; |
| 106 | 106 | $out .= "<input type='hidden' id='remindIdPs' value='$rn'>"; |
| 107 | - $out .= "<p><button type='button' onclick='goAdmin(); return(false);'>" . _("Login") . "</button>"; |
|
| 108 | - $out .= "<br/><br/><p>" . _("Did you forget with which Identity Provider you logged in to the system? We can try to find out if you specify the email address with which you were invited to the system in the box below. This may not work if you were invited from a third-party website via the AdminAPI.") . "</p>"; |
|
| 109 | - $out .= "<input id='remindIdP' type='text'/><button onclick='remindIdPF(); return false;'>" . _("Get IdP Reminder") . "</button>"; |
|
| 107 | + $out .= "<p><button type='button' onclick='goAdmin(); return(false);'>"._("Login")."</button>"; |
|
| 108 | + $out .= "<br/><br/><p>"._("Did you forget with which Identity Provider you logged in to the system? We can try to find out if you specify the email address with which you were invited to the system in the box below. This may not work if you were invited from a third-party website via the AdminAPI.")."</p>"; |
|
| 109 | + $out .= "<input id='remindIdP' type='text'/><button onclick='remindIdPF(); return false;'>"._("Get IdP Reminder")."</button>"; |
|
| 110 | 110 | $out .= "<div id='remindIdPd'><span id='remindIdPh'></span><ul id='remindIdPl'></ul></div>"; |
| 111 | 111 | $out = "<div class='padding'>$out</div>"; |
| 112 | 112 | } |
| 113 | 113 | break; |
| 114 | 114 | case 'develop': |
| 115 | - include_once dirname(dirname(dirname(dirname(__FILE__)))) . "/user/devel.inc.php"; |
|
| 115 | + include_once dirname(dirname(dirname(dirname(__FILE__))))."/user/devel.inc.php"; |
|
| 116 | 116 | $out = "<div class='padding'>$out</div>"; |
| 117 | 117 | break; |
| 118 | 118 | } |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | header("Content-Type:text/css"); |
| 22 | -require dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))) . "/config/_config.php"; |
|
| 22 | +require dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))))."/config/_config.php"; |
|
| 23 | 23 | $langInstance = new core\common\Language(); |
| 24 | 24 | $start = $langInstance->rtl ? "right" : "left"; |
| 25 | 25 | $end = $langInstance->rtl ? "left" : "right"; |
@@ -399,8 +399,8 @@ discard block |
||
| 399 | 399 | |
| 400 | 400 | #message_only { |
| 401 | 401 | padding-top: 20px; |
| 402 | - padding-<?php echo $start;?>: 30px; |
|
| 403 | - padding-<?php echo $end;?>: 30px; |
|
| 402 | + padding-<?php echo $start; ?>: 30px; |
|
| 403 | + padding-<?php echo $end; ?>: 30px; |
|
| 404 | 404 | font-weight: normal; |
| 405 | 405 | position: relative; |
| 406 | 406 | font-size: 15px; |
@@ -27,7 +27,7 @@ discard block |
||
| 27 | 27 | * in a separate way and it is crucial that the updates are porformed more often (hourly) |
| 28 | 28 | */ |
| 29 | 29 | namespace utils; |
| 30 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 30 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 31 | 31 | |
| 32 | 32 | setlocale(LC_CTYPE, "en_US.UTF-8"); |
| 33 | 33 | |
@@ -52,4 +52,4 @@ discard block |
||
| 52 | 52 | |
| 53 | 53 | $timeEnd = microtime(true); |
| 54 | 54 | $timeElapsed = $timeEnd - $timeStart; |
| 55 | -printf("Whole update done in %.2fs\n",$timeElapsed); |
|
| 56 | 55 | \ No newline at end of file |
| 56 | +printf("Whole update done in %.2fs\n", $timeElapsed); |
|
| 57 | 57 | \ No newline at end of file |
@@ -24,7 +24,7 @@ discard block |
||
| 24 | 24 | * update the local copy |
| 25 | 25 | */ |
| 26 | 26 | namespace utils; |
| 27 | -require_once dirname(dirname(__FILE__)) . "/config/_config.php"; |
|
| 27 | +require_once dirname(dirname(__FILE__))."/config/_config.php"; |
|
| 28 | 28 | |
| 29 | 29 | setlocale(LC_CTYPE, "en_US.UTF-8"); |
| 30 | 30 | |
@@ -98,7 +98,7 @@ discard block |
||
| 98 | 98 | $this->db_ext->query("SET NAMES 'utf8'"); |
| 99 | 99 | $this->db_local->query("SET NAMES 'utf8mb4'"); |
| 100 | 100 | $result = $this->db_ext->query("SELECT * FROM $table"); |
| 101 | - $queryFields = implode(',', array_column($this->fields[$db][$table_name],0)); |
|
| 101 | + $queryFields = implode(',', array_column($this->fields[$db][$table_name], 0)); |
|
| 102 | 102 | while ($row = $result->fetch_assoc()) { |
| 103 | 103 | $v = []; |
| 104 | 104 | foreach ($this->fields[$db][$table_name] as $field) { |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | } |
| 117 | 117 | } |
| 118 | 118 | } |
| 119 | - $queryValues = implode(',',$v); |
|
| 119 | + $queryValues = implode(',', $v); |
|
| 120 | 120 | $query = "INSERT INTO $tmpTable (".$queryFields.") VALUES (".$queryValues.")"; |
| 121 | 121 | $this->db_local->query($query); |
| 122 | 122 | } |
@@ -134,9 +134,9 @@ discard block |
||
| 134 | 134 | $realms = explode(',', $row[1]); |
| 135 | 135 | foreach ($contacts as $contact) { |
| 136 | 136 | foreach ($realms as $realm) { |
| 137 | - $email = empty($contact['mail']) ? 'NULL' :'"'.$contact['mail'].'"'; |
|
| 138 | - $name = empty($contact['name']) ? 'NULL' :'"'.$contact['name'].'"'; |
|
| 139 | - $phone = empty($contact['phone']) ? 'NULL' :'"'.$contact['phone'].'"'; |
|
| 137 | + $email = empty($contact['mail']) ? 'NULL' : '"'.$contact['mail'].'"'; |
|
| 138 | + $name = empty($contact['name']) ? 'NULL' : '"'.$contact['name'].'"'; |
|
| 139 | + $phone = empty($contact['phone']) ? 'NULL' : '"'.$contact['phone'].'"'; |
|
| 140 | 140 | $id = '"'.$row[2].'"'; |
| 141 | 141 | $ROid = '"'.$row[3].'"'; |
| 142 | 142 | $query = "INSERT INTO tmp_institution_admins (name, email, phone, inst_realm, instid, ROid)" |
@@ -161,9 +161,9 @@ discard block |
||
| 161 | 161 | } |
| 162 | 162 | |
| 163 | 163 | private function escape($inp) { |
| 164 | - $out=str_replace('\\','\\\\',$inp); |
|
| 165 | - $out=str_replace('"','\"',$out); |
|
| 166 | - $out=str_replace('?','\?',$out); |
|
| 164 | + $out = str_replace('\\', '\\\\', $inp); |
|
| 165 | + $out = str_replace('"', '\"', $out); |
|
| 166 | + $out = str_replace('?', '\?', $out); |
|
| 167 | 167 | $out = 'convert(cast(convert("'.$out.'" using latin1) as binary) using utf8)'; |
| 168 | 168 | return($out); |
| 169 | 169 | } |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once __DIR__ . "/../core/Psr4Autoloader.php"; |
|
| 22 | +require_once __DIR__."/../core/Psr4Autoloader.php"; |
|
| 23 | 23 | use core\autoloader\Psr4Autoloader; |
| 24 | 24 | |
| 25 | 25 | // instantiate the loader |
@@ -30,12 +30,12 @@ discard block |
||
| 30 | 30 | |
| 31 | 31 | // register the base directories for the namespace prefix |
| 32 | 32 | // include configuration |
| 33 | -$loader->addNamespace('config', __DIR__ ); |
|
| 33 | +$loader->addNamespace('config', __DIR__); |
|
| 34 | 34 | // include CAT/core library |
| 35 | -$loader->addNamespace('core', __DIR__ . "/../core"); |
|
| 35 | +$loader->addNamespace('core', __DIR__."/../core"); |
|
| 36 | 36 | // include CAT/devices library |
| 37 | -$loader->addNamespace('devices', __DIR__ . "/../devices"); |
|
| 37 | +$loader->addNamespace('devices', __DIR__."/../devices"); |
|
| 38 | 38 | // include CAT/web library |
| 39 | -$loader->addNamespace('web', __DIR__ . "/../web"); |
|
| 39 | +$loader->addNamespace('web', __DIR__."/../web"); |
|
| 40 | 40 | // include CAT/utils |
| 41 | -$loader->addNamespace('utils', __DIR__ . "/../utils"); |
|
| 41 | +$loader->addNamespace('utils', __DIR__."/../utils"); |
|
@@ -2,12 +2,12 @@ |
||
| 2 | 2 | define('SOCKET', '/opt/Socket/CAT_requests/queue'); |
| 3 | 3 | |
| 4 | 4 | function cat_socket($obj) { |
| 5 | - $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | - $conn = socket_connect($sock, SOCKET); |
|
| 7 | - if ( $conn ) { |
|
| 8 | - socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | - $out = socket_read ($sock, 2048); |
|
| 10 | - return $out; |
|
| 11 | - } |
|
| 12 | - return 'FAILURE'; |
|
| 5 | + $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | + $conn = socket_connect($sock, SOCKET); |
|
| 7 | + if ( $conn ) { |
|
| 8 | + socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | + $out = socket_read ($sock, 2048); |
|
| 10 | + return $out; |
|
| 11 | + } |
|
| 12 | + return 'FAILURE'; |
|
| 13 | 13 | } |
@@ -6,9 +6,9 @@ |
||
| 6 | 6 | function cat_socket($obj) { |
| 7 | 7 | $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
| 8 | 8 | $conn = socket_connect($sock, SOCKET); |
| 9 | - if ( $conn ) { |
|
| 10 | - socket_write ($sock, $obj, strlen($obj)); |
|
| 11 | - $out = socket_read ($sock, 2048); |
|
| 9 | + if ($conn) { |
|
| 10 | + socket_write($sock, $obj, strlen($obj)); |
|
| 11 | + $out = socket_read($sock, 2048); |
|
| 12 | 12 | return $out; |
| 13 | 13 | } |
| 14 | 14 | return 'FAILURE'; |
@@ -372,20 +372,20 @@ discard block |
||
| 372 | 372 | ); |
| 373 | 373 | // Generate a new private (and public) key pair |
| 374 | 374 | $privkey = openssl_pkey_new(array( |
| 375 | - "private_key_bits" => 4096, |
|
| 376 | - "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 375 | + "private_key_bits" => 4096, |
|
| 376 | + "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 377 | 377 | // export private key to $clientprivateKey (as string) |
| 378 | 378 | openssl_pkey_export($privkey, $this->radsec_priv); |
| 379 | 379 | // Generate a certificate signing request |
| 380 | 380 | $csr = openssl_csr_new($dn, $privkey, |
| 381 | - array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 381 | + array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 382 | 382 | // get CA certificate and private key |
| 383 | 383 | $caprivkey = array(file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"), |
| 384 | 384 | \config\Master::MANAGEDSP['capass']); |
| 385 | 385 | $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
| 386 | 386 | $this->setTLSSerialNumber(); |
| 387 | 387 | $clientcert = openssl_csr_sign($csr, $cacert, $caprivkey, \config\Master::MANAGEDSP['daystoexpiry'], |
| 388 | - array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 388 | + array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 389 | 389 | openssl_x509_export($clientcert, $this->radsec_cert); |
| 390 | 390 | } |
| 391 | 391 | /** |
@@ -506,9 +506,9 @@ discard block |
||
| 506 | 506 | */ |
| 507 | 507 | public function renewtls() |
| 508 | 508 | { |
| 509 | - $id = $this->identifier; |
|
| 510 | - $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 509 | + $id = $this->identifier; |
|
| 510 | + $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 512 | 512 | } |
| 513 | 513 | |
| 514 | 514 | /** |
@@ -518,38 +518,38 @@ discard block |
||
| 518 | 518 | */ |
| 519 | 519 | public function tlsfromcsr($csr) |
| 520 | 520 | { |
| 521 | - $id = $this->identifier; |
|
| 522 | - $dn = array(); |
|
| 523 | - $dn['rdnSequence'] = array(); |
|
| 524 | - $dn['rdnSequence'][0] = array(); |
|
| 525 | - $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | - $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | - $dn['rdnSequence'][1] = array(); |
|
| 528 | - $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | - $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | - $dn['rdnSequence'][2] = array(); |
|
| 531 | - $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | - $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | - $csr->setDN($dn); |
|
| 534 | - $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | - $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | - $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | - $ca = new \phpseclib3\File\X509(); |
|
| 538 | - $ca->loadX509($pemca); |
|
| 539 | - $ca->setPrivateKey($cakey); |
|
| 540 | - // Sign the updated request, producing the certificate. |
|
| 541 | - $x509 = new \phpseclib3\File\X509(); |
|
| 542 | - $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | - $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | - $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | - $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | - $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | - $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | - $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | - $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | - $this->radsec_priv = NULL; |
|
| 551 | - //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 521 | + $id = $this->identifier; |
|
| 522 | + $dn = array(); |
|
| 523 | + $dn['rdnSequence'] = array(); |
|
| 524 | + $dn['rdnSequence'][0] = array(); |
|
| 525 | + $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | + $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | + $dn['rdnSequence'][1] = array(); |
|
| 528 | + $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | + $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | + $dn['rdnSequence'][2] = array(); |
|
| 531 | + $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | + $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | + $csr->setDN($dn); |
|
| 534 | + $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | + $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | + $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | + $ca = new \phpseclib3\File\X509(); |
|
| 538 | + $ca->loadX509($pemca); |
|
| 539 | + $ca->setPrivateKey($cakey); |
|
| 540 | + // Sign the updated request, producing the certificate. |
|
| 541 | + $x509 = new \phpseclib3\File\X509(); |
|
| 542 | + $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | + $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | + $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | + $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | + $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | + $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | + $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | + $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | + $this->radsec_priv = NULL; |
|
| 551 | + //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 553 | 553 | } |
| 554 | 554 | /** |
| 555 | 555 | * marks the deployment as deactivated |
@@ -322,7 +322,7 @@ discard block |
||
| 322 | 322 | $serverCandidates[IdPlist::geoDistance($adminLocation, ['lat' => $iterator->location_lat, 'lon' => $iterator->location_lon])] = $iterator->server_id; |
| 323 | 323 | } |
| 324 | 324 | if ($clients > $maxSupportedClients * 0.9) { |
| 325 | - $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (" . $iterator->server_id . ") is serving at more than 90% capacity!"); |
|
| 325 | + $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (".$iterator->server_id.") is serving at more than 90% capacity!"); |
|
| 326 | 326 | } |
| 327 | 327 | } |
| 328 | 328 | if (count($serverCandidates) == 0 && $federation != "DEFAULT") { |
@@ -344,7 +344,7 @@ discard block |
||
| 344 | 344 | * |
| 345 | 345 | * @throws Exception |
| 346 | 346 | */ |
| 347 | - private function setTLSSerialNumber($max=PHP_INT_MAX) { |
|
| 347 | + private function setTLSSerialNumber($max = PHP_INT_MAX) { |
|
| 348 | 348 | $nonDupSerialFound = FALSE; |
| 349 | 349 | do { |
| 350 | 350 | $serial = random_int(1000000000, $max); |
@@ -364,7 +364,7 @@ discard block |
||
| 364 | 364 | */ |
| 365 | 365 | private function createTLScredentials() |
| 366 | 366 | { |
| 367 | - $clientName = 'SP' . $this->identifier . '-' . $this->institution; |
|
| 367 | + $clientName = 'SP'.$this->identifier.'-'.$this->institution; |
|
| 368 | 368 | $dn = array( |
| 369 | 369 | "organizationName" => "eduroam", |
| 370 | 370 | "organizationalUnitName" => "eduroam Managed SP", |
@@ -378,14 +378,14 @@ discard block |
||
| 378 | 378 | openssl_pkey_export($privkey, $this->radsec_priv); |
| 379 | 379 | // Generate a certificate signing request |
| 380 | 380 | $csr = openssl_csr_new($dn, $privkey, |
| 381 | - array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 381 | + array('digest_alg' => 'sha256', 'config' => ROOT."/config/ManagedSPCerts/openssl.cnf")); |
|
| 382 | 382 | // get CA certificate and private key |
| 383 | - $caprivkey = array(file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"), |
|
| 383 | + $caprivkey = array(file_get_contents(ROOT."/config/ManagedSPCerts/eduroamSP-CA.key"), |
|
| 384 | 384 | \config\Master::MANAGEDSP['capass']); |
| 385 | - $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 385 | + $cacert = file_get_contents(ROOT."/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 386 | 386 | $this->setTLSSerialNumber(); |
| 387 | 387 | $clientcert = openssl_csr_sign($csr, $cacert, $caprivkey, \config\Master::MANAGEDSP['daystoexpiry'], |
| 388 | - array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 388 | + array('digest_alg'=>'sha512', 'config' => ROOT."/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 389 | 389 | openssl_x509_export($clientcert, $this->radsec_cert); |
| 390 | 390 | } |
| 391 | 391 | /** |
@@ -410,8 +410,8 @@ discard block |
||
| 410 | 410 | $conditional1 = "AND activity_time > DATE_SUB(NOW(), INTERVAL $backlog SECOND )"; |
| 411 | 411 | $conditional2 = "DESC"; |
| 412 | 412 | } |
| 413 | - $client = 'SP' . $this->identifier . '-' . $this->institution; |
|
| 414 | - $stats = $this->databaseHandle->exec("SELECT activity_time, realm, mac, cui, result, ap_id, prot, outer_user FROM activity WHERE owner = ? $conditional1 ORDER BY activity_time $conditional2", "s", $client ); |
|
| 413 | + $client = 'SP'.$this->identifier.'-'.$this->institution; |
|
| 414 | + $stats = $this->databaseHandle->exec("SELECT activity_time, realm, mac, cui, result, ap_id, prot, outer_user FROM activity WHERE owner = ? $conditional1 ORDER BY activity_time $conditional2", "s", $client); |
|
| 415 | 415 | |
| 416 | 416 | return mysqli_fetch_all($stats, \MYSQLI_ASSOC); |
| 417 | 417 | } |
@@ -529,11 +529,11 @@ discard block |
||
| 529 | 529 | $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
| 530 | 530 | $dn['rdnSequence'][2] = array(); |
| 531 | 531 | $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
| 532 | - $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 532 | + $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP'.$this->identifier."-".$this->institution; |
|
| 533 | 533 | $csr->setDN($dn); |
| 534 | - $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | - $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | - $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 534 | + $pemcakey = file_get_contents(ROOT."/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | + $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass']); |
|
| 536 | + $pemca = file_get_contents(ROOT."/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | 537 | $ca = new \phpseclib3\File\X509(); |
| 538 | 538 | $ca->loadX509($pemca); |
| 539 | 539 | $ca->setPrivateKey($cakey); |
@@ -542,7 +542,7 @@ discard block |
||
| 542 | 542 | $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
| 543 | 543 | $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
| 544 | 544 | $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
| 545 | - $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 545 | + $x509->setEndDate('+'.\config\Master::MANAGEDSP['daystoexpiry'].' days'); |
|
| 546 | 546 | $this->setTLSSerialNumber(999999999999999999); |
| 547 | 547 | $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
| 548 | 548 | $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
@@ -584,7 +584,7 @@ discard block |
||
| 584 | 584 | { |
| 585 | 585 | $customAttrib = $this->getAttributes("managedsp:operatorname"); |
| 586 | 586 | if (count($customAttrib) == 0) { |
| 587 | - return "1sp." . $this->identifier . "-" . $this->institution . \config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 587 | + return "1sp.".$this->identifier."-".$this->institution.\config\ConfAssistant::SILVERBULLET['realm_suffix']; |
|
| 588 | 588 | } |
| 589 | 589 | return $customAttrib[0]["value"]; |
| 590 | 590 | } |
@@ -599,14 +599,14 @@ discard block |
||
| 599 | 599 | private function sendToRADIUS(int $idx, $post) |
| 600 | 600 | { |
| 601 | 601 | $hostname = "radius_hostname_$idx"; |
| 602 | - $ch = curl_init("http://" . $this->$hostname . ':' . \config\Master::MANAGEDSP['radiusconfigport']); |
|
| 602 | + $ch = curl_init("http://".$this->$hostname.':'.\config\Master::MANAGEDSP['radiusconfigport']); |
|
| 603 | 603 | if ($ch === FALSE) { |
| 604 | 604 | $res = 'FAILURE'; |
| 605 | 605 | } else { |
| 606 | 606 | curl_setopt($ch, CURLOPT_USERAGENT, "CAT-ManagedSP"); |
| 607 | 607 | curl_setopt($ch, CURLOPT_POST, 1); |
| 608 | 608 | curl_setopt($ch, CURLOPT_POSTFIELDS, $post); |
| 609 | - $this->loggerInstance->debug(1, "Posting to http://" . $this->$hostname . ':' . \config\Master::MANAGEDSP['radiusconfigport'] . "/$post\n"); |
|
| 609 | + $this->loggerInstance->debug(1, "Posting to http://".$this->$hostname.':'.\config\Master::MANAGEDSP['radiusconfigport']."/$post\n"); |
|
| 610 | 610 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); |
| 611 | 611 | curl_setopt($ch, CURLOPT_HEADER, 0); |
| 612 | 612 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
@@ -645,19 +645,19 @@ discard block |
||
| 645 | 645 | } else { |
| 646 | 646 | $txt = $remove ? _('Profile deactivation failed') : _('Profile activation/modification failed'); |
| 647 | 647 | } |
| 648 | - $txt = $txt . ' '; |
|
| 648 | + $txt = $txt.' '; |
|
| 649 | 649 | if (array_count_values($response)[$status] == 2) { |
| 650 | - $txt = $txt . _('on both RADIUS servers: primary and backup') . '.'; |
|
| 650 | + $txt = $txt._('on both RADIUS servers: primary and backup').'.'; |
|
| 651 | 651 | } else { |
| 652 | 652 | if ($response['res[1]'] == $status) { |
| 653 | - $txt = $txt . _('on primary RADIUS server') . '.'; |
|
| 653 | + $txt = $txt._('on primary RADIUS server').'.'; |
|
| 654 | 654 | } else { |
| 655 | - $txt = $txt . _('on backup RADIUS server') . '.'; |
|
| 655 | + $txt = $txt._('on backup RADIUS server').'.'; |
|
| 656 | 656 | } |
| 657 | 657 | } |
| 658 | 658 | $mail = \core\common\OutsideComm::mailHandle(); |
| 659 | 659 | $email = $this->getAttributes("support:email")[0]['value']; |
| 660 | - $mail->FromName = \config\Master::APPEARANCE['productname'] . " Notification System"; |
|
| 660 | + $mail->FromName = \config\Master::APPEARANCE['productname']." Notification System"; |
|
| 661 | 661 | $mail->addAddress($email); |
| 662 | 662 | if ($status == 'OK') { |
| 663 | 663 | $mail->Subject = _('RADIUS profile update problem fixed'); |
@@ -691,7 +691,7 @@ discard block |
||
| 691 | 691 | return NULL; |
| 692 | 692 | } |
| 693 | 693 | $timeout = 10; |
| 694 | - curl_setopt($ch, CURLOPT_URL, 'http://' . $host); |
|
| 694 | + curl_setopt($ch, CURLOPT_URL, 'http://'.$host); |
|
| 695 | 695 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); |
| 696 | 696 | curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); |
| 697 | 697 | curl_exec($ch); |
@@ -783,52 +783,52 @@ discard block |
||
| 783 | 783 | { |
| 784 | 784 | $toPost = ($onlyone ? array($onlyone => '') : array(1 => '', 2 => '')); |
| 785 | 785 | if ($torevoke != '') { |
| 786 | - $toPostTemplate = 'instid=' . $this->institution . '&deploymentid=' . $this->identifier . |
|
| 786 | + $toPostTemplate = 'instid='.$this->institution.'&deploymentid='.$this->identifier. |
|
| 787 | 787 | "&torevoke=$torevoke"; |
| 788 | 788 | foreach (array_keys($toPost) as $key) { |
| 789 | 789 | $toPost[$key] = $toPostTemplate; |
| 790 | 790 | } |
| 791 | 791 | } else { |
| 792 | 792 | $remove = ($this->status == \core\AbstractDeployment::INACTIVE) ? 0 : 1; |
| 793 | - $toPostTemplate = 'instid=' . $this->institution . '&deploymentid=' . $this->identifier . |
|
| 794 | - '&secret=' . $this->secret . |
|
| 795 | - '&country=' . $this->getAttributes("internal:country")[0]['value'] . |
|
| 796 | - '&pskkey=' . $this->pskkey . '&'; |
|
| 793 | + $toPostTemplate = 'instid='.$this->institution.'&deploymentid='.$this->identifier. |
|
| 794 | + '&secret='.$this->secret. |
|
| 795 | + '&country='.$this->getAttributes("internal:country")[0]['value']. |
|
| 796 | + '&pskkey='.$this->pskkey.'&'; |
|
| 797 | 797 | if ($remove) { |
| 798 | - $toPostTemplate = $toPostTemplate . 'remove=1&'; |
|
| 798 | + $toPostTemplate = $toPostTemplate.'remove=1&'; |
|
| 799 | 799 | } else { |
| 800 | - $toPostTemplate = $toPostTemplate . 'operatorname=' . $this->getOperatorName() . '&'; |
|
| 800 | + $toPostTemplate = $toPostTemplate.'operatorname='.$this->getOperatorName().'&'; |
|
| 801 | 801 | if ($this->getAttributes("managedsp:vlan")[0]['value'] ?? NULL) { |
| 802 | 802 | $allRealms = $this->getAllRealms(); |
| 803 | 803 | if (!empty($allRealms)) { |
| 804 | - $toPostTemplate = $toPostTemplate . 'vlan=' . $this->getAttributes("managedsp:vlan")[0]['value'] . '&'; |
|
| 805 | - $toPostTemplate = $toPostTemplate . 'realmforvlan[]=' . implode('&realmforvlan[]=', $allRealms) . '&'; |
|
| 804 | + $toPostTemplate = $toPostTemplate.'vlan='.$this->getAttributes("managedsp:vlan")[0]['value'].'&'; |
|
| 805 | + $toPostTemplate = $toPostTemplate.'realmforvlan[]='.implode('&realmforvlan[]=', $allRealms).'&'; |
|
| 806 | 806 | } |
| 807 | 807 | } |
| 808 | 808 | if ($this->getAttributes("managedsp:guest_vlan")[0]['value'] ?? NULL) { |
| 809 | - $toPostTemplate = $toPostTemplate . 'guest_vlan=' . $this->getAttributes("managedsp:guest_vlan")[0]['value'] . '&'; |
|
| 809 | + $toPostTemplate = $toPostTemplate.'guest_vlan='.$this->getAttributes("managedsp:guest_vlan")[0]['value'].'&'; |
|
| 810 | 810 | } |
| 811 | 811 | } |
| 812 | 812 | foreach (array_keys($toPost) as $key) { |
| 813 | - $elem = 'port' . $key; |
|
| 814 | - $toPost[$key] = $toPostTemplate . 'port=' . $this->$elem; |
|
| 813 | + $elem = 'port'.$key; |
|
| 814 | + $toPost[$key] = $toPostTemplate.'port='.$this->$elem; |
|
| 815 | 815 | } |
| 816 | 816 | } |
| 817 | 817 | $response = array(); |
| 818 | 818 | foreach ($toPost as $key => $value) { |
| 819 | - $this->loggerInstance->debug(1, 'toPost ' . $toPost[$key] . "\n"); |
|
| 819 | + $this->loggerInstance->debug(1, 'toPost '.$toPost[$key]."\n"); |
|
| 820 | 820 | // temporarly one server $response['res[' . $key . ']'] = $this->sendToRADIUS($key, $toPost[$key]); |
| 821 | 821 | //if ($key == 2) { |
| 822 | 822 | // $response['res[2]'] = 'OK'; |
| 823 | 823 | //} else { |
| 824 | - $response['res[' . $key . ']'] = $this->sendToRADIUS($key, $toPost[$key]); |
|
| 824 | + $response['res['.$key.']'] = $this->sendToRADIUS($key, $toPost[$key]); |
|
| 825 | 825 | //} |
| 826 | 826 | } |
| 827 | 827 | if ($onlyone) { |
| 828 | - $response['res[' . ($onlyone == 1) ? 2 : 1 . ']'] = \core\AbstractDeployment::RADIUS_OK; |
|
| 828 | + $response['res['.($onlyone == 1) ? 2 : 1.']'] = \core\AbstractDeployment::RADIUS_OK; |
|
| 829 | 829 | } |
| 830 | 830 | foreach (array('OK', 'FAILURE') as $status) { |
| 831 | - if ( ( ($status == 'OK' && $notify) || ($status == 'FAILURE') ) && ( in_array($status, $response) ) ) { |
|
| 831 | + if ((($status == 'OK' && $notify) || ($status == 'FAILURE')) && (in_array($status, $response))) { |
|
| 832 | 832 | $this->sendMailtoAdmin($remove, $response, $status); |
| 833 | 833 | } |
| 834 | 834 | } |
@@ -35,10 +35,10 @@ discard block |
||
| 35 | 35 | public function __construct() |
| 36 | 36 | { |
| 37 | 37 | |
| 38 | - if ( \config\ConfAssistant::eduPKI['testing'] === true ) { |
|
| 39 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 38 | + if (\config\ConfAssistant::eduPKI['testing'] === true) { |
|
| 39 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem"; |
|
| 40 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey"; |
|
| 41 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 42 | 42 | $this->eduPkiRaId = 700; |
| 43 | 43 | $this->eduPkiCertProfileBoth = "Radius Server SOAP"; |
| 44 | 44 | $this->eduPkiCertProfileIdp = "Radius Server SOAP"; |
@@ -47,9 +47,9 @@ discard block |
||
| 47 | 47 | $this->eduPkiEndpointPublic = "https://pki.edupki.org/edupki-test-ca/cgi-bin/pub/soap?wsdl=1"; |
| 48 | 48 | $this->eduPkiEndpointRa = "https://ra.edupki.org/edupki-test-ca/cgi-bin/ra/soap?wsdl=1"; |
| 49 | 49 | } else { |
| 50 | - $this->locationRaCert = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | - $this->locationRaKey = ROOT . "/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | - $this->locationWebRoot = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 50 | + $this->locationRaCert = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.pem"; |
|
| 51 | + $this->locationRaKey = ROOT."/config/SilverbulletClientCerts/edupki-prod-ra.clearkey"; |
|
| 52 | + $this->locationWebRoot = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem"; |
|
| 53 | 53 | $this->eduPkiRaId = 100; |
| 54 | 54 | $this->eduPkiCertProfileBoth = "eduroam IdP and SP"; |
| 55 | 55 | $this->eduPkiCertProfileIdp = "eduroam IdP"; |
@@ -63,13 +63,13 @@ discard block |
||
| 63 | 63 | parent::__construct(); |
| 64 | 64 | |
| 65 | 65 | if (stat($this->locationRaCert) === FALSE) { |
| 66 | - throw new Exception("RA operator PEM file not found: " . $this->locationRaCert); |
|
| 66 | + throw new Exception("RA operator PEM file not found: ".$this->locationRaCert); |
|
| 67 | 67 | } |
| 68 | 68 | if (stat($this->locationRaKey) === FALSE) { |
| 69 | - throw new Exception("RA operator private key file not found: " . $this->locationRaKey); |
|
| 69 | + throw new Exception("RA operator private key file not found: ".$this->locationRaKey); |
|
| 70 | 70 | } |
| 71 | 71 | if (stat($this->locationWebRoot) === FALSE) { |
| 72 | - throw new Exception("CA website root CA file not found: " . $this->locationWebRoot); |
|
| 72 | + throw new Exception("CA website root CA file not found: ".$this->locationWebRoot); |
|
| 73 | 73 | } |
| 74 | 74 | } |
| 75 | 75 | |
@@ -136,26 +136,26 @@ discard block |
||
| 136 | 136 | throw new Exception("Unexpected policies requested."); |
| 137 | 137 | } |
| 138 | 138 | $altArray = [# Array mit den Subject Alternative Names |
| 139 | - "email:" . $csr["USERMAIL"] |
|
| 139 | + "email:".$csr["USERMAIL"] |
|
| 140 | 140 | ]; |
| 141 | 141 | foreach ($csr["ALTNAMES"] as $oneAltName) { |
| 142 | 142 | if (!empty($oneAltName) && preg_match('/(?=^.{1,254}$)(^(?:(?!\d|-)[a-z0-9\-]{1,63}(?<!-)\.)+(?:[a-z]{2,})$)/i', $oneAltName) > 0) { |
| 143 | - $altArray[] = "DNS:" . $oneAltName; |
|
| 143 | + $altArray[] = "DNS:".$oneAltName; |
|
| 144 | 144 | } else { |
| 145 | - $altArray[] = "IP:" . $oneAltName; |
|
| 145 | + $altArray[] = "IP:".$oneAltName; |
|
| 146 | 146 | } |
| 147 | 147 | } |
| 148 | 148 | $soapPub = $this->initEduPKISoapSession("PUBLIC"); |
| 149 | 149 | $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n"); |
| 150 | - $this->loggerInstance->debug(5, "PARAM_1: " . $this->eduPkiRaId . "\n"); |
|
| 151 | - $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n"); |
|
| 150 | + $this->loggerInstance->debug(5, "PARAM_1: ".$this->eduPkiRaId."\n"); |
|
| 151 | + $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n"); |
|
| 152 | 152 | $this->loggerInstance->debug(5, "PARAM_3: "); |
| 153 | 153 | $this->loggerInstance->debug(5, $altArray); |
| 154 | - $this->loggerInstance->debug(5, "PARAM_4: " . $profile . "\n"); |
|
| 155 | - $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n"); |
|
| 156 | - $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n"); |
|
| 157 | - $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n"); |
|
| 158 | - $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n"); |
|
| 154 | + $this->loggerInstance->debug(5, "PARAM_4: ".$profile."\n"); |
|
| 155 | + $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n"); |
|
| 156 | + $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n"); |
|
| 157 | + $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n"); |
|
| 158 | + $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n"); |
|
| 159 | 159 | $this->loggerInstance->debug(5, "PARAM_9: false\n"); |
| 160 | 160 | |
| 161 | 161 | $soapNewRequest = $soapPub->newRequest( |
@@ -185,7 +185,7 @@ discard block |
||
| 185 | 185 | #}\n"); |
| 186 | 186 | return 0; |
| 187 | 187 | } |
| 188 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 188 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 189 | 189 | } |
| 190 | 190 | try { |
| 191 | 191 | $soap = $this->initEduPKISoapSession("RA"); |
@@ -217,7 +217,7 @@ discard block |
||
| 217 | 217 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 218 | 218 | // rather than just using the string. Grr. |
| 219 | 219 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 220 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext); |
|
| 220 | + file_put_contents($tempdir['dir']."/content.txt", $soapCleartext); |
|
| 221 | 221 | // retrieve our RA cert from filesystem |
| 222 | 222 | // the RA certificates are not needed right now because we |
| 223 | 223 | // have resorted to S/MIME signatures with openssl command-line |
@@ -229,7 +229,7 @@ discard block |
||
| 229 | 229 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 230 | 230 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 231 | 231 | $this->loggerInstance->debug(2, "Actual content to be signed is this:\n $soapCleartext\n"); |
| 232 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 232 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 233 | 233 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 234 | 234 | $output = []; |
| 235 | 235 | $return = 999; |
@@ -238,21 +238,21 @@ discard block |
||
| 238 | 238 | throw new Exception("Non-zero return value from openssl smime!"); |
| 239 | 239 | } |
| 240 | 240 | // and get the signature blob back from the filesystem |
| 241 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 241 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 242 | 242 | $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n"); |
| 243 | - $this->loggerInstance->debug(5, $soapReqnum . "\n"); |
|
| 244 | - $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending! |
|
| 245 | - $this->loggerInstance->debug(5, $detachedSig . "\n"); |
|
| 243 | + $this->loggerInstance->debug(5, $soapReqnum."\n"); |
|
| 244 | + $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending! |
|
| 245 | + $this->loggerInstance->debug(5, $detachedSig."\n"); |
|
| 246 | 246 | $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig); |
| 247 | - $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest()); |
|
| 248 | - $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse()); |
|
| 247 | + $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest()); |
|
| 248 | + $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse()); |
|
| 249 | 249 | if ($soapIssueCert === FALSE) { |
| 250 | 250 | throw new Exception("The locally approved request was NOT processed by the CA."); |
| 251 | 251 | } |
| 252 | 252 | } catch (SoapFault $e) { |
| 253 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 253 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 254 | 254 | } catch (Exception $e) { |
| 255 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 255 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 256 | 256 | } |
| 257 | 257 | return $soapReqnum; |
| 258 | 258 | } |
@@ -304,9 +304,9 @@ discard block |
||
| 304 | 304 | throw new Exception("CAInfo has no root certificate for us!"); |
| 305 | 305 | } |
| 306 | 306 | } catch (SoapFault $e) { |
| 307 | - throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 307 | + throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n"); |
|
| 308 | 308 | } catch (Exception $e) { |
| 309 | - throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage()); |
|
| 309 | + throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage()); |
|
| 310 | 310 | } |
| 311 | 311 | return [ |
| 312 | 312 | "CERT" => openssl_x509_read($parsedCert['pem']), |
@@ -339,12 +339,12 @@ discard block |
||
| 339 | 339 | // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file |
| 340 | 340 | // rather than just using the string. Grr. |
| 341 | 341 | $tempdir = \core\common\Entity::createTemporaryDirectory("test"); |
| 342 | - file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest); |
|
| 342 | + file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest); |
|
| 343 | 343 | // retrieve our RA cert from filesystem |
| 344 | 344 | // sign the data, using cmdline because openssl_pkcs7_sign produces strange results |
| 345 | 345 | // -binary didn't help, nor switch -md to sha1 sha256 or sha512 |
| 346 | 346 | $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n"); |
| 347 | - $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . $this->locationRaKey . " -signer " . $this->locationRaCert; |
|
| 347 | + $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".$this->locationRaKey." -signer ".$this->locationRaCert; |
|
| 348 | 348 | $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n"); |
| 349 | 349 | $output = []; |
| 350 | 350 | $return = 999; |
@@ -353,7 +353,7 @@ discard block |
||
| 353 | 353 | throw new Exception("Non-zero return value from openssl smime!"); |
| 354 | 354 | } |
| 355 | 355 | // and get the signature blob back from the filesystem |
| 356 | - $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt")); |
|
| 356 | + $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt")); |
|
| 357 | 357 | $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig); |
| 358 | 358 | if ($soapIssueRev === FALSE) { |
| 359 | 359 | throw new Exception("The locally approved revocation request was NOT processed by the CA."); |
@@ -361,9 +361,9 @@ discard block |
||
| 361 | 361 | } catch (Exception $e) { |
| 362 | 362 | // PHP 7.1 can do this much better |
| 363 | 363 | if (is_soap_fault($e)) { |
| 364 | - throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n"); |
|
| 364 | + throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n"); |
|
| 365 | 365 | } |
| 366 | - throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage()); |
|
| 366 | + throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage()); |
|
| 367 | 367 | } |
| 368 | 368 | } |
| 369 | 369 | |
@@ -465,9 +465,9 @@ discard block |
||
| 465 | 465 | */ |
| 466 | 466 | public function soapToXmlInteger($x) |
| 467 | 467 | { |
| 468 | - return '<' . $x[0] . '>' |
|
| 468 | + return '<'.$x[0].'>' |
|
| 469 | 469 | . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1) |
| 470 | - . '</' . $x[0] . '>'; |
|
| 470 | + . '</'.$x[0].'>'; |
|
| 471 | 471 | } |
| 472 | 472 | |
| 473 | 473 | /** |
@@ -486,9 +486,9 @@ discard block |
||
| 486 | 486 | // dump private key into directory |
| 487 | 487 | $outstring = ""; |
| 488 | 488 | openssl_pkey_export($privateKey, $outstring); |
| 489 | - file_put_contents($tempdir . "/pkey.pem", $outstring); |
|
| 489 | + file_put_contents($tempdir."/pkey.pem", $outstring); |
|
| 490 | 490 | // PHP can only do one DC in the Subject. But we need three. |
| 491 | - $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 491 | + $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username"; |
|
| 492 | 492 | $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n"); |
| 493 | 493 | $output = []; |
| 494 | 494 | $return = 999; |
@@ -142,7 +142,7 @@ discard block |
||
| 142 | 142 | return $this->counter; |
| 143 | 143 | } |
| 144 | 144 | |
| 145 | - $cachedNumber = @file_get_contents(ROOT . "/var/tmp/cachedSPNumber.serialised"); |
|
| 145 | + $cachedNumber = @file_get_contents(ROOT."/var/tmp/cachedSPNumber.serialised"); |
|
| 146 | 146 | if ($cachedNumber !== FALSE) { |
| 147 | 147 | $numberData = unserialize($cachedNumber); |
| 148 | 148 | $now = new \DateTime(); |
@@ -155,7 +155,7 @@ discard block |
||
| 155 | 155 | } else { // data in cache is too old or doesn't exist. We really need to ask the database |
| 156 | 156 | $list = $this->listAllServiceProviders(); |
| 157 | 157 | $this->counter = count($list); |
| 158 | - file_put_contents(ROOT . "/var/tmp/cachedSPNumber.serialised", serialize(["number" => $this->counter, "timestamp" => new \DateTime()])); |
|
| 158 | + file_put_contents(ROOT."/var/tmp/cachedSPNumber.serialised", serialize(["number" => $this->counter, "timestamp" => new \DateTime()])); |
|
| 159 | 159 | return $this->counter; |
| 160 | 160 | } |
| 161 | 161 | } |
@@ -246,7 +246,7 @@ discard block |
||
| 246 | 246 | $returnarray = []; |
| 247 | 247 | $query = "SELECT instid AS id, country, inst_realm as realmlist, name AS collapsed_name, contact AS collapsed_contact, type FROM view_active_institution WHERE country = ?"; |
| 248 | 248 | if ($eduroamDbType !== NULL) { |
| 249 | - $query .= " AND ( type = '" . ExternalEduroamDBData::TYPE_IDPSP . "' OR type = '" . $eduroamDbType . "')"; |
|
| 249 | + $query .= " AND ( type = '".ExternalEduroamDBData::TYPE_IDPSP."' OR type = '".$eduroamDbType."')"; |
|
| 250 | 250 | } |
| 251 | 251 | $externals = $this->db->exec($query, "s", $tld); |
| 252 | 252 | // was a SELECT query, so a resource and not a boolean |
@@ -305,7 +305,7 @@ discard block |
||
| 305 | 305 | * @return array |
| 306 | 306 | */ |
| 307 | 307 | |
| 308 | - public function listExternalEntitiesByUserEmail($userEmail){ |
|
| 308 | + public function listExternalEntitiesByUserEmail($userEmail) { |
|
| 309 | 309 | $out = []; |
| 310 | 310 | $cat = $this->localDb->dbName; |
| 311 | 311 | $query = "SELECT DISTINCT view_institution_admins.instid, $cat.institution.inst_id, |
@@ -320,10 +320,10 @@ discard block |
||
| 320 | 320 | WHERE view_active_institution.type != 2 AND view_institution_admins.email= ?"; |
| 321 | 321 | $externals = $this->db->exec($query, 's', $userEmail); |
| 322 | 322 | while ($row = $externals->fetch_array()) { |
| 323 | - $external_db_id = $row[0]; // identifier in eduroam DB |
|
| 323 | + $external_db_id = $row[0]; // identifier in eduroam DB |
|
| 324 | 324 | $inst_id = $row[1]; // identifier in CAT - possibly NULL |
| 325 | 325 | $country = $row[2]; // country |
| 326 | - $name = $row[3]; // institution name from eduroam DB |
|
| 326 | + $name = $row[3]; // institution name from eduroam DB |
|
| 327 | 327 | $realm = $row[4]; // realms from eduroam DB |
| 328 | 328 | $type = $row[5]; // institution type from eduroam DB |
| 329 | 329 | if (!isset($out[$country])) { |
@@ -404,19 +404,19 @@ discard block |
||
| 404 | 404 | * |
| 405 | 405 | * @return array |
| 406 | 406 | */ |
| 407 | - public function listExternalTlsServersInstitution($tld, $include_not_ready=FALSE) { |
|
| 407 | + public function listExternalTlsServersInstitution($tld, $include_not_ready = FALSE) { |
|
| 408 | 408 | $retval = []; |
| 409 | 409 | // this includes servers of type "staging", which is fine |
| 410 | 410 | $query = "SELECT ROid, instid, type, inst_name, servers, contacts, ts FROM view_tls_inst WHERE country = ?"; |
| 411 | 411 | if (!$include_not_ready) { |
| 412 | - $query = $query . " AND servers IS NOT NULL AND contacts IS NOT NULL"; |
|
| 412 | + $query = $query." AND servers IS NOT NULL AND contacts IS NOT NULL"; |
|
| 413 | 413 | } |
| 414 | 414 | $instServerTransaction = $this->db->exec($query, "s", $tld); |
| 415 | 415 | while ($instServerResponses = mysqli_fetch_object(/** @scrutinizer ignore-type */ $instServerTransaction)) { |
| 416 | 416 | $contactList = $this::dissectCollapsedContacts($instServerResponses->contacts); |
| 417 | 417 | $names = $this->splitNames($instServerResponses->inst_name); |
| 418 | 418 | $thelanguage = $names[$this->languageInstance->getLang()] ?? $names["en"] ?? array_shift($names); |
| 419 | - $retval[$instServerResponses->ROid . "-". $instServerResponses->instid] = [ |
|
| 419 | + $retval[$instServerResponses->ROid."-".$instServerResponses->instid] = [ |
|
| 420 | 420 | "names" => $names, |
| 421 | 421 | "name" => $thelanguage, |
| 422 | 422 | "type" => array_search($instServerResponses->type, self::TYPE_MAPPING), |
