Inspection of "remove extra arg" - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

Test Setup Failed

Push — release_2_0 ( 420bf6...df098d )

by Stefan

created 2021-03-03 12:07 UTC

Status

Spacing +55 added lines, -55 removed lines patch added patch discarded remove patch

@@ -35,7 +35,7 @@  discard block
 block discarded – undo
 
 use \Exception;
 
-require_once dirname(dirname(__DIR__)) . "/config/_config.php";
+require_once dirname(dirname(__DIR__))."/config/_config.php";
 
 /**
  * Test suite to verify that an EAP setup is actually working as advertised in
@@ -168,7 +168,7 @@  discard block
 block discarded – undo
             }
         }
 
-        $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true));
+        $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true));
         $this->loggerInstance->debug(4, print_r($expectedServerNames, true));
         $this->loggerInstance->debug(4, print_r($expectedCABundle, true));
 
@@ -258,7 +258,7 @@  discard block
 block discarded – undo
                 $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME;
                 continue; // otherwise we'd ALSO complain that it's not a real hostname
             }
-            if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
+            if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
                 $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME;
             }
         }
@@ -284,7 +284,7 @@  discard block
 block discarded – undo
         if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) {
             $returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE;
         }
-        $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE));
+        $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE));
         if ($intermediateCa['basicconstraints_set'] == 0) {
             $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS;
         }
@@ -333,7 +333,7 @@  discard block
 block discarded – undo
     {
         // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy
         // the following PEM data is one of the SENSE EAPLab client certs (not secret at all)
-        $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12");
+        $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12");
         if ($clientcert === FALSE) {
             throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!");
         }
@@ -342,7 +342,7 @@  discard block
 block discarded – undo
         if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) {
             return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert);
         }
-        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
+        return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
     }
 
     /**
@@ -363,7 +363,7 @@  discard block
 block discarded – undo
             return RADIUSTests::CERTPROB_NO_CDP_HTTP;
         }
         // first and second sub-match is the full URL... check it
-        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]));
+        $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]));
         if ($crlcontent === FALSE) {
             return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
         }
@@ -377,7 +377,7 @@  discard block
 block discarded – undo
 
         // $pem = chunk_split(base64_encode($crlcontent), 64, "\n");
         // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php
-        $proc = CONFIG['PATHS']['openssl'] . " crl -inform der";
+        $proc = CONFIG['PATHS']['openssl']." crl -inform der";
         $descriptorspec = [
             0 => ["pipe", "r"],
             1 => ["pipe", "w"],
@@ -416,7 +416,7 @@  discard block
 block discarded – undo
         $origLength = strlen($hex);
         for ($i = 1; $i < $origLength; $i++) {
             if ($i % 2 == 1 && $i != strlen($hex)) {
-                $spaced .= $hex[$i] . " ";
+                $spaced .= $hex[$i]." ";
             } else {
                 $spaced .= $hex[$i];
             }
@@ -543,19 +543,19 @@  discard block
 block discarded – undo
         $eapText = \core\common\EAP::eapDisplayName($eaptype);
         $config = '
 network={
-  ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing"
+  ssid="' . CONFIG['APPEARANCE']['productname'].' testing"
   key_mgmt=WPA-EAP
   proto=WPA2
   pairwise=CCMP
   group=CCMP
   ';
 // phase 1
-        $config .= 'eap=' . $eapText['OUTER'] . "\n";
+        $config .= 'eap='.$eapText['OUTER']."\n";
         $logConfig = $config;
 // phase 2 if applicable; all inner methods have passwords
         if (isset($eapText['INNER']) && $eapText['INNER'] != "") {
-            $config .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
-            $logConfig .= '  phase2="auth=' . $eapText['INNER'] . "\"\n";
+            $config .= '  phase2="auth='.$eapText['INNER']."\"\n";
+            $logConfig .= '  phase2="auth='.$eapText['INNER']."\"\n";
         }
 // all methods set a password, except EAP-TLS
         if ($eaptype != \core\common\EAP::EAPTYPE_TLS) {
@@ -571,11 +571,11 @@  discard block
 block discarded – undo
         }
 
 // inner identity
-        $config .= '  identity="' . $inner . "\"\n";
-        $logConfig .= '  identity="' . $inner . "\"\n";
+        $config .= '  identity="'.$inner."\"\n";
+        $logConfig .= '  identity="'.$inner."\"\n";
 // outer identity, may be equal
-        $config .= '  anonymous_identity="' . $outer . "\"\n";
-        $logConfig .= '  anonymous_identity="' . $outer . "\"\n";
+        $config .= '  anonymous_identity="'.$outer."\"\n";
+        $logConfig .= '  anonymous_identity="'.$outer."\"\n";
 // done
         $config .= "}";
         $logConfig .= "}";
@@ -638,13 +638,13 @@  discard block
 block discarded – undo
      */
     private function eapolTestConfig($probeindex, $opName, $frag)
     {
-        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] .
-                " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] .
-                " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] .
-                " -o serverchain.pem" .
-                " -c ./udp_login_test.conf" .
-                " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " .
-                " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " ";
+        $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'].
+                " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'].
+                " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'].
+                " -o serverchain.pem".
+                " -c ./udp_login_test.conf".
+                " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ".
+                " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." ";
         if ($opName) {
             $cmdline .= '-N126:s:"1cat.eduroam.org" ';
         }
@@ -674,10 +674,10 @@  discard block
 block discarded – undo
      */
     private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs)
     {
-        if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) {
+        if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) {
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n");
         }
-        if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) {
+        if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) {
             throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n");
         }
 // make a copy of the EAP-received chain and add the configured intermediates, if any
@@ -691,15 +691,15 @@  discard block
 block discarded – undo
             }
             if ($decoded['ca'] == 1) {
                 if ($decoded['root'] == 1) { // save CAT roots to the root directory
-                    file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
-                    file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']);
                     $catRoots[] = $decoded['pem'];
                 } else { // save the intermediates to allcerts directory
-                    file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']);
+                    file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']);
                     $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded));
                     if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) {
                         $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
-                        file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]);
+                        file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]);
                     }
                     $catIntermediates[] = $decoded['pem'];
                 }
@@ -708,26 +708,26 @@  discard block
 block discarded – undo
         // save all intermediate certificates and CRLs to separate files in 
         // both root-ca directories
         foreach ($eapIntermediates as $index => $onePem) {
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem);
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem);
         }
         foreach ($eapIntermediateCRLs as $index => $onePem) {
-            file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
-            file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
+            file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
         }
 
         $checkstring = "";
         if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) {
             $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
             $checkstring = "-crl_check_all";
-            file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
-            file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
+            file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
+            file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
         }
 
 
 // now c_rehash the root CA directory ...
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null");
-        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null");
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null");
+        system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null");
         return $checkstring;
     }
 
@@ -760,12 +760,12 @@  discard block
 block discarded – undo
 // so test if there's something PEMy in the file at all
 // serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert.
         if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) {
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
-            $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n");
-            exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
-            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
-            $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n");
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
+            $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n");
+            exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
+            $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
+            $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n");
         }
 
 
@@ -832,7 +832,7 @@  discard block
 block discarded – undo
         // we are UNHAPPY if no names match!
         $happiness = "UNHAPPY";
         foreach ($this->expectedServerNames as $expectedName) {
-            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE));
+            $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE));
             if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) {
                 $this->loggerInstance->debug(4, "Totally happy!");
                 $happiness = "TOTALLY";
@@ -877,11 +877,11 @@  discard block
 block discarded – undo
         $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password);
         // the config intentionally does not include CA checking. We do this
         // ourselves after getting the chain with -o.
-        file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]);
+        file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]);
 
         $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag);
         $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n");
-        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n");
+        $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n");
         $time_start = microtime(true);
         $pflow = [];
         exec($cmdline, $pflow);
@@ -890,7 +890,7 @@  discard block
 block discarded – undo
         }
         $time_stop = microtime(true);
         $output = print_r($this->redact($password, $pflow), TRUE);
-        file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output);
+        file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output);
         $this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n");
         return [
             "time" => ($time_stop - $time_start) * 1000,
@@ -927,7 +927,7 @@  discard block
 block discarded – undo
         if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) {
             array_pop($packetflow);
         }
-        $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE));
+        $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE));
         $packetcount = array_count_values($packetflow);
         $testresults['packetcount'] = $packetcount;
         $testresults['packetflow'] = $packetflow;
@@ -969,7 +969,7 @@  discard block
 block discarded – undo
     private function wasModernTlsNegotiated(&$testresults, $packetflow_orig)
     {
         $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION);
-        $this->loggerInstance->debug(4,"TLS version found is: $negotiatedTlsVersion"."\n");
+        $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n");
         if ($negotiatedTlsVersion === FALSE) {
             $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION;
         } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) {
@@ -1029,7 +1029,7 @@  discard block
 block discarded – undo
 
         $x509 = new \core\common\X509();
 // $eap_certarray holds all certs received in EAP conversation
-        $incomingData = file_get_contents($tmpDir . "/serverchain.pem");
+        $incomingData = file_get_contents($tmpDir."/serverchain.pem");
         if ($incomingData !== FALSE && strlen($incomingData) > 0) {
             $eapCertArray = $x509->splitCertificate($incomingData);
         } else {
@@ -1059,10 +1059,10 @@  discard block
 block discarded – undo
                 case RADIUSTests::SERVER_CA_SELFSIGNED:
                     $servercert[] = $cert;
                     if (count($servercert) == 1) {
-                        if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) {
+                        if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) {
                             $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n");
                         }
-                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true));
+                        $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true));
                     } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) {
                         $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS;
                     }
@@ -1143,7 +1143,7 @@  discard block
 block discarded – undo
         chdir($tmpDir);
         $this->loggerInstance->debug(4, "temp dir: $tmpDir\n");
         if ($clientcertdata !== NULL) {
-            file_put_contents($tmpDir . "/client.p12", $clientcertdata);
+            file_put_contents($tmpDir."/client.p12", $clientcertdata);
         }
         $testresults = [];
         // initialise the sub-array for cleaner parsing
@@ -1250,7 +1250,7 @@  discard block
 block discarded – undo
                     'issuer' => $this->printDN($certdata['issuer']),
                     'validFrom' => $this->printTm($certdata['validFrom_time_t']),
                     'validTo' => $this->printTm($certdata['validTo_time_t']),
-                    'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']),
+                    'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']),
                     'sha1' => $certdata['sha1'],
                     'extensions' => $certdata['extensions']
                 ];

Please login to merge, or discard this patch.

		@@ -35,7 +35,7 @@ discard block
		block discarded – undo
35	35
36	36	use \Exception;
37	37
38		-require_once dirname(dirname(__DIR__)) . "/config/_config.php";
	38	+require_once dirname(dirname(__DIR__))."/config/_config.php";
39	39
40	40	/**
41	41	* Test suite to verify that an EAP setup is actually working as advertised in
		@@ -168,7 +168,7 @@ discard block
		block discarded – undo
168	168	}
169	169	}
170	170
171		- $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true));
	171	+ $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true));
172	172	$this->loggerInstance->debug(4, print_r($expectedServerNames, true));
173	173	$this->loggerInstance->debug(4, print_r($expectedCABundle, true));
174	174
		@@ -258,7 +258,7 @@ discard block
		block discarded – undo
258	258	$returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME;
259	259	continue; // otherwise we'd ALSO complain that it's not a real hostname
260	260	}
261		- if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
	261	+ if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) {
262	262	$returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME;
263	263	}
264	264	}
		@@ -284,7 +284,7 @@ discard block
		block discarded – undo
284	284	if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) {
285	285	$returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE;
286	286	}
287		- $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE));
	287	+ $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE));
288	288	if ($intermediateCa['basicconstraints_set'] == 0) {
289	289	$returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS;
290	290	}
		@@ -333,7 +333,7 @@ discard block
		block discarded – undo
333	333	{
334	334	// for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy
335	335	// the following PEM data is one of the SENSE EAPLab client certs (not secret at all)
336		- $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12");
	336	+ $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12");
337	337	if ($clientcert === FALSE) {
338	338	throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!");
339	339	}
		@@ -342,7 +342,7 @@ discard block
		block discarded – undo
342	342	if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) {
343	343	return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert);
344	344	}
345		- return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
	345	+ return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert);
346	346	}
347	347
348	348	/**
		@@ -363,7 +363,7 @@ discard block
		block discarded – undo
363	363	return RADIUSTests::CERTPROB_NO_CDP_HTTP;
364	364	}
365	365	// first and second sub-match is the full URL... check it
366		- $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2]));
	366	+ $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2]));
367	367	if ($crlcontent === FALSE) {
368	368	return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL;
369	369	}
		@@ -377,7 +377,7 @@ discard block
		block discarded – undo
377	377
378	378	// $pem = chunk_split(base64_encode($crlcontent), 64, "\n");
379	379	// inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php
380		- $proc = CONFIG['PATHS']['openssl'] . " crl -inform der";
	380	+ $proc = CONFIG['PATHS']['openssl']." crl -inform der";
381	381	$descriptorspec = [
382	382	0 => ["pipe", "r"],
383	383	1 => ["pipe", "w"],
		@@ -416,7 +416,7 @@ discard block
		block discarded – undo
416	416	$origLength = strlen($hex);
417	417	for ($i = 1; $i < $origLength; $i++) {
418	418	if ($i % 2 == 1 && $i != strlen($hex)) {
419		- $spaced .= $hex[$i] . " ";
	419	+ $spaced .= $hex[$i]." ";
420	420	} else {
421	421	$spaced .= $hex[$i];
422	422	}
		@@ -543,19 +543,19 @@ discard block
		block discarded – undo
543	543	$eapText = \core\common\EAP::eapDisplayName($eaptype);
544	544	$config = '
545	545	network={
546		- ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing"
	546	+ ssid="' . CONFIG['APPEARANCE']['productname'].' testing"
547	547	key_mgmt=WPA-EAP
548	548	proto=WPA2
549	549	pairwise=CCMP
550	550	group=CCMP
551	551	';
552	552	// phase 1
553		- $config .= 'eap=' . $eapText['OUTER'] . "\n";
	553	+ $config .= 'eap='.$eapText['OUTER']."\n";
554	554	$logConfig = $config;
555	555	// phase 2 if applicable; all inner methods have passwords
556	556	if (isset($eapText['INNER']) && $eapText['INNER'] != "") {
557		- $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n";
558		- $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n";
	557	+ $config .= ' phase2="auth='.$eapText['INNER']."\"\n";
	558	+ $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n";
559	559	}
560	560	// all methods set a password, except EAP-TLS
561	561	if ($eaptype != \core\common\EAP::EAPTYPE_TLS) {
		@@ -571,11 +571,11 @@ discard block
		block discarded – undo
571	571	}
572	572
573	573	// inner identity
574		- $config .= ' identity="' . $inner . "\"\n";
575		- $logConfig .= ' identity="' . $inner . "\"\n";
	574	+ $config .= ' identity="'.$inner."\"\n";
	575	+ $logConfig .= ' identity="'.$inner."\"\n";
576	576	// outer identity, may be equal
577		- $config .= ' anonymous_identity="' . $outer . "\"\n";
578		- $logConfig .= ' anonymous_identity="' . $outer . "\"\n";
	577	+ $config .= ' anonymous_identity="'.$outer."\"\n";
	578	+ $logConfig .= ' anonymous_identity="'.$outer."\"\n";
579	579	// done
580	580	$config .= "}";
581	581	$logConfig .= "}";
		@@ -638,13 +638,13 @@ discard block
		block discarded – undo
638	638	*/
639	639	private function eapolTestConfig($probeindex, $opName, $frag)
640	640	{
641		- $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] .
642		- " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] .
643		- " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] .
644		- " -o serverchain.pem" .
645		- " -c ./udp_login_test.conf" .
646		- " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " .
647		- " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " ";
	641	+ $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'].
	642	+ " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'].
	643	+ " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'].
	644	+ " -o serverchain.pem".
	645	+ " -c ./udp_login_test.conf".
	646	+ " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ".
	647	+ " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." ";
648	648	if ($opName) {
649	649	$cmdline .= '-N126:s:"1cat.eduroam.org" ';
650	650	}
		@@ -674,10 +674,10 @@ discard block
		block discarded – undo
674	674	*/
675	675	private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs)
676	676	{
677		- if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) {
	677	+ if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) {
678	678	throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n");
679	679	}
680		- if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) {
	680	+ if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) {
681	681	throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n");
682	682	}
683	683	// make a copy of the EAP-received chain and add the configured intermediates, if any
		@@ -691,15 +691,15 @@ discard block
		block discarded – undo
691	691	}
692	692	if ($decoded['ca'] == 1) {
693	693	if ($decoded['root'] == 1) { // save CAT roots to the root directory
694		- file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
695		- file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']);
	694	+ file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']);
	695	+ file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']);
696	696	$catRoots[] = $decoded['pem'];
697	697	} else { // save the intermediates to allcerts directory
698		- file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']);
	698	+ file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']);
699	699	$intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded));
700	700	if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) {
701	701	$this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
702		- file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]);
	702	+ file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]);
703	703	}
704	704	$catIntermediates[] = $decoded['pem'];
705	705	}
		@@ -708,26 +708,26 @@ discard block
		block discarded – undo
708	708	// save all intermediate certificates and CRLs to separate files in
709	709	// both root-ca directories
710	710	foreach ($eapIntermediates as $index => $onePem) {
711		- file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem);
712		- file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem);
	711	+ file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem);
	712	+ file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem);
713	713	}
714	714	foreach ($eapIntermediateCRLs as $index => $onePem) {
715		- file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
716		- file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
	715	+ file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem);
	716	+ file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem);
717	717	}
718	718
719	719	$checkstring = "";
720	720	if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) {
721	721	$this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain");
722	722	$checkstring = "-crl_check_all";
723		- file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
724		- file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
	723	+ file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]);
	724	+ file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]);
725	725	}
726	726
727	727
728	728	// now c_rehash the root CA directory ...
729		- system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null");
730		- system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null");
	729	+ system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null");
	730	+ system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null");
731	731	return $checkstring;
732	732	}
733	733
		@@ -760,12 +760,12 @@ discard block
		block discarded – undo
760	760	// so test if there's something PEMy in the file at all
761	761	// serverchain.pem is the output from eapol_test; incomingserver.pem is written by extractIncomingCertsfromEAP() if there was at least one server cert.
762	762	if (filesize("$tmpDir/serverchain.pem") > 10 && filesize("$tmpDir/incomingserver.pem") > 10) {
763		- exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
764		- $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
765		- $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n");
766		- exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
767		- $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
768		- $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n");
	763	+ exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly);
	764	+ $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n");
	765	+ $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n");
	766	+ exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts);
	767	+ $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n");
	768	+ $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n");
769	769	}
770	770
771	771
		@@ -832,7 +832,7 @@ discard block
		block discarded – undo
832	832	// we are UNHAPPY if no names match!
833	833	$happiness = "UNHAPPY";
834	834	foreach ($this->expectedServerNames as $expectedName) {
835		- $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE));
	835	+ $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE));
836	836	if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) {
837	837	$this->loggerInstance->debug(4, "Totally happy!");
838	838	$happiness = "TOTALLY";
		@@ -877,11 +877,11 @@ discard block
		block discarded – undo
877	877	$theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password);
878	878	// the config intentionally does not include CA checking. We do this
879	879	// ourselves after getting the chain with -o.
880		- file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]);
	880	+ file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]);
881	881
882	882	$cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag);
883	883	$this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n");
884		- $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n");
	884	+ $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n");
885	885	$time_start = microtime(true);
886	886	$pflow = [];
887	887	exec($cmdline, $pflow);
		@@ -890,7 +890,7 @@ discard block
		block discarded – undo
890	890	}
891	891	$time_stop = microtime(true);
892	892	$output = print_r($this->redact($password, $pflow), TRUE);
893		- file_put_contents($tmpDir . "/eapol_test_output_redacted_$probeindex.txt", $output);
	893	+ file_put_contents($tmpDir."/eapol_test_output_redacted_$probeindex.txt", $output);
894	894	$this->loggerInstance->debug(5, "eapol_test output saved to eapol_test_output_redacted_$probeindex.txt\n");
895	895	return [
896	896	"time" => ($time_stop - $time_start) * 1000,
		@@ -927,7 +927,7 @@ discard block
		block discarded – undo
927	927	if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) {
928	928	array_pop($packetflow);
929	929	}
930		- $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE));
	930	+ $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE));
931	931	$packetcount = array_count_values($packetflow);
932	932	$testresults['packetcount'] = $packetcount;
933	933	$testresults['packetflow'] = $packetflow;
		@@ -969,7 +969,7 @@ discard block
		block discarded – undo
969	969	private function wasModernTlsNegotiated(&$testresults, $packetflow_orig)
970	970	{
971	971	$negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION);
972		- $this->loggerInstance->debug(4,"TLS version found is: $negotiatedTlsVersion"."\n");
	972	+ $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n");
973	973	if ($negotiatedTlsVersion === FALSE) {
974	974	$testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION;
975	975	} elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) {
		@@ -1029,7 +1029,7 @@ discard block
		block discarded – undo
1029	1029
1030	1030	$x509 = new \core\common\X509();
1031	1031	// $eap_certarray holds all certs received in EAP conversation
1032		- $incomingData = file_get_contents($tmpDir . "/serverchain.pem");
	1032	+ $incomingData = file_get_contents($tmpDir."/serverchain.pem");
1033	1033	if ($incomingData !== FALSE && strlen($incomingData) > 0) {
1034	1034	$eapCertArray = $x509->splitCertificate($incomingData);
1035	1035	} else {
		@@ -1059,10 +1059,10 @@ discard block
		block discarded – undo
1059	1059	case RADIUSTests::SERVER_CA_SELFSIGNED:
1060	1060	$servercert[] = $cert;
1061	1061	if (count($servercert) == 1) {
1062		- if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) {
	1062	+ if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) {
1063	1063	$this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n");
1064	1064	}
1065		- $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true));
	1065	+ $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true));
1066	1066	} elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) {
1067	1067	$testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS;
1068	1068	}
		@@ -1143,7 +1143,7 @@ discard block
		block discarded – undo
1143	1143	chdir($tmpDir);
1144	1144	$this->loggerInstance->debug(4, "temp dir: $tmpDir\n");
1145	1145	if ($clientcertdata !== NULL) {
1146		- file_put_contents($tmpDir . "/client.p12", $clientcertdata);
	1146	+ file_put_contents($tmpDir."/client.p12", $clientcertdata);
1147	1147	}
1148	1148	$testresults = [];
1149	1149	// initialise the sub-array for cleaner parsing
		@@ -1250,7 +1250,7 @@ discard block
		block discarded – undo
1250	1250	'issuer' => $this->printDN($certdata['issuer']),
1251	1251	'validFrom' => $this->printTm($certdata['validFrom_time_t']),
1252	1252	'validTo' => $this->printTm($certdata['validTo_time_t']),
1253		- 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']),
	1253	+ 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']),
1254	1254	'sha1' => $certdata['sha1'],
1255	1255	'extensions' => $certdata['extensions']
1256	1256	];

GEANT / CAT

Push — release_2_0 ( 420bf6...df098d )

Status

Category

Spacing +55 added lines, -55 removed lines patch added patch discarded remove patch