GEANT / CAT

core/DeploymentManaged.php

Spacing +27 added lines, -27 removed lines

@@ -254,7 +254,7 @@ 
                 $serverCandidates[IdPlist::geoDistance($adminLocation, ['lat' => $iterator->location_lat, 'lon' => $iterator->location_lon])] = $iterator->server_id;
             }
             if ($clients > $maxSupportedClients * 0.9) {
-                $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (" . $iterator->server_id . ") is serving at more than 90% capacity!");
+                $this->loggerInstance->debug(1, "A RADIUS server for Managed SP (".$iterator->server_id.") is serving at more than 90% capacity!");
             }
         }
         if (count($serverCandidates) == 0 && $federation != "DEFAULT") {
@@ -263,7 +263,7 @@ 
             return $this->findGoodServerLocation($adminLocation, "DEFAULT", $blacklistedServers);
         }
         if (count($serverCandidates) == 0) {
-            throw new Exception("No available server found for new SP! $federation " . /** @scrutinizer ignore-type */ print_r($serverCandidates, true));
+            throw new Exception("No available server found for new SP! $federation "./** @scrutinizer ignore-type */ print_r($serverCandidates, true));
         }
         // put the nearest server on top of the list
         ksort($serverCandidates);
@@ -291,7 +291,7 @@ 
         $foundFreePort1 = 0;
         while ($foundFreePort1 == 0) {
             $portCandidate = random_int(1200, 65535);
-            $check = $this->databaseHandle->exec("SELECT port_instance_1 FROM deployment WHERE radius_instance_1 = '" . $ourserver . "' AND port_instance_1 = $portCandidate");
+            $check = $this->databaseHandle->exec("SELECT port_instance_1 FROM deployment WHERE radius_instance_1 = '".$ourserver."' AND port_instance_1 = $portCandidate");
             if (mysqli_num_rows(/** @scrutinizer ignore-type */ $check) == 0) {
                 $foundFreePort1 = $portCandidate;
             }
@@ -300,14 +300,14 @@ 
         $foundFreePort2 = 0;
         while ($foundFreePort2 == 0) {
             $portCandidate = random_int(1200, 65535);
-            $check = $this->databaseHandle->exec("SELECT port_instance_2 FROM deployment WHERE radius_instance_2 = '" . $ourSecondServer . "' AND port_instance_2 = $portCandidate");
+            $check = $this->databaseHandle->exec("SELECT port_instance_2 FROM deployment WHERE radius_instance_2 = '".$ourSecondServer."' AND port_instance_2 = $portCandidate");
             if (mysqli_num_rows(/** @scrutinizer ignore-type */ $check) == 0) {
                 $foundFreePort2 = $portCandidate;
             }
         }
         // and make up a shared secret that is halfways readable
         $futureSecret = $this->randomString(16, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
-        $this->databaseHandle->exec("UPDATE deployment SET radius_instance_1 = '" . $ourserver . "', radius_instance_2 = '" . $ourSecondServer . "', port_instance_1 = $foundFreePort1, port_instance_2 = $foundFreePort2, secret = '$futureSecret' WHERE deployment_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE deployment SET radius_instance_1 = '".$ourserver."', radius_instance_2 = '".$ourSecondServer."', port_instance_1 = $foundFreePort1, port_instance_2 = $foundFreePort2, secret = '$futureSecret' WHERE deployment_id = $this->identifier");
         return ["port_instance_1" => $foundFreePort1, "port_instance_2" => $foundFreePort2, "secret" => $futureSecret, "radius_instance_1" => $ourserver, "radius_instance_2" => $ourserver];
     }
 
@@ -354,7 +354,7 @@ 
      */
     public function deactivate()
     {
-        $this->databaseHandle->exec("UPDATE deployment SET status = " . DeploymentManaged::INACTIVE . " WHERE deployment_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE deployment SET status = ".DeploymentManaged::INACTIVE." WHERE deployment_id = $this->identifier");
     }
 
     /**
@@ -365,7 +365,7 @@ 
      */
     public function activate()
     {
-        $this->databaseHandle->exec("UPDATE deployment SET status = " . DeploymentManaged::ACTIVE . " WHERE deployment_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE deployment SET status = ".DeploymentManaged::ACTIVE." WHERE deployment_id = $this->identifier");
     }
 
     /**
@@ -377,7 +377,7 @@ 
     {
         $customAttrib = $this->getAttributes("managedsp:operatorname");
         if (count($customAttrib) == 0) {
-            return "1sp." . $this->identifier . "-" . $this->institution . \config\ConfAssistant::SILVERBULLET['realm_suffix'];
+            return "1sp.".$this->identifier."-".$this->institution.\config\ConfAssistant::SILVERBULLET['realm_suffix'];
         }
         return $customAttrib[0]["value"];
     }
@@ -393,13 +393,13 @@ 
     {
 
         $hostname = "radius_hostname_$idx";
-        $ch = curl_init("http://" . $this->$hostname);
+        $ch = curl_init("http://".$this->$hostname);
         if ($ch === FALSE) {
             $res = 'FAILURE';
         } else {
             curl_setopt($ch, CURLOPT_POST, 1);
             curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
-            $this->loggerInstance->debug(1, "Posting to http://" . $this->$hostname . ": $post\n");
+            $this->loggerInstance->debug(1, "Posting to http://".$this->$hostname.": $post\n");
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
             curl_setopt($ch, CURLOPT_HEADER, 0);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -414,7 +414,7 @@ 
             $this->loggerInstance->debug(1, $this);
         }
         $this->loggerInstance->debug(1, "Database update");
-        $this->databaseHandle->exec("UPDATE deployment SET radius_status_$idx = " . ($res == 'OK' ? \core\AbstractDeployment::RADIUS_OK : \core\AbstractDeployment::RADIUS_FAILURE) . " WHERE deployment_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE deployment SET radius_status_$idx = ".($res == 'OK' ? \core\AbstractDeployment::RADIUS_OK : \core\AbstractDeployment::RADIUS_FAILURE)." WHERE deployment_id = $this->identifier");
         return $res;
     }
 
@@ -435,19 +435,19 @@ 
         } else {
             $txt = $remove ? _('Profile dectivation failed') : _('Profile activation/modification failed');
         }
-        $txt = $txt . ' ';
+        $txt = $txt.' ';
         if (array_count_values($response)[$status] == 2) {
-            $txt = $txt . _('on both RADIUS servers: primary and backup') . '.';
+            $txt = $txt._('on both RADIUS servers: primary and backup').'.';
         } else {
             if ($response['res[1]'] == $status) {
-                $txt = $txt . _('on primary RADIUS server') . '.';
+                $txt = $txt._('on primary RADIUS server').'.';
             } else {
-                $txt = $txt . _('on backup RADIUS server') . '.';
+                $txt = $txt._('on backup RADIUS server').'.';
             }
         }
         $mail = \core\common\OutsideComm::mailHandle();
         $email = $this->getAttributes("support:email")[0]['value'];
-        $mail->FromName = \config\Master::APPEARANCE['productname'] . " Notification System";
+        $mail->FromName = \config\Master::APPEARANCE['productname']." Notification System";
         $mail->addAddress($email);
         if ($status == 'OK') {
             $mail->Subject = _('RADIUS profile update problem fixed');
@@ -481,7 +481,7 @@ 
             return NULL;
         }
         $timeout = 10;
-        curl_setopt($ch, CURLOPT_URL, 'http://' . $host);
+        curl_setopt($ch, CURLOPT_URL, 'http://'.$host);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
         curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
         curl_exec($ch);
@@ -572,32 +572,32 @@ 
     {
         $remove = ($this->status == \core\AbstractDeployment::INACTIVE) ? 0 : 1;
         $toPost = ($onlyone ? array($onlyone => '') : array(1 => '', 2 => ''));
-        $toPostTemplate = 'instid=' . $this->institution . '&deploymentid=' . $this->identifier . '&secret=' . $this->secret . '&country=' . $this->getAttributes("internal:country")[0]['value'] . '&';
+        $toPostTemplate = 'instid='.$this->institution.'&deploymentid='.$this->identifier.'&secret='.$this->secret.'&country='.$this->getAttributes("internal:country")[0]['value'].'&';
         if ($remove) {
-            $toPostTemplate = $toPostTemplate . 'remove=1&';
+            $toPostTemplate = $toPostTemplate.'remove=1&';
         } else {
             if ($this->getAttributes("managedsp:operatorname")[0]['value'] ?? NULL) {
-                $toPostTemplate = $toPostTemplate . 'operatorname=' . $this->getAttributes("managedsp:operatorname")[0]['value'] . '&';
+                $toPostTemplate = $toPostTemplate.'operatorname='.$this->getAttributes("managedsp:operatorname")[0]['value'].'&';
             }
             if ($this->getAttributes("managedsp:vlan")[0]['value'] ?? NULL) {
                 $allRealms = $this->getAllRealms();
                 if (!empty($allRealms)) {
-                    $toPostTemplate = $toPostTemplate . 'vlan=' . $this->getAttributes("managedsp:vlan")[0]['value'] . '&';
-                    $toPostTemplate = $toPostTemplate . 'realmforvlan[]=' . implode('&realmforvlan[]=', $allRealms) . '&';
+                    $toPostTemplate = $toPostTemplate.'vlan='.$this->getAttributes("managedsp:vlan")[0]['value'].'&';
+                    $toPostTemplate = $toPostTemplate.'realmforvlan[]='.implode('&realmforvlan[]=', $allRealms).'&';
                 }
             }
         }
         foreach (array_keys($toPost) as $key) {
-            $elem = 'port' . $key;
-            $toPost[$key] = $toPostTemplate . 'port=' . $this->$elem;
+            $elem = 'port'.$key;
+            $toPost[$key] = $toPostTemplate.'port='.$this->$elem;
         }
         $response = array();
         foreach ($toPost as $key => $value) {
-            $this->loggerInstance->debug(1, 'toPost ' . $toPost[$key] . "\n");
-            $response['res[' . $key . ']'] = $this->sendToRADIUS($key, $toPost[$key]);
+            $this->loggerInstance->debug(1, 'toPost '.$toPost[$key]."\n");
+            $response['res['.$key.']'] = $this->sendToRADIUS($key, $toPost[$key]);
         }
         if ($onlyone) {
-            $response['res[' . ($onlyone == 1) ? 2 : 1 . ']'] = \core\AbstractDeployment::RADIUS_OK;
+            $response['res['.($onlyone == 1) ? 2 : 1.']'] = \core\AbstractDeployment::RADIUS_OK;
         }
         foreach (array('OK', 'FAILURE') as $status) {
             if ((($status == 'OK' && $notify) || ($status == 'FAILURE')) && in_array($status, $response)) {

core/CertificationAuthorityEduPki.php

Spacing +37 added lines, -37 removed lines

@@ -17,9 +17,9 @@ 
 class CertificationAuthorityEduPki extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
     private const EDUPKI_RA_ID = 700;
     private const EDUPKI_CERT_PROFILE = "User SOAP";
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
@@ -35,13 +35,13 @@ 
         parent::__construct();
 
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_CERT) === FALSE) {
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPki::LOCATION_RA_CERT);
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPki::LOCATION_RA_CERT);
         }
         if (stat(CertificationAuthorityEduPki::LOCATION_RA_KEY) === FALSE) {
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPki::LOCATION_RA_KEY);
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPki::LOCATION_RA_KEY);
         }
         if (stat(CertificationAuthorityEduPki::LOCATION_WEBROOT) === FALSE) {
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPki::LOCATION_WEBROOT);
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPki::LOCATION_WEBROOT);
         }
     }
 
@@ -75,19 +75,19 @@ 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
         try {
             $altArray = [# Array mit den Subject Alternative Names
-                "email:" . $csr["USERNAME"]
+                "email:".$csr["USERNAME"]
             ];
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPki::EDUPKI_RA_ID . "\n");
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPki::EDUPKI_RA_ID."\n");
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
             $this->loggerInstance->debug(5, "PARAM_3: ");
             $this->loggerInstance->debug(5, $altArray);
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE . "\n");
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERNAME"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE."\n");
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERNAME"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
             $soapNewRequest = $soapPub->newRequest(
                     CertificationAuthorityEduPki::EDUPKI_RA_ID, # RA-ID
@@ -109,11 +109,11 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
                     $e->faultstring
                 }\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
         try {
             $soap = $this->initEduPKISoapSession("RA");
@@ -125,8 +125,8 @@ 
                     $soapReqnum, [
                 "RaID" => CertificationAuthorityEduPki::EDUPKI_RA_ID,
                 "Role" => CertificationAuthorityEduPki::EDUPKI_CERT_PROFILE,
-                "Subject" => "DC=eduroam,DC=test,DC=test,C=" . $csr["FED"] . ",O=" . \config\ConfAssistant::CONSORTIUM['name'] . ",OU=" . $csr["FED"] . ",CN=" . $csr['USERNAME'] . ",emailAddress=" . $csr['USERNAME'],
-                "SubjectAltNames" => ["email:" . $csr["USERNAME"]],
+                "Subject" => "DC=eduroam,DC=test,DC=test,C=".$csr["FED"].",O=".\config\ConfAssistant::CONSORTIUM['name'].",OU=".$csr["FED"].",CN=".$csr['USERNAME'].",emailAddress=".$csr['USERNAME'],
+                "SubjectAltNames" => ["email:".$csr["USERNAME"]],
                 "NotBefore" => (new \DateTime())->format('c'),
                 "NotAfter" => $expiry->format('c'),
                     ]
@@ -145,7 +145,7 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
             // retrieve our RA cert from filesystem                    
             // the RA certificates are not needed right now because we
             // have resorted to S/MIME signatures with openssl command-line
@@ -157,7 +157,7 @@ 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
             $output = [];
             $return = 999;
@@ -166,14 +166,14 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
+            $this->loggerInstance->debug(5, $detachedSig."\n");
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
             if ($soapIssueCert === FALSE) {
                 throw new Exception("The locally approved request was NOT processed by the CA.");
             }
@@ -210,9 +210,9 @@ 
                 throw new Exception("CAInfo has no root certificate for us!");
             }
         } catch (SoapFault $e) {
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
         } catch (Exception $e) {
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
         }
         return [
             "CERT" => openssl_x509_read($parsedCert['pem']),
@@ -245,12 +245,12 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
             // retrieve our RA cert from filesystem
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
-            $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPki::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPki::LOCATION_RA_CERT;
+            $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPki::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPki::LOCATION_RA_CERT;
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
             $output = [];
             $return = 999;
@@ -259,7 +259,7 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
             if ($soapIssueRev === FALSE) {
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
@@ -267,9 +267,9 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
     }
 
@@ -369,9 +369,9 @@ 
      */
     public function soapToXmlInteger($x)
     {
-        return '<' . $x[0] . '>'
+        return '<'.$x[0].'>'
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
-                . '</' . $x[0] . '>';
+                . '</'.$x[0].'>';
     }
 
     /**
@@ -390,9 +390,9 @@ 
         // dump private key into directory
         $outstring = "";
         openssl_pkey_export($privateKey, $outstring);
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
+        file_put_contents($tempdir."/pkey.pem", $outstring);
         // PHP can only do one DC in the Subject. But we need three.
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;

core/CertificationAuthorityEduPkiServer.php

Spacing +37 added lines, -37 removed lines

@@ -17,9 +17,9 @@ 
 class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
     private const EDUPKI_RA_ID = 700;
     private const EDUPKI_CERT_PROFILE = "Radius Server SOAP";
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
@@ -35,13 +35,13 @@ 
         parent::__construct();
 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
         }
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
         }
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
         }
     }
 
@@ -99,19 +99,19 @@ 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
         try {
             $altArray = [# Array mit den Subject Alternative Names
-                "email:" . $csr["USERMAIL"]
+                "email:".$csr["USERMAIL"]
             ];
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
             $this->loggerInstance->debug(5, "PARAM_3: ");
             $this->loggerInstance->debug(5, $altArray);
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n");
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n");
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
             $soapNewRequest = $soapPub->newRequest(
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
@@ -133,11 +133,11 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
                     $e->faultstring
                 }\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
         try {
             $soap = $this->initEduPKISoapSession("RA");
@@ -171,7 +171,7 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
             // retrieve our RA cert from filesystem                    
             // the RA certificates are not needed right now because we
             // have resorted to S/MIME signatures with openssl command-line
@@ -183,7 +183,7 @@ 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
             $output = [];
             $return = 999;
@@ -192,21 +192,21 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
+            $this->loggerInstance->debug(5, $detachedSig."\n");
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
             if ($soapIssueCert === FALSE) {
                 throw new Exception("The locally approved request was NOT processed by the CA.");
             }
         } catch (SoapFault $e) {
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
         } catch (Exception $e) {
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
         }
         return $soapReqnum;
     }
@@ -258,9 +258,9 @@ 
                 throw new Exception("CAInfo has no root certificate for us!");
             }
         } catch (SoapFault $e) {
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
         } catch (Exception $e) {
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
         }
         return [
             "CERT" => openssl_x509_read($parsedCert['pem']),
@@ -293,12 +293,12 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
             // retrieve our RA cert from filesystem
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
             $output = [];
             $return = 999;
@@ -307,7 +307,7 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
             if ($soapIssueRev === FALSE) {
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
@@ -315,9 +315,9 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
     }
 
@@ -417,9 +417,9 @@ 
      */
     public function soapToXmlInteger($x)
     {
-        return '<' . $x[0] . '>'
+        return '<'.$x[0].'>'
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
-                . '</' . $x[0] . '>';
+                . '</'.$x[0].'>';
     }
 
     /**
@@ -438,9 +438,9 @@ 
         // dump private key into directory
         $outstring = "";
         openssl_pkey_export($privateKey, $outstring);
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
+        file_put_contents($tempdir."/pkey.pem", $outstring);
         // PHP can only do one DC in the Subject. But we need three.
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;

core/CertificationAuthorityEmbeddedRSA.php

Spacing +20 added lines, -20 removed lines

@@ -16,10 +16,10 @@ 
 class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem";
-    private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem";
-    private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key";
-    private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf";
+    private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem";
+    private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem";
+    private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key";
+    private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf";
 
     /**
      * string with the PEM variant of the root CA
@@ -66,11 +66,11 @@ 
         parent::__construct();
         $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
         if ($this->rootPem === FALSE) {
-            throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
+            throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
         }
         $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
         if ($this->issuingCertRaw === FALSE) {
-            throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
+            throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
         }
         $rootParsed = openssl_x509_read($this->rootPem);
         $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw);
@@ -80,15 +80,15 @@ 
         }
         $this->issuingCert = $issuingCertCandidate;
         if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) {
-            throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
+            throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
         }
-        $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
+        $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
         if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) {
             throw new Exception("The private key did not parse correctly (or is not a PHP8 object)!");
         }
         $this->issuingKey = $issuingKeyTemp;
         if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) {
-            throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG);
+            throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG);
         }
         $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG;
     }
@@ -131,27 +131,27 @@ 
         // generate stub index.txt file
         $tempdirArray = \core\common\Entity::createTemporaryDirectory("test");
         $tempdir = $tempdirArray['dir'];
-        $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z";
-        $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z";
+        $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z";
+        $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z";
         // serials for our CA are always integers
         $serialHex = strtoupper(dechex((int) $cert->serial));
         if (strlen($serialHex) % 2 == 1) {
-            $serialHex = "0" . $serialHex;
+            $serialHex = "0".$serialHex;
         }
 
-        $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n";
+        $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n";
         $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement");
-        if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) {
+        if (!file_put_contents($tempdir."/index.txt", $indexStatement)) {
             $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!");
         }
         // index.txt.attr is dull but needs to exist
-        file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n");
+        file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n");
         // call "openssl ocsp" to manufacture our own OCSP statement
         // adding "-rmd sha1" to the following command-line makes the
         // choice of signature algorithm for the response explicit
         // but it's only available from openssl-1.1.0 (which we do not
         // want to require just for that one thing).
-        $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
+        $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
         $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;
@@ -159,11 +159,11 @@ 
         if ($return !== 0) {
             throw new Exception("Non-zero return value from openssl ocsp!");
         }
-        $ocsp = file_get_contents($tempdir . "/$serialHex.response.der");
+        $ocsp = file_get_contents($tempdir."/$serialHex.response.der");
         // remove the temp dir!
-        unlink($tempdir . "/$serialHex.response.der");
-        unlink($tempdir . "/index.txt.attr");
-        unlink($tempdir . "/index.txt");
+        unlink($tempdir."/$serialHex.response.der");
+        unlink($tempdir."/index.txt.attr");
+        unlink($tempdir."/index.txt");
         rmdir($tempdir);
         $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial);
         return $ocsp;

web/admin/inc/filepreview.php

Spacing +3 added lines, -3 removed lines

@@ -22,7 +22,7 @@ 
 ?>
 <?php
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $validator = new \web\lib\common\InputValidation();
 $idRaw = $_GET["id"] ?? "";
@@ -37,7 +37,7 @@ 
         // Set data type and caching for 30 days
         $info = new finfo();
         $filetype = $info->buffer($finalBlob, FILEINFO_MIME_TYPE);
-        header("Content-type: " . $filetype);
+        header("Content-type: ".$filetype);
 
         switch ($filetype) {
             case "text/rtf": // fall-through, same treatment
@@ -54,7 +54,7 @@ 
         header("Cache-Control: must-revalidate");
         $offset = 60 * 60 * 24 * 30;
         // gmdate can't possibly fail, because it operates on time() and an integer offset
-        $ExpStr = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
+        $ExpStr = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT";
         header($ExpStr);
         //  Print out the image
         echo $finalBlob;

web/admin/inc/sendinvite.inc.php

Switch Indentation +87 added lines, -87 removed lines

@@ -98,98 +98,98 @@
 }
 
 switch ($operationMode) {
-    case OPERATION_MODE_EDIT:
-        $idp = $validator->existingIdP($_GET['inst_id']);
-        // editing IdPs is done from within the popup. When we're done, send the 
-        // user back to the popup (append the result of the operation later)
-        $redirectDestination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
-        if (count($validAddresses) == 0) {
-            header("Location: $redirectDestination" . "invitation=INVALIDSYNTAX");
-            exit(1);
-        }
-        // is the user primary admin of this IdP?
-        $is_owner = $idp->isPrimaryOwner($_SESSION['user']);
-        // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then.
-        $fedadmin = $userObject->isFederationAdmin($idp->federation);
-        // check if he is either one, if not, complain
-        if (!$is_owner && !$fedadmin) {
-            echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
-            exit(1);
-        }
+        case OPERATION_MODE_EDIT:
+            $idp = $validator->existingIdP($_GET['inst_id']);
+            // editing IdPs is done from within the popup. When we're done, send the 
+            // user back to the popup (append the result of the operation later)
+            $redirectDestination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
+            if (count($validAddresses) == 0) {
+                header("Location: $redirectDestination" . "invitation=INVALIDSYNTAX");
+                exit(1);
+            }
+            // is the user primary admin of this IdP?
+            $is_owner = $idp->isPrimaryOwner($_SESSION['user']);
+            // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then.
+            $fedadmin = $userObject->isFederationAdmin($idp->federation);
+            // check if he is either one, if not, complain
+            if (!$is_owner && !$fedadmin) {
+                echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
+                exit(1);
+            }
 
-        $prettyprintname = $idp->name;
-        $newtokens = $mgmt->createTokens($fedadmin, $validAddresses, $idp);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $validAddresses));
-        $introtext = "CO-ADMIN";
-        $participant_type = $idp->type;
-        break;
-    case OPERATION_MODE_NEWUNLINKED:
-        $redirectDestination = "../overview_federation.php?";
-        if (count($validAddresses) == 0) {
-            header("Location: $redirectDestination"."invitation=INVALIDSYNTAX");
-            exit(1);
-        }
-        // run an input check and conversion of the raw inputs... just in case
-        $newinstname = $validator->string($_POST['name']);
-        $newcountry = $validator->string($_POST['country']);
-        $participant_type = $validator->partType($_POST['participant_type']);
-        $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
-        if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
-        }
-        $federation = $validator->existingFederation($newcountry);
-        $prettyprintname = $newinstname;
-        $introtext = "NEW-FED";
-        // send the user back to his federation overview page, append the result of the operation later
-        // do the token creation magic
-        $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $newinstname, 0, $newcountry, $participant_type);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $validAddresses));
-        break;
-    case OPERATION_MODE_NEWFROMDB:
-        $redirectDestination = "../overview_federation.php?";
-        if (count($validAddresses) == 0) {
-            header("Location: $redirectDestination"."invitation=INVALIDSYNTAX");
-            exit(1);
-        }
-        // a real external DB entry was submitted and all the required parameters are there
-        $newexternalid = $validator->string($_POST['externals']);
-        $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
-        $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
-        if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
-        }
-        $federation = $validator->existingFederation($extinfo['country']);
-        $newcountry = $extinfo['country'];
-        // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list
-        $prettyprintname = "";
-        foreach ($extinfo['names'] as $lang => $name) {
-            if ($lang == $languageInstance->getLang()) {
-                $prettyprintname = $name;
+            $prettyprintname = $idp->name;
+            $newtokens = $mgmt->createTokens($fedadmin, $validAddresses, $idp);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $validAddresses));
+            $introtext = "CO-ADMIN";
+            $participant_type = $idp->type;
+            break;
+        case OPERATION_MODE_NEWUNLINKED:
+            $redirectDestination = "../overview_federation.php?";
+            if (count($validAddresses) == 0) {
+                header("Location: $redirectDestination"."invitation=INVALIDSYNTAX");
+                exit(1);
             }
-        }
-        if ($prettyprintname == "" && isset($extinfo['names']['en'])) {
-            $prettyprintname = $extinfo['names']['en'];
-        }
-        if ($prettyprintname == "") {
-            foreach ($extinfo['names'] as $name) {
-                $prettyprintname = $name;
+            // run an input check and conversion of the raw inputs... just in case
+            $newinstname = $validator->string($_POST['name']);
+            $newcountry = $validator->string($_POST['country']);
+            $participant_type = $validator->partType($_POST['participant_type']);
+            $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
+            if ($new_idp_authorized_fedadmin !== TRUE) {
+                throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
             }
-        }
-        $participant_type = $extinfo['type'];
-        // fill the rest of the text
-        $introtext = "EXISTING-FED";
-        // do the token creation magic
-        $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $prettyprintname, $newexternalid);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $validAddresses));
-        break;
-    default: // includes OPERATION_MODE_INVALID
-        // second param is TRUE, so the variable *will* contain a string
-        // i.e. ignore Scrutinizer type warning later
-        $wrongcontent = print_r($_POST, TRUE);
-        echo "<pre>Wrong parameters in POST:
+            $federation = $validator->existingFederation($newcountry);
+            $prettyprintname = $newinstname;
+            $introtext = "NEW-FED";
+            // send the user back to his federation overview page, append the result of the operation later
+            // do the token creation magic
+            $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $newinstname, 0, $newcountry, $participant_type);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $validAddresses));
+            break;
+        case OPERATION_MODE_NEWFROMDB:
+            $redirectDestination = "../overview_federation.php?";
+            if (count($validAddresses) == 0) {
+                header("Location: $redirectDestination"."invitation=INVALIDSYNTAX");
+                exit(1);
+            }
+            // a real external DB entry was submitted and all the required parameters are there
+            $newexternalid = $validator->string($_POST['externals']);
+            $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
+            $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
+            if ($new_idp_authorized_fedadmin !== TRUE) {
+                throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
+            }
+            $federation = $validator->existingFederation($extinfo['country']);
+            $newcountry = $extinfo['country'];
+            // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list
+            $prettyprintname = "";
+            foreach ($extinfo['names'] as $lang => $name) {
+                if ($lang == $languageInstance->getLang()) {
+                    $prettyprintname = $name;
+                }
+            }
+            if ($prettyprintname == "" && isset($extinfo['names']['en'])) {
+                $prettyprintname = $extinfo['names']['en'];
+            }
+            if ($prettyprintname == "") {
+                foreach ($extinfo['names'] as $name) {
+                    $prettyprintname = $name;
+                }
+            }
+            $participant_type = $extinfo['type'];
+            // fill the rest of the text
+            $introtext = "EXISTING-FED";
+            // do the token creation magic
+            $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $prettyprintname, $newexternalid);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $validAddresses));
+            break;
+        default: // includes OPERATION_MODE_INVALID
+            // second param is TRUE, so the variable *will* contain a string
+            // i.e. ignore Scrutinizer type warning later
+            $wrongcontent = print_r($_POST, TRUE);
+            echo "<pre>Wrong parameters in POST:
 " . htmlspecialchars(/** @scrutinizer ignore-type */ $wrongcontent) . "
 </pre>";
-        exit(1);
+            exit(1);
 }
 
 // send, and invalidate the token immediately if the mail could not be sent!

Spacing +13 added lines, -13 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__DIR__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__DIR__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $auth->authenticate();
@@ -102,9 +102,9 @@ 
         $idp = $validator->existingIdP($_GET['inst_id']);
         // editing IdPs is done from within the popup. When we're done, send the 
         // user back to the popup (append the result of the operation later)
-        $redirectDestination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
+        $redirectDestination = "manageAdmins.inc.php?inst_id=".$idp->identifier."&";
         if (count($validAddresses) == 0) {
-            header("Location: $redirectDestination" . "invitation=INVALIDSYNTAX");
+            header("Location: $redirectDestination"."invitation=INVALIDSYNTAX");
             exit(1);
         }
         // is the user primary admin of this IdP?
@@ -113,13 +113,13 @@ 
         $fedadmin = $userObject->isFederationAdmin($idp->federation);
         // check if he is either one, if not, complain
         if (!$is_owner && !$fedadmin) {
-            echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
+            echo "<p>".sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst)."</p>";
             exit(1);
         }
 
         $prettyprintname = $idp->name;
         $newtokens = $mgmt->createTokens($fedadmin, $validAddresses, $idp);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $validAddresses));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$idp->identifier." - Token created for ".implode(",", $validAddresses));
         $introtext = "CO-ADMIN";
         $participant_type = $idp->type;
         break;
@@ -135,7 +135,7 @@ 
         $participant_type = $validator->partType($_POST['participant_type']);
         $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
         if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
+            throw new Exception("Something's wrong... you want to create a new ".$uiElements->nomenclatureInst.", but are not a ".$uiElements->nomenclatureFed." admin for the ".$uiElements->nomenclatureFed." it should be in!");
         }
         $federation = $validator->existingFederation($newcountry);
         $prettyprintname = $newinstname;
@@ -143,7 +143,7 @@ 
         // send the user back to his federation overview page, append the result of the operation later
         // do the token creation magic
         $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $newinstname, 0, $newcountry, $participant_type);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $validAddresses));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type ".implode(",", $validAddresses));
         break;
     case OPERATION_MODE_NEWFROMDB:
         $redirectDestination = "../overview_federation.php?";
@@ -156,7 +156,7 @@ 
         $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
         $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
         if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
+            throw new Exception("Something's wrong... you want to create a new ".$uiElements->nomenclatureInst.", but are not a ".$uiElements->nomenclatureFed." admin for the ".$uiElements->nomenclatureFed." it should be in!");
         }
         $federation = $validator->existingFederation($extinfo['country']);
         $newcountry = $extinfo['country'];
@@ -180,14 +180,14 @@ 
         $introtext = "EXISTING-FED";
         // do the token creation magic
         $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $prettyprintname, $newexternalid);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $validAddresses));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for ".implode(",", $validAddresses));
         break;
     default: // includes OPERATION_MODE_INVALID
         // second param is TRUE, so the variable *will* contain a string
         // i.e. ignore Scrutinizer type warning later
         $wrongcontent = print_r($_POST, TRUE);
         echo "<pre>Wrong parameters in POST:
-" . htmlspecialchars(/** @scrutinizer ignore-type */ $wrongcontent) . "
+" . htmlspecialchars(/** @scrutinizer ignore-type */ $wrongcontent)."
 </pre>";
         exit(1);
 }
@@ -212,14 +212,14 @@ 
 }
 
 if (count($status) == 0) {
-    header("Location: $redirectDestination" . "invitation=FAILURE");
+    header("Location: $redirectDestination"."invitation=FAILURE");
     exit;
 }
 $finalDestParams = "invitation=SUCCESS";
 if (count($status) < count($totalSegments)) { // only a subset of mails was sent, update status
     $finalDestParams = "invitation=PARTIAL";
 }
-$finalDestParams .= "&successcount=" . count($status);
+$finalDestParams .= "&successcount=".count($status);
 if ($allEncrypted === TRUE) {
     $finalDestParams .= "&transportsecurity=ENCRYPTED";
 } elseif ($allClear === TRUE) {
@@ -228,4 +228,4 @@ 
     $finalDestParams .= "&transportsecurity=PARTIAL";
 }
 
-header("Location: $redirectDestination" . $finalDestParams);
+header("Location: $redirectDestination".$finalDestParams);

web/admin/inc/userStats.inc.php

Spacing +14 added lines, -14 removed lines

@@ -9,7 +9,7 @@ 
  * ******************************************************************************
  */
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $auth->authenticate();
@@ -29,31 +29,31 @@ 
 ?>
 
 <h1><?php $tablecaption = _("User Authentication Records"); echo $tablecaption; ?></h1>
-<p><?php echo _("Note that:");?></p>
+<p><?php echo _("Note that:"); ?></p>
 <ul>
-    <li><?php echo _("Authentication records are deleted after six months retention time");?></li>
-    <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots");?></li>
-    <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems");?></li>
+    <li><?php echo _("Authentication records are deleted after six months retention time"); ?></li>
+    <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots"); ?></li>
+    <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems"); ?></li>
 </ul>
 <table class='authrecord'>
-    <caption><?php echo $tablecaption;?></caption>
+    <caption><?php echo $tablecaption; ?></caption>
     <tr>
-        <th scope="col"><strong><?php echo _("Timestamp");?></strong></th>
-        <th scope="col"><strong><?php echo _("Credential");?></strong></th>
-        <th scope="col"><strong><?php echo _("MAC Address");?></strong></th>
-        <th scope="col"><strong><?php echo _("Result");?></strong></th>
-        <th scope="col"><strong><?php echo _("Operator Domain");?></strong></th>
+        <th scope="col"><strong><?php echo _("Timestamp"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Credential"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("MAC Address"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Result"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Operator Domain"); ?></strong></th>
     </tr>
     <?php
     $userAuthData = $profile->getUserAuthRecords($userInt);
     foreach ($userAuthData as $oneRecord) {
-        echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail" )."'>"
+        echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail")."'>"
                 . "<td>".$oneRecord['TIMESTAMP']."</td>"
                 // $oneRecord['CN'] is a simple string, not an array, so disable Scrutinizer type check here
-                . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'],"@"))."</td>"
+                . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'], "@"))."</td>"
                 . "<td>".$oneRecord['MAC']."</td>"
                 . "<td>".($oneRecord['RESULT'] == "Access-Accept" ? _("Success") : _("Failure"))."</td>"
-                . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)",1)."</td>"
+                . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)", 1)."</td>"
                 . "</tr>";
     }
     ?>

web/admin/overview_user.php

Spacing +20 added lines, -20 removed lines

@@ -21,7 +21,7 @@ 
 
 namespace core;
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $instMgmt = new \core\UserManagement();
 $deco = new \web\lib\admin\PageDecoration();
@@ -59,7 +59,7 @@ 
 <?php echo $uiElements->infoblock($user->getAttributes(), "user", "User"); ?>
             <tr>
                 <td>
-<?php echo "" . _("Unique Identifier") ?>
+<?php echo ""._("Unique Identifier") ?>
                 </td>
                 <td>
                 </td>
@@ -72,14 +72,14 @@ 
     <div>
         <?php
         if (\config\Master::DB['USER']['readonly'] === FALSE) {
-            echo "<a href='edit_user.php'><button>" . _("Edit User Details") . "</button></a>";
+            echo "<a href='edit_user.php'><button>"._("Edit User Details")."</button></a>";
         }
 
         if ($user->isFederationAdmin()) {
-            echo "<form action='overview_federation.php' method='GET' accept-charset='UTF-8'><button type='submit'>" . sprintf(_('Click here for %s management tasks'), $uiElements->nomenclatureFed) . "</button></form>";
+            echo "<form action='overview_federation.php' method='GET' accept-charset='UTF-8'><button type='submit'>".sprintf(_('Click here for %s management tasks'), $uiElements->nomenclatureFed)."</button></form>";
         }
         if ($user->isSuperadmin()) {
-            echo "<form action='112365365321.php' method='GET' accept-charset='UTF-8'><button type='submit'>" . _('Click here to access the superadmin page') . "</button></form>";
+            echo "<form action='112365365321.php' method='GET' accept-charset='UTF-8'><button type='submit'>"._('Click here to access the superadmin page')."</button></form>";
         }
         ?>
     </div>
@@ -92,7 +92,7 @@ 
         if (\config\Master::FUNCTIONALITY_LOCATIONS['CONFASSISTANT_SILVERBULLET'] == "LOCAL") {
             $target = "https://wiki.geant.org/x/6Zg7Bw"; // Managed IdP manual
         }
-        $helptext = "<h3 style='display:inline;'>" . sprintf(_("(Need help? Refer to the <a href='%s'>%s administrator manual</a>)"), $target, $uiElements->nomenclatureInst) . "</h3>";
+        $helptext = "<h3 style='display:inline;'>".sprintf(_("(Need help? Refer to the <a href='%s'>%s administrator manual</a>)"), $target, $uiElements->nomenclatureInst)."</h3>";
     } else {
         $helptext = "";
     }
@@ -101,7 +101,7 @@ 
         // we need to run the Federation constructor
         $cat = new \core\CAT;
         /// first parameter: number of Identity Providers; second param is the literal configured term for 'Identity Provider' (you may or may not be able to add a plural suffix for your locale)
-        echo "<h2>" . sprintf(ngettext("You are managing the following <span style='display:none'>%d </span>%s:", "You are managing the following <strong>%d</strong> %s:", sizeof($hasInst)), sizeof($hasInst), $uiElements->nomenclatureParticipant) . "</h2>";
+        echo "<h2>".sprintf(ngettext("You are managing the following <span style='display:none'>%d </span>%s:", "You are managing the following <strong>%d</strong> %s:", sizeof($hasInst)), sizeof($hasInst), $uiElements->nomenclatureParticipant)."</h2>";
         $instlist = [];
         $my_idps = [];
         $myFeds = [];
@@ -124,7 +124,7 @@ 
         }
         ?>
         <table class='user_overview'>
-            <caption><?php echo sprintf(_("%s Management Overview"),$uiElements->nomenclatureParticipant);?></caption>
+            <caption><?php echo sprintf(_("%s Management Overview"), $uiElements->nomenclatureParticipant); ?></caption>
             <tr>
                 <th scope='col'><?php echo sprintf(_("%s Name"), $uiElements->nomenclatureParticipant); ?></th>
                 <th scope="col"><?php echo sprintf(_("Other admins of this %s"), $uiElements->nomenclatureParticipant); ?></th>
@@ -144,7 +144,7 @@ 
             <?php
             foreach ($myFeds as $fed_id => $fed_name) {
 /// nomenclature 'fed', fed name, nomenclature 'inst'
-                echo "<tr><td colspan='4'><strong>" . sprintf(_("%s %s: %s list"), $uiElements->nomenclatureFed, $fed_name, $uiElements->nomenclatureParticipant) . "</strong></td></tr>";
+                echo "<tr><td colspan='4'><strong>".sprintf(_("%s %s: %s list"), $uiElements->nomenclatureFed, $fed_name, $uiElements->nomenclatureParticipant)."</strong></td></tr>";
 
                 $fedOrganisations = $my_idps[$fed_id];
                 asort($fedOrganisations);
@@ -153,7 +153,7 @@ 
                     $the_inst = $oneinst['object'];
 
                     echo "<tr>"
-                    . "<td>" . $oneinst['name'] . "</td>";
+                    . "<td>".$oneinst['name']."</td>";
                     echo "<td>";
                     $admins = $the_inst->listOwners();
                     $blessedUser = FALSE;
@@ -162,7 +162,7 @@ 
                             $coadmin = new \core\User($username['ID']);
                             $coadmin_name = $coadmin->getAttributes('user:realname');
                             if (count($coadmin_name) > 0) {
-                                echo $coadmin_name[0]['value'] . "<br/>";
+                                echo $coadmin_name[0]['value']."<br/>";
                                 unset($admins[$number]);
                             }
                         } else { // don't list self
@@ -177,7 +177,7 @@ 
                         }
                         echo "</td><td>";
                         if ($blessedUser && \config\Master::DB['INST']['readonly'] === FALSE) {
-                            echo "<div style='white-space: nowrap;'><form method='post' action='inc/manageAdmins.inc.php?inst_id=" . $the_inst->identifier . "' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'><button type='submit'>" . _("Add/Remove Administrators") . "</button></form></div>";
+                            echo "<div style='white-space: nowrap;'><form method='post' action='inc/manageAdmins.inc.php?inst_id=".$the_inst->identifier."' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'><button type='submit'>"._("Add/Remove Administrators")."</button></form></div>";
                         }
                         echo "</td></tr>";
                     }
@@ -217,7 +217,7 @@ 
                     echo "</td><td>"; // danger zone 
                     ?>
                     <form action='edit_participant_result.php?inst_id=<?php echo $the_inst->identifier; ?>' method='post' accept-charset='UTF-8'>
-                        <button class='delete' type='submit' name='submitbutton' value='<?php echo \web\lib\common\FormElements::BUTTON_DELETE; ?>' onclick="return confirm('<?php echo ( \config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL ? sprintf(_("After deleting the %s, you can not recreate it yourself - you need a new invitation token from the %s administrator!"), $uiElements->nomenclatureInst, $uiElements->nomenclatureFed) . " " : "" ) . sprintf(_("Do you really want to delete your %s %s?"), $uiElements->nomenclatureParticipant, $my_inst->name); ?>')"><?php echo sprintf(_("Delete %s"), $uiElements->nomenclatureParticipant); ?></button>
+                        <button class='delete' type='submit' name='submitbutton' value='<?php echo \web\lib\common\FormElements::BUTTON_DELETE; ?>' onclick="return confirm('<?php echo (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL ? sprintf(_("After deleting the %s, you can not recreate it yourself - you need a new invitation token from the %s administrator!"), $uiElements->nomenclatureInst, $uiElements->nomenclatureFed)." " : "").sprintf(_("Do you really want to delete your %s %s?"), $uiElements->nomenclatureParticipant, $my_inst->name); ?>')"><?php echo sprintf(_("Delete %s"), $uiElements->nomenclatureParticipant); ?></button>
                     </form>
                     <form action='edit_participant_result.php?inst_id=<?php echo $the_inst->identifier; ?>' method='post' accept-charset='UTF-8'>
                         <button class='delete' type='submit' name='submitbutton' value='<?php echo \web\lib\common\FormElements::BUTTON_FLUSH_AND_RESTART; ?>' onclick="return confirm('<?php echo sprintf(_("This action will delete all properties of the %s and start over the configuration from scratch. Do you really want to reset all settings of the %s %s?"), $uiElements->nomenclatureParticipant, $uiElements->nomenclatureParticipant, $my_inst->name); ?>')"><?php echo sprintf(_("Reset all %s settings"), $uiElements->nomenclatureParticipant); ?></button>
@@ -227,32 +227,32 @@ 
                 }
                 $otherAdminCount = count($admins); // only the unnamed remain
                 if ($otherAdminCount > 0) {
-                    echo sprintf(ngettext("%d other user", "%d other users", $otherAdminCount),$otherAdminCount);
+                    echo sprintf(ngettext("%d other user", "%d other users", $otherAdminCount), $otherAdminCount);
                 }
                 echo "</td><td>";
                 $isAdminMgmtAvailable = FALSE;
                 if ($blessedUser && \config\Master::DB['INST']['readonly'] === FALSE) {
                     $isAdminMgmtAvailable = TRUE;
                 }
-                echo "<div style='white-space: nowrap;'><form method='post' action='inc/manageAdmins.inc.php?inst_id=" . $the_inst->identifier . "' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'><button type='submit' ". ($isAdminMgmtAvailable ? "" : "disabled") .">" . _("Add/Remove Administrators") . "</button></form></div>";
+                echo "<div style='white-space: nowrap;'><form method='post' action='inc/manageAdmins.inc.php?inst_id=".$the_inst->identifier."' onsubmit='popupRedirectWindow(this); return false;' accept-charset='UTF-8'><button type='submit' ".($isAdminMgmtAvailable ? "" : "disabled").">"._("Add/Remove Administrators")."</button></form></div>";
                 echo "</td></tr>";
             }
             ?>
         </table>
         <?php
     } else {
-        echo "<h2>" . sprintf(_("You are not managing any %s."), $uiElements->nomenclatureInst) . "</h2>";
+        echo "<h2>".sprintf(_("You are not managing any %s."), $uiElements->nomenclatureInst)."</h2>";
     }
     if (\config\Master::DB['INST']['readonly'] === FALSE) {
         if (\config\ConfAssistant::CONSORTIUM['selfservice_registration'] === NULL) {
-            echo "<p>" . sprintf(_("Please ask your %s administrator to invite you to become an %s administrator."), $uiElements->nomenclatureFed, $uiElements->nomenclatureParticipant) . "</p>";
+            echo "<p>".sprintf(_("Please ask your %s administrator to invite you to become an %s administrator."), $uiElements->nomenclatureFed, $uiElements->nomenclatureParticipant)."</p>";
             echo "<hr/>
              <div style='white-space: nowrap;'>
                 <form action='action_enrollment.php' method='get' accept-charset='UTF-8'>" .
-            sprintf(_("Did you receive an invitation token to manage an %s? Please paste it here:"), $uiElements->nomenclatureParticipant) .
+            sprintf(_("Did you receive an invitation token to manage an %s? Please paste it here:"), $uiElements->nomenclatureParticipant).
             "        <input type='text' id='token' name='token'/>
                     <button type='submit'>" .
-            _("Go!") . "
+            _("Go!")."
                     </button>
                 </form>
              </div>";
@@ -261,7 +261,7 @@ 
             <div style='white-space: nowrap;'>
         <form action='action_enrollment.php' method='get'><button type='submit' accept-charset='UTF-8'>
                 <input type='hidden' id='token' name='token' value='SELF-REGISTER'/>" .
-            sprintf(_("New %s Registration"), $uiElements->nomenclatureParticipant) . "
+            sprintf(_("New %s Registration"), $uiElements->nomenclatureParticipant)."
             </button>
         </form>
         </div>";

core/CertificationAuthorityEmbeddedECDSA.php

Spacing +21 added lines, -21 removed lines

@@ -16,10 +16,10 @@ 
 class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem";
-    private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem";
-    private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key";
-    private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf";
+    private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem";
+    private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem";
+    private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key";
+    private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf";
 
     /**
      * string with the PEM variant of the root CA
@@ -66,29 +66,29 @@ 
         parent::__construct();
         $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
         if ($this->rootPem === FALSE) {
-            throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
+            throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
         }
         $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
         if ($this->issuingCertRaw === FALSE) {
-            throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
+            throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
         }
         $rootParsed = openssl_x509_read($this->rootPem);
         $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw);
-        if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate)|| $rootParsed === FALSE) {
+        if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate) || $rootParsed === FALSE) {
             throw new Exception("At least one CA PEM file did not parse correctly (or not a PHP8 resource)!");
         }
         $this->issuingCert = $issuingCertCandidate;
         
         if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) {
-            throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
+            throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
         }
-        $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
+        $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
         if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) {
             throw new Exception("The private key did not parse correctly (or not a PHP8 resource)!");
         }
         $this->issuingKey = $issuingKeyTemp;
         if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) {
-            throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG);
+            throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG);
         }
         $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG;
     }
@@ -131,27 +131,27 @@ 
         // generate stub index.txt file
         $tempdirArray = \core\common\Entity::createTemporaryDirectory("test");
         $tempdir = $tempdirArray['dir'];
-        $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z";
-        $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z";
+        $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z";
+        $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z";
         // serials for our CA are always integers
         $serialHex = strtoupper(dechex((int) $cert->serial));
         if (strlen($serialHex) % 2 == 1) {
-            $serialHex = "0" . $serialHex;
+            $serialHex = "0".$serialHex;
         }
 
-        $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n";
+        $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n";
         $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement");
-        if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) {
+        if (!file_put_contents($tempdir."/index.txt", $indexStatement)) {
             $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!");
         }
         // index.txt.attr is dull but needs to exist
-        file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n");
+        file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n");
         // call "openssl ocsp" to manufacture our own OCSP statement
         // adding "-rmd sha1" to the following command-line makes the
         // choice of signature algorithm for the response explicit
         // but it's only available from openssl-1.1.0 (which we do not
         // want to require just for that one thing).
-        $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
+        $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
         $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;
@@ -159,11 +159,11 @@ 
         if ($return !== 0) {
             throw new Exception("Non-zero return value from openssl ocsp!");
         }
-        $ocsp = file_get_contents($tempdir . "/$serialHex.response.der");
+        $ocsp = file_get_contents($tempdir."/$serialHex.response.der");
         // remove the temp dir!
-        unlink($tempdir . "/$serialHex.response.der");
-        unlink($tempdir . "/index.txt.attr");
-        unlink($tempdir . "/index.txt");
+        unlink($tempdir."/$serialHex.response.der");
+        unlink($tempdir."/index.txt.attr");
+        unlink($tempdir."/index.txt");
         rmdir($tempdir);
         $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial);
         return $ocsp;