GEANT /
CAT
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | */ |
| 27 | 27 | ?> |
| 28 | 28 | <?php |
| 29 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 29 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 30 | 30 | |
| 31 | 31 | $auth = new \web\lib\admin\Authentication(); |
| 32 | 32 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -81,7 +81,7 @@ discard block |
||
| 81 | 81 | foreach ($theFed->listTlsCertificates() as $oneCert) { // fetch list a second time, in case we got a cert |
| 82 | 82 | $status = $oneCert['STATUS']; |
| 83 | 83 | if ($status == "ISSUED") { |
| 84 | - $status = "<span onclick='alert(\"".str_replace("\n","\\n",$oneCert['CERT'])."\");'>$status</span>"; |
|
| 84 | + $status = "<span onclick='alert(\"".str_replace("\n", "\\n", $oneCert['CERT'])."\");'>$status</span>"; |
|
| 85 | 85 | } |
| 86 | 86 | echo "<tr><td>".$oneCert['REQSERIAL']."</td><td>".$oneCert['DN']."</td><td>".$status."</td><td>".$oneCert['EXPIRY']."</td></tr>"; |
| 87 | 87 | } |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | */ |
| 27 | 27 | ?> |
| 28 | 28 | <?php |
| 29 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 29 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 30 | 30 | |
| 31 | 31 | $auth = new \web\lib\admin\Authentication(); |
| 32 | 32 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | // also send user back to the overview page |
| 73 | 73 | if (isset($_POST['requestcert']) && $_POST['requestcert'] == \web\lib\common\FormElements::BUTTON_SAVE) { |
| 74 | 74 | // basic sanity checks before we hand this over to openssl |
| 75 | - $sanitisedCsr = $validator->string($_POST['CSR'] ?? "" , TRUE); |
|
| 75 | + $sanitisedCsr = $validator->string($_POST['CSR'] ?? "", TRUE); |
|
| 76 | 76 | if (openssl_csr_get_public_key($sanitisedCsr) === FALSE) { |
| 77 | 77 | throw new Exception("Sorry: Unable to parse the submitted public key - no public key inside?"); |
| 78 | 78 | } |
@@ -86,7 +86,7 @@ discard block |
||
| 86 | 86 | $fed = $validator->Federation($_POST['NRO-list']); |
| 87 | 87 | $country = strtoupper($fed->tld); |
| 88 | 88 | $DN[] = "C=$country"; |
| 89 | - $DN[] = "O=NRO of " . $cat->knownFederations[strtoupper($fed->tld)]; |
|
| 89 | + $DN[] = "O=NRO of ".$cat->knownFederations[strtoupper($fed->tld)]; |
|
| 90 | 90 | $DN[] = "CN=comes.from.eduroam.db"; |
| 91 | 91 | $policies[] = "eduroam IdP"; |
| 92 | 92 | $policies[] = "eduroam SP"; |
@@ -104,11 +104,11 @@ discard block |
||
| 104 | 104 | default: |
| 105 | 105 | throw new Exception("Sorry: Unknown level of issuance requested."); |
| 106 | 106 | } |
| 107 | - echo "<p>" . _("Requesting a certificate with the following properties"); |
|
| 107 | + echo "<p>"._("Requesting a certificate with the following properties"); |
|
| 108 | 108 | echo "<ul>"; |
| 109 | - echo "<li>" . _("Policy OIDs: ") . implode(", ", $policies) . "</li>"; |
|
| 110 | - echo "<li>" . _("Distinguished Name: ") . implode(", ", $DN) . "</li>"; |
|
| 111 | - echo "<li>" . _("Requester Contact Details: will come from eduroam DB (using stub 'Someone, <[email protected]>').") . "</li>"; |
|
| 109 | + echo "<li>"._("Policy OIDs: ").implode(", ", $policies)."</li>"; |
|
| 110 | + echo "<li>"._("Distinguished Name: ").implode(", ", $DN)."</li>"; |
|
| 111 | + echo "<li>"._("Requester Contact Details: will come from eduroam DB (using stub 'Someone, <[email protected]>').")."</li>"; |
|
| 112 | 112 | echo "</ul></p>"; |
| 113 | 113 | /* $ossl = proc_open("openssl req -subj '/".implode("/", $DN)."'", [ 0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => [ "file", "/tmp/voodoo-error", "a"] ], $pipes); |
| 114 | 114 | if (is_resource($ossl)) { |
@@ -121,13 +121,13 @@ discard block |
||
| 121 | 121 | throw new Exception("Calling openssl in a fancy way did not work."); |
| 122 | 122 | } |
| 123 | 123 | echo "<p>"._("This is the new CSR (return code was $retval)")."<pre>$newCsr</pre></p>"; */ |
| 124 | - $newCsrWithMeta = ["CSR" => /* $newCsr */ $_POST['CSR'], "USERNAME" => "Someone", "USERMAIL" => "[email protected]", "SUBJECT" => implode(",", $DN) ,"FED" => $country]; |
|
| 124 | + $newCsrWithMeta = ["CSR" => /* $newCsr */ $_POST['CSR'], "USERNAME" => "Someone", "USERMAIL" => "[email protected]", "SUBJECT" => implode(",", $DN), "FED" => $country]; |
|
| 125 | 125 | // our certs can be good for max 5 years |
| 126 | 126 | $fed->requestCertificate($newCsrWithMeta, 1825); |
| 127 | 127 | echo "<p>"._("The certificate was requested.")."</p>"; |
| 128 | 128 | ?> |
| 129 | 129 | <form action="overview_certificates.php" method="GET"> |
| 130 | - <button type="submit"><?php echo _("Back to Certificate Overview");?></button> |
|
| 130 | + <button type="submit"><?php echo _("Back to Certificate Overview"); ?></button> |
|
| 131 | 131 | </form> |
| 132 | 132 | <?php |
| 133 | 133 | echo $deco->footer(); |
@@ -136,14 +136,14 @@ discard block |
||
| 136 | 136 | |
| 137 | 137 | // if we did not get a SAVE button, display UI for a fresh request instead |
| 138 | 138 | ?> |
| 139 | - <h2><?php echo _("1. Certificate Holder Details");?></h2> |
|
| 139 | + <h2><?php echo _("1. Certificate Holder Details"); ?></h2> |
|
| 140 | 140 | <form action="action_req_certificate.php" method="POST"> |
| 141 | 141 | <input type="radio" name="LEVEL" id="NRO" value="NRO" checked><?php printf(_("Certificate for %s role"), $uiElements->nomenclatureFed); ?></input> |
| 142 | 142 | <?php |
| 143 | 143 | if (count($feds) == 1) { |
| 144 | 144 | $fedObject = new \core\Federation($feds[0]['value']); |
| 145 | - echo " <strong>" . $cat->knownFederations[$fedObject->tld] . "</strong>"; |
|
| 146 | - echo '<input type="hidden" name="NRO-list" id="NRO-list" value="' . $fedObject->tld . '"/>'; |
|
| 145 | + echo " <strong>".$cat->knownFederations[$fedObject->tld]."</strong>"; |
|
| 146 | + echo '<input type="hidden" name="NRO-list" id="NRO-list" value="'.$fedObject->tld.'"/>'; |
|
| 147 | 147 | } else { |
| 148 | 148 | ?> |
| 149 | 149 | <select name="NRO-list" id="NRO-list"> |
@@ -151,7 +151,7 @@ discard block |
||
| 151 | 151 | <?php |
| 152 | 152 | foreach ($feds as $oneFed) { |
| 153 | 153 | $fedObject = new \core\Federation($oneFed['value']); |
| 154 | - echo '<option value="' . strtoupper($fedObject->tld) . '">' . $cat->knownFederations[$fedObject->tld] . "</option>"; |
|
| 154 | + echo '<option value="'.strtoupper($fedObject->tld).'">'.$cat->knownFederations[$fedObject->tld]."</option>"; |
|
| 155 | 155 | } |
| 156 | 156 | ?> |
| 157 | 157 | </select> |
@@ -171,15 +171,15 @@ discard block |
||
| 171 | 171 | } |
| 172 | 172 | } |
| 173 | 173 | foreach ($allIdPs as $id => $name) { |
| 174 | - echo '<option value="' . $id . '">' . $name . "</option>"; |
|
| 174 | + echo '<option value="'.$id.'">'.$name."</option>"; |
|
| 175 | 175 | } |
| 176 | 176 | ?> |
| 177 | 177 | </select> |
| 178 | 178 | <br/> |
| 179 | - <h2><?php echo _("2. CSR generation");?></h2> |
|
| 180 | - <p><?php echo _("One way to generate an acceptable certificate request is via this openssl one-liner:");?></p> |
|
| 179 | + <h2><?php echo _("2. CSR generation"); ?></h2> |
|
| 180 | + <p><?php echo _("One way to generate an acceptable certificate request is via this openssl one-liner:"); ?></p> |
|
| 181 | 181 | <p>openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /DC=test/DC=test/DC=eduroam/C=XY/O=WillBeReplaced/CN=will.be.replaced</p> |
| 182 | - <h2><?php echo _("3. Submission");?></h2> |
|
| 182 | + <h2><?php echo _("3. Submission"); ?></h2> |
|
| 183 | 183 | <?php echo _("Please paste your CSR here:"); ?><br/><textarea name="CSR" id="CSR" rows="20" cols="85"/></textarea><br/> |
| 184 | 184 | <button type="submit" name="requestcert" id="requestcert" value="<?php echo \web\lib\common\FormElements::BUTTON_SAVE ?>"><?php echo _("Send request"); ?></button> |
| 185 | 185 | </form> |
@@ -114,7 +114,7 @@ discard block |
||
| 114 | 114 | */ |
| 115 | 115 | public function listProfiles(bool $activeOnly = FALSE) |
| 116 | 116 | { |
| 117 | - $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier" . ($activeOnly ? " AND showtime = 1" : ""); |
|
| 117 | + $query = "SELECT profile_id FROM profile WHERE inst_id = $this->identifier".($activeOnly ? " AND showtime = 1" : ""); |
|
| 118 | 118 | $allProfiles = $this->databaseHandle->exec($query); |
| 119 | 119 | $returnarray = []; |
| 120 | 120 | // SELECT -> resource, not boolean |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | $returnarray[] = $oneProfile; |
| 125 | 125 | } |
| 126 | 126 | |
| 127 | - $this->loggerInstance->debug(4, "listProfiles: " . print_r($returnarray, true)); |
|
| 127 | + $this->loggerInstance->debug(4, "listProfiles: ".print_r($returnarray, true)); |
|
| 128 | 128 | return $returnarray; |
| 129 | 129 | } |
| 130 | 130 | |
@@ -229,7 +229,7 @@ discard block |
||
| 229 | 229 | case AbstractProfile::PROFILETYPE_SILVERBULLET: |
| 230 | 230 | $theProfile = new ProfileSilverbullet($identifier, $this); |
| 231 | 231 | $theProfile->addSupportedEapMethod(new \core\common\EAP(\core\common\EAP::EAPTYPE_SILVERBULLET), 1); |
| 232 | - $theProfile->setRealm($this->identifier . "-" . $theProfile->identifier . "." . strtolower($this->federation) . strtolower(CONFIG_CONFASSISTANT['SILVERBULLET']['realm_suffix'])); |
|
| 232 | + $theProfile->setRealm($this->identifier."-".$theProfile->identifier.".".strtolower($this->federation).strtolower(CONFIG_CONFASSISTANT['SILVERBULLET']['realm_suffix'])); |
|
| 233 | 233 | return $theProfile; |
| 234 | 234 | default: |
| 235 | 235 | throw new Exception("This type of profile is unknown and can not be added."); |
@@ -350,7 +350,7 @@ discard block |
||
| 350 | 350 | public function getExternalDBId() |
| 351 | 351 | { |
| 352 | 352 | if (CONFIG_CONFASSISTANT['CONSORTIUM']['name'] == "eduroam" && isset(CONFIG_CONFASSISTANT['CONSORTIUM']['deployment-voodoo']) && CONFIG_CONFASSISTANT['CONSORTIUM']['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
| 353 | - $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = " . self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 353 | + $idQuery = $this->databaseHandle->exec("SELECT external_db_id FROM institution WHERE inst_id = $this->identifier AND external_db_syncstate = ".self::EXTERNAL_DB_SYNCSTATE_SYNCED); |
|
| 354 | 354 | // SELECT -> it's a resource, not a boolean |
| 355 | 355 | if (mysqli_num_rows(/** @scrutinizer ignore-type */ $idQuery) == 0) { |
| 356 | 356 | return FALSE; |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | * <base_url>/copyright.php after deploying the software |
| 20 | 20 | */ |
| 21 | 21 | |
| 22 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 22 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 23 | 23 | |
| 24 | 24 | $auth = new \web\lib\admin\Authentication(); |
| 25 | 25 | $deco = new \web\lib\admin\PageDecoration(); |
@@ -56,7 +56,7 @@ discard block |
||
| 56 | 56 | $profile = $validator->Profile($_GET['profile_id'], $my_inst->identifier); |
| 57 | 57 | } else { |
| 58 | 58 | $profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS); |
| 59 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created"); |
|
| 59 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$my_inst->identifier." - Profile created"); |
|
| 60 | 60 | } |
| 61 | 61 | |
| 62 | 62 | if (!$profile instanceof \core\ProfileRADIUS) { |
@@ -118,7 +118,7 @@ discard block |
||
| 118 | 118 | $uiElements = new web\lib\admin\UIElements(); |
| 119 | 119 | // set realm info, if submitted |
| 120 | 120 | if ($realm !== FALSE) { |
| 121 | - $profile->setRealm($anonLocal . "@" . $realm); |
|
| 121 | + $profile->setRealm($anonLocal."@".$realm); |
|
| 122 | 122 | echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm)); |
| 123 | 123 | } else { |
| 124 | 124 | $profile->setRealm(""); |
@@ -141,7 +141,7 @@ discard block |
||
| 141 | 141 | echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!")); |
| 142 | 142 | } else { |
| 143 | 143 | $profile->setRealmcheckUser(true, $checkuser_name); |
| 144 | - echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm)); |
|
| 144 | + echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name."@".$realm)); |
|
| 145 | 145 | } |
| 146 | 146 | } else { |
| 147 | 147 | $profile->setRealmCheckUser(false); |
@@ -154,7 +154,7 @@ discard block |
||
| 154 | 154 | } else { |
| 155 | 155 | $profile->setInputVerificationPreference($verify, $hint); |
| 156 | 156 | if ($hint !== FALSE) { |
| 157 | - $extratext = " " . sprintf(_("and the input field will be prefilled with '<strong>@%s</strong>'."), $realm); |
|
| 157 | + $extratext = " ".sprintf(_("and the input field will be prefilled with '<strong>@%s</strong>'."), $realm); |
|
| 158 | 158 | } else { |
| 159 | 159 | $extratext = "."; |
| 160 | 160 | } |
@@ -191,29 +191,29 @@ discard block |
||
| 191 | 191 | echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>")); |
| 192 | 192 | } |
| 193 | 193 | |
| 194 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed"); |
|
| 194 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$profile->identifier." - attributes changed"); |
|
| 195 | 195 | |
| 196 | 196 | foreach (\core\common\EAP::listKnownEAPTypes() as $a) { |
| 197 | 197 | if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor |
| 198 | 198 | continue; |
| 199 | 199 | } |
| 200 | - if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) { |
|
| 201 | - $priority = (int) $_POST[$a->getPrintableRep() . "-priority"]; |
|
| 200 | + if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep()."-priority"]) && is_numeric($_POST[$a->getPrintableRep()."-priority"])) { |
|
| 201 | + $priority = (int) $_POST[$a->getPrintableRep()."-priority"]; |
|
| 202 | 202 | // add EAP type to profile as requested, but ... |
| 203 | 203 | $profile->addSupportedEapMethod($a, $priority); |
| 204 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - supported EAP types changed"); |
|
| 204 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$profile->identifier." - supported EAP types changed"); |
|
| 205 | 205 | // see if we can enable the EAP type, or if info is missing |
| 206 | 206 | $eapcompleteness = $profile->isEapTypeDefinitionComplete($a); |
| 207 | 207 | if ($eapcompleteness === true) { |
| 208 | - echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>"); |
|
| 208 | + echo $uiElements->boxOkay(_("Supported EAP Type: ")."<strong>".$a->getPrintableRep()."</strong>"); |
|
| 209 | 209 | } else { |
| 210 | 210 | $warntext = ""; |
| 211 | 211 | if (is_array($eapcompleteness)) { |
| 212 | 212 | foreach ($eapcompleteness as $item) { |
| 213 | - $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> "; |
|
| 213 | + $warntext .= "<strong>".$uiElements->displayName($item)."</strong> "; |
|
| 214 | 214 | } |
| 215 | 215 | } |
| 216 | - echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 216 | + echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext)."<br/>"._("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
| 217 | 217 | } |
| 218 | 218 | } |
| 219 | 219 | } |
@@ -223,23 +223,23 @@ discard block |
||
| 223 | 223 | if (count($significantChanges) > 0) { |
| 224 | 224 | $myInstOriginal = new \core\IdP($profile->institution); |
| 225 | 225 | // send a notification/alert mail to someone we know is in charge |
| 226 | - $text = _("To whom it may concern,") . "\n\n"; |
|
| 226 | + $text = _("To whom it may concern,")."\n\n"; |
|
| 227 | 227 | /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
| 228 | - $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
| 228 | + $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n"; |
|
| 229 | 229 | if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) { |
| 230 | - $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n"; |
|
| 231 | - $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n"; |
|
| 230 | + $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:")."\n\n"; |
|
| 231 | + $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED]."\n\n"; |
|
| 232 | 232 | } |
| 233 | 233 | if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) { |
| 234 | 234 | $text .= _("A new trusted root CA was added. The details are below:\n\n"); |
| 235 | - $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n"; |
|
| 235 | + $text .= $significantChanges[\core\AbstractProfile::CA_ADDED]."\n\n"; |
|
| 236 | 236 | } |
| 237 | 237 | if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) { |
| 238 | - $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n"; |
|
| 239 | - $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n"; |
|
| 238 | + $text .= _("A new acceptable server name for the authentication server was added. The details are below:")."\n\n"; |
|
| 239 | + $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED]."\n\n"; |
|
| 240 | 240 | } |
| 241 | - $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n"; |
|
| 242 | - $text .= _("Greetings, ") . "\n\n" . CONFIG['APPEARANCE']['productname_long']; |
|
| 241 | + $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.")."\n\n"; |
|
| 242 | + $text .= _("Greetings, ")."\n\n".CONFIG['APPEARANCE']['productname_long']; |
|
| 243 | 243 | // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
| 244 | 244 | $fed = new core\Federation($myInstOriginal->federation); |
| 245 | 245 | foreach ($fed->listFederationAdmins() as $id) { |
@@ -258,7 +258,7 @@ discard block |
||
| 258 | 258 | <?php |
| 259 | 259 | if (count($reloadedProfile->getEapMethodsinOrderOfPreference(1)) > 0) { |
| 260 | 260 | echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfile->identifier' accept-charset='UTF-8'> |
| 261 | - <button type='submit'>" . _("Continue to Installer Fine-Tuning and Download") . "</button> |
|
| 261 | + <button type='submit'>"._("Continue to Installer Fine-Tuning and Download")."</button> |
|
| 262 | 262 | </form>"; |
| 263 | 263 | } |
| 264 | 264 | echo $deco->footer(); |
@@ -20,7 +20,7 @@ discard block |
||
| 20 | 20 | * <base_url>/copyright.php after deploying the software |
| 21 | 21 | */ |
| 22 | 22 | |
| 23 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 23 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 24 | 24 | |
| 25 | 25 | $auth = new \web\lib\admin\Authentication(); |
| 26 | 26 | $loggerInstance = new \core\common\Logging(); |
@@ -38,15 +38,15 @@ discard block |
||
| 38 | 38 | $myInstOriginal = $validator->IdP($_GET['inst_id'], $_SESSION['user']); |
| 39 | 39 | $instId = $myInstOriginal->identifier; |
| 40 | 40 | |
| 41 | -$hello = _("To whom it may concern,") . "\n\n"; |
|
| 42 | -$bye = _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n" . |
|
| 43 | - _("Greetings, ") . "\n\n" . |
|
| 41 | +$hello = _("To whom it may concern,")."\n\n"; |
|
| 42 | +$bye = _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.")."\n\n". |
|
| 43 | + _("Greetings, ")."\n\n". |
|
| 44 | 44 | CONFIG['APPEARANCE']['productname_long']; |
| 45 | 45 | |
| 46 | 46 | switch ($_POST['submitbutton']) { |
| 47 | 47 | case web\lib\common\FormElements::BUTTON_DELETE: |
| 48 | 48 | $myInstOriginal->destroy(); |
| 49 | - $loggerInstance->writeAudit($_SESSION['user'], "DEL", "IdP " . $instId); |
|
| 49 | + $loggerInstance->writeAudit($_SESSION['user'], "DEL", "IdP ".$instId); |
|
| 50 | 50 | header("Location: overview_user.php"); |
| 51 | 51 | exit; |
| 52 | 52 | case web\lib\common\FormElements::BUTTON_FLUSH_AND_RESTART: |
@@ -56,9 +56,9 @@ discard block |
||
| 56 | 56 | } |
| 57 | 57 | // flush all IdP attributes and send user to creation wizard |
| 58 | 58 | $myInstOriginal->flushAttributes(); |
| 59 | - $loggerInstance->writeAudit($_SESSION['user'], "DEL", "IdP starting over" . $instId); |
|
| 60 | - $text = $hello . |
|
| 61 | - sprintf(_("the %s %s / %s / (previously known as) '%s' has deleted all properties and is starting over freshly. This means that its not recognisable by its name any more, and it may assume a different name in the future. You will get another mail if and when the name change happens."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n" . |
|
| 59 | + $loggerInstance->writeAudit($_SESSION['user'], "DEL", "IdP starting over".$instId); |
|
| 60 | + $text = $hello. |
|
| 61 | + sprintf(_("the %s %s / %s / (previously known as) '%s' has deleted all properties and is starting over freshly. This means that its not recognisable by its name any more, and it may assume a different name in the future. You will get another mail if and when the name change happens."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n". |
|
| 62 | 62 | $bye; |
| 63 | 63 | $fed = new core\Federation($myInstOriginal->federation); |
| 64 | 64 | foreach ($fed->listFederationAdmins() as $id) { |
@@ -77,19 +77,19 @@ discard block |
||
| 77 | 77 | exit(0); |
| 78 | 78 | } |
| 79 | 79 | $inst_name = $myInstOriginal->name; |
| 80 | - echo "<h1>" . sprintf(_("Submitted attributes for IdP '%s'"), $inst_name) . "</h1>"; |
|
| 80 | + echo "<h1>".sprintf(_("Submitted attributes for IdP '%s'"), $inst_name)."</h1>"; |
|
| 81 | 81 | echo "<table>"; |
| 82 | 82 | echo $optionParser->processSubmittedFields($myInstOriginal, $_POST, $_FILES); |
| 83 | 83 | echo "</table>"; |
| 84 | 84 | // delete cached logo, if present |
| 85 | - $dir = ROOT . '/web/downloads/logos/'; |
|
| 86 | - $globResult = glob($dir . $myInstOriginal->identifier . "_*.png"); |
|
| 85 | + $dir = ROOT.'/web/downloads/logos/'; |
|
| 86 | + $globResult = glob($dir.$myInstOriginal->identifier."_*.png"); |
|
| 87 | 87 | if ($globResult === FALSE) { // we should catch the improbable error condition |
| 88 | 88 | $globResult = []; |
| 89 | 89 | } |
| 90 | 90 | array_map('unlink', $globResult); |
| 91 | 91 | $loggerInstance->debug(4, "UNLINK from $dir\n"); |
| 92 | - $loggerInstance->writeAudit($_SESSION['user'], "MOD", "IdP " . $myInstOriginal->identifier . " - attributes changed"); |
|
| 92 | + $loggerInstance->writeAudit($_SESSION['user'], "MOD", "IdP ".$myInstOriginal->identifier." - attributes changed"); |
|
| 93 | 93 | |
| 94 | 94 | // re-instantiate ourselves... profiles need fresh data |
| 95 | 95 | $myInstReinstantiated = $validator->IdP($_GET['inst_id'], $_SESSION['user']); |
@@ -98,10 +98,10 @@ discard block |
||
| 98 | 98 | if (count($significantChanges) > 0) { |
| 99 | 99 | // send a notification/alert mail to someone we know is in charge |
| 100 | 100 | /// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
| 101 | - $text = $hello . sprintf(_("significant changes were made to the %s %s / %s / (previously known as) '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
| 101 | + $text = $hello.sprintf(_("significant changes were made to the %s %s / %s / (previously known as) '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n"; |
|
| 102 | 102 | if (isset($significantChanges[\core\IdP::INSTNAME_CHANGED])) { |
| 103 | - $text .= sprintf(_("The %s has changed its name. The details are below:"), $ui->nomenclatureInst) . "\n\n"; |
|
| 104 | - $text .= $significantChanges[\core\IdP::INSTNAME_CHANGED] . "\n\n"; |
|
| 103 | + $text .= sprintf(_("The %s has changed its name. The details are below:"), $ui->nomenclatureInst)."\n\n"; |
|
| 104 | + $text .= $significantChanges[\core\IdP::INSTNAME_CHANGED]."\n\n"; |
|
| 105 | 105 | } |
| 106 | 106 | $text .= $bye; |
| 107 | 107 | // (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
@@ -117,15 +117,15 @@ discard block |
||
| 117 | 117 | |
| 118 | 118 | if (isset(CONFIG_CONFASSISTANT['CONSORTIUM']['ssid']) && count(CONFIG_CONFASSISTANT['CONSORTIUM']['ssid']) > 0) { |
| 119 | 119 | foreach (CONFIG_CONFASSISTANT['CONSORTIUM']['ssid'] as $ssidname) { |
| 120 | - $ssids[] = $ssidname . " " . (isset(CONFIG_CONFASSISTANT['CONSORTIUM']['tkipsupport']) && CONFIG_CONFASSISTANT['CONSORTIUM']['tkipsupport'] === TRUE ? _("(WPA2/AES and WPA/TKIP)") : _("(WPA2/AES)") ); |
|
| 120 | + $ssids[] = $ssidname." ".(isset(CONFIG_CONFASSISTANT['CONSORTIUM']['tkipsupport']) && CONFIG_CONFASSISTANT['CONSORTIUM']['tkipsupport'] === TRUE ? _("(WPA2/AES and WPA/TKIP)") : _("(WPA2/AES)")); |
|
| 121 | 121 | } |
| 122 | 122 | } |
| 123 | 123 | |
| 124 | 124 | foreach ($myInstReinstantiated->getAttributes("media:SSID_with_legacy") as $ssidname) { |
| 125 | - $ssids[] = $ssidname['value'] . " " . _("(WPA2/AES and WPA/TKIP)"); |
|
| 125 | + $ssids[] = $ssidname['value']." "._("(WPA2/AES and WPA/TKIP)"); |
|
| 126 | 126 | } |
| 127 | 127 | foreach ($myInstReinstantiated->getAttributes("media:SSID") as $ssidname) { |
| 128 | - $ssids[] = $ssidname['value'] . " " . _("(WPA2/AES)"); |
|
| 128 | + $ssids[] = $ssidname['value']." "._("(WPA2/AES)"); |
|
| 129 | 129 | } |
| 130 | 130 | |
| 131 | 131 | echo "<table>"; |
@@ -133,7 +133,7 @@ discard block |
||
| 133 | 133 | if (count($ssids) > 0) { |
| 134 | 134 | $printedlist = ""; |
| 135 | 135 | foreach ($ssids as $names) { |
| 136 | - $printedlist = $printedlist . "$names "; |
|
| 136 | + $printedlist = $printedlist."$names "; |
|
| 137 | 137 | } |
| 138 | 138 | echo $uiElements->boxOkay(sprintf(_("Your installers will configure the following SSIDs: <strong>%s</strong>"), $printedlist), _("SSIDs configured")); |
| 139 | 139 | } |
@@ -161,7 +161,7 @@ discard block |
||
| 161 | 161 | // did we get an email address? then, show the silverbullet jumpstart button |
| 162 | 162 | // otherwise, issue a smartass comment |
| 163 | 163 | if (count($myInstReinstantiated->getAttributes("support:email")) > 0) { |
| 164 | - echo "<form method='post' action='edit_silverbullet.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>" . sprintf(_("Continue to %s properties"), \core\ProfileSilverbullet::PRODUCTNAME) . "</button></form>"; |
|
| 164 | + echo "<form method='post' action='edit_silverbullet.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>".sprintf(_("Continue to %s properties"), \core\ProfileSilverbullet::PRODUCTNAME)."</button></form>"; |
|
| 165 | 165 | } else { |
| 166 | 166 | echo "<table>"; |
| 167 | 167 | echo $uiElements->boxError(sprintf(_("You did not submit an e-mail address. This is required for %s. Please go to the %s dashboard and edit your helpdesk settings to include a helpdesk e-mail address."), core\ProfileSilverbullet::PRODUCTNAME, $ui->nomenclatureInst), _("No support e-mail!")); |
@@ -169,10 +169,10 @@ discard block |
||
| 169 | 169 | } |
| 170 | 170 | } |
| 171 | 171 | if (CONFIG['FUNCTIONALITY_LOCATIONS']['CONFASSISTANT_RADIUS'] == "LOCAL") { |
| 172 | - echo "<br/><form method='post' action='edit_profile.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>" . _("Continue to RADIUS/EAP profile definition") . "</button></form>"; |
|
| 172 | + echo "<br/><form method='post' action='edit_profile.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>"._("Continue to RADIUS/EAP profile definition")."</button></form>"; |
|
| 173 | 173 | } |
| 174 | 174 | } |
| 175 | - echo "<br/><form method='post' action='overview_idp.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>" . _("Continue to dashboard") . "</button></form>"; |
|
| 175 | + echo "<br/><form method='post' action='overview_idp.php?inst_id=$myInstReinstantiated->identifier' accept-charset='UTF-8'><button type='submit'>"._("Continue to dashboard")."</button></form>"; |
|
| 176 | 176 | echo $deco->footer(); |
| 177 | 177 | break; |
| 178 | 178 | default: |
@@ -23,7 +23,7 @@ discard block |
||
| 23 | 23 | |
| 24 | 24 | use \Exception; |
| 25 | 25 | |
| 26 | -require_once dirname(dirname(__DIR__)) . "/config/_config.php"; |
|
| 26 | +require_once dirname(dirname(__DIR__))."/config/_config.php"; |
|
| 27 | 27 | |
| 28 | 28 | /** |
| 29 | 29 | * Test suite to verify that a given NAI realm has NAPTR records according to |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['status'] = $cert['status']; |
| 145 | 145 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['message'] = $this->TLS_certkeys[$cert['status']]; |
| 146 | 146 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k]['expected'] = $cert['expected']; |
| 147 | - $add = ' -cert ' . ROOT . '/config/cli-certs/' . $cert['public'] . ' -key ' . ROOT . '/config/cli-certs/' . $cert['private']; |
|
| 147 | + $add = ' -cert '.ROOT.'/config/cli-certs/'.$cert['public'].' -key '.ROOT.'/config/cli-certs/'.$cert['private']; |
|
| 148 | 148 | if (!isset($this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k])) { |
| 149 | 149 | $this->TLS_clients_checks_result[$host]['ca'][$type]['certificate'][$k] = []; |
| 150 | 150 | } |
@@ -188,11 +188,11 @@ discard block |
||
| 188 | 188 | // but code analysers want this more explicit, so here is this extra |
| 189 | 189 | // call to escapeshellarg() |
| 190 | 190 | $escapedHost = escapeshellarg($host); |
| 191 | - $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " s_client -connect " . $escapedHost . " -tls1 -CApath " . ROOT . "/config/ca-certs/ $arg 2>&1\n"); |
|
| 191 | + $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." s_client -connect ".$escapedHost." -tls1 -CApath ".ROOT."/config/ca-certs/ $arg 2>&1\n"); |
|
| 192 | 192 | $time_start = microtime(true); |
| 193 | 193 | $opensslbabble = []; |
| 194 | 194 | $result = 999; // likely to become zero by openssl; don't want to initialise to zero, could cover up exec failures |
| 195 | - exec(CONFIG['PATHS']['openssl'] . " s_client -connect " . $escapedHost . " -no_ssl2 -no_ssl3 -CApath " . ROOT . "/config/ca-certs/ $arg 2>&1", $opensslbabble, $result); |
|
| 195 | + exec(CONFIG['PATHS']['openssl']." s_client -connect ".$escapedHost." -no_ssl2 -no_ssl3 -CApath ".ROOT."/config/ca-certs/ $arg 2>&1", $opensslbabble, $result); |
|
| 196 | 196 | $time_stop = microtime(true); |
| 197 | 197 | $testresults['time_millisec'] = floor(($time_stop - $time_start) * 1000); |
| 198 | 198 | $testresults['returncode'] = $result; |
@@ -98,15 +98,15 @@ discard block |
||
| 98 | 98 | <key>PayloadDescription</key> |
| 99 | 99 | <string>$tagline</string> |
| 100 | 100 | <key>PayloadDisplayName</key> |
| 101 | - <string>" . CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'] . "</string> |
|
| 101 | + <string>".CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']."</string> |
|
| 102 | 102 | <key>PayloadIdentifier</key> |
| 103 | - <string>" . self::$iPhonePayloadPrefix . ".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang</string> |
|
| 103 | + <string>" . self::$iPhonePayloadPrefix.".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang</string> |
|
| 104 | 104 | <key>PayloadOrganization</key> |
| 105 | - <string>" . htmlspecialchars(iconv("UTF-8", "UTF-8//IGNORE", $this->attributes['general:instname'][0]), ENT_XML1, 'UTF-8') . ( $this->attributes['internal:profile_count'][0] > 1 ? " (" . htmlspecialchars(iconv("UTF-8", "UTF-8//IGNORE", $this->attributes['profile:name'][0]), ENT_XML1, 'UTF-8') . ")" : "") . "</string> |
|
| 105 | + <string>".htmlspecialchars(iconv("UTF-8", "UTF-8//IGNORE", $this->attributes['general:instname'][0]), ENT_XML1, 'UTF-8').($this->attributes['internal:profile_count'][0] > 1 ? " (".htmlspecialchars(iconv("UTF-8", "UTF-8//IGNORE", $this->attributes['profile:name'][0]), ENT_XML1, 'UTF-8').")" : "")."</string> |
|
| 106 | 106 | <key>PayloadType</key> |
| 107 | 107 | <string>Configuration</string> |
| 108 | 108 | <key>PayloadUUID</key> |
| 109 | - <string>" . \core\common\Entity::uuid('', self::$iPhonePayloadPrefix . $this->massagedConsortium . $this->massagedCountry . $this->massagedInst . $this->massagedProfile) . "</string> |
|
| 109 | + <string>" . \core\common\Entity::uuid('', self::$iPhonePayloadPrefix.$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile)."</string> |
|
| 110 | 110 | <key>PayloadVersion</key> |
| 111 | 111 | <integer>1</integer>"; |
| 112 | 112 | \core\common\Entity::outOfThePotatoes(); |
@@ -138,16 +138,16 @@ discard block |
||
| 138 | 138 | { |
| 139 | 139 | \core\common\Entity::intoThePotatoes(); |
| 140 | 140 | if (isset($this->attributes['support:info_file'])) { |
| 141 | - return MobileconfigSuperclass::BUFFER_CONSENT_PRE . htmlspecialchars(iconv("UTF-8", "UTF-8//TRANSLIT", $this->attributes['support:info_file'][0]), ENT_XML1, 'UTF-8') . MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 141 | + return MobileconfigSuperclass::BUFFER_CONSENT_PRE.htmlspecialchars(iconv("UTF-8", "UTF-8//TRANSLIT", $this->attributes['support:info_file'][0]), ENT_XML1, 'UTF-8').MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 142 | 142 | } |
| 143 | 143 | if ($this->attributes['internal:verify_userinput_suffix'][0] != 0) { |
| 144 | 144 | if (strlen($this->attributes['internal:realm'][0]) > 0) { |
| 145 | 145 | /// note space between variable and exclamation mark - makes sure users don't mistakenly think the exclamation mark is part of the required username! |
| 146 | - $retval = MobileconfigSuperclass::BUFFER_CONSENT_PRE . sprintf(_("Important Notice: your username must end with @%s !"), $this->attributes['internal:realm'][0]) . MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 146 | + $retval = MobileconfigSuperclass::BUFFER_CONSENT_PRE.sprintf(_("Important Notice: your username must end with @%s !"), $this->attributes['internal:realm'][0]).MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 147 | 147 | \core\common\Entity::outOfThePotatoes(); |
| 148 | 148 | return $retval; |
| 149 | 149 | } |
| 150 | - $retval = MobileconfigSuperclass::BUFFER_CONSENT_PRE . _("Important Notice: your username MUST be in the form of xxx@yyy where the yyy is a common suffix identifying your Identity Provider. Please find out what to use there and enter the username in the correct format.") . MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 150 | + $retval = MobileconfigSuperclass::BUFFER_CONSENT_PRE._("Important Notice: your username MUST be in the form of xxx@yyy where the yyy is a common suffix identifying your Identity Provider. Please find out what to use there and enter the username in the correct format.").MobileconfigSuperclass::BUFFER_CONSENT_POST; |
|
| 151 | 151 | \core\common\Entity::outOfThePotatoes(); |
| 152 | 152 | return $retval; |
| 153 | 153 | } |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | // also escape htmlspecialchars |
| 172 | 172 | // not all names and profiles have a name, so be prepared |
| 173 | 173 | |
| 174 | - $this->loggerInstance->debug(5, "List of available attributes: " . var_export($this->attributes, TRUE)); |
|
| 174 | + $this->loggerInstance->debug(5, "List of available attributes: ".var_export($this->attributes, TRUE)); |
|
| 175 | 175 | |
| 176 | 176 | $this->instName = $this->attributes['general:instname'][0] ?? _("Unnamed Organisation"); |
| 177 | 177 | $this->profileName = $this->attributes['profile:name'][0] ?? _("Unnamed Profile"); |
@@ -213,7 +213,7 @@ discard block |
||
| 213 | 213 | |
| 214 | 214 | file_put_contents('installer_profile', $outputXml); |
| 215 | 215 | |
| 216 | - $fileName = $this->installerBasename . '.mobileconfig'; |
|
| 216 | + $fileName = $this->installerBasename.'.mobileconfig'; |
|
| 217 | 217 | |
| 218 | 218 | if (!$this->sign) { |
| 219 | 219 | rename("installer_profile", $fileName); |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | return $fileName; |
| 222 | 222 | } |
| 223 | 223 | // still here? Then we are signing. |
| 224 | - $signing = system($this->sign . " installer_profile '$fileName' > /dev/null"); |
|
| 224 | + $signing = system($this->sign." installer_profile '$fileName' > /dev/null"); |
|
| 225 | 225 | if ($signing === FALSE) { |
| 226 | 226 | $this->loggerInstance->debug(2, "Signing the mobileconfig installer $fileName FAILED!\n"); |
| 227 | 227 | } |
@@ -240,19 +240,19 @@ discard block |
||
| 240 | 240 | \core\common\Entity::intoThePotatoes(); |
| 241 | 241 | $ssidCount = count($this->attributes['internal:SSID']); |
| 242 | 242 | $certCount = count($this->attributes['internal:CAs'][0]); |
| 243 | - $out = "<p>" . _("For best results, please use the built-in browser (Safari) to open the configuration file.") . "</p>"; |
|
| 243 | + $out = "<p>"._("For best results, please use the built-in browser (Safari) to open the configuration file.")."</p>"; |
|
| 244 | 244 | $out .= "<p>"; |
| 245 | 245 | $out .= _("The profile will install itself after you click (or tap) the button. You will be asked for confirmation/input at several points:"); |
| 246 | 246 | $out .= "<ul>"; |
| 247 | - $out .= "<li>" . _("to install the profile") . "</li>"; |
|
| 248 | - $out .= "<li>" . ngettext("to accept the server certificate authority", "to accept the server certificate authorities", $certCount); |
|
| 247 | + $out .= "<li>"._("to install the profile")."</li>"; |
|
| 248 | + $out .= "<li>".ngettext("to accept the server certificate authority", "to accept the server certificate authorities", $certCount); |
|
| 249 | 249 | if ($certCount > 1) { |
| 250 | - $out .= " " . sprintf(_("(%d times)"), $certCount); |
|
| 250 | + $out .= " ".sprintf(_("(%d times)"), $certCount); |
|
| 251 | 251 | } |
| 252 | 252 | $out .= "</li>"; |
| 253 | - $out .= "<li>" . _("to enter the username and password you have been given by your organisation"); |
|
| 253 | + $out .= "<li>"._("to enter the username and password you have been given by your organisation"); |
|
| 254 | 254 | if ($ssidCount > 1) { |
| 255 | - $out .= " " . sprintf(_("(%d times each, because %s is installed for %d SSIDs)"), $ssidCount, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $ssidCount); |
|
| 255 | + $out .= " ".sprintf(_("(%d times each, because %s is installed for %d SSIDs)"), $ssidCount, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $ssidCount); |
|
| 256 | 256 | } |
| 257 | 257 | $out .= "</li>"; |
| 258 | 258 | $out .= "</ul>"; |
@@ -305,7 +305,7 @@ discard block |
||
| 305 | 305 | $retval .= " <key>RoamingConsortiumOIs</key> |
| 306 | 306 | <array>"; |
| 307 | 307 | |
| 308 | - $retval .= "<string>" . strtoupper($consortiumOi) . "</string>"; |
|
| 308 | + $retval .= "<string>".strtoupper($consortiumOi)."</string>"; |
|
| 309 | 309 | |
| 310 | 310 | $retval .= "</array>"; |
| 311 | 311 | // this is an undocumented value found on the net. Does it do something useful? |
@@ -346,7 +346,7 @@ discard block |
||
| 346 | 346 | <dict> |
| 347 | 347 | <key>AcceptEAPTypes</key> |
| 348 | 348 | <array> |
| 349 | - <integer>" . $eapType['OUTER'] . "</integer> |
|
| 349 | + <integer>" . $eapType['OUTER']."</integer> |
|
| 350 | 350 | </array> |
| 351 | 351 | <key>EAPFASTProvisionPAC</key> |
| 352 | 352 | <true /> |
@@ -359,7 +359,7 @@ discard block |
||
| 359 | 359 | "; |
| 360 | 360 | if ($realm !== NULL) { |
| 361 | 361 | $retval .= "<key>OuterIdentity</key> |
| 362 | - <string>" . htmlspecialchars($realm, ENT_XML1, 'UTF-8') . "</string> |
|
| 362 | + <string>" . htmlspecialchars($realm, ENT_XML1, 'UTF-8')."</string> |
|
| 363 | 363 | "; |
| 364 | 364 | } |
| 365 | 365 | $retval .= "<key>PayloadCertificateAnchorUUID</key> |
@@ -383,11 +383,11 @@ discard block |
||
| 383 | 383 | $retval .= " |
| 384 | 384 | </array>"; |
| 385 | 385 | if ($eapType['INNER'] == \core\common\EAP::NE_SILVERBULLET) { |
| 386 | - $retval .= "<key>UserName</key><string>" . $this->clientCert["certObject"]->username . "</string>"; |
|
| 386 | + $retval .= "<key>UserName</key><string>".$this->clientCert["certObject"]->username."</string>"; |
|
| 387 | 387 | } |
| 388 | 388 | $retval .= " |
| 389 | 389 | <key>TTLSInnerAuthentication</key> |
| 390 | - <string>" . ($eapType['INNER'] == \core\common\EAP::NONE ? "PAP" : "MSCHAPv2") . "</string> |
|
| 390 | + <string>" . ($eapType['INNER'] == \core\common\EAP::NONE ? "PAP" : "MSCHAPv2")."</string> |
|
| 391 | 391 | </dict>"; |
| 392 | 392 | return $retval; |
| 393 | 393 | } |
@@ -407,9 +407,9 @@ discard block |
||
| 407 | 407 | // characters are still reversed, invert on use! |
| 408 | 408 | $buffer .= "<string>Manual</string> |
| 409 | 409 | <key>ProxyServer</key> |
| 410 | - <string>" . strrev($serverAndPort[1]) . "</string> |
|
| 410 | + <string>" . strrev($serverAndPort[1])."</string> |
|
| 411 | 411 | <key>ProxyServerPort</key> |
| 412 | - <integer>" . strrev($serverAndPort[0]) . "</integer> |
|
| 412 | + <integer>" . strrev($serverAndPort[0])."</integer> |
|
| 413 | 413 | <key>ProxyPACFallbackAllowed</key> |
| 414 | 414 | <false/>"; |
| 415 | 415 | } else { |
@@ -438,7 +438,7 @@ discard block |
||
| 438 | 438 | throw new Exception("SSID must be a string!"); |
| 439 | 439 | } |
| 440 | 440 | $escapedSSID = htmlspecialchars($toBeConfigured, ENT_XML1, 'UTF-8'); |
| 441 | - $payloadIdentifier = "wifi." . $this->serial; |
|
| 441 | + $payloadIdentifier = "wifi.".$this->serial; |
|
| 442 | 442 | $payloadShortName = sprintf(_("SSID %s"), $escapedSSID); |
| 443 | 443 | $payloadName = sprintf(_("%s configuration for network name %s"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $escapedSSID); |
| 444 | 444 | $encryptionTypeString = "WPA"; |
@@ -468,7 +468,7 @@ discard block |
||
| 468 | 468 | $payloadIdentifier = "hs20.$toBeConfigured"; |
| 469 | 469 | $knownOiName = array_search($toBeConfigured, CONFIG_CONFASSISTANT['CONSORTIUM']['interworking-consortium-oi']); |
| 470 | 470 | if ($knownOiName === FALSE) { // a custom RCOI as set by the IdP admin; do not use the term "eduroam" in that one! |
| 471 | - $knownOiName = $this->instName . " "._("Roaming Partner"); |
|
| 471 | + $knownOiName = $this->instName." "._("Roaming Partner"); |
|
| 472 | 472 | } |
| 473 | 473 | $payloadShortName = $knownOiName; |
| 474 | 474 | $payloadName = _("Passpoint roaming configuration ($knownOiName)"); |
@@ -490,11 +490,11 @@ discard block |
||
| 490 | 490 | <key>PayloadDisplayName</key> |
| 491 | 491 | <string>$payloadShortName</string> |
| 492 | 492 | <key>PayloadIdentifier</key> |
| 493 | - <string>" . self::$iPhonePayloadPrefix . ".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang.$payloadIdentifier</string> |
|
| 493 | + <string>".self::$iPhonePayloadPrefix.".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang.$payloadIdentifier</string> |
|
| 494 | 494 | <key>PayloadOrganization</key> |
| 495 | - <string>" . $this->massagedConsortium . ".1x-config.org</string> |
|
| 495 | + <string>".$this->massagedConsortium.".1x-config.org</string> |
|
| 496 | 496 | <key>PayloadType</key> |
| 497 | - <string>com.apple." . ($blocktype == MobileconfigSuperclass::NETWORK_BLOCK_TYPE_WIRED ? "firstactiveethernet" : "wifi") . ".managed</string>"; |
|
| 497 | + <string>com.apple." . ($blocktype == MobileconfigSuperclass::NETWORK_BLOCK_TYPE_WIRED ? "firstactiveethernet" : "wifi").".managed</string>"; |
|
| 498 | 498 | $retval .= $this->proxySettings(); |
| 499 | 499 | $retval .= $setupModesString; |
| 500 | 500 | if ($eapType['INNER'] == \core\common\EAP::NE_SILVERBULLET) { |
@@ -506,7 +506,7 @@ discard block |
||
| 506 | 506 | } |
| 507 | 507 | $retval .= " |
| 508 | 508 | <key>PayloadUUID</key> |
| 509 | - <string>" . \core\common\Entity::uuid() . "</string> |
|
| 509 | + <string>" . \core\common\Entity::uuid()."</string> |
|
| 510 | 510 | <key>PayloadVersion</key> |
| 511 | 511 | <integer>1</integer> |
| 512 | 512 | $wifiNetworkIdentification</dict>"; |
@@ -536,15 +536,15 @@ discard block |
||
| 536 | 536 | <key>IsHotspot</key> |
| 537 | 537 | <false/> |
| 538 | 538 | <key>PayloadDescription</key> |
| 539 | - <string>" . sprintf(_("This SSID should not be used after bootstrapping %s"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) . "</string> |
|
| 539 | + <string>" . sprintf(_("This SSID should not be used after bootstrapping %s"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'])."</string> |
|
| 540 | 540 | <key>PayloadDisplayName</key> |
| 541 | - <string>" . _("Disabled WiFi network") . "</string> |
|
| 541 | + <string>" . _("Disabled WiFi network")."</string> |
|
| 542 | 542 | <key>PayloadIdentifier</key> |
| 543 | - <string>" . self::$iPhonePayloadPrefix . ".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang.wifi.disabled.$this->removeSerial</string> |
|
| 543 | + <string>" . self::$iPhonePayloadPrefix.".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.$this->lang.wifi.disabled.$this->removeSerial</string> |
|
| 544 | 544 | <key>PayloadType</key> |
| 545 | 545 | <string>com.apple.wifi.managed</string> |
| 546 | 546 | <key>PayloadUUID</key> |
| 547 | - <string>" . \core\common\Entity::uuid() . "</string> |
|
| 547 | + <string>".\core\common\Entity::uuid()."</string> |
|
| 548 | 548 | <key>PayloadVersion</key> |
| 549 | 549 | <real>1</real>"; |
| 550 | 550 | $retval .= $this->proxySettings(); |
@@ -623,12 +623,12 @@ discard block |
||
| 623 | 623 | $mimeBlob = base64_encode($binaryBlob); |
| 624 | 624 | $mimeFormatted = chunk_split($mimeBlob, 52, "\r\n"); |
| 625 | 625 | $payloadUUID = \core\common\Entity::uuid('', $mimeBlob); |
| 626 | - $retArray = ["block" => "<dict>" . |
|
| 626 | + $retArray = ["block" => "<dict>". |
|
| 627 | 627 | // we don't include the import password. It's displayed on screen, and should be input by the user. |
| 628 | 628 | // <key>Password</key> |
| 629 | 629 | // <string>" . $this->clientCert['password'] . "</string> |
| 630 | 630 | "<key>PayloadCertificateFileName</key> |
| 631 | - <string>" . $this->massagedConsortium . ".pfx</string> |
|
| 631 | + <string>" . $this->massagedConsortium.".pfx</string> |
|
| 632 | 632 | <key>PayloadContent</key> |
| 633 | 633 | <data> |
| 634 | 634 | $mimeFormatted |
@@ -636,7 +636,7 @@ discard block |
||
| 636 | 636 | <key>PayloadDescription</key> |
| 637 | 637 | <string>MIME Base-64 encoded PKCS#12 Client Certificate</string> |
| 638 | 638 | <key>PayloadDisplayName</key> |
| 639 | - <string>" . _("eduroam user certificate") . "</string> |
|
| 639 | + <string>"._("eduroam user certificate")."</string> |
|
| 640 | 640 | <key>PayloadIdentifier</key> |
| 641 | 641 | <string>com.apple.security.pkcs12.$payloadUUID</string> |
| 642 | 642 | <key>PayloadType</key> |
@@ -646,7 +646,7 @@ discard block |
||
| 646 | 646 | <key>PayloadVersion</key> |
| 647 | 647 | <integer>1</integer> |
| 648 | 648 | </dict>", |
| 649 | - "UUID" => $payloadUUID,]; |
|
| 649 | + "UUID" => $payloadUUID, ]; |
|
| 650 | 650 | \core\common\Entity::outOfThePotatoes(); |
| 651 | 651 | return $retArray; |
| 652 | 652 | } |
@@ -665,7 +665,7 @@ discard block |
||
| 665 | 665 | } |
| 666 | 666 | $expiryTime = new \DateTime($this->clientCert['certObject']->expiry); |
| 667 | 667 | return "<key>RemovalDate</key> |
| 668 | - <date>" . $expiryTime->format("Y-m-d") . "T" . $expiryTime->format("H:i:s") . "Z</date>"; |
|
| 668 | + <date>" . $expiryTime->format("Y-m-d")."T".$expiryTime->format("H:i:s")."Z</date>"; |
|
| 669 | 669 | } |
| 670 | 670 | |
| 671 | 671 | private $CAsAccountedFor = []; |
@@ -689,27 +689,27 @@ discard block |
||
| 689 | 689 | $stream = " |
| 690 | 690 | <dict> |
| 691 | 691 | <key>PayloadCertificateFileName</key> |
| 692 | - <string>" . $ca['uuid'] . ".der</string> |
|
| 692 | + <string>" . $ca['uuid'].".der</string> |
|
| 693 | 693 | <key>PayloadContent</key> |
| 694 | 694 | <data> |
| 695 | -" . $trimmedPem . "</data> |
|
| 695 | +" . $trimmedPem."</data> |
|
| 696 | 696 | <key>PayloadDescription</key> |
| 697 | - <string>" . sprintf(_("The %s Certification Authority"), \core\common\Entity::$nomenclature_inst) . "</string> |
|
| 697 | + <string>" . sprintf(_("The %s Certification Authority"), \core\common\Entity::$nomenclature_inst)."</string> |
|
| 698 | 698 | <key>PayloadDisplayName</key> |
| 699 | 699 | <string>" . |
| 700 | 700 | /// example: "Identity Provider CA #1 (Root)" |
| 701 | - sprintf(_("%s CA #%d (%s)" ), |
|
| 701 | + sprintf(_("%s CA #%d (%s)"), |
|
| 702 | 702 | \core\common\Entity::$nomenclature_inst, |
| 703 | - count($this->CAsAccountedFor)+1, |
|
| 704 | - ($ca['root'] ? _("Root") : _("Intermediate"))) . |
|
| 703 | + count($this->CAsAccountedFor) + 1, |
|
| 704 | + ($ca['root'] ? _("Root") : _("Intermediate"))). |
|
| 705 | 705 | "</string> |
| 706 | 706 | <key>PayloadIdentifier</key> |
| 707 | - <string>" . self::$iPhonePayloadPrefix . ".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.credential.$this->caSerial</string> |
|
| 707 | + <string>" . self::$iPhonePayloadPrefix.".$this->massagedConsortium.$this->massagedCountry.$this->massagedInst.$this->massagedProfile.credential.$this->caSerial</string> |
|
| 708 | 708 | <key>PayloadOrganization</key> |
| 709 | - <string>" . $this->massagedConsortium . ".1x-config.org</string> |
|
| 709 | + <string>".$this->massagedConsortium.".1x-config.org</string> |
|
| 710 | 710 | <key>PayloadType</key> |
| 711 | 711 | <string>com.apple.security.root</string> |
| 712 | - <key>PayloadUUID</key><string>" . $ca['uuid'] . "</string> |
|
| 712 | + <key>PayloadUUID</key><string>" . $ca['uuid']."</string> |
|
| 713 | 713 | <key>PayloadVersion</key> |
| 714 | 714 | <integer>1</integer> |
| 715 | 715 | </dict>"; |
@@ -35,7 +35,7 @@ discard block |
||
| 35 | 35 | |
| 36 | 36 | use \Exception; |
| 37 | 37 | |
| 38 | -require_once dirname(dirname(__DIR__)) . "/config/_config.php"; |
|
| 38 | +require_once dirname(dirname(__DIR__))."/config/_config.php"; |
|
| 39 | 39 | |
| 40 | 40 | /** |
| 41 | 41 | * Test suite to verify that an EAP setup is actually working as advertised in |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | } |
| 169 | 169 | } |
| 170 | 170 | |
| 171 | - $this->loggerInstance->debug(4, "RADIUSTests is in opMode " . $this->opMode . ", parameters were: $realm, $outerUsernameForChecks, " . print_r($supportedEapTypes, true)); |
|
| 171 | + $this->loggerInstance->debug(4, "RADIUSTests is in opMode ".$this->opMode.", parameters were: $realm, $outerUsernameForChecks, ".print_r($supportedEapTypes, true)); |
|
| 172 | 172 | $this->loggerInstance->debug(4, print_r($expectedServerNames, true)); |
| 173 | 173 | $this->loggerInstance->debug(4, print_r($expectedCABundle, true)); |
| 174 | 174 | |
@@ -258,7 +258,7 @@ discard block |
||
| 258 | 258 | $returnarray[] = RADIUSTests::CERTPROB_WILDCARD_IN_NAME; |
| 259 | 259 | continue; // otherwise we'd ALSO complain that it's not a real hostname |
| 260 | 260 | } |
| 261 | - if ($onename != "" && filter_var("foo@" . idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 261 | + if ($onename != "" && filter_var("foo@".idn_to_ascii($onename), FILTER_VALIDATE_EMAIL) === FALSE) { |
|
| 262 | 262 | $returnarray[] = RADIUSTests::CERTPROB_NOT_A_HOSTNAME; |
| 263 | 263 | } |
| 264 | 264 | } |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | if (preg_match("/sha1/i", $intermediateCa['full_details']['signatureTypeSN'])) { |
| 285 | 285 | $returnarray[] = RADIUSTests::CERTPROB_SHA1_SIGNATURE; |
| 286 | 286 | } |
| 287 | - $this->loggerInstance->debug(4, "CERT IS: " . print_r($intermediateCa, TRUE)); |
|
| 287 | + $this->loggerInstance->debug(4, "CERT IS: ".print_r($intermediateCa, TRUE)); |
|
| 288 | 288 | if ($intermediateCa['basicconstraints_set'] == 0) { |
| 289 | 289 | $returnarray[] = RADIUSTests::CERTPROB_NO_BASICCONSTRAINTS; |
| 290 | 290 | } |
@@ -333,7 +333,7 @@ discard block |
||
| 333 | 333 | { |
| 334 | 334 | // for EAP-TLS to be a viable option, we need to pass a random client cert to make eapol_test happy |
| 335 | 335 | // the following PEM data is one of the SENSE EAPLab client certs (not secret at all) |
| 336 | - $clientcert = file_get_contents(dirname(__FILE__) . "/clientcert.p12"); |
|
| 336 | + $clientcert = file_get_contents(dirname(__FILE__)."/clientcert.p12"); |
|
| 337 | 337 | if ($clientcert === FALSE) { |
| 338 | 338 | throw new Exception("A dummy client cert is part of the source distribution, but could not be loaded!"); |
| 339 | 339 | } |
@@ -342,7 +342,7 @@ discard block |
||
| 342 | 342 | if ($this->opMode == self::RADIUS_TEST_OPERATION_MODE_THOROUGH) { |
| 343 | 343 | return $this->udpLogin($probeindex, $this->supportedEapTypes[0]->getArrayRep(), $this->outerUsernameForChecks, 'eaplab', $opnameCheck, $frag, $clientcert); |
| 344 | 344 | } |
| 345 | - return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@" . $this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 345 | + return $this->udpLogin($probeindex, \core\common\EAP::EAPTYPE_ANY, "cat-connectivity-test@".$this->realm, 'eaplab', $opnameCheck, $frag, $clientcert); |
|
| 346 | 346 | } |
| 347 | 347 | |
| 348 | 348 | /** |
@@ -363,7 +363,7 @@ discard block |
||
| 363 | 363 | return RADIUSTests::CERTPROB_NO_CDP_HTTP; |
| 364 | 364 | } |
| 365 | 365 | // first and second sub-match is the full URL... check it |
| 366 | - $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1] . $crlUrl[2])); |
|
| 366 | + $crlcontent = \core\common\OutsideComm::downloadFile(trim($crlUrl[1].$crlUrl[2])); |
|
| 367 | 367 | if ($crlcontent === FALSE) { |
| 368 | 368 | return RADIUSTests::CERTPROB_NO_CRL_AT_CDP_URL; |
| 369 | 369 | } |
@@ -377,7 +377,7 @@ discard block |
||
| 377 | 377 | |
| 378 | 378 | // $pem = chunk_split(base64_encode($crlcontent), 64, "\n"); |
| 379 | 379 | // inspired by https://stackoverflow.com/questions/2390604/how-to-pass-variables-as-stdin-into-command-line-from-php |
| 380 | - $proc = CONFIG['PATHS']['openssl'] . " crl -inform der"; |
|
| 380 | + $proc = CONFIG['PATHS']['openssl']." crl -inform der"; |
|
| 381 | 381 | $descriptorspec = [ |
| 382 | 382 | 0 => ["pipe", "r"], |
| 383 | 383 | 1 => ["pipe", "w"], |
@@ -416,7 +416,7 @@ discard block |
||
| 416 | 416 | $origLength = strlen($hex); |
| 417 | 417 | for ($i = 1; $i < $origLength; $i++) { |
| 418 | 418 | if ($i % 2 == 1 && $i != strlen($hex)) { |
| 419 | - $spaced .= $hex[$i] . " "; |
|
| 419 | + $spaced .= $hex[$i]." "; |
|
| 420 | 420 | } else { |
| 421 | 421 | $spaced .= $hex[$i]; |
| 422 | 422 | } |
@@ -543,19 +543,19 @@ discard block |
||
| 543 | 543 | $eapText = \core\common\EAP::eapDisplayName($eaptype); |
| 544 | 544 | $config = ' |
| 545 | 545 | network={ |
| 546 | - ssid="' . CONFIG['APPEARANCE']['productname'] . ' testing" |
|
| 546 | + ssid="' . CONFIG['APPEARANCE']['productname'].' testing" |
|
| 547 | 547 | key_mgmt=WPA-EAP |
| 548 | 548 | proto=WPA2 |
| 549 | 549 | pairwise=CCMP |
| 550 | 550 | group=CCMP |
| 551 | 551 | '; |
| 552 | 552 | // phase 1 |
| 553 | - $config .= 'eap=' . $eapText['OUTER'] . "\n"; |
|
| 553 | + $config .= 'eap='.$eapText['OUTER']."\n"; |
|
| 554 | 554 | $logConfig = $config; |
| 555 | 555 | // phase 2 if applicable; all inner methods have passwords |
| 556 | 556 | if (isset($eapText['INNER']) && $eapText['INNER'] != "") { |
| 557 | - $config .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 558 | - $logConfig .= ' phase2="auth=' . $eapText['INNER'] . "\"\n"; |
|
| 557 | + $config .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 558 | + $logConfig .= ' phase2="auth='.$eapText['INNER']."\"\n"; |
|
| 559 | 559 | } |
| 560 | 560 | // all methods set a password, except EAP-TLS |
| 561 | 561 | if ($eaptype != \core\common\EAP::EAPTYPE_TLS) { |
@@ -571,11 +571,11 @@ discard block |
||
| 571 | 571 | } |
| 572 | 572 | |
| 573 | 573 | // inner identity |
| 574 | - $config .= ' identity="' . $inner . "\"\n"; |
|
| 575 | - $logConfig .= ' identity="' . $inner . "\"\n"; |
|
| 574 | + $config .= ' identity="'.$inner."\"\n"; |
|
| 575 | + $logConfig .= ' identity="'.$inner."\"\n"; |
|
| 576 | 576 | // outer identity, may be equal |
| 577 | - $config .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 578 | - $logConfig .= ' anonymous_identity="' . $outer . "\"\n"; |
|
| 577 | + $config .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 578 | + $logConfig .= ' anonymous_identity="'.$outer."\"\n"; |
|
| 579 | 579 | // done |
| 580 | 580 | $config .= "}"; |
| 581 | 581 | $logConfig .= "}"; |
@@ -638,13 +638,13 @@ discard block |
||
| 638 | 638 | */ |
| 639 | 639 | private function eapolTestConfig($probeindex, $opName, $frag) |
| 640 | 640 | { |
| 641 | - $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test'] . |
|
| 642 | - " -a " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip'] . |
|
| 643 | - " -s " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret'] . |
|
| 644 | - " -o serverchain.pem" . |
|
| 645 | - " -c ./udp_login_test.conf" . |
|
| 646 | - " -M 22:44:66:CA:20:" . sprintf("%02d", $probeindex) . " " . |
|
| 647 | - " -t " . CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout'] . " "; |
|
| 641 | + $cmdline = CONFIG_DIAGNOSTICS['PATHS']['eapol_test']. |
|
| 642 | + " -a ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['ip']. |
|
| 643 | + " -s ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['secret']. |
|
| 644 | + " -o serverchain.pem". |
|
| 645 | + " -c ./udp_login_test.conf". |
|
| 646 | + " -M 22:44:66:CA:20:".sprintf("%02d", $probeindex)." ". |
|
| 647 | + " -t ".CONFIG_DIAGNOSTICS['RADIUSTESTS']['UDP-hosts'][$probeindex]['timeout']." "; |
|
| 648 | 648 | if ($opName) { |
| 649 | 649 | $cmdline .= '-N126:s:"1cat.eduroam.org" '; |
| 650 | 650 | } |
@@ -674,10 +674,10 @@ discard block |
||
| 674 | 674 | */ |
| 675 | 675 | private function createCArepository($tmpDir, &$intermOdditiesCAT, $servercert, $eapIntermediates, $eapIntermediateCRLs) |
| 676 | 676 | { |
| 677 | - if (!mkdir($tmpDir . "/root-ca-allcerts/", 0700, true)) { |
|
| 677 | + if (!mkdir($tmpDir."/root-ca-allcerts/", 0700, true)) { |
|
| 678 | 678 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-allcerts/\n"); |
| 679 | 679 | } |
| 680 | - if (!mkdir($tmpDir . "/root-ca-eaponly/", 0700, true)) { |
|
| 680 | + if (!mkdir($tmpDir."/root-ca-eaponly/", 0700, true)) { |
|
| 681 | 681 | throw new Exception("unable to create root CA directory (RADIUS Tests): $tmpDir/root-ca-eaponly/\n"); |
| 682 | 682 | } |
| 683 | 683 | // make a copy of the EAP-received chain and add the configured intermediates, if any |
@@ -691,15 +691,15 @@ discard block |
||
| 691 | 691 | } |
| 692 | 692 | if ($decoded['ca'] == 1) { |
| 693 | 693 | if ($decoded['root'] == 1) { // save CAT roots to the root directory |
| 694 | - file_put_contents($tmpDir . "/root-ca-eaponly/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 695 | - file_put_contents($tmpDir . "/root-ca-allcerts/configuredroot" . count($catRoots) . ".pem", $decoded['pem']); |
|
| 694 | + file_put_contents($tmpDir."/root-ca-eaponly/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 695 | + file_put_contents($tmpDir."/root-ca-allcerts/configuredroot".count($catRoots).".pem", $decoded['pem']); |
|
| 696 | 696 | $catRoots[] = $decoded['pem']; |
| 697 | 697 | } else { // save the intermediates to allcerts directory |
| 698 | - file_put_contents($tmpDir . "/root-ca-allcerts/cat-intermediate" . count($catIntermediates) . ".pem", $decoded['pem']); |
|
| 698 | + file_put_contents($tmpDir."/root-ca-allcerts/cat-intermediate".count($catIntermediates).".pem", $decoded['pem']); |
|
| 699 | 699 | $intermOdditiesCAT = array_merge($intermOdditiesCAT, $this->propertyCheckIntermediate($decoded)); |
| 700 | 700 | if (isset($decoded['CRL']) && isset($decoded['CRL'][0])) { |
| 701 | 701 | $this->loggerInstance->debug(4, "got an intermediate CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 702 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl_cat" . count($catIntermediates) . ".pem", $decoded['CRL'][0]); |
|
| 702 | + file_put_contents($tmpDir."/root-ca-allcerts/crl_cat".count($catIntermediates).".pem", $decoded['CRL'][0]); |
|
| 703 | 703 | } |
| 704 | 704 | $catIntermediates[] = $decoded['pem']; |
| 705 | 705 | } |
@@ -708,26 +708,26 @@ discard block |
||
| 708 | 708 | // save all intermediate certificates and CRLs to separate files in |
| 709 | 709 | // both root-ca directories |
| 710 | 710 | foreach ($eapIntermediates as $index => $onePem) { |
| 711 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 712 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 711 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediate$index.pem", $onePem); |
|
| 712 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediate$index.pem", $onePem); |
|
| 713 | 713 | } |
| 714 | 714 | foreach ($eapIntermediateCRLs as $index => $onePem) { |
| 715 | - file_put_contents($tmpDir . "/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 716 | - file_put_contents($tmpDir . "/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 715 | + file_put_contents($tmpDir."/root-ca-eaponly/intermediateCRL$index.pem", $onePem); |
|
| 716 | + file_put_contents($tmpDir."/root-ca-allcerts/intermediateCRL$index.pem", $onePem); |
|
| 717 | 717 | } |
| 718 | 718 | |
| 719 | 719 | $checkstring = ""; |
| 720 | 720 | if (isset($servercert['CRL']) && isset($servercert['CRL'][0])) { |
| 721 | 721 | $this->loggerInstance->debug(4, "got a server CRL; adding them to the chain checks. (Remember: checking end-entity cert only, not the whole chain"); |
| 722 | 722 | $checkstring = "-crl_check_all"; |
| 723 | - file_put_contents($tmpDir . "/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 724 | - file_put_contents($tmpDir . "/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 723 | + file_put_contents($tmpDir."/root-ca-eaponly/crl-server.pem", $servercert['CRL'][0]); |
|
| 724 | + file_put_contents($tmpDir."/root-ca-allcerts/crl-server.pem", $servercert['CRL'][0]); |
|
| 725 | 725 | } |
| 726 | 726 | |
| 727 | 727 | |
| 728 | 728 | // now c_rehash the root CA directory ... |
| 729 | - system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 730 | - system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash'] . " $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 729 | + system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-eaponly/ > /dev/null"); |
|
| 730 | + system(CONFIG_DIAGNOSTICS['PATHS']['c_rehash']." $tmpDir/root-ca-allcerts/ > /dev/null"); |
|
| 731 | 731 | return $checkstring; |
| 732 | 732 | } |
| 733 | 733 | |
@@ -759,12 +759,12 @@ discard block |
||
| 759 | 759 | // the error log will complain if we run this test against an empty file of certs |
| 760 | 760 | // so test if there's something PEMy in the file at all |
| 761 | 761 | if (filesize("$tmpDir/serverchain.pem") > 10) { |
| 762 | - exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 763 | - $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 764 | - $this->loggerInstance->debug(4, "Chain verify pass 1: " . print_r($verifyResultEaponly, TRUE) . "\n"); |
|
| 765 | - exec(CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 766 | - $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl'] . " verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 767 | - $this->loggerInstance->debug(4, "Chain verify pass 2: " . print_r($verifyResultAllcerts, TRUE) . "\n"); |
|
| 762 | + exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/incomingserver.pem", $verifyResultEaponly); |
|
| 763 | + $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-eaponly/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 764 | + $this->loggerInstance->debug(4, "Chain verify pass 1: ".print_r($verifyResultEaponly, TRUE)."\n"); |
|
| 765 | + exec(CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/incomingserver.pem", $verifyResultAllcerts); |
|
| 766 | + $this->loggerInstance->debug(4, CONFIG['PATHS']['openssl']." verify $crlCheckString -CApath $tmpDir/root-ca-allcerts/ -purpose any $tmpDir/serverchain.pem\n"); |
|
| 767 | + $this->loggerInstance->debug(4, "Chain verify pass 2: ".print_r($verifyResultAllcerts, TRUE)."\n"); |
|
| 768 | 768 | } |
| 769 | 769 | |
| 770 | 770 | |
@@ -831,7 +831,7 @@ discard block |
||
| 831 | 831 | // we are UNHAPPY if no names match! |
| 832 | 832 | $happiness = "UNHAPPY"; |
| 833 | 833 | foreach ($this->expectedServerNames as $expectedName) { |
| 834 | - $this->loggerInstance->debug(4, "Managing expectations for $expectedName: " . print_r($servercert['CN'], TRUE) . print_r($servercert['sAN_DNS'], TRUE)); |
|
| 834 | + $this->loggerInstance->debug(4, "Managing expectations for $expectedName: ".print_r($servercert['CN'], TRUE).print_r($servercert['sAN_DNS'], TRUE)); |
|
| 835 | 835 | if (array_search($expectedName, $servercert['CN']) !== FALSE && array_search($expectedName, $servercert['sAN_DNS']) !== FALSE) { |
| 836 | 836 | $this->loggerInstance->debug(4, "Totally happy!"); |
| 837 | 837 | $happiness = "TOTALLY"; |
@@ -876,11 +876,11 @@ discard block |
||
| 876 | 876 | $theconfigs = $this->wpaSupplicantConfig($eaptype, $finalInner, $finalOuter, $password); |
| 877 | 877 | // the config intentionally does not include CA checking. We do this |
| 878 | 878 | // ourselves after getting the chain with -o. |
| 879 | - file_put_contents($tmpDir . "/udp_login_test.conf", $theconfigs[0]); |
|
| 879 | + file_put_contents($tmpDir."/udp_login_test.conf", $theconfigs[0]); |
|
| 880 | 880 | |
| 881 | 881 | $cmdline = $this->eapolTestConfig($probeindex, $opnameCheck, $frag); |
| 882 | 882 | $this->loggerInstance->debug(4, "Shallow reachability check cmdline: $cmdline\n"); |
| 883 | - $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n" . $theconfigs[1] . "\n"); |
|
| 883 | + $this->loggerInstance->debug(4, "Shallow reachability check config: $tmpDir\n".$theconfigs[1]."\n"); |
|
| 884 | 884 | $time_start = microtime(true); |
| 885 | 885 | $pflow = []; |
| 886 | 886 | exec($cmdline, $pflow); |
@@ -924,7 +924,7 @@ discard block |
||
| 924 | 924 | if ($packetflow[count($packetflow) - 1] == 3 && $this->checkLineparse($packetflow_orig, self::LINEPARSE_CHECK_REJECTIGNORE)) { |
| 925 | 925 | array_pop($packetflow); |
| 926 | 926 | } |
| 927 | - $this->loggerInstance->debug(5, "Packetflow: " . print_r($packetflow, TRUE)); |
|
| 927 | + $this->loggerInstance->debug(5, "Packetflow: ".print_r($packetflow, TRUE)); |
|
| 928 | 928 | $packetcount = array_count_values($packetflow); |
| 929 | 929 | $testresults['packetcount'] = $packetcount; |
| 930 | 930 | $testresults['packetflow'] = $packetflow; |
@@ -962,7 +962,7 @@ discard block |
||
| 962 | 962 | private function wasModernTlsNegotiated(&$testresults, $packetflow_orig) |
| 963 | 963 | { |
| 964 | 964 | $negotiatedTlsVersion = $this->checkLineparse($packetflow_orig, self::LINEPARSE_TLSVERSION); |
| 965 | - $this->loggerInstance->debug(4,"TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 965 | + $this->loggerInstance->debug(4, "TLS version found is: $negotiatedTlsVersion"."\n"); |
|
| 966 | 966 | if ($negotiatedTlsVersion === FALSE) { |
| 967 | 967 | $testresults['cert_oddities'][] = RADIUSTests::TLSPROB_UNKNOWN_TLS_VERSION; |
| 968 | 968 | } elseif ($negotiatedTlsVersion != self::TLS_VERSION_1_2 && $negotiatedTlsVersion != self::TLS_VERSION_1_3) { |
@@ -1022,7 +1022,7 @@ discard block |
||
| 1022 | 1022 | |
| 1023 | 1023 | $x509 = new \core\common\X509(); |
| 1024 | 1024 | // $eap_certarray holds all certs received in EAP conversation |
| 1025 | - $incomingData = file_get_contents($tmpDir . "/serverchain.pem"); |
|
| 1025 | + $incomingData = file_get_contents($tmpDir."/serverchain.pem"); |
|
| 1026 | 1026 | if ($incomingData !== FALSE && strlen($incomingData) > 0) { |
| 1027 | 1027 | $eapCertArray = $x509->splitCertificate($incomingData); |
| 1028 | 1028 | } else { |
@@ -1052,10 +1052,10 @@ discard block |
||
| 1052 | 1052 | case RADIUSTests::SERVER_CA_SELFSIGNED: |
| 1053 | 1053 | $servercert[] = $cert; |
| 1054 | 1054 | if (count($servercert) == 1) { |
| 1055 | - if (file_put_contents($tmpDir . "/incomingserver.pem", $certPem . "\n") === FALSE) { |
|
| 1055 | + if (file_put_contents($tmpDir."/incomingserver.pem", $certPem."\n") === FALSE) { |
|
| 1056 | 1056 | $this->loggerInstance->debug(4, "The (first) server certificate could not be written to $tmpDir/incomingserver.pem!\n"); |
| 1057 | 1057 | } |
| 1058 | - $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: " . print_r($servercert[0], true)); |
|
| 1058 | + $this->loggerInstance->debug(4, "This is the (first) server certificate, with CRL content if applicable: ".print_r($servercert[0], true)); |
|
| 1059 | 1059 | } elseif (!in_array(RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS, $testresults['cert_oddities'])) { |
| 1060 | 1060 | $testresults['cert_oddities'][] = RADIUSTests::CERTPROB_TOO_MANY_SERVER_CERTS; |
| 1061 | 1061 | } |
@@ -1136,7 +1136,7 @@ discard block |
||
| 1136 | 1136 | chdir($tmpDir); |
| 1137 | 1137 | $this->loggerInstance->debug(4, "temp dir: $tmpDir\n"); |
| 1138 | 1138 | if ($clientcertdata !== NULL) { |
| 1139 | - file_put_contents($tmpDir . "/client.p12", $clientcertdata); |
|
| 1139 | + file_put_contents($tmpDir."/client.p12", $clientcertdata); |
|
| 1140 | 1140 | } |
| 1141 | 1141 | $testresults = []; |
| 1142 | 1142 | // initialise the sub-array for cleaner parsing |
@@ -1237,7 +1237,7 @@ discard block |
||
| 1237 | 1237 | 'issuer' => $this->printDN($certdata['issuer']), |
| 1238 | 1238 | 'validFrom' => $this->printTm($certdata['validFrom_time_t']), |
| 1239 | 1239 | 'validTo' => $this->printTm($certdata['validTo_time_t']), |
| 1240 | - 'serialNumber' => $certdata['serialNumber'] . sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1240 | + 'serialNumber' => $certdata['serialNumber'].sprintf(" (0x%X)", $certdata['serialNumber']), |
|
| 1241 | 1241 | 'sha1' => $certdata['sha1'], |
| 1242 | 1242 | 'extensions' => $certdata['extensions'] |
| 1243 | 1243 | ]; |
