GEANT /
CAT
| Total Complexity | 75 |
| Total Lines | 569 |
| Duplicated Lines | 0 % |
| Changes | 8 | ||
| Bugs | 2 | Features | 0 |
Complex classes like DeviceXML often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use DeviceXML, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 46 | abstract class DeviceXML extends \core\DeviceConfig |
||
| 47 | { |
||
| 48 | |||
| 49 | /** |
||
| 50 | * @var array $AuthMethodElements is used to limit |
||
| 51 | * XML elements present within ServerSideCredentials and |
||
| 52 | * ClientSideCredentials to ones which are relevant |
||
| 53 | * for a given EAP method. |
||
| 54 | * @var array of XLM element names which are allowed |
||
| 55 | * EAP method names are defined in core/EAP.php |
||
| 56 | */ |
||
| 57 | private $authMethodElements = [ |
||
| 58 | 'server' => [ |
||
| 59 | \core\common\EAP::TLS => ['CA', 'ServerID'], |
||
| 60 | \core\common\EAP::FAST => ['CA', 'ServerID'], |
||
| 61 | \core\common\EAP::PEAP => ['CA', 'ServerID'], |
||
| 62 | \core\common\EAP::TTLS => ['CA', 'ServerID'], |
||
| 63 | \core\common\EAP::PWD => ['ServerID'], |
||
| 64 | ], |
||
| 65 | 'client' => [ |
||
| 66 | \core\common\EAP::TLS => ['UserName', 'Password', 'ClientCertificate'], |
||
| 67 | \core\common\EAP::NE_MSCHAP2 => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
| 68 | \core\common\EAP::MSCHAP2 => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
| 69 | \core\common\EAP::GTC => ['UserName', 'OneTimeToken'], |
||
| 70 | \core\common\EAP::NE_PAP => ['UserName', 'Password', 'OuterIdentity', 'InnerIdentitySuffix', 'InnerIdentityHint'], |
||
| 71 | \core\common\EAP::NE_SILVERBULLET => ['UserName', 'ClientCertificate', 'OuterIdentity'], |
||
| 72 | ] |
||
| 73 | ]; |
||
| 74 | |||
| 75 | /** |
||
| 76 | * construct the device |
||
| 77 | */ |
||
| 78 | public function __construct() |
||
| 81 | } |
||
| 82 | |||
| 83 | /** |
||
| 84 | * $langScope can be 'global' when all lang and all lang-specific information |
||
| 85 | * is dumped or 'single' when only the selected lang (and defaults) are passed |
||
| 86 | * NOTICE: 'global' is not yet supported |
||
| 87 | * |
||
| 88 | * @var string |
||
| 89 | */ |
||
| 90 | public $langScope; |
||
| 91 | |||
| 92 | /** |
||
| 93 | * whether all EAP types should be included in the file or only the |
||
| 94 | * preferred one |
||
| 95 | * |
||
| 96 | * @var boolean |
||
| 97 | */ |
||
| 98 | public $allEaps = false; |
||
| 99 | |||
| 100 | /** |
||
| 101 | * vendor-specific additional information, this is nit yest fully |
||
| 102 | * implemented due to lack of use cases. |
||
| 103 | * |
||
| 104 | * @var array |
||
| 105 | */ |
||
| 106 | public $VendorSpecific; |
||
| 107 | |||
| 108 | /** |
||
| 109 | * A flag to preserve backwards compatibility for eduroamCAT application |
||
| 110 | */ |
||
| 111 | public $eduroamCATcompatibility = false; |
||
| 112 | public $singleEAPProvider = false; |
||
| 113 | |||
| 114 | private $eapId; |
||
| 115 | private $namespace; |
||
| 116 | private $providerInfo; |
||
| 117 | private $authMethodsList; |
||
| 118 | |||
| 119 | /** |
||
| 120 | * create HTML code explaining the installer |
||
| 121 | * |
||
| 122 | * @return string |
||
| 123 | */ |
||
| 124 | public function writeDeviceInfo() |
||
| 125 | { |
||
| 126 | \core\common\Entity::intoThePotatoes(); |
||
| 127 | $out = "<p>"; |
||
| 128 | $out .= sprintf(_("This is a generic configuration file in the IETF <a href='%s'>EAP Metadata -00</a> XML format."), "https://tools.ietf.org/html/draft-winter-opsawg-eap-metadata-00"); |
||
| 129 | \core\common\Entity::outOfThePotatoes(); |
||
| 130 | return $out; |
||
| 131 | } |
||
| 132 | |||
| 133 | /** |
||
| 134 | * create the actual XML file |
||
| 135 | * |
||
| 136 | * @return string filename of the generated installer |
||
| 137 | * @throws Exception |
||
| 138 | * |
||
| 139 | */ |
||
| 140 | public function writeInstaller() |
||
| 141 | { |
||
| 142 | \core\common\Entity::intoThePotatoes(); |
||
| 143 | $rootname = 'EAPIdentityProviderList'; |
||
| 144 | $dom = new \DOMDocument('1.0', 'utf-8'); |
||
| 145 | $root = $dom->createElement($rootname); |
||
| 146 | $dom->appendChild($root); |
||
| 147 | $ns = $dom->createAttributeNS( 'http://www.w3.org/2001/XMLSchema-instance', 'xsi:noNamespaceSchemaLocation' ); |
||
| 148 | $ns->value = "eap-metadata.xsd"; |
||
| 149 | $root->appendChild($ns); |
||
| 150 | |||
| 151 | if (empty($this->attributes['internal:realm'][0])) { |
||
| 152 | $this->eapId = 'undefined'; |
||
| 153 | $this->namespace = 'urn:undefined'; |
||
| 154 | } else { |
||
| 155 | $this->eapId = $this->attributes['internal:realm'][0]; |
||
| 156 | $this->namespace = 'urn:RFC4282:realm'; |
||
| 157 | } |
||
| 158 | |||
| 159 | $this->providerInfo = $this->getProviderInfo(); |
||
| 160 | $this->authMethodsList = $this->getAuthMethodsList(); |
||
| 161 | $this->loggerInstance->debug(5, $this->attributes['internal:networks'], "NETWORKS:", "\n"); |
||
| 162 | if ($this->singleEAPProvider === true) { |
||
| 163 | $ssids = []; |
||
| 164 | $ois = []; |
||
| 165 | foreach ($this->attributes['internal:networks'] as $netName => $netDefinition) { |
||
| 166 | foreach ($netDefinition['ssid'] as $ssid) { |
||
| 167 | $ssids[] = $ssid; |
||
| 168 | } |
||
| 169 | foreach ($netDefinition['oi'] as $oi) { |
||
| 170 | $ois[] = $oi; |
||
| 171 | } |
||
| 172 | } |
||
| 173 | $this->loggerInstance->debug(5, $ssids, "SSIDs:", "\n"); |
||
| 174 | $this->loggerInstance->debug(5, $ois, "RCOIs:", "\n"); |
||
| 175 | if (!empty($ssids) || !empty($ois)) { |
||
| 176 | \core\DeviceXMLmain::marshalObject($dom, $root, 'EAPIdentityProvider', $this->eapIdp($ssids, $ois)); |
||
| 177 | } |
||
| 178 | } else { |
||
| 179 | foreach ($this->attributes['internal:networks'] as $netName => $netDefinition) { |
||
| 180 | $ssids = $netDefinition['ssid']; |
||
| 181 | $ois = $netDefinition['oi']; |
||
| 182 | if (!empty($ssids) || !empty($ois)) { |
||
| 183 | \core\DeviceXMLmain::marshalObject($dom, $root, 'EAPIdentityProvider', $this->eapIdp($ssids, $ois)); |
||
| 184 | } |
||
| 185 | } |
||
| 186 | } |
||
| 187 | |||
| 188 | if ($dom->schemaValidate(ROOT.'/devices/eap_config/eap-metadata.xsd') === FALSE) { |
||
| 189 | throw new Exception("Schema validation failed for eap-metadata"); |
||
| 190 | } |
||
| 191 | |||
| 192 | $dom->formatOutput = true; |
||
| 193 | file_put_contents($this->installerBasename.'.eap-config', $dom->saveXML($dom)); |
||
| 194 | \core\common\Entity::outOfThePotatoes(); |
||
| 195 | return($this->installerBasename.'.eap-config'); |
||
| 196 | } |
||
| 197 | |||
| 198 | /** |
||
| 199 | * determines the inner authentication. Is it EAP, and which mechanism is used to convey actual auth data |
||
| 200 | * @param array $eap the EAP type for which we want to get the inner auth |
||
| 201 | * @return array |
||
| 202 | */ |
||
| 203 | private function eapIdp($ssids, $oids) |
||
| 204 | { |
||
| 205 | $eapIdp = new \core\DeviceXMLmain(); |
||
| 206 | $eapIdp->setAttribute('version', '1'); |
||
| 207 | if ($this->langScope === 'single') { |
||
| 208 | $eapIdp->setAttribute('lang', $this->languageInstance->getLang()); |
||
| 209 | } |
||
| 210 | $eapIdp->setAttribute('ID', $this->eapId); |
||
| 211 | $eapIdp->setAttribute('namespace', $this->namespace); |
||
| 212 | $authMethods = new \core\DeviceXMLmain(); |
||
| 213 | $authMethods->setChild('AuthenticationMethod', $this->authMethodsList); |
||
| 214 | $eapIdp->setChild('AuthenticationMethods', $authMethods); |
||
| 215 | $eapIdp->setChild('CredentialApplicability', $this->getCredentialApplicability($ssids,$oids)); |
||
| 216 | // TODO $eap_idp->setChild('ValidUntil',$this->getValidUntil()); |
||
| 217 | $eapIdp->setChild('ProviderInfo', $this->providerInfo); |
||
| 218 | // TODO $eap_idp->setChild('VendorSpecific',$this->getVendorSpecific()); |
||
| 219 | return($eapIdp); |
||
|
Bug
Best Practice
introduced
by
|
|||
| 220 | } |
||
| 221 | |||
| 222 | /** |
||
| 223 | * determines the inner authentication. Is it EAP, and which mechanism is used to convey actual auth data |
||
| 224 | * @param array $eap the EAP type for which we want to get the inner auth |
||
| 225 | * @return array |
||
| 226 | */ |
||
| 227 | private function innerAuth($eap) |
||
| 228 | { |
||
| 229 | $out = []; |
||
| 230 | $out['EAP'] = 0; |
||
| 231 | switch ($eap["INNER"]) { |
||
| 232 | case \core\common\EAP::NE_MSCHAP2: |
||
| 233 | if ($this->eduroamCATcompatibility === TRUE) { |
||
| 234 | $out['METHOD'] = \core\common\EAP::MSCHAP2; |
||
| 235 | $out['EAP'] = 1; |
||
| 236 | } else { |
||
| 237 | $out['METHOD'] = $eap["INNER"]; |
||
| 238 | } |
||
| 239 | break; |
||
| 240 | case \core\common\EAP::NE_SILVERBULLET: |
||
| 241 | $out['METHOD'] = \core\common\EAP::NONE; |
||
| 242 | break; |
||
| 243 | default: |
||
| 244 | $out['METHOD'] = $eap["INNER"]; |
||
| 245 | break; |
||
| 246 | } |
||
| 247 | // override if there is an inner EAP |
||
| 248 | if ($eap["INNER"] > 0) { // there is an inner EAP method |
||
| 249 | $out['EAP'] = 1; |
||
| 250 | } |
||
| 251 | return $out; |
||
| 252 | } |
||
| 253 | |||
| 254 | /** |
||
| 255 | * |
||
| 256 | * @param string $attrName the attribute name |
||
| 257 | * @return array of values for this attribute |
||
| 258 | */ |
||
| 259 | private function getSimpleMLAttribute($attrName) |
||
| 260 | { |
||
| 261 | if (empty($this->attributes[$attrName][0])) { |
||
| 262 | return([]); |
||
| 263 | } |
||
| 264 | $attributeList = $this->attributes[$attrName]; |
||
| 265 | $objs = []; |
||
| 266 | if ($this->langScope === 'global') { |
||
| 267 | foreach ($attributeList['langs'] as $language => $value) { |
||
| 268 | $language = ($language === 'C' ? 'any' : $language); |
||
| 269 | $obj = new \core\DeviceXMLmain(); |
||
| 270 | $obj->setValue($value); |
||
| 271 | $obj->setAttributes(['lang' => $language]); |
||
| 272 | $objs[] = $obj; |
||
| 273 | } |
||
| 274 | } else { |
||
| 275 | $objs[] = $attributeList[0]; |
||
| 276 | } |
||
| 277 | return($objs); |
||
| 278 | } |
||
| 279 | |||
| 280 | /** |
||
| 281 | * constructs the name of the institution and puts it into the XML. |
||
| 282 | * consists of the best-language-match inst name, and if the inst has more |
||
| 283 | * than one profile also the best-language-match profile name |
||
| 284 | * |
||
| 285 | * @return \core\DeviceXMLmain[] |
||
| 286 | */ |
||
| 287 | private function getDisplayName() |
||
| 288 | { |
||
| 289 | $attr = $this->attributes; |
||
| 290 | $objs = []; |
||
| 291 | if ($this->langScope === 'global') { |
||
| 292 | $instNameLangs = $attr['general:instname']['langs']; |
||
| 293 | if ($attr['internal:profile_count'][0] > 1) { |
||
| 294 | $profileNameLangs = $attr['profile:name']['langs']; |
||
| 295 | } |
||
| 296 | foreach ($instNameLangs as $language => $value) { |
||
| 297 | $language = ($language === 'C' ? 'any' : $language); |
||
| 298 | $displayname = new \core\DeviceXMLmain(); |
||
| 299 | if (isset($profileNameLangs)) { |
||
| 300 | $langOrC = isset($profileNameLangs[$language]) ? $profileNameLangs[$language] : $profileNameLangs['C']; |
||
| 301 | $value .= ' - '.$langOrC; |
||
| 302 | } |
||
| 303 | $displayname->setValue($value); |
||
| 304 | $displayname->setAttributes(['lang' => $language]); |
||
| 305 | $objs[] = $displayname; |
||
| 306 | } |
||
| 307 | } else { |
||
| 308 | $displayname = new \core\DeviceXMLmain(); |
||
| 309 | $value = $attr['general:instname'][0]; |
||
| 310 | if ($attr['internal:profile_count'][0] > 1) { |
||
| 311 | $value .= ' - '.$attr['profile:name'][0]; |
||
| 312 | } |
||
| 313 | $displayname->setValue($value); |
||
| 314 | $objs[] = $displayname; |
||
| 315 | } |
||
| 316 | return $objs; |
||
| 317 | } |
||
| 318 | |||
| 319 | /** |
||
| 320 | * retrieves the provider logo and puts it into the XML structure |
||
| 321 | * |
||
| 322 | * @return \core\DeviceXMLmain |
||
| 323 | */ |
||
| 324 | private function getProviderLogo() |
||
| 325 | { |
||
| 326 | $attr = $this->attributes; |
||
| 327 | if (isset($attr['general:logo_file'][0])) { |
||
| 328 | $logoString = base64_encode($attr['general:logo_file'][0]); |
||
| 329 | $logoMime = 'image/'.$attr['internal:logo_file'][0]['mime']; |
||
| 330 | $providerlogo = new \core\DeviceXMLmain(); |
||
| 331 | $providerlogo->setAttributes(['mime' => $logoMime, 'encoding' => 'base64']); |
||
| 332 | $providerlogo->setValue($logoString); |
||
| 333 | return $providerlogo; |
||
| 334 | } |
||
| 335 | return NULL; |
||
| 336 | } |
||
| 337 | |||
| 338 | /** |
||
| 339 | * retrieves provider information and puts it into the XML structure. |
||
| 340 | * contains the profile description and the ToU file, if any |
||
| 341 | * |
||
| 342 | * @return \core\DeviceXMLmain |
||
| 343 | */ |
||
| 344 | private function getProviderInfo() |
||
| 345 | { |
||
| 346 | $providerinfo = new \core\DeviceXMLmain(); |
||
| 347 | $providerinfo->setChild('DisplayName', $this->getDisplayName()); |
||
| 348 | $providerinfo->setChild('Description', $this->getSimpleMLAttribute('profile:description')); |
||
| 349 | $providerinfo->setChild('ProviderLocation', $this->getProviderLocation()); |
||
| 350 | $providerinfo->setChild('ProviderLogo', $this->getProviderLogo()); |
||
| 351 | $providerinfo->setChild('TermsOfUse', $this->getSimpleMLAttribute('support:info_file'), null, 'cdata'); |
||
| 352 | $providerinfo->setChild('Helpdesk', $this->getHelpdesk()); |
||
| 353 | return $providerinfo; |
||
| 354 | } |
||
| 355 | |||
| 356 | /** |
||
| 357 | * retrieves the location information and puts it into the XML structure |
||
| 358 | * |
||
| 359 | * @return \core\DeviceXMLmain[] |
||
| 360 | */ |
||
| 361 | private function getProviderLocation() |
||
| 362 | { |
||
| 363 | $attr = $this->attributes; |
||
| 364 | if (isset($attr['general:geo_coordinates'])) { |
||
| 365 | $attrCoordinates = $attr['general:geo_coordinates']; |
||
| 366 | $location = []; |
||
| 367 | foreach ($attrCoordinates as $a) { |
||
| 368 | $providerlocation = new \core\DeviceXMLmain(); |
||
| 369 | $b = json_decode($a, true); |
||
| 370 | $providerlocation->setChild('Longitude', $b['lon']); |
||
| 371 | $providerlocation->setChild('Latitude', $b['lat']); |
||
| 372 | $location[] = $providerlocation; |
||
| 373 | } |
||
| 374 | return $location; |
||
| 375 | } |
||
| 376 | return NULL; |
||
| 377 | } |
||
| 378 | |||
| 379 | /** |
||
| 380 | * retrieves helpdesk contact information and puts it into the XML structure |
||
| 381 | * |
||
| 382 | * @return \core\DeviceXMLmain |
||
| 383 | */ |
||
| 384 | private function getHelpdesk() |
||
| 385 | { |
||
| 386 | $helpdesk = new \core\DeviceXMLmain(); |
||
| 387 | $helpdesk->setChild('EmailAddress', $this->getSimpleMLAttribute('support:email')); |
||
| 388 | $helpdesk->setChild('WebAddress', $this->getSimpleMLAttribute('support:url')); |
||
| 389 | $helpdesk->setChild('Phone', $this->getSimpleMLAttribute('support:phone')); |
||
| 390 | return $helpdesk; |
||
| 391 | } |
||
| 392 | |||
| 393 | /** |
||
| 394 | * determine where this credential should be applicable |
||
| 395 | * |
||
| 396 | * @return \core\DeviceXMLmain |
||
| 397 | */ |
||
| 398 | private function getCredentialApplicability($ssids, $oids) |
||
| 399 | { |
||
| 400 | $setWired = isset($this->attributes['media:wired'][0]) && |
||
| 401 | $this->attributes['media:wired'][0] == 'on' ? 1 : 0; |
||
| 402 | $credentialapplicability = new \core\DeviceXMLmain(); |
||
| 403 | $ieee80211s = []; |
||
| 404 | foreach ($ssids as $ssid) { |
||
| 405 | $ieee80211 = new \core\DeviceXMLmain(); |
||
| 406 | $ieee80211->setChild('SSID', $ssid); |
||
| 407 | $ieee80211->setChild('MinRSNProto', 'CCMP'); |
||
| 408 | $ieee80211s[] = $ieee80211; |
||
| 409 | } |
||
| 410 | foreach ($oids as $oid) { |
||
| 411 | $ieee80211 = new \core\DeviceXMLmain(); |
||
| 412 | $ieee80211->setChild('ConsortiumOID', $oid); |
||
| 413 | $ieee80211s[] = $ieee80211; |
||
| 414 | } |
||
| 415 | $credentialapplicability->setChild('IEEE80211', $ieee80211s); |
||
| 416 | if ($setWired) { |
||
| 417 | $credentialapplicability->setChild('IEEE8023', ''); |
||
| 418 | } |
||
| 419 | return $credentialapplicability; |
||
| 420 | } |
||
| 421 | |||
| 422 | /** |
||
| 423 | * retrieves the parameters needed for the given EAP method and creates |
||
| 424 | * appropriate nodes in the XML structure for them |
||
| 425 | * |
||
| 426 | * @param array $eap the EAP type in question |
||
| 427 | * @return array a recap of the findings |
||
| 428 | */ |
||
| 429 | private function getAuthenticationMethodParams($eap) |
||
| 430 | { |
||
| 431 | $inner = $this->innerAuth($eap); |
||
| 432 | $outerMethod = $eap["OUTER"]; |
||
| 433 | |||
| 434 | if (isset($inner["METHOD"]) && $inner["METHOD"]) { |
||
| 435 | $innerauthmethod = new \core\DeviceXMLmain(); |
||
| 436 | $typeOfInner = ($inner["EAP"] ? 'EAPMethod' : 'NonEAPAuthMethod'); |
||
| 437 | $eapmethod = new \core\DeviceXMLmain(); |
||
| 438 | $eapmethod->setChild('Type', abs($inner['METHOD'])); |
||
| 439 | $innerauthmethod->setChild($typeOfInner, $eapmethod); |
||
| 440 | return ['inner_method' => $innerauthmethod, 'methodID' => $outerMethod, 'inner_methodID' => $inner['METHOD']]; |
||
| 441 | } else { |
||
| 442 | return ['inner_method' => 0, 'methodID' => $outerMethod, 'inner_methodID' => 0]; |
||
| 443 | } |
||
| 444 | } |
||
| 445 | |||
| 446 | /** |
||
| 447 | * sets the server-side credentials for a given EAP type |
||
| 448 | * |
||
| 449 | * @param \devices\XML\Type $eaptype the EAP type |
||
| 450 | * @return \core\DeviceXMLmain |
||
| 451 | */ |
||
| 452 | private function getServerSideCredentials($eap) |
||
| 480 | } |
||
| 481 | |||
| 482 | /** |
||
| 483 | * sets the realm information for the client-side credential |
||
| 484 | * |
||
| 485 | * @param \core\DeviceXMLmain $clientsidecredential the ClientSideCredential to which the realm info is to be added |
||
| 486 | * @return void |
||
| 487 | */ |
||
| 488 | private function setClientSideRealm($clientsidecredential) |
||
| 489 | { |
||
| 490 | $attr = $this->attributes; |
||
| 491 | $realm = \core\common\Entity::getAttributeValue($attr, 'internal:realm', 0); |
||
| 492 | if ($realm === NULL) { |
||
| 493 | return; |
||
| 494 | } |
||
| 495 | if (\core\common\Entity::getAttributeValue($attr, 'internal:verify_userinput_suffix', 0) !== 1) { |
||
| 496 | return; |
||
| 497 | } |
||
| 498 | $clientsidecredential->setChild('InnerIdentitySuffix', $realm); |
||
| 499 | if (\core\common\Entity::getAttributeValue($attr, 'internal:hint_userinput_suffix', 0) === 1) { |
||
| 500 | $clientsidecredential->setChild('InnerIdentityHint', 'true'); |
||
| 501 | } |
||
| 502 | } |
||
| 503 | |||
| 504 | /** |
||
| 505 | * sets the client certificate |
||
| 506 | * |
||
| 507 | * @return \core\DeviceXMLmain |
||
| 508 | */ |
||
| 509 | private function getClientCertificate() |
||
| 510 | { |
||
| 511 | $clientCertificateObject = new \core\DeviceXMLmain(); |
||
| 512 | $clientCertificateObject->setValue(base64_encode($this->clientCert["certdata"])); |
||
| 513 | $clientCertificateObject->setAttributes(['format' => 'PKCS12', 'encoding' => 'base64']); |
||
| 514 | return $clientCertificateObject; |
||
| 515 | } |
||
| 516 | |||
| 517 | /** |
||
| 518 | * sets the client-side credentials for the given EAP type |
||
| 519 | * |
||
| 520 | * @param array $eapParams the EAP parameters |
||
| 521 | * @return \core\DeviceXMLmain |
||
| 522 | */ |
||
| 523 | private function getClientSideCredentials($eap) |
||
| 524 | { |
||
| 525 | $children = $this->authMethodElements['client'][$eap]; |
||
| 526 | $clientsidecredential = new \core\DeviceXMLmain(); |
||
| 527 | $outerId = $this->determineOuterIdString(); |
||
| 528 | $this->loggerInstance->debug(5, $eap, "XMLOI:", "\n"); |
||
| 529 | if (in_array('OuterIdentity', $children)) { |
||
| 530 | if ($outerId !== NULL) { |
||
| 531 | $clientsidecredential->setChild('OuterIdentity', $outerId); |
||
| 532 | } |
||
| 533 | } |
||
| 534 | $this->setClientSideRealm($clientsidecredential); |
||
| 535 | // $clientsidecredential->setChild('EAPType', $eapParams['inner_methodID'] ? $eapParams['inner_methodID'] : $eapParams['methodID']); |
||
| 536 | |||
| 537 | // Client Certificate |
||
| 538 | if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
||
| 539 | $attr = $this->attributes; |
||
| 540 | $outerId = \core\common\Entity::getAttributeValue($attr, 'internal:username', 0); |
||
| 541 | $clientsidecredential->setChild('OuterIdentity', $outerId); |
||
| 542 | $clientsidecredential->setChild('ClientCertificate', $this->getClientCertificate()); |
||
| 543 | } |
||
| 544 | return $clientsidecredential; |
||
| 545 | } |
||
| 546 | |||
| 547 | /** |
||
| 548 | * sets the EAP method |
||
| 549 | * |
||
| 550 | * @param \devices\XML\Type $eaptype the EAP type XMLObject |
||
| 551 | * @return \core\DeviceXMLmain |
||
| 552 | */ |
||
| 553 | private function getEapMethod($eaptype) |
||
| 569 | } |
||
| 570 | |||
| 571 | /** |
||
| 572 | * determines the authentication method to use |
||
| 573 | * |
||
| 574 | * @param array $eap the EAP methods, in array representation |
||
| 575 | * @return \core\DeviceXMLmain |
||
| 576 | */ |
||
| 577 | private function getAuthMethod($eap) |
||
| 578 | { |
||
| 579 | $authmethod = new \core\DeviceXMLmain(); |
||
| 580 | $eapParams = $this->getAuthenticationMethodParams($eap); |
||
| 581 | $eaptype = new \core\DeviceXMLmain(); |
||
| 582 | $eaptype->setValue($eapParams['methodID']); |
||
| 583 | // Type |
||
| 584 | $authmethod->setChild('EAPMethod', $this->getEapMethod($eaptype)); |
||
| 585 | |||
| 586 | // ServerSideCredentials |
||
| 587 | $authmethod->setChild('ServerSideCredential', $this->getServerSideCredentials($eap['OUTER'])); |
||
| 588 | |||
| 589 | // ClientSideCredentials |
||
| 590 | $authmethod->setChild('ClientSideCredential', $this->getClientSideCredentials($eap['INNER'])); |
||
| 591 | |||
| 592 | if ($eapParams['inner_method']) { |
||
| 593 | $authmethod->setChild('InnerAuthenticationMethod', $eapParams['inner_method']); |
||
| 594 | } |
||
| 595 | return $authmethod; |
||
| 596 | } |
||
| 597 | |||
| 598 | private function getAuthMethodsList() { |
||
| 615 | } |
||
| 616 | |||
| 617 | |||
| 618 | } |
||
| 619 |
Loading history...