GEANT / CAT

core/ProfileRADIUS.php

Spacing +10 added lines, -10 removed lines

@@ -105,9 +105,9 @@ 
 
         $attributesLowLevel = array_merge($this->deviceLevelAttributes, $this->eapLevelAttributes);
 
-        $this->loggerInstance->debug(5, "Device-Level Attributes: " . /** @scrutinizer ignore-type */ print_r($this->deviceLevelAttributes, true));
-        $this->loggerInstance->debug(5, "EAP-Level Attributes: " . /** @scrutinizer ignore-type */ print_r($this->eapLevelAttributes, true));
-        $this->loggerInstance->debug(5, "All low-Level Attributes: " . /** @scrutinizer ignore-type */ print_r($attributesLowLevel, true));
+        $this->loggerInstance->debug(5, "Device-Level Attributes: "./** @scrutinizer ignore-type */ print_r($this->deviceLevelAttributes, true));
+        $this->loggerInstance->debug(5, "EAP-Level Attributes: "./** @scrutinizer ignore-type */ print_r($this->eapLevelAttributes, true));
+        $this->loggerInstance->debug(5, "All low-Level Attributes: "./** @scrutinizer ignore-type */ print_r($attributesLowLevel, true));
 
         // now fetch and merge profile-level attributes if not already set on deeper level
 
@@ -137,7 +137,7 @@ 
             }
         }
 
-        $this->loggerInstance->debug(5, "Merged Attributes: " . /** @scrutinizer ignore-type */ print_r($attributesLowLevel, true));
+        $this->loggerInstance->debug(5, "Merged Attributes: "./** @scrutinizer ignore-type */ print_r($attributesLowLevel, true));
 
         // now, fetch and merge IdP-wide attributes
 
@@ -152,7 +152,7 @@ 
         // add the internal attribute to that effect
         
         if (isset($this->attributes['media:openroaming_always'])) {
-            $this->attributes = array_merge($this->attributes, $this->addInternalAttributes([ "internal:openroaming" => TRUE ] ));
+            $this->attributes = array_merge($this->attributes, $this->addInternalAttributes(["internal:openroaming" => TRUE]));
         }
         
         $this->loggerInstance->debug(3, "--- END Constructing new Profile object ... ---\n");
@@ -200,7 +200,7 @@ 
                 "row" => $attributeQuery->row,
                 "flag" => $optinfo['flag'],
                 "device" => ($devicesOrEAPMethods == "DEVICES" ? $attributeQuery->deviceormethod : NULL),
-                "eapmethod" => ($devicesOrEAPMethods == "DEVICES" ? 0 : (new \core\common\EAP($attributeQuery->deviceormethod))->getArrayRep() )];
+                "eapmethod" => ($devicesOrEAPMethods == "DEVICES" ? 0 : (new \core\common\EAP($attributeQuery->deviceormethod))->getArrayRep())];
         }
         return $temparray;
     }
@@ -309,7 +309,7 @@ 
      */
     public function setAnonymousIDSupport($shallwe)
     {
-        $this->databaseHandle->exec("UPDATE profile SET use_anon_outer = " . ($shallwe === true ? "1" : "0") . " WHERE profile_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE profile SET use_anon_outer = ".($shallwe === true ? "1" : "0")." WHERE profile_id = $this->identifier");
     }
 
     /** Toggle special username for realm checks
@@ -319,7 +319,7 @@ 
      * @return void
      */
     public function setRealmCheckUser($shallwe, $localpart = NULL) {
-        $this->databaseHandle->exec("UPDATE profile SET checkuser_outer = " . ($shallwe === true ? "1" : "0") . " WHERE profile_id = $this->identifier");
+        $this->databaseHandle->exec("UPDATE profile SET checkuser_outer = ".($shallwe === true ? "1" : "0")." WHERE profile_id = $this->identifier");
         if ($localpart !== NULL) {
             $this->databaseHandle->exec("UPDATE profile SET checkuser_value = ? WHERE profile_id = $this->identifier", "s", $localpart);
         }
@@ -334,8 +334,8 @@ 
      */
     public function setInputVerificationPreference($verify, $hint)
     {
-        $this->databaseHandle->exec("UPDATE profile SET verify_userinput_suffix = " . ($verify === true ? "1" : "0") .
-                ", hint_userinput_suffix = " . ($hint === true ? "1" : "0") .
+        $this->databaseHandle->exec("UPDATE profile SET verify_userinput_suffix = ".($verify === true ? "1" : "0").
+                ", hint_userinput_suffix = ".($hint === true ? "1" : "0").
                 " WHERE profile_id = $this->identifier");
     }
 

core/DBConnection.php

Spacing +20 added lines, -20 removed lines

@@ -62,24 +62,24 @@ 
             case "EXTERNAL":
             case "FRONTEND":
             case "DIAGNOSTICS":
-                if (!isset(self::${"instance" . $theDb})) {
+                if (!isset(self::${"instance".$theDb})) {
                     $class = __CLASS__;
-                    self::${"instance" . $theDb} = new $class($database);
-                    DBConnection::${"instance" . $theDb}->databaseInstance = $theDb;
+                    self::${"instance".$theDb} = new $class($database);
+                    DBConnection::${"instance".$theDb}->databaseInstance = $theDb;
                 }
-                return self::${"instance" . $theDb};
+                return self::${"instance".$theDb};
             case "RADIUS":
-                if (!isset(self::${"instance" . $theDb})) {
+                if (!isset(self::${"instance".$theDb})) {
                     $class = __CLASS__;
                     foreach (\config\ConfAssistant::DB as $name => $oneRadiusAuthDb) {
                         $theInstance = new $class($name);
-                        self::${"instance" . $theDb}[] = $theInstance;
+                        self::${"instance".$theDb}[] = $theInstance;
                         $theInstance->databaseInstance = $theDb;
                     }
                 }
-                return self::${"instance" . $theDb};
+                return self::${"instance".$theDb};
             default:
-                throw new Exception("This type of database (" . strtoupper($database) . ") is not known!");
+                throw new Exception("This type of database (".strtoupper($database).") is not known!");
         }
     }
 
@@ -121,18 +121,18 @@ 
             }
         }
         // log exact query to debug log, if log level is at 5
-        $this->loggerInstance->debug(5, "DB ATTEMPT: " . $querystring . "\n");
+        $this->loggerInstance->debug(5, "DB ATTEMPT: ".$querystring."\n");
         if ($types !== NULL) {
-            $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: " . /** @scrutinizer ignore-type */ print_r($arguments, true));
+            $this->loggerInstance->debug(5, "Argument type sequence: $types, parameters are: "./** @scrutinizer ignore-type */ print_r($arguments, true));
         }
 
         if ($this->connection->connect_error) {
-            throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number" . $this->connection->connect_error . ")!");
+            throw new Exception("ERROR: Cannot send query to $this->databaseInstance database (no connection, error number".$this->connection->connect_error.")!");
         }
         if ($types === NULL) {
             $result = $this->connection->query($querystring);
             if ($result === FALSE) {
-                throw new Exception("DB: Unable to execute simple statement! Error was --> " . $this->connection->error . " <--");
+                throw new Exception("DB: Unable to execute simple statement! Error was --> ".$this->connection->error." <--");
             }
         } else {
             // fancy! prepared statement with dedicated argument list
@@ -148,7 +148,7 @@ 
                 }
                 $prepResult = $statementObject->prepare($querystring);
                 if ($prepResult === FALSE) {
-                    throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> " . $statementObject->error . " <--.");
+                    throw new Exception("DB: Unable to prepare statement! Statement was --> $querystring <--, error was --> ".$statementObject->error." <--.");
                 }
                 $this->preparedStatements[$querystring] = $statementObject;
             }
@@ -161,11 +161,11 @@ 
             array_unshift($localArray, $types);
             $retval = call_user_func_array([$statementObject, "bind_param"], $localArray);
             if ($retval === FALSE) {
-                throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> " . var_export($localArray, TRUE) . " <--. Error was --> " . $statementObject->error . " <--");
+                throw new Exception("DB: Unable to bind parameters to prepared statement! Argument array was --> ".var_export($localArray, TRUE)." <--. Error was --> ".$statementObject->error." <--");
             }
             $result = $statementObject->execute();
             if ($result === FALSE) {
-                throw new Exception("DB: Unable to execute prepared statement! Error was --> " . $statementObject->error . " <--");
+                throw new Exception("DB: Unable to execute prepared statement! Error was --> ".$statementObject->error." <--");
             }
             $selectResult = $statementObject->get_result();
             if ($selectResult !== FALSE) {
@@ -175,14 +175,14 @@ 
 
         // all cases where $result could be FALSE have been caught earlier
         if ($this->connection->errno) {
-            throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was " . $this->connection->errno . "!");
+            throw new Exception("ERROR: Cannot execute query in $this->databaseInstance database - (hopefully escaped) query was '$querystring', errno was ".$this->connection->errno."!");
         }
 
 
         if ($isMoreThanSelect) {
-            $this->loggerInstance->writeSQLAudit("[DB: " . strtoupper($this->databaseInstance) . "] " . $querystring);
+            $this->loggerInstance->writeSQLAudit("[DB: ".strtoupper($this->databaseInstance)."] ".$querystring);
             if ($types !== NULL) {
-                $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: " . /** @scrutinizer ignore-type */ print_r($arguments, true));
+                $this->loggerInstance->writeSQLAudit("Argument type sequence: $types, parameters are: "./** @scrutinizer ignore-type */ print_r($arguments, true));
             }
         }
         return $result;
@@ -277,13 +277,13 @@ 
         if (isset(\config\Master::DB[$databaseCapitalised])) {
             $this->connection = new \mysqli(\config\Master::DB[$databaseCapitalised]['host'], \config\Master::DB[$databaseCapitalised]['user'], \config\Master::DB[$databaseCapitalised]['pass'], \config\Master::DB[$databaseCapitalised]['db']);
             if ($this->connection->connect_error) {
-                throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ").");
+                throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.").");
             }
             $this->readOnly = \config\Master::DB[$databaseCapitalised]['readonly'];
         } else { // one of the RADIUS DBs
             $this->connection = new \mysqli(\config\ConfAssistant::DB[$databaseCapitalised]['host'], \config\ConfAssistant::DB[$databaseCapitalised]['user'], \config\ConfAssistant::DB[$databaseCapitalised]['pass'], \config\ConfAssistant::DB[$databaseCapitalised]['db']);
             if ($this->connection->connect_error) {
-                throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number " . $this->connection->connect_errno . ").");
+                throw new Exception("ERROR: Unable to connect to $database database! This is a fatal error, giving up (error number ".$this->connection->connect_errno.").");
             }
             $this->readOnly = \config\ConfAssistant::DB[$databaseCapitalised]['readonly'];
         }

core/SilverbulletCertificate.php

Spacing +5 added lines, -5 removed lines

@@ -325,7 +325,7 @@ 
         $invitationObject = new SilverbulletInvitation($token);
         $profile = new ProfileSilverbullet($invitationObject->profile);
         $inst = new IdP($profile->institution);
-        $loggerInstance->debug(5, "tokenStatus: done, got " . $invitationObject->invitationTokenStatus . ", " . $invitationObject->profile . ", " . $invitationObject->userId . ", " . $invitationObject->expiry . ", " . $invitationObject->invitationTokenString . "\n");
+        $loggerInstance->debug(5, "tokenStatus: done, got ".$invitationObject->invitationTokenStatus.", ".$invitationObject->profile.", ".$invitationObject->userId.", ".$invitationObject->expiry.", ".$invitationObject->invitationTokenString."\n");
         if ($invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_VALID && $invitationObject->invitationTokenStatus != SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
             throw new Exception("Attempt to generate a SilverBullet installer with an invalid/redeemed/expired token. The user should never have gotten that far!");
         }
@@ -338,12 +338,12 @@ 
             throw new Exception("Despite a valid token, the corresponding user was not found in database or database query error!");
         }
         $expiryObject = mysqli_fetch_object(/** @scrutinizer ignore-type */ $userrow);
-        $loggerInstance->debug(5, "EXP: " . $expiryObject->expiry . "\n");
+        $loggerInstance->debug(5, "EXP: ".$expiryObject->expiry."\n");
         $expiryDateObject = date_create_from_format("Y-m-d H:i:s", $expiryObject->expiry);
         if ($expiryDateObject === FALSE) {
             throw new Exception("The expiry date we got from the DB is bogus!");
         }
-        $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s") . "\n");
+        $loggerInstance->debug(5, $expiryDateObject->format("Y-m-d H:i:s")."\n");
         // date_create with no parameters can't fail, i.e. is never FALSE
         $validity = date_diff(/** @scrutinizer ignore-type */ date_create(), $expiryDateObject);
         $expiryDays = $validity->days + 1;
@@ -382,7 +382,7 @@ 
         $certString = "";
         openssl_x509_export($cert, $certString);
         $parsedCert = $x509->processCertificate($certString);
-        $loggerInstance->debug(5, "CERTINFO: " . /** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true));
+        $loggerInstance->debug(5, "CERTINFO: "./** @scrutinizer ignore-type */ print_r($parsedCert['full_details'], true));
         $realExpiryDate = date_create_from_format("U", $parsedCert['full_details']['validTo_time_t'])->format("Y-m-d H:i:s");
 
         // store new cert info in DB
@@ -442,7 +442,7 @@ 
         $username = "";
         while ($usernameIsUnique === FALSE) {
             $usernameLocalPart = common\Entity::randomString(64 - 1 - strlen($realm), "0123456789abcdefghijklmnopqrstuvwxyz");
-            $username = $usernameLocalPart . "@" . $realm;
+            $username = $usernameLocalPart."@".$realm;
             $uniquenessQuery = $databaseHandle->exec("SELECT cn from silverbullet_certificate WHERE cn = ? AND ca_type = ?", "ss", $username, $certtype);
             // SELECT -> resource, not boolean
             if (mysqli_num_rows(/** @scrutinizer ignore-type */ $uniquenessQuery) == 0) {

core/CertificationAuthorityEduPkiServer.php

Spacing +37 added lines, -37 removed lines

@@ -17,9 +17,9 @@ 
 class CertificationAuthorityEduPkiServer extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_RA_CERT = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
-    private const LOCATION_RA_KEY = ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
-    private const LOCATION_WEBROOT = ROOT . "/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
+    private const LOCATION_RA_CERT = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
+    private const LOCATION_RA_KEY = ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey";
+    private const LOCATION_WEBROOT = ROOT."/config/SilverbulletClientCerts/eduPKI-webserver-root.pem";
     private const EDUPKI_RA_ID = 700;
     private const EDUPKI_CERT_PROFILE = "Radius Server SOAP";
     private const EDUPKI_RA_PKEY_PASSPHRASE = "...";
@@ -35,13 +35,13 @@ 
         parent::__construct();
 
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_CERT) === FALSE) {
-            throw new Exception("RA operator PEM file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
+            throw new Exception("RA operator PEM file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT);
         }
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_RA_KEY) === FALSE) {
-            throw new Exception("RA operator private key file not found: " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
+            throw new Exception("RA operator private key file not found: ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY);
         }
         if (stat(CertificationAuthorityEduPkiServer::LOCATION_WEBROOT) === FALSE) {
-            throw new Exception("CA website root CA file not found: " . CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
+            throw new Exception("CA website root CA file not found: ".CertificationAuthorityEduPkiServer::LOCATION_WEBROOT);
         }
     }
 
@@ -99,19 +99,19 @@ 
         // initialise connection to eduPKI CA / eduroam RA and send the request to them
         try {
             $altArray = [# Array mit den Subject Alternative Names
-                "email:" . $csr["USERMAIL"]
+                "email:".$csr["USERMAIL"]
             ];
             $soapPub = $this->initEduPKISoapSession("PUBLIC");
             $this->loggerInstance->debug(5, "FIRST ACTUAL SOAP REQUEST (Public, newRequest)!\n");
-            $this->loggerInstance->debug(5, "PARAM_1: " . CertificationAuthorityEduPkiServer::EDUPKI_RA_ID . "\n");
-            $this->loggerInstance->debug(5, "PARAM_2: " . $csr["CSR_STRING"] . "\n");
+            $this->loggerInstance->debug(5, "PARAM_1: ".CertificationAuthorityEduPkiServer::EDUPKI_RA_ID."\n");
+            $this->loggerInstance->debug(5, "PARAM_2: ".$csr["CSR_STRING"]."\n");
             $this->loggerInstance->debug(5, "PARAM_3: ");
             $this->loggerInstance->debug(5, $altArray);
-            $this->loggerInstance->debug(5, "PARAM_4: " . CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE . "\n");
-            $this->loggerInstance->debug(5, "PARAM_5: " . sha1("notused") . "\n");
-            $this->loggerInstance->debug(5, "PARAM_6: " . $csr["USERNAME"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_7: " . $csr["USERMAIL"] . "\n");
-            $this->loggerInstance->debug(5, "PARAM_8: " . ProfileSilverbullet::PRODUCTNAME . "\n");
+            $this->loggerInstance->debug(5, "PARAM_4: ".CertificationAuthorityEduPkiServer::EDUPKI_CERT_PROFILE."\n");
+            $this->loggerInstance->debug(5, "PARAM_5: ".sha1("notused")."\n");
+            $this->loggerInstance->debug(5, "PARAM_6: ".$csr["USERNAME"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_7: ".$csr["USERMAIL"]."\n");
+            $this->loggerInstance->debug(5, "PARAM_8: ".ProfileSilverbullet::PRODUCTNAME."\n");
             $this->loggerInstance->debug(5, "PARAM_9: false\n");
             $soapNewRequest = $soapPub->newRequest(
                     CertificationAuthorityEduPkiServer::EDUPKI_RA_ID, # RA-ID
@@ -133,11 +133,11 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}:  {
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}:  {
                     $e->faultstring
                 }\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
         try {
             $soap = $this->initEduPKISoapSession("RA");
@@ -171,7 +171,7 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapCleartext);
+            file_put_contents($tempdir['dir']."/content.txt", $soapCleartext);
             // retrieve our RA cert from filesystem                    
             // the RA certificates are not needed right now because we
             // have resorted to S/MIME signatures with openssl command-line
@@ -183,7 +183,7 @@ 
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n  $soapCleartext\n");
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer " . ROOT . "/config/SilverbulletClientCerts/edupki-test-ra.pem";
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.clearkey -signer ".ROOT."/config/SilverbulletClientCerts/edupki-test-ra.pem";
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline:   $execCmd\n");
             $output = [];
             $return = 999;
@@ -192,21 +192,21 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $this->loggerInstance->debug(5, "Request for server approveRequest has parameters:\n");
-            $this->loggerInstance->debug(5, $soapReqnum . "\n");
-            $this->loggerInstance->debug(5, $soapCleartext . "\n"); // PHP magically encodes this as base64 while sending!
-            $this->loggerInstance->debug(5, $detachedSig . "\n");
+            $this->loggerInstance->debug(5, $soapReqnum."\n");
+            $this->loggerInstance->debug(5, $soapCleartext."\n"); // PHP magically encodes this as base64 while sending!
+            $this->loggerInstance->debug(5, $detachedSig."\n");
             $soapIssueCert = $soap->approveRequest($soapReqnum, $soapCleartext, $detachedSig);
-            $this->loggerInstance->debug(5, "approveRequest Request was: \n" . $soap->__getLastRequest());
-            $this->loggerInstance->debug(5, "approveRequest Response was: \n" . $soap->__getLastResponse());
+            $this->loggerInstance->debug(5, "approveRequest Request was: \n".$soap->__getLastRequest());
+            $this->loggerInstance->debug(5, "approveRequest Response was: \n".$soap->__getLastResponse());
             if ($soapIssueCert === FALSE) {
                 throw new Exception("The locally approved request was NOT processed by the CA.");
             }
         } catch (SoapFault $e) {
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
         } catch (Exception $e) {
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
         }
         return $soapReqnum;
     }
@@ -258,9 +258,9 @@ 
                 throw new Exception("CAInfo has no root certificate for us!");
             }
         } catch (SoapFault $e) {
-            throw new Exception("SoapFault: Error when sending or receiving SOAP message: " . "{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
+            throw new Exception("SoapFault: Error when sending or receiving SOAP message: "."{$e->faultcode}: {$e->faultname}: {$e->faultstring}: {$e->faultactor}: {$e->detail}: {$e->headerfault}\n");
         } catch (Exception $e) {
-            throw new Exception("Exception: Something odd happened between the SOAP requests:" . $e->getMessage());
+            throw new Exception("Exception: Something odd happened between the SOAP requests:".$e->getMessage());
         }
         return [
             "CERT" => openssl_x509_read($parsedCert['pem']),
@@ -293,12 +293,12 @@ 
             // for obnoxious reasons, we have to dump the request into a file and let pkcs7_sign read from the file
             // rather than just using the string. Grr.
             $tempdir = \core\common\Entity::createTemporaryDirectory("test");
-            file_put_contents($tempdir['dir'] . "/content.txt", $soapRawRevRequest);
+            file_put_contents($tempdir['dir']."/content.txt", $soapRawRevRequest);
             // retrieve our RA cert from filesystem
             // sign the data, using cmdline because openssl_pkcs7_sign produces strange results
             // -binary didn't help, nor switch -md to sha1 sha256 or sha512
             $this->loggerInstance->debug(5, "Actual content to be signed is this:\n$soapRawRevRequest\n");
-        $execCmd = \config\Master::PATHS['openssl'] . " smime -sign -binary -in " . $tempdir['dir'] . "/content.txt -out " . $tempdir['dir'] . "/signature.txt -outform pem -inkey " . CertificationAuthorityEduPkiServer::LOCATION_RA_KEY . " -signer " . CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
+        $execCmd = \config\Master::PATHS['openssl']." smime -sign -binary -in ".$tempdir['dir']."/content.txt -out ".$tempdir['dir']."/signature.txt -outform pem -inkey ".CertificationAuthorityEduPkiServer::LOCATION_RA_KEY." -signer ".CertificationAuthorityEduPkiServer::LOCATION_RA_CERT;
             $this->loggerInstance->debug(2, "Calling openssl smime with following cmdline: $execCmd\n");
             $output = [];
             $return = 999;
@@ -307,7 +307,7 @@ 
                 throw new Exception("Non-zero return value from openssl smime!");
             }
             // and get the signature blob back from the filesystem
-            $detachedSig = trim(file_get_contents($tempdir['dir'] . "/signature.txt"));
+            $detachedSig = trim(file_get_contents($tempdir['dir']."/signature.txt"));
             $soapIssueRev = $soap->approveRevocationRequest($soapRevocationSerial, $soapRawRevRequest, $detachedSig);
             if ($soapIssueRev === FALSE) {
                 throw new Exception("The locally approved revocation request was NOT processed by the CA.");
@@ -315,9 +315,9 @@ 
         } catch (Exception $e) {
             // PHP 7.1 can do this much better
             if (is_soap_fault($e)) {
-                throw new Exception("Error when sending SOAP request: " . "{$e->faultcode}: {$e->faultstring}\n");
+                throw new Exception("Error when sending SOAP request: "."{$e->faultcode}: {$e->faultstring}\n");
             }
-            throw new Exception("Something odd happened while doing the SOAP request:" . $e->getMessage());
+            throw new Exception("Something odd happened while doing the SOAP request:".$e->getMessage());
         }
     }
 
@@ -417,9 +417,9 @@ 
      */
     public function soapToXmlInteger($x)
     {
-        return '<' . $x[0] . '>'
+        return '<'.$x[0].'>'
                 . htmlentities($x[1], ENT_NOQUOTES | ENT_XML1)
-                . '</' . $x[0] . '>';
+                . '</'.$x[0].'>';
     }
 
     /**
@@ -438,9 +438,9 @@ 
         // dump private key into directory
         $outstring = "";
         openssl_pkey_export($privateKey, $outstring);
-        file_put_contents($tempdir . "/pkey.pem", $outstring);
+        file_put_contents($tempdir."/pkey.pem", $outstring);
         // PHP can only do one DC in the Subject. But we need three.
-        $execCmd = \config\Master::PATHS['openssl'] . " req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$fed/CN=$username/emailAddress=$username";
+        $execCmd = \config\Master::PATHS['openssl']." req -new -sha256 -key $tempdir/pkey.pem -out $tempdir/request.csr -subj /DC=test/DC=test/DC=eduroam/C=$fed/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$fed/CN=$username/emailAddress=$username";
         $this->loggerInstance->debug(2, "Calling openssl req with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;

core/CertificationAuthorityEmbeddedRSA.php

Spacing +20 added lines, -20 removed lines

@@ -16,10 +16,10 @@ 
 class CertificationAuthorityEmbeddedRSA extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-RSA.pem";
-    private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-RSA.pem";
-    private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-RSA.key";
-    private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-RSA.cnf";
+    private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-RSA.pem";
+    private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-RSA.pem";
+    private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-RSA.key";
+    private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-RSA.cnf";
 
     /**
      * string with the PEM variant of the root CA
@@ -66,11 +66,11 @@ 
         parent::__construct();
         $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
         if ($this->rootPem === FALSE) {
-            throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
+            throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ROOT_CA);
         }
         $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
         if ($this->issuingCertRaw === FALSE) {
-            throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
+            throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA);
         }
         $rootParsed = openssl_x509_read($this->rootPem);
         $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw);
@@ -80,15 +80,15 @@ 
         }
         $this->issuingCert = $issuingCertCandidate;
         if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY) === FALSE) {
-            throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
+            throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
         }
-        $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
+        $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY);
         if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) {
             throw new Exception("The private key did not parse correctly (or is not a PHP8 object)!");
         }
         $this->issuingKey = $issuingKeyTemp;
         if (stat(CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG) === FALSE) {
-            throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG);
+            throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG);
         }
         $this->conffile = CertificationAuthorityEmbeddedRSA::LOCATION_CONFIG;
     }
@@ -131,27 +131,27 @@ 
         // generate stub index.txt file
         $tempdirArray = \core\common\Entity::createTemporaryDirectory("test");
         $tempdir = $tempdirArray['dir'];
-        $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z";
-        $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z";
+        $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z";
+        $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z";
         // serials for our CA are always integers
         $serialHex = strtoupper(dechex((int) $cert->serial));
         if (strlen($serialHex) % 2 == 1) {
-            $serialHex = "0" . $serialHex;
+            $serialHex = "0".$serialHex;
         }
 
-        $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n";
+        $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n";
         $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement");
-        if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) {
+        if (!file_put_contents($tempdir."/index.txt", $indexStatement)) {
             $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!");
         }
         // index.txt.attr is dull but needs to exist
-        file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n");
+        file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n");
         // call "openssl ocsp" to manufacture our own OCSP statement
         // adding "-rmd sha1" to the following command-line makes the
         // choice of signature algorithm for the response explicit
         // but it's only available from openssl-1.1.0 (which we do not
         // want to require just for that one thing).
-        $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
+        $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedRSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
         $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;
@@ -159,11 +159,11 @@ 
         if ($return !== 0) {
             throw new Exception("Non-zero return value from openssl ocsp!");
         }
-        $ocsp = file_get_contents($tempdir . "/$serialHex.response.der");
+        $ocsp = file_get_contents($tempdir."/$serialHex.response.der");
         // remove the temp dir!
-        unlink($tempdir . "/$serialHex.response.der");
-        unlink($tempdir . "/index.txt.attr");
-        unlink($tempdir . "/index.txt");
+        unlink($tempdir."/$serialHex.response.der");
+        unlink($tempdir."/index.txt.attr");
+        unlink($tempdir."/index.txt");
         rmdir($tempdir);
         $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial);
         return $ocsp;

web/admin/inc/filepreview.php

Spacing +3 added lines, -3 removed lines

@@ -22,7 +22,7 @@ 
 ?>
 <?php
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $validator = new \web\lib\common\InputValidation();
 $idRaw = $_GET["id"] ?? "";
@@ -37,7 +37,7 @@ 
         // Set data type and caching for 30 days
         $info = new finfo();
         $filetype = $info->buffer($finalBlob, FILEINFO_MIME_TYPE);
-        header("Content-type: " . $filetype);
+        header("Content-type: ".$filetype);
 
         switch ($filetype) {
             case "text/rtf": // fall-through, same treatment
@@ -54,7 +54,7 @@ 
         header("Cache-Control: must-revalidate");
         $offset = 60 * 60 * 24 * 30;
         // gmdate can't possibly fail, because it operates on time() and an integer offset
-        $ExpStr = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
+        $ExpStr = "Expires: "./** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset)." GMT";
         header($ExpStr);
         //  Print out the image
         echo $finalBlob;

web/diag/diag.php

Spacing +4 added lines, -4 removed lines

@@ -19,7 +19,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 $admin = filter_input(INPUT_GET, 'admin', FILTER_VALIDATE_INT);
 $sp = filter_input(INPUT_GET, 'sp', FILTER_VALIDATE_INT);
 $givenRealm = filter_input(INPUT_GET, 'realm', FILTER_SANITIZE_STRING);
@@ -35,7 +35,7 @@ 
             unset($q_el[$idx]);
             $q_r = preg_replace("/\?.*/", "", $_SERVER['REQUEST_URI']);
             if (count($q_el)) {
-                $q_r = $q_r . '?' . implode('&', $q_el);
+                $q_r = $q_r.'?'.implode('&', $q_el);
             }
             $_SERVER['REQUEST_URI'] = $q_r;
         }
@@ -44,11 +44,11 @@ 
     $auth->authenticate();
 }
 if (isset($_SESSION['admin_diag_auth'])) {
-   $admin =  1;
+   $admin = 1;
    unset($_SESSION['admin_diag_auth']);
 }
 $Gui = new \web\lib\user\Gui();
 $skinObject = new \web\lib\user\Skinjob($_REQUEST['skin'] ?? $_SESSION['skin'] ?? $fedskin[0] ?? \config\Master::APPEARANCE['skins'][0]);
-require "../skins/" . $skinObject->skin . "/diag/diag.php";
+require "../skins/".$skinObject->skin."/diag/diag.php";
 
 

web/admin/inc/userStats.inc.php

Spacing +14 added lines, -14 removed lines

@@ -9,7 +9,7 @@ 
  * ******************************************************************************
  */
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $auth->authenticate();
@@ -29,31 +29,31 @@ 
 ?>
 
 <h1><?php $tablecaption = _("User Authentication Records"); echo $tablecaption; ?></h1>
-<p><?php echo _("Note that:");?></p>
+<p><?php echo _("Note that:"); ?></p>
 <ul>
-    <li><?php echo _("Authentication records are deleted after six months retention time");?></li>
-    <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots");?></li>
-    <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems");?></li>
+    <li><?php echo _("Authentication records are deleted after six months retention time"); ?></li>
+    <li><?php echo _("Operator Domain is based on the RADIUS attribute 'Operator-Name' and not sent by all hotspots"); ?></li>
+    <li><?php echo _("Different MAC addresses per credential may be due to MAC Address randomisation in recent operating systems"); ?></li>
 </ul>
 <table class='authrecord'>
-    <caption><?php echo $tablecaption;?></caption>
+    <caption><?php echo $tablecaption; ?></caption>
     <tr>
-        <th scope="col"><strong><?php echo _("Timestamp");?></strong></th>
-        <th scope="col"><strong><?php echo _("Credential");?></strong></th>
-        <th scope="col"><strong><?php echo _("MAC Address");?></strong></th>
-        <th scope="col"><strong><?php echo _("Result");?></strong></th>
-        <th scope="col"><strong><?php echo _("Operator Domain");?></strong></th>
+        <th scope="col"><strong><?php echo _("Timestamp"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Credential"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("MAC Address"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Result"); ?></strong></th>
+        <th scope="col"><strong><?php echo _("Operator Domain"); ?></strong></th>
     </tr>
     <?php
     $userAuthData = $profile->getUserAuthRecords($userInt);
     foreach ($userAuthData as $oneRecord) {
-        echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail" )."'>"
+        echo "<tr class='".($oneRecord['RESULT'] == "Access-Accept" ? "auth-success" : "auth-fail")."'>"
                 . "<td>".$oneRecord['TIMESTAMP']."</td>"
                 // $oneRecord['CN'] is a simple string, not an array, so disable Scrutinizer type check here
-                . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'],"@"))."</td>"
+                . "<td>"./** @scrutinizer ignore-type */ substr_replace($oneRecord['CN'], "@…", strpos($oneRecord['CN'], "@"))."</td>"
                 . "<td>".$oneRecord['MAC']."</td>"
                 . "<td>".($oneRecord['RESULT'] == "Access-Accept" ? _("Success") : _("Failure"))."</td>"
-                . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)",1)."</td>"
+                . "<td>".substr($oneRecord['OPERATOR'] ?? "1(unknown)", 1)."</td>"
                 . "</tr>";
     }
     ?>

core/CertificationAuthorityEmbeddedECDSA.php

Spacing +21 added lines, -21 removed lines

@@ -16,10 +16,10 @@ 
 class CertificationAuthorityEmbeddedECDSA extends EntityWithDBProperties implements CertificationAuthorityInterface
 {
 
-    private const LOCATION_ROOT_CA = ROOT . "/config/SilverbulletClientCerts/rootca-ECDSA.pem";
-    private const LOCATION_ISSUING_CA = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.pem";
-    private const LOCATION_ISSUING_KEY = ROOT . "/config/SilverbulletClientCerts/real-ECDSA.key";
-    private const LOCATION_CONFIG = ROOT . "/config/SilverbulletClientCerts/openssl-ECDSA.cnf";
+    private const LOCATION_ROOT_CA = ROOT."/config/SilverbulletClientCerts/rootca-ECDSA.pem";
+    private const LOCATION_ISSUING_CA = ROOT."/config/SilverbulletClientCerts/real-ECDSA.pem";
+    private const LOCATION_ISSUING_KEY = ROOT."/config/SilverbulletClientCerts/real-ECDSA.key";
+    private const LOCATION_CONFIG = ROOT."/config/SilverbulletClientCerts/openssl-ECDSA.cnf";
 
     /**
      * string with the PEM variant of the root CA
@@ -66,29 +66,29 @@ 
         parent::__construct();
         $this->rootPem = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
         if ($this->rootPem === FALSE) {
-            throw new Exception("Root CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
+            throw new Exception("Root CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ROOT_CA);
         }
         $this->issuingCertRaw = file_get_contents(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
         if ($this->issuingCertRaw === FALSE) {
-            throw new Exception("Issuing CA PEM file not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
+            throw new Exception("Issuing CA PEM file not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA);
         }
         $rootParsed = openssl_x509_read($this->rootPem);
         $issuingCertCandidate = openssl_x509_read($this->issuingCertRaw);
-        if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate)|| $rootParsed === FALSE) {
+        if ($issuingCertCandidate === FALSE || is_resource($issuingCertCandidate) || $rootParsed === FALSE) {
             throw new Exception("At least one CA PEM file did not parse correctly (or not a PHP8 resource)!");
         }
         $this->issuingCert = $issuingCertCandidate;
         
         if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY) === FALSE) {
-            throw new Exception("Private key not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
+            throw new Exception("Private key not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
         }
-        $issuingKeyTemp = openssl_pkey_get_private("file://" . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
+        $issuingKeyTemp = openssl_pkey_get_private("file://".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY);
         if ($issuingKeyTemp === FALSE || is_resource($issuingKeyTemp)) {
             throw new Exception("The private key did not parse correctly (or not a PHP8 resource)!");
         }
         $this->issuingKey = $issuingKeyTemp;
         if (stat(CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG) === FALSE) {
-            throw new Exception("openssl configuration not found: " . CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG);
+            throw new Exception("openssl configuration not found: ".CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG);
         }
         $this->conffile = CertificationAuthorityEmbeddedECDSA::LOCATION_CONFIG;
     }
@@ -131,27 +131,27 @@ 
         // generate stub index.txt file
         $tempdirArray = \core\common\Entity::createTemporaryDirectory("test");
         $tempdir = $tempdirArray['dir'];
-        $nowIndexTxt = (new \DateTime())->format("ymdHis") . "Z";
-        $expiryIndexTxt = $originalExpiry->format("ymdHis") . "Z";
+        $nowIndexTxt = (new \DateTime())->format("ymdHis")."Z";
+        $expiryIndexTxt = $originalExpiry->format("ymdHis")."Z";
         // serials for our CA are always integers
         $serialHex = strtoupper(dechex((int) $cert->serial));
         if (strlen($serialHex) % 2 == 1) {
-            $serialHex = "0" . $serialHex;
+            $serialHex = "0".$serialHex;
         }
 
-        $indexStatement = "$certstatus\t$expiryIndexTxt\t" . ($certstatus == "R" ? "$nowIndexTxt,unspecified" : "") . "\t$serialHex\tunknown\t/O=" . \config\ConfAssistant::CONSORTIUM['name'] . "/OU=$federation/CN=$cert->username\n";
+        $indexStatement = "$certstatus\t$expiryIndexTxt\t".($certstatus == "R" ? "$nowIndexTxt,unspecified" : "")."\t$serialHex\tunknown\t/O=".\config\ConfAssistant::CONSORTIUM['name']."/OU=$federation/CN=$cert->username\n";
         $this->loggerInstance->debug(4, "index.txt contents-to-be: $indexStatement");
-        if (!file_put_contents($tempdir . "/index.txt", $indexStatement)) {
+        if (!file_put_contents($tempdir."/index.txt", $indexStatement)) {
             $this->loggerInstance->debug(1, "Unable to write openssl index.txt file for revocation handling!");
         }
         // index.txt.attr is dull but needs to exist
-        file_put_contents($tempdir . "/index.txt.attr", "unique_subject = yes\n");
+        file_put_contents($tempdir."/index.txt.attr", "unique_subject = yes\n");
         // call "openssl ocsp" to manufacture our own OCSP statement
         // adding "-rmd sha1" to the following command-line makes the
         // choice of signature algorithm for the response explicit
         // but it's only available from openssl-1.1.0 (which we do not
         // want to require just for that one thing).
-        $execCmd = \config\Master::PATHS['openssl'] . " ocsp -issuer " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rsigner " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA . " -rkey " . CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY . " -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
+        $execCmd = \config\Master::PATHS['openssl']." ocsp -issuer ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -sha1 -ndays 10 -no_nonce -serial 0x$serialHex -CA ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rsigner ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_CA." -rkey ".CertificationAuthorityEmbeddedECDSA::LOCATION_ISSUING_KEY." -index $tempdir/index.txt -no_cert_verify -respout $tempdir/$serialHex.response.der";
         $this->loggerInstance->debug(2, "Calling openssl ocsp with following cmdline: $execCmd\n");
         $output = [];
         $return = 999;
@@ -159,11 +159,11 @@ 
         if ($return !== 0) {
             throw new Exception("Non-zero return value from openssl ocsp!");
         }
-        $ocsp = file_get_contents($tempdir . "/$serialHex.response.der");
+        $ocsp = file_get_contents($tempdir."/$serialHex.response.der");
         // remove the temp dir!
-        unlink($tempdir . "/$serialHex.response.der");
-        unlink($tempdir . "/index.txt.attr");
-        unlink($tempdir . "/index.txt");
+        unlink($tempdir."/$serialHex.response.der");
+        unlink($tempdir."/index.txt.attr");
+        unlink($tempdir."/index.txt");
         rmdir($tempdir);
         $this->databaseHandle->exec("UPDATE silverbullet_certificate SET OCSP = ?, OCSP_timestamp = NOW() WHERE serial_number = ?", "si", $ocsp, $cert->serial);
         return $ocsp;