diff --git a/README.md b/README.md index e49346a..dc902a1 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ and rules that are contained in the [`local/`](local/) directory. You probably also want to re-skin it to match your own look and feel. If it exists, the file [`local/xsltfunc.inc.php`](local/xsltfunc.inc.php) -is included. It is expected to define an `xsltfunc` class, and +is included. It is expected to define an `XsltFunc` class, and any static public functions from this class are registered with [XSLTProcessor](http://php.net/manual/en/xsltprocessor.registerphpfunctions.php) so that they can be used in local XSLT stylesheets. diff --git a/certinfo.php b/certinfo.php index 9b60d1a..8d091e1 100644 --- a/certinfo.php +++ b/certinfo.php @@ -72,16 +72,16 @@ function getOpenSSLInfo($pem, $arg = '-text') 'pem' => $pem, 'openssl' => getOpenSSLInfo($pem), 'validity' => [ - 'from' => xsltfunc::getCertDates($cert, 'from'), - 'to' => xsltfunc::getCertDates($cert, 'from'), - 'range' => xsltfunc::getCertDates($cert, 'both'), - 'valid' => xsltfunc::checkCertValid($cert), + 'from' => XsltFunc::getCertDates($cert, 'from'), + 'to' => XsltFunc::getCertDates($cert, 'from'), + 'range' => XsltFunc::getCertDates($cert, 'both'), + 'valid' => XsltFunc::checkCertValid($cert), ], - 'bits' => xsltfunc::getCertBits($cert), - 'issuer' => xsltfunc::getCertIssuer($cert), - 'subject' => xsltfunc::getCertSubject($cert), - 'selfsigned' => xsltfunc::checkCertSelfSigned($cert), - 'ca' => xsltfunc::checkCertIsCA($cert), + 'bits' => XsltFunc::getCertBits($cert), + 'issuer' => XsltFunc::getCertIssuer($cert), + 'subject' => XsltFunc::getCertSubject($cert), + 'selfsigned' => XsltFunc::checkCertSelfSigned($cert), + 'ca' => XsltFunc::checkCertIsCA($cert), 'fingerprint' => preg_replace('/^.*Fingerprint=([0-9A-F:]+).*$/si', '$1', getOpenSSLInfo($pem, '-fingerprint')), ]; diff --git a/local/fog-check-empty.xsl b/local/fog-check-empty.xsl index ba0dc1e..8b9e7fa 100644 --- a/local/fog-check-empty.xsl +++ b/local/fog-check-empty.xsl @@ -27,97 +27,97 @@ whitespace will be considered blank for these purposes (PHP's trim() function). --> - + md:Company must not be empty - + md:GivenName must not be empty - + md:OrganizationDisplayName must not be empty - + md:OrganizationName must not be empty - + md:ServiceDescription must not be empty - + md:ServiceName must not be empty - + md:SurName must not be empty - + md:EmailAddress must not be empty - + md:TelephoneNumber must not be empty - + mdui:Description must not be empty - + mdui:DisplayName must not be empty - + mdui:DomainHint must not be empty - + mdui:GeolocationHint must not be empty - + mdui:IPHint must not be empty - + mdui:Keywords must not be empty - + shibmd:Scope must not be empty diff --git a/local/safire-common.xsl b/local/safire-common.xsl index f35c5ad..2c94d68 100644 --- a/local/safire-common.xsl +++ b/local/safire-common.xsl @@ -80,7 +80,7 @@ - + X509Certificate @@ -93,7 +93,7 @@ - + X509Certificate @@ -103,12 +103,12 @@ ) should be self-signed. Got issuer of ' - + ' - + X509Certificate @@ -121,7 +121,7 @@ - + X509Certificate @@ -131,12 +131,12 @@ ) key should be >= 2048 bits, found - + - + X509Certificate @@ -146,12 +146,12 @@ ) is not yet valid (begins - + ) - + X509Certificate @@ -161,7 +161,7 @@ ) has expired or expires within a year (ends - + ) @@ -176,7 +176,7 @@ ) validity: - + @@ -210,7 +210,7 @@ - + @@ -265,7 +265,7 @@ - + @@ -277,7 +277,7 @@ - + @@ -299,7 +299,7 @@ - + @@ -313,21 +313,21 @@ - + Location SSL verification with cURL: - + - + Location fails modern-browser SSL tests: - + See https://www.ssllabs.com/ssltest/?d= @@ -336,7 +336,7 @@ - + @@ -347,7 +347,7 @@ - + diff --git a/local/xsltfunc.inc.php b/local/xsltfunc.inc.php index cbd0f42..27f10a9 100644 --- a/local/xsltfunc.inc.php +++ b/local/xsltfunc.inc.php @@ -12,7 +12,7 @@ include_once(dirname(__DIR__) . '/local/config.inc.php'); } -class xsltfunc +class XsltFunc { /** * Take a PEM representation of a certificate and return the x509 structure @@ -20,10 +20,10 @@ class xsltfunc * @param string $x509certdata * @return x509cert|false $x509cert */ - private static function _pemToX509($x509certdata) + private static function pemToX509($x509certdata) { if (!function_exists('openssl_x509_read')) { - error_log('_pemToX509 needs OpenSSL functions'); + error_log('pemToX509 needs OpenSSL functions'); return false; } $pem = trim($x509certdata); @@ -45,7 +45,7 @@ private static function _pemToX509($x509certdata) */ public static function checkCertSelfSigned($cert) { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -66,7 +66,7 @@ public static function checkCertSelfSigned($cert) */ public static function checkCertIsCA($cert) { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -91,7 +91,7 @@ public static function checkCertIsCA($cert) */ public static function getCertIssuer($cert) { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -111,7 +111,7 @@ public static function getCertIssuer($cert) */ public static function getCertSubject($cert) { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -132,7 +132,7 @@ public static function getCertSubject($cert) */ public static function checkCertValid($cert, $fromto = 'both') { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -155,7 +155,7 @@ public static function checkCertValid($cert, $fromto = 'both') */ public static function getCertDates($cert, $fromto = 'both', $format = '%F') { - $x509data = @openssl_x509_parse(self::_pemToX509($cert)); + $x509data = @openssl_x509_parse(self::pemToX509($cert)); if (empty($x509data)) { return false; } @@ -179,7 +179,7 @@ public static function getCertDates($cert, $fromto = 'both', $format = '%F') */ public static function getCertBits($cert) { - $x509key = @openssl_get_publickey(self::_pemToX509($cert)); + $x509key = @openssl_get_publickey(self::pemToX509($cert)); if (empty($x509key)) { return false; } diff --git a/phpcs.xml b/phpcs.xml index 7d4e0eb..8e16866 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -11,5 +11,8 @@ */local/config.inc.php - + + + + diff --git a/tests/syntaxTest.php b/tests/syntaxTest.php index e4daa70..fce0a4a 100644 --- a/tests/syntaxTest.php +++ b/tests/syntaxTest.php @@ -3,7 +3,7 @@ use PHPUnit\Framework\TestCase; /** @runTestsInSeparateProcesses */ -class syntaxTest extends TestCase +class SyntaxTest extends TestCase { protected function setUp(): void { diff --git a/tests/xsltfuncTest.php b/tests/xsltfuncTest.php index f92bb86..96712fa 100644 --- a/tests/xsltfuncTest.php +++ b/tests/xsltfuncTest.php @@ -5,7 +5,7 @@ /* It seems the OpenSSL functions don't do timezones properly, so the results here vary depending on system timezone */ date_default_timezone_set('UTC'); -class xsltfuncTest extends TestCase +class XsltFuncTest extends TestCase { protected $selfsigned; protected $casigned; @@ -22,82 +22,82 @@ protected function setUp(): void public function testCheckCertSelfSigned() { - $this->assertTrue(xsltfunc::checkCertSelfSigned($this->selfsigned)); - $this->assertFalse(xsltfunc::checkCertSelfSigned($this->casigned)); - $this->assertFalse(xsltfunc::checkCertSelfSigned('')); + $this->assertTrue(XsltFunc::checkCertSelfSigned($this->selfsigned)); + $this->assertFalse(XsltFunc::checkCertSelfSigned($this->casigned)); + $this->assertFalse(XsltFunc::checkCertSelfSigned('')); } public function testCheckCertIsCA() { - $this->assertTrue(xsltfunc::checkCertSelfSigned($this->selfsigned)); - $this->assertFalse(xsltfunc::checkCertSelfSigned($this->casigned)); + $this->assertTrue(XsltFunc::checkCertSelfSigned($this->selfsigned)); + $this->assertFalse(XsltFunc::checkCertSelfSigned($this->casigned)); } public function testGetCertIssuer() { - $this->assertStringContainsString('SWITCHaai', xsltfunc::getCertIssuer($this->casigned)); - $this->assertFalse(xsltfunc::getCertIssuer('')); + $this->assertStringContainsString('SWITCHaai', XsltFunc::getCertIssuer($this->casigned)); + $this->assertFalse(XsltFunc::getCertIssuer('')); } public function testCheckCertValid() { - $this->assertTrue(xsltfunc::checkCertValid($this->selfsigned)); - $this->assertFalse(xsltfunc::checkCertValid($this->expired)); - $this->assertFalse(xsltfunc::checkCertValid('')); + $this->assertTrue(XsltFunc::checkCertValid($this->selfsigned)); + $this->assertFalse(XsltFunc::checkCertValid($this->expired)); + $this->assertFalse(XsltFunc::checkCertValid('')); } public function testGetCertDates() { - $this->assertEquals('2016-08-26', xsltfunc::getCertDates($this->selfsigned, 'from')); - $this->assertEquals('2026-08-29', xsltfunc::getCertDates($this->selfsigned, 'to')); - $this->assertEquals('1472202070 - 1787994070', xsltfunc::getCertDates($this->selfsigned, 'both', '%s')); - $this->assertFalse(xsltfunc::getCertDates('')); + $this->assertEquals('2016-08-26', XsltFunc::getCertDates($this->selfsigned, 'from')); + $this->assertEquals('2026-08-29', XsltFunc::getCertDates($this->selfsigned, 'to')); + $this->assertEquals('1472202070 - 1787994070', XsltFunc::getCertDates($this->selfsigned, 'both', '%s')); + $this->assertFalse(XsltFunc::getCertDates('')); } public function testGetCertBits() { - $this->assertEquals(2048, xsltfunc::getCertBits($this->selfsigned)); - $this->assertEquals(2048, xsltfunc::getCertBits($this->casigned)); - $this->assertFalse(xsltfunc::getCertBits('')); + $this->assertEquals(2048, XsltFunc::getCertBits($this->selfsigned)); + $this->assertEquals(2048, XsltFunc::getCertBits($this->casigned)); + $this->assertFalse(XsltFunc::getCertBits('')); } public function testcheckURL() { - $this->assertTrue(xsltfunc::checkURL('https://safire.ac.za/')); - $this->assertFalse(xsltfunc::checkURL('https://invalid-phpunit.safire.ac.za/')); - $this->assertFalse(xsltfunc::checkURL('htt://safire.ac.za/')); - $this->assertFalse(xsltfunc::checkURL('safire.ac.za/')); + $this->assertTrue(XsltFunc::checkURL('https://safire.ac.za/')); + $this->assertFalse(XsltFunc::checkURL('https://invalid-phpunit.safire.ac.za/')); + $this->assertFalse(XsltFunc::checkURL('htt://safire.ac.za/')); + $this->assertFalse(XsltFunc::checkURL('safire.ac.za/')); } public function testCheckURLCert() { - $this->assertTrue(xsltfunc::checkURLCert('https://safire.ac.za/')); - $this->assertFalse(xsltfunc::checkURLCert('https://expired.badssl.com/')); - $this->assertFalse(xsltfunc::checkURLCert('https://wrong.host.badssl.com/')); - $this->assertFalse(xsltfunc::checkURLCert('https://sha1-2017.badssl.com/', true)); - $this->assertFalse(xsltfunc::checkURLCert('https://untrusted-root.badssl.com/')); - $this->assertMatchesRegularExpression('/(server certificate verification failed|unable to get local issuer certificate|self[- ]signed certificate in certificate chain)/', xsltfunc::checkURLCert('https://untrusted-root.badssl.com/', false, true)); - $this->assertFalse(xsltfunc::checkURLCert('https://rc4-md5.badssl.com/')); + $this->assertTrue(XsltFunc::checkURLCert('https://safire.ac.za/')); + $this->assertFalse(XsltFunc::checkURLCert('https://expired.badssl.com/')); + $this->assertFalse(XsltFunc::checkURLCert('https://wrong.host.badssl.com/')); + $this->assertFalse(XsltFunc::checkURLCert('https://sha1-2017.badssl.com/', true)); + $this->assertFalse(XsltFunc::checkURLCert('https://untrusted-root.badssl.com/')); + $this->assertMatchesRegularExpression('/(server certificate verification failed|unable to get local issuer certificate|self[- ]signed certificate in certificate chain)/', XsltFunc::checkURLCert('https://untrusted-root.badssl.com/', false, true)); + $this->assertFalse(XsltFunc::checkURLCert('https://rc4-md5.badssl.com/')); } public function testCheckEmailAddress() { - $this->assertTrue(xsltfunc::checkEmailAddress('mailto:testCheckEmailAddress@safire.ac.za')); - $this->assertTrue(xsltfunc::checkEmailAddress('testCheckEmailAddress@safire.ac.za')); - $this->assertFalse(xsltfunc::checkEmailAddress('testCheckEmailAddress@@safire.ac.za')); - $this->assertFalse(xsltfunc::checkEmailAddress('testCheckEmailAddress@safire.local')); + $this->assertTrue(XsltFunc::checkEmailAddress('mailto:testCheckEmailAddress@safire.ac.za')); + $this->assertTrue(XsltFunc::checkEmailAddress('testCheckEmailAddress@safire.ac.za')); + $this->assertFalse(XsltFunc::checkEmailAddress('testCheckEmailAddress@@safire.ac.za')); + $this->assertFalse(XsltFunc::checkEmailAddress('testCheckEmailAddress@safire.local')); } public function testCheckBase64() { - $this->assertTrue(xsltfunc::checkBase64(base64_encode('this string is valid'))); - $this->assertFalse(xsltfunc::checkBase64('#')); + $this->assertTrue(XsltFunc::checkBase64(base64_encode('this string is valid'))); + $this->assertFalse(XsltFunc::checkBase64('#')); } public function testCheckStringIsBlank() { - $this->assertTrue(xsltfunc::checkStringIsBlank('')); - $this->assertTrue(xsltfunc::checkStringIsBlank(' ')); - $this->assertFalse(xsltfunc::checkStringIsBlank(' a ')); + $this->assertTrue(XsltFunc::checkStringIsBlank('')); + $this->assertTrue(XsltFunc::checkStringIsBlank(' ')); + $this->assertFalse(XsltFunc::checkStringIsBlank(' a ')); } } diff --git a/validate.php b/validate.php index e4b414a..3e5fe9a 100644 --- a/validate.php +++ b/validate.php @@ -196,8 +196,8 @@ function sendResponse($response, $pass = 0) include_once(__DIR__ . '/local/xsltfunc.inc.php'); $xslt->registerPHPFunctions( array_map(function ($n) { - return 'xsltfunc::' . $n; - }, get_class_methods('xsltfunc')) + return 'XsltFunc::' . $n; + }, get_class_methods('XsltFunc')) ); } libxml_clear_errors();