Rev 1125 | Rev 1131 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 635 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | /* |
||
| 4 | * OIDplus 2.0 |
||
| 1086 | daniel-mar | 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
| 635 | daniel-mar | 6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
| 8 | * you may not use this file except in compliance with the License. |
||
| 9 | * You may obtain a copy of the License at |
||
| 10 | * |
||
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
| 12 | * |
||
| 13 | * Unless required by applicable law or agreed to in writing, software |
||
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 16 | * See the License for the specific language governing permissions and |
||
| 17 | * limitations under the License. |
||
| 18 | */ |
||
| 19 | |||
| 1050 | daniel-mar | 20 | namespace ViaThinkSoft\OIDplus; |
| 635 | daniel-mar | 21 | |
| 1086 | daniel-mar | 22 | // phpcs:disable PSR1.Files.SideEffects |
| 23 | \defined('INSIDE_OIDPLUS') or die; |
||
| 24 | // phpcs:enable PSR1.Files.SideEffects |
||
| 25 | |||
| 635 | daniel-mar | 26 | class OIDplusPageAdminRegistration extends OIDplusPagePluginAdmin { |
| 27 | |||
| 1130 | daniel-mar | 28 | /** |
| 29 | * |
||
| 30 | */ |
||
| 635 | daniel-mar | 31 | /*private*/ const QUERY_REGISTER_V1 = '1.3.6.1.4.1.37476.2.5.2.1.1.1'; |
| 1130 | daniel-mar | 32 | |
| 33 | /** |
||
| 34 | * |
||
| 35 | */ |
||
| 635 | daniel-mar | 36 | /*private*/ const QUERY_UNREGISTER_V1 = '1.3.6.1.4.1.37476.2.5.2.1.2.1'; |
| 1130 | daniel-mar | 37 | |
| 38 | /** |
||
| 39 | * |
||
| 40 | */ |
||
| 635 | daniel-mar | 41 | /*private*/ const QUERY_LISTALLSYSTEMIDS_V1 = '1.3.6.1.4.1.37476.2.5.2.1.3.1'; |
| 1130 | daniel-mar | 42 | |
| 43 | /** |
||
| 44 | * |
||
| 45 | */ |
||
| 635 | daniel-mar | 46 | /*private*/ const QUERY_LIVESTATUS_V1 = '1.3.6.1.4.1.37476.2.5.2.1.4.1'; |
| 47 | |||
| 1116 | daniel-mar | 48 | /** |
| 49 | * @param string $actionID |
||
| 50 | * @return bool |
||
| 51 | */ |
||
| 52 | public function csrfUnlock(string $actionID): bool { |
||
| 635 | daniel-mar | 53 | if ($actionID == 'verify_pubkey') return true; |
| 54 | return parent::csrfUnlock($actionID); |
||
| 55 | } |
||
| 56 | |||
| 1116 | daniel-mar | 57 | /** |
| 58 | * @param string $actionID |
||
| 59 | * @param array $params |
||
| 60 | * @return array |
||
| 61 | * @throws OIDplusException |
||
| 62 | */ |
||
| 63 | public function action(string $actionID, array $params): array { |
||
| 635 | daniel-mar | 64 | if ($actionID == 'verify_pubkey') { |
| 65 | _CheckParamExists($params, 'challenge'); |
||
| 66 | |||
| 67 | $payload = 'oidplus-verify-pubkey:'.sha3_512($params['challenge']); |
||
| 68 | |||
| 69 | $signature = ''; |
||
| 830 | daniel-mar | 70 | if (!OIDplus::getPkiStatus() || !@openssl_sign($payload, $signature, OIDplus::getSystemPrivateKey())) { |
| 635 | daniel-mar | 71 | throw new OIDplusException(_L('Signature failed')); |
| 72 | } |
||
| 73 | |||
| 74 | return array( |
||
| 75 | "status" => 0, |
||
| 76 | "response" => base64_encode($signature) |
||
| 77 | ); |
||
| 78 | } else { |
||
| 1116 | daniel-mar | 79 | return parent::action($actionID, $params); |
| 635 | daniel-mar | 80 | } |
| 81 | } |
||
| 82 | |||
| 1116 | daniel-mar | 83 | /** |
| 84 | * @param string $id |
||
| 85 | * @param array $out |
||
| 86 | * @param bool $handled |
||
| 87 | * @return void |
||
| 88 | * @throws OIDplusConfigInitializationException |
||
| 89 | * @throws OIDplusException |
||
| 90 | */ |
||
| 91 | public function gui(string $id, array &$out, bool &$handled) { |
||
| 635 | daniel-mar | 92 | if ($id === 'oidplus:srv_registration') { |
| 93 | $handled = true; |
||
| 94 | $out['title'] = _L('System registration settings'); |
||
| 801 | daniel-mar | 95 | $out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : ''; |
| 635 | daniel-mar | 96 | |
| 97 | if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 800 | daniel-mar | 98 | $out['icon'] = 'img/error.png'; |
| 635 | daniel-mar | 99 | $out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>'; |
| 100 | return; |
||
| 101 | } |
||
| 102 | |||
| 103 | if (file_exists(__DIR__ . '/info$'.OIDplus::getCurrentLang().'.html')) { |
||
| 104 | $info = file_get_contents(__DIR__ . '/info$'.OIDplus::getCurrentLang().'.html'); |
||
| 105 | } else { |
||
| 106 | $info = file_get_contents(__DIR__ . '/info.html'); |
||
| 107 | } |
||
| 108 | |||
| 109 | list($html, $js, $css) = extractHtmlContents($info); |
||
| 110 | $info = ''; |
||
| 111 | if (!empty($js)) $info .= "<script>\n$js\n</script>"; |
||
| 112 | if (!empty($css)) $info .= "<style>\n$css\n</style>"; |
||
| 821 | daniel-mar | 113 | $info .= stripHtmlComments($html); |
| 635 | daniel-mar | 114 | |
| 115 | $out['text'] = $info; |
||
| 116 | |||
| 117 | if (!OIDplus::getPkiStatus()) { |
||
| 118 | $out['text'] .= '<p><font color="red">'._L('Error: Your system could not generate a private/public key pair. (OpenSSL is probably missing on your system). Therefore, you cannot register/unregister your OIDplus instance.').'</font></p>'; |
||
| 119 | } else { |
||
| 120 | $out['text'] .= '<p><input type="button" onclick="openOidInPanel(\'oidplus:srvreg_status\');" value="'._L('Check status of the registration and collected data').'"></p>'; |
||
| 121 | |||
| 122 | if (OIDplus::baseConfig()->getValue('REGISTRATION_HIDE_SYSTEM', false)) { |
||
| 123 | $out['text'] .= '<p><font color="red"><b>'._L('Attention!').'</b> '._L('<code>REGISTRATION_HIDE_SYSTEM</code> is set in the local configuration file! Therefore, this system will not register itself, despite of the settings below.').'</font></p>'; |
||
| 124 | } |
||
| 125 | |||
| 126 | $out['text'] .= '<p>'._L('You can adjust your privacy level here').':</p><p><select name="reg_privacy" id="reg_privacy">'; |
||
| 127 | |||
| 128 | # --- |
||
| 129 | |||
| 130 | $out['text'] .= '<option value="0"'; |
||
| 131 | if (OIDplus::config()->getValue('reg_privacy') == 0) { |
||
| 132 | $out['text'] .= ' selected'; |
||
| 133 | } else { |
||
| 134 | $out['text'] .= ''; |
||
| 135 | } |
||
| 136 | $out['text'] .= '>'._L('0 = Register to directory service and automatically publish RA/OID data at oid-info.com').'</option>'; |
||
| 137 | |||
| 138 | # --- |
||
| 139 | |||
| 140 | $out['text'] .= '<option value="1"'; |
||
| 141 | if (OIDplus::config()->getValue('reg_privacy') == 1) { |
||
| 142 | $out['text'] .= ' selected'; |
||
| 143 | } else { |
||
| 144 | $out['text'] .= ''; |
||
| 145 | } |
||
| 146 | $out['text'] .= '>'._L('1 = Only register to directory service').'</option>'; |
||
| 147 | |||
| 148 | # --- |
||
| 149 | |||
| 150 | $out['text'] .= '<option value="2"'; |
||
| 151 | if (OIDplus::config()->getValue('reg_privacy') == 2) { |
||
| 152 | $out['text'] .= ' selected'; |
||
| 153 | } else { |
||
| 154 | $out['text'] .= ''; |
||
| 155 | } |
||
| 156 | $out['text'] .= '>'._L('2 = Hide system').'</option>'; |
||
| 157 | |||
| 158 | # --- |
||
| 159 | |||
| 160 | $out['text'] .= '</select> <input type="button" value="'._L('Change').'" onclick="OIDplusPageAdminRegistration.crudActionRegPrivacyUpdate()"></p>'; |
||
| 161 | |||
| 162 | $out['text'] .= '<p>'._L('After clicking "change", your OIDplus system will contact the ViaThinkSoft server to adjust (add or remove information) your privacy setting. This may take a few minutes.').'</p>'; |
||
| 163 | |||
| 164 | $out['text'] .= '<p>'._L('<i>Privacy information:</i> Please note that removing your system from the directory does not automatically delete information about OIDs which are already published at oid-info.com. To remove already submitted OIDs at oid-info.com, please contact the <a href="mailto:admin@oid-info.com">OID Repository Webmaster</a>.').'</p>'; |
||
| 165 | } |
||
| 166 | } |
||
| 167 | if ($id === 'oidplus:srvreg_status') { |
||
| 168 | $handled = true; |
||
| 169 | $out['title'] = _L('Registration live status'); |
||
| 801 | daniel-mar | 170 | $out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : ''; |
| 635 | daniel-mar | 171 | |
| 172 | if (!OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 800 | daniel-mar | 173 | $out['icon'] = 'img/error.png'; |
| 635 | daniel-mar | 174 | $out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>'; |
| 175 | return; |
||
| 176 | } |
||
| 177 | |||
| 178 | $query = self::QUERY_LIVESTATUS_V1; |
||
| 179 | |||
| 180 | $payload = array( |
||
| 777 | daniel-mar | 181 | "query" => $query, // we must include $query to the playload, because we want to sign it |
| 635 | daniel-mar | 182 | "lang" => OIDplus::getCurrentLang(), |
| 183 | "system_id" => OIDplus::getSystemId(false) |
||
| 184 | ); |
||
| 185 | |||
| 186 | $signature = ''; |
||
| 830 | daniel-mar | 187 | if (!OIDplus::getPkiStatus() || !@openssl_sign(json_encode($payload), $signature, OIDplus::getSystemPrivateKey())) { |
| 635 | daniel-mar | 188 | throw new OIDplusException(_L('Signature failed')); |
| 189 | } |
||
| 190 | |||
| 191 | $data = array( |
||
| 192 | "payload" => $payload, |
||
| 193 | "signature" => base64_encode($signature) |
||
| 194 | ); |
||
| 195 | |||
| 196 | if (!function_exists('curl_init')) { |
||
| 197 | throw new OIDplusException(_L('The "%1" PHP extension is not installed at your system. Please enable the PHP extension <code>%2</code>.','CURL','php_curl')); |
||
| 198 | } |
||
| 199 | |||
| 200 | $ch = curl_init(); |
||
| 201 | if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem'); |
||
| 202 | curl_setopt($ch, CURLOPT_URL, 'https://oidplus.viathinksoft.com/reg2/query.php'); |
||
| 715 | daniel-mar | 203 | curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0'); |
| 635 | daniel-mar | 204 | curl_setopt($ch, CURLOPT_POST, 1); |
| 205 | if (function_exists('gzdeflate')) { |
||
| 206 | $compressed = "1"; |
||
| 207 | $data2 = gzdeflate(json_encode($data)); |
||
| 208 | } else { |
||
| 209 | $compressed = "0"; |
||
| 210 | $data2 = json_encode($data); |
||
| 211 | } |
||
| 212 | curl_setopt($ch, CURLOPT_POSTFIELDS, "query=".urlencode($query)."&compressed=$compressed&data=".urlencode(base64_encode($data2))); |
||
| 213 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
||
| 214 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); |
||
| 215 | curl_setopt($ch, CURLOPT_AUTOREFERER, true); |
||
| 216 | if (!($res = @curl_exec($ch))) { |
||
| 217 | throw new OIDplusException(_L('Communication with ViaThinkSoft server failed: %1',curl_error($ch))); |
||
| 218 | } |
||
| 219 | curl_close($ch); |
||
| 220 | |||
| 221 | $json = @json_decode($res, true); |
||
| 222 | |||
| 223 | if (!$json) { |
||
| 800 | daniel-mar | 224 | $out['icon'] = 'img/error.png'; |
| 635 | daniel-mar | 225 | $out['text'] = _L('JSON reply from ViaThinkSoft decoding error: %1',$res); |
| 226 | return; |
||
| 227 | } |
||
| 228 | |||
| 229 | if (isset($json['error']) || ($json['status'] < 0)) { |
||
| 800 | daniel-mar | 230 | $out['icon'] = 'img/error.png'; |
| 635 | daniel-mar | 231 | if (isset($json['error'])) { |
| 232 | $out['text'] = _L('Received error status code: %1',$json['error']); |
||
| 233 | } else { |
||
| 234 | $out['text'] = _L('Received error status code: %1',$json['status']); |
||
| 235 | } |
||
| 236 | return; |
||
| 237 | } |
||
| 238 | |||
| 239 | $out['text'] = '<p><a '.OIDplus::gui()->link('oidplus:srv_registration').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Go back to registration settings').'</a></p>' . |
||
| 240 | $json['content']; |
||
| 241 | } |
||
| 242 | } |
||
| 243 | |||
| 1116 | daniel-mar | 244 | /** |
| 245 | * @return bool |
||
| 246 | * @throws OIDplusException |
||
| 247 | */ |
||
| 248 | protected function areWeRegistered(): bool { |
||
| 635 | daniel-mar | 249 | // To check if we are registered. Check it "anonymously" (i.e. without revealing our system ID) |
| 715 | daniel-mar | 250 | $res = url_get_contents('https://oidplus.viathinksoft.com/reg2/query.php?query='.self::QUERY_LISTALLSYSTEMIDS_V1); |
| 635 | daniel-mar | 251 | |
| 252 | $json = @json_decode($res, true); |
||
| 253 | |||
| 254 | if (!$json) { |
||
| 255 | return false; // throw new OIDplusException(_L('JSON reply from ViaThinkSoft decoding error: %1',$res)); |
||
| 256 | } |
||
| 257 | |||
| 258 | if (isset($json['error']) || ($json['status'] < 0)) { |
||
| 259 | if (isset($json['error'])) { |
||
| 260 | return false; // throw new OIDplusException(_L('Received error status code: %1',$json['error'])); |
||
| 261 | } else { |
||
| 262 | return false; // throw new OIDplusException(_L('Received error status code: %1',$json['status'])); |
||
| 263 | } |
||
| 264 | } |
||
| 265 | |||
| 266 | $list = $json['list']; |
||
| 267 | |||
| 268 | return in_array(OIDplus::getSystemId(false), $list); |
||
| 269 | } |
||
| 270 | |||
| 1116 | daniel-mar | 271 | /** |
| 1130 | daniel-mar | 272 | * @param int|null $privacy_level |
| 1116 | daniel-mar | 273 | * @return false|void |
| 1130 | daniel-mar | 274 | * @throws OIDplusException|\OIDInfoException |
| 1116 | daniel-mar | 275 | */ |
| 1130 | daniel-mar | 276 | public function sendRegistrationQuery(int $privacy_level=null) { |
| 1029 | daniel-mar | 277 | |
| 635 | daniel-mar | 278 | if (is_null($privacy_level)) { |
| 279 | $privacy_level = OIDplus::config()->getValue('reg_privacy'); |
||
| 280 | } |
||
| 281 | |||
| 801 | daniel-mar | 282 | $system_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL); |
| 635 | daniel-mar | 283 | |
| 284 | // It is very important that we set the ping time NOW, because ViaThinkSoft might contact us during the ping, |
||
| 285 | // and this would cause an endless loop! |
||
| 286 | OIDplus::config()->setValue('reg_last_ping', time()); |
||
| 287 | |||
| 288 | if (!OIDplus::getPkiStatus()) return false; |
||
| 289 | |||
| 290 | if ($privacy_level == 2) { |
||
| 291 | // The user wants to unregister, but we only unregister if we are registered |
||
| 292 | if ($this->areWeRegistered()) { |
||
| 293 | $query = self::QUERY_UNREGISTER_V1; |
||
| 294 | |||
| 295 | $payload = array( |
||
| 777 | daniel-mar | 296 | "query" => $query, // we must include $query to the payload, because we want to sign it |
| 635 | daniel-mar | 297 | "system_id" => OIDplus::getSystemId(false) |
| 298 | ); |
||
| 299 | |||
| 300 | $signature = ''; |
||
| 830 | daniel-mar | 301 | if (!OIDplus::getPkiStatus() || !@openssl_sign(json_encode($payload), $signature, OIDplus::getSystemPrivateKey())) { |
| 635 | daniel-mar | 302 | return false; // throw new OIDplusException(_L('Signature failed')); |
| 303 | } |
||
| 304 | |||
| 305 | $data = array( |
||
| 306 | "payload" => $payload, |
||
| 307 | "signature" => base64_encode($signature) |
||
| 308 | ); |
||
| 309 | |||
| 310 | if (!function_exists('curl_init')) { |
||
| 311 | return false; // throw new OIDplusException(_L('The "%1" PHP extension is not installed at your system. Please enable the PHP extension <code>%2</code>.','CURL','php_curl')); |
||
| 312 | } |
||
| 313 | |||
| 314 | $ch = curl_init(); |
||
| 315 | if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem'); |
||
| 316 | curl_setopt($ch, CURLOPT_URL, 'https://oidplus.viathinksoft.com/reg2/query.php'); |
||
| 715 | daniel-mar | 317 | curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0'); |
| 635 | daniel-mar | 318 | curl_setopt($ch, CURLOPT_POST, 1); |
| 319 | if (function_exists('gzdeflate')) { |
||
| 320 | $compressed = "1"; |
||
| 321 | $data2 = gzdeflate(json_encode($data)); |
||
| 322 | } else { |
||
| 323 | $compressed = "0"; |
||
| 324 | $data2 = json_encode($data); |
||
| 325 | } |
||
| 326 | curl_setopt($ch, CURLOPT_POSTFIELDS, "query=".urlencode($query)."&compressed=$compressed&data=".urlencode(base64_encode($data2))); |
||
| 327 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
||
| 328 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); |
||
| 329 | curl_setopt($ch, CURLOPT_AUTOREFERER, true); |
||
| 330 | if (!($res = @curl_exec($ch))) { |
||
| 331 | return false; // throw new OIDplusException(_L('Communication with ViaThinkSoft server failed: %1',curl_error($ch))); |
||
| 332 | } |
||
| 333 | curl_close($ch); |
||
| 334 | |||
| 335 | $json = @json_decode($res, true); |
||
| 336 | |||
| 337 | if (!$json) { |
||
| 338 | return false; // throw new OIDplusException(_L('JSON reply from ViaThinkSoft decoding error: %1',$res)); |
||
| 339 | } |
||
| 340 | |||
| 341 | if (isset($json['error']) || ($json['status'] < 0)) { |
||
| 1116 | daniel-mar | 342 | return false; // throw new OIDplusException(_L('Received error status code: %1',isset($json['error']) ? $json['error'] : $json['status'])); |
| 635 | daniel-mar | 343 | } |
| 344 | } |
||
| 345 | } else { |
||
| 346 | if ($privacy_level == 0) { |
||
| 347 | $adminExportPlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.3.400'); // OIDplusPageAdminOIDInfoExport |
||
| 348 | if (!is_null($adminExportPlugin)) { |
||
| 941 | daniel-mar | 349 | list($oidinfo_xml, $dummy_content_type) = OIDplusPageAdminOIDInfoExport::outputXML(false); // no online check, because the query should be short (since the query is done while a visitor waits for the response) |
| 635 | daniel-mar | 350 | } else { |
| 351 | $oidinfo_xml = false; |
||
| 352 | } |
||
| 353 | } else { |
||
| 354 | $oidinfo_xml = false; |
||
| 355 | } |
||
| 356 | |||
| 357 | $query = self::QUERY_REGISTER_V1; |
||
| 358 | |||
| 359 | $root_oids = array(); |
||
| 360 | foreach (OIDplus::getEnabledObjectTypes() as $ot) { |
||
| 361 | if ($ot::ns() == 'oid') { |
||
| 362 | $res = OIDplus::db()->query("select id from ###objects where " . |
||
| 363 | "(parent = 'oid:' or " . |
||
| 364 | // The following two cases are special cases e.g. if there are multiple PEN or UUID-OIDs, and the system owner decides to use the IANA PEN as root OID, but actually, it is not "his" root then! The OIDs inside the IANA PEN root are his root then! |
||
| 365 | "parent in (select oid from ###asn1id where well_known = ?) or " . |
||
| 366 | "parent in (select oid from ###iri where well_known = ?)) and " . |
||
| 367 | // We assume hereby that RAs of well-known OIDs (e.g. IANA) will not use OIDplus for allocating OIDs: |
||
| 368 | "id not in (select oid from ###asn1id where well_known = ?) and " . |
||
| 369 | "id not in (select oid from ###iri where well_known = ?) " . |
||
| 370 | "order by ".OIDplus::db()->natOrder('id'), array(true, true, true, true)); |
||
| 371 | while ($row = $res->fetch_array()) { |
||
| 372 | $root_oids[] = substr($row['id'],strlen('oid:')); |
||
| 373 | } |
||
| 374 | } |
||
| 375 | } |
||
| 376 | $payload = array( |
||
| 777 | daniel-mar | 377 | "query" => $query, // we must include $query to the payload, because we want to sign it |
| 635 | daniel-mar | 378 | "privacy_level" => $privacy_level, |
| 379 | "system_id" => OIDplus::getSystemId(false), |
||
| 830 | daniel-mar | 380 | "public_key" => OIDplus::getSystemPublicKey(), |
| 635 | daniel-mar | 381 | "system_url" => $system_url, |
| 382 | "hide_system_url" => 0, |
||
| 383 | "hide_public_key" => 0, |
||
| 384 | "admin_email" => OIDplus::config()->getValue('admin_email'), |
||
| 385 | "system_title" => OIDplus::config()->getValue('system_title'), |
||
| 386 | "oidinfo_xml" => @base64_encode($oidinfo_xml), |
||
| 387 | "root_oids" => $root_oids, |
||
| 388 | "system_version" => OIDplus::getVersion(), |
||
| 389 | "system_install_type" => OIDplus::getInstallType() |
||
| 390 | ); |
||
| 391 | |||
| 392 | $signature = ''; |
||
| 830 | daniel-mar | 393 | if (!OIDplus::getPkiStatus() || !@openssl_sign(json_encode($payload), $signature, OIDplus::getSystemPrivateKey())) { |
| 635 | daniel-mar | 394 | return false; // throw new OIDplusException(_L('Signature failed')); |
| 395 | } |
||
| 396 | |||
| 397 | $data = array( |
||
| 398 | "payload" => $payload, |
||
| 399 | "signature" => base64_encode($signature) |
||
| 400 | ); |
||
| 401 | |||
| 402 | if (!function_exists('curl_init')) { |
||
| 403 | return false; // throw new OIDplusException(_L('The "%1" PHP extension is not installed at your system. Please enable the PHP extension <code>%2</code>.','CURL','php_curl')); |
||
| 404 | } |
||
| 405 | |||
| 406 | $ch = curl_init(); |
||
| 407 | if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem'); |
||
| 408 | curl_setopt($ch, CURLOPT_URL, 'https://oidplus.viathinksoft.com/reg2/query.php'); |
||
| 715 | daniel-mar | 409 | curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0'); |
| 635 | daniel-mar | 410 | curl_setopt($ch, CURLOPT_POST, 1); |
| 411 | if (function_exists('gzdeflate')) { |
||
| 412 | $compressed = "1"; |
||
| 413 | $data2 = gzdeflate(json_encode($data)); |
||
| 414 | } else { |
||
| 415 | $compressed = "0"; |
||
| 416 | $data2 = json_encode($data); |
||
| 417 | } |
||
| 418 | curl_setopt($ch, CURLOPT_POSTFIELDS, "query=".urlencode($query)."&compressed=$compressed&data=".urlencode(base64_encode($data2))); |
||
| 419 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
||
| 420 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); |
||
| 421 | curl_setopt($ch, CURLOPT_AUTOREFERER, true); |
||
| 422 | if (!($res = @curl_exec($ch))) { |
||
| 423 | return false; // throw new OIDplusException(_L('Communication with ViaThinkSoft server failed: %1',curl_error($ch))); |
||
| 424 | } |
||
| 425 | curl_close($ch); |
||
| 426 | |||
| 427 | $json = @json_decode($res, true); |
||
| 428 | |||
| 429 | if (!$json) { |
||
| 430 | return false; // throw new OIDplusException(_L('JSON reply from ViaThinkSoft decoding error: %1',$res)); |
||
| 431 | } |
||
| 432 | |||
| 433 | if (isset($json['error']) || ($json['status'] < 0)) { |
||
| 434 | if (isset($json['error'])) { |
||
| 435 | return false; // throw new OIDplusException(_L('Received error status code: %1',$json['error'])); |
||
| 436 | } else { |
||
| 437 | return false; // throw new OIDplusException(_L('Received error status code: %1',$json['status'])); |
||
| 438 | } |
||
| 439 | } else if ($json['status'] == 99/*Hash conflict*/) { |
||
| 440 | OIDplus::logger()->log("[WARN]A!", "Removing SystemID and key pair because there is a hash conflict with another OIDplus system!"); |
||
| 441 | |||
| 442 | // Delete the system ID since we have a conflict with the 31-bit hash! |
||
| 443 | OIDplus::config()->setValue('oidplus_private_key', ''); |
||
| 444 | OIDplus::config()->setValue('oidplus_public_key', ''); |
||
| 445 | |||
| 446 | // Try to generate a new system ID |
||
| 447 | OIDplus::getPkiStatus(true); |
||
| 448 | |||
| 449 | // Enforce a new registration attempt at the next page visit |
||
| 450 | // We will not try again here, because that might lead to an endless loop if the VTS server would always return 'HASH_CONFLCIT' |
||
| 451 | OIDplus::config()->setValue('reg_last_ping', 0); |
||
| 776 | daniel-mar | 452 | } else if ($json['status'] == 0/*OK*/) { |
| 453 | // Note: whois.viathinksoft.de:43 uses VGWhoIs, which uses these patterns: https://github.com/danielmarschall/vgwhois/blob/master/main/pattern/oid |
||
| 454 | // If your system gets acknowledged by ViaThinkSoft, then vts_whois will be filled with that server name whois.viathinksoft.de:43 |
||
| 455 | if (isset($json['vts_whois'])) OIDplus::config()->setValue('vts_whois', $json['vts_whois']); |
||
| 456 | |||
| 457 | // ViaThinkSoft certifies the system public key and other system attributes and root objects (requires human verification) |
||
| 458 | if (isset($json['vts_cert'])) OIDplus::config()->setValue('vts_cert', $json['vts_cert']); |
||
| 459 | if (isset($json['vts_ca'])) OIDplus::config()->setValue('vts_ca', $json['vts_ca']); |
||
| 635 | daniel-mar | 460 | } |
| 461 | } |
||
| 462 | } |
||
| 463 | |||
| 1116 | daniel-mar | 464 | /** |
| 465 | * @param bool $html |
||
| 466 | * @return void |
||
| 467 | * @throws OIDplusException |
||
| 468 | */ |
||
| 469 | public function init(bool $html=true) { |
||
| 699 | daniel-mar | 470 | if (OIDplus::getEditionInfo()['vendor'] != 'ViaThinkSoft') { |
| 471 | throw new OIDplusException(_L('This plugin is only available in the ViaThinkSoft edition of OIDplus')); |
||
| 472 | } |
||
| 473 | |||
| 635 | daniel-mar | 474 | // Note: It is important that the default value is '2', otherwise, systems which don't have CURL will fail |
| 475 | OIDplus::config()->prepareConfigKey('reg_privacy', '2=Hide your system, 1=Register your system to the ViaThinkSoft directory and oid-info.com, 0=Publish your system to ViaThinkSoft directory and all public contents (RA/OID) to oid-info.com', '2', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
||
| 476 | if (($value != '0') && ($value != '1') && ($value != '2')) { |
||
| 477 | throw new OIDplusException(_L('Please enter either 0, 1 or 2.')); |
||
| 478 | } |
||
| 479 | // Now do a recheck and notify the ViaThinkSoft server |
||
| 480 | if (($value == 2) || !OIDplus::baseConfig()->getValue('REGISTRATION_HIDE_SYSTEM', false)) { |
||
| 481 | OIDplus::config()->setValue('reg_last_ping', 0); |
||
| 482 | $this->sendRegistrationQuery($value); |
||
| 483 | } |
||
| 484 | }); |
||
| 485 | OIDplus::config()->prepareConfigKey('reg_ping_interval', 'Registration ping interval (in seconds)', '3600', OIDplusConfig::PROTECTION_HIDDEN, function($value) { |
||
| 486 | |||
| 487 | }); |
||
| 488 | OIDplus::config()->prepareConfigKey('reg_last_ping', 'Last ping to ViaThinkSoft directory services', '0', OIDplusConfig::PROTECTION_HIDDEN, function($value) { |
||
| 489 | |||
| 490 | }); |
||
| 776 | daniel-mar | 491 | OIDplus::config()->prepareConfigKey('vts_whois', 'ViaThinkSoft Whois Server (if this system is recognized)', '', OIDplusConfig::PROTECTION_READONLY, function($value) { |
| 492 | |||
| 493 | }); |
||
| 494 | OIDplus::config()->prepareConfigKey('vts_cert', 'ViaThinkSoft certificate (requires registration)', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) { |
||
| 495 | |||
| 496 | }); |
||
| 497 | OIDplus::config()->prepareConfigKey('vts_ca', 'ViaThinkSoft certificate root (requires registration)', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) { |
||
| 498 | |||
| 499 | }); |
||
| 635 | daniel-mar | 500 | OIDplus::config()->prepareConfigKey('oobe_registration_done', '"Out Of Box Experience" wizard for OIDplusPageAdminRegistration done once?', '0', OIDplusConfig::PROTECTION_HIDDEN, function($value) {}); |
| 501 | |||
| 502 | // Is it time to register / renew the directory entry? |
||
| 503 | // Note: REGISTRATION_HIDE_SYSTEM is an undocumented constant that can be put in the userdata/baseconfig/config.inc.php files of a test system accessing the same database as the productive system that is registered. |
||
| 504 | // This avoids that the URL of a productive system is overridden with the URL of a cloned test system (since they use the same database, they also have the same system ID) |
||
| 505 | |||
| 506 | if (OIDplus::config()->getValue('oobe_registration_done') == '1') { |
||
| 507 | if (!OIDplus::baseConfig()->getValue('REGISTRATION_HIDE_SYSTEM', false)) { |
||
| 508 | $privacy_level = OIDplus::config()->getValue('reg_privacy'); |
||
| 509 | |||
| 510 | if (PHP_SAPI !== 'cli') { // don't register when called from CLI, otherwise the oidinfo XML can't convert relative links into absolute links |
||
| 786 | daniel-mar | 511 | $last_ping = OIDplus::config()->getValue('reg_last_ping'); |
| 512 | if (!is_numeric($last_ping)) $last_ping = 0; |
||
| 513 | $last_ping_interval = OIDplus::config()->getValue('reg_ping_interval'); |
||
| 514 | if (!is_numeric($last_ping_interval)) $last_ping_interval = 3600; |
||
| 852 | daniel-mar | 515 | |
| 516 | // Cronjobs get half ping interval, to make sure that a web visitor won't get any delay |
||
| 517 | if (OIDplus::isCronjob()) $last_ping_interval /= 2; |
||
| 518 | |||
| 786 | daniel-mar | 519 | if ((time()-$last_ping >= $last_ping_interval)) { |
| 635 | daniel-mar | 520 | $this->sendRegistrationQuery(); |
| 521 | } |
||
| 522 | } |
||
| 523 | } |
||
| 524 | } |
||
| 525 | } |
||
| 526 | |||
| 1116 | daniel-mar | 527 | /** |
| 528 | * @param array $json |
||
| 529 | * @param string|null $ra_email |
||
| 530 | * @param bool $nonjs |
||
| 531 | * @param string $req_goto |
||
| 532 | * @return bool |
||
| 533 | * @throws OIDplusException |
||
| 534 | */ |
||
| 535 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
||
| 635 | daniel-mar | 536 | if (!OIDplus::authUtils()->isAdminLoggedIn()) return false; |
| 537 | |||
| 800 | daniel-mar | 538 | if (file_exists(__DIR__.'/img/main_icon16.png')) { |
| 801 | daniel-mar | 539 | $tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'; |
| 635 | daniel-mar | 540 | } else { |
| 541 | $tree_icon = null; // default icon (folder) |
||
| 542 | } |
||
| 543 | |||
| 544 | $json[] = array( |
||
| 545 | 'id' => 'oidplus:srv_registration', |
||
| 546 | 'icon' => $tree_icon, |
||
| 547 | 'text' => _L('System registration') |
||
| 548 | ); |
||
| 549 | |||
| 550 | return true; |
||
| 551 | } |
||
| 552 | |||
| 1116 | daniel-mar | 553 | /** |
| 554 | * @param string $request |
||
| 555 | * @return array|false |
||
| 556 | */ |
||
| 557 | public function tree_search(string $request) { |
||
| 635 | daniel-mar | 558 | return false; |
| 559 | } |
||
| 560 | |||
| 1116 | daniel-mar | 561 | /** |
| 562 | * @param string $id |
||
| 563 | * @return bool |
||
| 564 | */ |
||
| 565 | public function implementsFeature(string $id): bool { |
||
| 635 | daniel-mar | 566 | if (strtolower($id) == '1.3.6.1.4.1.37476.2.5.2.3.1') return true; // oobeEntry, oobeRequested |
| 1000 | daniel-mar | 567 | if (strtolower($id) == '1.3.6.1.4.1.37476.2.5.2.3.8') return true; // getNotifications() |
| 635 | daniel-mar | 568 | return false; |
| 569 | } |
||
| 570 | |||
| 1116 | daniel-mar | 571 | /** |
| 572 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.1 |
||
| 573 | * @return bool |
||
| 574 | * @throws OIDplusException |
||
| 575 | */ |
||
| 635 | daniel-mar | 576 | public function oobeRequested(): bool { |
| 577 | return OIDplus::config()->getValue('oobe_registration_done') == '0'; |
||
| 578 | } |
||
| 579 | |||
| 1116 | daniel-mar | 580 | /** |
| 581 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.1 |
||
| 1125 | daniel-mar | 582 | * @param int $step |
| 583 | * @param bool $do_edits |
||
| 584 | * @param bool $errors_happened |
||
| 1116 | daniel-mar | 585 | * @return void |
| 586 | * @throws OIDplusConfigInitializationException |
||
| 587 | * @throws OIDplusException |
||
| 588 | */ |
||
| 1125 | daniel-mar | 589 | public function oobeEntry(int $step, bool $do_edits, bool &$errors_happened)/*: void*/ { |
| 1055 | daniel-mar | 590 | echo '<h2>'._L('Step %1: System registration and automatic publishing (optional)',$step).'</h2>'; |
| 635 | daniel-mar | 591 | |
| 592 | if (file_exists(__DIR__ . '/info$'.OIDplus::getCurrentLang().'.html')) { |
||
| 593 | $info = file_get_contents(__DIR__ . '/info$'.OIDplus::getCurrentLang().'.html'); |
||
| 594 | } else { |
||
| 595 | $info = file_get_contents(__DIR__ . '/info.html'); |
||
| 596 | } |
||
| 597 | |||
| 598 | // make sure the program works even if the user provided HTML is not UTF-8 |
||
| 721 | daniel-mar | 599 | $info = convert_to_utf8_no_bom($info); |
| 635 | daniel-mar | 600 | |
| 601 | echo $info; |
||
| 602 | |||
| 603 | if (!function_exists('curl_init')) { |
||
| 604 | echo '<p><font color="red">'; |
||
| 605 | echo _L('The "%1" PHP extension is not installed at your system. Please enable the PHP extension <code>%2</code>.','CURL','php_curl').' '; |
||
| 606 | echo _L('Therefore, you <b>cannot</b> register your OIDplus instance now.'); |
||
| 607 | echo '</font></p>'; |
||
| 608 | if ($do_edits) { |
||
| 609 | OIDplus::config()->setValue('oobe_registration_done', '1'); |
||
| 610 | } |
||
| 611 | return; |
||
| 612 | } |
||
| 613 | |||
| 614 | $pki_status = OIDplus::getPkiStatus(); |
||
| 615 | |||
| 616 | if (!$pki_status) { |
||
| 617 | echo '<p><font color="red">'; |
||
| 618 | echo _L('Your system could not generate a private/public key pair. (OpenSSL is probably missing on your system).').' '; |
||
| 619 | echo _L('Therefore, you <b>cannot</b> register your OIDplus instance now.'); |
||
| 620 | echo '</font></p>'; |
||
| 621 | if ($do_edits) { |
||
| 622 | OIDplus::config()->setValue('oobe_registration_done', '1'); |
||
| 623 | } |
||
| 624 | return; |
||
| 625 | } |
||
| 626 | |||
| 627 | echo '<p>'._L('Privacy level').':</p><select name="reg_privacy" id="reg_privacy">'; |
||
| 628 | |||
| 629 | # --- |
||
| 630 | |||
| 631 | echo '<option value="0"'; |
||
| 1033 | daniel-mar | 632 | if (isset($_POST['sent'])) { |
| 633 | if (isset($_POST['reg_privacy']) && ($_POST['reg_privacy'] == 0)) echo ' selected'; |
||
| 635 | daniel-mar | 634 | } else { |
| 635 | if ((OIDplus::config()->getValue('reg_privacy') == 0) || !OIDplus::config()->getValue('oobe_registration_done')) { |
||
| 636 | echo ' selected'; |
||
| 637 | } else { |
||
| 638 | echo ''; |
||
| 639 | } |
||
| 640 | } |
||
| 641 | echo '>'._L('0 = Register to directory service and automatically publish RA/OID data at oid-info.com').'</option>'; |
||
| 642 | |||
| 643 | # --- |
||
| 644 | |||
| 645 | echo '<option value="1"'; |
||
| 1033 | daniel-mar | 646 | if (isset($_POST['sent'])) { |
| 647 | if (isset($_POST['reg_privacy']) && ($_POST['reg_privacy'] == 1)) echo ' selected'; |
||
| 635 | daniel-mar | 648 | } else { |
| 649 | if ((OIDplus::config()->getValue('reg_privacy') == 1)) { |
||
| 650 | echo ' selected'; |
||
| 651 | } else { |
||
| 652 | echo ''; |
||
| 653 | } |
||
| 654 | } |
||
| 655 | echo '>'._L('1 = Only register to directory service').'</option>'; |
||
| 656 | |||
| 657 | # --- |
||
| 658 | |||
| 659 | echo '<option value="2"'; |
||
| 1033 | daniel-mar | 660 | if (isset($_POST['sent'])) { |
| 661 | if (isset($_POST['reg_privacy']) && ($_POST['reg_privacy'] == 2)) echo ' selected'; |
||
| 635 | daniel-mar | 662 | } else { |
| 663 | if ((OIDplus::config()->getValue('reg_privacy') == 2)) { |
||
| 664 | echo ' selected'; |
||
| 665 | } else { |
||
| 666 | echo ''; |
||
| 667 | } |
||
| 668 | } |
||
| 669 | echo '>'._L('2 = Hide system').'</option>'; |
||
| 670 | |||
| 671 | # --- |
||
| 672 | |||
| 673 | echo '</select>'; |
||
| 674 | |||
| 675 | $msg = ''; |
||
| 676 | if ($do_edits) { |
||
| 677 | try { |
||
| 1130 | daniel-mar | 678 | OIDplus::config()->setValue('reg_privacy', $_POST['reg_privacy'] ?? 1); |
| 635 | daniel-mar | 679 | OIDplus::config()->setValue('oobe_registration_done', '1'); |
| 1050 | daniel-mar | 680 | } catch (\Exception $e) { |
| 635 | daniel-mar | 681 | $msg = $e->getMessage(); |
| 682 | $errors_happened = true; |
||
| 683 | } |
||
| 684 | } |
||
| 1029 | daniel-mar | 685 | if (!empty($msg)) echo ' <font color="red"><b>'.$msg.'</b></font>'; |
| 635 | daniel-mar | 686 | |
| 687 | echo '<p>'._L('<i>Privacy information:</i> This setting can always be changed in the administrator login / control panel.').'<br>'; |
||
| 688 | echo _L('<a %1>Click here</a> for more information about privacy related topics.','href="../../../../res/OIDplus/privacy_documentation.html" target="_blank"'); |
||
| 689 | echo '</p>'; |
||
| 690 | } |
||
| 691 | |||
| 1116 | daniel-mar | 692 | /** |
| 693 | * Implements interface 1.3.6.1.4.1.37476.2.5.2.3.8 |
||
| 1125 | daniel-mar | 694 | * @param string|null $user |
| 1116 | daniel-mar | 695 | * @return array |
| 696 | * @throws OIDplusException |
||
| 697 | */ |
||
| 1125 | daniel-mar | 698 | public function getNotifications(string $user=null): array { |
| 1000 | daniel-mar | 699 | $notifications = array(); |
| 700 | if ((!$user || ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) { |
||
| 701 | if (!function_exists('curl_init')) { |
||
| 702 | $title = _L('System registration'); |
||
| 1008 | daniel-mar | 703 | $notifications[] = array('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', '<a '.OIDplus::gui()->link('oidplus:srv_registration').'>'.htmlentities($title).'</a>', 'php_curl')); |
| 1000 | daniel-mar | 704 | } |
| 705 | } |
||
| 706 | return $notifications; |
||
| 707 | } |
||
| 708 | |||
| 635 | daniel-mar | 709 | } |