RADIUSTests __construct(
string
$realm, [int
$profile_id = 0]
)
|
|
Constructor for the EAPTests class. The single mandatory parameter is the realm for which the tests are to be carried out.
Parameters:
string |
$realm: |
|
int |
$profile_id: |
|
API Tags:
int CApath_check(
string
$host
)
|
|
This function executes openssl s_clientends command to check if a server accept a CA
Parameters:
API Tags:
Return: | returncode |
Access: | public |
void initialise_errors(
)
|
|
This function returns an array of errors which were encountered in all the tests.
API Tags:
Tests if this realm exists in DNS and has NAPTR records matching the configured consortium NAPTR target.
possible RETVALs:
- RETVAL_NOT_CONFIGURED; needs Config::$RADIUSTESTS['TLS-discoverytag']
- RETVAL_ONLYUNRELATEDNAPTR
- RETVAL_NONAPTR
API Tags:
Return: | Either a RETVAL constant or a positive number (count of relevant NAPTR records) |
Access: | public |
Tests if all the dicovered NAPTR entries conform to the consortium's requirements
possible RETVALs:
- RETVAL_NOT_CONFIGURED; needs Config::$RADIUSTESTS['TLS-discoverytag']
- RETVAL_INVALID (at least one format error)
- RETVAL_OK (all fine)
API Tags:
Return: | one of two RETVALs above |
Access: | public |
Tests if NAPTR records can be resolved to SRVs. Will only run if NAPTR checks completed without error.
possible RETVALs:
- RETVAL_INVALID
- RETVAL_SKIPPED
API Tags:
Return: | one of the RETVALs above or the number of SRV records which were resolved |
int openssl_result(
string
$host, string
$testtype, string
$opensslbabble, pointer
&$testresults, [string
$type = ''], [int
$k = 0]
)
|
|
This function parses openssl s_client result
Parameters:
string |
$host: |
IP:port |
string |
$testtype: |
capath or clients |
string |
$opensslbabble: |
openssl command output |
string |
$type: |
results array key |
int |
$k: |
results array key |
pointer |
&$testresults: |
to results array |
API Tags:
string openssl_s_client(
$host, string
$arg,
&$testresults, string
$key, string
$bracketaddr, int
$port
)
|
|
This function executes openssl s_client command
Parameters:
string |
$key: |
points NAPTR_hostname_records |
string |
$bracketaddr: |
IP address |
int |
$port: |
|
string |
$arg: |
arguments to add to the openssl command |
|
$host: |
|
|
&$testresults: |
|
API Tags:
Return: | result of oenssl s_client ... |
string property_certificate_get_field(
structure
$cert, string
$field
)
|
|
This function parses a X.509 cert and returns the value of $field
Parameters:
structure |
$cert: |
(returned from openssl_x509_parse) |
string |
$field: |
|
API Tags:
Return: | value of the extention named $field or '' |
string property_certificate_get_issuer(
structure
$cert
)
|
|
This function parses a X.509 cert and returns the value of $field
Parameters:
structure |
$cert: |
(returned from openssl_x509_parse) |
API Tags:
Return: | value of the issuer field or '' |
array property_check_intermediate(
&$intermediate_ca, [boolean
$server_cert = FALSE], array
$intermediate_ca
)
|
|
This function parses a X.509 intermediate CA cert and checks if it finds client device incompatibilities
Parameters:
array |
$intermediate_ca: |
the properties of the certificate as returned by processCertificate() |
boolean |
$server_cert: |
complain_about_cdp_existence: for intermediates, not having a CDP is less of an issue than for servers. Set the REMARK (..._INTERMEDIATE) flag if not complaining; and _SERVER if so |
|
&$intermediate_ca: |
|
API Tags:
Return: | of oddities; the array is empty if everything is fine |
Access: | public |
array property_check_policy(
structure
$cert
)
|
|
This function parses a X.509 cert and returns all certificatePolicies OIDs
Parameters:
structure |
$cert: |
(returned from openssl_x509_parse) |
API Tags:
array property_check_servercert(
&$servercert, array
$servercert
)
|
|
This function parses a X.509 server cert and checks if it finds client device incompatibilities
Parameters:
array |
$servercert: |
the properties of the certificate as returned by processCertificate(), $servercert is modified, if CRL is defied, it is downloaded and added to the array incoming_server_names, sAN_DNS and CN array values are also defined |
|
&$servercert: |
|
API Tags:
Return: | of oddities; the array is empty if everything is fine |
Access: | public |
int TLS_clients_side_check(
string
$host
)
|
|
This function performs
This function performs executes openssl s_client command to check if a server accept a client certificate
Parameters:
API Tags:
Return: | returncode |
Access: | public |
void UDP_login(
$probeindex,
$eaptype,
$user,
$password, [
$outer_user = ''], [
$opname_check = TRUE], [
$frag = TRUE], [
$clientcertdata = NULL]
)
|
|
Parameters:
|
$probeindex: |
|
|
$eaptype: |
|
|
$user: |
|
|
$password: |
|
|
$outer_user: |
|
|
$opname_check: |
|
|
$frag: |
|
|
$clientcertdata: |
|
API Tags:
int UDP_reachability(
$probeindex, [
$opname_check = TRUE], [
$frag = TRUE], string
$probeindex:, boolean
$opname_check:, boolean
$frag:
)
|
|
This function performs actual authentication checks with MADE-UP credentials.
Its purpose is to check if a RADIUS server is reachable and speaks EAP. The function fills array RADIUSTests::UDP_reachability_result[$probeindex] with all check detail in case more than the return code is needed/wanted by the caller
Parameters:
string |
$probeindex:: |
refers to the specific UDP-host in the config that should be checked |
boolean |
$opname_check:: |
should we check choking on Operator-Name? |
boolean |
$frag:: |
should we cause UDP fragmentation? (Warning: makes use of Operator-Name!) |
|
$probeindex: |
|
|
$opname_check: |
|
|
$frag: |
|
API Tags:
Return: | returncode |
Access: | public |