phpDocumentor Developer
[ class tree: Developer ] [ index: Developer ] [ all elements ]

Class: RADIUSTests

Source Location: /core/RADIUSTests.php

Class RADIUSTests

Property Summary
mixed   $NAPTR_hostname_records  
mixed   $return_codes  
mixed   $TLS_CA_checks_result  
mixed   $TLS_certkeys  
mixed   $TLS_clients_checks_result  
mixed   $UDP_reachability_result  

[ Top ]
Method Summary
RADIUSTests   __construct()   Constructor for the EAPTests class. The single mandatory parameter is the realm for which the tests are to be carried out.
int   CApath_check()   This function executes openssl s_clientends command to check if a server accept a CA
void   initialise_errors()  
array   listerrors()   This function returns an array of errors which were encountered in all the tests.
int   NAPTR()   Tests if this realm exists in DNS and has NAPTR records matching the configured consortium NAPTR target.
int   NAPTR_compliance()   Tests if all the dicovered NAPTR entries conform to the consortium's requirements
void   NAPTR_hostnames()  
int   NAPTR_SRV()   Tests if NAPTR records can be resolved to SRVs. Will only run if NAPTR checks completed without error.
int   openssl_result()   This function parses openssl s_client result
string   openssl_s_client()   This function executes openssl s_client command
string   property_certificate_get_field()   This function parses a X.509 cert and returns the value of $field
string   property_certificate_get_issuer()   This function parses a X.509 cert and returns the value of $field
array   property_check_intermediate()   This function parses a X.509 intermediate CA cert and checks if it finds client device incompatibilities
array   property_check_policy()   This function parses a X.509 cert and returns all certificatePolicies OIDs
array   property_check_servercert()   This function parses a X.509 server cert and checks if it finds client device incompatibilities
int   TLS_clients_side_check()   This function performs
void   UDP_login()  
int   UDP_reachability()   This function performs actual authentication checks with MADE-UP credentials.

[ Top ]
Properties
mixed   $NAPTR_hostname_records [line 234]
API Tags:
Access:  public


[ Top ]
mixed   $return_codes [line 230]
API Tags:
Access:  public


[ Top ]
mixed   $TLS_CA_checks_result [line 232]
API Tags:
Access:  public


[ Top ]
mixed   $TLS_certkeys = array() [line 238]
API Tags:
Access:  public


[ Top ]
mixed   $TLS_clients_checks_result [line 233]
API Tags:
Access:  public


[ Top ]
mixed   $UDP_reachability_result [line 231]
API Tags:
Access:  public


[ Top ]
Methods
Constructor __construct  [line 247]

  RADIUSTests __construct( string $realm, [int $profile_id = 0]  )

Constructor for the EAPTests class. The single mandatory parameter is the realm for which the tests are to be carried out.

Parameters:
string   $realm: 
int   $profile_id: 

API Tags:
Access:  public


[ Top ]
CApath_check  [line 1527]

  int CApath_check( string $host  )

This function executes openssl s_clientends command to check if a server accept a CA

Parameters:
string   $host:  IP:port

API Tags:
Return:  returncode
Access:  public


[ Top ]
initialise_errors  [line 367]

  void initialise_errors( )



[ Top ]
listerrors  [line 817]

  array listerrors( )

This function returns an array of errors which were encountered in all the tests.


API Tags:
Access:  public


[ Top ]
NAPTR  [line 291]

  int NAPTR( )

Tests if this realm exists in DNS and has NAPTR records matching the configured consortium NAPTR target.

possible RETVALs:

  • RETVAL_NOT_CONFIGURED; needs Config::$RADIUSTESTS['TLS-discoverytag']
  • RETVAL_ONLYUNRELATEDNAPTR
  • RETVAL_NONAPTR


API Tags:
Return:  Either a RETVAL constant or a positive number (count of relevant NAPTR records)
Access:  public


[ Top ]
NAPTR_compliance  [line 329]

  int NAPTR_compliance( )

Tests if all the dicovered NAPTR entries conform to the consortium's requirements

possible RETVALs:

  • RETVAL_NOT_CONFIGURED; needs Config::$RADIUSTESTS['TLS-discoverytag']
  • RETVAL_INVALID (at least one format error)
  • RETVAL_OK (all fine)


API Tags:
Return:  one of two RETVALs above
Access:  public


[ Top ]
NAPTR_hostnames  [line 687]

  void NAPTR_hostnames( )



[ Top ]
NAPTR_SRV  [line 655]

  int NAPTR_SRV( )

Tests if NAPTR records can be resolved to SRVs. Will only run if NAPTR checks completed without error.

possible RETVALs:

  • RETVAL_INVALID
  • RETVAL_SKIPPED


API Tags:
Return:  one of the RETVALs above or the number of SRV records which were resolved


[ Top ]
openssl_result  [line 1458]

  int openssl_result( string $host, string $testtype, string $opensslbabble, pointer &$testresults, [string $type = ''], [int $k = 0]  )

This function parses openssl s_client result

Parameters:
string   $host:  IP:port
string   $testtype:  capath or clients
string   $opensslbabble:  openssl command output
string   $type:  results array key
int   $k:  results array key
pointer   &$testresults:  to results array

API Tags:
Return:  return code


[ Top ]
openssl_s_client  [line 1437]

  string openssl_s_client( $host, string $arg, &$testresults, string $key, string $bracketaddr, int $port  )

This function executes openssl s_client command

Parameters:
string   $key:  points NAPTR_hostname_records
string   $bracketaddr:  IP address
int   $port: 
string   $arg:  arguments to add to the openssl command
   $host: 
   &$testresults: 

API Tags:
Return:  result of oenssl s_client ...


[ Top ]
property_certificate_get_field  [line 1421]

  string property_certificate_get_field( structure $cert, string $field  )

This function parses a X.509 cert and returns the value of $field

Parameters:
structure   $cert:  (returned from openssl_x509_parse)
string   $field: 

API Tags:
Return:  value of the extention named $field or ''


[ Top ]
property_certificate_get_issuer  [line 1403]

  string property_certificate_get_issuer( structure $cert  )

This function parses a X.509 cert and returns the value of $field

Parameters:
structure   $cert:  (returned from openssl_x509_parse)

API Tags:
Return:  value of the issuer field or ''


[ Top ]
property_check_intermediate  [line 789]

  array property_check_intermediate( &$intermediate_ca, [boolean $server_cert = FALSE], array $intermediate_ca  )

This function parses a X.509 intermediate CA cert and checks if it finds client device incompatibilities

Parameters:
array   $intermediate_ca:  the properties of the certificate as returned by processCertificate()
boolean   $server_cert:  complain_about_cdp_existence: for intermediates, not having a CDP is less of an issue than for servers. Set the REMARK (..._INTERMEDIATE) flag if not complaining; and _SERVER if so
   &$intermediate_ca: 

API Tags:
Return:  of oddities; the array is empty if everything is fine
Access:  public


[ Top ]
property_check_policy  [line 1387]

  array property_check_policy( structure $cert  )

This function parses a X.509 cert and returns all certificatePolicies OIDs

Parameters:
structure   $cert:  (returned from openssl_x509_parse)

API Tags:
Return:  of OIDs


[ Top ]
property_check_servercert  [line 737]

  array property_check_servercert( &$servercert, array $servercert  )

This function parses a X.509 server cert and checks if it finds client device incompatibilities

Parameters:
array   $servercert:  the properties of the certificate as returned by processCertificate(), $servercert is modified, if CRL is defied, it is downloaded and added to the array incoming_server_names, sAN_DNS and CN array values are also defined
   &$servercert: 

API Tags:
Return:  of oddities; the array is empty if everything is fine
Access:  public


[ Top ]
TLS_clients_side_check  [line 1546]

  int TLS_clients_side_check( string $host  )

This function performs

This function performs executes openssl s_client command to check if a server accept a client certificate

Parameters:
string   $host:  IP:port

API Tags:
Return:  returncode
Access:  public


[ Top ]
UDP_login  [line 914]

  void UDP_login( $probeindex, $eaptype, $user, $password, [ $outer_user = ''], [ $opname_check = TRUE], [ $frag = TRUE], [ $clientcertdata = NULL]  )

Parameters:
   $probeindex: 
   $eaptype: 
   $user: 
   $password: 
   $outer_user: 
   $opname_check: 
   $frag: 
   $clientcertdata: 

API Tags:
Access:  public


[ Top ]
UDP_reachability  [line 832]

  int UDP_reachability( $probeindex, [ $opname_check = TRUE], [ $frag = TRUE], string $probeindex:, boolean $opname_check:, boolean $frag:  )

This function performs actual authentication checks with MADE-UP credentials.

Its purpose is to check if a RADIUS server is reachable and speaks EAP. The function fills array RADIUSTests::UDP_reachability_result[$probeindex] with all check detail in case more than the return code is needed/wanted by the caller

Parameters:
string   $probeindex::  refers to the specific UDP-host in the config that should be checked
boolean   $opname_check::  should we check choking on Operator-Name?
boolean   $frag::  should we cause UDP fragmentation? (Warning: makes use of Operator-Name!)
   $probeindex: 
   $opname_check: 
   $frag: 

API Tags:
Return:  returncode
Access:  public


[ Top ]

Documentation generated on Tue, 06 Oct 2015 06:11:17 +0000 by phpDocumentor 1.4.4