\core\diagTelepath

The overall coordination class that runs all kinds of tests to find out where and what is wrong. Operates on the realm of a user. Can do more magic if it also knows which federation the user is currently positioned in, or even which exact hotspot to analyse.

Its main purpose is to initialise some error messages.

Summary

Methods
Properties
Constants
__construct()
__destruct()
createTemporaryDirectory()
rrmdir()
magic()
$returnCodes
$possibleFailureReasons
$additionalFindings
RETVAL_OK
RETVAL_NOTCONFIGURED
RETVAL_SKIPPED
RETVAL_INVALID
RETVAL_NO_RESPONSE
RETVAL_SERVER_UNFINISHED_COMM
RETVAL_IMMEDIATE_REJECT
RETVAL_CONVERSATION_REJECT
RETVAL_CONNECTION_REFUSED
RETVAL_INCOMPLETE_DATA
RETVAL_WRONG_PKCS12_PASSWORD
CERTPROB_ROOT_INCLUDED
CERTPROB_TOO_MANY_SERVER_CERTS
CERTPROB_NO_SERVER_CERT
CERTPROB_MD5_SIGNATURE
CERTPROB_SHA1_SIGNATURE
CERTPROB_LOW_KEY_LENGTH
CERTPROB_NO_TLS_WEBSERVER_OID
CERTPROB_NO_CDP
CERTPROB_NO_CDP_HTTP
CERTPROB_NO_CRL_AT_CDP_URL
CERTPROB_SERVER_CERT_REVOKED
CERTPROB_OUTSIDE_VALIDITY_PERIOD
CERTPROB_OUTSIDE_VALIDITY_PERIOD_WARN
CERTPROB_TRUST_ROOT_NOT_REACHED
CERTPROB_TRUST_ROOT_REACHED_ONLY_WITH_OOB_INTERMEDIATES
CERTPROB_SERVER_NAME_MISMATCH
CERTPROB_SERVER_NAME_PARTIAL_MATCH
CERTPROB_NOT_A_HOSTNAME
CERTPROB_WILDCARD_IN_NAME
CERTPROB_NO_BASICCONSTRAINTS
CERTPROB_UNKNOWN_CA
CERTPROB_WRONGLY_ACCEPTED
CERTPROB_WRONGLY_NOT_ACCEPTED
CERTPROB_NOT_ACCEPTED
CERTPROB_UNABLE_TO_GET_CRL
CERTPROB_NO_COMMON_EAP_METHOD
CERTPROB_DH_GROUP_TOO_SMALL
CERTPROB_MULTIPLE_CN
INFRA_ETLR
INFRA_LINK_ETLR_NRO_IDP
INFRA_LINK_ETLR_NRO_SP
INFRA_NRO_SP
INFRA_NRO_IDP
INFRA_SP_RADIUS
INFRA_IDP_RADIUS
INFRA_IDP_AUTHBACKEND
INFRA_SP_80211
INFRA_SP_LAN
INFRA_DEVICE
INFRA_NONEXISTENTREALM
STATUS_GOOD
STATUS_PARTIAL
STATUS_DOWN
STATUS_MONITORINGFAIL
L_OK
L_REMARK
L_WARN
L_ERROR
normaliseResultSet()
$loggerInstance
$languageInstance
N/A
genericAPIStatus()
checkEtlrStatus()
checkFedEtlrUplink()
checkFlrServerStatus()
checkNROFlow()
CATInternalTests()
$realm
$visitedFlr
$visitedHotspot
$catProfile
$dbIdP
$idPFederation
$testsuite
N/A

Constants

RETVAL_OK

RETVAL_OK = 0

Test was executed and the result was as expected.

RETVAL_NOTCONFIGURED

RETVAL_NOTCONFIGURED = -100

Test could not be run because CAT software isn't configured for it

RETVAL_SKIPPED

RETVAL_SKIPPED = -101

Test skipped because there was nothing to be done

RETVAL_INVALID

RETVAL_INVALID = -103

test executed, and there were errors

RETVAL_NO_RESPONSE

RETVAL_NO_RESPONSE = -106

no reply at all from remote RADIUS server

RETVAL_SERVER_UNFINISHED_COMM

RETVAL_SERVER_UNFINISHED_COMM = -107

auth flow stopped somewhere in the middle of a conversation

RETVAL_IMMEDIATE_REJECT

RETVAL_IMMEDIATE_REJECT = -108

a RADIUS server did not want to talk EAP with us, but at least replied with a Reject

RETVAL_CONVERSATION_REJECT

RETVAL_CONVERSATION_REJECT = -109

a RADIUS server talked EAP with us, but didn't like us in the end

RETVAL_CONNECTION_REFUSED

RETVAL_CONNECTION_REFUSED = -110

a RADIUS server refuses connection

RETVAL_INCOMPLETE_DATA

RETVAL_INCOMPLETE_DATA = -111

not enough data provided to perform an authentication

RETVAL_WRONG_PKCS12_PASSWORD

RETVAL_WRONG_PKCS12_PASSWORD = -112

PKCS12 password does not match the certificate file

CERTPROB_ROOT_INCLUDED

CERTPROB_ROOT_INCLUDED = -200

The root CA certificate was sent by the EAP server.

CERTPROB_TOO_MANY_SERVER_CERTS

CERTPROB_TOO_MANY_SERVER_CERTS = -201

There was more than one server certificate in the EAP server's chain.

CERTPROB_NO_SERVER_CERT

CERTPROB_NO_SERVER_CERT = -202

There was no server certificate in the EAP server's chain.

CERTPROB_MD5_SIGNATURE

CERTPROB_MD5_SIGNATURE = -204

The/a server certificate was signed with an MD5 signature.

CERTPROB_SHA1_SIGNATURE

CERTPROB_SHA1_SIGNATURE = -227

The/a server certificate was signed with an MD5 signature.

CERTPROB_LOW_KEY_LENGTH

CERTPROB_LOW_KEY_LENGTH = -220

one of the keys in the cert chain was smaller than 1024 bits

CERTPROB_NO_TLS_WEBSERVER_OID

CERTPROB_NO_TLS_WEBSERVER_OID = -205

The server certificate did not contain the TLS Web Server OID, creating compat problems with many Windows versions.

CERTPROB_NO_CDP

CERTPROB_NO_CDP = -206

The server certificate did not include a CRL Distribution Point, creating compat problems with Windows Phone 8.

CERTPROB_NO_CDP_HTTP

CERTPROB_NO_CDP_HTTP = -207

The server certificate did a CRL Distribution Point, but not to a HTTP/HTTPS URL. Possible compat problems.

CERTPROB_NO_CRL_AT_CDP_URL

CERTPROB_NO_CRL_AT_CDP_URL = -208

The server certificate's CRL Distribution Point URL couldn't be accessed and/or did not contain a CRL.

CERTPROB_SERVER_CERT_REVOKED

CERTPROB_SERVER_CERT_REVOKED = -222

certificate is not currently valid (expired/not yet valid)

CERTPROB_OUTSIDE_VALIDITY_PERIOD

CERTPROB_OUTSIDE_VALIDITY_PERIOD = -221

The received server certificate is revoked.

CERTPROB_OUTSIDE_VALIDITY_PERIOD_WARN

CERTPROB_OUTSIDE_VALIDITY_PERIOD_WARN = -225

At least one certificate is outside its validity period (not yet valid, or already expired)!

CERTPROB_TRUST_ROOT_NOT_REACHED

CERTPROB_TRUST_ROOT_NOT_REACHED = -209

At least one certificate is outside its validity period, but this certificate does not take part in servder validation

CERTPROB_TRUST_ROOT_REACHED_ONLY_WITH_OOB_INTERMEDIATES

CERTPROB_TRUST_ROOT_REACHED_ONLY_WITH_OOB_INTERMEDIATES = -216

The received certificate chain did not carry the necessary intermediate CAs in the EAP conversation. Only the CAT Intermediate CA installation can complete the chain.

CERTPROB_SERVER_NAME_MISMATCH

CERTPROB_SERVER_NAME_MISMATCH = -210

The received server certificate's name did not match the configured name in the profile properties.

CERTPROB_SERVER_NAME_PARTIAL_MATCH

CERTPROB_SERVER_NAME_PARTIAL_MATCH = -217

The received server certificate's name did not match the configured name in the profile properties.

CERTPROB_NOT_A_HOSTNAME

CERTPROB_NOT_A_HOSTNAME = -218

One of the names in the cert was not a hostname.

CERTPROB_WILDCARD_IN_NAME

CERTPROB_WILDCARD_IN_NAME = -219

One of the names contained a wildcard character.

CERTPROB_NO_BASICCONSTRAINTS

CERTPROB_NO_BASICCONSTRAINTS = -211

The certificate does not set any BasicConstraints; particularly no CA = TRUE|FALSE

CERTPROB_UNKNOWN_CA

CERTPROB_UNKNOWN_CA = -212

The server presented a certificate which is from an unknown authority

CERTPROB_WRONGLY_ACCEPTED

CERTPROB_WRONGLY_ACCEPTED = -213

The server accepted this client certificate, but should not have

CERTPROB_WRONGLY_NOT_ACCEPTED

CERTPROB_WRONGLY_NOT_ACCEPTED = -214

The server does not accept this client certificate, but should have

CERTPROB_NOT_ACCEPTED

CERTPROB_NOT_ACCEPTED = -215

The server does accept this client certificate

CERTPROB_UNABLE_TO_GET_CRL

CERTPROB_UNABLE_TO_GET_CRL = 223

the CRL of a certificate could not be found

CERTPROB_NO_COMMON_EAP_METHOD

CERTPROB_NO_COMMON_EAP_METHOD = -224

no EAP method could be agreed on, certs could not be extraced

CERTPROB_DH_GROUP_TOO_SMALL

CERTPROB_DH_GROUP_TOO_SMALL = -225

Diffie-Hellman groups need to be 1024 bit at least, starting with OS X 10.11

CERTPROB_MULTIPLE_CN

CERTPROB_MULTIPLE_CN = -226

There is more than one CN in the certificate

INFRA_ETLR

INFRA_ETLR = INFRA_ETLR

INFRA_NRO_SP

INFRA_NRO_SP = INFRA_NRO_SP

INFRA_NRO_IDP

INFRA_NRO_IDP = INFRA_NRO_IdP

INFRA_SP_RADIUS

INFRA_SP_RADIUS = INFRA_SP_RADIUS

INFRA_IDP_RADIUS

INFRA_IDP_RADIUS = INFRA_IdP_RADIUS

INFRA_IDP_AUTHBACKEND

INFRA_IDP_AUTHBACKEND = INFRA_IDP_AUTHBACKEND

INFRA_SP_80211

INFRA_SP_80211 = INFRA_SP_80211

INFRA_SP_LAN

INFRA_SP_LAN = INFRA_SP_LAN

INFRA_DEVICE

INFRA_DEVICE = INFRA_DEVICE

INFRA_NONEXISTENTREALM

INFRA_NONEXISTENTREALM = INFRA_NONEXISTENTREALM

STATUS_GOOD

STATUS_GOOD = 0

STATUS_PARTIAL

STATUS_PARTIAL = -1

STATUS_DOWN

STATUS_DOWN = -2

STATUS_MONITORINGFAIL

STATUS_MONITORINGFAIL = -3

L_OK

L_OK = 0

L_REMARK

L_REMARK = 4

L_WARN

L_WARN = 32

L_ERROR

L_ERROR = 256

Properties

$returnCodes

$returnCodes : mixed|string|int

generic return codes

Type

mixed|string|int —

$possibleFailureReasons

$possibleFailureReasons : 

Type

$additionalFindings

$additionalFindings : 

Type

$loggerInstance

$loggerInstance : \core\common\Logging

We occasionally log stuff (debug/audit). Have an initialised Logging instance nearby is sure helpful.

Type

\core\common\Logging —

$languageInstance

$languageInstance : \core\common\Language

access to language settings to be able to switch textDomain

Type

\core\common\Language —

$realm

$realm : 

Type

$visitedFlr

$visitedFlr : 

Type

$visitedHotspot

$visitedHotspot : 

Type

$catProfile

$catProfile : 

Type

$dbIdP

$dbIdP : 

Type

$idPFederation

$idPFederation : string|null

Type

string|null —

$testsuite

$testsuite : 

Type

Methods

__construct()

__construct(  realm, string|null  visitedFlr = NULL, string|null  visitedHotspot = NULL) 

prime the Telepath with info it needs to know to successfully meditate over the problem

Logs the start of lifetime of the entity to the debug log on levels 3 and higher.

Parameters

realm

the realm of the user

string|null visitedFlr

which NRO is the user visiting

string|null visitedHotspot

external DB ID of the hotspot he visited

__destruct()

__destruct() 

destroys the entity.

Logs the end of lifetime of the entity to the debug log on level 5.

createTemporaryDirectory()

createTemporaryDirectory(  purpose = installer,   failIsFatal = 1) : mixed|string|int

create a temporary directory and return the location

Parameters

purpose

one of 'installer', 'logo', 'test' defined the purpose of the directory

failIsFatal

decides if a creation failure should cause an error; defaults to true

Returns

mixed|string|int —

the tuple of: base path, absolute path for directory, directory name

rrmdir()

rrmdir(  dir) 

this direcory delete function has been copied from PHP documentation

Parameters

dir

name of the directory to delete

magic()

magic() : mixed|string|int

Does the main meditation job

Returns

mixed|string|int —

the findings

normaliseResultSet()

normaliseResultSet() 

turns $this->possibleFailureReasons into something where the sum of all occurence factors is 1. A bit like a probability distribution, but they are not actual probabilities.

genericAPIStatus()

genericAPIStatus(  type,   param1 = NULL,   param2 = NULL) : mixed|string|int

ask the monitoring API about the things it knows

Parameters

type

which type of test to execute

param1

test-specific parameter number 1, if any

param2

test-specific parameter number 2, if any

Returns

mixed|string|int —

checkEtlrStatus()

checkEtlrStatus() : mixed|string|int

Are the ETLR servers in order?

Returns

mixed|string|int —

checkFedEtlrUplink()

checkFedEtlrUplink(  fed) : mixed|string|int

Is the uplink between an NRO server and the ETLRs in order?

Parameters

fed

Returns

mixed|string|int —

checkFlrServerStatus()

checkFlrServerStatus(  fed) : mixed|string|int

Is the NRO server itself in order?

Parameters

fed

Returns

mixed|string|int —

checkNROFlow()

checkNROFlow() : mixed|string|int

Does authentication traffic flow between a given source and destination NRO?

Returns

mixed|string|int —

CATInternalTests()

CATInternalTests() : 

Runs the CAT-internal diagnostics tests. Determines the state of the realm (and indirectly that of the links and statuses of involved proxies and returns a judgment whether external Monitoring API tests are warranted or not

Returns

TRUE if external tests have to be run