One possible bug found in REST API:

OIDplusPagePublicRestApi::handle404() calls originHeaders().

If REST is called with the request method "OPTIONS", then restApiCall_OPTIONS() will additionally send some of these headers.
(Note: At least for IIS, the software seems to swallow the "OPTIONS" method and not forward it to PHP. I wonder if any software forwards "OPTIONS" to PHP?!)

Here is the comparison of the contents:

We should remove all headers from OIDplusPagePublicRestApi::handle404() (except Access-Control-Allow-Methods) and instead merge them into originHeaders().

@wehowski Since there are some differences in the values and I don't have much knowledge about CORS, I ask you to take a look and help me with the fix (after all, you are the author of originHeaders()). Thank you very much.

When you are editing the title of an OID, you might press Ctrl + Shift + Left arrow to select a whole word.
But this closes and opens the menu at the left.
This is super annoying!

I noticed that the section "Registration Authority" is only displayed on the GUI pages of OIDs, but not on any other object type.

~/dev/plugins/viathinksoft/objectTypes$ grep -r "%%RA_INFO%%"
oid/OIDplusOid.class.php:                                   '<h2>'._L('Registration Authority').'</h2>%%RA_INFO%%';

I think the GUI pages should look equal to all object types, and as long as there are owners (every OIDplus object has owners), there should be the RA visible.

Example:

https://..../oidplus/plugins/viathinksoft/auth/A1_phpgeneric_salted_hex/OIDplusAuthPluginPhpGenericSaltedHex.class.php

If PHP outputs errors, the path of the serverfile will be shown => Security risk

In any case, the server error log gets filled with errors.

We probably need to go back to the old behavior of adding a constant "INSIDE_OIDPLUS" and checking if this constant exists??

The Microsoft UUID-to-OID and Waterjuice UUID-to-OID are AltIDs, which should not be sent to oid-info.com. The handling of these UUIDs should be the same as the handling for 2.25. They shall not be added to oid-info.com.

(1) OID 1.2.840.113556.1.8000.2554.25854.36082.13069.18473.45604.4487685.4269080

(2) OID 1.3.6.1.4.1.54392.1.7277409019743782953.12836460128777610264

(3) OID 1.3.6.1.4.1.54392.2.1694403826.856508457.2988721274.88155160

(4) OID 1.3.6.1.4.1.54392.3.25854.36082.13069.18473.45604.17530.1345.9240

Java Plugin:

• If object id ends with ".java", it shall be an "Leaf" node, otherwise it should be shown as folder icon.

PHP Plugin

• Create based on the idea of @frdl
• If object id ends with ".php", it shall be an "Leaf" node (i.e. a PHP class or interface), otherwise it should be shown as folder icon (i.e. a PHP namespace)

Additionally, polyfill may not be cached

Keine Alarmmeldung oder so, nur ein Beitrag zur Info!

- Root composer.json requires firebase/php-jwt ^5.2 -> satisfiable by firebase/php-jwt[v5.2.0, ..., v5.5.1].
- roave/security-advisories dev-latest conflicts with firebase/php-jwt <6.
- Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].

Hallo Daniel,
obige Meldung kommt von roave/security-advisories über firebase/php-jwt <6.
Kannst Du (langfristig wenn mal Zeit ist, nicht so super wichtig) aus (in composer.json) dem "repositories" member ein Array machen (nur Array, OHNE die repositories zu ändern wie ich unten getan habe ggf.)? (s.u.)

Um Gehrinwackelpudding loszuwerden möchte ich mich heute Nachmittag mit 2 bis 3 kleineren Erweiterungen an 2 bis 3 meiner OIDplus-Plugins setzen die ich schon länger geplant hatte und um den Rahmen nicht mit neuen Innovationen zu sprengen.
Dazu habe ich die aktuelle composer.json wie unten angehängt bearbeitet, da kommt die Meldung her.
Viele Grüße, melde mich...

{
	"name": "danielmarschall/oidplus",
	"description": "OIDplus 2.0",
	"version": "2.0",
	"type": "project",
	"homepage": "https://www.oidplus.com/",
	"authors": [
		{
			"name": "Daniel Marschall",
			"email": "[email protected]",
			"homepage": "https://www.daniel-marschall.de/"
		}
	],
	"license": [
		"Apache-2.0"
	],
	"prefer-dist": true,
	"minimum-stability": "dev",
	"config": {
		"optimize-autoloader" : true,
	    "classmap-authoritative" : false, 
	    "prepend-autoloader": true, 
	    "cache-files-ttl": 120, 
		"secure-http": false,
		"preferred-install": "auto",
		"autoloader-suffix": "OidPlusComposer",
		"allow-plugins": {
		  "danielmarschall/*": true,
		  "airmad/*": true,
		  "civicrm/*": true,
		  "composer/*": true,
		  "frdl/*": true,
		  "kylekatarnls/update-helper": true,
		  "vendor-patch/composer-custom-directory-installer": true,
		  "vendor-patch/composer-installers-extender": true,
		  "frdl/oiplus-composer-plugin": true,
		  "smoren/mushroom-hook-manager": true,
		  "composer/installers": true,
		  "oomphinc/composer-installers-extender": true
    	}	
	},		
  "require-dev": {
	"roave/security-advisories": "dev-latest"
  },	
   "extra": { 
	 "compile-mode" : "all",
     "merge-plugin": {        			
			"include": [
				"plugins/*/*/*/composer.json",
				"composer.json"
			],
			"require": [			
				"composer.json"
			],
			"recurse": true,
			"replace": false,
			"ignore-duplicates": false,
			"merge-dev": true,
			"merge-extra": true,
			"merge-extra-deep": true,
			"merge-scripts": true
    },
		
		"installer-types": [ 
			"oiplus-plugin-public-pages",
			"oiplus-plugin-rap-ages",
			"oiplus-plugin-admin-pages",
			"oiplus-plugin-auth",
			"oiplus-plugin-database",
			"oiplus-plugin-sql-slang",
			"oiplus-plugin-logger",
			"oiplus-plugin-object-types",
			"oiplus-plugin-language",
			"oiplus-plugin-design",
			"oiplus-plugin-captcha",
			"project",
			"library"
		],
   "installer-paths": {
			"vendor/{$vendor}/{$name}/":             [
				"type:library",
				"type:project"
			],
			              
			"plugins/{$vendor}/publicPages/{$name}/":              [
				"type:oiplus-plugin-public-pages"
			],
			"plugins/{$vendor}/raPages/{$name}/": [
				"type:oiplus-plugin-ra-pages"
			],
			"plugins/{$vendor}/adminPages/{$name}/":             [
				"type:oiplus-plugin-admin-pages"
			],
			"plugins/{$vendor}/auth/{$name}/": [
				"type:oiplus-plugin-auth"
			],
			"plugins/{$vendor}/database/{$name}/": [
				"type:oiplus-plugin-database"
			],
			"plugins/{$vendor}/sqlSlang/{$name}/": [
				"type:oiplus-plugin-sql-slang"
			],
			"plugins/{$vendor}/logger/{$name}/": [
				"type:oiplus-plugin-logger"
			],
			"plugins/{$vendor}/objectTypes/{$name}/": [
				"type:oiplus-plugin-object-types"
			],
			"plugins/{$vendor}/language/{$name}/": [
				"type:oiplus-plugin-language"
			],
			"plugins/{$vendor}/design/{$name}/": [
				"type:oiplus-plugin-design"
			],
			"plugins/{$vendor}/captcha/{$name}/": [
				"type:oiplus-plugin-captcha"
			]
		},

		"dependency-scripts": {
			"run": true,
			"trust": [
				"danielmarschall\/*",
				"airmad\/*",
				"composer\/*",
				"symfony\/*",
				"frdl\/*",
				"webfan3\/*",
				"wehowski\/*",
				"vendor-patch\/*",
				"smoren\/mushroom-hook-manager",
				"oomphinc\/composer-installers-extender"
			],
			"exclude": [],
			"types": [ 
			"oiplus-plugin-public-pages",
			"oiplus-plugin-rap-ages",
			"oiplus-plugin-admin-pages",
			"oiplus-plugin-auth",
			"oiplus-plugin-database",
			"oiplus-plugin-sql-slang",
			"oiplus-plugin-logger",
			"oiplus-plugin-object-types",
			"oiplus-plugin-language",
			"oiplus-plugin-design",
			"oiplus-plugin-captcha",
			"project",
			"library"
			]
		}
  }, 		
	"repositories": [		
		{
			"type": "composer", 
			"url": "https://oidplus-plugins.repo.pkg.dev.frdl.de"
		},
		 {
			"type": "package",
			"packagist.org": false,
			"package": {
				"name": "emn178/js-sha3",
				"version": "master",
				"license": [
					"MIT"
				],
				"source": {
					"url": "https://github.com/emn178/js-sha3",
					"type": "git",
					"reference": "master"
				}
			}
		},
		 {
			"type": "package",
			"packagist.org": false,
			"package": {
				"name": "gedmarc/layout",
				"version": "master",
				"license": [
					"GPL-3.0-or-later",
					"MIT"
				],
				"source": {
					"url": "https://github.com/GedMarc/layout",
					"type": "git",
					"reference": "master"
				}
			}
		},
		{
			"type": "package",
			"packagist.org": false,
			"package": {
				"name": "dcodeio/bcrypt.js",
				"version": "master",
				"license": [
					"BSD-3-Clause",
					"MIT"
				],
				"source": {
					"url": "https://github.com/dcodeIO/bcrypt.js",
					"type": "git",
					"reference": "master"
				}
			}
		},
		 {
			"type": "package",
			"packagist.org": false,
			"package": {
				"name": "script47/bs5-utils",
				"version": "master",
				"license": [
					"MIT"
				],
				"source": {
					"url": "https://github.com/Script47/bs5-utils",
					"type": "git",
					"reference": "master"
				}
			}
		},
		 {
			"type": "package",
			"packagist.org": false,
			"package": {
				"name": "spamspan/spamspan",
				"version": "master",
				"license": "GPL-2.0-only",
				"dist": {
					"url": "http://www.spamspan.com/releases/spamspan-latest.zip",
					"type": "zip",
					"reference": "master"
				}
			}
		}
	],	
	"require": {
		"php": ">=7.0",
			
		"frdl/oiplus-composer-plugin" : ">=1.0.4",	 
			
		"frdl/oidplus-io4-bridge-plugin" : ">=v0.0.4",		
 
	   "knplabs/packagist-api" : "*",
	   "frdl/composer-adapter" : "*",
	   "frdl/event-module" : "*",	
	   "yosymfony/resource-watcher" : "*",
	   "frdl/iana-enterprise-numbers-fetcher" : "*",
	   "hazaveh/verify-domain" : "*",
		
		
			
		"components/jquery": "^3.5",
		"components/jqueryui": "^1.12",
		"matthiasmullie/minify": "^1.3",
		"firebase/php-jwt": "*",
		"tinymce/tinymce": "^5.8",
		"dcodeio/bcrypt.js": "*@dev",
		"danielmarschall/vnag": "*@dev",
		"danielmarschall/uuid_mac_utils": "*@dev",
		"danielmarschall/php_utils": "*@dev",
		"danielmarschall/fileformats": "*@dev",
		"danielmarschall/oidconverter": "*@dev",
		"spamspan/spamspan": "*@dev",
		"vakata/jstree": "^3.3",
		"twbs/bootstrap": "^5.0",
		"symfony/polyfill-mbstring": "<=1.19",
		"gedmarc/layout": "*@dev",
		"emn178/js-sha3": "*@dev",
		"danielmarschall/php-sha3": "*@dev",
		"tweeb/tinymce-i18n": "^2.0",
		"phpseclib/phpseclib": "~3.0",
		"script47/bs5-utils": "*",
		"danielmarschall/glip": "0.1.3.x-dev",
		"ext-json": "*",
		"spomky-labs/php-punycode": "dev-master"
	},
	"scripts": {
		"post-update-cmd": [
			"curl https://curl.se/ca/cacert.pem -L -sS -o vendor/cacert.pem",
			"echo 'Options -Indexes' > vendor/.htaccess",
			"touch vendor/index.html"
		],
		"post-install-cmd": [
			"curl https://curl.se/ca/cacert.pem -L -sS -o vendor/cacert.pem",
			"echo 'Options -Indexes' > vendor/.htaccess",
			"touch vendor/index.html"
		]
	}
}

I was wondering, is it possible (or should we) replace all AJAX request with REST requests? Can jQuery easily access REST instead of AJAX?

If every AJAX call would be changed to REST and these REST commands are documented, then this would mean that the whole OIDplus system could be automatized? (This is also already possible using "Automated AJAX Requests", however this solution is pretty lame because it is 0% documented, and it's just "look at the code and figure out which parameters to send")

"Compare Export"

Is this wrong? Shouldn't there stand "Root OID x.x.x"?

Also... are there only roots shown which are verified, or which are verified AND existing locally? When a fresh system is installed, nothing is there, and users might not know that they need to create a RA first.

Waterjuice UUID OIDs (1.3.6.1.4.1.54392.(1|2|3).xx for 16|32|64 bit chunks)*

• Implement in uuid_utils info (SVN Rev 77)
• Implement in OIDplus altIds (SVN Rev 1424)

Microsoft "UUID" OID*

• Implement in uuid_utils info (SVN Rev 77)
• Implement in OIDplus altIds (SVN Rev 1424)

Waterjuice "Free for all OIDs" (1.3.6.1.4.1.54392.4.xx and 1.3.6.1.4.1.54392.5.xx)

• Implement in OIDplus Well Known OIDs (SVN Rev 1425)

R74n "Free for all OIDs" (1.3.6.1.4.1.61117.9000.xx)

• Implement in OIDplus Well Known OIDs (SVN Rev 1425)

Test case *:

UUID:  ca069732-780c-11ee-b962-000000000074

2.25.268538275572115285380101426435393060980 ISO/ITU-T UUID

1.2.840.113556.1.8000.2554.51718.38706.30732.4590.47458.0.116 Microsoft UUID

1.3.6.1.4.1.54392.1.14557489088539922926.13358239444734312564 Waterjuice 64-bit UUID

1.3.6.1.4.1.54392.2.3389429554.2014056942.3110207488.116 Waterjuice 32-bit UUID

1.3.6.1.4.1.54392.3.51718.38706.30732.4590.47458.0.0.116 Waterjuice 16-bit UUID

(After update on April 8th:)
"The only thing missing is local version on Software update page (it says Local installation: unknown)."

Originally posted by @tushev in #5 (comment)

Just installed a new OIDPlus repository, following the instructions in the configuration.

I'm getting the following error:

OIDplus error
syntax error, unexpected floating-point number ".1", expecting ")"

Technical information about the problem:

ParseError
at file /var/www/oidplus/userdata/baseconfig/config.inc.php (line 6)

Stacktrace:
#0 /var/www/oidplus/includes/classes/OIDplus.class.php(867): OIDplus::baseConfig()
#1 /var/www/oidplus/index.php(28): OIDplus::init()
#2 {main}

The config file looks like this:

OIDplus::baseConfig()->setValue('CONFIG_VERSION',    2.1);

It looks like perhaps some unicode ended up in there. I copied and pasted directly into the file by terminal.

00000390  6c 75 73 3a 3a 62 61 73  65 43 6f 6e 66 69 67 28  |lus::baseConfig(|
000003a0  29 2d 3e 73 65 74 56 61  6c 75 65 28 27 43 41 50  |)->setValue('CAP|
000003b0  54 43 48 41 5f 50 4c 55  47 49 4e 27 2c c2 a0 c2  |TCHA_PLUGIN',...|
000003c0  a0 c2 a0 c2 a0 27 56 69  61 54 68 69 6e 6b 53 6f  |.....'ViaThinkSo|
000003d0  66 74 c2 a0 43 6c 69 65  6e 74 c2 a0 43 68 61 6c  |ft..Client..Chal|
000003e0  6c 65 6e 67 65 27 29 3b  0a 0a 0a 4f 49 44 70 6c  |lenge');...OIDpl|
000003f0  75 73 3a 3a 62 61 73 65  43 6f 6e 66 69 67 28 29  |us::baseConfig()|
00000400  2d 3e 73 65 74 56 61 6c  75 65 28 27 45 4e 46 4f  |->setValue('ENFO|
00000410  52 43 45 5f 53 53 4c 27  2c c2 a0 c2 a0 c2 a0 c2  |RCE_SSL',.......|
00000420  a0 c2 a0 c2 a0 c2 a0 4f  49 44 70 6c 75 73 3a 3a  |.......OIDplus::|
00000430  45 4e 46 4f 52 43 45 5f  53 53 4c 5f 59 45 53 29  |ENFORCE_SSL_YES)|
00000440  3b 0a                                             |;.|

Cleaning up the file fixes the parsing issue.

Hallo Daniel,
das plugin:
https://github.com/frdl/oidplus-frdlweb-rdap/blob/main/OIDplusPagePublicRdap.class.php
...wird zur Zeit upgedated in bezug auf rdap-conformance/-extensions und OID-Connect.

• Updates folgen also...
  - Bitte jetzt schon fixen: Die aktuelle Version sollte es tun, jedoch bitte wichtig; Besispiel: https://hosted.oidplus.com/viathinksoft/plugins/frdl/publicPages/1276945_rdap/rdap/rdap.php?query=oid%3A1.3.6.1.4.1.37476.30.9.1494410075

https://hosted.oidplus.com/viathinksoft/oid/1.3.6.1.4.1.37476.30.9.1494410075
geht nicht
vergl. geht: https://webfan.de/apps/registry/rdap/oid/1.3.6.1.4.1.37553.8.8.7

Wichtig: Es MUSS eine RDAP-Rest Url vefügbar sein: ...rdapbase../oid/2.999

After OID creation, there is at least one confirmation dialog.

1. If RA does not exist. Create it YES / NO?
2. Open the newly created object YES / NO?

There are several problems:

1. This is annoying if you create a lot of objects.
2. Since you need to enter a title anyways, you should be forced to at least look at the new object page. (Exception if the RA is different and you are no admin, then you cannot enter a title)
3. You are used to the question "open new object" and click always yes. But when the RA is different, the question is "invite RA" and you will click yes, because you expect the question "open new object". In that case you will be redirected to the "invite" page. ANOTHER problem is that this invite page opens but the jsTree menu does not refresh, so you cannot easily navigate to the new OID instead.

Proposed solution:

1. When you create a new object, you will be automatically redirected to the new OID and the jsTree will refresh
2. Somewhere at the page (maybe next to the RA email address?) there will be an "Invite" button. This Invite button will be always there, so if you want to invite the RA in the future, you do not need to edit the RA just to get the invitation dialog. Please note #27
3. In the privacy policy, the following sentence needs to be adjusted: (Note: To resend an invitation, the system administrator or superior Registration Authority needs to click "Update" at the OID delegation table, so that they are asked again to send the invitation).

It is possible that anyone can receive an invitation, even if they were not assigned as RA to any object,
just by entering "oidplus:invite_ra$xx$..." in the goto box.
It should be somehow secured.

Help wanted: How to make a Docker image for OIDplus?

At the moment, there is a requirement that Internet Explorer compatibility for the front-end should be kept as good as possible.

I am planning to drop support for Internet Explorer completely on 1 August 2023.

Reason for the decision: In most Windows versions, iexplore.exe cannot be called anymore (Edge opens automatically), so the risk of users actually working with Internet Explorer is extremely low now, unless they are still working with Windows 7.

• add a custom log event

Hallo Daniel,
ich habe einen Branch erstellt, leider kann ich den nicht mehr bearbeiten.

Hast Du den gelöscht?

Der Sinn und Zweck sollte sein Änderungen NICHT in den main core branch zu puschen,
sondern alte und neue Umfangreiche Änderungen und Erweiterungen NICHT closed source zu lassen, sondern zu veröffentlichen und auch nutzbar zu machen, aber OHNE die Änderungen in den main Branch / core zu commiten.

Mein(e) OIDplus in Production is voll von krams und allerlei fremden und work in progress, diese Registry Instanz
https://weid.info/plus
soll mit den Software Erweiterungen bespickt werden und KEINE registry Funktion haben ausser Software / WEID-Consortium specs ...

Liegt in Deinem / WEID Webhosting Account

Die neue Spec. Teil 1 ist so gut wie fertig, muss nur noch implementiert werden... ...auch im OIDplus.

Viele Grüße
Till

Some ideas, but I have no idea how to solve them cost-saving and compatible with servers in a data center:

• Having a HSM or SecureElement store the OIDplus System key material ...
• Sign all OIDs, log entries, etc.
• ... should we let the server sign it using a HSM / SE?
• ... or should we let the operator sign it? (With a SmartCard, maybe a special JavaCard application?)
• ... or maybe both (SmartCard signature for manually assigned OIDs, and server signature for automatic generated OIDs, e.g. FreeOID service)
• Use external logging servers? aliyun?
• Give owners of OIDs a certificate by the superior RA? Making something like DNSSec. Maybe build upon OID Resolution System (ORS)? (Can we implement ORS in any way?)

But how can we include a HSM to a server in a data center? CloudHSM seems to be expensive. Things like German TSE would be perfect, although I'd prefer if they would be a real WORM storage, or some product by Swissbit (iShield?). But we cannot plug-in a HSM in a data center if we don't have access to the server.

So many ideas...

Previously, OIDplus has used UUIDv3 and UUIDv5 with custom namespace as OIDplus Information Objects.

Recently, this was changed to custom UUIDv8.

I begin to feel uncomfortable with this solution, though, since these UUIDs can collide easily. On the other hand, it is nice that you have so many data in the UUID that can be extracted, like SystemID and Timestamp...

Should we rather do UUIDv3, UUIDv5 or a Name-Based-UUIDv8 instead? (With a new namespaces to define the different types to be identified)

Can we make use of ORS somehow?

Open questions:

1. How can ViaThinkSoft and FrdlWeb join ORS? (And maybe write a tutorial how to join ORS if you have a IANA PEN)

2. What data is stored in ORS? Is it like a TXT record with an URL in it, or what else can be saved? (This is probably a RTFM question)

3. Are there reference implementations or examples for an ORS Client or ORS Server?

Currently, "Static link to this page" is a relative URL.

But we should use OIDplus::canonicalUrl(), which is absolute and canonical

Currently, the main development is in a SVN repository. All SVN changes are automatically uploaded to GitHub as a mirror and seconary distribution channel.

So we currently have 3 distribution channels:

1. SVN. Updates come via a SVN client.
2. GIT (which is currently a copy of SVN). Updates come via a GIT client.
3. TAR.GZ (which is currently a snapshot of SVN + a "version.php" file added). Updates come via autogenerated change-scripts.

Currently, each SVN revision is a OIDplus version. At a lot of places the "SVN Revision" is processed.

If we switch to Git as distribution channel we need to do:

1. In GitHub we probably need to make use of the "release / package" feature so we can define that a specific commit is a new version, because OIDplus requires some kind of version number, which was super easy with SVN, but hard with GIT, because there are no numbered commits.
2. Check all places in the program code that handles "SVN Revision" and look if (how) we can switch to Git.
3. For SVN distribution channel: Change the internal tool to let SVN be a copy of GIT instead of GIT being a copy of SVN.
4. For GIT distribution channel: Nothing to do.
5. For TAR.GZ distribution channel: Rebuild tool that creates the autogenerated change-scripts as well as the TAR.GZ file itself.
6. Change internal tool that creates the checksums ( https://oidplus.com/checksums/ ) for the system check plugin.
7. We will probably recognize a lot of more places where SVN is important once we switched to GIT...

So to conclude, it is extremely hard to switch from SVN to GIT... So this is a long-time project.

If you work with ActiveDirectory, you might want to manage your tree,
so you need to take care about all your O, OU, CN, etc.
So, there should be such an object type

Disclaimer: I am not an expert in X.500 and ActiveDirectory, so I hope I implement useful use-cases.

I have the following idea where every RA keeps a complete protocol of all of their activities. This could be implemented in OIDplus.

Draft:

RA-Protokoll of RA XYZ

Fields:

	Seq No       8 digits
	timestamp    ISO 8601  (Z means +00:00 i.e. GMT time)
	dot          "Confidential flag" (can be added and removed by hand)
	EventID      see below
	OID          OID that is affected (except for events NA__ and OP__)
	EventData    Depending on event data, sometimes optional.

Example:

00000000 2023-04-01T01:49:00Z   OPHI
00000001 2023-04-01T01:49:00Z   NAHI ViaThinkSoft Registration Authority
00000002 2023-04-01T01:49:00Z   OWHI 1.3.6.1.4.1.37476 IANA
00000003 2023-04-01T01:49:00Z   DELE 1.3.6.1.4.1.37476.1 John Doe, [email protected]
00000004 2023-04-01T01:49:00Z   DERM 1.3.6.1.4.1.37476.1
00000005 2023-04-01T01:49:00Z . RDAC
00000006 2023-04-01T01:49:00Z . RDAC

Events:

RDAC	Mark redacted line in an OUTPUT (it is not LOGGED redacted)

DE	Delegations:
  LE	Delegate <OID> to RA <EventData>
  NC	Acknowledge name change of foreign RA <EventData> for OID <OID>
  RM	Removed delegation of <OID>
  HI	Historic (pre-logging) delegation of <OID> to RA <EventData> (last known RA name)

ST	Status:
  AT	Set status of <OID>. <EventData> DRAFT, ACTIVE, FROZEN, DEFUNCT
  HI	Historic (pre-logging) state of <OID> is <EventData>

AS	ASN.1 labels:
  N1	Assign ASN.1 label <EventData> to <OID>
  RM	Remove ASN.1 label <EventData> from <OID>
  HI	Historic (pre-logging) assignment of ASN.1 label <EventData> to <OID>

UC	Unicode labels:
  OD	Assign Unicode label <EventData> to <OID>
  RM	Remove Unicode label <EventData> from <OID>
  HI	Historic (pre-logging) assignment of Unicode label <EventData> to <OID>

CM	Comments:
  NT	Comment <EventData> to OID <OID>
  HI	Historic (pre-logging) comment <EventData> to OID <OID>

OW	Received ownership:
  NS	Claim ownership of OID <OID>. Received permission from RA <EventData> (optional argument)
  HI	Historic (pre-logging) ownership of OID <OID>. Last received permission from RA <EventData> (optional argument)

LO	Lost ownership:
  ST	Lost ownership of <OID>.
  HI	Historic (pre-logging) lost of OID <OID>.

NA	Own RA name or contact data (No <OID>):
  ME	Set own RA contact data or name
  HI	Historic (pre-logging) contact data or name for own RA

OP	Operational status of own RA (No <OID> or <EventData>):
  EN	Begin operation. Is only set if NO HISTORIC pre-logging events exist! Protocol starts here.
  TM	Terminate operation of this RA. Protocol ends here. (Cannot be undone)
  HI	Begin protocol for an existing operational RA. Protocol starts here. Please continue with **HI events to show the current delegation data.

Taken from the current TODO file:

Important things:
- OIDplus must be able to handle large amount of OIDs, e.g. 100.000 OIDs in a branch. It don't need to be perfect, but it must not crash the system
  Currently there are the following "hacks" to make the system not crash if there are too many OIDs
	plugins/viathinksoft/raPages/099_object_log/OIDplusPageRaObjectLog.class.php (show max 100 object log entries)
	plugins/frdl/publicPages/altids/OIDplusPagePublicAltIds.class.php (hardcoded to ignore children of 1.3.6.1.4.1.37476.1.2.3.1)
	plugins/viathinksoft/publicPages/000_objects/OIDplusPagePublicObjects.class.php (do not show ANY children if there are more than 1000)
	includes/classes/OIDplusMenuUtils.class.php (do not show ANY children if there are more than 1000)

See also frdl/oidplus-plugin-alternate-id-tracking#17 for the Alt-ID plugins.

In addition, it turns out that the backup plugin cannot be used. It was slow all the time, but now it is so slow that it throws a HTTP 500....

Based on an idea by @wehowski : https://startforum.de/content/perma?id=2039

A few basic ideas:

... Multiple RA using one OIDplus codebase and one database

... It simplifies "Hosting" of OIDplus systems

A lot of things need to be considered / decided:

... Plugins: Should Tenancy-Owners be able to install plugins (just for their system)? Then we need to take care that the plugin-loader only loads plugins that are enabled for the Tenancy.

... Should the web visitor see that there are multiple users in one system, i.e. the system has a "IANA PEN" root, which you can extend, and then you see "RA 123", "RA 456", etc. ?
One one hand, this might be nice because it might look like a "Master OIDplus system" eventually, but on the other hand, it has the disadvantage that the Tenancy owner cannot choose their own design that represents their RA. For example, this RA has a pretty nice and unique design: https://oid.r74n.com/
So I rather would say Multi-Tenancy means that the RAs are using one codebase, one database, one server folder, but they have different URLs and Designs. (If we allow multiple per-tenancy-plugins, then it is required to have different URLs, because the plugins might change the menu structure)

The function "Generate random AID" should be improved.

1. It should check the existing AIDs in that node to avoid that two AIDs share the same prefix. (This also means that if you have the nodes 0...F in the node, you cannot generate a random AID under that node)
2. Not only the root node (aid:) should have this functionality.

In the next version of OIDplus, manifest.xml will be deprecated and replaced with a JSON file.

The WIP converting utility is as follows:

<?php

class XmlToJson {

    public static function ConvertManifest($file, $sid, $has_css, $has_js, $has_cssSetup, $has_jsSetup) {
#       echo "$file\n";
        $fileContents= file_get_contents($file);
        $simpleXml = simplexml_load_string($fileContents);

        $data = [
                "\$schema" => "urn:oid:1.3.6.1.4.1.37476.2.5.2.5.$sid.1",
                "manifest" => [
                        "type" => "".$simpleXml->type[0],
                        "info" => [
                                "name" => "".$simpleXml->info[0]->name[0],
                                "author" => "".$simpleXml->info[0]->author[0],
                                "license" => "".$simpleXml->info[0]->license[0],
                                "version" => "".$simpleXml->info[0]->version[0],
                                "descriptionHTML" => trim(str_replace(['\r','\n','\t'], '', "".$simpleXml->info[0]->descriptionHTML[0])),
                                "oid" => "".$simpleXml->info[0]->oid[0],
                        ],
                        "php" => [
                                "mainclass" => "".$simpleXml->php[0]->mainclass[0]
                        ]
                ]
        ];

        if ($has_cssSetup) {
                $data["manifest"]["cssSetup"] = array();
                if (count($simpleXml->cssSetup) > 0)
                foreach ($simpleXml->cssSetup->file as $cssSetup) {
                        $data["manifest"]["cssSetup"][] = "".$cssSetup;
                }
        }

        if ($has_jsSetup) {
                $data["manifest"]["jsSetup"] = array();
                if (count($simpleXml->jsSetup) > 0)
                foreach ($simpleXml->jsSetup->file as $jsSetup) {
                        $data["manifest"]["jsSetup"][] = "".$jsSetup;
                }
        }

        if ($has_css) {
                $data["manifest"]["css"] = array();
                if (count($simpleXml->css) > 0)
                foreach ($simpleXml->css->file as $css) {
                        $data["manifest"]["css"][] = "".$css;
                }
        }

        if ($has_js) {
                $data["manifest"]["js"] = array();
                if (count($simpleXml->js) > 0)
                foreach ($simpleXml->js->file as $js) {
                        $data["manifest"]["js"][] = "".$js;
                }
        }

        if ($sid == 3) {
                $data["manifest"]["language"] = [];
                $data["manifest"]["language"]["code"] = "".$simpleXml->language[0]->code[0];
                $data["manifest"]["language"]["flag"] = "".$simpleXml->language[0]->flag[0];
                $data["manifest"]["language"]["messages"] = "".$simpleXml->language[0]->messages[0];
        }

        $json = json_encode($data, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES);

        $json = preg_replace_callback(
            '/^(?: {4})+/m',
            function($m) {
                return str_repeat("\t", strlen($m[0]) / 4);
            },
            $json
        );

        return $json;
    }

}

$plugin_types = [
        "adminPages" => [2, true, true, false, false],
        "auth" => [8, false, false, false, false],
        "captcha" => [12, true, true, true, true],
        "database" => [6, false, false, true, true],
        "design" => [7, true, false, false, false],
        "language" => [3, false, false, false, false],
        "logger" => [9, false, false, false, false],
        "objectTypes" => [10, true, true, false, false], # due to interface gridGeneratorLinks (INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_6) this plugin type can also have CSS and JS
        "publicPages" => [2, true, true, false, false],
        "raPages" => [2, true, true, false, false],
        "sqlSlang" => [11, false, false, false, false]
];

foreach ($plugin_types as $subfolder => $attrib) {
        $files = glob("plugins/*/$subfolder/*/manifest.xml");
        if (count($files) == 0) echo "Attention: $subfolder nothing found\n";
        foreach ($files as $file) {
#               echo "$file\n";
                $json = XmlToJson::ConvertManifest($file, $attrib[0], $attrib[1], $attrib[2], $attrib[3], $attrib[4]);
                $file = str_replace(".xml", ".json", $file);
                file_put_contents($file, $json);
        }
        // TODO: also generate json schema for the plugin type
}

Example for a JSON manifest:

{
    "$schema": "urn:oid:1.3.6.1.4.1.37476.2.5.2.2.2.1",
    "manifest": {
        "type": "ViaThinkSoft\\OIDplus\\OIDplusPagePluginAdmin",
        "info": {
            "name": "System registration",
            "author": "ViaThinkSoft",
            "license": "Apache 2.0",
            "version": "",
            "descriptionHTML": "",
            "oid": "1.3.6.1.4.1.37476.2.5.2.4.3.120"
        },
        "php": {
            "mainclass": "ViaThinkSoft\\OIDplus\\OIDplusPageAdminRegistration"
        },
        "css": [],
        "js": [
            "OIDplusPageAdminRegistration.js"
        ]
    }
}

I will provide and update to the following files soon:

• classes/OIDplusPlugin.class.php (replace filename .xml)
• classes/OIDplus.class.php (replace filename .xml)
• classes/OIDplusPluginManifest.class.php (change XML reading to JSON reading)

@wehowski Please update your plugins after the new version is released (should be this weekend). For backwards compatibility, you can keep manifest.xml and manifest.json if you wish.

Current Work-In-Progres patch
OIDplus WIP.patch

• list files of an object
• download file of an object
• upload a file of an object (this can be achived by sending a REST request via multpart/form-data, i.e. in curl CLI use -F instead of -d)
• delete a file of an object

Take care about the permissions

https://docs.guzzlephp.org/en/stable/overview.html

Pro:

• We can remove dependency to cURL

Contra

• Requires PHP 7.2.5, but we want to stay compatible with PHP 7.0 for now

The next big change will be a backup plugin.

The initial idea was to have a super-backup which includes userdata, userdata_pub and a whole SQL-dump (for all DBMS!) into a ZIP file, but this task is a bit too complex.

Instead, for now we make a backup solution which only includes objects (incl. asn1id and iri) and RAs.
Config and Log will not be affected. In fact, the backup and restore procedure will be added to the log.
Only saving objects and RA also allows that data is transferred between two systems (e.g. copy all Objects/RA from productive environment to staging environment or vice versa, without touching the config and logs of each system)

Hello Daniel,
after updating to svn-1149 I got
Call to undefined method ViaThinkSoft\OIDplus\OIDplusDatabaseConnectionMySQLi::natOrder()
in my freeweid Plugin.

So I changed

	protected static function freeoid_max_id() {
		$res = OIDplus::db()->query("select id from ###objects where id like ? order by ".OIDplus::db()->natOrder('id'), array(self::getFreeRootOid(true).'.%'));
		$highest_id = 0;
		while ($row = $res->fetch_array()) {
			$arc = substr_count(self::getFreeRootOid(false), '.')+1;
			$highest_id = explode('.',$row['id'])[$arc];
		}
		return $highest_id;
	}

to:

	protected static function freeoid_max_id(): int {
		$res = OIDplus::db()->query("select id from ###objects where id like ?", array(self::getFreeRootOid(true).'.%'));
		$res = new OIDplusNaturalSortedQueryResult($res, 'id');
		$highest_id = 0;
		while ($row = $res->fetch_array()) {
			$arc = substr_count(self::getFreeRootOid(false), '.')+1;
			$highest_id = explode('.',$row['id'])[$arc];
		}
		return (int)$highest_id;
	}

So far so well.

But I am not really sure how to change this method correctly:

	public function raHasFreeWeid($email, $getId = false){
		$res = OIDplus::db()->query("select id from ###objects where ra_email = ? and id like ? order by ".OIDplus::db()->natOrder('id'), array($email, self::getFreeRootOid(true).'.%'));
		while ($row = $res->fetch_array()) {
		   return (true === $getId) ? $row['id'] : true;	
		}
		
	  return false;	
	}

Can you give me a hint how to replace OIDplus::db()->natOrder('id') the right way?

Thank you!!!

• At https://oidplus.com/updates/v3/ , we don't need files <= 2.0.1 . But maybe we can make a symlink of the old v2 files towards the v3 files?

Done. Created a small .htaccess file, so that I could now delete the v2 files (which are identical to the v3 files, just with a different filename).

#
# File created using:
#
# <?php
# echo "RewriteEngine  on\n";
# echo "RewriteBase    /\n";
# for ($i=1; $i<=1425; $i++) {
#     echo "RewriteRule    ^updates/update_".($i-1)."_to_".$i."\\.txt\$ updates/v3/changescript_2.0.0.".$i.".txt [PT]\n";
#     echo "RewriteRule    ^updates/update_".($i-1)."_to_".$i."\\.txt\\.gz\$ updates/v3/changescript_2.0.0.".$i.".txt.gz [PT]\n";
# }
# echo "RewriteRule    ^updates/update_1425_to_1426\\.txt\$ updates/v3/changescript_2.0.1.txt [PT]\n";
# echo "RewriteRule    ^updates/update_1425_to_1426\\.txt\\.gz\$ updates/v3/changescript_2.0.1.txt.gz [PT]\n";
# ?>

• Simplify the long text of the distribution channels. "TL DR ..." Especially, the TAR.GZ method is now collission-proof.

Done. SVN Rev 1430

• For distribution channel "GIT" and "SVN": Do tell the user that they got the latest version, but ALSO offer an "update" button to regularly update. (But you do not see if something is available)

• If there are changes in the local work copy, maybe let the user tick a checkbox so they accept that the changes are reverted by clicking update.

• System file check: Re-add the warning that scan takes a long time on some servers

Done. SVN Rev 1430

• Differences found between
  update_17_to_18.txt (now deleted) and changescript_2.0.0.18.txt

@touch('plugins/objectTypes/ipv6/OIDplusIpv6.class.php',1647902530);
@touch('plugins/objectTypes/ipv6/OIDplusIpv6.class.php',1699813828);

--> the timestamp seems to be the current timestamp. That should not be... Doesn't SVN checkout keep the original time?

SVN does not keep track of commit times: https://stackoverflow.com/questions/2171939/how-can-i-keep-the-original-file-commit-timestamp-on-subversion

What about GIT?? The same. "git clone" and "git checkout" set the current date, not the commit date.
So we should remove that touch feature.

=> Fixed in SVN Rev 1431.

I request webwhois.php from outside via javascript and have the error:
"Dublicate Allow-Access-Origin Header"

If I uncomment originHeaders(); it works.

Maybe I have an own dirty plugin duplicating the header?

Btw/OT.: As in the guzzle issue: There are also PSR standards for HTTP-Response/Header handling and emitting. (#9)

There should be an OpenAPI documentation that is automatically generated from the restApiInfo() methods of the plugins. I don't have the time to study the OpenAPI specification, so maybe someone can help me with this task? Thank you very much!

Goal(s):

• Composer Plugin:
  Install OIDplus Plugins by just $ composer require vendor/example-oidplus-plugin into the correct path.
• Other tasks (e.g. installer-/update scripts...)...?

Example/Test
To get an basic example we take the plugin wich is very small and unfinished yet, already living in (registry.frdl.de):
plugins/frdl/adminPages/io4
To git: https://github.com/frdl/oidplus-io4-bridge-plugin
The only addition to get the thing work for this plugin is to add 2 entries to a composer.json (type and extra.installer-name):

{
    "name": "frdl/oidplus-io4-bridge-plugin",
    "type": "oiplus-plugin-admin-pages",
    "description": "Bridge from OIDplus to Webfat/IO4",
    "keywords": ["oiplus", "io4"],
    "license":  ["MIT"],
    "autoload" : {
        "classmap" : ["OIDplusPagePublicIO4.class.php"]
    },
    "extra" : {
        "installer-name" : "io4"
    }
}

We install it into the test-instance https://test-ra.weid.info/ with a composer.json file as published here: https://test-ra.weid.info/composer-json.php

Result: The git repository of the plugin lives in the root directory of the package but is installed to the correct OIDplus plugin-path by composer: plugins/frdl/adminPages/io4

Long story short:

• https://getcomposer.org/doc/articles/custom-installers.md
• https://github.com/oomphinc/composer-installers-extender

https://registry.frdl.de/?goto=oidplus%3Awhois
The Link/Button "Open in Browser" does not work in IE.

Chrome: OK
FF: OK
IE: Error with Slash / Link Edit: tested with Edge

I got the error in the js console:
Unrecognized Content-Security-Policy directive 'prefetch-src'.
In OIDplus.class.php I commented out:
/* "prefetch-src" => array( "'self'", "blob:" ),*/`
I'm not quite sure about this, first I thought it came from a plugin, but it also appears on the viathink-oidplus!?

• show config settings
• get config setting
• set config setting
• reset to default (delete and let recreate)

But attention: Some settings a secret, e.g. the private key!

On offline systems, or systems with limited connectivity, a request to polyfill.min.js.php leads to a very long response - because the file tries to contact polyfill.io domain and waits until timeout (bc firewall restricts the connectivity).

I would like to have an option either to disable this completely (=returning blank js), or stick to the version shipped with distro.

Currently I'm circumventing this by adding exit(); at the beginning of the file, this makes updates inconvenient as you have to resolve conflicts manually (I'm using git pull).

A few ideas regarding third-party plugins.

• Plugin certification: Receive some kind of code-signing certificate from ViaThinkSoft if the plugin passed various compatibility tests, similar to the Microsoft Hardware Qualification Certificate for drivers.
• Plugin store (app store) for plugins. Maybe let the plugins be installed and uninstalled via GUI from the administrator login area.
• Code signature: Some kind of X.509 certificate that signs all PHP file and resources?
• Trusted vendor: Selected/well-known/certified people from Packagist, GitHub, etc. could be "trusted vendors", i.e. if a plugin comes from their GitHub/Packagist/... repository, then it is automatically trusted, even without code-signature. We assume that "GitHub account is hacked" and "Code signing key is stolen" is equal risk.

Ideas how to do the code-signature? Maybe a checksum TXT file (like we currently have in our system-integrity-plugin) and sign it using PGP or even X.509 with Code Signature EKU?

Which tasks can be done by @wehowski IO4/Bridge plugin? (What does IO4 stand for?)

Hallo Daniel,
...Neuigkeiten sind in Arbeit, noch etwas Geduld...

Wenn OIDplus nicht im Webroot liegt sondern in einem Unterverzeichnis ( so wie z.B. https://weid.info/plus/ ), dann stimmt das $request Argument an die handle404 Methode nicht so ganz!

Hier mal ein Workaround um den Pfad zu korrigieren:

   public function handle404(string $request): bool {
	 	//die($request);
	    $CDN_BASEPATH =	OIDplus::baseConfig()->getValue('FRDLWEB_CDN_RELATIVE_URI', self::DEFAULT_CDN_BASEPATH );
	    $BASE_URI = rtrim(OIDplus::webpath(OIDplus::localpath(),OIDplus::PATH_ABSOLUTE_CANONICAL), '/ ').'/'.trim($CDN_BASEPATH, '/ ').'/';
	   $rel_url_original =substr($_SERVER['REQUEST_URI'], strlen(OIDplus::webpath(null, OIDplus::PATH_RELATIVE_TO_ROOT)));
	   
	   /*
	    if(!str_starts_with($request, $CDN_BASEPATH)){
			print_r([$request, $CDN_BASEPATH, $rel_url_original]);
			die();
			return false;
		}
		*/
        $request = $rel_url_original;

Hello Daniel,
the OAuth Login does not work anymore?
https://registry.frdl.de/?goto=oidplus%3Alogin_webfan

I will investigate this at the weekend...