Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
88.24% |
45 / 51 |
|
50.00% |
2 / 4 |
CRAP | |
0.00% |
0 / 1 |
LayeredParameterizedPassword | |
88.24% |
45 / 51 |
|
50.00% |
2 / 4 |
17.47 | |
0.00% |
0 / 1 |
getDelimiter | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getDefaultParams | |
63.64% |
7 / 11 |
|
0.00% |
0 / 1 |
4.77 | |||
crypt | |
100.00% |
16 / 16 |
|
100.00% |
1 / 1 |
5 | |||
partialCrypt | |
91.30% |
21 / 23 |
|
0.00% |
0 / 1 |
7.03 |
1 | <?php |
2 | /** |
3 | * Implements the LayeredParameterizedPassword class for the MediaWiki software. |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | */ |
22 | |
23 | declare( strict_types = 1 ); |
24 | |
25 | /** |
26 | * This password hash type layers one or more parameterized password types |
27 | * on top of each other. |
28 | * |
29 | * The underlying types must be parameterized. This wrapping type accumulates |
30 | * all the parameters and arguments from each hash and then passes the hash of |
31 | * the last layer as the password for the next layer. |
32 | * |
33 | * @since 1.24 |
34 | */ |
35 | class LayeredParameterizedPassword extends ParameterizedPassword { |
36 | protected function getDelimiter(): string { |
37 | return '!'; |
38 | } |
39 | |
40 | protected function getDefaultParams(): array { |
41 | $params = []; |
42 | |
43 | foreach ( $this->config['types'] as $type ) { |
44 | $passObj = $this->factory->newFromType( $type ); |
45 | |
46 | if ( !$passObj instanceof ParameterizedPassword ) { |
47 | throw new UnexpectedValueException( 'Underlying type must be a parameterized password.' ); |
48 | } elseif ( $passObj->getDelimiter() === $this->getDelimiter() ) { |
49 | throw new UnexpectedValueException( |
50 | 'Underlying type cannot use same delimiter as encapsulating type.' |
51 | ); |
52 | } |
53 | |
54 | $params[] = implode( $passObj->getDelimiter(), $passObj->getDefaultParams() ); |
55 | } |
56 | |
57 | return $params; |
58 | } |
59 | |
60 | public function crypt( string $password ): void { |
61 | $lastHash = $password; |
62 | foreach ( $this->config['types'] as $i => $type ) { |
63 | // Construct pseudo-hash based on params and arguments |
64 | /** @var ParameterizedPassword $passObj */ |
65 | $passObj = $this->factory->newFromType( $type ); |
66 | '@phan-var ParameterizedPassword $passObj'; |
67 | |
68 | $params = ''; |
69 | $args = ''; |
70 | if ( $this->params[$i] !== '' ) { |
71 | $params = $this->params[$i] . $passObj->getDelimiter(); |
72 | } |
73 | if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) { |
74 | $args = $this->args[$i] . $passObj->getDelimiter(); |
75 | } |
76 | $existingHash = ":$type:" . $params . $args . $this->hash; |
77 | |
78 | // Hash the last hash with the next type in the layer |
79 | $passObj = $this->factory->newFromCiphertext( $existingHash ); |
80 | '@phan-var ParameterizedPassword $passObj'; |
81 | $passObj->crypt( $lastHash ); |
82 | |
83 | // Move over the params and args |
84 | $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params ); |
85 | $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args ); |
86 | $lastHash = $passObj->hash; |
87 | } |
88 | |
89 | $this->hash = $lastHash; |
90 | } |
91 | |
92 | /** |
93 | * Finish the hashing of a partially hashed layered hash |
94 | * |
95 | * Given a password hash that is hashed using the first layer of this object's |
96 | * configuration, perform the remaining layers of password hashing in order to |
97 | * get an updated hash with all the layers. |
98 | * |
99 | * @param ParameterizedPassword $passObj Password hash of the first layer |
100 | */ |
101 | public function partialCrypt( ParameterizedPassword $passObj ) { |
102 | $type = $passObj->config['type']; |
103 | if ( $type !== $this->config['types'][0] ) { |
104 | throw new InvalidArgumentException( 'Only a hash in the first layer can be finished.' ); |
105 | } |
106 | |
107 | // Gather info from the existing hash |
108 | $this->params[0] = implode( $passObj->getDelimiter(), $passObj->params ); |
109 | $this->args[0] = implode( $passObj->getDelimiter(), $passObj->args ); |
110 | $lastHash = $passObj->hash; |
111 | |
112 | // Layer the remaining types |
113 | foreach ( $this->config['types'] as $i => $type ) { |
114 | if ( $i == 0 ) { |
115 | continue; |
116 | } |
117 | |
118 | // Construct pseudo-hash based on params and arguments |
119 | /** @var ParameterizedPassword $passObj */ |
120 | $passObj = $this->factory->newFromType( $type ); |
121 | '@phan-var ParameterizedPassword $passObj'; |
122 | |
123 | $params = ''; |
124 | $args = ''; |
125 | if ( $this->params[$i] !== '' ) { |
126 | $params = $this->params[$i] . $passObj->getDelimiter(); |
127 | } |
128 | if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) { |
129 | $args = $this->args[$i] . $passObj->getDelimiter(); |
130 | } |
131 | $existingHash = ":$type:" . $params . $args . $this->hash; |
132 | |
133 | // Hash the last hash with the next type in the layer |
134 | $passObj = $this->factory->newFromCiphertext( $existingHash ); |
135 | '@phan-var ParameterizedPassword $passObj'; |
136 | $passObj->crypt( $lastHash ); |
137 | |
138 | // Move over the params and args |
139 | $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params ); |
140 | $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args ); |
141 | $lastHash = $passObj->hash; |
142 | } |
143 | |
144 | $this->hash = $lastHash; |
145 | } |
146 | } |