Sign upLogin

wikimedia/mediawiki-core

View on GitHub
Star
includes/password/LayeredParameterizedPassword.php

Summary

Maintainability
A
2 hrs
Test Coverage
<?php
/**
 * Implements the LayeredParameterizedPassword class for the MediaWiki software.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

declare( strict_types = 1 );

/**
 * This password hash type layers one or more parameterized password types
 * on top of each other.
 *
 * The underlying types must be parameterized. This wrapping type accumulates
 * all the parameters and arguments from each hash and then passes the hash of
 * the last layer as the password for the next layer.
 *
 * @since 1.24
 */
class LayeredParameterizedPassword extends ParameterizedPassword {
    protected function getDelimiter(): string {
        return '!';
    }

    protected function getDefaultParams(): array {
        $params = [];

        foreach ( $this->config['types'] as $type ) {
            $passObj = $this->factory->newFromType( $type );

            if ( !$passObj instanceof ParameterizedPassword ) {
                throw new UnexpectedValueException( 'Underlying type must be a parameterized password.' );
            } elseif ( $passObj->getDelimiter() === $this->getDelimiter() ) {
                throw new UnexpectedValueException(
                    'Underlying type cannot use same delimiter as encapsulating type.'
                );
            }

            $params[] = implode( $passObj->getDelimiter(), $passObj->getDefaultParams() );
        }

        return $params;
    }

    public function crypt( string $password ): void {
        $lastHash = $password;
        foreach ( $this->config['types'] as $i => $type ) {
            // Construct pseudo-hash based on params and arguments
            /** @var ParameterizedPassword $passObj */
            $passObj = $this->factory->newFromType( $type );
            '@phan-var ParameterizedPassword $passObj';

            $params = '';
            $args = '';
            if ( $this->params[$i] !== '' ) {
                $params = $this->params[$i] . $passObj->getDelimiter();
            }
            if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) {
                $args = $this->args[$i] . $passObj->getDelimiter();
            }
            $existingHash = ":$type:" . $params . $args . $this->hash;

            // Hash the last hash with the next type in the layer
            $passObj = $this->factory->newFromCiphertext( $existingHash );
            '@phan-var ParameterizedPassword $passObj';
            $passObj->crypt( $lastHash );

            // Move over the params and args
            $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params );
            $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args );
            $lastHash = $passObj->hash;
        }

        $this->hash = $lastHash;
    }

    /**
     * Finish the hashing of a partially hashed layered hash
     *
     * Given a password hash that is hashed using the first layer of this object's
     * configuration, perform the remaining layers of password hashing in order to
     * get an updated hash with all the layers.
     *
     * @param ParameterizedPassword $passObj Password hash of the first layer
     */
    public function partialCrypt( ParameterizedPassword $passObj ) {
        $type = $passObj->config['type'];
        if ( $type !== $this->config['types'][0] ) {
            throw new InvalidArgumentException( 'Only a hash in the first layer can be finished.' );
        }

        // Gather info from the existing hash
        $this->params[0] = implode( $passObj->getDelimiter(), $passObj->params );
        $this->args[0] = implode( $passObj->getDelimiter(), $passObj->args );
        $lastHash = $passObj->hash;

        // Layer the remaining types
        foreach ( $this->config['types'] as $i => $type ) {
            if ( $i == 0 ) {
                continue;
            }

            // Construct pseudo-hash based on params and arguments
            /** @var ParameterizedPassword $passObj */
            $passObj = $this->factory->newFromType( $type );
            '@phan-var ParameterizedPassword $passObj';

            $params = '';
            $args = '';
            if ( $this->params[$i] !== '' ) {
                $params = $this->params[$i] . $passObj->getDelimiter();
            }
            if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) {
                $args = $this->args[$i] . $passObj->getDelimiter();
            }
            $existingHash = ":$type:" . $params . $args . $this->hash;

            // Hash the last hash with the next type in the layer
            $passObj = $this->factory->newFromCiphertext( $existingHash );
            '@phan-var ParameterizedPassword $passObj';
            $passObj->crypt( $lastHash );

            // Move over the params and args
            $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params );
            $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args );
            $lastHash = $passObj->hash;
        }

        $this->hash = $lastHash;
    }
}