Remove crypto-module and use libraries instead

Remove the crypto-module to reduce amount of dependencies and use hash_hmac with SHA256 instead. refs #3769
2013-07-24 10:10:43 +02:00 · 2013-07-24 10:10:43 +02:00 · 2807982f72
parent 3ff0c0f02a
commit 2807982f72
3 changed files with 12 additions and 67 deletions
--- a/library/Icinga/Authentication/Backend/DbUserBackend.php
+++ b/library/Icinga/Authentication/Backend/DbUserBackend.php
@ -29,7 +29,6 @@

 namespace Icinga\Authentication\Backend;

-use Icinga\Util\Crypto as Crypto;
 use Icinga\Authentication\User as User;
 use Icinga\Authentication\UserBackend;
 use Icinga\Authentication\Credentials;
@ -110,10 +109,10 @@ class DbUserBackend implements UserBackend {
            ->select()->from($this->userTable)
                ->where($this->USER_NAME_COLUMN.' = ?',$credential->getUsername())
                ->where($this->ACTIVE_COLUMN.   ' = ?',true)
-                ->where($this->PASSWORD_COLUMN. ' = ?',Crypto::hashPassword(
-                        $credential->getPassword(),
-                        $this->getUserSalt($credential->getUsername())
-                    ))
+                ->where($this->PASSWORD_COLUMN. ' = ?',hash_hmac("sha256",
+                        $this->getUserSalt($credential->getUsername()),
+                        $credential->getPassword())
+                    )
                ->query()->fetch();
        if(!empty($res)){
            $this->updateLastLogin($credential->getUsername());
--- a/library/Icinga/Util/Crypto.php
+++ b/library/Icinga/Util/Crypto.php
@ -1,57 +0,0 @@
-<?php
-
-// {{{ICINGA_LICENSE_HEADER}}}
-/**
- * This file is part of Icinga 2 Web.
- *
- * Icinga 2 Web - Head for multiple monitoring backends.
- * Copyright (C) 2013 Icinga Development Team
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- * @copyright 2013 Icinga Development Team <info@icinga.org>
- * @license   http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
- * @author    Icinga Development Team <info@icinga.org>
- */
-// {{{ICINGA_LICENSE_HEADER}}}
-
-namespace Icinga\Util;
-
-/**
- * Defines cryptographic algorithms that should be globally used to avoid
- * inconsistency.
- *
- * @package Icinga\Util
- */
-class Crypto {
-
-    /**
-     * Creates the hash for a given password.
-     * @param $password The password that should be hashed.
-     * @param $salt The salt that will be used.
-     * @return string The hashed password.
-     */
-    public static function hashPassword($password,$salt){
-        return crypt($password,$salt);
-    }
-
-    /**
-     * Creates a new randomly generated salt.
-     * @return string the generated salt.
-     */
-    public static function createSalt(){
-        return bin2hex(mcrypt_create_iv(16,MCRYPT_RAND));
-    }
-}
--- a/test/php/library/Icinga/Authentication/DbUserBackendTest.php
+++ b/test/php/library/Icinga/Authentication/DbUserBackendTest.php
@ -15,7 +15,6 @@ require_once("../../library/Icinga/Protocol/Ldap/Exception.php");
 require_once("../../library/Icinga/Application/Config.php");
 require_once("../../library/Icinga/Authentication/Credentials.php");
 require_once("../../library/Icinga/Authentication/Backend/DbUserBackend.php");
-require_once("../../library/Icinga/Util/Crypto.php");
 require_once("../../library/Icinga/Authentication/User.php");

 use Icinga\Authentication\Backend\DbUserBackend;
@ -80,7 +79,10 @@ class DbUserBackendTest  extends \PHPUnit_Framework_TestCase {
            )
        );

-        // TODO: Fetch config folder from somewhere instead of defining it statically.
+        /*
+         *  TODO: Fetch config folder from somewhere instead of defining it statically, or this test
+         *  will break when the path changes
+         */
        Config::$configDir = "/vagrant/config";
        $config = Config::app('authentication')->users;
        $config->table = $this->testTable;
@ -126,9 +128,10 @@ class DbUserBackendTest  extends \PHPUnit_Framework_TestCase {
            $usr = $this->users[$i];
            $data = Array(
                $this->USER_NAME_COLUMN => $usr[$this->USER_NAME_COLUMN],
-                $this->PASSWORD_COLUMN  => Crypto::hashPassword(
-                    $usr[$this->PASSWORD_COLUMN],
-                    $usr[$this->SALT_COLUMN]),
+                $this->PASSWORD_COLUMN  => hash_hmac("sha256",
+                    $usr[$this->SALT_COLUMN],
+                    $usr[$this->PASSWORD_COLUMN]
+                    ),
                $this->ACTIVE_COLUMN    => $usr[$this->ACTIVE_COLUMN],
                $this->SALT_COLUMN      => $usr[$this->SALT_COLUMN]
            );