From 2807982f7208311b5bce2d063eea622517973247 Mon Sep 17 00:00:00 2001
From: Matthias Jentsch <matthias.jentsch@netways.de>
Date: Wed, 24 Jul 2013 10:10:43 +0200
Subject: [PATCH] Remove crypto-module and use libraries instead

Remove the crypto-module to reduce amount of dependencies and use hash_hmac
with SHA256 instead.

refs #3769
---
 .../Authentication/Backend/DbUserBackend.php  |  9 ++-
 library/Icinga/Util/Crypto.php                | 57 -------------------
 .../Authentication/DbUserBackendTest.php      | 13 +++--
 3 files changed, 12 insertions(+), 67 deletions(-)
 delete mode 100644 library/Icinga/Util/Crypto.php

diff --git a/library/Icinga/Authentication/Backend/DbUserBackend.php b/library/Icinga/Authentication/Backend/DbUserBackend.php
index 10e908d21..555000961 100644
--- a/library/Icinga/Authentication/Backend/DbUserBackend.php
+++ b/library/Icinga/Authentication/Backend/DbUserBackend.php
@@ -29,7 +29,6 @@
 
 namespace Icinga\Authentication\Backend;
 
-use Icinga\Util\Crypto as Crypto;
 use Icinga\Authentication\User as User;
 use Icinga\Authentication\UserBackend;
 use Icinga\Authentication\Credentials;
@@ -110,10 +109,10 @@ class DbUserBackend implements UserBackend {
             ->select()->from($this->userTable)
                 ->where($this->USER_NAME_COLUMN.' = ?',$credential->getUsername())
                 ->where($this->ACTIVE_COLUMN.   ' = ?',true)
-                ->where($this->PASSWORD_COLUMN. ' = ?',Crypto::hashPassword(
-                        $credential->getPassword(),
-                        $this->getUserSalt($credential->getUsername())
-                    ))
+                ->where($this->PASSWORD_COLUMN. ' = ?',hash_hmac("sha256",
+                        $this->getUserSalt($credential->getUsername()),
+                        $credential->getPassword())
+                    )
                 ->query()->fetch();
         if(!empty($res)){
             $this->updateLastLogin($credential->getUsername());
diff --git a/library/Icinga/Util/Crypto.php b/library/Icinga/Util/Crypto.php
deleted file mode 100644
index 51b3d03a4..000000000
--- a/library/Icinga/Util/Crypto.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-// {{{ICINGA_LICENSE_HEADER}}}
-/**
- * This file is part of Icinga 2 Web.
- *
- * Icinga 2 Web - Head for multiple monitoring backends.
- * Copyright (C) 2013 Icinga Development Team
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- * @copyright 2013 Icinga Development Team <info@icinga.org>
- * @license   http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
- * @author    Icinga Development Team <info@icinga.org>
- */
-// {{{ICINGA_LICENSE_HEADER}}}
-
-namespace Icinga\Util;
-
-/**
- * Defines cryptographic algorithms that should be globally used to avoid
- * inconsistency.
- *
- * @package Icinga\Util
- */
-class Crypto {
-
-    /**
-     * Creates the hash for a given password.
-     * @param $password The password that should be hashed.
-     * @param $salt The salt that will be used.
-     * @return string The hashed password.
-     */
-    public static function hashPassword($password,$salt){
-        return crypt($password,$salt);
-    }
-
-    /**
-     * Creates a new randomly generated salt.
-     * @return string the generated salt.
-     */
-    public static function createSalt(){
-        return bin2hex(mcrypt_create_iv(16,MCRYPT_RAND));
-    }
-}
\ No newline at end of file
diff --git a/test/php/library/Icinga/Authentication/DbUserBackendTest.php b/test/php/library/Icinga/Authentication/DbUserBackendTest.php
index 75f89dfb4..7c39aa762 100644
--- a/test/php/library/Icinga/Authentication/DbUserBackendTest.php
+++ b/test/php/library/Icinga/Authentication/DbUserBackendTest.php
@@ -15,7 +15,6 @@ require_once("../../library/Icinga/Protocol/Ldap/Exception.php");
 require_once("../../library/Icinga/Application/Config.php");
 require_once("../../library/Icinga/Authentication/Credentials.php");
 require_once("../../library/Icinga/Authentication/Backend/DbUserBackend.php");
-require_once("../../library/Icinga/Util/Crypto.php");
 require_once("../../library/Icinga/Authentication/User.php");
 
 use Icinga\Authentication\Backend\DbUserBackend;
@@ -80,7 +79,10 @@ class DbUserBackendTest  extends \PHPUnit_Framework_TestCase {
             )
         );
 
-        // TODO: Fetch config folder from somewhere instead of defining it statically.
+        /*
+         *  TODO: Fetch config folder from somewhere instead of defining it statically, or this test
+         *  will break when the path changes
+         */
         Config::$configDir = "/vagrant/config";
         $config = Config::app('authentication')->users;
         $config->table = $this->testTable;
@@ -126,9 +128,10 @@ class DbUserBackendTest  extends \PHPUnit_Framework_TestCase {
             $usr = $this->users[$i];
             $data = Array(
                 $this->USER_NAME_COLUMN => $usr[$this->USER_NAME_COLUMN],
-                $this->PASSWORD_COLUMN  => Crypto::hashPassword(
-                    $usr[$this->PASSWORD_COLUMN],
-                    $usr[$this->SALT_COLUMN]),
+                $this->PASSWORD_COLUMN  => hash_hmac("sha256",
+                    $usr[$this->SALT_COLUMN],
+                    $usr[$this->PASSWORD_COLUMN]
+                    ),
                 $this->ACTIVE_COLUMN    => $usr[$this->ACTIVE_COLUMN],
                 $this->SALT_COLUMN      => $usr[$this->SALT_COLUMN]
             );