search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "buttons: Update focus for quiet buttons"
[mediawiki.git] / includes / password / LayeredParameterizedPassword.php
blob5735e28213024a39835bf22fb041e437f4c18cec
1 <?php
2 /**
3 * Implements the LayeredParameterizedPassword class for the MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * This password hash type layers one or more parameterized password types
25 * on top of each other.
26 *
27 * The underlying types must be parameterized. This wrapping type accumulates
28 * all the parameters and arguments from each hash and then passes the hash of
29 * the last layer as the password for the next layer.
30 *
31 * @since 1.24
32 */
33 class LayeredParameterizedPassword extends ParameterizedPassword {
34 protected function getDelimiter() {
35 return '!';
36 }
37
38 protected function getDefaultParams() {
39 $params = array();
40
41 foreach ( $this->config['types'] as $type ) {
42 $passObj = $this->factory->newFromType( $type );
43
44 if ( !$passObj instanceof ParameterizedPassword ) {
45 throw new MWException( 'Underlying type must be a parameterized password.' );
46 } elseif ( $passObj->getDelimiter() === $this->getDelimiter() ) {
47 throw new MWException( 'Underlying type cannot use same delimiter as encapsulating type.' );
48 }
49
50 $params[] = implode( $passObj->getDelimiter(), $passObj->getDefaultParams() );
51 }
52
53 return $params;
54 }
55
56 public function crypt( $password ) {
57 $lastHash = $password;
58 foreach ( $this->config['types'] as $i => $type ) {
59 // Construct pseudo-hash based on params and arguments
60 /** @var ParameterizedPassword $passObj */
61 $passObj = $this->factory->newFromType( $type );
62
63 $params = '';
64 $args = '';
65 if ( $this->params[$i] !== '' ) {
66 $params = $this->params[$i] . $passObj->getDelimiter();
67 }
68 if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) {
69 $args = $this->args[$i] . $passObj->getDelimiter();
70 }
71 $existingHash = ":$type:" . $params . $args . $this->hash;
72
73 // Hash the last hash with the next type in the layer
74 $passObj = $this->factory->newFromCiphertext( $existingHash );
75 $passObj->crypt( $lastHash );
76
77 // Move over the params and args
78 $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params );
79 $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args );
80 $lastHash = $passObj->hash;
81 }
82
83 $this->hash = $lastHash;
84 }
85
86 /**
87 * Finish the hashing of a partially hashed layered hash
88 *
89 * Given a password hash that is hashed using the first layer of this object's
90 * configuration, perform the remaining layers of password hashing in order to
91 * get an updated hash with all the layers.
92 *
93 * @param ParameterizedPassword $passObj Password hash of the first layer
94 *
95 * @throws MWException If the first parameter is not of the correct type
96 */
97 public function partialCrypt( ParameterizedPassword $passObj ) {
98 $type = $passObj->config['type'];
99 if ( $type !== $this->config['types'][0] ) {
100 throw new MWException( 'Only a hash in the first layer can be finished.' );
101 }
102
103 // Gather info from the existing hash
104 $this->params[0] = implode( $passObj->getDelimiter(), $passObj->params );
105 $this->args[0] = implode( $passObj->getDelimiter(), $passObj->args );
106 $lastHash = $passObj->hash;
107
108 // Layer the remaining types
109 foreach ( $this->config['types'] as $i => $type ) {
110 if ( $i == 0 ) {
111 continue;
112 };
113
114 // Construct pseudo-hash based on params and arguments
115 /** @var ParameterizedPassword $passObj */
116 $passObj = $this->factory->newFromType( $type );
117
118 $params = '';
119 $args = '';
120 if ( $this->params[$i] !== '' ) {
121 $params = $this->params[$i] . $passObj->getDelimiter();
122 }
123 if ( isset( $this->args[$i] ) && $this->args[$i] !== '' ) {
124 $args = $this->args[$i] . $passObj->getDelimiter();
125 }
126 $existingHash = ":$type:" . $params . $args . $this->hash;
127
128 // Hash the last hash with the next type in the layer
129 $passObj = $this->factory->newFromCiphertext( $existingHash );
130 $passObj->crypt( $lastHash );
131
132 // Move over the params and args
133 $this->params[$i] = implode( $passObj->getDelimiter(), $passObj->params );
134 $this->args[$i] = implode( $passObj->getDelimiter(), $passObj->args );
135 $lastHash = $passObj->hash;
136 }
137
138 $this->hash = $lastHash;
139 }
140 }
MediaWiki Core