Loading...
Helix SwarmHelix Swarm
Loading...

Apache.php

  • //
  • guest/
  • thomas_gray/
  • jambox/
  • main/
  • swarm/
  • library/
  • Zend/
  • Crypt/
  • Password/
  • Apache.php #1
  • View
  • Commits
  • Open Download .zip Download (8 KB) 
  1. <?php
  2. /**
  3.  * Zend Framework (http://framework.zend.com/)
  4.  *
  5.  * @link      http://github.com/zendframework/zf2 for the canonical source repository
  6.  * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
  7.  * @license   http://framework.zend.com/license/new-bsd New BSD License
  8.  */
  9.  
  10. namespace Zend\Crypt\Password;
  11.  
  12. use Traversable;
  13. use Zend\Math\Rand;
  14.  
  15. /**
  16.  * Apache password authentication
  17.  *
  18.  * @see http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
  19.  */
  20. class Apache implements PasswordInterface
  21. {
  22.     CONST BASE64  = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
  23.     CONST ALPHA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  24.  
  25.     /**
  26.      * @var array
  27.      */
  28.     protected $supportedFormat = array(
  29.         'crypt',
  30.         'sha1',
  31.         'md5',
  32.         'digest',
  33.     );
  34.  
  35.     /**
  36.      * @var string
  37.      */
  38.     protected $format;
  39.  
  40.     /**
  41.      * @var string AuthName (realm) for digest authentication
  42.      */
  43.     protected $authName;
  44.  
  45.     /**
  46.      * @var string UserName
  47.      */
  48.     protected $userName;
  49.  
  50.     /**
  51.      * Constructor
  52.      *
  53.      * @param  array|Traversable $options
  54.      * @throws Exception\InvalidArgumentException
  55.      */
  56.     public function __construct($options = array())
  57.     {
  58.         if (empty($options)) {
  59.             return;
  60.         }
  61.         if (!is_array($options) && !$options instanceof Traversable) {
  62.             throw new Exception\InvalidArgumentException(
  63.                 'The options parameter must be an array or a Traversable'
  64.             );
  65.         }
  66.         foreach ($options as $key => $value) {
  67.             switch (strtolower($key)) {
  68.                 case 'format':
  69.                     $this->setFormat($value);
  70.                     break;
  71.                 case 'authname':
  72.                     $this->setAuthName($value);
  73.                     break;
  74.                 case 'username':
  75.                     $this->setUserName($value);
  76.                     break;
  77.             }
  78.         }
  79.     }
  80.  
  81.     /**
  82.      * Generate the hash of a password
  83.      *
  84.      * @param  string $password
  85.      * @throws Exception\RuntimeException
  86.      * @return string
  87.      */
  88.     public function create($password)
  89.     {
  90.         if (empty($this->format)) {
  91.             throw new Exception\RuntimeException(
  92.                 'You must specify a password format'
  93.             );
  94.         }
  95.         switch ($this->format) {
  96.             case 'crypt' :
  97.                 $hash = crypt($password, Rand::getString(2, self::ALPHA64));
  98.                 break;
  99.             case 'sha1' :
  100.                 $hash = '{SHA}' . base64_encode(sha1($password, true));
  101.                 break;
  102.             case 'md5' :
  103.                 $hash = $this->apr1Md5($password);
  104.                 break;
  105.             case 'digest':
  106.                 if (empty($this->userName) || empty($this->authName)) {
  107.                     throw new Exception\RuntimeException(
  108.                         'You must specify UserName and AuthName (realm) to generate the digest'
  109.                     );
  110.                 }
  111.                 $hash = md5($this->userName . ':' . $this->authName . ':' .$password);
  112.                 break;
  113.         }
  114.  
  115.         return $hash;
  116.     }
  117.  
  118.     /**
  119.      * Verify if a password is correct against an hash value
  120.      *
  121.      * @param  string  $password
  122.      * @param  string  $hash
  123.      * @return bool
  124.      */
  125.     public function verify($password, $hash)
  126.     {
  127.         if (substr($hash, 0, 5) === '{SHA}') {
  128.             $hash2 = '{SHA}' . base64_encode(sha1($password, true));
  129.             return ($hash === $hash2);
  130.         }
  131.         if (substr($hash, 0, 6) === '$apr1$') {
  132.             $token = explode('$', $hash);
  133.             if (empty($token[2])) {
  134.                 throw new Exception\InvalidArgumentException(
  135.                     'The APR1 password format is not valid'
  136.                 );
  137.             }
  138.             $hash2 = $this->apr1Md5($password, $token[2]);
  139.             return ($hash === $hash2);
  140.         }
  141.         if (strlen($hash) > 13) { // digest
  142.             if (empty($this->userName) || empty($this->authName)) {
  143.                 throw new Exception\RuntimeException(
  144.                     'You must specify UserName and AuthName (realm) to verify the digest'
  145.                 );
  146.             }
  147.             $hash2 = md5($this->userName . ':' . $this->authName . ':' .$password);
  148.             return ($hash === $hash2);
  149.         }
  150.         return (crypt($password, $hash) === $hash);
  151.     }
  152.  
  153.     /**
  154.      * Set the format of the password
  155.      *
  156.      * @param  string $format
  157.      * @throws Exception\InvalidArgumentException
  158.      * @return Apache
  159.      */
  160.     public function setFormat($format)
  161.     {
  162.         $format = strtolower($format);
  163.         if (!in_array($format, $this->supportedFormat)) {
  164.             throw new Exception\InvalidArgumentException(sprintf(
  165.                 'The format %s specified is not valid. The supported formats are: %s',
  166.                 $format, implode(',', $this->supportedFormat)
  167.             ));
  168.         }
  169.        $this->format = $format;
  170.  
  171.        return $this;
  172.     }
  173.  
  174.     /**
  175.      * Get the format of the password
  176.      *
  177.      * @return string
  178.      */
  179.     public function getFormat()
  180.     {
  181.         return $this->format;
  182.     }
  183.  
  184.     /**
  185.      * Set the AuthName (for digest authentication)
  186.      *
  187.      * @param  string $name
  188.      * @return Apache
  189.      */
  190.     public function setAuthName($name)
  191.     {
  192.         $this->authName = $name;
  193.  
  194.         return $this;
  195.     }
  196.  
  197.     /**
  198.      * Get the AuthName (for digest authentication)
  199.      *
  200.      * @return string
  201.      */
  202.     public function getAuthName()
  203.     {
  204.         return $this->authName;
  205.     }
  206.  
  207.     /**
  208.      * Set the username
  209.      *
  210.      * @param  string $name
  211.      * @return Apache
  212.      */
  213.     public function setUserName($name)
  214.     {
  215.         $this->userName = $name;
  216.  
  217.         return $this;
  218.     }
  219.  
  220.     /**
  221.      * Get the username
  222.      *
  223.      * @return string
  224.      */
  225.     public function getUserName()
  226.     {
  227.         return $this->userName;
  228.     }
  229.  
  230.     /**
  231.      * Convert a binary string using the alphabet "./0-9A-Za-z"
  232.      *
  233.      * @param  string $value
  234.      * @return string
  235.      */
  236.     protected function toAlphabet64($value)
  237.     {
  238.         return strtr(strrev(substr(base64_encode($value), 2)), self::BASE64, self::ALPHA64);
  239.     }
  240.  
  241.     /**
  242.      * APR1 MD5 algorithm
  243.      *
  244.      * @param  string      $password
  245.      * @param  null|string $salt
  246.      * @return string
  247.      */
  248.     protected function apr1Md5($password, $salt = null)
  249.     {
  250.         if (null === $salt) {
  251.             $salt = Rand::getString(8, self::ALPHA64);
  252.         } else {
  253.             if (strlen($salt) !== 8) {
  254.                 throw new Exception\InvalidArgumentException(
  255.                     'The salt value for APR1 algorithm must be 8 characters long'
  256.                 );
  257.             }
  258.             for ($i = 0; $i < 8; $i++) {
  259.                 if (strpos(self::ALPHA64, $salt[$i]) === false) {
  260.                     throw new Exception\InvalidArgumentException(
  261.                         'The salt value must be a string in the alphabet "./0-9A-Za-z"'
  262.                     );
  263.                 }
  264.             }
  265.         }
  266.         $len  = strlen($password);
  267.         $text = $password . '$apr1$' . $salt;
  268.         $bin  = pack("H32", md5($password . $salt . $password));
  269.         for ($i = $len; $i > 0; $i -= 16) {
  270.             $text .= substr($bin, 0, min(16, $i));
  271.         }
  272.         for ($i = $len; $i > 0; $i >>= 1) {
  273.             $text .= ($i & 1) ? chr(0) : $password[0];
  274.         }
  275.         $bin = pack("H32", md5($text));
  276.         for ($i = 0; $i < 1000; $i++) {
  277.             $new = ($i & 1) ? $password : $bin;
  278.             if ($i % 3) {
  279.                 $new .= $salt;
  280.             }
  281.             if ($i % 7) {
  282.                 $new .= $password;
  283.             }
  284.             $new .= ($i & 1) ? $bin : $password;
  285.             $bin = pack("H32", md5($new));
  286.         }
  287.         $tmp = '';
  288.         for ($i = 0; $i < 5; $i++) {
  289.             $k = $i + 6;
  290.             $j = $i + 12;
  291.             if ($j == 16) $j = 5;
  292.             $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
  293.         }
  294.         $tmp = chr(0) . chr(0) . $bin[11] . $tmp;
  295.  
  296.         return '$apr1$' . $salt . '$' . $this->toAlphabet64($tmp);
  297.     }
  298. }
# Change User Description Committed
#1 18334 Liz Lam initial add of jambox 9 years ago