/**
* Set the cookie in the response.
*
* Also sets the request->params['_csrfToken'] so the newly minted
* token is available in the request data.
*
* @param \Cake\Network\Request $request The request object.
* @param \Cake\Network\Response $response The response object.
* @return void
*/
protected function _setCookie(Request $request, Response $response)
{
$expiry = new Time($this->_config['expiry']);
$value = hash('sha512', Security::randomBytes(16), false);
$request->params['_csrfToken'] = $value;
$response->cookie(['name' => $this->_config['cookieName'], 'value' => $value, 'expire' => $expiry->format('U'), 'path' => $request->webroot, 'secure' => $this->_config['secure'], 'httpOnly' => $this->_config['httpOnly']]);
}
/**
* Get the boundary marker
*
* @return string
*/
public function boundary()
{
if ($this->_boundary) {
return $this->_boundary;
}
$this->_boundary = md5(Security::randomBytes(16));
return $this->_boundary;
}
/**
* Set the security.salt value in the application's config file.
*
* @param string $dir The application's root directory.
* @param \Composer\IO\IOInterface $io IO interface to write to console.
* @return void
*/
public static function setSecuritySalt($dir, $io)
{
$config = $dir . '/config/app.php';
$content = file_get_contents($config);
$newKey = hash('sha256', Security::randomBytes(64));
$content = str_replace('__SALT__', $newKey, $content, $count);
if ($count == 0) {
$io->write('No Security.salt placeholder to replace.');
return;
}
$result = file_put_contents($config, $content);
if ($result) {
$io->write('Updated Security.salt value in config/app.php');
return;
}
$io->write('Unable to update Security.salt value.');
}
/**
* Use RSA-SHA1 signing.
*
* This method is suitable for plain HTTP or HTTPS.
*
* @param \Cake\Http\Client\Request $request The request object.
* @param array $credentials Authentication credentials.
* @return string
*
* @throws \RuntimeException
*/
protected function _rsaSha1($request, $credentials)
{
if (!function_exists('openssl_pkey_get_private')) {
throw new RuntimeException('RSA-SHA1 signature method requires the OpenSSL extension.');
}
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : bin2hex(Security::randomBytes(16));
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
$values = ['oauth_version' => '1.0', 'oauth_nonce' => $nonce, 'oauth_timestamp' => $timestamp, 'oauth_signature_method' => 'RSA-SHA1', 'oauth_consumer_key' => $credentials['consumerKey']];
if (isset($credentials['consumerSecret'])) {
$values['oauth_consumer_secret'] = $credentials['consumerSecret'];
}
if (isset($credentials['token'])) {
$values['oauth_token'] = $credentials['token'];
}
if (isset($credentials['tokenSecret'])) {
$values['oauth_token_secret'] = $credentials['tokenSecret'];
}
$baseString = $this->baseString($request, $values);
if (isset($credentials['realm'])) {
$values['oauth_realm'] = $credentials['realm'];
}
if (is_resource($credentials['privateKey'])) {
$resource = $credentials['privateKey'];
$privateKey = stream_get_contents($resource);
rewind($resource);
$credentials['privateKey'] = $privateKey;
}
$credentials += ['privateKeyPassphrase' => null];
if (is_resource($credentials['privateKeyPassphrase'])) {
$resource = $credentials['privateKeyPassphrase'];
$passphrase = stream_get_line($resource, 0, PHP_EOL);
rewind($resource);
$credentials['privateKeyPassphrase'] = $passphrase;
}
$privateKey = openssl_pkey_get_private($credentials['privateKey'], $credentials['privateKeyPassphrase']);
$signature = '';
openssl_sign($baseString, $signature, $privateKey);
openssl_free_key($privateKey);
$values['oauth_signature'] = base64_encode($signature);
return $this->_buildAuth($values);
}
/**
* Create unique boundary identifier
*
* @return void
*/
protected function _createBoundary()
{
if (!empty($this->_attachments) || $this->_emailFormat === 'both') {
$this->_boundary = md5(Security::randomBytes(16));
}
}
/**
* Test the randomBytes method.
*
* @return void
*/
public function testRandomBytes()
{
$value = Security::randomBytes(16);
$this->assertSame(16, strlen($value));
$value = Security::randomBytes(64);
$this->assertSame(64, strlen($value));
$this->assertRegExp('/[^0-9a-f]/', $value, 'should return a binary string');
}
public function generateVerificationContent()
{
$this->verification_content = hash('sha512', Security::randomBytes(16), false);
}
/**
* Set the security.salt value in the application's config file.
*
* @param string $dir The application's root directory.
* @param \Composer\IO\IOInterface $io IO interface to write to console.
* @return void
*/
public static function setSecuritySalt($dir, $io)
{
$newKey = hash('sha256', Security::randomBytes(64));
static::setSecuritySaltInFile($dir, $io, $newKey, 'app.php');
static::setSecuritySaltInFile($dir, $io, $newKey, '.env.default');
}
