/** * Set the cookie in the response. * * Also sets the request->params['_csrfToken'] so the newly minted * token is available in the request data. * * @param \Cake\Network\Request $request The request object. * @param \Cake\Network\Response $response The response object. * @return void */ protected function _setCookie(Request $request, Response $response) { $expiry = new Time($this->_config['expiry']); $value = hash('sha512', Security::randomBytes(16), false); $request->params['_csrfToken'] = $value; $response->cookie(['name' => $this->_config['cookieName'], 'value' => $value, 'expire' => $expiry->format('U'), 'path' => $request->webroot, 'secure' => $this->_config['secure'], 'httpOnly' => $this->_config['httpOnly']]); }
/** * Get the boundary marker * * @return string */ public function boundary() { if ($this->_boundary) { return $this->_boundary; } $this->_boundary = md5(Security::randomBytes(16)); return $this->_boundary; }
/** * Set the security.salt value in the application's config file. * * @param string $dir The application's root directory. * @param \Composer\IO\IOInterface $io IO interface to write to console. * @return void */ public static function setSecuritySalt($dir, $io) { $config = $dir . '/config/app.php'; $content = file_get_contents($config); $newKey = hash('sha256', Security::randomBytes(64)); $content = str_replace('__SALT__', $newKey, $content, $count); if ($count == 0) { $io->write('No Security.salt placeholder to replace.'); return; } $result = file_put_contents($config, $content); if ($result) { $io->write('Updated Security.salt value in config/app.php'); return; } $io->write('Unable to update Security.salt value.'); }
/** * Use RSA-SHA1 signing. * * This method is suitable for plain HTTP or HTTPS. * * @param \Cake\Http\Client\Request $request The request object. * @param array $credentials Authentication credentials. * @return string * * @throws \RuntimeException */ protected function _rsaSha1($request, $credentials) { if (!function_exists('openssl_pkey_get_private')) { throw new RuntimeException('RSA-SHA1 signature method requires the OpenSSL extension.'); } $nonce = isset($credentials['nonce']) ? $credentials['nonce'] : bin2hex(Security::randomBytes(16)); $timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time(); $values = ['oauth_version' => '1.0', 'oauth_nonce' => $nonce, 'oauth_timestamp' => $timestamp, 'oauth_signature_method' => 'RSA-SHA1', 'oauth_consumer_key' => $credentials['consumerKey']]; if (isset($credentials['consumerSecret'])) { $values['oauth_consumer_secret'] = $credentials['consumerSecret']; } if (isset($credentials['token'])) { $values['oauth_token'] = $credentials['token']; } if (isset($credentials['tokenSecret'])) { $values['oauth_token_secret'] = $credentials['tokenSecret']; } $baseString = $this->baseString($request, $values); if (isset($credentials['realm'])) { $values['oauth_realm'] = $credentials['realm']; } if (is_resource($credentials['privateKey'])) { $resource = $credentials['privateKey']; $privateKey = stream_get_contents($resource); rewind($resource); $credentials['privateKey'] = $privateKey; } $credentials += ['privateKeyPassphrase' => null]; if (is_resource($credentials['privateKeyPassphrase'])) { $resource = $credentials['privateKeyPassphrase']; $passphrase = stream_get_line($resource, 0, PHP_EOL); rewind($resource); $credentials['privateKeyPassphrase'] = $passphrase; } $privateKey = openssl_pkey_get_private($credentials['privateKey'], $credentials['privateKeyPassphrase']); $signature = ''; openssl_sign($baseString, $signature, $privateKey); openssl_free_key($privateKey); $values['oauth_signature'] = base64_encode($signature); return $this->_buildAuth($values); }
/** * Create unique boundary identifier * * @return void */ protected function _createBoundary() { if (!empty($this->_attachments) || $this->_emailFormat === 'both') { $this->_boundary = md5(Security::randomBytes(16)); } }
/** * Test the randomBytes method. * * @return void */ public function testRandomBytes() { $value = Security::randomBytes(16); $this->assertSame(16, strlen($value)); $value = Security::randomBytes(64); $this->assertSame(64, strlen($value)); $this->assertRegExp('/[^0-9a-f]/', $value, 'should return a binary string'); }
public function generateVerificationContent() { $this->verification_content = hash('sha512', Security::randomBytes(16), false); }
/** * Set the security.salt value in the application's config file. * * @param string $dir The application's root directory. * @param \Composer\IO\IOInterface $io IO interface to write to console. * @return void */ public static function setSecuritySalt($dir, $io) { $newKey = hash('sha256', Security::randomBytes(64)); static::setSecuritySaltInFile($dir, $io, $newKey, 'app.php'); static::setSecuritySaltInFile($dir, $io, $newKey, '.env.default'); }