/** * Generates a new key & saves it encrypted with a hashing strategy * * @param string $name * @return string * @throws \TYPO3\FLOW3\Security\Exception */ public function generateKey($name) { if (strlen($name) === 0) { throw new \TYPO3\FLOW3\Security\Exception('Required name argument was empty', 1334215474); } $password = \TYPO3\FLOW3\Utility\Algorithms::generateRandomString($this->passwordGenerationLength); $this->persistKey($name, $password); return $password; }
/** * Create a user for administration * * The user will get the SystemAdministrator role to manage all data and users. * * @param string $emailAddress E-mail address (account identifier) of the new user * @return void */ public function createUserCommand($emailAddress) { $uuid = \TYPO3\FLOW3\Utility\Algorithms::generateUUID(); $password = substr($uuid, 0, 10); $user = new \Planetflow3\Domain\Model\User(); $user->setEmailAddress($emailAddress); $user->setPassword($password); $user->setRole('SystemAdministrator'); $this->userRepository->add($user); echo "Password: {$password}" . PHP_EOL; }
/** * Hash a password for storage using PBKDF2 and the configured parameters. * Will use a combination of a random dynamic salt and the given static salt. * * @param string $password Cleartext password that should be hashed * @param string $staticSalt Static salt that will be appended to the random dynamic salt * @return string A Base64 encoded string with the derived key (hashed password) and dynamic salt */ public function hashPassword($password, $staticSalt = NULL) { $dynamicSalt = \TYPO3\FLOW3\Utility\Algorithms::generateRandomBytes($this->dynamicSaltLength); $result = \TYPO3\FLOW3\Security\Cryptography\Algorithms::pbkdf2($password, $dynamicSalt . $staticSalt, $this->iterationCount, $this->derivedKeyLength, $this->algorithm); return base64_encode($dynamicSalt) . ',' . base64_encode($result); }
/** * Stores the given keypair under the returned UUID. * * @param \TYPO3\FLOW3\Security\Cryptography\OpenSslRsaKey $publicKey The public key * @param \TYPO3\FLOW3\Security\Cryptography\OpenSslRsaKey $privateKey The private key * @param boolean $usedForPasswords TRUE if this keypair should be used to encrypt passwords (then decryption won't be allowed!). * @return string The UUID used for storing */ private function storeKeyPair($publicKey, $privateKey, $usedForPasswords) { $keyPairUUID = str_replace('-', '_', \TYPO3\FLOW3\Utility\Algorithms::generateUUID()); $keyPair = array(); $keyPair['publicKey'] = $publicKey; $keyPair['privateKey'] = $privateKey; $keyPair['usedForPasswords'] = $usedForPasswords; $this->keys[$keyPairUUID] = $keyPair; $this->saveKeysOnShutdown = TRUE; return $keyPairUUID; }
/** * Creates a BCrypt hash * * @param string $password The plaintext password to hash * @param string $staticSalt Optional static salt that will not be stored in the hashed password * @return string the result of the crypt() call */ public function hashPassword($password, $staticSalt = NULL) { $dynamicSalt = \TYPO3\FLOW3\Utility\Algorithms::generateRandomString(22, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./'); return crypt($password, '$2a$' . $this->cost . '$' . $dynamicSalt); }
/** * After returning advice, making sure we have an UUID for each and every entity. * * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point * @return void * @FLOW3\Before("TYPO3\FLOW3\Persistence\Aspect\PersistenceMagicAspect->isEntity && method(.*->(__construct|__clone)())") */ public function generateUuid(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint) { $proxy = $joinPoint->getProxy(); \TYPO3\FLOW3\Reflection\ObjectAccess::setProperty($proxy, 'FLOW3_Persistence_Identifier', \TYPO3\FLOW3\Utility\Algorithms::generateUUID(), TRUE); $this->persistenceManager->registerNewObject($proxy); }
/** * @return string The configured encryption key stored in Data/Persistent/EncryptionKey * @throws \TYPO3\FLOW3\Security\Exception\MissingConfigurationException */ protected function getEncryptionKey() { if ($this->encryptionKey === NULL) { if (!file_exists(FLOW3_PATH_DATA . 'Persistent/EncryptionKey')) { file_put_contents(FLOW3_PATH_DATA . 'Persistent/EncryptionKey', bin2hex(\TYPO3\FLOW3\Utility\Algorithms::generateRandomBytes(96))); } $this->encryptionKey = file_get_contents(FLOW3_PATH_DATA . 'Persistent/EncryptionKey'); if ($this->encryptionKey === FALSE || $this->encryptionKey === '') { throw new \TYPO3\FLOW3\Security\Exception\MissingConfigurationException('No encryption key for the HashService was found and none could be created at "' . FLOW3_PATH_DATA . 'Persistent/EncryptionKey"', 1258991855); } } return $this->encryptionKey; }
/** * Returns the current CSRF protection token. A new one is created when needed, depending on the configured CSRF * protection strategy. * * @return string */ public function getCsrfProtectionToken() { if ($this->initialized === FALSE) { $this->initialize(); } if (count($this->csrfTokens) === 1 && $this->csrfStrategy !== self::CSRF_ONE_PER_URI) { reset($this->csrfTokens); return key($this->csrfTokens); } $newToken = \TYPO3\FLOW3\Utility\Algorithms::generateRandomToken(16); $this->csrfTokens[$newToken] = TRUE; return $newToken; }