Skip to content

Commit

Permalink
Remove unnecessary utility-class
Browse files Browse the repository at this point in the history
  • Loading branch information
tvdijen committed May 10, 2024
1 parent aa26c50 commit f590142
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 102 deletions.
4 changes: 2 additions & 2 deletions src/Backend/HMAC.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
use SimpleSAML\XMLSecurity\Key\KeyInterface;
use SimpleSAML\XMLSecurity\Utils\Security;

use function hash_equals;
use function hash_hmac;

/**
Expand Down Expand Up @@ -77,6 +77,6 @@ public function sign(KeyInterface $key, string $plaintext): string
*/
public function verify(KeyInterface $key, string $plaintext, string $signature): bool
{
return Security::compareStrings(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
return hash_equals(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
}
}
64 changes: 0 additions & 64 deletions src/Utils/Security.php

This file was deleted.

5 changes: 3 additions & 2 deletions src/XML/SignableElementTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Exception\RuntimeException;
use SimpleSAML\XMLSecurity\Exception\UnsupportedAlgorithmException;
use SimpleSAML\XMLSecurity\Utils\Security;
use SimpleSAML\XMLSecurity\Utils\XML;
use SimpleSAML\XMLSecurity\XML\ds\CanonicalizationMethod;
use SimpleSAML\XMLSecurity\XML\ds\DigestMethod;
Expand All @@ -25,6 +24,8 @@
use SimpleSAML\XMLSecurity\XML\ds\Transform;
use SimpleSAML\XMLSecurity\XML\ds\Transforms;

use function base64_encode;
use function hash;
use function in_array;

/**
Expand Down Expand Up @@ -129,7 +130,7 @@ private function getReference(

return new Reference(
new DigestMethod($digestAlg),
new DigestValue(Security::hash($digestAlg, $canonicalDocument)),
new DigestValue(base64_encode(hash(C::$DIGEST_ALGORITHMS[$digestAlg], $canonicalDocument, true))),
$transforms,
null,
null,
Expand Down
14 changes: 11 additions & 3 deletions src/XML/SignedElementTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
use SimpleSAML\XMLSecurity\Exception\SignatureVerificationFailedException;
use SimpleSAML\XMLSecurity\Key;
use SimpleSAML\XMLSecurity\Key\KeyInterface;
use SimpleSAML\XMLSecurity\Utils\Security;
use SimpleSAML\XMLSecurity\Utils\XML;
use SimpleSAML\XMLSecurity\Utils\XPath;
use SimpleSAML\XMLSecurity\XML\ds\Reference;
Expand All @@ -30,6 +29,8 @@

use function array_pop;
use function base64_decode;
use function hash;
use function hash_equals;
use function in_array;

/**
Expand Down Expand Up @@ -149,9 +150,16 @@ private function validateReference(SignedInfo $signedInfo): SignedElementInterfa
$xml->removeChild($sigNode[0]);

$data = XML::processTransforms($reference->getTransforms(), $xml);
$digest = Security::hash($reference->getDigestMethod()->getAlgorithm(), $data, false);
$algo = $reference->getDigestMethod()->getAlgorithm();
Assert::keyExists(
C::$DIGEST_ALGORITHMS,
$algo,
'Unsupported digest method "' . $algo . '"',
InvalidArgumentException::class,
);

if (Security::compareStrings($digest, base64_decode($reference->getDigestValue()->getRawContent(), true)) !== true) {
$digest = hash(C::$DIGEST_ALGORITHMS[$algo], $data, true);
if (hash_equals($digest, base64_decode($reference->getDigestValue()->getRawContent(), true)) !== true) {
throw new SignatureVerificationFailedException('Failed to verify signature.');
}

Expand Down
31 changes: 0 additions & 31 deletions tests/Utils/SecurityTest.php

This file was deleted.

0 comments on commit f590142

Please sign in to comment.