ILIAS
release_5-3 Revision v5.3.23-19-g915713cf615
|
Static Public Member Functions | |
static | aesDecrypt ($ciphertext) |
Decrypt data using AES-256-CBC and the system-wide secret salt as key. More... | |
static | aesEncrypt ($data) |
Encrypt data using AES-256-CBC and the system-wide secret salt as key. More... | |
static | der2pem ($der, $type='CERTIFICATE') |
Convert data from DER to PEM encoding. More... | |
static | loadPrivateKey (\SimpleSAML_Configuration $metadata, $required=false, $prefix='', $full_path=false) |
Load a private key from metadata. More... | |
static | loadPublicKey (\SimpleSAML_Configuration $metadata, $required=false, $prefix='') |
Get public key or certificate from metadata. More... | |
static | pem2der ($pem) |
Convert from PEM to DER encoding. More... | |
static | pwHash ($password, $algorithm, $salt=null) |
This function hashes a password with a given algorithm. More... | |
static | secureCompare ($known, $user) |
Compare two strings securely. More... | |
static | pwValid ($hash, $password) |
This function checks if a password is valid. More... | |
Definition at line 10 of file Crypto.php.
|
static |
Decrypt data using AES-256-CBC and the system-wide secret salt as key.
string | $ciphertext | The HMAC of the encrypted data, the IV used and the encrypted data, concatenated. |
InvalidArgumentException If $ciphertext is not a string.
SimpleSAML_Error_Exception If the openssl module is not loaded.
Definition at line 81 of file Crypto.php.
References SimpleSAML\Utils\Config\getSecretSalt().
Referenced by SimpleSAML_Utilities\aesDecrypt().
|
static |
Encrypt data using AES-256-CBC and the system-wide secret salt as key.
string | $data | The data to encrypt. |
InvalidArgumentException If $data is not a string.
SimpleSAML_Error_Exception If the openssl module is not loaded.
Definition at line 146 of file Crypto.php.
References $data, and SimpleSAML\Utils\Config\getSecretSalt().
Referenced by SimpleSAML_Utilities\aesEncrypt(), and SimpleSAML\Utils\HTTP\getSecurePOSTRedirectURL().
|
static |
Convert data from DER to PEM encoding.
string | $der | Data encoded in DER format. |
string | $type | The type of data we are encoding, as expressed by the PEM header. Defaults to "CERTIFICATE". |
Definition at line 160 of file Crypto.php.
Referenced by sspmod_authX509_Auth_Source_X509userCert\authenticate().
|
static |
Load a private key from metadata.
This function loads a private key from a metadata array. It looks for the following elements:
It returns and array with the following elements:
\SimpleSAML_Configuration | $metadata | The metadata array the private key should be loaded from. |
bool | $required | Whether the private key is required. If this is true, a missing key will cause an exception. Defaults to false. |
string | $prefix | The prefix which should be used when reading from the metadata array. Defaults to ''. |
bool | $full_path | Whether the filename found in the configuration contains the full path to the private key or not. Default to false. |
InvalidArgumentException If $required is not boolean or $prefix is not a string.
SimpleSAML_Error_Exception If no private key is found in the metadata, or it was not possible to load it.
Definition at line 195 of file Crypto.php.
References $data, $file, $metadata, $ret, and SimpleSAML\Utils\Config\getCertPath().
Referenced by sspmod_saml_Message\addSign(), sspmod_saml_Message\getDecryptionKeys(), SimpleSAML_Utilities\loadPrivateKey(), and SimpleSAML\Bindings\Shib13\HTTPPost\sendResponse().
|
static |
Get public key or certificate from metadata.
This function implements a function to retrieve the public key or certificate from a metadata array.
It will search for the following elements in the metadata:
This function will return an array with these elements:
\SimpleSAML_Configuration | $metadata | The metadata. |
bool | $required | Whether the private key is required. If this is TRUE, a missing key will cause an exception. Default is FALSE. |
string | $prefix | The prefix which should be used when reading from the metadata array. Defaults to ''. |
InvalidArgumentException If $metadata is not an instance of \SimpleSAML_Configuration, $required is not boolean or $prefix is not a string.
SimpleSAML_Error_Exception If no private key is found in the metadata, or it was not possible to load it.
Definition at line 265 of file Crypto.php.
References $key, $keys, and $metadata.
Referenced by sspmod_saml_Message\addSign(), SimpleSAML_Utilities\loadPublicKey(), and SimpleSAML\Bindings\Shib13\HTTPPost\sendResponse().
|
static |
Convert from PEM to DER encoding.
string | $pem | Data encoded in PEM format. |
InvalidArgumentException If $pem is not encoded in PEM format.
Definition at line 327 of file Crypto.php.
References $end.
|
static |
This function hashes a password with a given algorithm.
string | $password | The password to hash. |
string | $algorithm | The hashing algorithm, uppercase, optionally prepended with 'S' (salted). See hash_algos() for a complete list of hashing algorithms. |
string | $salt | An optional salt to use. |
InvalidArgumentException If the input parameters are not strings.
SimpleSAML_Error_Exception If the algorithm specified is not supported.
Definition at line 365 of file Crypto.php.
References $password, and GuzzleHttp\Psr7\hash().
|
static |
This function checks if a password is valid.
string | $hash | The password as it appears in password file, optionally prepended with algorithm. |
string | $password | The password to check in clear. |
InvalidArgumentException If the input parameters are not strings.
SimpleSAML_Error_Exception If the algorithm specified is not supported.
Definition at line 440 of file Crypto.php.
|
static |
Compare two strings securely.
This method checks if two strings are equal in constant time, avoiding timing attacks. Use it every time we need to compare a string with a secret that shouldn't be leaked, i.e. when verifying passwords, one-time codes, etc.
string | $known | A known string. |
string | $user | A user-provided string to compare with the known string. |
Definition at line 407 of file Crypto.php.