Allow to specify hashing algorithm for WSSE

peter279k · web-flow · commit 659f8760e3de · 2021-02-01T09:48:42.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
    the respective classes are available via autoloading, but continue to return objects from `Zend\Diactoros\`
    namespace otherwise.
 
+## [1.11.0] - unreleased
+
+- Allow to specify the hashing algorithm for WSSE authentication.
+
 ## [1.10.0] - 2020-11-11
 
 - Added support for PHP 8.0.
diff --git a/src/Authentication/Wsse.php b/src/Authentication/Wsse.php
@@ -3,6 +3,7 @@
 namespace Http\Message\Authentication;
 
 use Http\Message\Authentication;
+use InvalidArgumentException;
 use Psr\Http\Message\RequestInterface;
 
 /**
@@ -22,25 +23,34 @@ final class Wsse implements Authentication
      */
     private $password;
 
+    /**
+     * @var string
+     */
+    private $hashAlgorithm;
+
     /**
      * @param string $username
      * @param string $password
+     * @param string $hashAlgorithm To use a better hashing algorithm than the weak sha1, pass the algorithm to use, e.g. "sha512"
      */
-    public function __construct($username, $password)
+    public function __construct($username, $password, $hashAlgorithm = 'sha1')
     {
         $this->username = $username;
         $this->password = $password;
+        if (false === in_array($hashAlgorithm, hash_algos())) {
+            throw new InvalidArgumentException(sprintf('Unaccepted hashing algorithm: %s', $hashAlgorithm));
+        }
+        $this->hashAlgorithm = $hashAlgorithm;
     }
 
     /**
      * {@inheritdoc}
      */
     public function authenticate(RequestInterface $request)
     {
-        // TODO: generate better nonce?
         $nonce = substr(md5(uniqid(uniqid().'_', true)), 0, 16);
         $created = date('c');
-        $digest = base64_encode(sha1(base64_decode($nonce).$created.$this->password, true));
+        $digest = base64_encode(hash($this->hashAlgorithm, base64_decode($nonce).$created.$this->password, true));
 
         $wsse = sprintf(
             'UsernameToken Username="%s", PasswordDigest="%s", Nonce="%s", Created="%s"',
diff --git a/src/CookieJar.php b/src/CookieJar.php
@@ -10,7 +10,7 @@
 final class CookieJar implements \Countable, \IteratorAggregate
 {
     /**
-     * @var \SplObjectStorage
+     * @var \SplObjectStorage<object, mixed>
      */
     private $cookies;
 
diff --git a/src/Encoding/FilteredStream.php b/src/Encoding/FilteredStream.php
@@ -13,12 +13,11 @@
  */
 abstract class FilteredStream implements StreamInterface
 {
-    const BUFFER_SIZE = 8192;
-
     use StreamDecorator {
         rewind as private doRewind;
         seek as private doSeek;
     }
+    const BUFFER_SIZE = 8192;
 
     /**
      * @var callable

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`final class CookieJar implements \Countable, \IteratorAggregate`
`11`	`11`	`{`
`12`	`12`	`/**`
`13`		`- * @var \SplObjectStorage`
	`13`	`+ * @var \SplObjectStorage<object, mixed>`
`14`	`14`	`*/`
`15`	`15`	`private $cookies;`
`16`	`16`
Original file line number	Diff line number	Diff line change
`@@ -13,12 +13,11 @@`
`13`	`13`	`*/`
`14`	`14`	`abstract class FilteredStream implements StreamInterface`
`15`	`15`	`{`
`16`		`- const BUFFER_SIZE = 8192;`
`17`		`-`
`18`	`16`	`use StreamDecorator {`
`19`	`17`	`rewind as private doRewind;`
`20`	`18`	`seek as private doSeek;`
`21`	`19`	`}`
	`20`	`+ const BUFFER_SIZE = 8192;`
`22`	`21`
`23`	`22`	`/**`
`24`	`23`	`* @var callable`