1: <?php
  2: /**
  3:  * Core Security
  4:  *
  5:  * PHP 5
  6:  *
  7:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  8:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  9:  *
 10:  * Licensed under The MIT License
 11:  * Redistributions of files must retain the above copyright notice.
 12:  *
 13:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 14:  * @link          http://cakephp.org CakePHP(tm) Project
 15:  * @package       Cake.Utility
 16:  * @since         CakePHP(tm) v .0.10.0.1233
 17:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 18:  */
 19: 
 20: App::uses('String', 'Utility');
 21: 
 22: /**
 23:  * Security Library contains utility methods related to security
 24:  *
 25:  * @package       Cake.Utility
 26:  */
 27: class Security {
 28: 
 29: /**
 30:  * Default hash method
 31:  *
 32:  * @var string
 33:  */
 34:     public static $hashType = null;
 35: 
 36: /**
 37:  * Get allowed minutes of inactivity based on security level.
 38:  *
 39:  * @return integer Allowed inactivity in minutes
 40:  */
 41:     public static function inactiveMins() {
 42:         switch (Configure::read('Security.level')) {
 43:             case 'high':
 44:                 return 10;
 45:             case 'medium':
 46:                 return 100;
 47:             case 'low':
 48:             default:
 49:                 return 300;
 50:         }
 51:     }
 52: 
 53: /**
 54:  * Generate authorization hash.
 55:  *
 56:  * @return string Hash
 57:  */
 58:     public static function generateAuthKey() {
 59:         return Security::hash(String::uuid());
 60:     }
 61: 
 62: /**
 63:  * Validate authorization hash.
 64:  *
 65:  * @param string $authKey Authorization hash
 66:  * @return boolean Success
 67:  */
 68:     public static function validateAuthKey($authKey) {
 69:         return true;
 70:     }
 71: 
 72: /**
 73:  * Create a hash from string using given method.
 74:  * Fallback on next available method.
 75:  *
 76:  * @param string $string String to hash
 77:  * @param string $type Method to use (sha1/sha256/md5)
 78:  * @param boolean $salt If true, automatically appends the application's salt
 79:  *     value to $string (Security.salt)
 80:  * @return string Hash
 81:  */
 82:     public static function hash($string, $type = null, $salt = false) {
 83:         if ($salt) {
 84:             if (is_string($salt)) {
 85:                 $string = $salt . $string;
 86:             } else {
 87:                 $string = Configure::read('Security.salt') . $string;
 88:             }
 89:         }
 90: 
 91:         if (empty($type)) {
 92:             $type = self::$hashType;
 93:         }
 94:         $type = strtolower($type);
 95: 
 96:         if ($type == 'sha1' || $type == null) {
 97:             if (function_exists('sha1')) {
 98:                 $return = sha1($string);
 99:                 return $return;
100:             }
101:             $type = 'sha256';
102:         }
103: 
104:         if ($type == 'sha256' && function_exists('mhash')) {
105:             return bin2hex(mhash(MHASH_SHA256, $string));
106:         }
107: 
108:         if (function_exists('hash')) {
109:             return hash($type, $string);
110:         }
111:         return md5($string);
112:     }
113: 
114: /**
115:  * Sets the default hash method for the Security object.  This affects all objects using
116:  * Security::hash().
117:  *
118:  * @param string $hash Method to use (sha1/sha256/md5)
119:  * @return void
120:  * @see Security::hash()
121:  */
122:     public static function setHash($hash) {
123:         self::$hashType = $hash;
124:     }
125: 
126: /**
127:  * Encrypts/Decrypts a text using the given key.
128:  *
129:  * @param string $text Encrypted string to decrypt, normal string to encrypt
130:  * @param string $key Key to use
131:  * @return string Encrypted/Decrypted string
132:  */
133:     public static function cipher($text, $key) {
134:         if (empty($key)) {
135:             trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::cipher()'), E_USER_WARNING);
136:             return '';
137:         }
138: 
139:         srand(Configure::read('Security.cipherSeed'));
140:         $out = '';
141:         $keyLength = strlen($key);
142:         for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) {
143:             $j = ord(substr($key, $i % $keyLength, 1));
144:             while ($j--) {
145:                 rand(0, 255);
146:             }
147:             $mask = rand(0, 255);
148:             $out .= chr(ord(substr($text, $i, 1)) ^ $mask);
149:         }
150:         srand();
151:         return $out;
152:     }
153: 
154: /**
155:  * Encrypts/Decrypts a text using the given key using rijndael method.
156:  *
157:  * @param string $text Encrypted string to decrypt, normal string to encrypt
158:  * @param string $key Key to use
159:  * @param string $operation Operation to perform, encrypt or decrypt
160:  * @return string Encrypted/Descrypted string
161:  */
162:     public static function rijndael($text, $key, $operation) {
163:         if (empty($key)) {
164:             trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::rijndael()'), E_USER_WARNING);
165:             return '';
166:         }
167:         if (empty($operation) || !in_array($operation, array('encrypt', 'decrypt'))) {
168:             trigger_error(__d('cake_dev', 'You must specify the operation for Security::rijndael(), either encrypt or decrypt'), E_USER_WARNING);
169:             return '';
170:         }
171:         if (strlen($key) < 32) {
172:             trigger_error(__d('cake_dev', 'You must use a key larger than 32 bytes for Security::rijndael()'), E_USER_WARNING);
173:             return '';
174:         }
175:         $algorithm = 'rijndael-256';
176:         $mode = 'cbc';
177:         $cryptKey = substr($key, 0, 32);
178:         $iv = substr($key, strlen($key) - 32, 32);
179:         $out = '';
180:         if ($operation === 'encrypt') {
181:             $out .= mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
182:         } elseif ($operation === 'decrypt') {
183:             $out .= rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
184:         }
185:         return $out;
186:     }
187: 
188: }
189: