xml-security/src/Assert/HMACOutputLengthTrait.php at a91a98685b860f3cd069f2e6ff28eaa0f787de6c · simplesamlphp/xml-security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\Assert;

use SimpleSAML\Assert\AssertionFailedException;
use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
use SimpleSAML\XMLSecurity\Exception\ProtocolViolationException;

use function intval;

/**
 * @package simplesamlphp/xml-security
 */
trait HMACOutputLengthTrait
{
    /**
     * The HMAC algorithm (RFC2104 [HMAC]) takes the output (truncation) length in bits as a parameter;
     * this specification REQUIRES that the truncation length be a multiple of 8 (i.e. fall on a byte boundary)
     * because Base64 encoding operates on full bytes
     *
     * @var string
     */
    private static string $HMACOutputLength_regex = '/^([1-9]\d*)$/D';


    /**
     * @param string $value
     * @param string $message
     */
    protected static function validHMACOutputLength(string $value, string $message = ''): void
    {
        try {
            parent::regex(
                $value,
                self::$HMACOutputLength_regex,
                $message ?: '%s is not a valid ds:HMACOutputLengthType',
            );
        } catch (AssertionFailedException $e) {
            throw new SchemaViolationException($e->getMessage());
        }

        try {
            parent::true(
                intval($value) % 8 === 0,
                '%s is not devisible by 8 and therefore not a valid ds:HMACOutputLengthType',
            );
        } catch (AssertionFailedException $e) {
            throw new ProtocolViolationException($e->getMessage());
        }
    }
}