Support multiple checksum algorithms (#147)

samuelwei · FelixJacobi · web-flow · commit b55171bb165d · 2023-10-07T17:44:07.000+02:00
* Add custom hash algorithm

* Adjust tests

* Fix cs

* Update src/BigBlueButton.php

Co-authored-by: Felix Jacobi &lt;felix@jacobi-hamburg.net&gt;

* Refactor to be compliant with upstream

* Fix cs

* Remove setHashingAlgorithm, add hashing algorithm as  constructor arg.

* Revert changes to construct param type hints

* Fix cs

* Fix test

---------

Co-authored-by: Felix Jacobi &lt;felix@jacobi-hamburg.net&gt;
diff --git a/composer.json b/composer.json
@@ -62,7 +62,8 @@
     "ext-curl": "*",
     "ext-simplexml": "*",
     "ext-mbstring": "*",
-    "ext-json": "*"
+    "ext-json": "*",
+    "marc-mabe/php-enum": "^4.7"
   },
   "suggest": {
     "psr/http-client-implementation": "To use the PsrHttpClientTransport.",
diff --git a/src/BigBlueButton.php b/src/BigBlueButton.php
@@ -20,6 +20,7 @@
 namespace BigBlueButton;
 
 use BigBlueButton\Core\ApiMethod;
+use BigBlueButton\Enum\HashingAlgorithm;
 use BigBlueButton\Exceptions\ConfigException;
 use BigBlueButton\Exceptions\NetworkException;
 use BigBlueButton\Exceptions\ParsingException;
@@ -80,6 +81,11 @@ class BigBlueButton
      */
     protected $bbbServerBaseUrl;
 
+    /**
+     * @var string
+     */
+    protected $hashingAlgorithm;
+
     /**
      * @var UrlBuilder
      */
@@ -107,17 +113,19 @@ class BigBlueButton
      *
      * @throws ConfigException
      */
-    public function __construct(string $baseUrl = null, string $secret = null, TransportInterface $transport = null)
+    public function __construct(string $baseUrl = null, string $secret = null, TransportInterface $transport = null, string $hashingAlgorithm = HashingAlgorithm::SHA_1)
     {
         // Keeping backward compatibility with older deployed versions
         $this->securitySecret = $secret ?: getenv('BBB_SECURITY_SALT') ?: getenv('BBB_SECRET');
         $this->bbbServerBaseUrl = $baseUrl ?: getenv('BBB_SERVER_BASE_URL');
 
+        $this->hashingAlgorithm = $hashingAlgorithm;
+
         if (empty($this->bbbServerBaseUrl)) {
             throw new ConfigException('Base url required');
         }
 
-        $this->urlBuilder = new UrlBuilder($this->securitySecret, $this->bbbServerBaseUrl);
+        $this->urlBuilder = new UrlBuilder($this->securitySecret, $this->bbbServerBaseUrl, $this->hashingAlgorithm);
         $this->transport = $transport ?? CurlTransport::createWithDefaultOptions();
     }
 
diff --git a/src/Enum/HashingAlgorithm.php b/src/Enum/HashingAlgorithm.php
@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * BigBlueButton open source conferencing system - https://www.bigbluebutton.org/.
+ *
+ * Copyright (c) 2016-2023 BigBlueButton Inc. and by respective authors (see below).
+ *
+ * This program is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation; either version 3.0 of the License, or (at your option) any later
+ * version.
+ *
+ * BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along
+ * with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace BigBlueButton\Enum;
+
+use MabeEnum\Enum;
+
+class HashingAlgorithm extends Enum
+{
+    public const SHA_1 = 'sha1';
+    public const SHA_256 = 'sha256';
+    public const SHA_512 = 'sha512';
+    public const SHA_384 = 'sha384';
+}
diff --git a/src/Util/UrlBuilder.php b/src/Util/UrlBuilder.php
@@ -35,10 +35,16 @@ final class UrlBuilder
      */
     private $bbbServerBaseUrl;
 
-    public function __construct(string $secret, string $serverBaseUrl)
+    /**
+     * @var string
+     */
+    private $hashingAlgorithm;
+
+    public function __construct(string $secret, string $serverBaseUrl, string $hashingAlgorithm)
     {
         $this->securitySalt = $secret;
         $this->bbbServerBaseUrl = $serverBaseUrl;
+        $this->hashingAlgorithm = $hashingAlgorithm;
     }
 
     /**
@@ -61,6 +67,6 @@ public function buildQs(string $method = '', string $params = ''): string
             $checksumParam = 'checksum=';
         }
 
-        return $params.$checksumParam.sha1($method.$params.$this->securitySalt);
+        return $params.$checksumParam.hash($this->hashingAlgorithm, $method.$params.$this->securitySalt);
     }
 }
diff --git a/tests/unit/BigBlueButtonTest.php b/tests/unit/BigBlueButtonTest.php
@@ -20,6 +20,7 @@
 namespace BigBlueButton;
 
 use BigBlueButton\Core\ApiMethod;
+use BigBlueButton\Enum\HashingAlgorithm;
 use BigBlueButton\Exceptions\ConfigException;
 use BigBlueButton\Exceptions\NetworkException;
 use BigBlueButton\Exceptions\ParsingException;
@@ -349,13 +350,23 @@ public function testUpdateRecordingsUrl()
 
     public function testBuildUrl(): void
     {
-        $bigBlueButton = new BigBlueButton('https://bbb.example/bigbluebutton/', 'S3cr3t');
+        // Test with default hash algorithm (sha1)
+        $bigBlueButton = new BigBlueButton('https://bbb.example/bigbluebutton/', 'S3cr3t', null, HashingAlgorithm::SHA_1);
 
         $this->assertSame(
             'https://bbb.example/bigbluebutton/api/foo?foo=bar&baz=bazinga&checksum=694ad46bc5a79a572bab6c8b9a939527c39ac7f6',
             $bigBlueButton->buildUrl('foo', 'foo=bar&baz=bazinga'),
             'URL is not ok'
         );
+
+        // Test with different hash algorithm (sha256)
+        $bigBlueButton = new BigBlueButton('https://bbb.example/bigbluebutton/', 'S3cr3t', null, HashingAlgorithm::SHA_256);
+
+        $this->assertSame(
+            'https://bbb.example/bigbluebutton/api/foo?foo=bar&baz=bazinga&checksum=0ce0d779a8220be9824c7eab055b36b59ac504ba899a76d7c528b8473960025e',
+            $bigBlueButton->buildUrl('foo', 'foo=bar&baz=bazinga'),
+            'URL is not ok'
+        );
     }
 
     public function testGetInsertDocument(): void
diff --git a/tests/unit/Util/UrlBuilderTest.php b/tests/unit/Util/UrlBuilderTest.php
@@ -30,19 +30,30 @@ final class UrlBuilderTest extends TestCase
 {
     public function testBuildUrl(): void
     {
-        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/');
+        // Test with sha1 hash algorithm
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha1');
 
         // echo sha1('getMeetings' . 'foo=bar&baz=bazinga' . 'AFFE');
         $this->assertSame(
             'https://bbb.example/bigbluebutton/api/getMeetings?foo=bar&baz=bazinga&checksum=8c313ec566a91bb9a409b51a0f515f53216a43ae',
             $urlBuilder->buildUrl('getMeetings', 'foo=bar&baz=bazinga'),
             'signed URL is OK'
         );
+
+        // Test with sha256 hash algorithm
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha256');
+
+        // echo hash('sha256', 'getMeetings' . 'foo=bar&baz=bazinga' . 'AFFE');
+        $this->assertSame(
+            'https://bbb.example/bigbluebutton/api/getMeetings?foo=bar&baz=bazinga&checksum=e93a022a742425259bf3acec803ad8b4e428e7653b66bfecfa60d935a04bcc3b',
+            $urlBuilder->buildUrl('getMeetings', 'foo=bar&baz=bazinga'),
+            'signed URL is OK'
+        );
     }
 
     public function testBuildUrlWithEmptyParams(): void
     {
-        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/');
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha1');
 
         // echo sha1('getMeetings' . '' . 'AFFE');
         $this->assertSame(
@@ -54,7 +65,7 @@ public function testBuildUrlWithEmptyParams(): void
 
     public function testBuildUrlWithoutAppend(): void
     {
-        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/');
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha1');
 
         $this->assertSame(
             'https://bbb.example/bigbluebutton/api/getMeetings',
@@ -65,7 +76,7 @@ public function testBuildUrlWithoutAppend(): void
 
     public function testBuildQs(): void
     {
-        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/');
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha1');
 
         // echo sha1('getMeetings' . 'foo=bar&baz=bazinga' . 'AFFE');
         $this->assertSame(
@@ -77,7 +88,7 @@ public function testBuildQs(): void
 
     public function testBuildQsWithEmptyParams(): void
     {
-        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/');
+        $urlBuilder = new UrlBuilder('AFFE', 'https://bbb.example/bigbluebutton/', 'sha1');
 
         // echo sha1('getMeetings' . '' . 'AFFE');
         $this->assertSame(

Original file line number	Diff line number	Diff line change
`@@ -35,10 +35,16 @@ final class UrlBuilder`
`35`	`35`	`*/`
`36`	`36`	`private $bbbServerBaseUrl;`
`37`	`37`
`38`		`- public function __construct(string $secret, string $serverBaseUrl)`
	`38`	`+ /**`
	`39`	`+ * @var string`
	`40`	`+ */`
	`41`	`+ private $hashingAlgorithm;`
	`42`	`+`
	`43`	`+ public function __construct(string $secret, string $serverBaseUrl, string $hashingAlgorithm)`
`39`	`44`	`{`
`40`	`45`	`$this->securitySalt = $secret;`
`41`	`46`	`$this->bbbServerBaseUrl = $serverBaseUrl;`
	`47`	`+ $this->hashingAlgorithm = $hashingAlgorithm;`
`42`	`48`	`}`
`43`	`49`
`44`	`50`	`/**`
`@@ -61,6 +67,6 @@ public function buildQs(string $method = '', string $params = ''): string`
`61`	`67`	`$checksumParam = 'checksum=';`
`62`	`68`	`}`
`63`	`69`
`64`		`- return $params.$checksumParam.sha1($method.$params.$this->securitySalt);`
	`70`	`+ return $params.$checksumParam.hash($this->hashingAlgorithm, $method.$params.$this->securitySalt);`
`65`	`71`	`}`
`66`	`72`	`}`