From 840b05eda26529a8c06790960bbb227162523309 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 2 Nov 2009 20:53:32 +0000
Subject: [PATCH] Remediate use of deprecated hashing function.

---
 saml/SAMLConfig.cpp                                | 25 ++--------------------
 saml/SAMLConfig.h                                  |  1 +
 .../metadata/impl/AbstractMetadataProvider.cpp     |  5 +++--
 samltest/ArtifactMapTest.h                         |  7 ++++--
 samltest/SAMLArtifactCreationTest.h                | 11 +++++++---
 samltest/SAMLArtifactType0001Test.h                |  5 +++--
 samltest/SAMLArtifactType0004Test.h                |  5 +++--
 samltest/saml1/binding/SAML1ArtifactTest.h         |  6 +++++-
 samltest/saml2/binding/SAML2ArtifactTest.h         |  6 +++++-
 samltest/saml2/metadata/XMLMetadataProviderTest.h  |  8 +++++--
 10 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/saml/SAMLConfig.cpp b/saml/SAMLConfig.cpp
index 66f8b8a..12e60e1 100644
--- a/saml/SAMLConfig.cpp
+++ b/saml/SAMLConfig.cpp
@@ -52,6 +52,7 @@
 
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/SecurityHelper.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/NDC.h>
 #include <xmltooling/util/PathResolver.h>
@@ -217,29 +218,7 @@ XMLCh* SAMLInternalConfig::generateIdentifier()
 
 string SAMLInternalConfig::hashSHA1(const char* s, bool toHex)
 {
-    static char DIGITS[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-
-    auto_ptr<XSECCryptoHash> hasher(XSECPlatformUtils::g_cryptoProvider->hashSHA1());
-    if (hasher.get()) {
-        unsigned char buf[21];
-        hasher->hash(reinterpret_cast<unsigned char*>(const_cast<char*>(s)),strlen(s));
-        if (hasher->finish(buf,20)==20) {
-            string ret;
-            if (toHex) {
-                for (unsigned int i=0; i<20; i++) {
-                    ret+=(DIGITS[((unsigned char)(0xF0 & buf[i])) >> 4 ]);
-                    ret+=(DIGITS[0x0F & buf[i]]);
-                }
-            }
-            else {
-                for (unsigned int i=0; i<20; i++) {
-                    ret+=buf[i];
-                }
-            }
-            return ret;
-        }
-    }
-    throw XMLSecurityException("Unable to generate SHA-1 hash.");
+    return SecurityHelper::doHash("SHA1", s, strlen(s), toHex);
 }
 
 SignableObject::SignableObject()
diff --git a/saml/SAMLConfig.h b/saml/SAMLConfig.h
index dc342e6..5a40214 100644
--- a/saml/SAMLConfig.h
+++ b/saml/SAMLConfig.h
@@ -133,6 +133,7 @@ namespace opensaml {
         virtual XMLCh* generateIdentifier()=0;
         
         /**
+         * @deprecated
          * Generate the SHA-1 hash of a string
          * 
          * @param s     NULL-terminated string to hash
diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index 751b72f..011f3e4 100644
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -31,6 +31,7 @@
 #include <xmltooling/XMLToolingConfig.h>
 #include <xmltooling/security/Credential.h>
 #include <xmltooling/security/KeyInfoResolver.h>
+#include <xmltooling/security/SecurityHelper.h>
 #include <xmltooling/util/Threads.h>
 #include <xmltooling/util/XMLHelper.h>
 
@@ -117,7 +118,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil,
             }
             
             // Hash the ID.
-            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+            m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
                 
             // Load endpoints for type 0x0002 artifacts.
             const vector<ArtifactResolutionService*>& locs=const_cast<const IDPSSODescriptor*>(*i)->getArtifactResolutionServices();
@@ -131,7 +132,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil,
         // SAML 2.0?
         if ((*i)->hasSupport(samlconstants::SAML20P_NS)) {
             // Hash the ID.
-            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+            m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
         }
     }
 }
diff --git a/samltest/ArtifactMapTest.h b/samltest/ArtifactMapTest.h
index 90466b1..1833e08 100644
--- a/samltest/ArtifactMapTest.h
+++ b/samltest/ArtifactMapTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 #include "saml/binding/ArtifactMap.h"
 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
 #include <saml/saml2/core/Protocols.h>
+#include <xmltooling/security/SecurityHelper.h>
 
 using namespace opensaml::saml2p;
 using namespace opensaml;
@@ -40,7 +41,9 @@ public:
     void testArtifactMap(void) {
         auto_ptr<Response> response(ResponseBuilder::buildResponse());
 
-        SAML2ArtifactType0004 artifact(SAMLConfig::getConfig().hashSHA1(providerIdStr.c_str()),666,handle);
+        SAML2ArtifactType0004 artifact(
+            SecurityHelper::doHash("SHA1", providerIdStr.data(), providerIdStr.length(), false), 666, handle
+            );
         
         ArtifactMap* artifactMap = SAMLConfig::getConfig().getArtifactMap();
         artifactMap->storeContent(response.get(), &artifact, providerIdStr.c_str());
diff --git a/samltest/SAMLArtifactCreationTest.h b/samltest/SAMLArtifactCreationTest.h
index e0c47ff..be54b2d 100644
--- a/samltest/SAMLArtifactCreationTest.h
+++ b/samltest/SAMLArtifactCreationTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 #include <saml/saml1/binding/SAMLArtifactType0001.h>
 #include <saml/saml1/binding/SAMLArtifactType0002.h>
 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
+#include <xmltooling/security/SecurityHelper.h>
 
 using namespace opensaml::saml1p;
 using namespace opensaml::saml2p;
@@ -43,7 +44,9 @@ public:
         SAMLArtifactType0001 artifact1(sourceId,handle);
         //printResults(artifact1);
 
-        SAMLArtifactType0001 artifact2(conf.hashSHA1(providerIdStr.c_str()),handle);
+        SAMLArtifactType0001 artifact2(
+            SecurityHelper::doHash("SHA1", providerIdStr.data(), providerIdStr.length(), false), handle
+            );
         //printResults(artifact2,providerIdStr.c_str());
     }
 
@@ -53,7 +56,9 @@ public:
     }
 
     void testSAMLArtifactType0004(void) {
-        SAML2ArtifactType0004 artifact(SAMLConfig::getConfig().hashSHA1(providerIdStr.c_str()),666,handle);
+        SAML2ArtifactType0004 artifact(
+            SecurityHelper::doHash("SHA1", providerIdStr.data(), providerIdStr.length(), false), 666, handle
+            );
         //printResults(artifact,providerIdStr.c_str());
     }
 
diff --git a/samltest/SAMLArtifactType0001Test.h b/samltest/SAMLArtifactType0001Test.h
index 54d2094..e552e98 100644
--- a/samltest/SAMLArtifactType0001Test.h
+++ b/samltest/SAMLArtifactType0001Test.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 #include "internal.h"
 #include <saml/SAMLConfig.h>
 #include <saml/saml1/binding/SAMLArtifactType0001.h>
+#include <xmltooling/security/SecurityHelper.h>
 
 using namespace opensaml::saml1p;
 using namespace opensaml;
@@ -32,7 +33,7 @@ public:
     }
     
     void testSAMLArtifactType0001(void) {
-        string sourceId = SAMLConfig::getConfig().hashSHA1(providerIdStr.c_str());
+        string sourceId = SecurityHelper::doHash("SHA1", providerIdStr.data(), providerIdStr.length(), false);
         auto_ptr<SAMLArtifactType0001> artifact(new SAMLArtifactType0001(sourceId));
         auto_ptr<SAMLArtifact> tempArtifact(SAMLArtifact::parse(artifact->encode().c_str()));
         
diff --git a/samltest/SAMLArtifactType0004Test.h b/samltest/SAMLArtifactType0004Test.h
index 48b58fb..0fc7441 100644
--- a/samltest/SAMLArtifactType0004Test.h
+++ b/samltest/SAMLArtifactType0004Test.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 #include "internal.h"
 #include <saml/SAMLConfig.h>
 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
+#include <xmltooling/security/SecurityHelper.h>
 
 using namespace opensaml::saml2p;
 using namespace opensaml;
@@ -32,7 +33,7 @@ public:
     }
     
     void testSAMLArtifactType0004(void) {
-        string sourceId = SAMLConfig::getConfig().hashSHA1(providerIdStr.c_str());
+        string sourceId = SecurityHelper::doHash("SHA1", providerIdStr.data(), providerIdStr.length(), false);
         auto_ptr<SAML2ArtifactType0004> artifact(new SAML2ArtifactType0004(sourceId,666));
         auto_ptr<SAML2Artifact> tempArtifact(dynamic_cast<SAML2Artifact*>(SAMLArtifact::parse(artifact->encode().c_str())));
         
diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h
index 7dbff70..5189622 100644
--- a/samltest/saml1/binding/SAML1ArtifactTest.h
+++ b/samltest/saml1/binding/SAML1ArtifactTest.h
@@ -20,6 +20,7 @@
 #include <saml/saml1/core/Assertions.h>
 #include <saml/saml1/core/Protocols.h>
 #include <saml/saml1/binding/SAMLArtifactType0001.h>
+#include <xmltooling/security/SecurityHelper.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/validation/ValidatorSuite.h>
 
@@ -106,7 +107,10 @@ public:
     }
 
     SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const {
-        return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"));
+        static const char* providerIdStr = "https://idp.example.org/";
+        return new SAMLArtifactType0001(
+            SecurityHelper::doHash("SHA1", providerIdStr, strlen(providerIdStr), false)
+        );
     }
     
     saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {
diff --git a/samltest/saml2/binding/SAML2ArtifactTest.h b/samltest/saml2/binding/SAML2ArtifactTest.h
index da9cd56..0c404b4 100644
--- a/samltest/saml2/binding/SAML2ArtifactTest.h
+++ b/samltest/saml2/binding/SAML2ArtifactTest.h
@@ -19,6 +19,7 @@
 #include <saml/binding/ArtifactMap.h>
 #include <saml/saml2/core/Protocols.h>
 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
+#include <xmltooling/security/SecurityHelper.h>
 #include <xmltooling/validation/ValidatorSuite.h>
 
 using namespace opensaml::saml2p;
@@ -111,7 +112,10 @@ public:
     }
     
     saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {
-        return new SAML2ArtifactType0004(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"),1);
+        static const char* providerIdStr = "https://idp.example.org/";
+        return new SAML2ArtifactType0004(
+            SecurityHelper::doHash("SHA1", providerIdStr, strlen(providerIdStr), false), 1
+            );
     }
     
     saml1p::Response* resolve(
diff --git a/samltest/saml2/metadata/XMLMetadataProviderTest.h b/samltest/saml2/metadata/XMLMetadataProviderTest.h
index 00494f7..f0f8d81 100644
--- a/samltest/saml2/metadata/XMLMetadataProviderTest.h
+++ b/samltest/saml2/metadata/XMLMetadataProviderTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
 #include <saml/saml2/metadata/Metadata.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
+#include <xmltooling/security/SecurityHelper.h>
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2p;
@@ -77,8 +78,11 @@ public:
         TSM_ASSERT("Role lookup failed", find_if(descriptor->getIDPSSODescriptors(), isValidForProtocol(supportedProtocol))!=NULL);
         TSM_ASSERT("Role lookup failed", find_if(descriptor->getIDPSSODescriptors(), isValidForProtocol(supportedProtocol2))!=NULL);
 
+        static const char* providerIdStr = "urn:mace:incommon:washington.edu";
         auto_ptr<SAML2ArtifactType0004> artifact(
-            new SAML2ArtifactType0004(SAMLConfig::getConfig().hashSHA1("urn:mace:incommon:washington.edu"),1)
+            new SAML2ArtifactType0004(
+                SecurityHelper::doHash("SHA1", providerIdStr, strlen(providerIdStr), false), 1
+                )
             );
         descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(artifact.get(),NULL,NULL,false)).first;
         TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
-- 
2.1.4