From 6beb8d42ff2715d36565f5cec8984f57b1490236 Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Sun, 17 Jan 2016 16:16:01 +0000
Subject: [PATCH] Replaced SecureKey::generate with random_bytes method

---
 composer.json                                 |  3 +-
 src/Utils/KeyAlgorithm/DefaultAlgorithm.php   | 36 ----------------
 .../KeyAlgorithm/KeyAlgorithmInterface.php    | 24 -----------
 src/Utils/SecureKey.php                       | 41 +++++++------------
 4 files changed, 17 insertions(+), 87 deletions(-)
 delete mode 100644 src/Utils/KeyAlgorithm/DefaultAlgorithm.php
 delete mode 100644 src/Utils/KeyAlgorithm/KeyAlgorithmInterface.php

diff --git a/composer.json b/composer.json
index ba45b8a6..89cabf93 100644
--- a/composer.json
+++ b/composer.json
@@ -8,7 +8,8 @@
         "league/event": "~2.1",
         "zendframework/zend-diactoros": "~1.1",
         "namshi/jose": "^6.0",
-        "lcobucci/jwt": "^3.1"
+        "lcobucci/jwt": "^3.1",
+        "paragonie/random_compat": "^1.1"
     },
     "require-dev": {
         "phpunit/phpunit": "4.8.*",
diff --git a/src/Utils/KeyAlgorithm/DefaultAlgorithm.php b/src/Utils/KeyAlgorithm/DefaultAlgorithm.php
deleted file mode 100644
index cdbe20bf..00000000
--- a/src/Utils/KeyAlgorithm/DefaultAlgorithm.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Secure key interface
- *
- * @package     league/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) Alex Bilbie
- * @license     http://mit-license.org/
- * @link        https://github.com/thephpleague/oauth2-server
- */
-
-namespace League\OAuth2\Server\Utils\KeyAlgorithm;
-
-class DefaultAlgorithm implements KeyAlgorithmInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function generate($len = 40)
-    {
-        $stripped = '';
-        do {
-            $bytes = openssl_random_pseudo_bytes($len, $strong);
-
-            // We want to stop execution if the key fails because, well, that is bad.
-            if ($bytes === false || $strong === false) {
-                // @codeCoverageIgnoreStart
-                throw new \Exception('Error Generating Key');
-                // @codeCoverageIgnoreEnd
-            }
-            $stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
-        } while (strlen($stripped) < $len);
-
-        return substr($stripped, 0, $len);
-    }
-}
diff --git a/src/Utils/KeyAlgorithm/KeyAlgorithmInterface.php b/src/Utils/KeyAlgorithm/KeyAlgorithmInterface.php
deleted file mode 100644
index c0f38ad1..00000000
--- a/src/Utils/KeyAlgorithm/KeyAlgorithmInterface.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Secure key interface
- *
- * @package     league/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) Alex Bilbie
- * @license     http://mit-license.org/
- * @link        https://github.com/thephpleague/oauth2-server
- */
-
-namespace League\OAuth2\Server\Utils\KeyAlgorithm;
-
-interface KeyAlgorithmInterface
-{
-    /**
-     * Generate a new unique code
-     *
-     * @param integer $len Length of the generated code
-     *
-     * @return string
-     */
-    public function generate($len);
-}
diff --git a/src/Utils/SecureKey.php b/src/Utils/SecureKey.php
index 16dc367e..f5078bbf 100644
--- a/src/Utils/SecureKey.php
+++ b/src/Utils/SecureKey.php
@@ -11,48 +11,37 @@
 
 namespace League\OAuth2\Server\Utils;
 
-use League\OAuth2\Server\Utils\KeyAlgorithm\DefaultAlgorithm;
-use League\OAuth2\Server\Utils\KeyAlgorithm\KeyAlgorithmInterface;
+use League\OAuth2\Server\Exception\OAuthServerException;
+
 
 /**
  * SecureKey class
  */
 class SecureKey
 {
-    /**
-     * @var KeyAlgorithmInterface
-     */
-    protected static $algorithm;
-
     /**
      * Generate a new unique code
      *
      * @param integer $len Length of the generated code
      *
      * @return string
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
      */
     public static function generate($len = 40)
     {
-        return self::getAlgorithm()->generate($len);
-    }
-
-    /**
-     * @param KeyAlgorithmInterface $algorithm
-     */
-    public static function setAlgorithm(KeyAlgorithmInterface $algorithm)
-    {
-        self::$algorithm = $algorithm;
-    }
-
-    /**
-     * @return KeyAlgorithmInterface
-     */
-    public static function getAlgorithm()
-    {
-        if (is_null(self::$algorithm)) {
-            self::$algorithm = new DefaultAlgorithm();
+        try {
+            $string = random_bytes($len);
+        } catch (\TypeError $e) {
+            // Well, it's an integer, so this IS unexpected.
+            throw OAuthServerException::serverError("An unexpected error has occurred");
+        } catch (\Error $e) {
+            // This is also unexpected because 32 is a reasonable integer.
+            throw OAuthServerException::serverError("An unexpected error has occurred");
+        } catch (\Exception $e) {
+            // If you get this message, the CSPRNG failed hard.
+            throw OAuthServerException::serverError("Could not generate a random string. Is our OS secure?");
         }
 
-        return self::$algorithm;
+        return bin2hex($string);
     }
 }