53 lines
1.3 KiB
Perl
53 lines
1.3 KiB
Perl
#############################################################################
|
|
#
|
|
# Lemonldap::NG::Common::Apache::Session::Generate::SHA256
|
|
# Generates session identifier tokens using SHA-256
|
|
# Distribute under the Perl License
|
|
#
|
|
############################################################################
|
|
|
|
package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
|
|
|
|
use strict;
|
|
use Crypt::URandom;
|
|
use Digest::SHA qw(sha256 sha256_hex sha256_base64);
|
|
|
|
our $VERSION = '2.0.2';
|
|
|
|
sub generate {
|
|
my $session = shift;
|
|
my $length = 64;
|
|
|
|
if ( exists $session->{args}->{IDLength} ) {
|
|
$length = $session->{args}->{IDLength};
|
|
}
|
|
|
|
$session->{data}->{_session_id} = substr(
|
|
Digest::SHA::sha256_hex(
|
|
Digest::SHA::sha256_hex(
|
|
time() . {} . Crypt::URandom::urandom($length) . $$
|
|
)
|
|
),
|
|
0, $length
|
|
);
|
|
|
|
}
|
|
|
|
sub validate {
|
|
|
|
#This routine checks to ensure that the session ID is in the form
|
|
#we expect. This must be called before we start diddling around
|
|
#in the database or the disk.
|
|
|
|
my $session = shift;
|
|
|
|
if ( $session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/ ) {
|
|
$session->{data}->{_session_id} = $1;
|
|
}
|
|
else {
|
|
die "Invalid session ID: " . $session->{data}->{_session_id};
|
|
}
|
|
}
|
|
|
|
1;
|