From 1c594a3f0c874b7c37cc18942e6ab0f0fbf64faf Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 12 Aug 2019 21:34:29 +0200
Subject: [PATCH] Remove remnants from PHP 5.5

---
 lib/SimpleSAML/Utils/Crypto.php            | 17 +----------------
 tests/lib/SimpleSAML/XML/ValidatorTest.php |  8 ++------
 2 files changed, 3 insertions(+), 22 deletions(-)

diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 1e1055af5..68261f90e 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -417,22 +417,7 @@ class Crypto
      */
     public static function secureCompare($known, $user)
     {
-        if (function_exists('hash_equals')) {
-            // use hash_equals() if available (PHP >= 5.6)
-            return hash_equals($known, $user);
-        }
-
-        // compare manually in constant time
-        $len = mb_strlen($known, '8bit'); // see mbstring.func_overload
-        if ($len !== mb_strlen($user, '8bit')) {
-            return false; // length differs
-        }
-        $diff = 0;
-        for ($i = 0; $i < $len; $i++) {
-            $diff |= ord($known[$i]) ^ ord($user[$i]);
-        }
-        // if all the bytes in $a and $b are identical, $diff should be equal to 0
-        return $diff === 0;
+        return hash_equals($known, $user);
     }
 
 
diff --git a/tests/lib/SimpleSAML/XML/ValidatorTest.php b/tests/lib/SimpleSAML/XML/ValidatorTest.php
index 848c768ec..bb9a117e7 100644
--- a/tests/lib/SimpleSAML/XML/ValidatorTest.php
+++ b/tests/lib/SimpleSAML/XML/ValidatorTest.php
@@ -74,9 +74,7 @@ class ValidatorTest extends SigningTestCase
         $signer->loadCertificate($this->good_certificate_file, true);
         $signer->sign($node, $signature_parent);
 
-        // openssl x509 -in good.cert.pem -noout -sha1 -fingerprint
-        // Avoiding openssl_x509_fingerprint because it's >= PHP 5.6 only
-        $fingerprint = 'a7fb75225788a1b0d0290a4bd1ea0c01f89844a0';
+        $fingerprint = openssl_x509_fingerprint($this->good_certificate);
 
         $validator = new Validator(
             $doc,
@@ -127,9 +125,7 @@ class ValidatorTest extends SigningTestCase
         $signer->loadCertificate($this->good_certificate_file, true);
         $signer->sign($node, $signature_parent);
 
-        // openssl x509 -in good.cert.pem -noout -sha1 -fingerprint
-        // Avoiding openssl_x509_fingerprint because it's >= PHP 5.6 only
-        $fingerprint = 'a7fb75225788a1b0d0290a4bd1ea0c01f89844a0';
+        $fingerprint = openssl_x509_fingerprint($this->good_certificate);
 
         $validator = new Validator($doc, 'node');
         $validator->validateFingerprint($fingerprint);
-- 
GitLab