+ 'CryptHKDF' => function ( MediaWikiServices $services ) : CryptHKDF {
+ $config = $services->getMainConfig();
+
+ $secret = $config->get( 'HKDFSecret' ) ?: $config->get( 'SecretKey' );
+ if ( !$secret ) {
+ throw new RuntimeException( "Cannot use MWCryptHKDF without a secret." );
+ }
+
+ // In HKDF, the context can be known to the attacker, but this will
+ // keep simultaneous runs from producing the same output.
+ $context = [ microtime(), getmypid(), gethostname() ];
+
+ // Setup salt cache. Use APC, or fallback to the main cache if it isn't setup
+ $cache = $services->getLocalServerObjectCache();
+ if ( $cache instanceof EmptyBagOStuff ) {
+ $cache = ObjectCache::getLocalClusterInstance();
+ }
+
+ return new CryptHKDF( $secret, $config->get( 'HKDFAlgorithm' ), $cache, $context );
+ },
+
+ 'CryptRand' => function () : CryptRand {
+ return new CryptRand();
+ },
+
+ 'DBLoadBalancer' => function ( MediaWikiServices $services ) : Wikimedia\Rdbms\LoadBalancer {
+ // just return the default LB from the DBLoadBalancerFactory service
+ return $services->getDBLoadBalancerFactory()->getMainLB();
+ },
+
+ 'DBLoadBalancerFactory' =>
+ function ( MediaWikiServices $services ) : Wikimedia\Rdbms\LBFactory {
+ $mainConfig = $services->getMainConfig();
+
+ $lbConf = MWLBFactory::applyDefaultConfig(
+ $mainConfig->get( 'LBFactoryConf' ),
+ $mainConfig,
+ $services->getConfiguredReadOnlyMode()