diff options
Diffstat (limited to 'lib/facebook-graph-sdk/src/Facebook/PseudoRandomString')
7 files changed, 166 insertions, 6 deletions
diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php index 63c271f..bf57374 100644 --- a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php @@ -1,6 +1,6 @@ <?php /** - * Copyright 2014 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to * use, copy, modify, and distribute this software in source code or binary diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php index f4ea6b8..4b4276d 100644 --- a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php @@ -1,6 +1,6 @@ <?php /** - * Copyright 2014 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to * use, copy, modify, and distribute this software in source code or binary diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php new file mode 100644 index 0000000..412f481 --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php @@ -0,0 +1,101 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; +use InvalidArgumentException; + +class PseudoRandomStringGeneratorFactory +{ + private function __construct() + { + // a factory constructor should never be invoked + } + + /** + * Pseudo random string generator creation. + * + * @param PseudoRandomStringGeneratorInterface|string|null $generator + * + * @throws InvalidArgumentException If the pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface. + * + * @return PseudoRandomStringGeneratorInterface + */ + public static function createPseudoRandomStringGenerator($generator) + { + if (!$generator) { + return self::detectDefaultPseudoRandomStringGenerator(); + } + + if ($generator instanceof PseudoRandomStringGeneratorInterface) { + return $generator; + } + + if ('random_bytes' === $generator) { + return new RandomBytesPseudoRandomStringGenerator(); + } + if ('mcrypt' === $generator) { + return new McryptPseudoRandomStringGenerator(); + } + if ('openssl' === $generator) { + return new OpenSslPseudoRandomStringGenerator(); + } + if ('urandom' === $generator) { + return new UrandomPseudoRandomStringGenerator(); + } + + throw new InvalidArgumentException('The pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface'); + } + + /** + * Detects which pseudo-random string generator to use. + * + * @throws FacebookSDKException If unable to detect a cryptographically secure pseudo-random string generator. + * + * @return PseudoRandomStringGeneratorInterface + */ + private static function detectDefaultPseudoRandomStringGenerator() + { + // Check for PHP 7's CSPRNG first to keep mcrypt deprecation messages from appearing in PHP 7.1. + if (function_exists('random_bytes')) { + return new RandomBytesPseudoRandomStringGenerator(); + } + + // Since openssl_random_pseudo_bytes() can sometimes return non-cryptographically + // secure pseudo-random strings (in rare cases), we check for mcrypt_create_iv() next. + if (function_exists('mcrypt_create_iv')) { + return new McryptPseudoRandomStringGenerator(); + } + + if (function_exists('openssl_random_pseudo_bytes')) { + return new OpenSslPseudoRandomStringGenerator(); + } + + if (!ini_get('open_basedir') && is_readable('/dev/urandom')) { + return new UrandomPseudoRandomStringGenerator(); + } + + throw new FacebookSDKException('Unable to detect a cryptographically secure pseudo-random string generator.'); + } +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php index 970330c..914ee3c 100644 --- a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php @@ -1,6 +1,6 @@ <?php /** - * Copyright 2014 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to * use, copy, modify, and distribute this software in source code or binary diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php index a41ce59..0f587ea 100644 --- a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php @@ -1,6 +1,6 @@ <?php /** - * Copyright 2014 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to * use, copy, modify, and distribute this software in source code or binary @@ -53,6 +53,6 @@ trait PseudoRandomStringGeneratorTrait */ public function binToHex($binaryData, $length) { - return mb_substr(bin2hex($binaryData), 0, $length); + return \substr(\bin2hex($binaryData), 0, $length); } } diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php new file mode 100644 index 0000000..b5943f6 --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php @@ -0,0 +1,59 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class RandomBytesPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from random_bytes(). '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('random_bytes')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'The function random_bytes() does not exist.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + return $this->binToHex(random_bytes($length), $length); + } +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php index 0f9cacd..5ab434e 100644 --- a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php @@ -1,6 +1,6 @@ <?php /** - * Copyright 2014 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * You are hereby granted a non-exclusive, worldwide, royalty-free license to * use, copy, modify, and distribute this software in source code or binary |