diff options
Diffstat (limited to 'lib/facebook-graph-sdk/src/Facebook/PseudoRandomString')
5 files changed, 327 insertions, 0 deletions
diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php new file mode 100644 index 0000000..63c271f --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php @@ -0,0 +1,68 @@ +<?php +/** + * Copyright 2014 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class McryptPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from mcrypt_create_iv(). '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('mcrypt_create_iv')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'The function mcrypt_create_iv() does not exist.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $binaryString = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + + if ($binaryString === false) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'mcrypt_create_iv() returned an error.' + ); + } + + return $this->binToHex($binaryString, $length); + } +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php new file mode 100644 index 0000000..f4ea6b8 --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php @@ -0,0 +1,67 @@ +<?php +/** + * Copyright 2014 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class OpenSslPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from openssl_random_pseudo_bytes().'; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('openssl_random_pseudo_bytes')) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'The function openssl_random_pseudo_bytes() does not exist.'); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $wasCryptographicallyStrong = false; + $binaryString = openssl_random_pseudo_bytes($length, $wasCryptographicallyStrong); + + if ($binaryString === false) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned an unknown error.'); + } + + if ($wasCryptographicallyStrong !== true) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned a pseudo-random string but it was not cryptographically secure and cannot be used.'); + } + + return $this->binToHex($binaryString, $length); + } +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php new file mode 100644 index 0000000..970330c --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php @@ -0,0 +1,45 @@ +<?php +/** + * Copyright 2014 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +/** + * Interface + * + * @package Facebook + */ +interface PseudoRandomStringGeneratorInterface +{ + /** + * Get a cryptographically secure pseudo-random string of arbitrary length. + * + * @see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ + * + * @param int $length The length of the string to return. + * + * @return string + * + * @throws \Facebook\Exceptions\FacebookSDKException|\InvalidArgumentException + */ + public function getPseudoRandomString($length); +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php new file mode 100644 index 0000000..a41ce59 --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php @@ -0,0 +1,58 @@ +<?php +/** + * Copyright 2014 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +trait PseudoRandomStringGeneratorTrait +{ + /** + * Validates the length argument of a random string. + * + * @param int $length The length to validate. + * + * @throws \InvalidArgumentException + */ + public function validateLength($length) + { + if (!is_int($length)) { + throw new \InvalidArgumentException('getPseudoRandomString() expects an integer for the string length'); + } + + if ($length < 1) { + throw new \InvalidArgumentException('getPseudoRandomString() expects a length greater than 1'); + } + } + + /** + * Converts binary data to hexadecimal of arbitrary length. + * + * @param string $binaryData The binary data to convert to hex. + * @param int $length The length of the string to return. + * + * @return string + */ + public function binToHex($binaryData, $length) + { + return mb_substr(bin2hex($binaryData), 0, $length); + } +} diff --git a/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php new file mode 100644 index 0000000..0f9cacd --- /dev/null +++ b/lib/facebook-graph-sdk/src/Facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php @@ -0,0 +1,89 @@ +<?php +/** + * Copyright 2014 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class UrandomPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from /dev/urandom. '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (ini_get('open_basedir')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'There is an open_basedir constraint that prevents access to /dev/urandom.' + ); + } + + if (!is_readable('/dev/urandom')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Unable to read from /dev/urandom.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $stream = fopen('/dev/urandom', 'rb'); + if (!is_resource($stream)) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Unable to open stream to /dev/urandom.' + ); + } + + if (!defined('HHVM_VERSION')) { + stream_set_read_buffer($stream, 0); + } + + $binaryString = fread($stream, $length); + fclose($stream); + + if (!$binaryString) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Stream to /dev/urandom returned no data.' + ); + } + + return $this->binToHex($binaryString, $length); + } +} |