2015-08-17 17:00:26 -07:00
< ? php
/*
* This file is part of the Symfony package .
*
* ( c ) Fabien Potencier < fabien @ symfony . com >
*
* For the full copyright and license information , please view the LICENSE
* file that was distributed with this source code .
*/
namespace Symfony\Component\HttpKernel ;
/**
* Signs URIs .
*
* @ author Fabien Potencier < fabien @ symfony . com >
*/
class UriSigner
{
private $secret ;
/**
* Constructor .
*
* @ param string $secret A secret
*/
public function __construct ( $secret )
{
$this -> secret = $secret ;
}
/**
* Signs a URI .
*
* The given URI is signed by adding a _hash query string parameter
* which value depends on the URI and the secret .
*
* @ param string $uri A URI to sign
*
* @ return string The signed URI
*/
public function sign ( $uri )
{
$url = parse_url ( $uri );
if ( isset ( $url [ 'query' ])) {
parse_str ( $url [ 'query' ], $params );
} else {
$params = array ();
}
$uri = $this -> buildUrl ( $url , $params );
2016-04-20 09:56:34 -07:00
return $uri . ( false === strpos ( $uri , '?' ) ? '?' : '&' ) . '_hash=' . $this -> computeHash ( $uri );
2015-08-17 17:00:26 -07:00
}
/**
* Checks that a URI contains the correct hash .
*
* The _hash query string parameter must be the last one
* ( as it is generated that way by the sign () method , it should
* never be a problem ) .
*
* @ param string $uri A signed URI
*
* @ return bool True if the URI is signed correctly , false otherwise
*/
public function check ( $uri )
{
$url = parse_url ( $uri );
if ( isset ( $url [ 'query' ])) {
parse_str ( $url [ 'query' ], $params );
} else {
$params = array ();
}
if ( empty ( $params [ '_hash' ])) {
return false ;
}
$hash = urlencode ( $params [ '_hash' ]);
unset ( $params [ '_hash' ]);
return $this -> computeHash ( $this -> buildUrl ( $url , $params )) === $hash ;
}
private function computeHash ( $uri )
{
return urlencode ( base64_encode ( hash_hmac ( 'sha256' , $uri , $this -> secret , true )));
}
private function buildUrl ( array $url , array $params = array ())
{
2016-04-20 09:56:34 -07:00
ksort ( $params , SORT_STRING );
2015-08-17 17:00:26 -07:00
$url [ 'query' ] = http_build_query ( $params , '' , '&' );
$scheme = isset ( $url [ 'scheme' ]) ? $url [ 'scheme' ] . '://' : '' ;
$host = isset ( $url [ 'host' ]) ? $url [ 'host' ] : '' ;
$port = isset ( $url [ 'port' ]) ? ':' . $url [ 'port' ] : '' ;
$user = isset ( $url [ 'user' ]) ? $url [ 'user' ] : '' ;
2017-02-02 16:28:38 -08:00
$pass = isset ( $url [ 'pass' ]) ? ':' . $url [ 'pass' ] : '' ;
2015-08-17 17:00:26 -07:00
$pass = ( $user || $pass ) ? " $pass @ " : '' ;
$path = isset ( $url [ 'path' ]) ? $url [ 'path' ] : '' ;
$query = isset ( $url [ 'query' ]) && $url [ 'query' ] ? '?' . $url [ 'query' ] : '' ;
$fragment = isset ( $url [ 'fragment' ]) ? '#' . $url [ 'fragment' ] : '' ;
return $scheme . $user . $pass . $host . $port . $path . $query . $fragment ;
}
}