Chris@0: Chris@0: * Chris@0: * For the full copyright and license information, please view the LICENSE Chris@0: * file that was distributed with this source code. Chris@0: */ Chris@0: Chris@0: namespace Symfony\Component\HttpKernel; Chris@0: Chris@0: /** Chris@0: * Signs URIs. Chris@0: * Chris@0: * @author Fabien Potencier Chris@0: */ Chris@0: class UriSigner Chris@0: { Chris@0: private $secret; Chris@0: Chris@0: /** Chris@0: * Constructor. Chris@0: * Chris@0: * @param string $secret A secret Chris@0: */ Chris@0: public function __construct($secret) Chris@0: { Chris@0: $this->secret = $secret; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Signs a URI. Chris@0: * Chris@0: * The given URI is signed by adding a _hash query string parameter Chris@0: * which value depends on the URI and the secret. Chris@0: * Chris@0: * @param string $uri A URI to sign Chris@0: * Chris@0: * @return string The signed URI Chris@0: */ Chris@0: public function sign($uri) Chris@0: { Chris@0: $url = parse_url($uri); Chris@0: if (isset($url['query'])) { Chris@0: parse_str($url['query'], $params); Chris@0: } else { Chris@0: $params = array(); Chris@0: } Chris@0: Chris@0: $uri = $this->buildUrl($url, $params); Chris@0: Chris@0: return $uri.(false === strpos($uri, '?') ? '?' : '&').'_hash='.$this->computeHash($uri); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Checks that a URI contains the correct hash. Chris@0: * Chris@0: * The _hash query string parameter must be the last one Chris@0: * (as it is generated that way by the sign() method, it should Chris@0: * never be a problem). Chris@0: * Chris@0: * @param string $uri A signed URI Chris@0: * Chris@0: * @return bool True if the URI is signed correctly, false otherwise Chris@0: */ Chris@0: public function check($uri) Chris@0: { Chris@0: $url = parse_url($uri); Chris@0: if (isset($url['query'])) { Chris@0: parse_str($url['query'], $params); Chris@0: } else { Chris@0: $params = array(); Chris@0: } Chris@0: Chris@0: if (empty($params['_hash'])) { Chris@0: return false; Chris@0: } Chris@0: Chris@0: $hash = urlencode($params['_hash']); Chris@0: unset($params['_hash']); Chris@0: Chris@0: return $this->computeHash($this->buildUrl($url, $params)) === $hash; Chris@0: } Chris@0: Chris@0: private function computeHash($uri) Chris@0: { Chris@0: return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true))); Chris@0: } Chris@0: Chris@0: private function buildUrl(array $url, array $params = array()) Chris@0: { Chris@0: ksort($params, SORT_STRING); Chris@0: $url['query'] = http_build_query($params, '', '&'); Chris@0: Chris@0: $scheme = isset($url['scheme']) ? $url['scheme'].'://' : ''; Chris@0: $host = isset($url['host']) ? $url['host'] : ''; Chris@0: $port = isset($url['port']) ? ':'.$url['port'] : ''; Chris@0: $user = isset($url['user']) ? $url['user'] : ''; Chris@0: $pass = isset($url['pass']) ? ':'.$url['pass'] : ''; Chris@0: $pass = ($user || $pass) ? "$pass@" : ''; Chris@0: $path = isset($url['path']) ? $url['path'] : ''; Chris@0: $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : ''; Chris@0: $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : ''; Chris@0: Chris@0: return $scheme.$user.$pass.$host.$port.$path.$query.$fragment; Chris@0: } Chris@0: }