Chris@0: Chris@0: * Chris@0: * For the full copyright and license information, please view the LICENSE Chris@0: * file that was distributed with this source code. Chris@0: */ Chris@0: Chris@0: namespace Symfony\Component\HttpKernel; Chris@0: Chris@0: /** Chris@0: * Signs URIs. Chris@0: * Chris@0: * @author Fabien Potencier Chris@0: */ Chris@0: class UriSigner Chris@0: { Chris@0: private $secret; Chris@14: private $parameter; Chris@0: Chris@0: /** Chris@14: * @param string $secret A secret Chris@14: * @param string $parameter Query string parameter to use Chris@0: */ Chris@14: public function __construct($secret, $parameter = '_hash') Chris@0: { Chris@0: $this->secret = $secret; Chris@14: $this->parameter = $parameter; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Signs a URI. Chris@0: * Chris@14: * The given URI is signed by adding the query string parameter Chris@0: * which value depends on the URI and the secret. Chris@0: * Chris@0: * @param string $uri A URI to sign Chris@0: * Chris@0: * @return string The signed URI Chris@0: */ Chris@0: public function sign($uri) Chris@0: { Chris@0: $url = parse_url($uri); Chris@0: if (isset($url['query'])) { Chris@0: parse_str($url['query'], $params); Chris@0: } else { Chris@17: $params = []; Chris@0: } Chris@0: Chris@0: $uri = $this->buildUrl($url, $params); Chris@17: $params[$this->parameter] = $this->computeHash($uri); Chris@0: Chris@17: return $this->buildUrl($url, $params); Chris@0: } Chris@0: Chris@0: /** Chris@0: * Checks that a URI contains the correct hash. Chris@0: * Chris@0: * @param string $uri A signed URI Chris@0: * Chris@0: * @return bool True if the URI is signed correctly, false otherwise Chris@0: */ Chris@0: public function check($uri) Chris@0: { Chris@0: $url = parse_url($uri); Chris@0: if (isset($url['query'])) { Chris@0: parse_str($url['query'], $params); Chris@0: } else { Chris@17: $params = []; Chris@0: } Chris@0: Chris@14: if (empty($params[$this->parameter])) { Chris@0: return false; Chris@0: } Chris@0: Chris@17: $hash = $params[$this->parameter]; Chris@14: unset($params[$this->parameter]); Chris@0: Chris@0: return $this->computeHash($this->buildUrl($url, $params)) === $hash; Chris@0: } Chris@0: Chris@0: private function computeHash($uri) Chris@0: { Chris@17: return base64_encode(hash_hmac('sha256', $uri, $this->secret, true)); Chris@0: } Chris@0: Chris@17: private function buildUrl(array $url, array $params = []) Chris@0: { Chris@0: ksort($params, SORT_STRING); Chris@0: $url['query'] = http_build_query($params, '', '&'); Chris@0: Chris@0: $scheme = isset($url['scheme']) ? $url['scheme'].'://' : ''; Chris@0: $host = isset($url['host']) ? $url['host'] : ''; Chris@0: $port = isset($url['port']) ? ':'.$url['port'] : ''; Chris@0: $user = isset($url['user']) ? $url['user'] : ''; Chris@0: $pass = isset($url['pass']) ? ':'.$url['pass'] : ''; Chris@0: $pass = ($user || $pass) ? "$pass@" : ''; Chris@0: $path = isset($url['path']) ? $url['path'] : ''; Chris@0: $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : ''; Chris@0: $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : ''; Chris@0: Chris@0: return $scheme.$user.$pass.$host.$port.$path.$query.$fragment; Chris@0: } Chris@0: }