TYPO3  7.6
HashService.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Extbase\Security\Cryptography;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
24 class HashService implements \TYPO3\CMS\Core\SingletonInterface
25 {
33  public function generateHmac($string)
34  {
35  if (!is_string($string)) {
36  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be generated for a string, but "' . gettype($string) . '" was given.', 1255069587);
37  }
38  $encryptionKey = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
39  if (!$encryptionKey) {
40  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('Encryption Key was empty!', 1255069597);
41  }
42  return hash_hmac('sha1', $string, $encryptionKey);
43  }
44 
53  public function appendHmac($string)
54  {
55  $hmac = $this->generateHmac($string);
56  return $string . $hmac;
57  }
58 
66  public function validateHmac($string, $hmac)
67  {
68  return $this->generateHmac($string) === $hmac;
69  }
70 
84  public function validateAndStripHmac($string)
85  {
86  if (!is_string($string)) {
87  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hash can only be validated for a string, but "' . gettype($string) . '" was given.', 1320829762);
88  }
89  if (strlen($string) < 40) {
90  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1320830276);
91  }
92  $stringWithoutHmac = substr($string, 0, -40);
93  if ($this->validateHmac($stringWithoutHmac, substr($string, -40)) !== true) {
94  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidHashException('The given string was not appended with a valid HMAC.', 1320830018);
95  }
96  return $stringWithoutHmac;
97  }
98 }
Generated on Wed Nov 11 2015 01:51:57 for TYPO3 by   doxygen 1.8.3