[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*
   4   * This file is part of the Symfony package.
   5   *
   6   * (c) Fabien Potencier <fabien@symfony.com>
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Symfony\Component\HttpKernel;
  13  
  14  /**
  15   * Signs URIs.
  16   *
  17   * @author Fabien Potencier <fabien@symfony.com>
  18   */
  19  class UriSigner
  20  {
  21      private $secret;
  22      private $parameter;
  23  
  24      /**
  25       * @param string $secret    A secret
  26       * @param string $parameter Query string parameter to use
  27       */
  28      public function __construct($secret, $parameter = '_hash')
  29      {
  30          $this->secret = $secret;
  31          $this->parameter = $parameter;
  32      }
  33  
  34      /**
  35       * Signs a URI.
  36       *
  37       * The given URI is signed by adding the query string parameter
  38       * which value depends on the URI and the secret.
  39       *
  40       * @param string $uri A URI to sign
  41       *
  42       * @return string The signed URI
  43       */
  44      public function sign($uri)
  45      {
  46          $url = parse_url($uri);
  47          if (isset($url['query'])) {
  48              parse_str($url['query'], $params);
  49          } else {
  50              $params = [];
  51          }
  52  
  53          $uri = $this->buildUrl($url, $params);
  54          $params[$this->parameter] = $this->computeHash($uri);
  55  
  56          return $this->buildUrl($url, $params);
  57      }
  58  
  59      /**
  60       * Checks that a URI contains the correct hash.
  61       *
  62       * @param string $uri A signed URI
  63       *
  64       * @return bool True if the URI is signed correctly, false otherwise
  65       */
  66      public function check($uri)
  67      {
  68          $url = parse_url($uri);
  69          if (isset($url['query'])) {
  70              parse_str($url['query'], $params);
  71          } else {
  72              $params = [];
  73          }
  74  
  75          if (empty($params[$this->parameter])) {
  76              return false;
  77          }
  78  
  79          $hash = $params[$this->parameter];
  80          unset($params[$this->parameter]);
  81  
  82          return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
  83      }
  84  
  85      private function computeHash($uri)
  86      {
  87          return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
  88      }
  89  
  90      private function buildUrl(array $url, array $params = [])
  91      {
  92          ksort($params, \SORT_STRING);
  93          $url['query'] = http_build_query($params, '', '&');
  94  
  95          $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
  96          $host = isset($url['host']) ? $url['host'] : '';
  97          $port = isset($url['port']) ? ':'.$url['port'] : '';
  98          $user = isset($url['user']) ? $url['user'] : '';
  99          $pass = isset($url['pass']) ? ':'.$url['pass'] : '';
 100          $pass = ($user || $pass) ? "$pass@" : '';
 101          $path = isset($url['path']) ? $url['path'] : '';
 102          $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
 103          $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
 104  
 105          return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
 106      }
 107  }