Home Explore Help
Sign In
bux
/
muzich
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
791 Commits
1 Branches
Tree: 380e82457b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '380e82457b'
${ noResults }
muzich/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle/Security/Util/SecureRandom.php

SecureRandom.php 4.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. <?php

  2. 

  3. namespace JMS\SecurityExtraBundle\Security\Util;

  4. 

  5. use Doctrine\DBAL\Types\Type;

  6. use Doctrine\DBAL\Connection;

  7. use Symfony\Component\HttpKernel\Log\LoggerInterface;

  8. 

  9. /**

  10.  * A secure random number generator implementation.

  11.  *

  12.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>

  13.  */

  14. final class SecureRandom

  15. {

  16.     private $logger;

  17.     private $useOpenSsl;

  18.     private $con;

  19.     private $seed;

  20.     private $seedTableName;

  21.     private $seedUpdated;

  22.     private $seedLastUpdatedAt;

  23.     private $seedProvider;

  24. 

  25.     public function __construct(LoggerInterface $logger)

  26.     {

  27.         $this->logger = $logger;

  28. 

  29.         // determine whether to use OpenSSL

  30.         if (0 === stripos(PHP_OS, 'win')) {

  31.             $this->useOpenSsl = false;

  32.         } elseif (!function_exists('openssl_random_pseudo_bytes')) {

  33.             $this->logger->notice('It is recommended that you enable the "openssl" extension for random number generation.');

  34.             $this->useOpenSsl = false;

  35.         } else {

  36.             $this->useOpenSsl = true;

  37.         }

  38.     }

  39. 

  40.     /**

  41.      * Sets the Doctrine seed provider.

  42.      *

  43.      * @param Connection $con

  44.      * @param string     $tableName

  45.      */

  46.     public function setConnection(Connection $con, $tableName)

  47.     {

  48.         $this->con = $con;

  49.         $this->seedTableName = $tableName;

  50.     }

  51. 

  52.     /**

  53.      * Sets a custom seed provider implementation.

  54.      *

  55.      * Be aware that a guessable seed will severely compromise the PRNG

  56.      * algorithm that is employed.

  57.      *

  58.      * @param SeedProviderInterface $provider

  59.      */

  60.     public function setSeedProvider(SeedProviderInterface $provider)

  61.     {

  62.         $this->seedProvider = $provider;

  63.     }

  64. 

  65.     /**

  66.      * Generates the specified number of secure random bytes.

  67.      *

  68.      * @param  integer $nbBytes

  69.      * @return string

  70.      */

  71.     public function nextBytes($nbBytes)

  72.     {

  73.         // try OpenSSL

  74.         if ($this->useOpenSsl) {

  75.             $strong = false;

  76.             $bytes = openssl_random_pseudo_bytes($nbBytes, $strong);

  77. 

  78.             if (false !== $bytes && true === $strong) {

  79.                 return $bytes;

  80.             }

  81. 

  82.             $this->logger->info('OpenSSL did not produce a secure random number.');

  83.         }

  84. 

  85.         // initialize seed

  86.         if (null === $this->seed) {

  87.             if (null !== $this->seedProvider) {

  88.                 list($this->seed, $this->seedLastUpdatedAt) = $this->seedProvider->loadSeed();

  89.             } elseif (null !== $this->con) {

  90.                 $this->initializeSeedFromDatabase();

  91.             } else {

  92.                 throw new \RuntimeException('You need to either specify a database connection, or a custom seed provider.');

  93.             }

  94.         }

  95. 

  96.         $bytes = '';

  97.         while (strlen($bytes) < $nbBytes) {

  98.             static $incr = 1;

  99.             $bytes .= hash('sha512', $incr++.$this->seed.uniqid(mt_rand(), true).$nbBytes, true);

  100.             $this->seed = base64_encode(hash('sha512', $this->seed.$bytes.$nbBytes, true));

  101. 

  102.             if (!$this->seedUpdated && $this->seedLastUpdatedAt->getTimestamp() < time() - mt_rand(1, 10)) {

  103.                 if (null !== $this->seedProvider) {

  104.                     $this->seedProvider->updateSeed($this->seed);

  105.                 } elseif (null !== $this->con) {

  106.                     $this->saveSeedToDatabase();

  107.                 }

  108. 

  109.                 $this->seedUpdated = true;

  110.             }

  111.         }

  112. 

  113.         return substr($bytes, 0, $nbBytes);

  114.     }

  115. 

  116.     private function saveSeedToDatabase()

  117.     {

  118.         $this->con->executeQuery("UPDATE {$this->seedTableName} SET seed = :seed, updated_at = :updatedAt", array(

  119.             ':seed' => $this->seed,

  120.             ':updatedAt' => new \DateTime(),

  121.         ), array(

  122.             ':updatedAt' => Type::DATETIME,

  123.         ));

  124.     }

  125. 

  126.     private function initializeSeedFromDatabase()

  127.     {

  128.         $stmt = $this->con->executeQuery("SELECT seed, updated_at FROM {$this->seedTableName}");

  129. 

  130.         if (false === $this->seed = $stmt->fetchColumn(0)) {

  131.             throw new \RuntimeException('You need to initialize the generator by running the console command "init:jms-secure-random".');

  132.         }

  133. 

  134.         $this->seedLastUpdatedAt = new \DateTime($stmt->fetchColumn(1));

  135.     }

  136. }