Nursery/SignedValue.php at master · galactic-void/Nursery · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php

class SignedValue
{
    const SEPARATOR = '|';

    /**
     *
     *  @var string
     *
     */
    protected $hash_algo;

    /**
     *
     * @var string
     *
     */
    protected $secret_key;

    /**
     *
     * NOTE: Each project should have a unique and random $secret_key.
     *
     * @param string $secret_key
     *
     * @param string $hash_algo
     *
     */
    public function __construct($secret_key, $hash_algo = 'sha1')
    {
        $this->secret_key = $secret_key;
        $this->hash_algo  = $hash_algo;
    }

    /**
     *
     * Magic get to provide access to the hash_algo variable.
     *
     * @throws \Exception
     *
     * @param string $key The property to retrieve: hash_algo & timeout.
     *
     * @return mixed
     *
     */
    public function __get($key)
    {
        if ($key == 'hash_algo') {
            return $this->$key;
        }

        throw new Exception("'{$key}' is protected or does not exist.");
    }

    /**
     *
     * Magic set to provide access to the secret_key and hash_algo
     * variables.
     *
     * @throws \UnexpectedValueException
     *
     * @param string $key The property to set: secret_key, hash_algo & timeout.
     *
     * @return void
     *
     */
    public function __set($key, $value)
    {
        if ($key == 'secret_key' || $key == 'hash_algo') {
            $this->$key = $value;
            return;
        }

        throw new Exception("'{$key}' is protected or does not exist.");
    }

    /**
     *
     * Extract and validate a value from a signed value.
     *
     * @throws Exception_InvalidSignature
     *
     * @throws Exception_ExpiredSignature
     *
     * @param string $value The signed value.
     *
     * @return string The validate value.
     *
     */
    public function getSignedValue($value)
    {
        if (3 != substr_count($string, static::SEPARATOR)) {
            throw new Exception_InvalidSignature();
        }

        list($value, $time, $expires, $hash) = explode(static::SEPARATOR, $value);

        $sign = $value . static::SEPARATOR .
                $time  . static::SEPARATOR .
                $expires;

        if ($hash != $this->signature($sign)) {
            throw new Exception_InvalidSignature();
        } else if (! empty($expires) && $time + $expires <= time()) {
            throw new Exception_ExpiredSignature();
        }

        return base64_decode($value);
    }

    /**
     *
     * Sign a value with the option to expire after X seconds.
     *
     * @param string $value
     *
     * @param int    $expires Expires in X seconds. Default: null; Never expires.
     *
     * @return string Signed value.
     *
     */
    public function sign($value, $expires = null)
    {
        // base64-value|time|expire|signature
        $value = base64_encode($value);
        $time  = time();
        $value = $value . static::SEPARATOR .
                 $time  . static::SEPARATOR .
                 $expires;

        return $value . static::SEPARATOR . $this->signature($value);
    }

    protected function signature($value)
    {
        return hash_hmac($this->hash_algo, $value, $this->secret_key);
    }
}