diff options
Diffstat (limited to 'mayor-orig/www/include/share/facebook/PseudoRandomString')
7 files changed, 487 insertions, 0 deletions
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php new file mode 100644 index 00000000..bf573745 --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php @@ -0,0 +1,68 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class McryptPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from mcrypt_create_iv(). '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('mcrypt_create_iv')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'The function mcrypt_create_iv() does not exist.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $binaryString = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + + if ($binaryString === false) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'mcrypt_create_iv() returned an error.' + ); + } + + return $this->binToHex($binaryString, $length); + } +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php new file mode 100644 index 00000000..4b4276dc --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php @@ -0,0 +1,67 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class OpenSslPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from openssl_random_pseudo_bytes().'; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('openssl_random_pseudo_bytes')) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'The function openssl_random_pseudo_bytes() does not exist.'); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $wasCryptographicallyStrong = false; + $binaryString = openssl_random_pseudo_bytes($length, $wasCryptographicallyStrong); + + if ($binaryString === false) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned an unknown error.'); + } + + if ($wasCryptographicallyStrong !== true) { + throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned a pseudo-random string but it was not cryptographically secure and cannot be used.'); + } + + return $this->binToHex($binaryString, $length); + } +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php new file mode 100644 index 00000000..412f4813 --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php @@ -0,0 +1,101 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; +use InvalidArgumentException; + +class PseudoRandomStringGeneratorFactory +{ + private function __construct() + { + // a factory constructor should never be invoked + } + + /** + * Pseudo random string generator creation. + * + * @param PseudoRandomStringGeneratorInterface|string|null $generator + * + * @throws InvalidArgumentException If the pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface. + * + * @return PseudoRandomStringGeneratorInterface + */ + public static function createPseudoRandomStringGenerator($generator) + { + if (!$generator) { + return self::detectDefaultPseudoRandomStringGenerator(); + } + + if ($generator instanceof PseudoRandomStringGeneratorInterface) { + return $generator; + } + + if ('random_bytes' === $generator) { + return new RandomBytesPseudoRandomStringGenerator(); + } + if ('mcrypt' === $generator) { + return new McryptPseudoRandomStringGenerator(); + } + if ('openssl' === $generator) { + return new OpenSslPseudoRandomStringGenerator(); + } + if ('urandom' === $generator) { + return new UrandomPseudoRandomStringGenerator(); + } + + throw new InvalidArgumentException('The pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface'); + } + + /** + * Detects which pseudo-random string generator to use. + * + * @throws FacebookSDKException If unable to detect a cryptographically secure pseudo-random string generator. + * + * @return PseudoRandomStringGeneratorInterface + */ + private static function detectDefaultPseudoRandomStringGenerator() + { + // Check for PHP 7's CSPRNG first to keep mcrypt deprecation messages from appearing in PHP 7.1. + if (function_exists('random_bytes')) { + return new RandomBytesPseudoRandomStringGenerator(); + } + + // Since openssl_random_pseudo_bytes() can sometimes return non-cryptographically + // secure pseudo-random strings (in rare cases), we check for mcrypt_create_iv() next. + if (function_exists('mcrypt_create_iv')) { + return new McryptPseudoRandomStringGenerator(); + } + + if (function_exists('openssl_random_pseudo_bytes')) { + return new OpenSslPseudoRandomStringGenerator(); + } + + if (!ini_get('open_basedir') && is_readable('/dev/urandom')) { + return new UrandomPseudoRandomStringGenerator(); + } + + throw new FacebookSDKException('Unable to detect a cryptographically secure pseudo-random string generator.'); + } +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php new file mode 100644 index 00000000..914ee3cf --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php @@ -0,0 +1,45 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +/** + * Interface + * + * @package Facebook + */ +interface PseudoRandomStringGeneratorInterface +{ + /** + * Get a cryptographically secure pseudo-random string of arbitrary length. + * + * @see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ + * + * @param int $length The length of the string to return. + * + * @return string + * + * @throws \Facebook\Exceptions\FacebookSDKException|\InvalidArgumentException + */ + public function getPseudoRandomString($length); +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php new file mode 100644 index 00000000..0f587ea2 --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php @@ -0,0 +1,58 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +trait PseudoRandomStringGeneratorTrait +{ + /** + * Validates the length argument of a random string. + * + * @param int $length The length to validate. + * + * @throws \InvalidArgumentException + */ + public function validateLength($length) + { + if (!is_int($length)) { + throw new \InvalidArgumentException('getPseudoRandomString() expects an integer for the string length'); + } + + if ($length < 1) { + throw new \InvalidArgumentException('getPseudoRandomString() expects a length greater than 1'); + } + } + + /** + * Converts binary data to hexadecimal of arbitrary length. + * + * @param string $binaryData The binary data to convert to hex. + * @param int $length The length of the string to return. + * + * @return string + */ + public function binToHex($binaryData, $length) + { + return \substr(\bin2hex($binaryData), 0, $length); + } +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php new file mode 100644 index 00000000..b5943f6f --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php @@ -0,0 +1,59 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class RandomBytesPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from random_bytes(). '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (!function_exists('random_bytes')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'The function random_bytes() does not exist.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + return $this->binToHex(random_bytes($length), $length); + } +} diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php new file mode 100644 index 00000000..5ab434e6 --- /dev/null +++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php @@ -0,0 +1,89 @@ +<?php +/** + * Copyright 2017 Facebook, Inc. + * + * You are hereby granted a non-exclusive, worldwide, royalty-free license to + * use, copy, modify, and distribute this software in source code or binary + * form for use in connection with the web services and APIs provided by + * Facebook. + * + * As with any software that integrates with the Facebook platform, your use + * of this software is subject to the Facebook Developer Principles and + * Policies [http://developers.facebook.com/policy/]. This copyright notice + * shall be included in all copies or substantial portions of the software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + */ +namespace Facebook\PseudoRandomString; + +use Facebook\Exceptions\FacebookSDKException; + +class UrandomPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface +{ + + use PseudoRandomStringGeneratorTrait; + + /** + * @const string The error message when generating the string fails. + */ + const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from /dev/urandom. '; + + /** + * @throws FacebookSDKException + */ + public function __construct() + { + if (ini_get('open_basedir')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'There is an open_basedir constraint that prevents access to /dev/urandom.' + ); + } + + if (!is_readable('/dev/urandom')) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Unable to read from /dev/urandom.' + ); + } + } + + /** + * @inheritdoc + */ + public function getPseudoRandomString($length) + { + $this->validateLength($length); + + $stream = fopen('/dev/urandom', 'rb'); + if (!is_resource($stream)) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Unable to open stream to /dev/urandom.' + ); + } + + if (!defined('HHVM_VERSION')) { + stream_set_read_buffer($stream, 0); + } + + $binaryString = fread($stream, $length); + fclose($stream); + + if (!$binaryString) { + throw new FacebookSDKException( + static::ERROR_MESSAGE . + 'Stream to /dev/urandom returned no data.' + ); + } + + return $this->binToHex($binaryString, $length); + } +} |