aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/share/facebook/PseudoRandomString
diff options
context:
space:
mode:
Diffstat (limited to 'mayor-orig/www/include/share/facebook/PseudoRandomString')
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php68
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php67
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php101
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php45
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php58
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php59
-rw-r--r--mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php89
7 files changed, 487 insertions, 0 deletions
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php
new file mode 100644
index 00000000..bf573745
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/McryptPseudoRandomStringGenerator.php
@@ -0,0 +1,68 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+use Facebook\Exceptions\FacebookSDKException;
+
+class McryptPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface
+{
+ use PseudoRandomStringGeneratorTrait;
+
+ /**
+ * @const string The error message when generating the string fails.
+ */
+ const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from mcrypt_create_iv(). ';
+
+ /**
+ * @throws FacebookSDKException
+ */
+ public function __construct()
+ {
+ if (!function_exists('mcrypt_create_iv')) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'The function mcrypt_create_iv() does not exist.'
+ );
+ }
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function getPseudoRandomString($length)
+ {
+ $this->validateLength($length);
+
+ $binaryString = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+
+ if ($binaryString === false) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'mcrypt_create_iv() returned an error.'
+ );
+ }
+
+ return $this->binToHex($binaryString, $length);
+ }
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php
new file mode 100644
index 00000000..4b4276dc
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/OpenSslPseudoRandomStringGenerator.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+use Facebook\Exceptions\FacebookSDKException;
+
+class OpenSslPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface
+{
+ use PseudoRandomStringGeneratorTrait;
+
+ /**
+ * @const string The error message when generating the string fails.
+ */
+ const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from openssl_random_pseudo_bytes().';
+
+ /**
+ * @throws FacebookSDKException
+ */
+ public function __construct()
+ {
+ if (!function_exists('openssl_random_pseudo_bytes')) {
+ throw new FacebookSDKException(static::ERROR_MESSAGE . 'The function openssl_random_pseudo_bytes() does not exist.');
+ }
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function getPseudoRandomString($length)
+ {
+ $this->validateLength($length);
+
+ $wasCryptographicallyStrong = false;
+ $binaryString = openssl_random_pseudo_bytes($length, $wasCryptographicallyStrong);
+
+ if ($binaryString === false) {
+ throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned an unknown error.');
+ }
+
+ if ($wasCryptographicallyStrong !== true) {
+ throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned a pseudo-random string but it was not cryptographically secure and cannot be used.');
+ }
+
+ return $this->binToHex($binaryString, $length);
+ }
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php
new file mode 100644
index 00000000..412f4813
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorFactory.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+use Facebook\Exceptions\FacebookSDKException;
+use InvalidArgumentException;
+
+class PseudoRandomStringGeneratorFactory
+{
+ private function __construct()
+ {
+ // a factory constructor should never be invoked
+ }
+
+ /**
+ * Pseudo random string generator creation.
+ *
+ * @param PseudoRandomStringGeneratorInterface|string|null $generator
+ *
+ * @throws InvalidArgumentException If the pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface.
+ *
+ * @return PseudoRandomStringGeneratorInterface
+ */
+ public static function createPseudoRandomStringGenerator($generator)
+ {
+ if (!$generator) {
+ return self::detectDefaultPseudoRandomStringGenerator();
+ }
+
+ if ($generator instanceof PseudoRandomStringGeneratorInterface) {
+ return $generator;
+ }
+
+ if ('random_bytes' === $generator) {
+ return new RandomBytesPseudoRandomStringGenerator();
+ }
+ if ('mcrypt' === $generator) {
+ return new McryptPseudoRandomStringGenerator();
+ }
+ if ('openssl' === $generator) {
+ return new OpenSslPseudoRandomStringGenerator();
+ }
+ if ('urandom' === $generator) {
+ return new UrandomPseudoRandomStringGenerator();
+ }
+
+ throw new InvalidArgumentException('The pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface');
+ }
+
+ /**
+ * Detects which pseudo-random string generator to use.
+ *
+ * @throws FacebookSDKException If unable to detect a cryptographically secure pseudo-random string generator.
+ *
+ * @return PseudoRandomStringGeneratorInterface
+ */
+ private static function detectDefaultPseudoRandomStringGenerator()
+ {
+ // Check for PHP 7's CSPRNG first to keep mcrypt deprecation messages from appearing in PHP 7.1.
+ if (function_exists('random_bytes')) {
+ return new RandomBytesPseudoRandomStringGenerator();
+ }
+
+ // Since openssl_random_pseudo_bytes() can sometimes return non-cryptographically
+ // secure pseudo-random strings (in rare cases), we check for mcrypt_create_iv() next.
+ if (function_exists('mcrypt_create_iv')) {
+ return new McryptPseudoRandomStringGenerator();
+ }
+
+ if (function_exists('openssl_random_pseudo_bytes')) {
+ return new OpenSslPseudoRandomStringGenerator();
+ }
+
+ if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
+ return new UrandomPseudoRandomStringGenerator();
+ }
+
+ throw new FacebookSDKException('Unable to detect a cryptographically secure pseudo-random string generator.');
+ }
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php
new file mode 100644
index 00000000..914ee3cf
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorInterface.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+/**
+ * Interface
+ *
+ * @package Facebook
+ */
+interface PseudoRandomStringGeneratorInterface
+{
+ /**
+ * Get a cryptographically secure pseudo-random string of arbitrary length.
+ *
+ * @see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
+ *
+ * @param int $length The length of the string to return.
+ *
+ * @return string
+ *
+ * @throws \Facebook\Exceptions\FacebookSDKException|\InvalidArgumentException
+ */
+ public function getPseudoRandomString($length);
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php
new file mode 100644
index 00000000..0f587ea2
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/PseudoRandomStringGeneratorTrait.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+trait PseudoRandomStringGeneratorTrait
+{
+ /**
+ * Validates the length argument of a random string.
+ *
+ * @param int $length The length to validate.
+ *
+ * @throws \InvalidArgumentException
+ */
+ public function validateLength($length)
+ {
+ if (!is_int($length)) {
+ throw new \InvalidArgumentException('getPseudoRandomString() expects an integer for the string length');
+ }
+
+ if ($length < 1) {
+ throw new \InvalidArgumentException('getPseudoRandomString() expects a length greater than 1');
+ }
+ }
+
+ /**
+ * Converts binary data to hexadecimal of arbitrary length.
+ *
+ * @param string $binaryData The binary data to convert to hex.
+ * @param int $length The length of the string to return.
+ *
+ * @return string
+ */
+ public function binToHex($binaryData, $length)
+ {
+ return \substr(\bin2hex($binaryData), 0, $length);
+ }
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php
new file mode 100644
index 00000000..b5943f6f
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/RandomBytesPseudoRandomStringGenerator.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+use Facebook\Exceptions\FacebookSDKException;
+
+class RandomBytesPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface
+{
+ use PseudoRandomStringGeneratorTrait;
+
+ /**
+ * @const string The error message when generating the string fails.
+ */
+ const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from random_bytes(). ';
+
+ /**
+ * @throws FacebookSDKException
+ */
+ public function __construct()
+ {
+ if (!function_exists('random_bytes')) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'The function random_bytes() does not exist.'
+ );
+ }
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function getPseudoRandomString($length)
+ {
+ $this->validateLength($length);
+
+ return $this->binToHex(random_bytes($length), $length);
+ }
+}
diff --git a/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php b/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php
new file mode 100644
index 00000000..5ab434e6
--- /dev/null
+++ b/mayor-orig/www/include/share/facebook/PseudoRandomString/UrandomPseudoRandomStringGenerator.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Copyright 2017 Facebook, Inc.
+ *
+ * You are hereby granted a non-exclusive, worldwide, royalty-free license to
+ * use, copy, modify, and distribute this software in source code or binary
+ * form for use in connection with the web services and APIs provided by
+ * Facebook.
+ *
+ * As with any software that integrates with the Facebook platform, your use
+ * of this software is subject to the Facebook Developer Principles and
+ * Policies [http://developers.facebook.com/policy/]. This copyright notice
+ * shall be included in all copies or substantial portions of the software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ */
+namespace Facebook\PseudoRandomString;
+
+use Facebook\Exceptions\FacebookSDKException;
+
+class UrandomPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface
+{
+
+ use PseudoRandomStringGeneratorTrait;
+
+ /**
+ * @const string The error message when generating the string fails.
+ */
+ const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from /dev/urandom. ';
+
+ /**
+ * @throws FacebookSDKException
+ */
+ public function __construct()
+ {
+ if (ini_get('open_basedir')) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'There is an open_basedir constraint that prevents access to /dev/urandom.'
+ );
+ }
+
+ if (!is_readable('/dev/urandom')) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'Unable to read from /dev/urandom.'
+ );
+ }
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function getPseudoRandomString($length)
+ {
+ $this->validateLength($length);
+
+ $stream = fopen('/dev/urandom', 'rb');
+ if (!is_resource($stream)) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'Unable to open stream to /dev/urandom.'
+ );
+ }
+
+ if (!defined('HHVM_VERSION')) {
+ stream_set_read_buffer($stream, 0);
+ }
+
+ $binaryString = fread($stream, $length);
+ fclose($stream);
+
+ if (!$binaryString) {
+ throw new FacebookSDKException(
+ static::ERROR_MESSAGE .
+ 'Stream to /dev/urandom returned no data.'
+ );
+ }
+
+ return $this->binToHex($binaryString, $length);
+ }
+}