‪TYPO3CMS  ‪main
HashService.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Crypto;
19 
20 use ‪TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException;
21 use ‪TYPO3\CMS\Core\SingletonInterface;
22 
26 final class ‪HashService implements ‪SingletonInterface
27 {
34  public function ‪hmac(string $input, string $additionalSecret): string
35  {
36  if ($additionalSecret === '') {
37  throw new \LogicException('The ' . __METHOD__ . ' function requires a non-empty additional secret.', 1704453167);
38  }
39 
40  $secret = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
41  return hash_hmac('sha1', $input, $secret);
42  }
43 
49  public function ‪appendHmac(string $string, string $additionalSecret): string
50  {
51  return $string . $this->‪hmac($string, $additionalSecret);
52  }
53 
59  public function ‪validateHmac(string $string, string $additionalSecret, string $hmac): bool
60  {
61  return hash_equals($this->‪hmac($string, $additionalSecret), $hmac);
62  }
63 
72  public function ‪validateAndStripHmac(string $string, string $additionalSecret): string
73  {
74  if (strlen($string) < 40) {
75  throw new ‪InvalidHashStringException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1704454152);
76  }
77  $stringWithoutHmac = substr($string, 0, -40);
78  if ($this->‪validateHmac($stringWithoutHmac, $additionalSecret, substr($string, -40)) !== true) {
79  throw new ‪InvalidHashStringException('The given string was not appended with a valid HMAC.', 1704454157);
80  }
81  return $stringWithoutHmac;
82  }
83 }
‪TYPO3\CMS\Core\Crypto\HashService\hmac
‪hmac(string $input, string $additionalSecret)
Definition: HashService.php:34
‪TYPO3\CMS\Core\Crypto\HashService\validateHmac
‪validateHmac(string $string, string $additionalSecret, string $hmac)
Definition: HashService.php:59
‪TYPO3\CMS\Core\Crypto\HashService\appendHmac
‪appendHmac(string $string, string $additionalSecret)
Definition: HashService.php:49
‪TYPO3\CMS\Core\Crypto\HashService\validateAndStripHmac
‪validateAndStripHmac(string $string, string $additionalSecret)
Definition: HashService.php:72
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException
Definition: InvalidHashStringException.php:25
‪TYPO3\CMS\Core\Crypto\HashService
Definition: HashService.php:27
‪TYPO3\CMS\Core\Crypto
Definition: HashService.php:18