PHP Класс lithium\storage\session\strategy\Hmac

Example configuration: Session::config(array('default' => array( 'adapter' => 'Cookie', 'strategies' => array('Hmac' => array('secret' => 'foobar')) ))); This will configure the HMAC strategy to be used for all Session operations with the default named configuration. A hash-based message authentication code (HMAC) will be calculated for all data stored in your cookies, and will be compared to the signature stored in your cookie data. If the two do not match, then your data has been tampered with (or you have modified the data directly _without_ passing through the Session class, which amounts to the same), then a catchable RuntimeException is thrown. Please note that this strategy is very finnicky, and is so by design. If you attempt to access or modify the stored data in any way other than through the Session class configured with the Hmac strategy with the properly configured secret, then it will probably blow up.

См. ссылку: Wikipedia: Hash-based Message Authentication Code

Наследование: extends lithium\core\Object

Показать файл Открыть проект

Защищенные свойства (Protected)

Свойство	Тип	Описание
$_secret		The HMAC secret.

Открытые методы

Метод	Описание
__construct ( array $config = [] ) : void	Constructor.
delete ( mixed $data, array $options = [] ) : array	Delete strategy method.
read ( array $data, array $options = [] ) : array	Read strategy method.
write ( mixed $data, array $options = [] ) : array	Write strategy method.

Защищенные методы

Метод	Описание
_signature ( mixed $data, null \| string $secret = null ) : string	Calculate the HMAC signature based on the data and a secret key.

Описание методов

__construct() публичный Метод

Constructor.

public __construct ( array $config = [] ) : void
$config	array	Configuration array. Will throw an exception if the 'secret' configuration key is not set.
Результат	void

_signature() защищенный статический Метод

Calculate the HMAC signature based on the data and a secret key.

protected static _signature ( mixed $data, null \| string $secret = null ) : string
$data	mixed
$secret	null \| string	Secret key for HMAC signature creation.
Результат	string	HMAC signature.

delete() публичный Метод

Delete strategy method.

См. также: lithium\storage\Session

См. также: lithium\core\Adaptable::config()

См. ссылку: PHP Manual: hash_hmac()

public delete ( mixed $data, array $options = [] ) : array
$data	mixed	The data to be signed.
$options	array	Options for this method.
Результат	array	Data & signature.

read() публичный Метод

Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is. If the stored data being read does not contain a __signature field, a MissingSignatureException is thrown. When catching this exception, you may choose to handle it by either writing out a signature (e.g. in cases where you know that no pre-existing signature may exist), or you can blackhole it as a possible tampering attempt.

public read ( array $data, array $options = [] ) : array
$data	array	The data being read.
$options	array	Options for this method.
Результат	array	Validated data.

write() публичный Метод

Adds an HMAC signature to the data. Note that this will transform the passed $data to an array, and add a __signature key with the HMAC-calculated value.

См. также: lithium\storage\Session

См. также: lithium\core\Adaptable::config()

См. ссылку: PHP Manual: hash_hmac()

public write ( mixed $data, array $options = [] ) : array
$data	mixed	The data to be signed.
$options	array	Options for this method.
Результат	array	Data & signature.

Описание свойств

$_secret защищенное статическое свойство

The HMAC secret.

protected static $_secret