TYPO3 API  SVNRelease
CryptUtil.php
Go to the documentation of this file.
00001 <?php
00002 
00003 /**
00004  * CryptUtil: A suite of wrapper utility functions for the OpenID
00005  * library.
00006  *
00007  * PHP versions 4 and 5
00008  *
00009  * LICENSE: See the COPYING file included in this distribution.
00010  *
00011  * @access private
00012  * @package OpenID
00013  * @author JanRain, Inc. <openid@janrain.com>
00014  * @copyright 2005-2008 Janrain, Inc.
00015  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
00016  */
00017 
00018 if (!defined('Auth_OpenID_RAND_SOURCE')) {
00019     /**
00020      * The filename for a source of random bytes. Define this yourself
00021      * if you have a different source of randomness.
00022      */
00023     define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
00024 }
00025 
00026 class Auth_OpenID_CryptUtil {
00027     /**
00028      * Get the specified number of random bytes.
00029      *
00030      * Attempts to use a cryptographically secure (not predictable)
00031      * source of randomness if available. If there is no high-entropy
00032      * randomness source available, it will fail. As a last resort,
00033      * for non-critical systems, define
00034      * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
00035      * the code will fall back on a pseudo-random number generator.
00036      *
00037      * @param int $num_bytes The length of the return value
00038      * @return string $bytes random bytes
00039      */
00040     function getBytes($num_bytes)
00041     {
00042         static $f = null;
00043         $bytes = '';
00044         if ($f === null) {
00045             if (Auth_OpenID_RAND_SOURCE === null) {
00046                 $f = false;
00047             } else {
00048                 $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
00049                 if ($f === false) {
00050                     $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
00051                         ' continue with an insecure random number generator.';
00052                     trigger_error($msg, E_USER_ERROR);
00053                 }
00054             }
00055         }
00056         if ($f === false) {
00057             // pseudorandom used
00058             $bytes = '';
00059             for ($i = 0; $i < $num_bytes; $i += 4) {
00060                 $bytes .= pack('L', mt_rand());
00061             }
00062             $bytes = substr($bytes, 0, $num_bytes);
00063         } else {
00064             $bytes = fread($f, $num_bytes);
00065         }
00066         return $bytes;
00067     }
00068 
00069     /**
00070      * Produce a string of length random bytes, chosen from chrs.  If
00071      * $chrs is null, the resulting string may contain any characters.
00072      *
00073      * @param integer $length The length of the resulting
00074      * randomly-generated string
00075      * @param string $chrs A string of characters from which to choose
00076      * to build the new string
00077      * @return string $result A string of randomly-chosen characters
00078      * from $chrs
00079      */
00080     function randomString($length, $population = null)
00081     {
00082         if ($population === null) {
00083             return Auth_OpenID_CryptUtil::getBytes($length);
00084         }
00085 
00086         $popsize = strlen($population);
00087 
00088         if ($popsize > 256) {
00089             $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
00090             trigger_error($msg, E_USER_ERROR);
00091         }
00092 
00093         $duplicate = 256 % $popsize;
00094 
00095         $str = "";
00096         for ($i = 0; $i < $length; $i++) {
00097             do {
00098                 $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
00099             } while ($n < $duplicate);
00100 
00101             $n %= $popsize;
00102             $str .= $population[$n];
00103         }
00104 
00105         return $str;
00106     }
00107 }
00108 
00109 ?>
Generated on Sat May 19 2012 04:21:01 for TYPO3 API by   doxygen 1.8.0