1<?php
2/**
3 * Copyright 2017 Facebook, Inc.
4 *
5 * You are hereby granted a non-exclusive, worldwide, royalty-free license to
6 * use, copy, modify, and distribute this software in source code or binary
7 * form for use in connection with the web services and APIs provided by
8 * Facebook.
9 *
10 * As with any software that integrates with the Facebook platform, your use
11 * of this software is subject to the Facebook Developer Principles and
12 * Policies [http://developers.facebook.com/policy/]. This copyright notice
13 * shall be included in all copies or substantial portions of the software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21 * DEALINGS IN THE SOFTWARE.
22 *
23 */
24namespace Facebook\PseudoRandomString;
25
26use Facebook\Exceptions\FacebookSDKException;
27use InvalidArgumentException;
28
29class PseudoRandomStringGeneratorFactory
30{
31    private function __construct()
32    {
33        // a factory constructor should never be invoked
34    }
35
36    /**
37     * Pseudo random string generator creation.
38     *
39     * @param PseudoRandomStringGeneratorInterface|string|null $generator
40     *
41     * @throws InvalidArgumentException If the pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface.
42     *
43     * @return PseudoRandomStringGeneratorInterface
44     */
45    public static function createPseudoRandomStringGenerator($generator)
46    {
47        if (!$generator) {
48            return self::detectDefaultPseudoRandomStringGenerator();
49        }
50
51        if ($generator instanceof PseudoRandomStringGeneratorInterface) {
52            return $generator;
53        }
54
55        if ('random_bytes' === $generator) {
56            return new RandomBytesPseudoRandomStringGenerator();
57        }
58        if ('mcrypt' === $generator) {
59            return new McryptPseudoRandomStringGenerator();
60        }
61        if ('openssl' === $generator) {
62            return new OpenSslPseudoRandomStringGenerator();
63        }
64        if ('urandom' === $generator) {
65            return new UrandomPseudoRandomStringGenerator();
66        }
67
68        throw new InvalidArgumentException('The pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface');
69    }
70
71    /**
72     * Detects which pseudo-random string generator to use.
73     *
74     * @throws FacebookSDKException If unable to detect a cryptographically secure pseudo-random string generator.
75     *
76     * @return PseudoRandomStringGeneratorInterface
77     */
78    private static function detectDefaultPseudoRandomStringGenerator()
79    {
80        // Check for PHP 7's CSPRNG first to keep mcrypt deprecation messages from appearing in PHP 7.1.
81        if (function_exists('random_bytes')) {
82            return new RandomBytesPseudoRandomStringGenerator();
83        }
84
85        // Since openssl_random_pseudo_bytes() can sometimes return non-cryptographically
86        // secure pseudo-random strings (in rare cases), we check for mcrypt_create_iv() next.
87        if (function_exists('mcrypt_create_iv')) {
88            return new McryptPseudoRandomStringGenerator();
89        }
90
91        if (function_exists('openssl_random_pseudo_bytes')) {
92            return new OpenSslPseudoRandomStringGenerator();
93        }
94
95        if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
96            return new UrandomPseudoRandomStringGenerator();
97        }
98
99        throw new FacebookSDKException('Unable to detect a cryptographically secure pseudo-random string generator.');
100    }
101}
102