1<?php
2/**
3 * Copyright 2017 Facebook, Inc.
4 *
5 * You are hereby granted a non-exclusive, worldwide, royalty-free license to
6 * use, copy, modify, and distribute this software in source code or binary
7 * form for use in connection with the web services and APIs provided by
8 * Facebook.
9 *
10 * As with any software that integrates with the Facebook platform, your use
11 * of this software is subject to the Facebook Developer Principles and
12 * Policies [http://developers.facebook.com/policy/]. This copyright notice
13 * shall be included in all copies or substantial portions of the software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21 * DEALINGS IN THE SOFTWARE.
22 *
23 */
24namespace Facebook\PseudoRandomString;
25
26use Facebook\Exceptions\FacebookSDKException;
27
28class OpenSslPseudoRandomStringGenerator implements PseudoRandomStringGeneratorInterface
29{
30    use PseudoRandomStringGeneratorTrait;
31
32    /**
33     * @const string The error message when generating the string fails.
34     */
35    const ERROR_MESSAGE = 'Unable to generate a cryptographically secure pseudo-random string from openssl_random_pseudo_bytes().';
36
37    /**
38     * @throws FacebookSDKException
39     */
40    public function __construct()
41    {
42        if (!function_exists('openssl_random_pseudo_bytes')) {
43            throw new FacebookSDKException(static::ERROR_MESSAGE . 'The function openssl_random_pseudo_bytes() does not exist.');
44        }
45    }
46
47    /**
48     * @inheritdoc
49     */
50    public function getPseudoRandomString($length)
51    {
52        $this->validateLength($length);
53
54        $wasCryptographicallyStrong = false;
55        $binaryString = openssl_random_pseudo_bytes($length, $wasCryptographicallyStrong);
56
57        if ($binaryString === false) {
58            throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned an unknown error.');
59        }
60
61        if ($wasCryptographicallyStrong !== true) {
62            throw new FacebookSDKException(static::ERROR_MESSAGE . 'openssl_random_pseudo_bytes() returned a pseudo-random string but it was not cryptographically secure and cannot be used.');
63        }
64
65        return $this->binToHex($binaryString, $length);
66    }
67}
68