1<?php 2/** 3 * Copyright 2017 Facebook, Inc. 4 * 5 * You are hereby granted a non-exclusive, worldwide, royalty-free license to 6 * use, copy, modify, and distribute this software in source code or binary 7 * form for use in connection with the web services and APIs provided by 8 * Facebook. 9 * 10 * As with any software that integrates with the Facebook platform, your use 11 * of this software is subject to the Facebook Developer Principles and 12 * Policies [http://developers.facebook.com/policy/]. This copyright notice 13 * shall be included in all copies or substantial portions of the software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 * DEALINGS IN THE SOFTWARE. 22 * 23 */ 24namespace Facebook\PseudoRandomString; 25 26use Facebook\Exceptions\FacebookSDKException; 27use InvalidArgumentException; 28 29class PseudoRandomStringGeneratorFactory 30{ 31 private function __construct() 32 { 33 // a factory constructor should never be invoked 34 } 35 36 /** 37 * Pseudo random string generator creation. 38 * 39 * @param PseudoRandomStringGeneratorInterface|string|null $generator 40 * 41 * @throws InvalidArgumentException If the pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface. 42 * 43 * @return PseudoRandomStringGeneratorInterface 44 */ 45 public static function createPseudoRandomStringGenerator($generator) 46 { 47 if (!$generator) { 48 return self::detectDefaultPseudoRandomStringGenerator(); 49 } 50 51 if ($generator instanceof PseudoRandomStringGeneratorInterface) { 52 return $generator; 53 } 54 55 if ('random_bytes' === $generator) { 56 return new RandomBytesPseudoRandomStringGenerator(); 57 } 58 if ('mcrypt' === $generator) { 59 return new McryptPseudoRandomStringGenerator(); 60 } 61 if ('openssl' === $generator) { 62 return new OpenSslPseudoRandomStringGenerator(); 63 } 64 if ('urandom' === $generator) { 65 return new UrandomPseudoRandomStringGenerator(); 66 } 67 68 throw new InvalidArgumentException('The pseudo random string generator must be set to "random_bytes", "mcrypt", "openssl", or "urandom", or be an instance of Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface'); 69 } 70 71 /** 72 * Detects which pseudo-random string generator to use. 73 * 74 * @throws FacebookSDKException If unable to detect a cryptographically secure pseudo-random string generator. 75 * 76 * @return PseudoRandomStringGeneratorInterface 77 */ 78 private static function detectDefaultPseudoRandomStringGenerator() 79 { 80 // Check for PHP 7's CSPRNG first to keep mcrypt deprecation messages from appearing in PHP 7.1. 81 if (function_exists('random_bytes')) { 82 return new RandomBytesPseudoRandomStringGenerator(); 83 } 84 85 // Since openssl_random_pseudo_bytes() can sometimes return non-cryptographically 86 // secure pseudo-random strings (in rare cases), we check for mcrypt_create_iv() next. 87 if (function_exists('mcrypt_create_iv')) { 88 return new McryptPseudoRandomStringGenerator(); 89 } 90 91 if (function_exists('openssl_random_pseudo_bytes')) { 92 return new OpenSslPseudoRandomStringGenerator(); 93 } 94 95 if (!ini_get('open_basedir') && is_readable('/dev/urandom')) { 96 return new UrandomPseudoRandomStringGenerator(); 97 } 98 99 throw new FacebookSDKException('Unable to detect a cryptographically secure pseudo-random string generator.'); 100 } 101} 102