|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* The OpenSSL Random Number Source |
|
4
|
|
|
* |
|
5
|
|
|
* This uses the OS's secure generator to generate high strength numbers |
|
6
|
|
|
* |
|
7
|
|
|
* PHP version 5.3 |
|
8
|
|
|
* |
|
9
|
|
|
* @category PHPCryptLib |
|
10
|
|
|
* @package Random |
|
11
|
|
|
* @subpackage Source |
|
12
|
|
|
* @author Anthony Ferrara <[email protected]> |
|
13
|
|
|
* @copyright 2011 The Authors |
|
14
|
|
|
* @license http://www.opensource.org/licenses/mit-license.html MIT License |
|
15
|
|
|
* @version Build @@version@@ |
|
16
|
|
|
*/ |
|
17
|
|
|
|
|
18
|
|
|
namespace RandomLib\Source; |
|
19
|
|
|
|
|
20
|
|
|
use SecurityLib\Strength; |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* The OpenSSL Random Number Source |
|
24
|
|
|
* |
|
25
|
|
|
* This uses the OS's secure generator to generate high strength numbers |
|
26
|
|
|
* |
|
27
|
|
|
* @category PHPCryptLib |
|
28
|
|
|
* @package Random |
|
29
|
|
|
* @subpackage Source |
|
30
|
|
|
* @author Anthony Ferrara <[email protected]> |
|
31
|
|
|
* @codeCoverageIgnore |
|
32
|
|
|
*/ |
|
33
|
|
|
class OpenSSL implements \RandomLib\Source { |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Return an instance of Strength indicating the strength of the source |
|
37
|
|
|
* |
|
38
|
|
|
* @return Strength An instance of one of the strength classes |
|
39
|
|
|
*/ |
|
40
|
|
|
public static function getStrength() { |
|
41
|
|
|
/** |
|
42
|
|
|
* Prior to PHP 5.6.12 (see https://bugs.php.net/bug.php?id=70014) the "openssl_random_pseudo_bytes" |
|
43
|
|
|
* was using "RAND_pseudo_bytes" (predictable) instead of "RAND_bytes" (unpredictable). |
|
44
|
|
|
* Release notes: http://php.net/ChangeLog-5.php#5.6.12 |
|
45
|
|
|
*/ |
|
46
|
|
|
if (PHP_VERSION_ID >= 50612) { |
|
47
|
|
|
return new Strength(Strength::HIGH); |
|
|
|
|
|
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* Prior to PHP 5.5.28 (see https://bugs.php.net/bug.php?id=70014) the "openssl_random_pseudo_bytes" |
|
52
|
|
|
* was using "RAND_pseudo_bytes" (predictable) instead of "RAND_bytes" (unpredictable). |
|
53
|
|
|
* Release notes: http://php.net/ChangeLog-5.php#5.5.28 |
|
54
|
|
|
*/ |
|
55
|
|
|
if (PHP_VERSION_ID >= 50528 && PHP_VERSION_ID < 50600) { |
|
56
|
|
|
return new Strength(Strength::HIGH); |
|
|
|
|
|
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* Prior to PHP 5.4.44 (see https://bugs.php.net/bug.php?id=70014) the "openssl_random_pseudo_bytes" |
|
61
|
|
|
* was using "RAND_pseudo_bytes" (predictable) instead of "RAND_bytes" (unpredictable). |
|
62
|
|
|
* Release notes: http://php.net/ChangeLog-5.php#5.4.44 |
|
63
|
|
|
*/ |
|
64
|
|
|
if (PHP_VERSION_ID >= 50444 && PHP_VERSION_ID < 50500) { |
|
65
|
|
|
return new Strength(Strength::HIGH); |
|
|
|
|
|
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
return new Strength(Strength::MEDIUM); |
|
|
|
|
|
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* Generate a random string of the specified size |
|
73
|
|
|
* |
|
74
|
|
|
* @param int $size The size of the requested random string |
|
75
|
|
|
* |
|
76
|
|
|
* @return string A string of the requested size |
|
77
|
|
|
*/ |
|
78
|
|
|
public function generate($size) { |
|
79
|
|
|
if (!function_exists('openssl_random_pseudo_bytes') || $size < 1) { |
|
80
|
|
|
return str_repeat(chr(0), $size); |
|
81
|
|
|
} |
|
82
|
|
|
/** |
|
83
|
|
|
* Note, normally we would check the return of of $crypto_strong to |
|
84
|
|
|
* ensure that we generated a good random string. However, since we're |
|
85
|
|
|
* using this as one part of many sources a low strength random number |
|
86
|
|
|
* shouldn't be much of an issue. |
|
87
|
|
|
*/ |
|
88
|
|
|
return openssl_random_pseudo_bytes($size); |
|
89
|
|
|
} |
|
90
|
|
|
|
|
91
|
|
|
} |
|
92
|
|
|
|
ircmaxell /
RandomLib
Loading history...
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.
Let’s take a look at an example:
Our function
my_functionexpects aPostobject, and outputs the author of the post. The base classPostreturns a simple string and outputting a simple string will work just fine. However, the child classBlogPostwhich is a sub-type ofPostinstead decided to return anobject, and is therefore violating the SOLID principles. If aBlogPostwere passed tomy_function, PHP would not complain, but ultimately fail when executing thestrtouppercall in its body.