Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F91207032
PhutilOpaqueEnvelope.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Fri, Nov 8, 23:41
Size
1 KB
Mime Type
text/x-php
Expires
Sun, Nov 10, 23:41 (2 d)
Engine
blob
Format
Raw Data
Handle
22220168
Attached To
rPHU libphutil
PhutilOpaqueEnvelope.php
View Options
<?php
/**
* Opaque reference to a string (like a password) that won't put any sensitive
* data in stack traces, var_dump(), print_r(), error logs, etc. Usage:
*
* $envelope = new PhutilOpaqueEnvelope($password);
* do_stuff($envelope);
* // ...
* $password = $envelope->openEnvelope();
*
* Any time you're passing sensitive data into a stack, you should obscure it
* with an envelope to prevent it leaking if something goes wrong.
*
* The key for the envelope is stored elsewhere, in
* @{class:PhutilOpaqueEnvelopeKey}. This prevents it from appearing in
* any sort of logs related to the envelope, even if the logger is very
* aggressive.
*
* @task envelope Using Opaque Envelopes
* @task internal Internals
*/
final
class
PhutilOpaqueEnvelope
{
private
$value
;
/* -( Using Opaque Envelopes )--------------------------------------------- */
/**
* @task envelope
*/
public
function
__construct
(
$string
)
{
$this
->
value
=
$this
->
mask
(
$string
,
PhutilOpaqueEnvelopeKey
::
getKey
());
}
/**
* @task envelope
*/
public
function
openEnvelope
()
{
return
$this
->
mask
(
$this
->
value
,
PhutilOpaqueEnvelopeKey
::
getKey
());
}
/**
* @task envelope
*/
public
function
__toString
()
{
return
'<opaque envelope>'
;
}
/* -( Internals )---------------------------------------------------------- */
/**
* @task internal
*/
private
function
mask
(
$string
,
$noise
)
{
$result
=
''
;
for
(
$ii
=
0
;
$ii
<
strlen
(
$string
);
$ii
++)
{
$s
=
$string
[
$ii
];
$n
=
$noise
[
$ii
%
strlen
(
$noise
)];
$result
.=
chr
(
ord
(
$s
)
^
ord
(
$n
));
}
return
$result
;
}
}
Event Timeline
Log In to Comment