You are here

Home » API reference » Secure Cookie Data 7

secure_cookie_data.class.inc in Secure Cookie Data 7

Same filename and directory in other branches
  1. 7.2 secure_cookie_data.class.inc

secure_cookie.class.inc @author António P. P. Almeida <appa@perusio.net> @date Wed Dec 21 03:17:53 2011

@brief Class implementation of the generator and validator functions for the secure cookie protocol.

See also

http://www.cs.utexas.edu/~gouda/papers/conference/cookie.pdf.

File

secure_cookie_data.class.inc
View source 
<?php

/**
 * @file   secure_cookie.class.inc
 * @author António P. P. Almeida <appa@perusio.net>
 * @date   Wed Dec 21 03:17:53 2011
 *
 * @brief Class implementation of the generator and validator functions for
 *        the secure cookie protocol.
 *
 * @see   http://www.cs.utexas.edu/~gouda/papers/conference/cookie.pdf.
 *
 */
class secureCookieBasic {

  // This is the secret key that it will be shared with the server.
  public static $__secret = '9704da10e0cdc0481fc51d323665a25fdd1a487faed2fa4a9eadb2a9c94a6164';

  // The hashing algorithm to be used.
  private static $__algorithm = 'tiger160,3';

  // The default cookie path.
  public static $__cookie_path = '/';

  // The default cookie name.
  public static $__cookie_name = 'SecureDataCookie';

  /**
   * Predicate to check if the current session is secure or not.
   *
   * @return boolean
   *   TRUE if it is, FALSE if not.
   */
  public static function secure_session_p() {
    return !!(ini_get('session.cookie_secure') === '1');
  }

  /**
   * Get the current cookie domain.
   *
   * @return string
   *   The cookie domain.
   */
  public static function get_domain() {
    return ini_get('session.cookie_domain');
  }

  // get_domain

  /**
   * Generates the ciphered hash for the given data, algorithm and secret key.
   *
   * @param $data string
   *   The data that constitutes the message to be digested.
   * @param self::$__secret string
   *   The key for computing the crypto message digest.
   * @return string
   *   The message digest in hexadecimal.
   */
  public static function create($data = NULL) {

    // Cookies cannot contain ',' and ';' therefore we must encode the JSON
    // object in base64.
    $encoded_data = self::encode($data);

    // Compute the HMAC.
    return hash_hmac(self::$__algorithm, $encoded_data, hash_hmac(self::$__algorithm, $encoded_data, self::$__secret));
  }

  /**
   * Verifies the message digest for the given data, algorithm and secret key.
   *
   * @param $hmac string
   *   The message digest that is going to be verified against the data.
   * @param $data
   *   The data that constitutes the message to be digested.
   * @return string
   *   The message digest.
   */
  public static function validate($hmac, $data = NULL) {
    return self::create($data) == $hmac;
  }

  /**
   * Encode the data as a safe string to be in a cookie.
   *
   * @param object $data
   *   The data object to be encoded.
   * @return string
   *   The encoded data serialized.
   */
  public static function encode($data = NULL) {
    return base64_encode(json_encode($data));
  }

  /**
   * Decodes the data as stored in the cookie.
   *
   * @param string $data
   *   The data as stored in the cookie.
   * @return object
   *   The object
   */
  public static function decode($data = NULL) {
    return json_decode(base64_decode(urldecode($data)));
  }

}

Classes

Namesort descending Description
secureCookieBasic @file secure_cookie.class.inc @author António P. P. Almeida <appa@perusio.net> @date Wed Dec 21 03:17:53 2011