public static function Crypt::hmacBase64 in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Component/Utility/Crypt.php \Drupal\Component\Utility\Crypt::hmacBase64()
Calculates a base-64 encoded, URL-safe sha-256 hmac.
Parameters
mixed $data: Scalar value to be validated with the hmac.
mixed $key: A secret key, this can be any scalar value.
Return value
string A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and any = padding characters removed.
14 calls to Crypt::hmacBase64()
- CryptTest::testHmacBase64 in core/
tests/ Drupal/ Tests/ Component/ Utility/ CryptTest.php - Tests HMAC generation.
- CryptTest::testHmacBase64Invalid in core/
tests/ Drupal/ Tests/ Component/ Utility/ CryptTest.php - Tests the hmacBase64 method with invalid parameters.
- CsrfTokenGenerator::computeToken in core/
lib/ Drupal/ Core/ Access/ CsrfTokenGenerator.php - Generates a token based on $value, the token seed, and the private key.
- drupal_generate_test_ua in core/
includes/ bootstrap.inc - Generates a user agent string with a HMAC and timestamp for simpletest.
- drupal_valid_test_ua in core/
includes/ bootstrap.inc - Returns the test prefix if this is an internal request from SimpleTest.
File
- core/
lib/ Drupal/ Component/ Utility/ Crypt.php, line 105 - Contains \Drupal\Component\Utility\Crypt.
Class
- Crypt
- Utility class for cryptographically-secure string handling routines.
Namespace
Drupal\Component\UtilityCode
public static function hmacBase64($data, $key) {
// $data and $key being strings here is necessary to avoid empty string
// results of the hash function if they are not scalar values. As this
// function is used in security-critical contexts like token validation it
// is important that it never returns an empty string.
if (!is_scalar($data) || !is_scalar($key)) {
throw new \InvalidArgumentException('Both parameters passed to \\Drupal\\Component\\Utility\\Crypt::hmacBase64 must be scalar values.');
}
$hmac = base64_encode(hash_hmac('sha256', $data, $key, TRUE));
// Modify the hmac so it's safe to use in URLs.
return str_replace([
'+',
'/',
'=',
], [
'-',
'_',
'',
], $hmac);
}