Yii Framework v1.1.10 绫诲弬鑰

CSecurityManager

system.base
缁ф壙 class CSecurityManager » CApplicationComponent » CComponent
瀹炵幇 IApplicationComponent
婧愯嚜 1.0
鐗堟湰 $Id: CSecurityManager.php 3555 2012-02-09 10:29:44Z mdomba $
婧愮爜 framework/base/CSecurityManager.php
CSecurityManager鎻愪緵浜嗙鏈夊瘑閽ワ紝鍝堝笇鍜屽姞瀵嗗姛鑳姐

浣跨敤CSecurityManager涓篩ii缁勪欢鍜屽簲鐢ㄧ▼搴忔彁渚涘畨鍏ㄧ浉鍏冲姛鑳姐 渚嬪锛屽畠搴旂敤鍦╟ookie楠岃瘉鍔熻兘 浠ラ槻姝ookie鏁版嵁琚吉閫犮

CSecurityManager涓昏鏄敤鏉ヤ繚鎶ゆ暟鎹笉琚鏀瑰拰鏌ョ湅銆 瀹冨彲浠ョ敓鎴怘MAC鍜屽姞瀵嗘暟鎹 閫氳繃璁剧疆ValidationKey鏉ヨ缃閽ユ潵鐢熸垚HMAC銆 鐢ㄦ潵鍔犲瘑鏁版嵁鐨勫瘑閽ユ槸鐢EncryptionKey鎸囧畾銆 濡傛灉涓婇潰鐨勫瘑閽ユ病鏈夋槑纭瀹氾紝閭d箞浼氱敓鎴愬拰浣跨敤闅忔満瀵嗛挜銆

涓轰簡鑳戒娇鐢℉MAC鏉ヤ繚鎶ゆ暟鎹紝璇疯皟鐢hashData()锛涚劧鍚庢鏌ユ暟鎹槸鍚﹁绡℃敼锛 濡傛灉鏁版嵁娌℃湁琚鏀癸紝閭d箞璋冪敤validateData()鏃朵細杩斿洖鐪熷疄鐨勬暟鎹 鐢ㄦ潵鐢熸垚HMAC鐨勭畻娉曟槸鐢 validation鎸囧畾鐨勩

鍒嗗埆璋冪敤encrypt()decrypt()鏉ュ姞瀵嗗拰瑙e瘑锛 杩欎釜杩囩▼浼氫娇鐢3DES鍔犲瘑绠楁硶銆 娉ㄦ剰锛屼竴瀹氳瀹夎鍜屽姞杞絇HP Mcrypt銆

CSecurityManager鏄竴涓唴鏍哥骇搴旂敤缁勪欢锛 鍙互閫氳繃CApplication::getSecurityManager()杩涜璁块棶銆

鍏叡灞炴

闅愯棌缁ф壙灞炴

灞炴绫诲瀷鎻忚堪瀹氫箟鍦
behaviors array 杩欎釜搴旂敤缁勪欢闄勫姞鐨勮涓恒 杩欐琛屼负灏嗗湪搴旂敤缁勪欢璋冪敤init鏃堕檮鍔犲湪搴旂敤缁勪欢涓娿 璇峰弬鐓CModel::behaviors濡備綍鎸囧畾姝ゅ睘鎬у笺 CApplicationComponent
cryptAlgorithm mixed 鐢ㄤ簬encryptdecrypt鐨勫姞瀵嗙畻娉曞悕瀛椼 杩欎釜浼氫綔涓虹涓涓弬鏁颁紶閫掔粰{@link http://php. CSecurityManager
encryptionKey string 鐢ㄦ潵鍔犲瘑/瑙e瘑鏁版嵁鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ CSecurityManager
hashAlgorithm string 鐢ㄤ簬computeHMAC鐨勫搱甯岀畻娉曞悕瀛椼 鍙傝{@link http://php. CSecurityManager
isInitialized boolean 妫鏌ュ簲鐢ㄧ粍浠舵槸鍚﹀凡缁忓垵濮嬪寲銆 CApplicationComponent
validation string 杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ CSecurityManager
validationKey string 鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ CSecurityManager

鍏叡鏂规硶

闅愯棌缁ф壙鏂规硶

鏂规硶鎻忚堪瀹氫箟鍦
__call() 濡傛灉绫讳腑娌℃湁璋冪殑鏂规硶鍚嶏紝鍒欒皟鐢ㄨ繖涓柟娉曘 CComponent
__get() 杩斿洖涓涓睘鎬у笺佷竴涓簨浠跺鐞嗙▼搴忓垪琛ㄦ垨涓涓涓哄悕绉般 CComponent
__isset() 妫鏌ヤ竴涓睘鎬ф槸鍚︿负null銆 CComponent
__set() 璁剧疆涓涓粍浠剁殑灞炴у笺 CComponent
__unset() 璁剧疆涓涓粍浠剁殑灞炴т负null銆 CComponent
asa() 杩斿洖杩欎釜鍚嶅瓧鐨勮涓哄璞° CComponent
attachBehavior() 闄勫姞涓涓涓哄埌缁勪欢銆 CComponent
attachBehaviors() 闄勫姞涓涓涓哄垪琛ㄥ埌缁勪欢銆 CComponent
attachEventHandler() 涓轰簨浠堕檮鍔犱竴涓簨浠跺鐞嗙▼搴忋 CComponent
canGetProperty() 纭畾灞炴ф槸鍚﹀彲璇汇 CComponent
canSetProperty() 纭畾灞炴ф槸鍚﹀彲鍐欍 CComponent
decrypt() 瑙e瘑鏁版嵁 CSecurityManager
detachBehavior() 浠庣粍浠朵腑鍒嗙涓涓涓恒 CComponent
detachBehaviors() 浠庣粍浠朵腑鍒嗙鎵鏈夎涓恒 CComponent
detachEventHandler() 鍒嗙涓涓瓨鍦ㄧ殑浜嬩欢澶勭悊绋嬪簭銆 CComponent
disableBehavior() 绂佺敤涓涓檮鍔犺涓恒 CComponent
disableBehaviors() 绂佺敤缁勪欢闄勫姞鐨勬墍鏈夎涓恒 CComponent
enableBehavior() 鍚敤涓涓檮鍔犺涓恒 CComponent
enableBehaviors() 鍚敤缁勪欢闄勫姞鐨勬墍鏈夎涓恒 CComponent
encrypt() 鍔犲瘑鏁版嵁銆 CSecurityManager
evaluateExpression() 璁$畻涓涓狿HP琛ㄨ揪寮忥紝鎴栨牴鎹粍浠朵笂涓嬫枃鎵ц鍥炶皟銆 CComponent
getEncryptionKey() 杩斿洖鐢ㄦ潵鍔犲瘑/瑙e瘑鏁版嵁鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ CSecurityManager
getEventHandlers() 杩斿洖涓涓簨浠剁殑闄勫姞澶勭悊绋嬪簭鍒楄〃銆 CComponent
getIsInitialized() 妫鏌ュ簲鐢ㄧ粍浠舵槸鍚﹀凡缁忓垵濮嬪寲銆 CApplicationComponent
getValidation() 杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ CSecurityManager
getValidationKey() 杩斿洖鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ CSecurityManager
hasEvent() 纭畾涓涓簨浠舵槸鍚﹀畾涔夈 CComponent
hasEventHandler() 妫鏌ヤ簨浠舵槸鍚︽湁闄勫姞鐨勫鐞嗙▼搴忋 CComponent
hasProperty() 纭畾灞炴ф槸鍚﹁瀹氫箟銆 CComponent
hashData() 灏咹MAC浣滀负鏁版嵁鐨勫墠缂銆 CSecurityManager
init() CSecurityManager
raiseEvent() 鍙戣捣涓涓簨浠躲 CComponent
setEncryptionKey() 璁剧疆鐢ㄤ簬鍔犲瘑/瑙e瘑鏁版嵁鐨勫瘑閽ャ CSecurityManager
setValidation() 杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ CSecurityManager
setValidationKey() 璁剧疆鐢ㄦ潵浜х敓HMAC鐨勫瘑閽 CSecurityManager
validateData() 楠岃瘉鏁版嵁鏄惁琚鏀硅繃銆 CSecurityManager

鍙椾繚鎶ゆ柟娉

闅愯棌缁ф壙鏂规硶

鏂规硶鎻忚堪瀹氫箟鍦
computeHMAC() 璁$畻ValidationKey鏁版嵁鐨凥MAC銆 CSecurityManager
generateRandomKey() CSecurityManager
openCryptModule() 鏍规嵁鎸囧畾閰嶇疆鎵撳紑cryptAlgorithm鎸囧畾鐨勯厤缃甿crypt鐨勬ā鍧椼 CSecurityManager

灞炴ц缁

cryptAlgorithm 灞炴 锛堝彲鐢ㄨ嚜 v1.1.3锛
public mixed $cryptAlgorithm;

鐢ㄤ簬encryptdecrypt鐨勫姞瀵嗙畻娉曞悕瀛椼 杩欎釜浼氫綔涓虹涓涓弬鏁颁紶閫掔粰mcrypt_module_open

杩欎釜灞炴т篃鍙互閰嶇疆涓烘暟缁勩傝繖绉嶆儏鍐典笅锛屾暟缁勫厓绱犱細浣滀负鍙傛暟鎸夐『搴忎紶閫掔粰mcrypt_module_open銆 渚嬪锛array('rijndael-256', '', 'ofb', '')

榛樿鏄榙es鈥欙紝鎰忓懗鐫浣跨敤DES鍔犲瘑绠楁硶銆

encryptionKey 灞炴
public string getEncryptionKey()
public void setEncryptionKey(string $value)

鐢ㄦ潵鍔犲瘑/瑙e瘑鏁版嵁鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ

hashAlgorithm 灞炴 锛堝彲鐢ㄨ嚜 v1.1.3锛
public string $hashAlgorithm;

鐢ㄤ簬computeHMAC鐨勫搱甯岀畻娉曞悕瀛椼 鍙傝hash-algos鏌ョ湅鍙娇鐢ㄧ殑鍝堝笇绠楁硶銆 娉ㄦ剰锛屽鏋滀綘浣跨敤PHP 5.1.1鎴栨洿浣庣増鏈紝鍙兘浣跨敤鈥榮ha1鈥欐垨鑰呪榤d5鈥欍

榛樿鏄榮ha1鈥欙紝鎰忓懗鐫浣跨敤SHA1鍝堝笇绠楁硶銆

validation 灞炴
public string getValidation()
public void setValidation(string $value)

杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ 璇峰彟鐢hashAlgorithm浠f浛銆

validationKey 灞炴
public string getValidationKey()
public void setValidationKey(string $value)

鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ

鏂规硶璇︾粏

computeHMAC() 鏂规硶
protected string computeHMAC(string $data, string $key=NULL)
$data string 鐢ㄦ潵鐢熸垚HMAC鐨勬暟鎹
$key string 鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ傞粯璁や负null锛屾剰鍛崇潃浣跨敤validationKey
{return} string 鏁版嵁鐨凥MAC
婧愮爜锛 framework/base/CSecurityManager.php#280 (鏄剧ず)
protected function computeHMAC($data,$key=null)
{
    if($key===null)
        $key=$this->getValidationKey();

    if(function_exists('hash_hmac'))
        return hash_hmac($this->hashAlgorithm$data$key);

    if(!strcasecmp($this->hashAlgorithm,'sha1'))
    {
        $pack='H40';
        $func='sha1';
    }
    else
    {
        $pack='H32';
        $func='md5';
    }
    if($this->strlen($key) > 64)
        $key=pack($pack$func($key));
    if($this->strlen($key) < 64)
        $key=str_pad($key64chr(0));
    $key=$this->substr($key,0,64);
    return $func((str_repeat(chr(0x5C), 64) ^ $key) . pack($pack$func((str_repeat(chr(0x36), 64) ^ $key) . $data)));
}

璁$畻ValidationKey鏁版嵁鐨凥MAC銆

decrypt() 鏂规硶
public string decrypt(string $data, string $key=NULL)
$data string 瑕佽В瀵嗙殑鏁版嵁銆
$key string 瑙e瘑瀵嗛挜銆傞粯璁や负null锛屾剰鍛崇潃浣跨敤EncryptionKey
{return} string 瑙e瘑鐨勬暟鎹
婧愮爜锛 framework/base/CSecurityManager.php#206 (鏄剧ず)
public function decrypt($data,$key=null)
{
    $module=$this->openCryptModule();
    $key=$this->substr($key===null md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
    $ivSize=mcrypt_enc_get_iv_size($module);
    $iv=$this->substr($data,0,$ivSize);
    mcrypt_generic_init($module,$key,$iv);
    $decrypted=mdecrypt_generic($module,$this->substr($data,$ivSize,$this->strlen($data)));
    mcrypt_generic_deinit($module);
    mcrypt_module_close($module);
    return rtrim($decrypted,"\0");
}

瑙e瘑鏁版嵁

encrypt() 鏂规硶
public string encrypt(string $data, string $key=NULL)
$data string 瑕佸姞瀵嗙殑鏁版嵁銆
$key string 鍔犲瘑瀵嗛挜銆傞粯璁や负null锛屾剰鍛崇潃浣跨敤EncryptionKey
{return} string 鍔犲瘑鐨勬暟鎹
婧愮爜锛 framework/base/CSecurityManager.php#186 (鏄剧ず)
public function encrypt($data,$key=null)
{
    $module=$this->openCryptModule();
    $key=$this->substr($key===null md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));
    srand();
    $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);
    mcrypt_generic_init($module,$key,$iv);
    $encrypted=$iv.mcrypt_generic($module,$data);
    mcrypt_generic_deinit($module);
    mcrypt_module_close($module);
    return $encrypted;
}

鍔犲瘑鏁版嵁銆

generateRandomKey() 鏂规硶
protected string generateRandomKey()
{return} string 闅忔満鐢熸垚鐨勭閽
婧愮爜锛 framework/base/CSecurityManager.php#86 (鏄剧ず)
protected function generateRandomKey()
{
    return sprintf('%08x%08x%08x%08x',mt_rand(),mt_rand(),mt_rand(),mt_rand());
}

getEncryptionKey() 鏂规硶
public string getEncryptionKey()
{return} string 鐢ㄦ潵鍔犲瘑/瑙e瘑鏁版嵁鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ
婧愮爜锛 framework/base/CSecurityManager.php#129 (鏄剧ず)
public function getEncryptionKey()
{
    if($this->_encryptionKey!==null)
        return $this->_encryptionKey;
    else
    {
        if(($key=Yii::app()->getGlobalState(self::STATE_ENCRYPTION_KEY))!==null)
            $this->setEncryptionKey($key);
        else
        {
            $key=$this->generateRandomKey();
            $this->setEncryptionKey($key);
            Yii::app()->setGlobalState(self::STATE_ENCRYPTION_KEY,$key);
        }
        return $this->_encryptionKey;
    }
}

getValidation() 鏂规硶
public string getValidation()
{return} string
婧愮爜锛 framework/base/CSecurityManager.php#164 (鏄剧ず)
public function getValidation()
{
    return $this->hashAlgorithm;
}

杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ 璇峰彟鐢hashAlgorithm浠f浛銆

getValidationKey() 鏂规硶
public string getValidationKey()
{return} string 鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ 濡傛灉娌℃湁鏄庣‘鎸囧畾瀵嗛挜锛岄偅涔堜細鐢熸垚鍜屼娇鐢ㄩ殢鏈哄瘑閽ャ
婧愮爜锛 framework/base/CSecurityManager.php#95 (鏄剧ず)
public function getValidationKey()
{
    if($this->_validationKey!==null)
        return $this->_validationKey;
    else
    {
        if(($key=Yii::app()->getGlobalState(self::STATE_VALIDATION_KEY))!==null)
            $this->setValidationKey($key);
        else
        {
            $key=$this->generateRandomKey();
            $this->setValidationKey($key);
            Yii::app()->setGlobalState(self::STATE_VALIDATION_KEY,$key);
        }
        return $this->_validationKey;
    }
}

hashData() 鏂规硶
public string hashData(string $data, string $key=NULL)
$data string 瑕佸搱甯岀殑鏁版嵁銆
$key string 鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ傞粯璁や负 null锛屾剰鍛崇潃浣跨敤validationKey
{return} string 浠MAC涓哄墠缂鐨勬暟鎹
婧愮爜锛 framework/base/CSecurityManager.php#248 (鏄剧ず)
public function hashData($data,$key=null)
{
    return $this->computeHMAC($data,$key).$data;
}

灏咹MAC浣滀负鏁版嵁鐨勫墠缂銆

init() 鏂规硶
public void init()
婧愮爜锛 framework/base/CSecurityManager.php#77 (鏄剧ず)
public function init()
{
    parent::init();
    $this->_mbstring=extension_loaded('mbstring');
}

openCryptModule() 鏂规硶 锛堝彲鐢ㄨ嚜 v1.1.3锛
protected resource openCryptModule()
{return} resource mycrypt 妯″潡澶勭悊銆
婧愮爜锛 framework/base/CSecurityManager.php#224 (鏄剧ず)
protected function openCryptModule()
{
    if(extension_loaded('mcrypt'))
    {
        if(is_array($this->cryptAlgorithm))
            $module=@call_user_func_array('mcrypt_module_open',$this->cryptAlgorithm);
        else
            $module=@mcrypt_module_open($this->cryptAlgorithm,''MCRYPT_MODE_CBC,'');

        if($module===false)
            throw new CException(Yii::t('yii','Failed to initialize the mcrypt module.'));

        return $module;
    }
    else
        throw new CException(Yii::t('yii','CSecurityManager requires PHP mcrypt extension to be loaded in order to use data encryption feature.'));
}

鏍规嵁鎸囧畾閰嶇疆鎵撳紑cryptAlgorithm鎸囧畾鐨勯厤缃甿crypt鐨勬ā鍧椼

setEncryptionKey() 鏂规硶
public void setEncryptionKey(string $value)
$value string 鐢ㄤ簬鍔犲瘑/瑙e瘑鏁版嵁鐨勫瘑閽ャ
婧愮爜锛 framework/base/CSecurityManager.php#151 (鏄剧ず)
public function setEncryptionKey($value)
{
    if(!empty($value))
        $this->_encryptionKey=$value;
    else
        throw new CException(Yii::t('yii','CSecurityManager.encryptionKey cannot be empty.'));
}

setValidation() 鏂规硶
public void setValidation(string $value)
$value string -
婧愮爜锛 framework/base/CSecurityManager.php#174 (鏄剧ず)
public function setValidation($value)
{
    $this->hashAlgorithm=$value;
}

杩欎釜鏂规硶鑷増鏈1.1.3琚純鐢ㄣ 璇峰彟鐢hashAlgorithm浠f浛銆

setValidationKey() 鏂规硶
public void setValidationKey(string $value)
$value string 鐢ㄦ潵浜х敓HMAC鐨勫瘑閽
婧愮爜锛 framework/base/CSecurityManager.php#117 (鏄剧ず)
public function setValidationKey($value)
{
    if(!empty($value))
        $this->_validationKey=$value;
    else
        throw new CException(Yii::t('yii','CSecurityManager.validationKey cannot be empty.'));
}

validateData() 鏂规硶
public string validateData(string $data, string $key=NULL)
$data string 瑕侀獙璇佺殑鏁版嵁銆 鏁版嵁涓瀹氭槸浜嬪墠浣跨敤hashData()鏉ョ敓鎴愮殑銆
$key string 鐢ㄦ潵鐢熸垚HMAC鐨勭閽ャ傞粯璁や负null锛屾剰鍛崇潃浣跨敤validationKey
{return} string 涓嶩MAC鍓ョ鐨勭湡瀹炴暟鎹 濡傛灉鏁版嵁琚鏀硅繃锛屽垯杩斿洖 false銆
婧愮爜锛 framework/base/CSecurityManager.php#261 (鏄剧ず)
public function validateData($data,$key=null)
{
    $len=$this->strlen($this->computeHMAC('test'));
    if($this->strlen($data)>=$len)
    {
        $hmac=$this->substr($data,0,$len);
        $data2=$this->substr($data,$len,$this->strlen($data));
        return $hmac===$this->computeHMAC($data2,$key)?$data2:false;
    }
    else
        return false;
}

楠岃瘉鏁版嵁鏄惁琚鏀硅繃銆

Copyright © 2008-2011 by Yii Software LLC
All Rights Reserved.