PHP Filesystem::readRandomBytes方法代码示例

 /**
  * Write file data into S3.
  * @task impl
  */
 public function writeFile($data, array $params)
 {
     $s3 = $this->newS3API();
     $name = 'phabricator/' . sha1(Filesystem::readRandomBytes(20));
     $s3->putObject($data, $this->getBucketName(), $name, $acl = 'private');
     return $name;
 }

 public function processRequest()
 {
     $user = $this->getRequest()->getUser();
     $old_token = id(new PhabricatorConduitCertificateToken())->loadOneWhere('userPHID = %s', $user->getPHID());
     if ($old_token) {
         $old_token->delete();
     }
     $token = id(new PhabricatorConduitCertificateToken())->setUserPHID($user->getPHID())->setToken(sha1(Filesystem::readRandomBytes(128)))->save();
     $panel = new AphrontPanelView();
     $panel->setHeader('Certificate Install Token');
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     $panel->appendChild('<p class="aphront-form-instructions">Copy and paste this token into ' . 'the prompt given to you by "arc install-certificate":</p>' . '<p style="padding: 0 0 1em 4em;">' . '<strong>' . phutil_escape_html($token->getToken()) . '</strong>' . '</p>' . '<p class="aphront-form-instructions">arc will then complete the ' . 'install process for you.</p>');
     return $this->buildStandardPageResponse($panel, array('title' => 'Certificate Install Token'));
 }

 /**
  * @task internal
  */
 public static function getKey()
 {
     if (self::$key === null) {
         try {
             self::$key = Filesystem::readRandomBytes(128);
         } catch (Exception $ex) {
             // NOTE: We can't throw here! Otherwise we might get a stack trace
             // including the string that was passed to PhutilOpaqueEnvelope's
             // constructor. Just die() instead.
             die("Unable to read random bytes in PhutilOpaqueEnvelope. (This " . "causes an immediate process exit to avoid leaking the envelope " . "contents in a stack trace.)");
         }
     }
     return self::$key;
 }

 public function testReadRandomBytes()
 {
     $number_of_bytes = 1024;
     $data = Filesystem::readRandomBytes($number_of_bytes);
     $this->assertTrue(strlen($data) == $number_of_bytes);
     $data1 = Filesystem::readRandomBytes(128);
     $data2 = Filesystem::readRandomBytes(128);
     $this->assertFalse($data1 == $data2);
     $caught = null;
     try {
         Filesystem::readRandomBytes(0);
     } catch (Exception $ex) {
         $caught = $ex;
     }
     $this->assertTrue($caught instanceof Exception);
 }

 public function processRequest()
 {
     $user = $this->getRequest()->getUser();
     // Ideally we'd like to verify this, but it's fine to leave it unguarded
     // for now and verifying it would need some Ajax junk or for the user to
     // click a button or similar.
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     $old_token = id(new PhabricatorConduitCertificateToken())->loadOneWhere('userPHID = %s', $user->getPHID());
     if ($old_token) {
         $old_token->delete();
     }
     $token = id(new PhabricatorConduitCertificateToken())->setUserPHID($user->getPHID())->setToken(sha1(Filesystem::readRandomBytes(128)))->save();
     $panel = new AphrontPanelView();
     $panel->setHeader('Certificate Install Token');
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     $panel->appendChild('<p class="aphront-form-instructions">Copy and paste this token into ' . 'the prompt given to you by "arc install-certificate":</p>' . '<p style="padding: 0 0 1em 4em;">' . '<strong>' . phutil_escape_html($token->getToken()) . '</strong>' . '</p>' . '<p class="aphront-form-instructions">arc will then complete the ' . 'install process for you.</p>');
     return $this->buildStandardPageResponse($panel, array('title' => 'Certificate Install Token'));
 }

 public static function generateNewPHID($type, array $config = array())
 {
     $owner = idx($config, 'owner');
     $parent = idx($config, 'parent');
     if (!$type) {
         throw new Exception("Can not generate PHID with no type.");
     }
     $entropy = Filesystem::readRandomBytes(20);
     $uniq = sha1($entropy);
     $uniq = substr($uniq, 0, 20);
     $phid = 'PHID-' . $type . '-' . $uniq;
     $phid_rec = new PhabricatorPHID();
     $phid_rec->setPHIDType($type);
     $phid_rec->setOwnerPHID($owner);
     $phid_rec->setParentPHID($parent);
     $phid_rec->setPHID($phid);
     $phid_rec->save();
     return $phid;
 }

 public function processRequest()
 {
     $request = $this->getRequest();
     $repository = id(new PhabricatorRepository())->load($this->id);
     if (!$repository) {
         return new Aphront404Response();
     }
     $views = array('basic' => 'Basics', 'tracking' => 'Tracking');
     $vcs = $repository->getVersionControlSystem();
     if ($vcs == DifferentialRevisionControlSystem::GIT) {
         if (!$repository->getDetail('github-token')) {
             $token = substr(base64_encode(Filesystem::readRandomBytes(8)), 0, 8);
             $repository->setDetail('github-token', $token);
             $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
             $repository->save();
             unset($unguarded);
         }
         $views['github'] = 'GitHub';
     }
     $this->repository = $repository;
     if (!isset($views[$this->view])) {
         reset($views);
         $this->view = key($views);
     }
     $nav = new AphrontSideNavView();
     foreach ($views as $view => $name) {
         $nav->addNavItem(phutil_render_tag('a', array('class' => $view == $this->view ? 'aphront-side-nav-selected' : null, 'href' => '/repository/edit/' . $repository->getID() . '/' . $view . '/'), phutil_escape_html($name)));
     }
     $this->sideNav = $nav;
     switch ($this->view) {
         case 'basic':
             return $this->processBasicRequest();
         case 'tracking':
             return $this->processTrackingRequest();
         case 'github':
             return $this->processGithubRequest();
         default:
             throw new Exception("Unknown view.");
     }
 }

 public static function newChunkedFile(PhabricatorFileStorageEngine $engine, $length, array $params)
 {
     $file = self::initializeNewFile();
     $file->setByteSize($length);
     // TODO: We might be able to test the first chunk in order to figure
     // this out more reliably, since MIME detection usually examines headers.
     // However, enormous files are probably always either actually raw data
     // or reasonable to treat like raw data.
     $file->setMimeType('application/octet-stream');
     $chunked_hash = idx($params, 'chunkedHash');
     if ($chunked_hash) {
         $file->setContentHash($chunked_hash);
     } else {
         // See PhabricatorChunkedFileStorageEngine::getChunkedHash() for some
         // discussion of this.
         $seed = Filesystem::readRandomBytes(64);
         $hash = PhabricatorChunkedFileStorageEngine::getChunkedHashForInput($seed);
         $file->setContentHash($hash);
     }
     $file->setStorageEngine($engine->getEngineIdentifier());
     $file->setStorageHandle(PhabricatorFileChunk::newChunkHandle());
     $file->setStorageFormat(self::STORAGE_FORMAT_RAW);
     $file->setIsPartial(1);
     $file->readPropertiesFromParameters($params);
     return $file;
 }

 /**
  * We generate a unique chronological key for each story type because we want
  * to be able to page through the stream with a cursor (i.e., select stories
  * after ID = X) so we can efficiently perform filtering after selecting data,
  * and multiple stories with the same ID make this cumbersome without putting
  * a bunch of logic in the client. We could use the primary key, but that
  * would prevent publishing stories which happened in the past. Since it's
  * potentially useful to do that (e.g., if you're importing another data
  * source) build a unique key for each story which has chronological ordering.
  *
  * @return string A unique, time-ordered key which identifies the story.
  */
 private function generateChronologicalKey()
 {
     // Use the epoch timestamp for the upper 32 bits of the key. Default to
     // the current time if the story doesn't have an explicit timestamp.
     $time = nonempty($this->storyTime, time());
     // Generate a random number for the lower 32 bits of the key.
     $rand = head(unpack('L', Filesystem::readRandomBytes(4)));
     // On 32-bit machines, we have to get creative.
     if (PHP_INT_SIZE < 8) {
         // We're on a 32-bit machine.
         if (function_exists('bcadd')) {
             // Try to use the 'bc' extension.
             return bcadd(bcmul($time, bcpow(2, 32)), $rand);
         } else {
             // Do the math in MySQL. TODO: If we formalize a bc dependency, get
             // rid of this.
             $conn_r = id(new PhabricatorFeedStoryData())->establishConnection('r');
             $result = queryfx_one($conn_r, 'SELECT (%d << 32) + %d as N', $time, $rand);
             return $result['N'];
         }
     } else {
         // This is a 64 bit machine, so we can just do the math.
         return ($time << 32) + $rand;
     }
 }

 public function save()
 {
     if (!$this->getMailKey()) {
         $this->mailKey = sha1(Filesystem::readRandomBytes(20));
     }
     return parent::save();
 }

 private function writeEvents()
 {
     if (PhabricatorEnv::isReadOnly()) {
         return;
     }
     $events = $this->events;
     $random = Filesystem::readRandomBytes(32);
     $request_key = PhabricatorHash::digestForIndex($random);
     $host_id = $this->loadHostID(php_uname('n'));
     $context_id = $this->loadEventContextID($this->eventContext);
     $viewer_id = $this->loadEventViewerID($this->eventViewer);
     $label_map = $this->loadEventLabelIDs(mpull($events, 'getEventLabel'));
     foreach ($events as $event) {
         $event->setRequestKey($request_key)->setSampleRate($this->sampleRate)->setEventHostID($host_id)->setEventContextID($context_id)->setEventViewerID($viewer_id)->setEventLabelID($label_map[$event->getEventLabel()])->save();
     }
 }

 /**
  * We generate a unique chronological key for each story type because we want
  * to be able to page through the stream with a cursor (i.e., select stories
  * after ID = X) so we can efficiently perform filtering after selecting data,
  * and multiple stories with the same ID make this cumbersome without putting
  * a bunch of logic in the client. We could use the primary key, but that
  * would prevent publishing stories which happened in the past. Since it's
  * potentially useful to do that (e.g., if you're importing another data
  * source) build a unique key for each story which has chronological ordering.
  *
  * @return string A unique, time-ordered key which identifies the story.
  */
 private function generateChronologicalKey()
 {
     // Use the epoch timestamp for the upper 32 bits of the key. Default to
     // the current time if the story doesn't have an explicit timestamp.
     $time = nonempty($this->storyTime, time());
     // Generate a random number for the lower 32 bits of the key.
     $rand = head(unpack('L', Filesystem::readRandomBytes(4)));
     return ($time << 32) + $rand;
 }

 /**
  * Issue a new session key to this user. Phabricator supports different
  * types of sessions (like "web" and "conduit") and each session type may
  * have multiple concurrent sessions (this allows a user to be logged in on
  * multiple browsers at the same time, for instance).
  *
  * Note that this method is transport-agnostic and does not set cookies or
  * issue other types of tokens, it ONLY generates a new session key.
  *
  * You can configure the maximum number of concurrent sessions for various
  * session types in the Phabricator configuration.
  *
  * @param   string  Session type, like "web".
  * @return  string  Newly generated session key.
  */
 public function establishSession($session_type)
 {
     $conn_w = $this->establishConnection('w');
     if (strpos($session_type, '-') !== false) {
         throw new Exception("Session type must not contain hyphen ('-')!");
     }
     // We allow multiple sessions of the same type, so when a caller requests
     // a new session of type "web", we give them the first available session in
     // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none
     // of these sessions is available, we overwrite the oldest session and
     // reissue a new one in its place.
     $session_limit = 1;
     switch ($session_type) {
         case 'web':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web');
             break;
         case 'conduit':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit');
             break;
         default:
             throw new Exception("Unknown session type '{$session_type}'!");
     }
     $session_limit = (int) $session_limit;
     if ($session_limit <= 0) {
         throw new Exception("Session limit for '{$session_type}' must be at least 1!");
     }
     // Load all the currently active sessions.
     $sessions = queryfx_all($conn_w, 'SELECT type, sessionStart FROM %T WHERE userPHID = %s AND type LIKE %>', PhabricatorUser::SESSION_TABLE, $this->getPHID(), $session_type . '-');
     // Choose which 'type' we'll actually establish, i.e. what number we're
     // going to append to the basic session type. To do this, just check all
     // the numbers sequentially until we find an available session.
     $establish_type = null;
     $sessions = ipull($sessions, null, 'type');
     for ($ii = 1; $ii <= $session_limit; $ii++) {
         if (empty($sessions[$session_type . '-' . $ii])) {
             $establish_type = $session_type . '-' . $ii;
             break;
         }
     }
     // If we didn't find an available session, choose the oldest session and
     // overwrite it.
     if (!$establish_type) {
         $sessions = isort($sessions, 'sessionStart');
         $oldest = reset($sessions);
         $establish_type = $oldest['type'];
     }
     // Consume entropy to generate a new session key, forestalling the eventual
     // heat death of the universe.
     $entropy = Filesystem::readRandomBytes(20);
     $session_key = sha1($entropy);
     // UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     queryfx($conn_w, 'INSERT INTO %T ' . '(userPHID, type, sessionKey, sessionStart)' . ' VALUES ' . '(%s, %s, %s, UNIX_TIMESTAMP()) ' . 'ON DUPLICATE KEY UPDATE ' . 'sessionKey = VALUES(sessionKey), ' . 'sessionStart = VALUES(sessionStart)', self::SESSION_TABLE, $this->getPHID(), $establish_type, $session_key);
     $log = PhabricatorUserLog::newLog($this, $this, PhabricatorUserLog::ACTION_LOGIN);
     $log->setDetails(array('session_type' => $session_type, 'session_issued' => $establish_type));
     $log->setSession($session_key);
     $log->save();
     return $session_key;
 }

 public static function newAES256IV()
 {
     // AES256 uses a 256 bit key, but the initialization vector length is
     // only 128 bits.
     $iv = Filesystem::readRandomBytes(phutil_units('128 bits in bytes'));
     return new PhutilOpaqueEnvelope($iv);
 }

 public function setPassword(PhutilOpaqueEnvelope $envelope)
 {
     if (!$this->getPHID()) {
         throw new Exception('You can not set a password for an unsaved user because their PHID ' . 'is a salt component in the password hash.');
     }
     if (!strlen($envelope->openEnvelope())) {
         $this->setPasswordHash('');
     } else {
         $this->setPasswordSalt(md5(Filesystem::readRandomBytes(32)));
         $hash = $this->hashPassword($envelope);
         $this->setPasswordHash($hash->openEnvelope());
     }
     return $this;
 }