/**
* @param \string[] ...$keys
* @return Obfuscator
*/
public function setFields(string ...$keys) : self
{
$keysCount = count($keys);
$bitsCount = $keysCount * (self::OBFUSCATE_KEY_SIZE * 4);
// Get cryptographically secure random bytes
$bytes = Security::randomKey($bitsCount);
$bytes = str_split($bytes, self::OBFUSCATE_KEY_SIZE);
// Make sure there are no duplicates some how
if (count($bytes) !== count(array_unique($bytes))) {
// Repeating key detected, retry
return call_user_func_array([$this, "setFields"], $keys);
}
// Iterate through keys
$count = 0;
foreach ($keys as $key) {
$this->obfuscated[$key] = $bytes[$count];
$count++;
}
// Save hash
$this->hash = hash("sha1", implode(":", array_keys($this->obfuscated)));
// Save to session?
if (isset($this->sessionBag)) {
$this->sessionBag->getBag($this->name)->set("hash", $this->hash)->set("fields", $this->obfuscated);
}
// Chain
return $this;
}
/**
* @param int $expire
* @return string
* @throws SecurityException
*/
public function setToken(int $expire = 0) : string
{
// Set expiry for token?
if ($expire > 0) {
// Add time stamp if expire is > 0
$expire += time();
}
// Securely generate random CSRF token
// 160 bits = 40 (hexadecimal) characters
$token = Security::randomKey(160);
// Write token to session bag
$this->sessionBag->set("token", $token)->set("expire", $expire);
// Return token
return $token;
}
