protected function check($params = array())
{
$sign = new Signer();
$str = (string) $sign->unsign($this->signature, self::$salt);
$str2 = (string) $this->id;
if (is_array($params) && array_key_exists("width", $params) && $params["width"] > 0 && array_key_exists("height", $params) && $params["height"] > 0) {
$str2 = $this->id . "x" . $params["width"] . "x" . $params["height"];
}
return $str == $str2;
}
public static function SignChannel($channelId)
{
$signatureKey = COption::GetOptionString("pull", "signature_key", "");
if ($signatureKey === "" || !is_string($channelId)) {
return $channelId;
}
$signatureAlgo = COption::GetOptionString("pull", "signature_algo", "sha1");
$hmac = new Sign\HmacAlgorithm();
$hmac->setHashAlgorithm($signatureAlgo);
$signer = new Sign\Signer($hmac);
$signer->setKey($signatureKey);
return $signer->sign($channelId);
}
/**
* Sets component arResult array
*/
protected function prepareData()
{
$signer = new Main\Security\Sign\Signer();
$this->arResult['METADATA'] = $this->arParams['METADATA'];
$this->setDynamicPreview();
$this->arResult['FIELD_NAME'] = $this->arParams['PARAMS']['arUserField']['FIELD_NAME'];
if ($this->arResult['METADATA']['ID'] > 0) {
$this->arResult['FIELD_VALUE'] = $signer->sign($this->arResult['METADATA']['ID'], Main\UrlPreview\UrlPreview::SIGN_SALT);
} else {
$this->arResult['FIELD_VALUE'] = null;
}
$this->arResult['FIELD_ID'] = $this->arParams['PARAMS']['arUserField']['ID'];
$this->arResult['ELEMENT_ID'] = $this->arParams['PARAMS']['urlPreviewId'];
$this->arResult['SELECT_IMAGE'] = $this->editMode && empty($this->arResult['METADATA']['EMBED']) && is_array($this->arResult['METADATA']['EXTRA']) && is_array($this->arResult['METADATA']['EXTRA']['IMAGES']);
if ($this->arResult['SELECT_IMAGE']) {
$this->arResult['SELECTED_IMAGE'] = $this->arResult['METADATA']['EXTRA']['SELECTED_IMAGE'] ?: 0;
} else {
$this->arResult['METADATA']['CONTAINER']['CLASSES'] = "";
if (isset($this->arParams['~METADATA']['EMBED']) && $this->arParams['~METADATA']['EMBED'] != '') {
$this->arResult['METADATA']['EMBED'] = $this->arParams['~METADATA']['EMBED'];
} else {
$this->arResult['METADATA']['EMBED'] = null;
}
if ($this->arResult['METADATA']['IMAGE_ID'] > 0 && ($imageFile = \CFile::GetFileArray($this->arResult['METADATA']['IMAGE_ID']))) {
$this->arResult['METADATA']['IMAGE'] = $imageFile['SRC'];
if ($imageFile['HEIGHT'] > $imageFile['WIDTH'] * 1.5) {
$this->arResult['METADATA']['CONTAINER']['CLASSES'] .= " urlpreview__container-left";
}
}
$this->arResult['SHOW_CONTAINER'] = isset($this->arResult['METADATA']['IMAGE']) && $this->arResult['METADATA']['IMAGE'] != '' || isset($this->arResult['METADATA']['EMBED']) && $this->arResult['METADATA']['EMBED'] != '';
if (isset($this->arResult['METADATA']['IMAGE']) && $this->arResult['METADATA']['IMAGE'] != '' && isset($this->arResult['METADATA']['EMBED']) && $this->arResult['METADATA']['EMBED'] != '') {
$this->arResult['METADATA']['CONTAINER']['CLASSES'] .= " urlpreview__container-switchable";
$this->arResult['METADATA']['CONTAINER']['CLASSES'] .= " urlpreview__container-hide-embed";
}
}
}
/**
* Check message signature and it lifetime. If everything is OK - return original message.
*
* Simple example:
* <code>
* $signer = new TimeSigner;
*
* // Sing message for 1 second
* $signedValue = $signer->sign('test', '+1 second');
*
* // Or sign with expiring on some magic timestamp (e.g. 01.01.2030)
* $signedValue = $signer->sign('test', 1893445200);
*
* // Get original message with checking
* echo $signer->unsign($signedValue);
* // Output: 'test'
*
* // Try to unsigning not signed value
* echo $signer->unsign('test');
* //throw BadSignatureException with message 'Separator not found in value'
*
* // Or with invalid sign
* echo $signer->unsign('test.invalid_sign');
*
* // Or invalid salt
* echo $signer->unsign($signedValue, 'invalid_salt');
* //throw BadSignatureException with message 'Signature does not match'
*
* // Or expired lifetime
* echo $signer->unsign($signedValue);
* //throw BadSignatureException with message 'Signature timestamp expired (1403039921 < 1403040024)'
*
* </code>
*
* @param string $signedValue Signed value, must be in format: {message}{separator}{expired timestamp}{separator}{signature}.
* @param string|null $salt Salt, if used while signing.
* @return string
* @throws BadSignatureException
*/
public function unsign($signedValue, $salt = null)
{
$timedValue = parent::unsign($signedValue, $salt);
if (strpos($signedValue, $timedValue) === false) {
throw new BadSignatureException('Timestamp missing');
}
list($value, $time) = $this->unpack($timedValue);
$time = (int) $time;
if ($time <= 0) {
throw new BadSignatureException(sprintf('Malformed timestamp %d', $time));
}
if ($time < time()) {
throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time()));
}
return $value;
}
/**
* @param string $signedValue
* @param string|null $salt
* @return string
* @throws BadSignatureException
*/
public function unsign($signedValue, $salt = null)
{
$timedValue = parent::unsign($signedValue, $salt);
if (strpos($signedValue, $timedValue) === false) {
throw new BadSignatureException('Timestamp missing');
}
$pos = strrpos($timedValue, $this->separator);
$value = substr($timedValue, 0, $pos);
$time = (int) substr($timedValue, $pos + 1);
if ($time <= 0) {
throw new BadSignatureException(sprintf('Malformed timestamp %d', $time));
}
if ($time < time()) {
throw new BadSignatureException(sprintf('Signature timestamp expired (%d < %d)', $time, time()));
}
return $value;
}
public function unsign($signedValue, $salt = null)
{
$encodedValue = parent::unsign($signedValue, $salt);
return Json::decode(base64_decode($encodedValue));
}
/**
* Hook executed after fetching value of the user type. Signs returned value.
* @param array $userField Array containing parameters of the user field.
* @param array $value Unsigned value of the user field.
* @return string Signed value of the user field.
*/
public static function onAfterFetch($userField, $value)
{
$result = null;
if (isset($value['VALUE'])) {
$signer = new Signer();
$result = $signer->sign((string) $value['VALUE'], UrlPreview::SIGN_SALT);
}
return $result;
}
public static function sign($params = array())
{
$sign = new Signer();
return $sign->sign(base64_encode(serialize($params)), "fileinput");
}
$cid = trim($_REQUEST['cid']);
use Bitrix\Main\UI\FileInputUtility;
use Bitrix\Main\Security\Sign\Signer;
/**
* Bitrix vars
*
* @global CMain $APPLICATION
*/
if ($cid && preg_match('/^[a-f01-9]{32}$/', $cid) && check_bitrix_sessid()) {
$fid = intval($_GET["fileID"]);
if ($fid > 0 && FileInputUtility::instance()->checkFile($cid, $fid)) {
$arFile = \CFile::GetFileArray($fid);
if ($arFile) {
$APPLICATION->RestartBuffer();
while (ob_end_clean()) {
}
// hack!
$useContentType = false;
if (!empty($_REQUEST["s"])) {
$sign = new Signer();
$useContentType = ($res = $sign->unsign($_REQUEST["s"], "main.file.input")) && $res == $cid;
}
if ($useContentType) {
CFile::ViewByUser($arFile, array("content_type" => $arFile["CONTENT_TYPE"]));
} else {
CFile::ViewByUser($arFile, array("force_download" => true));
}
}
}
}
die;
/**
* @param $signedTag
* @return array
* @throws \Bitrix\Main\Security\Sign\BadSignatureException
*/
public static function parseSignedTag($signedTag)
{
$signer = new Signer();
$unsignedTag = $signer->unsign($signedTag, static::SIGN_SALT_ACTION);
return static::parseTag($unsignedTag);
}
/**
* Return message signature
*
* @param string $value Message.
* @param int $timestamp Expire timestamp.
* @param null $salt Salt (if needed).
* @return string
* @throws ArgumentTypeException
*/
public function getSignature($value, $timestamp, $salt = null)
{
if (!is_string($value)) {
throw new ArgumentTypeException('value', 'string');
}
$timedValue = $this->pack(array($value, $timestamp));
return parent::getSignature($timedValue, $salt);
}
public static function validateImageSignature($signature, $id, $width, $height)
{
$sign = new Signer();
return $sign->validate($id . '|' . (int) $width . 'x' . (int) $height, $signature, 'disk.image.size');
}
