/**
* Check the signature of the phar file.
*
* @return void
*
* @throws \RuntimeException When the signature is invalid.
*/
private function checkSignature()
{
// Validate the signature if any.
if (!$this->phar->isSigned()) {
return;
}
// Remember the cursor.
$this->file->savePosition();
// Hail Greg Beaver and Marcus Bürger.
if ('GBMB' !== $this->file->seek(-4, SEEK_END)->read(4)) {
throw new \RuntimeException('Phar signature does not contain magic value.');
}
$this->phar->setSignatureFlags($this->file->seek(-8, SEEK_END)->readUint32le());
$algorithm = $this->phar->getSignatureAlgorithm();
$length = $this->phar->getSignatureLength();
$signature = $this->file->seek(-($length + 8), SEEK_END)->read($length);
$dataLength = $this->file->getLength();
$data = $this->file->seek(0)->read($dataLength - ($length + 8));
// Now validate the signature.
if (hash($algorithm, $data, true) !== $signature) {
throw new \RuntimeException('Invalid signature.');
}
// Back to where we took off.
$this->file->loadPosition();
}
