/** * Check the signature of the phar file. * * @return void * * @throws \RuntimeException When the signature is invalid. */ private function checkSignature() { // Validate the signature if any. if (!$this->phar->isSigned()) { return; } // Remember the cursor. $this->file->savePosition(); // Hail Greg Beaver and Marcus Bürger. if ('GBMB' !== $this->file->seek(-4, SEEK_END)->read(4)) { throw new \RuntimeException('Phar signature does not contain magic value.'); } $this->phar->setSignatureFlags($this->file->seek(-8, SEEK_END)->readUint32le()); $algorithm = $this->phar->getSignatureAlgorithm(); $length = $this->phar->getSignatureLength(); $signature = $this->file->seek(-($length + 8), SEEK_END)->read($length); $dataLength = $this->file->getLength(); $data = $this->file->seek(0)->read($dataLength - ($length + 8)); // Now validate the signature. if (hash($algorithm, $data, true) !== $signature) { throw new \RuntimeException('Invalid signature.'); } // Back to where we took off. $this->file->loadPosition(); }