Ir a la última revisión | Autoría | Comparar con el anterior | Ultima modificación | Ver Log |
<?phpnamespace Aws\Crypto\Polyfill;/*** Class Key** Wraps a string to keep it hidden from stack traces.** @package Aws\Crypto\Polyfill*/class Key{/*** @var string $internalString*/private $internalString;/*** Hide contents of** @return array*/public function __debugInfo(){return [];}/*** Key constructor.* @param string $str*/public function __construct($str){$this->internalString = $str;}/*** Defense in depth:** PHP 7.2 includes the Sodium cryptography library, which (among other things)* exposes a function called sodium_memzero() that we can use to zero-fill strings* to minimize the risk of sensitive cryptographic materials persisting in memory.** If this function is not available, we XOR the string in-place with itself as a* best-effort attempt.*/public function __destruct(){if (extension_loaded('sodium') && function_exists('sodium_memzero')) {try {\sodium_memzero($this->internalString);} catch (\SodiumException $ex) {// This is a best effort, but does not provide the same guarantees as sodium_memzero():$this->internalString ^= $this->internalString;}}}/*** @return string*/public function get(){return $this->internalString;}/*** @return int*/public function length(){if (\is_callable('\\mb_strlen')) {return (int) \mb_strlen($this->internalString, '8bit');}return (int) \strlen($this->internalString);}}