CSecurityManager
| Package | system.base |
|---|---|
| Inheritance | class CSecurityManager » CApplicationComponent » CComponent |
| Implements | IApplicationComponent |
| Since | 1.0 |
| Version | $Id: CSecurityManager.php 2168 2010-06-05 18:15:18Z qiang.xue $ |
CSecurityManager provides private keys, hashing and encryption functions.
CSecurityManager is used by Yii components and applications for security-related purpose. For example, it is used in cookie validation feature to prevent cookie data from being tampered.
CSecurityManager is mainly used to protect data from being tampered and viewed. It can generate HMAC and encrypt the data. The private key used to generate HMAC is set by ValidationKey. The key used to encrypt data is specified by EncryptionKey. If the above keys are not explicitly set, random keys will be generated and used.
To protected data with HMAC, call hashData(); and to check if the data is tampered, call validateData(), which will return the real data if it is not tampered. The algorithm used to generated HMAC is specified by validation.
To encrypt and decrypt data, call encrypt() and decrypt() respectively, which uses 3DES encryption algorithm. Note, the PHP Mcrypt extension must be installed and loaded.
CSecurityManager is a core application component that can be accessed via CApplication::getSecurityManager().
CSecurityManager is used by Yii components and applications for security-related purpose. For example, it is used in cookie validation feature to prevent cookie data from being tampered.
CSecurityManager is mainly used to protect data from being tampered and viewed. It can generate HMAC and encrypt the data. The private key used to generate HMAC is set by ValidationKey. The key used to encrypt data is specified by EncryptionKey. If the above keys are not explicitly set, random keys will be generated and used.
To protected data with HMAC, call hashData(); and to check if the data is tampered, call validateData(), which will return the real data if it is not tampered. The algorithm used to generated HMAC is specified by validation.
To encrypt and decrypt data, call encrypt() and decrypt() respectively, which uses 3DES encryption algorithm. Note, the PHP Mcrypt extension must be installed and loaded.
CSecurityManager is a core application component that can be accessed via CApplication::getSecurityManager().
Public Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| behaviors | array | the behaviors that should be attached to this component. | CApplicationComponent |
| cryptAlgorithm | mixed | the name of the crypt algorithm to be used by encrypt and decrypt. | CSecurityManager |
| encryptionKey | string | the private key used to encrypt/decrypt data. | CSecurityManager |
| hashAlgorithm | string | the name of the hashing algorithm to be used by computeHMAC. | CSecurityManager |
| isInitialized | boolean | whether this application component has been initialized (i. | CApplicationComponent |
| validation | This method has been deprecated since version 1.1.3. | CSecurityManager | |
| validationKey | string | the private key used to generate HMAC. | CSecurityManager |
Public Methods
| Method | Description | Defined By |
|---|---|---|
| __call() | Calls the named method which is not a class method. | CComponent |
| __get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
| __isset() | Checks if a property value is null. | CComponent |
| __set() | Sets value of a component property. | CComponent |
| __unset() | Sets a component property to be null. | CComponent |
| asa() | Returns the named behavior object. | CComponent |
| attachBehavior() | Attaches a behavior to this component. | CComponent |
| attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
| attachEventHandler() | Attaches an event handler to an event. | CComponent |
| canGetProperty() | Determines whether a property can be read. | CComponent |
| canSetProperty() | Determines whether a property can be set. | CComponent |
| decrypt() | Decrypts data | CSecurityManager |
| detachBehavior() | Detaches a behavior from the component. | CComponent |
| detachBehaviors() | Detaches all behaviors from the component. | CComponent |
| detachEventHandler() | Detaches an existing event handler. | CComponent |
| disableBehavior() | Disables an attached behavior. | CComponent |
| disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
| enableBehavior() | Enables an attached behavior. | CComponent |
| enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
| encrypt() | Encrypts data. | CSecurityManager |
| evaluateExpression() | Evaluates a PHP expression or callback under the context of this component. | CComponent |
| getEncryptionKey() | CSecurityManager | |
| getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
| getIsInitialized() | CApplicationComponent | |
| getValidation() | This method has been deprecated since version 1.1.3. | CSecurityManager |
| getValidationKey() | CSecurityManager | |
| hasEvent() | Determines whether an event is defined. | CComponent |
| hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
| hasProperty() | Determines whether a property is defined. | CComponent |
| hashData() | Prefixes data with an HMAC. | CSecurityManager |
| init() | Initializes the application component. | CApplicationComponent |
| raiseEvent() | Raises an event. | CComponent |
| setEncryptionKey() | CSecurityManager | |
| setValidation() | This method has been deprecated since version 1.1.3. | CSecurityManager |
| setValidationKey() | CSecurityManager | |
| validateData() | Validates if data is tampered. | CSecurityManager |
Protected Methods
| Method | Description | Defined By |
|---|---|---|
| computeHMAC() | Computes the HMAC for the data with ValidationKey. | CSecurityManager |
| generateRandomKey() | CSecurityManager | |
| openCryptModule() | Opens the mcrypt module with the configuration specified in cryptAlgorithm. | CSecurityManager |
Property Details
cryptAlgorithm
property
(available since v1.1.3)
public mixed $cryptAlgorithm;
the name of the crypt algorithm to be used by encrypt and decrypt.
This will be passed as the first parameter to mcrypt_module_open.
This property can also be configured as an array. In this case, the array elements will be passed in order
as parameters to mcrypt_module_open. For example, array('rijndael-256', '', 'ofb', '').
Defaults to 'des', meaning using DES crypt algorithm.
encryptionKey
property
the private key used to encrypt/decrypt data. If the key is not explicitly set, a random one is generated and returned.
hashAlgorithm
property
(available since v1.1.3)
public string $hashAlgorithm;
the name of the hashing algorithm to be used by computeHMAC.
See hash-algos for the list of possible
hash algorithms. Note that if you are using PHP 5.1.1 or below, you can only use 'sha1' or 'md5'.
Defaults to 'sha1', meaning using SHA1 hash algorithm.
validation
property
This method has been deprecated since version 1.1.3. Please use hashAlgorithm instead.
validationKey
property
the private key used to generate HMAC. If the key is not explicitly set, a random one is generated and returned.
Method Details
computeHMAC()
method
|
protected string computeHMAC(string $data, string $key=NULL)
| ||
| $data | string | data to be generated HMAC |
| $key | string | the private key to be used for generating HMAC. Defaults to null, meaning using validationKey. |
| {return} | string | the HMAC for the data |
Computes the HMAC for the data with ValidationKey.
decrypt()
method
|
public string decrypt(string $data, string $key=NULL)
| ||
| $data | string | data to be decrypted. |
| $key | string | the decryption key. This defaults to null, meaning using EncryptionKey. |
| {return} | string | the decrypted data |
Decrypts data
encrypt()
method
|
public string encrypt(string $data, string $key=NULL)
| ||
| $data | string | data to be encrypted. |
| $key | string | the decryption key. This defaults to null, meaning using EncryptionKey. |
| {return} | string | the encrypted data |
Encrypts data.
generateRandomKey()
method
|
protected string generateRandomKey()
| ||
| {return} | string | a randomly generated private key |
getEncryptionKey()
method
|
public string getEncryptionKey()
| ||
| {return} | string | the private key used to encrypt/decrypt data. If the key is not explicitly set, a random one is generated and returned. |
getValidation()
method
|
public void getValidation()
|
This method has been deprecated since version 1.1.3. Please use hashAlgorithm instead.
getValidationKey()
method
|
public string getValidationKey()
| ||
| {return} | string | the private key used to generate HMAC. If the key is not explicitly set, a random one is generated and returned. |
hashData()
method
|
public string hashData(string $data, string $key=NULL)
| ||
| $data | string | data to be hashed. |
| $key | string | the private key to be used for generating HMAC. Defaults to null, meaning using validationKey. |
| {return} | string | data prefixed with HMAC |
Prefixes data with an HMAC.
openCryptModule()
method
(available since v1.1.3)
|
protected resource openCryptModule()
| ||
| {return} | resource | the mycrypt module handle. |
Opens the mcrypt module with the configuration specified in cryptAlgorithm.
setEncryptionKey()
method
|
public void setEncryptionKey(string $value)
| ||
| $value | string | the key used to encrypt/decrypt data. |
setValidation()
method
|
public void setValidation($value)
| ||
| $value | ||
This method has been deprecated since version 1.1.3. Please use hashAlgorithm instead.
setValidationKey()
method
|
public void setValidationKey(string $value)
| ||
| $value | string | the key used to generate HMAC |
validateData()
method
|
public string validateData(string $data, string $key=NULL)
| ||
| $data | string | data to be validated. The data must be previously generated using hashData(). |
| $key | string | the private key to be used for generating HMAC. Defaults to null, meaning using validationKey. |
| {return} | string | the real data with HMAC stripped off. False if the data is tampered. |
Validates if data is tampered.