<?php

/*
 * This file is part of the Symfony package.
 *
 * (c) Fabien Potencier <fabien@symfony.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Symfony\Component\HttpFoundation;

/**
 * @author Fabien Potencier <fabien@symfony.com>
 */
class UriSigner
{
    private string $secret;
    private string $parameter;

    /**
     * @param string $parameter Query string parameter to use
     */
    public function __construct(#[\SensitiveParameter] string $secret, string $parameter = '_hash')
    {
        if (!$secret) {
            throw new \InvalidArgumentException('A non-empty secret is required.');
        }

        $this->secret = $secret;
        $this->parameter = $parameter;
    }

    /**
     * Signs a URI.
     *
     * The given URI is signed by adding the query string parameter
     * which value depends on the URI and the secret.
     */
    public function sign(string $uri): string
    {
        $url = parse_url($uri);
        $params = [];

        if (isset($url['query'])) {
            parse_str($url['query'], $params);
        }

        $uri = $this->buildUrl($url, $params);
        $params[$this->parameter] = $this->computeHash($uri);

        return $this->buildUrl($url, $params);
    }

    /**
     * Checks that a URI contains the correct hash.
     */
    public function check(string $uri): bool
    {
        $url = parse_url($uri);
        $params = [];

        if (isset($url['query'])) {
            parse_str($url['query'], $params);
        }

        if (empty($params[$this->parameter])) {
            return false;
        }

        $hash = $params[$this->parameter];
        unset($params[$this->parameter]);

        return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
    }

    public function checkRequest(Request $request): bool
    {
        $qs = ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : '';

        // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
        return $this->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$qs);
    }

    private function computeHash(string $uri): string
    {
        return base64_encode(hash_hmac('sha256', $uri, $this->secret, true));
    }

    private function buildUrl(array $url, array $params = []): string
    {
        ksort($params, \SORT_STRING);
        $url['query'] = http_build_query($params, '', '&');

        $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
        $host = $url['host'] ?? '';
        $port = isset($url['port']) ? ':'.$url['port'] : '';
        $user = $url['user'] ?? '';
        $pass = isset($url['pass']) ? ':'.$url['pass'] : '';
        $pass = ($user || $pass) ? "$pass@" : '';
        $path = $url['path'] ?? '';
        $query = $url['query'] ? '?'.$url['query'] : '';
        $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';

        return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
    }
}

if (!class_exists(\Symfony\Component\HttpKernel\UriSigner::class, false)) {
    class_alias(UriSigner::class, \Symfony\Component\HttpKernel\UriSigner::class);
}

• [D] Exception
• [D] File
• [D] RateLimiter
• [D] RequestMatcher
• [D] Session
• [D] Test
• [F] AcceptHeader.php
  Delete
• [F] AcceptHeaderItem.php
  Delete
• [F] BinaryFileResponse.php
  Delete
• [F] ChainRequestMatcher.php
  Delete
• [F] CHANGELOG.md
  Delete
• [F] composer.json
  Delete
• [F] Cookie.php
  Delete
• [F] ExpressionRequestMatcher.php
  Delete
• [F] FileBag.php
  Delete
• [F] HeaderBag.php
  Delete
• [F] HeaderUtils.php
  Delete
• [F] InputBag.php
  Delete
• [F] IpUtils.php
  Delete
• [F] JsonResponse.php
  Delete
• [F] LICENSE
  Delete
• [F] ParameterBag.php
  Delete
• [F] README.md
  Delete
• [F] RedirectResponse.php
  Delete
• [F] Request.php
  Delete
• [F] RequestMatcher.php
  Delete
• [F] RequestMatcherInterface.php
  Delete
• [F] RequestStack.php
  Delete
• [F] Response.php
  Delete
• [F] ResponseHeaderBag.php
  Delete
• [F] ServerBag.php
  Delete
• [F] StreamedJsonResponse.php
  Delete
• [F] StreamedResponse.php
  Delete
• [F] UriSigner.php
  Delete
• [F] UrlHelper.php
  Delete

CUSTOMER COMPLAINT FORM

Please use this form to give us suggestions, compliments or complaints.
Click here to check complaint status.
Click here to show Term of Business Agreement

• Config option 1
• Config option 2

Salutation *

-- Please Choose -- Mr. Mrs. Ms. PT. CV. UD.

Name *

E-mail *

Account Type *

-- Please Choose -- Individual Company

Company Name *

Reference Number of Type Document *

-- Please Choose -- Policy Contract Invoice Number

*

About *

-- Please Choose -- Claim Service System

Risk *

-- Please Choose --

Subject *

Details *

Attachment

Add Attachment

Notes: *.png, *.jpg, *.jpeg, *.pdf, *.doc, *.docx, *.xls, *.xlsx, *.ppt, *.pptx, *.eml are allowed, and size must be smaller than 5Mb.

   Disclaimer :

• The information filled in form is true and valid. PT Howden Insurance Brokers Indonesia is not liable to any lawful obligations arising from any false or invalid information in this application form whatsoever, all the false or invalid information will not be processed.
• The client hereby agree to render PT Howden Insurance Brokers Indonesia a right to handle complaint including but not limited to grab data from records, emails, documents, confidential data, and others, liaise with relatable Parties e.g. (Insurer, Adjuster, Legal Advisor, etc) to settled complaint.
• The client hereby released PT Howden Insurance Brokers Indonesia from any material or immaterial damages if eventually, there is no evidence of damages caused by PT Howden Insurance Brokers Indonesia.

* is required

Clear Submit

Copyright © 2026 PT. Howden Insurance Brokers Indonesia. All rights reserved.
Authorised and regulated by Otoritas Jasa Keuangan (OJK).
Member of The Association of Indonesian Insurance & Reinsurance Brokers (APPARINDO).