public function sign($url, $expires = false)
{
$url = elgg_normalize_url($url);
$parts = parse_url($url);
if (isset($parts['query'])) {
$query = elgg_parse_str($parts['query']);
} else {
$query = [];
}
if (isset($query[self::KEY_MAC])) {
throw new \InvalidArgumentException('URL has already been signed');
}
if ($expires) {
$query[self::KEY_EXPIRES] = strtotime($expires);
}
ksort($query);
$parts['query'] = http_build_query($query);
$url = elgg_http_build_url($parts, false);
$token = elgg_build_hmac($url)->getToken();
return elgg_http_add_url_query_elements($url, [self::KEY_MAC => $token]);
}