PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 2.7.2
GiveWP – Donation Plugin and Fundraising Platform v2.7.2
4.16.3 4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / vendor / stripe / stripe-php / lib / WebhookSignature.php
give / vendor / stripe / stripe-php / lib Last commit date
ApiOperations 6 years ago Checkout 6 years ago Error 6 years ago HttpClient 6 years ago Issuing 6 years ago Radar 6 years ago Reporting 6 years ago Sigma 6 years ago Terminal 6 years ago Util 6 years ago Account.php 6 years ago AccountLink.php 6 years ago AlipayAccount.php 6 years ago ApiRequestor.php 6 years ago ApiResource.php 6 years ago ApiResponse.php 6 years ago ApplePayDomain.php 6 years ago ApplicationFee.php 6 years ago ApplicationFeeRefund.php 6 years ago Balance.php 6 years ago BalanceTransaction.php 6 years ago BankAccount.php 6 years ago BitcoinReceiver.php 6 years ago BitcoinTransaction.php 6 years ago Capability.php 6 years ago Card.php 6 years ago Charge.php 6 years ago Collection.php 6 years ago CountrySpec.php 6 years ago Coupon.php 6 years ago CreditNote.php 6 years ago Customer.php 6 years ago CustomerBalanceTransaction.php 6 years ago Discount.php 6 years ago Dispute.php 6 years ago EphemeralKey.php 6 years ago Event.php 6 years ago ExchangeRate.php 6 years ago File.php 6 years ago FileLink.php 6 years ago FileUpload.php 6 years ago Invoice.php 6 years ago InvoiceItem.php 6 years ago InvoiceLineItem.php 6 years ago IssuerFraudRecord.php 6 years ago LoginLink.php 6 years ago OAuth.php 6 years ago Order.php 6 years ago OrderItem.php 6 years ago OrderReturn.php 6 years ago PaymentIntent.php 6 years ago PaymentMethod.php 6 years ago Payout.php 6 years ago Person.php 6 years ago Plan.php 6 years ago Product.php 6 years ago Recipient.php 6 years ago RecipientTransfer.php 6 years ago Refund.php 6 years ago RequestTelemetry.php 6 years ago Review.php 6 years ago SKU.php 6 years ago SetupIntent.php 6 years ago SingletonApiResource.php 6 years ago Source.php 6 years ago SourceTransaction.php 6 years ago Stripe.php 6 years ago StripeObject.php 6 years ago Subscription.php 6 years ago SubscriptionItem.php 6 years ago SubscriptionSchedule.php 6 years ago TaxId.php 6 years ago TaxRate.php 6 years ago ThreeDSecure.php 6 years ago Token.php 6 years ago Topup.php 6 years ago Transfer.php 6 years ago TransferReversal.php 6 years ago UsageRecord.php 6 years ago UsageRecordSummary.php 6 years ago Webhook.php 6 years ago WebhookEndpoint.php 6 years ago WebhookSignature.php 6 years ago
WebhookSignature.php
134 lines
1 <?php
2
3 namespace Stripe;
4
5 abstract class WebhookSignature
6 {
7 const EXPECTED_SCHEME = "v1";
8
9 /**
10 * Verifies the signature header sent by Stripe. Throws a
11 * SignatureVerification exception if the verification fails for any
12 * reason.
13 *
14 * @param string $payload the payload sent by Stripe.
15 * @param string $header the contents of the signature header sent by
16 * Stripe.
17 * @param string $secret secret used to generate the signature.
18 * @param int $tolerance maximum difference allowed between the header's
19 * timestamp and the current time
20 * @throws \Stripe\Error\SignatureVerification if the verification fails.
21 * @return bool
22 */
23 public static function verifyHeader($payload, $header, $secret, $tolerance = null)
24 {
25 // Extract timestamp and signatures from header
26 $timestamp = self::getTimestamp($header);
27 $signatures = self::getSignatures($header, self::EXPECTED_SCHEME);
28 if ($timestamp == -1) {
29 throw new Error\SignatureVerification(
30 "Unable to extract timestamp and signatures from header",
31 $header,
32 $payload
33 );
34 }
35 if (empty($signatures)) {
36 throw new Error\SignatureVerification(
37 "No signatures found with expected scheme",
38 $header,
39 $payload
40 );
41 }
42
43 // Check if expected signature is found in list of signatures from
44 // header
45 $signedPayload = "$timestamp.$payload";
46 $expectedSignature = self::computeSignature($signedPayload, $secret);
47 $signatureFound = false;
48 foreach ($signatures as $signature) {
49 if (Util\Util::secureCompare($expectedSignature, $signature)) {
50 $signatureFound = true;
51 break;
52 }
53 }
54 if (!$signatureFound) {
55 throw new Error\SignatureVerification(
56 "No signatures found matching the expected signature for payload",
57 $header,
58 $payload
59 );
60 }
61
62 // Check if timestamp is within tolerance
63 if (($tolerance > 0) && (abs(time() - $timestamp) > $tolerance)) {
64 throw new Error\SignatureVerification(
65 "Timestamp outside the tolerance zone",
66 $header,
67 $payload
68 );
69 }
70
71 return true;
72 }
73
74 /**
75 * Extracts the timestamp in a signature header.
76 *
77 * @param string $header the signature header
78 * @return int the timestamp contained in the header, or -1 if no valid
79 * timestamp is found
80 */
81 private static function getTimestamp($header)
82 {
83 $items = explode(",", $header);
84
85 foreach ($items as $item) {
86 $itemParts = explode("=", $item, 2);
87 if ($itemParts[0] == "t") {
88 if (!is_numeric($itemParts[1])) {
89 return -1;
90 }
91 return intval($itemParts[1]);
92 }
93 }
94
95 return -1;
96 }
97
98 /**
99 * Extracts the signatures matching a given scheme in a signature header.
100 *
101 * @param string $header the signature header
102 * @param string $scheme the signature scheme to look for.
103 * @return array the list of signatures matching the provided scheme.
104 */
105 private static function getSignatures($header, $scheme)
106 {
107 $signatures = [];
108 $items = explode(",", $header);
109
110 foreach ($items as $item) {
111 $itemParts = explode("=", $item, 2);
112 if ($itemParts[0] == $scheme) {
113 array_push($signatures, $itemParts[1]);
114 }
115 }
116
117 return $signatures;
118 }
119
120 /**
121 * Computes the signature for a given payload and secret.
122 *
123 * The current scheme used by Stripe ("v1") is HMAC/SHA-256.
124 *
125 * @param string $payload the payload to sign.
126 * @param string $secret the secret used to generate the signature.
127 * @return string the signature as a string.
128 */
129 private static function computeSignature($payload, $secret)
130 {
131 return hash_hmac("sha256", $payload, $secret);
132 }
133 }
134