PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 4.16.3
GiveWP – Donation Plugin and Fundraising Platform v4.16.3
4.16.3 4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / vendor / stripe / stripe-php / lib / WebhookSignature.php
give / vendor / stripe / stripe-php / lib Last commit date
ApiOperations 2 years ago BillingPortal 2 years ago Checkout 2 years ago Exception 4 years ago FinancialConnections 2 years ago HttpClient 2 years ago Identity 2 years ago Issuing 2 years ago Radar 2 years ago Reporting 4 years ago Service 2 years ago Sigma 4 years ago Terminal 2 years ago TestHelpers 2 years ago Util 2 years ago Account.php 2 years ago AccountLink.php 4 years ago AlipayAccount.php 4 years ago ApiRequestor.php 2 years ago ApiResource.php 2 years ago ApiResponse.php 4 years ago ApplePayDomain.php 4 years ago ApplicationFee.php 2 years ago ApplicationFeeRefund.php 4 years ago Balance.php 4 years ago BalanceTransaction.php 4 years ago BankAccount.php 4 years ago BaseStripeClient.php 2 years ago BaseStripeClientInterface.php 4 years ago BitcoinReceiver.php 2 years ago BitcoinTransaction.php 4 years ago Capability.php 4 years ago Card.php 2 years ago CashBalance.php 2 years ago Charge.php 2 years ago Collection.php 2 years ago CountrySpec.php 4 years ago Coupon.php 2 years ago CreditNote.php 2 years ago CreditNoteLineItem.php 4 years ago Customer.php 2 years ago CustomerBalanceTransaction.php 4 years ago Discount.php 2 years ago Dispute.php 4 years ago EphemeralKey.php 4 years ago ErrorObject.php 4 years ago Event.php 2 years ago ExchangeRate.php 4 years ago File.php 2 years ago FileLink.php 4 years ago FundingInstructions.php 2 years ago Invoice.php 2 years ago InvoiceItem.php 2 years ago InvoiceLineItem.php 2 years ago LineItem.php 4 years ago LoginLink.php 4 years ago Mandate.php 4 years ago OAuth.php 4 years ago OAuthErrorObject.php 4 years ago Order.php 2 years ago OrderItem.php 4 years ago OrderReturn.php 4 years ago PaymentIntent.php 2 years ago PaymentLink.php 2 years ago PaymentMethod.php 2 years ago Payout.php 4 years ago Person.php 2 years ago Plan.php 2 years ago Price.php 2 years ago Product.php 2 years ago PromotionCode.php 2 years ago Quote.php 2 years ago Recipient.php 2 years ago RecipientTransfer.php 4 years ago Refund.php 2 years ago RequestTelemetry.php 4 years ago Review.php 4 years ago SKU.php 2 years ago SearchResult.php 2 years ago SetupAttempt.php 4 years ago SetupIntent.php 2 years ago ShippingRate.php 2 years ago SingletonApiResource.php 2 years ago Source.php 4 years ago SourceTransaction.php 4 years ago Stripe.php 2 years ago StripeClient.php 2 years ago StripeClientInterface.php 4 years ago StripeObject.php 2 years ago StripeStreamingClientInterface.php 4 years ago Subscription.php 2 years ago SubscriptionItem.php 2 years ago SubscriptionSchedule.php 2 years ago TaxCode.php 2 years ago TaxId.php 2 years ago TaxRate.php 4 years ago ThreeDSecure.php 4 years ago Token.php 4 years ago Topup.php 4 years ago Transfer.php 2 years ago TransferReversal.php 4 years ago UsageRecord.php 4 years ago UsageRecordSummary.php 4 years ago Webhook.php 4 years ago WebhookEndpoint.php 4 years ago WebhookSignature.php 4 years ago
WebhookSignature.php
141 lines
1 <?php
2
3 namespace Stripe;
4
5 abstract class WebhookSignature
6 {
7 const EXPECTED_SCHEME = 'v1';
8
9 /**
10 * Verifies the signature header sent by Stripe. Throws an
11 * Exception\SignatureVerificationException exception if the verification fails for
12 * any reason.
13 *
14 * @param string $payload the payload sent by Stripe
15 * @param string $header the contents of the signature header sent by
16 * Stripe
17 * @param string $secret secret used to generate the signature
18 * @param int $tolerance maximum difference allowed between the header's
19 * timestamp and the current time
20 *
21 * @throws Exception\SignatureVerificationException if the verification fails
22 *
23 * @return bool
24 */
25 public static function verifyHeader($payload, $header, $secret, $tolerance = null)
26 {
27 // Extract timestamp and signatures from header
28 $timestamp = self::getTimestamp($header);
29 $signatures = self::getSignatures($header, self::EXPECTED_SCHEME);
30 if (-1 === $timestamp) {
31 throw Exception\SignatureVerificationException::factory(
32 'Unable to extract timestamp and signatures from header',
33 $payload,
34 $header
35 );
36 }
37 if (empty($signatures)) {
38 throw Exception\SignatureVerificationException::factory(
39 'No signatures found with expected scheme',
40 $payload,
41 $header
42 );
43 }
44
45 // Check if expected signature is found in list of signatures from
46 // header
47 $signedPayload = "{$timestamp}.{$payload}";
48 $expectedSignature = self::computeSignature($signedPayload, $secret);
49 $signatureFound = false;
50 foreach ($signatures as $signature) {
51 if (Util\Util::secureCompare($expectedSignature, $signature)) {
52 $signatureFound = true;
53
54 break;
55 }
56 }
57 if (!$signatureFound) {
58 throw Exception\SignatureVerificationException::factory(
59 'No signatures found matching the expected signature for payload',
60 $payload,
61 $header
62 );
63 }
64
65 // Check if timestamp is within tolerance
66 if (($tolerance > 0) && (\abs(\time() - $timestamp) > $tolerance)) {
67 throw Exception\SignatureVerificationException::factory(
68 'Timestamp outside the tolerance zone',
69 $payload,
70 $header
71 );
72 }
73
74 return true;
75 }
76
77 /**
78 * Extracts the timestamp in a signature header.
79 *
80 * @param string $header the signature header
81 *
82 * @return int the timestamp contained in the header, or -1 if no valid
83 * timestamp is found
84 */
85 private static function getTimestamp($header)
86 {
87 $items = \explode(',', $header);
88
89 foreach ($items as $item) {
90 $itemParts = \explode('=', $item, 2);
91 if ('t' === $itemParts[0]) {
92 if (!\is_numeric($itemParts[1])) {
93 return -1;
94 }
95
96 return (int) ($itemParts[1]);
97 }
98 }
99
100 return -1;
101 }
102
103 /**
104 * Extracts the signatures matching a given scheme in a signature header.
105 *
106 * @param string $header the signature header
107 * @param string $scheme the signature scheme to look for
108 *
109 * @return array the list of signatures matching the provided scheme
110 */
111 private static function getSignatures($header, $scheme)
112 {
113 $signatures = [];
114 $items = \explode(',', $header);
115
116 foreach ($items as $item) {
117 $itemParts = \explode('=', $item, 2);
118 if (\trim($itemParts[0]) === $scheme) {
119 $signatures[] = $itemParts[1];
120 }
121 }
122
123 return $signatures;
124 }
125
126 /**
127 * Computes the signature for a given payload and secret.
128 *
129 * The current scheme used by Stripe ("v1") is HMAC/SHA-256.
130 *
131 * @param string $payload the payload to sign
132 * @param string $secret the secret used to generate the signature
133 *
134 * @return string the signature as a string
135 */
136 private static function computeSignature($payload, $secret)
137 {
138 return \hash_hmac('sha256', $payload, $secret);
139 }
140 }
141