Blocks
1 year ago
Contracts
1 year ago
Errors
1 year ago
Scripts
2 years ago
Arrays.php
3 years ago
ColorService.php
3 years ago
Currency.php
1 year ago
Encryption.php
3 years ago
Server.php
2 years ago
TimeDate.php
2 years ago
Translations.php
3 years ago
URL.php
2 years ago
UtilityService.php
3 years ago
UtilityServiceProvider.php
3 years ago
kses.json
1 year ago
Encryption.php
158 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Based on the code from the following packages: |
| 4 | * Class Google\Site_Kit\Core\Storage\Data_Encryption |
| 5 | * |
| 6 | * @package Google\Site_Kit |
| 7 | * @copyright 2019 Google LLC |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://sitekit.withgoogle.com |
| 10 | */ |
| 11 | |
| 12 | namespace SureCart\Support; |
| 13 | |
| 14 | /** |
| 15 | * Class responsible for encrypting and decrypting data. |
| 16 | * |
| 17 | * @since 1.0.0 |
| 18 | * @access private |
| 19 | * @ignore |
| 20 | */ |
| 21 | class Encryption { |
| 22 | /** |
| 23 | * Key to use for encryption. |
| 24 | * |
| 25 | * @since 1.0.0 |
| 26 | * @var string |
| 27 | */ |
| 28 | private $key; |
| 29 | |
| 30 | /** |
| 31 | * Salt to use for encryption. |
| 32 | * |
| 33 | * @since 1.0.0 |
| 34 | * @var string |
| 35 | */ |
| 36 | private $salt; |
| 37 | |
| 38 | /** |
| 39 | * Constructor. |
| 40 | * |
| 41 | * @since 1.0.0 |
| 42 | */ |
| 43 | final public function __construct() { |
| 44 | $this->key = $this->getDefaultKey(); |
| 45 | $this->salt = $this->getDefaultSalt(); |
| 46 | } |
| 47 | |
| 48 | /** |
| 49 | * Encrypts a value. |
| 50 | * |
| 51 | * If a user-based key is set, that key is used. Otherwise the default key is used. |
| 52 | * |
| 53 | * @since 1.0.0 |
| 54 | * |
| 55 | * @param string $value Value to encrypt. |
| 56 | * @return string|bool Encrypted value, or false on failure. |
| 57 | */ |
| 58 | protected function encrypt( $value ) { |
| 59 | if ( ! extension_loaded( 'openssl' ) ) { |
| 60 | return $value; |
| 61 | } |
| 62 | |
| 63 | $method = 'aes-256-ctr'; |
| 64 | $ivlen = openssl_cipher_iv_length( $method ); |
| 65 | $iv = openssl_random_pseudo_bytes( $ivlen ); |
| 66 | |
| 67 | $raw_value = openssl_encrypt( $value . $this->salt, $method, $this->key, 0, $iv ); |
| 68 | if ( ! $raw_value ) { |
| 69 | return false; |
| 70 | } |
| 71 | |
| 72 | return base64_encode( $iv . $raw_value ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode |
| 73 | } |
| 74 | |
| 75 | /** |
| 76 | * Decrypts a value. |
| 77 | * |
| 78 | * If a user-based key is set, that key is used. Otherwise the default key is used. |
| 79 | * |
| 80 | * @since 1.0.0 |
| 81 | * |
| 82 | * @param string $raw_value Value to decrypt. |
| 83 | * @return string|bool Decrypted value, or false on failure. |
| 84 | */ |
| 85 | protected function decrypt( $raw_value ) { |
| 86 | if ( ! extension_loaded( 'openssl' ) ) { |
| 87 | return $raw_value; |
| 88 | } |
| 89 | |
| 90 | $raw_value = base64_decode( $raw_value, true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode |
| 91 | |
| 92 | $method = 'aes-256-ctr'; |
| 93 | $ivlen = openssl_cipher_iv_length( $method ); |
| 94 | $iv = substr( $raw_value, 0, $ivlen ); |
| 95 | |
| 96 | $raw_value = substr( $raw_value, $ivlen ); |
| 97 | |
| 98 | $value = openssl_decrypt( $raw_value, $method, $this->key, 0, $iv ); |
| 99 | if ( ! $value || substr( $value, - strlen( $this->salt ) ) !== $this->salt ) { |
| 100 | return false; |
| 101 | } |
| 102 | |
| 103 | return substr( $value, 0, - strlen( $this->salt ) ); |
| 104 | } |
| 105 | |
| 106 | /** |
| 107 | * Gets the default encryption key to use. |
| 108 | * |
| 109 | * @since 1.0.0 |
| 110 | * |
| 111 | * @return string Default (not user-based) encryption key. |
| 112 | */ |
| 113 | protected function getDefaultKey() { |
| 114 | if ( defined( 'SURECART_ENCRYPTION_KEY' ) && '' !== SURECART_ENCRYPTION_KEY ) { |
| 115 | return SURECART_ENCRYPTION_KEY; |
| 116 | } |
| 117 | |
| 118 | if ( defined( 'LOGGED_IN_KEY' ) && '' !== LOGGED_IN_KEY ) { |
| 119 | return LOGGED_IN_KEY; |
| 120 | } |
| 121 | |
| 122 | // If this is reached, you're either not on a live site or have a serious security issue. |
| 123 | return 'there-is-no-default-key-for-encryption'; |
| 124 | } |
| 125 | |
| 126 | /** |
| 127 | * Gets the default encryption salt to use. |
| 128 | * |
| 129 | * @since 1.0.0 |
| 130 | * |
| 131 | * @return string Encryption salt. |
| 132 | */ |
| 133 | private function getDefaultSalt() { |
| 134 | if ( defined( 'SURECART_ENCRYPTION_SALT' ) && '' !== SURECART_ENCRYPTION_SALT ) { |
| 135 | return SURECART_ENCRYPTION_SALT; |
| 136 | } |
| 137 | |
| 138 | if ( defined( 'LOGGED_IN_SALT' ) && '' !== LOGGED_IN_SALT ) { |
| 139 | return LOGGED_IN_SALT; |
| 140 | } |
| 141 | |
| 142 | // If this is reached, you're either not on a live site or have a serious security issue. |
| 143 | return 'there-is-no-default-salt-for-encryption'; |
| 144 | } |
| 145 | |
| 146 | /** |
| 147 | * Static Facade Accessor |
| 148 | * |
| 149 | * @param string $method Method to call. |
| 150 | * @param mixed $params Method params. |
| 151 | * |
| 152 | * @return mixed |
| 153 | */ |
| 154 | public static function __callStatic( $method, $params ) { |
| 155 | return call_user_func_array( [ new static(), $method ], $params ); |
| 156 | } |
| 157 | } |
| 158 |