Security::createReturnSignature() - Code Metrics - PatronBase/omnipay-redsys - Measure and Improve Code Quality continuously with Scrutinizer

Security::createReturnSignature() A
last analyzed 2025-05-20 06:32 UTC

↳ Parent: Security

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	1
CRAP Score	1

Importance

Changes

Metric	Value
cc	1
eloc	1
c	0
b	0
f	0
nc	1
nop	3
dl	0
loc	3
ccs	1
cts	1
cp	1
crap	1
rs	10

<?php

namespace Omnipay\Redsys\Message;

use Omnipay\Common\Exception\RuntimeException;

/**
 * Security
 *
 * This class provides common encoding, decoding and signing functions.
 * While all of this code could be called statically, it is left as a
 * regular class in order to faciliate unit testing. If alternate
 * encryption methods are provided later, the VERSION const can be
 * switched to a constructor option (and validated against a whitelist).
 */
class Security
{
    /** @var string */
    const VERSION = 'HMAC_SHA256_V1';

    /**
     * Encode merchant parameters
     *
     * @param array $data  The parameters to encode
     *
     * @return string Encoded data
     */
    public function encodeMerchantParameters($data)
    {
        return base64_encode(json_encode($data));
    }

    /**
     * Decode merchant parameters
     *
     * @param string $data  The encoded string of parameters
     *
     * @return array Decoded data
     */
    public function decodeMerchantParameters($data)
    {
        return (array)json_decode(base64_decode(strtr($data, '-_', '+/')));
    }

    /**
     * Encrypt message with given key and default IV
     *
     * @param string $message  The message to encrypt
     * @param string $key      The base64-encoded key used to encrypt the message
     *
     * @return string Encrypted message
     *
     * @throws RuntimeException
     */
    protected function encryptMessage($message, $key)
    {
        $key = base64_decode($key);
        $iv = implode(array_map('chr', array(0, 0, 0, 0, 0, 0, 0, 0)));

        if ($this->hasValidEncryptionMethod()) {
            // OpenSSL needs to manually pad $message length to be mod 8 = 0; OPENSSL_ZERO_PADDING option doens't work
            if (strlen($message) % 8) {
                $message = str_pad($message, strlen($message) + 8 - strlen($message) % 8, "\0");
            }
            $ciphertext = openssl_encrypt($message, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
        } else {
            throw new RuntimeException('No valid encryption extension installed');
        }

        return $ciphertext;
    }

    /**
     * Check if the system has a valid encryption method available
     *
     * @return bool
     */
    public function hasValidEncryptionMethod()
    {
        return extension_loaded('openssl') && function_exists('openssl_encrypt');
    }

    /**
     * Create signature hash used to verify messages
     *
     * @todo Add if-check on algorithm to match against signature version as new param?
     *
     * @param string $message  The message to encrypt
     * @param string $salt     Unique salt used to generate the ciphertext
     * @param string $key      The base64-encoded key used to encrypt the message
     *
     * @return string Generated signature
     */
    public function createSignature($message, $salt, $key)
    {
        $ciphertext = $this->encryptMessage($salt, $key);
        return base64_encode(hash_hmac('sha256', $message, $ciphertext, true));
    }

    /**
     * Create signature hash used to verify messages back for Redirect gateway
     *
     * @param string $message  The message to encrypt
     * @param string $salt     Unique salt used to generate the ciphertext
     * @param string $key      The base64-encoded key used to encrypt the message
     *
     * @return string Generated signature
     */
    public function createReturnSignature($message, $salt, $key)
    {
        return strtr($this->createSignature($message, $salt, $key), '+/', '-_');
    }
}


1		<?php
2
3		namespace Omnipay\Redsys\Message;
4
5		use Omnipay\Common\Exception\RuntimeException;
6
7		/**
8		* Security
9		*
10		* This class provides common encoding, decoding and signing functions.
11		* While all of this code could be called statically, it is left as a
12		* regular class in order to faciliate unit testing. If alternate
13		* encryption methods are provided later, the VERSION const can be
14		* switched to a constructor option (and validated against a whitelist).
15		*/
16		class Security
17		{
18		/** @var string */
19		const VERSION = 'HMAC_SHA256_V1';
20
21		/**
22		* Encode merchant parameters
23		*
24		* @param array $data The parameters to encode
25		*
26		* @return string Encoded data
27		*/
28	2	public function encodeMerchantParameters($data)
29		{
30	2	return base64_encode(json_encode($data));
31		}
32
33		/**
34		* Decode merchant parameters
35		*
36		* @param string $data The encoded string of parameters
37		*
38		* @return array Decoded data
39		*/
40	10	public function decodeMerchantParameters($data)
41		{
42	10	return (array)json_decode(base64_decode(strtr($data, '-_', '+/')));
43		}
44
45		/**
46		* Encrypt message with given key and default IV
47		*
48		* @param string $message The message to encrypt
49		* @param string $key The base64-encoded key used to encrypt the message
50		*
51		* @return string Encrypted message
52		*
53		* @throws RuntimeException
54		*/
55	22	protected function encryptMessage($message, $key)
56		{
57	22	$key = base64_decode($key);
58	22	$iv = implode(array_map('chr', array(0, 0, 0, 0, 0, 0, 0, 0)));
59
60	22	if ($this->hasValidEncryptionMethod()) {
61	21	// OpenSSL needs to manually pad $message length to be mod 8 = 0; OPENSSL_ZERO_PADDING option doens't work
62	21	if (strlen($message) % 8) {
63	1	$message = str_pad($message, strlen($message) + 8 - strlen($message) % 8, "\0");
64		}
65		$ciphertext = openssl_encrypt($message, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA \| OPENSSL_NO_PADDING, $iv);
66	21	} else {
67		throw new RuntimeException('No valid encryption extension installed');
68		}
69
70		return $ciphertext;
71		}
72
73		/**
74	21	* Check if the system has a valid encryption method available
75		*
76	21	* @return bool
77		*/
78		public function hasValidEncryptionMethod()
79		{
80		return extension_loaded('openssl') && function_exists('openssl_encrypt');
81		}
82
83		/**
84		* Create signature hash used to verify messages
85		*
86		* @todo Add if-check on algorithm to match against signature version as new param?
87		*
88		* @param string $message The message to encrypt
89		* @param string $salt Unique salt used to generate the ciphertext
90	20	* @param string $key The base64-encoded key used to encrypt the message
91		*
92	20	* @return string Generated signature
93	20	*/
94		public function createSignature($message, $salt, $key)
95		{
96		$ciphertext = $this->encryptMessage($salt, $key);
97		return base64_encode(hash_hmac('sha256', $message, $ciphertext, true));
98		}
99
100		/**
101		* Create signature hash used to verify messages back for Redirect gateway
102		*
103		* @param string $message The message to encrypt
104		* @param string $salt Unique salt used to generate the ciphertext
105	9	* @param string $key The base64-encoded key used to encrypt the message
106		*
107	9	* @return string Generated signature
108		*/
109		public function createReturnSignature($message, $salt, $key)
110	1	{
111		return strtr($this->createSignature($message, $salt, $key), '+/', '-_');
112		}
113		}
114

PatronBase / omnipay-redsys

Security::createReturnSignature() A last analyzed 2025-05-20 06:32 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Security::createReturnSignature() A
last analyzed 2025-05-20 06:32 UTC