eventespresso / event-espresso-core

core/services/encryption/EncryptionKeyManagerInterface.php

Indentation +40 added lines, -40 removed lines

@@ -12,56 +12,56 @@
  */
 interface EncryptionKeyManagerInterface
 {
-    /**
-     * add an encryption key
-     *
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
-     * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
-     * @return bool
-     */
-    public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false);
+	/**
+	 * add an encryption key
+	 *
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
+	 * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
+	 * @return bool
+	 */
+	public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false);
 
 
-    /**
-     * returns cryptographically secure passphrase. will use default if necessary
-     *
-     * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
-     * @param string $generate                  - will generate a new key if the requested one does not exist
-     * @return string
-     */
-    public function getEncryptionKey($encryption_key_identifier = '', $generate = false);
+	/**
+	 * returns cryptographically secure passphrase. will use default if necessary
+	 *
+	 * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
+	 * @param string $generate                  - will generate a new key if the requested one does not exist
+	 * @return string
+	 */
+	public function getEncryptionKey($encryption_key_identifier = '', $generate = false);
 
 
-    /**
-     * creates a new encryption key
-     *
-     * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
-     * @return string
-     */
-    public function generateEncryptionKey($strong = true);
+	/**
+	 * creates a new encryption key
+	 *
+	 * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
+	 * @return string
+	 */
+	public function generateEncryptionKey($strong = true);
 
 
-    /**
-     * @return int
-     */
-    public function bitDepth();
+	/**
+	 * @return int
+	 */
+	public function bitDepth();
 
 
-    /**
-     * @param int $bit_depth options are 128, 192, or 256
-     */
-    public function setBitDepth($bit_depth);
+	/**
+	 * @param int $bit_depth options are 128, 192, or 256
+	 */
+	public function setBitDepth($bit_depth);
 
 
-    /**
-     * @return int
-     */
-    public function keyLength();
+	/**
+	 * @return int
+	 */
+	public function keyLength();
 
 
-    /**
-     * @param int $key_length
-     */
-    public function setKeyLength($key_length);
+	/**
+	 * @param int $key_length
+	 */
+	public function setKeyLength($key_length);
 }

core/services/encryption/EncryptionKeyManager.php

Indentation +251 added lines, -251 removed lines

@@ -16,255 +16,255 @@
  */
 class EncryptionKeyManager implements EncryptionKeyManagerInterface
 {
-    /**
-     * @var Base64Encoder
-     */
-    protected $base64_encoder;
-
-    /**
-     * name used for a default encryption key in case no others are set
-     *
-     * @var string
-     */
-    private $default_encryption_key_id;
-
-    /**
-     * name used for saving encryption keys to the wp_options table
-     *
-     * @var string
-     */
-    private $encryption_keys_option_name;
-
-    /**
-     * @var array
-     */
-    private $encryption_keys = null;
-
-    /**
-     * number of bits used when generating cryptographically secure keys
-     *
-     * @var int
-     */
-    private $bit_depth = 128;
-
-    /**
-     * @var int[]
-     */
-    private $bit_depth_options = [64, 128, 192, 256];
-
-    /**
-     * number of characters used when generating cryptographically weak keys
-     *
-     * @var int
-     */
-    private $key_length = 40;
-
-
-    /**
-     * @param Base64Encoder $base64_encoder
-     * @param string        $default_encryption_key_id
-     * @param string        $encryption_keys_option_name
-     */
-    public function __construct(Base64Encoder $base64_encoder, $default_encryption_key_id, $encryption_keys_option_name)
-    {
-        $this->base64_encoder              = $base64_encoder;
-        $this->default_encryption_key_id   = $default_encryption_key_id;
-        $this->encryption_keys_option_name = $encryption_keys_option_name;
-    }
-
-
-    /**
-     * add an encryption key
-     *
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
-     * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
-     * @return bool
-     * @throws Exception
-     */
-    public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false)
-    {
-        // ensure keys are loaded
-        $this->retrieveEncryptionKeys();
-        $encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
-        if (isset($this->encryption_keys[ $encryption_key_identifier ]) && ! $overwrite) {
-            // WOAH!!! that key already exists and we don't want to overwrite it
-            throw new RuntimeException(
-                sprintf(
-                    esc_html__(
-                        'The "%1$s" encryption key already exists and can not be overwritten because previously encrypted values would no longer be capable of being decrypted.',
-                        'event_espresso'
-                    ),
-                    $encryption_key_identifier
-                )
-            );
-        }
-        $this->encryption_keys[ $encryption_key_identifier ] = $encryption_key ?: $this->generateEncryptionKey();
-        return $this->saveEncryptionKeys();
-    }
-
-
-    /**
-     * returns cryptographically secure passphrase. will use default if necessary
-     *
-     * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
-     * @param string $generate                  - will generate a new key if the requested one does not exist
-     * @return string
-     * @throws Exception
-     * @throws OutOfBoundsException
-     */
-    public function getEncryptionKey($encryption_key_identifier = '', $generate = true)
-    {
-        $encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
-        // ensure keys are loaded
-        $this->retrieveEncryptionKeys();
-        // if encryption key has not been set
-        if (! isset($this->encryption_keys[ $encryption_key_identifier ])) {
-            if ($generate) {
-                $this->addEncryptionKey($encryption_key_identifier);
-            } else {
-                throw new OutOfBoundsException(
-                    sprintf(
-                        esc_html__('The "%1$s" encryption key was not found or is invalid.', 'event_espresso'),
-                        $encryption_key_identifier
-                    )
-                );
-            }
-        }
-        return $this->encryption_keys[ $encryption_key_identifier ];
-    }
-
-
-    /**
-     * creates a new encryption key
-     *
-     * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
-     * @return string
-     * @throws Exception
-     */
-    public function generateEncryptionKey($strong = true)
-    {
-        return $strong && PHP_VERSION_ID >= 70100
-            ? $this->generateStrongEncryptionKey()
-            : $this->generateWeakEncryptionKey();
-    }
-
-
-    /**
-     * creates a new cryptographically secure encryption key
-     *
-     * @return string
-     * @throws Exception
-     */
-    protected function generateStrongEncryptionKey()
-    {
-        // bit_depth needs to be divided by 8 to convert to bytes
-        return $this->base64_encoder->encodeString(random_bytes($this->bit_depth / 8));
-    }
-
-
-    /**
-     * creates a new encryption key that should not be trusted to be cryptographically secure
-     *
-     * @return string
-     * @throws Exception
-     */
-    protected function generateWeakEncryptionKey()
-    {
-        // @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
-        $iterations    = ceil($this->key_length / 40);
-        $random_string = '';
-        for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
-        }
-        $random_string = (string) substr($random_string, 0, $this->key_length);
-        return $this->base64_encoder->encodeString($random_string);
-    }
-
-
-    /**
-     * @return int
-     */
-    public function bitDepth()
-    {
-        return $this->bit_depth;
-    }
-
-
-    /**
-     * @param int $bit_depth options are 64, 128, 192, or 256
-     */
-    public function setBitDepth($bit_depth)
-    {
-        $bit_depth       = absint($bit_depth);
-        $this->bit_depth = in_array($bit_depth, $this->bit_depth_options, true) ? $bit_depth : 128;
-    }
-
-
-    /**
-     * @return int
-     */
-    public function keyLength()
-    {
-        return $this->key_length;
-    }
-
-
-    /**
-     * @param int $key_length
-     */
-    public function setKeyLength($key_length)
-    {
-        // let's not let the key length go below 8 or above 128
-        $this->key_length = min(max(absint($key_length), 8), 128);
-    }
-
-
-    /**
-     * retrieves encryption keys from db
-     *
-     * @return array
-     * @throws Exception
-     * @throws RuntimeException
-     */
-    protected function retrieveEncryptionKeys()
-    {
-        // if encryption key has not been set
-        if (empty($this->encryption_keys)) {
-            // retrieve encryption_key from db
-            $this->encryption_keys = get_option($this->encryption_keys_option_name, null);
-            // WHAT?? No encryption keys in the db ??
-            if ($this->encryption_keys === null) {
-                $this->encryption_keys = [];
-                // let's create the default key and save it
-                $new_key                                                   = $this->generateEncryptionKey();
-                $this->encryption_keys[ $this->default_encryption_key_id ] = $new_key;
-                if (! $this->saveEncryptionKeys(true)) {
-                    throw new RuntimeException(
-                        sprintf(
-                            esc_html__(
-                                'Failed to save the "%1$s" encryption keys array to the database.',
-                                'event_espresso'
-                            ),
-                            $this->encryption_keys_option_name
-                        )
-                    );
-                }
-            }
-        }
-        return $this->encryption_keys;
-    }
-
-
-    /**
-     * saves encryption keys from db
-     *
-     * @return bool
-     */
-    protected function saveEncryptionKeys($initialize = false)
-    {
-        return $initialize
-            ? add_option($this->encryption_keys_option_name, $this->encryption_keys, '', false)
-            : update_option($this->encryption_keys_option_name, $this->encryption_keys, false);
-    }
+	/**
+	 * @var Base64Encoder
+	 */
+	protected $base64_encoder;
+
+	/**
+	 * name used for a default encryption key in case no others are set
+	 *
+	 * @var string
+	 */
+	private $default_encryption_key_id;
+
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 *
+	 * @var string
+	 */
+	private $encryption_keys_option_name;
+
+	/**
+	 * @var array
+	 */
+	private $encryption_keys = null;
+
+	/**
+	 * number of bits used when generating cryptographically secure keys
+	 *
+	 * @var int
+	 */
+	private $bit_depth = 128;
+
+	/**
+	 * @var int[]
+	 */
+	private $bit_depth_options = [64, 128, 192, 256];
+
+	/**
+	 * number of characters used when generating cryptographically weak keys
+	 *
+	 * @var int
+	 */
+	private $key_length = 40;
+
+
+	/**
+	 * @param Base64Encoder $base64_encoder
+	 * @param string        $default_encryption_key_id
+	 * @param string        $encryption_keys_option_name
+	 */
+	public function __construct(Base64Encoder $base64_encoder, $default_encryption_key_id, $encryption_keys_option_name)
+	{
+		$this->base64_encoder              = $base64_encoder;
+		$this->default_encryption_key_id   = $default_encryption_key_id;
+		$this->encryption_keys_option_name = $encryption_keys_option_name;
+	}
+
+
+	/**
+	 * add an encryption key
+	 *
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
+	 * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
+	 * @return bool
+	 * @throws Exception
+	 */
+	public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false)
+	{
+		// ensure keys are loaded
+		$this->retrieveEncryptionKeys();
+		$encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
+		if (isset($this->encryption_keys[ $encryption_key_identifier ]) && ! $overwrite) {
+			// WOAH!!! that key already exists and we don't want to overwrite it
+			throw new RuntimeException(
+				sprintf(
+					esc_html__(
+						'The "%1$s" encryption key already exists and can not be overwritten because previously encrypted values would no longer be capable of being decrypted.',
+						'event_espresso'
+					),
+					$encryption_key_identifier
+				)
+			);
+		}
+		$this->encryption_keys[ $encryption_key_identifier ] = $encryption_key ?: $this->generateEncryptionKey();
+		return $this->saveEncryptionKeys();
+	}
+
+
+	/**
+	 * returns cryptographically secure passphrase. will use default if necessary
+	 *
+	 * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
+	 * @param string $generate                  - will generate a new key if the requested one does not exist
+	 * @return string
+	 * @throws Exception
+	 * @throws OutOfBoundsException
+	 */
+	public function getEncryptionKey($encryption_key_identifier = '', $generate = true)
+	{
+		$encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
+		// ensure keys are loaded
+		$this->retrieveEncryptionKeys();
+		// if encryption key has not been set
+		if (! isset($this->encryption_keys[ $encryption_key_identifier ])) {
+			if ($generate) {
+				$this->addEncryptionKey($encryption_key_identifier);
+			} else {
+				throw new OutOfBoundsException(
+					sprintf(
+						esc_html__('The "%1$s" encryption key was not found or is invalid.', 'event_espresso'),
+						$encryption_key_identifier
+					)
+				);
+			}
+		}
+		return $this->encryption_keys[ $encryption_key_identifier ];
+	}
+
+
+	/**
+	 * creates a new encryption key
+	 *
+	 * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
+	 * @return string
+	 * @throws Exception
+	 */
+	public function generateEncryptionKey($strong = true)
+	{
+		return $strong && PHP_VERSION_ID >= 70100
+			? $this->generateStrongEncryptionKey()
+			: $this->generateWeakEncryptionKey();
+	}
+
+
+	/**
+	 * creates a new cryptographically secure encryption key
+	 *
+	 * @return string
+	 * @throws Exception
+	 */
+	protected function generateStrongEncryptionKey()
+	{
+		// bit_depth needs to be divided by 8 to convert to bytes
+		return $this->base64_encoder->encodeString(random_bytes($this->bit_depth / 8));
+	}
+
+
+	/**
+	 * creates a new encryption key that should not be trusted to be cryptographically secure
+	 *
+	 * @return string
+	 * @throws Exception
+	 */
+	protected function generateWeakEncryptionKey()
+	{
+		// @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
+		$iterations    = ceil($this->key_length / 40);
+		$random_string = '';
+		for ($i = 0; $i < $iterations; $i++) {
+			$random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+		}
+		$random_string = (string) substr($random_string, 0, $this->key_length);
+		return $this->base64_encoder->encodeString($random_string);
+	}
+
+
+	/**
+	 * @return int
+	 */
+	public function bitDepth()
+	{
+		return $this->bit_depth;
+	}
+
+
+	/**
+	 * @param int $bit_depth options are 64, 128, 192, or 256
+	 */
+	public function setBitDepth($bit_depth)
+	{
+		$bit_depth       = absint($bit_depth);
+		$this->bit_depth = in_array($bit_depth, $this->bit_depth_options, true) ? $bit_depth : 128;
+	}
+
+
+	/**
+	 * @return int
+	 */
+	public function keyLength()
+	{
+		return $this->key_length;
+	}
+
+
+	/**
+	 * @param int $key_length
+	 */
+	public function setKeyLength($key_length)
+	{
+		// let's not let the key length go below 8 or above 128
+		$this->key_length = min(max(absint($key_length), 8), 128);
+	}
+
+
+	/**
+	 * retrieves encryption keys from db
+	 *
+	 * @return array
+	 * @throws Exception
+	 * @throws RuntimeException
+	 */
+	protected function retrieveEncryptionKeys()
+	{
+		// if encryption key has not been set
+		if (empty($this->encryption_keys)) {
+			// retrieve encryption_key from db
+			$this->encryption_keys = get_option($this->encryption_keys_option_name, null);
+			// WHAT?? No encryption keys in the db ??
+			if ($this->encryption_keys === null) {
+				$this->encryption_keys = [];
+				// let's create the default key and save it
+				$new_key                                                   = $this->generateEncryptionKey();
+				$this->encryption_keys[ $this->default_encryption_key_id ] = $new_key;
+				if (! $this->saveEncryptionKeys(true)) {
+					throw new RuntimeException(
+						sprintf(
+							esc_html__(
+								'Failed to save the "%1$s" encryption keys array to the database.',
+								'event_espresso'
+							),
+							$this->encryption_keys_option_name
+						)
+					);
+				}
+			}
+		}
+		return $this->encryption_keys;
+	}
+
+
+	/**
+	 * saves encryption keys from db
+	 *
+	 * @return bool
+	 */
+	protected function saveEncryptionKeys($initialize = false)
+	{
+		return $initialize
+			? add_option($this->encryption_keys_option_name, $this->encryption_keys, '', false)
+			: update_option($this->encryption_keys_option_name, $this->encryption_keys, false);
+	}
 }

Spacing +7 added lines, -7 removed lines

@@ -87,7 +87,7 @@ 
         // ensure keys are loaded
         $this->retrieveEncryptionKeys();
         $encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
-        if (isset($this->encryption_keys[ $encryption_key_identifier ]) && ! $overwrite) {
+        if (isset($this->encryption_keys[$encryption_key_identifier]) && ! $overwrite) {
             // WOAH!!! that key already exists and we don't want to overwrite it
             throw new RuntimeException(
                 sprintf(
@@ -99,7 +99,7 @@ 
                 )
             );
         }
-        $this->encryption_keys[ $encryption_key_identifier ] = $encryption_key ?: $this->generateEncryptionKey();
+        $this->encryption_keys[$encryption_key_identifier] = $encryption_key ?: $this->generateEncryptionKey();
         return $this->saveEncryptionKeys();
     }
 
@@ -119,7 +119,7 @@ 
         // ensure keys are loaded
         $this->retrieveEncryptionKeys();
         // if encryption key has not been set
-        if (! isset($this->encryption_keys[ $encryption_key_identifier ])) {
+        if ( ! isset($this->encryption_keys[$encryption_key_identifier])) {
             if ($generate) {
                 $this->addEncryptionKey($encryption_key_identifier);
             } else {
@@ -131,7 +131,7 @@ 
                 );
             }
         }
-        return $this->encryption_keys[ $encryption_key_identifier ];
+        return $this->encryption_keys[$encryption_key_identifier];
     }
 
 
@@ -175,7 +175,7 @@ 
         $iterations    = ceil($this->key_length / 40);
         $random_string = '';
         for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+            $random_string .= sha1(microtime(true).mt_rand(10000, 90000));
         }
         $random_string = (string) substr($random_string, 0, $this->key_length);
         return $this->base64_encoder->encodeString($random_string);
@@ -238,8 +238,8 @@ 
                 $this->encryption_keys = [];
                 // let's create the default key and save it
                 $new_key                                                   = $this->generateEncryptionKey();
-                $this->encryption_keys[ $this->default_encryption_key_id ] = $new_key;
-                if (! $this->saveEncryptionKeys(true)) {
+                $this->encryption_keys[$this->default_encryption_key_id] = $new_key;
+                if ( ! $this->saveEncryptionKeys(true)) {
                     throw new RuntimeException(
                         sprintf(
                             esc_html__(

core/services/encryption/openssl/OpenSSLv1.php

Indentation +142 added lines, -142 removed lines

@@ -18,155 +18,155 @@
 class OpenSSLv1 extends OpenSSL
 {
 
-    /**
-     * name used for a default encryption key in case no others are set
-     */
-    const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v1_key';
+	/**
+	 * name used for a default encryption key in case no others are set
+	 */
+	const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v1_key';
 
-    /**
-     * name used for saving encryption keys to the wp_options table
-     */
-    const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v1_encryption_keys';
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 */
+	const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v1_encryption_keys';
 
-    /**
-     * the OPENSSL cipher method used
-     */
-    const CIPHER_METHOD = 'aes-128-cbc';
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const CIPHER_METHOD = 'aes-128-cbc';
 
-    /**
-     * WP "options_name" used to store a verified available cipher method
-     */
-    const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v1_cipher_method';
+	/**
+	 * WP "options_name" used to store a verified available cipher method
+	 */
+	const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v1_cipher_method';
 
 
-    /**
-     * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
-     *              '7.1.0'
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod|null                  $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version defaults to 5.3.0 (when openssl added)
-     */
-    public function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method = null,
-        EncryptionKeyManagerInterface $encryption_key_manager = null,
-        $min_php_version = '5.3.0'
-    ) {
-        parent::__construct(
-            $base64_encoder,
-            $cipher_method instanceof CipherMethod
-                ? $cipher_method
-                : new CipherMethod(
-                    OpenSSLv1::CIPHER_METHOD,
-                    OpenSSLv1::CIPHER_METHOD_OPTION_NAME
-                ),
-            $encryption_key_manager instanceof EncryptionKeyManager
-                ? $encryption_key_manager
-                : new EncryptionKeyManager(
-                    $base64_encoder,
-                    OpenSSLv1::DEFAULT_ENCRYPTION_KEY_ID,
-                    OpenSSLv1::ENCRYPTION_KEYS_OPTION_NAME
-                ),
-            $min_php_version
-        );
-    }
+	/**
+	 * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
+	 *              '7.1.0'
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod|null                  $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version defaults to 5.3.0 (when openssl added)
+	 */
+	public function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method = null,
+		EncryptionKeyManagerInterface $encryption_key_manager = null,
+		$min_php_version = '5.3.0'
+	) {
+		parent::__construct(
+			$base64_encoder,
+			$cipher_method instanceof CipherMethod
+				? $cipher_method
+				: new CipherMethod(
+					OpenSSLv1::CIPHER_METHOD,
+					OpenSSLv1::CIPHER_METHOD_OPTION_NAME
+				),
+			$encryption_key_manager instanceof EncryptionKeyManager
+				? $encryption_key_manager
+				: new EncryptionKeyManager(
+					$base64_encoder,
+					OpenSSLv1::DEFAULT_ENCRYPTION_KEY_ID,
+					OpenSSLv1::ENCRYPTION_KEYS_OPTION_NAME
+				),
+			$min_php_version
+		);
+	}
 
 
-    /**
-     * encrypts data
-     *
-     * @param string $text_to_encrypt           - the text to be encrypted
-     * @param string $encryption_key_identifier - cryptographically secure passphrase. will generate if necessary
-     * @return string
-     */
-    public function encrypt($text_to_encrypt, $encryption_key_identifier = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // get initialization vector size
-        $iv_length = openssl_cipher_iv_length($cipher_method);
-        // generate initialization vector.
-        // The second parameter ("crypto_strong") is passed by reference,
-        // and is used to determines if the algorithm used was "cryptographically strong"
-        // openssl_random_pseudo_bytes() will toggle it to either true or false
-        $iv = openssl_random_pseudo_bytes($iv_length, $is_strong);
-        if ($iv === false || $is_strong === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
-            );
-        }
-        $key = $this->getDigestHashValue($encryption_key);
-        // encrypt it
-        $encrypted_text = openssl_encrypt(
-            $this->base64_encoder->encodeString($text_to_encrypt), // encode to remove special characters
-            $cipher_method,
-            $key,
-            0,
-            $iv
-        );
-        $this->validateEncryption($encrypted_text);
-        $encrypted_text = trim($encrypted_text);
-        // hash the raw encrypted text
-        $hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
-        // concatenate everything into one big string and encode it again
-        return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
-    }
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_to_encrypt           - the text to be encrypted
+	 * @param string $encryption_key_identifier - cryptographically secure passphrase. will generate if necessary
+	 * @return string
+	 */
+	public function encrypt($text_to_encrypt, $encryption_key_identifier = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// get initialization vector size
+		$iv_length = openssl_cipher_iv_length($cipher_method);
+		// generate initialization vector.
+		// The second parameter ("crypto_strong") is passed by reference,
+		// and is used to determines if the algorithm used was "cryptographically strong"
+		// openssl_random_pseudo_bytes() will toggle it to either true or false
+		$iv = openssl_random_pseudo_bytes($iv_length, $is_strong);
+		if ($iv === false || $is_strong === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
+			);
+		}
+		$key = $this->getDigestHashValue($encryption_key);
+		// encrypt it
+		$encrypted_text = openssl_encrypt(
+			$this->base64_encoder->encodeString($text_to_encrypt), // encode to remove special characters
+			$cipher_method,
+			$key,
+			0,
+			$iv
+		);
+		$this->validateEncryption($encrypted_text);
+		$encrypted_text = trim($encrypted_text);
+		// hash the raw encrypted text
+		$hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
+		// concatenate everything into one big string and encode it again
+		return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
+	}
 
 
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text            - the text to be decrypted
-     * @param string $encryption_key_identifier - cryptographically secure passphrase. will use default if necessary
-     * @return string
-     */
-    public function decrypt($encrypted_text, $encryption_key_identifier = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        $key            = $this->getDigestHashValue($encryption_key);
-        // decode our concatenated string
-        $encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
-        // get the string lengths used for the hash and iv
-        $hash_length = $this->calculateHashLength($encryption_key);
-        $iv_length   = openssl_cipher_iv_length($cipher_method);
-        // use the above lengths to snip the required values from the decoded string
-        $iv                 = substr($encrypted_text, 0, $iv_length);
-        $hmac               = substr($encrypted_text, $iv_length, $hash_length);
-        $encrypted_text_raw = substr($encrypted_text, $iv_length + $hash_length);
-        // rehash the original raw encrypted text
-        $rehash_mac = hash_hmac($this->getHashAlgorithm(), $encrypted_text_raw, $key, true);
-        // timing attack safe comparison to determine if anything has changed
-        if (hash_equals($hmac, $rehash_mac)) {
-            // looks good, decrypt it, trim it, and return it
-            $decrypted_text = openssl_decrypt(
-                $encrypted_text_raw,
-                $this->cipher_method->getCipherMethod(),
-                $key,
-                0,
-                $iv
-            );
-            $this->validateDecryption($decrypted_text);
-            return trim($this->base64_encoder->decodeString($decrypted_text));
-        }
-        throw new RuntimeException(
-            esc_html__(
-                'Decryption failed because a hash comparison of the original text and the decrypted text was not the same, meaning something in the system or the encrypted data has changed.',
-                'event_espresso'
-            )
-        );
-    }
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text            - the text to be decrypted
+	 * @param string $encryption_key_identifier - cryptographically secure passphrase. will use default if necessary
+	 * @return string
+	 */
+	public function decrypt($encrypted_text, $encryption_key_identifier = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		$key            = $this->getDigestHashValue($encryption_key);
+		// decode our concatenated string
+		$encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
+		// get the string lengths used for the hash and iv
+		$hash_length = $this->calculateHashLength($encryption_key);
+		$iv_length   = openssl_cipher_iv_length($cipher_method);
+		// use the above lengths to snip the required values from the decoded string
+		$iv                 = substr($encrypted_text, 0, $iv_length);
+		$hmac               = substr($encrypted_text, $iv_length, $hash_length);
+		$encrypted_text_raw = substr($encrypted_text, $iv_length + $hash_length);
+		// rehash the original raw encrypted text
+		$rehash_mac = hash_hmac($this->getHashAlgorithm(), $encrypted_text_raw, $key, true);
+		// timing attack safe comparison to determine if anything has changed
+		if (hash_equals($hmac, $rehash_mac)) {
+			// looks good, decrypt it, trim it, and return it
+			$decrypted_text = openssl_decrypt(
+				$encrypted_text_raw,
+				$this->cipher_method->getCipherMethod(),
+				$key,
+				0,
+				$iv
+			);
+			$this->validateDecryption($decrypted_text);
+			return trim($this->base64_encoder->decodeString($decrypted_text));
+		}
+		throw new RuntimeException(
+			esc_html__(
+				'Decryption failed because a hash comparison of the original text and the decrypted text was not the same, meaning something in the system or the encrypted data has changed.',
+				'event_espresso'
+			)
+		);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -122,7 +122,7 @@
         // hash the raw encrypted text
         $hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
         // concatenate everything into one big string and encode it again
-        return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
+        return $this->base64_encoder->encodeString($iv.$hmac.$encrypted_text);
     }
 
 

core/services/encryption/openssl/OpenSSL.php

Indentation +262 added lines, -262 removed lines

@@ -18,266 +18,266 @@
 abstract class OpenSSL implements EncryptionMethodInterface
 {
 
-    /**
-     * the default OPENSSL digest method to use
-     */
-    const DEFAULT_DIGEST_METHOD = 'sha512';
-
-    /**
-     * separates the encrypted text from the initialization vector
-     */
-    const IV_DELIMITER = ':iv:';
-
-    /**
-     * @var Base64Encoder
-     */
-    protected $base64_encoder;
-
-    /**
-     * @var CipherMethod
-     */
-    protected $cipher_method;
-
-    /**
-     * @var array $digest_methods
-     */
-    private $digest_methods = [];
-
-    /**
-     * @var EncryptionKeyManagerInterface
-     */
-    protected $encryption_key_manager;
-
-    /**
-     * @var boolean
-     */
-    private $openssl_installed;
-
-    /**
-     * @var string
-     */
-    private $min_php_version;
-
-    /**
-     * @var string
-     */
-    private $hash_algorithm;
-
-
-    /**
-     * To use custom a cipher method and/or encryption keys:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME)
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME)
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod                       $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version
-     */
-    protected function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method,
-        EncryptionKeyManagerInterface $encryption_key_manager,
-        $min_php_version
-    ) {
-        $this->base64_encoder         = $base64_encoder;
-        $this->cipher_method          = $cipher_method;
-        $this->encryption_key_manager = $encryption_key_manager;
-        $this->min_php_version        = $min_php_version;
-        $this->openssl_installed      = extension_loaded('openssl');
-    }
-
-
-    /**
-     * @return bool
-     */
-    public function isCryptographicallySecure()
-    {
-        return true;
-    }
-
-
-    /**
-     * @return bool
-     */
-    public function canUse()
-    {
-        return $this->openssl_installed && version_compare(PHP_VERSION, $this->min_php_version, '>=');
-    }
-
-
-    /**
-     * @return string
-     */
-    public function canUseNotice()
-    {
-        if (! $this->openssl_installed) {
-            return esc_html__(
-                'The PHP openssl server extension is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
-                'event_espresso'
-            );
-        }
-        if (version_compare(PHP_VERSION, $this->min_php_version, '<')) {
-            return sprintf(
-                esc_html__(
-                    'PHP version %1$s or greater is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
-                    'event_espresso'
-                ),
-                $this->min_php_version
-            );
-        }
-        return sprintf(
-            esc_html__('OpenSSL v1 encryption using %1$S is available for use.', 'event_espresso'),
-            OpenSSLv1::CIPHER_METHOD
-        );
-    }
-
-
-    /**
-     * Computes the digest hash value using the specified digest method.
-     * If that digest method fails to produce a valid hash value,
-     * then we'll grab the next digest method and recursively try again until something works.
-     *
-     * @param string $encryption_key
-     * @param string $digest_method
-     * @param bool   $return_raw_data
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function getDigestHashValue(
-        $encryption_key,
-        $digest_method = OpenSSL::DEFAULT_DIGEST_METHOD,
-        $return_raw_data = false
-    ) {
-        $digest_hash_value = openssl_digest($encryption_key, $digest_method, $return_raw_data);
-        if ($digest_hash_value === false) {
-            return $this->getDigestHashValue($this->getDigestMethod());
-        }
-        return $digest_hash_value;
-    }
-
-
-    /**
-     * Returns the NEXT element in the $digest_methods array.
-     * If the $digest_methods array is empty, then we populate it
-     * with the available values returned from openssl_get_md_methods().
-     *
-     * @return string
-     * @throws RuntimeException
-     */
-    private function getDigestMethod()
-    {
-        $digest_method = prev($this->digest_methods);
-        if (empty($this->digest_methods)) {
-            $this->digest_methods = openssl_get_md_methods();
-            $digest_method        = end($this->digest_methods);
-        }
-        if ($digest_method === false) {
-            throw new RuntimeException(
-                esc_html__(
-                    'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
-                    'event_espresso'
-                )
-            );
-        }
-        return $digest_method;
-    }
-
-
-    /**
-     * @param string $encryption_key
-     * @return int
-     */
-    protected function calculateHashLength($encryption_key)
-    {
-        // get existing key length
-        $prev_key_length = $this->encryption_key_manager->keyLength();
-        // set it to something HUGE
-        $this->encryption_key_manager->setKeyLength(512);
-        // generate a new weak key, which should just be a really long random string
-        $test_text = $this->encryption_key_manager->generateEncryptionKey(false);
-        // generate a hash using our test string and our real $encryption_key
-        $hash = hash_hmac($this->getHashAlgorithm(), $test_text, $encryption_key, true);
-        // reset key length back to original value
-        $this->encryption_key_manager->setKeyLength($prev_key_length);
-        // return the length of the hash
-        return strlen($hash);
-    }
-
-
-    /**
-     * @return string
-     */
-    protected function getHashAlgorithm()
-    {
-        if (! $this->hash_algorithm) {
-            // get installed hashing algorithms
-            $hash_algorithms = hash_algos();
-            // filter array for "sha" algorithms
-            $hash_algorithms = preg_grep('/^sha\d{3}$/i', $hash_algorithms);
-            // if no sha algorithms are installed, then just use md5
-            if (empty($hash_algorithms)) {
-                $this->hash_algorithm = 'md5';
-                return $this->hash_algorithm;
-            }
-            // sort ascending using "natural ordering"
-            sort($hash_algorithms, SORT_NATURAL);
-            // return last item from array, which should be the strongest installed sha hash
-            $this->hash_algorithm = array_pop($hash_algorithms);
-        }
-        return $this->hash_algorithm;
-    }
-
-
-    /**
-     * @param string $encrypted_text
-     * @throws RuntimeException
-     */
-    protected function validateEncryption($encrypted_text)
-    {
-        if ($encrypted_text === false) {
-            throw new RuntimeException(
-                sprintf(
-                    esc_html__('The following error occurred during OpenSSL encryption: %1$S', 'event_espresso'),
-                    $this->getOpenSslError()
-                )
-            );
-        }
-    }
-
-
-    /**
-     * @return false|string
-     */
-    private function getOpenSslError()
-    {
-        $error = openssl_error_string();
-        return $error ?: esc_html__('Unknown Error', 'event_espresso');
-    }
-
-
-    /**
-     * @param string $encrypted_text
-     * @throws RuntimeException
-     */
-    protected function validateDecryption($encrypted_text)
-    {
-        if ($encrypted_text === false) {
-            throw new RuntimeException(
-                sprintf(
-                    esc_html__('OpenSSL decryption failed for the following reason: %1$S', 'event_espresso'),
-                    $this->getOpenSslError()
-                )
-            );
-        }
-    }
+	/**
+	 * the default OPENSSL digest method to use
+	 */
+	const DEFAULT_DIGEST_METHOD = 'sha512';
+
+	/**
+	 * separates the encrypted text from the initialization vector
+	 */
+	const IV_DELIMITER = ':iv:';
+
+	/**
+	 * @var Base64Encoder
+	 */
+	protected $base64_encoder;
+
+	/**
+	 * @var CipherMethod
+	 */
+	protected $cipher_method;
+
+	/**
+	 * @var array $digest_methods
+	 */
+	private $digest_methods = [];
+
+	/**
+	 * @var EncryptionKeyManagerInterface
+	 */
+	protected $encryption_key_manager;
+
+	/**
+	 * @var boolean
+	 */
+	private $openssl_installed;
+
+	/**
+	 * @var string
+	 */
+	private $min_php_version;
+
+	/**
+	 * @var string
+	 */
+	private $hash_algorithm;
+
+
+	/**
+	 * To use custom a cipher method and/or encryption keys:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME)
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME)
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod                       $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version
+	 */
+	protected function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method,
+		EncryptionKeyManagerInterface $encryption_key_manager,
+		$min_php_version
+	) {
+		$this->base64_encoder         = $base64_encoder;
+		$this->cipher_method          = $cipher_method;
+		$this->encryption_key_manager = $encryption_key_manager;
+		$this->min_php_version        = $min_php_version;
+		$this->openssl_installed      = extension_loaded('openssl');
+	}
+
+
+	/**
+	 * @return bool
+	 */
+	public function isCryptographicallySecure()
+	{
+		return true;
+	}
+
+
+	/**
+	 * @return bool
+	 */
+	public function canUse()
+	{
+		return $this->openssl_installed && version_compare(PHP_VERSION, $this->min_php_version, '>=');
+	}
+
+
+	/**
+	 * @return string
+	 */
+	public function canUseNotice()
+	{
+		if (! $this->openssl_installed) {
+			return esc_html__(
+				'The PHP openssl server extension is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
+				'event_espresso'
+			);
+		}
+		if (version_compare(PHP_VERSION, $this->min_php_version, '<')) {
+			return sprintf(
+				esc_html__(
+					'PHP version %1$s or greater is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
+					'event_espresso'
+				),
+				$this->min_php_version
+			);
+		}
+		return sprintf(
+			esc_html__('OpenSSL v1 encryption using %1$S is available for use.', 'event_espresso'),
+			OpenSSLv1::CIPHER_METHOD
+		);
+	}
+
+
+	/**
+	 * Computes the digest hash value using the specified digest method.
+	 * If that digest method fails to produce a valid hash value,
+	 * then we'll grab the next digest method and recursively try again until something works.
+	 *
+	 * @param string $encryption_key
+	 * @param string $digest_method
+	 * @param bool   $return_raw_data
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function getDigestHashValue(
+		$encryption_key,
+		$digest_method = OpenSSL::DEFAULT_DIGEST_METHOD,
+		$return_raw_data = false
+	) {
+		$digest_hash_value = openssl_digest($encryption_key, $digest_method, $return_raw_data);
+		if ($digest_hash_value === false) {
+			return $this->getDigestHashValue($this->getDigestMethod());
+		}
+		return $digest_hash_value;
+	}
+
+
+	/**
+	 * Returns the NEXT element in the $digest_methods array.
+	 * If the $digest_methods array is empty, then we populate it
+	 * with the available values returned from openssl_get_md_methods().
+	 *
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	private function getDigestMethod()
+	{
+		$digest_method = prev($this->digest_methods);
+		if (empty($this->digest_methods)) {
+			$this->digest_methods = openssl_get_md_methods();
+			$digest_method        = end($this->digest_methods);
+		}
+		if ($digest_method === false) {
+			throw new RuntimeException(
+				esc_html__(
+					'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
+					'event_espresso'
+				)
+			);
+		}
+		return $digest_method;
+	}
+
+
+	/**
+	 * @param string $encryption_key
+	 * @return int
+	 */
+	protected function calculateHashLength($encryption_key)
+	{
+		// get existing key length
+		$prev_key_length = $this->encryption_key_manager->keyLength();
+		// set it to something HUGE
+		$this->encryption_key_manager->setKeyLength(512);
+		// generate a new weak key, which should just be a really long random string
+		$test_text = $this->encryption_key_manager->generateEncryptionKey(false);
+		// generate a hash using our test string and our real $encryption_key
+		$hash = hash_hmac($this->getHashAlgorithm(), $test_text, $encryption_key, true);
+		// reset key length back to original value
+		$this->encryption_key_manager->setKeyLength($prev_key_length);
+		// return the length of the hash
+		return strlen($hash);
+	}
+
+
+	/**
+	 * @return string
+	 */
+	protected function getHashAlgorithm()
+	{
+		if (! $this->hash_algorithm) {
+			// get installed hashing algorithms
+			$hash_algorithms = hash_algos();
+			// filter array for "sha" algorithms
+			$hash_algorithms = preg_grep('/^sha\d{3}$/i', $hash_algorithms);
+			// if no sha algorithms are installed, then just use md5
+			if (empty($hash_algorithms)) {
+				$this->hash_algorithm = 'md5';
+				return $this->hash_algorithm;
+			}
+			// sort ascending using "natural ordering"
+			sort($hash_algorithms, SORT_NATURAL);
+			// return last item from array, which should be the strongest installed sha hash
+			$this->hash_algorithm = array_pop($hash_algorithms);
+		}
+		return $this->hash_algorithm;
+	}
+
+
+	/**
+	 * @param string $encrypted_text
+	 * @throws RuntimeException
+	 */
+	protected function validateEncryption($encrypted_text)
+	{
+		if ($encrypted_text === false) {
+			throw new RuntimeException(
+				sprintf(
+					esc_html__('The following error occurred during OpenSSL encryption: %1$S', 'event_espresso'),
+					$this->getOpenSslError()
+				)
+			);
+		}
+	}
+
+
+	/**
+	 * @return false|string
+	 */
+	private function getOpenSslError()
+	{
+		$error = openssl_error_string();
+		return $error ?: esc_html__('Unknown Error', 'event_espresso');
+	}
+
+
+	/**
+	 * @param string $encrypted_text
+	 * @throws RuntimeException
+	 */
+	protected function validateDecryption($encrypted_text)
+	{
+		if ($encrypted_text === false) {
+			throw new RuntimeException(
+				sprintf(
+					esc_html__('OpenSSL decryption failed for the following reason: %1$S', 'event_espresso'),
+					$this->getOpenSslError()
+				)
+			);
+		}
+	}
 }

core/services/encryption/openssl/CipherMethod.php

Indentation +202 added lines, -202 removed lines

@@ -15,206 +15,206 @@
 class CipherMethod
 {
 
-    /**
-     * @var string
-     */
-    protected $cipher_method_option_name;
-
-    /**
-     * list of cipher methods that we consider usable,
-     * essentially all of the installed_cipher_methods minus weak_algorithms
-     *
-     * @var array
-     */
-    protected $cipher_methods = [];
-
-    /**
-     * @var string
-     */
-    protected $default_cipher_method;
-
-    /**
-     * list of ALL cipher methods available on the server
-     *
-     * @var array
-     */
-    protected $installed_cipher_methods;
-
-    /**
-     * the OpenSSL cipher method to use. default: AES-128-CBC
-     *
-     * @var string
-     */
-    protected $validated_cipher_method;
-
-    /**
-     * as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
-     * and ECB mode should be avoided
-     *
-     * @var array
-     */
-    protected $weak_algorithms = ['des', 'ecb', 'md5', 'rc2', 'rc4'];
-
-
-    /**
-     * @param string $default_cipher_method
-     * @param string $cipher_method_option_name
-     */
-    public function __construct($default_cipher_method, $cipher_method_option_name)
-    {
-        $this->default_cipher_method     = $default_cipher_method;
-        $this->cipher_method_option_name = $cipher_method_option_name;
-        $this->installed_cipher_methods  = openssl_get_cipher_methods();
-    }
-
-
-    /**
-     * Returns a cipher method that has been verified to work.
-     * First checks if the cached cipher has been set already and if so, returns that.
-     * Then tests the incoming default and returns that if it's good.
-     * If not, then it retrieves the previously tested and saved cipher method.
-     * But if that doesn't exist, then calls getAvailableCipherMethod()
-     * to see what is available on the server, and returns the results.
-     *
-     * @param string $cipher_method
-     * @param bool   $load_alternate [optional] if TRUE, will load the default cipher method (or any strong algorithm)
-     *                               if the requested cipher method is not installed or invalid.
-     *                               if FALSE, will throw an exception if the requested cipher method is not valid.
-     * @return string
-     * @throws RuntimeException
-     */
-    public function getCipherMethod($cipher_method = null, $load_alternate = true)
-    {
-        if (empty($cipher_method) && $this->validated_cipher_method !== null) {
-            return $this->validated_cipher_method;
-        }
-        // if nothing specific was requested and it's ok to load an alternate, then grab the system default
-        if (empty($cipher_method) && $load_alternate) {
-            $cipher_method = $this->default_cipher_method;
-        }
-        // verify that the cipher method can produce an initialization vector.
-        // but if the requested is invalid and we don't want to load an alternate, then throw an exception
-        $throw_exception = ! $load_alternate;
-        if ($this->validateCipherMethod($cipher_method, $throw_exception) === false) {
-            // nope? ... ok let's see what we can find
-            $cipher_method = $this->getAvailableCipherMethod();
-        }
-        // if nothing has been previously validated, then save the currently requested cipher which appears to be good
-        if ($this->validated_cipher_method === null) {
-            $this->validated_cipher_method = $cipher_method;
-        }
-        return $cipher_method;
-    }
-
-
-    /**
-     * returns true if the selected cipher method either uses Galois/Counter Mode (GCM)
-     * or Counter with CBC-MAC (CCM) authenticated encryption modes
-     * (also need to be using PHP 7.1 or greater to actually use authenticated encryption modes)
-     *
-     * @return bool
-     */
-    public function usesAuthenticatedEncryptionMode()
-    {
-        return PHP_VERSION_ID >= 70100
-               && (
-                   stripos($this->validated_cipher_method, 'gcm') !== false
-                   || stripos($this->validated_cipher_method, 'ccm') !== false
-               );
-    }
-
-
-    /**
-     * @param string $cipher_method
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function getAvailableCipherMethod($cipher_method = null)
-    {
-        // if nothing was supplied, the get what we found in the past to work
-        $cipher_method_to_test = $cipher_method ?: get_option($this->cipher_method_option_name, '');
-        // verify that the incoming cipher method exists and can produce an initialization vector
-        if ($this->validateCipherMethod($cipher_method_to_test) === false) {
-            // what? there's no list?
-            if (empty($this->cipher_methods)) {
-                // generate that list and cache it
-                $this->cipher_methods = $this->getAvailableStrongCipherMethods();
-            }
-            // then grab the first item from the list (we'll add it back later if it is good)
-            $cipher_method_to_test = array_shift($this->cipher_methods);
-            if ($cipher_method_to_test === null) {
-                throw new RuntimeException(
-                    esc_html__(
-                        'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
-                        'event_espresso'
-                    )
-                );
-            }
-            // verify that the next cipher method works
-            return $this->getAvailableCipherMethod($cipher_method_to_test);
-        }
-        // if we've gotten this far, then we found an available cipher method that works
-        // so save that for next time, if it's not the same as what's there already
-        if ($cipher_method_to_test !== $cipher_method) {
-            update_option($this->cipher_method_option_name, $cipher_method_to_test);
-        }
-        // if we previously removed this cipher method from the list of valid ones, then let's put it back
-        if (! in_array($cipher_method_to_test, $this->cipher_methods, true)) {
-            array_unshift($this->cipher_methods, $cipher_method_to_test);
-        }
-        return $cipher_method_to_test;
-    }
-
-
-    /**
-     * @return array
-     */
-    protected function getAvailableStrongCipherMethods()
-    {
-        return array_filter($this->installed_cipher_methods, [$this, 'weakAlgorithmFilter']);
-    }
-
-
-    /**
-     * @param string $cipher_method
-     * @param false  $throw_exception
-     * @return bool
-     */
-    protected function validateCipherMethod($cipher_method, $throw_exception = false)
-    {
-        // verify that the requested cipher method is actually installed and can produce an initialization vector
-        if (
-            in_array($cipher_method, $this->installed_cipher_methods, true)
-            && openssl_cipher_iv_length($cipher_method) !== false
-        ) {
-            return true;
-        }
-        if (! $throw_exception) {
-            return false;
-        }
-        throw new RuntimeException(
-            sprintf(
-                esc_html__(
-                    'The requested OpenSSL cipher method "%1$s" is invalid or not installed on the server. Please contact the server administrator.',
-                    'event_espresso'
-                ),
-                $cipher_method
-            )
-        );
-    }
-
-
-    /**
-     * @see https://www.php.net/manual/en/function.openssl-get-cipher-methods.php#example-890
-     * @param string $cipher_method
-     */
-    protected function weakAlgorithmFilter($cipher_method)
-    {
-        foreach ($this->weak_algorithms as $weak_algorithm) {
-            if (stripos($cipher_method, $weak_algorithm) !== false) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * @var string
+	 */
+	protected $cipher_method_option_name;
+
+	/**
+	 * list of cipher methods that we consider usable,
+	 * essentially all of the installed_cipher_methods minus weak_algorithms
+	 *
+	 * @var array
+	 */
+	protected $cipher_methods = [];
+
+	/**
+	 * @var string
+	 */
+	protected $default_cipher_method;
+
+	/**
+	 * list of ALL cipher methods available on the server
+	 *
+	 * @var array
+	 */
+	protected $installed_cipher_methods;
+
+	/**
+	 * the OpenSSL cipher method to use. default: AES-128-CBC
+	 *
+	 * @var string
+	 */
+	protected $validated_cipher_method;
+
+	/**
+	 * as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
+	 * and ECB mode should be avoided
+	 *
+	 * @var array
+	 */
+	protected $weak_algorithms = ['des', 'ecb', 'md5', 'rc2', 'rc4'];
+
+
+	/**
+	 * @param string $default_cipher_method
+	 * @param string $cipher_method_option_name
+	 */
+	public function __construct($default_cipher_method, $cipher_method_option_name)
+	{
+		$this->default_cipher_method     = $default_cipher_method;
+		$this->cipher_method_option_name = $cipher_method_option_name;
+		$this->installed_cipher_methods  = openssl_get_cipher_methods();
+	}
+
+
+	/**
+	 * Returns a cipher method that has been verified to work.
+	 * First checks if the cached cipher has been set already and if so, returns that.
+	 * Then tests the incoming default and returns that if it's good.
+	 * If not, then it retrieves the previously tested and saved cipher method.
+	 * But if that doesn't exist, then calls getAvailableCipherMethod()
+	 * to see what is available on the server, and returns the results.
+	 *
+	 * @param string $cipher_method
+	 * @param bool   $load_alternate [optional] if TRUE, will load the default cipher method (or any strong algorithm)
+	 *                               if the requested cipher method is not installed or invalid.
+	 *                               if FALSE, will throw an exception if the requested cipher method is not valid.
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function getCipherMethod($cipher_method = null, $load_alternate = true)
+	{
+		if (empty($cipher_method) && $this->validated_cipher_method !== null) {
+			return $this->validated_cipher_method;
+		}
+		// if nothing specific was requested and it's ok to load an alternate, then grab the system default
+		if (empty($cipher_method) && $load_alternate) {
+			$cipher_method = $this->default_cipher_method;
+		}
+		// verify that the cipher method can produce an initialization vector.
+		// but if the requested is invalid and we don't want to load an alternate, then throw an exception
+		$throw_exception = ! $load_alternate;
+		if ($this->validateCipherMethod($cipher_method, $throw_exception) === false) {
+			// nope? ... ok let's see what we can find
+			$cipher_method = $this->getAvailableCipherMethod();
+		}
+		// if nothing has been previously validated, then save the currently requested cipher which appears to be good
+		if ($this->validated_cipher_method === null) {
+			$this->validated_cipher_method = $cipher_method;
+		}
+		return $cipher_method;
+	}
+
+
+	/**
+	 * returns true if the selected cipher method either uses Galois/Counter Mode (GCM)
+	 * or Counter with CBC-MAC (CCM) authenticated encryption modes
+	 * (also need to be using PHP 7.1 or greater to actually use authenticated encryption modes)
+	 *
+	 * @return bool
+	 */
+	public function usesAuthenticatedEncryptionMode()
+	{
+		return PHP_VERSION_ID >= 70100
+			   && (
+				   stripos($this->validated_cipher_method, 'gcm') !== false
+				   || stripos($this->validated_cipher_method, 'ccm') !== false
+			   );
+	}
+
+
+	/**
+	 * @param string $cipher_method
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function getAvailableCipherMethod($cipher_method = null)
+	{
+		// if nothing was supplied, the get what we found in the past to work
+		$cipher_method_to_test = $cipher_method ?: get_option($this->cipher_method_option_name, '');
+		// verify that the incoming cipher method exists and can produce an initialization vector
+		if ($this->validateCipherMethod($cipher_method_to_test) === false) {
+			// what? there's no list?
+			if (empty($this->cipher_methods)) {
+				// generate that list and cache it
+				$this->cipher_methods = $this->getAvailableStrongCipherMethods();
+			}
+			// then grab the first item from the list (we'll add it back later if it is good)
+			$cipher_method_to_test = array_shift($this->cipher_methods);
+			if ($cipher_method_to_test === null) {
+				throw new RuntimeException(
+					esc_html__(
+						'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
+						'event_espresso'
+					)
+				);
+			}
+			// verify that the next cipher method works
+			return $this->getAvailableCipherMethod($cipher_method_to_test);
+		}
+		// if we've gotten this far, then we found an available cipher method that works
+		// so save that for next time, if it's not the same as what's there already
+		if ($cipher_method_to_test !== $cipher_method) {
+			update_option($this->cipher_method_option_name, $cipher_method_to_test);
+		}
+		// if we previously removed this cipher method from the list of valid ones, then let's put it back
+		if (! in_array($cipher_method_to_test, $this->cipher_methods, true)) {
+			array_unshift($this->cipher_methods, $cipher_method_to_test);
+		}
+		return $cipher_method_to_test;
+	}
+
+
+	/**
+	 * @return array
+	 */
+	protected function getAvailableStrongCipherMethods()
+	{
+		return array_filter($this->installed_cipher_methods, [$this, 'weakAlgorithmFilter']);
+	}
+
+
+	/**
+	 * @param string $cipher_method
+	 * @param false  $throw_exception
+	 * @return bool
+	 */
+	protected function validateCipherMethod($cipher_method, $throw_exception = false)
+	{
+		// verify that the requested cipher method is actually installed and can produce an initialization vector
+		if (
+			in_array($cipher_method, $this->installed_cipher_methods, true)
+			&& openssl_cipher_iv_length($cipher_method) !== false
+		) {
+			return true;
+		}
+		if (! $throw_exception) {
+			return false;
+		}
+		throw new RuntimeException(
+			sprintf(
+				esc_html__(
+					'The requested OpenSSL cipher method "%1$s" is invalid or not installed on the server. Please contact the server administrator.',
+					'event_espresso'
+				),
+				$cipher_method
+			)
+		);
+	}
+
+
+	/**
+	 * @see https://www.php.net/manual/en/function.openssl-get-cipher-methods.php#example-890
+	 * @param string $cipher_method
+	 */
+	protected function weakAlgorithmFilter($cipher_method)
+	{
+		foreach ($this->weak_algorithms as $weak_algorithm) {
+			if (stripos($cipher_method, $weak_algorithm) !== false) {
+				return false;
+			}
+		}
+		return true;
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -159,7 +159,7 @@ 
             update_option($this->cipher_method_option_name, $cipher_method_to_test);
         }
         // if we previously removed this cipher method from the list of valid ones, then let's put it back
-        if (! in_array($cipher_method_to_test, $this->cipher_methods, true)) {
+        if ( ! in_array($cipher_method_to_test, $this->cipher_methods, true)) {
             array_unshift($this->cipher_methods, $cipher_method_to_test);
         }
         return $cipher_method_to_test;
@@ -189,7 +189,7 @@ 
         ) {
             return true;
         }
-        if (! $throw_exception) {
+        if ( ! $throw_exception) {
             return false;
         }
         throw new RuntimeException(

core/services/encryption/openssl/OpenSSLv2.php

Indentation +217 added lines, -217 removed lines

@@ -24,221 +24,221 @@
 class OpenSSLv2 extends OpenSSL
 {
 
-    /**
-     * name used for a default encryption key in case no others are set
-     */
-    const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v2_key';
-
-    /**
-     * name used for saving encryption keys to the wp_options table
-     */
-    const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v2_encryption_keys';
-
-    /**
-     * the OPENSSL cipher method used
-     */
-    const CIPHER_METHOD = 'aes-256-gcm';
-
-    /**
-     * WP "options_name" used to store a verified available cipher method
-     */
-    const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v2_cipher_method';
-
-    /**
-     * The length of the authentication tag. Its value can be between 4 and 16 for GCM mode.
-     */
-    const AUTH_TAG_LENGTH = 16;
-
-
-    /**
-     * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
-     *              '7.1.0'
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod|null                  $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version defaults to 7.1.0
-     *                                                            (when openssl auth tag and random_bytes() were added)
-     */
-    public function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method = null,
-        EncryptionKeyManagerInterface $encryption_key_manager = null,
-        $min_php_version = '7.1.0'
-    ) {
-        parent::__construct(
-            $base64_encoder,
-            $cipher_method instanceof CipherMethod
-                ? $cipher_method
-                : new CipherMethod(
-                    OpenSSLv2::CIPHER_METHOD,
-                    OpenSSLv2::CIPHER_METHOD_OPTION_NAME
-                ),
-            $encryption_key_manager instanceof EncryptionKeyManager
-                ? $encryption_key_manager
-                : new EncryptionKeyManager(
-                    $base64_encoder,
-                    OpenSSLv2::DEFAULT_ENCRYPTION_KEY_ID,
-                    OpenSSLv2::ENCRYPTION_KEYS_OPTION_NAME
-                ),
-            $min_php_version
-        );
-    }
-
-
-    /**
-     * encrypts data
-     *
-     * @param string $text_to_encrypt           - the text to be encrypted
-     * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase. generated if not set
-     * @param string $aad                       - [optional] additional authentication data
-     * @return string
-     * @throws Exception
-     */
-    public function encrypt($text_to_encrypt, $encryption_key_identifier = '', $aad = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // generate initialization vector for the cipher method.
-        $iv = random_bytes(openssl_cipher_iv_length($cipher_method));
-        // encrypt it (encode to remove special characters)
-        $text_to_encrypt = $this->base64_encoder->encodeString($text_to_encrypt);
-        $encrypted_text  = $this->cipher_method->usesAuthenticatedEncryptionMode()
-            ? $this->authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
-            : $this->nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv);
-        return $this->base64_encoder->encodeString($encrypted_text);
-    }
-
-
-    /**
-     * @param string $text_to_encrypt - the text to be encrypted
-     * @param string $cipher_method   - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
-     * @param string $iv              - the initialization vector
-     * @param string $aad             - additional authentication data
-     * @return string
-     */
-    private function authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
-    {
-        $encrypted_text = openssl_encrypt(
-            $text_to_encrypt,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
-            0,
-            $iv,
-            $tag,
-            $aad,
-            OpenSSLv2::AUTH_TAG_LENGTH
-        );
-        $this->validateEncryption($encrypted_text);
-        // concatenate everything into one big string
-        return $iv . $tag . $encrypted_text;
-    }
-
-
-    /**
-     * @param string $text_to_encrypt - the text to be encrypted
-     * @param string $cipher_method   - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
-     * @param string $iv              - the initialization vector
-     * @return string
-     */
-    private function nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv)
-    {
-        $encrypted_text = openssl_encrypt(
-            $text_to_encrypt,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key),
-            0,
-            $iv
-        );
-        $this->validateEncryption($encrypted_text);
-        // prepend the initialization vector
-        return $iv . $encrypted_text;
-    }
-
-
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text            - the text to be decrypted
-     * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase uses default if not set
-     * @param string $aad                       - [optional] additional authentication data
-     * @return string
-     */
-    public function decrypt($encrypted_text, $encryption_key_identifier = '', $aad = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // maybe decode
-        $encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
-        $iv_length      = openssl_cipher_iv_length($cipher_method);
-        // use the iv length to snip it from the decoded string
-        $iv = substr($encrypted_text, 0, $iv_length);
-        // then remove it from the rest of the decoded string
-        $encrypted_text = substr($encrypted_text, $iv_length);
-        // decrypt it
-        $decrypted_text = $this->cipher_method->usesAuthenticatedEncryptionMode()
-            ? $this->authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
-            : $this->nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv);
-
-        $this->validateDecryption($decrypted_text);
-        return trim($this->base64_encoder->decodeString($decrypted_text));
-    }
-
-
-    /**
-     * @param string $encrypted_text - the text to be decrypted
-     * @param string $cipher_method  - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key - cryptographically secure passphrase uses default if not set
-     * @param string $iv             - the initialization vector
-     * @param string $aad            - additional authentication data
-     * @return string|false
-     */
-    private function authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
-    {
-        // use the tag length to snip it from the decoded string
-        $tag = substr($encrypted_text, 0, OpenSSLv2::AUTH_TAG_LENGTH);
-        // then remove it from the rest of the decoded string
-        $encrypted_text = substr($encrypted_text, OpenSSLv2::AUTH_TAG_LENGTH);
-        return openssl_decrypt(
-            $encrypted_text,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
-            0,
-            $iv,
-            $tag,
-            $aad
-        );
-    }
-
-
-    /**
-     * @param string $encrypted_text - the text to be decrypted
-     * @param string $cipher_method  - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key - cryptographically secure passphrase uses default if not set
-     * @param string $iv             - the initialization vector
-     * @return string|false
-     */
-    private function nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv)
-    {
-        return openssl_decrypt(
-            $encrypted_text,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key),
-            0,
-            $iv
-        );
-    }
+	/**
+	 * name used for a default encryption key in case no others are set
+	 */
+	const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v2_key';
+
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 */
+	const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v2_encryption_keys';
+
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const CIPHER_METHOD = 'aes-256-gcm';
+
+	/**
+	 * WP "options_name" used to store a verified available cipher method
+	 */
+	const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v2_cipher_method';
+
+	/**
+	 * The length of the authentication tag. Its value can be between 4 and 16 for GCM mode.
+	 */
+	const AUTH_TAG_LENGTH = 16;
+
+
+	/**
+	 * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
+	 *              '7.1.0'
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod|null                  $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version defaults to 7.1.0
+	 *                                                            (when openssl auth tag and random_bytes() were added)
+	 */
+	public function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method = null,
+		EncryptionKeyManagerInterface $encryption_key_manager = null,
+		$min_php_version = '7.1.0'
+	) {
+		parent::__construct(
+			$base64_encoder,
+			$cipher_method instanceof CipherMethod
+				? $cipher_method
+				: new CipherMethod(
+					OpenSSLv2::CIPHER_METHOD,
+					OpenSSLv2::CIPHER_METHOD_OPTION_NAME
+				),
+			$encryption_key_manager instanceof EncryptionKeyManager
+				? $encryption_key_manager
+				: new EncryptionKeyManager(
+					$base64_encoder,
+					OpenSSLv2::DEFAULT_ENCRYPTION_KEY_ID,
+					OpenSSLv2::ENCRYPTION_KEYS_OPTION_NAME
+				),
+			$min_php_version
+		);
+	}
+
+
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_to_encrypt           - the text to be encrypted
+	 * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase. generated if not set
+	 * @param string $aad                       - [optional] additional authentication data
+	 * @return string
+	 * @throws Exception
+	 */
+	public function encrypt($text_to_encrypt, $encryption_key_identifier = '', $aad = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// generate initialization vector for the cipher method.
+		$iv = random_bytes(openssl_cipher_iv_length($cipher_method));
+		// encrypt it (encode to remove special characters)
+		$text_to_encrypt = $this->base64_encoder->encodeString($text_to_encrypt);
+		$encrypted_text  = $this->cipher_method->usesAuthenticatedEncryptionMode()
+			? $this->authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
+			: $this->nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv);
+		return $this->base64_encoder->encodeString($encrypted_text);
+	}
+
+
+	/**
+	 * @param string $text_to_encrypt - the text to be encrypted
+	 * @param string $cipher_method   - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
+	 * @param string $iv              - the initialization vector
+	 * @param string $aad             - additional authentication data
+	 * @return string
+	 */
+	private function authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
+	{
+		$encrypted_text = openssl_encrypt(
+			$text_to_encrypt,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
+			0,
+			$iv,
+			$tag,
+			$aad,
+			OpenSSLv2::AUTH_TAG_LENGTH
+		);
+		$this->validateEncryption($encrypted_text);
+		// concatenate everything into one big string
+		return $iv . $tag . $encrypted_text;
+	}
+
+
+	/**
+	 * @param string $text_to_encrypt - the text to be encrypted
+	 * @param string $cipher_method   - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
+	 * @param string $iv              - the initialization vector
+	 * @return string
+	 */
+	private function nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv)
+	{
+		$encrypted_text = openssl_encrypt(
+			$text_to_encrypt,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key),
+			0,
+			$iv
+		);
+		$this->validateEncryption($encrypted_text);
+		// prepend the initialization vector
+		return $iv . $encrypted_text;
+	}
+
+
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text            - the text to be decrypted
+	 * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase uses default if not set
+	 * @param string $aad                       - [optional] additional authentication data
+	 * @return string
+	 */
+	public function decrypt($encrypted_text, $encryption_key_identifier = '', $aad = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// maybe decode
+		$encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
+		$iv_length      = openssl_cipher_iv_length($cipher_method);
+		// use the iv length to snip it from the decoded string
+		$iv = substr($encrypted_text, 0, $iv_length);
+		// then remove it from the rest of the decoded string
+		$encrypted_text = substr($encrypted_text, $iv_length);
+		// decrypt it
+		$decrypted_text = $this->cipher_method->usesAuthenticatedEncryptionMode()
+			? $this->authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
+			: $this->nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv);
+
+		$this->validateDecryption($decrypted_text);
+		return trim($this->base64_encoder->decodeString($decrypted_text));
+	}
+
+
+	/**
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @param string $cipher_method  - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key - cryptographically secure passphrase uses default if not set
+	 * @param string $iv             - the initialization vector
+	 * @param string $aad            - additional authentication data
+	 * @return string|false
+	 */
+	private function authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
+	{
+		// use the tag length to snip it from the decoded string
+		$tag = substr($encrypted_text, 0, OpenSSLv2::AUTH_TAG_LENGTH);
+		// then remove it from the rest of the decoded string
+		$encrypted_text = substr($encrypted_text, OpenSSLv2::AUTH_TAG_LENGTH);
+		return openssl_decrypt(
+			$encrypted_text,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
+			0,
+			$iv,
+			$tag,
+			$aad
+		);
+	}
+
+
+	/**
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @param string $cipher_method  - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key - cryptographically secure passphrase uses default if not set
+	 * @param string $iv             - the initialization vector
+	 * @return string|false
+	 */
+	private function nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv)
+	{
+		return openssl_decrypt(
+			$encrypted_text,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key),
+			0,
+			$iv
+		);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -143,7 +143,7 @@ 
         );
         $this->validateEncryption($encrypted_text);
         // concatenate everything into one big string
-        return $iv . $tag . $encrypted_text;
+        return $iv.$tag.$encrypted_text;
     }
 
 
@@ -165,7 +165,7 @@ 
         );
         $this->validateEncryption($encrypted_text);
         // prepend the initialization vector
-        return $iv . $encrypted_text;
+        return $iv.$encrypted_text;
     }
 
 

core/services/encryption/Base64Encoder.php

Indentation +144 added lines, -144 removed lines

@@ -15,148 +15,148 @@
 class Base64Encoder
 {
 
-    /**
-     * @var boolean
-     */
-    protected $use_base64_encode;
-
-
-    public function __construct()
-    {
-        $this->use_base64_encode = function_exists('base64_encode');
-    }
-
-
-    /**
-     * encodes string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function encodeString($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        return base64_encode($text_string);
-    }
-
-
-    /**
-     * decodes string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decodeString($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string)) {
-            return $encoded_string;
-        }
-        $this->isValidBase64OrFail($encoded_string);
-        return $this->decode($encoded_string);
-    }
-
-
-    /**
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    private function decode($encoded_string)
-    {
-        $decoded_string = base64_decode($encoded_string);
-        if ($decoded_string === false) {
-            throw new RuntimeException(
-                esc_html__('Base 64 decoding failed.', 'event_espresso')
-            );
-        }
-        return $decoded_string;
-    }
-
-
-    /**
-     * encodes  url string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function encodeUrl($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        $encoded_string = base64_encode($text_string);
-        // remove some chars to make encoding more URL friendly
-        return rtrim(strtr($encoded_string, '+/', '-_'), '=');
-    }
-
-
-    /**
-     * decodes  url string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decodeUrl($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string)) {
-            return $encoded_string;
-        }
-        // replace previously removed characters
-        $encoded_string = strtr($encoded_string, '-_', '+/');
-        $encoded_string .= str_repeat('=', 3 - (3 + strlen($encoded_string)) % 4);
-        $this->isValidBase64OrFail($encoded_string);
-        return $this->decode($encoded_string);
-    }
-
-
-    /**
-     * @param string $encoded_string the text to be decoded
-     * @throws RuntimeException
-     */
-    public function isValidBase64OrFail($encoded_string)
-    {
-        if (! $this->isValidBase64($encoded_string)) {
-            throw new RuntimeException(
-                esc_html__(
-                    'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
-                    'event_espresso'
-                )
-            );
-        }
-    }
-
-
-    /**
-     * @see https://stackoverflow.com/a/51877882
-     * @param $string
-     * @return bool
-     */
-    public function isValidBase64($string)
-    {
-        // ensure data is a string
-        if (! is_string($string) || ! $this->use_base64_encode) {
-            return false;
-        }
-        // first check if we're dealing with an actual valid base64 encoded string
-        $decoded = base64_decode($string, true);
-        if ($decoded === false) {
-            return false;
-        }
-        // finally, re-encode and compare it to original one
-        return base64_encode($decoded) === $string;
-    }
+	/**
+	 * @var boolean
+	 */
+	protected $use_base64_encode;
+
+
+	public function __construct()
+	{
+		$this->use_base64_encode = function_exists('base64_encode');
+	}
+
+
+	/**
+	 * encodes string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function encodeString($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		return base64_encode($text_string);
+	}
+
+
+	/**
+	 * decodes string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decodeString($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string)) {
+			return $encoded_string;
+		}
+		$this->isValidBase64OrFail($encoded_string);
+		return $this->decode($encoded_string);
+	}
+
+
+	/**
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	private function decode($encoded_string)
+	{
+		$decoded_string = base64_decode($encoded_string);
+		if ($decoded_string === false) {
+			throw new RuntimeException(
+				esc_html__('Base 64 decoding failed.', 'event_espresso')
+			);
+		}
+		return $decoded_string;
+	}
+
+
+	/**
+	 * encodes  url string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function encodeUrl($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		$encoded_string = base64_encode($text_string);
+		// remove some chars to make encoding more URL friendly
+		return rtrim(strtr($encoded_string, '+/', '-_'), '=');
+	}
+
+
+	/**
+	 * decodes  url string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decodeUrl($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string)) {
+			return $encoded_string;
+		}
+		// replace previously removed characters
+		$encoded_string = strtr($encoded_string, '-_', '+/');
+		$encoded_string .= str_repeat('=', 3 - (3 + strlen($encoded_string)) % 4);
+		$this->isValidBase64OrFail($encoded_string);
+		return $this->decode($encoded_string);
+	}
+
+
+	/**
+	 * @param string $encoded_string the text to be decoded
+	 * @throws RuntimeException
+	 */
+	public function isValidBase64OrFail($encoded_string)
+	{
+		if (! $this->isValidBase64($encoded_string)) {
+			throw new RuntimeException(
+				esc_html__(
+					'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
+					'event_espresso'
+				)
+			);
+		}
+	}
+
+
+	/**
+	 * @see https://stackoverflow.com/a/51877882
+	 * @param $string
+	 * @return bool
+	 */
+	public function isValidBase64($string)
+	{
+		// ensure data is a string
+		if (! is_string($string) || ! $this->use_base64_encode) {
+			return false;
+		}
+		// first check if we're dealing with an actual valid base64 encoded string
+		$decoded = base64_decode($string, true);
+		if ($decoded === false) {
+			return false;
+		}
+		// finally, re-encode and compare it to original one
+		return base64_encode($decoded) === $string;
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -129,7 +129,7 @@ 
      */
     public function isValidBase64OrFail($encoded_string)
     {
-        if (! $this->isValidBase64($encoded_string)) {
+        if ( ! $this->isValidBase64($encoded_string)) {
             throw new RuntimeException(
                 esc_html__(
                     'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
@@ -148,7 +148,7 @@ 
     public function isValidBase64($string)
     {
         // ensure data is a string
-        if (! is_string($string) || ! $this->use_base64_encode) {
+        if ( ! is_string($string) || ! $this->use_base64_encode) {
             return false;
         }
         // first check if we're dealing with an actual valid base64 encoded string

core/EE_Encryption.core.php

Indentation +671 added lines, -671 removed lines

@@ -26,675 +26,675 @@
 class EE_Encryption implements InterminableInterface
 {
 
-    /**
-     * key used for saving the encryption key to the wp_options table
-     */
-    const ENCRYPTION_OPTION_KEY = 'ee_encryption_key';
-
-    /**
-     * the OPENSSL cipher method used
-     */
-    const OPENSSL_CIPHER_METHOD = 'AES-128-CBC';
-
-    /**
-     * WP "options_name" used to store a verified available cipher method
-     */
-    const OPENSSL_CIPHER_METHOD_OPTION_NAME = 'ee_openssl_cipher_method';
-
-    /**
-     * the OPENSSL digest method used
-     */
-    const OPENSSL_DIGEST_METHOD = 'sha512';
-
-    /**
-     * separates the encrypted text from the initialization vector
-     */
-    const OPENSSL_IV_DELIMITER = ':iv:';
-
-    /**
-     * appended to text encrypted using the acme encryption
-     */
-    const ACME_ENCRYPTION_FLAG = '::ae';
-
-
-    /**
-     * instance of the EE_Encryption object
-     */
-    protected static $_instance;
-
-    /**
-     * @var string $_encryption_key
-     */
-    protected $_encryption_key;
-
-    /**
-     * @var string $cipher_method
-     */
-    private $cipher_method = '';
-
-    /**
-     * @var array $cipher_methods
-     */
-    private $cipher_methods = [];
-
-    /**
-     * @var array $digest_methods
-     */
-    private $digest_methods = [];
-
-    /**
-     * @var boolean $_use_openssl_encrypt
-     */
-    protected $_use_openssl_encrypt = false;
-
-    /**
-     * @var boolean $_use_mcrypt
-     */
-    protected $_use_mcrypt = false;
-
-    /**
-     * @var boolean $_use_base64_encode
-     */
-    protected $_use_base64_encode = false;
-
-
-    /**
-     * protected constructor to prevent direct creation
-     */
-    protected function __construct()
-    {
-        if (! defined('ESPRESSO_ENCRYPT')) {
-            define('ESPRESSO_ENCRYPT', true);
-        }
-        if (extension_loaded('openssl')) {
-            $this->_use_openssl_encrypt = true;
-        } elseif (extension_loaded('mcrypt')) {
-            $this->_use_mcrypt = true;
-        }
-        if (function_exists('base64_encode')) {
-            $this->_use_base64_encode = true;
-        }
-    }
-
-
-    /**
-     * singleton method used to instantiate class object
-     *
-     * @return EE_Encryption
-     */
-    public static function instance()
-    {
-        // check if class object is instantiated
-        if (! EE_Encryption::$_instance instanceof EE_Encryption) {
-            EE_Encryption::$_instance = new self();
-        }
-        return EE_Encryption::$_instance;
-    }
-
-
-    /**
-     * get encryption key
-     *
-     * @return string
-     */
-    public function get_encryption_key()
-    {
-        // if encryption key has not been set
-        if (empty($this->_encryption_key)) {
-            // retrieve encryption_key from db
-            $this->_encryption_key = get_option(EE_Encryption::ENCRYPTION_OPTION_KEY, '');
-            // WHAT?? No encryption_key in the db ??
-            if ($this->_encryption_key === '') {
-                // let's make one. And md5 it to make it just the right size for a key
-                $new_key = md5($this->generate_random_string());
-                // now save it to the db for later
-                add_option(EE_Encryption::ENCRYPTION_OPTION_KEY, $new_key);
-                // here's the key - FINALLY !
-                $this->_encryption_key = $new_key;
-            }
-        }
-        return $this->_encryption_key;
-    }
-
-
-    /**
-     * encrypts data
-     *
-     * @param string $text_string - the text to be encrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    public function encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        if ($this->_use_openssl_encrypt) {
-            $encrypted_text = $this->openssl_encrypt($text_string);
-        } else {
-            $encrypted_text = $this->acme_encrypt($text_string);
-        }
-        return $encrypted_text;
-    }
-
-
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text - the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // if PHP's mcrypt functions are installed then we'll use them
-        if ($this->_use_openssl_encrypt) {
-            $decrypted_text = $this->openssl_decrypt($encrypted_text);
-        } else {
-            $decrypted_text = $this->acme_decrypt($encrypted_text);
-        }
-        return $decrypted_text;
-    }
-
-
-    /**
-     * encodes string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function base64_string_encode($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->_use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        return base64_encode($text_string);
-    }
-
-
-    /**
-     * decodes string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function base64_string_decode($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
-            return $encoded_string;
-        }
-        // decode
-        $decoded_string = base64_decode($encoded_string);
-        if ($decoded_string === false) {
-            throw new RuntimeException(
-                esc_html__('Base 64 decoding failed.', 'event_espresso')
-            );
-        }
-        return $decoded_string;
-    }
-
-
-    /**
-     * encodes  url string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function base64_url_encode($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->_use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        $encoded_string = base64_encode($text_string);
-        // remove chars to make encoding more URL friendly
-        return strtr($encoded_string, '+/=', '-_,');
-    }
-
-
-    /**
-     * decodes  url string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function base64_url_decode($encoded_string = '')
-    {
-        // replace previously removed characters
-        $encoded_string = strtr($encoded_string, '-_,', '+/=');
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
-            return $encoded_string;
-        }
-        // decode
-        $decoded_string = base64_decode($encoded_string);
-        if ($decoded_string === false) {
-            throw new RuntimeException(
-                esc_html__('Base 64 decoding failed.', 'event_espresso')
-            );
-        }
-        return $decoded_string;
-    }
-
-
-    /**
-     * encrypts data using PHP's openssl functions
-     *
-     * @param string $text_string the text to be encrypted
-     * @param string $cipher_method
-     * @param string $encryption_key
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function openssl_encrypt(
-        $text_string = '',
-        $cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD,
-        $encryption_key = ''
-    ) {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        $this->cipher_method = $this->getCipherMethod($cipher_method);
-        // get initialization vector size
-        $iv_size = openssl_cipher_iv_length($this->cipher_method);
-        // generate initialization vector.
-        // The second parameter ("crypto_strong") is passed by reference,
-        // and is used to determines if the algorithm used was "cryptographically strong"
-        // openssl_random_pseudo_bytes() will toggle it to either true or false
-        $iv = openssl_random_pseudo_bytes($iv_size, $is_strong);
-        if ($iv === false || $is_strong === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
-            );
-        }
-        // encrypt it
-        $encrypted_text = openssl_encrypt(
-            $text_string,
-            $this->cipher_method,
-            $this->getDigestHashValue(EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key),
-            0,
-            $iv
-        );
-        // append the initialization vector
-        $encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER . $iv;
-        // trim and maybe encode
-        return $this->_use_base64_encode
-            ? trim(base64_encode($encrypted_text))
-            : trim($encrypted_text);
-    }
-
-
-    /**
-     * Returns a cipher method that has been verified to work.
-     * First checks if the cached cipher has been set already and if so, returns that.
-     * Then tests the incoming default and returns that if it's good.
-     * If not, then it retrieves the previously tested and saved cipher method.
-     * But if that doesn't exist, then calls getAvailableCipherMethod()
-     * to see what is available on the server, and returns the results.
-     *
-     * @param string $cipher_method
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function getCipherMethod($cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD)
-    {
-        if ($this->cipher_method !== '') {
-            return $this->cipher_method;
-        }
-        // verify that the default cipher method can produce an initialization vector
-        if (openssl_cipher_iv_length($cipher_method) === false) {
-            // nope? okay let's get what we found in the past to work
-            $cipher_method = get_option(EE_Encryption::OPENSSL_CIPHER_METHOD_OPTION_NAME, '');
-            // oops... haven't tested available cipher methods yet
-            if ($cipher_method === '' || openssl_cipher_iv_length($cipher_method) === false) {
-                $cipher_method = $this->getAvailableCipherMethod($cipher_method);
-            }
-        }
-        return $cipher_method;
-    }
-
-
-    /**
-     * @param string $cipher_method
-     * @return string
-     * @throws \RuntimeException
-     */
-    protected function getAvailableCipherMethod($cipher_method)
-    {
-        // verify that the incoming cipher method can produce an initialization vector
-        if (openssl_cipher_iv_length($cipher_method) === false) {
-            // nope? then check the next cipher in the list of available cipher methods
-            $cipher_method = next($this->cipher_methods);
-            // what? there's no list? then generate that list and cache it,
-            if (empty($this->cipher_methods)) {
-                $this->cipher_methods = openssl_get_cipher_methods();
-                // then grab the first item from the list
-                $cipher_method = reset($this->cipher_methods);
-            }
-            if ($cipher_method === false) {
-                throw new RuntimeException(
-                    esc_html__(
-                        'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
-                        'event_espresso'
-                    )
-                );
-            }
-            // verify that the next cipher method works
-            return $this->getAvailableCipherMethod($cipher_method);
-        }
-        // if we've gotten this far, then we found an available cipher method that works
-        // so save that for next time
-        update_option(
-            EE_Encryption::OPENSSL_CIPHER_METHOD_OPTION_NAME,
-            $cipher_method
-        );
-        return $cipher_method;
-    }
-
-
-    /**
-     * decrypts data that has been encrypted with PHP's openssl functions
-     *
-     * @param string $encrypted_text the text to be decrypted
-     * @param string $cipher_method
-     * @param string $encryption_key
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function openssl_decrypt(
-        $encrypted_text = '',
-        $cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD,
-        $encryption_key = ''
-    ) {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode
-        $encrypted_text       = $this->valid_base_64($encrypted_text)
-            ? $this->base64_url_decode($encrypted_text)
-            : $encrypted_text;
-        $encrypted_components = explode(
-            EE_Encryption::OPENSSL_IV_DELIMITER,
-            $encrypted_text,
-            2
-        );
-        // check that iv exists, and if not, maybe text was encoded using mcrypt?
-        if ($this->_use_mcrypt && ! isset($encrypted_components[1])) {
-            return $this->m_decrypt($encrypted_text);
-        }
-        // decrypt it
-        $decrypted_text = openssl_decrypt(
-            $encrypted_components[0],
-            $this->getCipherMethod($cipher_method),
-            $this->getDigestHashValue(EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key),
-            0,
-            $encrypted_components[1]
-        );
-        $decrypted_text = trim($decrypted_text);
-        return $decrypted_text;
-    }
-
-
-    /**
-     * Computes the digest hash value using the specified digest method.
-     * If that digest method fails to produce a valid hash value,
-     * then we'll grab the next digest method and recursively try again until something works.
-     *
-     * @param string $digest_method
-     * @param string $encryption_key
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function getDigestHashValue($digest_method = EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key = '')
-    {
-        $encryption_key    = $encryption_key !== ''
-            ? $encryption_key
-            : $this->get_encryption_key();
-        $digest_hash_value = openssl_digest($encryption_key, $digest_method);
-        if ($digest_hash_value === false) {
-            return $this->getDigestHashValue($this->getDigestMethod());
-        }
-        return $digest_hash_value;
-    }
-
-
-    /**
-     * Returns the NEXT element in the $digest_methods array.
-     * If the $digest_methods array is empty, then we populate it
-     * with the available values returned from openssl_get_md_methods().
-     *
-     * @return string
-     * @throws \RuntimeException
-     */
-    protected function getDigestMethod()
-    {
-        $digest_method = prev($this->digest_methods);
-        if (empty($this->digest_methods)) {
-            $this->digest_methods = openssl_get_md_methods();
-            $digest_method        = end($this->digest_methods);
-        }
-        if ($digest_method === false) {
-            throw new RuntimeException(
-                esc_html__(
-                    'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
-                    'event_espresso'
-                )
-            );
-        }
-        return $digest_method;
-    }
-
-
-    /**
-     * encrypts data for acme servers that didn't bother to install PHP mcrypt
-     *
-     * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
-     * @param string $text_string the text to be decrypted
-     * @return string
-     */
-    protected function acme_encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        $key_bits    = str_split(
-            str_pad(
-                '',
-                strlen($text_string),
-                $this->get_encryption_key(),
-                STR_PAD_RIGHT
-            )
-        );
-        $string_bits = str_split($text_string);
-        foreach ($string_bits as $k => $v) {
-            $temp              = ord($v) + ord($key_bits[ $k ]);
-            $string_bits[ $k ] = chr($temp > 255 ? ($temp - 256) : $temp);
-        }
-        $encrypted_text = implode('', $string_bits);
-        $encrypted_text .= EE_Encryption::ACME_ENCRYPTION_FLAG;
-        return $this->_use_base64_encode
-            ? base64_encode($encrypted_text)
-            : $encrypted_text;
-    }
-
-
-    /**
-     * decrypts data for acme servers that didn't bother to install PHP mcrypt
-     *
-     * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
-     * @param string $encrypted_text the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function acme_decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode the data ?
-        $encrypted_text = $this->valid_base_64($encrypted_text)
-            ? $this->base64_url_decode($encrypted_text)
-            : $encrypted_text;
-        if ($this->_use_mcrypt
-            && strpos($encrypted_text, EE_Encryption::ACME_ENCRYPTION_FLAG) === false
-        ) {
-            return $this->m_decrypt($encrypted_text);
-        }
-        $encrypted_text = substr($encrypted_text, 0, -4);
-        $key_bits       = str_split(
-            str_pad(
-                '',
-                strlen($encrypted_text),
-                $this->get_encryption_key(),
-                STR_PAD_RIGHT
-            )
-        );
-        $string_bits    = str_split($encrypted_text);
-        foreach ($string_bits as $k => $v) {
-            $temp              = ord($v) - ord($key_bits[ $k ]);
-            $string_bits[ $k ] = chr($temp < 0 ? ($temp + 256) : $temp);
-        }
-        return implode('', $string_bits);
-    }
-
-
-    /**
-     * @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
-     * @param $string
-     * @return bool
-     */
-    protected function valid_base_64($string)
-    {
-        // ensure data is a string
-        if (! is_string($string) || ! $this->_use_base64_encode) {
-            return false;
-        }
-        $decoded = base64_decode($string, true);
-        // Check if there is no invalid character in string
-        if (! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
-            return false;
-        }
-        // Decode the string in strict mode and send the response
-        if (! base64_decode($string, true)) {
-            return false;
-        }
-        // Encode and compare it to original one
-        return base64_encode($decoded) === $string;
-    }
-
-
-    /**
-     * generate random string
-     *
-     * @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
-     * @param int $length number of characters for random string
-     * @return string
-     */
-    public function generate_random_string($length = 40)
-    {
-        $iterations    = ceil($length / 40);
-        $random_string = '';
-        for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
-        }
-        $random_string = substr($random_string, 0, $length);
-        return $random_string;
-    }
-
-
-    /**
-     * encrypts data using PHP's mcrypt functions
-     *
-     * @param string $text_string
-     * @return string
-     * @throws RuntimeException
-     * @deprecated 4.9.39
-     * @internal   param $string - the text to be encrypted
-     */
-    protected function m_encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        // get the initialization vector size
-        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-        // initialization vector
-        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-        if ($iv === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
-            );
-        }
-        // encrypt it
-        $encrypted_text = mcrypt_encrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->get_encryption_key(),
-            $text_string,
-            MCRYPT_MODE_ECB,
-            $iv
-        );
-        // trim and maybe encode
-        return $this->_use_base64_encode
-            ? trim(base64_encode($encrypted_text))
-            : trim($encrypted_text);
-    }
-
-
-    /**
-     * decrypts data that has been encrypted with PHP's mcrypt functions
-     *
-     * @param string $encrypted_text the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     * @deprecated 4.9.39
-     */
-    protected function m_decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode
-        $encrypted_text = $this->valid_base_64($encrypted_text)
-            ? $this->base64_url_decode($encrypted_text)
-            : $encrypted_text;
-        // get the initialization vector size
-        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-        $iv      = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-        if ($iv === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
-            );
-        }
-        // decrypt it
-        $decrypted_text = mcrypt_decrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->get_encryption_key(),
-            $encrypted_text,
-            MCRYPT_MODE_ECB,
-            $iv
-        );
-        $decrypted_text = trim($decrypted_text);
-        return $decrypted_text;
-    }
+	/**
+	 * key used for saving the encryption key to the wp_options table
+	 */
+	const ENCRYPTION_OPTION_KEY = 'ee_encryption_key';
+
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const OPENSSL_CIPHER_METHOD = 'AES-128-CBC';
+
+	/**
+	 * WP "options_name" used to store a verified available cipher method
+	 */
+	const OPENSSL_CIPHER_METHOD_OPTION_NAME = 'ee_openssl_cipher_method';
+
+	/**
+	 * the OPENSSL digest method used
+	 */
+	const OPENSSL_DIGEST_METHOD = 'sha512';
+
+	/**
+	 * separates the encrypted text from the initialization vector
+	 */
+	const OPENSSL_IV_DELIMITER = ':iv:';
+
+	/**
+	 * appended to text encrypted using the acme encryption
+	 */
+	const ACME_ENCRYPTION_FLAG = '::ae';
+
+
+	/**
+	 * instance of the EE_Encryption object
+	 */
+	protected static $_instance;
+
+	/**
+	 * @var string $_encryption_key
+	 */
+	protected $_encryption_key;
+
+	/**
+	 * @var string $cipher_method
+	 */
+	private $cipher_method = '';
+
+	/**
+	 * @var array $cipher_methods
+	 */
+	private $cipher_methods = [];
+
+	/**
+	 * @var array $digest_methods
+	 */
+	private $digest_methods = [];
+
+	/**
+	 * @var boolean $_use_openssl_encrypt
+	 */
+	protected $_use_openssl_encrypt = false;
+
+	/**
+	 * @var boolean $_use_mcrypt
+	 */
+	protected $_use_mcrypt = false;
+
+	/**
+	 * @var boolean $_use_base64_encode
+	 */
+	protected $_use_base64_encode = false;
+
+
+	/**
+	 * protected constructor to prevent direct creation
+	 */
+	protected function __construct()
+	{
+		if (! defined('ESPRESSO_ENCRYPT')) {
+			define('ESPRESSO_ENCRYPT', true);
+		}
+		if (extension_loaded('openssl')) {
+			$this->_use_openssl_encrypt = true;
+		} elseif (extension_loaded('mcrypt')) {
+			$this->_use_mcrypt = true;
+		}
+		if (function_exists('base64_encode')) {
+			$this->_use_base64_encode = true;
+		}
+	}
+
+
+	/**
+	 * singleton method used to instantiate class object
+	 *
+	 * @return EE_Encryption
+	 */
+	public static function instance()
+	{
+		// check if class object is instantiated
+		if (! EE_Encryption::$_instance instanceof EE_Encryption) {
+			EE_Encryption::$_instance = new self();
+		}
+		return EE_Encryption::$_instance;
+	}
+
+
+	/**
+	 * get encryption key
+	 *
+	 * @return string
+	 */
+	public function get_encryption_key()
+	{
+		// if encryption key has not been set
+		if (empty($this->_encryption_key)) {
+			// retrieve encryption_key from db
+			$this->_encryption_key = get_option(EE_Encryption::ENCRYPTION_OPTION_KEY, '');
+			// WHAT?? No encryption_key in the db ??
+			if ($this->_encryption_key === '') {
+				// let's make one. And md5 it to make it just the right size for a key
+				$new_key = md5($this->generate_random_string());
+				// now save it to the db for later
+				add_option(EE_Encryption::ENCRYPTION_OPTION_KEY, $new_key);
+				// here's the key - FINALLY !
+				$this->_encryption_key = $new_key;
+			}
+		}
+		return $this->_encryption_key;
+	}
+
+
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_string - the text to be encrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		if ($this->_use_openssl_encrypt) {
+			$encrypted_text = $this->openssl_encrypt($text_string);
+		} else {
+			$encrypted_text = $this->acme_encrypt($text_string);
+		}
+		return $encrypted_text;
+	}
+
+
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// if PHP's mcrypt functions are installed then we'll use them
+		if ($this->_use_openssl_encrypt) {
+			$decrypted_text = $this->openssl_decrypt($encrypted_text);
+		} else {
+			$decrypted_text = $this->acme_decrypt($encrypted_text);
+		}
+		return $decrypted_text;
+	}
+
+
+	/**
+	 * encodes string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function base64_string_encode($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->_use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		return base64_encode($text_string);
+	}
+
+
+	/**
+	 * decodes string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function base64_string_decode($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
+			return $encoded_string;
+		}
+		// decode
+		$decoded_string = base64_decode($encoded_string);
+		if ($decoded_string === false) {
+			throw new RuntimeException(
+				esc_html__('Base 64 decoding failed.', 'event_espresso')
+			);
+		}
+		return $decoded_string;
+	}
+
+
+	/**
+	 * encodes  url string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function base64_url_encode($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->_use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		$encoded_string = base64_encode($text_string);
+		// remove chars to make encoding more URL friendly
+		return strtr($encoded_string, '+/=', '-_,');
+	}
+
+
+	/**
+	 * decodes  url string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function base64_url_decode($encoded_string = '')
+	{
+		// replace previously removed characters
+		$encoded_string = strtr($encoded_string, '-_,', '+/=');
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
+			return $encoded_string;
+		}
+		// decode
+		$decoded_string = base64_decode($encoded_string);
+		if ($decoded_string === false) {
+			throw new RuntimeException(
+				esc_html__('Base 64 decoding failed.', 'event_espresso')
+			);
+		}
+		return $decoded_string;
+	}
+
+
+	/**
+	 * encrypts data using PHP's openssl functions
+	 *
+	 * @param string $text_string the text to be encrypted
+	 * @param string $cipher_method
+	 * @param string $encryption_key
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function openssl_encrypt(
+		$text_string = '',
+		$cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD,
+		$encryption_key = ''
+	) {
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		$this->cipher_method = $this->getCipherMethod($cipher_method);
+		// get initialization vector size
+		$iv_size = openssl_cipher_iv_length($this->cipher_method);
+		// generate initialization vector.
+		// The second parameter ("crypto_strong") is passed by reference,
+		// and is used to determines if the algorithm used was "cryptographically strong"
+		// openssl_random_pseudo_bytes() will toggle it to either true or false
+		$iv = openssl_random_pseudo_bytes($iv_size, $is_strong);
+		if ($iv === false || $is_strong === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
+			);
+		}
+		// encrypt it
+		$encrypted_text = openssl_encrypt(
+			$text_string,
+			$this->cipher_method,
+			$this->getDigestHashValue(EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key),
+			0,
+			$iv
+		);
+		// append the initialization vector
+		$encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER . $iv;
+		// trim and maybe encode
+		return $this->_use_base64_encode
+			? trim(base64_encode($encrypted_text))
+			: trim($encrypted_text);
+	}
+
+
+	/**
+	 * Returns a cipher method that has been verified to work.
+	 * First checks if the cached cipher has been set already and if so, returns that.
+	 * Then tests the incoming default and returns that if it's good.
+	 * If not, then it retrieves the previously tested and saved cipher method.
+	 * But if that doesn't exist, then calls getAvailableCipherMethod()
+	 * to see what is available on the server, and returns the results.
+	 *
+	 * @param string $cipher_method
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function getCipherMethod($cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD)
+	{
+		if ($this->cipher_method !== '') {
+			return $this->cipher_method;
+		}
+		// verify that the default cipher method can produce an initialization vector
+		if (openssl_cipher_iv_length($cipher_method) === false) {
+			// nope? okay let's get what we found in the past to work
+			$cipher_method = get_option(EE_Encryption::OPENSSL_CIPHER_METHOD_OPTION_NAME, '');
+			// oops... haven't tested available cipher methods yet
+			if ($cipher_method === '' || openssl_cipher_iv_length($cipher_method) === false) {
+				$cipher_method = $this->getAvailableCipherMethod($cipher_method);
+			}
+		}
+		return $cipher_method;
+	}
+
+
+	/**
+	 * @param string $cipher_method
+	 * @return string
+	 * @throws \RuntimeException
+	 */
+	protected function getAvailableCipherMethod($cipher_method)
+	{
+		// verify that the incoming cipher method can produce an initialization vector
+		if (openssl_cipher_iv_length($cipher_method) === false) {
+			// nope? then check the next cipher in the list of available cipher methods
+			$cipher_method = next($this->cipher_methods);
+			// what? there's no list? then generate that list and cache it,
+			if (empty($this->cipher_methods)) {
+				$this->cipher_methods = openssl_get_cipher_methods();
+				// then grab the first item from the list
+				$cipher_method = reset($this->cipher_methods);
+			}
+			if ($cipher_method === false) {
+				throw new RuntimeException(
+					esc_html__(
+						'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
+						'event_espresso'
+					)
+				);
+			}
+			// verify that the next cipher method works
+			return $this->getAvailableCipherMethod($cipher_method);
+		}
+		// if we've gotten this far, then we found an available cipher method that works
+		// so save that for next time
+		update_option(
+			EE_Encryption::OPENSSL_CIPHER_METHOD_OPTION_NAME,
+			$cipher_method
+		);
+		return $cipher_method;
+	}
+
+
+	/**
+	 * decrypts data that has been encrypted with PHP's openssl functions
+	 *
+	 * @param string $encrypted_text the text to be decrypted
+	 * @param string $cipher_method
+	 * @param string $encryption_key
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function openssl_decrypt(
+		$encrypted_text = '',
+		$cipher_method = EE_Encryption::OPENSSL_CIPHER_METHOD,
+		$encryption_key = ''
+	) {
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode
+		$encrypted_text       = $this->valid_base_64($encrypted_text)
+			? $this->base64_url_decode($encrypted_text)
+			: $encrypted_text;
+		$encrypted_components = explode(
+			EE_Encryption::OPENSSL_IV_DELIMITER,
+			$encrypted_text,
+			2
+		);
+		// check that iv exists, and if not, maybe text was encoded using mcrypt?
+		if ($this->_use_mcrypt && ! isset($encrypted_components[1])) {
+			return $this->m_decrypt($encrypted_text);
+		}
+		// decrypt it
+		$decrypted_text = openssl_decrypt(
+			$encrypted_components[0],
+			$this->getCipherMethod($cipher_method),
+			$this->getDigestHashValue(EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key),
+			0,
+			$encrypted_components[1]
+		);
+		$decrypted_text = trim($decrypted_text);
+		return $decrypted_text;
+	}
+
+
+	/**
+	 * Computes the digest hash value using the specified digest method.
+	 * If that digest method fails to produce a valid hash value,
+	 * then we'll grab the next digest method and recursively try again until something works.
+	 *
+	 * @param string $digest_method
+	 * @param string $encryption_key
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function getDigestHashValue($digest_method = EE_Encryption::OPENSSL_DIGEST_METHOD, $encryption_key = '')
+	{
+		$encryption_key    = $encryption_key !== ''
+			? $encryption_key
+			: $this->get_encryption_key();
+		$digest_hash_value = openssl_digest($encryption_key, $digest_method);
+		if ($digest_hash_value === false) {
+			return $this->getDigestHashValue($this->getDigestMethod());
+		}
+		return $digest_hash_value;
+	}
+
+
+	/**
+	 * Returns the NEXT element in the $digest_methods array.
+	 * If the $digest_methods array is empty, then we populate it
+	 * with the available values returned from openssl_get_md_methods().
+	 *
+	 * @return string
+	 * @throws \RuntimeException
+	 */
+	protected function getDigestMethod()
+	{
+		$digest_method = prev($this->digest_methods);
+		if (empty($this->digest_methods)) {
+			$this->digest_methods = openssl_get_md_methods();
+			$digest_method        = end($this->digest_methods);
+		}
+		if ($digest_method === false) {
+			throw new RuntimeException(
+				esc_html__(
+					'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
+					'event_espresso'
+				)
+			);
+		}
+		return $digest_method;
+	}
+
+
+	/**
+	 * encrypts data for acme servers that didn't bother to install PHP mcrypt
+	 *
+	 * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
+	 * @param string $text_string the text to be decrypted
+	 * @return string
+	 */
+	protected function acme_encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		$key_bits    = str_split(
+			str_pad(
+				'',
+				strlen($text_string),
+				$this->get_encryption_key(),
+				STR_PAD_RIGHT
+			)
+		);
+		$string_bits = str_split($text_string);
+		foreach ($string_bits as $k => $v) {
+			$temp              = ord($v) + ord($key_bits[ $k ]);
+			$string_bits[ $k ] = chr($temp > 255 ? ($temp - 256) : $temp);
+		}
+		$encrypted_text = implode('', $string_bits);
+		$encrypted_text .= EE_Encryption::ACME_ENCRYPTION_FLAG;
+		return $this->_use_base64_encode
+			? base64_encode($encrypted_text)
+			: $encrypted_text;
+	}
+
+
+	/**
+	 * decrypts data for acme servers that didn't bother to install PHP mcrypt
+	 *
+	 * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
+	 * @param string $encrypted_text the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function acme_decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode the data ?
+		$encrypted_text = $this->valid_base_64($encrypted_text)
+			? $this->base64_url_decode($encrypted_text)
+			: $encrypted_text;
+		if ($this->_use_mcrypt
+			&& strpos($encrypted_text, EE_Encryption::ACME_ENCRYPTION_FLAG) === false
+		) {
+			return $this->m_decrypt($encrypted_text);
+		}
+		$encrypted_text = substr($encrypted_text, 0, -4);
+		$key_bits       = str_split(
+			str_pad(
+				'',
+				strlen($encrypted_text),
+				$this->get_encryption_key(),
+				STR_PAD_RIGHT
+			)
+		);
+		$string_bits    = str_split($encrypted_text);
+		foreach ($string_bits as $k => $v) {
+			$temp              = ord($v) - ord($key_bits[ $k ]);
+			$string_bits[ $k ] = chr($temp < 0 ? ($temp + 256) : $temp);
+		}
+		return implode('', $string_bits);
+	}
+
+
+	/**
+	 * @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
+	 * @param $string
+	 * @return bool
+	 */
+	protected function valid_base_64($string)
+	{
+		// ensure data is a string
+		if (! is_string($string) || ! $this->_use_base64_encode) {
+			return false;
+		}
+		$decoded = base64_decode($string, true);
+		// Check if there is no invalid character in string
+		if (! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
+			return false;
+		}
+		// Decode the string in strict mode and send the response
+		if (! base64_decode($string, true)) {
+			return false;
+		}
+		// Encode and compare it to original one
+		return base64_encode($decoded) === $string;
+	}
+
+
+	/**
+	 * generate random string
+	 *
+	 * @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
+	 * @param int $length number of characters for random string
+	 * @return string
+	 */
+	public function generate_random_string($length = 40)
+	{
+		$iterations    = ceil($length / 40);
+		$random_string = '';
+		for ($i = 0; $i < $iterations; $i++) {
+			$random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+		}
+		$random_string = substr($random_string, 0, $length);
+		return $random_string;
+	}
+
+
+	/**
+	 * encrypts data using PHP's mcrypt functions
+	 *
+	 * @param string $text_string
+	 * @return string
+	 * @throws RuntimeException
+	 * @deprecated 4.9.39
+	 * @internal   param $string - the text to be encrypted
+	 */
+	protected function m_encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		// get the initialization vector size
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		// initialization vector
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		if ($iv === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
+			);
+		}
+		// encrypt it
+		$encrypted_text = mcrypt_encrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->get_encryption_key(),
+			$text_string,
+			MCRYPT_MODE_ECB,
+			$iv
+		);
+		// trim and maybe encode
+		return $this->_use_base64_encode
+			? trim(base64_encode($encrypted_text))
+			: trim($encrypted_text);
+	}
+
+
+	/**
+	 * decrypts data that has been encrypted with PHP's mcrypt functions
+	 *
+	 * @param string $encrypted_text the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 * @deprecated 4.9.39
+	 */
+	protected function m_decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode
+		$encrypted_text = $this->valid_base_64($encrypted_text)
+			? $this->base64_url_decode($encrypted_text)
+			: $encrypted_text;
+		// get the initialization vector size
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv      = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		if ($iv === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
+			);
+		}
+		// decrypt it
+		$decrypted_text = mcrypt_decrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->get_encryption_key(),
+			$encrypted_text,
+			MCRYPT_MODE_ECB,
+			$iv
+		);
+		$decrypted_text = trim($decrypted_text);
+		return $decrypted_text;
+	}
 }

Spacing +13 added lines, -13 removed lines

@@ -103,7 +103,7 @@ 
      */
     protected function __construct()
     {
-        if (! defined('ESPRESSO_ENCRYPT')) {
+        if ( ! defined('ESPRESSO_ENCRYPT')) {
             define('ESPRESSO_ENCRYPT', true);
         }
         if (extension_loaded('openssl')) {
@@ -125,7 +125,7 @@ 
     public static function instance()
     {
         // check if class object is instantiated
-        if (! EE_Encryption::$_instance instanceof EE_Encryption) {
+        if ( ! EE_Encryption::$_instance instanceof EE_Encryption) {
             EE_Encryption::$_instance = new self();
         }
         return EE_Encryption::$_instance;
@@ -332,7 +332,7 @@ 
             $iv
         );
         // append the initialization vector
-        $encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER . $iv;
+        $encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER.$iv;
         // trim and maybe encode
         return $this->_use_base64_encode
             ? trim(base64_encode($encrypted_text))
@@ -515,7 +515,7 @@ 
         if (empty($text_string)) {
             return $text_string;
         }
-        $key_bits    = str_split(
+        $key_bits = str_split(
             str_pad(
                 '',
                 strlen($text_string),
@@ -525,8 +525,8 @@ 
         );
         $string_bits = str_split($text_string);
         foreach ($string_bits as $k => $v) {
-            $temp              = ord($v) + ord($key_bits[ $k ]);
-            $string_bits[ $k ] = chr($temp > 255 ? ($temp - 256) : $temp);
+            $temp              = ord($v) + ord($key_bits[$k]);
+            $string_bits[$k] = chr($temp > 255 ? ($temp - 256) : $temp);
         }
         $encrypted_text = implode('', $string_bits);
         $encrypted_text .= EE_Encryption::ACME_ENCRYPTION_FLAG;
@@ -568,10 +568,10 @@ 
                 STR_PAD_RIGHT
             )
         );
-        $string_bits    = str_split($encrypted_text);
+        $string_bits = str_split($encrypted_text);
         foreach ($string_bits as $k => $v) {
-            $temp              = ord($v) - ord($key_bits[ $k ]);
-            $string_bits[ $k ] = chr($temp < 0 ? ($temp + 256) : $temp);
+            $temp              = ord($v) - ord($key_bits[$k]);
+            $string_bits[$k] = chr($temp < 0 ? ($temp + 256) : $temp);
         }
         return implode('', $string_bits);
     }
@@ -585,16 +585,16 @@ 
     protected function valid_base_64($string)
     {
         // ensure data is a string
-        if (! is_string($string) || ! $this->_use_base64_encode) {
+        if ( ! is_string($string) || ! $this->_use_base64_encode) {
             return false;
         }
         $decoded = base64_decode($string, true);
         // Check if there is no invalid character in string
-        if (! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
+        if ( ! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
             return false;
         }
         // Decode the string in strict mode and send the response
-        if (! base64_decode($string, true)) {
+        if ( ! base64_decode($string, true)) {
             return false;
         }
         // Encode and compare it to original one
@@ -614,7 +614,7 @@ 
         $iterations    = ceil($length / 40);
         $random_string = '';
         for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+            $random_string .= sha1(microtime(true).mt_rand(10000, 90000));
         }
         $random_string = substr($random_string, 0, $length);
         return $random_string;