eventespresso / event-espresso-core

core/services/encryption/EncryptionKeyManager.php

Indentation +227 added lines, -227 removed lines

@@ -17,231 +17,231 @@
 class EncryptionKeyManager implements EncryptionKeyManagerInterface
 {
 
-    /**
-     * name used for a default encryption key in case no others are set
-     *
-     * @var string
-     */
-    private $default_encryption_key_id;
-
-    /**
-     * name used for saving encryption keys to the wp_options table
-     *
-     * @var string
-     */
-    private $encryption_keys_option_name;
-
-    /**
-     * @var array
-     */
-    private $encryption_keys = null;
-
-    /**
-     * number of bits used when generating cryptographically secure keys
-     *
-     * @var int
-     */
-    private $bit_depth = 128;
-
-    /**
-     * @var int[]
-     */
-    private $bit_depth_options = [64, 128, 192, 256];
-
-    /**
-     * number of characters used when generating cryptographically weak keys
-     *
-     * @var int
-     */
-    private $key_length = 40;
-
-
-    /**
-     * @param string $default_encryption_key_id
-     * @param string $encryption_keys_option_name
-     */
-    public function __construct($default_encryption_key_id, $encryption_keys_option_name)
-    {
-        $this->default_encryption_key_id   = $default_encryption_key_id;
-        $this->encryption_keys_option_name = $encryption_keys_option_name;
-    }
-
-
-    /**
-     * add an encryption key
-     *
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
-     * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
-     * @return bool
-     * @throws Exception
-     */
-    public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false)
-    {
-        // ensure keys are loaded
-        $this->retrieveEncryptionKeys();
-        if (isset($this->encryption_keys[ $encryption_key_identifier ]) && ! $overwrite) {
-            // WOAH!!! that key already exists and we don't want to overwrite it
-            throw new RuntimeException (
-                sprintf(
-                    esc_html__(
-                        'The "%1$s" encryption key already exists and can not be overwritten because previously encrypted values would no longer be capable of being decrypted.',
-                        'event_espresso'
-                    ),
-                    $encryption_key_identifier
-                )
-            );
-        }
-        $this->encryption_keys[ $encryption_key_identifier ] = $encryption_key ?: $this->generateEncryptionKey();
-        return $this->saveEncryptionKeys();
-    }
-
-
-    /**
-     * returns cryptographically secure passphrase. will use default if necessary
-     *
-     * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
-     * @param string $generate                  - will generate a new key if the requested one does not exist
-     * @return string
-     * @throws Exception
-     */
-    public function getEncryptionKey($encryption_key_identifier = '', $generate = false)
-    {
-        $encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
-        // ensure keys are loaded
-        $this->retrieveEncryptionKeys();
-        // if encryption key has not been set
-        if (! isset($this->encryption_keys[ $encryption_key_identifier ])) {
-            if ($generate) {
-                $this->addEncryptionKey($encryption_key_identifier);
-            } else {
-                throw new OutOfBoundsException(
-                    sprintf(
-                        esc_html__('The "%1$s" encryption key was not found or is invalid.', 'event_espresso'),
-                        $encryption_key_identifier
-                    )
-                );
-            }
-        }
-        return $this->encryption_keys[ $encryption_key_identifier ];
-    }
-
-
-    /**
-     * creates a new encryption key
-     *
-     * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
-     * @return string
-     * @throws Exception
-     */
-    public function generateEncryptionKey($strong = true)
-    {
-        return $strong && PHP_VERSION_ID >= 70100
-            ? $this->generateStrongEncryptionKey()
-            : $this->generateWeakEncryptionKey();
-    }
-
-
-    /**
-     * creates a new cryptographically secure encryption key
-     *
-     * @return string
-     * @throws Exception
-     */
-    protected function generateStrongEncryptionKey()
-    {
-        // bit_depth needs to be divided by 8
-        return random_bytes($this->bit_depth / 8);
-    }
-
-
-    /**
-     * creates a new encryption key that should not be trusted to be cryptographically secure
-     *
-     * @return string
-     * @throws Exception
-     */
-    protected function generateWeakEncryptionKey()
-    {
-        // @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
-        $iterations    = ceil($this->key_length / 40);
-        $random_string = '';
-        for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
-        }
-        return substr($random_string, 0, $this->key_length);
-    }
-
-
-    /**
-     * @return int
-     */
-    public function bitDepth()
-    {
-        return $this->bit_depth;
-    }
-
-
-    /**
-     * @param int $bit_depth options are 64, 128, 192, or 256
-     */
-    public function setBitDepth($bit_depth)
-    {
-        $bit_depth       = absint($bit_depth);
-        $this->bit_depth = in_array($bit_depth, $this->bit_depth_options) ? $bit_depth : 128;
-    }
-
-
-    /**
-     * @return int
-     */
-    public function keyLength()
-    {
-        return $this->key_length;
-    }
-
-
-    /**
-     * @param int $key_length
-     */
-    public function setKeyLength($key_length)
-    {
-        // let's not let the key length go below 8 or above 128
-        $this->key_length = min(max($key_length, 8), 128);
-    }
-
-
-    /**
-     * retrieves encryption keys from db
-     *
-     * @return string
-     * @throws Exception
-     */
-    protected function retrieveEncryptionKeys()
-    {
-        // if encryption key has not been set
-        if (! empty($this->encryption_keys)) {
-            // retrieve encryption_key from db
-            $this->encryption_keys = get_option($this->encryption_keys_option_name, null);
-            // WHAT?? No encryption_key in the db ??
-            if ($this->encryption_keys === null) {
-                // let's make one. And md5 it to make it just the right size for a key
-                $this->addEncryptionKey($this->default_encryption_key_id);
-            }
-        }
-        return $this->encryption_keys;
-    }
-
-
-    /**
-     * saves encryption keys from db
-     *
-     * @return bool
-     */
-    protected function saveEncryptionKeys()
-    {
-        return $this->encryption_keys === null
-            ? add_option($this->encryption_keys_option_name, $this->encryption_keys)
-            : update_option($this->encryption_keys_option_name, $this->encryption_keys);
-    }
+	/**
+	 * name used for a default encryption key in case no others are set
+	 *
+	 * @var string
+	 */
+	private $default_encryption_key_id;
+
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 *
+	 * @var string
+	 */
+	private $encryption_keys_option_name;
+
+	/**
+	 * @var array
+	 */
+	private $encryption_keys = null;
+
+	/**
+	 * number of bits used when generating cryptographically secure keys
+	 *
+	 * @var int
+	 */
+	private $bit_depth = 128;
+
+	/**
+	 * @var int[]
+	 */
+	private $bit_depth_options = [64, 128, 192, 256];
+
+	/**
+	 * number of characters used when generating cryptographically weak keys
+	 *
+	 * @var int
+	 */
+	private $key_length = 40;
+
+
+	/**
+	 * @param string $default_encryption_key_id
+	 * @param string $encryption_keys_option_name
+	 */
+	public function __construct($default_encryption_key_id, $encryption_keys_option_name)
+	{
+		$this->default_encryption_key_id   = $default_encryption_key_id;
+		$this->encryption_keys_option_name = $encryption_keys_option_name;
+	}
+
+
+	/**
+	 * add an encryption key
+	 *
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
+	 * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
+	 * @return bool
+	 * @throws Exception
+	 */
+	public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false)
+	{
+		// ensure keys are loaded
+		$this->retrieveEncryptionKeys();
+		if (isset($this->encryption_keys[ $encryption_key_identifier ]) && ! $overwrite) {
+			// WOAH!!! that key already exists and we don't want to overwrite it
+			throw new RuntimeException (
+				sprintf(
+					esc_html__(
+						'The "%1$s" encryption key already exists and can not be overwritten because previously encrypted values would no longer be capable of being decrypted.',
+						'event_espresso'
+					),
+					$encryption_key_identifier
+				)
+			);
+		}
+		$this->encryption_keys[ $encryption_key_identifier ] = $encryption_key ?: $this->generateEncryptionKey();
+		return $this->saveEncryptionKeys();
+	}
+
+
+	/**
+	 * returns cryptographically secure passphrase. will use default if necessary
+	 *
+	 * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
+	 * @param string $generate                  - will generate a new key if the requested one does not exist
+	 * @return string
+	 * @throws Exception
+	 */
+	public function getEncryptionKey($encryption_key_identifier = '', $generate = false)
+	{
+		$encryption_key_identifier = $encryption_key_identifier ?: $this->default_encryption_key_id;
+		// ensure keys are loaded
+		$this->retrieveEncryptionKeys();
+		// if encryption key has not been set
+		if (! isset($this->encryption_keys[ $encryption_key_identifier ])) {
+			if ($generate) {
+				$this->addEncryptionKey($encryption_key_identifier);
+			} else {
+				throw new OutOfBoundsException(
+					sprintf(
+						esc_html__('The "%1$s" encryption key was not found or is invalid.', 'event_espresso'),
+						$encryption_key_identifier
+					)
+				);
+			}
+		}
+		return $this->encryption_keys[ $encryption_key_identifier ];
+	}
+
+
+	/**
+	 * creates a new encryption key
+	 *
+	 * @param bool $strong if true (default) will attempt to generate a cryptographically secure key
+	 * @return string
+	 * @throws Exception
+	 */
+	public function generateEncryptionKey($strong = true)
+	{
+		return $strong && PHP_VERSION_ID >= 70100
+			? $this->generateStrongEncryptionKey()
+			: $this->generateWeakEncryptionKey();
+	}
+
+
+	/**
+	 * creates a new cryptographically secure encryption key
+	 *
+	 * @return string
+	 * @throws Exception
+	 */
+	protected function generateStrongEncryptionKey()
+	{
+		// bit_depth needs to be divided by 8
+		return random_bytes($this->bit_depth / 8);
+	}
+
+
+	/**
+	 * creates a new encryption key that should not be trusted to be cryptographically secure
+	 *
+	 * @return string
+	 * @throws Exception
+	 */
+	protected function generateWeakEncryptionKey()
+	{
+		// @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
+		$iterations    = ceil($this->key_length / 40);
+		$random_string = '';
+		for ($i = 0; $i < $iterations; $i++) {
+			$random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+		}
+		return substr($random_string, 0, $this->key_length);
+	}
+
+
+	/**
+	 * @return int
+	 */
+	public function bitDepth()
+	{
+		return $this->bit_depth;
+	}
+
+
+	/**
+	 * @param int $bit_depth options are 64, 128, 192, or 256
+	 */
+	public function setBitDepth($bit_depth)
+	{
+		$bit_depth       = absint($bit_depth);
+		$this->bit_depth = in_array($bit_depth, $this->bit_depth_options) ? $bit_depth : 128;
+	}
+
+
+	/**
+	 * @return int
+	 */
+	public function keyLength()
+	{
+		return $this->key_length;
+	}
+
+
+	/**
+	 * @param int $key_length
+	 */
+	public function setKeyLength($key_length)
+	{
+		// let's not let the key length go below 8 or above 128
+		$this->key_length = min(max($key_length, 8), 128);
+	}
+
+
+	/**
+	 * retrieves encryption keys from db
+	 *
+	 * @return string
+	 * @throws Exception
+	 */
+	protected function retrieveEncryptionKeys()
+	{
+		// if encryption key has not been set
+		if (! empty($this->encryption_keys)) {
+			// retrieve encryption_key from db
+			$this->encryption_keys = get_option($this->encryption_keys_option_name, null);
+			// WHAT?? No encryption_key in the db ??
+			if ($this->encryption_keys === null) {
+				// let's make one. And md5 it to make it just the right size for a key
+				$this->addEncryptionKey($this->default_encryption_key_id);
+			}
+		}
+		return $this->encryption_keys;
+	}
+
+
+	/**
+	 * saves encryption keys from db
+	 *
+	 * @return bool
+	 */
+	protected function saveEncryptionKeys()
+	{
+		return $this->encryption_keys === null
+			? add_option($this->encryption_keys_option_name, $this->encryption_keys)
+			: update_option($this->encryption_keys_option_name, $this->encryption_keys);
+	}
 }

core/services/encryption/EncryptionKeyManagerInterface.php

Indentation +39 added lines, -39 removed lines

@@ -12,55 +12,55 @@
  */
 interface EncryptionKeyManagerInterface
 {
-    /**
-     * add an encryption key
-     *
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
-     * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
-     * @return bool
-     */
-    public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false);
+	/**
+	 * add an encryption key
+	 *
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @param string $encryption_key            - cryptographically secure passphrase. will generate if necessary
+	 * @param bool   $overwrite                 - prevents accidental overwriting of an existing key which would be bad
+	 * @return bool
+	 */
+	public function addEncryptionKey($encryption_key_identifier, $encryption_key = '', $overwrite = false);
 
 
-    /**
-     * returns cryptographically secure passphrase. will use default if necessary
-     *
-     * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
-     * @param string $generate                  - will generate a new key if the requested one does not exist
-     * @return string
-     */
-    public function getEncryptionKey($encryption_key_identifier = '', $generate = false);
+	/**
+	 * returns cryptographically secure passphrase. will use default if necessary
+	 *
+	 * @param string $encryption_key_identifier - used for saving encryption key. will use default if necessary
+	 * @param string $generate                  - will generate a new key if the requested one does not exist
+	 * @return string
+	 */
+	public function getEncryptionKey($encryption_key_identifier = '', $generate = false);
 
 
-    /**
-     * creates a new encryption key
-     *
-     * @return string
-     */
-    public function generateEncryptionKey();
+	/**
+	 * creates a new encryption key
+	 *
+	 * @return string
+	 */
+	public function generateEncryptionKey();
 
 
-    /**
-     * @return int
-     */
-    public function bitDepth();
+	/**
+	 * @return int
+	 */
+	public function bitDepth();
 
 
-    /**
-     * @param int $bit_depth options are 128, 192, or 256
-     */
-    public function setBitDepth($bit_depth);
+	/**
+	 * @param int $bit_depth options are 128, 192, or 256
+	 */
+	public function setBitDepth($bit_depth);
 
 
-    /**
-     * @return int
-     */
-    public function keyLength();
+	/**
+	 * @return int
+	 */
+	public function keyLength();
 
 
-    /**
-     * @param int $key_length
-     */
-    public function setKeyLength($key_length);
+	/**
+	 * @param int $key_length
+	 */
+	public function setKeyLength($key_length);
 }

core/services/encryption/EncryptionMethodInterface.php

Indentation +42 added lines, -42 removed lines

@@ -12,46 +12,46 @@
  */
 interface EncryptionMethodInterface
 {
-    /**
-     * returns true if the encryption method is cryptographically secure
-     *
-     * @return bool
-     */
-    public function isCryptographicallySecure();
-
-
-    /**
-     * returns true if the method can be used on the current server
-     *
-     * @return bool
-     */
-    public function canUse();
-
-
-    /**
-     * returns a message explaining why the encryption method in question can or can not be used
-     *
-     * @return string
-     */
-    public function canUseNotice();
-
-
-    /**
-     * encrypts data
-     *
-     * @param string $text_to_encrypt           - the text to be encrypted
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @return string
-     */
-    public function encrypt($text_to_encrypt, $encryption_key_identifier = '');
-
-
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text            - the text to be decrypted
-     * @param string $encryption_key_identifier - name of the encryption key to use
-     * @return string
-     */
-    public function decrypt($encrypted_text, $encryption_key_identifier = '');
+	/**
+	 * returns true if the encryption method is cryptographically secure
+	 *
+	 * @return bool
+	 */
+	public function isCryptographicallySecure();
+
+
+	/**
+	 * returns true if the method can be used on the current server
+	 *
+	 * @return bool
+	 */
+	public function canUse();
+
+
+	/**
+	 * returns a message explaining why the encryption method in question can or can not be used
+	 *
+	 * @return string
+	 */
+	public function canUseNotice();
+
+
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_to_encrypt           - the text to be encrypted
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @return string
+	 */
+	public function encrypt($text_to_encrypt, $encryption_key_identifier = '');
+
+
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text            - the text to be decrypted
+	 * @param string $encryption_key_identifier - name of the encryption key to use
+	 * @return string
+	 */
+	public function decrypt($encrypted_text, $encryption_key_identifier = '');
 }

core/services/encryption/Base64Encoder.php

Indentation +148 added lines, -148 removed lines

@@ -15,152 +15,152 @@
 class Base64Encoder
 {
 
-    /**
-     * @var boolean
-     */
-    protected $use_base64_encode;
-
-
-    public function __construct()
-    {
-        $this->use_base64_encode = function_exists('base64_encode');
-    }
-
-
-    /**
-     * encodes string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function encodeString($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        return base64_encode($text_string);
-    }
-
-
-    /**
-     * decodes string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decodeString($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string)) {
-            return $encoded_string;
-        }
-        $this->isValidBase64OrFail($encoded_string);
-        return $this->decode($encoded_string);
-    }
-
-
-    /**
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    private function decode($encoded_string)
-    {
-        $decoded_string = base64_decode($encoded_string);
-        if ($decoded_string === false) {
-            throw new RuntimeException(
-                esc_html__('Base 64 decoding failed.', 'event_espresso')
-            );
-        }
-        return $decoded_string;
-    }
-
-
-    /**
-     * encodes  url string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function encodeUrl($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        $encoded_string = base64_encode($text_string);
-        // remove some chars to make encoding more URL friendly
-        return rtrim(strtr($encoded_string, '+/', '-_'), '=');
-    }
-
-
-    /**
-     * decodes  url string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decodeUrl($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string)) {
-            return $encoded_string;
-        }
-        // replace previously removed characters
-        $encoded_string = strtr($encoded_string, '-_', '+/');
-        $encoded_string .= str_repeat('=', 3 - (3 + strlen($encoded_string)) % 4);
-        $this->isValidBase64OrFail($encoded_string);
-        return $this->decode($encoded_string);
-    }
-
-
-    /**
-     * @param string $encoded_string the text to be decoded
-     * @throws RuntimeException
-     */
-    public function isValidBase64OrFail($encoded_string)
-    {
-        if (! $this->isValidBase64($encoded_string)) {
-            throw new RuntimeException(
-                esc_html__(
-                    'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
-                    'event_espresso'
-                )
-            );
-        }
-    }
-
-
-    /**
-     * @see https://stackoverflow.com/a/51877882
-     * @param $string
-     * @param array $encodings
-     * @return bool
-     */
-    public function isValidBase64($string, $encodings = [])
-    {
-        // ensure data is a string
-        if (! is_string($string) || ! $this->use_base64_encode) {
-            return false;
-        }
-        // first check if we're dealing with an actual valid base64 encoded string
-        $decoded = base64_decode($string, true);
-        // also re-encode and compare it to original one
-        if ($decoded === false || base64_encode($decoded) !== $string) {
-            return false;
-        }
-        // finally, check whether the decoded data is actual text
-        $encodings = ! empty($encodings) ?: ['UTF-8', 'ASCII'];
-        $encoding = mb_detect_encoding($decoded);
-        return in_array($encoding, $encodings);
-    }
+	/**
+	 * @var boolean
+	 */
+	protected $use_base64_encode;
+
+
+	public function __construct()
+	{
+		$this->use_base64_encode = function_exists('base64_encode');
+	}
+
+
+	/**
+	 * encodes string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function encodeString($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		return base64_encode($text_string);
+	}
+
+
+	/**
+	 * decodes string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decodeString($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string)) {
+			return $encoded_string;
+		}
+		$this->isValidBase64OrFail($encoded_string);
+		return $this->decode($encoded_string);
+	}
+
+
+	/**
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	private function decode($encoded_string)
+	{
+		$decoded_string = base64_decode($encoded_string);
+		if ($decoded_string === false) {
+			throw new RuntimeException(
+				esc_html__('Base 64 decoding failed.', 'event_espresso')
+			);
+		}
+		return $decoded_string;
+	}
+
+
+	/**
+	 * encodes  url string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function encodeUrl($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		$encoded_string = base64_encode($text_string);
+		// remove some chars to make encoding more URL friendly
+		return rtrim(strtr($encoded_string, '+/', '-_'), '=');
+	}
+
+
+	/**
+	 * decodes  url string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decodeUrl($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string)) {
+			return $encoded_string;
+		}
+		// replace previously removed characters
+		$encoded_string = strtr($encoded_string, '-_', '+/');
+		$encoded_string .= str_repeat('=', 3 - (3 + strlen($encoded_string)) % 4);
+		$this->isValidBase64OrFail($encoded_string);
+		return $this->decode($encoded_string);
+	}
+
+
+	/**
+	 * @param string $encoded_string the text to be decoded
+	 * @throws RuntimeException
+	 */
+	public function isValidBase64OrFail($encoded_string)
+	{
+		if (! $this->isValidBase64($encoded_string)) {
+			throw new RuntimeException(
+				esc_html__(
+					'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
+					'event_espresso'
+				)
+			);
+		}
+	}
+
+
+	/**
+	 * @see https://stackoverflow.com/a/51877882
+	 * @param $string
+	 * @param array $encodings
+	 * @return bool
+	 */
+	public function isValidBase64($string, $encodings = [])
+	{
+		// ensure data is a string
+		if (! is_string($string) || ! $this->use_base64_encode) {
+			return false;
+		}
+		// first check if we're dealing with an actual valid base64 encoded string
+		$decoded = base64_decode($string, true);
+		// also re-encode and compare it to original one
+		if ($decoded === false || base64_encode($decoded) !== $string) {
+			return false;
+		}
+		// finally, check whether the decoded data is actual text
+		$encodings = ! empty($encodings) ?: ['UTF-8', 'ASCII'];
+		$encoding = mb_detect_encoding($decoded);
+		return in_array($encoding, $encodings);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -129,7 +129,7 @@ 
      */
     public function isValidBase64OrFail($encoded_string)
     {
-        if (! $this->isValidBase64($encoded_string)) {
+        if ( ! $this->isValidBase64($encoded_string)) {
             throw new RuntimeException(
                 esc_html__(
                     'Base 64 decoding failed because the supplied string is not valid or was not base64 encoded.',
@@ -149,7 +149,7 @@ 
     public function isValidBase64($string, $encodings = [])
     {
         // ensure data is a string
-        if (! is_string($string) || ! $this->use_base64_encode) {
+        if ( ! is_string($string) || ! $this->use_base64_encode) {
             return false;
         }
         // first check if we're dealing with an actual valid base64 encoded string

core/services/encryption/openssl/CipherMethod.php

Indentation +150 added lines, -150 removed lines

@@ -15,154 +15,154 @@
 class CipherMethod
 {
 
-    /**
-     * @var string
-     */
-    private $cipher_method_option_name;
-
-    /**
-     * @var array
-     */
-    private $cipher_methods = [];
-
-    /**
-     * @var string
-     */
-    private $default_cipher_method;
-
-    /**
-     * the OpenSSL cipher method to use. default: AES-128-CBC
-     *
-     * @var string
-     */
-    private $validated_cipher_method;
-
-    /**
-     * as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
-     * and ECB mode should be avoided
-     *
-     * @var array
-     */
-    private $weak_algorithms = ['des', 'ecb', 'md5', 'rc2', 'rc4'];
-
-
-    /**
-     * @param string $default_cipher_method
-     * @param string $cipher_method_option_name
-     */
-    public function __construct($default_cipher_method, $cipher_method_option_name)
-    {
-        $this->default_cipher_method     = $default_cipher_method;
-        $this->cipher_method_option_name = $cipher_method_option_name;
-    }
-
-
-    /**
-     * Returns a cipher method that has been verified to work.
-     * First checks if the cached cipher has been set already and if so, returns that.
-     * Then tests the incoming default and returns that if it's good.
-     * If not, then it retrieves the previously tested and saved cipher method.
-     * But if that doesn't exist, then calls getAvailableCipherMethod()
-     * to see what is available on the server, and returns the results.
-     *
-     * @param string $cipher_method
-     * @return string
-     * @throws RuntimeException
-     */
-    public function getCipherMethod($cipher_method = null)
-    {
-        $cipher_method = $cipher_method ?: $this->default_cipher_method;
-        if ($this->validated_cipher_method === null) {
-            // verify that the default cipher method can produce an initialization vector
-            if (openssl_cipher_iv_length($cipher_method) === false) {
-                // nope? okay let's get what we found in the past to work
-                $cipher_method = get_option($this->cipher_method_option_name, '');
-                // oops... haven't tested available cipher methods yet
-                if ($cipher_method === '' || openssl_cipher_iv_length($cipher_method) === false) {
-                    $cipher_method = $this->getAvailableCipherMethod($cipher_method);
-                }
-            }
-            $this->validated_cipher_method = $cipher_method;
-        }
-        return $this->validated_cipher_method;
-    }
-
-
-    /**
-     * returns true if the selected cipher method either uses Galois/Counter Mode (GCM)
-     * or Counter with CBC-MAC (CCM) authenticated encryption modes
-     * (also need to be using PHP 7.1 or greater to actually use authenticated encryption modes)
-     *
-     * @return bool
-     */
-    public function usesAuthenticatedEncryptionMode()
-    {
-        return PHP_VERSION_ID >= 70100
-               && (
-                   stripos($this->validated_cipher_method, 'gcm') !== false
-                   || stripos($this->validated_cipher_method, 'ccm') !== false
-               );
-    }
-
-
-    /**
-     * @param string $cipher_method
-     * @return string
-     * @throws RuntimeException
-     */
-    private function getAvailableCipherMethod($cipher_method)
-    {
-        // verify that the incoming cipher method can produce an initialization vector
-        if (openssl_cipher_iv_length($cipher_method) === false) {
-            // what? there's no list?
-            if (empty($this->cipher_methods)) {
-                // generate that list and cache it
-                $this->cipher_methods = $this->getAvailableStrongCipherMethods();
-                // then grab the first item from the list
-                $cipher_method = reset($this->cipher_methods);
-            } else {
-                // check the next cipher in the list of available cipher methods
-                $cipher_method = next($this->cipher_methods);
-            }
-            if ($cipher_method === false) {
-                throw new RuntimeException(
-                    esc_html__(
-                        'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
-                        'event_espresso'
-                    )
-                );
-            }
-            // verify that the next cipher method works
-            return $this->getAvailableCipherMethod($cipher_method);
-        }
-        // if we've gotten this far, then we found an available cipher method that works
-        // so save that for next time
-        update_option($this->cipher_method_option_name, $cipher_method);
-        return $cipher_method;
-    }
-
-
-    /**
-     * @return array
-     */
-    private function getAvailableStrongCipherMethods()
-    {
-        $cipher_methods = openssl_get_cipher_methods();
-        return array_filter($cipher_methods, [$this, 'weakAlgorithmFilter']);
-    }
-
-
-    /**
-     * @see https://www.php.net/manual/en/function.openssl-get-cipher-methods.php#example-890
-     * @param string $cipher_method
-     */
-    private function weakAlgorithmFilter($cipher_method)
-    {
-        foreach ($this->weak_algorithms as $weak_algorithm) {
-            if (stripos($cipher_method, $weak_algorithm) !== false) {
-                return false;
-            }
-        }
-        return true;
-    }
+	/**
+	 * @var string
+	 */
+	private $cipher_method_option_name;
+
+	/**
+	 * @var array
+	 */
+	private $cipher_methods = [];
+
+	/**
+	 * @var string
+	 */
+	private $default_cipher_method;
+
+	/**
+	 * the OpenSSL cipher method to use. default: AES-128-CBC
+	 *
+	 * @var string
+	 */
+	private $validated_cipher_method;
+
+	/**
+	 * as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
+	 * and ECB mode should be avoided
+	 *
+	 * @var array
+	 */
+	private $weak_algorithms = ['des', 'ecb', 'md5', 'rc2', 'rc4'];
+
+
+	/**
+	 * @param string $default_cipher_method
+	 * @param string $cipher_method_option_name
+	 */
+	public function __construct($default_cipher_method, $cipher_method_option_name)
+	{
+		$this->default_cipher_method     = $default_cipher_method;
+		$this->cipher_method_option_name = $cipher_method_option_name;
+	}
+
+
+	/**
+	 * Returns a cipher method that has been verified to work.
+	 * First checks if the cached cipher has been set already and if so, returns that.
+	 * Then tests the incoming default and returns that if it's good.
+	 * If not, then it retrieves the previously tested and saved cipher method.
+	 * But if that doesn't exist, then calls getAvailableCipherMethod()
+	 * to see what is available on the server, and returns the results.
+	 *
+	 * @param string $cipher_method
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function getCipherMethod($cipher_method = null)
+	{
+		$cipher_method = $cipher_method ?: $this->default_cipher_method;
+		if ($this->validated_cipher_method === null) {
+			// verify that the default cipher method can produce an initialization vector
+			if (openssl_cipher_iv_length($cipher_method) === false) {
+				// nope? okay let's get what we found in the past to work
+				$cipher_method = get_option($this->cipher_method_option_name, '');
+				// oops... haven't tested available cipher methods yet
+				if ($cipher_method === '' || openssl_cipher_iv_length($cipher_method) === false) {
+					$cipher_method = $this->getAvailableCipherMethod($cipher_method);
+				}
+			}
+			$this->validated_cipher_method = $cipher_method;
+		}
+		return $this->validated_cipher_method;
+	}
+
+
+	/**
+	 * returns true if the selected cipher method either uses Galois/Counter Mode (GCM)
+	 * or Counter with CBC-MAC (CCM) authenticated encryption modes
+	 * (also need to be using PHP 7.1 or greater to actually use authenticated encryption modes)
+	 *
+	 * @return bool
+	 */
+	public function usesAuthenticatedEncryptionMode()
+	{
+		return PHP_VERSION_ID >= 70100
+			   && (
+				   stripos($this->validated_cipher_method, 'gcm') !== false
+				   || stripos($this->validated_cipher_method, 'ccm') !== false
+			   );
+	}
+
+
+	/**
+	 * @param string $cipher_method
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	private function getAvailableCipherMethod($cipher_method)
+	{
+		// verify that the incoming cipher method can produce an initialization vector
+		if (openssl_cipher_iv_length($cipher_method) === false) {
+			// what? there's no list?
+			if (empty($this->cipher_methods)) {
+				// generate that list and cache it
+				$this->cipher_methods = $this->getAvailableStrongCipherMethods();
+				// then grab the first item from the list
+				$cipher_method = reset($this->cipher_methods);
+			} else {
+				// check the next cipher in the list of available cipher methods
+				$cipher_method = next($this->cipher_methods);
+			}
+			if ($cipher_method === false) {
+				throw new RuntimeException(
+					esc_html__(
+						'OpenSSL support appears to be enabled on the server, but no cipher methods are available. Please contact the server administrator.',
+						'event_espresso'
+					)
+				);
+			}
+			// verify that the next cipher method works
+			return $this->getAvailableCipherMethod($cipher_method);
+		}
+		// if we've gotten this far, then we found an available cipher method that works
+		// so save that for next time
+		update_option($this->cipher_method_option_name, $cipher_method);
+		return $cipher_method;
+	}
+
+
+	/**
+	 * @return array
+	 */
+	private function getAvailableStrongCipherMethods()
+	{
+		$cipher_methods = openssl_get_cipher_methods();
+		return array_filter($cipher_methods, [$this, 'weakAlgorithmFilter']);
+	}
+
+
+	/**
+	 * @see https://www.php.net/manual/en/function.openssl-get-cipher-methods.php#example-890
+	 * @param string $cipher_method
+	 */
+	private function weakAlgorithmFilter($cipher_method)
+	{
+		foreach ($this->weak_algorithms as $weak_algorithm) {
+			if (stripos($cipher_method, $weak_algorithm) !== false) {
+				return false;
+			}
+		}
+		return true;
+	}
 }

core/services/encryption/openssl/OpenSSL.php

Indentation +218 added lines, -218 removed lines

@@ -18,222 +18,222 @@
 abstract class OpenSSL implements EncryptionMethodInterface
 {
 
-    /**
-     * the default OPENSSL digest method to use
-     */
-    const DEFAULT_DIGEST_METHOD = 'sha512';
-
-    /**
-     * separates the encrypted text from the initialization vector
-     */
-    const IV_DELIMITER = ':iv:';
-
-    /**
-     * @var Base64Encoder
-     */
-    protected $base64_encoder;
-
-    /**
-     * @var CipherMethod
-     */
-    protected $cipher_method;
-
-    /**
-     * @var array $digest_methods
-     */
-    private $digest_methods = [];
-
-    /**
-     * @var EncryptionKeyManagerInterface
-     */
-    protected $encryption_key_manager;
-
-    /**
-     * @var boolean
-     */
-    private $openssl_installed;
-
-    /**
-     * @var string
-     */
-    private $min_php_version;
-
-    /**
-     * @var string
-     */
-    private $hash_algorithm;
-
-
-    /**
-     * To use custom a cipher method and/or encryption keys:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME)
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME)
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod                       $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version
-     */
-    protected function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method,
-        EncryptionKeyManagerInterface $encryption_key_manager,
-                                      $min_php_version
-    ) {
-        $this->base64_encoder         = $base64_encoder;
-        $this->cipher_method          = $cipher_method;
-        $this->encryption_key_manager = $encryption_key_manager;
-        $this->min_php_version        = $min_php_version;
-        $this->openssl_installed      = extension_loaded('openssl');
-    }
-
-
-    /**
-     * @return bool
-     */
-    public function isCryptographicallySecure()
-    {
-        return true;
-    }
-
-
-    /**
-     * @return bool
-     */
-    public function canUse()
-    {
-        return $this->openssl_installed && version_compare(PHP_VERSION, $this->min_php_version, '>=');
-    }
-
-
-    /**
-     * @return string
-     */
-    public function canUseNotice()
-    {
-        if (! $this->openssl_installed) {
-            return esc_html__(
-                'The PHP openssl server extension is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
-                'event_espresso'
-            );
-        }
-        if (version_compare(PHP_VERSION, $this->min_php_version, '<')) {
-            return sprintf(
-                esc_html__(
-                    'PHP version %1$s or greater is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
-                    'event_espresso'
-                ),
-                $this->min_php_version
-            );
-        }
-        return sprintf(
-            esc_html__('OpenSSL v1 encryption using %1$S is available for use.', 'event_espresso'),
-            OpenSSLv1::CIPHER_METHOD
-        );
-    }
-
-
-    /**
-     * Computes the digest hash value using the specified digest method.
-     * If that digest method fails to produce a valid hash value,
-     * then we'll grab the next digest method and recursively try again until something works.
-     *
-     * @param string $encryption_key
-     * @param string $digest_method
-     * @param bool   $return_raw_data
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function getDigestHashValue(
-        $encryption_key,
-        $digest_method = OpenSSL::DEFAULT_DIGEST_METHOD,
-        $return_raw_data = false
-    ) {
-        $digest_hash_value = openssl_digest($encryption_key, $digest_method, $return_raw_data);
-        if ($digest_hash_value === false) {
-            return $this->getDigestHashValue($this->getDigestMethod());
-        }
-        return $digest_hash_value;
-    }
-
-
-    /**
-     * Returns the NEXT element in the $digest_methods array.
-     * If the $digest_methods array is empty, then we populate it
-     * with the available values returned from openssl_get_md_methods().
-     *
-     * @return string
-     * @throws RuntimeException
-     */
-    private function getDigestMethod()
-    {
-        $digest_method = prev($this->digest_methods);
-        if (empty($this->digest_methods)) {
-            $this->digest_methods = openssl_get_md_methods();
-            $digest_method        = end($this->digest_methods);
-        }
-        if ($digest_method === false) {
-            throw new RuntimeException(
-                esc_html__(
-                    'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
-                    'event_espresso'
-                )
-            );
-        }
-        return $digest_method;
-    }
-
-
-    /**
-     * @param string $encryption_key
-     * @return int
-     */
-    protected function calculateHashLength($encryption_key)
-    {
-        // get existing key length
-        $prev_key_length = $this->encryption_key_manager->keyLength();
-        // set it to something HUGE
-        $this->encryption_key_manager->setKeyLength(512);
-        // generate a new weak key, which should just be a really long random string
-        $test_text = $this->encryption_key_manager->generateEncryptionKey(false);
-        // generate a hash using our test string and our real $encryption_key
-        $hash = hash_hmac($this->getHashAlgorithm(), $test_text, $encryption_key, true);
-        // reset key length back to original value
-        $this->encryption_key_manager->setKeyLength($prev_key_length);
-        // return the length of the hash
-        return strlen($hash);
-    }
-
-
-    /**
-     * @return string
-     */
-    protected function getHashAlgorithm()
-    {
-        if (! $this->hash_algorithm) {
-            // get installed hashing algorithms
-            $hash_algorithms = hash_algos();
-            // filter array for "sha" algorithms
-            $hash_algorithms = preg_grep('/^sha\d{3}$/gi', $hash_algorithms);
-            // if no sha algorithms are installed, then just use md5
-            if (empty($hash_algorithms)) {
-                $this->hash_algorithm = 'md5';
-                return $this->hash_algorithm;
-            }
-            // sort ascending using "natural ordering"
-            sort($hash_algorithms, SORT_NATURAL);
-            // return last item from array, which should be the strongest installed sha hash
-            $this->hash_algorithm = array_pop($hash_algorithms);
-        }
-        return $this->hash_algorithm;
-    }
+	/**
+	 * the default OPENSSL digest method to use
+	 */
+	const DEFAULT_DIGEST_METHOD = 'sha512';
+
+	/**
+	 * separates the encrypted text from the initialization vector
+	 */
+	const IV_DELIMITER = ':iv:';
+
+	/**
+	 * @var Base64Encoder
+	 */
+	protected $base64_encoder;
+
+	/**
+	 * @var CipherMethod
+	 */
+	protected $cipher_method;
+
+	/**
+	 * @var array $digest_methods
+	 */
+	private $digest_methods = [];
+
+	/**
+	 * @var EncryptionKeyManagerInterface
+	 */
+	protected $encryption_key_manager;
+
+	/**
+	 * @var boolean
+	 */
+	private $openssl_installed;
+
+	/**
+	 * @var string
+	 */
+	private $min_php_version;
+
+	/**
+	 * @var string
+	 */
+	private $hash_algorithm;
+
+
+	/**
+	 * To use custom a cipher method and/or encryption keys:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME)
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME)
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod                       $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version
+	 */
+	protected function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method,
+		EncryptionKeyManagerInterface $encryption_key_manager,
+									  $min_php_version
+	) {
+		$this->base64_encoder         = $base64_encoder;
+		$this->cipher_method          = $cipher_method;
+		$this->encryption_key_manager = $encryption_key_manager;
+		$this->min_php_version        = $min_php_version;
+		$this->openssl_installed      = extension_loaded('openssl');
+	}
+
+
+	/**
+	 * @return bool
+	 */
+	public function isCryptographicallySecure()
+	{
+		return true;
+	}
+
+
+	/**
+	 * @return bool
+	 */
+	public function canUse()
+	{
+		return $this->openssl_installed && version_compare(PHP_VERSION, $this->min_php_version, '>=');
+	}
+
+
+	/**
+	 * @return string
+	 */
+	public function canUseNotice()
+	{
+		if (! $this->openssl_installed) {
+			return esc_html__(
+				'The PHP openssl server extension is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
+				'event_espresso'
+			);
+		}
+		if (version_compare(PHP_VERSION, $this->min_php_version, '<')) {
+			return sprintf(
+				esc_html__(
+					'PHP version %1$s or greater is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
+					'event_espresso'
+				),
+				$this->min_php_version
+			);
+		}
+		return sprintf(
+			esc_html__('OpenSSL v1 encryption using %1$S is available for use.', 'event_espresso'),
+			OpenSSLv1::CIPHER_METHOD
+		);
+	}
+
+
+	/**
+	 * Computes the digest hash value using the specified digest method.
+	 * If that digest method fails to produce a valid hash value,
+	 * then we'll grab the next digest method and recursively try again until something works.
+	 *
+	 * @param string $encryption_key
+	 * @param string $digest_method
+	 * @param bool   $return_raw_data
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function getDigestHashValue(
+		$encryption_key,
+		$digest_method = OpenSSL::DEFAULT_DIGEST_METHOD,
+		$return_raw_data = false
+	) {
+		$digest_hash_value = openssl_digest($encryption_key, $digest_method, $return_raw_data);
+		if ($digest_hash_value === false) {
+			return $this->getDigestHashValue($this->getDigestMethod());
+		}
+		return $digest_hash_value;
+	}
+
+
+	/**
+	 * Returns the NEXT element in the $digest_methods array.
+	 * If the $digest_methods array is empty, then we populate it
+	 * with the available values returned from openssl_get_md_methods().
+	 *
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	private function getDigestMethod()
+	{
+		$digest_method = prev($this->digest_methods);
+		if (empty($this->digest_methods)) {
+			$this->digest_methods = openssl_get_md_methods();
+			$digest_method        = end($this->digest_methods);
+		}
+		if ($digest_method === false) {
+			throw new RuntimeException(
+				esc_html__(
+					'OpenSSL support appears to be enabled on the server, but no digest methods are available. Please contact the server administrator.',
+					'event_espresso'
+				)
+			);
+		}
+		return $digest_method;
+	}
+
+
+	/**
+	 * @param string $encryption_key
+	 * @return int
+	 */
+	protected function calculateHashLength($encryption_key)
+	{
+		// get existing key length
+		$prev_key_length = $this->encryption_key_manager->keyLength();
+		// set it to something HUGE
+		$this->encryption_key_manager->setKeyLength(512);
+		// generate a new weak key, which should just be a really long random string
+		$test_text = $this->encryption_key_manager->generateEncryptionKey(false);
+		// generate a hash using our test string and our real $encryption_key
+		$hash = hash_hmac($this->getHashAlgorithm(), $test_text, $encryption_key, true);
+		// reset key length back to original value
+		$this->encryption_key_manager->setKeyLength($prev_key_length);
+		// return the length of the hash
+		return strlen($hash);
+	}
+
+
+	/**
+	 * @return string
+	 */
+	protected function getHashAlgorithm()
+	{
+		if (! $this->hash_algorithm) {
+			// get installed hashing algorithms
+			$hash_algorithms = hash_algos();
+			// filter array for "sha" algorithms
+			$hash_algorithms = preg_grep('/^sha\d{3}$/gi', $hash_algorithms);
+			// if no sha algorithms are installed, then just use md5
+			if (empty($hash_algorithms)) {
+				$this->hash_algorithm = 'md5';
+				return $this->hash_algorithm;
+			}
+			// sort ascending using "natural ordering"
+			sort($hash_algorithms, SORT_NATURAL);
+			// return last item from array, which should be the strongest installed sha hash
+			$this->hash_algorithm = array_pop($hash_algorithms);
+		}
+		return $this->hash_algorithm;
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -120,7 +120,7 @@ 
      */
     public function canUseNotice()
     {
-        if (! $this->openssl_installed) {
+        if ( ! $this->openssl_installed) {
             return esc_html__(
                 'The PHP openssl server extension is required to use Openssl encryption. Please contact your hosting provider regarding this issue.',
                 'event_espresso'
@@ -219,7 +219,7 @@ 
      */
     protected function getHashAlgorithm()
     {
-        if (! $this->hash_algorithm) {
+        if ( ! $this->hash_algorithm) {
             // get installed hashing algorithms
             $hash_algorithms = hash_algos();
             // filter array for "sha" algorithms

core/services/encryption/openssl/OpenSSLv2.php

Indentation +223 added lines, -223 removed lines

@@ -19,227 +19,227 @@
 class OpenSSLv2 extends OpenSSL
 {
 
-    /**
-     * name used for a default encryption key in case no others are set
-     */
-    const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v2_key';
-
-    /**
-     * name used for saving encryption keys to the wp_options table
-     */
-    const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v2_encryption_keys';
-
-    /**
-     * the OPENSSL cipher method used
-     */
-    const CIPHER_METHOD = 'aes-256-gcm';
-
-    /**
-     * WP "options_name" used to store a verified available cipher method
-     */
-    const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v2_cipher_method';
-
-    /**
-     * The length of the authentication tag. Its value can be between 4 and 16 for GCM mode.
-     */
-    const AUTH_TAG_LENGTH = 16;
-
-
-    /**
-     * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
-     *              '7.1.0'
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod|null                  $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version defaults to 7.1.0
-     *                                                            (when openssl auth tag and random_bytes() were added)
-     */
-    public function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method = null,
-        EncryptionKeyManagerInterface $encryption_key_manager = null,
-                                      $min_php_version = '7.1.0'
-    ) {
-        parent::__construct(
-            $base64_encoder,
-            $cipher_method instanceof CipherMethod
-                ? $cipher_method
-                : new CipherMethod(
-                OpenSSLv2::CIPHER_METHOD,
-                OpenSSLv2::CIPHER_METHOD_OPTION_NAME
-            ),
-            $encryption_key_manager instanceof EncryptionKeyManager
-                ? $encryption_key_manager
-                : new EncryptionKeyManager(
-                OpenSSLv2::DEFAULT_ENCRYPTION_KEY_ID,
-                OpenSSLv2::ENCRYPTION_KEYS_OPTION_NAME
-            ),
-            $min_php_version
-        );
-    }
-
-
-    /**
-     * encrypts data
-     *
-     * @param string $text_to_encrypt           - the text to be encrypted
-     * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase. generated if not set
-     * @param string $aad                       - [optional] additional authentication data
-     * @return string
-     * @throws Exception
-     */
-    public function encrypt($text_to_encrypt, $encryption_key_identifier = '', $aad = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // generate initialization vector for the cipher method.
-        $iv = random_bytes(openssl_cipher_iv_length($cipher_method));
-        // encrypt it
-        return $this->cipher_method->usesAuthenticatedEncryptionMode()
-            ? $this->authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
-            : $this->nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv);
-    }
-
-
-    /**
-     * @param string $text_to_encrypt - the text to be encrypted
-     * @param string $cipher_method   - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
-     * @param string $iv              - the initialization vector
-     * @param string $aad             - additional authentication data
-     * @return string
-     */
-    private function authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
-    {
-        $encrypted_text = openssl_encrypt(
-            $text_to_encrypt,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
-            OPENSSL_RAW_DATA,
-            $iv,
-            $tag,
-            $aad,
-            OpenSSLv2::AUTH_TAG_LENGTH
-        );
-        // concatenate everything into one big string and encode it
-        return $this->base64_encoder->encodeString($iv . $tag . $encrypted_text);
-    }
-
-
-    /**
-     * @param string $text_to_encrypt - the text to be encrypted
-     * @param string $cipher_method   - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
-     * @param string $iv              - the initialization vector
-     * @return string
-     */
-    private function nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv)
-    {
-        $encrypted_text = openssl_encrypt(
-            $text_to_encrypt,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key),
-            OPENSSL_RAW_DATA,
-            $iv
-        );
-        // prepend the initialization vector and encode it
-        return $this->base64_encoder->encodeString($iv . $encrypted_text);
-    }
-
-
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text            - the text to be decrypted
-     * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase uses default if not set
-     * @param string $aad                       - [optional] additional authentication data
-     * @return string
-     */
-    public function decrypt($encrypted_text, $encryption_key_identifier = '', $aad = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // maybe decode
-        $encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
-        $iv_length      = openssl_cipher_iv_length($cipher_method);
-        // use the iv length to snip it from the decoded string
-        $iv = substr($encrypted_text, 0, $iv_length);
-        // then remove it from the rest of the decoded string
-        $encrypted_text = substr($encrypted_text, $iv_length);
-        // decrypt it
-        $decrypted_text = $this->cipher_method->usesAuthenticatedEncryptionMode()
-            ? $this->authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
-            : $this->nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv);
-
-        if ($decrypted_text === false) {
-            throw new RuntimeException(
-                sprintf(
-                    esc_html__(
-                        'The following error occurred during decryption: %1$s%2$s',
-                        'event_espresso'
-                    ),
-                    '<br />',
-                    openssl_error_string()
-                )
-            );
-        }
-        return trim($decrypted_text);
-    }
-
-
-    /**
-     * @param string $encrypted_text - the text to be decrypted
-     * @param string $cipher_method  - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key - cryptographically secure passphrase uses default if not set
-     * @param string $iv             - the initialization vector
-     * @param string $aad            - additional authentication data
-     * @return string|false
-     */
-    private function authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
-    {
-        // use the tag length to snip it from the decoded string
-        $tag = substr($encrypted_text, 0, OpenSSLv2::AUTH_TAG_LENGTH);
-        // then remove it from the rest of the decoded string
-        $encrypted_text = substr($encrypted_text, OpenSSLv2::AUTH_TAG_LENGTH);
-        return openssl_decrypt(
-            $encrypted_text,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
-            OPENSSL_RAW_DATA,
-            $iv,
-            $tag,
-            $aad
-        );
-    }
-
-
-    /**
-     * @param string $encrypted_text - the text to be decrypted
-     * @param string $cipher_method  - the OpenSSL cipher method used during encryption
-     * @param string $encryption_key - cryptographically secure passphrase uses default if not set
-     * @param string $iv             - the initialization vector
-     * @return string|false
-     */
-    private function nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv)
-    {
-        return openssl_decrypt(
-            $encrypted_text,
-            $cipher_method,
-            $this->getDigestHashValue($encryption_key),
-            OPENSSL_RAW_DATA,
-            $iv
-        );
-    }
+	/**
+	 * name used for a default encryption key in case no others are set
+	 */
+	const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v2_key';
+
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 */
+	const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v2_encryption_keys';
+
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const CIPHER_METHOD = 'aes-256-gcm';
+
+	/**
+	 * WP "options_name" used to store a verified available cipher method
+	 */
+	const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v2_cipher_method';
+
+	/**
+	 * The length of the authentication tag. Its value can be between 4 and 16 for GCM mode.
+	 */
+	const AUTH_TAG_LENGTH = 16;
+
+
+	/**
+	 * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
+	 *              '7.1.0'
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod|null                  $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version defaults to 7.1.0
+	 *                                                            (when openssl auth tag and random_bytes() were added)
+	 */
+	public function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method = null,
+		EncryptionKeyManagerInterface $encryption_key_manager = null,
+									  $min_php_version = '7.1.0'
+	) {
+		parent::__construct(
+			$base64_encoder,
+			$cipher_method instanceof CipherMethod
+				? $cipher_method
+				: new CipherMethod(
+				OpenSSLv2::CIPHER_METHOD,
+				OpenSSLv2::CIPHER_METHOD_OPTION_NAME
+			),
+			$encryption_key_manager instanceof EncryptionKeyManager
+				? $encryption_key_manager
+				: new EncryptionKeyManager(
+				OpenSSLv2::DEFAULT_ENCRYPTION_KEY_ID,
+				OpenSSLv2::ENCRYPTION_KEYS_OPTION_NAME
+			),
+			$min_php_version
+		);
+	}
+
+
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_to_encrypt           - the text to be encrypted
+	 * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase. generated if not set
+	 * @param string $aad                       - [optional] additional authentication data
+	 * @return string
+	 * @throws Exception
+	 */
+	public function encrypt($text_to_encrypt, $encryption_key_identifier = '', $aad = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// generate initialization vector for the cipher method.
+		$iv = random_bytes(openssl_cipher_iv_length($cipher_method));
+		// encrypt it
+		return $this->cipher_method->usesAuthenticatedEncryptionMode()
+			? $this->authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
+			: $this->nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv);
+	}
+
+
+	/**
+	 * @param string $text_to_encrypt - the text to be encrypted
+	 * @param string $cipher_method   - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
+	 * @param string $iv              - the initialization vector
+	 * @param string $aad             - additional authentication data
+	 * @return string
+	 */
+	private function authenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv, $aad)
+	{
+		$encrypted_text = openssl_encrypt(
+			$text_to_encrypt,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
+			OPENSSL_RAW_DATA,
+			$iv,
+			$tag,
+			$aad,
+			OpenSSLv2::AUTH_TAG_LENGTH
+		);
+		// concatenate everything into one big string and encode it
+		return $this->base64_encoder->encodeString($iv . $tag . $encrypted_text);
+	}
+
+
+	/**
+	 * @param string $text_to_encrypt - the text to be encrypted
+	 * @param string $cipher_method   - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key  - cryptographically secure passphrase uses default if not set
+	 * @param string $iv              - the initialization vector
+	 * @return string
+	 */
+	private function nonAuthenticatedEncrypt($text_to_encrypt, $cipher_method, $encryption_key, $iv)
+	{
+		$encrypted_text = openssl_encrypt(
+			$text_to_encrypt,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key),
+			OPENSSL_RAW_DATA,
+			$iv
+		);
+		// prepend the initialization vector and encode it
+		return $this->base64_encoder->encodeString($iv . $encrypted_text);
+	}
+
+
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text            - the text to be decrypted
+	 * @param string $encryption_key_identifier - [optional] cryptographically secure passphrase uses default if not set
+	 * @param string $aad                       - [optional] additional authentication data
+	 * @return string
+	 */
+	public function decrypt($encrypted_text, $encryption_key_identifier = '', $aad = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// maybe decode
+		$encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
+		$iv_length      = openssl_cipher_iv_length($cipher_method);
+		// use the iv length to snip it from the decoded string
+		$iv = substr($encrypted_text, 0, $iv_length);
+		// then remove it from the rest of the decoded string
+		$encrypted_text = substr($encrypted_text, $iv_length);
+		// decrypt it
+		$decrypted_text = $this->cipher_method->usesAuthenticatedEncryptionMode()
+			? $this->authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
+			: $this->nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv);
+
+		if ($decrypted_text === false) {
+			throw new RuntimeException(
+				sprintf(
+					esc_html__(
+						'The following error occurred during decryption: %1$s%2$s',
+						'event_espresso'
+					),
+					'<br />',
+					openssl_error_string()
+				)
+			);
+		}
+		return trim($decrypted_text);
+	}
+
+
+	/**
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @param string $cipher_method  - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key - cryptographically secure passphrase uses default if not set
+	 * @param string $iv             - the initialization vector
+	 * @param string $aad            - additional authentication data
+	 * @return string|false
+	 */
+	private function authenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv, $aad)
+	{
+		// use the tag length to snip it from the decoded string
+		$tag = substr($encrypted_text, 0, OpenSSLv2::AUTH_TAG_LENGTH);
+		// then remove it from the rest of the decoded string
+		$encrypted_text = substr($encrypted_text, OpenSSLv2::AUTH_TAG_LENGTH);
+		return openssl_decrypt(
+			$encrypted_text,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key, OpenSSL::DEFAULT_DIGEST_METHOD, OPENSSL_RAW_DATA),
+			OPENSSL_RAW_DATA,
+			$iv,
+			$tag,
+			$aad
+		);
+	}
+
+
+	/**
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @param string $cipher_method  - the OpenSSL cipher method used during encryption
+	 * @param string $encryption_key - cryptographically secure passphrase uses default if not set
+	 * @param string $iv             - the initialization vector
+	 * @return string|false
+	 */
+	private function nonAuthenticatedDecrypt($encrypted_text, $cipher_method, $encryption_key, $iv)
+	{
+		return openssl_decrypt(
+			$encrypted_text,
+			$cipher_method,
+			$this->getDigestHashValue($encryption_key),
+			OPENSSL_RAW_DATA,
+			$iv
+		);
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -134,7 +134,7 @@ 
             OpenSSLv2::AUTH_TAG_LENGTH
         );
         // concatenate everything into one big string and encode it
-        return $this->base64_encoder->encodeString($iv . $tag . $encrypted_text);
+        return $this->base64_encoder->encodeString($iv.$tag.$encrypted_text);
     }
 
 
@@ -155,7 +155,7 @@ 
             $iv
         );
         // prepend the initialization vector and encode it
-        return $this->base64_encoder->encodeString($iv . $encrypted_text);
+        return $this->base64_encoder->encodeString($iv.$encrypted_text);
     }
 
 

core/services/encryption/openssl/OpenSSLv1.php

Indentation +140 added lines, -140 removed lines

@@ -18,153 +18,153 @@
 class OpenSSLv1 extends OpenSSL
 {
 
-    /**
-     * name used for a default encryption key in case no others are set
-     */
-    const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v1_key';
+	/**
+	 * name used for a default encryption key in case no others are set
+	 */
+	const DEFAULT_ENCRYPTION_KEY_ID = 'default_openssl_v1_key';
 
-    /**
-     * name used for saving encryption keys to the wp_options table
-     */
-    const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v1_encryption_keys';
+	/**
+	 * name used for saving encryption keys to the wp_options table
+	 */
+	const ENCRYPTION_KEYS_OPTION_NAME = 'ee_openssl_v1_encryption_keys';
 
-    /**
-     * the OPENSSL cipher method used
-     */
-    const CIPHER_METHOD = 'aes-128-cbc';
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const CIPHER_METHOD = 'aes-128-cbc';
 
-    /**
-     * WP "options_name" used to store a verified available cipher method
-     */
-    const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v1_cipher_method';
+	/**
+	 * WP "options_name" used to store a verified available cipher method
+	 */
+	const CIPHER_METHOD_OPTION_NAME = 'ee_openssl_v1_cipher_method';
 
 
-    /**
-     * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
-     *  - extend this class
-     *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
-     *  - pass those to this constructor, like so:
-     *
-     *      public function __construct(Base64Encoder $base64_encoder) {
-     *          parent::__construct(
-     *              $base64_encoder,
-     *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
-     *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
-     *              '7.1.0'
-     *          );
-     *      }
-     *
-     * @param Base64Encoder                      $base64_encoder
-     * @param CipherMethod|null                  $cipher_method
-     * @param EncryptionKeyManagerInterface|null $encryption_key_manager
-     * @param string                             $min_php_version defaults to 5.3.0 (when openssl added)
-     */
-    public function __construct(
-        Base64Encoder                 $base64_encoder,
-        CipherMethod                  $cipher_method = null,
-        EncryptionKeyManagerInterface $encryption_key_manager = null,
-                                      $min_php_version = '5.3.0'
-    ) {
-        parent::__construct(
-            $base64_encoder,
-            $cipher_method instanceof CipherMethod
-                ? $cipher_method
-                : new CipherMethod(
-                OpenSSLv1::CIPHER_METHOD,
-                OpenSSLv1::CIPHER_METHOD_OPTION_NAME
-            ),
-            $encryption_key_manager instanceof EncryptionKeyManager
-                ? $encryption_key_manager
-                : new EncryptionKeyManager(
-                OpenSSLv1::DEFAULT_ENCRYPTION_KEY_ID,
-                OpenSSLv1::ENCRYPTION_KEYS_OPTION_NAME
-            ),
-            $min_php_version
-        );
-    }
+	/**
+	 * To use custom a cipher method and/or encryption keys and/or minimum PHP version:
+	 *  - extend this class
+	 *  - configure a new CipherMethod / EncryptionKeyManager in the constructor
+	 *  - pass those to this constructor, like so:
+	 *
+	 *      public function __construct(Base64Encoder $base64_encoder) {
+	 *          parent::__construct(
+	 *              $base64_encoder,
+	 *              new CipherMethod(CIPHER_METHOD, CIPHER_METHOD_OPTION_NAME),
+	 *              new EncryptionKeyManager(CUSTOM_KEY_ID, CUSTOM_KEYS_OPTION_NAME),
+	 *              '7.1.0'
+	 *          );
+	 *      }
+	 *
+	 * @param Base64Encoder                      $base64_encoder
+	 * @param CipherMethod|null                  $cipher_method
+	 * @param EncryptionKeyManagerInterface|null $encryption_key_manager
+	 * @param string                             $min_php_version defaults to 5.3.0 (when openssl added)
+	 */
+	public function __construct(
+		Base64Encoder                 $base64_encoder,
+		CipherMethod                  $cipher_method = null,
+		EncryptionKeyManagerInterface $encryption_key_manager = null,
+									  $min_php_version = '5.3.0'
+	) {
+		parent::__construct(
+			$base64_encoder,
+			$cipher_method instanceof CipherMethod
+				? $cipher_method
+				: new CipherMethod(
+				OpenSSLv1::CIPHER_METHOD,
+				OpenSSLv1::CIPHER_METHOD_OPTION_NAME
+			),
+			$encryption_key_manager instanceof EncryptionKeyManager
+				? $encryption_key_manager
+				: new EncryptionKeyManager(
+				OpenSSLv1::DEFAULT_ENCRYPTION_KEY_ID,
+				OpenSSLv1::ENCRYPTION_KEYS_OPTION_NAME
+			),
+			$min_php_version
+		);
+	}
 
 
-    /**
-     * encrypts data
-     *
-     * @param string $text_to_encrypt           - the text to be encrypted
-     * @param string $encryption_key_identifier - cryptographically secure passphrase. will generate if necessary
-     * @return string
-     */
-    public function encrypt($text_to_encrypt, $encryption_key_identifier = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        // get initialization vector size
-        $iv_length = openssl_cipher_iv_length($cipher_method);
-        // generate initialization vector.
-        // The second parameter ("crypto_strong") is passed by reference,
-        // and is used to determines if the algorithm used was "cryptographically strong"
-        // openssl_random_pseudo_bytes() will toggle it to either true or false
-        $iv = openssl_random_pseudo_bytes($iv_length, $is_strong);
-        if ($iv === false || $is_strong === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
-            );
-        }
-        $key = $this->getDigestHashValue($encryption_key);
-        // encrypt it
-        $encrypted_text = openssl_encrypt(
-            $text_to_encrypt,
-            $cipher_method,
-            $key,
-            OPENSSL_RAW_DATA,
-            $iv
-        );
-        $encrypted_text = trim($encrypted_text);
-        // hash the raw encrypted text
-        $hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
-        // concatenate everything into one big string and encode it
-        return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
-    }
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_to_encrypt           - the text to be encrypted
+	 * @param string $encryption_key_identifier - cryptographically secure passphrase. will generate if necessary
+	 * @return string
+	 */
+	public function encrypt($text_to_encrypt, $encryption_key_identifier = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		// get initialization vector size
+		$iv_length = openssl_cipher_iv_length($cipher_method);
+		// generate initialization vector.
+		// The second parameter ("crypto_strong") is passed by reference,
+		// and is used to determines if the algorithm used was "cryptographically strong"
+		// openssl_random_pseudo_bytes() will toggle it to either true or false
+		$iv = openssl_random_pseudo_bytes($iv_length, $is_strong);
+		if ($iv === false || $is_strong === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
+			);
+		}
+		$key = $this->getDigestHashValue($encryption_key);
+		// encrypt it
+		$encrypted_text = openssl_encrypt(
+			$text_to_encrypt,
+			$cipher_method,
+			$key,
+			OPENSSL_RAW_DATA,
+			$iv
+		);
+		$encrypted_text = trim($encrypted_text);
+		// hash the raw encrypted text
+		$hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
+		// concatenate everything into one big string and encode it
+		return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
+	}
 
 
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text            - the text to be decrypted
-     * @param string $encryption_key_identifier - cryptographically secure passphrase. will use default if necessary
-     * @return string
-     */
-    public function decrypt($encrypted_text, $encryption_key_identifier = '')
-    {
-        $cipher_method  = $this->cipher_method->getCipherMethod();
-        $encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
-        $key            = $this->getDigestHashValue($encryption_key);
-        // decode our concatenated string
-        $encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
-        // get the string lengths used for the hash and iv
-        $hash_length = $this->calculateHashLength($encryption_key);
-        $iv_length   = openssl_cipher_iv_length($cipher_method);
-        // use the above lengths to snip the required values from the decoded string
-        $iv                 = substr($encrypted_text, 0, $iv_length);
-        $hmac               = substr($encrypted_text, $iv_length, $hash_length);
-        $encrypted_text_raw = substr($encrypted_text, $iv_length + $hash_length);
-        // rehash the original raw encrypted text
-        $rehash_mac = hash_hmac($this->getHashAlgorithm(), $encrypted_text_raw, $key, true);
-        // timing attack safe comparison to determine if anything has changed
-        if (hash_equals($hmac, $rehash_mac)) {
-            // looks good, decrypt it, trim it, and return it
-            return trim(
-                openssl_decrypt(
-                    $encrypted_text_raw,
-                    $this->cipher_method->getCipherMethod(),
-                    $key,
-                    OPENSSL_RAW_DATA,
-                    $iv
-                )
-            );
-        }
-        throw new RuntimeException(
-            esc_html__(
-                'Decryption failed because a hash comparison of the original text and the decrypted text was not the same, meaning something in the system or the encrypted data has changed.',
-                'event_espresso'
-            )
-        );
-    }
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text            - the text to be decrypted
+	 * @param string $encryption_key_identifier - cryptographically secure passphrase. will use default if necessary
+	 * @return string
+	 */
+	public function decrypt($encrypted_text, $encryption_key_identifier = '')
+	{
+		$cipher_method  = $this->cipher_method->getCipherMethod();
+		$encryption_key = $this->encryption_key_manager->getEncryptionKey($encryption_key_identifier);
+		$key            = $this->getDigestHashValue($encryption_key);
+		// decode our concatenated string
+		$encrypted_text = $this->base64_encoder->decodeString($encrypted_text);
+		// get the string lengths used for the hash and iv
+		$hash_length = $this->calculateHashLength($encryption_key);
+		$iv_length   = openssl_cipher_iv_length($cipher_method);
+		// use the above lengths to snip the required values from the decoded string
+		$iv                 = substr($encrypted_text, 0, $iv_length);
+		$hmac               = substr($encrypted_text, $iv_length, $hash_length);
+		$encrypted_text_raw = substr($encrypted_text, $iv_length + $hash_length);
+		// rehash the original raw encrypted text
+		$rehash_mac = hash_hmac($this->getHashAlgorithm(), $encrypted_text_raw, $key, true);
+		// timing attack safe comparison to determine if anything has changed
+		if (hash_equals($hmac, $rehash_mac)) {
+			// looks good, decrypt it, trim it, and return it
+			return trim(
+				openssl_decrypt(
+					$encrypted_text_raw,
+					$this->cipher_method->getCipherMethod(),
+					$key,
+					OPENSSL_RAW_DATA,
+					$iv
+				)
+			);
+		}
+		throw new RuntimeException(
+			esc_html__(
+				'Decryption failed because a hash comparison of the original text and the decrypted text was not the same, meaning something in the system or the encrypted data has changed.',
+				'event_espresso'
+			)
+		);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -120,7 +120,7 @@
         // hash the raw encrypted text
         $hmac = hash_hmac($this->getHashAlgorithm(), $encrypted_text, $key, true);
         // concatenate everything into one big string and encode it
-        return $this->base64_encoder->encodeString($iv . $hmac . $encrypted_text);
+        return $this->base64_encoder->encodeString($iv.$hmac.$encrypted_text);
     }