|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* This file is part of the Mediapart LaPresseLibre Library. |
|
5
|
|
|
* |
|
6
|
|
|
* CC BY-NC-SA <https://github.com/mediapart/lapresselibre> |
|
7
|
|
|
* |
|
8
|
|
|
* For the full license information, please view the LICENSE |
|
9
|
|
|
* file that was distributed with this source code. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Mediapart\LaPresseLibre\Security; |
|
13
|
|
|
|
|
14
|
|
|
use Psr\Log\LoggerAwareInterface; |
|
15
|
|
|
use Psr\Log\NullLogger; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* Used to encrypt/decrypt messages has described in the API specifications. |
|
19
|
|
|
* |
|
20
|
|
|
* @see https://github.com/NextINpact/LaPresseLibreSDK/wiki/Fonctionnement-des-web-services#g%C3%A9n%C3%A9ralit%C3%A9s |
|
21
|
|
|
*/ |
|
22
|
|
|
class Encryption implements LoggerAwareInterface |
|
23
|
|
|
{ |
|
24
|
|
|
use \Psr\Log\LoggerAwareTrait; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* @var string |
|
28
|
|
|
*/ |
|
29
|
|
|
private $password; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* @var int |
|
33
|
|
|
*/ |
|
34
|
|
|
private $iv; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @var int |
|
38
|
|
|
*/ |
|
39
|
|
|
private $options = 0; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* @var string |
|
43
|
|
|
*/ |
|
44
|
|
|
private $method = 'AES-256-CBC'; |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* @param mixed $password |
|
48
|
|
|
* @param mixed $iv |
|
49
|
|
|
* @param int $options |
|
50
|
|
|
*/ |
|
51
|
|
|
public function __construct($password, $iv = null, $options = OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING) |
|
52
|
|
|
{ |
|
53
|
|
|
if (null == $iv) { |
|
54
|
|
|
$iv_len = openssl_cipher_iv_length($this->method); |
|
55
|
|
|
$iv = openssl_random_pseudo_bytes($iv_len); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
$this->password = $password; |
|
59
|
|
|
$this->iv = $iv; |
|
|
|
|
|
|
60
|
|
|
$this->options = $options; |
|
61
|
|
|
$this->logger = new NullLogger(); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* @param string $message |
|
66
|
|
|
* |
|
67
|
|
|
* @return string Crypted message |
|
68
|
|
|
*/ |
|
69
|
|
|
public function encrypt($message, $options = null) |
|
70
|
|
|
{ |
|
71
|
|
|
$options = !is_null($options) ? $options : $this->options; |
|
72
|
|
|
$result = json_encode($message); |
|
73
|
|
|
$result = openssl_encrypt( |
|
74
|
|
|
$result, |
|
75
|
|
|
$this->method, |
|
76
|
|
|
$this->password, |
|
77
|
|
|
$options, |
|
|
|
|
|
|
78
|
|
|
$this->iv |
|
79
|
|
|
); |
|
80
|
|
|
$result = base64_encode($result); |
|
81
|
|
|
|
|
82
|
|
|
$this->logger->debug('Encrypting message', [$message, $result]); |
|
83
|
|
|
|
|
84
|
|
|
return $result; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* @param string $message Crypted message |
|
89
|
|
|
* |
|
90
|
|
|
* @return string Uncrypted message |
|
91
|
|
|
*/ |
|
92
|
|
|
public function decrypt($message, $options = null) |
|
93
|
|
|
{ |
|
94
|
|
|
$options = !is_null($options) ? $options : $this->options; |
|
95
|
|
|
$result = base64_decode($message); |
|
96
|
|
|
$result = openssl_decrypt( |
|
97
|
|
|
$result, |
|
98
|
|
|
$this->method, |
|
99
|
|
|
$this->password, |
|
100
|
|
|
$options, |
|
|
|
|
|
|
101
|
|
|
$this->iv |
|
102
|
|
|
); |
|
103
|
|
|
$result = rtrim($result, "\0"); |
|
104
|
|
|
|
|
105
|
|
|
$decodedJson = json_decode($result, true); |
|
106
|
|
|
$result = null!==$decodedJson ? $decodedJson : $result; |
|
107
|
|
|
|
|
108
|
|
|
$this->logger->debug('Uncrypting message', [$message, $result]); |
|
109
|
|
|
|
|
110
|
|
|
return $result; |
|
111
|
|
|
} |
|
112
|
|
|
} |
|
113
|
|
|
|
mediapart /
lapresselibre
Loading history...
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountIdthat can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theidproperty of an instance of theAccountclass. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.