1 | <?php |
||||
2 | |||||
3 | namespace Pronamic\WordPress\Pay\Gateways\IDealAdvancedV3; |
||||
4 | |||||
5 | use Pronamic\WordPress\Pay\AbstractGatewayIntegration; |
||||
0 ignored issues
–
show
|
|||||
6 | |||||
7 | /** |
||||
8 | * Title: iDEAL Advanced v3 integration |
||||
9 | * Description: |
||||
10 | * Copyright: 2005-2020 Pronamic |
||||
11 | * Company: Pronamic |
||||
12 | * |
||||
13 | * @author Remco Tolsma |
||||
14 | * @version 2.0.5 |
||||
15 | * @since 2.0.0 |
||||
16 | */ |
||||
17 | class Integration extends AbstractGatewayIntegration { |
||||
18 | /** |
||||
19 | * Construct iDEAL Advanced v3 integration. |
||||
20 | * |
||||
21 | * @param array $args Arguments. |
||||
22 | */ |
||||
23 | public function __construct( $args = array() ) { |
||||
24 | $args = wp_parse_args( |
||||
25 | $args, |
||||
26 | array( |
||||
27 | 'id' => 'ideal-advanced-v3', |
||||
28 | 'name' => 'iDEAL Advanced v3', |
||||
29 | 'url' => \__( 'https://www.ideal.nl/en/', 'pronamic_ideal' ), |
||||
30 | 'product_url' => \__( 'https://www.ideal.nl/en/', 'pronamic_ideal' ), |
||||
31 | 'manual_url' => null, |
||||
32 | 'dashboard_url' => null, |
||||
33 | 'provider' => null, |
||||
34 | 'aquirer_url' => null, |
||||
35 | 'aquirer_test_url' => null, |
||||
36 | 'supports' => array( |
||||
37 | 'payment_status_request', |
||||
38 | ), |
||||
39 | ) |
||||
40 | ); |
||||
41 | |||||
42 | parent::__construct( $args ); |
||||
43 | |||||
44 | // Acquirer URL. |
||||
45 | $this->aquirer_url = $args['aquirer_url']; |
||||
0 ignored issues
–
show
|
|||||
46 | $this->aquirer_test_url = $args['aquirer_test_url']; |
||||
0 ignored issues
–
show
|
|||||
47 | |||||
48 | // Actions. |
||||
49 | add_action( 'current_screen', array( $this, 'maybe_download_private_certificate' ) ); |
||||
50 | add_action( 'current_screen', array( $this, 'maybe_download_private_key' ) ); |
||||
51 | } |
||||
52 | |||||
53 | public function get_settings_fields() { |
||||
54 | $fields = parent::get_settings_fields(); |
||||
55 | |||||
56 | /* |
||||
57 | * Private Key and Certificate |
||||
58 | */ |
||||
59 | |||||
60 | // Private key and certificate information. |
||||
61 | $fields[] = array( |
||||
62 | 'section' => 'general', |
||||
63 | 'title' => __( 'Private key and certificate', 'pronamic_ideal' ), |
||||
64 | 'type' => 'description', |
||||
65 | 'callback' => array( $this, 'field_security' ), |
||||
66 | ); |
||||
67 | |||||
68 | // Organization. |
||||
69 | $fields[] = array( |
||||
70 | 'section' => 'general', |
||||
71 | 'filter' => FILTER_SANITIZE_STRING, |
||||
72 | 'group' => 'pk-cert', |
||||
73 | 'meta_key' => '_pronamic_gateway_organization', |
||||
74 | 'title' => __( 'Organization', 'pronamic_ideal' ), |
||||
75 | 'type' => 'text', |
||||
76 | 'tooltip' => __( 'Organization name, e.g. Pronamic', 'pronamic_ideal' ), |
||||
77 | ); |
||||
78 | |||||
79 | // Organization Unit. |
||||
80 | $fields[] = array( |
||||
81 | 'section' => 'general', |
||||
82 | 'filter' => FILTER_SANITIZE_STRING, |
||||
83 | 'group' => 'pk-cert', |
||||
84 | 'meta_key' => '_pronamic_gateway_organization_unit', |
||||
85 | 'title' => __( 'Organization Unit', 'pronamic_ideal' ), |
||||
86 | 'type' => 'text', |
||||
87 | 'tooltip' => __( 'Organization unit, e.g. Administration', 'pronamic_ideal' ), |
||||
88 | ); |
||||
89 | |||||
90 | // Locality. |
||||
91 | $fields[] = array( |
||||
92 | 'section' => 'general', |
||||
93 | 'filter' => FILTER_SANITIZE_STRING, |
||||
94 | 'group' => 'pk-cert', |
||||
95 | 'meta_key' => '_pronamic_gateway_locality', |
||||
96 | 'title' => __( 'City', 'pronamic_ideal' ), |
||||
97 | 'type' => 'text', |
||||
98 | 'tooltip' => __( 'City, e.g. Amsterdam', 'pronamic_ideal' ), |
||||
99 | ); |
||||
100 | |||||
101 | // State or Province. |
||||
102 | $fields[] = array( |
||||
103 | 'section' => 'general', |
||||
104 | 'filter' => FILTER_SANITIZE_STRING, |
||||
105 | 'group' => 'pk-cert', |
||||
106 | 'meta_key' => '_pronamic_gateway_state_or_province', |
||||
107 | 'title' => __( 'State / province', 'pronamic_ideal' ), |
||||
108 | 'type' => 'text', |
||||
109 | 'tooltip' => __( 'State or province, e.g. Friesland', 'pronamic_ideal' ), |
||||
110 | ); |
||||
111 | |||||
112 | // Country. |
||||
113 | $locale = explode( '_', get_locale() ); |
||||
114 | |||||
115 | $locale = array_pop( $locale ); |
||||
116 | |||||
117 | $fields[] = array( |
||||
118 | 'section' => 'general', |
||||
119 | 'filter' => FILTER_SANITIZE_STRING, |
||||
120 | 'group' => 'pk-cert', |
||||
121 | 'meta_key' => '_pronamic_gateway_country', |
||||
122 | 'title' => __( 'Country', 'pronamic_ideal' ), |
||||
123 | 'type' => 'text', |
||||
124 | 'tooltip' => sprintf( |
||||
125 | '%s %s (ISO-3166-1 alpha-2)', |
||||
126 | __( '2 letter country code, e.g.', 'pronamic_ideal' ), |
||||
127 | strtoupper( $locale ) |
||||
128 | ), |
||||
129 | 'size' => 2, |
||||
130 | 'description' => sprintf( |
||||
131 | '%s %s', |
||||
132 | __( '2 letter country code, e.g.', 'pronamic_ideal' ), |
||||
133 | strtoupper( $locale ) |
||||
134 | ), |
||||
135 | ); |
||||
136 | |||||
137 | // Email Address. |
||||
138 | $fields[] = array( |
||||
139 | 'section' => 'general', |
||||
140 | 'filter' => FILTER_SANITIZE_STRING, |
||||
141 | 'group' => 'pk-cert', |
||||
142 | 'meta_key' => '_pronamic_gateway_email', |
||||
143 | 'title' => __( 'E-mail address', 'pronamic_ideal' ), |
||||
144 | 'tooltip' => sprintf( |
||||
145 | /* translators: %s: admin email */ |
||||
146 | __( 'E-mail address, e.g. %s', 'pronamic_ideal' ), |
||||
147 | (string) get_option( 'admin_email' ) |
||||
148 | ), |
||||
149 | 'type' => 'text', |
||||
150 | ); |
||||
151 | |||||
152 | // Number Days Valid. |
||||
153 | $fields[] = array( |
||||
154 | 'section' => 'general', |
||||
155 | 'filter' => FILTER_SANITIZE_NUMBER_INT, |
||||
156 | 'group' => 'pk-cert', |
||||
157 | 'meta_key' => '_pronamic_gateway_number_days_valid', |
||||
158 | 'title' => __( 'Number Days Valid', 'pronamic_ideal' ), |
||||
159 | 'type' => 'text', |
||||
160 | 'default' => 1825, |
||||
161 | 'tooltip' => __( 'Number of days the generated certificate will be valid for, e.g. 1825 days for the maximum duration of 5 years.', 'pronamic_ideal' ), |
||||
162 | ); |
||||
163 | |||||
164 | // Private Key Password. |
||||
165 | $fields[] = array( |
||||
166 | 'section' => 'general', |
||||
167 | 'filter' => FILTER_SANITIZE_STRING, |
||||
168 | 'group' => 'pk-cert', |
||||
169 | 'meta_key' => '_pronamic_gateway_ideal_private_key_password', |
||||
170 | 'title' => __( 'Private Key Password', 'pronamic_ideal' ), |
||||
171 | 'type' => 'text', |
||||
172 | 'classes' => array( 'regular-text', 'code' ), |
||||
173 | 'default' => wp_generate_password(), |
||||
174 | 'tooltip' => __( 'A random password which will be used for the generation of the private key and certificate.', 'pronamic_ideal' ), |
||||
175 | ); |
||||
176 | |||||
177 | // Private Key. |
||||
178 | $fields[] = array( |
||||
179 | 'section' => 'general', |
||||
180 | 'filter' => FILTER_SANITIZE_STRING, |
||||
181 | 'group' => 'pk-cert', |
||||
182 | 'meta_key' => '_pronamic_gateway_ideal_private_key', |
||||
183 | 'title' => __( 'Private Key', 'pronamic_ideal' ), |
||||
184 | 'type' => 'textarea', |
||||
185 | 'callback' => array( $this, 'field_private_key' ), |
||||
186 | 'classes' => array( 'code' ), |
||||
187 | 'tooltip' => __( 'The private key is used for secure communication with the payment provider. If left empty, the private key will be generated using the given private key password.', 'pronamic_ideal' ), |
||||
188 | ); |
||||
189 | |||||
190 | // Private Certificate. |
||||
191 | $fields[] = array( |
||||
192 | 'section' => 'general', |
||||
193 | 'filter' => FILTER_SANITIZE_STRING, |
||||
194 | 'group' => 'pk-cert', |
||||
195 | 'meta_key' => '_pronamic_gateway_ideal_private_certificate', |
||||
196 | 'title' => __( 'Private Certificate', 'pronamic_ideal' ), |
||||
197 | 'type' => 'textarea', |
||||
198 | 'callback' => array( $this, 'field_private_certificate' ), |
||||
199 | 'classes' => array( 'code' ), |
||||
200 | 'tooltip' => __( 'The certificate is used for secure communication with the payment provider. If left empty, the certificate will be generated using the private key and given organization details.', 'pronamic_ideal' ), |
||||
201 | ); |
||||
202 | |||||
203 | // Return. |
||||
204 | return $fields; |
||||
205 | } |
||||
206 | |||||
207 | /** |
||||
208 | * Field security |
||||
209 | * |
||||
210 | * @param array $field Field. |
||||
211 | */ |
||||
212 | public function field_security( $field ) { |
||||
213 | $certificate = get_post_meta( get_the_ID(), '_pronamic_gateway_ideal_private_certificate', true ); |
||||
0 ignored issues
–
show
It seems like
get_the_ID() can also be of type false ; however, parameter $post_id of get_post_meta() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
214 | |||||
215 | ?> |
||||
216 | <p> |
||||
217 | <?php if ( empty( $certificate ) ) : ?> |
||||
218 | |||||
219 | <span |
||||
220 | class="dashicons dashicons-no"></span> <?php esc_html_e( 'The private key and certificate have not yet been configured.', 'pronamic_ideal' ); ?> |
||||
221 | <br/> |
||||
222 | |||||
223 | <br/> |
||||
224 | |||||
225 | <?php esc_html_e( 'A private key and certificate are required for communication with the payment provider. Enter the organization details from the iDEAL account below to generate these required files.', 'pronamic_ideal' ); ?> |
||||
226 | |||||
227 | <?php else : ?> |
||||
228 | |||||
229 | <span |
||||
230 | class="dashicons dashicons-yes"></span> <?php esc_html_e( 'A private key and certificate have been configured. The certificate must be uploaded to the payment provider dashboard to complete configuration.', 'pronamic_ideal' ); ?> |
||||
231 | <br/> |
||||
232 | |||||
233 | <br/> |
||||
234 | |||||
235 | <?php |
||||
236 | |||||
237 | submit_button( |
||||
238 | __( 'Download certificate', 'pronamic_ideal' ), |
||||
239 | 'secondary', |
||||
240 | 'download_private_certificate', |
||||
241 | false |
||||
242 | ); |
||||
243 | |||||
244 | ?> |
||||
245 | |||||
246 | <?php endif; ?> |
||||
247 | </p> |
||||
248 | <?php |
||||
249 | } |
||||
250 | |||||
251 | /** |
||||
252 | * Field private key. |
||||
253 | * |
||||
254 | * @param array $field Field. |
||||
255 | */ |
||||
256 | public function field_private_key( $field ) { |
||||
257 | $private_key = get_post_meta( get_the_ID(), '_pronamic_gateway_ideal_private_key', true ); |
||||
0 ignored issues
–
show
It seems like
get_the_ID() can also be of type false ; however, parameter $post_id of get_post_meta() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
258 | $private_key_password = get_post_meta( get_the_ID(), '_pronamic_gateway_ideal_private_key_password', true ); |
||||
259 | $number_days_valid = get_post_meta( get_the_ID(), '_pronamic_gateway_number_days_valid', true ); |
||||
260 | |||||
261 | $filename = __( 'ideal.key', 'pronamic_ideal' ); |
||||
262 | |||||
263 | if ( ! empty( $private_key_password ) && ! empty( $number_days_valid ) ) { |
||||
264 | $command = sprintf( |
||||
265 | 'openssl genrsa -aes128 -out %s -passout pass:%s 2048', |
||||
266 | escapeshellarg( $filename ), |
||||
267 | escapeshellarg( $private_key_password ) |
||||
268 | ); |
||||
269 | |||||
270 | ?> |
||||
271 | |||||
272 | <p><?php esc_html_e( 'OpenSSL command', 'pronamic_ideal' ); ?></p> |
||||
273 | <input id="pronamic_ideal_openssl_command_key" name="pronamic_ideal_openssl_command_key" value="<?php echo esc_attr( $command ); ?>" type="text" class="large-text code" readonly="readonly"/> |
||||
274 | |||||
275 | <?php |
||||
276 | } else { |
||||
277 | printf( |
||||
278 | '<p class="pronamic-pay-description description">%s</p>', |
||||
279 | esc_html__( 'Leave empty and save the configuration to generate the private key or view the OpenSSL command.', 'pronamic_ideal' ) |
||||
280 | ); |
||||
281 | } |
||||
282 | |||||
283 | ?> |
||||
284 | <p> |
||||
285 | <?php |
||||
286 | |||||
287 | if ( ! empty( $private_key ) ) { |
||||
288 | submit_button( |
||||
289 | __( 'Download', 'pronamic_ideal' ), |
||||
290 | 'secondary', |
||||
291 | 'download_private_key', |
||||
292 | false |
||||
293 | ); |
||||
294 | |||||
295 | echo ' '; |
||||
296 | } |
||||
297 | |||||
298 | printf( |
||||
299 | '<label class="pronamic-pay-form-control-file-button button">%s <input type="file" name="%s" /></label>', |
||||
300 | esc_html__( 'Upload', 'pronamic_ideal' ), |
||||
301 | '_pronamic_gateway_ideal_private_key_file' |
||||
302 | ); |
||||
303 | |||||
304 | ?> |
||||
305 | </p> |
||||
306 | <?php |
||||
307 | } |
||||
308 | |||||
309 | /** |
||||
310 | * Field private certificate. |
||||
311 | * |
||||
312 | * @param array $field Field. |
||||
313 | */ |
||||
314 | public function field_private_certificate( $field ) { |
||||
315 | $certificate = get_post_meta( get_the_ID(), '_pronamic_gateway_ideal_private_certificate', true ); |
||||
0 ignored issues
–
show
It seems like
get_the_ID() can also be of type false ; however, parameter $post_id of get_post_meta() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
316 | |||||
317 | $private_key_password = get_post_meta( get_the_ID(), '_pronamic_gateway_ideal_private_key_password', true ); |
||||
318 | $number_days_valid = get_post_meta( get_the_ID(), '_pronamic_gateway_number_days_valid', true ); |
||||
319 | |||||
320 | $filename_key = __( 'ideal.key', 'pronamic_ideal' ); |
||||
321 | $filename_cer = __( 'ideal.cer', 'pronamic_ideal' ); |
||||
322 | |||||
323 | // @link http://www.openssl.org/docs/apps/req.html |
||||
324 | $subj_args = array( |
||||
325 | 'C' => get_post_meta( get_the_ID(), '_pronamic_gateway_country', true ), |
||||
326 | 'ST' => get_post_meta( get_the_ID(), '_pronamic_gateway_state_or_province', true ), |
||||
327 | 'L' => get_post_meta( get_the_ID(), '_pronamic_gateway_locality', true ), |
||||
328 | 'O' => get_post_meta( get_the_ID(), '_pronamic_gateway_organization', true ), |
||||
329 | 'OU' => get_post_meta( get_the_ID(), '_pronamic_gateway_organization_unit', true ), |
||||
330 | 'CN' => get_post_meta( get_the_ID(), '_pronamic_gateway_organization', true ), |
||||
331 | 'emailAddress' => get_post_meta( get_the_ID(), '_pronamic_gateway_email', true ), |
||||
332 | ); |
||||
333 | |||||
334 | $subj_args = array_filter( $subj_args ); |
||||
335 | |||||
336 | $subj = ''; |
||||
337 | foreach ( $subj_args as $type => $value ) { |
||||
338 | $subj .= '/' . $type . '=' . addslashes( $value ); |
||||
339 | } |
||||
340 | |||||
341 | if ( ! empty( $subj ) ) { |
||||
342 | $command = trim( |
||||
343 | sprintf( |
||||
344 | 'openssl req -x509 -sha256 -new -key %s -passin pass:%s -days %s -out %s %s', |
||||
345 | escapeshellarg( $filename_key ), |
||||
346 | escapeshellarg( $private_key_password ), |
||||
0 ignored issues
–
show
It seems like
$private_key_password can also be of type false ; however, parameter $arg of escapeshellarg() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
347 | escapeshellarg( $number_days_valid ), |
||||
348 | escapeshellarg( $filename_cer ), |
||||
349 | empty( $subj ) ? '' : sprintf( '-subj %s', escapeshellarg( $subj ) ) |
||||
350 | ) |
||||
351 | ); |
||||
352 | |||||
353 | ?> |
||||
354 | |||||
355 | <p><?php esc_html_e( 'OpenSSL command', 'pronamic_ideal' ); ?></p> |
||||
356 | <input id="pronamic_ideal_openssl_command_certificate" name="pronamic_ideal_openssl_command_certificate" value="<?php echo esc_attr( $command ); ?>" type="text" class="large-text code" readonly="readonly"/> |
||||
357 | |||||
358 | <?php |
||||
359 | } else { |
||||
360 | printf( |
||||
361 | '<p class="pronamic-pay-description description">%s</p>', |
||||
362 | esc_html__( 'Leave empty and save the configuration to generate the certificate or view the OpenSSL command.', 'pronamic_ideal' ) |
||||
363 | ); |
||||
364 | } |
||||
365 | |||||
366 | if ( ! empty( $certificate ) ) { |
||||
367 | $fingerprint = Security::get_sha_fingerprint( $certificate ); |
||||
368 | $fingerprint = str_split( $fingerprint, 2 ); |
||||
369 | $fingerprint = implode( ':', $fingerprint ); |
||||
370 | |||||
371 | echo '<dl>'; |
||||
372 | |||||
373 | echo '<dt>', esc_html__( 'SHA Fingerprint', 'pronamic_ideal' ), '</dt>'; |
||||
374 | echo '<dd>', esc_html( $fingerprint ), '</dd>'; |
||||
375 | |||||
376 | $info = openssl_x509_parse( $certificate ); |
||||
377 | |||||
378 | if ( $info ) { |
||||
0 ignored issues
–
show
The expression
$info of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||||
379 | $date_format = __( 'M j, Y @ G:i', 'pronamic_ideal' ); |
||||
380 | |||||
381 | if ( isset( $info['validFrom_time_t'] ) ) { |
||||
382 | echo '<dt>', esc_html__( 'Valid From', 'pronamic_ideal' ), '</dt>'; |
||||
383 | echo '<dd>', esc_html( date_i18n( $date_format, $info['validFrom_time_t'] ) ), '</dd>'; |
||||
384 | } |
||||
385 | |||||
386 | if ( isset( $info['validTo_time_t'] ) ) { |
||||
387 | echo '<dt>', esc_html__( 'Valid To', 'pronamic_ideal' ), '</dt>'; |
||||
388 | echo '<dd>', esc_html( date_i18n( $date_format, $info['validTo_time_t'] ) ), '</dd>'; |
||||
389 | } |
||||
390 | } |
||||
391 | |||||
392 | echo '</dl>'; |
||||
393 | } |
||||
394 | |||||
395 | ?> |
||||
396 | <p> |
||||
397 | <?php |
||||
398 | |||||
399 | if ( ! empty( $certificate ) ) { |
||||
400 | submit_button( |
||||
401 | __( 'Download', 'pronamic_ideal' ), |
||||
402 | 'secondary', |
||||
403 | 'download_private_certificate', |
||||
404 | false |
||||
405 | ); |
||||
406 | |||||
407 | echo ' '; |
||||
408 | } |
||||
409 | |||||
410 | printf( |
||||
411 | '<label class="pronamic-pay-form-control-file-button button">%s <input type="file" name="%s" /></label>', |
||||
412 | esc_html__( 'Upload', 'pronamic_ideal' ), |
||||
413 | '_pronamic_gateway_ideal_private_certificate_file' |
||||
414 | ); |
||||
415 | |||||
416 | ?> |
||||
417 | </p> |
||||
418 | <?php |
||||
419 | } |
||||
420 | |||||
421 | /** |
||||
422 | * Download private certificate |
||||
423 | */ |
||||
424 | public function maybe_download_private_certificate() { |
||||
425 | if ( filter_has_var( INPUT_POST, 'download_private_certificate' ) ) { |
||||
426 | $post_id = filter_input( INPUT_POST, 'post_ID', FILTER_SANITIZE_STRING ); |
||||
427 | |||||
428 | $filename = sprintf( 'ideal-private-certificate-%s.cer', $post_id ); |
||||
429 | |||||
430 | header( 'Content-Description: File Transfer' ); |
||||
431 | header( 'Content-Disposition: attachment; filename=' . $filename ); |
||||
432 | header( 'Content-Type: application/x-x509-ca-cert; charset=' . get_option( 'blog_charset' ), true ); |
||||
0 ignored issues
–
show
Are you sure
get_option('blog_charset') of type false|mixed can be used in concatenation ?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
433 | |||||
434 | // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
||||
435 | echo get_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', true ); |
||||
0 ignored issues
–
show
Are you sure
get_post_meta($post_id, ...ate_certificate', true) of type false|mixed|string can be used in echo ?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
436 | |||||
437 | exit; |
||||
438 | } |
||||
439 | } |
||||
440 | |||||
441 | /** |
||||
442 | * Download private key |
||||
443 | */ |
||||
444 | public function maybe_download_private_key() { |
||||
445 | if ( filter_has_var( INPUT_POST, 'download_private_key' ) ) { |
||||
446 | $post_id = filter_input( INPUT_POST, 'post_ID', FILTER_SANITIZE_STRING ); |
||||
447 | |||||
448 | $filename = sprintf( 'ideal-private-key-%s.key', $post_id ); |
||||
449 | |||||
450 | header( 'Content-Description: File Transfer' ); |
||||
451 | header( 'Content-Disposition: attachment; filename=' . $filename ); |
||||
452 | header( 'Content-Type: application/pgp-keys; charset=' . get_option( 'blog_charset' ), true ); |
||||
0 ignored issues
–
show
Are you sure
get_option('blog_charset') of type false|mixed can be used in concatenation ?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
453 | |||||
454 | // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped |
||||
455 | echo get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', true ); |
||||
0 ignored issues
–
show
Are you sure
get_post_meta($post_id, ...eal_private_key', true) of type false|mixed|string can be used in echo ?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
456 | |||||
457 | exit; |
||||
458 | } |
||||
459 | } |
||||
460 | |||||
461 | /** |
||||
462 | * Save post. |
||||
463 | * |
||||
464 | * @param int $post_id Post ID. |
||||
465 | */ |
||||
466 | public function save_post( $post_id ) { |
||||
467 | // Files. |
||||
468 | $files = array( |
||||
469 | '_pronamic_gateway_ideal_private_key_file' => '_pronamic_gateway_ideal_private_key', |
||||
470 | '_pronamic_gateway_ideal_private_certificate_file' => '_pronamic_gateway_ideal_private_certificate', |
||||
471 | ); |
||||
472 | |||||
473 | foreach ( $files as $name => $meta_key ) { |
||||
474 | // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated |
||||
475 | if ( isset( $_FILES[ $name ] ) && UPLOAD_ERR_OK === $_FILES[ $name ]['error'] ) { |
||||
476 | // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized |
||||
477 | $value = file_get_contents( $_FILES[ $name ]['tmp_name'] ); |
||||
478 | |||||
479 | update_post_meta( $post_id, $meta_key, $value ); |
||||
480 | } |
||||
481 | } |
||||
482 | |||||
483 | // Generate private key and certificate. |
||||
484 | $private_key = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', true ); |
||||
485 | $private_key_password = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key_password', true ); |
||||
486 | |||||
487 | if ( empty( $private_key_password ) ) { |
||||
488 | // Without private key password we can't create private key and certifiate. |
||||
489 | return; |
||||
490 | } |
||||
491 | |||||
492 | if ( ! in_array( 'aes-128-cbc', openssl_get_cipher_methods(), true ) ) { |
||||
493 | // Without AES-128-CBC ciphter method we can't create private key and certificate. |
||||
494 | return; |
||||
495 | } |
||||
496 | |||||
497 | // Private key. |
||||
498 | $pkey = openssl_pkey_get_private( $private_key, $private_key_password ); |
||||
499 | |||||
500 | if ( false === $pkey ) { |
||||
501 | // If we can't open the private key we will create a new private key and certificate. |
||||
502 | if ( defined( 'OPENSSL_CIPHER_AES_128_CBC' ) ) { |
||||
503 | $cipher = OPENSSL_CIPHER_AES_128_CBC; |
||||
504 | } elseif ( defined( 'OPENSSL_CIPHER_3DES' ) ) { |
||||
505 | // @link https://www.pronamic.nl/wp-content/uploads/2011/12/iDEAL_Advanced_PHP_EN_V2.2.pdf |
||||
506 | $cipher = OPENSSL_CIPHER_3DES; |
||||
507 | } else { |
||||
508 | // Unable to create private key without cipher. |
||||
509 | return; |
||||
510 | } |
||||
511 | |||||
512 | $args = array( |
||||
513 | 'digest_alg' => 'SHA256', |
||||
514 | 'private_key_bits' => 2048, |
||||
515 | 'private_key_type' => OPENSSL_KEYTYPE_RSA, |
||||
516 | 'encrypt_key' => true, |
||||
517 | 'encrypt_key_cipher' => $cipher, |
||||
518 | 'subjectKeyIdentifier' => 'hash', |
||||
519 | 'authorityKeyIdentifier' => 'keyid:always,issuer:always', |
||||
520 | 'basicConstraints' => 'CA:true', |
||||
521 | ); |
||||
522 | |||||
523 | $pkey = openssl_pkey_new( $args ); |
||||
524 | |||||
525 | if ( false === $pkey ) { |
||||
526 | return; |
||||
527 | } |
||||
528 | |||||
529 | // Export key. |
||||
530 | $result = openssl_pkey_export( $pkey, $private_key, $private_key_password, $args ); |
||||
0 ignored issues
–
show
It seems like
$private_key can also be of type false ; however, parameter $out of openssl_pkey_export() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
531 | |||||
532 | if ( false === $result ) { |
||||
533 | return; |
||||
534 | } |
||||
535 | |||||
536 | update_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', $private_key ); |
||||
537 | |||||
538 | // Delete private certificate since this is no longer valid. |
||||
539 | delete_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate' ); |
||||
540 | } |
||||
541 | |||||
542 | // Certificate. |
||||
543 | $private_certificate = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', true ); |
||||
544 | $number_days_valid = get_post_meta( $post_id, '_pronamic_gateway_number_days_valid', true ); |
||||
545 | |||||
546 | if ( empty( $private_certificate ) ) { |
||||
547 | $required_keys = array( |
||||
548 | 'countryName', |
||||
549 | 'stateOrProvinceName', |
||||
550 | 'localityName', |
||||
551 | 'organizationName', |
||||
552 | 'commonName', |
||||
553 | 'emailAddress', |
||||
554 | ); |
||||
555 | |||||
556 | $distinguished_name = array( |
||||
557 | 'countryName' => get_post_meta( $post_id, '_pronamic_gateway_country', true ), |
||||
558 | 'stateOrProvinceName' => get_post_meta( $post_id, '_pronamic_gateway_state_or_province', true ), |
||||
559 | 'localityName' => get_post_meta( $post_id, '_pronamic_gateway_locality', true ), |
||||
560 | 'organizationName' => get_post_meta( $post_id, '_pronamic_gateway_organization', true ), |
||||
561 | 'organizationalUnitName' => get_post_meta( $post_id, '_pronamic_gateway_organization_unit', true ), |
||||
562 | 'commonName' => get_post_meta( $post_id, '_pronamic_gateway_organization', true ), |
||||
563 | 'emailAddress' => get_post_meta( $post_id, '_pronamic_gateway_email', true ), |
||||
564 | ); |
||||
565 | |||||
566 | $distinguished_name = array_filter( $distinguished_name ); |
||||
567 | |||||
568 | /* |
||||
569 | * Create certificate only if distinguished name contains all required elements |
||||
570 | * |
||||
571 | * @link http://stackoverflow.com/questions/13169588/how-to-check-if-multiple-array-keys-exists |
||||
572 | */ |
||||
573 | if ( count( array_intersect_key( array_flip( $required_keys ), $distinguished_name ) ) === count( $required_keys ) ) { |
||||
574 | $csr = openssl_csr_new( $distinguished_name, $pkey ); |
||||
575 | |||||
576 | $cert = openssl_csr_sign( $csr, null, $pkey, $number_days_valid, $args, time() ); |
||||
0 ignored issues
–
show
It seems like
$number_days_valid can also be of type false and string ; however, parameter $days of openssl_csr_sign() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
577 | |||||
578 | openssl_x509_export( $cert, $certificate ); |
||||
579 | |||||
580 | update_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', $certificate ); |
||||
581 | } |
||||
582 | } |
||||
583 | } |
||||
584 | |||||
585 | public function get_config( $post_id ) { |
||||
586 | $mode = get_post_meta( $post_id, '_pronamic_gateway_mode', true ); |
||||
587 | |||||
588 | $config = new Config(); |
||||
589 | |||||
590 | $config->payment_server_url = $this->aquirer_url; |
||||
591 | |||||
592 | if ( 'test' === $mode && null !== $this->aquirer_test_url ) { |
||||
593 | $config->payment_server_url = $this->aquirer_test_url; |
||||
594 | } |
||||
595 | |||||
596 | $config->merchant_id = get_post_meta( $post_id, '_pronamic_gateway_ideal_merchant_id', true ); |
||||
597 | $config->sub_id = get_post_meta( $post_id, '_pronamic_gateway_ideal_sub_id', true ); |
||||
598 | $config->purchase_id = get_post_meta( $post_id, '_pronamic_gateway_ideal_purchase_id', true ); |
||||
0 ignored issues
–
show
|
|||||
599 | |||||
600 | $config->private_key = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', true ); |
||||
601 | $config->private_key_password = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key_password', true ); |
||||
602 | $config->private_certificate = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', true ); |
||||
603 | |||||
604 | return $config; |
||||
605 | } |
||||
606 | |||||
607 | /** |
||||
608 | * Get gateway. |
||||
609 | * |
||||
610 | * @param int $post_id Post ID. |
||||
611 | * @return Gateway |
||||
612 | */ |
||||
613 | public function get_gateway( $post_id ) { |
||||
614 | return new Gateway( $this->get_config( $post_id ) ); |
||||
615 | } |
||||
616 | } |
||||
617 |
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths