/**
* Decrypt
*
* @param string $msg
* @param string $privateKey
* @return string
* @throws RuntimeException
*/
public function decrypt(string $msg, string $privateKey = '') : string
{
// get the session key
list($encryptedKey, $ciphertext) = explode(':', $msg, 2);
// decrypt the session key with privateKey
$sessionKey = $this->public->decrypt(base64_decode($encryptedKey), $privateKey);
//openssl_private_decrypt(base64_decode($encryptedKey), $sessionKey, $privateKey, $padding);
// encrypt the plaintext with symmetric algorithm
return $this->symmetric->decrypt($ciphertext, $sessionKey);
}
public function testVerify()
{
$value = 'value';
$signature = 'signature';
$badValue = 'bad_value';
$badSignature = 'bad_signature';
$this->algorithm->expects($this->exactly(2))->method('compute')->will($this->returnValueMap([[$value, $signature], [$badValue, 'wontverify']]));
$this->assertTrue($this->encryption->verify($value, $signature));
$this->assertFalse($this->encryption->verify($badValue, $badSignature));
}
/**
* If the token is valid, log in as the user.
*
* @param string $token
*/
protected function processRecoveryToken(string $token)
{
if (Util::stringLength($token) < UserAccounts::RECOVERY_CHAR_LENGTH) {
\Airship\redirect($this->airship_cabin_prefix . '/login');
}
$selector = Util::subString($token, 0, 32);
$validator = Util::subString($token, 32);
$ttl = (int) $this->config('password-reset.ttl');
if (empty($ttl)) {
\Airship\redirect($this->airship_cabin_prefix . '/login');
}
$recoveryInfo = $this->acct->getRecoveryData($selector, $ttl);
if (empty($recoveryInfo)) {
\Airship\redirect($this->airship_cabin_prefix . '/login');
}
$state = State::instance();
if (Symmetric::verify($validator . $recoveryInfo['userid'], $state->keyring['auth.recovery_key'], $recoveryInfo['hashedtoken'])) {
$_SESSION['userid'] = (int) $recoveryInfo['userid'];
$_SESSION['session_canary'] = $this->acct->createSessionCanary($recoveryInfo['userid']);
$this->acct->deleteRecoveryToken($selector);
\Airship\redirect($this->airship_cabin_prefix . '/my/account');
}
\Airship\redirect($this->airship_cabin_prefix . '/login');
}
/**
* Set a cache entry
*
* @param string $key
* @param $value
* @return mixed
*/
public function set(string $key, $value) : bool
{
// We will NOT use unserialize here.
$value = \json_encode($value);
if (!$value) {
return false;
}
if ($this->authKey) {
// We're authenticating this value:
$mac = Symmetric::authenticate($value, $this->authKey, true);
$value = $mac . $value;
}
$shmKey = $this->getSHMKey($key);
return \apcu_add($shmKey, $value);
}