/**
* Decrypt the given value.
*
* @param string $value
*
* @return string
*/
private function decrypt($value)
{
$this->checkKey();
$decoded = base64_decode($value);
$hmac = mb_substr($decoded, 0, 32, '8bit');
$iv = mb_substr($decoded, 32, 16, '8bit');
$cipher = mb_substr($decoded, 48, null, '8bit');
$calculated = hash_hmac('sha256', $iv . $cipher, $this->authentication, true);
if (Helpers::hashEquals($hmac, $calculated)) {
$value = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $cipher, 'ctr', $iv), "");
return json_decode($value, true);
}
}
/**
* Decrypt the given value.
*
* @param string $value
*
* @return string
*/
private function decrypt($value)
{
if (empty($this->key) || empty($this->authentication)) {
throw new RuntimeException('No crypt keys provided');
}
$decoded = base64_decode($value);
$hmac = mb_substr($decoded, 0, 32, '8bit');
$iv = mb_substr($decoded, 32, 16, '8bit');
$cipher = mb_substr($decoded, 48, null, '8bit');
$calculated = hash_hmac('sha256', $iv . $cipher, $this->authentication, true);
if (Helpers::hashEquals($hmac, $calculated)) {
$value = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $cipher, 'ctr', $iv), "");
return json_decode($value, true);
}
}
/**
* Validate the request.
*
* @param ServerRequestInterface $request
* @param array &$tokens
*
* @return bool
*/
private function validateRequest(ServerRequestInterface $request, array &$tokens)
{
$data = $request->getParsedBody();
if (!isset($data[$this->formIndex]) || !isset($data[$this->formToken])) {
return false;
}
$index = $data[$this->formIndex];
$token = $data[$this->formToken];
if (!isset($tokens[$index])) {
return false;
}
$stored = $tokens[$index];
unset($tokens[$index]);
$lockTo = $request->getUri()->getPath();
if (!Utils\Helpers::hashEquals($lockTo, $stored['lockTo'])) {
return false;
}
$expected = self::encode(hash_hmac('sha256', ClientIp::getIp($request), base64_decode($stored['token']), true));
return Utils\Helpers::hashEquals($token, $expected);
}
