/**
  * Decrypts the encrypted settings and returns the plaintext INI string
  *
  * @param $encrypted string The encrypted data
  *
  * @return string The decrypted data
  */
 public static function decryptSettings($encrypted, $key = null)
 {
     if (substr($encrypted, 0, 12) == '###AES128###') {
         $mode = 'AES128';
     } elseif (substr($encrypted, 0, 12) == '###CTR128###') {
         $mode = 'CTR128';
     } else {
         return $encrypted;
     }
     if (empty($key)) {
         $key = self::getKey();
     }
     $encrypted = substr($encrypted, 12);
     switch ($mode) {
         case 'AES128':
             $encrypted = base64_decode($encrypted);
             $decrypted = AEUtilEncrypt::AESDecryptCBC($encrypted, $key, 128);
             break;
         case 'CTR128':
             $decrypted = AEUtilEncrypt::AESDecryptCtr($encrypted, $key, 128);
             break;
     }
     return $decrypted;
 }
Exemple #2
0
 public function execute($json)
 {
     // Check if we're activated
     $enabled = AEPlatform::getInstance()->get_platform_configuration_option('frontend_enable', 0);
     if (!$enabled) {
         $this->data = 'Access denied';
         $this->status = self::STATUS_NOT_AVAILABLE;
         $this->encapsulation = self::ENCAPSULATION_RAW;
         return $this->getResponse();
     }
     // Try to JSON-decode the request's input first
     $request = @$this->json_decode($json, false);
     if (is_null($request)) {
         // Could not decode JSON
         $this->data = 'JSON decoding error';
         $this->status = self::STATUS_ERROR;
         $this->encapsulation = self::ENCAPSULATION_RAW;
         return $this->getResponse();
     }
     // Decode the request body
     // Request format: {encapsulation, body{ [key], [challenge], method, [data] }} or {[challenge], method, [data]}
     if (isset($request->encapsulation) && isset($request->body)) {
         if (!class_exists('AEUtilEncrypt') && !($request->encapsulation == self::ENCAPSULATION_RAW)) {
             // Encrypted request found, but there is no encryption class available!
             $this->data = 'This server does not support encrypted requests';
             $this->status = self::STATUS_NOT_AVAILABLE;
             $this->encapsulation = self::ENCAPSULATION_RAW;
             return $this->getResponse();
         }
         // Fully specified request
         switch ($request->encapsulation) {
             case self::ENCAPSULATION_AESCBC128:
                 if (!isset($body)) {
                     $request->body = base64_decode($request->body);
                     $body = AEUtilEncrypt::AESDecryptCBC($request->body, $this->serverKey(), 128);
                 }
                 break;
             case self::ENCAPSULATION_AESCBC256:
                 if (!isset($body)) {
                     $request->body = base64_decode($request->body);
                     $body = AEUtilEncrypt::AESDecryptCBC($request->body, $this->serverKey(), 256);
                 }
                 break;
             case self::ENCAPSULATION_AESCTR128:
                 if (!isset($body)) {
                     $body = AEUtilEncrypt::AESDecryptCtr($request->body, $this->serverKey(), 128);
                 }
                 break;
             case self::ENCAPSULATION_AESCTR256:
                 if (!isset($body)) {
                     $body = AEUtilEncrypt::AESDecryptCtr($request->body, $this->serverKey(), 256);
                 }
                 break;
             case self::ENCAPSULATION_RAW:
                 $body = $request->body;
                 break;
         }
         if (!empty($request->body)) {
             $body = rtrim($body, chr(0));
             $request->body = $this->json_decode($body);
             if (is_null($request->body)) {
                 // Decryption failed. The user is an imposter! Go away, hacker!
                 $this->data = 'Authentication failed';
                 $this->status = self::STATUS_NOT_AUTH;
                 $this->encapsulation = self::ENCAPSULATION_RAW;
                 return $this->getResponse();
             }
         }
     } elseif (isset($request->body)) {
         // Partially specified request, assume RAW encapsulation
         $request->encapsulation = self::ENCAPSULATION_RAW;
         $request->body = $this->json_decode($request->body);
     } else {
         // Legacy request
         $legacyRequest = clone $request;
         $request = (object) array('encapsulation' => self::ENCAPSULATION_RAW, 'body' => null);
         $request->body = $this->json_decode($legacyRequest);
         unset($legacyRequest);
     }
     // Authenticate the user. Do note that if an encrypted request was made, we can safely assume that
     // the user is authenticated (he already knows the server key!)
     if ($request->encapsulation == self::ENCAPSULATION_RAW) {
         $authenticated = false;
         if (isset($request->body->challenge)) {
             list($challenge, $check) = explode(':', $request->body->challenge);
             $crosscheck = strtolower(md5($challenge . $this->serverKey()));
             $authenticated = $crosscheck == $check;
         }
         if (!$authenticated) {
             // If the challenge was missing or it was wrong, don't let him go any further
             $this->data = 'Invalid login credentials';
             $this->status = self::STATUS_NOT_AUTH;
             $this->encapsulation = self::ENCAPSULATION_RAW;
             return $this->getResponse();
         }
     }
     // Replicate the encapsulation preferences of the client for our own output
     $this->encapsulation = $request->encapsulation;
     // Store the client-specified key, or use the server key if none specified and the request
     // came encrypted.
     $this->password = isset($request->body->key) ? $request->body->key : null;
     $hasKey = isset($request->body->key) || property_exists($request->body, 'key') ? !is_null($request->body->key) : false;
     if (!$hasKey && $request->encapsulation != self::ENCAPSULATION_RAW) {
         $this->password = $this->serverKey();
     }
     // Does the specified method exist?
     $method_exists = false;
     $method_name = '';
     if (isset($request->body->method)) {
         $method_name = ucfirst($request->body->method);
         $this->method_name = $method_name;
         $method_exists = method_exists($this, '_api' . $method_name);
     }
     if (!$method_exists) {
         // The requested method doesn't exist. Oops!
         $this->data = "Invalid method {$method_name}";
         $this->status = self::STATUS_INVALID_METHOD;
         $this->encapsulation = self::ENCAPSULATION_RAW;
         return $this->getResponse();
     }
     // Run the method
     $params = array();
     if (isset($request->body->data)) {
         $params = (array) $request->body->data;
     }
     $this->data = call_user_func(array($this, '_api' . $method_name), $params);
     return $this->getResponse();
 }