public static function decrypt($keyString, $data)
{
$pos = strrpos($data, TPSecurityUtils::DELIM);
if ($pos > 0) {
$data = substr($data, 0, $pos);
}
$data = TPSecurityUtils::urldesafe($data);
if (strlen($keyString) > 32) {
$keyString = substr($keyString, 0, 32);
}
if (strlen($keyString) < 32) {
$keyString = str_pad($keyString, 32, 'X');
}
$iv = TPSecurityUtils::genRandomString(16);
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
if (mcrypt_generic_init($cipher, $keyString, $iv) != -1) {
$cipherText = mdecrypt_generic($cipher, $data);
mcrypt_generic_deinit($cipher);
mcrypt_module_close($cipher);
$endCharVal = ord(substr($cipherText, strlen($cipherText) - 1, 1));
if ($endCharVal <= 16 && $endCharVal >= 0) {
$cipherText = substr($cipherText, 0, 0 - $endCharVal);
//Remove the padding (ascii value == ammount of padding)
}
return $cipherText;
}
}
public function buildSignature($method, $action, $query)
{
$aq = $this->buildURL($method, $action, $query);
$signStr = $this->config->AID . ":" . TPSecurityUtils::hashHmacSha($this->config->PRIVATE_KEY, $method . " " . $aq);
return $signStr;
}
/**
* Process found webhook data
*
* @param string $data encrypted data
*
* @return TinypassWebhookResult
* @throws Exception
*/
public function processWebhookData($data)
{
// Decrypt data
$data = TPSecurityUtils::decrypt($this->privateKey(), $data);
if (false === $data) {
throw new Exception(__('Failed to decrypt data', 'tinypass'));
}
// Data expected to be in json
$data = json_decode($data, true);
if (null === $data) {
throw new Exception(__('Failed to parse data', 'tinypass'));
}
// Data should always have event_type and version attributes
if (!isset($data['type']) || !isset($data['version'])) {
throw new Exception(__('Invalid webhook data', 'tinypass'));
}
// Check if configured application id differs from provided by tinypass
if (self::appId() != (isset($data['aid']) ? $data['aid'] : '')) {
throw new Exception(__('Invalid application id', 'tinypass'));
}
switch ($data['type']) {
// Event to key / unkey content
case 'content_algorithm':
if ($data['version'] == 2) {
return $this->webhookAlgorithmicKey(isset($data['content_id']) ? $data['content_id'] : '', isset($data['event']) ? $data['event'] : '');
}
}
// If processing didn't end at any point - that means no valid webhook processing was found
throw new Exception(__('No valid webhook processor found', 'tinypass'), self::ERROR_WEBHOOK_NO_PROCESSOR_FOUND);
}
public function decode($msg)
{
return TPSecurityUtils::decrypt($this->privateKey, $msg);
}
/**
* Builds the encrypted user ref string.
*
* @param string $privateKey The private key to use when encrypting the user ref
*
* @return string
* @throws Exception
*/
public function build($privateKey)
{
$this->set(self::TIMESTAMP, time());
return TPSecurityUtils::encrypt($privateKey, json_encode($this->data));
}