* @throws \RuntimeException raised on missing mcrypt
* @throws \InvalidArgumentException raised on decrypting failed
* @param string $cipher encrypted message
* @return string decrypted message
*/
public function decrypt($cipher)
{
// test for tag on cipher and pass back provided cipher as is if tag is missing
if (substr($cipher, 0, 8) !== 'TXF!CIPH') {
log::warning('actually not decrypting since cipher is not properly encrypted');
return $cipher;
}
if (!is_callable('mcrypt_module_open')) {
throw new \RuntimeException('missing mcrypt');
}
// actually decrypt provided cipher
mcrypt_generic_init($this->cryptModule, $this->preparedKey(), $this->preparedIV());
$decrypted = mdecrypt_generic($this->cryptModule, substr($cipher, 8));
mcrypt_generic_deinit($this->cryptModule);
// check integrity of decrypted message
$cleartext = substr($decrypted, 20);
$hash = substr($decrypted, 0, 20);
if (sha1($cleartext, true) !== $hash) {
log::error('decryption failed');
throw new \InvalidArgumentException('decryption failed');
}
return $cleartext;
}
}
crypt::init();
/**
* Retrieves current singleton session manager.
*
* This method creates new session manager or restores one from available
* record in session space on demand.
*
* @return session
*/
public static final function current()
{
if (!self::$current instanceof self) {
self::getScopeParameter($domain, $path);
\session_set_cookie_params(0, path::addTrailingSlash($path), $domain);
// trigger import of class crypt so it may set required cookies
crypt::init();
// without existing link in current runtime check for snapshot
// stored in session
@session_start();
if ($_SESSION[self::stubName] instanceof self) {
// restore found snapshot
self::$current = $_SESSION[self::stubName];
} else {
// not in session -> start new session manager
self::$current = new static();
}
}
// (re-)retrieve current session manager instance
return self::$current;
}
