Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace Leadin\auth;

[2] Fix | Delete

[3] Fix | Delete

/**

[4] Fix | Delete

* Encrypting/decrypting OAuth credentials

[5] Fix | Delete

* Adapted from https://felix-arntz.me/blog/storing-confidential-data-in-wordpress/

[6] Fix | Delete

[7] Fix | Delete

class OAuthCrypto {

[8] Fix | Delete

[9] Fix | Delete

/**

[10] Fix | Delete

* Return the key to use in encrypting/decrypting OAuth credentials

[11] Fix | Delete

[12] Fix | Delete

private static function get_key() {

[13] Fix | Delete

if ( defined( 'LOGGED_IN_KEY' ) ) {

[14] Fix | Delete

return LOGGED_IN_KEY;

[15] Fix | Delete

}

[16] Fix | Delete

[17] Fix | Delete

return '';

[18] Fix | Delete

}

[19] Fix | Delete

[20] Fix | Delete

/**

[21] Fix | Delete

* Return the salt to use in encrypting/decrypting OAuth credentials

[22] Fix | Delete

[23] Fix | Delete

private static function get_salt() {

[24] Fix | Delete

if ( defined( 'LOGGED_IN_SALT' ) ) {

[25] Fix | Delete

return LOGGED_IN_SALT;

[26] Fix | Delete

}

[27] Fix | Delete

[28] Fix | Delete

return '';

[29] Fix | Delete

}

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* Given a value, encrypt it if the openssl extension is loaded and we have a valid key/salt

[33] Fix | Delete

[34] Fix | Delete

* @param string $value Value to encrypt.

[35] Fix | Delete

[36] Fix | Delete

* @return string Encrypted value

[37] Fix | Delete

[38] Fix | Delete

public static function encrypt( $value ) {

[39] Fix | Delete

if ( ! extension_loaded( 'openssl' ) ||

[40] Fix | Delete

empty( self::get_key() ) ||

[41] Fix | Delete

empty( self::get_salt() ) ) {

[42] Fix | Delete

return $value;

[43] Fix | Delete

}

[44] Fix | Delete

[45] Fix | Delete

$method = 'aes-256-ctr';

[46] Fix | Delete

$init_vector_length = openssl_cipher_iv_length( $method );

[47] Fix | Delete

$init_vector = openssl_random_pseudo_bytes( $init_vector_length );

[48] Fix | Delete

[49] Fix | Delete

$raw_value = openssl_encrypt( $value . self::get_salt(), $method, self::get_key(), 0, $init_vector );

[50] Fix | Delete

if ( ! $raw_value ) {

[51] Fix | Delete

return false;

[52] Fix | Delete

}

[53] Fix | Delete

[54] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode

[55] Fix | Delete

return base64_encode( $init_vector . $raw_value );

[56] Fix | Delete

}

[57] Fix | Delete

[58] Fix | Delete

/**

[59] Fix | Delete

* Decrpyt a given value

[60] Fix | Delete

[61] Fix | Delete

* @param string $value the encrypted value to decrypt.

[62] Fix | Delete

[63] Fix | Delete

* @return string The decrypted value

[64] Fix | Delete

[65] Fix | Delete

public static function decrypt( $value ) {

[66] Fix | Delete

if ( ! extension_loaded( 'openssl' ) ||

[67] Fix | Delete

empty( self::get_key() ) ||

[68] Fix | Delete

empty( self::get_salt() ) ) {

[69] Fix | Delete

return $value;

[70] Fix | Delete

}

[71] Fix | Delete

[72] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode

[73] Fix | Delete

$raw_value = base64_decode( $value, true );

[74] Fix | Delete

[75] Fix | Delete

$method = 'aes-256-ctr';

[76] Fix | Delete

$init_vector_length = openssl_cipher_iv_length( $method );

[77] Fix | Delete

$init_vector = substr( $raw_value, 0, $init_vector_length );

[78] Fix | Delete

[79] Fix | Delete

$raw_value = substr( $raw_value, $init_vector_length );

[80] Fix | Delete

[81] Fix | Delete

$value = openssl_decrypt( $raw_value, $method, self::get_key(), 0, $init_vector );

[82] Fix | Delete

if ( ! $value || substr( $value, - strlen( self::get_salt() ) ) !== self::get_salt() ) {

[83] Fix | Delete

return false;

[84] Fix | Delete

}

[85] Fix | Delete

[86] Fix | Delete

return substr( $value, 0, - strlen( self::get_salt() ) );

[87] Fix | Delete

}

[88] Fix | Delete

}

[89] Fix | Delete

[90] Fix | Delete