Making WordPress.org


Ignore:
Timestamp:
11/10/2017 02:17:56 AM (7 years ago)
Author:
iandunn
Message:

WordCamp Payments: Apply coding standards to encryption.php.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/encryption.php

    r2272 r6107  
    11<?php
     2
    23/**
    34 * WordCamp Payments Encryption
    45 *
    56 * Usage:
    6  *
    7  * WCP_Encryption::encrypt() to encrypt a string
    8  * WCP_Encryption::decrypt() to decrypt a string
    9  * WCP_Encription::maybe_decrypt() to decrypt a string that may or may not be encrypted.
     7 *      WCP_Encryption::encrypt() to encrypt a string
     8 *      WCP_Encryption::decrypt() to decrypt a string
     9 *      WCP_Encription::maybe_decrypt() to decrypt a string that may or may not be encrypted.
    1010 */
    1111class WCP_Encryption {
    12     public static $key = null;
     12    public static $key      = null;
    1313    public static $hmac_key = null;
    1414
     
    1818    public static function init() {
    1919        if ( is_null( self::$key ) ) {
    20             self::$key = '';
     20            self::$key      = '';
    2121            self::$hmac_key = '';
    2222
    23             if ( defined( 'WORDCAMP_PAYMENTS_ENCRYPTION_KEY' ) && WORDCAMP_PAYMENTS_ENCRYPTION_KEY )
     23            if ( defined( 'WORDCAMP_PAYMENTS_ENCRYPTION_KEY' ) && WORDCAMP_PAYMENTS_ENCRYPTION_KEY ) {
    2424                self::$key = WORDCAMP_PAYMENTS_ENCRYPTION_KEY;
     25            }
    2526
    26             if ( defined( 'WORDCAMP_PAYMENTS_HMAC_KEY' ) && WORDCAMP_PAYMENTS_HMAC_KEY )
     27            if ( defined( 'WORDCAMP_PAYMENTS_HMAC_KEY' ) && WORDCAMP_PAYMENTS_HMAC_KEY ) {
    2728                self::$hmac_key = WORDCAMP_PAYMENTS_HMAC_KEY;
     29            }
    2830        }
    2931
     
    3537     *
    3638     * @param string $raw_data The string to encrypt.
     39     *
    3740     * @return string|object Encrypted string (encrypted:data:key:iv:hmac) or WP_Error.
    3841     */
    3942    public static function encrypt( $raw_data ) {
    40         if ( ! is_string( $raw_data ) )
     43        if ( ! is_string( $raw_data ) ) {
    4144            return new WP_Error( 'encryption-error', 'Only strings can be encrypted.' );
     45        }
    4246
    43         if ( ! self::init() )
     47        if ( ! self::init() ) {
    4448            return new WP_Error( 'encryption-error', 'Could not init encryption keys.' );
     49        }
    4550
    4651        $iv = openssl_random_pseudo_bytes( 16, $is_iv_strong );
    4752
    48         if ( ! $is_iv_strong )
     53        if ( ! $is_iv_strong ) {
    4954            return new WP_Error( 'encryption-error', 'Could not obtain a strong iv.' );
     55        }
    5056
    51         $data = array();
     57        $data         = array();
    5258        $data['data'] = openssl_encrypt( $raw_data, 'aes-256-ctr', self::$key, true, $iv );
    5359        $data['hmac'] = hash_hmac( 'sha256', $data['data'], self::$hmac_key, true );
    54         $data['iv'] = $iv;
     60        $data['iv']   = $iv;
    5561
    56         if ( ! $data['data'] || ! $data['iv'] || ! $data['hmac'] )
     62        if ( ! $data['data'] || ! $data['iv'] || ! $data['hmac'] ) {
    5763            return new WP_Error( 'encryption-error', 'Could not encrypt the data.' );
     64        }
    5865
    5966        $data = array_map( 'base64_encode', $data );
     67
    6068        return sprintf( 'encrypted:%s:%s:%s', $data['data'], $data['iv'], $data['hmac'] );
    6169    }
     
    6573     *
    6674     * @param string $data The data to decrypt.
     75     *
    6776     * @return string|object The decrypted data or WP_Error.
    6877     */
    6978    public static function decrypt( $data ) {
    70         if ( ! is_string( $data ) )
     79        if ( ! is_string( $data ) ) {
    7180            return new WP_Error( 'encryption-error', 'Only strings can be decrypted.' );
     81        }
    7282
    73         if ( ! self::init() )
     83        if ( ! self::init() ) {
    7484            return new WP_Error( 'encryption-error', 'Could not init encryption keys.' );
     85        }
    7586
    7687        $data = explode( ':', $data );
     
    7990
    8091        // Verify hmac.
    81         if ( ! hash_equals( hash_hmac( 'sha256', $data, self::$hmac_key, true ), $hmac ) )
     92        if ( ! hash_equals( hash_hmac( 'sha256', $data, self::$hmac_key, true ), $hmac ) ) {
    8293            return new WP_Error( 'encryption-error', 'HMAC mismatch.' );
     94        }
    8395
    8496        $data = openssl_decrypt( $data, 'aes-256-ctr', self::$key, true, $iv );
     97
    8598        return $data;
    8699    }
     
    89102     * Look for encrypted:... and run self::decrypt() if found.
    90103     *
    91      * @param string $data Maybe some encrypted data.
     104     * @param string $data  Maybe some encrypted data.
    92105     * @param object $error Null or WP_Error on error (by reference).
     106     *
    93107     * @return mixed The decrypted data, an empty string on decryption error, or anything else that's passed and isn't a string.
    94108     */
    95109    public static function maybe_decrypt( $data, &$error = null ) {
    96         if ( ! is_string( $data ) )
     110        if ( ! is_string( $data ) ) {
    97111            return $data;
     112        }
    98113
    99         if ( strpos( $data, 'encrypted:' ) !== 0 )
     114        if ( strpos( $data, 'encrypted:' ) !== 0 ) {
    100115            return $data;
     116        }
    101117
    102118        $decrypted = self::decrypt( $data );
    103119        if ( is_wp_error( $decrypted ) ) {
    104120            $error = $decrypted;
     121
    105122            return '';
    106123        }
Note: See TracChangeset for help on using the changeset viewer.