update
This commit is contained in:
@@ -0,0 +1,170 @@
|
||||
<?php
|
||||
/**
|
||||
* Class SB_YouTube_Data_Encryption
|
||||
*
|
||||
* @copyright 2021 Google LLC
|
||||
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
|
||||
* @link https://sitekit.withgoogle.com
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class responsible for encrypting and decrypting data.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
* @access private
|
||||
* @ignore
|
||||
*/
|
||||
|
||||
namespace SmashBalloon\YouTubeFeed;
|
||||
|
||||
class SB_YouTube_Data_Encryption {
|
||||
|
||||
/**
|
||||
* Key to use for encryption.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
* @var string
|
||||
*/
|
||||
private $key;
|
||||
|
||||
/**
|
||||
* Salt to use for encryption.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
* @var string
|
||||
*/
|
||||
private $salt;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
*/
|
||||
public function __construct( $remote = array() ) {
|
||||
if ( ! empty( $remote ) ) {
|
||||
$this->key = $remote['key'];
|
||||
$this->salt = $remote['salt'];
|
||||
} else {
|
||||
$this->key = $this->get_default_key();
|
||||
$this->salt = $this->get_default_salt();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a value.
|
||||
*
|
||||
* If a user-based key is set, that key is used. Otherwise the default key is used.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
*
|
||||
* @param string $value Value to encrypt.
|
||||
* @return string|bool Encrypted value, or false on failure.
|
||||
*/
|
||||
public function encrypt( $value ) {
|
||||
if ( ! sby_doing_openssl() ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$method = 'aes-256-ctr';
|
||||
$ivlen = openssl_cipher_iv_length( $method );
|
||||
$iv = openssl_random_pseudo_bytes( $ivlen );
|
||||
|
||||
$raw_value = openssl_encrypt( $value . $this->salt, $method, $this->key, 0, $iv );
|
||||
if ( ! $raw_value ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return base64_encode( $iv . $raw_value );
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypts a value.
|
||||
*
|
||||
* If a user-based key is set, that key is used. Otherwise the default key is used.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
*
|
||||
* @param string $raw_value Value to decrypt.
|
||||
* @return string|bool Decrypted value, or false on failure.
|
||||
*/
|
||||
public function decrypt( $raw_value ) {
|
||||
if ( ! sby_doing_openssl() ) {
|
||||
return $raw_value;
|
||||
}
|
||||
|
||||
$raw_value = base64_decode( $raw_value, true );
|
||||
|
||||
$method = 'aes-256-ctr';
|
||||
$ivlen = openssl_cipher_iv_length( $method );
|
||||
$iv = substr( $raw_value, 0, $ivlen );
|
||||
|
||||
$raw_value = substr( $raw_value, $ivlen );
|
||||
|
||||
$value = openssl_decrypt( $raw_value, $method, $this->key, 0, $iv );
|
||||
if ( ! $value || substr( $value, - strlen( $this->salt ) ) !== $this->salt ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return substr( $value, 0, - strlen( $this->salt ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a value that may already be encrypted.
|
||||
*
|
||||
* If a user-based key is set, that key is used. Otherwise the default key is used.
|
||||
*
|
||||
* @since 2.0
|
||||
*
|
||||
* @param string $raw_value Value to encrypt.
|
||||
* @return string|bool encrypted value, or false on failure.
|
||||
*/
|
||||
public function maybe_encrypt( $raw_value ) {
|
||||
$maybe_decrypted = $this->decrypt( $raw_value );
|
||||
|
||||
if ( $maybe_decrypted ) {
|
||||
return $this->encrypt( $maybe_decrypted );
|
||||
}
|
||||
|
||||
return $this->encrypt( $raw_value );
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the default encryption key to use.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
*
|
||||
* @return string Default (not user-based) encryption key.
|
||||
*/
|
||||
private function get_default_key() {
|
||||
if ( defined( 'SBI_ENCRYPTION_KEY' ) && '' !== SBI_ENCRYPTION_KEY ) {
|
||||
return SBI_ENCRYPTION_KEY;
|
||||
}
|
||||
|
||||
if ( defined( 'LOGGED_IN_KEY' ) && '' !== LOGGED_IN_KEY ) {
|
||||
return LOGGED_IN_KEY;
|
||||
}
|
||||
|
||||
// If this is reached, you're either not on a live site or have a serious security issue.
|
||||
return 'das-ist-kein-geheimer-schluessel';
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the default encryption salt to use.
|
||||
*
|
||||
* @since 2.9.4/5.12.4
|
||||
*
|
||||
* @return string Encryption salt.
|
||||
*/
|
||||
private function get_default_salt() {
|
||||
if ( defined( 'SBI_ENCRYPTION_SALT' ) && '' !== SBI_ENCRYPTION_SALT ) {
|
||||
return SBI_ENCRYPTION_SALT;
|
||||
}
|
||||
|
||||
if ( defined( 'LOGGED_IN_SALT' ) && '' !== LOGGED_IN_SALT ) {
|
||||
return LOGGED_IN_SALT;
|
||||
}
|
||||
|
||||
// If this is reached, you're either not on a live site or have a serious security issue.
|
||||
return 'das-ist-kein-geheimes-salz';
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user