SweOptipricer - Version 0.1.6

Version Notes

Client provisioning improvements

Download this release

Release Info

Developer beubi
Extension SweOptipricer
Version 0.1.6
Comparing to
See all releases


Code changes from version 0.1.5 to 0.1.6

Files changed (3) hide show
  1. app/code/community/SWE/Optipricer/Helper/Securedata.php +85 -96
  2. app/code/community/SWE/Optipricer/etc/config.xml +4 -4
  3. package.xml +7 -7
app/code/community/SWE/Optipricer/Helper/Securedata.php CHANGED
@@ -89,7 +89,7 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
89
  */
90
  public static function getContent($content, $key = false, $publicKey = false)
91
  {
92
- if (is_array($content)) {
93
  return false;
94
  }
95
 
@@ -100,10 +100,18 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
100
  }
101
 
102
  $data = json_decode($data);
 
 
 
 
103
  $mode = isset($data->smode) ? $data->smode : self::SECURE_CIPHER;
104
  if ($mode == self::SECURE_CIPHER && !isset($data->iv)) {
105
  return false;
106
  }
 
 
 
 
107
  $obj = isset($data->content) ? $data->content : $data->cipher;
108
 
109
  switch($mode)
@@ -112,10 +120,12 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
112
  return self::decryptContent($key, $data);
113
  break;
114
  case self::SECURE_SIGN:
115
- if(self::verifySignature($publicKey, $data))
116
  return $obj;
117
- else
 
118
  return false;
 
119
  break;
120
  case self::SECURE_CIPHER_SIGN:
121
  return self::decryptVerifyContent($key, $publicKey, $data);
@@ -136,27 +146,30 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
136
  private static function encryptContent($key, $content)
137
  {
138
  $ivSize = mcrypt_get_iv_size(self::CIPHER_ALG, self::CIPHER_MODE);
139
- $iv = '';
140
- if($ivSize > 0)
141
- $iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
142
 
143
  // creates a cipher text compatible with AES (Rijndael block size = 128) to keep the text confidential
144
  // only suitable for encoded input that never ends with value 00h (because of default zero padding)
145
- $cipherText = mcrypt_encrypt(self::CIPHER_ALG, $key, $content, self::CIPHER_MODE, $iv);
 
 
 
 
 
 
 
 
146
 
147
  // prepend the IV for it to be available for decryption
148
  $cipherTextArray = array(
149
  'content' => base64_encode($cipherText),
150
  'iv' => base64_encode($iv),
 
151
  'alg' => self::CIPHER_ALG_MODE,
152
  'smode' => self::SECURE_CIPHER
153
  );
154
 
155
- $cipherTextArray = json_encode($cipherTextArray);
156
-
157
- // encode the resulting cipher text so it can be represented by a string
158
- // could be commented...
159
- $cipherTextArray = base64_encode($cipherTextArray);
160
 
161
  return $cipherTextArray;
162
  }
@@ -171,44 +184,41 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
171
  */
172
  private static function decryptContent($key, $data)
173
  {
 
 
 
174
  $cipherAlg = self::CIPHER_ALG;
175
  $cipherMode = self::CIPHER_MODE;
176
 
177
- if(isset($data->alg))
178
- {
 
 
179
  $cipherAlg = self::$cipherArray[$data->alg]['alg'];
180
  $cipherMode = self::$cipherArray[$data->alg]['mode'];
181
  }
182
  $cipher = isset($data->content) ? $data->content : $data->cipher;
 
183
 
184
- $content = mcrypt_decrypt($cipherAlg, $key, base64_decode(str_replace(' ', '+',$cipher)), $cipherMode, base64_decode(str_replace(' ', '+',$data->iv)));
185
 
186
- return $content;
187
- }
188
 
 
189
 
190
- /**
191
- * Method to sign content
192
- *
193
- * @param string $privateKey Private Key
194
- * @param string $content Content
195
- *
196
- * @return array|string
197
- */
198
- private static function signContent($privateKey, $content)
199
- {
200
- openssl_sign($content, $signature, $privateKey, self::SIGN_ALG);
201
- $obj = array(
202
- 'content' => $content,
203
- 'alg' => self::SIGN_ALG,
204
- 'smode' => self::SECURE_SIGN,
205
- 'sign' => base64_encode($signature)
206
- );
207
 
208
- $obj = json_encode($obj);
209
- //$obj = base64_encode($obj);
 
 
 
 
 
 
210
 
211
- return $obj;
212
  }
213
 
214
  /**
@@ -221,58 +231,25 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
221
  */
222
  private static function verifySignature($publicKey, $content)
223
  {
 
 
 
224
  $signAlg = isset($content->alg) ? $content->alg : self::SIGN_ALG;
225
 
226
  if (isset($content->content) && isset($content->sign)) {
227
  //int 1 if the signature is correct, 0 if it is incorrect, and -1 on error.
228
- $cnt = is_object($content->content) ? json_encode($content->content) : $content->content;
229
- $result = openssl_verify($cnt, base64_decode(str_replace(" ", "+",$content->sign)), $publicKey, $signAlg);
230
-
231
- return $result == 1;
 
 
 
232
  } else {
233
  return false;
234
  }
235
  }
236
 
237
- /**
238
- * Method to encrypt and sign content
239
- *
240
- * @param string $key Shared Key
241
- * @param string $privKey Private Key
242
- * @param string $content Content
243
- *
244
- * @return array|string
245
- */
246
- private static function encryptSignContent($key, $privKey, $content)
247
- {
248
- openssl_sign($content, $signature, $privKey, self::SIGN_ALG);
249
-
250
- $ivSize = mcrypt_get_iv_size(self::CIPHER_ALG, self::CIPHER_MODE);
251
-
252
- $iv = '';
253
- if($ivSize > 0)
254
- $iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
255
-
256
- // creates a cipher text compatible with AES (Rijndael block size = 128) to keep the text confidential
257
- // only suitable for encoded input that never ends with value 00h (because of default zero padding)
258
- $ciphertext = mcrypt_encrypt(self::CIPHER_ALG, $key, $content, self::CIPHER_MODE, $iv);
259
-
260
- $obj = array(
261
- 'content' => base64_encode($ciphertext),
262
- 'iv' => base64_encode($iv),
263
- 'alg' => self::CIPHER_ALG_MODE . '|' . self::SIGN_ALG,
264
- 'smode' => self::SECURE_CIPHER_SIGN,
265
- 'sign' => base64_encode($signature)
266
- );
267
-
268
- $obj = json_encode($obj);
269
-
270
- //is it really necessary?
271
- //$obj = base64_encode($obj);
272
-
273
- return $obj;
274
- }
275
-
276
  /**
277
  * Method to decrypt and verify content signature
278
  *
@@ -284,32 +261,44 @@ class SWE_Optipricer_Helper_Securedata extends Mage_Core_Helper_Abstract
284
  */
285
  private static function decryptVerifyContent($key, $pubKey, $content)
286
  {
 
 
 
 
 
 
287
  $cipherAlg = self::CIPHER_ALG;
288
  $cipherMode = self::CIPHER_MODE;
289
  $signAlg = self::SIGN_ALG;
290
 
291
- if(isset($content->alg))
292
- {
293
- $algs = explode("|", $content->alg);
 
 
294
  $cipherAlg = self::$cipherArray[$algs[0]]['alg'];
295
  $cipherMode = self::$cipherArray[$algs[0]]['mode'];
296
- $signAlg = $algs[1];
297
  }
298
 
299
  $cipher = isset($content->content) ? $content->content : $content->cipher;
300
- $data = mcrypt_decrypt(
301
- $cipherAlg,
302
- $key,
303
- base64_decode(str_replace(' ', '+',$cipher)),
304
- $cipherMode,
305
- base64_decode(str_replace(' ', '+',$content->iv))
306
- );
 
 
 
 
307
 
308
- return openssl_verify(
309
- $data,
310
- base64_decode(str_replace(' ', '+',$content->sign)),
311
- $pubKey,
312
- $signAlg) ? $data : false;
313
  }
314
 
315
  /**
89
  */
90
  public static function getContent($content, $key = false, $publicKey = false)
91
  {
92
+ if (is_array($content) || is_object($content)) {
93
  return false;
94
  }
95
 
100
  }
101
 
102
  $data = json_decode($data);
103
+ if (!$data) {
104
+ return false;
105
+ }
106
+
107
  $mode = isset($data->smode) ? $data->smode : self::SECURE_CIPHER;
108
  if ($mode == self::SECURE_CIPHER && !isset($data->iv)) {
109
  return false;
110
  }
111
+
112
+ if (!isset($data->content) && !isset($data->cipher)) {
113
+ return false;
114
+ }
115
  $obj = isset($data->content) ? $data->content : $data->cipher;
116
 
117
  switch($mode)
120
  return self::decryptContent($key, $data);
121
  break;
122
  case self::SECURE_SIGN:
123
+ if(self::verifySignature($publicKey, $data)) {
124
  return $obj;
125
+ }
126
+ else {
127
  return false;
128
+ }
129
  break;
130
  case self::SECURE_CIPHER_SIGN:
131
  return self::decryptVerifyContent($key, $publicKey, $data);
146
  private static function encryptContent($key, $content)
147
  {
148
  $ivSize = mcrypt_get_iv_size(self::CIPHER_ALG, self::CIPHER_MODE);
149
+ $iv = $ivSize > 0 ? mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM) : '';
 
 
150
 
151
  // creates a cipher text compatible with AES (Rijndael block size = 128) to keep the text confidential
152
  // only suitable for encoded input that never ends with value 00h (because of default zero padding)
153
+ try {
154
+ $cipherText = mcrypt_encrypt(self::CIPHER_ALG, $key, $content, self::CIPHER_MODE, $iv);
155
+ } catch(\Exception $e) {
156
+ return false;
157
+ }
158
+
159
+ $hashedKey = hash('sha256', $key);
160
+
161
+ $hmac = hash_hmac('sha256', base64_encode($cipherText) . base64_encode($iv), $hashedKey);
162
 
163
  // prepend the IV for it to be available for decryption
164
  $cipherTextArray = array(
165
  'content' => base64_encode($cipherText),
166
  'iv' => base64_encode($iv),
167
+ 'hmac' => $hmac,
168
  'alg' => self::CIPHER_ALG_MODE,
169
  'smode' => self::SECURE_CIPHER
170
  );
171
 
172
+ $cipherTextArray = base64_encode(json_encode($cipherTextArray));
 
 
 
 
173
 
174
  return $cipherTextArray;
175
  }
184
  */
185
  private static function decryptContent($key, $data)
186
  {
187
+ if (!is_object($data)) {
188
+ return false;
189
+ }
190
  $cipherAlg = self::CIPHER_ALG;
191
  $cipherMode = self::CIPHER_MODE;
192
 
193
+ if (isset($data->alg)) {
194
+ if (!array_key_exists($data->alg, self::$cipherArray)) {
195
+ return false;
196
+ }
197
  $cipherAlg = self::$cipherArray[$data->alg]['alg'];
198
  $cipherMode = self::$cipherArray[$data->alg]['mode'];
199
  }
200
  $cipher = isset($data->content) ? $data->content : $data->cipher;
201
+ $cipher = str_replace(' ', '+',$cipher);
202
 
203
+ $iv = str_replace(' ', '+',$data->iv);
204
 
205
+ if(!isset($data->hmac))
206
+ return false;
207
 
208
+ $hashedKey = hash('sha256', $key);
209
 
210
+ $newHmac = hash_hmac('sha256', $cipher . $iv, $hashedKey);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
211
 
212
+ if($newHmac !== $data->hmac)
213
+ return false;
214
+
215
+ try {
216
+ $content = mcrypt_decrypt($cipherAlg, $key, base64_decode($cipher), $cipherMode, base64_decode($iv));
217
+ } catch (\Exception $e) {
218
+ return false;
219
+ }
220
 
221
+ return $content;
222
  }
223
 
224
  /**
231
  */
232
  private static function verifySignature($publicKey, $content)
233
  {
234
+ if (!is_object($content)) {
235
+ return false;
236
+ }
237
  $signAlg = isset($content->alg) ? $content->alg : self::SIGN_ALG;
238
 
239
  if (isset($content->content) && isset($content->sign)) {
240
  //int 1 if the signature is correct, 0 if it is incorrect, and -1 on error.
241
+ $obj = is_object($content->content) ? json_encode($content->content) : $content->content;
242
+ try {
243
+ $result = openssl_verify($obj, base64_decode($content->sign), $publicKey, $signAlg);
244
+ return $result == 1;
245
+ } catch (\Exception $e) {
246
+ return false;
247
+ }
248
  } else {
249
  return false;
250
  }
251
  }
252
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
253
  /**
254
  * Method to decrypt and verify content signature
255
  *
261
  */
262
  private static function decryptVerifyContent($key, $pubKey, $content)
263
  {
264
+ if (!is_object($content) || !isset($content->sign) || !isset($content->iv)) {
265
+ return false;
266
+ }
267
+ if (!isset($content->content) && !isset($content->cipher)) {
268
+ return false;
269
+ }
270
  $cipherAlg = self::CIPHER_ALG;
271
  $cipherMode = self::CIPHER_MODE;
272
  $signAlg = self::SIGN_ALG;
273
 
274
+ if (isset($content->alg)) {
275
+ $algs = explode("|", $content->alg);
276
+ if (count($algs) != 2 || !array_key_exists($algs[0], self::$cipherArray)) {
277
+ return false;
278
+ }
279
  $cipherAlg = self::$cipherArray[$algs[0]]['alg'];
280
  $cipherMode = self::$cipherArray[$algs[0]]['mode'];
281
+ $signAlg = (int) $algs[1];
282
  }
283
 
284
  $cipher = isset($content->content) ? $content->content : $content->cipher;
285
+ try {
286
+ $data = trim(mcrypt_decrypt(
287
+ $cipherAlg,
288
+ $key,
289
+ base64_decode($cipher, true),
290
+ $cipherMode,
291
+ base64_decode($content->iv, true)
292
+ ));
293
+ } catch (\Exception $e) {
294
+ return false;
295
+ }
296
 
297
+ try {
298
+ return openssl_verify($data, base64_decode($content->sign, true), $pubKey, $signAlg) ? $data : false;
299
+ } catch (\Exception $e) {
300
+ return false;
301
+ }
302
  }
303
 
304
  /**
app/code/community/SWE/Optipricer/etc/config.xml CHANGED
@@ -76,11 +76,11 @@
76
  <default>
77
  <swe>
78
  <swe_group_activation>
79
- <swe_name></swe_name>
80
- <swe_email></swe_email>
81
  <swe_message></swe_message>
82
- <swe_token></swe_token>
83
- <swe_key></swe_key>
84
  <swe_enable>1</swe_enable>
85
  <swe_endpoint>http://www.optipricer.com/api/</swe_endpoint>
86
  </swe_group_activation>
76
  <default>
77
  <swe>
78
  <swe_group_activation>
79
+ <swe_name>John</swe_name>
80
+ <swe_email>John@beubi.com</swe_email>
81
  <swe_message></swe_message>
82
+ <swe_token>nest54e1c061823aa</swe_token>
83
+ <swe_key>c4fdfe7fd8430329ca83c214bc6a93d5</swe_key>
84
  <swe_enable>1</swe_enable>
85
  <swe_endpoint>http://www.optipricer.com/api/</swe_endpoint>
86
  </swe_group_activation>
package.xml CHANGED
@@ -1,7 +1,7 @@
1
  <?xml version="1.0"?>
2
  <package>
3
  <name>SweOptipricer</name>
4
- <version>0.1.5</version>
5
  <stability>stable</stability>
6
  <license uri="http://opensource.org/licenses/LGPL-3.0">GNU Lesser General Public License (LGPL)</license>
7
  <channel>community</channel>
@@ -10,11 +10,11 @@
10
  <description>The extension provides a widget that uses the Optipricer API to create promotions for your products.&#xD;
11
  Customers will receive a discount after a successful product share on Facebook.&#xD;
12
  For more information www.optipricer.com</description>
13
- <notes>Testing candidate</notes>
14
- <authors><author><name>Rui Mendes</name><user>ruidamendes</user><email>rui.mendes@beubi.com</email></author><author><name>Ant&#xF3;nio Ferreira</name><user>beubi</user><email>swe@beubi.com</email></author></authors>
15
- <date>2015-05-06</date>
16
- <time>11:13:46</time>
17
- <contents><target name="magecommunity"><dir name="SWE"><dir name="Optipricer"><dir name="Block"><file name="Button.php" hash="2649751a4b02bc385560c43fda74a4c9"/><file name="Discount.php" hash="8d92df6ac6c967d4dd7abfe08bd95e17"/></dir><dir name="Helper"><file name="Data.php" hash="e7902afbd2304409bba65f8b62c790ba"/><file name="Securedata.php" hash="5bd25fdffe296583721f4b3addf22ecb"/><file name="swe_public_key.pem" hash="b5753918fdbd93ca45f1daa0a7deef93"/></dir><dir name="Model"><file name="Config.php" hash="0a2d0119793670f963e585ce9ed3dbd6"/><file name="Observer.php" hash="27b63db80c30adc0299f0d78bb7c2f34"/></dir><dir name="controllers"><dir name="Adminhtml"><file name="SweoptipricerController.php" hash="6751a86d6e4e098ef86bc71551395187"/></dir></dir><dir name="etc"><file name="config.xml" hash="2f8e793bcf94a0a588e193f77bf58de0"/><file name="system.xml" hash="97070a10606ce146ceb367538a8f558f"/><file name="widget.xml" hash="ed2339511b5f926dca59a9dc27a3d623"/></dir></dir></dir></target><target name="magedesign"><dir name="frontend"><dir name="base"><dir name="default"><dir name="template"><dir name="swe"><dir name="optipricer"><file name="widget.phtml" hash="2cb14a351ce2ec686afe228c326caf9e"/></dir></dir></dir></dir></dir></dir><dir name="adminhtml"><dir name="default"><dir name="default"><dir name="template"><dir name="swe"><dir name="optipricer"><dir name="system"><dir name="config"><file name="button.phtml" hash="24a7d6503d556b5a068b03fd21b2aba5"/></dir></dir></dir></dir></dir></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="SWE_Optipricer.xml" hash="fef9106f9ed27d9e69a1abcc22f2063e"/></dir></target><target name="magelocale"><dir name="en_US"><file name="SWE_Optipricer.csv" hash="2c27e6a50f20ae1318274d6fa8b17bfd"/></dir><dir name="pt_PT"><file name="SWE_Optipricer.csv" hash="7ac9dd9cf8e434d982a003789a0cd826"/></dir></target><target name="mage"><dir name="js"><dir name="swe"><file name="optialert.min.js" hash="d819c38f0c3c8ef8a084154da96667eb"/><file name="optipricer.min.js" hash="f0afbbfee631596ac7d6e4b243354113"/><file name="optispin.min.js" hash="f2b0a61b3a739d03e88401e2a1163588"/></dir></dir></target></contents>
18
  <compatible/>
19
- <dependencies><required><php><min>5.3.10</min><max>6.0.0</max></php></required></dependencies>
20
  </package>
1
  <?xml version="1.0"?>
2
  <package>
3
  <name>SweOptipricer</name>
4
+ <version>0.1.6</version>
5
  <stability>stable</stability>
6
  <license uri="http://opensource.org/licenses/LGPL-3.0">GNU Lesser General Public License (LGPL)</license>
7
  <channel>community</channel>
10
  <description>The extension provides a widget that uses the Optipricer API to create promotions for your products.&#xD;
11
  Customers will receive a discount after a successful product share on Facebook.&#xD;
12
  For more information www.optipricer.com</description>
13
+ <notes>Client provisioning improvements</notes>
14
+ <authors><author><name>beubi</name><user>beubi</user><email>swe@beubi.com</email></author></authors>
15
+ <date>2015-06-09</date>
16
+ <time>13:24:04</time>
17
+ <contents><target name="magecommunity"><dir name="SWE"><dir name="Optipricer"><dir name="Block"><file name="Button.php" hash="2649751a4b02bc385560c43fda74a4c9"/><file name="Discount.php" hash="8d92df6ac6c967d4dd7abfe08bd95e17"/></dir><dir name="Helper"><file name="Data.php" hash="e7902afbd2304409bba65f8b62c790ba"/><file name="Securedata.php" hash="57601f5a8cbf1b279eb4182e443b905b"/><file name="swe_public_key.pem" hash="b5753918fdbd93ca45f1daa0a7deef93"/></dir><dir name="Model"><file name="Config.php" hash="0a2d0119793670f963e585ce9ed3dbd6"/><file name="Observer.php" hash="27b63db80c30adc0299f0d78bb7c2f34"/></dir><dir name="controllers"><dir name="Adminhtml"><file name="SweoptipricerController.php" hash="6751a86d6e4e098ef86bc71551395187"/></dir></dir><dir name="etc"><file name="config.xml" hash="6f488c897f11c910f6f6dd817e09c6a8"/><file name="system.xml" hash="97070a10606ce146ceb367538a8f558f"/><file name="widget.xml" hash="ed2339511b5f926dca59a9dc27a3d623"/></dir></dir></dir></target><target name="magedesign"><dir name="frontend"><dir name="base"><dir name="default"><dir name="template"><dir name="swe"><dir name="optipricer"><file name="widget.phtml" hash="2cb14a351ce2ec686afe228c326caf9e"/></dir></dir></dir></dir></dir></dir><dir name="adminhtml"><dir name="default"><dir name="default"><dir name="template"><dir name="swe"><dir name="optipricer"><dir name="system"><dir name="config"><file name="button.phtml" hash="24a7d6503d556b5a068b03fd21b2aba5"/></dir></dir></dir></dir></dir></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="SWE_Optipricer.xml" hash="fef9106f9ed27d9e69a1abcc22f2063e"/></dir></target><target name="magelocale"><dir name="en_US"><file name="SWE_Optipricer.csv" hash="2c27e6a50f20ae1318274d6fa8b17bfd"/></dir><dir name="pt_PT"><file name="SWE_Optipricer.csv" hash="7ac9dd9cf8e434d982a003789a0cd826"/></dir></target><target name="mage"><dir name="js"><dir name="swe"><file name="optialert.min.js" hash="d819c38f0c3c8ef8a084154da96667eb"/><file name="optipricer.min.js" hash="f0afbbfee631596ac7d6e4b243354113"/><file name="optispin.min.js" hash="f2b0a61b3a739d03e88401e2a1163588"/></dir></dir></target></contents>
18
  <compatible/>
19
+ <dependencies><required><php><min>5.3.10</min><max>6.1.0</max></php></required></dependencies>
20
  </package>