lxbfYeaa/PayPal-PHP-SDK
Archived
Template
1
0
Fork 0
forked from LiveCarta/PayPal-PHP-SDK
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Encryption to Caching

Browse Source 
- Access Token is encrypted with Secret Key, and stored in file
- Code to auto-update existing cache files to use encrypted token
- Tests fixes accordingly
This commit is contained in:
japatel
2015-01-26 13:38:17 -06:00
parent d84ddf85c9
commit 830cb16f0f
6 changed files with 128 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
lib/PayPal/Auth/OAuthTokenCredential.php
View File

@@ -11,6 +11,7 @@ use PayPal\Exception\PayPalConfigurationException;
use PayPal\Exception\PayPalConnectionException;
use PayPal\Handler\IPayPalHandler;
use PayPal\Rest\ApiContext;
use PayPal\Security\Cipher;
/**
* Class OAuthTokenCredential
@@ -74,6 +75,13 @@ class OAuthTokenCredential extends PayPalResourceModel
*/
private $tokenCreateTime;
/**
* Instance of cipher used to encrypt/decrypt data while storing in cache.
*
* @var Cipher
*/
private $cipher;
/**
* Construct
*
@@ -84,6 +92,7 @@ class OAuthTokenCredential extends PayPalResourceModel
{
$this->clientId = $clientId;
$this->clientSecret = $clientSecret;
$this->cipher = new Cipher($this->clientSecret);
$this->logger = PayPalLoggingManager::getInstance(__CLASS__);
}
@@ -120,9 +129,20 @@ class OAuthTokenCredential extends PayPalResourceModel
$token = AuthorizationCache::pull($config, $this->clientId);
if ($token) {
// We found it
$this->accessToken = $token['accessToken'];
// This code block is for backward compatibility only.
if (array_key_exists('accessToken', $token)) {
$this->accessToken = $token['accessToken'];
}
$this->tokenCreateTime = $token['tokenCreateTime'];
$this->tokenExpiresIn = $token['tokenExpiresIn'];
// Case where we have an old unencrypted cache file
if (!array_key_exists('accessTokenEncrypted', $token)) {
AuthorizationCache::push($config, $this->clientId, $this->encrypt($this->accessToken), $this->tokenCreateTime, $this->tokenExpiresIn);
} else {
$this->accessToken = $this->decrypt($token['accessTokenEncrypted']);
}
}
// Check if Access Token is not null and has not expired.
@@ -137,11 +157,12 @@ class OAuthTokenCredential extends PayPalResourceModel
$this->accessToken = null;
}
// If accessToken is Null, obtain a new token
if ($this->accessToken == null) {
// Get a new one by making calls to API
$this->updateAccessToken($config);
AuthorizationCache::push($config, $this->clientId, $this->accessToken, $this->tokenCreateTime, $this->tokenExpiresIn);
AuthorizationCache::push($config, $this->clientId, $this->encrypt($this->accessToken), $this->tokenCreateTime, $this->tokenExpiresIn);
}
return $this->accessToken;
@@ -231,6 +252,7 @@ class OAuthTokenCredential extends PayPalResourceModel
*
* @param array $config
* @return null
* @throws PayPalConnectionException
*/
private function generateAccessToken($config, $refreshToken = null)
{
@@ -259,4 +281,26 @@ class OAuthTokenCredential extends PayPalResourceModel
return $this->accessToken;
}
/**
* Helper method to encrypt data using clientSecret as key
*
* @param $data
* @return string
*/
public function encrypt($data)
{
return $this->cipher->encrypt($data);
}
/**
* Helper method to decrypt data using clientSecret as key
*
* @param $data
* @return string
*/
public function decrypt($data)
{
return $this->cipher->decrypt($data);
}
}

9
lib/PayPal/Cache/AuthorizationCache.php
View File

@@ -49,6 +49,7 @@ abstract class AuthorizationCache
* @param $accessToken
* @param $tokenCreateTime
* @param $tokenExpiresIn
* @throws \Exception
*/
public static function push($config = null, $clientId, $accessToken, $tokenCreateTime, $tokenExpiresIn)
{
@@ -58,7 +59,7 @@ abstract class AuthorizationCache
$cachePath = self::cachePath($config);
if (!is_dir(dirname($cachePath))) {
if (mkdir(dirname($cachePath), 0755, true) == false) {
return;
throw new \Exception("Failed to create directory at $cachePath");
}
}
@@ -68,12 +69,14 @@ abstract class AuthorizationCache
if (is_array($tokens)) {
$tokens[$clientId] = array(
'clientId' => $clientId,
'accessToken' => $accessToken,
'accessTokenEncrypted' => $accessToken,
'tokenCreateTime' => $tokenCreateTime,
'tokenExpiresIn' => $tokenExpiresIn
);
}
file_put_contents($cachePath, json_encode($tokens));
if(!file_put_contents($cachePath, json_encode($tokens))) {
throw new \Exception("Failed to write cache");
};
}
/**

57
lib/PayPal/Security/Cipher.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
namespace PayPal\Security;
/**
* Class Cipher
*
* Helper class to encrypt/decrypt data with secret key
*
* @package PayPal\Security
*/
class Cipher
{
private $secretKey;
/**
* Fixed IV Size
*/
const IV_SIZE = 16;
function __construct($secretKey)
{
$this->$secretKey = $secretKey;
}
/**
* Encrypts the input text using the cipher key
*
* @param $input
* @return string
*/
function encrypt($input)
{
// Create a random IV. Not using mcrypt to generate one, as to not have a dependency on it.
$iv = substr(uniqid("", true), 0, Cipher::IV_SIZE);
// Encrypt the data
$encrypted = openssl_encrypt($input, "AES-256-CBC", $this->secretKey, 0, $iv);
// Encode the data with IV as prefix
return base64_encode($iv . $encrypted);
}
/**
* Decrypts the input text from the cipher key
*
* @param $input
* @return string
*/
function decrypt($input)
{
// Decode the IV + data
$input = base64_decode($input);
// Remove the IV
$iv = substr($input, 0, Cipher::IV_SIZE);
// Return Decrypted Data
return openssl_decrypt(substr($input, Cipher::IV_SIZE), "AES-256-CBC", $this->secretKey, 0, $iv);
}
}