Envelope.php
3.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
/**
* Class Envelope
*
* @package ContentControl\Vendor\TrustedLogin\Client
*
* @copyright 2021 Katz Web Services, Inc.
*
* @license GPL-2.0-or-later
* Modified by code-atlantic on 21-June-2024 using {@see https://github.com/BrianHenryIE/strauss}.
*/
namespace ContentControl\Vendor\TrustedLogin;
// Exit if accessed directly
if ( ! defined('ABSPATH') ) {
exit;
}
use \Exception;
use \WP_Error;
use \WP_User;
use \WP_Admin_Bar;
/**
* The TrustedLogin all-in-one drop-in class.
*/
final class Envelope {
/**
* @var Config $config
*/
private $config;
/**
* @var Encryption
*/
private $encryption;
/**
* @var string API key set in software.
*/
private $api_key;
/**
* Envelope constructor.
*
* @param Config $config
* @param Encryption $encryption
*/
public function __construct( Config $config, Encryption $encryption ) {
$this->config = $config;
$this->api_key = $this->config->get_setting( 'auth/api_key' );
$this->encryption = $encryption;
}
/**
* @param string $secret_id
* @param string $site_identifier_hash
* @param string $access_key
*
* @return array|WP_Error
*/
public function get( $secret_id, $site_identifier_hash, $access_key = '' ) {
if ( ! is_string( $secret_id ) ) {
return new \WP_Error( 'secret_not_string', 'The secret ID must be a string:' . print_r( $secret_id, true ) );
}
if ( ! is_string( $site_identifier_hash ) ) {
return new \WP_Error( 'site_identifier_not_string', 'The site identifier must be a string:' . print_r( $site_identifier_hash, true ) );
}
if ( ! is_string( $access_key ) ) {
return new \WP_Error( 'access_key_not_string', 'The access key must be a string: ' . print_r( $access_key, true ) );
}
if ( ! function_exists( 'sodium_bin2hex' ) ) {
return new \WP_Error( 'sodium_bin2hex_not_available', 'The sodium_bin2hex function is not available.' );
}
$e_keys = $this->encryption->generate_keys();
if ( is_wp_error( $e_keys ) ){
return $e_keys;
}
$nonce = $this->encryption->get_nonce();
if ( is_wp_error( $nonce ) ){
return $nonce;
}
$encrypted_identifier = $this->encryption->encrypt( $site_identifier_hash, $nonce, $e_keys->privateKey );
if ( is_wp_error( $encrypted_identifier ) ) {
return $encrypted_identifier;
}
/**
* Adds custom metadata to be synced via TrustedLogin
*
* WARNING: Metadata is transferred and stored in plain text, and **must not contain any sensitive or identifiable information**!
*
* @since 1.0.0
*
* @param array $metadata
* @param Config $config Current TrustedLogin configuration
*/
$metadata = apply_filters( 'trustedlogin/' . $this->config->ns() . '/envelope/meta', array(), $this->config );
return array(
'secretId' => $secret_id,
'identifier' => $encrypted_identifier,
'siteUrl' => get_site_url(),
'publicKey' => $this->api_key,
'accessKey' => $access_key,
'wpUserId' => get_current_user_id(),
'expiresAt' => $this->config->get_expiration_timestamp( null, true ),
'version' => Client::VERSION,
'nonce' => \sodium_bin2hex( $nonce ),
'clientPublicKey' => \sodium_bin2hex( $e_keys->publicKey ),
'metaData' => $metadata,
);
}
}