[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: WebhookSignature.php
<?php namespace FedaPay; /** * Class WebhookSignature * * @property int $id * @property string $public_key * @property string $private_key * @property string $created_at * @property string $updated_at * * @package FedaPay */ abstract class WebhookSignature { const EXPECTED_SCHEME = 's'; /** * Verifies the signature header sent by FedaPay. Throws a * SignatureVerification exception if the verification fails for any * reason. * * @param string $payload the payload sent by FedaPay. * @param string $header the contents of the signature header sent by * FedaPay. * @param string $secret secret used to generate the signature. * @param int $tolerance maximum difference allowed between the header's * timestamp and the current time * @throws \FedaPay\Error\SignatureVerification if the verification fails. * @return bool */ public static function verifyHeader($payload, $header, $secret, $tolerance = null) { // Extract timestamp and signatures from header $timestamp = self::getTimestamp($header); $signatures = self::getSignatures($header, self::EXPECTED_SCHEME); if ($timestamp == -1) { throw new Error\SignatureVerification( "Unable to extract timestamp and signatures from header", $header, $payload ); } if (empty($signatures)) { throw new Error\SignatureVerification( "No signatures found with expected scheme", $header, $payload ); } // Check if expected signature is found in list of signatures from // header $signedPayload = "$timestamp.$payload"; $expectedSignature = self::computeSignature($signedPayload, $secret); $signatureFound = false; foreach ($signatures as $signature) { if (Util\Util::secureCompare($expectedSignature, $signature)) { $signatureFound = true; break; } } if (!$signatureFound) { throw new Error\SignatureVerification( "No signatures found matching the expected signature for payload", $header, $payload ); } // Check if timestamp is within tolerance if (($tolerance > 0) && (abs(time() - $timestamp) > $tolerance)) { throw new Error\SignatureVerification( "Timestamp outside the tolerance zone", $header, $payload ); } return true; } /** * Extracts the timestamp in a signature header. * * @param string $header the signature header * @return int the timestamp contained in the header, or -1 if no valid * timestamp is found */ private static function getTimestamp($header) { $items = explode(",", $header); foreach ($items as $item) { $itemParts = explode('=', $item, 2); if ($itemParts[0] == 't') { if (!is_numeric($itemParts[1])) { return -1; } return intval($itemParts[1]); } } return -1; } /** * Extracts the signatures matching a given scheme in a signature header. * * @param string $header the signature header * @param string $scheme the signature scheme to look for. * @return array the list of signatures matching the provided scheme. */ private static function getSignatures($header, $scheme) { $signatures = []; $items = explode(",", $header); foreach ($items as $item) { $itemParts = explode("=", $item, 2); if ($itemParts[0] == $scheme) { array_push($signatures, $itemParts[1]); } } return $signatures; } /** * Computes the signature for a given payload and secret. * * The current scheme used by FedaPay ("v1") is HMAC/SHA-256. * * @param string $payload the payload to sign. * @param string $secret the secret used to generate the signature. * @return string the signature as a string. */ private static function computeSignature($payload, $secret) { return hash_hmac('sha256', $payload, $secret); } }
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server1.winmanyltd.com
Server IP: 203.161.60.52
PHP Version: 8.3.27
Server Software: Apache
System: Linux server1.winmanyltd.com 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
HDD Total: 117.98 GB
HDD Free: 59.62 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
Yes
pkexec:
Yes
git:
Yes
User Info
Username: eliosofonline
User ID (UID): 1002
Group ID (GID): 1003
Script Owner UID: 1002
Current Dir Owner: 1002