File: /home/mmickelson/spilicensing/app/Token.php
<?php
/**
* Created by PhpStorm.
* User: mmickelson
* Date: 3/31/16
* Time: 3:18 PM
*/
namespace App;
class Token
{
const SALT = "ÃÈkAHC'²eá«Ê�uSo";
const PASS = 'silicon';
public $licenseKey;
public $systemId;
public $expiration;
public $product;
public $subproduct;
public $licenseType;
function __construct($encryptedToken = null) {
if( $encryptedToken && strpos($encryptedToken, Token::SALT) == 0 ) {
// it's a token and needs to be decrypted first
$substr = explode(":", $encryptedToken);
$message = $this->decrypt($substr[1], Token::PASS, Token::SALT);
$chunks = explode("|", $message);
//translate input to full name vars
$keys = array(
'lic'=>'licenseKey',
'sys_id'=>'systemId',
'exp'=>'expiration',
'prod'=>'product',
'sub_prod'=>'subproduct',
'lic_type'=>'licenseType'
);
for($i=0; $i<sizeof($chunks); $i++){
$pair = explode("=", $chunks[$i]);
$this->$keys[$pair[0]] = $pair[1];
}
}
}
public function getToken() {
return $this->createEncryption();
}
protected function getTokenString() {
return "lic=".$this->licenseKey."|sys_id=".$this->systemId."|exp=".$this->expiration."|prod=".$this->product."|sub_prod=".$this->subproduct."|lic_type=".$this->licenseType;
}
protected function createEncryption() {
$encrypted = $this->encrypt($this->getTokenString(), Token::PASS, Token::SALT);
$msg_bundle = Token::SALT.":".$encrypted;
return $msg_bundle;
}
protected function encrypt($decrypted, $password, $salt) {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;
}
protected function decrypt($encrypted, $password, $salt) {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
}
}