PageRenderTime 48ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/httpdocs/catalog/controller/payment/bankart_slovenia.SecureResource.php

https://gitlab.com/jo0054/bankart-opencart
PHP | 433 lines | 340 code | 55 blank | 38 comment | 55 complexity | 845c1e0e582bd030605de6b0d19a7cac MD5 | raw file
    

  1. <?php
    2. 

  2. /******************************************************************************
    3. 

  3. *
    4. 

  4. * File:         SecureResource.php
    5. 

  5. * Description:  Razred SecureResource je namenjen dekripciji podatkov iz
    6. 

  6. *               resource datoteke.
    7. 

  7. * Author:       Igor Rozman
    8. 

  8. * Created:      26.11.2008
    9. 

  9. * Modified:     01.12.2008
    10. 

  10. * Language:     PHP (v 5.2.6)
    11. 

  11. *               Extensions: ZIP
    12. 

  12. * Package:      paymentpipephp (testna koda ze testiranje spletnih transakcij)
    13. 

  13. *
    14. 

  14. * (c) Copyright 2008, Bankart d.o.o., all rights reserved.
    15. 

  15. *
    16. 

  16. ******************************************************************************/
    17. 

  17. 

  18. class SecureResource
    19. 

  19. {
    20. 

  20.     var $strResourcePath;
    21. 

  21.     var $strAlias;
    22. 

  22.     var $termID;
    23. 

  23.     var $password;
    24. 

  24.     var $passwordHash;
    25. 

  25.     var $port;
    26. 

  26.     var $context;
    27. 

  27.     var $webAddress;
    28. 

  28.     var $error;
    29. 

  29.     var $bDebugOn;
    30. 

  30.     var $debugMsg;
    31. 

  31.     var $bSecureResourceDecoded;
    32. 

  32.     // Kljuc za odkriptiranje podatkov za dostop do placilnega serverja.
    33. 

  33.     var $key = array (1416130419, 1696626536, 1864396914, 1868981619, 1931506799, 543580534, 1869967904,
    34. 

  34.         1718773093, 1685024032, 1634624544, 2036692000, 1684369522, 1701013857, 1952784481, 1734964321,
    35. 

  35.         1953066862, 543257189, 544040302, 544696431, 544694638, 1948283489, 1768824951, 1769236591,
    36. 

  36.         1970544756, 1752526436, 1701978209, 1852055660, 1768384628, 1852403303);
    37. 

  37.       
    38. 

  38.     function SecureResource()
    39. 

  39.     {
    40. 

  40.         $this->strResourcePath = "";
    41. 

  41.         $this->strAlias = "";
    42. 

  42.         $this->termID = "";
    43. 

  43.         $this->password = "";
    44. 

  44.         $this->passwordHash = "";
    45. 

  45.         $this->port = "";
    46. 

  46.         $this->context = "";
    47. 

  47.         $this->webAddress = "";
    48. 

  48.         $this->error = "";
    49. 

  49.         $this->bDebugOn = true;
    50. 

  50.     }
    51. 

  51. 

  52.     // Metoda prebere podatke iz resource datoteke.
    53. 

  53.     function getSecureSettings()
    54. 

  54.     {
    55. 

  55.         if ($this->strResourcePath == "")
    56. 

  56.         {
    57. 

  57.             $this->error = "No resource path specified.";
    58. 

  58.             return false;
    59. 

  59.         }
    60. 

  60.         $strData = "";
    61. 

  61.         if(!$this->createReadableZip())
    62. 

  62.             return false;
    63. 

  63.         $strData = $this->readZip($this->getAlias() . ".xml");
    64. 

  64.         $this->destroyUnSecureResource();
    65. 

  65.         if($strData == "")
    66. 

  66.             return false;
    67. 

  67.         return $this->parseSettings($strData);
    68. 

  68.     }
    69. 

  69. 

  70.     // Zbrise zacasno datoteko, ki je nastala pri dekripciji resource datoteke.
    71. 

  71.     function destroyUnSecureResource()
    72. 

  72.     {
    73. 

  73.         unlink($this->getResourcePath() . "resource.cgz");
    74. 

  74.         $this->bSecureResourceDecoded = false;
    75. 

  75.         if ($this->bDebugOn)
    76. 

  76.             $this->addDebugMessage("Decoded Resource Destroyed.");
    77. 

  77.     }
    78. 

  78. 

  79.     // Iz resource datoteke zgradi zacasno zip datoteko.
    80. 

  80.     function createReadableZip()
    81. 

  81.     {
    82. 

  82.         if($this->bSecureResourceDecoded)
    83. 

  83.             return true;
    84. 

  84. 

  85.         if ($this->bDebugOn)
    86. 

  86.             $this->addDebugMessage("Locating Secure Resource.");
    87. 

  87. 

  88.         // 1. binarno preberemo podatke
    89. 

  89.         $fileInName = $this->getResourcePath() . "resource.cgn";
    90. 

  90.         $zip = fopen($fileInName, 'rb');
    91. 

  91. 		if (!is_resource($zip))
    92. 

  92. 		{
    93. 

  93.             $this->error = "Unable to open resource file (" . $fileInName . ")!";
    94. 

  94. 			return false;
    95. 

  95. 		}	
    96. 

  96. 		// - byte po byte preberemo vsebino datoteke v niz $stringData
    97. 

  97.         $bin = fread($zip, 1);    // preberemo 1 stevilo
    98. 

  98.         $i = 0;
    99. 

  99. 		$stringData = '';
    100. 

  100.         while (!feof($zip))
    101. 

  101.         {
    102. 

  102.             $stringData = $stringData.$bin;
    103. 

  103.             $bin = fread($zip, 1);   // preberemo 1 stevilo
    104. 

  104.         }
    105. 

  105. 		$numberOfBytes = strlen($stringData); 
    106. 

  106. 		// - odpakiramo znake v cela stevila
    107. 

  107. 		$data = $this->odpakiraj($stringData);
    108. 

  108. 			
    109. 

  109. 		// 2. Naredimo XOR nad podatki
    110. 

  110.         $xorData = $this->simpleXOR($data);
    111. 

  111.             
    112. 

  112. 		// 3. binarno zapisemo podatke, byte po byte
    113. 

  113. 		$fileOutName = $this->getResourcePath() . "resource.cgz";
    114. 

  114.         $rzip = fopen($fileOutName, 'wb');
    115. 

  115. 		if (!is_resource($rzip))
    116. 

  116. 		{
    117. 

  117.             $this->error = "Unable to open temporaray resource file (" . $fileOutName . ")! Check permissions for writting files.";
    118. 

  118. 			return false;
    119. 

  119. 		}	
    120. 

  120. 		// - zapakiramo cela stevila v znake
    121. 

  121. 		$stringData = $this->zapakiraj($xorData);
    122. 

  122. 		for ($i = 0; $i < $numberOfBytes; $i++)
    123. 

  123.         {
    124. 

  124.             if (fwrite($rzip, $stringData[$i], 1) === FALSE)
    125. 

  125.                 echo "Cannot write to file ($filename)";
    126. 

  126.         }
    127. 

  127.         fclose($rzip);
    128. 

  128. 

  129.         $this->bSecureResourceDecoded = true;
    130. 

  130.         return true;
    131. 

  131.     }
    132. 

  132. 	
    133. 

  133. 	function odpakiraj($stringData)
    134. 

  134. 	{
    135. 

  135. 		// Dodamo prazne znake, da stevilo bayteov doseze veckratnik stevila 4, seveda ce to ze ni.
    136. 

  136. 		while (strlen($stringData) % 4 != 0)
    137. 

  137. 			$stringData .= ' ';
    138. 

  138. 

  139. 		// Po 4 znake skupaj odpakiramo v stevilo.	
    140. 

  140. 		for ($i = 0, $j = 0; $i < strlen($stringData); $i = $i + 4, $j++)
    141. 

  141. 		{
    142. 

  142. 			$y = unpack("Nx", substr($stringData, $i, 4)); // binarne podatke razpakiramo v tabelo; razporejeni so z "big endian order"
    143. 

  143. 			$data[$j] = $y["x"];
    144. 

  144.  		}
    145. 

  145. 		return $data;
    146. 

  146. 	}
    147. 

  147. 

  148. 	function zapakiraj($data)
    149. 

  149. 	{
    150. 

  150. 		$stringData = '';
    151. 

  151. 		// Po 4 znake skupaj zapakiramo v stevilo.	
    152. 

  152. 		for ($i = 0; $i < count($data); $i++)
    153. 

  153. 		{
    154. 

  154.             $bin = pack("N", $data[$i]); // iz tabele zapakiramo podatke nazaj v binarno obliko.
    155. 

  155. 			$stringData = $stringData.$bin;
    156. 

  156. 		}
    157. 

  157. 		return $stringData;
    158. 

  158. 	}
    159. 

  159. 	
    160. 

  160.     // Iz zacasne zip datoteke "izluscimo" vsebino datoteke v obliki enega niza.
    161. 

  161.     function readZip($entryFileName)
    162. 

  162.     {
    163. 

  163.         $strData = "";
    164. 

  164.         $data;
    165. 

  165.         if ($this->getResourcePath() == null || $this->getResourcePath() == "")
    166. 

  166.         {
    167. 

  167.             $this->error = "Error Accessing Secure Resource. Resource Path not set.";
    168. 

  168.             return null;
    169. 

  169.         }
    170. 

  170.         if ($entryFileName == null || $entryFileName == "")
    171. 

  171.         {
    172. 

  172.             $this->error = "Error Accessing Secure Resource. Terminal Alias not set.";
    173. 

  173.             return null;
    174. 

  174.         }
    175. 

  175.         if ($this->bDebugOn)
    176. 

  176.             $this->addDebugMessage("Accessing Decoded Secure Resource.");
    177. 

  177. 

  178.         $zipFile = zip_open($this->getResourcePath() . "resource.cgz");
    179. 

  179. 

  180.         if (is_resource($zipFile))
    181. 

  181.         {
    182. 

  182. 			$zip_entry_exist = false;
    183. 

  183.             while ($zipEntry = zip_read($zipFile))
    184. 

  184.             {
    185. 

  185.                 // V zip datoteki iscemo XML datoteko z imenom trgovcevega terminala.
    186. 

  186.                 if (zip_entry_name($zipEntry) === $entryFileName)
    187. 

  187.                 {
    188. 

  188. 					$zip_entry_exist = true;
    189. 

  189.                     if (zip_entry_open($zipFile, $zipEntry))
    190. 

  190.                     {
    191. 

  191.                         if ($this->bDebugOn)
    192. 

  192.                             $this->addDebugMessage("Resource Entry Retrieved.");
    193. 

  193.                         $readStream = zip_entry_read($zipEntry);
    194. 

  194.                     
    195. 

  195.                         // binarno preberemo podatke kot stevila
    196. 

  196.                         $data = unpack("N*", $readStream);
    197. 

  197.                         for ($i=1; $i<count($data)+1; $i++)
    198. 

  198.                         {
    199. 

  199.                             $data1[$i-1] = $data[$i];
    200. 

  200.                         }
    201. 

  201.                     
    202. 

  202.                         // naredimo XOR nad podatki
    203. 

  203.                         $xorData = $this->simpleXOR($data1);
    204. 

  204.                     
    205. 

  205.                         // celostevilske podatke zapisemo v binarni niz
    206. 

  206.                         $bin = null;
    207. 

  207.                         for ($i=0; $i<count($xorData); $i++)
    208. 

  208.                         {
    209. 

  209.                             $bin .= pack("N", $xorData[$i]);
    210. 

  210.                         }
    211. 

  211.                     
    212. 

  212.                         // podatke iz binarnega niza pretvorimo v niz znakov
    213. 

  213.                         $decoded = unpack("C*", $bin);
    214. 

  214.                         $xmlString = "";
    215. 

  215.                         for ($i=1; $i<count($decoded)+1; $i++)
    216. 

  216.                         {
    217. 

  217.                             $xmlString .=  chr($decoded[$i]);
    218. 

  218.                         }
    219. 

  219.                         //echo $xmlString . "<br>";
    220. 

  220.                     	
    221. 

  221. 						
    222. 

  222.                         // vrnem XML string
    223. 

  223.                         $strData = $xmlString;
    224. 

  224. 						
    225. 

  225. 

  226.                         if ($this->bDebugOn)
    227. 

  227.                             $this->addDebugMessage("Resource Entry Parsed.");
    228. 

  228.                     
    229. 

  229.                         zip_entry_close($zipEntry);
    230. 

  230.                     }
    231. 

  231.                 }   
    232. 

  232.             }
    233. 

  233.             zip_close($zipFile);
    234. 

  234.         }
    235. 

  235.         else
    236. 

  236.         {
    237. 

  237.             $this->error = "Failed to read ZIP " .  $this->getResourcePath() . "resource.cgz" . "\n";
    238. 

  238.             return null;
    239. 

  239.         }
    240. 

  240. 		if ($zip_entry_exist == false)
    241. 

  241. 		{
    242. 

  242.             $this->error = "The ZIP Entry " . $this->getAlias() . ".xml does not exist.";
    243. 

  243.             return null;
    244. 

  244. 		}
    245. 

  245.         return $strData;
    246. 

  246.     }
    247. 

  247. 

  248.     // Niz pridobljen iz zacasne zip datoteke razparsamo.
    249. 

  249.     function parseSettings($settings)
    250. 

  250.     {
    251. 

  251.         if ($this->bDebugOn)
    252. 

  252.             $this->addDebugMessage("Parsing Settings.");
    253. 

  253.         $begin = strpos($settings, "<id>") + strlen("<id>");
    254. 

  254.         $end = strpos($settings, "</id>");
    255. 

  255. 		if ($begin === false || $end === false)
    256. 

  256. 		{
    257. 

  257.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    258. 

  258.             return false;
    259. 

  259. 		}
    260. 

  260.         $this->setTermID(substr($settings, $begin, $end-$begin));
    261. 

  261.         
    262. 

  262. 		$begin = strpos($settings, "<password>") + strlen("<password>");
    263. 

  263.         $end = strpos($settings, "</password>");
    264. 

  264. 		if ($begin === false || $end === false)
    265. 

  265. 		{
    266. 

  266.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    267. 

  267.             return false;
    268. 

  268. 		}       
    269. 

  269. 		$this->setPassword(substr($settings, $begin, $end-$begin));
    270. 

  270.         
    271. 

  271. 		$begin = strpos($settings, "<passwordhash>") + strlen("<passwordhash>");
    272. 

  272.         $end = strpos($settings, "</passwordhash>");
    273. 

  273. 		if ($begin === false || $end === false)
    274. 

  274. 		{
    275. 

  275.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    276. 

  276.             return false;
    277. 

  277. 		}
    278. 

  278. 		$this->setPasswordHash(substr($settings, $begin, $end-$begin));
    279. 

  279.         
    280. 

  280. 		$begin = strpos($settings, "<webaddress>") + strlen("<webaddress>");
    281. 

  281.         $end = strpos($settings, "</webaddress>");
    282. 

  282. 		if ($begin === false || $end === false)
    283. 

  283. 		{
    284. 

  284.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    285. 

  285.             return false;
    286. 

  286. 		}
    287. 

  287. 		$this->setWebAddress(substr($settings, $begin, $end-$begin));
    288. 

  288.         
    289. 

  289. 		$begin = strpos($settings, "<port>") + strlen("<port>");
    290. 

  290.         $end = strpos($settings, "</port>");
    291. 

  291. 		if ($begin === false || $end === false)
    292. 

  292. 		{
    293. 

  293.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    294. 

  294.             return false;
    295. 

  295. 		}
    296. 

  296. 		$this->setPort(substr($settings, $begin, $end-$begin));
    297. 

  297.         
    298. 

  298. 		$begin = strpos($settings, "<context>") + strlen("<context>");
    299. 

  299.         $end = strpos($settings, "</context>");
    300. 

  300. 		if ($begin === false || $end === false)
    301. 

  301. 		{
    302. 

  302.             $this->error = "Error parsing internal settings file. Error:" + $e.getString();
    303. 

  303.             return false;
    304. 

  304. 		}
    305. 

  305. 		$this->setContext(substr($settings, $begin, $end-$begin));
    306. 

  306.         return true;
    307. 

  307.    }
    308. 

  308. 

  309.     // Nad binarnima podatkoma izvede xor funkcijo.
    310. 

  310.     function simpleXOR($byteInput)
    311. 

  311.     {
    312. 

  312.         if ($this->bDebugOn)
    313. 

  313.             $this->addDebugMessage("Decoding Buffer.");
    314. 

  314. 

  315.         $k = 0;
    316. 

  316.         for ($m = 0; $m < count($byteInput); $m++)
    317. 

  317.         {
    318. 

  318.             if ($k >= count($this->key))
    319. 

  319.                 $k = 0;
    320. 

  320.             $result[$m] = $byteInput[$m] ^ $this->key[$k];
    321. 

  321.             $k++;
    322. 

  322.         }
    323. 

  323.         return $result;
    324. 

  324.     }
    325. 

  325. 

  326.     function isDebugOn()
    327. 

  327.     {
    328. 

  328.         return $this->bDebugOn;
    329. 

  329.     }
    330. 

  330. 

  331.     function setDebugOn($val)
    332. 

  332.     {
    333. 

  333.         $this->bDebugOn = $val;
    334. 

  334.     }
    335. 

  335. 

  336.     function addDebugMessage($val)
    337. 

  337.     {
    338. 

  338.         if($this->bDebugOn)
    339. 

  339.             $this->debugMsg .= $val;
    340. 

  340.     }
    341. 

  341. 

  342.     function getDebugMsg()
    343. 

  343.     {
    344. 

  344.         return $this->debugMsg.toString();
    345. 

  345.     }
    346. 

  346. 

  347.     function getResourcePath()
    348. 

  348.     {
    349. 

  349.         return $this->strResourcePath;
    350. 

  350.     }
    351. 

  351. 

  352.     function setResourcePath($val)
    353. 

  353.     {
    354. 

  354.         $this->strResourcePath = $val;
    355. 

  355.     }
    356. 

  356. 

  357.     function getAlias()
    358. 

  358.     {
    359. 

  359.         return $this->strAlias;
    360. 

  360.     }
    361. 

  361. 

  362.     function setAlias($val)
    363. 

  363.     {
    364. 

  364.         $this->strAlias = $val;
    365. 

  365.     }
    366. 

  366. 

  367.     function getContext()
    368. 

  368.     {
    369. 

  369.         return $this->context;
    370. 

  370.     }
    371. 

  371. 

  372.     function setContext($val)
    373. 

  373.     {
    374. 

  374.         $this->context = $val;
    375. 

  375.     }
    376. 

  376. 

  377.     function getPassword()
    378. 

  378.     {
    379. 

  379.         return $this->password;
    380. 

  380.     }
    381. 

  381. 

  382.     function setPassword($val)
    383. 

  383.     {
    384. 

  384.         $this->password = $val;
    385. 

  385.     }
    386. 

  386. 

  387.     function getPasswordHash()
    388. 

  388.     {
    389. 

  389.         return $this->passwordHash;
    390. 

  390.     }
    391. 

  391. 

  392.     function setPasswordHash($val)
    393. 

  393.     {
    394. 

  394.         $this->passwordHash = $val;
    395. 

  395.     }
    396. 

  396. 

  397.     function getPort()
    398. 

  398.     {
    399. 

  399.         return $this->port;
    400. 

  400.     }
    401. 

  401. 

  402.     function setPort($val)
    403. 

  403.     {
    404. 

  404.         $this->port = $val;
    405. 

  405.     }
    406. 

  406. 

  407.     function getTermID()
    408. 

  408.     {
    409. 

  409.         return $this->termID;
    410. 

  410.     }
    411. 

  411. 

  412.     function setTermID($val)
    413. 

  413.     {
    414. 

  414.         $this->termID = $val;
    415. 

  415.     }
    416. 

  416. 

  417.     function getWebAddress()
    418. 

  418.     {
    419. 

  419.         return $this->webAddress;
    420. 

  420.     }
    421. 

  421. 

  422.     function setWebAddress($val)
    423. 

  423.     {
    424. 

  424.         $this->webAddress = $val;
    425. 

  425.     }
    426. 

  426. 

  427.     function getError()
    428. 

  428.     {
    429. 

  429.         return $this->error;
    430. 

  430.     }
    431. 

  431. }
    432. 

  432. 

  433. ?>
    434.