NH_Gooi/nhgooi.nl
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Upgrade framework

Browse Source
This commit is contained in:
Mischa Spelt
2023-11-14 16:54:35 +01:00
parent 1648a5cd42
commit 4fcf6fffcc
10548 changed files with 693138 additions and 466698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php vendored
View File

@@ -2,12 +2,13 @@
namespace Illuminate\Encryption;
use RuntimeException;
use Illuminate\Contracts\Encryption\DecryptException;
use Illuminate\Contracts\Encryption\EncryptException;
use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;
use Illuminate\Contracts\Encryption\EncryptException;
use Illuminate\Contracts\Encryption\StringEncrypter;
use RuntimeException;
class Encrypter implements EncrypterContract
class Encrypter implements EncrypterContract, StringEncrypter
{
/**
* The encryption key.
@@ -23,6 +24,18 @@ class Encrypter implements EncrypterContract
*/
protected $cipher;
/**
* The supported cipher algorithms and their properties.
*
* @var array
*/
private static $supportedCiphers = [
'aes-128-cbc' => ['size' => 16, 'aead' => false],
'aes-256-cbc' => ['size' => 32, 'aead' => false],
'aes-128-gcm' => ['size' => 16, 'aead' => true],
'aes-256-gcm' => ['size' => 32, 'aead' => true],
];
/**
* Create a new encrypter instance.
*
@@ -32,16 +45,18 @@ class Encrypter implements EncrypterContract
*
* @throws \RuntimeException
*/
public function __construct($key, $cipher = 'AES-128-CBC')
public function __construct($key, $cipher = 'aes-128-cbc')
{
$key = (string) $key;
if (static::supported($key, $cipher)) {
$this->key = $key;
$this->cipher = $cipher;
} else {
throw new RuntimeException('The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.');
if (! static::supported($key, $cipher)) {
$ciphers = implode(', ', array_keys(self::$supportedCiphers));
throw new RuntimeException("Unsupported cipher or incorrect key length. Supported ciphers are: {$ciphers}.");
}
$this->key = $key;
$this->cipher = $cipher;
}
/**
@@ -53,10 +68,22 @@ class Encrypter implements EncrypterContract
*/
public static function supported($key, $cipher)
{
$length = mb_strlen($key, '8bit');
if (! isset(self::$supportedCiphers[strtolower($cipher)])) {
return false;
}
return ($cipher === 'AES-128-CBC' && $length === 16) ||
($cipher === 'AES-256-CBC' && $length === 32);
return mb_strlen($key, '8bit') === self::$supportedCiphers[strtolower($cipher)]['size'];
}
/**
* Create a new encryption key for the given cipher.
*
* @param string $cipher
* @return string
*/
public static function generateKey($cipher)
{
return random_bytes(self::$supportedCiphers[strtolower($cipher)]['size'] ?? 32);
}
/**
@@ -70,28 +97,27 @@ class Encrypter implements EncrypterContract
*/
public function encrypt($value, $serialize = true)
{
$iv = random_bytes(16);
$iv = random_bytes(openssl_cipher_iv_length(strtolower($this->cipher)));
// First we will encrypt the value using OpenSSL. After this is encrypted we
// will proceed to calculating a MAC for the encrypted value so that this
// value can be verified later as not having been changed by the users.
$value = \openssl_encrypt(
$serialize ? serialize($value) : $value,
$this->cipher, $this->key, 0, $iv
strtolower($this->cipher), $this->key, 0, $iv, $tag
);
if ($value === false) {
throw new EncryptException('Could not encrypt the data.');
}
// Once we have the encrypted value we will go ahead base64_encode the input
// vector and create the MAC for the encrypted value so we can verify its
// authenticity. Then, we'll JSON encode the data in a "payload" array.
$mac = $this->hash($iv = base64_encode($iv), $value);
$iv = base64_encode($iv);
$tag = base64_encode($tag ?? '');
$json = json_encode(compact('iv', 'value', 'mac'));
$mac = self::$supportedCiphers[strtolower($this->cipher)]['aead']
? '' // For AEAD-algoritms, the tag / MAC is returned by openssl_encrypt...
: $this->hash($iv, $value);
if (! is_string($json)) {
$json = json_encode(compact('iv', 'value', 'mac', 'tag'), JSON_UNESCAPED_SLASHES);
if (json_last_error() !== JSON_ERROR_NONE) {
throw new EncryptException('Could not encrypt the data.');
}
@@ -103,6 +129,8 @@ class Encrypter implements EncrypterContract
*
* @param string $value
* @return string
*
* @throws \Illuminate\Contracts\Encryption\EncryptException
*/
public function encryptString($value)
{
@@ -112,9 +140,9 @@ class Encrypter implements EncrypterContract
/**
* Decrypt the given value.
*
* @param mixed $payload
* @param string $payload
* @param bool $unserialize
* @return string
* @return mixed
*
* @throws \Illuminate\Contracts\Encryption\DecryptException
*/
@@ -124,11 +152,15 @@ class Encrypter implements EncrypterContract
$iv = base64_decode($payload['iv']);
$this->ensureTagIsValid(
$tag = empty($payload['tag']) ? null : base64_decode($payload['tag'])
);
// Here we will decrypt the value. If we are able to successfully decrypt it
// we will then unserialize it and return it out to the caller. If we are
// unable to decrypt this value we will throw out an exception message.
$decrypted = \openssl_decrypt(
$payload['value'], $this->cipher, $this->key, 0, $iv
$payload['value'], strtolower($this->cipher), $this->key, 0, $iv, $tag ?? ''
);
if ($decrypted === false) {
@@ -143,6 +175,8 @@ class Encrypter implements EncrypterContract
*
* @param string $payload
* @return string
*
* @throws \Illuminate\Contracts\Encryption\DecryptException
*/
public function decryptString($payload)
{
@@ -180,7 +214,7 @@ class Encrypter implements EncrypterContract
throw new DecryptException('The payload is invalid.');
}
if (! $this->validMac($payload)) {
if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && ! $this->validMac($payload)) {
throw new DecryptException('The MAC is invalid.');
}
@@ -195,9 +229,21 @@ class Encrypter implements EncrypterContract
*/
protected function validPayload($payload)
{
return is_array($payload) && isset(
$payload['iv'], $payload['value'], $payload['mac']
);
if (! is_array($payload)) {
return false;
}
foreach (['iv', 'value', 'mac'] as $item) {
if (! isset($payload[$item]) || ! is_string($payload[$item])) {
return false;
}
}
if (isset($payload['tag']) && ! is_string($payload['tag'])) {
return false;
}
return strlen(base64_decode($payload['iv'], true)) === openssl_cipher_iv_length(strtolower($this->cipher));
}
/**
@@ -208,29 +254,30 @@ class Encrypter implements EncrypterContract
*/
protected function validMac(array $payload)
{
$calculated = $this->calculateMac($payload, $bytes = random_bytes(16));
return hash_equals(
hash_hmac('sha256', $payload['mac'], $bytes, true), $calculated
$this->hash($payload['iv'], $payload['value']), $payload['mac']
);
}
/**
* Calculate the hash of the given payload.
* Ensure the given tag is a valid tag given the selected cipher.
*
* @param array $payload
* @param string $bytes
* @return string
* @param string $tag
* @return void
*/
protected function calculateMac($payload, $bytes)
protected function ensureTagIsValid($tag)
{
return hash_hmac(
'sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true
);
if (self::$supportedCiphers[strtolower($this->cipher)]['aead'] && strlen($tag) !== 16) {
throw new DecryptException('Could not decrypt the data.');
}
if (! self::$supportedCiphers[strtolower($this->cipher)]['aead'] && is_string($tag)) {
throw new DecryptException('Unable to use tag because the cipher algorithm does not support AEAD.');
}
}
/**
* Get the encryption key.
* Get the encryption key that the encrypter is currently using.
*
* @return string
*/

69
vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php vendored
View File

@@ -2,8 +2,9 @@
namespace Illuminate\Encryption;
use Illuminate\Support\Str;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Laravel\SerializableClosure\SerializableClosure;
class EncryptionServiceProvider extends ServiceProvider
{
@@ -13,18 +14,70 @@ class EncryptionServiceProvider extends ServiceProvider
* @return void
*/
public function register()
{
$this->registerEncrypter();
$this->registerSerializableClosureSecurityKey();
}
/**
* Register the encrypter.
*
* @return void
*/
protected function registerEncrypter()
{
$this->app->singleton('encrypter', function ($app) {
$config = $app->make('config')->get('app');
// If the key starts with "base64:", we will need to decode the key before handing
// it off to the encrypter. Keys may be base-64 encoded for presentation and we
// want to make sure to convert them back to the raw bytes before encrypting.
if (Str::startsWith($key = $config['key'], 'base64:')) {
$key = base64_decode(substr($key, 7));
}
return new Encrypter($this->parseKey($config), $config['cipher']);
});
}
return new Encrypter($key, $config['cipher']);
/**
* Configure Serializable Closure signing for security.
*
* @return void
*/
protected function registerSerializableClosureSecurityKey()
{
$config = $this->app->make('config')->get('app');
if (! class_exists(SerializableClosure::class) || empty($config['key'])) {
return;
}
SerializableClosure::setSecretKey($this->parseKey($config));
}
/**
* Parse the encryption key.
*
* @param array $config
* @return string
*/
protected function parseKey(array $config)
{
if (Str::startsWith($key = $this->key($config), $prefix = 'base64:')) {
$key = base64_decode(Str::after($key, $prefix));
}
return $key;
}
/**
* Extract the encryption key from the given configuration.
*
* @param array $config
* @return string
*
* @throws \Illuminate\Encryption\MissingAppKeyException
*/
protected function key(array $config)
{
return tap($config['key'], function ($key) {
if (empty($key)) {
throw new MissingAppKeyException;
}
});
}
}

21
vendor/laravel/framework/src/Illuminate/Encryption/LICENSE.md vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) Taylor Otwell
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

19
vendor/laravel/framework/src/Illuminate/Encryption/MissingAppKeyException.php vendored Normal file
View File

@@ -0,0 +1,19 @@
<?php
namespace Illuminate\Encryption;
use RuntimeException;
class MissingAppKeyException extends RuntimeException
{
/**
* Create a new exception instance.
*
* @param string $message
* @return void
*/
public function __construct($message = 'No application encryption key has been specified.')
{
parent::__construct($message);
}
}

10
vendor/laravel/framework/src/Illuminate/Encryption/composer.json vendored
View File

@@ -14,12 +14,12 @@
}
],
"require": {
"php": ">=5.6.4",
"php": "^8.0.2",
"ext-json": "*",
"ext-mbstring": "*",
"ext-openssl": "*",
"illuminate/contracts": "5.4.*",
"illuminate/support": "5.4.*",
"paragonie/random_compat": "~1.4|~2.0"
"illuminate/contracts": "^9.0",
"illuminate/support": "^9.0"
},
"autoload": {
"psr-4": {
@@ -28,7 +28,7 @@
},
"extra": {
"branch-alias": {
"dev-master": "5.4-dev"
"dev-master": "9.x-dev"
}
},
"config": {