feat (#950): mcrypt CBC replace by openssl

composer.json

@@ -7,6 +7,7 @@
     "ext-json": "*",
     "ext-dom": "*",
     "ext-libxml": "*",
+    "ext-openssl": "*",
     "beberlei/assert": "^2.9",
     "league/oauth2-github": "^0.2.1",
     "symfony/symfony": "^3.4",
@@ -45,7 +46,7 @@
     "sensio/generator-bundle": "^3.0",
     "symfony/phpunit-bridge": "^3.1",
     "guzzlehttp/guzzle": "^6.5",
-    "ekino/newrelic-bundle": "^1.4"
+    "ekino/newrelic-bundle": "^1.4",
   },
   "scripts": {
     "post-install-cmd": [

htdocs/pages/administration/compta_facture.php

@@ -30,7 +30,7 @@
 if ($action == 'lister') {
 	$ecritures = $comptaFact->obtenirFacture();
   foreach ($ecritures as &$e) {
-    $e['link'] = urlencode(base64_encode(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', $e['id'], MCRYPT_ENCRYPT, '@PaiFact')));;
+    $e['link'] = urlencode(cryptFromId($e['id']));
   }
 	$smarty->assign('ecritures', $ecritures);
 } elseif ($action == 'telecharger_facture') {

htdocs/pages/paiement/index.php

@@ -7,7 +7,7 @@
 
 $comptaFact = new Facture($bdd);
 
-$ref = trim(mcrypt_cbc (MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', base64_decode(str_replace(' ', '+', urldecode($_GET['ref']))), MCRYPT_DECRYPT, '@PaiFact'));
+$ref = \Afup\Site\Utils\Utils::decryptFromRef(urldecode($_GET['ref']));
 
 $facture = $comptaFact->obtenir($ref);
 if ($facture) {

sources/Afup/Utils/Utils.php

@@ -54,6 +54,30 @@ public static function get_gravatar($email, $s = 80, $d = 'mm', $r = 'g', $img =
         }
         return $url;
     }
-}
 
-?>
+    public static function cryptFromId($id)
+    {
+        return base64_encode(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', $id, MCRYPT_ENCRYPT, '@PaiFact'));
+
+        if (strlen($id) % 8) {
+            $id = str_pad($id, strlen($id) + 8 - strlen($id) % 8, "\0");
+        }
+
+        $key = 'PaiementFactureAFUP_AFUP';
+        $iv = '@PaiFact';
+
+        return base64_encode(openssl_encrypt($id, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
+    }
+
+    public static function decryptFromRef($ref)
+    {
+        return trim(mcrypt_cbc(MCRYPT_TripleDES, 'PaiementFactureAFUP_AFUP', base64_decode(str_replace(' ', '+', $ref)), MCRYPT_DECRYPT, '@PaiFact'));
+
+        $ref = base64_decode(str_replace(' ', '+', $ref));
+
+        $key = 'PaiementFactureAFUP_AFUP';
+        $iv = '@PaiFact';
+
+        return trim(openssl_decrypt($ref, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
+    }
+}

tests/units/Afup/Utils/Utils.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace Afup\Site\Utils\tests\units;
+
+use Afup\Site\Utils\Utils as UtilsToTest;
+
+class Utils extends \atoum
+{
+    protected function dataProvider()
+    {
+        return [
+            [
+                'decrypted' => 1,
+                'encrypted' => '03bITNI5Ono=',
+            ],
+            [
+                'decrypted' => '1',
+                'encrypted' => '03bITNI5Ono=',
+            ],
+            [
+                'decrypted' => '12345',
+                'encrypted' => 'EIx0Y/wJQ+I=',
+            ],
+            [
+                'decrypted' => 'abcdef',
+                'encrypted' => 'UvM1BUAJ5jQ=',
+            ],
+            [
+                'decrypted' => 'L\'AFUP est trop mortelle !',
+                'encrypted' => '6MSKdnJmUMW7YrnxXDe/5mKySbAiO2C9ubfR3NcG/fc=',
+            ],
+        ];
+    }
+
+    /**
+     * @dataProvider dataProvider
+     */
+    public function testCryptFromId($decrypted, $encrypted)
+    {
+        $this
+            ->string(UtilsToTest::cryptFromId($decrypted))
+            ->isEqualTo($encrypted);
+    }
+
+    /**
+     * @dataProvider dataProvider
+     */
+    public function testDecryptFromRef($decrypted, $encrypted)
+    {
+        $this
+            ->string(UtilsToTest::decryptFromRef($encrypted))
+            ->isEqualTo($decrypted);
+    }
+}