PATH:
usr
/
local
/
sitepad
/
editor
/
site-data
/
plugins
/
kkart-pro
/
includes
/
gateways
/
stripe
/
stripe-php
/
lib
<?php namespace Stripe; abstract class WebhookSignature { const EXPECTED_SCHEME = 'v1'; /** * Verifies the signature header sent by Stripe. Throws an * Exception\SignatureVerificationException exception if the verification fails for * any reason. * * @param string $payload the payload sent by Stripe * @param string $header the contents of the signature header sent by * Stripe * @param string $secret secret used to generate the signature * @param int $tolerance maximum difference allowed between the header's * timestamp and the current time * * @throws Exception\SignatureVerificationException if the verification fails * * @return bool */ public static function verifyHeader($payload, $header, $secret, $tolerance = null) { // Extract timestamp and signatures from header $timestamp = self::getTimestamp($header); $signatures = self::getSignatures($header, self::EXPECTED_SCHEME); if (-1 === $timestamp) { throw Exception\SignatureVerificationException::factory( 'Unable to extract timestamp and signatures from header', $payload, $header ); } if (empty($signatures)) { throw Exception\SignatureVerificationException::factory( 'No signatures found with expected scheme', $payload, $header ); } // Check if expected signature is found in list of signatures from // header $signedPayload = "{$timestamp}.{$payload}"; $expectedSignature = self::computeSignature($signedPayload, $secret); $signatureFound = false; foreach ($signatures as $signature) { if (Util\Util::secureCompare($expectedSignature, $signature)) { $signatureFound = true; break; } } if (!$signatureFound) { throw Exception\SignatureVerificationException::factory( 'No signatures found matching the expected signature for payload', $payload, $header ); } // Check if timestamp is within tolerance if (($tolerance > 0) && (\abs(\time() - $timestamp) > $tolerance)) { throw Exception\SignatureVerificationException::factory( 'Timestamp outside the tolerance zone', $payload, $header ); } return true; } /** * Extracts the timestamp in a signature header. * * @param string $header the signature header * * @return int the timestamp contained in the header, or -1 if no valid * timestamp is found */ private static function getTimestamp($header) { $items = \explode(',', $header); foreach ($items as $item) { $itemParts = \explode('=', $item, 2); if ('t' === $itemParts[0]) { if (!\is_numeric($itemParts[1])) { return -1; } return (int) ($itemParts[1]); } } return -1; } /** * Extracts the signatures matching a given scheme in a signature header. * * @param string $header the signature header * @param string $scheme the signature scheme to look for * * @return array the list of signatures matching the provided scheme */ private static function getSignatures($header, $scheme) { $signatures = []; $items = \explode(',', $header); foreach ($items as $item) { $itemParts = \explode('=', $item, 2); if (\trim($itemParts[0]) === $scheme) { $signatures[] = $itemParts[1]; } } return $signatures; } /** * Computes the signature for a given payload and secret. * * The current scheme used by Stripe ("v1") is HMAC/SHA-256. * * @param string $payload the payload to sign * @param string $secret the secret used to generate the signature * * @return string the signature as a string */ private static function computeSignature($payload, $secret) { return \hash_hmac('sha256', $payload, $secret); } }
[+]
BillingPortal
[+]
Sigma
[-] ApplicationFeeRefund.php
[open]
[+]
..
[-] PromotionCode.php
[open]
[+]
Radar
[-] BaseStripeClient.php
[open]
[-] ApiResponse.php
[open]
[+]
Terminal
[-] FileLink.php
[open]
[-] SingletonApiResource.php
[open]
[-] TaxRate.php
[open]
[-] OAuth.php
[open]
[-] Invoice.php
[open]
[+]
Checkout
[-] ThreeDSecure.php
[open]
[-] Token.php
[open]
[+]
Service
[-] ApiResource.php
[open]
[-] Mandate.php
[open]
[-] Payout.php
[open]
[-] Charge.php
[open]
[-] ExchangeRate.php
[open]
[-] OrderReturn.php
[open]
[-] RecipientTransfer.php
[open]
[-] LoginLink.php
[open]
[-] Coupon.php
[open]
[-] Capability.php
[open]
[-] Price.php
[open]
[-] BitcoinReceiver.php
[open]
[-] WebhookEndpoint.php
[open]
[-] Stripe.php
[open]
[-] Subscription.php
[open]
[-] Discount.php
[open]
[-] SourceTransaction.php
[open]
[-] Card.php
[open]
[-] EphemeralKey.php
[open]
[-] WebhookSignature.php
[open]
[-] Balance.php
[open]
[-] UsageRecordSummary.php
[open]
[-] InvoiceLineItem.php
[open]
[-] ApplicationFee.php
[open]
[-] StripeObject.php
[open]
[-] ApplePayDomain.php
[open]
[-] CreditNote.php
[open]
[-] Person.php
[open]
[-] AccountLink.php
[open]
[-] AlipayAccount.php
[open]
[-] SetupIntent.php
[open]
[-] Source.php
[open]
[-] StripeClientInterface.php
[open]
[-] TaxId.php
[open]
[-] Transfer.php
[open]
[-] LineItem.php
[open]
[-] Account.php
[open]
[-] Webhook.php
[open]
[-] Dispute.php
[open]
[-] BalanceTransaction.php
[open]
[-] SubscriptionItem.php
[open]
[-] ErrorObject.php
[open]
[-] InvoiceItem.php
[open]
[-] OAuthErrorObject.php
[open]
[-] Customer.php
[open]
[-] Plan.php
[open]
[-] CountrySpec.php
[open]
[-] ApiRequestor.php
[open]
[-] SetupAttempt.php
[open]
[-] Order.php
[open]
[-] Topup.php
[open]
[-] BitcoinTransaction.php
[open]
[-] RequestTelemetry.php
[open]
[-] CustomerBalanceTransaction.php
[open]
[-] UsageRecord.php
[open]
[-] Event.php
[open]
[+]
Util
[-] Collection.php
[open]
[+]
ApiOperations
[-] Review.php
[open]
[-] TransferReversal.php
[open]
[-] Refund.php
[open]
[-] StripeClient.php
[open]
[-] Recipient.php
[open]
[-] PaymentIntent.php
[open]
[-] BankAccount.php
[open]
[-] OrderItem.php
[open]
[+]
HttpClient
[-] PaymentMethod.php
[open]
[-] Quote.php
[open]
[-] Product.php
[open]
[-] BaseStripeClientInterface.php
[open]
[-] TaxCode.php
[open]
[-] SKU.php
[open]
[-] StripeStreamingClientInterface.php
[open]
[+]
Reporting
[-] File.php
[open]
[-] SubscriptionSchedule.php
[open]
[-] CreditNoteLineItem.php
[open]
[+]
Exception
[+]
Identity
[+]
Issuing