Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php namespace MiniOrange\OAuth\Controller\Actions; use Exception; use Magento\F..
Decoded Output download
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
public function __construct(Context $UD, OAuthUtility $n_, ProcessResponseAction $RL)
{
$this->processResponseAction = $RL;
parent::__construct($UD, $n_);
}
public function execute()
{
$If = $this->oauthUtility->daycounter();
if (!($If <= 0)) {
goto a2;
}
$this->oauthUtility->log_debug("SendAuthnRequest: execute : Your demo account has expired.");
print_r("Your Demo account has expired. Please contact to [email protected]");
exit;
a2:
$Ip = $this->getRequest()->getParams();
$Zh = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$jc = $this->oauthUtility->getOAuthClientApps();
$Tr = null;
foreach ($jc as $zl) {
if (!($zl->getData()["app_name"] === $Zh)) {
goto dq;
}
$Tr = $zl->getData();
dq:
m3:
}
Ja:
$Xw = $Tr["grant_type"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: execute");
$uO = $Tr["clientID"];
$Ea = $Tr["client_secret"];
$mw = $Tr["access_token_endpoint"];
$Fv = $Tr["scope"];
$A3 = $Tr["values_in_header"];
$Zo = $Tr["values_in_body"];
$yi = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientID" . $uO);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: clientSecret" . $Ea);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: grantType" . $Xw);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: redirectURL" . $yi);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenURL" . $mw);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: header" . $A3);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: body" . $Zo);
if (!is_null($Xw)) {
goto k8;
}
$Xw = "authorization_code";
k8:
if ($Xw == "authorization_code") {
goto eJ;
}
if ($Xw == "password_grant") {
goto mi;
}
if ($Xw == "implicit_grant") {
goto wN;
}
if ($Xw == "hybrid_grant") {
goto oH;
}
if (!($Xw == "client_credentials_grant")) {
goto vW;
}
vW:
goto qb;
oH:
qb:
goto UU;
wN:
UU:
goto Pd;
mi:
$pc = $Ip["relayState"];
$QY = $Ip["username"];
$lr = $Ip["password"];
if ($A3 == 0 && $Zo == 1) {
goto r2;
}
$Af = (new AccessTokenRequestBodyForPasswordGrant($Xw, $yi, $QY, $lr, $Fv))->build();
goto B1;
r2:
$Af = (new AccessTokenRequestForPasswordGrant($uO, $Ea, $Xw, $yi))->build();
B1:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequestForPasswordGrant" . json_encode($Af));
$hx = Curl::mo_send_access_token_request_for_password_grant($Af, $mw, $uO, $Ea, $QY, $lr);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseForPasswordGrant" . json_encode($hx));
Pd:
goto MV;
eJ:
if (isset($Ip["code"])) {
goto ZU;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: params['code'] not set");
if (!isset($Ip["error"])) {
goto aJ;
}
if (isset($Ip["error_description"])) {
return $this->sendHTTPRedirectRequest("?error=" . urlencode($Ip["error"]) . "&error_description=" . urlencode($Ip["error_description"]), $this->oauthUtility->getBaseUrl());
}
return $this->sendHTTPRedirectRequest("?error=" . urlencode($Ip["error"]), $this->oauthUtility->getBaseUrl());
aJ:
return $this->sendHTTPRedirectRequest("?error=code+not+received", $this->oauthUtility->getBaseUrl());
ZU:
$VG = $Ip["code"];
$pc = $Ip["state"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: authorizationCode" . $VG);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: relayState" . $pc);
$vq = $Tr["pkce_flow"] === "1" ? true : false;
$sS = '';
if (!$vq) {
goto y3;
}
if (isset($_SESSION["mo_code_verifier"])) {
goto Fd;
}
return $this->getResponse()->setBody("Something went wrong. PKCE Code verifier not found in session please try again");
Fd:
$sS = $_SESSION["mo_code_verifier"];
y3:
if ($A3 == 0 && $Zo == 1) {
goto G9;
}
$Af = (new AccessTokenRequestBody($Xw, $yi, $VG, $vq, $sS))->build();
goto BD;
G9:
$Af = (new AccessTokenRequest($uO, $Ea, $Xw, $yi, $VG, $vq, $sS))->build();
BD:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenRequest" . json_encode($Af));
$hx = Curl::mo_send_access_token_request($Af, $mw, $uO, $Ea, $A3, $Zo);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponse" . json_encode($hx));
MV:
$kw = json_decode($hx, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData" . json_encode($kw));
if (!isset($kw["id_token"])) {
goto Dv;
}
$rs = $kw["id_token"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken: " . $rs);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $rs);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $rs);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idToken stored: " . $rs);
Dv:
if (isset($kw["access_token"])) {
goto PC;
}
if (isset($kw["id_token"])) {
goto Xl;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData" . json_encode($kw));
return $this->getResponse()->setBody("Invalid response. Please try again.|M002. Does not recieved access token / id token from oauth provider");
goto vV;
PC:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessTokenResponseData['access_token'] is set");
$SQ = $kw["access_token"];
$Is = $Tr["user_info_endpoint"];
$this->oauthUtility->log_debug("ReadAuthorizationResponse: accessToken: " . $SQ);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoURL: " . $Is);
if (!($Is == NULL || $Is == '')) {
goto mA;
}
return $this->getResponse()->setBody("Invalid response. Please enter User Info URL.");
mA:
$A3 = "Bearer " . $SQ;
$YL = ["Authorization: {$A3}"];
$o7 = Curl::mo_send_user_info_request($Is, $YL);
$il = json_decode($o7, "true");
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponse" . json_encode($o7));
goto vV;
Xl:
$this->oauthUtility->log_debug("ReadAuthorizationResponse: if accessTokenResponseData['id_token'] ");
if (empty($rs)) {
goto Ke;
}
$rP = $Tr["jwks_endpoint"];
$bf = explode(".", $rs);
$kd = $this->decodeJWT($rs);
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray", json_encode($bf));
if (sizeof($bf) > 2) {
goto Wr;
}
$this->oauthUtility->log_debug("ReadAuthorizationResponse: idTokenArray" . json_encode($bf));
return $this->getResponse()->setBody("Invalid response. Please try again.|M001. ");
goto JU;
Wr:
if (empty($rP)) {
goto w4;
}
$Pb = trim($rP);
$LK = new JWTUtils($rs);
$W4 = json_decode(file_get_contents($Pb))->keys[0];
if ($LK->verify_from_jwks($Pb)) {
goto JW;
}
return $this->getResponse()->setBody("Invalid signature received.");
JW:
w4:
$il = $bf[1];
$il = (array) json_decode(base64_decode($il));
$this->oauthUtility->log_debug("ReadAuthorizationResponse: userInfoResponseData" . json_encode($il));
JU:
Ke:
vV:
if (!empty($il)) {
goto x0;
}
return $this->getResponse()->setBody("Invalid response. Please try again.|M003. User Info Responce Data is empty.");
x0:
$il["relayState"] = $pc;
$this->processResponseAction->setUserInfoResponse($il)->execute();
}
public function setRequestParam($h5)
{
$this->REQUEST = $h5;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($kd, $W4)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside verifySign");
$ha = new Crypt_RSA();
$ha->loadKey(["n" => new Math_BigInteger($this->get_base64_from_url($W4->n), 256), "e" => new Math_BigInteger($this->get_base64_from_url($W4->e), 256)]);
$ha->setHash("sha256");
$ha->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $ha->verify($kd["data"], $kd["sign"]) ? true : false;
}
public function get_base64_from_url($ZO)
{
return base64_decode(str_replace(["-", "_"], ["+", "/"], $ZO));
}
public function decodeJWT($dI)
{
$this->oauthUtility->log_debug("ReadAuthorizationResponse: inside decodeJWT");
$pq = explode(".", $dI);
$A3 = json_decode($this->get_base64_from_url($pq[0]));
$uV = json_decode($this->get_base64_from_url($pq[1]));
$qz = $this->get_base64_from_url($pq[2]);
return ["header" => $A3, "payload" => $uV, "sign" => $qz, "data" => $pq[0] . "." . $pq[1]];
}
}
?>
Did this file decode correctly?
Original Code
<?php
namespace MiniOrange\OAuth\Controller\Actions;
use Exception;
use Magento\Framework\App\Action\Context;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBodyForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestForPasswordGrant;
use MiniOrange\OAuth\Helper\OAuthConstants;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequest;
use MiniOrange\OAuth\Helper\OAuth\AccessTokenRequestBody;
use MiniOrange\OAuth\Helper\Curl;
use MiniOrange\OAuth\Helper\OAuthUtility;
use Magento\Framework\App\Action\HttpPostActionInterface;
use Magento\Framework\App\Action\HttpGetActionInterface;
use MiniOrange\OAuth\Controller\Actions\ProcessResponseAction;
use MiniOrange\OAuth\Helper\JWTUtils;
use MiniOrange\OAuth\Helper\BigInteger;
use MiniOrange\OAuth\Helper\RSA;
class ReadAuthorizationResponse extends BaseAction implements HttpPostActionInterface, HttpGetActionInterface
{
private $REQUEST;
private $POST;
private $processResponseAction;
public function __construct(Context $UD, OAuthUtility $n_, ProcessResponseAction $RL)
{
$this->processResponseAction = $RL;
parent::__construct($UD, $n_);
}
public function execute()
{
$If = $this->oauthUtility->daycounter();
if (!($If <= 0)) {
goto a2;
}
$this->oauthUtility->log_debug("\x53\x65\x6e\x64\101\165\x74\x68\156\122\x65\161\x75\x65\163\164\72\x20\145\170\x65\x63\x75\x74\145\x20\72\40\x59\x6f\x75\x72\40\144\x65\x6d\x6f\40\x61\143\x63\x6f\x75\156\164\x20\x68\141\x73\40\145\x78\160\151\162\145\x64\x2e");
print_r("\131\x6f\x75\162\x20\x44\x65\x6d\157\x20\x61\143\143\x6f\x75\x6e\x74\x20\x68\x61\x73\x20\x65\x78\x70\151\162\x65\x64\x2e\40\120\x6c\x65\141\163\x65\x20\143\157\x6e\x74\141\x63\x74\x20\x74\x6f\x20\x6d\141\147\145\156\164\157\x73\165\160\x70\157\x72\164\100\x78\x65\143\165\x72\x69\146\x79\x2e\143\157\x6d");
exit;
a2:
$Ip = $this->getRequest()->getParams();
$Zh = $this->oauthUtility->getSessionData(OAuthConstants::APP_NAME);
$jc = $this->oauthUtility->getOAuthClientApps();
$Tr = null;
foreach ($jc as $zl) {
if (!($zl->getData()["\x61\160\x70\x5f\x6e\141\x6d\145"] === $Zh)) {
goto dq;
}
$Tr = $zl->getData();
dq:
m3:
}
Ja:
$Xw = $Tr["\x67\162\x61\x6e\x74\137\x74\x79\160\145"];
$this->oauthUtility->log_debug("\122\x65\141\144\101\x75\164\x68\157\162\151\172\x61\x74\x69\x6f\156\122\x65\x73\x70\157\x6e\x73\x65\72\40\145\x78\x65\143\x75\x74\145");
$uO = $Tr["\143\x6c\x69\145\x6e\x74\111\x44"];
$Ea = $Tr["\x63\154\x69\145\x6e\x74\x5f\163\145\x63\x72\145\164"];
$mw = $Tr["\x61\x63\x63\x65\163\x73\137\164\157\153\x65\156\x5f\145\156\x64\x70\157\151\x6e\164"];
$Fv = $Tr["\163\x63\x6f\x70\145"];
$A3 = $Tr["\x76\141\x6c\x75\145\x73\137\151\x6e\x5f\x68\x65\141\x64\x65\x72"];
$Zo = $Tr["\166\x61\154\165\145\x73\x5f\151\156\x5f\142\x6f\x64\171"];
$yi = $this->oauthUtility->getCallBackUrl();
$this->oauthUtility->log_debug("\122\x65\141\x64\x41\x75\164\150\x6f\162\151\172\141\164\x69\x6f\156\122\145\163\x70\157\x6e\x73\145\72\x20\x63\x6c\151\145\x6e\164\x49\x44" . $uO);
$this->oauthUtility->log_debug("\122\145\141\144\x41\165\x74\x68\157\x72\x69\x7a\x61\x74\x69\157\156\122\145\x73\160\157\156\163\x65\72\x20\x63\x6c\x69\x65\x6e\x74\123\145\143\162\x65\164" . $Ea);
$this->oauthUtility->log_debug("\122\x65\x61\x64\x41\165\x74\150\157\x72\x69\x7a\x61\x74\151\x6f\156\x52\145\x73\x70\157\x6e\x73\145\72\x20\x67\x72\141\x6e\x74\124\x79\x70\145" . $Xw);
$this->oauthUtility->log_debug("\x52\145\x61\x64\x41\165\164\150\x6f\x72\151\172\141\164\x69\x6f\156\x52\145\163\160\157\156\163\145\72\40\162\x65\144\x69\162\x65\x63\x74\x55\122\114" . $yi);
$this->oauthUtility->log_debug("\x52\x65\x61\144\101\165\164\x68\157\x72\151\172\141\x74\151\157\x6e\x52\x65\x73\x70\x6f\156\163\x65\x3a\x20\141\x63\143\145\163\x73\124\x6f\153\145\156\x55\122\x4c" . $mw);
$this->oauthUtility->log_debug("\122\145\141\144\101\x75\x74\150\157\162\x69\x7a\x61\164\x69\157\156\122\145\x73\160\x6f\156\x73\145\72\x20\x68\x65\x61\144\145\162" . $A3);
$this->oauthUtility->log_debug("\x52\145\x61\x64\101\x75\x74\x68\157\x72\x69\x7a\x61\x74\x69\x6f\156\x52\x65\x73\x70\157\x6e\x73\145\x3a\40\142\157\144\171" . $Zo);
if (!is_null($Xw)) {
goto k8;
}
$Xw = "\x61\165\x74\x68\157\162\151\172\141\164\151\157\x6e\137\143\157\144\x65";
k8:
if ($Xw == "\x61\165\164\150\x6f\x72\x69\x7a\x61\x74\151\x6f\156\137\x63\x6f\x64\145") {
goto eJ;
}
if ($Xw == "\160\141\x73\x73\167\157\162\144\137\x67\162\141\x6e\164") {
goto mi;
}
if ($Xw == "\151\x6d\160\154\x69\143\x69\x74\137\x67\162\x61\156\x74") {
goto wN;
}
if ($Xw == "\150\x79\x62\162\151\144\x5f\x67\x72\141\x6e\x74") {
goto oH;
}
if (!($Xw == "\x63\x6c\x69\145\x6e\x74\137\x63\162\145\144\x65\156\x74\x69\141\x6c\x73\x5f\147\162\141\x6e\x74")) {
goto vW;
}
vW:
goto qb;
oH:
qb:
goto UU;
wN:
UU:
goto Pd;
mi:
$pc = $Ip["\x72\x65\x6c\x61\x79\123\x74\x61\x74\x65"];
$QY = $Ip["\165\x73\x65\x72\156\x61\x6d\145"];
$lr = $Ip["\x70\141\x73\163\167\x6f\162\x64"];
if ($A3 == 0 && $Zo == 1) {
goto r2;
}
$Af = (new AccessTokenRequestBodyForPasswordGrant($Xw, $yi, $QY, $lr, $Fv))->build();
goto B1;
r2:
$Af = (new AccessTokenRequestForPasswordGrant($uO, $Ea, $Xw, $yi))->build();
B1:
$this->oauthUtility->log_debug("\122\145\141\x64\101\x75\x74\150\x6f\x72\x69\x7a\x61\164\x69\x6f\x6e\122\x65\x73\x70\157\x6e\x73\x65\x3a\x20\x61\143\143\x65\163\163\124\x6f\x6b\145\x6e\x52\x65\x71\x75\x65\x73\x74\106\157\162\x50\x61\163\x73\x77\157\x72\x64\107\x72\x61\156\x74" . json_encode($Af));
$hx = Curl::mo_send_access_token_request_for_password_grant($Af, $mw, $uO, $Ea, $QY, $lr);
$this->oauthUtility->log_debug("\122\145\141\144\101\x75\x74\x68\x6f\162\151\172\x61\164\151\157\156\x52\x65\163\160\x6f\156\x73\145\72\40\141\x63\143\x65\163\x73\x54\x6f\153\x65\x6e\122\x65\163\x70\157\x6e\163\x65\106\157\x72\120\141\x73\x73\167\x6f\x72\144\107\x72\141\x6e\x74" . json_encode($hx));
Pd:
goto MV;
eJ:
if (isset($Ip["\x63\x6f\144\x65"])) {
goto ZU;
}
$this->oauthUtility->log_debug("\x52\x65\141\144\x41\x75\x74\150\157\x72\151\x7a\141\164\151\x6f\156\122\x65\163\x70\157\156\x73\145\x3a\x20\160\x61\x72\141\x6d\163\x5b\x27\x63\157\144\145\x27\x5d\x20\x6e\x6f\164\40\x73\x65\164");
if (!isset($Ip["\x65\x72\x72\x6f\162"])) {
goto aJ;
}
if (isset($Ip["\x65\x72\x72\x6f\x72\x5f\x64\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e"])) {
return $this->sendHTTPRedirectRequest("\77\x65\x72\x72\x6f\162\75" . urlencode($Ip["\x65\x72\162\157\x72"]) . "\x26\x65\x72\x72\x6f\x72\x5f\x64\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3d" . urlencode($Ip["\x65\x72\x72\x6f\x72\x5f\x64\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e"]), $this->oauthUtility->getBaseUrl());
}
return $this->sendHTTPRedirectRequest("\77\145\x72\162\157\162\75" . urlencode($Ip["\x65\162\x72\x6f\162"]), $this->oauthUtility->getBaseUrl());
aJ:
return $this->sendHTTPRedirectRequest("\x3f\145\162\x72\x6f\162\75\x63\157\x64\145\53\x6e\x6f\164\x2b\x72\x65\x63\x65\x69\166\x65\144", $this->oauthUtility->getBaseUrl());
ZU:
$VG = $Ip["\143\x6f\x64\x65"];
$pc = $Ip["\163\x74\x61\164\x65"];
$this->oauthUtility->log_debug("\x52\145\x61\144\101\x75\164\150\157\x72\x69\172\x61\164\151\x6f\156\122\x65\x73\x70\157\x6e\x73\x65\72\x20\x61\165\x74\x68\157\x72\x69\172\x61\x74\151\x6f\x6e\103\x6f\x64\x65" . $VG);
$this->oauthUtility->log_debug("\x52\145\141\144\x41\165\x74\x68\157\x72\x69\x7a\141\x74\151\x6f\156\x52\x65\x73\160\157\156\163\145\72\x20\162\145\x6c\x61\171\x53\164\x61\x74\x65" . $pc);
$vq = $Tr["\x70\x6b\x63\x65\137\146\154\157\x77"] === "\x31" ? true : false;
$sS = '';
if (!$vq) {
goto y3;
}
if (isset($_SESSION["\155\157\x5f\143\x6f\144\x65\137\x76\145\162\x69\146\x69\x65\162"])) {
goto Fd;
}
return $this->getResponse()->setBody("\123\157\x6d\145\x74\150\x69\x6e\x67\40\167\145\156\164\40\x77\x72\157\x6e\x67\x2e\40\x50\x4b\x43\x45\40\103\x6f\144\145\40\166\145\162\151\x66\151\145\162\x20\x6e\157\x74\x20\146\x6f\x75\x6e\144\40\151\156\40\x73\145\x73\x73\x69\157\x6e\x20\160\x6c\145\x61\163\x65\40\164\162\171\x20\141\x67\141\151\156");
Fd:
$sS = $_SESSION["\155\x6f\x5f\143\x6f\x64\x65\137\x76\x65\x72\x69\x66\x69\x65\x72"];
y3:
if ($A3 == 0 && $Zo == 1) {
goto G9;
}
$Af = (new AccessTokenRequestBody($Xw, $yi, $VG, $vq, $sS))->build();
goto BD;
G9:
$Af = (new AccessTokenRequest($uO, $Ea, $Xw, $yi, $VG, $vq, $sS))->build();
BD:
$this->oauthUtility->log_debug("\x52\145\x61\x64\x41\x75\x74\150\x6f\162\x69\172\x61\164\x69\157\x6e\122\145\x73\160\157\156\x73\x65\72\40\141\143\143\145\x73\x73\124\x6f\x6b\x65\x6e\x52\x65\161\x75\145\163\164" . json_encode($Af));
$hx = Curl::mo_send_access_token_request($Af, $mw, $uO, $Ea, $A3, $Zo);
$this->oauthUtility->log_debug("\122\145\x61\x64\x41\x75\164\150\x6f\162\151\x7a\x61\x74\151\x6f\156\x52\145\163\160\x6f\x6e\163\145\72\40\141\x63\x63\145\163\163\124\157\x6b\145\x6e\x52\x65\163\160\157\156\x73\145" . json_encode($hx));
MV:
$kw = json_decode($hx, "\164\162\x75\x65");
$this->oauthUtility->log_debug("\x52\145\x61\144\101\x75\x74\x68\x6f\162\x69\x7a\141\164\151\157\156\x52\145\163\x70\x6f\x6e\x73\x65\x3a\x20\141\x63\143\145\x73\163\124\x6f\x6b\x65\156\x52\x65\163\160\x6f\156\163\x65\x44\x61\164\141" . json_encode($kw));
if (!isset($kw["\x69\x64\x5f\164\x6f\x6b\145\x6e"])) {
goto Dv;
}
$rs = $kw["\151\x64\137\x74\x6f\153\x65\156"];
$this->oauthUtility->log_debug("\x52\x65\x61\x64\101\165\x74\x68\157\162\151\x7a\141\x74\x69\157\156\122\x65\x73\x70\x6f\156\x73\x65\72\40\151\144\x54\x6f\x6b\145\156\x3a\40" . $rs);
$this->oauthUtility->setSessionData(OAuthConstants::ID_TOKEN, $rs);
$this->oauthUtility->setAdminSessionData(OAuthConstants::ID_TOKEN, $rs);
$this->oauthUtility->log_debug("\x52\145\x61\144\101\x75\x74\150\x6f\x72\151\x7a\x61\164\x69\x6f\x6e\x52\x65\x73\x70\x6f\156\163\x65\x3a\x20\151\144\x54\x6f\x6b\145\156\x20\x73\x74\157\162\145\x64\x3a\40" . $rs);
Dv:
if (isset($kw["\141\x63\x63\x65\x73\x73\137\164\157\x6b\145\156"])) {
goto PC;
}
if (isset($kw["\x69\144\x5f\x74\157\153\145\x6e"])) {
goto Xl;
}
$this->oauthUtility->log_debug("\122\x65\x61\144\x41\x75\164\x68\x6f\162\x69\x7a\141\x74\x69\x6f\156\x52\x65\x73\x70\x6f\x6e\x73\x65\72\40\x61\143\143\x65\163\x73\124\x6f\x6b\145\156\x52\x65\x73\160\157\156\163\x65\104\x61\164\141" . json_encode($kw));
return $this->getResponse()->setBody("\x49\156\166\141\154\x69\x64\x20\x72\x65\163\160\157\x6e\x73\145\56\40\120\154\x65\141\x73\145\x20\x74\x72\x79\x20\x61\147\x61\151\x6e\x2e\174\115\x30\60\62\x2e\x20\104\157\x65\163\40\156\x6f\164\40\162\145\143\x69\145\166\x65\x64\x20\x61\143\x63\145\163\163\40\164\157\x6b\145\x6e\40\57\40\x69\144\40\x74\157\x6b\145\156\40\146\162\x6f\155\x20\x6f\x61\165\164\150\40\x70\162\157\x76\151\144\x65\162");
goto vV;
PC:
$this->oauthUtility->log_debug("\122\145\141\144\x41\165\164\150\157\x72\x69\172\x61\x74\151\x6f\x6e\122\x65\163\x70\x6f\x6e\x73\x65\72\40\141\143\x63\x65\x73\x73\x54\157\x6b\x65\x6e\x52\145\163\160\157\x6e\163\x65\x44\x61\164\x61\x5b\47\141\x63\x63\145\x73\x73\x5f\x74\x6f\153\x65\156\x27\135\40\151\x73\40\x73\145\164");
$SQ = $kw["\x61\143\x63\145\x73\163\x5f\164\157\153\145\156"];
$Is = $Tr["\165\163\145\x72\137\151\156\x66\157\x5f\145\x6e\144\160\x6f\151\156\164"];
$this->oauthUtility->log_debug("\122\x65\x61\x64\101\165\x74\150\x6f\162\151\172\x61\164\x69\157\x6e\122\145\x73\160\157\156\163\x65\x3a\x20\x61\x63\x63\x65\163\x73\124\157\x6b\145\156\72\x20" . $SQ);
$this->oauthUtility->log_debug("\x52\x65\x61\144\101\165\164\150\x6f\162\151\172\x61\164\151\x6f\156\x52\145\x73\160\x6f\x6e\x73\x65\x3a\x20\x75\163\145\x72\111\x6e\x66\157\x55\122\x4c\x3a\x20" . $Is);
if (!($Is == NULL || $Is == '')) {
goto mA;
}
return $this->getResponse()->setBody("\111\156\166\x61\x6c\x69\x64\x20\162\x65\163\160\x6f\x6e\x73\145\56\x20\x50\154\x65\x61\x73\x65\x20\x65\x6e\x74\145\162\40\125\163\x65\162\40\111\x6e\x66\x6f\x20\125\x52\114\56");
mA:
$A3 = "\x42\x65\141\162\x65\162\40" . $SQ;
$YL = ["\x41\x75\164\x68\x6f\x72\x69\172\x61\164\x69\157\156\x3a\40{$A3}"];
$o7 = Curl::mo_send_user_info_request($Is, $YL);
$il = json_decode($o7, "\164\162\x75\145");
$this->oauthUtility->log_debug("\122\145\141\144\x41\x75\164\150\157\x72\151\172\x61\x74\x69\157\x6e\x52\145\163\160\157\156\163\145\x3a\x20\165\x73\145\162\111\x6e\146\x6f\122\145\x73\160\157\156\163\x65" . json_encode($o7));
goto vV;
Xl:
$this->oauthUtility->log_debug("\122\x65\141\144\x41\x75\164\150\x6f\162\x69\x7a\141\164\x69\x6f\156\x52\x65\x73\160\157\156\163\145\x3a\40\x69\x66\40\141\x63\143\145\x73\x73\124\157\x6b\x65\156\x52\145\x73\x70\157\x6e\x73\145\104\x61\x74\141\133\x27\x69\144\137\164\x6f\x6b\145\x6e\47\135\x20");
if (empty($rs)) {
goto Ke;
}
$rP = $Tr["\152\167\x6b\x73\137\x65\156\x64\160\157\x69\x6e\x74"];
$bf = explode("\x2e", $rs);
$kd = $this->decodeJWT($rs);
$this->oauthUtility->log_debug("\x52\x65\141\x64\x41\x75\x74\x68\x6f\162\x69\172\141\x74\x69\157\156\122\145\x73\x70\157\156\x73\145\72\40\x69\144\x54\x6f\x6b\x65\x6e\101\162\x72\141\171", json_encode($bf));
if (sizeof($bf) > 2) {
goto Wr;
}
$this->oauthUtility->log_debug("\122\x65\141\x64\101\165\x74\x68\157\x72\151\x7a\x61\x74\x69\x6f\x6e\122\145\163\160\x6f\156\x73\145\72\x20\x69\144\124\157\x6b\x65\156\101\x72\x72\141\x79" . json_encode($bf));
return $this->getResponse()->setBody("\111\156\166\x61\154\x69\144\40\162\x65\163\160\157\156\163\145\x2e\x20\x50\154\145\141\x73\145\40\x74\x72\171\40\141\x67\141\151\156\56\174\x4d\60\60\x31\x2e\40");
goto JU;
Wr:
if (empty($rP)) {
goto w4;
}
$Pb = trim($rP);
$LK = new JWTUtils($rs);
$W4 = json_decode(file_get_contents($Pb))->keys[0];
if ($LK->verify_from_jwks($Pb)) {
goto JW;
}
return $this->getResponse()->setBody("\111\156\166\141\x6c\x69\144\40\163\151\x67\x6e\x61\x74\x75\162\x65\x20\162\145\143\x65\151\x76\x65\144\x2e");
JW:
w4:
$il = $bf[1];
$il = (array) json_decode(base64_decode($il));
$this->oauthUtility->log_debug("\122\x65\141\144\101\165\164\x68\x6f\x72\151\x7a\x61\x74\x69\x6f\156\122\x65\163\x70\157\x6e\x73\x65\x3a\40\x75\x73\x65\162\x49\156\146\157\x52\145\163\x70\157\156\x73\145\x44\x61\164\x61" . json_encode($il));
JU:
Ke:
vV:
if (!empty($il)) {
goto x0;
}
return $this->getResponse()->setBody("\x49\156\x76\x61\x6c\151\144\x20\x72\x65\x73\160\x6f\x6e\163\145\56\40\x50\x6c\x65\x61\163\145\x20\x74\162\x79\x20\141\147\141\x69\156\56\174\x4d\x30\x30\63\56\40\x55\x73\145\x72\x20\111\x6e\146\157\x20\x52\145\163\x70\x6f\156\143\145\x20\104\141\164\141\40\151\163\x20\x65\155\x70\164\171\x2e");
x0:
$il["\162\x65\x6c\141\171\123\164\x61\164\145"] = $pc;
$this->processResponseAction->setUserInfoResponse($il)->execute();
}
public function setRequestParam($h5)
{
$this->REQUEST = $h5;
return $this;
}
public function setPostParam($post)
{
$this->POST = $post;
return $this;
}
public function verifySign($kd, $W4)
{
$this->oauthUtility->log_debug("\x52\145\141\144\101\165\x74\150\157\x72\x69\172\x61\164\x69\x6f\x6e\x52\x65\x73\x70\x6f\156\163\145\72\x20\151\x6e\x73\151\x64\x65\x20\166\145\162\151\x66\x79\x53\151\147\x6e");
$ha = new Crypt_RSA();
$ha->loadKey(["\156" => new Math_BigInteger($this->get_base64_from_url($W4->n), 256), "\145" => new Math_BigInteger($this->get_base64_from_url($W4->e), 256)]);
$ha->setHash("\163\x68\x61\x32\65\x36");
$ha->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
return $ha->verify($kd["\144\x61\164\141"], $kd["\x73\x69\x67\156"]) ? true : false;
}
public function get_base64_from_url($ZO)
{
return base64_decode(str_replace(["\55", "\137"], ["\x2b", "\x2f"], $ZO));
}
public function decodeJWT($dI)
{
$this->oauthUtility->log_debug("\122\145\x61\144\x41\165\x74\x68\157\162\151\x7a\141\164\x69\x6f\x6e\x52\145\163\160\157\156\x73\x65\x3a\40\x69\x6e\x73\151\144\145\x20\144\x65\143\157\144\145\x4a\x57\x54");
$pq = explode("\56", $dI);
$A3 = json_decode($this->get_base64_from_url($pq[0]));
$uV = json_decode($this->get_base64_from_url($pq[1]));
$qz = $this->get_base64_from_url($pq[2]);
return ["\150\145\141\144\145\162" => $A3, "\x70\x61\171\x6c\x6f\141\144" => $uV, "\163\x69\147\156" => $qz, "\x64\141\164\141" => $pq[0] . "\x2e" . $pq[1]];
}
}
Function Calls
None |
Stats
MD5 | 08b41255ddb901fc43c412b57bd990cb |
Eval Count | 0 |
Decode Time | 64 ms |