magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
760e1e752a0c088fa634cf7ff678e0735ed525a4
wc-licensed-product-client/src/Dto/LicenseStatus.php
magdev fa748d61d3 Fix security vulnerabilities identified in audit 
- Add JSON encoding error handling in ResponseSignature to prevent silent failures
- Sanitize exception messages to prevent information disclosure
- Fix header normalization to treat empty values as null
- Add SSRF protection with URL validation and private IP blocking
- Replace custom key derivation with RFC 5869 compliant hash_hkdf()
- Add input validation in DTO fromArray() methods
- Add DateTime exception handling in DTOs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 14:31:13 +01:00

89 lines
2.8 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Magdev\WcLicensedProductClient\Dto;
enum LicenseState: string
{
case Active = 'active';
case Inactive = 'inactive';
case Expired = 'expired';
case Revoked = 'revoked';
}
final readonly class LicenseStatus
{
public function __construct(
public bool $valid,
public LicenseState $status,
public string $domain,
public ?\DateTimeImmutable $expiresAt,
public int $activationsCount,
public int $maxActivations,
) {
}
public static function fromArray(array $data): self
{
// Validate required fields
if (!isset($data['valid']) || !is_bool($data['valid'])) {
throw new \InvalidArgumentException('Invalid response: missing or invalid valid field');
}
if (!isset($data['status']) || !is_string($data['status'])) {
throw new \InvalidArgumentException('Invalid response: missing or invalid status field');
}
if (!isset($data['domain']) || !is_string($data['domain'])) {
throw new \InvalidArgumentException('Invalid response: missing or invalid domain field');
}
if (!isset($data['activations_count']) || !is_int($data['activations_count'])) {
throw new \InvalidArgumentException('Invalid response: missing or invalid activations_count field');
}
if (!isset($data['max_activations']) || !is_int($data['max_activations'])) {
throw new \InvalidArgumentException('Invalid response: missing or invalid max_activations field');
}
$expiresAt = null;
if (isset($data['expires_at']) && $data['expires_at'] !== null) {
try {
$expiresAt = new \DateTimeImmutable($data['expires_at']);
} catch (\Exception $e) {
throw new \InvalidArgumentException(
'Invalid response: invalid date format for expires_at',
0,
$e
);
}
}
try {
$status = LicenseState::from($data['status']);
} catch (\ValueError $e) {
throw new \InvalidArgumentException(
'Invalid response: unknown license status value',
0,
$e
);
}
return new self(
valid: $data['valid'],
status: $status,
domain: $data['domain'],
expiresAt: $expiresAt,
activationsCount: $data['activations_count'],
maxActivations: $data['max_activations'],
);
}
public function isLifetime(): bool
{
return $this->expiresAt === null;
}
public function hasAvailableActivations(): bool
{
return $this->activationsCount < $this->maxActivations;
}
}
Reference in New Issue View Git Blame Copy Permalink