How to decrypt a document calling the Prot-On Rest API with PHP

Decrypt Service

You can call the document decryption service using Basic (username and password) or Bearer (OAuth access token). Anyway you should send your client credentials too.

If you want to call the service using bearer authentication, first of all, you have to implement an OAuth authentication system, in order to get an OAuth access token. Please visit OAuth Authentication Example to know more.

<?php

namespace ProtOn\Demos;

use ProtOn\Utils\BearerPest;

class ApiDecryptDemo {
	
	/* Constants */
	
	const PROTON_REST_API = 'https://dnd.prot-on.com/rest-api/api';
	const SERVICE_URL = '/documents/decrypt';
	
	/**
	 * Decrypts a document
	 * @param  string $token
	 * @param  file $file
	 * @param  string $algorithm
	 * @param  boolean $return_url
	 * @return  Ambigous 
	 */
	public function decryptDocument($token, $file, $algorithm, $return_url){
		
		$response = NULL;
		
		$httpHeaders = array('Content-Type' => 'multipart/form-data; charset=utf-8');
		$data = array('file' => $this->getCurlFile($file->getRealPath()), 'algorithm'=>$algorithm, 'return_url'=>$return_url);
		
		$pest = new BearerPest(self::PROTON_REST_API);
		$pest->setupAuth($token, '', 'bearer');
		try {
			$body = $pest->post(self::SERVICE_URL, $data, $httpHeaders);
			$response = $body;
		} catch (Pest_Exception $e) {
			$response = $e->getMessage();
		}
		
		return $response;
		
	}
	
	/**
	 * Builds the appropiate $curlFile data type depending
	 * on the installed PHP version
	 * @param  string $filePath
	 * @return  Ambigous 
	 */
	function getCurlFile($filePath){
		
		if(version_compare(PHP_VERSION, '5.5.0') >= 0){
			$curlFile = new \CURLFile($filePath, '', '');
		} else {
			$curlFile = "@".$filePath;
		}
		
		return $curlFile;
		
	}
	
}
?>
			

BearerPest Wrapper Code

BearerPest is a wrapper class that adds the Bearer authentication to Pest class, which is an external library in this example that allows to create an OAuth client.

You can get Pest class from its Github project, here, or use your own.

<?php
namespace ProtOn\Utils;

use ProtOn\Utils\Pest;

class BearerPest extends Pest {

	protected $bearerHeader;
	
	public function setupAuth($user, $pass, $auth = 'basic'){
		if ($auth == 'bearer') {
			$this->bearerHeader = 'Authorization: Bearer ' . $user;
		} else {
			parent::setupAuth($user, $pass, $auth);
		}
	}
	
	public function prepData($data) {
		if (is_array ( $data )) {
			$multipart = false;
			
			foreach ( $data as $item ) {
				if (is_string ( $item ) && strncmp ( $item, "@", 1 ) == 0 && is_file ( substr ( $item, 1 ) )) {
					$multipart = true;
					break;
				} elseif ($item instanceof \CURLFile) {
					$multipart = true;
					break;
				}
			}
			
			return ($multipart) ? $data : http_build_query ( $data );
		} else {
			return $data;
		}
	}
	
	protected function prepHeaders($headers) {
		$headers = parent::prepHeaders($headers);
		if (!empty($this->bearerHeader)) {
			$headers[] = $this->bearerHeader;
		}
		return $headers;
	}

}

?>
			

Decrypt Controller

Now, you can create a Controller that calls the Decrypt Service and provide it with the necessary access token, file to protect and data.

			
<?php

namespace ProtOn\Demos\Controllers;

use ProtOn\Demos\ApiDecryptDemo;

class DecryptController extends Controller {
	
	/**
	 * Represents a GET request to /demos/api-decrypt-demo
	 * Your view could consist in a form that posts it fields to itself.
	 * Post action would be controlled by "postApiDecryptDemo()" method.
	 */
	public function getApiDecryptDemo(){
		
		return "Your app view";
	
	}
	
	/**
	 * Represents a POST request to /demos/api-decrypt-demo
	 * This method capture the values sended in a form,
	 * make the call to the API and return the result to the
	 * "getApiDecryptResult($response)" method.
	 */
	public function postApiDecryptDemo(){
	
		$demo = new ApiDecryptDemo();
	
		$client_id =     $_POST['client_id'];
		$client_secret = $_POST['client_secret'];
		$postFile =      $_FILES['document'];
		$file = $postFile->move_uploaded_file($postFile['name'], sys_get_temp_dir()); // It is important to use the original filename and extension in the call
	
		/*
		 * This is an example. You have to get your stored token from session,
		 * database or by calling your own oauth authentication service.
		 * Please check http://developers.prot-on.com/php-examples/oauth
		 * if you want to know how to implement an OAuth authentication system
		 */
		$access_token = $_SESSION['access_token'];
	
		$algorithm = 'AES256';
	
		try{
			if($access_token!=NULL){
				$response = $demo->decryptDocument($access_token, $file, $algorithm, true);
			} else {
				throw new \Exception('Invalid authentication');
			}
		} catch (\Exception $e){
			$response['error'] = 400;
			$response['error_description'] = $e->getMessage();
		}
		
		return self::getApiDecryptResult($response);
	
	}
	
	/**
	 * Represents a GET request to /demos/api-decrypt-result
	 * Receives the result of the call and show the view.
	 */
	public function getApiDecryptResult($response){
		
		return "Your app result view";
	
	}
	
}
?>