├── .gitignore
├── LICENSE
├── README.md
├── composer.json
├── example
    ├── README.md
    ├── bootstrap.php
    ├── cli-config.php
    ├── composer.json
    ├── entities
    │   ├── CreditCardDetails.php
    │   └── Entity.php
    ├── genkey.php
    ├── insert.php
    ├── read.php
    └── update.php
├── phpunit.xml.dist
├── src
    ├── Container
    │   ├── KeyContainer.php
    │   ├── NotFoundException.php
    │   ├── VersionedContainer.php
    │   └── VersionedInterface.php
    ├── Dbal
    │   ├── EncryptedColumn.php
    │   └── EncryptedColumnLegacySupport.php
    ├── Encryptor
    │   ├── EncryptorInterface.php
    │   ├── HaliteEncryptor.php
    │   └── LegacyEncryptor.php
    ├── Exception
    │   └── PopArtPenguinException.php
    ├── Serializer
    │   ├── LegacySerializer.php
    │   ├── PhpSerializer.php
    │   └── SerializerInterface.php
    ├── Service
    │   └── EncryptionService.php
    ├── Setup.php
    └── ValueObject
    │   ├── EncryptedColumn.php
    │   ├── EncryptorIdentity.php
    │   ├── IdentityInterface.php
    │   ├── Key.php
    │   ├── KeyIdentity.php
    │   ├── SerializerIdentity.php
    │   └── ValueHolder.php
└── test
    ├── Functional
        ├── Fixtures
        │   ├── CreditCardDetails.php
        │   ├── Entity.php
        │   ├── enc-alt.key
        │   └── enc.key
        └── ReadWriteTest.php
    └── Migration
        ├── FiftyOneSystemsTest.php
        └── Fixtures
            ├── 51systems
                ├── Entity.php
                └── db.sqlite
            └── Migrated
                ├── Entity.php
                └── enc.key


/.gitignore:
--------------------------------------------------------------------------------
1 | vendor
2 | .idea
3 | composer.lock
4 | composer.phar
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | #Doctrine Encryted Column
 2 | [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/carnage/doctrine-encrypted-column/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/carnage/doctrine-encrypted-column/?branch=master) [![Code Coverage](https://scrutinizer-ci.com/g/carnage/doctrine-encrypted-column/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/carnage/doctrine-encrypted-column/?branch=master)
 3 | 
 4 | # Motivation
 5 | 
 6 | Currently there are about a dozen encrypted column extensions for doctrine. None of them are very well implemented and are
 7 | thus insecure (eg using Pop-art mode (ECB) or auto decrypting data on load) most also are tied to a framework making them
 8 | useless unless you use that framework.
 9 | 
10 | This lib intends to resolve these two issues and provide an obvious choice library for anyone needing to encrypt data they
11 | are storing through doctrine ORM.
12 | 
13 | Every endeavour will be taken to ensure that future versions of this library will be able to read data encrypted with
14 | older versions and re-encrypt to take advantage of any security fixes or improvements. In the event that this isn't
15 | possible automatically, guidance will be provided to allow you to migrate your data manually, to ensure that this process
16 | is as smooth as possible, we suggest making a note of the versions of lib sodium, halite and this library that you initially
17 | install.
18 | 
19 | # Features
20 | 
21 | - Encrypted column type for doctrine
22 | - Functionally similar to object column type
23 | - Transparent to end user
24 | - Uses proxies to avoid decrypting data that isn't needed
25 | - Best in class cryptography (LibSodium)
26 | 
27 | # Pull requests
28 | 
29 | I will accept pull requests for the following:
30 | 
31 | - New serialisation support (JMS is desirable here)
32 | - Support for doctrine ODM
33 | - Support for different crypto backends which use a good implementation (eg Zend crypt, defuse, easyrsa)
34 | - bug fixes
35 | 
36 | I will not accept:
37 | 
38 | - Integration into << your favorite framework >> create a lib for that which uses this and PR a link for the readme
39 | - Support for poor crypto implementations (eg anything using mcrypt)
40 | 
41 | 
42 | # Security issues
43 | 
44 | You can use my keys from keybase https://keybase.io/carnage to contact me regarding any security issues.


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "carnage/doctrine-encrypted-column",
 3 |   "description": "Provides a secure way of transparently encrypting data in doctrine ORM",
 4 |   "minimum-stability": "stable",
 5 |   "license": "MIT",
 6 |   "authors": [
 7 |     {
 8 |       "name": "Chris Riley"
 9 |     }
10 |   ],
11 |   "require": {
12 |     "php": "^7.0",
13 |     "doctrine/orm": "^2.5",
14 |     "ocramius/proxy-manager": "^1.0.2",
15 |     "paragonie/halite": "^2.0",
16 |     "psr/container": "^1.0",
17 |     "phpseclib/phpseclib": "~2.0"
18 |   },
19 |   "require-dev": {
20 |     "phpunit/phpunit":"^5"
21 |   },
22 |   "autoload": {
23 |     "psr-4": {
24 |       "Carnage\\EncryptedColumn\\": "src/"
25 |     }
26 |   },
27 |   "autoload-dev": {
28 |     "psr-4": {
29 |       "Carnage\\EncryptedColumn\\Tests\\": "test/"
30 |     }
31 |   }
32 | }
33 | 


--------------------------------------------------------------------------------
/example/README.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | composer install
 3 | 
 4 | vendor/bin/doctrine orm:schema-tool:create
 5 | 
 6 | php genkey.php
 7 | php insert.php
 8 | php read.php
 9 | php update.php
10 | php read.php
11 | 
12 | ```


--------------------------------------------------------------------------------
/example/bootstrap.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | // bootstrap.php
 3 | use Doctrine\ORM\Tools\Setup;
 4 | use Doctrine\ORM\EntityManager;
 5 | 
 6 | require_once "vendor/autoload.php";
 7 | 
 8 | // Create a simple "default" Doctrine ORM configuration for Annotations
 9 | $isDevMode = true;
10 | $config = Setup::createAnnotationMetadataConfiguration(array(__DIR__ . "/entities"), $isDevMode, null, null, false);
11 | 
12 | // database configuration parameters
13 | $conn = array(
14 |     'driver' => 'pdo_sqlite',
15 |     'path' => __DIR__ . '/db.sqlite',
16 | );
17 | 
18 | // obtaining the entity manager
19 | $entityManager = EntityManager::create($conn, $config);
20 | 
21 | (new \Carnage\EncryptedColumn\Setup())
22 |     ->withKeyPath('./enc.key')
23 |     ->register($entityManager);


--------------------------------------------------------------------------------
/example/cli-config.php:
--------------------------------------------------------------------------------
1 | <?php
2 | // cli-config.php
3 | require_once "./bootstrap.php";
4 | 
5 | return \Doctrine\ORM\Tools\Console\ConsoleRunner::createHelperSet($entityManager);


--------------------------------------------------------------------------------
/example/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "vendor_name/package_name",
 3 |   "description": "description_text",
 4 |   "minimum-stability": "stable",
 5 |   "license": "proprietary",
 6 |   "authors": [
 7 |     {
 8 |       "name": "author's name",
 9 |       "email": "email@example.com"
10 |     }
11 |   ],
12 |   "require": {
13 |     "carnage/doctrine-encrypted-column": "dev-master"
14 |   }
15 | }
16 | 


--------------------------------------------------------------------------------
/example/entities/CreditCardDetails.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\DceTest;
 4 | 
 5 | class CreditCardDetails
 6 | {
 7 |     private $number;
 8 |     private $expiry;
 9 | 
10 |     /**
11 |      * CreditCardDetails constructor.
12 |      * @param $number
13 |      * @param $expiry
14 |      */
15 |     public function __construct($number, $expiry)
16 |     {
17 |         $this->number = $number;
18 |         $this->expiry = $expiry;
19 |     }
20 | 
21 |     /**
22 |      * @return mixed
23 |      */
24 |     public function getNumber()
25 |     {
26 |         return $this->number;
27 |     }
28 | 
29 |     /**
30 |      * @return mixed
31 |      */
32 |     public function getExpiry()
33 |     {
34 |         return $this->expiry;
35 |     }
36 | }


--------------------------------------------------------------------------------
/example/entities/Entity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\DceTest;
 4 | 
 5 | use Doctrine\ORM\Mapping as ORM;
 6 | 
 7 | /**
 8 |  * @package Carnage\EncryptedColumn\TestFixtures
 9 |  * @ORM\Entity
10 |  * @ORM\Table(name="entities")
11 |  */
12 | class Entity 
13 | {
14 |     /**
15 |      * @var integer
16 |      * @ORM\Id @ORM\GeneratedValue @ORM\Column(type="integer")
17 |      */
18 |     protected $id;
19 | 
20 |     /**
21 |      * @var CreditCardDetails
22 |      * @ORM\Column(type="encrypted")
23 |      */
24 |     protected $creditCardDetails;
25 | 
26 |     /**
27 |      * @return int
28 |      */
29 |     public function getId()
30 |     {
31 |         return $this->id;
32 |     }
33 | 
34 |     /**
35 |      * @param int $id
36 |      */
37 |     public function setId($id)
38 |     {
39 |         $this->id = $id;
40 |     }
41 | 
42 |     /**
43 |      * @return CreditCardDetails
44 |      */
45 |     public function getCreditCardDetails()
46 |     {
47 |         return $this->creditCardDetails;
48 |     }
49 | 
50 |     /**
51 |      * @param CreditCardDetails $creditCardDetails
52 |      */
53 |     public function setCreditCardDetails($creditCardDetails)
54 |     {
55 |         $this->creditCardDetails = $creditCardDetails;
56 |     }
57 | }


--------------------------------------------------------------------------------
/example/genkey.php:
--------------------------------------------------------------------------------
1 | <?php
2 | require "vendor/autoload.php";
3 | 
4 | use ParagonIE\Halite\KeyFactory;
5 | 
6 | $encKey = KeyFactory::generateEncryptionKey();
7 | KeyFactory::save($encKey, './enc.key');


--------------------------------------------------------------------------------
/example/insert.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require "./entities/Entity.php";
 3 | require "./entities/CreditCardDetails.php";
 4 | require "./bootstrap.php";
 5 | 
 6 | $entity = new \Carnage\DceTest\Entity();
 7 | $entity->setCreditCardDetails(new \Carnage\DceTest\CreditCardDetails('1234567812345678', '04/19'));
 8 | 
 9 | $entityManager->persist($entity);
10 | $entityManager->flush();


--------------------------------------------------------------------------------
/example/read.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | require "./entities/Entity.php";
 3 | require "./entities/CreditCardDetails.php";
 4 | require "./bootstrap.php";
 5 | 
 6 | $entity = $entityManager->find(\Carnage\DceTest\Entity::class, 1);
 7 | 
 8 | //var_dump($entity);
 9 | 
10 | echo $entity->getCreditCardDetails()->getNumber();
11 | 


--------------------------------------------------------------------------------
/example/update.php:
--------------------------------------------------------------------------------
1 | <?php
2 | require "./entities/Entity.php";
3 | require "./entities/CreditCardDetails.php";
4 | require "./bootstrap.php";
5 | 
6 | $entity = $entityManager->find(\Carnage\DceTest\Entity::class, 1);
7 | $entity->setCreditCardDetails(new \Carnage\DceTest\CreditCardDetails('000012340001234', '04/19'));
8 | 
9 | $entityManager->flush();


--------------------------------------------------------------------------------
/phpunit.xml.dist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | 
 3 | <phpunit colors="true" bootstrap="vendor/autoload.php">
 4 |     <testsuites>
 5 |         <testsuite name="Functional tests">
 6 |             <directory>./test/Functional</directory>
 7 |         </testsuite>
 8 |         <testsuite name="Migration tests">
 9 |             <directory>./test/Migration</directory>
10 |         </testsuite>
11 |     </testsuites>
12 |     <filter>
13 |         <whitelist processUncoveredFilesFromWhitelist="true">
14 |             <directory suffix=".php">./src</directory>
15 |         </whitelist>
16 |     </filter>
17 | </phpunit>
18 | 


--------------------------------------------------------------------------------
/src/Container/KeyContainer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Container;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\Key;
 6 | use Psr\Container\ContainerInterface;
 7 | 
 8 | final class KeyContainer implements ContainerInterface
 9 | {
10 |     /**
11 |      * @var array
12 |      */
13 |     private $keys = [];
14 | 
15 |     public function addKey(Key $key)
16 |     {
17 |         $this->keys[$key->getIdentifier()->toString()] = $key;
18 |     }
19 | 
20 |     public function tagKey($tag, $id)
21 |     {
22 |         $this->keys[$tag] = $this->keys[$id];
23 |     }
24 | 
25 |     public function get($id)
26 |     {
27 |         if (!$this->has($id)) {
28 |             throw NotFoundException::serviceNotFoundInContainer($id, $this->keys);
29 |         }
30 | 
31 |         return $this->keys[$id];
32 |     }
33 | 
34 |     public function has($id): bool
35 |     {
36 |         return isset($this->keys[$id]);
37 |     }
38 | }
39 | 


--------------------------------------------------------------------------------
/src/Container/NotFoundException.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Container;
 4 | 
 5 | use Psr\Container\NotFoundExceptionInterface;
 6 | 
 7 | class NotFoundException extends \RuntimeException implements NotFoundExceptionInterface
 8 | {
 9 |     public static function serviceNotFoundInContainer($id, $services)
10 |     {
11 |         return new static(sprintf(
12 |             'Unable to find service %s, services available %s',
13 |             $id,
14 |             json_encode(array_keys($services), true)
15 |         ));
16 |     }
17 | }


--------------------------------------------------------------------------------
/src/Container/VersionedContainer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Container;
 4 | 
 5 | use Psr\Container\ContainerInterface;
 6 | 
 7 | final class VersionedContainer implements ContainerInterface
 8 | {
 9 |     /**
10 |      * @var VersionedInterface[]
11 |      */
12 |     private $services;
13 | 
14 |     public function __construct(VersionedInterface ...$services)
15 |     {
16 |         foreach ($services as $service) {
17 |             $this->services[$service->getIdentifier()->toString()] = $service;
18 |         }
19 |     }
20 | 
21 |     public function get($id): VersionedInterface
22 |     {
23 |         if (!$this->has($id)) {
24 |             throw NotFoundException::serviceNotFoundInContainer($id, $this->services);
25 |         }
26 | 
27 |         return $this->services[$id];
28 |     }
29 | 
30 |     public function has($id): bool
31 |     {
32 |         return isset($this->services[$id]);
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/src/Container/VersionedInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Container;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\IdentityInterface;
 6 | 
 7 | interface VersionedInterface
 8 | {
 9 |     public function getIdentifier(): IdentityInterface;
10 | }


--------------------------------------------------------------------------------
/src/Dbal/EncryptedColumn.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | namespace Carnage\EncryptedColumn\Dbal;
 3 | 
 4 | use Carnage\EncryptedColumn\Service\EncryptionService;
 5 | use Doctrine\DBAL\Platforms\AbstractPlatform;
 6 | use Doctrine\DBAL\Types\ConversionException;
 7 | use Doctrine\DBAL\Types\Type;
 8 | use Carnage\EncryptedColumn\ValueObject\EncryptedColumn as EncryptedColumnVO;
 9 | 
10 | /**
11 |  * Object type for storing an encrypted column object as json in the db
12 |  *
13 |  * Class EncryptedColumn
14 |  */
15 | class EncryptedColumn extends Type
16 | {
17 |     const ENCRYPTED = 'encrypted';
18 | 
19 |     /**
20 |      * @var EncryptionService
21 |      */
22 |     private $encryptionService;
23 | 
24 |     public static function create(EncryptionService $encryptionService)
25 |     {
26 |         Type::addType(EncryptedColumn::ENCRYPTED, EncryptedColumn::class);
27 |         /** @var EncryptedColumn $instance */
28 |         $instance = Type::getType(EncryptedColumn::ENCRYPTED);
29 |         $instance->encryptionService = $encryptionService;
30 |     }
31 | 
32 |     public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform)
33 |     {
34 |         return $platform->getClobTypeDeclarationSQL($fieldDeclaration);
35 |     }
36 | 
37 |     public function requiresSQLCommentHint(AbstractPlatform $platform)
38 |     {
39 |         return true;
40 |     }
41 | 
42 |     public function getName()
43 |     {
44 |         return self::ENCRYPTED;
45 |     }
46 | 
47 |     public function convertToPHPValue($value, AbstractPlatform $platform)
48 |     {
49 |         if ($value === null) {
50 |             return null;
51 |         }
52 | 
53 |         $decoded = $this->decodeJson($value);
54 | 
55 |         return $this->encryptionService->decryptField(EncryptedColumnVO::fromArray($decoded));
56 |     }
57 | 
58 |     public function convertToDatabaseValue($value, AbstractPlatform $platform)
59 |     {
60 |         if ($value === null) {
61 |             return null;
62 |         }
63 | 
64 |         return json_encode($this->encryptionService->encryptField($value));
65 |     }
66 | 
67 |     /**
68 |      * Based on: https://github.com/schmittjoh/serializer/blob/master/src/JMS/Serializer/JsonDeserializationVisitor.php
69 |      *
70 |      * @param $value
71 |      * @return mixed
72 |      * @throws ConversionException
73 |      */
74 |     private function decodeJson($value)
75 |     {
76 |         $decoded = json_decode($value, true);
77 | 
78 |         switch (json_last_error()) {
79 |             case JSON_ERROR_NONE:
80 |                 if (!is_array($decoded)) {
81 |                     throw ConversionException::conversionFailed($value, 'Json was not an array');
82 |                 }
83 |                 return $decoded;
84 |             case JSON_ERROR_DEPTH:
85 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, maximum stack depth exceeded.');
86 |             case JSON_ERROR_STATE_MISMATCH:
87 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, underflow or the nodes mismatch.');
88 |             case JSON_ERROR_CTRL_CHAR:
89 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, unexpected control character found.');
90 |             case JSON_ERROR_SYNTAX:
91 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, syntax error - malformed JSON.');
92 |             case JSON_ERROR_UTF8:
93 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, malformed UTF-8 characters (incorrectly encoded?)');
94 |             default:
95 |                 throw ConversionException::conversionFailed($value, 'Could not decode Json');
96 |         }
97 |     }
98 | }
99 | 


--------------------------------------------------------------------------------
/src/Dbal/EncryptedColumnLegacySupport.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | namespace Carnage\EncryptedColumn\Dbal;
  3 | 
  4 | use Carnage\EncryptedColumn\Service\EncryptionService;
  5 | use Carnage\EncryptedColumn\ValueObject\ValueHolder;
  6 | use Doctrine\DBAL\Platforms\AbstractPlatform;
  7 | use Doctrine\DBAL\Types\ConversionException;
  8 | use Doctrine\DBAL\Types\Type;
  9 | use Carnage\EncryptedColumn\ValueObject\EncryptedColumn as EncryptedColumnVO;
 10 | 
 11 | /**
 12 |  * Object type for reading from legacy encrypted column extensions and converting to a better format
 13 |  *
 14 |  * This type is a drop in replacement for the EncryptedColumn class but drops some strictness to allow for
 15 |  * reading data that is not in an expected format. You should only use this if you have existing data in
 16 |  * your database you wish to convert
 17 |  *
 18 |  * Class EncryptedColumn
 19 |  */
 20 | class EncryptedColumnLegacySupport extends Type
 21 | {
 22 |     const ENCRYPTED = 'encrypted';
 23 | 
 24 |     /**
 25 |      * @var EncryptionService
 26 |      */
 27 |     private $encryptionService;
 28 | 
 29 |     public static function create(EncryptionService $encryptionService)
 30 |     {
 31 |         Type::addType(EncryptedColumnLegacySupport::ENCRYPTED, EncryptedColumnLegacySupport::class);
 32 |         /** @var EncryptedColumnLegacySupport $instance */
 33 |         $instance = Type::getType(EncryptedColumnLegacySupport::ENCRYPTED);
 34 |         $instance->encryptionService = $encryptionService;
 35 |     }
 36 | 
 37 |     public function getSQLDeclaration(array $fieldDeclaration, AbstractPlatform $platform)
 38 |     {
 39 |         return $platform->getClobTypeDeclarationSQL($fieldDeclaration);
 40 |     }
 41 | 
 42 |     public function requiresSQLCommentHint(AbstractPlatform $platform)
 43 |     {
 44 |         return true;
 45 |     }
 46 | 
 47 |     public function getName()
 48 |     {
 49 |         return self::ENCRYPTED;
 50 |     }
 51 | 
 52 |     public function convertToPHPValue($value, AbstractPlatform $platform)
 53 |     {
 54 |         if ($value === null) {
 55 |             return null;
 56 |         }
 57 | 
 58 |         try {
 59 |             $decoded = $this->decodeJson($value);
 60 |         } catch (ConversionException $e) {
 61 |             //The data wasn't in the format we expected, assume it is legacy data which needs converting
 62 |             //Drop in some defaults to allow the library to handle it.
 63 |             $decoded = [
 64 |                 'data' => $value,
 65 |                 'classname' => ValueHolder::class,
 66 |                 'serializer' => 'legacy',
 67 |                 'encryptor' => 'legacy',
 68 |                 'keyid' => 'legacy',
 69 |             ];
 70 |         }
 71 | 
 72 |         return $this->encryptionService->decryptField(EncryptedColumnVO::fromArray($decoded));
 73 |     }
 74 | 
 75 |     public function convertToDatabaseValue($value, AbstractPlatform $platform)
 76 |     {
 77 |         if ($value === null) {
 78 |             return null;
 79 |         }
 80 | 
 81 |         return json_encode($this->encryptionService->encryptField($value));
 82 |     }
 83 | 
 84 |     /**
 85 |      * Based on: https://github.com/schmittjoh/serializer/blob/master/src/JMS/Serializer/JsonDeserializationVisitor.php
 86 |      *
 87 |      * @param $value
 88 |      * @return mixed
 89 |      * @throws ConversionException
 90 |      */
 91 |     private function decodeJson($value)
 92 |     {
 93 |         $decoded = json_decode($value, true);
 94 | 
 95 |         switch (json_last_error()) {
 96 |             case JSON_ERROR_NONE:
 97 |                 if (!is_array($decoded)) {
 98 |                     throw ConversionException::conversionFailed($value, 'Json was not an array');
 99 |                 }
100 |                 return $decoded;
101 |             case JSON_ERROR_DEPTH:
102 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, maximum stack depth exceeded.');
103 |             case JSON_ERROR_STATE_MISMATCH:
104 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, underflow or the nodes mismatch.');
105 |             case JSON_ERROR_CTRL_CHAR:
106 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, unexpected control character found.');
107 |             case JSON_ERROR_SYNTAX:
108 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, syntax error - malformed JSON.');
109 |             case JSON_ERROR_UTF8:
110 |                 throw ConversionException::conversionFailed($value, 'Could not decode JSON, malformed UTF-8 characters (incorrectly encoded?)');
111 |             default:
112 |                 throw ConversionException::conversionFailed($value, 'Could not decode Json');
113 |         }
114 |     }
115 | }
116 | 


--------------------------------------------------------------------------------
/src/Encryptor/EncryptorInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Encryptor;
 4 | 
 5 | use Carnage\EncryptedColumn\Container\VersionedInterface;
 6 | use Carnage\EncryptedColumn\ValueObject\Key;
 7 | 
 8 | interface EncryptorInterface extends VersionedInterface
 9 | {
10 |     public function encrypt($data, Key $key);
11 | 
12 |     public function decrypt($data, Key $key);
13 | }


--------------------------------------------------------------------------------
/src/Encryptor/HaliteEncryptor.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Encryptor;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\EncryptorIdentity;
 6 | use Carnage\EncryptedColumn\ValueObject\IdentityInterface;
 7 | use Carnage\EncryptedColumn\ValueObject\Key;
 8 | use ParagonIE\Halite\KeyFactory;
 9 | use ParagonIE\Halite\Symmetric;
10 | 
11 | class HaliteEncryptor implements EncryptorInterface
12 | {
13 |     const IDENTITY = 'halite';
14 | 
15 |     public function encrypt($data, Key $key)
16 |     {
17 |         return Symmetric\Crypto::encrypt($data, $this->loadKey($key));
18 |     }
19 | 
20 |     public function decrypt($data, Key $key)
21 |     {
22 |         return Symmetric\Crypto::decrypt($data, $this->loadKey($key));
23 |     }
24 | 
25 |     public function getIdentifier(): IdentityInterface
26 |     {
27 |         return new EncryptorIdentity(self::IDENTITY);
28 |     }
29 | 
30 |     /**
31 |      * @return Symmetric\EncryptionKey
32 |      * @throws \ParagonIE\Halite\Alerts\CannotPerformOperation
33 |      */
34 |     private function loadKey(Key $key)
35 |     {
36 |         return KeyFactory::loadEncryptionKey($key->getKeyInfo());
37 |     }
38 | }


--------------------------------------------------------------------------------
/src/Encryptor/LegacyEncryptor.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Encryptor;
 4 | 
 5 | use Carnage\EncryptedColumn\Exception\PopArtPenguinException;
 6 | use Carnage\EncryptedColumn\ValueObject\EncryptorIdentity;
 7 | use Carnage\EncryptedColumn\ValueObject\IdentityInterface;
 8 | use Carnage\EncryptedColumn\ValueObject\Key;
 9 | use phpseclib\Crypt\Base;
10 | use phpseclib\Crypt\Rijndael;
11 | 
12 | class LegacyEncryptor implements EncryptorInterface
13 | {
14 |     const IDENTITY = 'legacy';
15 | 
16 |     public function encrypt($data, Key $key)
17 |     {
18 |         throw new PopArtPenguinException();
19 |     }
20 | 
21 |     public function decrypt($data, Key $key)
22 |     {
23 |         $cipher = new Rijndael(Base::MODE_ECB);
24 |         $cipher->setBlockLength(256);
25 |         $cipher->setKey($key->getKeyInfo());
26 |         $cipher->padding = false;
27 | 
28 |         return trim($cipher->decrypt(base64_decode($data)));
29 |     }
30 | 
31 |     public function getIdentifier(): IdentityInterface
32 |     {
33 |         return new EncryptorIdentity(self::IDENTITY);
34 |     }
35 | }


--------------------------------------------------------------------------------
/src/Exception/PopArtPenguinException.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Exception;
 4 | 
 5 | class PopArtPenguinException extends \BadMethodCallException
 6 | {
 7 |     public function __construct()
 8 |     {
 9 |         parent::__construct(
10 |             'The encryption class you attempted to use is not considered secure and is only suitable for creating pop art penguins https://blog.filippo.io/the-ecb-penguin/'
11 |         );
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/src/Serializer/LegacySerializer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Serializer;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\IdentityInterface;
 6 | use Carnage\EncryptedColumn\ValueObject\SerializerIdentity;
 7 | use Carnage\EncryptedColumn\ValueObject\ValueHolder;
 8 | 
 9 | class LegacySerializer implements SerializerInterface
10 | {
11 |     const IDENTITY = 'legacy';
12 | 
13 |     public function serialize($data)
14 |     {
15 |         throw new \Exception('This class is for read only access to legacy data');
16 |     }
17 | 
18 |     public function unserialize($data)
19 |     {
20 |         return new ValueHolder($data);
21 |     }
22 | 
23 |     public function getIdentifier(): IdentityInterface
24 |     {
25 |         return new SerializerIdentity(self::IDENTITY);
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/src/Serializer/PhpSerializer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Serializer;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\IdentityInterface;
 6 | use Carnage\EncryptedColumn\ValueObject\SerializerIdentity;
 7 | 
 8 | class PhpSerializer implements SerializerInterface
 9 | {
10 |     const IDENTITY = 'php';
11 | 
12 |     public function serialize($data)
13 |     {
14 |         return serialize($data);
15 |     }
16 | 
17 |     public function unserialize($data)
18 |     {
19 |         return unserialize($data);
20 |     }
21 | 
22 |     public function getIdentifier(): IdentityInterface
23 |     {
24 |         return new SerializerIdentity(self::IDENTITY);
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------
/src/Serializer/SerializerInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Serializer;
 4 | 
 5 | use Carnage\EncryptedColumn\Container\VersionedInterface;
 6 | 
 7 | interface SerializerInterface extends VersionedInterface
 8 | {
 9 |     public function serialize($data);
10 | 
11 |     public function unserialize($data);
12 | }


--------------------------------------------------------------------------------
/src/Service/EncryptionService.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Carnage\EncryptedColumn\Service;
  4 | 
  5 | use Carnage\EncryptedColumn\Encryptor\EncryptorInterface;
  6 | use Carnage\EncryptedColumn\Serializer\SerializerInterface;
  7 | use Carnage\EncryptedColumn\ValueObject\EncryptedColumn as EncryptedColumnVO;
  8 | use ProxyManager\Factory\LazyLoadingValueHolderFactory;
  9 | use ProxyManager\Proxy\LazyLoadingInterface;
 10 | use ProxyManager\Proxy\VirtualProxyInterface;
 11 | use Psr\Container\ContainerInterface;
 12 | 
 13 | class EncryptionService
 14 | {
 15 |     /**
 16 |      * @var EncryptorInterface
 17 |      */
 18 |     private $encryptor;
 19 |     
 20 |     /**
 21 |      * @var SerializerInterface
 22 |      */
 23 |     private $serializer;
 24 | 
 25 |     /**
 26 |      * @var EncryptedColumnVO[]
 27 |      */
 28 |     private $originalValues = [];
 29 | 
 30 |     /**
 31 |      * @var ContainerInterface
 32 |      */
 33 |     private $encryptors;
 34 | 
 35 |     /**
 36 |      * @var ContainerInterface
 37 |      */
 38 |     private $serializers;
 39 | 
 40 |     /**
 41 |      * @var ContainerInterface
 42 |      */
 43 |     private $keys;
 44 | 
 45 |     public function __construct(
 46 |         EncryptorInterface $encryptor,
 47 |         SerializerInterface $serializer,
 48 |         ContainerInterface $encryptors,
 49 |         ContainerInterface $serializers,
 50 |         ContainerInterface $keys
 51 |     ) {
 52 |         $this->encryptor = $encryptor;
 53 |         $this->serializer = $serializer;
 54 |         $this->encryptors = $encryptors;
 55 |         $this->serializers = $serializers;
 56 |         $this->keys = $keys;
 57 |     }
 58 | 
 59 |     public function decryptField(EncryptedColumnVO $value)
 60 |     {
 61 |         $initializer = $this->createInitializer($value);
 62 |         $factory = new LazyLoadingValueHolderFactory();
 63 |         $proxy = $factory->createProxy($value->getClassname(), $initializer);
 64 | 
 65 |         $this->originalValues[spl_object_hash($proxy)] = $value;
 66 | 
 67 |         return $proxy;
 68 |     }
 69 | 
 70 |     public function encryptField($value): EncryptedColumnVO
 71 |     {
 72 |         if ($value instanceof LazyLoadingInterface) {
 73 |             /** @var VirtualProxyInterface $value */
 74 |             // If the value hasn't been decrypted; it hasn't been changed. Don't bother reencrypting unless it
 75 |             // was encrypted using a different configuration
 76 |             if (!$value->isProxyInitialized()) {
 77 |                 $original = $this->originalValues[spl_object_hash($value)];
 78 |                 if (
 79 |                     !$original->needsReencryption($this->encryptor->getIdentifier(), $this->serializer->getIdentifier())
 80 |                 ) {
 81 |                         return $original;
 82 |                 }
 83 |             }
 84 | 
 85 |             //we don't want to encrypt a proxy.
 86 |             $value = $value->getWrappedValueHolderValue();
 87 |         }
 88 | 
 89 |         if (!is_object($value)) {
 90 |             throw new \Exception('This column type only supports encrypting objects');
 91 |         }
 92 | 
 93 |         $key = $this->keys->get('default');
 94 |         $data = $this->encryptor->encrypt($this->serializer->serialize($value), $key);
 95 | 
 96 |         return new EncryptedColumnVO(
 97 |             get_class($value),
 98 |             $data,
 99 |             $this->encryptor->getIdentifier(),
100 |             $this->serializer->getIdentifier(),
101 |             $key->getIdentifier()
102 |         );
103 |     }
104 | 
105 |     /**
106 |      * @param EncryptedColumnVO $value
107 |      * @return \Closure
108 |      */
109 |     private function createInitializer(EncryptedColumnVO $value): \Closure
110 |     {
111 |         $serializer = $this->serializers->get($value->getSerializerIdentifier()->toString());
112 |         $encryptor = $this->encryptors->get($value->getEncryptorIdentifier()->toString());
113 |         $key = $this->keys->get($value->getKeyIdentifier()->toString());
114 | 
115 |         return function(& $wrappedObject, LazyLoadingInterface $proxy, $method, array $parameters, & $initializer) use ($serializer, $encryptor, $key, $value) {
116 |             $initializer = null;
117 |             $wrappedObject = $serializer->unserialize($encryptor->decrypt($value->getData(), $key));
118 | 
119 |             return true;
120 |         };
121 |     }
122 | }
123 | 


--------------------------------------------------------------------------------
/src/Setup.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Carnage\EncryptedColumn;
  4 | 
  5 | use Carnage\EncryptedColumn\Container\KeyContainer;
  6 | use Carnage\EncryptedColumn\Container\VersionedContainer;
  7 | use Carnage\EncryptedColumn\Dbal\EncryptedColumn;
  8 | use Carnage\EncryptedColumn\Dbal\EncryptedColumnLegacySupport;
  9 | use Carnage\EncryptedColumn\Encryptor\HaliteEncryptor;
 10 | use Carnage\EncryptedColumn\Encryptor\LegacyEncryptor;
 11 | use Carnage\EncryptedColumn\Serializer\LegacySerializer;
 12 | use Carnage\EncryptedColumn\Serializer\PhpSerializer;
 13 | use Carnage\EncryptedColumn\Service\EncryptionService;
 14 | use Carnage\EncryptedColumn\ValueObject\Key;
 15 | use Carnage\EncryptedColumn\ValueObject\KeyIdentity;
 16 | use Doctrine\ORM\EntityManagerInterface;
 17 | 
 18 | final class Setup
 19 | {
 20 |     private $keyPath;
 21 |     private $enableLegacy = false;
 22 |     private $legacyKey;
 23 |     private $keyContainer;
 24 | 
 25 |     public function __construct()
 26 |     {
 27 |         $this->keyContainer = new KeyContainer();
 28 |     }
 29 | 
 30 |     public function register(EntityManagerInterface $em)
 31 |     {
 32 |         if ($this->enableLegacy) {
 33 |             $this->doRegisterLegacy($em);
 34 |         } else {
 35 |             $this->doRegister($em);
 36 |         }
 37 |     }
 38 | 
 39 |     public function enableLegacy(string $legacyKey)
 40 |     {
 41 |         $this->enableLegacy = true;
 42 |         $this->legacyKey = $legacyKey;
 43 | 
 44 |         $key = new Key($legacyKey);
 45 |         $this->keyContainer->addKey($key);
 46 |         $this->keyContainer->tagKey('legacy', $key->getIdentifier()->toString());
 47 | 
 48 |         return $this;
 49 |     }
 50 | 
 51 |     public function withKeyPath(string $keypath)
 52 |     {
 53 |         $this->keyPath = $keypath;
 54 | 
 55 |         $key = new Key($keypath);
 56 |         $this->keyContainer->addKey($key);
 57 |         $this->keyContainer->tagKey('default', $key->getIdentifier()->toString());
 58 | 
 59 |         return $this;
 60 |     }
 61 | 
 62 |     public function withKey(string $key, array $tags = [])
 63 |     {
 64 |         $key = new Key($key);
 65 |         $keyId = $key->getIdentifier()->toString();
 66 |         $this->keyContainer->addKey($key);
 67 | 
 68 |         foreach ($tags as $tag) {
 69 |             $this->keyContainer->tagKey($tag, $keyId);
 70 |         }
 71 | 
 72 |         return $this;
 73 |     }
 74 | 
 75 |     private function buildEncryptionService(): EncryptionService
 76 |     {
 77 |         $encryptors = self::buildEncryptorsContainer();
 78 |         $serializers = self::buildSerilaizerContainer();
 79 |         return new EncryptionService(
 80 |             $encryptors->get(HaliteEncryptor::IDENTITY),
 81 |             $serializers->get(PhpSerializer::IDENTITY),
 82 |             $encryptors,
 83 |             $serializers,
 84 |             $this->keyContainer
 85 |         );
 86 |     }
 87 | 
 88 |     private function buildEncryptorsContainer(): VersionedContainer
 89 |     {
 90 |         $services = [new HaliteEncryptor($this->keyPath)];
 91 |         if ($this->enableLegacy) {
 92 |             $services[] = new LegacyEncryptor($this->legacyKey);
 93 |         }
 94 |         //@TODO add legacy encryptor, throw exceptions if required keys aren't specified
 95 |         return new VersionedContainer(...$services);
 96 |     }
 97 | 
 98 |     private function buildSerilaizerContainer(): VersionedContainer
 99 |     {
100 |         $services = [new PhpSerializer()];
101 |         if ($this->enableLegacy) {
102 |             $services[] = new LegacySerializer();
103 |         }
104 |         return new VersionedContainer(...$services);
105 |     }
106 | 
107 |     /**
108 |      * @param EntityManagerInterface $em
109 |      */
110 |     private function doRegister(EntityManagerInterface $em)
111 |     {
112 |         EncryptedColumn::create($this->buildEncryptionService());
113 |         $conn = $em->getConnection();
114 |         $conn->getDatabasePlatform()->registerDoctrineTypeMapping(
115 |             EncryptedColumn::ENCRYPTED,
116 |             EncryptedColumn::ENCRYPTED
117 |         );
118 |     }
119 | 
120 |     /**
121 |      * @param EntityManagerInterface $em
122 |      */
123 |     private function doRegisterLegacy(EntityManagerInterface $em)
124 |     {
125 |         EncryptedColumnLegacySupport::create($this->buildEncryptionService());
126 |         $conn = $em->getConnection();
127 |         $conn->getDatabasePlatform()->registerDoctrineTypeMapping(
128 |             EncryptedColumnLegacySupport::ENCRYPTED,
129 |             EncryptedColumnLegacySupport::ENCRYPTED
130 |         );
131 |     }
132 | }


--------------------------------------------------------------------------------
/src/ValueObject/EncryptedColumn.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Carnage\EncryptedColumn\ValueObject;
  4 | 
  5 | use Carnage\EncryptedColumn\Encryptor\HaliteEncryptor;
  6 | use Carnage\EncryptedColumn\Serializer\PhpSerializer;
  7 | 
  8 | class EncryptedColumn implements \JsonSerializable
  9 | {
 10 |     /**
 11 |      * @var string
 12 |      */
 13 |     private $classname;
 14 | 
 15 |     /**
 16 |      * @var string
 17 |      */
 18 |     private $data;
 19 | 
 20 |     /**
 21 |      * @var EncryptorIdentity
 22 |      */
 23 |     private $encryptor;
 24 | 
 25 |     /**
 26 |      * @var SerializerIdentity
 27 |      */
 28 |     private $serializer;
 29 | 
 30 |     /**
 31 |      * @var KeyIdentity
 32 |      */
 33 |     private $key;
 34 | 
 35 |     public function __construct(
 36 |         string $classname,
 37 |         string $data,
 38 |         EncryptorIdentity $encryptor,
 39 |         SerializerIdentity $serializer,
 40 |         KeyIdentity $key
 41 |     ) {
 42 |         $this->classname = $classname;
 43 |         $this->data = $data;
 44 |         $this->encryptor = $encryptor;
 45 |         $this->serializer = $serializer;
 46 |         $this->key = $key;
 47 |     }
 48 | 
 49 |     public static function fromArray(array $data)
 50 |     {
 51 |         return new self(
 52 |             $data['classname'],
 53 |             $data['data'],
 54 |             new EncryptorIdentity($data['encryptor']),
 55 |             new SerializerIdentity($data['serializer']),
 56 |             new KeyIdentity($data['keyid'])
 57 |         );
 58 |     }
 59 | 
 60 |     public function jsonSerialize(): array
 61 |     {
 62 |         return [
 63 |             'classname' => $this->classname,
 64 |             'data' => $this->data,
 65 |             'encryptor' => $this->encryptor->toString(),
 66 |             'serializer' => $this->serializer->toString(),
 67 |             'keyid' => $this->key->toString(),
 68 |         ];
 69 |     }
 70 | 
 71 |     /**
 72 |      * @return mixed
 73 |      */
 74 |     public function getClassname(): string
 75 |     {
 76 |         return $this->classname;
 77 |     }
 78 | 
 79 |     /**
 80 |      * @return mixed
 81 |      */
 82 |     public function getData(): string
 83 |     {
 84 |         return $this->data;
 85 |     }
 86 | 
 87 |     /**
 88 |      * @return EncryptorIdentity
 89 |      */
 90 |     public function getEncryptorIdentifier(): EncryptorIdentity
 91 |     {
 92 |         return $this->encryptor;
 93 |     }
 94 | 
 95 |     /**
 96 |      * @return SerializerIdentity
 97 |      */
 98 |     public function getSerializerIdentifier(): SerializerIdentity
 99 |     {
100 |         return $this->serializer;
101 |     }
102 | 
103 |     /**
104 |      * @return KeyIdentity
105 |      */
106 |     public function getKeyIdentifier(): KeyIdentity
107 |     {
108 |         return $this->key;
109 |     }
110 | 
111 |     public function needsReencryption(EncryptorIdentity $encryptor, SerializerIdentity $serializer): bool
112 |     {
113 |         return $encryptor->equals($this->encryptor) && $serializer->equals($this->serializer);
114 |     }
115 | }


--------------------------------------------------------------------------------
/src/ValueObject/EncryptorIdentity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | class EncryptorIdentity implements IdentityInterface
 6 | {
 7 |     /**
 8 |      * @var string
 9 |      */
10 |     private $identity;
11 | 
12 |     public function __construct(string $identity)
13 |     {
14 |         $this->identity = $identity;
15 |     }
16 | 
17 |     /**
18 |      * @return string
19 |      */
20 |     public function getIdentity(): string
21 |     {
22 |         return $this->identity;
23 |     }
24 | 
25 |     public function toString(): string
26 |     {
27 |         return $this->identity;
28 |     }
29 | 
30 |     public function equals(IdentityInterface $other): bool
31 |     {
32 |         return $other instanceof EncryptorIdentity && $this->identity === $other->identity;
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/src/ValueObject/IdentityInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | interface IdentityInterface
 6 | {
 7 |     public function getIdentity(): string;
 8 | 
 9 |     public function toString(): string;
10 | 
11 |     public function equals(IdentityInterface $other): bool;
12 | }


--------------------------------------------------------------------------------
/src/ValueObject/Key.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | use ParagonIE\Halite\Util;
 6 | 
 7 | final class Key
 8 | {
 9 |     /**
10 |      * @var KeyIdentity
11 |      */
12 |     private $identifier;
13 | 
14 |     /**
15 |      * @var string
16 |      */
17 |     private $keyInfo;
18 | 
19 |     public function __construct(string $keyInfo)
20 |     {
21 |         $this->identifier = new KeyIdentity(Util::safeSubstr(hash('sha256', $keyInfo), 0, 8));
22 |         $this->keyInfo = $keyInfo;
23 |     }
24 | 
25 |     public function getIdentifier(): KeyIdentity
26 |     {
27 |         return $this->identifier;
28 |     }
29 | 
30 |     public function getKeyInfo(): string
31 |     {
32 |         return $this->keyInfo;
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/src/ValueObject/KeyIdentity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | class KeyIdentity implements IdentityInterface
 6 | {
 7 |     /**
 8 |      * @var string
 9 |      */
10 |     private $identity;
11 | 
12 |     public function __construct(string $identity)
13 |     {
14 |         $this->identity = $identity;
15 |     }
16 | 
17 |     /**
18 |      * @return string
19 |      */
20 |     public function getIdentity(): string
21 |     {
22 |         return $this->identity;
23 |     }
24 | 
25 |     public function toString(): string
26 |     {
27 |         return $this->identity;
28 |     }
29 | 
30 |     public function equals(IdentityInterface $other): bool
31 |     {
32 |         return $other instanceof KeyIdentity && $this->identity === $other->identity;
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/src/ValueObject/SerializerIdentity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | class SerializerIdentity implements IdentityInterface
 6 | {
 7 |     /**
 8 |      * @var string
 9 |      */
10 |     private $identity;
11 | 
12 |     public function __construct(string $identity)
13 |     {
14 |         $this->identity = $identity;
15 |     }
16 | 
17 |     /**
18 |      * @return string
19 |      */
20 |     public function getIdentity(): string
21 |     {
22 |         return $this->identity;
23 |     }
24 | 
25 |     public function toString(): string
26 |     {
27 |         return $this->identity;
28 |     }
29 | 
30 |     public function equals(IdentityInterface $other): bool
31 |     {
32 |         return $other instanceof SerializerIdentity && $this->identity === $other->identity;
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/src/ValueObject/ValueHolder.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\ValueObject;
 4 | 
 5 | class ValueHolder
 6 | {
 7 |     private $value;
 8 | 
 9 |     public function __construct($value)
10 |     {
11 |         $this->value = $value;
12 |     }
13 | 
14 |     /**
15 |      * @return mixed
16 |      */
17 |     public function getValue()
18 |     {
19 |         return $this->value;
20 |     }
21 | }
22 | 


--------------------------------------------------------------------------------
/test/Functional/Fixtures/CreditCardDetails.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Tests\Functional\Fixtures;
 4 | 
 5 | class CreditCardDetails
 6 | {
 7 |     private $number;
 8 |     private $expiry;
 9 | 
10 |     /**
11 |      * CreditCardDetails constructor.
12 |      * @param $number
13 |      * @param $expiry
14 |      */
15 |     public function __construct($number, $expiry)
16 |     {
17 |         $this->number = $number;
18 |         $this->expiry = $expiry;
19 |     }
20 | 
21 |     /**
22 |      * @return mixed
23 |      */
24 |     public function getNumber()
25 |     {
26 |         return $this->number;
27 |     }
28 | 
29 |     /**
30 |      * @return mixed
31 |      */
32 |     public function getExpiry()
33 |     {
34 |         return $this->expiry;
35 |     }
36 | }


--------------------------------------------------------------------------------
/test/Functional/Fixtures/Entity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Tests\Functional\Fixtures;
 4 | 
 5 | use Doctrine\ORM\Mapping as ORM;
 6 | 
 7 | /**
 8 |  * @package Carnage\EncryptedColumn\TestFixtures
 9 |  * @ORM\Entity()
10 |  */
11 | class Entity 
12 | {
13 |     /**
14 |      * @var integer
15 |      * @ORM\Id @ORM\GeneratedValue @ORM\Column(type="integer")
16 |      */
17 |     protected $id;
18 | 
19 |     /**
20 |      * @var string
21 |      * @ORM\Column(type="string")
22 |      */
23 |     protected $unrelated = 'test';
24 | 
25 |     /**
26 |      * @var CreditCardDetails
27 |      * @ORM\Column(type="encrypted")
28 |      */
29 |     protected $creditCardDetails;
30 | 
31 |     /**
32 |      * @return int
33 |      */
34 |     public function getId()
35 |     {
36 |         return $this->id;
37 |     }
38 | 
39 |     /**
40 |      * @param int $id
41 |      */
42 |     public function setId($id)
43 |     {
44 |         $this->id = $id;
45 |     }
46 | 
47 |     /**
48 |      * @return CreditCardDetails
49 |      */
50 |     public function getCreditCardDetails()
51 |     {
52 |         return $this->creditCardDetails;
53 |     }
54 | 
55 |     /**
56 |      * @param CreditCardDetails $creditCardDetails
57 |      */
58 |     public function setCreditCardDetails($creditCardDetails)
59 |     {
60 |         $this->creditCardDetails = $creditCardDetails;
61 |     }
62 | 
63 |     /**
64 |      * @return string
65 |      */
66 |     public function getUnrelated()
67 |     {
68 |         return $this->unrelated;
69 |     }
70 | 
71 |     /**
72 |      * @param string $unrelated
73 |      */
74 |     public function setUnrelated($unrelated)
75 |     {
76 |         $this->unrelated = $unrelated;
77 |     }
78 | }


--------------------------------------------------------------------------------
/test/Functional/Fixtures/enc-alt.key:
--------------------------------------------------------------------------------
1 | 31400201bf84730414a7aa1acb562264a319cd56b7c41d76dc0606c05186e1575203911e7d447ea033b08735e3af9c50819c0e52775e1afa848bf2d87754ceb5f3be7f09eb579febe7710478e08f0e5d86067c8b31cce7cc3d8edfd62e9cff518f301278


--------------------------------------------------------------------------------
/test/Functional/Fixtures/enc.key:
--------------------------------------------------------------------------------
1 | 3140020116a8b2228171a56c19892cf5fa26cafa2d1ab2a2bd83f2cc7ca55e812bf65abdc429b99b9d70ad37a89f718a3b2adecb2b8f267e8487d75e2a48031b1ab4668beaa5a38d437ad3e6dc637e55d5a82e6d3647c84df40796be1d0893f6eb4971a4


--------------------------------------------------------------------------------
/test/Functional/ReadWriteTest.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Created by PhpStorm.
  4 |  * User: imhotek
  5 |  * Date: 03/11/16
  6 |  * Time: 16:12
  7 |  */
  8 | 
  9 | namespace Carnage\EncryptedColumn\Tests;
 10 | 
 11 | use Carnage\EncryptedColumn\Configuration;
 12 | use Carnage\EncryptedColumn\Setup as ECSetup;
 13 | use Carnage\EncryptedColumn\Tests\Functional\Fixtures\CreditCardDetails;
 14 | use Carnage\EncryptedColumn\Tests\Functional\Fixtures\Entity;
 15 | use Doctrine\ORM\Tools\SchemaTool;
 16 | use Doctrine\ORM\Tools\Setup;
 17 | use Doctrine\ORM\EntityManager;
 18 | 
 19 | /**
 20 |  * Class ReadWriteTest
 21 |  * @package Carnage\EncryptedColumn\Tests
 22 |  * @runTestsInSeparateProcesses
 23 |  */
 24 | class ReadWriteTest extends \PHPUnit_Framework_TestCase
 25 | {
 26 |     /**
 27 |      * @var EntityManager
 28 |      */
 29 |     private static $_em;
 30 | 
 31 |     /**
 32 |      * @var ECSetup
 33 |      */
 34 |     private static $_setup;
 35 | 
 36 |     /**
 37 |      * @var EntityManager
 38 |      */
 39 |     private $em;
 40 | 
 41 |     /**
 42 |      * @var ECSetup
 43 |      */
 44 |     private $setup;
 45 | 
 46 |     public function setUp()
 47 |     {
 48 |         if (self::$_em === null) {
 49 |             $isDevMode = true;
 50 |             $config = Setup::createAnnotationMetadataConfiguration(array(__DIR__ . "/Fixtures"), $isDevMode, null, null, false);
 51 | 
 52 |             $conn = array(
 53 |                 'driver' => 'pdo_sqlite',
 54 |                 'path' => ':memory:',
 55 |             );
 56 | 
 57 |             self::$_em = EntityManager::create($conn, $config);
 58 | 
 59 |             self::$_setup = new ECSetup();
 60 | 
 61 |             self::$_setup
 62 |                 ->withKeyPath( __DIR__ . '/Fixtures/enc.key')
 63 |                 ->register(self::$_em);
 64 | 
 65 |             $schemaTool = new SchemaTool(self::$_em);
 66 | 
 67 |             $classes = [
 68 |                 self::$_em->getClassMetadata(Entity::class)
 69 |             ];
 70 | 
 71 |             $schemaTool->createSchema($classes);
 72 |         }
 73 | 
 74 |         $this->em = self::$_em;
 75 |         $this->setup = self::$_setup;
 76 |     }
 77 | 
 78 |     public function testInsert()
 79 |     {
 80 |         $entity = new Entity();
 81 |         $entity->setCreditCardDetails(new CreditCardDetails('1234567812345678', '04/19'));
 82 | 
 83 |         $this->em->persist($entity);
 84 |         $this->em->flush();
 85 | 
 86 |         $data = $this->em->getConnection()->fetchAll('SELECT * FROM Entity');
 87 |         $savedData = json_decode($data[0]['creditCardDetails']);
 88 | 
 89 |         $this->assertObjectHasAttribute('classname', $savedData);
 90 |         $this->assertObjectHasAttribute('data', $savedData);
 91 |     }
 92 | 
 93 |     public function testRead()
 94 |     {
 95 |         $entity = new Entity();
 96 |         $creditCardDetails = new CreditCardDetails('1234567812345678', '04/19');
 97 |         $entity->setCreditCardDetails($creditCardDetails);
 98 | 
 99 |         $this->em->persist($entity);
100 |         $this->em->flush();
101 | 
102 |         $this->em->clear();
103 | 
104 |         $entity = $this->em->find(Entity::class, 1);
105 | 
106 |         $this->assertEquals($creditCardDetails->getNumber(), $entity->getCreditCardDetails()->getNumber());
107 |         $this->assertEquals($creditCardDetails->getExpiry(), $entity->getCreditCardDetails()->getExpiry());
108 |     }
109 | 
110 |     public function testUpdateUnrelated()
111 |     {
112 |         $entity = new Entity();
113 |         $entity->setCreditCardDetails(new CreditCardDetails('1234567812345678', '04/19'));
114 | 
115 |         $this->em->persist($entity);
116 |         $this->em->flush();
117 |         $this->em->clear();
118 | 
119 |         $data = $this->em->getConnection()->fetchAll('SELECT * FROM Entity');
120 |         $savedData = json_decode($data[0]['creditCardDetails']);
121 | 
122 |         $entity = $this->em->find(Entity::class, 1);
123 |         $entity->setUnrelated('unrelated');
124 |         $this->em->flush($entity);
125 | 
126 |         $data = $this->em->getConnection()->fetchAll('SELECT * FROM Entity');
127 | 
128 |         $this->assertEquals($savedData, json_decode($data[0]['creditCardDetails']));
129 |     }
130 | 
131 |     public function testUpdate()
132 |     {
133 |         $entity = new Entity();
134 |         $entity->setCreditCardDetails(new CreditCardDetails('1234567812345678', '04/19'));
135 | 
136 |         $this->em->persist($entity);
137 |         $this->em->flush();
138 |         $this->em->clear();
139 | 
140 |         $data = $this->em->getConnection()->fetchAll('SELECT * FROM Entity');
141 |         $savedData = json_decode($data[0]['creditCardDetails']);
142 | 
143 |         $entity = $this->em->find(Entity::class, 1);
144 |         $entity->setCreditCardDetails(new CreditCardDetails('1234567812345678', '04/19'));
145 |         $this->em->flush($entity);
146 | 
147 |         $data = $this->em->getConnection()->fetchAll('SELECT * FROM Entity');
148 | 
149 |         $this->assertNotEquals($savedData, json_decode($data[0]['creditCardDetails']));
150 |     }
151 | 
152 |     public function testReadAfterKeyChange()
153 |     {
154 |         $entity = new Entity();
155 |         $creditCardDetails = new CreditCardDetails('1234567812345678', '04/19');
156 |         $entity->setCreditCardDetails($creditCardDetails);
157 | 
158 |         $this->em->persist($entity);
159 |         $this->em->flush();
160 | 
161 |         $this->em->clear();
162 | 
163 |         $this->setup->withKey(__DIR__ . '/Fixtures/enc-alt.key', ['default']);
164 | 
165 |         $entity = $this->em->find(Entity::class, 1);
166 | 
167 |         $this->assertEquals($creditCardDetails->getNumber(), $entity->getCreditCardDetails()->getNumber());
168 |         $this->assertEquals($creditCardDetails->getExpiry(), $entity->getCreditCardDetails()->getExpiry());
169 |     }
170 | }


--------------------------------------------------------------------------------
/test/Migration/FiftyOneSystemsTest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * Created by PhpStorm.
 4 |  * User: imhotek
 5 |  * Date: 03/11/16
 6 |  * Time: 16:12
 7 |  */
 8 | 
 9 | namespace Carnage\EncryptedColumn\Tests;
10 | 
11 | use Carnage\EncryptedColumn\Setup as ECSetup;
12 | use Carnage\EncryptedColumn\Tests\Migration\Fixtures\Migrated\Entity;
13 | use Doctrine\ORM\Tools\SchemaTool;
14 | use Doctrine\ORM\Tools\Setup;
15 | use Doctrine\ORM\EntityManager;
16 | 
17 | /**
18 |  * Class FiftyOneSystemsTest
19 |  * @package Carnage\EncryptedColumn\Tests
20 |  * runTestsInSeparateProcesses
21 |  */
22 | class FiftyOneSystemsTest extends \PHPUnit_Framework_TestCase
23 | {
24 |     /**
25 |      * @var EntityManager
26 |      */
27 |     private static $_em;
28 | 
29 |     /**
30 |      * @var EntityManager
31 |      */
32 |     private $em;
33 | 
34 |     public function setUp()
35 |     {
36 |         if (self::$_em === null) {
37 |             copy(__DIR__ . "/Fixtures/51systems/db.sqlite", __DIR__ . "/Fixtures/Migrated/db.sqlite");
38 |             $isDevMode = true;
39 |             $config = Setup::createAnnotationMetadataConfiguration(array(__DIR__ . "/Fixtures/Migrated"), $isDevMode, null, null, false);
40 | 
41 |             $conn = array(
42 |                 'driver' => 'pdo_sqlite',
43 |                 'path' => __DIR__ . "/Fixtures/Migrated/db.sqlite",
44 |             );
45 | 
46 |             self::$_em = EntityManager::create($conn, $config);
47 | 
48 |             (new ECSetup())
49 |                 ->withKeyPath(__DIR__ . '/Fixtures/Migrated/enc.key')
50 |                 ->enableLegacy(pack("H*", "dda8e5b978e05346f08b312a8c2eac03670bb5661097f8bc13212c31be66384c"))
51 |                 ->register(self::$_em);
52 | 
53 |             $schemaTool = new SchemaTool(self::$_em);
54 | 
55 |             $classes = [
56 |                 self::$_em->getClassMetadata(Entity::class)
57 |             ];
58 | 
59 |             $schemaTool->updateSchema($classes);
60 |         }
61 | 
62 |         $this->em = self::$_em;
63 |     }
64 | 
65 |     public function testRead()
66 |     {
67 |         /** @var Entity $entity */
68 |         $entity = $this->em->find(Entity::class, 1);
69 |         $this->assertEquals('secret code', $entity->getSecretData());
70 |     }
71 | 
72 |     public function testWrite()
73 |     {
74 |         /** @var Entity $entity */
75 |         $entity = $this->em->find(Entity::class, 1);
76 |         $entity->setSecretData('top secret code');
77 | 
78 |         $this->em->flush($entity);
79 |         $this->em->clear();
80 | 
81 |         $entity = $this->em->find(Entity::class, 1);
82 |         $this->assertEquals('top secret code', $entity->getSecretData());
83 |     }
84 | }


--------------------------------------------------------------------------------
/test/Migration/Fixtures/51systems/Entity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\DceTest;
 4 | 
 5 | use Doctrine\ORM\Mapping as ORM;
 6 | use DoctrineEncrypt\Configuration as ORME;
 7 | 
 8 | /**
 9 |  * @ORM\Entity
10 |  */
11 | class Entity
12 | {
13 |     /**
14 |      * @ORM\Id
15 |      * @ORM\GeneratedValue(strategy="AUTO")
16 |      * @ORM\Column(type="integer")
17 |      * @var int
18 |      */
19 |     protected $id;
20 | 
21 |     /**
22 |      * @ORM\Column(type="text")
23 |      * @ORME\Encrypted
24 |      * @var string
25 |      */
26 |     protected $secret_data;
27 | 
28 |     /**
29 |      * @return mixed
30 |      */
31 |     public function getId()
32 |     {
33 |         return $this->id;
34 |     }
35 | 
36 |     /**
37 |      * @param mixed $id
38 |      */
39 |     public function setId($id)
40 |     {
41 |         $this->id = $id;
42 |     }
43 | 
44 |     /**
45 |      * @return mixed
46 |      */
47 |     public function getSecretData()
48 |     {
49 |         return $this->secret_data;
50 |     }
51 | 
52 |     /**
53 |      * @param mixed $secret_data
54 |      */
55 |     public function setSecretData($secret_data)
56 |     {
57 |         $this->secret_data = $secret_data;
58 |     }
59 | }


--------------------------------------------------------------------------------
/test/Migration/Fixtures/51systems/db.sqlite:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/carnage/doctrine-encrypted-column/c15db0964e447cc0c653bba2de9aef0a4612ed60/test/Migration/Fixtures/51systems/db.sqlite


--------------------------------------------------------------------------------
/test/Migration/Fixtures/Migrated/Entity.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Carnage\EncryptedColumn\Tests\Migration\Fixtures\Migrated;
 4 | 
 5 | use Carnage\EncryptedColumn\ValueObject\ValueHolder;
 6 | use Doctrine\ORM\Mapping as ORM;
 7 | 
 8 | /**
 9 |  * @ORM\Entity
10 |  */
11 | class Entity
12 | {
13 |     /**
14 |      * @ORM\Id
15 |      * @ORM\GeneratedValue(strategy="AUTO")
16 |      * @ORM\Column(type="integer")
17 |      * @var int
18 |      */
19 |     protected $id;
20 | 
21 |     /**
22 |      * @ORM\Column(type="encrypted")
23 |      * @var ValueHolder
24 |      */
25 |     protected $secret_data;
26 | 
27 |     /**
28 |      * @return mixed
29 |      */
30 |     public function getId()
31 |     {
32 |         return $this->id;
33 |     }
34 | 
35 |     /**
36 |      * @param mixed $id
37 |      */
38 |     public function setId($id)
39 |     {
40 |         $this->id = $id;
41 |     }
42 | 
43 |     /**
44 |      * @return mixed
45 |      */
46 |     public function getSecretData()
47 |     {
48 |         return $this->secret_data->getValue();
49 |     }
50 | 
51 |     /**
52 |      * @param mixed $secret_data
53 |      */
54 |     public function setSecretData($secret_data)
55 |     {
56 |         $this->secret_data = new ValueHolder($secret_data);
57 |     }
58 | }


--------------------------------------------------------------------------------
/test/Migration/Fixtures/Migrated/enc.key:
--------------------------------------------------------------------------------
1 | 3140020116a8b2228171a56c19892cf5fa26cafa2d1ab2a2bd83f2cc7ca55e812bf65abdc429b99b9d70ad37a89f718a3b2adecb2b8f267e8487d75e2a48031b1ab4668beaa5a38d437ad3e6dc637e55d5a82e6d3647c84df40796be1d0893f6eb4971a4


--------------------------------------------------------------------------------