poc personal data

patchlevel · Mar 19, 2024 · 0ee4d1d · 0ee4d1d
1 parent 3b6277f
commit 0ee4d1d
Show file tree

Hide file tree

Showing 31 changed files with 979 additions and 11 deletions.
diff --git a/src/Attribute/DataSubjectId.php b/src/Attribute/DataSubjectId.php
@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+class DataSubjectId
+{
+}
diff --git a/src/Attribute/PersonalData.php b/src/Attribute/PersonalData.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+class PersonalData
+{
+    public function __construct(
+        public readonly mixed $fallback = null,
+    ) {
+    }
+}
diff --git a/src/Crypto/ArrayCacheCryptoStore.php b/src/Crypto/ArrayCacheCryptoStore.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+use function array_key_exists;
+
+class ArrayCacheCryptoStore implements CryptoStore
+{
+    private array $keys = [];
+
+    public function __construct(
+        private readonly CryptoStore $parent,
+    ) {
+    }
+
+    public function find(string $id): EncryptionKey|null
+    {
+        if (array_key_exists($id, $this->keys)) {
+            return $this->keys[$id];
+        }
+
+        $this->keys[$id] = $this->parent->find($id);
+
+        return $this->keys[$id];
+    }
+
+    public function store(string $id, EncryptionKey $key): void
+    {
+        $this->keys[$id] = $key;
+        $this->parent->store($id, $key);
+    }
+
+    public function remove(string $id): void
+    {
+        unset($this->keys[$id]);
+        $this->parent->remove($id);
+    }
+
+    public function clear(): void
+    {
+        $this->keys = [];
+    }
+}
diff --git a/src/Crypto/CryptoManager.php b/src/Crypto/CryptoManager.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+interface CryptoManager
+{
+    /** @param class-string $class */
+    public function encrypt(string $class, array $data): array;
+
+    /** @param class-string $class */
+    public function decrypt(string $class, array $data): array;
+}
diff --git a/src/Crypto/CryptoService.php b/src/Crypto/CryptoService.php
@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+interface CryptoService
+{
+    public function encrypt(EncryptionKey $key, mixed $data): string;
+
+    public function decrypt(EncryptionKey $key, string $data): mixed;
+}
diff --git a/src/Crypto/CryptoStore.php b/src/Crypto/CryptoStore.php
@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+interface CryptoStore
+{
+    public function find(string $id): EncryptionKey|null;
+
+    public function store(string $id, EncryptionKey $key): void;
+
+    public function remove(string $id): void;
+}
diff --git a/src/Crypto/DefaultCryptoManager.php b/src/Crypto/DefaultCryptoManager.php
@@ -0,0 +1,101 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+use Patchlevel\EventSourcing\Metadata\Event\EventMetadataFactory;
+
+class DefaultCryptoManager implements CryptoManager
+{
+    public function __construct(
+        private readonly EventMetadataFactory $eventMetadataFactory,
+        private readonly CryptoStore $cryptoStore,
+        private readonly CryptoService $cryptoService,
+        private readonly EncryptionKeyFactory $encryptionKeyFactory,
+    ) {
+    }
+
+    public function encrypt(string $class, array $data): array
+    {
+        $subjectId = $this->subjectId($class, $data);
+
+        if ($subjectId === null) {
+            return $data;
+        }
+
+        $encryptionKey = $this->cryptoStore->find($subjectId);
+
+        if ($encryptionKey === null) {
+            $encryptionKey = ($this->encryptionKeyFactory)();
+            $this->cryptoStore->store($subjectId, $encryptionKey);
+        }
+
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        foreach ($metadata->propertyMetadata as $propertyMetadata) {
+            if (!$propertyMetadata->isPersonalData) {
+                continue;
+            }
+
+            $data[$propertyMetadata->fieldName] = $this->cryptoService->encrypt(
+                $encryptionKey,
+                $data[$propertyMetadata->fieldName],
+            );
+        }
+
+        return $data;
+    }
+
+    public function decrypt(string $class, array $data): array
+    {
+        $subjectId = $this->subjectId($class, $data);
+
+        if ($subjectId === null) {
+            return $data;
+        }
+
+        $encryptionKey = $this->cryptoStore->find($subjectId);
+
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        foreach ($metadata->propertyMetadata as $propertyMetadata) {
+            if (!$propertyMetadata->isPersonalData) {
+                continue;
+            }
+
+            if (!$encryptionKey) {
+                $data[$propertyMetadata->fieldName] = $propertyMetadata->personalDataFallback;
+                continue;
+            }
+
+            $data[$propertyMetadata->fieldName] = $this->cryptoService->decrypt(
+                $encryptionKey,
+                $data[$propertyMetadata->fieldName],
+            );
+        }
+
+        return $data;
+    }
+
+    private function subjectId(string $class, array $data): string|null
+    {
+        $metadata = $this->eventMetadataFactory->metadata($class);
+
+        if ($metadata->dataSubjectIdField === null) {
+            return null;
+        }
+
+        return $data[$metadata->dataSubjectIdField];
+    }
+
+    public static function createDefault(EventMetadataFactory $eventMetadataFactory, CryptoStore $cryptoStore): static
+    {
+        return new self(
+            $eventMetadataFactory,
+            $cryptoStore,
+            new OpensslCryptoService(),
+            new OpensslEncryptionKeyFactory(),
+        );
+    }
+}
diff --git a/src/Crypto/DoctrineCryptoStore.php b/src/Crypto/DoctrineCryptoStore.php
@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+use Doctrine\DBAL\Connection;
+use Doctrine\DBAL\Schema\Schema;
+use Patchlevel\EventSourcing\Schema\DoctrineSchemaConfigurator;
+
+use function bin2hex;
+use function hex2bin;
+
+class DoctrineCryptoStore implements CryptoStore, DoctrineSchemaConfigurator
+{
+    public function __construct(
+        private readonly Connection $connection,
+        private readonly string $tableName = 'crypto_keys',
+    ) {
+    }
+
+    public function find(string $id): EncryptionKey|null
+    {
+        $result = $this->connection->fetchAssociative(
+            "SELECT * FROM {$this->tableName} WHERE id = :id",
+            ['id' => $id],
+        );
+
+        if ($result === false) {
+            return null;
+        }
+
+        return new EncryptionKey(
+            hex2bin($result['key']),
+            $result['method'],
+            hex2bin($result['iv']),
+        );
+    }
+
+    public function store(string $id, EncryptionKey $key): void
+    {
+        $this->connection->insert($this->tableName, [
+            'id' => $id,
+            'key' => bin2hex($key->key),
+            'method' => $key->method,
+            'iv' => bin2hex($key->iv),
+        ]);
+    }
+
+    public function remove(string $id): void
+    {
+        $this->connection->delete($this->tableName, ['id' => $id]);
+    }
+
+    public function configureSchema(Schema $schema, Connection $connection): void
+    {
+        if ($connection !== $this->connection) {
+            return;
+        }
+
+        $table = $schema->createTable($this->tableName);
+        $table->addColumn('id', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('key', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('method', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->addColumn('iv', 'string')
+            ->setNotnull(true)
+            ->setLength(255);
+        $table->setPrimaryKey(['id']);
+    }
+}
diff --git a/src/Crypto/EncryptionKey.php b/src/Crypto/EncryptionKey.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+final class EncryptionKey
+{
+    public function __construct(
+        public readonly string $key,
+        public readonly string $method,
+        public readonly string $iv,
+    ) {
+    }
+}
diff --git a/src/Crypto/EncryptionKeyFactory.php b/src/Crypto/EncryptionKeyFactory.php
@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+interface EncryptionKeyFactory
+{
+    public function __invoke(): EncryptionKey;
+}
diff --git a/src/Crypto/InMemoryCryptoStore.php b/src/Crypto/InMemoryCryptoStore.php
@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Crypto;
+
+class InMemoryCryptoStore implements CryptoStore
+{
+    /** @var array<string, EncryptionKey> */
+    private array $keys = [];
+
+    public function find(string $id): EncryptionKey|null
+    {
+        return $this->keys[$id] ?? null;
+    }
+
+    public function store(string $id, EncryptionKey $key): void
+    {
+        $this->keys[$id] = $key;
+    }
+
+    public function remove(string $id): void
+    {
+        unset($this->keys[$id]);
+    }
+}