poc personal data

baseline.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.22.2@d768d914152dbbf3486c36398802f74e80cfde48">
+<files psalm-version="5.23.1@8471a896ccea3526b26d082f4461eeea467f10a4">
   <file src="src/Aggregate/AggregateRootBehaviour.php">
     <UnsafeInstantiation>
       <code><![CDATA[new static()]]></code>
@@ -15,6 +15,28 @@
       <code><![CDATA[class DoctrineHelper]]></code>
     </ClassNotFinal>
   </file>
+  <file src="src/Cryptography/Cipher/OpensslCipherKeyFactory.php">
+    <ArgumentTypeCoercion>
+      <code><![CDATA[openssl_random_pseudo_bytes($ivLength)]]></code>
+      <code><![CDATA[openssl_random_pseudo_bytes($this->length)]]></code>
+    </ArgumentTypeCoercion>
+  </file>
+  <file src="src/Cryptography/DefaultEventPayloadCryptographer.php">
+    <MixedArgument>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+    </MixedArgument>
+    <MixedAssignment>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+      <code><![CDATA[$data[$propertyMetadata->fieldName]]]></code>
+    </MixedAssignment>
+  </file>
+  <file src="src/Cryptography/Store/DoctrineCipherKeyStore.php">
+    <ArgumentTypeCoercion>
+      <code><![CDATA[base64_decode($result['crypto_iv'])]]></code>
+      <code><![CDATA[base64_decode($result['crypto_key'])]]></code>
+    </ArgumentTypeCoercion>
+  </file>
   <file src="src/EventBus/AttributeListenerProvider.php">
     <MixedMethodCall>
       <code><![CDATA[$method->getName()]]></code>
@@ -88,12 +110,21 @@
       <code><![CDATA[Closure(Message):void]]></code>
     </MixedReturnTypeCoercion>
   </file>
-  <file src="tests/Benchmark/BasicImplementation/Aggregate/Profile.php">
+  <file src="tests/Benchmark/BasicImplementation/Profile.php">
     <PropertyNotSetInConstructor>
+      <code><![CDATA[$email]]></code>
       <code><![CDATA[$id]]></code>
       <code><![CDATA[$name]]></code>
     </PropertyNotSetInConstructor>
   </file>
+  <file src="tests/Benchmark/PersonalDataBench.php">
+    <MissingConstructor>
+      <code><![CDATA[$bus]]></code>
+      <code><![CDATA[$id]]></code>
+      <code><![CDATA[$repository]]></code>
+      <code><![CDATA[$store]]></code>
+    </MissingConstructor>
+  </file>
   <file src="tests/Benchmark/SimpleSetupBench.php">
     <MissingConstructor>
       <code><![CDATA[$bus]]></code>
@@ -145,6 +176,17 @@
       <code><![CDATA[$name]]></code>
     </PropertyNotSetInConstructor>
   </file>
+  <file src="tests/Integration/PersonalData/PersonalDataTest.php">
+    <MixedArgument>
+      <code><![CDATA[$row['payload']]]></code>
+    </MixedArgument>
+  </file>
+  <file src="tests/Integration/PersonalData/Profile.php">
+    <PropertyNotSetInConstructor>
+      <code><![CDATA[$id]]></code>
+      <code><![CDATA[$name]]></code>
+    </PropertyNotSetInConstructor>
+  </file>
   <file src="tests/Integration/Pipeline/Aggregate/Profile.php">
     <PropertyNotSetInConstructor>
       <code><![CDATA[$id]]></code>
@@ -164,6 +206,11 @@
       <code><![CDATA[$name]]></code>
     </PropertyNotSetInConstructor>
   </file>
+  <file src="tests/Unit/Cryptography/Cipher/OpensslCipherTest.php">
+    <MixedAssignment>
+      <code><![CDATA[$return]]></code>
+    </MixedAssignment>
+  </file>
   <file src="tests/Unit/Fixture/MessageNormalizer.php">
     <MixedArgumentTypeCoercion>
       <code><![CDATA[$value]]></code>

deptrac.yaml

@@ -21,6 +21,10 @@ deptrac:
       collectors:
         - type: directory
           value: src/Console/.*
+    - name: Cryptography
+      collectors:
+        - type: directory
+          value: src/Cryptography/.*
     - name: Debug
       collectors:
         - type: directory
@@ -108,6 +112,9 @@ deptrac:
       - Serializer
       - Store
       - Subscription
+    Cryptography:
+      - MetadataEvent
+      - Schema
     Debug:
       - Attribute
       - Message
@@ -159,6 +166,7 @@ deptrac:
     Schema:
     Serializer:
       - Aggregate
+      - Cryptography
       - MetadataEvent
     Snapshot:
       - Aggregate

docs/mkdocs.yml

@@ -88,6 +88,7 @@ nav:
     - Aggregate ID: aggregate_id.md
     - Normalizer: normalizer.md
     - Snapshots: snapshots.md
+    - Personal Data: personal_data.md
     - Upcasting: upcasting.md
     - Outbox: outbox.md
     - Pipeline: pipeline.md

docs/pages/personal_data.md

@@ -0,0 +1,6 @@
+# Personal Data
+
+
+
+
+## Learn more

phpstan-baseline.neon

@@ -5,6 +5,31 @@ parameters:
 			count: 1
 			path: src/Console/DoctrineHelper.php
 
+		-
+			message: "#^Parameter \\#1 \\$key of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Cipher/OpensslCipherKeyFactory.php
+
+		-
+			message: "#^Parameter \\#3 \\$iv of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Cipher/OpensslCipherKeyFactory.php
+
+		-
+			message: "#^Parameter \\#2 \\$data of method Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\Cipher\\:\\:decrypt\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: src/Cryptography/DefaultEventPayloadCryptographer.php
+
+		-
+			message: "#^Parameter \\#1 \\$key of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Store/DoctrineCipherKeyStore.php
+
+		-
+			message: "#^Parameter \\#3 \\$iv of class Patchlevel\\\\EventSourcing\\\\Cryptography\\\\Cipher\\\\CipherKey constructor expects non\\-empty\\-string, string given\\.$#"
+			count: 1
+			path: src/Cryptography/Store/DoctrineCipherKeyStore.php
+
 		-
 			message: "#^Parameter \\#2 \\$data of method Patchlevel\\\\Hydrator\\\\Hydrator\\:\\:hydrate\\(\\) expects array\\<string, mixed\\>, mixed given\\.$#"
 			count: 1

src/Attribute/DataSubjectId.php

@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+final class DataSubjectId
+{
+}

src/Attribute/PersonalData.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Attribute;
+
+use Attribute;
+
+#[Attribute(Attribute::TARGET_PROPERTY)]
+final class PersonalData
+{
+    public function __construct(
+        public readonly mixed $fallback = null,
+    ) {
+    }
+}

src/Cryptography/Cipher/Cipher.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+interface Cipher
+{
+    /** @throws EncryptionFailed */
+    public function encrypt(CipherKey $key, mixed $data): string;
+
+    /** @throws DecryptionFailed */
+    public function decrypt(CipherKey $key, string $data): mixed;
+}

src/Cryptography/Cipher/CipherKey.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+final class CipherKey
+{
+    /**
+     * @param non-empty-string $key
+     * @param non-empty-string $method
+     * @param non-empty-string $iv
+     */
+    public function __construct(
+        public readonly string $key,
+        public readonly string $method,
+        public readonly string $iv,
+    ) {
+    }
+}

src/Cryptography/Cipher/CipherKeyFactory.php

@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+interface CipherKeyFactory
+{
+    /** @throws CreateCipherKeyFailed */
+    public function __invoke(): CipherKey;
+}

src/Cryptography/Cipher/CreateCipherKeyFailed.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class CreateCipherKeyFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('Create cipher key failed.');
+    }
+}

src/Cryptography/Cipher/DecryptionFailed.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class DecryptionFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('Decryption failed.');
+    }
+}

src/Cryptography/Cipher/EncryptionFailed.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use RuntimeException;
+
+final class EncryptionFailed extends RuntimeException
+{
+    public function __construct()
+    {
+        parent::__construct('Encryption failed.');
+    }
+}

src/Cryptography/Cipher/OpensslCipher.php

@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use JsonException;
+
+use function base64_decode;
+use function base64_encode;
+use function json_decode;
+use function json_encode;
+use function openssl_decrypt;
+use function openssl_encrypt;
+
+use const JSON_THROW_ON_ERROR;
+
+final class OpensslCipher implements Cipher
+{
+    public function encrypt(CipherKey $key, mixed $data): string
+    {
+        $encryptedData = @openssl_encrypt(
+            $this->dataEncode($data),
+            $key->method,
+            $key->key,
+            0,
+            $key->iv,
+        );
+
+        if ($encryptedData === false) {
+            throw new EncryptionFailed();
+        }
+
+        return base64_encode($encryptedData);
+    }
+
+    public function decrypt(CipherKey $key, string $data): mixed
+    {
+        $data = @openssl_decrypt(
+            base64_decode($data),
+            $key->method,
+            $key->key,
+            0,
+            $key->iv,
+        );
+
+        if ($data === false) {
+            throw new DecryptionFailed();
+        }
+
+        try {
+            return $this->dataDecode($data);
+        } catch (JsonException) {
+            throw new DecryptionFailed();
+        }
+    }
+
+    private function dataEncode(mixed $data): string
+    {
+        return json_encode($data, JSON_THROW_ON_ERROR);
+    }
+
+    private function dataDecode(string $data): mixed
+    {
+        return json_decode($data, true, 512, JSON_THROW_ON_ERROR);
+    }
+}

src/Cryptography/Cipher/OpensslCipherKeyFactory.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\EventSourcing\Cryptography\Cipher;
+
+use function openssl_cipher_iv_length;
+use function openssl_random_pseudo_bytes;
+
+final class OpensslCipherKeyFactory implements CipherKeyFactory
+{
+    public const DEFAULT_LENGTH = 32;
+
+    public const DEFAULT_METHOD = 'aes128';
+
+    /**
+     * @param positive-int     $length
+     * @param non-empty-string $method
+     */
+    public function __construct(
+        private readonly int $length = self::DEFAULT_LENGTH,
+        private readonly string $method = self::DEFAULT_METHOD,
+    ) {
+    }
+
+    public function __invoke(): CipherKey
+    {
+        $ivLength = @openssl_cipher_iv_length($this->method);
+
+        if ($ivLength === false) {
+            throw new CreateCipherKeyFailed();
+        }
+
+        return new CipherKey(
+            openssl_random_pseudo_bytes($this->length),
+            $this->method,
+            openssl_random_pseudo_bytes($ivLength),
+        );
+    }
+}