1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Bytesfield\KeyManager\Traits; |
4
|
|
|
|
5
|
|
|
use Illuminate\Database\Eloquent\Builder; |
6
|
|
|
use ParagonIE\CipherSweet\BlindIndex; |
7
|
|
|
use ParagonIE\CipherSweet\CipherSweet; |
8
|
|
|
use ParagonIE\CipherSweet\EncryptedField; |
9
|
|
|
|
10
|
|
|
trait WithSearchableEncryptedAttribute |
11
|
|
|
{ |
12
|
|
|
protected EncryptedField $encryptedField; |
|
|
|
|
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* Initialize the trait by setting up the searchable encryption algorithm. |
16
|
|
|
* |
17
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\BlindIndexNameCollisionException |
18
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\CryptoOperationException |
19
|
|
|
* |
20
|
|
|
* @return void |
21
|
|
|
*/ |
22
|
|
|
protected function initializeWithSearchableEncryptedAttribute(): void |
23
|
|
|
{ |
24
|
|
|
$encryptedField = new EncryptedField( |
25
|
|
|
app(CipherSweet::class), |
26
|
|
|
$this->getTable(), |
27
|
|
|
$this->getEncryptedColumn() |
28
|
|
|
); |
29
|
|
|
|
30
|
|
|
$this->encryptedField = $encryptedField->addBlindIndex( |
31
|
|
|
new BlindIndex($this->getBlindIndexName(), [], 256, true) |
32
|
|
|
); |
33
|
|
|
} |
34
|
|
|
|
35
|
|
|
/** |
36
|
|
|
* Encrypts a value. |
37
|
|
|
* |
38
|
|
|
* @param string $value |
39
|
|
|
* |
40
|
|
|
* @return string |
41
|
|
|
*/ |
42
|
|
|
protected function encrypt(string $value): string |
43
|
|
|
{ |
44
|
|
|
return $this->encryptedField->encryptValue($value); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
/** |
48
|
|
|
* Decrypts a value. |
49
|
|
|
* |
50
|
|
|
* @param string $value |
51
|
|
|
* |
52
|
|
|
* @return string |
53
|
|
|
*/ |
54
|
|
|
protected function decrypt(string $value): string |
55
|
|
|
{ |
56
|
|
|
return $this->encryptedField->decryptValue($value); |
57
|
|
|
} |
58
|
|
|
|
59
|
|
|
/** |
60
|
|
|
* Generates a build index hash using the value of the encrypted column. |
61
|
|
|
* |
62
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\BlindIndexNotFoundException |
63
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\CryptoOperationException |
64
|
|
|
* @throws \SodiumException |
65
|
|
|
* |
66
|
|
|
* @return string |
67
|
|
|
*/ |
68
|
|
|
protected function blindIndexValue(): string |
69
|
|
|
{ |
70
|
|
|
return $this->getBlindIndexValueFor( |
71
|
|
|
(string) $this->getAttribute($this->getEncryptedColumn()) |
72
|
|
|
); |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
/** |
76
|
|
|
* Generate a build index hash based on provided string value. |
77
|
|
|
* |
78
|
|
|
* @param string $string |
79
|
|
|
* |
80
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\BlindIndexNotFoundException |
81
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\CryptoOperationException |
82
|
|
|
* @throws \SodiumException |
83
|
|
|
* |
84
|
|
|
* @return string |
85
|
|
|
*/ |
86
|
|
|
protected function getBlindIndexValueFor(string $string): string |
87
|
|
|
{ |
88
|
|
|
return $this->encryptedField->getBlindIndex($string, $this->getBlindIndexName()); |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
/** |
92
|
|
|
* Query model by the build index hash of the provided value. |
93
|
|
|
* |
94
|
|
|
* @param \Illuminate\Database\Eloquent\Builder $query |
95
|
|
|
* @param string $value |
96
|
|
|
* |
97
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\BlindIndexNotFoundException |
98
|
|
|
* @throws \ParagonIE\CipherSweet\Exception\CryptoOperationException |
99
|
|
|
* @throws \SodiumException |
100
|
|
|
* |
101
|
|
|
* @return \Illuminate\Database\Eloquent\Builder |
102
|
|
|
*/ |
103
|
|
|
public function scopeWhereBlindIndex(Builder $query, string $value): Builder |
104
|
|
|
{ |
105
|
|
|
return $query->where($this->getBlindIndexColumn(), $this->getBlindIndexValueFor($value)); |
106
|
|
|
} |
107
|
|
|
|
108
|
|
|
/** |
109
|
|
|
* Get the name of the build index. e.g api_keys_encrypted_hash_blind_index. |
110
|
|
|
* |
111
|
|
|
* @return string |
112
|
|
|
*/ |
113
|
|
|
protected function getBlindIndexName(): string |
114
|
|
|
{ |
115
|
|
|
return $this->getTable().'_'.$this->getBlindIndexColumn().'_blind_index'; |
116
|
|
|
} |
117
|
|
|
|
118
|
|
|
/** |
119
|
|
|
* Get the name of the attribute/column whose value is to be encrypted. |
120
|
|
|
* |
121
|
|
|
* @return string |
122
|
|
|
*/ |
123
|
|
|
protected function getEncryptedColumn(): string |
124
|
|
|
{ |
125
|
|
|
return $this->encrypted ?? 'encrypted'; |
126
|
|
|
} |
127
|
|
|
|
128
|
|
|
/** |
129
|
|
|
* Get the name of the attribute/column which is to be used to build and access the build index hash. |
130
|
|
|
* |
131
|
|
|
* @return string |
132
|
|
|
*/ |
133
|
|
|
protected function getBlindIndexColumn(): string |
134
|
|
|
{ |
135
|
|
|
return $this->blindIndex ?? 'encrypted_hash'; |
136
|
|
|
} |
137
|
|
|
} |
138
|
|
|
|