LeKoala\Encrypt\EncryptedDBField

Complexity

Total Complexity

62

Size/Duplication

Total Lines	401
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

22 Methods

Rating	Name	Duplication	Size	Complexity
A	setValueField()	0	3	1
A	getOutputSize()	0	8	2
A	getIndexSize()	0	9	3
A	getValueField()	0	3	1
A	getBlindIndexField()	0	3	1
A	setBlindIndexField()	0	3	1
A	getDomainSize()	0	8	2
A	fetchDataList()	0	15	3
A	getEncryptedField()	0	13	3
A	getSearchValue()	0	17	6
A	addToQuery()	0	5	1
A	fetchRecord()	0	22	5
A	writeToManipulation()	0	16	3
A	getSearchParams()	0	8	2
A	scaffoldFormField()	0	4	1
A	__toString()	0	3	1
A	Nice()	0	3	1
A	scalarValueOnly()	0	3	1
F	setValue()	0	57	19
A	saveInto()	0	23	3
A	isChanged()	0	3	1
A	exists()	0	3	1

<?php

namespace LeKoala\Encrypt;

use Exception;
use SilverStripe\ORM\DataObject;
use SilverStripe\Forms\TextField;
use ParagonIE\CipherSweet\BlindIndex;
use SilverStripe\ORM\Queries\SQLSelect;
use ParagonIE\CipherSweet\EncryptedField;
use SilverStripe\ORM\FieldType\DBComposite;

/**
 * Value will be set on parent record through built in getField
 * mechanisms for composite fields
 */
class EncryptedDBField extends DBComposite
{
    use HasBaseEncryption;

    const LARGE_INDEX_SIZE = 32;
    const SMALL_INDEX_SIZE = 16;
    const VALUE_SUFFIX = "Value";
    const INDEX_SUFFIX = "BlindIndex";

    /**
     * @config
     * @var int
     */
    private static $output_size = 15;

The private property $output_size is not used, and could be removed.

    /**
     * @config
     * @var int
     */
    private static $domain_size = 127;

The private property $domain_size is not used, and could be removed.

    /**
     * @param array
     */
    private static $composite_db = array(

The private property $composite_db is not used, and could be removed.

        "Value" => "Varchar(191)",
        "BlindIndex" => 'Varchar(32)',
    );

    /**
     * Output size is the number of bits (not bytes) of a blind index.
     * Eg: 4 for a 4 digits year
     * Note: the larger the output size, the smaller the index should be
     * @return int
     */
    public function getOutputSize()
    {
        if (array_key_exists('output_size', $this->options)) {
            $outputSize = $this->options['output_size'];
        } else {
            $outputSize = static::config()->get('output_size');
        }
        return $outputSize;
    }

    /**
     * Input domain is the set of all possible distinct inputs.
     * Eg : 4 digits have 10,000 possible values (10^4). The log (base 2) of 10,000 is 13.2877; you would want to always round up (so 14).
     * @return int
     */
    public function getDomainSize()
    {
        if (array_key_exists('domain_size', $this->options)) {
            $domainSize = $this->options['domain_size'];
        } else {
            $domainSize = static::config()->get('domain_size');
        }
        return $domainSize;
    }

    /**
     * @param int $default
     * @return int
     */
    public function getIndexSize($default = null)
    {
        if (array_key_exists('index_size', $this->options)) {
            return $this->options['index_size'];
        }
        if ($default) {

The expression $default of type integer|null is loosely compared to true; this is ambiguous if the integer can be 0. You might want to explicitly use !== null instead.

            return $default;
        }
        return self::LARGE_INDEX_SIZE;
    }

    /**
     * @return string
     */
    public function getValueField()
    {
        return $this->getField(self::VALUE_SUFFIX);
    }

    /**
     * @return $this
     */
    public function setValueField($value, $markChanged = true)
    {
        return $this->setField(self::VALUE_SUFFIX, $value, $markChanged);
    }

    /**
     * @return string
     */
    public function getBlindIndexField()
    {
        return $this->getField(self::INDEX_SUFFIX);
    }

    /**
     * @return $this
     */
    public function setBlindIndexField($value, $markChanged = true)
    {
        return $this->setField(self::INDEX_SUFFIX, $value, $markChanged);
    }

    /**
     * @param CipherSweet $engine

The type LeKoala\Encrypt\CipherSweet was not found. Maybe you did not declare it correctly or list all dependencies?

     * @param bool $fashHash
     * @return EncryptedField
     */
    public function getEncryptedField($engine = null, $fashHash = null)
    {
        if ($engine === null) {
            $engine = EncryptHelper::getCipherSweet();
        }
        if ($fashHash === null) {
            $fashHash = EncryptHelper::getFashHash();
        }
        $indexSize = $this->getIndexSize(self::LARGE_INDEX_SIZE);
        // fieldName needs to match exact db name for row rotator to work properly
        $encryptedField = (new EncryptedField($engine, $this->tableName, $this->name . self::VALUE_SUFFIX))
            ->addBlindIndex(new BlindIndex($this->name . self::INDEX_SUFFIX, [], $indexSize, $fashHash));
        return $encryptedField;
    }

    /**
     * This is not called anymore, we rely on saveInto for now
     * @link https://github.com/silverstripe/silverstripe-framework/issues/8800
     * @param array $manipulation
     * @return void
     */
    public function writeToManipulation(&$manipulation)
    {
        $encryptedField = $this->getEncryptedField();
        $aad = $this->encryptionAad;
        if ($this->value) {
            $dataForStorage = $encryptedField->prepareForStorage($this->value, $aad);
            $encryptedValue = $this->prepValueForDB($dataForStorage[0]);
            $blindIndexes = $dataForStorage[1];
        } else {
            $encryptedValue = null;
            $blindIndexes = [];
        }

        $manipulation['fields'][$this->name . self::VALUE_SUFFIX] = $encryptedValue;
        foreach ($blindIndexes as $blindIndexName => $blindIndexValue) {
            $manipulation['fields'][$blindIndexName] = $blindIndexValue;
        }
    }

    /**
     * @param SQLSelect $query
     */
    public function addToQuery(&$query)
    {
        parent::addToQuery($query);
        $query->selectField(sprintf('"%s' . self::VALUE_SUFFIX . '"', $this->name));
        $query->selectField(sprintf('"%s' . self::INDEX_SUFFIX . '"', $this->name));
    }

    /**
     * Return the blind index value to search in the database
     *
     * @param string $val The unencrypted value
     * @param string $indexSuffix The blind index. Defaults to full index
     * @return string
     */
    public function getSearchValue($val, $indexSuffix = null)
    {
        if (!$this->tableName && $this->record) {
            $this->tableName = DataObject::getSchema()->tableName(get_class($this->record));

It seems like $this->record can also be of type array; however, parameter $object of get_class() does only seem to accept object, maybe add an additional type check?

        }
        if (!$this->tableName) {
            throw new Exception("Table name not set for search value. Please set a dataobject.");
        }
        if (!$this->name) {
            throw new Exception("Name not set for search value");
        }
        if ($indexSuffix === null) {
            $indexSuffix = self::INDEX_SUFFIX;
        }
        $field = $this->getEncryptedField();
        $index = $field->getBlindIndex($val, $this->name . $indexSuffix);
        return $index;

The expression return $index also could return the type array<string,string> which is incompatible with the documented return type string.

    }

    /**
     * Return a ready to use array params for a where clause
     *
     * @param string $val The unencrypted value
     * @param string $indexSuffix The blind index. Defaults to full index
     * @return array
     */
    public function getSearchParams($val, $indexSuffix = null)
    {
        if (!$indexSuffix) {
            $indexSuffix = self::INDEX_SUFFIX;
        }
        $searchValue = $this->getSearchValue($val, $indexSuffix);
        $blindIndexField = $this->name . $indexSuffix;
        return array($blindIndexField . ' = ?' => $searchValue);
    }

    /**
     * @param string $val The unencrypted value
     * @param string $indexSuffix The blind index. Defaults to full index
     * @return DataList

The type LeKoala\Encrypt\DataList was not found. Maybe you did not declare it correctly or list all dependencies?

     */
    public function fetchDataList($val, $indexSuffix = null)
    {
        if (!$this->record) {
            throw new Exception("No record set for this field");
        }
        if (!$indexSuffix) {
            $indexSuffix = self::INDEX_SUFFIX;
        }
        $class = get_class($this->record);

It seems like $this->record can also be of type array; however, parameter $object of get_class() does only seem to accept object, maybe add an additional type check?

        // A blind index can return false positives
        $params = $this->getSearchParams($val, $indexSuffix);
        $blindIndexes = $this->getEncryptedField()->getBlindIndexObjects();

The assignment to $blindIndexes is dead and can be removed.

        $list = $class::get()->where($params);
        return $list;
    }

    /**
     * @param string $val The unencrypted value
     * @param string $indexSuffix The blind index. Defaults to full index
     * @return DataObject
     */
    public function fetchRecord($val, $indexSuffix = null)
    {
        if (!$indexSuffix) {
            $indexSuffix = self::INDEX_SUFFIX;
        }
        $list = $this->fetchDataList($val, $indexSuffix);
        $blindIndexes = $this->getEncryptedField()->getBlindIndexObjects();
        $blindIndex = $blindIndexes[$this->name . $indexSuffix];
        $name = $this->name;
        /** @var DataObject $record  */
        foreach ($list as $record) {
            $obj = $record->dbObject($name);
            // Value might be transformed
            if ($blindIndex->getTransformed($obj->getValue()) == $val) {
                return $record;
            }
        }
        // throw exception if there where matches but none with the right value
        if ($list->count()) {
            throw new Exception($list->count() . " records were found but none matched the right value");
        }
        return false;

The expression return false returns the type false which is incompatible with the documented return type SilverStripe\ORM\DataObject.

    }

    public function setValue($value, $record = null, $markChanged = true)
    {
        $this->setEncryptionAad($record);

        // Return early if we keep encrypted value in memory
        if (!EncryptHelper::getAutomaticDecryption()) {
            parent::setValue($value, $record, $markChanged);
            return $this;
        }

        if ($markChanged) {
            $this->isChanged = true;
        }

        // When given a dataobject, bind this field to that
        if ($record instanceof DataObject) {
            $this->bindTo($record);
        }

        // Convert an object to an array
        if ($record && $record instanceof DataObject) {
            $record = $record->getQueriedDatabaseFields();
            if (!$record) {

The expression $record of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using empty($expr) instead to make it clear that you intend to check for an array without elements.

                throw new Exception("Could not convert record to array");
            }
        }

        // Set the table name if it was not set earlier
        if (!$this->tableName && $record) {
            $class = is_array($record) && isset($record['ClassName']) ? $record['ClassName'] : get_class($record);
            $this->tableName = DataObject::getSchema()->tableName($class);
            if (!$this->tableName) {
                throw new Exception("Could not get table name from record from " . gettype($record));
            }
        }

        // Value will store the decrypted value
        if ($value instanceof EncryptedDBField) {
            $this->value = $value->getValue();
        } elseif ($record && isset($record[$this->name . self::VALUE_SUFFIX])) {
            // In that case, the value come from the database and might be encrypted
            $encryptedValue = $record[$this->name . self::VALUE_SUFFIX];
            $this->value = $this->decryptValue($encryptedValue);
        } elseif (is_array($value)) {
            if (array_key_exists(self::VALUE_SUFFIX, $value)) {
                $this->value = $value;
            }
        } elseif (is_string($value) || !$value) {
            $this->value = $value;
        } else {
            throw new Exception("Unexcepted value of type " . gettype($value));
        }

        // Forward changes since writeToManipulation are not called
        // $this->setValueField($value, $markChanged);

        return $this;
    }

    /**
     * @return string
     */
    public function Nice($options = array())

The parameter $options is not used and could be removed.

    {
        return $this->getValue();
    }

    /**
     * @return boolean
     */
    public function exists()
    {
        return strlen($this->value ?? '') > 0;
    }

    /**
     * This is called by getChangedFields() to check if a field is changed
     *
     * @return boolean
     */
    public function isChanged()
    {
        return $this->isChanged;
    }

    /**
     * If we pass a DBField to the setField method, it will
     * trigger this method
     *
     * We save encrypted value on sub fields. They will be collected
     * by write() operation by prepareManipulationTable
     *
     * Currently prepareManipulationTable ignores composite fields
     * so we rely on the sub field mechanisms
     *
     * @param DataObject $dataObject
     * @return void
     */
    public function saveInto($dataObject)
    {
        $encryptedField = $this->getEncryptedField();
        $aad = $this->encryptionAad;
        if ($this->value) {
            $dataForStorage = $encryptedField->prepareForStorage($this->value, $aad);
            $encryptedValue = $this->prepValueForDB($dataForStorage[0]);
            $blindIndexes = $dataForStorage[1];
        } else {
            $encryptedValue = null;
            $blindIndexes = [];
        }

        // This cause infinite loops
        // $dataObject->setField($this->getName(), $this->value);

        // Encrypt value
        $key = $this->getName() . self::VALUE_SUFFIX;
        $dataObject->setField($key, $encryptedValue);

        // Build blind indexes
        foreach ($blindIndexes as $blindIndexName => $blindIndexValue) {
            $dataObject->setField($blindIndexName, $blindIndexValue);
        }
    }

    /**
     * @param string $title Optional. Localized title of the generated instance
     * @return FormField

The type LeKoala\Encrypt\FormField was not found. Maybe you did not declare it correctly or list all dependencies?

     */
    public function scaffoldFormField($title = null, $params = null)
    {
        $field = TextField::create($this->getName());
        return $field;
    }

    /**
     * Returns the string value
     */
    public function __toString()
    {
        return (string) $this->getValue();
    }

    public function scalarValueOnly()
    {
        return false;
    }
}