AC-10686: [PCI] SRI enabled on payment pages

Author: dvoskoboinikov

app/code/Magento/Csp/Model/SubresourceIntegrityCollector.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model;
+
+/**
+ * Collector of Integrity objects.
+ */
+class SubresourceIntegrityCollector
+{
+    /**
+     * @var array
+     */
+    private array $data = [];
+
+    /**
+     * @param array $data
+     */
+    public function __construct(array $data = []) {
+        $this->data = $data;
+    }
+
+    /**
+     * Collects given Integrity object.
+     *
+     * @param SubresourceIntegrity $integrity
+     *
+     * @return void
+     */
+    public function collect(SubresourceIntegrity $integrity): void
+    {
+        $this->data[] = $integrity;
+    }
+
+    /**
+     * Provides all collected Integrity objects.
+     *
+     * @return SubresourceIntegrity[]
+     */
+    public function release(): array
+    {
+        return $this->data;
+    }
+}

app/code/Magento/Csp/Model/SubresourceIntegrityRepository.php

@@ -135,6 +135,30 @@ public function save(SubresourceIntegrity $integrity): bool
         );
     }
 
+    /**
+     * Saves a bunch of Integrity objects.
+     *
+     * @param SubresourceIntegrity[] $bunch
+     *
+     * @return bool
+     */
+    public function saveBunch(array $bunch): bool
+    {
+        $data = $this->getData();
+
+        foreach ($bunch as $integrity) {
+            $data[$integrity->getPath()] = $integrity->getHash();
+        }
+
+        $this->data = $data;
+
+        return $this->cache->save(
+            $this->serializer->serialize($this->data),
+            $this->getCacheKey(),
+            [self::CACHE_PREFIX]
+        );
+    }
+
     /**
      * Deletes all Integrity objects.
      *

app/code/Magento/Csp/Plugin/GenerateAssetIntegrity.php

@@ -13,8 +13,8 @@
 use Magento\Framework\View\Asset\LocalInterface;
 use Magento\Framework\View\Asset\AssetInterface;
 use Magento\Csp\Model\SubresourceIntegrityFactory;
+use Magento\Csp\Model\SubresourceIntegrityCollector;
 use Magento\Csp\Model\SubresourceIntegrity\HashGenerator;
-use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
 
 /**
  * Plugin to add asset integrity value after static content deploy.
@@ -39,23 +39,23 @@ class GenerateAssetIntegrity
     private SubresourceIntegrityFactory $integrityFactory;
 
     /**
-     * @var SubresourceIntegrityRepositoryPool
+     * @var SubresourceIntegrityCollector
      */
-    private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
+    private SubresourceIntegrityCollector $integrityCollector;
 
     /**
      * @param HashGenerator $hashGenerator
      * @param SubresourceIntegrityFactory $integrityFactory
-     * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+     * @param SubresourceIntegrityCollector $integrityCollector
      */
     public function __construct(
         HashGenerator $hashGenerator,
         SubresourceIntegrityFactory $integrityFactory,
-        SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+        SubresourceIntegrityCollector $integrityCollector
     ) {
         $this->hashGenerator = $hashGenerator;
         $this->integrityFactory = $integrityFactory;
-        $this->integrityRepositoryPool = $integrityRepositoryPool;
+        $this->integrityCollector = $integrityCollector;
     }
 
     /**
@@ -126,9 +126,6 @@ private function generateIntegrity(LocalInterface $asset): void
             ]
         );
 
-        $area = explode("/", $asset->getPath())[0];
-
-        $this->integrityRepositoryPool->get($area)
-            ->save($integrity);
+        $this->integrityCollector->collect($integrity);
     }
 }

app/code/Magento/Csp/Plugin/StoreAssetIntegrityHashes.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Plugin;
+
+use Magento\Deploy\Service\DeployStaticContent;
+use Magento\Csp\Model\SubresourceIntegrityCollector;
+use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
+
+/**
+ * Plugin that stores generated integrity hashes for all assets.
+ */
+class StoreAssetIntegrityHashes
+{
+    /**
+     * @var SubresourceIntegrityCollector
+     */
+    private SubresourceIntegrityCollector $integrityCollector;
+
+    /**
+     * @var SubresourceIntegrityRepositoryPool
+     */
+    private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
+
+    /**
+     * @param SubresourceIntegrityCollector $integrityCollector
+     * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+     */
+    public function __construct(
+        SubresourceIntegrityCollector $integrityCollector,
+        SubresourceIntegrityRepositoryPool $integrityRepositoryPool
+    ) {
+        $this->integrityCollector = $integrityCollector;
+        $this->integrityRepositoryPool = $integrityRepositoryPool;
+    }
+
+    /**
+     * Stores generated integrity hashes for all assets
+     * after static content deploy.
+     *
+     * @param DeployStaticContent $subject
+     * @param mixed $result
+     * @param array $options
+     *
+     * @return void
+     *
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterDeploy(
+        DeployStaticContent $subject,
+        mixed $result,
+        array $options
+    ): void {
+        $bunches = [];
+
+        foreach ($this->integrityCollector->release() as $integrity) {
+            $area = explode("/", $integrity->getPath())[0];
+
+            $bunches[$area][] = $integrity;
+        }
+
+        foreach ($bunches as $area => $bunch) {
+            $this->integrityRepositoryPool->get($area)
+                ->saveBunch($bunch);
+        }
+    }
+}

app/code/Magento/Csp/etc/di.xml

@@ -123,4 +123,7 @@
     <type name="Magento\RequireJs\Model\FileManager">
         <plugin name="addResourceIntegrityAfterAssetCreate" type="Magento\Csp\Plugin\GenerateAssetIntegrity"/>
     </type>
+    <type name="Magento\Deploy\Service\DeployStaticContent">
+        <plugin name="storeAssetIntegrityHashes" type="Magento\Csp\Plugin\StoreAssetIntegrityHashes" />
+    </type>
 </config>