Merge branch 'AC-12767' into AC-12767-AC-12680

Author: dvoskoboinikov

app/code/Magento/Config/Model/Data/ReEncryptorList/CoreConfigDataReEncryptor/Handler.php

@@ -0,0 +1,124 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Config\Model\Data\ReEncryptorList\CoreConfigDataReEncryptor;
+
+use Magento\Framework\App\ResourceConnection;
+use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\EncryptionKey\Model\Data\ReEncryptorList\ReEncryptor\HandlerInterface;
+use Magento\EncryptionKey\Model\Data\ReEncryptorList\ReEncryptor\Handler\ErrorFactory;
+use Magento\Framework\DB\Query\Generator;
+
+/**
+ * Handler for core configuration re-encryption.
+ */
+class Handler implements HandlerInterface
+{
+    /**
+     * @var string
+     */
+    private const PATTERN = "^[[:digit:]]+:[[:digit:]]+:.*$";
+
+    /**
+     * @var string
+     */
+    private const TABLE_NAME = "core_config_data";
+
+    /**
+     * @var int
+     */
+    private const BATCH_SIZE = 1000;
+
+    /**
+     * @var string
+     */
+    private const IDENTIFIER = "config_id";
+
+    /**
+     * @var EncryptorInterface
+     */
+    private EncryptorInterface $encryptor;
+
+    /**
+     * @var ResourceConnection
+     */
+    private ResourceConnection $resourceConnection;
+
+    /**
+     * @var ErrorFactory
+     */
+    private ErrorFactory $errorFactory;
+
+    /**
+     * @var Generator
+     */
+    private Generator $queryGenerator;
+
+    /**
+     * @param EncryptorInterface $encryptor
+     * @param ResourceConnection $resourceConnection
+     * @param ErrorFactory $errorFactory
+     * @param Generator $queryGenerator
+     */
+    public function __construct(
+        EncryptorInterface $encryptor,
+        ResourceConnection $resourceConnection,
+        ErrorFactory $errorFactory,
+        Generator $queryGenerator
+    ) {
+        $this->encryptor = $encryptor;
+        $this->resourceConnection = $resourceConnection;
+        $this->errorFactory = $errorFactory;
+        $this->queryGenerator = $queryGenerator;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function reEncrypt(): array
+    {
+        $errors = [];
+        $tableName = $this->resourceConnection->getTableName(
+            self::TABLE_NAME
+        );
+        $connection = $this->resourceConnection->getConnection();
+
+        $select = $connection->select()
+            ->from($tableName, ['config_id', 'value'])
+            ->where('value != ?', '')
+            ->where('value IS NOT NULL')
+            ->where('value REGEXP ?', self::PATTERN);
+
+        $iterator = $this->queryGenerator->generate(
+            self::IDENTIFIER,
+            $select,
+            self::BATCH_SIZE
+        );
+
+        foreach ($iterator as $batch) {
+            foreach ($connection->fetchAll($batch) as $row) {
+                try {
+                    $connection->update(
+                        $tableName,
+                        ['value' => $this->encryptor->encrypt($this->encryptor->decrypt($row['value']))],
+                        ['config_id = ?' => $row['config_id']]
+                    );
+                } catch (\Throwable $e) {
+                    $errors[] = $this->errorFactory->create(
+                        self::IDENTIFIER,
+                        $row['config_id'],
+                        $e->getMessage()
+                    );
+
+                    continue;
+                }
+            }
+        }
+
+        return $errors;
+    }
+}

app/code/Magento/Config/composer.json

@@ -13,7 +13,8 @@
         "magento/module-directory": "*",
         "magento/module-email": "*",
         "magento/module-media-storage": "*",
-        "magento/module-store": "*"
+        "magento/module-store": "*",
+        "magento/module-encryption-key": "*"
     },
     "type": "magento2-module",
     "license": [

app/code/Magento/Config/etc/di.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0"?>
 <!--
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
  */
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
@@ -409,4 +409,17 @@
             </argument>
         </arguments>
     </type>
+    <virtualType name="Magento\Config\Model\Data\ReEncryptorList\CoreConfigDataReEncryptor" type="Magento\EncryptionKey\Model\Data\ReEncryptorList\ReEncryptor">
+        <arguments>
+            <argument name="description" xsi:type="string">Re-encrypts 'value' column in the 'core_config_data' DB table.</argument>
+            <argument name="handler" xsi:type="object">Magento\Config\Model\Data\ReEncryptorList\CoreConfigDataReEncryptor\Handler</argument>
+        </arguments>
+    </virtualType>
+    <type name="Magento\EncryptionKey\Model\Data\ReEncryptorList">
+        <arguments>
+            <argument name="reEncryptors" xsi:type="array">
+                <item name="core_config_data" xsi:type="object">Magento\Config\Model\Data\ReEncryptorList\CoreConfigDataReEncryptor</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/EncryptionKey/Console/Command/ListReEncryptorsCommand.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\EncryptionKey\Console\Command;
+
+use Magento\Framework\Console\Cli;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Magento\EncryptionKey\Model\Data\ReEncryptorList;
+
+/**
+ * Command for displaying a list of available data re-encryptors.
+ */
+class ListReEncryptorsCommand extends Command
+{
+    /**
+     * @var ReEncryptorList
+     */
+    private ReEncryptorList $reEncryptorList;
+
+    /**
+     * @param ReEncryptorList $reEncryptorList
+     */
+    public function __construct(
+        ReEncryptorList $reEncryptorList
+    ) {
+        $this->reEncryptorList = $reEncryptorList;
+
+        parent::__construct();
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function configure()
+    {
+        $this->setName('encryption:data:list-re-encryptors');
+
+        $this->setDescription(
+            'Shows a list of available data re-encryptors.'
+        );
+
+        parent::configure();
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        foreach ($this->reEncryptorList->getReEncryptors() as $name => $reEncryptor) {
+            $output->writeln(
+                sprintf(
+                    '<fg=green>%-40s</> %s',
+                    $name,
+                    $reEncryptor->getDescription()
+                )
+            );
+        }
+
+        return Cli::RETURN_SUCCESS;
+    }
+}

app/code/Magento/EncryptionKey/Console/Command/ReEncryptDataCommand.php

@@ -0,0 +1,162 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\EncryptionKey\Console\Command;
+
+use DateInterval;
+use Magento\Framework\Console\Cli;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Magento\EncryptionKey\Model\Data\ReEncryptorList;
+
+/**
+ * Command for re-encryption of encrypted data using current encryption key.
+ */
+class ReEncryptDataCommand extends Command
+{
+    /**
+     * @var string
+     */
+    private const INPUT_KEY_ENCRYPTORS = 'encryptors';
+
+    /**
+     * @var ReEncryptorList
+     */
+    private ReEncryptorList $reEncryptorList;
+
+    /**
+     * @param ReEncryptorList $reEncryptorList
+     */
+    public function __construct(
+        ReEncryptorList $reEncryptorList
+    ) {
+        $this->reEncryptorList = $reEncryptorList;
+
+        parent::__construct();
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function configure()
+    {
+        $this->setName('encryption:data:re-encrypt');
+
+        $this->setDescription(
+            'Re-encrypts encrypted data using current encryption key.'
+        );
+
+        $this->addArgument(
+            self::INPUT_KEY_ENCRYPTORS,
+            InputArgument::IS_ARRAY,
+            'Space-separated list of re-encryptors to use.'
+        );
+
+        parent::configure();
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $requestedReEncryptorsNames = $input->getArgument(
+            self::INPUT_KEY_ENCRYPTORS
+        );
+
+        $availableReEncryptors = $this->reEncryptorList->getReEncryptors();
+
+        if (empty($requestedReEncryptorsNames)) {
+            $requestedReEncryptorsNames = array_keys($availableReEncryptors);
+        }
+
+        foreach ($requestedReEncryptorsNames as $name) {
+            if (!isset($availableReEncryptors[$name])) {
+                $output->writeLn(
+                    sprintf("<fg=red>Re-encryptor '%s' could not be found!</>", $name)
+                );
+
+                continue;
+            }
+
+            $reEncryptor = $availableReEncryptors[$name];
+
+            $output->writeLn(
+                sprintf("Executing '%s' re-encryptor...", $name)
+            );
+
+            try {
+                $startTime = new \DateTimeImmutable();
+
+                $errors = $reEncryptor->reEncrypt();
+
+                $endTime = new \DateTimeImmutable();
+
+                $elapsedTime = $this->formatInterval(
+                    $startTime->diff($endTime)
+                );
+            } catch (\Throwable $e) {
+                $output->writeLn("<fg=red>Failed due to the following error:</>");
+
+                $output->writeLn(
+                    sprintf("<fg=white;bg=red>%s</>", $e->getMessage())
+                );
+
+                continue;
+            }
+
+            if (empty($errors)) {
+                $output->writeLn(
+                    sprintf(
+                        "<fg=green>Done successfully in %s.</>",
+                        $elapsedTime
+                    )
+                );
+            } else {
+                $output->writeLn(
+                    sprintf(
+                        "<fg=yellow>Done in %s but with the following errors:</>",
+                        $elapsedTime
+                    )
+                );
+
+                foreach ($errors as $error) {
+                    $output->writeLn(
+                        sprintf(
+                            "<fg=black;bg=yellow>[%s %s]: %s</>",
+                            $error->getRowIdField(),
+                            $error->getRowIdValue(),
+                            $error->getMessage()
+                        )
+                    );
+                }
+            }
+        }
+
+        return Cli::RETURN_SUCCESS;
+    }
+
+    /**
+     * Formats a date interval.
+     *
+     * @param DateInterval $interval
+     *
+     * @return string
+     */
+    private function formatInterval(DateInterval $interval): string
+    {
+        $days = (int) $interval->format('%d');
+
+        $hours = $days * 24 + (int) $interval->format('%H');
+        $minutes = $interval->format('%I');
+        $seconds = $interval->format('%S');
+
+        return sprintf("%s:%s:%s", $hours, $minutes, $seconds);
+    }
+}