MAGETWO-64613: Implement service to enrypt collected data

Author: fascinosum

app/code/Magento/Analytics/Controller/Adminhtml/Export/Example.php

@@ -58,6 +58,8 @@ public function encode($source)
             } catch (\Exception $e) {
                 throw new LocalizedException(__('Input data must be string or convertible into string.'));
             }
+        } elseif (!$source) {
+            throw new LocalizedException(__('Input data must be non-empty string.'));
         }
         if (!$this->validateCipherMethod($this->cipherMethod)) {
             throw new LocalizedException(__('Not valid cipher method.'));
@@ -81,11 +83,13 @@ public function encode($source)
     /**
      * Return key for encryption.
      *
+     * Random initial value for key used in case of empty token value to prevent a vulnerability with a predicted key.
+     *
      * @return string
      */
     private function getKey()
     {
-        return hash('sha256', $this->analyticsToken->getToken());
+        return hash('sha256', $this->analyticsToken->getToken() ?: openssl_random_pseudo_bytes(256));
     }
 
     /**

app/code/Magento/Analytics/Model/Cryptographer.php

@@ -120,7 +120,7 @@ public function prepareExportData()
      *
      * @return string
      */
-    public function getTmpFilesDirRelativePath()
+    private function getTmpFilesDirRelativePath()
     {
         return $this->subdirectoryPath . 'tmp/';
     }
@@ -130,7 +130,7 @@ public function getTmpFilesDirRelativePath()
      *
      * @return string
      */
-    public function getArchiveRelativePath()
+    private function getArchiveRelativePath()
     {
         return $this->subdirectoryPath . $this->archiveName;
     }

app/code/Magento/Analytics/Model/ExportDataHandler.php

@@ -42,31 +42,11 @@ public function getPath()
         return $this->path;
     }
 
-    /**
-     * @param string $path
-     * @return $this
-     */
-    public function setPath($path)
-    {
-        $this->path = $path;
-        return $this;
-    }
-
     /**
      * @return string
      */
     public function getInitializationVector()
     {
         return $this->initializationVector;
     }
-
-    /**
-     * @param string $initializationVector
-     * @return $this
-     */
-    public function setInitializationVector($initializationVector)
-    {
-        $this->initializationVector = $initializationVector;
-        return $this;
-    }
 }

app/code/Magento/Analytics/Model/FileInfo.php

@@ -101,9 +101,12 @@ private function getFileRelativePath()
      */
     private function registerFile(EncodedContext $encodedContext, $fileRelativePath)
     {
-        $newFileInfo = $this->fileInfoFactory->create();
-        $newFileInfo->setInitializationVector($encodedContext->getInitializationVector())
-            ->setPath($fileRelativePath);
+        $newFileInfo = $this->fileInfoFactory->create(
+            [
+                'path' => $fileRelativePath,
+                'initializationVector' => $encodedContext->getInitializationVector(),
+            ]
+        );
         $this->fileInfoManager->save($newFileInfo);
 
         return true;

app/code/Magento/Analytics/Model/FileRecorder.php

@@ -0,0 +1,210 @@
+<?php
+/**
+ * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Analytics\Test\Unit\Model;
+
+use Magento\Analytics\Model\AnalyticsToken;
+use Magento\Analytics\Model\Cryptographer;
+use Magento\Analytics\Model\EncodedContext;
+use Magento\Analytics\Model\EncodedContextFactory;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+
+/**
+ * Class CryptographerTest
+ */
+class CryptographerTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var AnalyticsToken|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $analyticsTokenMock;
+
+    /**
+     * @var EncodedContextFactory|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $encodedContextFactoryMock;
+
+    /**
+     * @var EncodedContext|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $encodedContextMock;
+
+    /**
+     * @var ObjectManagerHelper
+     */
+    private $objectManagerHelper;
+
+    /**
+     * @var Cryptographer
+     */
+    private $cryptographer;
+
+    /**
+     * @var string
+     */
+    private $key;
+
+    /**
+     * @var array
+     */
+    private $initializationVectors;
+
+    /**
+     * @var
+     */
+    private $source;
+
+    /**
+     * @var string
+     */
+    private $cipherMethod = 'AES-256-CBC';
+
+    /**
+     * @return void
+     */
+    protected function setUp()
+    {
+        $this->analyticsTokenMock = $this->getMockBuilder(AnalyticsToken::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->encodedContextFactoryMock = $this->getMockBuilder(EncodedContextFactory::class)
+            ->setMethods(['create'])
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->encodedContextMock = $this->getMockBuilder(EncodedContext::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->key = '';
+        $this->source = '';
+        $this->initializationVectors = [];
+
+        $this->objectManagerHelper = new ObjectManagerHelper($this);
+
+        $this->cryptographer = $this->objectManagerHelper->getObject(
+            Cryptographer::class,
+            [
+                'analyticsToken' => $this->analyticsTokenMock,
+                'encodedContextFactory' => $this->encodedContextFactoryMock,
+                'cipherMethod' => $this->cipherMethod,
+            ]
+        );
+    }
+
+    /**
+     * @return void
+     */
+    public function testEncode()
+    {
+        $token = 'some-token-value';
+        $this->source = 'Some text';
+        $this->key = hash('sha256', $token);
+
+        $checkEncodedContext = function ($parameters) {
+            $emptyRequiredParameters =
+                array_diff(['content', 'initializationVector'], array_keys(array_filter($parameters)));
+            if ($emptyRequiredParameters) {
+                return false;
+            }
+
+            $encryptedData = openssl_encrypt(
+                $this->source,
+                $this->cipherMethod,
+                $this->key,
+                OPENSSL_RAW_DATA,
+                $parameters['initializationVector']
+            );
+
+            return ($encryptedData === $parameters['content']);
+        };
+
+        $this->analyticsTokenMock
+            ->expects($this->once())
+            ->method('getToken')
+            ->with()
+            ->willReturn($token);
+
+        $this->encodedContextFactoryMock
+            ->expects($this->once())
+            ->method('create')
+            ->with($this->callback($checkEncodedContext))
+            ->willReturn($this->encodedContextMock);
+
+        $this->assertSame($this->encodedContextMock, $this->cryptographer->encode($this->source));
+    }
+
+    /**
+     * @return void
+     */
+    public function testEncodeUniqueInitializationVector()
+    {
+        $this->source = 'Some text';
+        $token = 'some-token-value';
+
+        $registerInitializationVector = function ($parameters) {
+            if (empty($parameters['initializationVector'])) {
+                return false;
+            }
+
+            $this->initializationVectors[] = $parameters['initializationVector'];
+
+            return true;
+        };
+
+        $this->analyticsTokenMock
+            ->expects($this->exactly(2))
+            ->method('getToken')
+            ->with()
+            ->willReturn($token);
+
+        $this->encodedContextFactoryMock
+            ->expects($this->exactly(2))
+            ->method('create')
+            ->with($this->callback($registerInitializationVector))
+            ->willReturn($this->encodedContextMock);
+
+        $this->assertSame($this->encodedContextMock, $this->cryptographer->encode($this->source));
+        $this->assertSame($this->encodedContextMock, $this->cryptographer->encode($this->source));
+        $this->assertCount(2, array_unique($this->initializationVectors));
+    }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     * @dataProvider encodeNotValidSourceDataProvider
+     */
+    public function testEncodeNotValidSource($source)
+    {
+        $this->cryptographer->encode($source);
+    }
+
+    /**
+     * @return array
+     */
+    public function encodeNotValidSourceDataProvider()
+    {
+        return [
+            'Array' => [[]],
+            'Empty string' => [''],
+        ];
+    }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     */
+    public function testEncodeNotValidCipherMethod()
+    {
+        $source = 'Some string';
+        $cryptographer = $this->objectManagerHelper->getObject(
+            Cryptographer::class,
+            [
+                'cipherMethod' => 'Wrong-method',
+            ]
+        );
+
+        $cryptographer->encode($source);
+    }
+}