move logic into personal data payload cryptographer

DavidBadura · DavidBadura · commit ac14cc2a8d22 · 2025-03-20T15:30:05.000+01:00
diff --git a/src/Cryptography/Cipher/OpensslCipher.php b/src/Cryptography/Cipher/OpensslCipher.php
@@ -17,17 +17,8 @@
 
 final class OpensslCipher implements Cipher
 {
-    public function __construct(
-        private readonly string $prefix = '',
-    ) {
-    }
-
     public function encrypt(CipherKey $key, mixed $data): string
     {
-        if ($this->prefix && is_string($data) && str_starts_with($data, $this->prefix)) {
-            throw new EncryptionFailed();
-        }
-
         $encryptedData = @openssl_encrypt(
             $this->dataEncode($data),
             $key->method,
@@ -40,19 +31,11 @@ public function encrypt(CipherKey $key, mixed $data): string
             throw new EncryptionFailed();
         }
 
-        return $this->prefix . base64_encode($encryptedData);
+        return base64_encode($encryptedData);
     }
 
     public function decrypt(CipherKey $key, string $data): mixed
     {
-        if ($this->prefix) {
-            if (str_starts_with($data, $this->prefix)) {
-                $data = substr($data, strlen($this->prefix));
-            } else {
-                return $data;
-            }
-        }
-
         $data = @openssl_decrypt(
             base64_decode($data),
             $key->method,
diff --git a/src/Cryptography/PersonalDataPayloadCryptographer.php b/src/Cryptography/PersonalDataPayloadCryptographer.php
@@ -23,6 +23,7 @@ public function __construct(
         private readonly CipherKeyStore $cipherKeyStore,
         private readonly CipherKeyFactory $cipherKeyFactory,
         private readonly Cipher $cipher,
+        private readonly string $encryptedDataPrefix = '',
     ) {
     }
 
@@ -51,7 +52,7 @@ public function encrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
-            $data[$propertyMetadata->fieldName()] = $this->cipher->encrypt(
+            $data[$propertyMetadata->fieldName()] = $this->encryptedDataPrefix . $this->cipher->encrypt(
                 $cipherKey,
                 $data[$propertyMetadata->fieldName()],
             );
@@ -84,6 +85,16 @@ public function decrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
+            $fieldData = $data[$propertyMetadata->fieldName()];
+
+            if ($this->encryptedDataPrefix !== '') {
+                if (str_starts_with($fieldData, $this->encryptedDataPrefix)) {
+                    $fieldData = mb_substr($fieldData, mb_strlen($this->encryptedDataPrefix));
+                } else {
+                    continue;
+                }
+            }
+
             if (!$cipherKey) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();
                 continue;
@@ -92,7 +103,7 @@ public function decrypt(ClassMetadata $metadata, array $data): array
             try {
                 $data[$propertyMetadata->fieldName()] = $this->cipher->decrypt(
                     $cipherKey,
-                    $data[$propertyMetadata->fieldName()],
+                    $fieldData,
                 );
             } catch (DecryptionFailed) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();
