added support for gcs encryption

phore · Feb 11, 2024 · 0e130a0 · 0e130a0
1 parent 681305f
commit 0e130a0
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 9 deletions.
diff --git a/src/Driver/GoogleObjectStoreDriver.php b/src/Driver/GoogleObjectStoreDriver.php
@@ -17,6 +17,7 @@
 use Google\Cloud\Storage\StorageClient;
 use InvalidArgumentException;
 use Phore\ObjectStore\Encryption\ObjectStoreEncryption;
+use Phore\ObjectStore\Encryption\PassThruNoEncryption;
 use Phore\ObjectStore\Type\ObjectStoreObject;
 use Psr\Http\Message\StreamInterface;
 
@@ -36,6 +37,11 @@ class GoogleObjectStoreDriver implements ObjectStoreDriver
 
     private $putOpts = [];
 
+    /**
+     * @var ObjectStoreEncryption
+     */
+    private $encryption;
+
     /**
      * GoogleObjectStoreDriver constructor.
      *
@@ -59,11 +65,12 @@ public function __construct($keyFile, string $bucketName, array $putOpts = ["pre
         $storage = new StorageClient($options);
 
         $this->bucket = $storage->bucket($bucketName);
+        $this->encryption = $this->encryption ?? new PassThruNoEncryption();
     }
 
     public function setEncryption(ObjectStoreEncryption $encryption)
     {
-        throw new InvalidArgumentException("Encryption not supported in Google implementation");
+        $this->encryption = $encryption;
     }
     /**
      * @param string $objectId
@@ -101,7 +108,7 @@ private function _getPutOpts($objectId, array $metadata = null): array
     public function put(string $objectId, $content, array $metadata = null)
     {
         $opts = $this->_getPutOpts($objectId, $metadata);
-        $this->bucket->upload($content, $opts);
+        $this->bucket->upload($this->encryption->encrypt($content), $opts);
     }
 
     /**
@@ -112,6 +119,9 @@ public function put(string $objectId, $content, array $metadata = null)
      */
     public function putStream(string $objectId, $resource, array $metadata = null)
     {
+        if ( ! ($this->encryption instanceof PassThruNoEncryption)) {
+            throw new \InvalidArgumentException("Cannot put stream with encryption enabled.");
+        }
         $opts = $this->_getPutOpts($objectId, $metadata);
         $this->bucket->upload($resource, $opts);
     }
@@ -133,7 +143,7 @@ public function get(string $objectId, array &$meta = null): string
                 if (isset ($info['metadata'])) {
                     $meta = $info['metadata'];
                 }
-                return $data;
+                return $this->encryption->decrypt($data);
             } catch (NotFoundException $e) {
                 throw new \Phore\Core\Exception\NotFoundException($e->getMessage(), $e->getCode(), $e);
             } catch (Exception $e) {
@@ -155,6 +165,9 @@ public function get(string $objectId, array &$meta = null): string
      */
     public function getStream(string $objectId, array &$meta = null): StreamInterface
     {
+        if ( ! ($this->encryption instanceof PassThruNoEncryption)) {
+            throw new \InvalidArgumentException("Cannot put stream with encryption enabled.");
+        }
         try {
             $object = $this->bucket->object($objectId);
             $stream = $object->downloadAsStream();
@@ -252,6 +265,9 @@ public function rename(string $objectId, string $newObjectId): void
      */
     public function append(string $objectId, string $data)
     {
+        if ( ! ($this->encryption instanceof PassThruNoEncryption)) {
+            throw new \InvalidArgumentException("Cannot put stream with encryption enabled.");
+        }
         $ext = pathinfo($objectId)['extension'];
         if ($ext !== '') {
             $ext = ".$ext";

diff --git a/src/Driver/PhoreGoogleObjectStoreDriver.php b/src/Driver/PhoreGoogleObjectStoreDriver.php
@@ -44,7 +44,7 @@ class PhoreGoogleObjectStoreDriver implements ObjectStoreDriver
     public $accessToken;
 
     private int $accessTokenExpires = 0;
-    
+
     /**
      * @var integer
      */
@@ -83,15 +83,15 @@ public function __construct(string $configFilePath, string $bucketName, bool $re
             $this->encryption = new PassThruNoEncryption();
     }
 
-    
+
     protected function _regenertateAccessToken () {
         if (time() < $this->accessTokenExpires)
             return;
         $this->accessToken = $this->_getJwt()['access_token'];
         $this->accessTokenExpires = time() + 300;
     }
-    
-    
+
+
     public function setRetries(int $retries)
     {
         $this->retries = $retries;
@@ -132,7 +132,10 @@ private function _getJwt()
 
         $signedToken = $b64header . '.' . $b64payload . '.' . $this->_base64Enc($signature);
 
-        return phore_http_request('https://oauth2.googleapis.com/token')->withPostFormBody(['grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $signedToken])->send()->getBodyJson();
+
+        $jwt = phore_http_request('https://oauth2.googleapis.com/token')->withPostFormBody(['grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion' => $signedToken])->send()->getBodyJson();
+
+        return $jwt;
     }
 
     /**
@@ -143,7 +146,7 @@ private function _getJwt()
     public function has(string $objectId): bool
     {
         $this->_regenertateAccessToken();
-        
+
         $i = 0;
         do {
             try {