20643293754

Committed 01 Jan 2026 06:18PM UTC coverage: 85.468% (-0.03%) from 85.499%

Build # 20643293754

Build Type

Pull #9863

github

Committed by

web-flow

Commit Message

Merge 0d306a76b into ff20d8106

Pull Request Pull Request #9863: feat: encryption key rotation support

Run Details

86 of 94 new or added lines in 4 files covered. (91.49%)

9 existing lines in 1 file now uncovered.

21838 of 25551 relevant lines covered (85.47%)

203.82 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

86.96

/system/Encryption/Handlers/BaseHandler.php

<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter 4 framework.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\Encryption\Handlers;

use CodeIgniter\Encryption\EncrypterInterface;
use CodeIgniter\Encryption\Exceptions\EncryptionException;
use Config\Encryption;
use SensitiveParameter;

/**
 * Base class for encryption handling
 */
abstract class BaseHandler implements EncrypterInterface
{
    /**
     * Previous encryption keys for decryption fallback
     *
     * @var list<string>
     */
    protected array $previousKeys = [];

    /**
     * Constructor
     */
    public function __construct(?Encryption $config = null)
    {
        $config ??= config(Encryption::class);

        // make the parameters conveniently accessible
        foreach (get_object_vars($config) as $key => $value) {
            if (property_exists($this, $key)) {
                $this->{$key} = $value;
            }
        }
    }

    /**
     * Byte-safe substr()
     *
     * @param string $str
     * @param int    $start
     * @param int    $length
     *
     * @return string
     */
    protected static function substr($str, $start, $length = null)
    {
        return mb_substr($str, $start, $length, '8bit');
    }

    /**
     * Try to decrypt data with fallback to previous keys
     *
     * @param string                                                               $data            Data to decrypt
     * @param array<string, bool|int|string>|string|null                           $params          Overridden parameters, specifically the key
     * @param callable(string, array<string, bool|int|string>|string|null): string $decryptCallback Callback that performs the actual decryption
     *
     * @return string
     *
     * @throws EncryptionException
     */
    protected function tryDecryptWithFallback($data, #[SensitiveParameter] $params, callable $decryptCallback)
    {
        try {
            return $decryptCallback($data, $params);
        } catch (EncryptionException $e) {
            if ($this->previousKeys === []) {
                throw $e;
            }

            if (is_string($params) || (is_array($params) && isset($params['key']))) {
                throw $e;
            }

            foreach ($this->previousKeys as $previousKey) {
                try {
                    $previousParams = is_array($params)
                        ? array_merge($params, ['key' => $previousKey])
                        : $previousKey;

                    return $decryptCallback($data, $previousParams);
                } catch (EncryptionException) {
                    continue;
                }
            }

            throw $e;
        }
    }

    /**
     * __get() magic, providing readonly access to some of our properties
     *
     * @param string $key Property name
     *
     * @return array|bool|int|string|null
     */
    public function __get($key)
    {
        if ($this->__isset($key)) {
            return $this->{$key};
        }

        return null;
    }

    /**
     * __isset() magic, providing checking for some of our properties
     *
     * @param string $key Property name
     */
    public function __isset($key): bool
    {
        return property_exists($this, $key);
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of CodeIgniter 4 framework.
7	*
8	* (c) CodeIgniter Foundation <admin@codeigniter.com>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace CodeIgniter\Encryption\Handlers;
15
16	use CodeIgniter\Encryption\EncrypterInterface;
17	use CodeIgniter\Encryption\Exceptions\EncryptionException;
18	use Config\Encryption;
19	use SensitiveParameter;
20
21	/**
22	* Base class for encryption handling
23	*/
24	abstract class BaseHandler implements EncrypterInterface
25	{
26	/**
27	* Previous encryption keys for decryption fallback
28	*
29	* @var list<string>
30	*/
31	protected array $previousKeys = [];
32
33	/**
34	* Constructor
35	*/
36	public function __construct(?Encryption $config = null)
37	{
38	$config ??= config(Encryption::class);	28✔
39
40	// make the parameters conveniently accessible
41	foreach (get_object_vars($config) as $key => $value) {	28✔
42	if (property_exists($this, $key)) {	28✔
43	$this->{$key} = $value;	28✔
44	}
45	}
46	}
47
48	/**
49	* Byte-safe substr()
50	*
51	* @param string $str
52	* @param int $start
53	* @param int $length
54	*
55	* @return string
56	*/
57	protected static function substr($str, $start, $length = null)
58	{
59	return mb_substr($str, $start, $length, '8bit');	20✔
60	}
61
62	/**
63	* Try to decrypt data with fallback to previous keys
64	*
65	* @param string $data Data to decrypt
66	* @param array<string, bool\|int\|string>\|string\|null $params Overridden parameters, specifically the key
67	* @param callable(string, array<string, bool\|int\|string>\|string\|null): string $decryptCallback Callback that performs the actual decryption
68	*
69	* @return string
70	*
71	* @throws EncryptionException
72	*/
73	protected function tryDecryptWithFallback($data, #[SensitiveParameter] $params, callable $decryptCallback)
74	{
75	try {
76	return $decryptCallback($data, $params);	21✔
77	} catch (EncryptionException $e) {	12✔
78	if ($this->previousKeys === []) {	12✔
NEW 79	throw $e;	×
80	}
81
82	if (is_string($params) \|\| (is_array($params) && isset($params['key']))) {	12✔
83	throw $e;	8✔
84	}
85
86	foreach ($this->previousKeys as $previousKey) {	4✔
87	try {
88	$previousParams = is_array($params)	4✔
NEW 89	? array_merge($params, ['key' => $previousKey])	×
90	: $previousKey;	4✔
91
92	return $decryptCallback($data, $previousParams);	4✔
93	} catch (EncryptionException) {	2✔
94	continue;	2✔
95	}
96	}
97
NEW 98	throw $e;	×
99	}
100	}
101
102	/**
103	* __get() magic, providing readonly access to some of our properties
104	*
105	* @param string $key Property name
106	*
107	* @return array\|bool\|int\|string\|null
108	*/
109	public function __get($key)
110	{
111	if ($this->__isset($key)) {	4✔
112	return $this->{$key};	4✔
113	}
114
115	return null;	1✔
116	}
117
118	/**
119	* __isset() magic, providing checking for some of our properties
120	*
121	* @param string $key Property name
122	*/
123	public function __isset($key): bool
124	{
125	return property_exists($this, $key);	4✔
126	}
127	}

codeigniter4 / CodeIgniter4 / 20643293754

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous