[add] Crypto methods

api-payroll/src/dependencies.php

@@ -17,3 +17,11 @@ $container['logger'] = function ($c) {
     $logger->pushHandler(new Monolog\Handler\StreamHandler($settings['path'], $settings['level']));
     return $logger;
 };
+
+// Cryto functions
+$container['cryptographyService'] = function ($c) {
+    $cryptographySettings = $c->get('settings')['cryptography'];
+    require dirname(__FILE__) . "/../src/service/cryptography.php";
+    $cryptographyService = new cryptographyService($cryptographySettings);
+    return $cryptographyService;
+};

api-payroll/src/service/cryptography.php

@@ -0,0 +1,86 @@
+<?php
+/**
+ * A collection of functions to securely handling sensitive data,
+ * passwords as well as making use of other crypto needs within
+ * the project
+ *
+ * @property  settings
+*/
+
+class cryptographyService{
+
+    function __construct($cryptographySettings) {
+        $this->settings = $cryptographySettings;
+    }
+
+    /**
+     * Encrypts a string using the predefined algorithm, the resulting string will contain the
+     * concatenated iv used for salting as well as the cipher text, both in hex format
+     *
+     * @param $text string
+     * @return string
+     * @throws Exception
+     */
+    function encryptString($text){
+        try {
+            $iv = random_bytes($this->settings['ivSize']);
+            $ivInHex = bin2hex($iv);
+
+            $encryptedMessage = openssl_encrypt($text, $this->settings['encryptionAlgorithm'],
+                $this->settings['encryptionPassword'], 1, $iv);
+
+            $hexedCipherText = bin2hex($encryptedMessage);
+
+            return "$ivInHex$hexedCipherText";
+        } catch (Exception $e) {
+            throw new Exception('here was an error encrypting the string, contact the system administrator.');
+            $this->logger->warning("There was an error in the cryptographyService->encryptString caused by: $e ");
+        }
+    }
+
+    /**
+    * Decrypts a string using the predefined algorithm
+     * 
+     * This method assumes that an iv with the length taken from the setting ivSize is present
+     * at the beginning of the string and this will be used to decrypt the cipher text
+     *
+     * @param $cipherText string
+     * @return string
+    */
+    function decryptString($cipherText) {
+        $cipherText = hex2bin($cipherText);
+
+        $totalCharaters = strlen($cipherText);
+        $iv = substr($cipherText, 0, $this->settings['ivSize']);
+        $cipherTextWithIv = substr($cipherText, $this->settings['ivSize'], $totalCharaters);
+
+        return openssl_decrypt($cipherTextWithIv, $this->settings['encryptionAlgorithm'],
+            $this->settings['encryptionPassword'], 1, $iv);
+    }
+
+    /**
+     * Securely hashes a password for its coldstorage
+     *
+     * @param $password string
+     * @return string
+     */
+    function encryptPassword($password) {
+        $options = [
+            'cost' => $this->settings['passwordHashCost'],
+        ];
+
+        return password_hash($password, PASSWORD_BCRYPT, $options);
+    }
+
+    /**
+     * Compares a password given in plain text against the encrypted veersion to determined if they're
+     * the same password
+     *
+     * @param $plainPassword string
+     * @param $encryptedPassword string
+     * @return boolean
+    */
+    function decryptPassword($plainPassword, $encryptedPassword) {
+        return password_verify($plainPassword, $encryptedPassword);
+    }
+}

api-payroll/src/settings.php

@@ -15,5 +15,13 @@ return [
             'path' => isset($_ENV['docker']) ? 'php://stdout' : __DIR__ . '/../logs/app.log',
             'level' => \Monolog\Logger::DEBUG,
         ],
+
+        // Cryptography settings
+        'cryptography' => [
+            'encryptionAlgorithm' => 'AES-256-CBC',
+            'encryptionPassword' => '7de431684c34cf2c898268cff71392f38c4175dde050c9ee69502b81571484e0',
+            'passwordHashCost' => '12',
+            'ivSize' => 16, // 128 bits
+        ],
     ],
 ];