From 23fa01181f70f92fb3ac319cfb9e8644f15dfb4d Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Wed, 16 Dec 2020 15:41:48 -0800
Subject: [PATCH] (dev/core#2258) CryptoRegistry - Don't parse factory code
 unless it's being used

This moves the factory function from `Container.php` (which is loaded on all
page-views on all configurations) to `CryptoRegistry.php` (which is only
loaded if the site actually used encrypted fields).
---
 Civi/Core/Container.php        | 45 +---------------------------------
 Civi/Crypto/CryptoRegistry.php | 43 ++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/Civi/Core/Container.php b/Civi/Core/Container.php
index 67f5319585..1eec43c27a 100644
--- a/Civi/Core/Container.php
+++ b/Civi/Core/Container.php
@@ -219,7 +219,7 @@ class Container {
       ->setFactory('CRM_Utils_Mail::createMailer')->setPublic(TRUE);
 
     $container->setDefinition('crypto.registry', new Definition('Civi\Crypto\CryptoService'))
-      ->setFactory(__CLASS__ . '::createCryptoRegistry')->setPublic(TRUE);
+      ->setFactory('Civi\Crypto\CryptoRegistry::createDefaultRegistry')->setPublic(TRUE);
 
     $container->setDefinition('crypto.token', new Definition('Civi\Crypto\CryptoToken', []))
       ->setPublic(TRUE);
@@ -505,49 +505,6 @@ class Container {
     return new \ArrayObject($settings);
   }
 
-  /**
-   * Initialize the cryptogrpahic registry. It tracks available ciphers and keys.
-   *
-   * @return \Civi\Crypto\CryptoRegistry
-   * @throws \CRM_Core_Exception
-   * @throws \Civi\Crypto\Exception\CryptoException
-   */
-  public static function createCryptoRegistry() {
-    $crypto = new \Civi\Crypto\CryptoRegistry();
-    $crypto->addCipherSuite(new \Civi\Crypto\PhpseclibCipherSuite());
-
-    $crypto->addPlainText(['tags' => ['CRED']]);
-    if (defined('CIVICRM_CRED_KEYS')) {
-      foreach (explode(' ', CIVICRM_CRED_KEYS) as $n => $keyExpr) {
-        $crypto->addSymmetricKey($crypto->parseKey($keyExpr) + [
-          'tags' => ['CRED'],
-          'weight' => $n,
-        ]);
-      }
-    }
-    if (defined('CIVICRM_SITE_KEY')) {
-      // Recent upgrades may not have CIVICRM_CRED_KEYS. Transitional support - the CIVICRM_SITE_KEY is last-priority option for credentials.
-      $crypto->addSymmetricKey([
-        'key' => hash_hkdf('sha256', CIVICRM_SITE_KEY),
-        'suite' => 'aes-cbc',
-        'tags' => ['CRED'],
-        'weight' => 30000,
-      ]);
-    }
-    //if (isset($_COOKIE['CIVICRM_FORM_KEY'])) {
-    //  $crypto->addSymmetricKey([
-    //    'key' => base64_decode($_COOKIE['CIVICRM_FORM_KEY']),
-    //    'suite' => 'aes-cbc',
-    //    'tag' => ['FORM'],
-    //  ]);
-    //  // else: somewhere in CRM_Core_Form, we may need to initialize CIVICRM_FORM_KEY
-    //}
-
-    // Allow plugins to add/replace any keys and ciphers.
-    \CRM_Utils_Hook::crypto($crypto);
-    return $crypto;
-  }
-
   /**
    * Get a list of boot services.
    *
diff --git a/Civi/Crypto/CryptoRegistry.php b/Civi/Crypto/CryptoRegistry.php
index 5e660b4a32..7fc2150ad9 100644
--- a/Civi/Crypto/CryptoRegistry.php
+++ b/Civi/Crypto/CryptoRegistry.php
@@ -54,6 +54,49 @@ class CryptoRegistry {
 
   protected $cipherSuites = [];
 
+  /**
+   * Initialize a default instance of the registry.
+   *
+   * @return \Civi\Crypto\CryptoRegistry
+   * @throws \CRM_Core_Exception
+   * @throws \Civi\Crypto\Exception\CryptoException
+   */
+  public static function createDefaultRegistry() {
+    $registry = new static();
+    $registry->addCipherSuite(new \Civi\Crypto\PhpseclibCipherSuite());
+
+    $registry->addPlainText(['tags' => ['CRED']]);
+    if (defined('CIVICRM_CRED_KEYS')) {
+      foreach (explode(' ', CIVICRM_CRED_KEYS) as $n => $keyExpr) {
+        $registry->addSymmetricKey($registry->parseKey($keyExpr) + [
+          'tags' => ['CRED'],
+          'weight' => $n,
+        ]);
+      }
+    }
+    if (defined('CIVICRM_SITE_KEY')) {
+      // Recent upgrades may not have CIVICRM_CRED_KEYS. Transitional support - the CIVICRM_SITE_KEY is last-priority option for credentials.
+      $registry->addSymmetricKey([
+        'key' => hash_hkdf('sha256', CIVICRM_SITE_KEY),
+        'suite' => 'aes-cbc',
+        'tags' => ['CRED'],
+        'weight' => 30000,
+      ]);
+    }
+    //if (isset($_COOKIE['CIVICRM_FORM_KEY'])) {
+    //  $crypto->addSymmetricKey([
+    //    'key' => base64_decode($_COOKIE['CIVICRM_FORM_KEY']),
+    //    'suite' => 'aes-cbc',
+    //    'tag' => ['FORM'],
+    //  ]);
+    //  // else: somewhere in CRM_Core_Form, we may need to initialize CIVICRM_FORM_KEY
+    //}
+
+    // Allow plugins to add/replace any keys and ciphers.
+    \CRM_Utils_Hook::crypto($registry);
+    return $registry;
+  }
+
   public function __construct() {
     $this->cipherSuites['plain'] = TRUE;
     $this->keys['plain'] = [
-- 
2.25.1