[civicrm-core.git] / CRM / Cxn / BAO / Cxn.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

use Civi\Cxn\Rpc\Constants;
use Civi\Cxn\Rpc\DefaultCertificateValidator;

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */

/**
 * This class helps to manage connections to third-party apps.
 */
class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn {

  /**
   * Determine the current site's callback URL.
   *
   * @return string
   */
  public static function getSiteCallbackUrl() {
    return CRM_Utils_System::externUrl('extern/cxn', NULL, NULL, TRUE, TRUE);
  }

  /**
   * Update the AppMeta for any existing connections.
   *
   * @param array $appMeta
   * @throws \Civi\Cxn\Rpc\Exception\CxnException
   */
  public static function updateAppMeta($appMeta) {
    \Civi\Cxn\Rpc\AppMeta::validate($appMeta);
    CRM_Core_DAO::executeQuery('UPDATE civicrm_cxn SET app_meta = %1 WHERE app_guid = %2', [
      1 => [json_encode($appMeta), 'String'],
      2 => [$appMeta['appId'], 'String'],
    ]);
  }

  /**
   * Get the AppMeta for an existing connection.
   *
   * @param string $cxnId
   * @return array
   * @throws \Civi\Cxn\Rpc\Exception\CxnException
   */
  public static function getAppMeta($cxnId) {
    $appMetaJson = CRM_Core_DAO::getFieldValue('CRM_Cxn_DAO_Cxn', $cxnId, 'app_meta', 'cxn_guid', TRUE);
    $appMeta = json_decode($appMetaJson, TRUE);
    \Civi\Cxn\Rpc\AppMeta::validate($appMeta);
    return $appMeta;
  }

  /**
   * Parse the CIVICRM_CXN_CA constant. It may have the following
   * values:
   *   - 'CiviRootCA'|undefined -- Use the production civicrm.org root CA
   *   - 'CiviTestRootCA' -- Use the test civicrm.org root CA
   *   - 'none' -- Do not perform any certificate verification.
   *
   * This constant is emphatically *not* exposed through Civi's "Settings"
   * system (or any other runtime-editable datastore). Manipulating
   * this setting can expose the system to man-in-the-middle attacks,
   * and allowing runtime manipulation would create a new vector
   * for escalating privileges. This setting must only be manipulated
   * by developers and sysadmins who already have full privileges
   * to edit the source.
   *
   * @return string|NULL
   *   The PEM-encoded root certificate. NULL if verification is disabled.
   * @throws CRM_Core_Exception
   */
  public static function getCACert() {
    if (!defined('CIVICRM_CXN_CA') || CIVICRM_CXN_CA === 'CiviRootCA') {
      $file = Constants::getCert();
    }
    elseif (CIVICRM_CXN_CA === 'CiviTestRootCA') {
      $file = Constants::getTestCert();
    }
    elseif (CIVICRM_CXN_CA === 'none') {
      return NULL;
    }
    else {
      throw new \CRM_Core_Exception("CIVICRM_CXN_CA is invalid.");
    }

    $content = file_get_contents($file);
    if (empty($content)) {
      // Fail hard. Returning an empty value is not acceptable.
      throw new \CRM_Core_Exception("Error loading CA certificate: $file");
    }
    return $content;
  }

  /**
   * Construct a client for performing registration actions.
   *
   * @return \Civi\Cxn\Rpc\RegistrationClient
   * @throws CRM_Core_Exception
   */
  public static function createRegistrationClient() {
    $cxnStore = new \CRM_Cxn_CiviCxnStore();
    $viaPort = defined('CIVICRM_CXN_VIA') ? CIVICRM_CXN_VIA : NULL;
    $client = new \Civi\Cxn\Rpc\RegistrationClient(
      $cxnStore, \CRM_Cxn_BAO_Cxn::getSiteCallbackUrl(), $viaPort);
    $client->setLog(new \CRM_Utils_SystemLogger());
    $client->setCertValidator(self::createCertificateValidator());
    $client->setHttp(CRM_Cxn_CiviCxnHttp::singleton());
    return $client;
  }

  /**
   * Construct a server for handling API requests.
   *
   * @return \Civi\Cxn\Rpc\ApiServer
   */
  public static function createApiServer() {
    $cxnStore = new CRM_Cxn_CiviCxnStore();
    $apiServer = new \Civi\Cxn\Rpc\ApiServer($cxnStore);
    $apiServer->setLog(new CRM_Utils_SystemLogger());
    $apiServer->setCertValidator(self::createCertificateValidator());
    $apiServer->setHttp(CRM_Cxn_CiviCxnHttp::singleton());
    $apiServer->setRouter(['CRM_Cxn_ApiRouter', 'route']);
    return $apiServer;
  }

  /**
   * @return \Civi\Cxn\Rpc\DefaultCertificateValidator
   * @throws CRM_Core_Exception
   */
  public static function createCertificateValidator() {
    $caCert = self::getCACert();
    if ($caCert === NULL) {
      return new DefaultCertificateValidator(
        NULL,
        NULL,
        NULL,
        NULL
      );
    }
    else {
      return new DefaultCertificateValidator(
        $caCert,
        DefaultCertificateValidator::AUTOLOAD,
        DefaultCertificateValidator::AUTOLOAD,
        CRM_Cxn_CiviCxnHttp::singleton()
      );
    }
  }

}
Commit	Line	Data
5d5d3b35 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
5d5d3b35	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
5d5d3b35 TO	9	+--------------------------------------------------------------------+
	10	*/
	11
9ae2d27b	12	use Civi\Cxn\Rpc\Constants;
5063e355	13	use Civi\Cxn\Rpc\DefaultCertificateValidator;
9ae2d27b	14
5d5d3b35 TO	15	/**
	16	*
	17	* @package CRM
ca5cec67	18	* @copyright CiviCRM LLC https://civicrm.org/licensing
5d5d3b35 TO	19	*/
	20
	21	/**
	22	* This class helps to manage connections to third-party apps.
	23	*/
	24	class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn {
0849804a TO	25
	26	/**
	27	* Determine the current site's callback URL.
	28	*
	29	* @return string
	30	*/
5d5d3b35	31	public static function getSiteCallbackUrl() {
9df3628e	32	return CRM_Utils_System::externUrl('extern/cxn', NULL, NULL, TRUE, TRUE);
5d5d3b35 TO	33	}
5d5d3b35 TO	34
0849804a TO	35	/**
	36	* Update the AppMeta for any existing connections.
	37	*
	38	* @param array $appMeta
	39	* @throws \Civi\Cxn\Rpc\Exception\CxnException
	40	*/
5d5d3b35 TO	41	public static function updateAppMeta($appMeta) {
5d5d3b35 TO	42	\Civi\Cxn\Rpc\AppMeta::validate($appMeta);
be2fb01f CW	43	CRM_Core_DAO::executeQuery('UPDATE civicrm_cxn SET app_meta = %1 WHERE app_guid = %2', [
	44	1 => [json_encode($appMeta), 'String'],
	45	2 => [$appMeta['appId'], 'String'],
	46	]);
5d5d3b35	47	}
0efb07c0	48
0849804a TO	49	/**
	50	* Get the AppMeta for an existing connection.
	51	*
	52	* @param string $cxnId
	53	* @return array
	54	* @throws \Civi\Cxn\Rpc\Exception\CxnException
	55	*/
0efb07c0	56	public static function getAppMeta($cxnId) {
39151786	57	$appMetaJson = CRM_Core_DAO::getFieldValue('CRM_Cxn_DAO_Cxn', $cxnId, 'app_meta', 'cxn_guid', TRUE);
0efb07c0 TO	58	$appMeta = json_decode($appMetaJson, TRUE);
	59	\Civi\Cxn\Rpc\AppMeta::validate($appMeta);
	60	return $appMeta;
	61	}
	62
9ae2d27b TO	63	/**
	64	* Parse the CIVICRM_CXN_CA constant. It may have the following
	65	* values:
	66	* - 'CiviRootCA'\|undefined -- Use the production civicrm.org root CA
	67	* - 'CiviTestRootCA' -- Use the test civicrm.org root CA
	68	* - 'none' -- Do not perform any certificate verification.
	69	*
	70	* This constant is emphatically not exposed through Civi's "Settings"
	71	* system (or any other runtime-editable datastore). Manipulating
	72	* this setting can expose the system to man-in-the-middle attacks,
	73	* and allowing runtime manipulation would create a new vector
	74	* for escalating privileges. This setting must only be manipulated
	75	* by developers and sysadmins who already have full privileges
	76	* to edit the source.
	77	*
	78	* @return string\|NULL
	79	* The PEM-encoded root certificate. NULL if verification is disabled.
	80	* @throws CRM_Core_Exception
	81	*/
13afc1a9	82	public static function getCACert() {
9ae2d27b TO	83	if (!defined('CIVICRM_CXN_CA') \|\| CIVICRM_CXN_CA === 'CiviRootCA') {
	84	$file = Constants::getCert();
	85	}
	86	elseif (CIVICRM_CXN_CA === 'CiviTestRootCA') {
	87	$file = Constants::getTestCert();
	88	}
	89	elseif (CIVICRM_CXN_CA === 'none') {
	90	return NULL;
	91	}
	92	else {
	93	throw new \CRM_Core_Exception("CIVICRM_CXN_CA is invalid.");
	94	}
	95
	96	$content = file_get_contents($file);
	97	if (empty($content)) {
	98	// Fail hard. Returning an empty value is not acceptable.
	99	throw new \CRM_Core_Exception("Error loading CA certificate: $file");
	100	}
	101	return $content;
	102	}
	103
0849804a TO	104	/**
	105	* Construct a client for performing registration actions.
	106	*
	107	* @return \Civi\Cxn\Rpc\RegistrationClient
	108	* @throws CRM_Core_Exception
	109	*/
9ae2d27b TO	110	public static function createRegistrationClient() {
9ae2d27b TO	111	$cxnStore = new \CRM_Cxn_CiviCxnStore();
a661c5b9 TO	112	$viaPort = defined('CIVICRM_CXN_VIA') ? CIVICRM_CXN_VIA : NULL;
	113	$client = new \Civi\Cxn\Rpc\RegistrationClient(
	114	$cxnStore, \CRM_Cxn_BAO_Cxn::getSiteCallbackUrl(), $viaPort);
9ae2d27b	115	$client->setLog(new \CRM_Utils_SystemLogger());
fc736b89	116	$client->setCertValidator(self::createCertificateValidator());
5063e355	117	$client->setHttp(CRM_Cxn_CiviCxnHttp::singleton());
9ae2d27b TO	118	return $client;
	119	}
	120
48716433 TO	121	/**
	122	* Construct a server for handling API requests.
	123	*
	124	* @return \Civi\Cxn\Rpc\ApiServer
	125	*/
	126	public static function createApiServer() {
	127	$cxnStore = new CRM_Cxn_CiviCxnStore();
	128	$apiServer = new \Civi\Cxn\Rpc\ApiServer($cxnStore);
	129	$apiServer->setLog(new CRM_Utils_SystemLogger());
fc736b89	130	$apiServer->setCertValidator(self::createCertificateValidator());
5063e355	131	$apiServer->setHttp(CRM_Cxn_CiviCxnHttp::singleton());
be2fb01f	132	$apiServer->setRouter(['CRM_Cxn_ApiRouter', 'route']);
48716433 TO	133	return $apiServer;
	134	}
	135
fc736b89	136	/**
7b966967	137	* @return \Civi\Cxn\Rpc\DefaultCertificateValidator
fc736b89 TO	138	* @throws CRM_Core_Exception
	139	*/
	140	public static function createCertificateValidator() {
	141	$caCert = self::getCACert();
	142	if ($caCert === NULL) {
5063e355 TO	143	return new DefaultCertificateValidator(
	144	NULL,
	145	NULL,
	146	NULL,
	147	NULL
	148	);
fc736b89 TO	149	}
fc736b89 TO	150	else {
5063e355 TO	151	return new DefaultCertificateValidator(
	152	$caCert,
	153	DefaultCertificateValidator::AUTOLOAD,
	154	DefaultCertificateValidator::AUTOLOAD,
	155	CRM_Cxn_CiviCxnHttp::singleton()
	156	);
fc736b89 TO	157	}
fc736b89 TO	158	}
5063e355	159
5d5d3b35	160	}