Commit | Line | Data |
---|---|---|
5d5d3b35 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
bc77d7c0 | 4 | | Copyright CiviCRM LLC. All rights reserved. | |
5d5d3b35 | 5 | | | |
bc77d7c0 TO |
6 | | This work is published under the GNU AGPLv3 license with some | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
5d5d3b35 TO |
9 | +--------------------------------------------------------------------+ |
10 | */ | |
11 | ||
9ae2d27b | 12 | use Civi\Cxn\Rpc\Constants; |
5063e355 | 13 | use Civi\Cxn\Rpc\DefaultCertificateValidator; |
9ae2d27b | 14 | |
5d5d3b35 TO |
15 | /** |
16 | * | |
17 | * @package CRM | |
ca5cec67 | 18 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
5d5d3b35 TO |
19 | */ |
20 | ||
21 | /** | |
22 | * This class helps to manage connections to third-party apps. | |
23 | */ | |
24 | class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn { | |
0849804a TO |
25 | |
26 | /** | |
27 | * Determine the current site's callback URL. | |
28 | * | |
29 | * @return string | |
30 | */ | |
5d5d3b35 | 31 | public static function getSiteCallbackUrl() { |
9df3628e | 32 | return CRM_Utils_System::externUrl('extern/cxn', NULL, NULL, TRUE, TRUE); |
5d5d3b35 TO |
33 | } |
34 | ||
0849804a TO |
35 | /** |
36 | * Update the AppMeta for any existing connections. | |
37 | * | |
38 | * @param array $appMeta | |
39 | * @throws \Civi\Cxn\Rpc\Exception\CxnException | |
40 | */ | |
5d5d3b35 TO |
41 | public static function updateAppMeta($appMeta) { |
42 | \Civi\Cxn\Rpc\AppMeta::validate($appMeta); | |
be2fb01f CW |
43 | CRM_Core_DAO::executeQuery('UPDATE civicrm_cxn SET app_meta = %1 WHERE app_guid = %2', [ |
44 | 1 => [json_encode($appMeta), 'String'], | |
45 | 2 => [$appMeta['appId'], 'String'], | |
46 | ]); | |
5d5d3b35 | 47 | } |
0efb07c0 | 48 | |
0849804a TO |
49 | /** |
50 | * Get the AppMeta for an existing connection. | |
51 | * | |
52 | * @param string $cxnId | |
53 | * @return array | |
54 | * @throws \Civi\Cxn\Rpc\Exception\CxnException | |
55 | */ | |
0efb07c0 | 56 | public static function getAppMeta($cxnId) { |
39151786 | 57 | $appMetaJson = CRM_Core_DAO::getFieldValue('CRM_Cxn_DAO_Cxn', $cxnId, 'app_meta', 'cxn_guid', TRUE); |
0efb07c0 TO |
58 | $appMeta = json_decode($appMetaJson, TRUE); |
59 | \Civi\Cxn\Rpc\AppMeta::validate($appMeta); | |
60 | return $appMeta; | |
61 | } | |
62 | ||
9ae2d27b TO |
63 | /** |
64 | * Parse the CIVICRM_CXN_CA constant. It may have the following | |
65 | * values: | |
66 | * - 'CiviRootCA'|undefined -- Use the production civicrm.org root CA | |
67 | * - 'CiviTestRootCA' -- Use the test civicrm.org root CA | |
68 | * - 'none' -- Do not perform any certificate verification. | |
69 | * | |
70 | * This constant is emphatically *not* exposed through Civi's "Settings" | |
71 | * system (or any other runtime-editable datastore). Manipulating | |
72 | * this setting can expose the system to man-in-the-middle attacks, | |
73 | * and allowing runtime manipulation would create a new vector | |
74 | * for escalating privileges. This setting must only be manipulated | |
75 | * by developers and sysadmins who already have full privileges | |
76 | * to edit the source. | |
77 | * | |
78 | * @return string|NULL | |
79 | * The PEM-encoded root certificate. NULL if verification is disabled. | |
80 | * @throws CRM_Core_Exception | |
81 | */ | |
13afc1a9 | 82 | public static function getCACert() { |
9ae2d27b TO |
83 | if (!defined('CIVICRM_CXN_CA') || CIVICRM_CXN_CA === 'CiviRootCA') { |
84 | $file = Constants::getCert(); | |
85 | } | |
86 | elseif (CIVICRM_CXN_CA === 'CiviTestRootCA') { | |
87 | $file = Constants::getTestCert(); | |
88 | } | |
89 | elseif (CIVICRM_CXN_CA === 'none') { | |
90 | return NULL; | |
91 | } | |
92 | else { | |
93 | throw new \CRM_Core_Exception("CIVICRM_CXN_CA is invalid."); | |
94 | } | |
95 | ||
96 | $content = file_get_contents($file); | |
97 | if (empty($content)) { | |
98 | // Fail hard. Returning an empty value is not acceptable. | |
99 | throw new \CRM_Core_Exception("Error loading CA certificate: $file"); | |
100 | } | |
101 | return $content; | |
102 | } | |
103 | ||
0849804a TO |
104 | /** |
105 | * Construct a client for performing registration actions. | |
106 | * | |
107 | * @return \Civi\Cxn\Rpc\RegistrationClient | |
108 | * @throws CRM_Core_Exception | |
109 | */ | |
9ae2d27b TO |
110 | public static function createRegistrationClient() { |
111 | $cxnStore = new \CRM_Cxn_CiviCxnStore(); | |
a661c5b9 TO |
112 | $viaPort = defined('CIVICRM_CXN_VIA') ? CIVICRM_CXN_VIA : NULL; |
113 | $client = new \Civi\Cxn\Rpc\RegistrationClient( | |
114 | $cxnStore, \CRM_Cxn_BAO_Cxn::getSiteCallbackUrl(), $viaPort); | |
9ae2d27b | 115 | $client->setLog(new \CRM_Utils_SystemLogger()); |
fc736b89 | 116 | $client->setCertValidator(self::createCertificateValidator()); |
5063e355 | 117 | $client->setHttp(CRM_Cxn_CiviCxnHttp::singleton()); |
9ae2d27b TO |
118 | return $client; |
119 | } | |
120 | ||
48716433 TO |
121 | /** |
122 | * Construct a server for handling API requests. | |
123 | * | |
124 | * @return \Civi\Cxn\Rpc\ApiServer | |
125 | */ | |
126 | public static function createApiServer() { | |
127 | $cxnStore = new CRM_Cxn_CiviCxnStore(); | |
128 | $apiServer = new \Civi\Cxn\Rpc\ApiServer($cxnStore); | |
129 | $apiServer->setLog(new CRM_Utils_SystemLogger()); | |
fc736b89 | 130 | $apiServer->setCertValidator(self::createCertificateValidator()); |
5063e355 | 131 | $apiServer->setHttp(CRM_Cxn_CiviCxnHttp::singleton()); |
be2fb01f | 132 | $apiServer->setRouter(['CRM_Cxn_ApiRouter', 'route']); |
48716433 TO |
133 | return $apiServer; |
134 | } | |
135 | ||
fc736b89 | 136 | /** |
7b966967 | 137 | * @return \Civi\Cxn\Rpc\DefaultCertificateValidator |
fc736b89 TO |
138 | * @throws CRM_Core_Exception |
139 | */ | |
140 | public static function createCertificateValidator() { | |
141 | $caCert = self::getCACert(); | |
142 | if ($caCert === NULL) { | |
5063e355 TO |
143 | return new DefaultCertificateValidator( |
144 | NULL, | |
145 | NULL, | |
146 | NULL, | |
147 | NULL | |
148 | ); | |
fc736b89 TO |
149 | } |
150 | else { | |
5063e355 TO |
151 | return new DefaultCertificateValidator( |
152 | $caCert, | |
153 | DefaultCertificateValidator::AUTOLOAD, | |
154 | DefaultCertificateValidator::AUTOLOAD, | |
155 | CRM_Cxn_CiviCxnHttp::singleton() | |
156 | ); | |
fc736b89 TO |
157 | } |
158 | } | |
5063e355 | 159 | |
5d5d3b35 | 160 | } |