Commit | Line | Data |
---|---|---|
5d5d3b35 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.6 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright (C) 2011 Marty Wright | | |
7 | | Licensed to CiviCRM under the Academic Free License version 3.0. | | |
8 | +--------------------------------------------------------------------+ | |
9 | | This file is a part of CiviCRM. | | |
10 | | | | |
11 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
12 | | under the terms of the GNU Affero General Public License | | |
13 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
14 | | | | |
15 | | CiviCRM is distributed in the hope that it will be useful, but | | |
16 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
17 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
18 | | See the GNU Affero General Public License for more details. | | |
19 | | | | |
20 | | You should have received a copy of the GNU Affero General Public | | |
21 | | License and the CiviCRM Licensing Exception along | | |
22 | | with this program; if not, contact CiviCRM LLC | | |
23 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
24 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
25 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
26 | +--------------------------------------------------------------------+ | |
27 | */ | |
28 | ||
9ae2d27b TO |
29 | use Civi\Cxn\Rpc\Constants; |
30 | ||
5d5d3b35 TO |
31 | /** |
32 | * | |
33 | * @package CRM | |
34 | * @copyright CiviCRM LLC (c) 2004-2014 | |
35 | * $Id$ | |
36 | * | |
37 | */ | |
38 | ||
39 | /** | |
40 | * This class helps to manage connections to third-party apps. | |
41 | */ | |
42 | class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn { | |
0849804a TO |
43 | |
44 | /** | |
45 | * Determine the current site's callback URL. | |
46 | * | |
47 | * @return string | |
48 | */ | |
5d5d3b35 TO |
49 | public static function getSiteCallbackUrl() { |
50 | $config = CRM_Core_Config::singleton(); | |
51 | if (preg_match('/^(http|https):/', $config->resourceBase)) { | |
52 | $civiUrl = $config->resourceBase; | |
53 | } | |
54 | else { | |
55 | $civiUrl = rtrim(CRM_Utils_System::baseURL(), '/') . '/' . ltrim($config->resourceBase, '/'); | |
56 | } | |
57 | return rtrim($civiUrl, '/') . '/extern/cxn.php'; | |
58 | } | |
59 | ||
0849804a TO |
60 | /** |
61 | * Update the AppMeta for any existing connections. | |
62 | * | |
63 | * @param array $appMeta | |
64 | * @throws \Civi\Cxn\Rpc\Exception\CxnException | |
65 | */ | |
5d5d3b35 TO |
66 | public static function updateAppMeta($appMeta) { |
67 | \Civi\Cxn\Rpc\AppMeta::validate($appMeta); | |
39151786 | 68 | CRM_Core_DAO::executeQuery('UPDATE civicrm_cxn SET app_meta = %1 WHERE app_guid = %2', array( |
5d5d3b35 TO |
69 | 1 => array(json_encode($appMeta), 'String'), |
70 | 2 => array($appMeta['appId'], 'String'), | |
71 | )); | |
72 | } | |
0efb07c0 | 73 | |
0849804a TO |
74 | /** |
75 | * Get the AppMeta for an existing connection. | |
76 | * | |
77 | * @param string $cxnId | |
78 | * @return array | |
79 | * @throws \Civi\Cxn\Rpc\Exception\CxnException | |
80 | */ | |
0efb07c0 | 81 | public static function getAppMeta($cxnId) { |
39151786 | 82 | $appMetaJson = CRM_Core_DAO::getFieldValue('CRM_Cxn_DAO_Cxn', $cxnId, 'app_meta', 'cxn_guid', TRUE); |
0efb07c0 TO |
83 | $appMeta = json_decode($appMetaJson, TRUE); |
84 | \Civi\Cxn\Rpc\AppMeta::validate($appMeta); | |
85 | return $appMeta; | |
86 | } | |
87 | ||
9ae2d27b TO |
88 | /** |
89 | * Parse the CIVICRM_CXN_CA constant. It may have the following | |
90 | * values: | |
91 | * - 'CiviRootCA'|undefined -- Use the production civicrm.org root CA | |
92 | * - 'CiviTestRootCA' -- Use the test civicrm.org root CA | |
93 | * - 'none' -- Do not perform any certificate verification. | |
94 | * | |
95 | * This constant is emphatically *not* exposed through Civi's "Settings" | |
96 | * system (or any other runtime-editable datastore). Manipulating | |
97 | * this setting can expose the system to man-in-the-middle attacks, | |
98 | * and allowing runtime manipulation would create a new vector | |
99 | * for escalating privileges. This setting must only be manipulated | |
100 | * by developers and sysadmins who already have full privileges | |
101 | * to edit the source. | |
102 | * | |
103 | * @return string|NULL | |
104 | * The PEM-encoded root certificate. NULL if verification is disabled. | |
105 | * @throws CRM_Core_Exception | |
106 | */ | |
13afc1a9 | 107 | public static function getCACert() { |
9ae2d27b TO |
108 | if (!defined('CIVICRM_CXN_CA') || CIVICRM_CXN_CA === 'CiviRootCA') { |
109 | $file = Constants::getCert(); | |
110 | } | |
111 | elseif (CIVICRM_CXN_CA === 'CiviTestRootCA') { | |
112 | $file = Constants::getTestCert(); | |
113 | } | |
114 | elseif (CIVICRM_CXN_CA === 'none') { | |
115 | return NULL; | |
116 | } | |
117 | else { | |
118 | throw new \CRM_Core_Exception("CIVICRM_CXN_CA is invalid."); | |
119 | } | |
120 | ||
121 | $content = file_get_contents($file); | |
122 | if (empty($content)) { | |
123 | // Fail hard. Returning an empty value is not acceptable. | |
124 | throw new \CRM_Core_Exception("Error loading CA certificate: $file"); | |
125 | } | |
126 | return $content; | |
127 | } | |
128 | ||
129 | /** | |
130 | * Determine if this site's security policy allows connecting | |
131 | * to apps based on untrusted metadata. | |
132 | * | |
133 | * @return bool | |
134 | * TRUE if application metadata must be verified. | |
135 | */ | |
136 | public static function isAppMetaVerified() { | |
8e88239c TO |
137 | if (defined('CIVICRM_CXN_APPS_VERIFY')) { |
138 | return CIVICRM_CXN_APPS_VERIFY; | |
9ae2d27b TO |
139 | } |
140 | elseif (!defined('CIVICRM_CXN_CA')) { | |
141 | return TRUE; | |
142 | } | |
143 | else { | |
144 | return !in_array(CIVICRM_CXN_CA, array('CiviTestRootCA', 'none')); | |
145 | } | |
146 | } | |
147 | ||
0849804a TO |
148 | /** |
149 | * Construct a client for performing registration actions. | |
150 | * | |
151 | * @return \Civi\Cxn\Rpc\RegistrationClient | |
152 | * @throws CRM_Core_Exception | |
153 | */ | |
9ae2d27b TO |
154 | public static function createRegistrationClient() { |
155 | $cxnStore = new \CRM_Cxn_CiviCxnStore(); | |
13afc1a9 | 156 | $client = new \Civi\Cxn\Rpc\RegistrationClient(self::getCACert(), $cxnStore, \CRM_Cxn_BAO_Cxn::getSiteCallbackUrl()); |
9ae2d27b TO |
157 | $client->setLog(new \CRM_Utils_SystemLogger()); |
158 | return $client; | |
159 | } | |
160 | ||
5d5d3b35 | 161 | } |