Commit | Line | Data |
---|---|---|
b124f74b TO |
1 | <?php |
2 | ||
3 | /* | |
4 | +--------------------------------------------------------------------+ | |
5 | | Copyright CiviCRM LLC. All rights reserved. | | |
6 | | | | |
7 | | This work is published under the GNU AGPLv3 license with some | | |
8 | | permitted exceptions and without any warranty. For full license | | |
9 | | and copyright information, see https://civicrm.org/licensing | | |
10 | +--------------------------------------------------------------------+ | |
11 | */ | |
12 | ||
13 | namespace Civi\Api4\Action\System; | |
14 | ||
15 | use Civi\Api4\Generic\AbstractAction; | |
16 | use Civi\Api4\Generic\Result; | |
17 | ||
18 | /** | |
19 | * Rotate the keys used for encrypted database content. | |
20 | * | |
21 | * Crypto keys are loaded from the CryptoRegistry based on tag name. Each tag will | |
22 | * have one preferred key and 0+ legacy keys. They rekey operation finds any | |
23 | * old content (based on legacy keys) and rewrites it (using the preferred key). | |
24 | * | |
25 | * @method string getTag() | |
26 | * @method $this setTag(string $tag) | |
27 | */ | |
28 | class RotateKey extends AbstractAction { | |
29 | ||
30 | /** | |
31 | * Tag name (e.g. "CRED") | |
32 | * | |
33 | * @var string | |
34 | */ | |
35 | protected $tag; | |
36 | ||
37 | /** | |
38 | * @param \Civi\Api4\Generic\Result $result | |
39 | * | |
40 | * @throws \API_Exception | |
41 | * @throws \Civi\Crypto\Exception\CryptoException | |
42 | */ | |
43 | public function _run(Result $result) { | |
44 | if (empty($this->tag)) { | |
45 | throw new \API_Exception("Missing required argument: tag"); | |
46 | } | |
47 | ||
48 | // Track log of changes in memory. | |
49 | $logger = new class() extends \Psr\Log\AbstractLogger { | |
50 | ||
51 | /** | |
52 | * @var array | |
53 | */ | |
54 | public $log = []; | |
55 | ||
56 | /** | |
57 | * Logs with an arbitrary level. | |
58 | * | |
59 | * @param mixed $level | |
60 | * @param string $message | |
61 | * @param array $context | |
62 | */ | |
63 | public function log($level, $message, array $context = []) { | |
64 | $evalVar = function($m) use ($context) { | |
65 | return $context[$m[1]] ?? ''; | |
66 | }; | |
67 | ||
68 | $this->log[] = [ | |
69 | 'level' => $level, | |
70 | 'message' => preg_replace_callback('/\{([a-zA-Z0-9\.]+)\}/', $evalVar, $message), | |
71 | ]; | |
72 | } | |
73 | ||
74 | }; | |
75 | ||
76 | \CRM_Utils_Hook::cryptoRotateKey($this->tag, $logger); | |
77 | ||
78 | $result->exchangeArray($logger->log); | |
79 | } | |
80 | ||
81 | } |