3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
12 use Civi\Cxn\Rpc\Constants
;
13 use Civi\Cxn\Rpc\DefaultCertificateValidator
;
18 * @copyright CiviCRM LLC https://civicrm.org/licensing
22 * This class helps to manage connections to third-party apps.
24 class CRM_Cxn_BAO_Cxn
extends CRM_Cxn_DAO_Cxn
{
27 * Determine the current site's callback URL.
31 public static function getSiteCallbackUrl() {
32 return CRM_Utils_System
::externUrl('extern/cxn', NULL, NULL, TRUE, TRUE);
36 * Update the AppMeta for any existing connections.
38 * @param array $appMeta
39 * @throws \Civi\Cxn\Rpc\Exception\CxnException
41 public static function updateAppMeta($appMeta) {
42 \Civi\Cxn\Rpc\AppMeta
::validate($appMeta);
43 CRM_Core_DAO
::executeQuery('UPDATE civicrm_cxn SET app_meta = %1 WHERE app_guid = %2', [
44 1 => [json_encode($appMeta), 'String'],
45 2 => [$appMeta['appId'], 'String'],
50 * Get the AppMeta for an existing connection.
52 * @param string $cxnId
54 * @throws \Civi\Cxn\Rpc\Exception\CxnException
56 public static function getAppMeta($cxnId) {
57 $appMetaJson = CRM_Core_DAO
::getFieldValue('CRM_Cxn_DAO_Cxn', $cxnId, 'app_meta', 'cxn_guid', TRUE);
58 $appMeta = json_decode($appMetaJson, TRUE);
59 \Civi\Cxn\Rpc\AppMeta
::validate($appMeta);
64 * Parse the CIVICRM_CXN_CA constant. It may have the following
66 * - 'CiviRootCA'|undefined -- Use the production civicrm.org root CA
67 * - 'CiviTestRootCA' -- Use the test civicrm.org root CA
68 * - 'none' -- Do not perform any certificate verification.
70 * This constant is emphatically *not* exposed through Civi's "Settings"
71 * system (or any other runtime-editable datastore). Manipulating
72 * this setting can expose the system to man-in-the-middle attacks,
73 * and allowing runtime manipulation would create a new vector
74 * for escalating privileges. This setting must only be manipulated
75 * by developers and sysadmins who already have full privileges
79 * The PEM-encoded root certificate. NULL if verification is disabled.
80 * @throws CRM_Core_Exception
82 public static function getCACert() {
83 if (!defined('CIVICRM_CXN_CA') || CIVICRM_CXN_CA
=== 'CiviRootCA') {
84 $file = Constants
::getCert();
86 elseif (CIVICRM_CXN_CA
=== 'CiviTestRootCA') {
87 $file = Constants
::getTestCert();
89 elseif (CIVICRM_CXN_CA
=== 'none') {
93 throw new \
CRM_Core_Exception("CIVICRM_CXN_CA is invalid.");
96 $content = file_get_contents($file);
97 if (empty($content)) {
98 // Fail hard. Returning an empty value is not acceptable.
99 throw new \
CRM_Core_Exception("Error loading CA certificate: $file");
105 * Construct a client for performing registration actions.
107 * @return \Civi\Cxn\Rpc\RegistrationClient
108 * @throws CRM_Core_Exception
110 public static function createRegistrationClient() {
111 $cxnStore = new \
CRM_Cxn_CiviCxnStore();
112 $viaPort = defined('CIVICRM_CXN_VIA') ? CIVICRM_CXN_VIA
: NULL;
113 $client = new \Civi\Cxn\Rpc\
RegistrationClient(
114 $cxnStore, \CRM_Cxn_BAO_Cxn
::getSiteCallbackUrl(), $viaPort);
115 $client->setLog(new \
CRM_Utils_SystemLogger());
116 $client->setCertValidator(self
::createCertificateValidator());
117 $client->setHttp(CRM_Cxn_CiviCxnHttp
::singleton());
122 * Construct a server for handling API requests.
124 * @return \Civi\Cxn\Rpc\ApiServer
126 public static function createApiServer() {
127 $cxnStore = new CRM_Cxn_CiviCxnStore();
128 $apiServer = new \Civi\Cxn\Rpc\
ApiServer($cxnStore);
129 $apiServer->setLog(new CRM_Utils_SystemLogger());
130 $apiServer->setCertValidator(self
::createCertificateValidator());
131 $apiServer->setHttp(CRM_Cxn_CiviCxnHttp
::singleton());
132 $apiServer->setRouter(['CRM_Cxn_ApiRouter', 'route']);
137 * @return \Civi\Cxn\Rpc\DefaultCertificateValidator
138 * @throws CRM_Core_Exception
140 public static function createCertificateValidator() {
141 $caCert = self
::getCACert();
142 if ($caCert === NULL) {
143 return new DefaultCertificateValidator(
151 return new DefaultCertificateValidator(
153 DefaultCertificateValidator
::AUTOLOAD
,
154 DefaultCertificateValidator
::AUTOLOAD
,
155 CRM_Cxn_CiviCxnHttp
::singleton()