4 +--------------------------------------------------------------------+
5 | Copyright CiviCRM LLC. All rights reserved. |
7 | This work is published under the GNU AGPLv3 license with some |
8 | permitted exceptions and without any warranty. For full license |
9 | and copyright information, see https://civicrm.org/licensing |
10 +--------------------------------------------------------------------+
13 namespace Civi\Api4\Action\System
;
15 use Civi\Api4\Generic\AbstractAction
;
16 use Civi\Api4\Generic\Result
;
19 * Rotate the keys used for encrypted database content.
21 * Crypto keys are loaded from the CryptoRegistry based on tag name. Each tag will
22 * have one preferred key and 0+ legacy keys. They rekey operation finds any
23 * old content (based on legacy keys) and rewrites it (using the preferred key).
25 * @method string getTag()
26 * @method $this setTag(string $tag)
28 class RotateKey
extends AbstractAction
{
31 * Tag name (e.g. "CRED")
38 * @param \Civi\Api4\Generic\Result $result
40 * @throws \API_Exception
41 * @throws \Civi\Crypto\Exception\CryptoException
43 public function _run(Result
$result) {
44 if (empty($this->tag
)) {
45 throw new \
API_Exception("Missing required argument: tag");
48 // Track log of changes in memory.
49 $logger = new class() extends \Psr\Log\AbstractLogger
{
57 * Logs with an arbitrary level.
60 * @param string $message
61 * @param array $context
63 public function log($level, $message, array $context = []) {
64 $evalVar = function($m) use ($context) {
65 return $context[$m[1]] ??
'';
70 'message' => preg_replace_callback('/\{([a-zA-Z0-9\.]+)\}/', $evalVar, $message),
76 \CRM_Utils_Hook
::cryptoRotateKey($this->tag
, $logger);
78 $result->exchangeArray($logger->log
);