From 2ce5684ad72c97665b33f0ef697de18d63251cfe Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 8 Jan 2021 03:13:05 -0800
Subject: [PATCH] dev/core#2258 - Setup API should define %%credKeys%%

This updates the the civicrm-setup API to generate CIVICRM_CRED_KEYS (%%credKeys%%) on
t new installations (based on web-installer or cv installer).
---
 .../GenerateCredKey.civi-setup.php            | 30 +++++++++++++++++++
 .../InstallSettingsFile.civi-setup.php        |  1 +
 setup/src/Setup/Model.php                     |  7 +++++
 3 files changed, 38 insertions(+)
 create mode 100644 setup/plugins/installFiles/GenerateCredKey.civi-setup.php

diff --git a/setup/plugins/installFiles/GenerateCredKey.civi-setup.php b/setup/plugins/installFiles/GenerateCredKey.civi-setup.php
new file mode 100644
index 0000000000..8de7d8f56d
--- /dev/null
+++ b/setup/plugins/installFiles/GenerateCredKey.civi-setup.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * @file
+ *
+ * Generate the credential key(s).
+ */
+
+if (!defined('CIVI_SETUP')) {
+  exit("Installation plugins must only be loaded by the installer.\n");
+}
+
+\Civi\Setup::dispatcher()
+  ->addListener('civi.setup.installFiles', function (\Civi\Setup\Event\InstallFilesEvent $e) {
+    \Civi\Setup::log()->info(sprintf('[%s] Handle %s', basename(__FILE__), 'installFiles'));
+
+    $toAlphanum = function($bits) {
+      return preg_replace(';[^a-zA-Z0-9];', '', base64_encode($bits));
+    };
+
+  if (empty($e->getModel()->credKeys)) {
+    $e->getModel()->credKeys = ['aes-cbc:hkdf-sha256:' . $toAlphanum(random_bytes(32))];
+  }
+
+  if (is_string($e->getModel()->credKeys)) {
+    $e->getModel()->credKeys = [$e->getModel()->credKeys];
+  }
+
+    \Civi\Setup::log()->info(sprintf('[%s] Done %s', basename(__FILE__), 'installFiles'));
+
+  }, \Civi\Setup::PRIORITY_PREPARE);
diff --git a/setup/plugins/installFiles/InstallSettingsFile.civi-setup.php b/setup/plugins/installFiles/InstallSettingsFile.civi-setup.php
index ca107325d1..62c3c81419 100644
--- a/setup/plugins/installFiles/InstallSettingsFile.civi-setup.php
+++ b/setup/plugins/installFiles/InstallSettingsFile.civi-setup.php
@@ -98,6 +98,7 @@ if (!defined('CIVI_SETUP')) {
     // need to use %20 for spaces.
     $params['CMSdbSSL'] = empty($m->cmsDb['ssl_params']) ? '' : addslashes('&' . http_build_query($m->cmsDb['ssl_params'], '', '&', PHP_QUERY_RFC3986));
     $params['siteKey'] = addslashes($m->siteKey);
+    $params['credKeys'] = addslashes(implode(' ', $m->credKeys));
 
     $extraSettings = array();
 
diff --git a/setup/src/Setup/Model.php b/setup/src/Setup/Model.php
index 717421e7a6..710c3dcbbf 100644
--- a/setup/src/Setup/Model.php
+++ b/setup/src/Setup/Model.php
@@ -28,6 +28,8 @@ namespace Civi\Setup;
  *   Ex: ['server'=>'localhost:3306', 'username'=>'admin', 'password'=>'s3cr3t', 'database'=>'mydb']
  * @property string $siteKey
  *   Ex: 'abcd1234ABCD9876'.
+ * @property string[] $credKeys
+ *   Ex: ['::abcd1234ABCD9876'].
  * @property string|NULL $lang
  *   The language of the default dataset.
  *   Ex: 'fr_FR'.
@@ -109,6 +111,11 @@ class Model {
       'name' => 'siteKey',
       'type' => 'string',
     ));
+    $this->addField(array(
+      'description' => 'Credential encryption keys',
+      'name' => 'credKeys',
+      'type' => 'array',
+    ));
     $this->addField(array(
       'description' => 'Load example data',
       'name' => 'loadGenerated',
-- 
2.25.1