From f1aeb0bab353f1af91a02cd007a567c3f84978fd Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 21 Dec 2020 02:12:59 -0800
Subject: [PATCH] (dev/core#2258) SMTP Password - Support key rotation

---
 Civi/Core/Container.php    |  1 +
 Civi/Crypto/RotateKeys.php | 50 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 Civi/Crypto/RotateKeys.php

diff --git a/Civi/Core/Container.php b/Civi/Core/Container.php
index 1eec43c27a..446720da8a 100644
--- a/Civi/Core/Container.php
+++ b/Civi/Core/Container.php
@@ -361,6 +361,7 @@ class Container {
     $dispatcher->addListener('hook_civicrm_post::Case', ['\Civi\CCase\Events', 'fireCaseChange']);
     $dispatcher->addListener('hook_civicrm_caseChange', ['\Civi\CCase\Events', 'delegateToXmlListeners']);
     $dispatcher->addListener('hook_civicrm_caseChange', ['\Civi\CCase\SequenceListener', 'onCaseChange_static']);
+    $dispatcher->addListener('hook_civicrm_cryptoRotateKey', ['\Civi\Crypto\RotateKeys', 'rotateSmtp']);
     $dispatcher->addListener('hook_civicrm_eventDefs', ['\Civi\Core\CiviEventInspector', 'findBuiltInEvents']);
     // TODO We need a better code-convention for metadata about non-hook events.
     $dispatcher->addListener('hook_civicrm_eventDefs', ['\Civi\API\Events', 'hookEventDefs']);
diff --git a/Civi/Crypto/RotateKeys.php b/Civi/Crypto/RotateKeys.php
new file mode 100644
index 0000000000..efd2c0e851
--- /dev/null
+++ b/Civi/Crypto/RotateKeys.php
@@ -0,0 +1,50 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved.                        |
+ |                                                                    |
+ | This work is published under the GNU AGPLv3 license with some      |
+ | permitted exceptions and without any warranty. For full license    |
+ | and copyright information, see https://civicrm.org/licensing       |
+ +--------------------------------------------------------------------+
+ */
+
+namespace Civi\Crypto;
+
+use Civi\Core\Event\GenericHookEvent;
+
+/**
+ * Class RotateKeys
+ *
+ * @package Civi\Crypto
+ */
+class RotateKeys {
+
+  /**
+   * The SMTP password is stored inside of the 'mailing_backend' setting.
+   *
+   * @see CRM_Utils_Hook::cryptoRotateKey()
+   */
+  public static function rotateSmtp(GenericHookEvent $e) {
+    if ($e->tag !== 'CRED') {
+      return;
+    }
+
+    $mand = \Civi::settings()->getMandatory('mailing_backend');
+    if ($mand !== NULL && !empty($mand['smtpPassword'])) {
+      $e->log->warning('The settings override for smtpPassword cannot be changed automatically.');
+    }
+
+    $exp = \Civi::settings()->getExplicit('mailing_backend');
+    if ($exp !== NULL && !empty($exp['smtpPassword'])) {
+      $cryptoToken = \Civi::service('crypto.token');
+      $newValue = $cryptoToken->rekey($exp['smtpPassword'], 'CRED');
+      if ($newValue !== NULL) {
+        $exp['smtpPassword'] = $newValue;
+        \Civi::settings()->set('mailing_backend', $exp);
+        $e->log->info('Updated mailing_backend.smtpPassword');
+      }
+    }
+  }
+
+}
-- 
2.25.1