-
-
Notifications
You must be signed in to change notification settings - Fork 814
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(dev/core#2258) Add System.rotateKey API
- Loading branch information
Showing
4 changed files
with
193 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
<?php | ||
|
||
/* | ||
+--------------------------------------------------------------------+ | ||
| Copyright CiviCRM LLC. All rights reserved. | | ||
| | | ||
| This work is published under the GNU AGPLv3 license with some | | ||
| permitted exceptions and without any warranty. For full license | | ||
| and copyright information, see https://civicrm.org/licensing | | ||
+--------------------------------------------------------------------+ | ||
*/ | ||
|
||
namespace Civi\Api4\Action\System; | ||
|
||
use Civi\Api4\Generic\AbstractAction; | ||
use Civi\Api4\Generic\Result; | ||
|
||
/** | ||
* Rotate the keys used for encrypted database content. | ||
* | ||
* Crypto keys are loaded from the CryptoRegistry based on tag name. Each tag will | ||
* have one preferred key and 0+ legacy keys. They rekey operation finds any | ||
* old content (based on legacy keys) and rewrites it (using the preferred key). | ||
* | ||
* @method string getTag() | ||
* @method $this setTag(string $tag) | ||
*/ | ||
class RotateKey extends AbstractAction { | ||
|
||
/** | ||
* Tag name (e.g. "CRED") | ||
* | ||
* @var string | ||
*/ | ||
protected $tag; | ||
|
||
/** | ||
* @param \Civi\Api4\Generic\Result $result | ||
* | ||
* @throws \API_Exception | ||
* @throws \Civi\Crypto\Exception\CryptoException | ||
*/ | ||
public function _run(Result $result) { | ||
if (empty($this->tag)) { | ||
throw new \API_Exception("Missing required argument: tag"); | ||
} | ||
|
||
// Track log of changes in memory. | ||
$logger = new class() extends \Psr\Log\AbstractLogger { | ||
|
||
/** | ||
* @var array | ||
*/ | ||
public $log = []; | ||
|
||
/** | ||
* Logs with an arbitrary level. | ||
* | ||
* @param mixed $level | ||
* @param string $message | ||
* @param array $context | ||
*/ | ||
public function log($level, $message, array $context = []) { | ||
$evalVar = function($m) use ($context) { | ||
return $context[$m[1]] ?? ''; | ||
}; | ||
|
||
$this->log[] = [ | ||
'level' => $level, | ||
'message' => preg_replace_callback('/\{([a-zA-Z0-9\.]+)\}/', $evalVar, $message), | ||
]; | ||
} | ||
|
||
}; | ||
|
||
\CRM_Utils_Hook::cryptoRotateKey($this->tag, $logger); | ||
|
||
$result->exchangeArray($logger->log); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<?php | ||
|
||
/* | ||
+--------------------------------------------------------------------+ | ||
| Copyright CiviCRM LLC. All rights reserved. | | ||
| | | ||
| This work is published under the GNU AGPLv3 license with some | | ||
| permitted exceptions and without any warranty. For full license | | ||
| and copyright information, see https://civicrm.org/licensing | | ||
+--------------------------------------------------------------------+ | ||
*/ | ||
|
||
/** | ||
* | ||
* @package CRM | ||
* @copyright CiviCRM LLC https://civicrm.org/licensing | ||
*/ | ||
|
||
|
||
namespace api\v4\Entity; | ||
|
||
use api\v4\UnitTestCase; | ||
use Civi\Crypto\CryptoTestTrait; | ||
use Psr\Log\LoggerInterface; | ||
|
||
/** | ||
* @group headless | ||
*/ | ||
class RotateKeyTest extends UnitTestCase { | ||
|
||
use CryptoTestTrait; | ||
|
||
/** | ||
* Set up baseline for testing | ||
*/ | ||
public function setUp() { | ||
parent::setUp(); | ||
\CRM_Utils_Hook::singleton()->setHook('civicrm_crypto', [$this, 'registerExampleKeys']); | ||
\CRM_Utils_Hook::singleton()->setHook('civicrm_cryptoRotateKey', [$this, 'onRotateKey']); | ||
} | ||
|
||
public function testRekey() { | ||
$result = \Civi\Api4\System::rotateKey(0)->setTag('UNIT-TEST')->execute(); | ||
$this->assertEquals(2, count($result)); | ||
$this->assertEquals('Updated field A using UNIT-TEST.', $result[0]['message']); | ||
$this->assertEquals('info', $result[0]['level']); | ||
$this->assertEquals('Updated field B using UNIT-TEST.', $result[1]['message']); | ||
$this->assertEquals('info', $result[1]['level']); | ||
} | ||
|
||
public function onRotateKey(string $tag, LoggerInterface $log) { | ||
$this->assertEquals('UNIT-TEST', $tag); | ||
$log->info('Updated field A using {tag}.', [ | ||
'tag' => $tag, | ||
]); | ||
$log->info('Updated field B using {tag}.', [ | ||
'tag' => $tag, | ||
]); | ||
} | ||
|
||
} |