You are here

public function SearchSubscriber::getDerivedKey in Acquia Connector 8

Get the derived key.

Get the derived key for the solr hmac using the information shared with acquia.com.

Parameters

string $env_id: Environment Id.

Return value

string Derived Key.

2 calls to SearchSubscriber::getDerivedKey()
SearchSubscriber::calculateAuthCookie in acquia_search/src/EventSubscriber/SearchSubscriber.php
Creates an authenticator based on a data string and HMAC-SHA1.
SearchSubscriber::validateResponse in acquia_search/src/EventSubscriber/SearchSubscriber.php
Validate the authenticity of returned data using a nonce and HMAC-SHA1.

File

acquia_search/src/EventSubscriber/SearchSubscriber.php, line 203

Class

SearchSubscriber
Extends Solarium plugin: authenticate, etc.

Namespace

Drupal\acquia_search\EventSubscriber

Code

public function getDerivedKey($env_id = NULL) {
  if (empty($env_id)) {
    $env_id = $this->client
      ->getEndpoint()
      ->getKey();
  }

  // Get derived key for search v3 core if enabled.
  $search_v3_enabled = \Drupal::config('acquia_search.settings')
    ->get('search_v3_enabled');
  if ($search_v3_enabled) {
    $search_v3_index = $this
      ->getSearchV3IndexKeys();
    if ($search_v3_index) {
      $this->derivedKey[$env_id] = CryptConnector::createDerivedKey($search_v3_index['product_policies']['salt'], $search_v3_index['key'], $search_v3_index['secret_key']);
      return $this->derivedKey[$env_id];
    }
  }
  if (!isset($this->derivedKey[$env_id])) {
    $server = $this->client
      ->getEndpoint();

    // If derived_key comes from configuration, use that.
    // @todo make sure the derived_key doesnt make it permanently into the DB.
    if (!empty($server
      ->getOption('derived_key'))) {
      return $server
        ->getOption('derived_key');
    }
    $acquia_index_id = $server
      ->getOption('index_id');
    $storage = new Storage();
    $key = $storage
      ->getKey();

    // See if we need to overwrite these values.
    // @todo Fix Implement the derived key per solr environment storage.
    // In any case, this is equal for all subscriptions. Also
    // even if the search sub is different, the main subscription should be
    // active.
    $derived_key_salt = $this
      ->getDerivedKeySalt();

    // We use a salt from acquia.com in key derivation since this is a shared
    // value that we could change on the AN side if needed to force any
    // or all clients to use a new derived key.  We also use a string
    // ('solr') specific to the service, since we want each service using a
    // derived key to have a separate one.
    if (empty($derived_key_salt) || empty($key) || empty($acquia_index_id)) {

      // Expired or invalid subscription - don't continue.
      $this->derivedKey[$env_id] = '';
    }
    elseif (!isset($this->derivedKey[$env_id])) {
      $this->derivedKey[$env_id] = CryptConnector::createDerivedKey($derived_key_salt, $acquia_index_id, $key);
    }
  }
  return $this->derivedKey[$env_id];
}