diff --git a/includes/SearchApiAcquiaSearchConnection.php b/includes/SearchApiAcquiaSearchConnection.php index 80884aa..2305fec 100644 --- a/includes/SearchApiAcquiaSearchConnection.php +++ b/includes/SearchApiAcquiaSearchConnection.php @@ -1,35 +1,260 @@ getDerivedKey(); + } + if (empty($derived_key)) { + // Expired or invalid subscription - don't continue. + return ''; + } + else { + $time = time(); + $hash = hash_hmac('sha1', $time . $nonce . $string, $derived_key); + return 'acquia_solr_time=' . $time . '; acquia_solr_nonce=' . $nonce . '; acquia_solr_hmac=' . $hash . ';'; + } + } + + /** + * Sets the derived key used to HMAC hash the search request. + * + * @param string $derived_key + * The derived key. + */ + public function setDerivedKey($derived_key) { + $this->derivedKey = $derived_key; + } + + /** + * Derive a key for the solr hmac using the information shared with + * acquia.com. + * + * @see _acquia_search_derived_key() + */ + public function getDerivedKey() { + if (!isset($this->derivedKey)) { + $key = acquia_agent_settings('acquia_key'); + $subscription = acquia_agent_settings('acquia_subscription_data'); + $identifier = acquia_agent_settings('acquia_identifier'); + // We use a salt from acquia.com in key derivation since this is a shared + // value that we could change on the AN side if needed to force any + // or all clients to use a new derived key. We also use a string + // ('solr') specific to the service, since we want each service using a + // derived key to have a separate one. + if (empty($subscription['active']) || empty($key) || empty($identifier)) { + // Expired or invalid subscription - don't continue. + $this->derivedKey = ''; + } + else { + $salt = isset($subscription['derived_key_salt']) ? $subscription['derived_key_salt'] : ''; + $derivation_string = $identifier . 'solr' . $salt; + $this->derivedKey = hash_hmac('sha1', str_pad($derivation_string, 80, $derivation_string), $key); + } + } + return $this->derivedKey; + } + + /** + * Send an optimize command. + * + * We want to control the schedule of optimize commands ourselves, + * so do a method override to make ->optimize() a no-op. + * + * @see SearchApiSolrConnection::optimize() + */ + public function optimize($waitFlush = true, $waitSearcher = true, $timeout = 3600) { + return TRUE; + } + + /** + * Modify the url and add headers appropriate to authenticate to Acquia Search. + * + * @return + * The nonce used in the request. + */ + public function prepareRequest(&$url, &$options, $use_data = TRUE) { + $id = uniqid(); + if (!stristr($url,'?')) { + $url .= "?"; + } + else { + $url .= "&"; + } + $url .= 'request_id=' . $id; + if ($use_data && isset($options['data'])) { + list($cookie, $nonce) = $this->authCookie($url, $options['data']); + } + else { + list($cookie, $nonce) = $this->authCookie($url); + } + if (empty($cookie)) { + throw new Exception('Invalid authentication string - subscription keys expired or missing.'); + } + $options['headers']['Cookie'] = $cookie; + $options['headers'] += array('User-Agent' => 'search_api_acquia/'. variable_get('search_api_acquia_version', '7.x')); + $options['context'] = acquia_agent_stream_context_create($url, 'acquia_search'); + if (!$options['context']) { + throw new Exception(t("Could not create stream context")); + } + return $nonce; + } + + /** + * Validate the hmac for the response body. * - * Uses the Acquia Search HTTP transport instead of the transport provided by - * the Search API Solr module. This allows us to add the tokens and variables - * required to authenticate against Acquia's HMAC authentication scheme. + * @return + * The response object. + */ + public function authenticateResponse($response, $nonce, $url) { + $hmac = $this->extractHmac($response->headers); + if (!$this->validResponse($hmac, $nonce, $response->data)) { + throw new Exception('Authentication of search content failed url: '. $url); + } + return $response; + } + + /** + * Look in the headers and get the hmac_digest out. * - * @see SearchApiAcquiaSearchHttpTransport + * @see acquia_search_extract_hmac() */ - public function __construct(array $options) { - parent::__construct($options); - $this->newClient = trim(parent::SVN_REVISION, '$ :A..Za..z') > 40; - if ($this->newClient) { - $this->_httpTransport = new SearchApiAcquiaSearchHttpTransport($this->http_auth); - if (isset($options['derived_key'])) { - $this->_httpTransport->setDerivedKey($options['derived_key']); + protected function extractHmac($headers) { + $reg = array(); + if (is_array($headers)) { + foreach ($headers as $name => $value) { + if (strtolower($name) == 'pragma' && preg_match("/hmac_digest=([^;]+);/i", $value, $reg)) { + return trim($reg[1]); + } } } + return ''; + } + + /** + * Validate the authenticity of returned data using a nonce and HMAC-SHA1. + * + * @return boolean + * TRUE or FALSE depending on whether the response is valid. + * + * @see acquia_search_valid_response() + */ + protected function validResponse($hmac, $nonce, $string, $derived_key = NULL) { + if (empty($derived_key)) { + $derived_key = $this->getDerivedKey(); + } + return $hmac == hash_hmac('sha1', $nonce . $string, $derived_key); + } + + /** + * Make a request to a servlet (a path) that's not a standard path. + * + * @override + */ + public function makeServletRequest($servlet, array $params = array(), array $options = array()) { + // Add default params. + $params += array( + 'wt' => 'json', + ); + + $url = $this->_constructUrl($servlet, $params); + // We assume we only authenticate the URL for other servlets. + $nonce = $this->prepareRequest($url, $options, FALSE); + $response = $this->makeHttpRequest($url, $options); + $response = $this->checkResponse($response); + return $this->authenticateResponse($response, $nonce, $url); + } + + /** + * Central method for making a GET operation against this Solr Server + * + * @override + */ + protected function sendRawGet($url, $options = array()) { + $nonce = $this->prepareRequest($url, $options); + $response = $this->makeHttpRequest($url, $options); + $response = $this->checkResponse($response); + return $this->authenticateResponse($response, $nonce, $url); + } + + /** + * Central method for making a POST operation against this Solr Server + * + * @override + */ + protected function sendRawPost($url, $options = array()) { + $options['method'] = 'POST'; + // Normally we use POST to send XML documents. + if (!isset($options['headers']['Content-Type'])) { + $options['headers']['Content-Type'] = 'text/xml; charset=UTF-8'; + } + $nonce = $this->prepareRequest($url, $options); + $response = $this->makeHttpRequest($url, $options); + $response = $this->checkResponse($response); + return $this->authenticateResponse($response, $nonce, $url); + } + + /** + * Modify a solr base url and construct a hmac authenticator cookie. + * + * @param $url + * The solr url beng requested - passed by reference and may be altered. + * @param $string + * A string - the data to be authenticated, or empty to just use the path + * and query from the url to build the authenticator. + * @param $derived_key + * Optional string to supply the derived key. + * + * @return + * An array containing the string to be added as the content of the + * Cookie header to the request and the nonce. + * + * @see acquia_search_auth_cookie + */ + function authCookie(&$url, $string = '', $derived_key = NULL) { + $uri = parse_url($url); + + // Add a scheme - should always be https if available. + if (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL')) { + $scheme = 'https://'; + $port = ''; + } else { - throw new Exception(t('This module only works with the latest version of SolrPhpClient')); + $scheme = 'http://'; + $port = (isset($uri['port']) && $uri['port'] != 80) ? ':'. $uri['port'] : ''; } + $path = isset($uri['path']) ? $uri['path'] : '/'; + $query = isset($uri['query']) ? '?'. $uri['query'] : ''; + $url = $scheme . $uri['host'] . $port . $path . $query; + + // 32 character nonce. + $nonce = base64_encode(drupal_random_bytes(24)); + + if ($string) { + $auth_header = $this->authenticator($string, $nonce, $derived_key); + } + else { + $auth_header = $this->authenticator($path . $query, $nonce, $derived_key); + } + return array($auth_header, $nonce); } + } diff --git a/includes/SearchApiAcquiaSearchHttpTransport.php b/includes/SearchApiAcquiaSearchHttpTransport.php deleted file mode 100644 index 34889d0..0000000 --- a/includes/SearchApiAcquiaSearchHttpTransport.php +++ /dev/null @@ -1,235 +0,0 @@ -getDerivedKey(); - } - if (empty($derived_key)) { - // Expired or invalid subscription - don't continue. - return ''; - } - else { - $time = time(); - $hash = hash_hmac('sha1', $time . $nonce . $string, $derived_key); - return 'acquia_solr_time=' . $time . '; acquia_solr_nonce=' . $nonce . '; acquia_solr_hmac=' . $hash . ';'; - } - } - - /** - * Sets the derived key used to HMAC hash the search request. - * - * @param string $derived_key - * The derived key. - */ - public function setDerivedKey($derived_key) { - $this->derivedKey = $derived_key; - } - - /** - * Derive a key for the solr hmac using the information shared with - * acquia.com. - * - * @see _acquia_search_derived_key() - */ - public function getDerivedKey() { - if (!isset($this->derivedKey)) { - $key = acquia_agent_settings('acquia_key'); - $subscription = acquia_agent_settings('acquia_subscription_data'); - $identifier = acquia_agent_settings('acquia_identifier'); - // We use a salt from acquia.com in key derivation since this is a shared - // value that we could change on the AN side if needed to force any - // or all clients to use a new derived key. We also use a string - // ('solr') specific to the service, since we want each service using a - // derived key to have a separate one. - if (empty($subscription['active']) || empty($key) || empty($identifier)) { - // Expired or invalid subscription - don't continue. - $this->derivedKey = ''; - } - else { - $salt = isset($subscription['derived_key_salt']) ? $subscription['derived_key_salt'] : ''; - $derivation_string = $identifier . 'solr' . $salt; - $this->derivedKey = hash_hmac('sha1', str_pad($derivation_string, 80, $derivation_string), $key); - } - } - return $this->derivedKey; - } - - /** - * Modify a solr base url and construct a hmac authenticator cookie. - * - * @param $url - * The solr url beng requested - passed by reference and may be altered. - * @param $string - * A string - the data to be authenticated, or empty to just use the path - * and query from the url to build the authenticator. - * @param $derived_key - * Optional string to supply the derived key. - * - * @return - * An array containing the string to be added as the content of the - * Cookie header to the request and the nonce. - * - * @see acquia_search_auth_cookie - */ - function authCookie(&$url, $string = '', $derived_key = NULL) { - $uri = parse_url($url); - - // Add a scheme - should always be https if available. - if (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL')) { - $scheme = 'https://'; - $port = ''; - } - else { - $scheme = 'http://'; - $port = (isset($uri['port']) && $uri['port'] != 80) ? ':'. $uri['port'] : ''; - } - $path = isset($uri['path']) ? $uri['path'] : '/'; - $query = isset($uri['query']) ? '?'. $uri['query'] : ''; - $url = $scheme . $uri['host'] . $port . $path . $query; - - // 32 character nonce. - $nonce = base64_encode(drupal_random_bytes(24)); - - if ($string) { - $auth_header = $this->authenticator($string, $nonce, $derived_key); - } - else { - $auth_header = $this->authenticator($path . $query, $nonce, $derived_key); - } - return array($auth_header, $nonce); - } - - /** - * Modify the url and add headers appropriate to authenticate to Acquia Search. - * - * @return - * The nonce used in the request. - */ - public function prepareRequest(&$url, &$options, $use_data = TRUE) { - $id = uniqid(); - if (!stristr($url,'?')) { - $url .= "?"; - } - else { - $url .= "&"; - } - $url .= 'request_id=' . $id; - if ($use_data && isset($options['data'])) { - list($cookie, $nonce) = $this->authCookie($url, $options['data']); - } - else { - list($cookie, $nonce) = $this->authCookie($url); - } - if (empty($cookie)) { - throw new Exception('Invalid authentication string - subscription keys expired or missing.'); - } - $options['headers']['Cookie'] = $cookie; - $options['headers'] += array('User-Agent' => 'search_api_acquia/'. variable_get('search_api_acquia_version', '7.x')); - $options['context'] = acquia_agent_stream_context_create($url, 'acquia_search'); - if (!$options['context']) { - throw new Exception(t("Could not create stream context")); - } - return $nonce; - } - - /** - * Validate the hmac for the response body. - * - * @return - * The response object. - */ - public function authenticateResponse($response, $nonce, $url) { - $hmac = $this->extractHmac($response->headers); - if (!$this->validResponse($hmac, $nonce, $response->data)) { - throw new Exception('Authentication of search content failed url: '. $url); - } - return $response; - } - - /** - * Look in the headers and get the hmac_digest out. - * - * @see acquia_search_extract_hmac() - */ - protected function extractHmac($headers) { - $reg = array(); - if (is_array($headers)) { - foreach ($headers as $name => $value) { - if (strtolower($name) == 'pragma' && preg_match("/hmac_digest=([^;]+);/i", $value, $reg)) { - return trim($reg[1]); - } - } - } - return ''; - } - - /** - * Validate the authenticity of returned data using a nonce and HMAC-SHA1. - * - * @return boolean - * TRUE or FALSE depending on whether the response is valid. - * - * @see acquia_search_valid_response() - */ - protected function validResponse($hmac, $nonce, $string, $derived_key = NULL) { - if (empty($derived_key)) { - $derived_key = $this->derivedKey(); - } - return $hmac == hash_hmac('sha1', $nonce . $string, $derived_key); - } - - /** - * Overrides SearchApiSolrHttpTransport::performHttpRequest(). - * - * Adds the data to the query string required for HMAC authentication, - * executes the search query. - */ - protected function performHttpRequest($method, $url, $timeout, $rawPost = NULL, $contentType = NULL) { - $options = array( - 'method' => $method, - 'timeout' => $timeout && $timeout > 0 ? $timeout : $this->getDefaultTimeout(), - 'headers' => array(), - ); - - if ($this->http_auth) { - $options['headers']['Authorization'] = $this->http_auth; - } - if ($timeout) { - $options['timeout'] = $timeout; - } - if ($rawPost) { - $options['data'] = $rawPost; - } - if ($contentType) { - $options['headers']['Content-Type'] = $contentType; - } - - $nonce = $this->prepareRequest($url, $options); - $response = drupal_http_request($url, $options); - $type = isset($response->headers['content-type']) ? $response->headers['content-type'] : 'text/xml'; - $body = isset($response->data) ? $response->data : NULL; - return new Apache_Solr_HttpTransport_Response($response->code, $type, $body); - } -} diff --git a/includes/SearchApiAcquiaSearchService.php b/includes/SearchApiAcquiaSearchService.php index 6e34194..5aefa02 100644 --- a/includes/SearchApiAcquiaSearchService.php +++ b/includes/SearchApiAcquiaSearchService.php @@ -5,24 +5,29 @@ * Contains SearchApiAcquiaSearchService. */ + /** * Search API service class for Acquia Search. */ class SearchApiAcquiaSearchService extends SearchApiSolrService { /** - * Overrides SearchApiSolrService::connect(). + * The connection class used by this service. + * + * Must implement SearchApiSolrConnectionInterface. + * + * @var string */ - protected function connect() { - if (!$this->solr) { - if (!class_exists('Apache_Solr_Service')) { - throw new Exception(t('SolrPhpClient library not found! Please follow the instructions in search_api_solr/INSTALL.txt for installing the Solr search module.')); - } + protected $connection_class = 'SearchApiAcquiaSearchConnection'; - // Set our special overrides if applicable - $this->setConnectionOptions(); - // Set the solr connection object. - $this->solr = new SearchApiAcquiaSearchConnection($this->options); + /** + * Create a connection to the Solr server as configured in $this->options. + */ + protected function connect() { + parent::connect(); + // allow the connection to override the derived key + if (isset($this->options['derived_key'])) { + $this->solr->setDerivedKey($options['derived_key']); } } @@ -36,11 +41,11 @@ class SearchApiAcquiaSearchService extends SearchApiSolrService { $this->setConnectionOptions(); $options = $this->options; - $url = 'http://' . $options['host'] . ':' . $options['port'] . $options['path']; + $url = $options['scheme'] . '://' . $options['host'] . ':' . $options['port'] . $options['path']; $output .= "
\n
"; $output .= t('Acquia Search Server'); $output .= "
\n
"; - $output .= l($url, $url); + $output .= $url; $output .= '
'; if ($options['http_user']) { $output .= "\n
"; @@ -74,14 +79,11 @@ class SearchApiAcquiaSearchService extends SearchApiSolrService { $search_host = variable_get('acquia_search_host', 'search.acquia.com'); } - // Get our default port - $search_port = variable_get('acquia_search_port', '80'); // Get our solr path $search_path = variable_get('acquia_search_path', '/solr/' . $identifier); $this->options['host'] = $search_host; $this->options['path'] = $search_path; - $this->options['port'] = $search_port; // We can also have overrides per server setting. // Apply the overrides in the "search_api_acquia_overrides" variable. @@ -105,10 +107,8 @@ class SearchApiAcquiaSearchService extends SearchApiSolrService { $options = $this->options += array( 'edismax' => 0, - 'host' => $search_host, - 'port' => '80', - 'path' => variable_get('acquia_search_path', '/solr/' . $identifier), 'modify_acquia_connection' => FALSE, + 'scheme' => 'http', ); // HTTP authentication is not needed since Acquia Search uses an HMAC @@ -133,7 +133,6 @@ class SearchApiAcquiaSearchService extends SearchApiSolrService { // Re-sets defaults with Acquia information. $form['host']['#default_value'] = $options['host']; - $form['port']['#default_value'] = $options['port']; $form['path']['#default_value'] = $options['path']; // Only display fields if we are modifying the connection parameters to the @@ -144,12 +143,18 @@ class SearchApiAcquiaSearchService extends SearchApiSolrService { ), ); $form['host']['#states'] = $states; - $form['port']['#states'] = $states; $form['path']['#states'] = $states; + if ($this->options['scheme'] == 'https') { + $this->options['port'] = '443'; + } + else { + $this->options['port'] = '80'; + } + // We cannot connect directly to the Solr instance, so don't make it a link. if (isset($form['server_description'])) { - $url = 'http://' . $this->options['host'] . ':' . $this->options['port'] . $this->options['path']; + $url = $this->options['scheme'] . '://' . $this->options['host'] . ':' . $this->options['port'] . $this->options['path']; $form['server_description'] = array( '#type' => 'item', '#title' => t('Acquia Search URI'),