/03_Development/profiles/acquia/modules/acquia_connector/acquia_agent/acquia_agent.module

<?php

/**
 * @file
 *   Acquia Agent securely sends information to Acquia Network.
 */

/**
 * XML-RPC errors defined by the Acquia Network.
 */
define('SUBSCRIPTION_NOT_FOUND'       , 1000);
define('SUBSCRIPTION_KEY_MISMATCH'    , 1100);
define('SUBSCRIPTION_EXPIRED'         , 1200);
define('SUBSCRIPTION_REPLAY_ATTACK'   , 1300);
define('SUBSCRIPTION_KEY_NOT_FOUND'   , 1400);
define('SUBSCRIPTION_MESSAGE_FUTURE'  , 1500);
define('SUBSCRIPTION_MESSAGE_EXPIRED' , 1600);
define('SUBSCRIPTION_MESSAGE_INVALID' , 1700);
define('SUBSCRIPTION_VALIDATION_ERROR', 1800);
define('SUBSCRIPTION_PROVISION_ERROR' , 9000);

/**
 * Subscription message lifetime defined by the Acquia Network.
 */
define('SUBSCRIPTION_MESSAGE_LIFETIME', 15*60);

/**
 * Implementation of hook_menu().
 */
function acquia_agent_menu() {
  $items['admin/config/system/acquia-agent'] = array(
    'title' => 'Acquia Network settings',
    'description' => 'Connect your site to the Acquia Network.',
    'page callback' => 'acquia_agent_settings_page',
    'file' => 'acquia_agent.pages.inc',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/config/system/acquia-agent/setup'] = array(
    'title' => 'Acquia Network automatic setup',
    'description' => 'Connect your site to the Acquia Network.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('acquia_agent_automatic_setup_form'),
    'file' => 'acquia_agent.pages.inc',
    'access arguments' => array('administer site configuration'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/config/system/acquia-agent/credentials'] = array(
    'title' => 'Acquia Network credentials',
    'description' => 'Connect your site to the Acquia Network.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('acquia_agent_settings_credentials'),
    'file' => 'acquia_agent.pages.inc',
    'access arguments' => array('administer site configuration'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/config/system/acquia-agent/migrate'] = array(
    'title' => 'Acquia Cloud Migrate',
    'description' => 'Migrate your site to Acquia Cloud.',
    'page callback' => 'acquia_agent_migrate_page',
    'file' => 'acquia_agent.pages.inc',
    'access arguments' => array('administer site configuration'),
    'type' => MENU_CALLBACK,
  );
  $items['system/acquia-migrate-check'] = array(
    'title' => 'Upload capable',
    'description' => 'Check for Acquia Cloud migrate capabilities',
    'page callback' => 'acquia_agent_migrate_check',
    'file' => 'acquia_agent.migrate.inc',
    'access arguments' => array('access content'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/config/system/acquia-agent/refresh-status'] = array(
    'title' => 'Manual update check',
    'page callback' => 'acquia_agent_refresh_status',
    'access arguments' => array('administer site configuration'),
    'type' => MENU_CALLBACK,
  );
  return $items;
}

/**
 * Implement hook_page_alter().
 */
function acquia_agent_page_alter(&$page) {
  if (isset($page['page_top']['toolbar']) && user_access('administer site configuration')) {
    $page['page_top']['toolbar']['#pre_render'][] = 'acquia_agent_toolbar_add_links';
  }
}

/**
 * Pre-render function which dynamically adds links to the toolbar.
 */
function acquia_agent_toolbar_add_links($toolbar) {
    $link['html'] = TRUE;
    if (acquia_agent_subscription_is_active()) {
      $subscription = acquia_agent_settings('acquia_subscription_data');
      // Yes, this uses inline CSS, which sounds bad, but including a CSS file
      // just for this sounds equally bad.
      $icon = '<img src="'. base_path() . 'misc/message-16-ok.png" alt="ok" style="vertical-align: middle;" />';
      $link['title'] = t("!icon Subscription active (expires @date)", array('!icon' => $icon, '@date' => format_date(strtotime($subscription['expiration_date']['value']), 'custom', 'Y/n/j')));
      $link['attributes']['class'][] = "acquia-active-subscription";
      $link['attributes']['title'] = $subscription['product']['view'];
      $link['href'] = $subscription['href'];
    }
    else {
      // Yes, this uses inline CSS, which sounds bad, but including a CSS file
      // just for this sounds equally bad.
      $icon = '<img src="'. base_path() . 'misc/message-16-error.png" alt="error" style="vertical-align: middle;" />';
      $link['title'] = t("!icon Subscription not active", array('!icon' => $icon));
      $link['attributes']['class'][] = "acquia-inactive-subscription";
      $link['href'] = 'http://acquia.com/network';
    }

  $toolbar['toolbar_user']['#links'] = array_merge(array('acquia_agent' => $link), $toolbar['toolbar_user']['#links']);
  return $toolbar;
}

/**
 * Implementation of hook_init().
 */
function acquia_agent_init() {
  if ((arg(0) != 'overlay-ajax') &&
      (arg(3) != 'acquia-agent') &&
      empty($_POST) && 
      user_access('administer site configuration') &&
      (!acquia_agent_has_credentials())) {
    $text = 'Get a <a href="!acquia-free">free 30-day trial</a> of the Acquia Network which includes a <a href="!library" target="_blank">library</a> of expert knowledge, <a href="!services" target="_blank">tools and services</a> to make your site awesome, and <a href="!support" target="_blank">Drupal support</a> when you need it.<br/>If you have an Acquia Network subscription, <a href="!settings">connect now</a>. Otherwise, you can turn this message off by disabling the Acquia Network <a href="!admin-modules">modules</a>.';
    $message = t($text, array('!acquia-free' => url('admin/config/system/acquia-agent'), '!library' => url('http://library.acquia.com'), '!settings' => url('admin/config/system/acquia-agent/setup'), '!support' => url('http://www.acquia.com/drupal-support'), '!services' => url('http://www.acquia.com/products-services/acquia-network/cloud-services'), '!admin-modules' => url('admin/modules')));
    drupal_set_message($message, 'warning', FALSE);
  }
}

/**
 * Implementation of hook_theme().
 */
function acquia_agent_theme() {
  return array(
    'acquia_agent_banner_form' => array(
      'render element' => 'form',
      'file' => 'acquia_agent.pages.inc',
    ),
  );
}

/**
 * Get subscription status from the Acquia Network, and store the result.
 *
 * This check also sends a heartbeat to the Acquia Network unless
 * $params['no_heartbeat'] == 1.
 */
function acquia_agent_check_subscription($params = array()) {
  // Default return value is FALSE.
  $subscription = FALSE;
  if (!acquia_agent_has_credentials()) {
    // If there is not an identifier or key, delete any old subscription data.
    variable_del('acquia_subscription_data');
  }
  else {
    // There is an identifier and key, so attempt communication.

    // Include version number information.
    acquia_agent_load_versions();
    if (IS_ACQUIA_DRUPAL) {
      $params['version']  = ACQUIA_DRUPAL_VERSION;
      $params['series']   = ACQUIA_DRUPAL_SERIES;
      $params['branch']   = ACQUIA_DRUPAL_BRANCH;
      $params['revision'] = ACQUIA_DRUPAL_REVISION;
    }
    // Include Acquia Search module version number.
    if (module_exists('acquia_search')) {
      foreach (array('acquia_search', 'apachesolr') as $name) {
        $info = system_get_info('module', $name);
        // Send the version, or at least the core compatibility as a fallback.
        $params['search_version'][$name] = isset($info['version']) ? (string)$info['version'] : (string)$info['core'];
      }
    }
    $data = acquia_agent_call('acquia.agent.subscription', $params);
    $subscription['timestamp'] = REQUEST_TIME;
    if ($errno = xmlrpc_errno()) {
      switch ($errno) {
        case SUBSCRIPTION_NOT_FOUND:
        case SUBSCRIPTION_EXPIRED:
          variable_del('acquia_subscription_data');
          break;
      }
    }
    elseif (acquia_agent_valid_response($data)) {
      $subscription += $data['result']['body'];
      variable_set('acquia_subscription_data', $subscription);
    }
    else {
      watchdog('acquia agent', 'HMAC validation error: <pre>@data</pre>', array('@data' => print_r($data, TRUE)), WATCHDOG_ERROR);
    }
  }

  module_invoke_all('acquia_subscription_status', acquia_agent_subscription_is_active());

  return $subscription;
}

function acquia_agent_report_xmlrpc_error() {
  drupal_set_message(t('Error: @message (@errno)', array('@message' => xmlrpc_error_msg(), '@errno' => xmlrpc_errno())), 'error');
}

/**
 * Implementation of hook_update_status_alter().
 *
 * This compares the array of computed information about projects that are
 * missing available updates with the saved settings. If the settings specify
 * that a particular project or release should be ignored, the status for that
 * project is altered to indicate it is ignored because of settings.
 *
 * @param $projects
 *   Reference to an array of information about available updates to each
 *   project installed on the system.
 *
 * @see update_calculate_project_data()
 */
function acquia_agent_update_status_alter(&$projects) {

  if (!$subscription = acquia_agent_has_update_service()) {
    // Get subscription data or return if the service is not enabled.
    return;
  }

  foreach ($projects as $project => $project_info) {
    if ($project == 'drupal') {
      if (isset($subscription['update'])) {
        $projects[$project]['status'] = $subscription['update']['status'];
        $projects[$project]['releases'] = $subscription['update']['releases'];
        $projects[$project]['recommended'] = $subscription['update']['recommended'];
        $projects[$project]['latest_version'] = $subscription['update']['latest_version'];
        // Security updates are a separate piece of data.  If we leave it, then core
        // security warnings from druapl.org will also be displayed on the update page.
        unset($projects[$project]['security updates']);
      }
      else {
        $projects[$project]['status'] = UPDATE_NOT_CHECKED;
        $projects[$project]['reason'] = t('No information available from the Acquia Network');
        unset($projects[$project]['releases']);
        unset($projects[$project]['recommended']);
      }
      $projects[$project]['link'] = 'http://acquia.com/products-services/acquia-drupal';
      $projects[$project]['title'] = 'Acquia Drupal';
      $projects[$project]['existing_version'] = ACQUIA_DRUPAL_VERSION;
      $projects[$project]['install_type'] = 'official';
      unset($projects[$project]['extra']);
    }
    elseif ($project_info['datestamp'] == 'acquia drupal') {
      $projects['drupal']['includes'][$project] = $project_info['title'];
      unset($projects[$project]);
    }
  }
}

/**
 * Implementation of hook_system_info_alter()
 */
function acquia_agent_system_info_alter(&$info) {
  if (!$subscription = acquia_agent_has_update_service()) {
    // Get subscription data or return if the service is not enabled.
    return;
  }
  if (isset($info['acquia'])) {
    // Slight hack - the datestamp field is carried thourgh by update.module.
    $info['datestamp'] = 'acquia drupal';
  }
}

/**
 * Returns the stored subscription data if update service is enabled or FALSE otherwise.
 */
function acquia_agent_has_update_service() {
  // Include version number information.
  acquia_agent_load_versions();

  $subscription = acquia_agent_settings('acquia_subscription_data');
  if (!IS_ACQUIA_DRUPAL || empty($subscription['active']) || (isset($subscription['update_service']) && empty($subscription['update_service']))) {
    // We don't have update service if (1) this is not Acquia Drupal, (2) there
    // is no subscription or (3) the update service was disabled on acquia.com.
    // Requiring the update_service key and checking its value separately is
    // important for backwards compatibility. Isset & empty tells us
    // that the web service willingly told us to not do update notifications.
    return FALSE;
  }

  return $subscription;
}

/**
 * Implemetation of hook_menu_alter()
 */
function acquia_agent_menu_alter(&$items) {
  if (isset($items['admin/reports/updates/check'])) {
    $items['admin/reports/updates/check']['page callback'] = 'acquia_agent_manual_status';
  }
}

/**
 * Menu callback for 'admin/config/system/acquia-agent/refresh-status'.
 */
function acquia_agent_refresh_status() {
  // Refresh subscription information, so we are sure about our update status.
  // We send a heartbeat here so that all of our status information gets
  // updated locally via the return data.
  acquia_agent_check_subscription();
  // Return to the setting page (or destination)
  drupal_goto('admin/config/system/acquia-agent');
}

/**
 * Substituted menu callback for 'admin/reports/updates/check'.
 */
function acquia_agent_manual_status() {
  // Refresh subscription information, so we are sure about our update status.
  // We send a heartbeat here so that all of our status information gets
  // updated locally via the return data.
  acquia_agent_check_subscription();
  // This callback will only ever be available if update module is active.
  update_manual_status();
}

/**
 * Implementation of hook_cron().
 */
function acquia_agent_cron() {
  // Check subscription and send a heartbeat to Acquia Network via XML-RPC.
  acquia_agent_check_subscription();
}

/**
 * Implementation of hook_watchdog().
 */
function acquia_agent_watchdog($log_entry) {
  // Make sure that even when cron failures prevent hook_cron() from being
  // called, we still send out a heartbeat.
  $cron_failure_messages = array(
    'Cron has been running for more than an hour and is most likely stuck.',
    'Attempting to re-run cron while it is already running.',
  );
  if (in_array($log_entry['message'], $cron_failure_messages, TRUE)) {
    acquia_agent_check_subscription();
  }
}

/**
 * @defgroup acquia_admin_menu Alter or add to the administration menu.
 * @{
 * The admin_menu module is enabled by default - we alter it to add our icon and
 * subscription information.
 */

/**
 * Implementation of hook_admin_menu().
 */
 function acquia_agent_admin_menu() {
  // Add link to show current subscription status
  $links[] = array(
    'title' => 'acquia_subscription_status',
    'path' => 'http://acquia.com',
    'weight' => -80,
    'parent_path' => '<root>',
    'options' => array('extra class' => 'admin-menu-action acquia-subscription-status', 'html' => TRUE),
  );

  return $links;
}

/**
 * Implements hook_help().
 */
function acquia_agent_help($path, $arg) {
  switch ($path) {
    case 'admin/help#acquia_agent':
      $output = '<h2>' . t('Acquia Network and Connector modules') . '</h2>';
      $output .= '<p>' . t("The Acquia Network Connector suite of modules allow you to connect your site to the Acquia Network and use its variety of services.") . '<p>';
      $output .= '<dl>';
      $output .= '<dt>Acquia Agent</dt>';
      $output .= '<dd>' . t('Enables secure communication between your Drupal sites and the Acquia Network.') . '</dt>';
      $output .= '<dt>Acquia SPI</dt>';
      $output .= '<dd>' . t('Automates the collection of site information. Required for use with the Acquia Insight service.') . '</dt>';
      $output .= '<dt>Acquia Search</dt>';
      $output .= '<dd>' . t('Provides authentication service to the Apache Solr Search Integration module to enable use of Acquia\'s hosted Solr search indexes.') . '</dt>';
      $output .= '</dl>';
      $output .= '<h3>' . t('Configuration settings') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Data collection and examination') . '</dt>';
      $output .= '<dd>' . t('Upon cron (or if configured to run manually) information about your site will be sent and analyzed as part of the Acquia Insight service. You can optionally exclude information about admin privileges, content and user count, and watchdog logs.');
      $output .= '<dt>' . t('Source code analysis') . '</dt>';
      $output .= '<dd>' . t('If enhanced SSL security is enabled for your site and outside connections are allowed, Acquia Insight will examine the source code of your site to detect alterations and provide code diffs and update recommentations.');
      $output .= '<dt>' . t('Enhanced SSL security') . '</dt>';
      $output .= '<dd>' . t('The Acquia Connector will attempt to verify Acquia server identities before sending data if SSL is avaliable. May cause communication to fail, however, depending on your local configuration.');
      $ssl_available = (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL'));
      if ($ssl_available) {
        $output .= ' <div class="messages ok">'. t('PHP has SSL support and may support this feature.') .'</div></dd>';
      }
      else {
        $output .= ' <div class="messages error">'. t('Your installation of PHP does not have SSL support. Please enable the SSL extension or compile PHP with SSL to use this feature, see: <a href="http://php.net/manual/en/book.openssl.php" target="_blank">http://php.net/manual/en/book.openssl.php</a>.') .'</div></dd>';
      }
      $output .= '<dt>' . t('Receive updates from Acquia Network') . '</dt>';
      $output .= '<dd>' . t('Receive dynamic updates on the Network Settings page from Acquia.com about your subscription and new features.') . '</dd>';
      $output .= '</dl>';
      return $output;
  }
}

/**
 * Render an icon to display in the Administration Menu.
 */
function acquia_agent_menu_icon() {
  return '<img class="admin-menu-icon" src="' . base_path() . drupal_get_path('module', 'acquia_agent') . '/acquia.ico" height = "16" alt="" />';
}


/**
 * @} End of "acquia_admin_menu".
 */

/**
 * Validate identifier/key pair via XML-RPC call to Acquia Network address.
 *
 * This is generaly only useful when actually entering the values in the form.
 * Normally, use acquia_agent_check_subscription() since it also validates
 * the response.
 */
function acquia_agent_valid_credentials($identifier, $key, $acquia_network_address = NULL) {
  $data = acquia_agent_call('acquia.agent.validate', array(), $identifier, $key, $acquia_network_address);
  return (bool)$data['result'];
}

/**
 * Prepare and send a XML-RPC request to Acquia Network with an authenticator.
 *
 */
function acquia_agent_call($method, $params, $identifier = NULL, $key = NULL, $acquia_network_address = NULL) {
  $acquia_network_address = acquia_agent_network_address($acquia_network_address);
  $ip = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : '';
  $host = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : '';
  $ssl = isset($_SERVER["HTTPS"]) ? TRUE : FALSE;
  $data = array(
    'authenticator' => _acquia_agent_authenticator($params, $identifier, $key),
    'ip' => $ip,
    'host' => $host,
    'ssl' => $ssl,
    'body' => $params,
  );
  $data['result'] = _acquia_agent_request($acquia_network_address, $method, $data);
  return $data;
}

/**
 * Returns an error message for the most recent (failed) attempt to connect
 * to the Acquia Network during the current page request. If there were no
 * failed attempts, returns FALSE.
 *
 * This function assumes that the most recent XML-RPC error came from the
 * Acquia Network; otherwise, it will not work correctly.
 */
function acquia_agent_connection_error_message() {
  $errno = xmlrpc_errno();
  if ($errno) {
    switch ($errno) {
      case SUBSCRIPTION_NOT_FOUND:
        return t('The identifier you have provided does not exist in the Acquia Network or is expired. Please make sure you have used the correct value and try again.');
        break;
      case SUBSCRIPTION_EXPIRED:
        return t('Your Acquia Network subscription has expired. Please renew your subscription so that you can resume using Acquia Network services.');
        break;
      case SUBSCRIPTION_MESSAGE_FUTURE:
        return t('Your server is unable to communicate with the Acquia Network due to a problem with your clock settings. For security reasons, we reject messages that are more than @time ahead of the actual time recorded by our servers. Please fix the clock on your server and try again.', array('@time' => format_interval(SUBSCRIPTION_MESSAGE_LIFETIME)));
        break;
      case SUBSCRIPTION_MESSAGE_EXPIRED:
        return t('Your server is unable to communicate with the Acquia Network due to a problem with your clock settings. For security reasons, we reject messages that are more than @time older than the actual time recorded by our servers. Please fix the clock on your server and try again.', array('@time' => format_interval(SUBSCRIPTION_MESSAGE_LIFETIME)));
        break;
      case SUBSCRIPTION_VALIDATION_ERROR:
        return t('The identifier and key you have provided for the Acquia Network do not match. Please make sure you have used the correct values and try again.');
        break;
      default:
        return t('There is an error communicating with the Acquia Network at this time. Please check your identifier and key and try again.');
        break;
    }
  }
  return FALSE;
}

/**
 * Helper function to build the xmlrpc target address.
 */
function acquia_agent_network_address($acquia_network_address = NULL) {
  if (empty($acquia_network_address)) {
    $acquia_network_address = acquia_agent_settings('acquia_network_address');
  }
  // Strip protocol (scheme) from Network address
  $uri = parse_url($acquia_network_address);
  if (isset($uri['host'])) {
    $acquia_network_address = $uri['host'];
  }
  $acquia_network_address .= isset($uri['port']) ? ':' . $uri['port'] : '';
  $acquia_network_address .= (isset($uri['path']) && isset($uri['host'])) ? $uri['path'] : '';
  // Add a scheme based on PHP's capacity.
  if (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL')) {
    // OpenSSL is available in PHP
    $acquia_network_address = 'https://' . $acquia_network_address;
  }
  else {
    $acquia_network_address = 'http://' . $acquia_network_address;
  }
  $acquia_network_address .= '/xmlrpc.php';
  return $acquia_network_address;
}

/**
 * Helper function to check if an identifer and key exist.
 */
function acquia_agent_has_credentials() {
  return (bool)(variable_get('acquia_identifier', FALSE) && variable_get('acquia_key', FALSE));
}

/**
 * Helper function to check if the site has an active subscription.
 */
function acquia_agent_subscription_is_active() {
  $active = FALSE;
  // Subscription cannot be active if we have no credentials.
  if (acquia_agent_has_credentials()) {
    $subscription = acquia_agent_settings('acquia_subscription_data');
    // Make sure we have data at least once per day.
    if (isset($subscription['timestamp']) && (time() - $subscription['timestamp'] > 60*60*24)) {
      $subscription = acquia_agent_check_subscription(array('no_heartbeat' => 1));
    }
    $active = !empty($subscription['active']);
  }
  return $active;
}

/**
 * Helper function so that we don't need to repeat defaults.
 */
function acquia_agent_settings($variable_name) {
  switch ($variable_name) {
    case 'acquia_identifier':
      return variable_get('acquia_identifier', '');
    case 'acquia_key':
      return variable_get('acquia_key', '');
    case 'acquia_network_address':
      return variable_get('acquia_network_address', 'https://rpc.acquia.com');
    case 'acquia_subscription_data':
      return variable_get('acquia_subscription_data', array('active' => FALSE));
    case 'acquia_subscription_name':
      return variable_get('acquia_subscription_name', '');
  }
}

/**
 * API function used by others to ensure version information is loaded.
 *
 * Saves us some cycles to not load it each time, when it is actually
 * not needed. We store this in a separate file, so that the Acquia
 * build process only needs to alter that file instead of the main
 * module file.
 */
function acquia_agent_load_versions() {
  // Include version number information.
  include_once 'acquia_agent_drupal_version.inc';
}

/**
 * Implementation of hook_form_[form_id]_alter()..
 */
function acquia_agent_form_system_modules_alter(&$form, &$form_state) {

  if (isset($form['description']['acquia_search'])) {
    $subscription = acquia_agent_settings('acquia_subscription_data');

    if (!module_exists('acquia_search') && empty($subscription['active'])) {
      $form['status']['#disabled_modules'][] = 'acquia_search';
      $text = 'Acquia Search requires an <a href="@network-url">Acquia Network subscription</a>';
      $message = t($text, array('@network-url' => 'http://acquia.com/products-services/acquia-search'));
      $form['description']['acquia_search']['#value'] = '<div style="padding-left:5px; margin:8px 0px" class="messages warning" id="acquia-agent-no-search">' . $message . '</div>' . $form['description']['acquia_search']['#value'];
    }
  }
}

/**
 * Builds a stream context based on a url and local .pem file if available.
 */
function acquia_agent_stream_context_create($url, $module = 'acquia_agent') {
  $opts = array();
  $uri = parse_url($url);
  $ssl_available = in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL') && variable_get('acquia_agent_verify_peer', 1);
  if (isset($uri['scheme']) && ($uri['scheme'] == 'https') && $ssl_available) {
    // Look for a local certificate to validate the server identity.
    $pem_file = drupal_get_path('module', $module) . '/' . $uri['host'] . '.pem';
    if (file_exists($pem_file)) {
      $opts['ssl'] = array(
        'verify_peer' => TRUE,
        'cafile' => $pem_file,
        'allow_self_signed' => FALSE, // doesn't mean anything in this case
        'CN_match' => $uri['host']);
    }
  }
  return stream_context_create($opts);
}


/**
 * Determine if a response from the Acquia Network is valid.
 *
 * @param $data
 *   The data array returned by acquia_agent_call().
 * @return
 *   TRUE or FALSE.
 */
function acquia_agent_valid_response($data) {
  $authenticator = $data['authenticator'];
  $result = $data['result'];
  $result_auth = $result['authenticator'];
  $valid = ($authenticator['nonce'] == $result_auth['nonce']);
  $valid = $valid && ($authenticator['time'] < $result_auth['time']);
  $key = acquia_agent_settings('acquia_key');
  $hash = _acquia_agent_hmac($key, $result_auth['time'], $result_auth['nonce'], $result['body']);
  return $valid && ($hash == $result_auth['hash']);
}

/**
 * Send a XML-RPC request.
 *
 * This function should never be called directly - use acquia_agent_call().
 */
function _acquia_agent_request($url, $method, $data) {
  $ctx = acquia_agent_stream_context_create($url);
  if (!$ctx) {
    // TODO: what's a meaningful fault code?
    xmlrpc_error(-1, t('SSL is not supported or setup failed'));
    $result = FALSE;
  }
  else {
    $result = xmlrpc($url, array($method => array($data)), array('context' => $ctx));
  }
  if ($errno = xmlrpc_errno()) {
    watchdog('acquia agent', '@message (@errno): %server - %method - <pre>@data</pre>', array('@message' => xmlrpc_error_msg(), '@errno' => xmlrpc_errno(), '%server' => $url, '%method' => $method, '@data' => print_r($data, TRUE)), WATCHDOG_ERROR);
  }
  return $result;
}

/**
 * Creates an authenticator based on xmlrpc params and a HMAC-SHA1.
 */
function _acquia_agent_authenticator($params = array(), $identifier = NULL, $key = NULL) {
  if (empty($identifier)) {
    $identifier = acquia_agent_settings('acquia_identifier');
  }
  if (empty($key)) {
    $key = acquia_agent_settings('acquia_key');
  }
  $time = REQUEST_TIME;
  $nonce = base64_encode(hash('sha256', drupal_random_bytes(55), TRUE));
  $authenticator['identifier'] = $identifier;
  $authenticator['time'] = $time;
  $authenticator['hash'] = _acquia_agent_hmac($key, $time, $nonce, $params);
  $authenticator['nonce'] = $nonce;
  return $authenticator;
}

/**
 * Calculates a HMAC-SHA1 according to RFC2104 (http://www.ietf.org/rfc/rfc2104.txt).
 * With addition of xmlrpc params.
 */
function _acquia_agent_hmac($key, $time, $nonce, $params) {
  if (empty($params['rpc_version']) || $params['rpc_version'] < 2) {
    $encoded_params = serialize($params);
    $string = $time .':'. $nonce .':'. $key .':'. $encoded_params;

    return base64_encode(
      pack("H*", sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x5c), 64))) .
      pack("H*", sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x36), 64))) .
      $string)))));
  }
  elseif ($params['rpc_version'] == 2) {
    $encoded_params = json_encode($params);
    $string = $time .':'. $nonce .':'. $encoded_params;
    return sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x5c), 64))) . pack("H*", sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x36), 64))) . $string)));
  }
  else {
    $string = $time .':'. $nonce;
    return sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x5c), 64))) . pack("H*", sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x36), 64))) . $string)));
  }
}

/**
 * Creates an authenticator for XML-RPC calls without Network identifier or key.
 *
 * @param array $body array of values being sent to remote server
 * @param string $pass
 */
function _acquia_agent_create_authenticator($body, $pass = NULL) {
  $auth = array();
  $auth['time'] = REQUEST_TIME;
  $auth['nonce'] = base64_encode(hash('sha256', drupal_random_bytes(55), TRUE));
  if (isset($pass)) {
    $auth['hash'] = _acquia_agent_hmac($pass, $auth['time'], $auth['nonce'], $body);
  }
  else {
    // XML-RPC interface requires this parameter to be a string.
    // Just pass a dummy value.
    $auth['hash'] = 'x';
  }
  return $auth;
}