nextcloud / server

lib/public/Files/IMimeTypeDetector.php

Indentation +70 added lines, -70 removed lines

@@ -17,82 +17,82 @@
  * Interface to handle MIME type (detection and icon retrieval)
  **/
 interface IMimeTypeDetector {
-	/**
-	 * Detect MIME type only based on filename, content of file is not used
-	 * @param string $path
-	 * @return string
-	 * @since 8.2.0
-	 */
-	public function detectPath($path);
+    /**
+     * Detect MIME type only based on filename, content of file is not used
+     * @param string $path
+     * @return string
+     * @since 8.2.0
+     */
+    public function detectPath($path);
 
-	/**
-	 * Detect MIME type only based on the content of file
-	 * @param string $path
-	 * @return string
-	 * @since 18.0.0
-	 */
-	public function detectContent(string $path): string;
+    /**
+     * Detect MIME type only based on the content of file
+     * @param string $path
+     * @return string
+     * @since 18.0.0
+     */
+    public function detectContent(string $path): string;
 
-	/**
-	 * Detect MIME type based on both filename and content
-	 *
-	 * @param string $path
-	 * @return string
-	 * @since 8.2.0
-	 */
-	public function detect($path);
+    /**
+     * Detect MIME type based on both filename and content
+     *
+     * @param string $path
+     * @return string
+     * @since 8.2.0
+     */
+    public function detect($path);
 
-	/**
-	 * Get a secure MIME type that won't expose potential XSS.
-	 *
-	 * @param string $mimeType
-	 * @return string
-	 * @since 8.2.0
-	 */
-	public function getSecureMimeType($mimeType);
+    /**
+     * Get a secure MIME type that won't expose potential XSS.
+     *
+     * @param string $mimeType
+     * @return string
+     * @since 8.2.0
+     */
+    public function getSecureMimeType($mimeType);
 
-	/**
-	 * Detect MIME type based on the content of a string
-	 *
-	 * @param string $data
-	 * @return string
-	 * @since 8.2.0
-	 */
-	public function detectString($data);
+    /**
+     * Detect MIME type based on the content of a string
+     *
+     * @param string $data
+     * @return string
+     * @since 8.2.0
+     */
+    public function detectString($data);
 
-	/**
-	 * Get path to the icon of a file type
-	 * @param string $mimeType the MIME type
-	 * @return string the url
-	 * @since 8.2.0
-	 */
-	public function mimeTypeIcon($mimeType);
+    /**
+     * Get path to the icon of a file type
+     * @param string $mimeType the MIME type
+     * @return string the url
+     * @since 8.2.0
+     */
+    public function mimeTypeIcon($mimeType);
 
-	/**
-	 * @return array<string,string>
-	 * @since 28.0.0
-	 */
-	public function getAllAliases(): array;
+    /**
+     * @return array<string,string>
+     * @since 28.0.0
+     */
+    public function getAllAliases(): array;
 
-	/**
-	 * Get all extension to MIME type mappings.
-	 *
-	 * The return format is an array of the file extension, as the key,
-	 * mapped to a list where the first entry is the MIME type
-	 * and the second entry is the secure MIME type (or null if none).
-	 * Due to PHP idiosyncrasies if a numeric string is set as the extension,
-	 * then also the array key (file extension) is a number instead of a string.
-	 *
-	 * @return array<list{string, string|null}>
-	 * @since 32.0.0
-	 */
-	public function getAllMappings(): array;
+    /**
+     * Get all extension to MIME type mappings.
+     *
+     * The return format is an array of the file extension, as the key,
+     * mapped to a list where the first entry is the MIME type
+     * and the second entry is the secure MIME type (or null if none).
+     * Due to PHP idiosyncrasies if a numeric string is set as the extension,
+     * then also the array key (file extension) is a number instead of a string.
+     *
+     * @return array<list{string, string|null}>
+     * @since 32.0.0
+     */
+    public function getAllMappings(): array;
 
-	/**
-	 * Get all human readable mime names
-	 *
-	 * @return array<string,string>
-	 * @since 32.0.0
-	 */
-	public function getAllNamings(): array;
+    /**
+     * Get all human readable mime names
+     *
+     * @return array<string,string>
+     * @since 32.0.0
+     */
+    public function getAllNamings(): array;
 }

lib/private/IntegrityCheck/Checker.php

Indentation +519 added lines, -519 removed lines

@@ -36,523 +36,523 @@
  * @package OC\IntegrityCheck
  */
 class Checker {
-	public const CACHE_KEY = 'oc.integritycheck.checker';
-
-	private ICache $cache;
-
-	public function __construct(
-		private ServerVersion $serverVersion,
-		private EnvironmentHelper $environmentHelper,
-		private FileAccessHelper $fileAccessHelper,
-		private AppLocator $appLocator,
-		private ?IConfig $config,
-		private ?IAppConfig $appConfig,
-		ICacheFactory $cacheFactory,
-		private IAppManager $appManager,
-		private IMimeTypeDetector $mimeTypeDetector,
-	) {
-		$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
-	}
-
-	/**
-	 * Whether code signing is enforced or not.
-	 *
-	 * @return bool
-	 */
-	public function isCodeCheckEnforced(): bool {
-		$notSignedChannels = [ '', 'git'];
-		if (\in_array($this->serverVersion->getChannel(), $notSignedChannels, true)) {
-			return false;
-		}
-
-		/**
-		 * This config option is undocumented and supposed to be so, it's only
-		 * applicable for very specific scenarios and we should not advertise it
-		 * too prominent. So please do not add it to config.sample.php.
-		 */
-		return !($this->config?->getSystemValueBool('integrity.check.disabled', false) ?? false);
-	}
-
-	/**
-	 * Enumerates all files belonging to the folder. Sensible defaults are excluded.
-	 *
-	 * @param string $folderToIterate
-	 * @param string $root
-	 * @return \RecursiveIteratorIterator
-	 * @throws \Exception
-	 */
-	private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
-		$dirItr = new \RecursiveDirectoryIterator(
-			$folderToIterate,
-			\RecursiveDirectoryIterator::SKIP_DOTS
-		);
-		if ($root === '') {
-			$root = \OC::$SERVERROOT;
-		}
-		$root = rtrim($root, '/');
-
-		$excludeGenericFilesIterator = new ExcludeFileByNameFilterIterator($dirItr);
-		$excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator, $root);
-
-		return new \RecursiveIteratorIterator(
-			$excludeFoldersIterator,
-			\RecursiveIteratorIterator::SELF_FIRST
-		);
-	}
-
-	/**
-	 * Returns an array of ['filename' => 'SHA512-hash-of-file'] for all files found
-	 * in the iterator.
-	 *
-	 * @param \RecursiveIteratorIterator $iterator
-	 * @param string $path
-	 * @return array Array of hashes.
-	 */
-	private function generateHashes(\RecursiveIteratorIterator $iterator,
-		string $path): array {
-		$hashes = [];
-
-		$baseDirectoryLength = \strlen($path);
-		foreach ($iterator as $filename => $data) {
-			/** @var \DirectoryIterator $data */
-			if ($data->isDir()) {
-				continue;
-			}
-
-			$relativeFileName = substr($filename, $baseDirectoryLength);
-			$relativeFileName = ltrim($relativeFileName, '/');
-
-			// Exclude signature.json files in the appinfo and root folder
-			if ($relativeFileName === 'appinfo/signature.json') {
-				continue;
-			}
-			// Exclude signature.json files in the appinfo and core folder
-			if ($relativeFileName === 'core/signature.json') {
-				continue;
-			}
-
-			// The .htaccess file in the root folder of ownCloud can contain
-			// custom content after the installation due to the fact that dynamic
-			// content is written into it at installation time as well. This
-			// includes for example the 404 and 403 instructions.
-			// Thus we ignore everything below the first occurrence of
-			// "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
-			// hash generated based on this.
-			if ($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
-				$fileContent = file_get_contents($filename);
-				$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
-				if (\count($explodedArray) === 2) {
-					$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
-					continue;
-				}
-			}
-			if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
-				$oldMimetypeList = new GenerateMimetypeFileBuilder();
-				$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases(), $this->mimeTypeDetector->getAllNamings());
-				$oldFile = $this->fileAccessHelper->file_get_contents($filename);
-				if ($newFile === $oldFile) {
-					$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases(), $this->mimeTypeDetector->getAllNamings()));
-					continue;
-				}
-			}
-
-			$hashes[$relativeFileName] = hash_file('sha512', $filename);
-		}
-
-		return $hashes;
-	}
-
-	/**
-	 * Creates the signature data
-	 *
-	 * @param array $hashes
-	 * @param X509 $certificate
-	 * @param RSA $privateKey
-	 * @return array
-	 */
-	private function createSignatureData(array $hashes,
-		X509 $certificate,
-		RSA $privateKey): array {
-		ksort($hashes);
-
-		$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
-		$privateKey->setMGFHash('sha512');
-		// See https://tools.ietf.org/html/rfc3447#page-38
-		$privateKey->setSaltLength(0);
-		$signature = $privateKey->sign(json_encode($hashes));
-
-		return [
-			'hashes' => $hashes,
-			'signature' => base64_encode($signature),
-			'certificate' => $certificate->saveX509($certificate->currentCert),
-		];
-	}
-
-	/**
-	 * Write the signature of the app in the specified folder
-	 *
-	 * @param string $path
-	 * @param X509 $certificate
-	 * @param RSA $privateKey
-	 * @throws \Exception
-	 */
-	public function writeAppSignature($path,
-		X509 $certificate,
-		RSA $privateKey) {
-		$appInfoDir = $path . '/appinfo';
-		try {
-			$this->fileAccessHelper->assertDirectoryExists($appInfoDir);
-
-			$iterator = $this->getFolderIterator($path);
-			$hashes = $this->generateHashes($iterator, $path);
-			$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
-			$this->fileAccessHelper->file_put_contents(
-				$appInfoDir . '/signature.json',
-				json_encode($signature, JSON_PRETTY_PRINT)
-			);
-		} catch (\Exception $e) {
-			if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
-				throw new \Exception($appInfoDir . ' is not writable');
-			}
-			throw $e;
-		}
-	}
-
-	/**
-	 * Write the signature of core
-	 *
-	 * @param X509 $certificate
-	 * @param RSA $rsa
-	 * @param string $path
-	 * @throws \Exception
-	 */
-	public function writeCoreSignature(X509 $certificate,
-		RSA $rsa,
-		$path) {
-		$coreDir = $path . '/core';
-		try {
-			$this->fileAccessHelper->assertDirectoryExists($coreDir);
-			$iterator = $this->getFolderIterator($path, $path);
-			$hashes = $this->generateHashes($iterator, $path);
-			$signatureData = $this->createSignatureData($hashes, $certificate, $rsa);
-			$this->fileAccessHelper->file_put_contents(
-				$coreDir . '/signature.json',
-				json_encode($signatureData, JSON_PRETTY_PRINT)
-			);
-		} catch (\Exception $e) {
-			if (!$this->fileAccessHelper->is_writable($coreDir)) {
-				throw new \Exception($coreDir . ' is not writable');
-			}
-			throw $e;
-		}
-	}
-
-	/**
-	 * Split the certificate file in individual certs
-	 *
-	 * @param string $cert
-	 * @return string[]
-	 */
-	private function splitCerts(string $cert): array {
-		preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
-
-		return $matches[0];
-	}
-
-	/**
-	 * Verifies the signature for the specified path.
-	 *
-	 * @param string $signaturePath
-	 * @param string $basePath
-	 * @param string $certificateCN
-	 * @param bool $forceVerify
-	 * @return array
-	 * @throws InvalidSignatureException
-	 * @throws \Exception
-	 */
-	private function verify(string $signaturePath, string $basePath, string $certificateCN, bool $forceVerify = false): array {
-		if (!$forceVerify && !$this->isCodeCheckEnforced()) {
-			return [];
-		}
-
-		$content = $this->fileAccessHelper->file_get_contents($signaturePath);
-		$signatureData = null;
-
-		if (\is_string($content)) {
-			$signatureData = json_decode($content, true);
-		}
-		if (!\is_array($signatureData)) {
-			throw new InvalidSignatureException('Signature data not found.');
-		}
-
-		$expectedHashes = $signatureData['hashes'];
-		ksort($expectedHashes);
-		$signature = base64_decode($signatureData['signature']);
-		$certificate = $signatureData['certificate'];
-
-		// Check if certificate is signed by Nextcloud Root Authority
-		$x509 = new \phpseclib\File\X509();
-		$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
-
-		$rootCerts = $this->splitCerts($rootCertificatePublicKey);
-		foreach ($rootCerts as $rootCert) {
-			$x509->loadCA($rootCert);
-		}
-		$x509->loadX509($certificate);
-		if (!$x509->validateSignature()) {
-			throw new InvalidSignatureException('Certificate is not valid.');
-		}
-		// Verify if certificate has proper CN. "core" CN is always trusted.
-		if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
-			throw new InvalidSignatureException(
-				sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
-			);
-		}
-
-		// Check if the signature of the files is valid
-		$rsa = new \phpseclib\Crypt\RSA();
-		$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
-		$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
-		$rsa->setMGFHash('sha512');
-		// See https://tools.ietf.org/html/rfc3447#page-38
-		$rsa->setSaltLength(0);
-		if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
-			throw new InvalidSignatureException('Signature could not get verified.');
-		}
-
-		// Fixes for the updater as shipped with ownCloud 9.0.x: The updater is
-		// replaced after the code integrity check is performed.
-		//
-		// Due to this reason we exclude the whole updater/ folder from the code
-		// integrity check.
-		if ($basePath === $this->environmentHelper->getServerRoot()) {
-			foreach ($expectedHashes as $fileName => $hash) {
-				if (str_starts_with($fileName, 'updater/')) {
-					unset($expectedHashes[$fileName]);
-				}
-			}
-		}
-
-		// Compare the list of files which are not identical
-		$currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
-		$differencesA = array_diff_assoc($expectedHashes, $currentInstanceHashes);
-		$differencesB = array_diff_assoc($currentInstanceHashes, $expectedHashes);
-		$differences = array_unique(array_merge($differencesA, $differencesB));
-		$differenceArray = [];
-		foreach ($differences as $filename => $hash) {
-			// Check if file should not exist in the new signature table
-			if (!array_key_exists($filename, $expectedHashes)) {
-				$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
-				$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
-				continue;
-			}
-
-			// Check if file is missing
-			if (!array_key_exists($filename, $currentInstanceHashes)) {
-				$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
-				$differenceArray['FILE_MISSING'][$filename]['current'] = '';
-				continue;
-			}
-
-			// Check if hash does mismatch
-			if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
-				$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
-				$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
-				continue;
-			}
-
-			// Should never happen.
-			throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
-		}
-
-		return $differenceArray;
-	}
-
-	/**
-	 * Whether the code integrity check has passed successful or not
-	 *
-	 * @return bool
-	 */
-	public function hasPassedCheck(): bool {
-		$results = $this->getResults();
-		if ($results !== null && empty($results)) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return array|null Either the results or null if no results available
-	 */
-	public function getResults(): ?array {
-		$cachedResults = $this->cache->get(self::CACHE_KEY);
-		if (!\is_null($cachedResults) and $cachedResults !== false) {
-			return json_decode($cachedResults, true);
-		}
-
-		if ($this->appConfig?->hasKey('core', self::CACHE_KEY, lazy: true)) {
-			return $this->appConfig->getValueArray('core', self::CACHE_KEY, lazy: true);
-		}
-
-		// No results available
-		return null;
-	}
-
-	/**
-	 * Stores the results in the app config as well as cache
-	 *
-	 * @param string $scope
-	 * @param array $result
-	 */
-	private function storeResults(string $scope, array $result) {
-		$resultArray = $this->getResults() ?? [];
-		unset($resultArray[$scope]);
-		if (!empty($result)) {
-			$resultArray[$scope] = $result;
-		}
-		$this->appConfig?->setValueArray('core', self::CACHE_KEY, $resultArray, lazy: true);
-		$this->cache->set(self::CACHE_KEY, json_encode($resultArray));
-	}
-
-	/**
-	 *
-	 * Clean previous results for a proper rescanning. Otherwise
-	 */
-	private function cleanResults() {
-		$this->appConfig->deleteKey('core', self::CACHE_KEY);
-		$this->cache->remove(self::CACHE_KEY);
-	}
-
-	/**
-	 * Verify the signature of $appId. Returns an array with the following content:
-	 * [
-	 * 	'FILE_MISSING' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'EXTRA_FILE' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'INVALID_HASH' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * ]
-	 *
-	 * Array may be empty in case no problems have been found.
-	 *
-	 * @param string $appId
-	 * @param string $path Optional path. If none is given it will be guessed.
-	 * @param bool $forceVerify
-	 * @return array
-	 */
-	public function verifyAppSignature(string $appId, string $path = '', bool $forceVerify = false): array {
-		try {
-			if ($path === '') {
-				$path = $this->appLocator->getAppPath($appId);
-			}
-			$result = $this->verify(
-				$path . '/appinfo/signature.json',
-				$path,
-				$appId,
-				$forceVerify
-			);
-		} catch (\Exception $e) {
-			$result = [
-				'EXCEPTION' => [
-					'class' => \get_class($e),
-					'message' => $e->getMessage(),
-				],
-			];
-		}
-		$this->storeResults($appId, $result);
-
-		return $result;
-	}
-
-	/**
-	 * Verify the signature of core. Returns an array with the following content:
-	 * [
-	 * 	'FILE_MISSING' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'EXTRA_FILE' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'INVALID_HASH' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * ]
-	 *
-	 * Array may be empty in case no problems have been found.
-	 *
-	 * @return array
-	 */
-	public function verifyCoreSignature(): array {
-		try {
-			$result = $this->verify(
-				$this->environmentHelper->getServerRoot() . '/core/signature.json',
-				$this->environmentHelper->getServerRoot(),
-				'core'
-			);
-		} catch (\Exception $e) {
-			$result = [
-				'EXCEPTION' => [
-					'class' => \get_class($e),
-					'message' => $e->getMessage(),
-				],
-			];
-		}
-		$this->storeResults('core', $result);
-
-		return $result;
-	}
-
-	/**
-	 * Verify the core code of the instance as well as all applicable applications
-	 * and store the results.
-	 */
-	public function runInstanceVerification() {
-		$this->cleanResults();
-		$this->verifyCoreSignature();
-		$appIds = $this->appManager->getAllAppsInAppsFolders();
-		foreach ($appIds as $appId) {
-			// If an application is shipped a valid signature is required
-			$isShipped = $this->appManager->isShipped($appId);
-			$appNeedsToBeChecked = false;
-			if ($isShipped) {
-				$appNeedsToBeChecked = true;
-			} elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
-				// Otherwise only if the application explicitly ships a signature.json file
-				$appNeedsToBeChecked = true;
-			}
-
-			if ($appNeedsToBeChecked) {
-				$this->verifyAppSignature($appId);
-			}
-		}
-	}
+    public const CACHE_KEY = 'oc.integritycheck.checker';
+
+    private ICache $cache;
+
+    public function __construct(
+        private ServerVersion $serverVersion,
+        private EnvironmentHelper $environmentHelper,
+        private FileAccessHelper $fileAccessHelper,
+        private AppLocator $appLocator,
+        private ?IConfig $config,
+        private ?IAppConfig $appConfig,
+        ICacheFactory $cacheFactory,
+        private IAppManager $appManager,
+        private IMimeTypeDetector $mimeTypeDetector,
+    ) {
+        $this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
+    }
+
+    /**
+     * Whether code signing is enforced or not.
+     *
+     * @return bool
+     */
+    public function isCodeCheckEnforced(): bool {
+        $notSignedChannels = [ '', 'git'];
+        if (\in_array($this->serverVersion->getChannel(), $notSignedChannels, true)) {
+            return false;
+        }
+
+        /**
+         * This config option is undocumented and supposed to be so, it's only
+         * applicable for very specific scenarios and we should not advertise it
+         * too prominent. So please do not add it to config.sample.php.
+         */
+        return !($this->config?->getSystemValueBool('integrity.check.disabled', false) ?? false);
+    }
+
+    /**
+     * Enumerates all files belonging to the folder. Sensible defaults are excluded.
+     *
+     * @param string $folderToIterate
+     * @param string $root
+     * @return \RecursiveIteratorIterator
+     * @throws \Exception
+     */
+    private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
+        $dirItr = new \RecursiveDirectoryIterator(
+            $folderToIterate,
+            \RecursiveDirectoryIterator::SKIP_DOTS
+        );
+        if ($root === '') {
+            $root = \OC::$SERVERROOT;
+        }
+        $root = rtrim($root, '/');
+
+        $excludeGenericFilesIterator = new ExcludeFileByNameFilterIterator($dirItr);
+        $excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator, $root);
+
+        return new \RecursiveIteratorIterator(
+            $excludeFoldersIterator,
+            \RecursiveIteratorIterator::SELF_FIRST
+        );
+    }
+
+    /**
+     * Returns an array of ['filename' => 'SHA512-hash-of-file'] for all files found
+     * in the iterator.
+     *
+     * @param \RecursiveIteratorIterator $iterator
+     * @param string $path
+     * @return array Array of hashes.
+     */
+    private function generateHashes(\RecursiveIteratorIterator $iterator,
+        string $path): array {
+        $hashes = [];
+
+        $baseDirectoryLength = \strlen($path);
+        foreach ($iterator as $filename => $data) {
+            /** @var \DirectoryIterator $data */
+            if ($data->isDir()) {
+                continue;
+            }
+
+            $relativeFileName = substr($filename, $baseDirectoryLength);
+            $relativeFileName = ltrim($relativeFileName, '/');
+
+            // Exclude signature.json files in the appinfo and root folder
+            if ($relativeFileName === 'appinfo/signature.json') {
+                continue;
+            }
+            // Exclude signature.json files in the appinfo and core folder
+            if ($relativeFileName === 'core/signature.json') {
+                continue;
+            }
+
+            // The .htaccess file in the root folder of ownCloud can contain
+            // custom content after the installation due to the fact that dynamic
+            // content is written into it at installation time as well. This
+            // includes for example the 404 and 403 instructions.
+            // Thus we ignore everything below the first occurrence of
+            // "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
+            // hash generated based on this.
+            if ($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
+                $fileContent = file_get_contents($filename);
+                $explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
+                if (\count($explodedArray) === 2) {
+                    $hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
+                    continue;
+                }
+            }
+            if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
+                $oldMimetypeList = new GenerateMimetypeFileBuilder();
+                $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases(), $this->mimeTypeDetector->getAllNamings());
+                $oldFile = $this->fileAccessHelper->file_get_contents($filename);
+                if ($newFile === $oldFile) {
+                    $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases(), $this->mimeTypeDetector->getAllNamings()));
+                    continue;
+                }
+            }
+
+            $hashes[$relativeFileName] = hash_file('sha512', $filename);
+        }
+
+        return $hashes;
+    }
+
+    /**
+     * Creates the signature data
+     *
+     * @param array $hashes
+     * @param X509 $certificate
+     * @param RSA $privateKey
+     * @return array
+     */
+    private function createSignatureData(array $hashes,
+        X509 $certificate,
+        RSA $privateKey): array {
+        ksort($hashes);
+
+        $privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
+        $privateKey->setMGFHash('sha512');
+        // See https://tools.ietf.org/html/rfc3447#page-38
+        $privateKey->setSaltLength(0);
+        $signature = $privateKey->sign(json_encode($hashes));
+
+        return [
+            'hashes' => $hashes,
+            'signature' => base64_encode($signature),
+            'certificate' => $certificate->saveX509($certificate->currentCert),
+        ];
+    }
+
+    /**
+     * Write the signature of the app in the specified folder
+     *
+     * @param string $path
+     * @param X509 $certificate
+     * @param RSA $privateKey
+     * @throws \Exception
+     */
+    public function writeAppSignature($path,
+        X509 $certificate,
+        RSA $privateKey) {
+        $appInfoDir = $path . '/appinfo';
+        try {
+            $this->fileAccessHelper->assertDirectoryExists($appInfoDir);
+
+            $iterator = $this->getFolderIterator($path);
+            $hashes = $this->generateHashes($iterator, $path);
+            $signature = $this->createSignatureData($hashes, $certificate, $privateKey);
+            $this->fileAccessHelper->file_put_contents(
+                $appInfoDir . '/signature.json',
+                json_encode($signature, JSON_PRETTY_PRINT)
+            );
+        } catch (\Exception $e) {
+            if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
+                throw new \Exception($appInfoDir . ' is not writable');
+            }
+            throw $e;
+        }
+    }
+
+    /**
+     * Write the signature of core
+     *
+     * @param X509 $certificate
+     * @param RSA $rsa
+     * @param string $path
+     * @throws \Exception
+     */
+    public function writeCoreSignature(X509 $certificate,
+        RSA $rsa,
+        $path) {
+        $coreDir = $path . '/core';
+        try {
+            $this->fileAccessHelper->assertDirectoryExists($coreDir);
+            $iterator = $this->getFolderIterator($path, $path);
+            $hashes = $this->generateHashes($iterator, $path);
+            $signatureData = $this->createSignatureData($hashes, $certificate, $rsa);
+            $this->fileAccessHelper->file_put_contents(
+                $coreDir . '/signature.json',
+                json_encode($signatureData, JSON_PRETTY_PRINT)
+            );
+        } catch (\Exception $e) {
+            if (!$this->fileAccessHelper->is_writable($coreDir)) {
+                throw new \Exception($coreDir . ' is not writable');
+            }
+            throw $e;
+        }
+    }
+
+    /**
+     * Split the certificate file in individual certs
+     *
+     * @param string $cert
+     * @return string[]
+     */
+    private function splitCerts(string $cert): array {
+        preg_match_all('([\-]{3,}[\S\ ]+?[\-]{3,}[\S\s]+?[\-]{3,}[\S\ ]+?[\-]{3,})', $cert, $matches);
+
+        return $matches[0];
+    }
+
+    /**
+     * Verifies the signature for the specified path.
+     *
+     * @param string $signaturePath
+     * @param string $basePath
+     * @param string $certificateCN
+     * @param bool $forceVerify
+     * @return array
+     * @throws InvalidSignatureException
+     * @throws \Exception
+     */
+    private function verify(string $signaturePath, string $basePath, string $certificateCN, bool $forceVerify = false): array {
+        if (!$forceVerify && !$this->isCodeCheckEnforced()) {
+            return [];
+        }
+
+        $content = $this->fileAccessHelper->file_get_contents($signaturePath);
+        $signatureData = null;
+
+        if (\is_string($content)) {
+            $signatureData = json_decode($content, true);
+        }
+        if (!\is_array($signatureData)) {
+            throw new InvalidSignatureException('Signature data not found.');
+        }
+
+        $expectedHashes = $signatureData['hashes'];
+        ksort($expectedHashes);
+        $signature = base64_decode($signatureData['signature']);
+        $certificate = $signatureData['certificate'];
+
+        // Check if certificate is signed by Nextcloud Root Authority
+        $x509 = new \phpseclib\File\X509();
+        $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
+
+        $rootCerts = $this->splitCerts($rootCertificatePublicKey);
+        foreach ($rootCerts as $rootCert) {
+            $x509->loadCA($rootCert);
+        }
+        $x509->loadX509($certificate);
+        if (!$x509->validateSignature()) {
+            throw new InvalidSignatureException('Certificate is not valid.');
+        }
+        // Verify if certificate has proper CN. "core" CN is always trusted.
+        if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
+            throw new InvalidSignatureException(
+                sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
+            );
+        }
+
+        // Check if the signature of the files is valid
+        $rsa = new \phpseclib\Crypt\RSA();
+        $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
+        $rsa->setSignatureMode(RSA::SIGNATURE_PSS);
+        $rsa->setMGFHash('sha512');
+        // See https://tools.ietf.org/html/rfc3447#page-38
+        $rsa->setSaltLength(0);
+        if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
+            throw new InvalidSignatureException('Signature could not get verified.');
+        }
+
+        // Fixes for the updater as shipped with ownCloud 9.0.x: The updater is
+        // replaced after the code integrity check is performed.
+        //
+        // Due to this reason we exclude the whole updater/ folder from the code
+        // integrity check.
+        if ($basePath === $this->environmentHelper->getServerRoot()) {
+            foreach ($expectedHashes as $fileName => $hash) {
+                if (str_starts_with($fileName, 'updater/')) {
+                    unset($expectedHashes[$fileName]);
+                }
+            }
+        }
+
+        // Compare the list of files which are not identical
+        $currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
+        $differencesA = array_diff_assoc($expectedHashes, $currentInstanceHashes);
+        $differencesB = array_diff_assoc($currentInstanceHashes, $expectedHashes);
+        $differences = array_unique(array_merge($differencesA, $differencesB));
+        $differenceArray = [];
+        foreach ($differences as $filename => $hash) {
+            // Check if file should not exist in the new signature table
+            if (!array_key_exists($filename, $expectedHashes)) {
+                $differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
+                $differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
+                continue;
+            }
+
+            // Check if file is missing
+            if (!array_key_exists($filename, $currentInstanceHashes)) {
+                $differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
+                $differenceArray['FILE_MISSING'][$filename]['current'] = '';
+                continue;
+            }
+
+            // Check if hash does mismatch
+            if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
+                $differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
+                $differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
+                continue;
+            }
+
+            // Should never happen.
+            throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
+        }
+
+        return $differenceArray;
+    }
+
+    /**
+     * Whether the code integrity check has passed successful or not
+     *
+     * @return bool
+     */
+    public function hasPassedCheck(): bool {
+        $results = $this->getResults();
+        if ($results !== null && empty($results)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return array|null Either the results or null if no results available
+     */
+    public function getResults(): ?array {
+        $cachedResults = $this->cache->get(self::CACHE_KEY);
+        if (!\is_null($cachedResults) and $cachedResults !== false) {
+            return json_decode($cachedResults, true);
+        }
+
+        if ($this->appConfig?->hasKey('core', self::CACHE_KEY, lazy: true)) {
+            return $this->appConfig->getValueArray('core', self::CACHE_KEY, lazy: true);
+        }
+
+        // No results available
+        return null;
+    }
+
+    /**
+     * Stores the results in the app config as well as cache
+     *
+     * @param string $scope
+     * @param array $result
+     */
+    private function storeResults(string $scope, array $result) {
+        $resultArray = $this->getResults() ?? [];
+        unset($resultArray[$scope]);
+        if (!empty($result)) {
+            $resultArray[$scope] = $result;
+        }
+        $this->appConfig?->setValueArray('core', self::CACHE_KEY, $resultArray, lazy: true);
+        $this->cache->set(self::CACHE_KEY, json_encode($resultArray));
+    }
+
+    /**
+     *
+     * Clean previous results for a proper rescanning. Otherwise
+     */
+    private function cleanResults() {
+        $this->appConfig->deleteKey('core', self::CACHE_KEY);
+        $this->cache->remove(self::CACHE_KEY);
+    }
+
+    /**
+     * Verify the signature of $appId. Returns an array with the following content:
+     * [
+     * 	'FILE_MISSING' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'EXTRA_FILE' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'INVALID_HASH' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * ]
+     *
+     * Array may be empty in case no problems have been found.
+     *
+     * @param string $appId
+     * @param string $path Optional path. If none is given it will be guessed.
+     * @param bool $forceVerify
+     * @return array
+     */
+    public function verifyAppSignature(string $appId, string $path = '', bool $forceVerify = false): array {
+        try {
+            if ($path === '') {
+                $path = $this->appLocator->getAppPath($appId);
+            }
+            $result = $this->verify(
+                $path . '/appinfo/signature.json',
+                $path,
+                $appId,
+                $forceVerify
+            );
+        } catch (\Exception $e) {
+            $result = [
+                'EXCEPTION' => [
+                    'class' => \get_class($e),
+                    'message' => $e->getMessage(),
+                ],
+            ];
+        }
+        $this->storeResults($appId, $result);
+
+        return $result;
+    }
+
+    /**
+     * Verify the signature of core. Returns an array with the following content:
+     * [
+     * 	'FILE_MISSING' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'EXTRA_FILE' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'INVALID_HASH' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * ]
+     *
+     * Array may be empty in case no problems have been found.
+     *
+     * @return array
+     */
+    public function verifyCoreSignature(): array {
+        try {
+            $result = $this->verify(
+                $this->environmentHelper->getServerRoot() . '/core/signature.json',
+                $this->environmentHelper->getServerRoot(),
+                'core'
+            );
+        } catch (\Exception $e) {
+            $result = [
+                'EXCEPTION' => [
+                    'class' => \get_class($e),
+                    'message' => $e->getMessage(),
+                ],
+            ];
+        }
+        $this->storeResults('core', $result);
+
+        return $result;
+    }
+
+    /**
+     * Verify the core code of the instance as well as all applicable applications
+     * and store the results.
+     */
+    public function runInstanceVerification() {
+        $this->cleanResults();
+        $this->verifyCoreSignature();
+        $appIds = $this->appManager->getAllAppsInAppsFolders();
+        foreach ($appIds as $appId) {
+            // If an application is shipped a valid signature is required
+            $isShipped = $this->appManager->isShipped($appId);
+            $appNeedsToBeChecked = false;
+            if ($isShipped) {
+                $appNeedsToBeChecked = true;
+            } elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
+                // Otherwise only if the application explicitly ships a signature.json file
+                $appNeedsToBeChecked = true;
+            }
+
+            if ($appNeedsToBeChecked) {
+                $this->verifyAppSignature($appId);
+            }
+        }
+    }
 }

lib/private/Files/Type/Detection.php

Indentation +352 added lines, -352 removed lines

@@ -22,356 +22,356 @@
  * @package OC\Files\Type
  */
 class Detection implements IMimeTypeDetector {
-	private const CUSTOM_MIMETYPEMAPPING = 'mimetypemapping.json';
-	private const CUSTOM_MIMETYPEALIASES = 'mimetypealiases.json';
-	private const CUSTOM_MIMETYPENAMES = 'mimetypenames.json';
-
-	/** @var array<list{string, string|null}> */
-	protected array $mimeTypes = [];
-	protected array $secureMimeTypes = [];
-
-	protected array $mimeTypeIcons = [];
-	/** @var array<string,string> */
-	protected array $mimeTypeAlias = [];
-	/** @var array<string,string> */
-	protected array $mimeTypesNames = [];
-
-	public function __construct(
-		private IURLGenerator $urlGenerator,
-		private LoggerInterface $logger,
-		private string $customConfigDir,
-		private string $defaultConfigDir,
-	) {
-	}
-
-	/**
-	 * Add an extension -> MIME type mapping
-	 *
-	 * $mimeType is the assumed correct mime type
-	 * The optional $secureMimeType is an alternative to send to send
-	 * to avoid potential XSS.
-	 *
-	 * @param string $extension
-	 * @param string $mimeType
-	 * @param string|null $secureMimeType
-	 */
-	public function registerType(string $extension,
-		string $mimeType,
-		?string $secureMimeType = null): void {
-		// Make sure the extension is a string
-		// https://github.com/nextcloud/server/issues/42902
-		$this->mimeTypes[$extension] = [$mimeType, $secureMimeType];
-		$this->secureMimeTypes[$mimeType] = $secureMimeType ?? $mimeType;
-	}
-
-	/**
-	 * Add an array of extension -> MIME type mappings
-	 *
-	 * The mimeType value is in itself an array where the first index is
-	 * the assumed correct mimeType and the second is either a secure alternative
-	 * or null if the correct is considered secure.
-	 *
-	 * @param array $types
-	 */
-	public function registerTypeArray(array $types): void {
-		// Register the types,
-		foreach ($types as $extension => $mimeType) {
-			$this->registerType((string)$extension, $mimeType[0], $mimeType[1] ?? null);
-		}
-
-		// Update the alternative mimeTypes to avoid having to look them up each time.
-		foreach ($this->mimeTypes as $extension => $mimeType) {
-			if (str_starts_with((string)$extension, '_comment')) {
-				continue;
-			}
-
-			$this->secureMimeTypes[$mimeType[0]] = $mimeType[1] ?? $mimeType[0];
-			if (isset($mimeType[1])) {
-				$this->secureMimeTypes[$mimeType[1]] = $mimeType[1];
-			}
-		}
-	}
-
-	private function loadCustomDefinitions(string $fileName, array $definitions): array {
-		if (file_exists($this->customConfigDir . '/' . $fileName)) {
-			$custom = json_decode(file_get_contents($this->customConfigDir . '/' . $fileName), true);
-			if (json_last_error() === JSON_ERROR_NONE) {
-				$definitions = array_merge($definitions, $custom);
-			} else {
-				$this->logger->warning('Failed to parse ' . $fileName . ': ' . json_last_error_msg());
-			}
-		}
-		return $definitions;
-	}
-
-	/**
-	 * Add the MIME type aliases if they are not yet present
-	 */
-	private function loadAliases(): void {
-		if (!empty($this->mimeTypeAlias)) {
-			return;
-		}
-
-		$this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
-		$this->mimeTypeAlias = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPEALIASES, $this->mimeTypeAlias);
-	}
-
-	/**
-	 * @return array<string,string>
-	 */
-	public function getAllAliases(): array {
-		$this->loadAliases();
-		return $this->mimeTypeAlias;
-	}
-
-	public function getOnlyDefaultAliases(): array {
-		$this->loadMappings();
-		$this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
-		return $this->mimeTypeAlias;
-	}
-
-	/**
-	 * Add MIME type mappings if they are not yet present
-	 */
-	private function loadMappings(): void {
-		if (!empty($this->mimeTypes)) {
-			return;
-		}
-
-		$mimeTypeMapping = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypemapping.dist.json'), true);
-		$mimeTypeMapping = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPEMAPPING, $mimeTypeMapping);
-
-		$this->registerTypeArray($mimeTypeMapping);
-	}
-
-	/**
-	 * @return array<list{string, string|null}>
-	 */
-	public function getAllMappings(): array {
-		$this->loadMappings();
-		return $this->mimeTypes;
-	}
-
-	private function loadNamings(): void {
-		if (!empty($this->mimeTypesNames)) {
-			return;
-		}
-
-		$mimeTypeMapping = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypenames.dist.json'), true);
-		$mimeTypeMapping = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPENAMES, $mimeTypeMapping);
-
-		$this->mimeTypesNames = $mimeTypeMapping;
-	}
-
-	/**
-	 * @return array<string,string>
-	 */
-	public function getAllNamings(): array {
-		$this->loadNamings();
-		return $this->mimeTypesNames;
-	}
-
-	/**
-	 * detect MIME type only based on filename, content of file is not used
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function detectPath($path): string {
-		$this->loadMappings();
-
-		$fileName = basename($path);
-
-		// remove leading dot on hidden files with a file extension
-		$fileName = ltrim($fileName, '.');
-
-		// note: leading dot doesn't qualify as extension
-		if (strpos($fileName, '.') > 0) {
-			// remove versioning extension: name.v1508946057 and transfer extension: name.ocTransferId2057600214.part
-			$fileName = preg_replace('!((\.v\d+)|((\.ocTransferId\d+)?\.part))$!', '', $fileName);
-
-			//try to guess the type by the file extension
-			$extension = strrchr($fileName, '.');
-			if ($extension !== false) {
-				$extension = strtolower($extension);
-				$extension = substr($extension, 1); // remove leading .
-				return $this->mimeTypes[$extension][0] ?? 'application/octet-stream';
-			}
-		}
-
-		return 'application/octet-stream';
-	}
-
-	/**
-	 * Detect MIME type only based on the content of file.
-	 *
-	 * @param string $path
-	 * @return string
-	 * @since 18.0.0
-	 */
-	public function detectContent(string $path): string {
-		$this->loadMappings();
-
-		if (@is_dir($path)) {
-			// directories are easy
-			return 'httpd/unix-directory';
-		}
-
-		if (function_exists('finfo_open')
-			&& function_exists('finfo_file')
-			&& $finfo = finfo_open(FILEINFO_MIME)) {
-			$info = @finfo_file($finfo, $path);
-			finfo_close($finfo);
-			if ($info) {
-				$info = strtolower($info);
-				$mimeType = str_contains($info, ';') ? substr($info, 0, strpos($info, ';')) : $info;
-				$mimeType = $this->getSecureMimeType($mimeType);
-				if ($mimeType !== 'application/octet-stream') {
-					return $mimeType;
-				}
-			}
-		}
-
-		if (str_starts_with($path, 'file://')) {
-			// Is the file wrapped in a stream?
-			return 'application/octet-stream';
-		}
-
-		if (function_exists('mime_content_type')) {
-			// use mime magic extension if available
-			$mimeType = mime_content_type($path);
-			if ($mimeType !== false) {
-				$mimeType = $this->getSecureMimeType($mimeType);
-				if ($mimeType !== 'application/octet-stream') {
-					return $mimeType;
-				}
-			}
-		}
-
-		$binaryFinder = \OCP\Server::get(IBinaryFinder::class);
-		$program = $binaryFinder->findBinaryPath('file');
-		if ($program !== false) {
-			// it looks like we have a 'file' command,
-			// lets see if it does have mime support
-			$path = escapeshellarg($path);
-			$fp = popen("test -f $path && $program -b --mime-type $path", 'r');
-			if ($fp !== false) {
-				$mimeType = fgets($fp);
-				pclose($fp);
-				if ($mimeType !== false) {
-					//trim the newline
-					$mimeType = trim($mimeType);
-					$mimeType = $this->getSecureMimeType($mimeType);
-					return $mimeType;
-				}
-			}
-		}
-
-		return 'application/octet-stream';
-	}
-
-	/**
-	 * Detect MIME type based on both filename and content
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function detect($path): string {
-		$mimeType = $this->detectPath($path);
-
-		if ($mimeType !== 'application/octet-stream') {
-			return $mimeType;
-		}
-
-		return $this->detectContent($path);
-	}
-
-	/**
-	 * Detect MIME type based on the content of a string
-	 *
-	 * @param string $data
-	 * @return string
-	 */
-	public function detectString($data): string {
-		if (function_exists('finfo_open') && function_exists('finfo_file')) {
-			$finfo = finfo_open(FILEINFO_MIME);
-			$info = finfo_buffer($finfo, $data);
-			return str_contains($info, ';') ? substr($info, 0, strpos($info, ';')) : $info;
-		}
-
-		$tmpFile = \OCP\Server::get(ITempManager::class)->getTemporaryFile();
-		$fh = fopen($tmpFile, 'wb');
-		fwrite($fh, $data, 8024);
-		fclose($fh);
-		$mime = $this->detect($tmpFile);
-		unset($tmpFile);
-		return $mime;
-	}
-
-	/**
-	 * Get a secure MIME type that won't expose potential XSS.
-	 *
-	 * @param string $mimeType
-	 * @return string
-	 */
-	public function getSecureMimeType($mimeType): string {
-		$this->loadMappings();
-
-		return $this->secureMimeTypes[$mimeType] ?? 'application/octet-stream';
-	}
-
-	/**
-	 * Get path to the icon of a file type
-	 * @param string $mimeType the MIME type
-	 * @return string the url
-	 */
-	public function mimeTypeIcon($mimeType): string {
-		$this->loadAliases();
-
-		while (isset($this->mimeTypeAlias[$mimeType])) {
-			$mimeType = $this->mimeTypeAlias[$mimeType];
-		}
-		if (isset($this->mimeTypeIcons[$mimeType])) {
-			return $this->mimeTypeIcons[$mimeType];
-		}
-
-		// Replace slash and backslash with a minus
-		$icon = str_replace(['/', '\\'], '-', $mimeType);
-
-		// Is it a dir?
-		if ($mimeType === 'dir') {
-			$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder.svg');
-			return $this->mimeTypeIcons[$mimeType];
-		}
-		if ($mimeType === 'dir-shared') {
-			$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder-shared.svg');
-			return $this->mimeTypeIcons[$mimeType];
-		}
-		if ($mimeType === 'dir-external') {
-			$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder-external.svg');
-			return $this->mimeTypeIcons[$mimeType];
-		}
-
-		// Icon exists?
-		try {
-			$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/' . $icon . '.svg');
-			return $this->mimeTypeIcons[$mimeType];
-		} catch (\RuntimeException $e) {
-			// Specified image not found
-		}
-
-		// Try only the first part of the filetype
-		if (strpos($icon, '-')) {
-			$mimePart = substr($icon, 0, strpos($icon, '-'));
-			try {
-				$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/' . $mimePart . '.svg');
-				return $this->mimeTypeIcons[$mimeType];
-			} catch (\RuntimeException $e) {
-				// Image for the first part of the MIME type not found
-			}
-		}
-
-		$this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/file.svg');
-		return $this->mimeTypeIcons[$mimeType];
-	}
+    private const CUSTOM_MIMETYPEMAPPING = 'mimetypemapping.json';
+    private const CUSTOM_MIMETYPEALIASES = 'mimetypealiases.json';
+    private const CUSTOM_MIMETYPENAMES = 'mimetypenames.json';
+
+    /** @var array<list{string, string|null}> */
+    protected array $mimeTypes = [];
+    protected array $secureMimeTypes = [];
+
+    protected array $mimeTypeIcons = [];
+    /** @var array<string,string> */
+    protected array $mimeTypeAlias = [];
+    /** @var array<string,string> */
+    protected array $mimeTypesNames = [];
+
+    public function __construct(
+        private IURLGenerator $urlGenerator,
+        private LoggerInterface $logger,
+        private string $customConfigDir,
+        private string $defaultConfigDir,
+    ) {
+    }
+
+    /**
+     * Add an extension -> MIME type mapping
+     *
+     * $mimeType is the assumed correct mime type
+     * The optional $secureMimeType is an alternative to send to send
+     * to avoid potential XSS.
+     *
+     * @param string $extension
+     * @param string $mimeType
+     * @param string|null $secureMimeType
+     */
+    public function registerType(string $extension,
+        string $mimeType,
+        ?string $secureMimeType = null): void {
+        // Make sure the extension is a string
+        // https://github.com/nextcloud/server/issues/42902
+        $this->mimeTypes[$extension] = [$mimeType, $secureMimeType];
+        $this->secureMimeTypes[$mimeType] = $secureMimeType ?? $mimeType;
+    }
+
+    /**
+     * Add an array of extension -> MIME type mappings
+     *
+     * The mimeType value is in itself an array where the first index is
+     * the assumed correct mimeType and the second is either a secure alternative
+     * or null if the correct is considered secure.
+     *
+     * @param array $types
+     */
+    public function registerTypeArray(array $types): void {
+        // Register the types,
+        foreach ($types as $extension => $mimeType) {
+            $this->registerType((string)$extension, $mimeType[0], $mimeType[1] ?? null);
+        }
+
+        // Update the alternative mimeTypes to avoid having to look them up each time.
+        foreach ($this->mimeTypes as $extension => $mimeType) {
+            if (str_starts_with((string)$extension, '_comment')) {
+                continue;
+            }
+
+            $this->secureMimeTypes[$mimeType[0]] = $mimeType[1] ?? $mimeType[0];
+            if (isset($mimeType[1])) {
+                $this->secureMimeTypes[$mimeType[1]] = $mimeType[1];
+            }
+        }
+    }
+
+    private function loadCustomDefinitions(string $fileName, array $definitions): array {
+        if (file_exists($this->customConfigDir . '/' . $fileName)) {
+            $custom = json_decode(file_get_contents($this->customConfigDir . '/' . $fileName), true);
+            if (json_last_error() === JSON_ERROR_NONE) {
+                $definitions = array_merge($definitions, $custom);
+            } else {
+                $this->logger->warning('Failed to parse ' . $fileName . ': ' . json_last_error_msg());
+            }
+        }
+        return $definitions;
+    }
+
+    /**
+     * Add the MIME type aliases if they are not yet present
+     */
+    private function loadAliases(): void {
+        if (!empty($this->mimeTypeAlias)) {
+            return;
+        }
+
+        $this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
+        $this->mimeTypeAlias = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPEALIASES, $this->mimeTypeAlias);
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    public function getAllAliases(): array {
+        $this->loadAliases();
+        return $this->mimeTypeAlias;
+    }
+
+    public function getOnlyDefaultAliases(): array {
+        $this->loadMappings();
+        $this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
+        return $this->mimeTypeAlias;
+    }
+
+    /**
+     * Add MIME type mappings if they are not yet present
+     */
+    private function loadMappings(): void {
+        if (!empty($this->mimeTypes)) {
+            return;
+        }
+
+        $mimeTypeMapping = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypemapping.dist.json'), true);
+        $mimeTypeMapping = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPEMAPPING, $mimeTypeMapping);
+
+        $this->registerTypeArray($mimeTypeMapping);
+    }
+
+    /**
+     * @return array<list{string, string|null}>
+     */
+    public function getAllMappings(): array {
+        $this->loadMappings();
+        return $this->mimeTypes;
+    }
+
+    private function loadNamings(): void {
+        if (!empty($this->mimeTypesNames)) {
+            return;
+        }
+
+        $mimeTypeMapping = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypenames.dist.json'), true);
+        $mimeTypeMapping = $this->loadCustomDefinitions(self::CUSTOM_MIMETYPENAMES, $mimeTypeMapping);
+
+        $this->mimeTypesNames = $mimeTypeMapping;
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    public function getAllNamings(): array {
+        $this->loadNamings();
+        return $this->mimeTypesNames;
+    }
+
+    /**
+     * detect MIME type only based on filename, content of file is not used
+     *
+     * @param string $path
+     * @return string
+     */
+    public function detectPath($path): string {
+        $this->loadMappings();
+
+        $fileName = basename($path);
+
+        // remove leading dot on hidden files with a file extension
+        $fileName = ltrim($fileName, '.');
+
+        // note: leading dot doesn't qualify as extension
+        if (strpos($fileName, '.') > 0) {
+            // remove versioning extension: name.v1508946057 and transfer extension: name.ocTransferId2057600214.part
+            $fileName = preg_replace('!((\.v\d+)|((\.ocTransferId\d+)?\.part))$!', '', $fileName);
+
+            //try to guess the type by the file extension
+            $extension = strrchr($fileName, '.');
+            if ($extension !== false) {
+                $extension = strtolower($extension);
+                $extension = substr($extension, 1); // remove leading .
+                return $this->mimeTypes[$extension][0] ?? 'application/octet-stream';
+            }
+        }
+
+        return 'application/octet-stream';
+    }
+
+    /**
+     * Detect MIME type only based on the content of file.
+     *
+     * @param string $path
+     * @return string
+     * @since 18.0.0
+     */
+    public function detectContent(string $path): string {
+        $this->loadMappings();
+
+        if (@is_dir($path)) {
+            // directories are easy
+            return 'httpd/unix-directory';
+        }
+
+        if (function_exists('finfo_open')
+            && function_exists('finfo_file')
+            && $finfo = finfo_open(FILEINFO_MIME)) {
+            $info = @finfo_file($finfo, $path);
+            finfo_close($finfo);
+            if ($info) {
+                $info = strtolower($info);
+                $mimeType = str_contains($info, ';') ? substr($info, 0, strpos($info, ';')) : $info;
+                $mimeType = $this->getSecureMimeType($mimeType);
+                if ($mimeType !== 'application/octet-stream') {
+                    return $mimeType;
+                }
+            }
+        }
+
+        if (str_starts_with($path, 'file://')) {
+            // Is the file wrapped in a stream?
+            return 'application/octet-stream';
+        }
+
+        if (function_exists('mime_content_type')) {
+            // use mime magic extension if available
+            $mimeType = mime_content_type($path);
+            if ($mimeType !== false) {
+                $mimeType = $this->getSecureMimeType($mimeType);
+                if ($mimeType !== 'application/octet-stream') {
+                    return $mimeType;
+                }
+            }
+        }
+
+        $binaryFinder = \OCP\Server::get(IBinaryFinder::class);
+        $program = $binaryFinder->findBinaryPath('file');
+        if ($program !== false) {
+            // it looks like we have a 'file' command,
+            // lets see if it does have mime support
+            $path = escapeshellarg($path);
+            $fp = popen("test -f $path && $program -b --mime-type $path", 'r');
+            if ($fp !== false) {
+                $mimeType = fgets($fp);
+                pclose($fp);
+                if ($mimeType !== false) {
+                    //trim the newline
+                    $mimeType = trim($mimeType);
+                    $mimeType = $this->getSecureMimeType($mimeType);
+                    return $mimeType;
+                }
+            }
+        }
+
+        return 'application/octet-stream';
+    }
+
+    /**
+     * Detect MIME type based on both filename and content
+     *
+     * @param string $path
+     * @return string
+     */
+    public function detect($path): string {
+        $mimeType = $this->detectPath($path);
+
+        if ($mimeType !== 'application/octet-stream') {
+            return $mimeType;
+        }
+
+        return $this->detectContent($path);
+    }
+
+    /**
+     * Detect MIME type based on the content of a string
+     *
+     * @param string $data
+     * @return string
+     */
+    public function detectString($data): string {
+        if (function_exists('finfo_open') && function_exists('finfo_file')) {
+            $finfo = finfo_open(FILEINFO_MIME);
+            $info = finfo_buffer($finfo, $data);
+            return str_contains($info, ';') ? substr($info, 0, strpos($info, ';')) : $info;
+        }
+
+        $tmpFile = \OCP\Server::get(ITempManager::class)->getTemporaryFile();
+        $fh = fopen($tmpFile, 'wb');
+        fwrite($fh, $data, 8024);
+        fclose($fh);
+        $mime = $this->detect($tmpFile);
+        unset($tmpFile);
+        return $mime;
+    }
+
+    /**
+     * Get a secure MIME type that won't expose potential XSS.
+     *
+     * @param string $mimeType
+     * @return string
+     */
+    public function getSecureMimeType($mimeType): string {
+        $this->loadMappings();
+
+        return $this->secureMimeTypes[$mimeType] ?? 'application/octet-stream';
+    }
+
+    /**
+     * Get path to the icon of a file type
+     * @param string $mimeType the MIME type
+     * @return string the url
+     */
+    public function mimeTypeIcon($mimeType): string {
+        $this->loadAliases();
+
+        while (isset($this->mimeTypeAlias[$mimeType])) {
+            $mimeType = $this->mimeTypeAlias[$mimeType];
+        }
+        if (isset($this->mimeTypeIcons[$mimeType])) {
+            return $this->mimeTypeIcons[$mimeType];
+        }
+
+        // Replace slash and backslash with a minus
+        $icon = str_replace(['/', '\\'], '-', $mimeType);
+
+        // Is it a dir?
+        if ($mimeType === 'dir') {
+            $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder.svg');
+            return $this->mimeTypeIcons[$mimeType];
+        }
+        if ($mimeType === 'dir-shared') {
+            $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder-shared.svg');
+            return $this->mimeTypeIcons[$mimeType];
+        }
+        if ($mimeType === 'dir-external') {
+            $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/folder-external.svg');
+            return $this->mimeTypeIcons[$mimeType];
+        }
+
+        // Icon exists?
+        try {
+            $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/' . $icon . '.svg');
+            return $this->mimeTypeIcons[$mimeType];
+        } catch (\RuntimeException $e) {
+            // Specified image not found
+        }
+
+        // Try only the first part of the filetype
+        if (strpos($icon, '-')) {
+            $mimePart = substr($icon, 0, strpos($icon, '-'));
+            try {
+                $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/' . $mimePart . '.svg');
+                return $this->mimeTypeIcons[$mimeType];
+            } catch (\RuntimeException $e) {
+                // Image for the first part of the MIME type not found
+            }
+        }
+
+        $this->mimeTypeIcons[$mimeType] = $this->urlGenerator->imagePath('core', 'filetypes/file.svg');
+        return $this->mimeTypeIcons[$mimeType];
+    }
 }

core/Command/Maintenance/Mimetype/GenerateMimetypeFileBuilder.php

Indentation +65 added lines, -65 removed lines

@@ -9,79 +9,79 @@ 
 namespace OC\Core\Command\Maintenance\Mimetype;
 
 class GenerateMimetypeFileBuilder {
-	/**
-	 * Generate mime type list file
-	 *
-	 * @param array<string,string> $aliases
-	 * @return string
-	 */
-	public function generateFile(array $aliases, array $names): string {
-		// Remove comments
-		$aliases = array_filter($aliases, static function ($key) {
-			// Single digit extensions will be treated as integers
-			// Let's make sure they are strings
-			// https://github.com/nextcloud/server/issues/42902
-			$key = (string)$key;
-			return !($key === '' || $key[0] === '_');
-		}, ARRAY_FILTER_USE_KEY);
+    /**
+     * Generate mime type list file
+     *
+     * @param array<string,string> $aliases
+     * @return string
+     */
+    public function generateFile(array $aliases, array $names): string {
+        // Remove comments
+        $aliases = array_filter($aliases, static function ($key) {
+            // Single digit extensions will be treated as integers
+            // Let's make sure they are strings
+            // https://github.com/nextcloud/server/issues/42902
+            $key = (string)$key;
+            return !($key === '' || $key[0] === '_');
+        }, ARRAY_FILTER_USE_KEY);
 
-		// Fetch all files
-		$dir = new \DirectoryIterator(\OC::$SERVERROOT . '/core/img/filetypes');
+        // Fetch all files
+        $dir = new \DirectoryIterator(\OC::$SERVERROOT . '/core/img/filetypes');
 
-		$files = [];
-		foreach ($dir as $fileInfo) {
-			if ($fileInfo->isFile()) {
-				$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
-				$files[] = $file;
-			}
-		}
+        $files = [];
+        foreach ($dir as $fileInfo) {
+            if ($fileInfo->isFile()) {
+                $file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
+                $files[] = $file;
+            }
+        }
 
-		//Remove duplicates
-		$files = array_values(array_unique($files));
-		sort($files);
+        //Remove duplicates
+        $files = array_values(array_unique($files));
+        sort($files);
 
-		// Fetch all themes!
-		$themes = [];
-		$dirs = new \DirectoryIterator(\OC::$SERVERROOT . '/themes/');
-		foreach ($dirs as $dir) {
-			//Valid theme dir
-			if ($dir->isFile() || $dir->isDot()) {
-				continue;
-			}
+        // Fetch all themes!
+        $themes = [];
+        $dirs = new \DirectoryIterator(\OC::$SERVERROOT . '/themes/');
+        foreach ($dirs as $dir) {
+            //Valid theme dir
+            if ($dir->isFile() || $dir->isDot()) {
+                continue;
+            }
 
-			$theme = $dir->getFilename();
-			$themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
-			// Check if this theme has its own filetype icons
-			if (!file_exists($themeDir)) {
-				continue;
-			}
+            $theme = $dir->getFilename();
+            $themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
+            // Check if this theme has its own filetype icons
+            if (!file_exists($themeDir)) {
+                continue;
+            }
 
-			$themes[$theme] = [];
-			// Fetch all the theme icons!
-			$themeIt = new \DirectoryIterator($themeDir);
-			foreach ($themeIt as $fileInfo) {
-				if ($fileInfo->isFile()) {
-					$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
-					$themes[$theme][] = $file;
-				}
-			}
+            $themes[$theme] = [];
+            // Fetch all the theme icons!
+            $themeIt = new \DirectoryIterator($themeDir);
+            foreach ($themeIt as $fileInfo) {
+                if ($fileInfo->isFile()) {
+                    $file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
+                    $themes[$theme][] = $file;
+                }
+            }
 
-			//Remove Duplicates
-			$themes[$theme] = array_values(array_unique($themes[$theme]));
-			sort($themes[$theme]);
-		}
+            //Remove Duplicates
+            $themes[$theme] = array_values(array_unique($themes[$theme]));
+            sort($themes[$theme]);
+        }
 
-		$namesOutput = '';
-		foreach ($names as $key => $name) {
-			if (str_starts_with($key, '_')) {
-				// Skip internal names
-				continue;
-			}
-			$namesOutput .= "'$key': t('core', " . json_encode($name) . "),\n";
-		}
+        $namesOutput = '';
+        foreach ($names as $key => $name) {
+            if (str_starts_with($key, '_')) {
+                // Skip internal names
+                continue;
+            }
+            $namesOutput .= "'$key': t('core', " . json_encode($name) . "),\n";
+        }
 
-		//Generate the JS
-		return '/**
+        //Generate the JS
+        return '/**
 * This file is automatically generated
 * DO NOT EDIT MANUALLY!
 *
@@ -96,5 +96,5 @@ 
 	names: {' . $namesOutput . '},
 };
 ';
-	}
+    }
 }

core/Command/Maintenance/Mimetype/UpdateJS.php

Indentation +24 added lines, -24 removed lines

@@ -14,28 +14,28 @@
 use Symfony\Component\Console\Output\OutputInterface;
 
 class UpdateJS extends Command {
-	public function __construct(
-		protected IMimeTypeDetector $mimetypeDetector,
-	) {
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('maintenance:mimetype:update-js')
-			->setDescription('Update mimetypelist.js');
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output): int {
-		// Fetch all the aliases
-		$aliases = $this->mimetypeDetector->getAllAliases();
-
-		// Output the JS
-		$generatedMimetypeFile = new GenerateMimetypeFileBuilder();
-		$namings = $this->mimetypeDetector->getAllNamings();
-		file_put_contents(\OC::$SERVERROOT . '/core/js/mimetypelist.js', $generatedMimetypeFile->generateFile($aliases, $namings));
-
-		$output->writeln('<info>mimetypelist.js is updated');
-		return 0;
-	}
+    public function __construct(
+        protected IMimeTypeDetector $mimetypeDetector,
+    ) {
+        parent::__construct();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('maintenance:mimetype:update-js')
+            ->setDescription('Update mimetypelist.js');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int {
+        // Fetch all the aliases
+        $aliases = $this->mimetypeDetector->getAllAliases();
+
+        // Output the JS
+        $generatedMimetypeFile = new GenerateMimetypeFileBuilder();
+        $namings = $this->mimetypeDetector->getAllNamings();
+        file_put_contents(\OC::$SERVERROOT . '/core/js/mimetypelist.js', $generatedMimetypeFile->generateFile($aliases, $namings));
+
+        $output->writeln('<info>mimetypelist.js is updated');
+        return 0;
+    }
 }

tests/lib/IntegrityCheck/CheckerTest.php

Indentation +962 added lines, -962 removed lines

@@ -23,107 +23,107 @@ 
 use Test\TestCase;
 
 class CheckerTest extends TestCase {
-	/** @var ServerVersion|\PHPUnit\Framework\MockObject\MockObject */
-	private $serverVersion;
-	/** @var EnvironmentHelper|\PHPUnit\Framework\MockObject\MockObject */
-	private $environmentHelper;
-	/** @var AppLocator|\PHPUnit\Framework\MockObject\MockObject */
-	private $appLocator;
-	/** @var Checker */
-	private $checker;
-	/** @var FileAccessHelper|\PHPUnit\Framework\MockObject\MockObject */
-	private $fileAccessHelper;
-	/** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */
-	private $config;
-	/** @var IAppConfig|\PHPUnit\Framework\MockObject\MockObject */
-	private $appConfig;
-	/** @var ICacheFactory|\PHPUnit\Framework\MockObject\MockObject */
-	private $cacheFactory;
-	/** @var IAppManager|\PHPUnit\Framework\MockObject\MockObject */
-	private $appManager;
-	/** @var \OC\Files\Type\Detection|\PHPUnit\Framework\MockObject\MockObject */
-	private $mimeTypeDetector;
-
-	protected function setUp(): void {
-		parent::setUp();
-		$this->serverVersion = $this->createMock(ServerVersion::class);
-		$this->environmentHelper = $this->createMock(EnvironmentHelper::class);
-		$this->fileAccessHelper = $this->createMock(FileAccessHelper::class);
-		$this->appLocator = $this->createMock(AppLocator::class);
-		$this->config = $this->createMock(IConfig::class);
-		$this->appConfig = $this->createMock(IAppConfig::class);
-		$this->cacheFactory = $this->createMock(ICacheFactory::class);
-		$this->appManager = $this->createMock(IAppManager::class);
-		$this->mimeTypeDetector = $this->createMock(\OC\Files\Type\Detection::class);
-
-		$this->config->method('getAppValue')
-			->willReturnArgument(2);
-
-		$this->cacheFactory
-			->expects($this->any())
-			->method('createDistributed')
-			->with('oc.integritycheck.checker')
-			->willReturn(new NullCache());
-
-		$this->checker = new Checker(
-			$this->serverVersion,
-			$this->environmentHelper,
-			$this->fileAccessHelper,
-			$this->appLocator,
-			$this->config,
-			$this->appConfig,
-			$this->cacheFactory,
-			$this->appManager,
-			$this->mimeTypeDetector
-		);
-	}
-
-
-	public function testWriteAppSignatureOfNotExistingApp(): void {
-		$this->expectException(\Exception::class);
-		$this->expectExceptionMessage('Exception message');
-
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('assertDirectoryExists')
-			->with('NotExistingApp/appinfo')
-			->willThrowException(new \Exception('Exception message'));
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('is_writable')
-			->with('NotExistingApp/appinfo')
-			->willReturn(true);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeAppSignature('NotExistingApp', $x509, $rsa);
-	}
-
-
-	public function testWriteAppSignatureWrongPermissions(): void {
-		$this->expectException(\Exception::class);
-		$this->expectExceptionMessageMatches('/[a-zA-Z\\/_-]+ is not writable/');
-
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->will($this->throwException(new \Exception('Exception message')));
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
-	}
-
-	public function testWriteAppSignature(): void {
-		$expectedSignatureFileData = '{
+    /** @var ServerVersion|\PHPUnit\Framework\MockObject\MockObject */
+    private $serverVersion;
+    /** @var EnvironmentHelper|\PHPUnit\Framework\MockObject\MockObject */
+    private $environmentHelper;
+    /** @var AppLocator|\PHPUnit\Framework\MockObject\MockObject */
+    private $appLocator;
+    /** @var Checker */
+    private $checker;
+    /** @var FileAccessHelper|\PHPUnit\Framework\MockObject\MockObject */
+    private $fileAccessHelper;
+    /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */
+    private $config;
+    /** @var IAppConfig|\PHPUnit\Framework\MockObject\MockObject */
+    private $appConfig;
+    /** @var ICacheFactory|\PHPUnit\Framework\MockObject\MockObject */
+    private $cacheFactory;
+    /** @var IAppManager|\PHPUnit\Framework\MockObject\MockObject */
+    private $appManager;
+    /** @var \OC\Files\Type\Detection|\PHPUnit\Framework\MockObject\MockObject */
+    private $mimeTypeDetector;
+
+    protected function setUp(): void {
+        parent::setUp();
+        $this->serverVersion = $this->createMock(ServerVersion::class);
+        $this->environmentHelper = $this->createMock(EnvironmentHelper::class);
+        $this->fileAccessHelper = $this->createMock(FileAccessHelper::class);
+        $this->appLocator = $this->createMock(AppLocator::class);
+        $this->config = $this->createMock(IConfig::class);
+        $this->appConfig = $this->createMock(IAppConfig::class);
+        $this->cacheFactory = $this->createMock(ICacheFactory::class);
+        $this->appManager = $this->createMock(IAppManager::class);
+        $this->mimeTypeDetector = $this->createMock(\OC\Files\Type\Detection::class);
+
+        $this->config->method('getAppValue')
+            ->willReturnArgument(2);
+
+        $this->cacheFactory
+            ->expects($this->any())
+            ->method('createDistributed')
+            ->with('oc.integritycheck.checker')
+            ->willReturn(new NullCache());
+
+        $this->checker = new Checker(
+            $this->serverVersion,
+            $this->environmentHelper,
+            $this->fileAccessHelper,
+            $this->appLocator,
+            $this->config,
+            $this->appConfig,
+            $this->cacheFactory,
+            $this->appManager,
+            $this->mimeTypeDetector
+        );
+    }
+
+
+    public function testWriteAppSignatureOfNotExistingApp(): void {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Exception message');
+
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('assertDirectoryExists')
+            ->with('NotExistingApp/appinfo')
+            ->willThrowException(new \Exception('Exception message'));
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('is_writable')
+            ->with('NotExistingApp/appinfo')
+            ->willReturn(true);
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeAppSignature('NotExistingApp', $x509, $rsa);
+    }
+
+
+    public function testWriteAppSignatureWrongPermissions(): void {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessageMatches('/[a-zA-Z\\/_-]+ is not writable/');
+
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->will($this->throwException(new \Exception('Exception message')));
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
+    }
+
+    public function testWriteAppSignature(): void {
+        $expectedSignatureFileData = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -131,65 +131,65 @@ 
     "signature": "Y5yvXvcGHVPuRRatKVDUONWq1FpLXugZd6Km\/+aEHsQj7coVl9FeMj9OsWamBf7yRIw3dtNLguTLlAA9QAv\/b0uHN3JnbNZN+dwFOve4NMtqXfSDlWftqKN00VS+RJXpG1S2IIx9Poyp2NoghL\/5AuTv4GHiNb7zU\/DT\/kt71pUGPgPR6IIFaE+zHOD96vjYkrH+GfWZzKR0FCdLib9yyNvk+EGrcjKM6qjs2GKfS\/XFjj\/\/neDnh\/0kcPuKE3ZbofnI4TIDTv0CGqvOp7PtqVNc3Vy\/UKa7uF1PT0MAUKMww6EiMUSFZdUVP4WWF0Y72W53Qdtf1hrAZa2kfKyoK5kd7sQmCSKUPSU8978AUVZlBtTRlyT803IKwMV0iHMkw+xYB1sN2FlHup\/DESADqxhdgYuK35bCPvgkb4SBe4B8Voz\/izTvcP7VT5UvkYdAO+05\/jzdaHEmzmsD92CFfvX0q8O\/Y\/29ubftUJsqcHeMDKgcR4eZOE8+\/QVc\/89QO6WnKNuNuV+5bybO6g6PAdC9ZPsCvnihS61O2mwRXHLR3jv2UleFWm+lZEquPKtkhi6SLtDiijA4GV6dmS+dzujSLb7hGeD5o1plZcZ94uhWljl+QIp82+zU\/lYB1Zfr4Mb4e+V7r2gv7Fbv7y6YtjE2GIQwRhC5jq56bD0ZB+I=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEwTCCAqmgAwIBAgIUWv0iujufs5lUr0svCf\/qTQvoyKAwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIyNDk1M1oXDTE2MTEwMzIyNDk1M1owEjEQMA4GA1UEAwwHU29tZUFwcDCCAiIw\r\nDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK8q0x62agGSRBqeWsaeEwFfepMk\r\nF8cAobMMi50qHCv9IrOn\/ZH9l52xBrbIkErVmRjmly0d4JhD8Ymhidsh9ONKYl\/j\r\n+ishsZDM8eNNdp3Ew+fEYVvY1W7mR1qU24NWj0bzVsClI7hvPVIuw7AjfBDq1C5+\r\nA+ZSLSXYvOK2cEWjdxQfuNZwEZSjmA63DUllBIrm35IaTvfuyhU6BW9yHZxmb8+M\r\nw0xDv30D5UkE\/2N7Pa\/HQJLxCR+3zKibRK3nUyRDLSXxMkU9PnFNaPNX59VPgyj4\r\nGB1CFSToldJVPF4pzh7p36uGXZVxs8m3LFD4Ol8mhi7jkxDZjqFN46gzR0r23Py6\r\ndol9vfawGIoUwp9LvL0S7MvdRY0oazLXwClLP4OQ17zpSMAiCj7fgNT661JamPGj\r\nt5O7Zn2wA7I4ddDS\/HDTWCu98Zwc9fHIpsJPgCZ9awoqxi4Mnf7Pk9g5nnXhszGC\r\ncxxIASQKM+GhdzoRxKknax2RzUCwCzcPRtCj8AQT\/x\/mqN3PfRmlnFBNACUw9bpZ\r\nSOoNq2pCF9igftDWpSIXQ38pVpKLWowjjg3DVRmVKBgivHnUnVLyzYBahHPj0vaz\r\ntFtUFRaqXDnt+4qyUGyrT5h5pjZaTcHIcSB4PiarYwdVvgslgwnQzOUcGAzRWBD4\r\n6jV2brP5vFY3g6iPAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBACTY3CCHC+Z28gCf\r\nFWGKQ3wAKs+k4+0yoti0qm2EKX7rSGQ0PHSas6uW79WstC4Rj+DYkDtIhGMSg8FS\r\nHVGZHGBCc0HwdX+BOAt3zi4p7Sf3oQef70\/4imPoKxbAVCpd\/cveVcFyDC19j1yB\r\nBapwu87oh+muoeaZxOlqQI4UxjBlR\/uRSMhOn2UGauIr3dWJgAF4pGt7TtIzt+1v\r\n0uA6FtN1Y4R5O8AaJPh1bIG0CVvFBE58esGzjEYLhOydgKFnEP94kVPgJD5ds9C3\r\npPhEpo1dRpiXaF7WGIV1X6DI\/ipWvfrF7CEy6I\/kP1InY\/vMDjQjeDnJ\/VrXIWXO\r\nyZvHXVaN\/m+1RlETsH7YO\/QmxRue9ZHN3gvvWtmpCeA95sfpepOk7UcHxHZYyQbF\r\n49\/au8j+5tsr4A83xzsT1JbcKRxkAaQ7WDJpOnE5O1+H0fB+BaLakTg6XX9d4Fo7\r\n7Gin7hVWX7pL+JIyxMzME3LhfI61+CRcqZQIrpyaafUziPQbWIPfEs7h8tCOWyvW\r\nUO8ZLervYCB3j44ivkrxPlcBklDCqqKKBzDP9dYOtS\/P4RB1NkHA9+NTvmBpTonS\r\nSFXdg9fFMD7VfjDE3Vnk+8DWkVH5wBYowTAD7w9Wuzr7DumiAULexnP\/Y7xwxLv7\r\n4B+pXTAcRK0zECDEaX3npS8xWzrB\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->with(
-				$this->equalTo(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json'),
-				$this->callback(function ($signature) use ($expectedSignatureFileData) {
-					$expectedArray = json_decode($expectedSignatureFileData, true);
-					$actualArray = json_decode($signature, true);
-					$this->assertEquals($expectedArray, $actualArray);
-					return true;
-				})
-			);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
-	}
-
-	public function testVerifyAppSignatureWithoutSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\IntegrityCheck\Exceptions\InvalidSignatureException',
-				'message' => 'Signature data not found.',
-			],
-		];
-		$this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public function testVerifyAppSignatureWithValidSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->once())
-			->method('getAppPath')
-			->with('SomeApp')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->with(
+                $this->equalTo(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json'),
+                $this->callback(function ($signature) use ($expectedSignatureFileData) {
+                    $expectedArray = json_decode($expectedSignatureFileData, true);
+                    $actualArray = json_decode($signature, true);
+                    $this->assertEquals($expectedArray, $actualArray);
+                    return true;
+                })
+            );
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeAppSignature(\OC::$SERVERROOT . '/tests/data/integritycheck/app/', $x509, $rsa);
+    }
+
+    public function testVerifyAppSignatureWithoutSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\IntegrityCheck\Exceptions\InvalidSignatureException',
+                'message' => 'Signature data not found.',
+            ],
+        ];
+        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public function testVerifyAppSignatureWithValidSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->once())
+            ->method('getAppPath')
+            ->with('SomeApp')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -197,34 +197,34 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public function testVerifyAppSignatureWithTamperedSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->once())
-			->method('getAppPath')
-			->with('SomeApp')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public function testVerifyAppSignatureWithTamperedSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->once())
+            ->method('getAppPath')
+            ->with('SomeApp')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "tampered",
         "subfolder\/file.txt": "tampered"
@@ -232,40 +232,40 @@ 
     "signature": "EL49UaSeyMAqyMtqId+tgOhhwgOevPZsRLX4j2blnybAB6fN07z0936JqZV7+eMPiE30Idx+UCY6rCFN531Kqe9vAOCdgtHUSOjjKyKc+lvULESlMb6YQcrZrvDlEMMjzjH49ewG7Ai8sNN6HrRUd9U8ws+ewSkW2DOOBItj\/21RBnkrSt+2AtGXGigEvuTm57HrCYDj8\/lSkumC2GVkjLUHeLOKYo4PRNOr6yP5mED5v7zo66AWvXl2fKv54InZcdxsAk35lyK9DGZbk\/027ZRd0AOHT3LImRLvQ+8EAg3XLlRUy0hOFGgPC+jYonMzgYvsAXAXi2j8LnLJlsLwpFwu1k1B+kZVPMumKZvP9OvJb70EirecXmz62V+Jiyuaq7ne4y7Kp5gKZT\/T8SeZ0lFtCmPfYyzBB0y8s5ldmTTmdVYHs54t\/OCCW82HzQZxnFNPzDTRa8HglsaMKrqPtW59+R4UvRKSWhB8M\/Ah57qgzycvPV4KMz\/FbD4l\/\/9chRKSlCfc2k3b8ZSHNmi+EzCKgJjWIoKdgN1yax94puU8jfn8UW+G7H9Y1Jsf\/jox6QLyYEgtV1vOHY2xLT7fVs2vhyvkN2MNjJnmQ70gFG5Qz2lBz5wi6ZpB+tOfCcpbLxWAkoWoIrmC\/Ilqh7mfmRZ43g5upjkepHNd93ONuY8=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEwTCCAqmgAwIBAgIUWv0iujufs5lUr0svCf\/qTQvoyKAwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIyNDk1M1oXDTE2MTEwMzIyNDk1M1owEjEQMA4GA1UEAwwHU29tZUFwcDCCAiIw\r\nDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK8q0x62agGSRBqeWsaeEwFfepMk\r\nF8cAobMMi50qHCv9IrOn\/ZH9l52xBrbIkErVmRjmly0d4JhD8Ymhidsh9ONKYl\/j\r\n+ishsZDM8eNNdp3Ew+fEYVvY1W7mR1qU24NWj0bzVsClI7hvPVIuw7AjfBDq1C5+\r\nA+ZSLSXYvOK2cEWjdxQfuNZwEZSjmA63DUllBIrm35IaTvfuyhU6BW9yHZxmb8+M\r\nw0xDv30D5UkE\/2N7Pa\/HQJLxCR+3zKibRK3nUyRDLSXxMkU9PnFNaPNX59VPgyj4\r\nGB1CFSToldJVPF4pzh7p36uGXZVxs8m3LFD4Ol8mhi7jkxDZjqFN46gzR0r23Py6\r\ndol9vfawGIoUwp9LvL0S7MvdRY0oazLXwClLP4OQ17zpSMAiCj7fgNT661JamPGj\r\nt5O7Zn2wA7I4ddDS\/HDTWCu98Zwc9fHIpsJPgCZ9awoqxi4Mnf7Pk9g5nnXhszGC\r\ncxxIASQKM+GhdzoRxKknax2RzUCwCzcPRtCj8AQT\/x\/mqN3PfRmlnFBNACUw9bpZ\r\nSOoNq2pCF9igftDWpSIXQ38pVpKLWowjjg3DVRmVKBgivHnUnVLyzYBahHPj0vaz\r\ntFtUFRaqXDnt+4qyUGyrT5h5pjZaTcHIcSB4PiarYwdVvgslgwnQzOUcGAzRWBD4\r\n6jV2brP5vFY3g6iPAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBACTY3CCHC+Z28gCf\r\nFWGKQ3wAKs+k4+0yoti0qm2EKX7rSGQ0PHSas6uW79WstC4Rj+DYkDtIhGMSg8FS\r\nHVGZHGBCc0HwdX+BOAt3zi4p7Sf3oQef70\/4imPoKxbAVCpd\/cveVcFyDC19j1yB\r\nBapwu87oh+muoeaZxOlqQI4UxjBlR\/uRSMhOn2UGauIr3dWJgAF4pGt7TtIzt+1v\r\n0uA6FtN1Y4R5O8AaJPh1bIG0CVvFBE58esGzjEYLhOydgKFnEP94kVPgJD5ds9C3\r\npPhEpo1dRpiXaF7WGIV1X6DI\/ipWvfrF7CEy6I\/kP1InY\/vMDjQjeDnJ\/VrXIWXO\r\nyZvHXVaN\/m+1RlETsH7YO\/QmxRue9ZHN3gvvWtmpCeA95sfpepOk7UcHxHZYyQbF\r\n49\/au8j+5tsr4A83xzsT1JbcKRxkAaQ7WDJpOnE5O1+H0fB+BaLakTg6XX9d4Fo7\r\n7Gin7hVWX7pL+JIyxMzME3LhfI61+CRcqZQIrpyaafUziPQbWIPfEs7h8tCOWyvW\r\nUO8ZLervYCB3j44ivkrxPlcBklDCqqKKBzDP9dYOtS\/P4RB1NkHA9+NTvmBpTonS\r\nSFXdg9fFMD7VfjDE3Vnk+8DWkVH5wBYowTAD7w9Wuzr7DumiAULexnP\/Y7xwxLv7\r\n4B+pXTAcRK0zECDEaX3npS8xWzrB\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Signature could not get verified.',
-			],
-		];
-		$this->assertEquals($expected, $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public function testVerifyAppSignatureWithTamperedFiles(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->once())
-			->method('getAppPath')
-			->with('SomeApp')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Signature could not get verified.',
+            ],
+        ];
+        $this->assertEquals($expected, $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public function testVerifyAppSignatureWithTamperedFiles(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->once())
+            ->method('getAppPath')
+            ->with('SomeApp')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -273,55 +273,55 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-
-		$expected = [
-			'INVALID_HASH' => [
-				'AnotherFile.txt' => [
-					'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
-					'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
-				],
-			],
-			'FILE_MISSING' => [
-				'subfolder/file.txt' => [
-					'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
-					'current' => '',
-				],
-			],
-			'EXTRA_FILE' => [
-				'UnecessaryFile' => [
-					'expected' => '',
-					'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
-				],
-			],
-
-		];
-		$this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public function testVerifyAppSignatureWithTamperedFilesAndAlternatePath(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->never())
-			->method('getAppPath')
-			->with('SomeApp');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+
+        $expected = [
+            'INVALID_HASH' => [
+                'AnotherFile.txt' => [
+                    'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
+                    'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
+                ],
+            ],
+            'FILE_MISSING' => [
+                'subfolder/file.txt' => [
+                    'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
+                    'current' => '',
+                ],
+            ],
+            'EXTRA_FILE' => [
+                'UnecessaryFile' => [
+                    'expected' => '',
+                    'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
+                ],
+            ],
+
+        ];
+        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public function testVerifyAppSignatureWithTamperedFilesAndAlternatePath(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->never())
+            ->method('getAppPath')
+            ->with('SomeApp');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -329,55 +329,55 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'INVALID_HASH' => [
-				'AnotherFile.txt' => [
-					'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
-					'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
-				],
-			],
-			'FILE_MISSING' => [
-				'subfolder/file.txt' => [
-					'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
-					'current' => '',
-				],
-			],
-			'EXTRA_FILE' => [
-				'UnecessaryFile' => [
-					'expected' => '',
-					'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
-				],
-			],
-
-		];
-		$this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp', \OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/'));
-	}
-
-	public function testVerifyAppWithDifferentScope(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->once())
-			->method('getAppPath')
-			->with('SomeApp')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'INVALID_HASH' => [
+                'AnotherFile.txt' => [
+                    'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
+                    'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
+                ],
+            ],
+            'FILE_MISSING' => [
+                'subfolder/file.txt' => [
+                    'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
+                    'current' => '',
+                ],
+            ],
+            'EXTRA_FILE' => [
+                'UnecessaryFile' => [
+                    'expected' => '',
+                    'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
+                ],
+            ],
+
+        ];
+        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp', \OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/'));
+    }
+
+    public function testVerifyAppWithDifferentScope(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->once())
+            ->method('getAppPath')
+            ->with('SomeApp')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -385,40 +385,40 @@ 
     "signature": "eXesvDm3pkek12xSwMG10y9suRES79Nye3jYNe5KYq1tTUPqRRNgxmMGAfcUro0zpLeAr2YgHeSMWtglblGOW7pmwGVPZ0O1Y4r1fE6jnep0kW+35PLIaqCorIOnCAtSzDNKBhwd1ow3zW2wC0DFouuEkIO8u5Fw28g8E8dp8zEk1xMblNPy+xtWkmYHrVJ\/dQgun1bYOF2ZFtAzatwndTI\/bGsy1i3Wsl+x6HyWKQdq8y8VObtOqKDH7uERBEpB9DHVyKflj1v1gQuEH6BhaRdATc7ee0MiQdGblraIySwYRdfo2d8i82OVKrenMB3SLwyCvDPyQ9iKpTOnSF52ZBqaqSXKM2N\/RAkweeBFQQCwcHhqxvB0cfbyHcbkOLeCZe\/tsh68IxwTiYgzvLfl7sOZ5arnZbzrPpZmB+hfV2omkoJ1tDwOWz9hEmLLNtfo2OxyUH1m0+XFaC+Gbn4WkVDgf7YZkwUcG+Qoa3oKDNMss8MEyZxewl2iDGZcf402dlidHRprlfmXbAYuVQ08\/a0HxIKYPGh\/nsMGmwnO15CWtFpAbhUA\/D5oRjsIxnvXaMDg0iAFpdu\/5Ffsj7g3EPdBkiQHNYK7YU1RRx609eH0bZyiIYHdUPw7ikLupvrebZmELqi3mqDFO99u4eISlxFJlUbUND3L4BtmWTWrKwI=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIExjCCAq6gAwIBAgIUHSJjhJqMwr+3TkoiQFg4SVVYQ1gwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIzMjc1NVoXDTE2MTEwMzIzMjc1NVowFzEVMBMGA1UEAwwMQW5vdGhlclNjb3Bl\r\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA33npb5RmUkXrDT+TbwMf\r\n0zQ33SlzsjoGxCrbSwJOn6leGGInJ6ZrdzLL0WTi\/dTpg+Y\/JS+72XWm5NSjaTxo\r\n7OHc3cQBwXQj4tN6j\/y5qqY0GDLYufEkx2rpazqt9lBSJ72u1bGl2yoOXzYCz5i0\r\n60KsJXC9K44LKzGsarzbwAgskSVNkjAsPgjnCWZmcl6icpLi5Fz9rs2UMOWbdvdI\r\nAROsn0eC9E\/akmXTy5YMu6bAIGpvjZFHzyA83FQRbvv5o1V5Gsye\/VQLEgh7rqfz\r\nT\/jgWifP+JgoeB6otzuRZ3fFsmbBiyCIRtIOzQQflozhUlWtmiEGwg4GySuMUjEH\r\nA1LF86LO+ZzDQgd2oYNKmrQ8O+EcLqx9BpV4AFhEvqdk7uycJYPHs6yl+yfbzTeJ\r\n2Xd0yVAfd9r\/iDr36clLj2bzEObdl9xzKjcCIXE4Q0G4Pur41\/BJUDK9PI390ccQ\r\nnFjjVYBMsC859OwW64tMP0zkM9Vv72LCaEzaR8jqH0j11catqxunr+StfMcmxLTN\r\nbqBJbSEq4ER3mJxCTI2UrIVmdQ7+wRxgv3QTDNOZyqrz2L8A1Rpb3h0APxtQv+oA\r\n8KIZYID5\/qsS2V2jITkMQ8Nd1W3b0cZhZ600z+znh3jLJ0TYLvwN6\/qBQTUDaM2o\r\ng1+icMqXIXIeKuoPCVVsG7cCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAHc4F\/kOV\r\nHc8In5MmGg2YtjwZzjdeoC5TIPZczRqz0B+wRbJzN6aYryKZKLmP+wKpgRnJWDzp\r\nrgKGyyEQIAfK63DEv4B9p4N1B+B3aeMKsSpVcw7wbFTD57V5A7pURGoo31d0mw5L\r\nUIXZ2u+TUfGbzucMxLdFhTwjGpz9M6Kkm\/POxmV0tvLija5LdbdKnYR9BFmyu4IX\r\nqyoIAtComATNLl+3URu3SZxhE3NxhzMz+eAeNfh1KuIf2gWIIeDCXalVSJLym+OQ\r\nHFDpqRhJqfTMprrRlmmU7Zntgbj8\/RRZuXnBvH9cQ2KykLOb4UoCPlGUqOqKyP9m\r\nDJSFRiMJfpgMQUaJk1TLhKF+IR6FnmwURLEtkONJumtDQju9KaWPlhueONdyGi0p\r\nqxLVUo1Vb52XnPhk2GEEduxpDc9V5ePJ+pdcEdMifY\/uPNBRuBj2c87yq1DLH+U4\r\n3XzP1MlwjnBWZYuoFo0j6Jq0r\/MG6HjGdmkGIsRoheRi8Z8Scz5AW5QRkNz8pKop\r\nTELFqQy9g6TyQzzC8t6HZcpNe842ZUk4raEAbCZe\/XqxWMw5svPgNceBqM3fh7sZ\r\nBSykOHLaL8kiRO\/IS3y1yZEAuiWBvtxcTNLzBb+hdRpm2y8\/qH\/pKo+CMj1VzjNT\r\nD8YRQg0cjmDytJzHDrtV\/aTc9W1aPHun0vw=\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Certificate is not valid for required scope. (Requested: SomeApp, current: CN=AnotherScope)',
-			],
-		];
-		$this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public function testVerifyAppWithDifferentScopeAndAlwaysTrustedCore(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->appLocator
-			->expects($this->once())
-			->method('getAppPath')
-			->with('SomeApp')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Certificate is not valid for required scope. (Requested: SomeApp, current: CN=AnotherScope)',
+            ],
+        ];
+        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public function testVerifyAppWithDifferentScopeAndAlwaysTrustedCore(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->appLocator
+            ->expects($this->once())
+            ->method('getAppPath')
+            ->with('SomeApp')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -426,67 +426,67 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
-				['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-
-	public function testWriteCoreSignatureWithException(): void {
-		$this->expectException(\Exception::class);
-		$this->expectExceptionMessage('Exception message');
-
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('assertDirectoryExists')
-			->will($this->throwException(new \Exception('Exception message')));
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('is_writable')
-			->with(__DIR__ . '/core')
-			->willReturn(true);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, __DIR__);
-	}
-
-
-	public function testWriteCoreSignatureWrongPermissions(): void {
-		$this->expectException(\Exception::class);
-		$this->expectExceptionMessageMatches('/[a-zA-Z\\/_-]+ is not writable/');
-
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('assertDirectoryExists')
-			->will($this->throwException(new \Exception('Exception message')));
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('is_writable')
-			->with(__DIR__ . '/core')
-			->willReturn(false);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, __DIR__);
-	}
-
-	public function testWriteCoreSignature(): void {
-		$expectedSignatureFileData = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', $signatureDataFile],
+                ['/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+
+    public function testWriteCoreSignatureWithException(): void {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Exception message');
+
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('assertDirectoryExists')
+            ->will($this->throwException(new \Exception('Exception message')));
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('is_writable')
+            ->with(__DIR__ . '/core')
+            ->willReturn(true);
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, __DIR__);
+    }
+
+
+    public function testWriteCoreSignatureWrongPermissions(): void {
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessageMatches('/[a-zA-Z\\/_-]+ is not writable/');
+
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('assertDirectoryExists')
+            ->will($this->throwException(new \Exception('Exception message')));
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('is_writable')
+            ->with(__DIR__ . '/core')
+            ->willReturn(false);
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/SomeApp.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, __DIR__);
+    }
+
+    public function testWriteCoreSignature(): void {
+        $expectedSignatureFileData = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -494,34 +494,34 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->with(
-				\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json',
-				$this->callback(function ($signature) use ($expectedSignatureFileData) {
-					$expectedArray = json_decode($expectedSignatureFileData, true);
-					$actualArray = json_decode($signature, true);
-					$this->assertEquals($expectedArray, $actualArray);
-					return true;
-				})
-			);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-	}
-
-	public function testWriteCoreSignatureWithUnmodifiedHtaccess(): void {
-		$expectedSignatureFileData = '{
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->with(
+                \OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json',
+                $this->callback(function ($signature) use ($expectedSignatureFileData) {
+                    $expectedArray = json_decode($expectedSignatureFileData, true);
+                    $actualArray = json_decode($signature, true);
+                    $this->assertEquals($expectedArray, $actualArray);
+                    return true;
+                })
+            );
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+    }
+
+    public function testWriteCoreSignatureWithUnmodifiedHtaccess(): void {
+        $expectedSignatureFileData = '{
     "hashes": {
         ".htaccess": "dc479770a6232061e04a768ee1f9133fdb3aea7b3a99f7105b0e0b6197474733e8d14b5b2bbad054e6b62a410fe5d0b3d790242dee1e0f11274af2100f5289e2",
         "subfolder\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1"
@@ -529,64 +529,64 @@ 
     "signature": "nRtR377DB\/I\/4hmh9q3elMQYfSHnQFlNtjchNgrdfmUQqVmgkU\/4qgGyxDqYkV8mSMbH2gYysfP42nx\/3zSo7n0dBYDfU87Q6f96Cv597vEV27do8CaBkEk8Xjn2SxhHw8hVxracvE2OBAPxk0H3sRp\/cQBgjoXpju4kQin0N5E+DEJMh7Sp+u8aKoFpb+2FaAZJFn\/hnqxLTlVi2nyDxGL3U0eobWY+jWH9XPt52v3Hyh8TDhcAnQ1cN30B8Jn2+jkrm8ib+buchaCXHk0cPX72xuPECdwOEKLCBNrJa3FGSvO1zWiecnCgxCXgt+R8hUgsVPTsbrdFY2YRJGIhHndYZL98XzgG7cw85SnnMMe2SulzeL7xANGF8qiEVyiC7x83bbj5xOkeM\/CUTajrLBO3vyZ23KKOxvskjgI0t+Zw1zFsl+sYW0\/O\/V5WzPOwMwV8+iApQ8k9gEMiYQg98QLEMYnSohncmp0Z9qx2qFcQuHLcKJVa1J6wGtE\/EHR\/4d0aYPd6IRjg+qshCJmdzud\/12xjpGTl+BT0Hi0VsU5o7ZMi7WhmukZmmv8u0uZsvKREQNATm4cO4WCkYySt5O9gZEJOF+jjgeynDoAh09lyrNXIgMpM9ufm\/XEG\/I\/f2zIwbAUc6J6qks5OuYlJzW5vscTiOKhwcGZU9WBLgh0=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/');
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->with(
-				\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified//core/signature.json',
-				$this->callback(function ($signature) use ($expectedSignatureFileData) {
-					$expectedArray = json_decode($expectedSignatureFileData, true);
-					$actualArray = json_decode($signature, true);
-					$this->assertEquals($expectedArray, $actualArray);
-					return true;
-				})
-			);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/');
-	}
-
-	public function testWriteCoreSignatureWithInvalidModifiedHtaccess(): void {
-		$expectedSignatureFileData = '{
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/');
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->with(
+                \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified//core/signature.json',
+                $this->callback(function ($signature) use ($expectedSignatureFileData) {
+                    $expectedArray = json_decode($expectedSignatureFileData, true);
+                    $actualArray = json_decode($signature, true);
+                    $this->assertEquals($expectedArray, $actualArray);
+                    return true;
+                })
+            );
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified/');
+    }
+
+    public function testWriteCoreSignatureWithInvalidModifiedHtaccess(): void {
+        $expectedSignatureFileData = '{
     "hashes": {
         ".htaccess": "4a54273dc8d697b2ca615acf2ae2c1ee3c1c643492cb04f42b10984fa9aacff1420dc829fd82f93ad3476fbd0cdab0251142c887dc8f872d03e39a3a3eb6d381"
     },
     "signature": "qpDddYGgAKNR3TszOgjPXRphUl2P9Ym5OQaetltocgZASGDkOun5D64+1D0QJRKb4SG2+48muxGOHyL2Ngos4NUrrSR+SIkywZacay82YQBCEdr7\/4MjW1WHRPjvboLwEJwViw0EdAjsWRpD68aPnzUGrGsy2BsCo06P5iwjk9cXcHxdjC9R39npvoC3QNvQ2jmNIbh1Lc4U97dbb+CsXEQCLU1OSa9p3q6cEFV98Easwt7uF\/DzHK+CbeZlxVZ0DwLh2\/ylT1PyGou8QC1b3vKAnPjLWMO+UsCPpCKhk3C5pV+5etQ8puGd+0x2t5tEU+qXxLzek91zWNC+rqgC\/WlqLKbwPb\/BCHs4zLGV55Q2fEQmT21x0KCUELdPs4dBnYP4Ox5tEDugtJujWFzOHzoY6gGa\/BY\/78pSZXmq9o8dWkBEtioWWvaNZ1rM0ddE83GBlBTgjigi9Ay1D++bUW\/FCBB7CMk6qyNlV81H+cBuIEODw2aymmkM9LLDD2Qbmvo8gHEPRjiQxPC5OpDlcdSNiL+zcxVxeuX4FpT+9xzz\/\/DRONhufxRpsbuCOMxd96RW7y9U2N2Uxb3Bzn\/BIqEayUUsdgZjfaGcXXYKR+chu\/LOwNYN6RlnLsgqL\/dhGKwlRVKXw1RA2\/af\/CpqyR7uVP6al1YJo\/YJ+5XJ6zE=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->with(
-				\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent//core/signature.json',
-				$this->callback(function ($signature) use ($expectedSignatureFileData) {
-					$expectedArray = json_decode($expectedSignatureFileData, true);
-					$actualArray = json_decode($signature, true);
-					$this->assertEquals($expectedArray, $actualArray);
-					return true;
-				})
-			);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent/');
-	}
-
-	public function testWriteCoreSignatureWithValidModifiedHtaccess(): void {
-		$expectedSignatureFileData = '{
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->with(
+                \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent//core/signature.json',
+                $this->callback(function ($signature) use ($expectedSignatureFileData) {
+                    $expectedArray = json_decode($expectedSignatureFileData, true);
+                    $actualArray = json_decode($signature, true);
+                    $this->assertEquals($expectedArray, $actualArray);
+                    return true;
+                })
+            );
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent/');
+    }
+
+    public function testWriteCoreSignatureWithValidModifiedHtaccess(): void {
+        $expectedSignatureFileData = '{
     "hashes": {
         ".htaccess": "7e6a7a4d8ee4f3fbc45dd579407c643471575a9d127d1c75f6d0a49e80766c3c587104b2139ef76d2a4bffce3f45777900605aaa49519c9532909b71e5030227",
         "subfolder\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1"
@@ -594,68 +594,68 @@ 
     "signature": "YVwQvl9Dh8UebCumfgzFxfz3NiZJLmYG8oJVTfEBhulI4KXBnTG1jZTprf4XxG2XIriEYAZXsoXpu9xWsUFe9QfdncwoEpqJtGq7l6aVDTofX5Be5b03MQFJr4cflgllqW77QZ84D9O9qWF\/vNDAofXcwrzT04CxLDhyQgTCgYUnRjG9pnuP\/gtbDKbTjRvxhTyfg3T0Phv1+XAvpTPnH2q5A+1+LmiqziUJ1sMipsKo+jQP614eCi9qjmqhHIgLRgcuOBvsi4g5WUcdcAIZ6qLt5gm2Y3r6rKNVchosU9ZydMUTfjuejDbVwE2fNH5UUnV57fQBxwg9CfX7iFHqKv1bfv5Zviu12paShgWCB12uR3iH\/3lmTJn8K5Xqit3G4eymFaJ5IChdUThBp\/jhQSI2r8sPcZDYSJ\/UZKuFnezFdKhEBd5hMXe8aKAd6ijGDjLARksFuqpi1sS8llC5K1Q+DzktSL\/o64TY4Vuvykiwe\/BAk2SkL9voOtrvU7vfDBcuCPbDJnSBBC0ESpcXeClTBIn6xZ9WaxqoS7sinE\/kUwtWsRd04I7d79\/ouotyNb+mBhTuRsZT12p\/gn4JHXXNUAIpTwchYzGxbfNJ4kxnYBFZWVmvsSqOLFZu1yi5BP3ktA9yhFyWIa5659azRFEKRdXpVHtQVa4IgdhxEqA=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
-		$this->fileAccessHelper
-			->expects($this->once())
-			->method('file_put_contents')
-			->with(
-				\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json',
-				$this->callback(function ($signature) use ($expectedSignatureFileData) {
-					$expectedArray = json_decode($expectedSignatureFileData, true);
-					$actualArray = json_decode($signature, true);
-					$this->assertEquals($expectedArray, $actualArray);
-					return true;
-				})
-			);
-
-		$keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
-		$rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
-		$rsa = new RSA();
-		$rsa->loadKey($rsaPrivateKey);
-		$x509 = new X509();
-		$x509->loadX509($keyBundle);
-		$this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
-	}
-
-	public function testVerifyCoreSignatureWithoutSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Signature data not found.',
-			],
-		];
-		$this->assertSame($expected, $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreSignatureWithValidSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
+        $this->fileAccessHelper
+            ->expects($this->once())
+            ->method('file_put_contents')
+            ->with(
+                \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json',
+                $this->callback(function ($signature) use ($expectedSignatureFileData) {
+                    $expectedArray = json_decode($expectedSignatureFileData, true);
+                    $actualArray = json_decode($signature, true);
+                    $this->assertEquals($expectedArray, $actualArray);
+                    return true;
+                })
+            );
+
+        $keyBundle = file_get_contents(__DIR__ . '/../../data/integritycheck/core.crt');
+        $rsaPrivateKey = file_get_contents(__DIR__ . '/../../data/integritycheck/core.key');
+        $rsa = new RSA();
+        $rsa->loadKey($rsaPrivateKey);
+        $x509 = new X509();
+        $x509->loadX509($keyBundle);
+        $this->checker->writeCoreSignature($x509, $rsa, \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
+    }
+
+    public function testVerifyCoreSignatureWithoutSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Signature data not found.',
+            ],
+        ];
+        $this->assertSame($expected, $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreSignatureWithValidSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -663,33 +663,33 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreSignatureWithValidModifiedHtaccessSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreSignatureWithValidModifiedHtaccessSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent');
+        $signatureDataFile = '{
     "hashes": {
         ".htaccess": "7e6a7a4d8ee4f3fbc45dd579407c643471575a9d127d1c75f6d0a49e80766c3c587104b2139ef76d2a4bffce3f45777900605aaa49519c9532909b71e5030227",
         "subfolder\/.htaccess": "2c57b1e25050e11dc3ae975832f378c452159f7b69f818e47eeeafadd6ba568517461dcb4d843b90b906cd7c89d161bc1b89dff8e3ae0eb6f5088508c47befd1"
@@ -697,92 +697,92 @@ 
     "signature": "YVwQvl9Dh8UebCumfgzFxfz3NiZJLmYG8oJVTfEBhulI4KXBnTG1jZTprf4XxG2XIriEYAZXsoXpu9xWsUFe9QfdncwoEpqJtGq7l6aVDTofX5Be5b03MQFJr4cflgllqW77QZ84D9O9qWF\/vNDAofXcwrzT04CxLDhyQgTCgYUnRjG9pnuP\/gtbDKbTjRvxhTyfg3T0Phv1+XAvpTPnH2q5A+1+LmiqziUJ1sMipsKo+jQP614eCi9qjmqhHIgLRgcuOBvsi4g5WUcdcAIZ6qLt5gm2Y3r6rKNVchosU9ZydMUTfjuejDbVwE2fNH5UUnV57fQBxwg9CfX7iFHqKv1bfv5Zviu12paShgWCB12uR3iH\/3lmTJn8K5Xqit3G4eymFaJ5IChdUThBp\/jhQSI2r8sPcZDYSJ\/UZKuFnezFdKhEBd5hMXe8aKAd6ijGDjLARksFuqpi1sS8llC5K1Q+DzktSL\/o64TY4Vuvykiwe\/BAk2SkL9voOtrvU7vfDBcuCPbDJnSBBC0ESpcXeClTBIn6xZ9WaxqoS7sinE\/kUwtWsRd04I7d79\/ouotyNb+mBhTuRsZT12p\/gn4JHXXNUAIpTwchYzGxbfNJ4kxnYBFZWVmvsSqOLFZu1yi5BP3ktA9yhFyWIa5659azRFEKRdXpVHtQVa4IgdhxEqA=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyCoreSignature());
-	}
-
-	/**
-	 * See inline instruction on how to update the test assets when changing mimetypealiases.dist.json
-	 */
-	public function testVerifyCoreSignatureWithModifiedMimetypelistSignatureData(): void {
-		$shippedMimetypeAliases = (array)json_decode(file_get_contents(\OC::$SERVERROOT . '/resources/config/mimetypealiases.dist.json'));
-		$shippedMimetypeNames = (array)json_decode(file_get_contents(\OC::$SERVERROOT . '/resources/config/mimetypenames.dist.json'));
-		$allAliases = array_merge($shippedMimetypeAliases, ['my-custom/mimetype' => 'custom']);
-		$allMimetypeNames = array_merge($shippedMimetypeNames, ['my-custom/mimetype' => 'Custom Document']);
-
-		$this->mimeTypeDetector
-			->method('getOnlyDefaultAliases')
-			->willReturn($shippedMimetypeAliases);
-
-		$this->mimeTypeDetector
-			->method('getAllAliases')
-			->willReturn($allAliases);
-
-		$this->mimeTypeDetector
-			->method('getAllNamings')
-			->willReturn($allMimetypeNames);
-
-		$oldMimetypeList = new GenerateMimetypeFileBuilder();
-		$all = $this->mimeTypeDetector->getAllAliases();
-		$namings = $this->mimeTypeDetector->getAllNamings();
-		$newFile = $oldMimetypeList->generateFile($all, $namings);
-
-		// When updating the mimetype list the test assets need to be updated as well
-		// 1. Update core/js/mimetypelist.js with the new generated js by running the test with the next line uncommented:
-		// file_put_contents(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/js/mimetypelist.js', $newFile);
-		// 2. Update signature.json using the following occ command:
-		// occ integrity:sign-core --privateKey=./tests/data/integritycheck/core.key --certificate=./tests/data/integritycheck/core.crt --path=./tests/data/integritycheck/mimetypeListModified
-		self::assertEquals($newFile, file_get_contents(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/js/mimetypelist.js'));
-
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified');
-
-		$signatureDataFile = file_get_contents(__DIR__ . '/../../data/integritycheck/mimetypeListModified/core/signature.json');
-		$this->fileAccessHelper
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreSignatureWithValidSignatureDataAndNotAlphabeticOrder(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyCoreSignature());
+    }
+
+    /**
+     * See inline instruction on how to update the test assets when changing mimetypealiases.dist.json
+     */
+    public function testVerifyCoreSignatureWithModifiedMimetypelistSignatureData(): void {
+        $shippedMimetypeAliases = (array)json_decode(file_get_contents(\OC::$SERVERROOT . '/resources/config/mimetypealiases.dist.json'));
+        $shippedMimetypeNames = (array)json_decode(file_get_contents(\OC::$SERVERROOT . '/resources/config/mimetypenames.dist.json'));
+        $allAliases = array_merge($shippedMimetypeAliases, ['my-custom/mimetype' => 'custom']);
+        $allMimetypeNames = array_merge($shippedMimetypeNames, ['my-custom/mimetype' => 'Custom Document']);
+
+        $this->mimeTypeDetector
+            ->method('getOnlyDefaultAliases')
+            ->willReturn($shippedMimetypeAliases);
+
+        $this->mimeTypeDetector
+            ->method('getAllAliases')
+            ->willReturn($allAliases);
+
+        $this->mimeTypeDetector
+            ->method('getAllNamings')
+            ->willReturn($allMimetypeNames);
+
+        $oldMimetypeList = new GenerateMimetypeFileBuilder();
+        $all = $this->mimeTypeDetector->getAllAliases();
+        $namings = $this->mimeTypeDetector->getAllNamings();
+        $newFile = $oldMimetypeList->generateFile($all, $namings);
+
+        // When updating the mimetype list the test assets need to be updated as well
+        // 1. Update core/js/mimetypelist.js with the new generated js by running the test with the next line uncommented:
+        // file_put_contents(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/js/mimetypelist.js', $newFile);
+        // 2. Update signature.json using the following occ command:
+        // occ integrity:sign-core --privateKey=./tests/data/integritycheck/core.key --certificate=./tests/data/integritycheck/core.crt --path=./tests/data/integritycheck/mimetypeListModified
+        self::assertEquals($newFile, file_get_contents(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/js/mimetypelist.js'));
+
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified');
+
+        $signatureDataFile = file_get_contents(__DIR__ . '/../../data/integritycheck/mimetypeListModified/core/signature.json');
+        $this->fileAccessHelper
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/mimetypeListModified/resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreSignatureWithValidSignatureDataAndNotAlphabeticOrder(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -790,33 +790,33 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$this->assertSame([], $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreSignatureWithTamperedSignatureData(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $this->assertSame([], $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreSignatureWithTamperedSignatureData(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "tampered",
         "subfolder\/file.txt": "tampered"
@@ -824,39 +824,39 @@ 
     "signature": "eXesvDm3pkek12xSwMG10y9suRES79Nye3jYNe5KYq1tTUPqRRNgxmMGAfcUro0zpLeAr2YgHeSMWtglblGOW7pmwGVPZ0O1Y4r1fE6jnep0kW+35PLIaqCorIOnCAtSzDNKBhwd1ow3zW2wC0DFouuEkIO8u5Fw28g8E8dp8zEk1xMblNPy+xtWkmYHrVJ\/dQgun1bYOF2ZFtAzatwndTI\/bGsy1i3Wsl+x6HyWKQdq8y8VObtOqKDH7uERBEpB9DHVyKflj1v1gQuEH6BhaRdATc7ee0MiQdGblraIySwYRdfo2d8i82OVKrenMB3SLwyCvDPyQ9iKpTOnSF52ZBqaqSXKM2N\/RAkweeBFQQCwcHhqxvB0cfbyHcbkOLeCZe\/tsh68IxwTiYgzvLfl7sOZ5arnZbzrPpZmB+hfV2omkoJ1tDwOWz9hEmLLNtfo2OxyUH1m0+XFaC+Gbn4WkVDgf7YZkwUcG+Qoa3oKDNMss8MEyZxewl2iDGZcf402dlidHRprlfmXbAYuVQ08\/a0HxIKYPGh\/nsMGmwnO15CWtFpAbhUA\/D5oRjsIxnvXaMDg0iAFpdu\/5Ffsj7g3EPdBkiQHNYK7YU1RRx609eH0bZyiIYHdUPw7ikLupvrebZmELqi3mqDFO99u4eISlxFJlUbUND3L4BtmWTWrKwI=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Signature could not get verified.',
-			]
-		];
-		$this->assertSame($expected, $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreSignatureWithTamperedFiles(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Signature could not get verified.',
+            ]
+        ];
+        $this->assertSame($expected, $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreSignatureWithTamperedFiles(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -864,54 +864,54 @@ 
     "signature": "dYoohBaWIFR\/To1FXEbMQB5apUhVYlEauBGSPo12nq84wxWkBx2EM3KDRgkB5Sub2tr0CgmAc2EVjPhKIEzAam26cyUb48bJziz1V6wvW7z4GZAfaJpzLkyHdSfV5117VSf5w1rDcAeZDXfGUaaNEJPWytaF4ZIxVge7f3NGshHy4odFVPADy\/u6c43BWvaOtJ4m3aJQbP6sxCO9dxwcm5yJJJR3n36jfh229sdWBxyl8BhwhH1e1DEv78\/aiL6ckKFPVNzx01R6yDFt3TgEMR97YZ\/R6lWiXG+dsJ305jNFlusLu518zBUvl7g5yjzGN778H29b2C8VLZKmi\/h1CH9jGdD72fCqCYdenD2uZKzb6dsUtXtvBmVcVT6BUGz41W1pkkEEB+YJpMrHILIxAiHRGv1+aZa9\/Oz8LWFd+BEUQjC2LJgojPnpzaG\/msw1nBkX16NNVDWWtJ25Bc\/r\/mG46rwjWB\/cmV6Lwt6KODiqlxgrC4lm9ALOCEWw+23OcYhLwNfQTYevXqHqsFfXOkhUnM8z5vDUb\/HBraB1DjFXN8iLK+1YewD4P495e+SRzrR79Oi3F8SEqRIzRLfN2rnW1BTms\/wYsz0p67cup1Slk1XlNmHwbWX25NVd2PPlLOvZRGoqcKFpIjC5few8THiZfyjiNFwt3RM0AFdZcXY=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUc\/0FxYrsgSs9rDxp03EJmbjN0NwwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIxMDMzM1oXDTE2MTEwMzIxMDMzM1owDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBALb6EgHpkAqZbO5vRO8XSh7G7XGWHw5s\r\niOf4RwPXR6SE9bWZEm\/b72SfWk\/\/J6AbrD8WiOzBuT\/ODy6k5T1arEdHO+Pux0W1\r\nMxYJJI4kH74KKgMpC0SB0Rt+8WrMqV1r3hhJ46df6Xr\/xolP3oD+eLbShPcblhdS\r\nVtkZEkoev8Sh6L2wDCeHDyPxzvj1w2dTdGVO9Kztn0xIlyfEBakqvBWtcxyi3Ln0\r\nklnxlMx3tPDUE4kqvpia9qNiB1AN2PV93eNr5\/2riAzIssMFSCarWCx0AKYb54+d\r\nxLpcYFyqPJ0ydBCkF78DD45RCZet6PNYkdzgbqlUWEGGomkuDoJbBg4wzgzO0D77\r\nH87KFhYW8tKFFvF1V3AHl\/sFQ9tDHaxM9Y0pZ2jPp\/ccdiqnmdkBxBDqsiRvHvVB\r\nCn6qpb4vWGFC7vHOBfYspmEL1zLlKXZv3ezMZEZw7O9ZvUP3VO\/wAtd2vUW8UFiq\r\ns2v1QnNLN6jNh51obcwmrBvWhJy9vQIdtIjQbDxqWTHh1zUSrw9wrlklCBZ\/zrM0\r\ni8nfCFwTxWRxp3H9KoECzO\/zS5R5KIS7s3\/wq\/w9T2Ie4rcecgXwDizwnn0C\/aKc\r\nbDIjujpL1s9HO05pcD\/V3wKcPZ1izymBkmMyIbL52iRVN5FTVHeZdXPpFuq+CTQJ\r\nQ238lC+A\/KOVAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAGoKTnh8RfJV4sQItVC2\r\nAvfJagkrIqZ3iiQTUBQGTKBsTnAqE1H7QgUSV9vSd+8rgvHkyZsRjmtyR1e3A6Ji\r\noNCXUbExC\/0iCPUqdHZIVb+Lc\/vWuv4ByFMybGPydgtLoEUX2ZrKFWmcgZFDUSRd\r\n9Uj26vtUhCC4bU4jgu6hIrR9IuxOBLQUxGTRZyAcXvj7obqRAEZwFAKQgFpfpqTb\r\nH+kjcbZSaAlLVSF7vBc1syyI8RGYbqpwvtREqJtl5IEIwe6huEqJ3zPnlP2th\/55\r\ncf3Fovj6JJgbb9XFxrdnsOsDOu\/tpnaRWlvv5ib4+SzG5wWFT5UUEo4Wg2STQiiX\r\nuVSRQxK1LE1yg84bs3NZk9FSQh4B8vZVuRr5FaJsZZkwlFlhRO\/\/+TJtXRbyNgsf\r\noMRZGi8DLGU2SGEAHcRH\/QZHq\/XDUWVzdxrSBYcy7GSpT7UDVzGv1rEJUrn5veP1\r\n0KmauAqtiIaYRm4f6YBsn0INcZxzIPZ0p8qFtVZBPeHhvQtvOt0iXI\/XUxEWOa2F\r\nK2EqhErgMK\/N07U1JJJay5tYZRtvkGq46oP\/5kQG8hYST0MDK6VihJoPpvCmAm4E\r\npEYKQ96x6A4EH9Y9mZlYozH\/eqmxPbTK8n89\/p7Ydun4rI+B2iiLnY8REWWy6+UQ\r\nV204fGUkJqW5CrKy3P3XvY9X\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'INVALID_HASH' => [
-				'AnotherFile.txt' => [
-					'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
-					'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
-				],
-			],
-			'FILE_MISSING' => [
-				'subfolder/file.txt' => [
-					'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
-					'current' => '',
-				],
-			],
-			'EXTRA_FILE' => [
-				'UnecessaryFile' => [
-					'expected' => '',
-					'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
-				],
-			],
-
-		];
-		$this->assertSame($expected, $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreWithInvalidCertificate(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/appWithInvalidData//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'INVALID_HASH' => [
+                'AnotherFile.txt' => [
+                    'expected' => '1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112',
+                    'current' => '7322348ba269c6d5522efe02f424fa3a0da319a7cd9c33142a5afe32a2d9af2da3a411f086fcfc96ff4301ea566f481dba0960c2abeef3594c4d930462f6584c',
+                ],
+            ],
+            'FILE_MISSING' => [
+                'subfolder/file.txt' => [
+                    'expected' => '410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b',
+                    'current' => '',
+                ],
+            ],
+            'EXTRA_FILE' => [
+                'UnecessaryFile' => [
+                    'expected' => '',
+                    'current' => 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e',
+                ],
+            ],
+
+        ];
+        $this->assertSame($expected, $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreWithInvalidCertificate(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -919,39 +919,39 @@ 
     "signature": "eXesvDm3pkek12xSwMG10y9suRES79Nye3jYNe5KYq1tTUPqRRNgxmMGAfcUro0zpLeAr2YgHeSMWtglblGOW7pmwGVPZ0O1Y4r1fE6jnep0kW+35PLIaqCorIOnCAtSzDNKBhwd1ow3zW2wC0DFouuEkIO8u5Fw28g8E8dp8zEk1xMblNPy+xtWkmYHrVJ\/dQgun1bYOF2ZFtAzatwndTI\/bGsy1i3Wsl+x6HyWKQdq8y8VObtOqKDH7uERBEpB9DHVyKflj1v1gQuEH6BhaRdATc7ee0MiQdGblraIySwYRdfo2d8i82OVKrenMB3SLwyCvDPyQ9iKpTOnSF52ZBqaqSXKM2N\/RAkweeBFQQCwcHhqxvB0cfbyHcbkOLeCZe\/tsh68IxwTiYgzvLfl7sOZ5arnZbzrPpZmB+hfV2omkoJ1tDwOWz9hEmLLNtfo2OxyUH1m0+XFaC+Gbn4WkVDgf7YZkwUcG+Qoa3oKDNMss8MEyZxewl2iDGZcf402dlidHRprlfmXbAYuVQ08\/a0HxIKYPGh\/nsMGmwnO15CWtFpAbhUA\/D5oRjsIxnvXaMDg0iAFpdu\/5Ffsj7g3EPdBkiQHNYK7YU1RRx609eH0bZyiIYHdUPw7ikLupvrebZmELqi3mqDFO99u4eISlxFJlUbUND3L4BtmWTWrKwI=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEvjCCAqagAwIBAgIUPYoweUxCPqbDW4ntuh7QvgyqSrgwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIyNDIwNloXDTE2MTEwMzIyNDIwNlowDzENMAsGA1UEAwwEY29yZTCCAiIwDQYJ\r\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJui3nDbjOIjxNnthdBZplphujsN6u8K\r\nQ\/62zAuSwzXVp0+3IMgM\/2sepklVE8YfCyVJ5+SUJqnqHoUWVRVfs8jL0wW6nrHM\r\n\/lsscAguWCee4iAdNOqI9kq4+DUau8J45e62XA9mrAo\/8\/NKzFE2y2WduDoQZcm+\r\n8+dwcUUHXw2jl8dfrmvEMYSqTNDdb4rGmQpeV+dr9BLqr+x03U1Q08qCG9j7mSOz\r\ncvJENjOvC5uzAh5LCuCgxqG4o+mPzB0FtNnwoRRu6IsF3Y3KacRqPc30fB\/iXDn5\r\nBPr14uNxTTYWoZJ1F0tZrLzRbXdjJJOC+dnQurTtXWZ8WjPB1BWQYK7fW6t82mkN\r\n2Qe2xen99gs9nX5yY\/sHM3TKSJdM7AVCEv\/emW3gNjkvWTtRlN\/Nc7X2ckNwXcvo\r\n0yi3fSPjzXpDgLbhp1FzrMlHDn1VzmRT3r8wLByWa\/hsxrJDsBzwunMJYhXhmeKb\r\n3wX0tN\/EUJTWBntpwVOIGnRPD51oBoQUOMaEAq\/kz8PgN181bWZkJbRuf+FWkijQ\r\no+HR2lVF1jWXXst5Uc+s9HN81Uly7X4O9MMg0QxT4+wymtGDs6AOkwMi9rgBTrRB\r\n3tLU3XL2UIwRXgmd8cPtTu\/I6Bm7LdyaYtZ3yJTxRewq3nZdWypqBhD8uhpIYVkf\r\no4bxmGkVAQVTAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAKKAX5EHgU1grODnJ0of\r\nspFpgB1K67YvclNUyuU6NQ6zBJx1\/w1RnM7uxLcxiiWj1BbUhwZQ0ojmEHeUyi6O\r\nGrDVajwhTccDMmja3u5adhEncx65\/H+lD85IPRRkS2qBDssMDdJHhZ0uI+40nI7M\r\nMq1kFjl+6wiuqZXqps66DuLbk45g\/ZlrFIrIo3Ix5vj0OVqwT+gO4LYirJK6KgVS\r\nUttbcEsc\/yKU9ThnM8\/n4m2jstZXfzKPgOsJrQcZrFOtpj+CWmBzVElBSPlDT3Nh\r\nHSgOeTFJ8bQBxj2iG5dLA+JZJQKxyJ1gy2ZtxIJ2GyvLtSe8NUSqvfPWOaAKEUV2\r\ngniytnEFLr+PcD+9EGux6jZNuj6HmtWVThTfD5VGFmtlVU2z71ZRYY0kn6J3mmFc\r\nS2ecEcCUwqG5YNLncEUCyZhC2klWql2SHyGctCEyWWY7ikIDjVzYt2EbcFvLNBnP\r\ntybN1TYHRRZxlug00CCoOE9EZfk46FkZpDvU6KmqJRofkNZ5sj+SffyGcwYwNrDH\r\nKqe8m+9lHf3CRTIDeMu8r2xl1I6M6ZZfjabbmVP9Jd6WN4s6f1FlXDWzhlT1N0Qw\r\nGzJj6xB+SPtS3UV05tBlvbfA4e06D5G9uD7Q8ONcINtMS0xsSJ2oo82AqlpvlF\/q\r\noj7YKHsaTVGA+FxBktZHfoxD\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Certificate is not valid.',
-			]
-		];
-		$this->assertSame($expected, $this->checker->verifyCoreSignature());
-	}
-
-	public function testVerifyCoreWithDifferentScope(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->environmentHelper
-			->expects($this->any())
-			->method('getServerRoot')
-			->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
-		$signatureDataFile = '{
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Certificate is not valid.',
+            ]
+        ];
+        $this->assertSame($expected, $this->checker->verifyCoreSignature());
+    }
+
+    public function testVerifyCoreWithDifferentScope(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->environmentHelper
+            ->expects($this->any())
+            ->method('getServerRoot')
+            ->willReturn(\OC::$SERVERROOT . '/tests/data/integritycheck/app/');
+        $signatureDataFile = '{
     "hashes": {
         "AnotherFile.txt": "1570ca9420e37629de4328f48c51da29840ddeaa03ae733da4bf1d854b8364f594aac560601270f9e1797ed4cd57c1aea87bf44cf4245295c94f2e935a2f0112",
         "subfolder\/file.txt": "410738545fb623c0a5c8a71f561e48ea69e3ada0981a455e920a5ae9bf17c6831ae654df324f9328ff8453de179276ae51931cca0fa71fe8ccde6c083ca0574b"
@@ -959,155 +959,155 @@ 
     "signature": "EL49UaSeyMAqyMtqId+tgOhhwgOevPZsRLX4j2blnybAB6fN07z0936JqZV7+eMPiE30Idx+UCY6rCFN531Kqe9vAOCdgtHUSOjjKyKc+lvULESlMb6YQcrZrvDlEMMjzjH49ewG7Ai8sNN6HrRUd9U8ws+ewSkW2DOOBItj\/21RBnkrSt+2AtGXGigEvuTm57HrCYDj8\/lSkumC2GVkjLUHeLOKYo4PRNOr6yP5mED5v7zo66AWvXl2fKv54InZcdxsAk35lyK9DGZbk\/027ZRd0AOHT3LImRLvQ+8EAg3XLlRUy0hOFGgPC+jYonMzgYvsAXAXi2j8LnLJlsLwpFwu1k1B+kZVPMumKZvP9OvJb70EirecXmz62V+Jiyuaq7ne4y7Kp5gKZT\/T8SeZ0lFtCmPfYyzBB0y8s5ldmTTmdVYHs54t\/OCCW82HzQZxnFNPzDTRa8HglsaMKrqPtW59+R4UvRKSWhB8M\/Ah57qgzycvPV4KMz\/FbD4l\/\/9chRKSlCfc2k3b8ZSHNmi+EzCKgJjWIoKdgN1yax94puU8jfn8UW+G7H9Y1Jsf\/jox6QLyYEgtV1vOHY2xLT7fVs2vhyvkN2MNjJnmQ70gFG5Qz2lBz5wi6ZpB+tOfCcpbLxWAkoWoIrmC\/Ilqh7mfmRZ43g5upjkepHNd93ONuY8=",
     "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEwTCCAqmgAwIBAgIUWv0iujufs5lUr0svCf\/qTQvoyKAwDQYJKoZIhvcNAQEF\r\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTEw\r\nMzIyNDk1M1oXDTE2MTEwMzIyNDk1M1owEjEQMA4GA1UEAwwHU29tZUFwcDCCAiIw\r\nDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK8q0x62agGSRBqeWsaeEwFfepMk\r\nF8cAobMMi50qHCv9IrOn\/ZH9l52xBrbIkErVmRjmly0d4JhD8Ymhidsh9ONKYl\/j\r\n+ishsZDM8eNNdp3Ew+fEYVvY1W7mR1qU24NWj0bzVsClI7hvPVIuw7AjfBDq1C5+\r\nA+ZSLSXYvOK2cEWjdxQfuNZwEZSjmA63DUllBIrm35IaTvfuyhU6BW9yHZxmb8+M\r\nw0xDv30D5UkE\/2N7Pa\/HQJLxCR+3zKibRK3nUyRDLSXxMkU9PnFNaPNX59VPgyj4\r\nGB1CFSToldJVPF4pzh7p36uGXZVxs8m3LFD4Ol8mhi7jkxDZjqFN46gzR0r23Py6\r\ndol9vfawGIoUwp9LvL0S7MvdRY0oazLXwClLP4OQ17zpSMAiCj7fgNT661JamPGj\r\nt5O7Zn2wA7I4ddDS\/HDTWCu98Zwc9fHIpsJPgCZ9awoqxi4Mnf7Pk9g5nnXhszGC\r\ncxxIASQKM+GhdzoRxKknax2RzUCwCzcPRtCj8AQT\/x\/mqN3PfRmlnFBNACUw9bpZ\r\nSOoNq2pCF9igftDWpSIXQ38pVpKLWowjjg3DVRmVKBgivHnUnVLyzYBahHPj0vaz\r\ntFtUFRaqXDnt+4qyUGyrT5h5pjZaTcHIcSB4PiarYwdVvgslgwnQzOUcGAzRWBD4\r\n6jV2brP5vFY3g6iPAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBACTY3CCHC+Z28gCf\r\nFWGKQ3wAKs+k4+0yoti0qm2EKX7rSGQ0PHSas6uW79WstC4Rj+DYkDtIhGMSg8FS\r\nHVGZHGBCc0HwdX+BOAt3zi4p7Sf3oQef70\/4imPoKxbAVCpd\/cveVcFyDC19j1yB\r\nBapwu87oh+muoeaZxOlqQI4UxjBlR\/uRSMhOn2UGauIr3dWJgAF4pGt7TtIzt+1v\r\n0uA6FtN1Y4R5O8AaJPh1bIG0CVvFBE58esGzjEYLhOydgKFnEP94kVPgJD5ds9C3\r\npPhEpo1dRpiXaF7WGIV1X6DI\/ipWvfrF7CEy6I\/kP1InY\/vMDjQjeDnJ\/VrXIWXO\r\nyZvHXVaN\/m+1RlETsH7YO\/QmxRue9ZHN3gvvWtmpCeA95sfpepOk7UcHxHZYyQbF\r\n49\/au8j+5tsr4A83xzsT1JbcKRxkAaQ7WDJpOnE5O1+H0fB+BaLakTg6XX9d4Fo7\r\n7Gin7hVWX7pL+JIyxMzME3LhfI61+CRcqZQIrpyaafUziPQbWIPfEs7h8tCOWyvW\r\nUO8ZLervYCB3j44ivkrxPlcBklDCqqKKBzDP9dYOtS\/P4RB1NkHA9+NTvmBpTonS\r\nSFXdg9fFMD7VfjDE3Vnk+8DWkVH5wBYowTAD7w9Wuzr7DumiAULexnP\/Y7xwxLv7\r\n4B+pXTAcRK0zECDEaX3npS8xWzrB\r\n-----END CERTIFICATE-----"
 }';
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_get_contents')
-			->willReturnMap([
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
-				[\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
-			]);
-
-		$expected = [
-			'EXCEPTION' => [
-				'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
-				'message' => 'Certificate is not valid for required scope. (Requested: core, current: CN=SomeApp)',
-			]
-		];
-		$this->assertSame($expected, $this->checker->verifyCoreSignature());
-	}
-
-	public function testRunInstanceVerification(): void {
-		$this->checker = $this->getMockBuilder('\OC\IntegrityCheck\Checker')
-			->setConstructorArgs([
-				$this->serverVersion,
-				$this->environmentHelper,
-				$this->fileAccessHelper,
-				$this->appLocator,
-				$this->config,
-				$this->appConfig,
-				$this->cacheFactory,
-				$this->appManager,
-				$this->mimeTypeDetector,
-			])
-			->onlyMethods([
-				'verifyCoreSignature',
-				'verifyAppSignature',
-			])
-			->getMock();
-
-		$this->checker
-			->expects($this->once())
-			->method('verifyCoreSignature');
-		$this->appManager
-			->expects($this->once())
-			->method('getAllAppsInAppsFolders')
-			->willReturn([
-				'files',
-				'calendar',
-				'contacts',
-				'dav',
-			]);
-		$this->appManager
-			->expects($this->exactly(4))
-			->method('isShipped')
-			->willReturnMap([
-				['files', true],
-				['calendar', false],
-				['contacts', false],
-				['dav', true],
-			]);
-
-		$calls = [
-			'files',
-			'calendar',
-			'dav',
-		];
-		$this->checker
-			->expects($this->exactly(3))
-			->method('verifyAppSignature')
-			->willReturnCallback(function ($app) use (&$calls) {
-				$expected = array_shift($calls);
-				$this->assertSame($expected, $app);
-				return [];
-			});
-		$this->appLocator
-			->expects($this->exactly(2))
-			->method('getAppPath')
-			->willReturnMap([
-				['calendar', '/apps/calendar'],
-				['contacts', '/apps/contacts'],
-			]);
-		$this->fileAccessHelper
-			->expects($this->exactly(2))
-			->method('file_exists')
-			->willReturnMap([
-				['/apps/calendar/appinfo/signature.json', true],
-				['/apps/contacts/appinfo/signature.json', false],
-			]);
-		$this->appConfig
-			->expects($this->once())
-			->method('deleteKey')
-			->with('core', 'oc.integritycheck.checker');
-
-		$this->checker->runInstanceVerification();
-	}
-
-	public function testVerifyAppSignatureWithoutSignatureDataAndCodeCheckerDisabled(): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn('stable');
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(true);
-
-		$expected = [];
-		$this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
-	}
-
-	public static function channelDataProvider(): array {
-		return [
-			['stable', true],
-			['git', false],
-		];
-	}
-
-	/**
-	 * @param string $channel
-	 * @param bool $isCodeSigningEnforced
-	 * @dataProvider channelDataProvider
-	 */
-	public function testIsCodeCheckEnforced($channel, $isCodeSigningEnforced): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn($channel);
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(false);
-
-		$this->assertSame($isCodeSigningEnforced, $this->checker->isCodeCheckEnforced());
-	}
-
-	/**
-	 * @param string $channel
-	 * @dataProvider channelDataProvider
-	 */
-	public function testIsCodeCheckEnforcedWithDisabledConfigSwitch($channel): void {
-		$this->serverVersion
-			->expects($this->once())
-			->method('getChannel')
-			->willReturn($channel);
-		$this->config
-			->expects($this->any())
-			->method('getSystemValueBool')
-			->with('integrity.check.disabled', false)
-			->willReturn(true);
-
-		$this->assertFalse(self::invokePrivate($this->checker, 'isCodeCheckEnforced'));
-	}
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_get_contents')
+            ->willReturnMap([
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', $signatureDataFile],
+                [\OC::$SERVERROOT . '/tests/data/integritycheck/app//resources/codesigning/root.crt', file_get_contents(__DIR__ . '/../../data/integritycheck/root.crt')],
+            ]);
+
+        $expected = [
+            'EXCEPTION' => [
+                'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException',
+                'message' => 'Certificate is not valid for required scope. (Requested: core, current: CN=SomeApp)',
+            ]
+        ];
+        $this->assertSame($expected, $this->checker->verifyCoreSignature());
+    }
+
+    public function testRunInstanceVerification(): void {
+        $this->checker = $this->getMockBuilder('\OC\IntegrityCheck\Checker')
+            ->setConstructorArgs([
+                $this->serverVersion,
+                $this->environmentHelper,
+                $this->fileAccessHelper,
+                $this->appLocator,
+                $this->config,
+                $this->appConfig,
+                $this->cacheFactory,
+                $this->appManager,
+                $this->mimeTypeDetector,
+            ])
+            ->onlyMethods([
+                'verifyCoreSignature',
+                'verifyAppSignature',
+            ])
+            ->getMock();
+
+        $this->checker
+            ->expects($this->once())
+            ->method('verifyCoreSignature');
+        $this->appManager
+            ->expects($this->once())
+            ->method('getAllAppsInAppsFolders')
+            ->willReturn([
+                'files',
+                'calendar',
+                'contacts',
+                'dav',
+            ]);
+        $this->appManager
+            ->expects($this->exactly(4))
+            ->method('isShipped')
+            ->willReturnMap([
+                ['files', true],
+                ['calendar', false],
+                ['contacts', false],
+                ['dav', true],
+            ]);
+
+        $calls = [
+            'files',
+            'calendar',
+            'dav',
+        ];
+        $this->checker
+            ->expects($this->exactly(3))
+            ->method('verifyAppSignature')
+            ->willReturnCallback(function ($app) use (&$calls) {
+                $expected = array_shift($calls);
+                $this->assertSame($expected, $app);
+                return [];
+            });
+        $this->appLocator
+            ->expects($this->exactly(2))
+            ->method('getAppPath')
+            ->willReturnMap([
+                ['calendar', '/apps/calendar'],
+                ['contacts', '/apps/contacts'],
+            ]);
+        $this->fileAccessHelper
+            ->expects($this->exactly(2))
+            ->method('file_exists')
+            ->willReturnMap([
+                ['/apps/calendar/appinfo/signature.json', true],
+                ['/apps/contacts/appinfo/signature.json', false],
+            ]);
+        $this->appConfig
+            ->expects($this->once())
+            ->method('deleteKey')
+            ->with('core', 'oc.integritycheck.checker');
+
+        $this->checker->runInstanceVerification();
+    }
+
+    public function testVerifyAppSignatureWithoutSignatureDataAndCodeCheckerDisabled(): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn('stable');
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(true);
+
+        $expected = [];
+        $this->assertSame($expected, $this->checker->verifyAppSignature('SomeApp'));
+    }
+
+    public static function channelDataProvider(): array {
+        return [
+            ['stable', true],
+            ['git', false],
+        ];
+    }
+
+    /**
+     * @param string $channel
+     * @param bool $isCodeSigningEnforced
+     * @dataProvider channelDataProvider
+     */
+    public function testIsCodeCheckEnforced($channel, $isCodeSigningEnforced): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn($channel);
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(false);
+
+        $this->assertSame($isCodeSigningEnforced, $this->checker->isCodeCheckEnforced());
+    }
+
+    /**
+     * @param string $channel
+     * @dataProvider channelDataProvider
+     */
+    public function testIsCodeCheckEnforcedWithDisabledConfigSwitch($channel): void {
+        $this->serverVersion
+            ->expects($this->once())
+            ->method('getChannel')
+            ->willReturn($channel);
+        $this->config
+            ->expects($this->any())
+            ->method('getSystemValueBool')
+            ->with('integrity.check.disabled', false)
+            ->willReturn(true);
+
+        $this->assertFalse(self::invokePrivate($this->checker, 'isCodeCheckEnforced'));
+    }
 }