nextcloud /
server
@@ -32,51 +32,51 @@ |
||
| 32 | 32 | * @since 8.0.0 |
| 33 | 33 | */ |
| 34 | 34 | interface ICertificate { |
| 35 | - /** |
|
| 36 | - * @return string |
|
| 37 | - * @since 8.0.0 |
|
| 38 | - */ |
|
| 39 | - public function getName(): string; |
|
| 35 | + /** |
|
| 36 | + * @return string |
|
| 37 | + * @since 8.0.0 |
|
| 38 | + */ |
|
| 39 | + public function getName(): string; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * @return string|null |
|
| 43 | - * @since 8.0.0 |
|
| 44 | - */ |
|
| 45 | - public function getCommonName(): ?string; |
|
| 41 | + /** |
|
| 42 | + * @return string|null |
|
| 43 | + * @since 8.0.0 |
|
| 44 | + */ |
|
| 45 | + public function getCommonName(): ?string; |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * @return string|null |
|
| 49 | - * @since 8.0.0 |
|
| 50 | - */ |
|
| 51 | - public function getOrganization(): ?string; |
|
| 47 | + /** |
|
| 48 | + * @return string|null |
|
| 49 | + * @since 8.0.0 |
|
| 50 | + */ |
|
| 51 | + public function getOrganization(): ?string; |
|
| 52 | 52 | |
| 53 | - /** |
|
| 54 | - * @return \DateTime |
|
| 55 | - * @since 8.0.0 |
|
| 56 | - */ |
|
| 57 | - public function getIssueDate(): \DateTime; |
|
| 53 | + /** |
|
| 54 | + * @return \DateTime |
|
| 55 | + * @since 8.0.0 |
|
| 56 | + */ |
|
| 57 | + public function getIssueDate(): \DateTime; |
|
| 58 | 58 | |
| 59 | - /** |
|
| 60 | - * @return \DateTime |
|
| 61 | - * @since 8.0.0 |
|
| 62 | - */ |
|
| 63 | - public function getExpireDate(): \DateTime; |
|
| 59 | + /** |
|
| 60 | + * @return \DateTime |
|
| 61 | + * @since 8.0.0 |
|
| 62 | + */ |
|
| 63 | + public function getExpireDate(): \DateTime; |
|
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * @return bool |
|
| 67 | - * @since 8.0.0 |
|
| 68 | - */ |
|
| 69 | - public function isExpired(): bool; |
|
| 65 | + /** |
|
| 66 | + * @return bool |
|
| 67 | + * @since 8.0.0 |
|
| 68 | + */ |
|
| 69 | + public function isExpired(): bool; |
|
| 70 | 70 | |
| 71 | - /** |
|
| 72 | - * @return string|null |
|
| 73 | - * @since 8.0.0 |
|
| 74 | - */ |
|
| 75 | - public function getIssuerName(): ?string; |
|
| 71 | + /** |
|
| 72 | + * @return string|null |
|
| 73 | + * @since 8.0.0 |
|
| 74 | + */ |
|
| 75 | + public function getIssuerName(): ?string; |
|
| 76 | 76 | |
| 77 | - /** |
|
| 78 | - * @return string|null |
|
| 79 | - * @since 8.0.0 |
|
| 80 | - */ |
|
| 81 | - public function getIssuerOrganization(): ?string; |
|
| 77 | + /** |
|
| 78 | + * @return string|null |
|
| 79 | + * @since 8.0.0 |
|
| 80 | + */ |
|
| 81 | + public function getIssuerOrganization(): ?string; |
|
| 82 | 82 | } |
@@ -32,43 +32,43 @@ |
||
| 32 | 32 | * @since 8.0.0 |
| 33 | 33 | */ |
| 34 | 34 | interface ICertificateManager { |
| 35 | - /** |
|
| 36 | - * Returns all certificates trusted by the system |
|
| 37 | - * |
|
| 38 | - * @return \OCP\ICertificate[] |
|
| 39 | - * @since 8.0.0 |
|
| 40 | - */ |
|
| 41 | - public function listCertificates(): array; |
|
| 35 | + /** |
|
| 36 | + * Returns all certificates trusted by the system |
|
| 37 | + * |
|
| 38 | + * @return \OCP\ICertificate[] |
|
| 39 | + * @since 8.0.0 |
|
| 40 | + */ |
|
| 41 | + public function listCertificates(): array; |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * @param string $certificate the certificate data |
|
| 45 | - * @param string $name the filename for the certificate |
|
| 46 | - * @return \OCP\ICertificate |
|
| 47 | - * @throws \Exception If the certificate could not get added |
|
| 48 | - * @since 8.0.0 - since 8.1.0 throws exception instead of returning false |
|
| 49 | - */ |
|
| 50 | - public function addCertificate(string $certificate, string $name): \OCP\ICertificate; |
|
| 43 | + /** |
|
| 44 | + * @param string $certificate the certificate data |
|
| 45 | + * @param string $name the filename for the certificate |
|
| 46 | + * @return \OCP\ICertificate |
|
| 47 | + * @throws \Exception If the certificate could not get added |
|
| 48 | + * @since 8.0.0 - since 8.1.0 throws exception instead of returning false |
|
| 49 | + */ |
|
| 50 | + public function addCertificate(string $certificate, string $name): \OCP\ICertificate; |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * @param string $name |
|
| 54 | - * @return bool |
|
| 55 | - * @since 8.0.0 |
|
| 56 | - */ |
|
| 57 | - public function removeCertificate(string $name): bool; |
|
| 52 | + /** |
|
| 53 | + * @param string $name |
|
| 54 | + * @return bool |
|
| 55 | + * @since 8.0.0 |
|
| 56 | + */ |
|
| 57 | + public function removeCertificate(string $name): bool; |
|
| 58 | 58 | |
| 59 | - /** |
|
| 60 | - * Get the path to the certificate bundle |
|
| 61 | - * |
|
| 62 | - * @return string |
|
| 63 | - * @since 8.0.0 |
|
| 64 | - */ |
|
| 65 | - public function getCertificateBundle(): string; |
|
| 59 | + /** |
|
| 60 | + * Get the path to the certificate bundle |
|
| 61 | + * |
|
| 62 | + * @return string |
|
| 63 | + * @since 8.0.0 |
|
| 64 | + */ |
|
| 65 | + public function getCertificateBundle(): string; |
|
| 66 | 66 | |
| 67 | - /** |
|
| 68 | - * Get the full local path to the certificate bundle |
|
| 69 | - * |
|
| 70 | - * @return string |
|
| 71 | - * @since 9.0.0 |
|
| 72 | - */ |
|
| 73 | - public function getAbsoluteBundlePath(): string; |
|
| 67 | + /** |
|
| 68 | + * Get the full local path to the certificate bundle |
|
| 69 | + * |
|
| 70 | + * @return string |
|
| 71 | + * @since 9.0.0 |
|
| 72 | + */ |
|
| 73 | + public function getAbsoluteBundlePath(): string; |
|
| 74 | 74 | } |
@@ -33,42 +33,42 @@ |
||
| 33 | 33 | */ |
| 34 | 34 | interface ICredentialsManager { |
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * Store a set of credentials |
|
| 38 | - * |
|
| 39 | - * @param string $userId empty string for system-wide credentials |
|
| 40 | - * @param string $identifier |
|
| 41 | - * @param mixed $credentials |
|
| 42 | - * @since 8.2.0 |
|
| 43 | - */ |
|
| 44 | - public function store(string $userId, string $identifier, $credentials): void; |
|
| 36 | + /** |
|
| 37 | + * Store a set of credentials |
|
| 38 | + * |
|
| 39 | + * @param string $userId empty string for system-wide credentials |
|
| 40 | + * @param string $identifier |
|
| 41 | + * @param mixed $credentials |
|
| 42 | + * @since 8.2.0 |
|
| 43 | + */ |
|
| 44 | + public function store(string $userId, string $identifier, $credentials): void; |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * Retrieve a set of credentials |
|
| 48 | - * |
|
| 49 | - * @param string $userId empty string for system-wide credentials |
|
| 50 | - * @param string $identifier |
|
| 51 | - * @return mixed |
|
| 52 | - * @since 8.2.0 |
|
| 53 | - */ |
|
| 54 | - public function retrieve(string $userId, string $identifier); |
|
| 46 | + /** |
|
| 47 | + * Retrieve a set of credentials |
|
| 48 | + * |
|
| 49 | + * @param string $userId empty string for system-wide credentials |
|
| 50 | + * @param string $identifier |
|
| 51 | + * @return mixed |
|
| 52 | + * @since 8.2.0 |
|
| 53 | + */ |
|
| 54 | + public function retrieve(string $userId, string $identifier); |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Delete a set of credentials |
|
| 58 | - * |
|
| 59 | - * @param string $userId empty string for system-wide credentials |
|
| 60 | - * @param string $identifier |
|
| 61 | - * @return int rows removed |
|
| 62 | - * @since 8.2.0 |
|
| 63 | - */ |
|
| 64 | - public function delete(string $userId, string $identifier): int; |
|
| 56 | + /** |
|
| 57 | + * Delete a set of credentials |
|
| 58 | + * |
|
| 59 | + * @param string $userId empty string for system-wide credentials |
|
| 60 | + * @param string $identifier |
|
| 61 | + * @return int rows removed |
|
| 62 | + * @since 8.2.0 |
|
| 63 | + */ |
|
| 64 | + public function delete(string $userId, string $identifier): int; |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * Erase all credentials stored for a user |
|
| 68 | - * |
|
| 69 | - * @param string $userId |
|
| 70 | - * @return int rows removed |
|
| 71 | - * @since 8.2.0 |
|
| 72 | - */ |
|
| 73 | - public function erase(string $userId): int; |
|
| 66 | + /** |
|
| 67 | + * Erase all credentials stored for a user |
|
| 68 | + * |
|
| 69 | + * @param string $userId |
|
| 70 | + * @return int rows removed |
|
| 71 | + * @since 8.2.0 |
|
| 72 | + */ |
|
| 73 | + public function erase(string $userId): int; |
|
| 74 | 74 | } |
@@ -38,104 +38,104 @@ |
||
| 38 | 38 | * @package OC\Security |
| 39 | 39 | */ |
| 40 | 40 | class CredentialsManager implements ICredentialsManager { |
| 41 | - public const DB_TABLE = 'storages_credentials'; |
|
| 42 | - |
|
| 43 | - /** @var ICrypto */ |
|
| 44 | - protected $crypto; |
|
| 45 | - |
|
| 46 | - /** @var IDBConnection */ |
|
| 47 | - protected $dbConnection; |
|
| 48 | - |
|
| 49 | - /** |
|
| 50 | - * @param ICrypto $crypto |
|
| 51 | - * @param IDBConnection $dbConnection |
|
| 52 | - */ |
|
| 53 | - public function __construct(ICrypto $crypto, IDBConnection $dbConnection) { |
|
| 54 | - $this->crypto = $crypto; |
|
| 55 | - $this->dbConnection = $dbConnection; |
|
| 56 | - } |
|
| 57 | - |
|
| 58 | - /** |
|
| 59 | - * Store a set of credentials |
|
| 60 | - * |
|
| 61 | - * @param string $userId empty string for system-wide credentials |
|
| 62 | - * @param string $identifier |
|
| 63 | - * @param mixed $credentials |
|
| 64 | - */ |
|
| 65 | - public function store(string $userId, string $identifier, $credentials): void { |
|
| 66 | - $value = $this->crypto->encrypt(json_encode($credentials)); |
|
| 67 | - |
|
| 68 | - $this->dbConnection->setValues(self::DB_TABLE, [ |
|
| 69 | - 'user' => $userId, |
|
| 70 | - 'identifier' => $identifier, |
|
| 71 | - ], [ |
|
| 72 | - 'credentials' => $value, |
|
| 73 | - ]); |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - /** |
|
| 77 | - * Retrieve a set of credentials |
|
| 78 | - * |
|
| 79 | - * @param string $userId empty string for system-wide credentials |
|
| 80 | - * @param string $identifier |
|
| 81 | - * @return mixed |
|
| 82 | - */ |
|
| 83 | - public function retrieve(string $userId, string $identifier) { |
|
| 84 | - $qb = $this->dbConnection->getQueryBuilder(); |
|
| 85 | - $qb->select('credentials') |
|
| 86 | - ->from(self::DB_TABLE) |
|
| 87 | - ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); |
|
| 88 | - |
|
| 89 | - if ($userId === '') { |
|
| 90 | - $qb->andWhere($qb->expr()->emptyString('user')); |
|
| 91 | - } else { |
|
| 92 | - $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId))); |
|
| 93 | - } |
|
| 94 | - |
|
| 95 | - $qResult = $qb->execute(); |
|
| 96 | - $result = $qResult->fetch(); |
|
| 97 | - $qResult->closeCursor(); |
|
| 98 | - |
|
| 99 | - if (!$result) { |
|
| 100 | - return null; |
|
| 101 | - } |
|
| 102 | - $value = $result['credentials']; |
|
| 103 | - |
|
| 104 | - return json_decode($this->crypto->decrypt($value), true); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * Delete a set of credentials |
|
| 109 | - * |
|
| 110 | - * @param string $userId empty string for system-wide credentials |
|
| 111 | - * @param string $identifier |
|
| 112 | - * @return int rows removed |
|
| 113 | - */ |
|
| 114 | - public function delete(string $userId, string $identifier): int { |
|
| 115 | - $qb = $this->dbConnection->getQueryBuilder(); |
|
| 116 | - $qb->delete(self::DB_TABLE) |
|
| 117 | - ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); |
|
| 118 | - |
|
| 119 | - if ($userId === '') { |
|
| 120 | - $qb->andWhere($qb->expr()->emptyString('user')); |
|
| 121 | - } else { |
|
| 122 | - $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId))); |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - return $qb->execute(); |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - /** |
|
| 129 | - * Erase all credentials stored for a user |
|
| 130 | - * |
|
| 131 | - * @param string $userId |
|
| 132 | - * @return int rows removed |
|
| 133 | - */ |
|
| 134 | - public function erase(string $userId): int { |
|
| 135 | - $qb = $this->dbConnection->getQueryBuilder(); |
|
| 136 | - $qb->delete(self::DB_TABLE) |
|
| 137 | - ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) |
|
| 138 | - ; |
|
| 139 | - return $qb->execute(); |
|
| 140 | - } |
|
| 41 | + public const DB_TABLE = 'storages_credentials'; |
|
| 42 | + |
|
| 43 | + /** @var ICrypto */ |
|
| 44 | + protected $crypto; |
|
| 45 | + |
|
| 46 | + /** @var IDBConnection */ |
|
| 47 | + protected $dbConnection; |
|
| 48 | + |
|
| 49 | + /** |
|
| 50 | + * @param ICrypto $crypto |
|
| 51 | + * @param IDBConnection $dbConnection |
|
| 52 | + */ |
|
| 53 | + public function __construct(ICrypto $crypto, IDBConnection $dbConnection) { |
|
| 54 | + $this->crypto = $crypto; |
|
| 55 | + $this->dbConnection = $dbConnection; |
|
| 56 | + } |
|
| 57 | + |
|
| 58 | + /** |
|
| 59 | + * Store a set of credentials |
|
| 60 | + * |
|
| 61 | + * @param string $userId empty string for system-wide credentials |
|
| 62 | + * @param string $identifier |
|
| 63 | + * @param mixed $credentials |
|
| 64 | + */ |
|
| 65 | + public function store(string $userId, string $identifier, $credentials): void { |
|
| 66 | + $value = $this->crypto->encrypt(json_encode($credentials)); |
|
| 67 | + |
|
| 68 | + $this->dbConnection->setValues(self::DB_TABLE, [ |
|
| 69 | + 'user' => $userId, |
|
| 70 | + 'identifier' => $identifier, |
|
| 71 | + ], [ |
|
| 72 | + 'credentials' => $value, |
|
| 73 | + ]); |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + /** |
|
| 77 | + * Retrieve a set of credentials |
|
| 78 | + * |
|
| 79 | + * @param string $userId empty string for system-wide credentials |
|
| 80 | + * @param string $identifier |
|
| 81 | + * @return mixed |
|
| 82 | + */ |
|
| 83 | + public function retrieve(string $userId, string $identifier) { |
|
| 84 | + $qb = $this->dbConnection->getQueryBuilder(); |
|
| 85 | + $qb->select('credentials') |
|
| 86 | + ->from(self::DB_TABLE) |
|
| 87 | + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); |
|
| 88 | + |
|
| 89 | + if ($userId === '') { |
|
| 90 | + $qb->andWhere($qb->expr()->emptyString('user')); |
|
| 91 | + } else { |
|
| 92 | + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId))); |
|
| 93 | + } |
|
| 94 | + |
|
| 95 | + $qResult = $qb->execute(); |
|
| 96 | + $result = $qResult->fetch(); |
|
| 97 | + $qResult->closeCursor(); |
|
| 98 | + |
|
| 99 | + if (!$result) { |
|
| 100 | + return null; |
|
| 101 | + } |
|
| 102 | + $value = $result['credentials']; |
|
| 103 | + |
|
| 104 | + return json_decode($this->crypto->decrypt($value), true); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * Delete a set of credentials |
|
| 109 | + * |
|
| 110 | + * @param string $userId empty string for system-wide credentials |
|
| 111 | + * @param string $identifier |
|
| 112 | + * @return int rows removed |
|
| 113 | + */ |
|
| 114 | + public function delete(string $userId, string $identifier): int { |
|
| 115 | + $qb = $this->dbConnection->getQueryBuilder(); |
|
| 116 | + $qb->delete(self::DB_TABLE) |
|
| 117 | + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); |
|
| 118 | + |
|
| 119 | + if ($userId === '') { |
|
| 120 | + $qb->andWhere($qb->expr()->emptyString('user')); |
|
| 121 | + } else { |
|
| 122 | + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter($userId))); |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + return $qb->execute(); |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + /** |
|
| 129 | + * Erase all credentials stored for a user |
|
| 130 | + * |
|
| 131 | + * @param string $userId |
|
| 132 | + * @return int rows removed |
|
| 133 | + */ |
|
| 134 | + public function erase(string $userId): int { |
|
| 135 | + $qb = $this->dbConnection->getQueryBuilder(); |
|
| 136 | + $qb->delete(self::DB_TABLE) |
|
| 137 | + ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId))) |
|
| 138 | + ; |
|
| 139 | + return $qb->execute(); |
|
| 140 | + } |
|
| 141 | 141 | } |
@@ -31,33 +31,33 @@ |
||
| 31 | 31 | use OCP\IRequest; |
| 32 | 32 | |
| 33 | 33 | class Capabilities implements IPublicCapability { |
| 34 | - /** @var IRequest */ |
|
| 35 | - private $request; |
|
| 36 | - |
|
| 37 | - /** @var Throttler */ |
|
| 38 | - private $throttler; |
|
| 39 | - |
|
| 40 | - /** |
|
| 41 | - * Capabilities constructor. |
|
| 42 | - * |
|
| 43 | - * @param IRequest $request |
|
| 44 | - * @param Throttler $throttler |
|
| 45 | - */ |
|
| 46 | - public function __construct(IRequest $request, |
|
| 47 | - Throttler $throttler) { |
|
| 48 | - $this->request = $request; |
|
| 49 | - $this->throttler = $throttler; |
|
| 50 | - } |
|
| 51 | - |
|
| 52 | - public function getCapabilities(): array { |
|
| 53 | - if (version_compare(\OC::$server->getConfig()->getSystemValue('version', '0.0.0.0'), '12.0.0.0', '<')) { |
|
| 54 | - return []; |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - return [ |
|
| 58 | - 'bruteforce' => [ |
|
| 59 | - 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()) |
|
| 60 | - ] |
|
| 61 | - ]; |
|
| 62 | - } |
|
| 34 | + /** @var IRequest */ |
|
| 35 | + private $request; |
|
| 36 | + |
|
| 37 | + /** @var Throttler */ |
|
| 38 | + private $throttler; |
|
| 39 | + |
|
| 40 | + /** |
|
| 41 | + * Capabilities constructor. |
|
| 42 | + * |
|
| 43 | + * @param IRequest $request |
|
| 44 | + * @param Throttler $throttler |
|
| 45 | + */ |
|
| 46 | + public function __construct(IRequest $request, |
|
| 47 | + Throttler $throttler) { |
|
| 48 | + $this->request = $request; |
|
| 49 | + $this->throttler = $throttler; |
|
| 50 | + } |
|
| 51 | + |
|
| 52 | + public function getCapabilities(): array { |
|
| 53 | + if (version_compare(\OC::$server->getConfig()->getSystemValue('version', '0.0.0.0'), '12.0.0.0', '<')) { |
|
| 54 | + return []; |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + return [ |
|
| 58 | + 'bruteforce' => [ |
|
| 59 | + 'delay' => $this->throttler->getDelay($this->request->getRemoteAddress()) |
|
| 60 | + ] |
|
| 61 | + ]; |
|
| 62 | + } |
|
| 63 | 63 | } |
@@ -43,242 +43,242 @@ |
||
| 43 | 43 | * Manage trusted certificates for users |
| 44 | 44 | */ |
| 45 | 45 | class CertificateManager implements ICertificateManager { |
| 46 | - /** |
|
| 47 | - * @var \OC\Files\View |
|
| 48 | - */ |
|
| 49 | - protected $view; |
|
| 50 | - |
|
| 51 | - /** |
|
| 52 | - * @var IConfig |
|
| 53 | - */ |
|
| 54 | - protected $config; |
|
| 55 | - |
|
| 56 | - /** |
|
| 57 | - * @var ILogger |
|
| 58 | - */ |
|
| 59 | - protected $logger; |
|
| 60 | - |
|
| 61 | - /** @var ISecureRandom */ |
|
| 62 | - protected $random; |
|
| 63 | - |
|
| 64 | - /** |
|
| 65 | - * @param \OC\Files\View $view relative to data/ |
|
| 66 | - * @param IConfig $config |
|
| 67 | - * @param ILogger $logger |
|
| 68 | - * @param ISecureRandom $random |
|
| 69 | - */ |
|
| 70 | - public function __construct(\OC\Files\View $view, |
|
| 71 | - IConfig $config, |
|
| 72 | - ILogger $logger, |
|
| 73 | - ISecureRandom $random) { |
|
| 74 | - $this->view = $view; |
|
| 75 | - $this->config = $config; |
|
| 76 | - $this->logger = $logger; |
|
| 77 | - $this->random = $random; |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - /** |
|
| 81 | - * Returns all certificates trusted by the user |
|
| 82 | - * |
|
| 83 | - * @return \OCP\ICertificate[] |
|
| 84 | - */ |
|
| 85 | - public function listCertificates(): array { |
|
| 86 | - if (!$this->config->getSystemValue('installed', false)) { |
|
| 87 | - return []; |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 91 | - if (!$this->view->is_dir($path)) { |
|
| 92 | - return []; |
|
| 93 | - } |
|
| 94 | - $result = []; |
|
| 95 | - $handle = $this->view->opendir($path); |
|
| 96 | - if (!is_resource($handle)) { |
|
| 97 | - return []; |
|
| 98 | - } |
|
| 99 | - while (false !== ($file = readdir($handle))) { |
|
| 100 | - if ($file != '.' && $file != '..') { |
|
| 101 | - try { |
|
| 102 | - $result[] = new Certificate($this->view->file_get_contents($path . $file), $file); |
|
| 103 | - } catch (\Exception $e) { |
|
| 104 | - } |
|
| 105 | - } |
|
| 106 | - } |
|
| 107 | - closedir($handle); |
|
| 108 | - return $result; |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - private function hasCertificates(): bool { |
|
| 112 | - if (!$this->config->getSystemValue('installed', false)) { |
|
| 113 | - return false; |
|
| 114 | - } |
|
| 115 | - |
|
| 116 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 117 | - if (!$this->view->is_dir($path)) { |
|
| 118 | - return false; |
|
| 119 | - } |
|
| 120 | - $result = []; |
|
| 121 | - $handle = $this->view->opendir($path); |
|
| 122 | - if (!is_resource($handle)) { |
|
| 123 | - return false; |
|
| 124 | - } |
|
| 125 | - while (false !== ($file = readdir($handle))) { |
|
| 126 | - if ($file !== '.' && $file !== '..') { |
|
| 127 | - return true; |
|
| 128 | - } |
|
| 129 | - } |
|
| 130 | - closedir($handle); |
|
| 131 | - return false; |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - /** |
|
| 135 | - * create the certificate bundle of all trusted certificated |
|
| 136 | - */ |
|
| 137 | - public function createCertificateBundle(): void { |
|
| 138 | - $path = $this->getPathToCertificates(); |
|
| 139 | - $certs = $this->listCertificates(); |
|
| 140 | - |
|
| 141 | - if (!$this->view->file_exists($path)) { |
|
| 142 | - $this->view->mkdir($path); |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - $defaultCertificates = file_get_contents(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 146 | - if (strlen($defaultCertificates) < 1024) { // sanity check to verify that we have some content for our bundle |
|
| 147 | - // log as exception so we have a stacktrace |
|
| 148 | - $this->logger->logException(new \Exception('Shipped ca-bundle is empty, refusing to create certificate bundle')); |
|
| 149 | - return; |
|
| 150 | - } |
|
| 151 | - |
|
| 152 | - $certPath = $path . 'rootcerts.crt'; |
|
| 153 | - $tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS); |
|
| 154 | - $fhCerts = $this->view->fopen($tmpPath, 'w'); |
|
| 155 | - |
|
| 156 | - // Write user certificates |
|
| 157 | - foreach ($certs as $cert) { |
|
| 158 | - $file = $path . '/uploads/' . $cert->getName(); |
|
| 159 | - $data = $this->view->file_get_contents($file); |
|
| 160 | - if (strpos($data, 'BEGIN CERTIFICATE')) { |
|
| 161 | - fwrite($fhCerts, $data); |
|
| 162 | - fwrite($fhCerts, "\r\n"); |
|
| 163 | - } |
|
| 164 | - } |
|
| 165 | - |
|
| 166 | - // Append the default certificates |
|
| 167 | - fwrite($fhCerts, $defaultCertificates); |
|
| 168 | - |
|
| 169 | - // Append the system certificate bundle |
|
| 170 | - $systemBundle = $this->getCertificateBundle(); |
|
| 171 | - if ($systemBundle !== $certPath && $this->view->file_exists($systemBundle)) { |
|
| 172 | - $systemCertificates = $this->view->file_get_contents($systemBundle); |
|
| 173 | - fwrite($fhCerts, $systemCertificates); |
|
| 174 | - } |
|
| 175 | - |
|
| 176 | - fclose($fhCerts); |
|
| 177 | - |
|
| 178 | - $this->view->rename($tmpPath, $certPath); |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * Save the certificate and re-generate the certificate bundle |
|
| 183 | - * |
|
| 184 | - * @param string $certificate the certificate data |
|
| 185 | - * @param string $name the filename for the certificate |
|
| 186 | - * @return \OCP\ICertificate |
|
| 187 | - * @throws \Exception If the certificate could not get added |
|
| 188 | - */ |
|
| 189 | - public function addCertificate(string $certificate, string $name): ICertificate { |
|
| 190 | - if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) { |
|
| 191 | - throw new \Exception('Filename is not valid'); |
|
| 192 | - } |
|
| 193 | - |
|
| 194 | - $dir = $this->getPathToCertificates() . 'uploads/'; |
|
| 195 | - if (!$this->view->file_exists($dir)) { |
|
| 196 | - $this->view->mkdir($dir); |
|
| 197 | - } |
|
| 198 | - |
|
| 199 | - try { |
|
| 200 | - $file = $dir . $name; |
|
| 201 | - $certificateObject = new Certificate($certificate, $name); |
|
| 202 | - $this->view->file_put_contents($file, $certificate); |
|
| 203 | - $this->createCertificateBundle(); |
|
| 204 | - return $certificateObject; |
|
| 205 | - } catch (\Exception $e) { |
|
| 206 | - throw $e; |
|
| 207 | - } |
|
| 208 | - } |
|
| 209 | - |
|
| 210 | - /** |
|
| 211 | - * Remove the certificate and re-generate the certificate bundle |
|
| 212 | - * |
|
| 213 | - * @param string $name |
|
| 214 | - * @return bool |
|
| 215 | - */ |
|
| 216 | - public function removeCertificate(string $name): bool { |
|
| 217 | - if (!Filesystem::isValidPath($name)) { |
|
| 218 | - return false; |
|
| 219 | - } |
|
| 220 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 221 | - if ($this->view->file_exists($path . $name)) { |
|
| 222 | - $this->view->unlink($path . $name); |
|
| 223 | - $this->createCertificateBundle(); |
|
| 224 | - } |
|
| 225 | - return true; |
|
| 226 | - } |
|
| 227 | - |
|
| 228 | - /** |
|
| 229 | - * Get the path to the certificate bundle |
|
| 230 | - * |
|
| 231 | - * @return string |
|
| 232 | - */ |
|
| 233 | - public function getCertificateBundle(): string { |
|
| 234 | - return $this->getPathToCertificates() . 'rootcerts.crt'; |
|
| 235 | - } |
|
| 236 | - |
|
| 237 | - /** |
|
| 238 | - * Get the full local path to the certificate bundle |
|
| 239 | - * |
|
| 240 | - * @return string |
|
| 241 | - */ |
|
| 242 | - public function getAbsoluteBundlePath(): string { |
|
| 243 | - if (!$this->hasCertificates()) { |
|
| 244 | - return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; |
|
| 245 | - } |
|
| 246 | - |
|
| 247 | - if ($this->needsRebundling()) { |
|
| 248 | - $this->createCertificateBundle(); |
|
| 249 | - } |
|
| 250 | - |
|
| 251 | - return $this->view->getLocalFile($this->getCertificateBundle()); |
|
| 252 | - } |
|
| 253 | - |
|
| 254 | - /** |
|
| 255 | - * @return string |
|
| 256 | - */ |
|
| 257 | - private function getPathToCertificates(): string { |
|
| 258 | - return '/files_external/'; |
|
| 259 | - } |
|
| 260 | - |
|
| 261 | - /** |
|
| 262 | - * Check if we need to re-bundle the certificates because one of the sources has updated |
|
| 263 | - * |
|
| 264 | - * @return bool |
|
| 265 | - */ |
|
| 266 | - private function needsRebundling(): bool { |
|
| 267 | - $targetBundle = $this->getCertificateBundle(); |
|
| 268 | - if (!$this->view->file_exists($targetBundle)) { |
|
| 269 | - return true; |
|
| 270 | - } |
|
| 271 | - |
|
| 272 | - $sourceMTime = $this->getFilemtimeOfCaBundle(); |
|
| 273 | - return $sourceMTime > $this->view->filemtime($targetBundle); |
|
| 274 | - } |
|
| 275 | - |
|
| 276 | - /** |
|
| 277 | - * get mtime of ca-bundle shipped by Nextcloud |
|
| 278 | - * |
|
| 279 | - * @return int |
|
| 280 | - */ |
|
| 281 | - protected function getFilemtimeOfCaBundle(): int { |
|
| 282 | - return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 283 | - } |
|
| 46 | + /** |
|
| 47 | + * @var \OC\Files\View |
|
| 48 | + */ |
|
| 49 | + protected $view; |
|
| 50 | + |
|
| 51 | + /** |
|
| 52 | + * @var IConfig |
|
| 53 | + */ |
|
| 54 | + protected $config; |
|
| 55 | + |
|
| 56 | + /** |
|
| 57 | + * @var ILogger |
|
| 58 | + */ |
|
| 59 | + protected $logger; |
|
| 60 | + |
|
| 61 | + /** @var ISecureRandom */ |
|
| 62 | + protected $random; |
|
| 63 | + |
|
| 64 | + /** |
|
| 65 | + * @param \OC\Files\View $view relative to data/ |
|
| 66 | + * @param IConfig $config |
|
| 67 | + * @param ILogger $logger |
|
| 68 | + * @param ISecureRandom $random |
|
| 69 | + */ |
|
| 70 | + public function __construct(\OC\Files\View $view, |
|
| 71 | + IConfig $config, |
|
| 72 | + ILogger $logger, |
|
| 73 | + ISecureRandom $random) { |
|
| 74 | + $this->view = $view; |
|
| 75 | + $this->config = $config; |
|
| 76 | + $this->logger = $logger; |
|
| 77 | + $this->random = $random; |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + /** |
|
| 81 | + * Returns all certificates trusted by the user |
|
| 82 | + * |
|
| 83 | + * @return \OCP\ICertificate[] |
|
| 84 | + */ |
|
| 85 | + public function listCertificates(): array { |
|
| 86 | + if (!$this->config->getSystemValue('installed', false)) { |
|
| 87 | + return []; |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 91 | + if (!$this->view->is_dir($path)) { |
|
| 92 | + return []; |
|
| 93 | + } |
|
| 94 | + $result = []; |
|
| 95 | + $handle = $this->view->opendir($path); |
|
| 96 | + if (!is_resource($handle)) { |
|
| 97 | + return []; |
|
| 98 | + } |
|
| 99 | + while (false !== ($file = readdir($handle))) { |
|
| 100 | + if ($file != '.' && $file != '..') { |
|
| 101 | + try { |
|
| 102 | + $result[] = new Certificate($this->view->file_get_contents($path . $file), $file); |
|
| 103 | + } catch (\Exception $e) { |
|
| 104 | + } |
|
| 105 | + } |
|
| 106 | + } |
|
| 107 | + closedir($handle); |
|
| 108 | + return $result; |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + private function hasCertificates(): bool { |
|
| 112 | + if (!$this->config->getSystemValue('installed', false)) { |
|
| 113 | + return false; |
|
| 114 | + } |
|
| 115 | + |
|
| 116 | + $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 117 | + if (!$this->view->is_dir($path)) { |
|
| 118 | + return false; |
|
| 119 | + } |
|
| 120 | + $result = []; |
|
| 121 | + $handle = $this->view->opendir($path); |
|
| 122 | + if (!is_resource($handle)) { |
|
| 123 | + return false; |
|
| 124 | + } |
|
| 125 | + while (false !== ($file = readdir($handle))) { |
|
| 126 | + if ($file !== '.' && $file !== '..') { |
|
| 127 | + return true; |
|
| 128 | + } |
|
| 129 | + } |
|
| 130 | + closedir($handle); |
|
| 131 | + return false; |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + /** |
|
| 135 | + * create the certificate bundle of all trusted certificated |
|
| 136 | + */ |
|
| 137 | + public function createCertificateBundle(): void { |
|
| 138 | + $path = $this->getPathToCertificates(); |
|
| 139 | + $certs = $this->listCertificates(); |
|
| 140 | + |
|
| 141 | + if (!$this->view->file_exists($path)) { |
|
| 142 | + $this->view->mkdir($path); |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + $defaultCertificates = file_get_contents(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 146 | + if (strlen($defaultCertificates) < 1024) { // sanity check to verify that we have some content for our bundle |
|
| 147 | + // log as exception so we have a stacktrace |
|
| 148 | + $this->logger->logException(new \Exception('Shipped ca-bundle is empty, refusing to create certificate bundle')); |
|
| 149 | + return; |
|
| 150 | + } |
|
| 151 | + |
|
| 152 | + $certPath = $path . 'rootcerts.crt'; |
|
| 153 | + $tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS); |
|
| 154 | + $fhCerts = $this->view->fopen($tmpPath, 'w'); |
|
| 155 | + |
|
| 156 | + // Write user certificates |
|
| 157 | + foreach ($certs as $cert) { |
|
| 158 | + $file = $path . '/uploads/' . $cert->getName(); |
|
| 159 | + $data = $this->view->file_get_contents($file); |
|
| 160 | + if (strpos($data, 'BEGIN CERTIFICATE')) { |
|
| 161 | + fwrite($fhCerts, $data); |
|
| 162 | + fwrite($fhCerts, "\r\n"); |
|
| 163 | + } |
|
| 164 | + } |
|
| 165 | + |
|
| 166 | + // Append the default certificates |
|
| 167 | + fwrite($fhCerts, $defaultCertificates); |
|
| 168 | + |
|
| 169 | + // Append the system certificate bundle |
|
| 170 | + $systemBundle = $this->getCertificateBundle(); |
|
| 171 | + if ($systemBundle !== $certPath && $this->view->file_exists($systemBundle)) { |
|
| 172 | + $systemCertificates = $this->view->file_get_contents($systemBundle); |
|
| 173 | + fwrite($fhCerts, $systemCertificates); |
|
| 174 | + } |
|
| 175 | + |
|
| 176 | + fclose($fhCerts); |
|
| 177 | + |
|
| 178 | + $this->view->rename($tmpPath, $certPath); |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * Save the certificate and re-generate the certificate bundle |
|
| 183 | + * |
|
| 184 | + * @param string $certificate the certificate data |
|
| 185 | + * @param string $name the filename for the certificate |
|
| 186 | + * @return \OCP\ICertificate |
|
| 187 | + * @throws \Exception If the certificate could not get added |
|
| 188 | + */ |
|
| 189 | + public function addCertificate(string $certificate, string $name): ICertificate { |
|
| 190 | + if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) { |
|
| 191 | + throw new \Exception('Filename is not valid'); |
|
| 192 | + } |
|
| 193 | + |
|
| 194 | + $dir = $this->getPathToCertificates() . 'uploads/'; |
|
| 195 | + if (!$this->view->file_exists($dir)) { |
|
| 196 | + $this->view->mkdir($dir); |
|
| 197 | + } |
|
| 198 | + |
|
| 199 | + try { |
|
| 200 | + $file = $dir . $name; |
|
| 201 | + $certificateObject = new Certificate($certificate, $name); |
|
| 202 | + $this->view->file_put_contents($file, $certificate); |
|
| 203 | + $this->createCertificateBundle(); |
|
| 204 | + return $certificateObject; |
|
| 205 | + } catch (\Exception $e) { |
|
| 206 | + throw $e; |
|
| 207 | + } |
|
| 208 | + } |
|
| 209 | + |
|
| 210 | + /** |
|
| 211 | + * Remove the certificate and re-generate the certificate bundle |
|
| 212 | + * |
|
| 213 | + * @param string $name |
|
| 214 | + * @return bool |
|
| 215 | + */ |
|
| 216 | + public function removeCertificate(string $name): bool { |
|
| 217 | + if (!Filesystem::isValidPath($name)) { |
|
| 218 | + return false; |
|
| 219 | + } |
|
| 220 | + $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 221 | + if ($this->view->file_exists($path . $name)) { |
|
| 222 | + $this->view->unlink($path . $name); |
|
| 223 | + $this->createCertificateBundle(); |
|
| 224 | + } |
|
| 225 | + return true; |
|
| 226 | + } |
|
| 227 | + |
|
| 228 | + /** |
|
| 229 | + * Get the path to the certificate bundle |
|
| 230 | + * |
|
| 231 | + * @return string |
|
| 232 | + */ |
|
| 233 | + public function getCertificateBundle(): string { |
|
| 234 | + return $this->getPathToCertificates() . 'rootcerts.crt'; |
|
| 235 | + } |
|
| 236 | + |
|
| 237 | + /** |
|
| 238 | + * Get the full local path to the certificate bundle |
|
| 239 | + * |
|
| 240 | + * @return string |
|
| 241 | + */ |
|
| 242 | + public function getAbsoluteBundlePath(): string { |
|
| 243 | + if (!$this->hasCertificates()) { |
|
| 244 | + return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; |
|
| 245 | + } |
|
| 246 | + |
|
| 247 | + if ($this->needsRebundling()) { |
|
| 248 | + $this->createCertificateBundle(); |
|
| 249 | + } |
|
| 250 | + |
|
| 251 | + return $this->view->getLocalFile($this->getCertificateBundle()); |
|
| 252 | + } |
|
| 253 | + |
|
| 254 | + /** |
|
| 255 | + * @return string |
|
| 256 | + */ |
|
| 257 | + private function getPathToCertificates(): string { |
|
| 258 | + return '/files_external/'; |
|
| 259 | + } |
|
| 260 | + |
|
| 261 | + /** |
|
| 262 | + * Check if we need to re-bundle the certificates because one of the sources has updated |
|
| 263 | + * |
|
| 264 | + * @return bool |
|
| 265 | + */ |
|
| 266 | + private function needsRebundling(): bool { |
|
| 267 | + $targetBundle = $this->getCertificateBundle(); |
|
| 268 | + if (!$this->view->file_exists($targetBundle)) { |
|
| 269 | + return true; |
|
| 270 | + } |
|
| 271 | + |
|
| 272 | + $sourceMTime = $this->getFilemtimeOfCaBundle(); |
|
| 273 | + return $sourceMTime > $this->view->filemtime($targetBundle); |
|
| 274 | + } |
|
| 275 | + |
|
| 276 | + /** |
|
| 277 | + * get mtime of ca-bundle shipped by Nextcloud |
|
| 278 | + * |
|
| 279 | + * @return int |
|
| 280 | + */ |
|
| 281 | + protected function getFilemtimeOfCaBundle(): int { |
|
| 282 | + return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 283 | + } |
|
| 284 | 284 | } |
@@ -87,7 +87,7 @@ discard block |
||
| 87 | 87 | return []; |
| 88 | 88 | } |
| 89 | 89 | |
| 90 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 90 | + $path = $this->getPathToCertificates().'uploads/'; |
|
| 91 | 91 | if (!$this->view->is_dir($path)) { |
| 92 | 92 | return []; |
| 93 | 93 | } |
@@ -99,7 +99,7 @@ discard block |
||
| 99 | 99 | while (false !== ($file = readdir($handle))) { |
| 100 | 100 | if ($file != '.' && $file != '..') { |
| 101 | 101 | try { |
| 102 | - $result[] = new Certificate($this->view->file_get_contents($path . $file), $file); |
|
| 102 | + $result[] = new Certificate($this->view->file_get_contents($path.$file), $file); |
|
| 103 | 103 | } catch (\Exception $e) { |
| 104 | 104 | } |
| 105 | 105 | } |
@@ -113,7 +113,7 @@ discard block |
||
| 113 | 113 | return false; |
| 114 | 114 | } |
| 115 | 115 | |
| 116 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 116 | + $path = $this->getPathToCertificates().'uploads/'; |
|
| 117 | 117 | if (!$this->view->is_dir($path)) { |
| 118 | 118 | return false; |
| 119 | 119 | } |
@@ -142,20 +142,20 @@ discard block |
||
| 142 | 142 | $this->view->mkdir($path); |
| 143 | 143 | } |
| 144 | 144 | |
| 145 | - $defaultCertificates = file_get_contents(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 145 | + $defaultCertificates = file_get_contents(\OC::$SERVERROOT.'/resources/config/ca-bundle.crt'); |
|
| 146 | 146 | if (strlen($defaultCertificates) < 1024) { // sanity check to verify that we have some content for our bundle |
| 147 | 147 | // log as exception so we have a stacktrace |
| 148 | 148 | $this->logger->logException(new \Exception('Shipped ca-bundle is empty, refusing to create certificate bundle')); |
| 149 | 149 | return; |
| 150 | 150 | } |
| 151 | 151 | |
| 152 | - $certPath = $path . 'rootcerts.crt'; |
|
| 153 | - $tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS); |
|
| 152 | + $certPath = $path.'rootcerts.crt'; |
|
| 153 | + $tmpPath = $certPath.'.tmp'.$this->random->generate(10, ISecureRandom::CHAR_DIGITS); |
|
| 154 | 154 | $fhCerts = $this->view->fopen($tmpPath, 'w'); |
| 155 | 155 | |
| 156 | 156 | // Write user certificates |
| 157 | 157 | foreach ($certs as $cert) { |
| 158 | - $file = $path . '/uploads/' . $cert->getName(); |
|
| 158 | + $file = $path.'/uploads/'.$cert->getName(); |
|
| 159 | 159 | $data = $this->view->file_get_contents($file); |
| 160 | 160 | if (strpos($data, 'BEGIN CERTIFICATE')) { |
| 161 | 161 | fwrite($fhCerts, $data); |
@@ -191,13 +191,13 @@ discard block |
||
| 191 | 191 | throw new \Exception('Filename is not valid'); |
| 192 | 192 | } |
| 193 | 193 | |
| 194 | - $dir = $this->getPathToCertificates() . 'uploads/'; |
|
| 194 | + $dir = $this->getPathToCertificates().'uploads/'; |
|
| 195 | 195 | if (!$this->view->file_exists($dir)) { |
| 196 | 196 | $this->view->mkdir($dir); |
| 197 | 197 | } |
| 198 | 198 | |
| 199 | 199 | try { |
| 200 | - $file = $dir . $name; |
|
| 200 | + $file = $dir.$name; |
|
| 201 | 201 | $certificateObject = new Certificate($certificate, $name); |
| 202 | 202 | $this->view->file_put_contents($file, $certificate); |
| 203 | 203 | $this->createCertificateBundle(); |
@@ -217,9 +217,9 @@ discard block |
||
| 217 | 217 | if (!Filesystem::isValidPath($name)) { |
| 218 | 218 | return false; |
| 219 | 219 | } |
| 220 | - $path = $this->getPathToCertificates() . 'uploads/'; |
|
| 221 | - if ($this->view->file_exists($path . $name)) { |
|
| 222 | - $this->view->unlink($path . $name); |
|
| 220 | + $path = $this->getPathToCertificates().'uploads/'; |
|
| 221 | + if ($this->view->file_exists($path.$name)) { |
|
| 222 | + $this->view->unlink($path.$name); |
|
| 223 | 223 | $this->createCertificateBundle(); |
| 224 | 224 | } |
| 225 | 225 | return true; |
@@ -231,7 +231,7 @@ discard block |
||
| 231 | 231 | * @return string |
| 232 | 232 | */ |
| 233 | 233 | public function getCertificateBundle(): string { |
| 234 | - return $this->getPathToCertificates() . 'rootcerts.crt'; |
|
| 234 | + return $this->getPathToCertificates().'rootcerts.crt'; |
|
| 235 | 235 | } |
| 236 | 236 | |
| 237 | 237 | /** |
@@ -241,7 +241,7 @@ discard block |
||
| 241 | 241 | */ |
| 242 | 242 | public function getAbsoluteBundlePath(): string { |
| 243 | 243 | if (!$this->hasCertificates()) { |
| 244 | - return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; |
|
| 244 | + return \OC::$SERVERROOT.'/resources/config/ca-bundle.crt'; |
|
| 245 | 245 | } |
| 246 | 246 | |
| 247 | 247 | if ($this->needsRebundling()) { |
@@ -279,6 +279,6 @@ discard block |
||
| 279 | 279 | * @return int |
| 280 | 280 | */ |
| 281 | 281 | protected function getFilemtimeOfCaBundle(): int { |
| 282 | - return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt'); |
|
| 282 | + return filemtime(\OC::$SERVERROOT.'/resources/config/ca-bundle.crt'); |
|
| 283 | 283 | } |
| 284 | 284 | } |
@@ -31,104 +31,104 @@ |
||
| 31 | 31 | use OCP\ICertificate; |
| 32 | 32 | |
| 33 | 33 | class Certificate implements ICertificate { |
| 34 | - protected $name; |
|
| 35 | - |
|
| 36 | - protected $commonName; |
|
| 37 | - |
|
| 38 | - protected $organization; |
|
| 39 | - |
|
| 40 | - protected $serial; |
|
| 41 | - |
|
| 42 | - protected $issueDate; |
|
| 43 | - |
|
| 44 | - protected $expireDate; |
|
| 45 | - |
|
| 46 | - protected $issuerName; |
|
| 47 | - |
|
| 48 | - protected $issuerOrganization; |
|
| 49 | - |
|
| 50 | - /** |
|
| 51 | - * @param string $data base64 encoded certificate |
|
| 52 | - * @param string $name |
|
| 53 | - * @throws \Exception If the certificate could not get parsed |
|
| 54 | - */ |
|
| 55 | - public function __construct(string $data, string $name) { |
|
| 56 | - $this->name = $name; |
|
| 57 | - $gmt = new \DateTimeZone('GMT'); |
|
| 58 | - |
|
| 59 | - // If string starts with "file://" ignore the certificate |
|
| 60 | - $query = 'file://'; |
|
| 61 | - if (strtolower(substr($data, 0, strlen($query))) === $query) { |
|
| 62 | - throw new \Exception('Certificate could not get parsed.'); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - $info = openssl_x509_parse($data); |
|
| 66 | - if (!is_array($info)) { |
|
| 67 | - throw new \Exception('Certificate could not get parsed.'); |
|
| 68 | - } |
|
| 69 | - |
|
| 70 | - $this->commonName = isset($info['subject']['CN']) ? $info['subject']['CN'] : null; |
|
| 71 | - $this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null; |
|
| 72 | - $this->issueDate = new \DateTime('@' . $info['validFrom_time_t'], $gmt); |
|
| 73 | - $this->expireDate = new \DateTime('@' . $info['validTo_time_t'], $gmt); |
|
| 74 | - $this->issuerName = isset($info['issuer']['CN']) ? $info['issuer']['CN'] : null; |
|
| 75 | - $this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null; |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - /** |
|
| 79 | - * @return string |
|
| 80 | - */ |
|
| 81 | - public function getName(): string { |
|
| 82 | - return $this->name; |
|
| 83 | - } |
|
| 84 | - |
|
| 85 | - /** |
|
| 86 | - * @return string|null |
|
| 87 | - */ |
|
| 88 | - public function getCommonName(): ?string { |
|
| 89 | - return $this->commonName; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * @return string|null |
|
| 94 | - */ |
|
| 95 | - public function getOrganization(): ?string { |
|
| 96 | - return $this->organization; |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - /** |
|
| 100 | - * @return \DateTime |
|
| 101 | - */ |
|
| 102 | - public function getIssueDate(): \DateTime { |
|
| 103 | - return $this->issueDate; |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - /** |
|
| 107 | - * @return \DateTime |
|
| 108 | - */ |
|
| 109 | - public function getExpireDate(): \DateTime { |
|
| 110 | - return $this->expireDate; |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - /** |
|
| 114 | - * @return bool |
|
| 115 | - */ |
|
| 116 | - public function isExpired(): bool { |
|
| 117 | - $now = new \DateTime(); |
|
| 118 | - return $this->issueDate > $now or $now > $this->expireDate; |
|
| 119 | - } |
|
| 120 | - |
|
| 121 | - /** |
|
| 122 | - * @return string|null |
|
| 123 | - */ |
|
| 124 | - public function getIssuerName(): ?string { |
|
| 125 | - return $this->issuerName; |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - /** |
|
| 129 | - * @return string|null |
|
| 130 | - */ |
|
| 131 | - public function getIssuerOrganization(): ?string { |
|
| 132 | - return $this->issuerOrganization; |
|
| 133 | - } |
|
| 34 | + protected $name; |
|
| 35 | + |
|
| 36 | + protected $commonName; |
|
| 37 | + |
|
| 38 | + protected $organization; |
|
| 39 | + |
|
| 40 | + protected $serial; |
|
| 41 | + |
|
| 42 | + protected $issueDate; |
|
| 43 | + |
|
| 44 | + protected $expireDate; |
|
| 45 | + |
|
| 46 | + protected $issuerName; |
|
| 47 | + |
|
| 48 | + protected $issuerOrganization; |
|
| 49 | + |
|
| 50 | + /** |
|
| 51 | + * @param string $data base64 encoded certificate |
|
| 52 | + * @param string $name |
|
| 53 | + * @throws \Exception If the certificate could not get parsed |
|
| 54 | + */ |
|
| 55 | + public function __construct(string $data, string $name) { |
|
| 56 | + $this->name = $name; |
|
| 57 | + $gmt = new \DateTimeZone('GMT'); |
|
| 58 | + |
|
| 59 | + // If string starts with "file://" ignore the certificate |
|
| 60 | + $query = 'file://'; |
|
| 61 | + if (strtolower(substr($data, 0, strlen($query))) === $query) { |
|
| 62 | + throw new \Exception('Certificate could not get parsed.'); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + $info = openssl_x509_parse($data); |
|
| 66 | + if (!is_array($info)) { |
|
| 67 | + throw new \Exception('Certificate could not get parsed.'); |
|
| 68 | + } |
|
| 69 | + |
|
| 70 | + $this->commonName = isset($info['subject']['CN']) ? $info['subject']['CN'] : null; |
|
| 71 | + $this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null; |
|
| 72 | + $this->issueDate = new \DateTime('@' . $info['validFrom_time_t'], $gmt); |
|
| 73 | + $this->expireDate = new \DateTime('@' . $info['validTo_time_t'], $gmt); |
|
| 74 | + $this->issuerName = isset($info['issuer']['CN']) ? $info['issuer']['CN'] : null; |
|
| 75 | + $this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null; |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + /** |
|
| 79 | + * @return string |
|
| 80 | + */ |
|
| 81 | + public function getName(): string { |
|
| 82 | + return $this->name; |
|
| 83 | + } |
|
| 84 | + |
|
| 85 | + /** |
|
| 86 | + * @return string|null |
|
| 87 | + */ |
|
| 88 | + public function getCommonName(): ?string { |
|
| 89 | + return $this->commonName; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * @return string|null |
|
| 94 | + */ |
|
| 95 | + public function getOrganization(): ?string { |
|
| 96 | + return $this->organization; |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + /** |
|
| 100 | + * @return \DateTime |
|
| 101 | + */ |
|
| 102 | + public function getIssueDate(): \DateTime { |
|
| 103 | + return $this->issueDate; |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + /** |
|
| 107 | + * @return \DateTime |
|
| 108 | + */ |
|
| 109 | + public function getExpireDate(): \DateTime { |
|
| 110 | + return $this->expireDate; |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + /** |
|
| 114 | + * @return bool |
|
| 115 | + */ |
|
| 116 | + public function isExpired(): bool { |
|
| 117 | + $now = new \DateTime(); |
|
| 118 | + return $this->issueDate > $now or $now > $this->expireDate; |
|
| 119 | + } |
|
| 120 | + |
|
| 121 | + /** |
|
| 122 | + * @return string|null |
|
| 123 | + */ |
|
| 124 | + public function getIssuerName(): ?string { |
|
| 125 | + return $this->issuerName; |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + /** |
|
| 129 | + * @return string|null |
|
| 130 | + */ |
|
| 131 | + public function getIssuerOrganization(): ?string { |
|
| 132 | + return $this->issuerOrganization; |
|
| 133 | + } |
|
| 134 | 134 | } |
@@ -39,75 +39,75 @@ |
||
| 39 | 39 | * @package OC\Security |
| 40 | 40 | */ |
| 41 | 41 | class TrustedDomainHelper { |
| 42 | - /** @var IConfig */ |
|
| 43 | - private $config; |
|
| 42 | + /** @var IConfig */ |
|
| 43 | + private $config; |
|
| 44 | 44 | |
| 45 | - /** |
|
| 46 | - * @param IConfig $config |
|
| 47 | - */ |
|
| 48 | - public function __construct(IConfig $config) { |
|
| 49 | - $this->config = $config; |
|
| 50 | - } |
|
| 45 | + /** |
|
| 46 | + * @param IConfig $config |
|
| 47 | + */ |
|
| 48 | + public function __construct(IConfig $config) { |
|
| 49 | + $this->config = $config; |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * Strips a potential port from a domain (in format domain:port) |
|
| 54 | - * @param string $host |
|
| 55 | - * @return string $host without appended port |
|
| 56 | - */ |
|
| 57 | - private function getDomainWithoutPort(string $host): string { |
|
| 58 | - $pos = strrpos($host, ':'); |
|
| 59 | - if ($pos !== false) { |
|
| 60 | - $port = substr($host, $pos + 1); |
|
| 61 | - if (is_numeric($port)) { |
|
| 62 | - $host = substr($host, 0, $pos); |
|
| 63 | - } |
|
| 64 | - } |
|
| 65 | - return $host; |
|
| 66 | - } |
|
| 52 | + /** |
|
| 53 | + * Strips a potential port from a domain (in format domain:port) |
|
| 54 | + * @param string $host |
|
| 55 | + * @return string $host without appended port |
|
| 56 | + */ |
|
| 57 | + private function getDomainWithoutPort(string $host): string { |
|
| 58 | + $pos = strrpos($host, ':'); |
|
| 59 | + if ($pos !== false) { |
|
| 60 | + $port = substr($host, $pos + 1); |
|
| 61 | + if (is_numeric($port)) { |
|
| 62 | + $host = substr($host, 0, $pos); |
|
| 63 | + } |
|
| 64 | + } |
|
| 65 | + return $host; |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - /** |
|
| 69 | - * Checks whether a domain is considered as trusted from the list |
|
| 70 | - * of trusted domains. If no trusted domains have been configured, returns |
|
| 71 | - * true. |
|
| 72 | - * This is used to prevent Host Header Poisoning. |
|
| 73 | - * @param string $domainWithPort |
|
| 74 | - * @return bool true if the given domain is trusted or if no trusted domains |
|
| 75 | - * have been configured |
|
| 76 | - */ |
|
| 77 | - public function isTrustedDomain(string $domainWithPort): bool { |
|
| 78 | - // overwritehost is always trusted |
|
| 79 | - if ($this->config->getSystemValue('overwritehost') !== '') { |
|
| 80 | - return true; |
|
| 81 | - } |
|
| 68 | + /** |
|
| 69 | + * Checks whether a domain is considered as trusted from the list |
|
| 70 | + * of trusted domains. If no trusted domains have been configured, returns |
|
| 71 | + * true. |
|
| 72 | + * This is used to prevent Host Header Poisoning. |
|
| 73 | + * @param string $domainWithPort |
|
| 74 | + * @return bool true if the given domain is trusted or if no trusted domains |
|
| 75 | + * have been configured |
|
| 76 | + */ |
|
| 77 | + public function isTrustedDomain(string $domainWithPort): bool { |
|
| 78 | + // overwritehost is always trusted |
|
| 79 | + if ($this->config->getSystemValue('overwritehost') !== '') { |
|
| 80 | + return true; |
|
| 81 | + } |
|
| 82 | 82 | |
| 83 | - $domain = $this->getDomainWithoutPort($domainWithPort); |
|
| 83 | + $domain = $this->getDomainWithoutPort($domainWithPort); |
|
| 84 | 84 | |
| 85 | - // Read trusted domains from config |
|
| 86 | - $trustedList = $this->config->getSystemValue('trusted_domains', []); |
|
| 87 | - if (!is_array($trustedList)) { |
|
| 88 | - return false; |
|
| 89 | - } |
|
| 85 | + // Read trusted domains from config |
|
| 86 | + $trustedList = $this->config->getSystemValue('trusted_domains', []); |
|
| 87 | + if (!is_array($trustedList)) { |
|
| 88 | + return false; |
|
| 89 | + } |
|
| 90 | 90 | |
| 91 | - // Always allow access from localhost |
|
| 92 | - if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { |
|
| 93 | - return true; |
|
| 94 | - } |
|
| 95 | - // Reject misformed domains in any case |
|
| 96 | - if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) { |
|
| 97 | - return false; |
|
| 98 | - } |
|
| 99 | - // Match, allowing for * wildcards |
|
| 100 | - foreach ($trustedList as $trusted) { |
|
| 101 | - if (gettype($trusted) !== 'string') { |
|
| 102 | - break; |
|
| 103 | - } |
|
| 104 | - $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { |
|
| 105 | - return preg_quote($v, '/'); |
|
| 106 | - }, explode('*', $trusted))) . '$/i'; |
|
| 107 | - if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
|
| 108 | - return true; |
|
| 109 | - } |
|
| 110 | - } |
|
| 111 | - return false; |
|
| 112 | - } |
|
| 91 | + // Always allow access from localhost |
|
| 92 | + if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { |
|
| 93 | + return true; |
|
| 94 | + } |
|
| 95 | + // Reject misformed domains in any case |
|
| 96 | + if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) { |
|
| 97 | + return false; |
|
| 98 | + } |
|
| 99 | + // Match, allowing for * wildcards |
|
| 100 | + foreach ($trustedList as $trusted) { |
|
| 101 | + if (gettype($trusted) !== 'string') { |
|
| 102 | + break; |
|
| 103 | + } |
|
| 104 | + $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { |
|
| 105 | + return preg_quote($v, '/'); |
|
| 106 | + }, explode('*', $trusted))) . '$/i'; |
|
| 107 | + if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
|
| 108 | + return true; |
|
| 109 | + } |
|
| 110 | + } |
|
| 111 | + return false; |
|
| 112 | + } |
|
| 113 | 113 | } |
