From e91b4bc2ac79f8855c57accfce2558ead52d2943 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 6 Jul 2012 15:58:38 +0200
Subject: [PATCH] allow user to upload his own root certificate for secure
 webdav mount

---
 .../ajax/addRootCertificate.php               | 16 ++++++++++-
 .../ajax/removeRootCertificate.php            |  3 ++-
 apps/files_external/lib/config.php            | 27 ++++++++++++++++++-
 apps/files_external/lib/webdav.php            |  2 +-
 apps/files_external/templates/settings.php    |  2 +-
 lib/connector/sabre/client.php                |  2 +-
 6 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php
index 33cd64d2c7a..c1928556292 100644
--- a/apps/files_external/ajax/addRootCertificate.php
+++ b/apps/files_external/ajax/addRootCertificate.php
@@ -4,9 +4,23 @@ OCP\JSON::checkAppEnabled('files_external');
 
 $view = \OCP\Files::getStorage("files_external");
 $from = $_FILES['rootcert_import']['tmp_name'];
-$to = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$_FILES['rootcert_import']['name'];
+$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
+$to = $path.$_FILES['rootcert_import']['name'];
 move_uploaded_file($from, $to);
 
+//check if it is a PEM certificate, otherwise convert it if possible
+$fh = fopen($to, 'r');
+$data = fread($fh, filesize($to));
+fclose($fh);
+if (!strpos($data, 'BEGIN CERTIFICATE')) {
+	$pem = chunk_split(base64_encode($data), 64, "\n");
+	$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
+	$fh = fopen($to, 'w');
+	fwrite($fh, $pem);
+}
+
+OC_Mount_Config::createCertificateBundle();
+
 header("Location: settings/personal.php");
 exit;
 ?>
\ No newline at end of file
diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php
index 05f2fdef2d1..a00922f4210 100644
--- a/apps/files_external/ajax/removeRootCertificate.php
+++ b/apps/files_external/ajax/removeRootCertificate.php
@@ -4,6 +4,7 @@ OCP\JSON::checkAppEnabled('files_external');
 
 $view = \OCP\Files::getStorage("files_external");
 $cert = $_POST['cert'];
-$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$cert;
+$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
 unlink($file);
+OC_Mount_Config::createCertificateBundle();
 ?>
\ No newline at end of file
diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index 4e82e6b2548..5630df77a91 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -244,7 +244,8 @@ class OC_Mount_Config {
 	 */
 	public static function getCertificates() {
 		$view = \OCP\Files::getStorage('files_external');
-		$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
+		$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
+		if (!is_dir($path)) mkdir($path);
 		$result = array();
 		$handle = opendir($path);
 		while (false !== ($file = readdir($handle))) {
@@ -252,6 +253,30 @@ class OC_Mount_Config {
 		}
 		return $result;
 	}
+	
+	/**
+	 * creates certificate bundle
+	 */
+	public static function createCertificateBundle() {
+		$view = \OCP\Files::getStorage("files_external");
+		$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
+		
+		$certs = OC_Mount_Config::getCertificates();
+		$fh_certs = fopen($path."/rootcerts.crt", 'w');
+		foreach ($certs as $cert) {
+			$file=$path.'/uploads/'.$cert;
+			$fh = fopen($file, "r");
+			$data = fread($fh, filesize($file));
+			fclose($fh);
+			if (strpos($data, 'BEGIN CERTIFICATE')) {
+				fwrite($fh_certs, $data);
+			}
+		}
+		
+		fclose($fh_certs);
+		
+		return true;
+	} 
 
 }
 
diff --git a/apps/files_external/lib/webdav.php b/apps/files_external/lib/webdav.php
index 9b874e62e33..ea6ca65b976 100644
--- a/apps/files_external/lib/webdav.php
+++ b/apps/files_external/lib/webdav.php
@@ -45,7 +45,7 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{
 		$this->client = new OC_Connector_Sabre_Client($settings);
 		
 		if($caview = \OCP\Files::getStorage('files_external')) {
-			$this->client->setCurlSettings(array(CURLOPT_CAPATH => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("")));
+			$this->client->setCurlSettings(array(CURLOPT_CAINFO => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("").'rootcerts.crt'));
 		}
 		//create the root folder if necesary
 		$this->mkdir('');
diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php
index 8f8fe8d527f..3d65e9b7473 100644
--- a/apps/files_external/templates/settings.php
+++ b/apps/files_external/templates/settings.php
@@ -81,7 +81,7 @@
 		</table>
 		<br />
 		
-		<?php if (!$_['isAdminPage'] && false):  // disabled until sabredav can handle uploaded ca certs   ?>
+		<?php if (!$_['isAdminPage']):  ?>
   		<table id="sslCertificate" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
 			<thead>
 				<tr>
diff --git a/lib/connector/sabre/client.php b/lib/connector/sabre/client.php
index bcf564c06d1..b799b541a05 100644
--- a/lib/connector/sabre/client.php
+++ b/lib/connector/sabre/client.php
@@ -68,7 +68,7 @@ class OC_Connector_Sabre_Client extends Sabre_DAV_Client {
 	 * @return array
 	 */
 	public function request($method, $url = '', $body = null, $headers = array()) {
-		 
+
 		$this->curlSettings[CURLOPT_POSTFIELDS] = $body;	 
 		$url = $this->getAbsoluteUrl($url);
 	
-- 
2.39.5