Преглед изворни кода
Merge pull request #31574 from nextcloud/s3-crt-bundle
use the nextcloud certificate bundle for s3tags/v24.0.0beta1
Robin Appelman
пре 2 година
3 измењених фајлова са 24 додато и 8 уклоњено
+ 1
- 0
lib/private/Files/ObjectStore/S3.php
Прегледај датотеку
| @@ -30,6 +30,7 @@ class S3 implements IObjectStore { | |||
| use S3ObjectTrait; | |||
| public function __construct($parameters) { | |||
| $parameters['primary_storage'] = true; | |||
| $this->parseParams($parameters); | |||
| } | |||
+ 12
- 1
lib/private/Files/ObjectStore/S3ConnectionTrait.php
Прегледај датотеку
| @@ -38,6 +38,7 @@ use Aws\S3\Exception\S3Exception; | |||
| use Aws\S3\S3Client; | |||
| use GuzzleHttp\Promise; | |||
| use GuzzleHttp\Promise\RejectedPromise; | |||
| use OCP\ICertificateManager; | |||
| use OCP\ILogger; | |||
| trait S3ConnectionTrait { | |||
| @@ -120,6 +121,15 @@ trait S3ConnectionTrait { | |||
| ) | |||
| ); | |||
| // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage | |||
| if (!isset($this->params['primary_storage'])) { | |||
| /** @var ICertificateManager $certManager */ | |||
| $certManager = \OC::$server->get(ICertificateManager::class); | |||
| $certPath = $certManager->getAbsoluteBundlePath(); | |||
| } else { | |||
| $certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; | |||
| } | |||
| $options = [ | |||
| 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', | |||
| 'credentials' => $provider, | |||
| @@ -129,9 +139,10 @@ trait S3ConnectionTrait { | |||
| 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()), | |||
| 'csm' => false, | |||
| 'use_arn_region' => false, | |||
| 'http' => ['verify' => $certPath], | |||
| ]; | |||
| if ($this->getProxy()) { | |||
| $options['http'] = [ 'proxy' => $this->getProxy() ]; | |||
| $options['http']['proxy'] = $this->getProxy(); | |||
| } | |||
| if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) { | |||
| $options['signature_version'] = 'v2'; | |||
+ 11
- 7
lib/private/Security/CertificateManager.php
Прегледај датотеку
| @@ -240,15 +240,19 @@ class CertificateManager implements ICertificateManager { | |||
| * @return string | |||
| */ | |||
| public function getAbsoluteBundlePath(): string { | |||
| if (!$this->hasCertificates()) { | |||
| return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; | |||
| } | |||
| try { | |||
| if (!$this->hasCertificates()) { | |||
| return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; | |||
| } | |||
| if ($this->needsRebundling()) { | |||
| $this->createCertificateBundle(); | |||
| } | |||
| if ($this->needsRebundling()) { | |||
| $this->createCertificateBundle(); | |||
| } | |||
| return $this->view->getLocalFile($this->getCertificateBundle()); | |||
| return $this->view->getLocalFile($this->getCertificateBundle()); | |||
| } catch (\Exception $e) { | |||
| return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; | |||
| } | |||
| } | |||
| /** | |||
Loading…