mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1010 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32902 Commits
424 Branches
Tree: 0552933770
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0552933770'
${ noResults }
nextcloud/settings/Controller/CertificateController.php

CertificateController.php 5.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. <?php

  2. /**

  3.  * @author Björn Schießle <bjoern@schiessle.org>

  4.  * @author Lukas Reschke <lukas@statuscode.ch>

  5.  * @author Robin Appelman <icewind@owncloud.com>

  6.  * @author Vincent Petry <pvince81@owncloud.com>

  7.  *

  8.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  9.  * @license AGPL-3.0

  10.  *

  11.  * This code is free software: you can redistribute it and/or modify

  12.  * it under the terms of the GNU Affero General Public License, version 3,

  13.  * as published by the Free Software Foundation.

  14.  *

  15.  * This program is distributed in the hope that it will be useful,

  16.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  17.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  18.  * GNU Affero General Public License for more details.

  19.  *

  20.  * You should have received a copy of the GNU Affero General Public License, version 3,

  21.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  22.  *

  23.  */

  24. 

  25. namespace OC\Settings\Controller;

  26. 

  27. use OCP\App\IAppManager;

  28. use OCP\AppFramework\Controller;

  29. use OCP\AppFramework\Http;

  30. use OCP\AppFramework\Http\DataResponse;

  31. use OCP\ICertificateManager;

  32. use OCP\IL10N;

  33. use OCP\IRequest;

  34. 

  35. /**

  36.  * @package OC\Settings\Controller

  37.  */

  38. class CertificateController extends Controller {

  39. 	/** @var ICertificateManager */

  40. 	private $userCertificateManager;

  41. 	/** @var ICertificateManager  */

  42. 	private $systemCertificateManager;

  43. 	/** @var IL10N */

  44. 	private $l10n;

  45. 	/** @var IAppManager */

  46. 	private $appManager;

  47. 

  48. 	/**

  49. 	 * @param string $appName

  50. 	 * @param IRequest $request

  51. 	 * @param ICertificateManager $userCertificateManager

  52. 	 * @param ICertificateManager $systemCertificateManager

  53. 	 * @param IL10N $l10n

  54. 	 * @param IAppManager $appManager

  55. 	 */

  56. 	public function __construct($appName,

  57. 								IRequest $request,

  58. 								ICertificateManager $userCertificateManager,

  59. 								ICertificateManager $systemCertificateManager,

  60. 								IL10N $l10n,

  61. 								IAppManager $appManager) {

  62. 		parent::__construct($appName, $request);

  63. 		$this->userCertificateManager = $userCertificateManager;

  64. 		$this->systemCertificateManager = $systemCertificateManager;

  65. 		$this->l10n = $l10n;

  66. 		$this->appManager = $appManager;

  67. 	}

  68. 

  69. 	/**

  70. 	 * Add a new personal root certificate to the users' trust store

  71. 	 *

  72. 	 * @NoAdminRequired

  73. 	 * @NoSubadminRequired

  74. 	 * @return array

  75. 	 */

  76. 	public function addPersonalRootCertificate() {

  77. 		return $this->addCertificate($this->userCertificateManager);

  78. 	}

  79. 

  80. 	/**

  81. 	 * Add a new root certificate to a trust store

  82. 	 *

  83. 	 * @param ICertificateManager $certificateManager

  84. 	 * @return array

  85. 	 */

  86. 	private function addCertificate(ICertificateManager $certificateManager) {

  87. 		$headers = [];

  88. 		if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {

  89. 			// due to upload iframe workaround, need to set content-type to text/plain

  90. 			$headers['Content-Type'] = 'text/plain';

  91. 		}

  92. 

  93. 		if ($this->isCertificateImportAllowed() === false) {

  94. 			return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);

  95. 		}

  96. 

  97. 		$file = $this->request->getUploadedFile('rootcert_import');

  98. 		if (empty($file)) {

  99. 			return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);

  100. 		}

  101. 

  102. 		try {

  103. 			$certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);

  104. 			return new DataResponse(

  105. 				[

  106. 					'name' => $certificate->getName(),

  107. 					'commonName' => $certificate->getCommonName(),

  108. 					'organization' => $certificate->getOrganization(),

  109. 					'validFrom' => $certificate->getIssueDate()->getTimestamp(),

  110. 					'validTill' => $certificate->getExpireDate()->getTimestamp(),

  111. 					'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),

  112. 					'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),

  113. 					'issuer' => $certificate->getIssuerName(),

  114. 					'issuerOrganization' => $certificate->getIssuerOrganization(),

  115. 				],

  116. 				Http::STATUS_OK,

  117. 				$headers

  118. 			);

  119. 		} catch (\Exception $e) {

  120. 			return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);

  121. 		}

  122. 	}

  123. 

  124. 	/**

  125. 	 * Removes a personal root certificate from the users' trust store

  126. 	 *

  127. 	 * @NoAdminRequired

  128. 	 * @NoSubadminRequired

  129. 	 * @param string $certificateIdentifier

  130. 	 * @return DataResponse

  131. 	 */

  132. 	public function removePersonalRootCertificate($certificateIdentifier) {

  133. 

  134. 		if ($this->isCertificateImportAllowed() === false) {

  135. 			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);

  136. 		}

  137. 

  138. 		$this->userCertificateManager->removeCertificate($certificateIdentifier);

  139. 		return new DataResponse();

  140. 	}

  141. 

  142. 	/**

  143. 	 * check if certificate import is allowed

  144. 	 *

  145. 	 * @return bool

  146. 	 */

  147. 	protected function isCertificateImportAllowed() {

  148. 		$externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');

  149. 		if ($externalStorageEnabled) {

  150. 			/** @var \OCA\Files_External\Service\BackendService $backendService */

  151. 			$backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');

  152. 			if ($backendService->isUserMountingAllowed()) {

  153. 				return true;

  154. 			}

  155. 		}

  156. 		return false;

  157. 	}

  158. 

  159. 	/**

  160. 	 * Add a new personal root certificate to the system's trust store

  161. 	 *

  162. 	 * @return array

  163. 	 */

  164. 	public function addSystemRootCertificate() {

  165. 		return $this->addCertificate($this->systemCertificateManager);

  166. 	}

  167. 

  168. 	/**

  169. 	 * Removes a personal root certificate from the users' trust store

  170. 	 *

  171. 	 * @param string $certificateIdentifier

  172. 	 * @return DataResponse

  173. 	 */

  174. 	public function removeSystemRootCertificate($certificateIdentifier) {

  175. 

  176. 		if ($this->isCertificateImportAllowed() === false) {

  177. 			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);

  178. 		}

  179. 

  180. 		$this->systemCertificateManager->removeCertificate($certificateIdentifier);

  181. 		return new DataResponse();

  182. 	}

  183. }