mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36881 Commits
427 Branches
Tree: 202509251c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '202509251c'
${ noResults }
nextcloud/settings/Controller/CertificateController.php

CertificateController.php 5.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Björn Schießle <bjoern@schiessle.org>

  6.  * @author Lukas Reschke <lukas@statuscode.ch>

  7.  * @author Robin Appelman <robin@icewind.nl>

  8.  * @author Vincent Petry <pvince81@owncloud.com>

  9.  *

  10.  * @license AGPL-3.0

  11.  *

  12.  * This code is free software: you can redistribute it and/or modify

  13.  * it under the terms of the GNU Affero General Public License, version 3,

  14.  * as published by the Free Software Foundation.

  15.  *

  16.  * This program is distributed in the hope that it will be useful,

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  19.  * GNU Affero General Public License for more details.

  20.  *

  21.  * You should have received a copy of the GNU Affero General Public License, version 3,

  22.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  23.  *

  24.  */

  25. 

  26. namespace OC\Settings\Controller;

  27. 

  28. use OCP\App\IAppManager;

  29. use OCP\AppFramework\Controller;

  30. use OCP\AppFramework\Http;

  31. use OCP\AppFramework\Http\DataResponse;

  32. use OCP\ICertificateManager;

  33. use OCP\IL10N;

  34. use OCP\IRequest;

  35. 

  36. /**

  37.  * @package OC\Settings\Controller

  38.  */

  39. class CertificateController extends Controller {

  40. 	/** @var ICertificateManager */

  41. 	private $userCertificateManager;

  42. 	/** @var ICertificateManager  */

  43. 	private $systemCertificateManager;

  44. 	/** @var IL10N */

  45. 	private $l10n;

  46. 	/** @var IAppManager */

  47. 	private $appManager;

  48. 

  49. 	/**

  50. 	 * @param string $appName

  51. 	 * @param IRequest $request

  52. 	 * @param ICertificateManager $userCertificateManager

  53. 	 * @param ICertificateManager $systemCertificateManager

  54. 	 * @param IL10N $l10n

  55. 	 * @param IAppManager $appManager

  56. 	 */

  57. 	public function __construct($appName,

  58. 								IRequest $request,

  59. 								ICertificateManager $userCertificateManager,

  60. 								ICertificateManager $systemCertificateManager,

  61. 								IL10N $l10n,

  62. 								IAppManager $appManager) {

  63. 		parent::__construct($appName, $request);

  64. 		$this->userCertificateManager = $userCertificateManager;

  65. 		$this->systemCertificateManager = $systemCertificateManager;

  66. 		$this->l10n = $l10n;

  67. 		$this->appManager = $appManager;

  68. 	}

  69. 

  70. 	/**

  71. 	 * Add a new personal root certificate to the users' trust store

  72. 	 *

  73. 	 * @NoAdminRequired

  74. 	 * @NoSubadminRequired

  75. 	 * @return array

  76. 	 */

  77. 	public function addPersonalRootCertificate() {

  78. 		return $this->addCertificate($this->userCertificateManager);

  79. 	}

  80. 

  81. 	/**

  82. 	 * Add a new root certificate to a trust store

  83. 	 *

  84. 	 * @param ICertificateManager $certificateManager

  85. 	 * @return DataResponse

  86. 	 */

  87. 	private function addCertificate(ICertificateManager $certificateManager) {

  88. 		$headers = [];

  89. 

  90. 		if ($this->isCertificateImportAllowed() === false) {

  91. 			return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);

  92. 		}

  93. 

  94. 		$file = $this->request->getUploadedFile('rootcert_import');

  95. 		if (empty($file)) {

  96. 			return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);

  97. 		}

  98. 

  99. 		try {

  100. 			$certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);

  101. 			return new DataResponse(

  102. 				[

  103. 					'name' => $certificate->getName(),

  104. 					'commonName' => $certificate->getCommonName(),

  105. 					'organization' => $certificate->getOrganization(),

  106. 					'validFrom' => $certificate->getIssueDate()->getTimestamp(),

  107. 					'validTill' => $certificate->getExpireDate()->getTimestamp(),

  108. 					'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),

  109. 					'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),

  110. 					'issuer' => $certificate->getIssuerName(),

  111. 					'issuerOrganization' => $certificate->getIssuerOrganization(),

  112. 				],

  113. 				Http::STATUS_OK,

  114. 				$headers

  115. 			);

  116. 		} catch (\Exception $e) {

  117. 			return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);

  118. 		}

  119. 	}

  120. 

  121. 	/**

  122. 	 * Removes a personal root certificate from the users' trust store

  123. 	 *

  124. 	 * @NoAdminRequired

  125. 	 * @NoSubadminRequired

  126. 	 * @param string $certificateIdentifier

  127. 	 * @return DataResponse

  128. 	 */

  129. 	public function removePersonalRootCertificate($certificateIdentifier) {

  130. 

  131. 		if ($this->isCertificateImportAllowed() === false) {

  132. 			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);

  133. 		}

  134. 

  135. 		$this->userCertificateManager->removeCertificate($certificateIdentifier);

  136. 		return new DataResponse();

  137. 	}

  138. 

  139. 	/**

  140. 	 * check if certificate import is allowed

  141. 	 *

  142. 	 * @return bool

  143. 	 */

  144. 	protected function isCertificateImportAllowed() {

  145. 		$externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');

  146. 		if ($externalStorageEnabled) {

  147. 			/** @var \OCA\Files_External\Service\BackendService $backendService */

  148. 			$backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');

  149. 			if ($backendService->isUserMountingAllowed()) {

  150. 				return true;

  151. 			}

  152. 		}

  153. 		return false;

  154. 	}

  155. 

  156. 	/**

  157. 	 * Add a new personal root certificate to the system's trust store

  158. 	 *

  159. 	 * @return array

  160. 	 */

  161. 	public function addSystemRootCertificate() {

  162. 		return $this->addCertificate($this->systemCertificateManager);

  163. 	}

  164. 

  165. 	/**

  166. 	 * Removes a personal root certificate from the users' trust store

  167. 	 *

  168. 	 * @param string $certificateIdentifier

  169. 	 * @return DataResponse

  170. 	 */

  171. 	public function removeSystemRootCertificate($certificateIdentifier) {

  172. 

  173. 		if ($this->isCertificateImportAllowed() === false) {

  174. 			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);

  175. 		}

  176. 

  177. 		$this->systemCertificateManager->removeCertificate($certificateIdentifier);

  178. 		return new DataResponse();

  179. 	}

  180. }