diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-07-06 15:58:38 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-07-06 15:58:38 +0200 |
| commit | e91b4bc2ac79f8855c57accfce2558ead52d2943 (patch) | |
| tree | 34d05ca1db5da46aa114e01364f729a03aff2054 | |
| parent | 75d01b065da91acb7512b3df82d69c8d931c50b3 (diff) | |
| download | nextcloud-server-e91b4bc2ac79f8855c57accfce2558ead52d2943.tar.gz nextcloud-server-e91b4bc2ac79f8855c57accfce2558ead52d2943.zip | |
allow user to upload his own root certificate for secure webdav mount
| -rw-r--r-- | apps/files_external/ajax/addRootCertificate.php | 16 | ||||
| -rw-r--r-- | apps/files_external/ajax/removeRootCertificate.php | 3 | ||||
| -rwxr-xr-x | apps/files_external/lib/config.php | 27 | ||||
| -rw-r--r-- | apps/files_external/lib/webdav.php | 2 | ||||
| -rw-r--r-- | apps/files_external/templates/settings.php | 2 | ||||
| -rw-r--r-- | lib/connector/sabre/client.php | 2 |
6 files changed, 46 insertions, 6 deletions
diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php index 33cd64d2c7a..c1928556292 100644 --- a/apps/files_external/ajax/addRootCertificate.php +++ b/apps/files_external/ajax/addRootCertificate.php @@ -4,9 +4,23 @@ OCP\JSON::checkAppEnabled('files_external'); $view = \OCP\Files::getStorage("files_external"); $from = $_FILES['rootcert_import']['tmp_name']; -$to = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$_FILES['rootcert_import']['name']; +$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'; +$to = $path.$_FILES['rootcert_import']['name']; move_uploaded_file($from, $to); +//check if it is a PEM certificate, otherwise convert it if possible +$fh = fopen($to, 'r'); +$data = fread($fh, filesize($to)); +fclose($fh); +if (!strpos($data, 'BEGIN CERTIFICATE')) { + $pem = chunk_split(base64_encode($data), 64, "\n");
+ $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n"; + $fh = fopen($to, 'w'); + fwrite($fh, $pem); +} + +OC_Mount_Config::createCertificateBundle(); + header("Location: settings/personal.php"); exit; ?>
\ No newline at end of file diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php index 05f2fdef2d1..a00922f4210 100644 --- a/apps/files_external/ajax/removeRootCertificate.php +++ b/apps/files_external/ajax/removeRootCertificate.php @@ -4,6 +4,7 @@ OCP\JSON::checkAppEnabled('files_external'); $view = \OCP\Files::getStorage("files_external"); $cert = $_POST['cert']; -$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$cert; +$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert; unlink($file); +OC_Mount_Config::createCertificateBundle(); ?>
\ No newline at end of file diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php index 4e82e6b2548..5630df77a91 100755 --- a/apps/files_external/lib/config.php +++ b/apps/files_external/lib/config.php @@ -244,7 +244,8 @@ class OC_Mount_Config { */
public static function getCertificates() { $view = \OCP\Files::getStorage('files_external'); - $path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath(""); + $path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'; + if (!is_dir($path)) mkdir($path); $result = array(); $handle = opendir($path); while (false !== ($file = readdir($handle))) { @@ -252,6 +253,30 @@ class OC_Mount_Config { } return $result; } + + /** + * creates certificate bundle + */ + public static function createCertificateBundle() { + $view = \OCP\Files::getStorage("files_external");
+ $path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
+
+ $certs = OC_Mount_Config::getCertificates();
+ $fh_certs = fopen($path."/rootcerts.crt", 'w');
+ foreach ($certs as $cert) {
+ $file=$path.'/uploads/'.$cert;
+ $fh = fopen($file, "r");
+ $data = fread($fh, filesize($file));
+ fclose($fh); + if (strpos($data, 'BEGIN CERTIFICATE')) {
+ fwrite($fh_certs, $data); + }
+ }
+
+ fclose($fh_certs); + + return true; + } } diff --git a/apps/files_external/lib/webdav.php b/apps/files_external/lib/webdav.php index 9b874e62e33..ea6ca65b976 100644 --- a/apps/files_external/lib/webdav.php +++ b/apps/files_external/lib/webdav.php @@ -45,7 +45,7 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{ $this->client = new OC_Connector_Sabre_Client($settings); if($caview = \OCP\Files::getStorage('files_external')) { - $this->client->setCurlSettings(array(CURLOPT_CAPATH => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath(""))); + $this->client->setCurlSettings(array(CURLOPT_CAINFO => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("").'rootcerts.crt')); } //create the root folder if necesary $this->mkdir(''); diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php index 8f8fe8d527f..3d65e9b7473 100644 --- a/apps/files_external/templates/settings.php +++ b/apps/files_external/templates/settings.php @@ -81,7 +81,7 @@ </table> <br /> - <?php if (!$_['isAdminPage'] && false): // disabled until sabredav can handle uploaded ca certs ?> + <?php if (!$_['isAdminPage']): ?> <table id="sslCertificate" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'> <thead> <tr> diff --git a/lib/connector/sabre/client.php b/lib/connector/sabre/client.php index bcf564c06d1..b799b541a05 100644 --- a/lib/connector/sabre/client.php +++ b/lib/connector/sabre/client.php @@ -68,7 +68,7 @@ class OC_Connector_Sabre_Client extends Sabre_DAV_Client { * @return array
*/
public function request($method, $url = '', $body = null, $headers = array()) {
-
+
$this->curlSettings[CURLOPT_POSTFIELDS] = $body;
$url = $this->getAbsoluteUrl($url);
|