Move certificate management code to core

4 files changed, 13 insertions, 81 deletions

diff --git a/apps/files_external/ajax/addRootCertificate.php b/apps/files_external/ajax/addRootCertificate.php
index fcd3a617ada..38b18605945 100644
--- a/apps/files_external/ajax/addRootCertificate.php
+++ b/apps/files_external/ajax/addRootCertificate.php
@@ -3,8 +3,8 @@
 OCP\JSON::checkAppEnabled('files_external');
 OCP\JSON::callCheck();
 
-if ( ! ($filename = $_FILES['rootcert_import']['name']) ) {
-	header('Location:' . OCP\Util::linkToRoute( "settings_personal" ));
+if (!($filename = $_FILES['rootcert_import']['name'])) {
+	header('Location:' . OCP\Util::linkToRoute("settings_personal"));
 	exit;
 }
 
@@ -13,33 +13,13 @@ $data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name']));
 fclose($fh);
 $filename = $_FILES['rootcert_import']['name'];
 
-$view = new \OC\Files\View('/'.\OCP\User::getUser().'/files_external/uploads');
-if (!$view->file_exists('')) {
-	$view->mkdir('');
-}
-
-$isValid = openssl_pkey_get_public($data);
-
-//maybe it was just the wrong file format, try to convert it...
-if ($isValid == false) {
-	$data = chunk_split(base64_encode($data), 64, "\n");
-	$data = "-----BEGIN CERTIFICATE-----\n".$data."-----END CERTIFICATE-----\n";
-	$isValid = openssl_pkey_get_public($data);
-}
+$certificateManager = \OC::$server->getCertificateManager();
 
-// add the certificate if it could be verified
-if ( $isValid ) {
-	// disable proxy to prevent multiple fopen calls
-	$proxyStatus = \OC_FileProxy::$enabled;
-	\OC_FileProxy::$enabled = false;
-	$view->file_put_contents($filename, $data);
-	OC_Mount_Config::createCertificateBundle();
-	\OC_FileProxy::$enabled = $proxyStatus;
-} else {
+if (!$certificateManager->addCertificate($data, $filename)) {
 	OCP\Util::writeLog('files_external',
-			'Couldn\'t import SSL root certificate ('.$filename.'), allowed formats: PEM and DER',
-			OCP\Util::WARN);
+		'Couldn\'t import SSL root certificate (' . $filename . '), allowed formats: PEM and DER',
+		OCP\Util::WARN);
 }
 
-header('Location:' . OCP\Util::linkToRoute( "settings_personal" ));
+header('Location:' . OCP\Util::linkToRoute("settings_personal"));
 exit;
diff --git a/apps/files_external/ajax/removeRootCertificate.php b/apps/files_external/ajax/removeRootCertificate.php
index 664b3937e97..e6795800e03 100644
--- a/apps/files_external/ajax/removeRootCertificate.php
+++ b/apps/files_external/ajax/removeRootCertificate.php
@@ -4,10 +4,8 @@ OCP\JSON::checkAppEnabled('files_external');
 OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
-$view = \OCP\Files::getStorage("files_external");
-$file = 'uploads/'.ltrim($_POST['cert'], "/\\.");
-
-if ( $view->file_exists($file) ) {
-	$view->unlink($file);
-	OC_Mount_Config::createCertificateBundle();
+$name = $_POST['cert'];
+$certificateManager = \OC::$server->getCertificateManager();
+if (\OC\Files\Filesystem::isValidPath($name)) {
+	$certificateManager->removeCertificate($name);
 }
diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php
index 85e36fd9043..952463b8015 100755
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -620,53 +620,6 @@ class OC_Mount_Config {
 	}
 
 	/**
-	 * Returns all user uploaded ssl root certificates
-	 * @return array
-	 */
-	public static function getCertificates() {
-		$path=OC_User::getHome(OC_User::getUser()) . '/files_external/uploads/';
-		\OCP\Util::writeLog('files_external', 'checking path '.$path, \OCP\Util::INFO);
-		if ( ! is_dir($path)) {
-			//path might not exist (e.g. non-standard OC_User::getHome() value)
-			//in this case create full path using 3rd (recursive=true) parameter.
-			mkdir($path, 0777, true);
-		}
-		$result = array();
-		$handle = opendir($path);
-		if(!is_resource($handle)) {
-			return array();
-		}
-		while (false !== ($file = readdir($handle))) {
-			if ($file != '.' && $file != '..') $result[] = $file;
-		}
-		return $result;
-	}
-
-	/**
-	 * creates certificate bundle
-	 */
-	public static function createCertificateBundle() {
-		$path=OC_User::getHome(OC_User::getUser()) . '/files_external';
-
-		$certs = OC_Mount_Config::getCertificates();
-		$fh_certs = fopen($path."/rootcerts.crt", 'w');
-		foreach ($certs as $cert) {
-			$file=$path.'/uploads/'.$cert;
-			$fh = fopen($file, "r");
-			$data = fread($fh, filesize($file));
-			fclose($fh);
-			if (strpos($data, 'BEGIN CERTIFICATE')) {
-				fwrite($fh_certs, $data);
-				fwrite($fh_certs, "\r\n");
-			}
-		}
-
-		fclose($fh_certs);
-
-		return true;
-	}
-
-	/**
 	 * check dependencies
 	 */
 	public static function checkDependencies() {
diff --git a/apps/files_external/personal.php b/apps/files_external/personal.php
index 90d7afed28b..9965303f21c 100755
--- a/apps/files_external/personal.php
+++ b/apps/files_external/personal.php
@@ -23,11 +23,12 @@
 OCP\Util::addScript('files_external', 'settings');
 OCP\Util::addStyle('files_external', 'settings');
 $backends = OC_Mount_Config::getPersonalBackends();
+$certificateManager = \OC::$server->getCertificateManager();
 
 $tmpl = new OCP\Template('files_external', 'settings');
 $tmpl->assign('isAdminPage', false);
 $tmpl->assign('mounts', OC_Mount_Config::getPersonalMountPoints());
-$tmpl->assign('certs', OC_Mount_Config::getCertificates());
+$tmpl->assign('certs', $certificateManager->listCertificates());
 $tmpl->assign('dependencies', OC_Mount_Config::checkDependencies());
 $tmpl->assign('backends', $backends);
 return $tmpl->fetchPage();