fix(federation): comply to `sharing.federation.allowSelfSignedCertificates`

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

7 files changed, 37 insertions, 7 deletions

diff --git a/apps/federatedfilesharing/tests/Settings/AdminTest.php b/apps/federatedfilesharing/tests/Settings/AdminTest.php
index d821eee55b0..efbe763c633 100644
--- a/apps/federatedfilesharing/tests/Settings/AdminTest.php
+++ b/apps/federatedfilesharing/tests/Settings/AdminTest.php
@@ -91,10 +91,14 @@ class AdminTest extends TestCase {
 			->expects($this->once())
 			->method('isIncomingServer2serverGroupShareEnabled')
 			->willReturn($state);
+		$this->federatedShareProvider
+			->expects($this->once())
+			->method('isFederatedTrustedShareAutoAccept')
+			->willReturn($state);
 		$this->gsConfig->expects($this->once())->method('onlyInternalFederation')
 			->willReturn($state);
 
-		$this->initialState->expects($this->exactly(9))
+		$this->initialState->expects($this->exactly(10))
 			->method('provideInitialState')
 			->withConsecutive(
 				['internalOnly', $state],
@@ -106,6 +110,7 @@ class AdminTest extends TestCase {
 				['incomingServer2serverGroupShareEnabled', $state],
 				['lookupServerEnabled', $state],
 				['lookupServerUploadEnabled', $state],
+				['federatedTrustedShareAutoAccept', $state]
 			);
 
 		$expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');
diff --git a/apps/federation/lib/BackgroundJob/GetSharedSecret.php b/apps/federation/lib/BackgroundJob/GetSharedSecret.php
index 8574f1f9000..01dbf7b80b6 100644
--- a/apps/federation/lib/BackgroundJob/GetSharedSecret.php
+++ b/apps/federation/lib/BackgroundJob/GetSharedSecret.php
@@ -17,6 +17,7 @@ use OCP\BackgroundJob\Job;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\IResponse;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use Psr\Log\LoggerInterface;
@@ -43,6 +44,7 @@ class GetSharedSecret extends Job {
 		private LoggerInterface $logger,
 		private IDiscoveryService $ocsDiscoveryService,
 		ITimeFactory $timeFactory,
+		private IConfig $config
 	) {
 		parent::__construct($timeFactory);
 		$this->httpClient = $httpClientService->newClient();
@@ -105,6 +107,7 @@ class GetSharedSecret extends Job {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			);
 
diff --git a/apps/federation/lib/BackgroundJob/RequestSharedSecret.php b/apps/federation/lib/BackgroundJob/RequestSharedSecret.php
index a1d0d2b0df0..6691e39e682 100644
--- a/apps/federation/lib/BackgroundJob/RequestSharedSecret.php
+++ b/apps/federation/lib/BackgroundJob/RequestSharedSecret.php
@@ -18,6 +18,7 @@ use OCP\BackgroundJob\IJobList;
 use OCP\BackgroundJob\Job;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use Psr\Log\LoggerInterface;
@@ -47,6 +48,7 @@ class RequestSharedSecret extends Job {
 		private IDiscoveryService $ocsDiscoveryService,
 		private LoggerInterface $logger,
 		ITimeFactory $timeFactory,
+		private IConfig $config
 	) {
 		parent::__construct($timeFactory);
 		$this->httpClient = $httpClientService->newClient();
@@ -116,6 +118,7 @@ class RequestSharedSecret extends Job {
 					],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			);
 
diff --git a/apps/federation/lib/Controller/SettingsController.php b/apps/federation/lib/Controller/SettingsController.php
index 83e97e52415..663dda8916a 100644
--- a/apps/federation/lib/Controller/SettingsController.php
+++ b/apps/federation/lib/Controller/SettingsController.php
@@ -34,8 +34,8 @@ class SettingsController extends Controller {
 	 */
 	#[AuthorizedAdminSetting(settings: Admin::class)]
 	public function addServer(string $url): DataResponse {
-		$this->checkServer($url);
-		$id = $this->trustedServers->addServer($url);
+		$this->checkServer(trim($url));
+		$id = $this->trustedServers->addServer(trim($url));
 
 		return new DataResponse([
 			'url' => $url,
diff --git a/apps/federation/lib/TrustedServers.php b/apps/federation/lib/TrustedServers.php
index 4b8ff5726c3..231b892fc3e 100644
--- a/apps/federation/lib/TrustedServers.php
+++ b/apps/federation/lib/TrustedServers.php
@@ -138,6 +138,7 @@ class TrustedServers {
 				[
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			);
 			if ($result->getStatusCode() === Http::STATUS_OK) {
diff --git a/apps/federation/tests/BackgroundJob/GetSharedSecretTest.php b/apps/federation/tests/BackgroundJob/GetSharedSecretTest.php
index 4fcb579d6f9..021c8646cc7 100644
--- a/apps/federation/tests/BackgroundJob/GetSharedSecretTest.php
+++ b/apps/federation/tests/BackgroundJob/GetSharedSecretTest.php
@@ -17,6 +17,7 @@ use OCP\BackgroundJob\IJobList;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\IResponse;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use Psr\Log\LoggerInterface;
@@ -57,6 +58,9 @@ class GetSharedSecretTest extends TestCase {
 	/** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */
 	private $timeFactory;
 
+	/** @var \PHPUnit\Framework\MockObject\MockObject|IConfig */
+	private $config;
+
 	private GetSharedSecret $getSharedSecret;
 
 	protected function setUp(): void {
@@ -72,6 +76,7 @@ class GetSharedSecretTest extends TestCase {
 		$this->response = $this->getMockBuilder(IResponse::class)->getMock();
 		$this->discoverService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
 		$this->timeFactory = $this->createMock(ITimeFactory::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->discoverService->expects($this->any())->method('discover')->willReturn([]);
 		$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@@ -83,7 +88,8 @@ class GetSharedSecretTest extends TestCase {
 			$this->trustedServers,
 			$this->logger,
 			$this->discoverService,
-			$this->timeFactory
+			$this->timeFactory,
+			$this->config
 		);
 	}
 
@@ -104,7 +110,8 @@ class GetSharedSecretTest extends TestCase {
 					$this->trustedServers,
 					$this->logger,
 					$this->discoverService,
-					$this->timeFactory
+					$this->timeFactory,
+					$this->config,
 				]
 			)->setMethods(['parentStart'])->getMock();
 		$this->invokePrivate($getSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@@ -176,6 +183,7 @@ class GetSharedSecretTest extends TestCase {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => true,
 				]
 			)->willReturn($this->response);
 
@@ -267,6 +275,7 @@ class GetSharedSecretTest extends TestCase {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => true,
 				]
 			)->willThrowException($this->createMock(ConnectException::class));
 
diff --git a/apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php b/apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php
index 63b8324ad2e..68f8cc070c8 100644
--- a/apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php
+++ b/apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php
@@ -16,6 +16,7 @@ use OCP\BackgroundJob\IJobList;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\IResponse;
+use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\OCS\IDiscoveryService;
 use PHPUnit\Framework\MockObject\MockObject;
@@ -50,6 +51,9 @@ class RequestSharedSecretTest extends TestCase {
 	/** @var MockObject|ITimeFactory */
 	private $timeFactory;
 
+	/** @var MockObject|IConfig */
+	private $config;
+
 	/** @var RequestSharedSecret */
 	private $requestSharedSecret;
 
@@ -66,6 +70,7 @@ class RequestSharedSecretTest extends TestCase {
 		$this->discoveryService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
 		$this->logger = $this->createMock(LoggerInterface::class);
 		$this->timeFactory = $this->createMock(ITimeFactory::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->discoveryService->expects($this->any())->method('discover')->willReturn([]);
 		$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@@ -77,7 +82,8 @@ class RequestSharedSecretTest extends TestCase {
 			$this->trustedServers,
 			$this->discoveryService,
 			$this->logger,
-			$this->timeFactory
+			$this->timeFactory,
+			$this->config,
 		);
 	}
 
@@ -98,7 +104,8 @@ class RequestSharedSecretTest extends TestCase {
 					$this->trustedServers,
 					$this->discoveryService,
 					$this->logger,
-					$this->timeFactory
+					$this->timeFactory,
+					$this->config,
 				]
 			)->setMethods(['parentStart'])->getMock();
 		$this->invokePrivate($requestSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@@ -170,6 +177,7 @@ class RequestSharedSecretTest extends TestCase {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => true,
 				]
 			)->willReturn($this->response);
 
@@ -255,6 +263,7 @@ class RequestSharedSecretTest extends TestCase {
 						],
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => true,
 				]
 			)->willThrowException($this->createMock(ConnectException::class));