diff options
| author | Xheni Myrtaj <myrtajxheni@gmail.com> | 2019-05-27 21:54:58 +0200 |
|---|---|---|
| committer | Xheni Myrtaj <myrtajxheni@gmail.com> | 2019-05-29 22:43:23 +0200 |
| commit | d227f4d34ca0f7a6877063784f75481ff6631a4a (patch) | |
| tree | 75a759241b08df0a1801633484266f0b7a48887c /lib/private/IntegrityCheck | |
| parent | 89c701382f7a3dfaae3a45d1001ab26fb08cdd8a (diff) | |
| download | nextcloud-server-d227f4d34ca0f7a6877063784f75481ff6631a4a.tar.gz nextcloud-server-d227f4d34ca0f7a6877063784f75481ff6631a4a.zip | |
Do not fail integrity check if mimetype list is changed
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
Diffstat (limited to 'lib/private/IntegrityCheck')
| -rw-r--r-- | lib/private/IntegrityCheck/Checker.php | 59 |
1 files changed, 37 insertions, 22 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index 0a8876381f4..ac4f40b51ec 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -27,6 +27,7 @@ declare(strict_types=1); namespace OC\IntegrityCheck; +use OC\Core\Command\Maintenance\Mimetype\GenerateMimetypeFileBuilder; use OC\IntegrityCheck\Exceptions\InvalidSignatureException; use OC\IntegrityCheck\Helpers\AppLocator; use OC\IntegrityCheck\Helpers\EnvironmentHelper; @@ -34,6 +35,7 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper; use OC\IntegrityCheck\Iterator\ExcludeFileByNameFilterIterator; use OC\IntegrityCheck\Iterator\ExcludeFoldersByPathFilterIterator; use OCP\App\IAppManager; +use OCP\Files\IMimeTypeDetector; use OCP\ICache; use OCP\ICacheFactory; use OCP\IConfig; @@ -67,6 +69,8 @@ class Checker { private $appManager; /** @var ITempManager */ private $tempManager; + /** @var IMimeTypeDetector */ + private $mimeTypeDetector; /** * @param EnvironmentHelper $environmentHelper @@ -76,6 +80,7 @@ class Checker { * @param ICacheFactory $cacheFactory * @param IAppManager $appManager * @param ITempManager $tempManager + * @param IMimeTypeDetector $mimeTypeDetector */ public function __construct(EnvironmentHelper $environmentHelper, FileAccessHelper $fileAccessHelper, @@ -83,7 +88,8 @@ class Checker { IConfig $config = null, ICacheFactory $cacheFactory, IAppManager $appManager = null, - ITempManager $tempManager) { + ITempManager $tempManager, + IMimeTypeDetector $mimeTypeDetector) { $this->environmentHelper = $environmentHelper; $this->fileAccessHelper = $fileAccessHelper; $this->appLocator = $appLocator; @@ -91,6 +97,7 @@ class Checker { $this->cache = $cacheFactory->createDistributed(self::CACHE_KEY); $this->appManager = $appManager; $this->tempManager = $tempManager; + $this->mimeTypeDetector = $mimeTypeDetector; } /** @@ -193,6 +200,14 @@ class Checker { continue; } } + if($filename === $this->environmentHelper->getServerRoot().'/core/js/mimetypelist.js') { + $oldMimetypeList = new GenerateMimetypeFileBuilder(); + $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases()); + if($newFile === file_get_contents($filename)) { + $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases())); + continue; + } + } $hashes[$relativeFileName] = hash_file('sha512', $filename); } @@ -220,10 +235,10 @@ class Checker { $signature = $privateKey->sign(json_encode($hashes)); return [ - 'hashes' => $hashes, - 'signature' => base64_encode($signature), - 'certificate' => $certificate->saveX509($certificate->currentCert), - ]; + 'hashes' => $hashes, + 'signature' => base64_encode($signature), + 'certificate' => $certificate->saveX509($certificate->currentCert), + ]; } /** @@ -244,8 +259,8 @@ class Checker { $iterator = $this->getFolderIterator($path); $hashes = $this->generateHashes($iterator, $path); $signature = $this->createSignatureData($hashes, $certificate, $privateKey); - $this->fileAccessHelper->file_put_contents( - $appInfoDir . '/signature.json', + $this->fileAccessHelper->file_put_contents( + $appInfoDir . '/signature.json', json_encode($signature, JSON_PRETTY_PRINT) ); } catch (\Exception $e){ @@ -327,7 +342,7 @@ class Checker { // Verify if certificate has proper CN. "core" CN is always trusted. if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') { throw new InvalidSignatureException( - sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN']) + sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN']) ); } @@ -484,16 +499,16 @@ class Checker { $path = $this->appLocator->getAppPath($appId); } $result = $this->verify( - $path . '/appinfo/signature.json', - $path, - $appId + $path . '/appinfo/signature.json', + $path, + $appId ); } catch (\Exception $e) { $result = [ - 'EXCEPTION' => [ - 'class' => \get_class($e), - 'message' => $e->getMessage(), - ], + 'EXCEPTION' => [ + 'class' => \get_class($e), + 'message' => $e->getMessage(), + ], ]; } $this->storeResults($appId, $result); @@ -534,16 +549,16 @@ class Checker { public function verifyCoreSignature(): array { try { $result = $this->verify( - $this->environmentHelper->getServerRoot() . '/core/signature.json', - $this->environmentHelper->getServerRoot(), - 'core' + $this->environmentHelper->getServerRoot() . '/core/signature.json', + $this->environmentHelper->getServerRoot(), + 'core' ); } catch (\Exception $e) { $result = [ - 'EXCEPTION' => [ - 'class' => \get_class($e), - 'message' => $e->getMessage(), - ], + 'EXCEPTION' => [ + 'class' => \get_class($e), + 'message' => $e->getMessage(), + ], ]; } $this->storeResults('core', $result); |