fix(ocm): switching to IdentityProof

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
author: Maxence Lange <maxence@artificial-owl.com> 2024-11-17 23:43:47 -0100
committer: Maxence Lange <maxence@artificial-owl.com> 2024-12-04 09:30:55 -0100
commit: f08d0532905c211d15effdfa1a9fa4f98921e2a9 (patch)
tree: 39e8314aa77e6819d5ba5ea8a4271e28caa15501 /lib/private/OCM
parent: 4591430c9cbc76c1962e10189d7d6a7326c83946 (diff)
download: nextcloud-server-f08d0532905c211d15effdfa1a9fa4f98921e2a9.tar.gz
nextcloud-server-f08d0532905c211d15effdfa1a9fa4f98921e2a9.zip
3 files changed, 21 insertions, 16 deletions
diff --git a/lib/private/OCM/Model/OCMProvider.php b/lib/private/OCM/Model/OCMProvider.php
index cd4e9c49c3b..95ba83882f2 100644
--- a/lib/private/OCM/Model/OCMProvider.php
+++ b/lib/private/OCM/Model/OCMProvider.php
@@ -210,11 +210,11 @@ class OCMProvider implements IOCMProvider {
 	 *      apiVersion: '1.0-proposal1',
 	 *      endPoint: string,
 	 *      publicKey: ISignatory|null,
-	 *      resourceTypes: array{
+	 *      resourceTypes: list<array{
 	 *          name: string,
 	 *          shareTypes: list<string>,
 	 *          protocols: array<string, string>
-	 *      }[],
+	 *      }>,
 	 *      version: string
 	 *  }
 	 */
diff --git a/lib/private/OCM/OCMDiscoveryService.php b/lib/private/OCM/OCMDiscoveryService.php
index 8111a97ddd4..55da887494a 100644
--- a/lib/private/OCM/OCMDiscoveryService.php
+++ b/lib/private/OCM/OCMDiscoveryService.php
@@ -46,6 +46,14 @@ class OCMDiscoveryService implements IOCMDiscoveryService {
 	 */
 	public function discover(string $remote, bool $skipCache = false): IOCMProvider {
 		$remote = rtrim($remote, '/');
+		if (!str_starts_with($remote, 'http://') && !str_starts_with($remote, 'https://')) {
+			// if scheme not specified, we test both;
+			try {
+				return $this->discover('https://' . $remote, $skipCache);
+			} catch (OCMProviderException) {
+				return $this->discover('http://' . $remote, $skipCache);
+			}
+		}
 
 		if (!$skipCache) {
 			try {
@@ -70,10 +78,7 @@ class OCMDiscoveryService implements IOCMDiscoveryService {
 			if ($this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates') === true) {
 				$options['verify'] = false;
 			}
-			$response = $client->get(
-				$remote . '/ocm-provider/',
-				$options,
-			);
+			$response = $client->get($remote . '/ocm-provider/', $options);
 
 			if ($response->getStatusCode() === Http::STATUS_OK) {
 				$body = $response->getBody();
diff --git a/lib/private/OCM/OCMSignatoryManager.php b/lib/private/OCM/OCMSignatoryManager.php
index 1508c1db1ef..a90bb2c1f39 100644
--- a/lib/private/OCM/OCMSignatoryManager.php
+++ b/lib/private/OCM/OCMSignatoryManager.php
@@ -8,15 +8,13 @@ declare(strict_types=1);
  */
 namespace OC\OCM;
 
-use NCU\Security\PublicPrivateKeyPairs\Exceptions\KeyPairConflictException;
-use NCU\Security\PublicPrivateKeyPairs\Exceptions\KeyPairNotFoundException;
-use NCU\Security\PublicPrivateKeyPairs\IKeyPairManager;
 use NCU\Security\Signature\Exceptions\IdentityNotFoundException;
 use NCU\Security\Signature\ISignatoryManager;
 use NCU\Security\Signature\ISignatureManager;
 use NCU\Security\Signature\Model\IIncomingSignedRequest;
 use NCU\Security\Signature\Model\ISignatory;
 use NCU\Security\Signature\Model\SignatoryType;
+use OC\Security\IdentityProof\Manager;
 use OC\Security\Signature\Model\Signatory;
 use OCP\IAppConfig;
 use OCP\IURLGenerator;
@@ -40,7 +38,7 @@ class OCMSignatoryManager implements ISignatoryManager {
 		private readonly IAppConfig $appConfig,
 		private readonly ISignatureManager $signatureManager,
 		private readonly IURLGenerator $urlGenerator,
-		private readonly IKeyPairManager $keyPairManager,
+		private readonly Manager $identityProofManager,
 		private readonly OCMDiscoveryService $ocmDiscoveryService,
 	) {
 	}
@@ -69,7 +67,6 @@ class OCMSignatoryManager implements ISignatoryManager {
 	 * @inheritDoc
 	 *
 	 * @return ISignatory
-	 * @throws KeyPairConflictException
 	 * @throws IdentityNotFoundException
 	 * @since 31.0.0
 	 */
@@ -85,13 +82,16 @@ class OCMSignatoryManager implements ISignatoryManager {
 			$keyId = $this->generateKeyId();
 		}
 
-		try {
-			$keyPair = $this->keyPairManager->getKeyPair('core', 'ocm_external');
-		} catch (KeyPairNotFoundException) {
-			$keyPair = $this->keyPairManager->generateKeyPair('core', 'ocm_external');
+		if (!$this->identityProofManager->hasAppKey('core', 'ocm_external')) {
+			$this->identityProofManager->generateAppKey('core', 'ocm_external', [
+				'algorithm' => 'rsa',
+				'private_key_bits' => 2048,
+				'private_key_type' => OPENSSL_KEYTYPE_RSA,
+			]);
 		}
+		$keyPair = $this->identityProofManager->getAppKey('core', 'ocm_external');
 
-		return new Signatory($keyId, $keyPair->getPublicKey(), $keyPair->getPrivateKey(), local: true);
+		return new Signatory($keyId, $keyPair->getPublic(), $keyPair->getPrivate(), local: true);
 	}
 
 	/**
author	Maxence Lange <maxence@artificial-owl.com>	2024-11-17 23:43:47 -0100
committer	Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 -0100
commit	f08d0532905c211d15effdfa1a9fa4f98921e2a9 (patch)
tree	39e8314aa77e6819d5ba5ea8a4271e28caa15501 /lib/private/OCM
parent	4591430c9cbc76c1962e10189d7d6a7326c83946 (diff)
download	nextcloud-server-f08d0532905c211d15effdfa1a9fa4f98921e2a9.tar.gz nextcloud-server-f08d0532905c211d15effdfa1a9fa4f98921e2a9.zip