Rename namespace

2 files changed, 255 insertions, 0 deletions

diff --git a/lib/private/security/certificate.php b/lib/private/security/certificate.php
new file mode 100644
index 00000000000..953111f469d
--- /dev/null
+++ b/lib/private/security/certificate.php
@@ -0,0 +1,120 @@
+<?php
+/**
+ * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Security;
+
+use OCP\ICertificate;
+
+class Certificate implements ICertificate {
+	protected $name;
+
+	protected $commonName;
+
+	protected $organization;
+
+	protected $serial;
+
+	protected $issueDate;
+
+	protected $expireDate;
+
+	protected $issuerName;
+
+	protected $issuerOrganization;
+
+	/**
+	 * @param string $data base64 encoded certificate
+	 * @param string $name
+	 */
+	public function __construct($data, $name) {
+		$this->name = $name;
+		$info = openssl_x509_parse($data);
+		$this->commonName = $info['subject']['CN'];
+		$this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null;
+		$this->serial = $this->formatSerial($info['serialNumber']);
+		$this->issueDate = new \DateTime('@' . $info['validFrom_time_t']);
+		$this->expireDate = new \DateTime('@' . $info['validTo_time_t']);
+		$this->issuerName = $info['issuer']['CN'];
+		$this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null;
+	}
+
+	/**
+	 * Format the numeric serial into AA:BB:CC hex format
+	 *
+	 * @param int $serial
+	 * @return string
+	 */
+	protected function formatSerial($serial) {
+		$hex = strtoupper(dechex($serial));
+		return trim(chunk_split($hex, 2, ':'), ':');
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getName() {
+		return $this->name;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getCommonName() {
+		return $this->commonName;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getOrganization() {
+		return $this->organization;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getSerial() {
+		return $this->serial;
+	}
+
+	/**
+	 * @return \DateTime
+	 */
+	public function getIssueDate() {
+		return $this->issueDate;
+	}
+
+	/**
+	 * @return \DateTime
+	 */
+	public function getExpireDate() {
+		return $this->expireDate;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function isExpired() {
+		$now = new \DateTime();
+		return $this->issueDate > $now or $now > $this->expireDate;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getIssuerName() {
+		return $this->issuerName;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getIssuerOrganization() {
+		return $this->issuerOrganization;
+	}
+}
diff --git a/lib/private/security/certificatemanager.php b/lib/private/security/certificatemanager.php
new file mode 100644
index 00000000000..2888fecd239
--- /dev/null
+++ b/lib/private/security/certificatemanager.php
@@ -0,0 +1,135 @@
+<?php
+/**
+ * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Security;
+
+use OC\Files\Filesystem;
+use OCP\ICertificateManager;
+
+/**
+ * Manage trusted certificates for users
+ */
+class CertificateManager implements ICertificateManager {
+	/**
+	 * @var \OCP\IUser
+	 */
+	protected $user;
+
+	/**
+	 * @param \OCP\IUser $user
+	 */
+	public function __construct($user) {
+		$this->user = $user;
+	}
+
+	/**
+	 * Returns all certificates trusted by the user
+	 *
+	 * @return \OCP\ICertificate[]
+	 */
+	public function listCertificates() {
+		$path = $this->user->getHome() . '/files_external/uploads/';
+		if (!is_dir($path)) {
+			return array();
+		}
+		$result = array();
+		$handle = opendir($path);
+		if (!is_resource($handle)) {
+			return array();
+		}
+		while (false !== ($file = readdir($handle))) {
+			if ($file != '.' && $file != '..') {
+				$result[] = new Certificate(file_get_contents($path . $file), $file);
+			}
+		}
+		return $result;
+	}
+
+	/**
+	 * create the certificate bundle of all trusted certificated
+	 */
+	protected function createCertificateBundle() {
+		$path = $this->user->getHome() . '/files_external/';
+		$certs = $this->listCertificates();
+
+		$fh_certs = fopen($path . '/rootcerts.crt', 'w');
+		foreach ($certs as $cert) {
+			$file = $path . '/uploads/' . $cert;
+			$data = file_get_contents($file);
+			if (strpos($data, 'BEGIN CERTIFICATE')) {
+				fwrite($fh_certs, $data);
+				fwrite($fh_certs, "\r\n");
+			}
+		}
+
+		fclose($fh_certs);
+	}
+
+	/**
+	 * Save the certificate and re-generate the certificate bundle
+	 *
+	 * @param string $certificate the certificate data
+	 * @param string $name the filename for the certificate
+	 * @return bool | \OCP\ICertificate
+	 */
+	public function addCertificate($certificate, $name) {
+		if (!\OC\Files\Filesystem::isValidPath($name)) {
+			return false;
+		}
+		$isValid = openssl_pkey_get_public($certificate);
+
+		if (!$isValid) {
+			$data = chunk_split(base64_encode($certificate), 64, "\n");
+			$data = "-----BEGIN CERTIFICATE-----\n" . $data . "-----END CERTIFICATE-----\n";
+			$isValid = openssl_pkey_get_public($data);
+		}
+
+		if ($isValid) {
+			$dir = $this->user->getHome() . '/files_external/uploads/';
+			if (!file_exists($dir)) {
+				//path might not exist (e.g. non-standard OC_User::getHome() value)
+				//in this case create full path using 3rd (recursive=true) parameter.
+				//note that we use "normal" php filesystem functions here since the certs need to be local
+				mkdir($dir, 0700, true);
+			}
+			$file = $dir . $name;
+			file_put_contents($file, $certificate);
+			$this->createCertificateBundle();
+			return new Certificate($certificate, $name);
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * Remove the certificate and re-generate the certificate bundle
+	 *
+	 * @param string $name
+	 * @return bool
+	 */
+	public function removeCertificate($name) {
+		if (!Filesystem::isValidPath($name)) {
+			return false;
+		}
+		$path = $this->user->getHome() . '/files_external/uploads/';
+		if (file_exists($path . $name)) {
+			unlink($path . $name);
+			$this->createCertificateBundle();
+		}
+		return true;
+	}
+
+	/**
+	 * Get the path to the certificate bundle for this user
+	 *
+	 * @return string
+	 */
+	public function getCertificateBundle() {
+		return $this->user->getHome() . '/files_external/rootcerts.crt';
+	}
+}