summaryrefslogtreecommitdiffstats
path: root/settings/controller
diff options
context:
space:
mode:
authorRobin Appelman <icewind@owncloud.com>2015-12-22 17:42:28 +0100
committerRobin Appelman <icewind@owncloud.com>2016-01-12 12:50:59 +0100
commitc15cab7ed6bf2d3ce9009ca09c7c5f33b252860f (patch)
tree08d3aefd146ce159b23073958f2fb7e96ace4143 /settings/controller
parent0c0829fbc73ce10ea1a951989c20973b6b5faa16 (diff)
downloadnextcloud-server-c15cab7ed6bf2d3ce9009ca09c7c5f33b252860f.tar.gz
nextcloud-server-c15cab7ed6bf2d3ce9009ca09c7c5f33b252860f.zip
Allow admins to add system wide root certificates
Diffstat (limited to 'settings/controller')
-rw-r--r--settings/controller/certificatecontroller.php71
1 files changed, 55 insertions, 16 deletions
diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php
index e360a1053c3..1c8dfe35556 100644
--- a/settings/controller/certificatecontroller.php
+++ b/settings/controller/certificatecontroller.php
@@ -36,7 +36,9 @@ use OCP\IRequest;
*/
class CertificateController extends Controller {
/** @var ICertificateManager */
- private $certificateManager;
+ private $userCertificateManager;
+ /** @var ICertificateManager */
+ private $systemCertificateManager;
/** @var IL10N */
private $l10n;
/** @var IAppManager */
@@ -45,17 +47,20 @@ class CertificateController extends Controller {
/**
* @param string $appName
* @param IRequest $request
- * @param ICertificateManager $certificateManager
+ * @param ICertificateManager $userCertificateManager
+ * @param ICertificateManager $systemCertificateManager
* @param IL10N $l10n
* @param IAppManager $appManager
*/
public function __construct($appName,
IRequest $request,
- ICertificateManager $certificateManager,
+ ICertificateManager $userCertificateManager,
+ ICertificateManager $systemCertificateManager,
IL10N $l10n,
IAppManager $appManager) {
parent::__construct($appName, $request);
- $this->certificateManager = $certificateManager;
+ $this->userCertificateManager = $userCertificateManager;
+ $this->systemCertificateManager = $systemCertificateManager;
$this->l10n = $l10n;
$this->appManager = $appManager;
}
@@ -68,6 +73,16 @@ class CertificateController extends Controller {
* @return array
*/
public function addPersonalRootCertificate() {
+ return $this->addCertificate($this->userCertificateManager);
+ }
+
+ /**
+ * Add a new root certificate to a trust store
+ *
+ * @param ICertificateManager $certificateManager
+ * @return array
+ */
+ private function addCertificate(ICertificateManager $certificateManager) {
$headers = [];
if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {
// due to upload iframe workaround, need to set content-type to text/plain
@@ -79,23 +94,23 @@ class CertificateController extends Controller {
}
$file = $this->request->getUploadedFile('rootcert_import');
- if(empty($file)) {
+ if (empty($file)) {
return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
}
try {
- $certificate = $this->certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
+ $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
return new DataResponse(
[
- 'name' => $certificate->getName(),
- 'commonName' => $certificate->getCommonName(),
- 'organization' => $certificate->getOrganization(),
- 'validFrom' => $certificate->getIssueDate()->getTimestamp(),
- 'validTill' => $certificate->getExpireDate()->getTimestamp(),
- 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
- 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
- 'issuer' => $certificate->getIssuerName(),
- 'issuerOrganization' => $certificate->getIssuerOrganization(),
+ 'name' => $certificate->getName(),
+ 'commonName' => $certificate->getCommonName(),
+ 'organization' => $certificate->getOrganization(),
+ 'validFrom' => $certificate->getIssueDate()->getTimestamp(),
+ 'validTill' => $certificate->getExpireDate()->getTimestamp(),
+ 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
+ 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
+ 'issuer' => $certificate->getIssuerName(),
+ 'issuerOrganization' => $certificate->getIssuerOrganization(),
],
Http::STATUS_OK,
$headers
@@ -119,7 +134,7 @@ class CertificateController extends Controller {
return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
}
- $this->certificateManager->removeCertificate($certificateIdentifier);
+ $this->userCertificateManager->removeCertificate($certificateIdentifier);
return new DataResponse();
}
@@ -140,4 +155,28 @@ class CertificateController extends Controller {
return false;
}
+ /**
+ * Add a new personal root certificate to the system's trust store
+ *
+ * @return array
+ */
+ public function addSystemRootCertificate() {
+ return $this->addCertificate($this->systemCertificateManager);
+ }
+
+ /**
+ * Removes a personal root certificate from the users' trust store
+ *
+ * @param string $certificateIdentifier
+ * @return DataResponse
+ */
+ public function removeSystemRootCertificate($certificateIdentifier) {
+
+ if ($this->isCertificateImportAllowed() === false) {
+ return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+ }
+
+ $this->systemCertificateManager->removeCertificate($certificateIdentifier);
+ return new DataResponse();
+ }
}