diff options
author | Robin Appelman <icewind@owncloud.com> | 2015-12-22 17:42:28 +0100 |
---|---|---|
committer | Robin Appelman <icewind@owncloud.com> | 2016-01-12 12:50:59 +0100 |
commit | c15cab7ed6bf2d3ce9009ca09c7c5f33b252860f (patch) | |
tree | 08d3aefd146ce159b23073958f2fb7e96ace4143 /settings/controller | |
parent | 0c0829fbc73ce10ea1a951989c20973b6b5faa16 (diff) | |
download | nextcloud-server-c15cab7ed6bf2d3ce9009ca09c7c5f33b252860f.tar.gz nextcloud-server-c15cab7ed6bf2d3ce9009ca09c7c5f33b252860f.zip |
Allow admins to add system wide root certificates
Diffstat (limited to 'settings/controller')
-rw-r--r-- | settings/controller/certificatecontroller.php | 71 |
1 files changed, 55 insertions, 16 deletions
diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php index e360a1053c3..1c8dfe35556 100644 --- a/settings/controller/certificatecontroller.php +++ b/settings/controller/certificatecontroller.php @@ -36,7 +36,9 @@ use OCP\IRequest; */ class CertificateController extends Controller { /** @var ICertificateManager */ - private $certificateManager; + private $userCertificateManager; + /** @var ICertificateManager */ + private $systemCertificateManager; /** @var IL10N */ private $l10n; /** @var IAppManager */ @@ -45,17 +47,20 @@ class CertificateController extends Controller { /** * @param string $appName * @param IRequest $request - * @param ICertificateManager $certificateManager + * @param ICertificateManager $userCertificateManager + * @param ICertificateManager $systemCertificateManager * @param IL10N $l10n * @param IAppManager $appManager */ public function __construct($appName, IRequest $request, - ICertificateManager $certificateManager, + ICertificateManager $userCertificateManager, + ICertificateManager $systemCertificateManager, IL10N $l10n, IAppManager $appManager) { parent::__construct($appName, $request); - $this->certificateManager = $certificateManager; + $this->userCertificateManager = $userCertificateManager; + $this->systemCertificateManager = $systemCertificateManager; $this->l10n = $l10n; $this->appManager = $appManager; } @@ -68,6 +73,16 @@ class CertificateController extends Controller { * @return array */ public function addPersonalRootCertificate() { + return $this->addCertificate($this->userCertificateManager); + } + + /** + * Add a new root certificate to a trust store + * + * @param ICertificateManager $certificateManager + * @return array + */ + private function addCertificate(ICertificateManager $certificateManager) { $headers = []; if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) { // due to upload iframe workaround, need to set content-type to text/plain @@ -79,23 +94,23 @@ class CertificateController extends Controller { } $file = $this->request->getUploadedFile('rootcert_import'); - if(empty($file)) { + if (empty($file)) { return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers); } try { - $certificate = $this->certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']); + $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']); return new DataResponse( [ - 'name' => $certificate->getName(), - 'commonName' => $certificate->getCommonName(), - 'organization' => $certificate->getOrganization(), - 'validFrom' => $certificate->getIssueDate()->getTimestamp(), - 'validTill' => $certificate->getExpireDate()->getTimestamp(), - 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()), - 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()), - 'issuer' => $certificate->getIssuerName(), - 'issuerOrganization' => $certificate->getIssuerOrganization(), + 'name' => $certificate->getName(), + 'commonName' => $certificate->getCommonName(), + 'organization' => $certificate->getOrganization(), + 'validFrom' => $certificate->getIssueDate()->getTimestamp(), + 'validTill' => $certificate->getExpireDate()->getTimestamp(), + 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()), + 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()), + 'issuer' => $certificate->getIssuerName(), + 'issuerOrganization' => $certificate->getIssuerOrganization(), ], Http::STATUS_OK, $headers @@ -119,7 +134,7 @@ class CertificateController extends Controller { return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); } - $this->certificateManager->removeCertificate($certificateIdentifier); + $this->userCertificateManager->removeCertificate($certificateIdentifier); return new DataResponse(); } @@ -140,4 +155,28 @@ class CertificateController extends Controller { return false; } + /** + * Add a new personal root certificate to the system's trust store + * + * @return array + */ + public function addSystemRootCertificate() { + return $this->addCertificate($this->systemCertificateManager); + } + + /** + * Removes a personal root certificate from the users' trust store + * + * @param string $certificateIdentifier + * @return DataResponse + */ + public function removeSystemRootCertificate($certificateIdentifier) { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + + $this->systemCertificateManager->removeCertificate($certificateIdentifier); + return new DataResponse(); + } } |