2 files changed, 98 insertions, 83 deletions
diff --git a/lib/private/Federation/CloudFederationProviderManager.php b/lib/private/Federation/CloudFederationProviderManager.php
index b11c4060ab4..07df3e7a209 100644
--- a/lib/private/Federation/CloudFederationProviderManager.php
+++ b/lib/private/Federation/CloudFederationProviderManager.php
@@ -1,9 +1,13 @@
 <?php
+
+declare(strict_types=1);
+
 /**
  * @copyright Copyright (c) 2018 Bjoern Schiessle <bjoern@schiessle.org>
  *
  * @author Bjoern Schiessle <bjoern@schiessle.org>
  * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @author Maxence Lange <maxence@artificial-owl.com>
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -32,6 +36,10 @@ use OCP\Federation\ICloudFederationProviderManager;
 use OCP\Federation\ICloudFederationShare;
 use OCP\Federation\ICloudIdManager;
 use OCP\Http\Client\IClientService;
+use OCP\Http\Client\IResponse;
+use OCP\IConfig;
+use OCP\OCM\Exceptions\OCMProviderException;
+use OCP\OCM\IOCMDiscoveryService;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -43,40 +51,16 @@ use Psr\Log\LoggerInterface;
  */
 class CloudFederationProviderManager implements ICloudFederationProviderManager {
 	/** @var array list of available cloud federation providers */
-	private $cloudFederationProvider;
-
-	/** @var IAppManager */
-	private $appManager;
-
-	/** @var IClientService */
-	private $httpClientService;
-
-	/** @var ICloudIdManager */
-	private $cloudIdManager;
-
-	private LoggerInterface $logger;
-
-	/** @var array cache OCM end-points */
-	private $ocmEndPoints = [];
-
-	private $supportedAPIVersion = '1.0-proposal1';
-
-	/**
-	 * CloudFederationProviderManager constructor.
-	 *
-	 * @param IAppManager $appManager
-	 * @param IClientService $httpClientService
-	 * @param ICloudIdManager $cloudIdManager
-	 */
-	public function __construct(IAppManager $appManager,
-								IClientService $httpClientService,
-								ICloudIdManager $cloudIdManager,
-								LoggerInterface $logger) {
-		$this->cloudFederationProvider = [];
-		$this->appManager = $appManager;
-		$this->httpClientService = $httpClientService;
-		$this->cloudIdManager = $cloudIdManager;
-		$this->logger = $logger;
+	private array $cloudFederationProvider = [];
+
+	public function __construct(
+		private IConfig $config,
+		private IAppManager $appManager,
+		private IClientService $httpClientService,
+		private ICloudIdManager $cloudIdManager,
+		private IOCMDiscoveryService $discoveryService,
+		private LoggerInterface $logger
+	) {
 	}
 
 
@@ -128,18 +112,23 @@ class CloudFederationProviderManager implements ICloudFederationProviderManager
 		}
 	}
 
+	/**
+	 * @deprecated 29.0.0 - Use {@see sendCloudShare()} instead and handle errors manually
+	 */
 	public function sendShare(ICloudFederationShare $share) {
 		$cloudID = $this->cloudIdManager->resolveCloudId($share->getShareWith());
-		$ocmEndPoint = $this->getOCMEndPoint($cloudID->getRemote());
-		if (empty($ocmEndPoint)) {
+		try {
+			$ocmProvider = $this->discoveryService->discover($cloudID->getRemote());
+		} catch (OCMProviderException $e) {
 			return false;
 		}
 
 		$client = $this->httpClientService->newClient();
 		try {
-			$response = $client->post($ocmEndPoint . '/shares', [
+			$response = $client->post($ocmProvider->getEndPoint() . '/shares', [
 				'body' => json_encode($share->getShare()),
 				'headers' => ['content-type' => 'application/json'],
+				'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
 				'timeout' => 10,
 				'connect_timeout' => 10,
 			]);
@@ -163,22 +152,52 @@ class CloudFederationProviderManager implements ICloudFederationProviderManager
 	}
 
 	/**
+	 * @param ICloudFederationShare $share
+	 * @return IResponse
+	 * @throws OCMProviderException
+	 */
+	public function sendCloudShare(ICloudFederationShare $share): IResponse {
+		$cloudID = $this->cloudIdManager->resolveCloudId($share->getShareWith());
+		$ocmProvider = $this->discoveryService->discover($cloudID->getRemote());
+
+		$client = $this->httpClientService->newClient();
+		try {
+			return $client->post($ocmProvider->getEndPoint() . '/shares', [
+				'body' => json_encode($share->getShare()),
+				'headers' => ['content-type' => 'application/json'],
+				'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
+				'timeout' => 10,
+				'connect_timeout' => 10,
+			]);
+		} catch (\Throwable $e) {
+			$this->logger->error('Error while sending share to federation server: ' . $e->getMessage(), ['exception' => $e]);
+			try {
+				return $client->getResponseFromThrowable($e);
+			} catch (\Throwable $e) {
+				throw new OCMProviderException($e->getMessage(), $e->getCode(), $e);
+			}
+		}
+	}
+
+	/**
 	 * @param string $url
 	 * @param ICloudFederationNotification $notification
 	 * @return array|false
+	 * @deprecated 29.0.0 - Use {@see sendCloudNotification()} instead and handle errors manually
 	 */
 	public function sendNotification($url, ICloudFederationNotification $notification) {
-		$ocmEndPoint = $this->getOCMEndPoint($url);
-
-		if (empty($ocmEndPoint)) {
+		try {
+			$ocmProvider = $this->discoveryService->discover($url);
+		} catch (OCMProviderException $e) {
 			return false;
 		}
 
 		$client = $this->httpClientService->newClient();
 		try {
-			$response = $client->post($ocmEndPoint . '/notifications', [
+			$response = $client->post($ocmProvider->getEndPoint() . '/notifications', [
 				'body' => json_encode($notification->getMessage()),
 				'headers' => ['content-type' => 'application/json'],
+				'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
 				'timeout' => 10,
 				'connect_timeout' => 10,
 			]);
@@ -195,43 +214,39 @@ class CloudFederationProviderManager implements ICloudFederationProviderManager
 	}
 
 	/**
-	 * check if the new cloud federation API is ready to be used
-	 *
-	 * @return bool
-	 */
-	public function isReady() {
-		return $this->appManager->isEnabledForUser('cloud_federation_api');
-	}
-	/**
-	 * check if server supports the new OCM api and ask for the correct end-point
-	 *
-	 * @param string $url full base URL of the cloud server
-	 * @return string
+	 * @param string $url
+	 * @param ICloudFederationNotification $notification
+	 * @return IResponse
+	 * @throws OCMProviderException
 	 */
-	protected function getOCMEndPoint($url) {
-		if (isset($this->ocmEndPoints[$url])) {
-			return $this->ocmEndPoints[$url];
-		}
+	public function sendCloudNotification(string $url, ICloudFederationNotification $notification): IResponse {
+		$ocmProvider = $this->discoveryService->discover($url);
 
 		$client = $this->httpClientService->newClient();
 		try {
-			$response = $client->get($url . '/ocm-provider/', ['timeout' => 10, 'connect_timeout' => 10]);
-		} catch (\Exception $e) {
-			$this->ocmEndPoints[$url] = '';
-			return '';
-		}
-
-		$result = $response->getBody();
-		$result = json_decode($result, true);
-
-		$supportedVersion = isset($result['apiVersion']) && $result['apiVersion'] === $this->supportedAPIVersion;
-
-		if (isset($result['endPoint']) && $supportedVersion) {
-			$this->ocmEndPoints[$url] = $result['endPoint'];
-			return $result['endPoint'];
+			return $client->post($ocmProvider->getEndPoint() . '/notifications', [
+				'body' => json_encode($notification->getMessage()),
+				'headers' => ['content-type' => 'application/json'],
+				'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
+				'timeout' => 10,
+				'connect_timeout' => 10,
+			]);
+		} catch (\Throwable $e) {
+			$this->logger->error('Error while sending notification to federation server: ' . $e->getMessage(), ['exception' => $e]);
+			try {
+				return $client->getResponseFromThrowable($e);
+			} catch (\Throwable $e) {
+				throw new OCMProviderException($e->getMessage(), $e->getCode(), $e);
+			}
 		}
+	}
 
-		$this->ocmEndPoints[$url] = '';
-		return '';
+	/**
+	 * check if the new cloud federation API is ready to be used
+	 *
+	 * @return bool
+	 */
+	public function isReady() {
+		return $this->appManager->isEnabledForUser('cloud_federation_api');
 	}
 }
diff --git a/lib/private/Federation/CloudFederationShare.php b/lib/private/Federation/CloudFederationShare.php
index 0f79ba521ea..4b741b28bee 100644
--- a/lib/private/Federation/CloudFederationShare.php
+++ b/lib/private/Federation/CloudFederationShare.php
@@ -57,16 +57,16 @@ class CloudFederationShare implements ICloudFederationShare {
 	 * @param string $sharedSecret
 	 */
 	public function __construct($shareWith = '',
-								$name = '',
-								$description = '',
-								$providerId = '',
-								$owner = '',
-								$ownerDisplayName = '',
-								$sharedBy = '',
-								$sharedByDisplayName = '',
-								$shareType = '',
-								$resourceType = '',
-								$sharedSecret = ''
+		$name = '',
+		$description = '',
+		$providerId = '',
+		$owner = '',
+		$ownerDisplayName = '',
+		$sharedBy = '',
+		$sharedByDisplayName = '',
+		$shareType = '',
+		$resourceType = '',
+		$sharedSecret = ''
 	) {
 		$this->setShareWith($shareWith);
 		$this->setResourceName($name);