diff options
Diffstat (limited to 'settings')
| -rw-r--r-- | settings/admin.php | 14 | ||||
| -rw-r--r-- | settings/application.php | 4 | ||||
| -rw-r--r-- | settings/controller/certificatecontroller.php | 71 | ||||
| -rw-r--r-- | settings/js/certificates.js | 69 | ||||
| -rw-r--r-- | settings/js/personal.js | 67 | ||||
| -rw-r--r-- | settings/personal.php | 19 | ||||
| -rw-r--r-- | settings/routes.php | 2 | ||||
| -rw-r--r-- | settings/templates/certificates.php | 44 | ||||
| -rw-r--r-- | settings/templates/personal.php | 42 |
9 files changed, 200 insertions, 132 deletions
diff --git a/settings/admin.php b/settings/admin.php index d484d6a1e48..7bd3760b6ce 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -38,6 +38,10 @@ OC_Util::checkAdminUser(); $template = new OC_Template('settings', 'admin', 'user'); $l = \OC::$server->getL10N('settings'); +OC_Util::addScript('settings', 'certificates'); +OC_Util::addScript('files', 'jquery.iframe-transport'); +OC_Util::addScript('files', 'jquery.fileupload'); + $showLog = (\OC::$server->getConfig()->getSystemValue('log_type', 'owncloud') === 'owncloud'); $numEntriesToLoad = 3; $entries = OC_Log_Owncloud::getEntries($numEntriesToLoad + 1); @@ -52,6 +56,8 @@ if($doesLogFileExist) { $config = \OC::$server->getConfig(); $appConfig = \OC::$server->getAppConfig(); $request = \OC::$server->getRequest(); +$certificateManager = \OC::$server->getCertificateManager(null); +$urlGenerator = \OC::$server->getURLGenerator(); // Should we display sendmail as an option? $template->assign('sendmail_is_available', (bool) \OC_Helper::findBinaryPath('sendmail')); @@ -151,6 +157,14 @@ $template->assign('OutdatedCacheWarning', $outdatedCaches); // add hardcoded forms from the template $forms = OC_App::getForms('admin'); + +$certificatesTemplate = new OC_Template('settings', 'certificates'); +$certificatesTemplate->assign('type', 'admin'); +$certificatesTemplate->assign('uploadRoute', 'settings.Certificate.addSystemRootCertificate'); +$certificatesTemplate->assign('certs', $certificateManager->listCertificates()); +$certificatesTemplate->assign('urlGenerator', $urlGenerator); +$forms[] = $certificatesTemplate->fetchPage(); + $formsAndMore = array(); if ($request->getServerProtocol() !== 'https' || !OC_Util::isAnnotationsWorking() || $suggestedOverwriteCliUrl || !OC_Util::isSetLocaleWorking() || diff --git a/settings/application.php b/settings/application.php index 729e61b5925..1c562c62a84 100644 --- a/settings/application.php +++ b/settings/application.php @@ -107,6 +107,7 @@ class Application extends App { $c->query('AppName'), $c->query('Request'), $c->query('CertificateManager'), + $c->query('SystemCertificateManager'), $c->query('L10N'), $c->query('IAppManager') ); @@ -243,6 +244,9 @@ class Application extends App { $container->registerService('CertificateManager', function(IContainer $c){ return $c->query('ServerContainer')->getCertificateManager(); }); + $container->registerService('SystemCertificateManager', function (IContainer $c) { + return $c->query('ServerContainer')->getCertificateManager(null); + }); $container->registerService('Checker', function(IContainer $c) { /** @var Server $server */ $server = $c->query('ServerContainer'); diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php index e360a1053c3..1c8dfe35556 100644 --- a/settings/controller/certificatecontroller.php +++ b/settings/controller/certificatecontroller.php @@ -36,7 +36,9 @@ use OCP\IRequest; */ class CertificateController extends Controller { /** @var ICertificateManager */ - private $certificateManager; + private $userCertificateManager; + /** @var ICertificateManager */ + private $systemCertificateManager; /** @var IL10N */ private $l10n; /** @var IAppManager */ @@ -45,17 +47,20 @@ class CertificateController extends Controller { /** * @param string $appName * @param IRequest $request - * @param ICertificateManager $certificateManager + * @param ICertificateManager $userCertificateManager + * @param ICertificateManager $systemCertificateManager * @param IL10N $l10n * @param IAppManager $appManager */ public function __construct($appName, IRequest $request, - ICertificateManager $certificateManager, + ICertificateManager $userCertificateManager, + ICertificateManager $systemCertificateManager, IL10N $l10n, IAppManager $appManager) { parent::__construct($appName, $request); - $this->certificateManager = $certificateManager; + $this->userCertificateManager = $userCertificateManager; + $this->systemCertificateManager = $systemCertificateManager; $this->l10n = $l10n; $this->appManager = $appManager; } @@ -68,6 +73,16 @@ class CertificateController extends Controller { * @return array */ public function addPersonalRootCertificate() { + return $this->addCertificate($this->userCertificateManager); + } + + /** + * Add a new root certificate to a trust store + * + * @param ICertificateManager $certificateManager + * @return array + */ + private function addCertificate(ICertificateManager $certificateManager) { $headers = []; if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) { // due to upload iframe workaround, need to set content-type to text/plain @@ -79,23 +94,23 @@ class CertificateController extends Controller { } $file = $this->request->getUploadedFile('rootcert_import'); - if(empty($file)) { + if (empty($file)) { return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers); } try { - $certificate = $this->certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']); + $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']); return new DataResponse( [ - 'name' => $certificate->getName(), - 'commonName' => $certificate->getCommonName(), - 'organization' => $certificate->getOrganization(), - 'validFrom' => $certificate->getIssueDate()->getTimestamp(), - 'validTill' => $certificate->getExpireDate()->getTimestamp(), - 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()), - 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()), - 'issuer' => $certificate->getIssuerName(), - 'issuerOrganization' => $certificate->getIssuerOrganization(), + 'name' => $certificate->getName(), + 'commonName' => $certificate->getCommonName(), + 'organization' => $certificate->getOrganization(), + 'validFrom' => $certificate->getIssueDate()->getTimestamp(), + 'validTill' => $certificate->getExpireDate()->getTimestamp(), + 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()), + 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()), + 'issuer' => $certificate->getIssuerName(), + 'issuerOrganization' => $certificate->getIssuerOrganization(), ], Http::STATUS_OK, $headers @@ -119,7 +134,7 @@ class CertificateController extends Controller { return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); } - $this->certificateManager->removeCertificate($certificateIdentifier); + $this->userCertificateManager->removeCertificate($certificateIdentifier); return new DataResponse(); } @@ -140,4 +155,28 @@ class CertificateController extends Controller { return false; } + /** + * Add a new personal root certificate to the system's trust store + * + * @return array + */ + public function addSystemRootCertificate() { + return $this->addCertificate($this->systemCertificateManager); + } + + /** + * Removes a personal root certificate from the users' trust store + * + * @param string $certificateIdentifier + * @return DataResponse + */ + public function removeSystemRootCertificate($certificateIdentifier) { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + + $this->systemCertificateManager->removeCertificate($certificateIdentifier); + return new DataResponse(); + } } diff --git a/settings/js/certificates.js b/settings/js/certificates.js new file mode 100644 index 00000000000..9ce9f9aa8d8 --- /dev/null +++ b/settings/js/certificates.js @@ -0,0 +1,69 @@ +$(document).ready(function () { + var type = $('#sslCertificate').data('type'); + $('#sslCertificate').on('click', 'td.remove', function () { + var row = $(this).parent(); + $.ajax(OC.generateUrl('settings/' + type + '/certificate/{certificate}', {certificate: row.data('name')}), { + type: 'DELETE' + }); + row.remove(); + + if ($('#sslCertificate > tbody > tr').length === 0) { + $('#sslCertificate').hide(); + } + return true; + }); + + $('#sslCertificate tr > td').tipsy({gravity: 'n', live: true}); + + $('#rootcert_import').fileupload({ + submit: function (e, data) { + data.formData = _.extend(data.formData || {}, { + requesttoken: OC.requestToken + }); + }, + success: function (data) { + if (typeof data === 'string') { + data = $.parseJSON(data); + } else if (data && data.length) { + // fetch response from iframe + data = $.parseJSON(data[0].body.innerText); + } + if (!data || typeof(data) === 'string') { + // IE8 iframe workaround comes here instead of fail() + OC.Notification.showTemporary( + t('settings', 'An error occurred. Please upload an ASCII-encoded PEM certificate.')); + return; + } + var issueDate = new Date(data.validFrom * 1000); + var expireDate = new Date(data.validTill * 1000); + var now = new Date(); + var isExpired = !(issueDate <= now && now <= expireDate); + + var row = $('<tr/>'); + row.data('name', data.name); + row.addClass(isExpired ? 'expired' : 'valid'); + row.append($('<td/>').attr('title', data.organization).text(data.commonName)); + row.append($('<td/>').attr('title', t('core,', 'Valid until {date}', {date: data.validTillString})) + .text(data.validTillString)); + row.append($('<td/>').attr('title', data.issuerOrganization).text(data.issuer)); + row.append($('<td/>').addClass('remove').append( + $('<img/>').attr({ + alt: t('core', 'Delete'), + title: t('core', 'Delete'), + src: OC.imagePath('core', 'actions/delete.svg') + }).addClass('action') + )); + + $('#sslCertificate tbody').append(row); + $('#sslCertificate').show(); + }, + fail: function () { + OC.Notification.showTemporary( + t('settings', 'An error occurred. Please upload an ASCII-encoded PEM certificate.')); + } + }); + + if ($('#sslCertificate > tbody > tr').length === 0) { + $('#sslCertificate').hide(); + } +}); diff --git a/settings/js/personal.js b/settings/js/personal.js index da74f28d70c..3e1a0d7497b 100644 --- a/settings/js/personal.js +++ b/settings/js/personal.js @@ -339,73 +339,6 @@ $(document).ready(function () { } }); - $('#sslCertificate').on('click', 'td.remove > img', function () { - var row = $(this).parent().parent(); - $.ajax(OC.generateUrl('settings/personal/certificate/{certificate}', {certificate: row.data('name')}), { - type: 'DELETE' - }); - row.remove(); - - if ($('#sslCertificate > tbody > tr').length === 0) { - $('#sslCertificate').hide(); - } - return true; - }); - - $('#sslCertificate tr > td').tipsy({gravity: 'n', live: true}); - - $('#rootcert_import').fileupload({ - submit: function(e, data) { - data.formData = _.extend(data.formData || {}, { - requesttoken: OC.requestToken - }); - }, - success: function (data) { - if (typeof data === 'string') { - data = $.parseJSON(data); - } else if (data && data.length) { - // fetch response from iframe - data = $.parseJSON(data[0].body.innerText); - } - if (!data || typeof(data) === 'string') { - // IE8 iframe workaround comes here instead of fail() - OC.Notification.showTemporary( - t('settings', 'An error occurred. Please upload an ASCII-encoded PEM certificate.')); - return; - } - var issueDate = new Date(data.validFrom * 1000); - var expireDate = new Date(data.validTill * 1000); - var now = new Date(); - var isExpired = !(issueDate <= now && now <= expireDate); - - var row = $('<tr/>'); - row.data('name', data.name); - row.addClass(isExpired? 'expired': 'valid'); - row.append($('<td/>').attr('title', data.organization).text(data.commonName)); - row.append($('<td/>').attr('title', t('core,', 'Valid until {date}', {date: data.validTillString})) - .text(data.validTillString)); - row.append($('<td/>').attr('title', data.issuerOrganization).text(data.issuer)); - row.append($('<td/>').addClass('remove').append( - $('<img/>').attr({ - alt: t('core', 'Delete'), - title: t('core', 'Delete'), - src: OC.imagePath('core', 'actions/delete.svg') - }).addClass('action') - )); - - $('#sslCertificate tbody').append(row); - $('#sslCertificate').show(); - }, - fail: function () { - OC.Notification.showTemporary( - t('settings', 'An error occurred. Please upload an ASCII-encoded PEM certificate.')); - } - }); - - if ($('#sslCertificate > tbody > tr').length === 0) { - $('#sslCertificate').hide(); - } - // Load the big avatar if (oc_config.enable_avatars) { $('#avatar .avatardiv').avatar(OC.currentUser, 145); diff --git a/settings/personal.php b/settings/personal.php index c4e1c057bf3..54698fd6d54 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -43,6 +43,7 @@ $urlGenerator = \OC::$server->getURLGenerator(); // Highlight navigation entry OC_Util::addScript( 'settings', 'personal' ); +OC_Util::addScript('settings', 'certificates'); OC_Util::addStyle( 'settings', 'settings' ); \OC_Util::addVendorScript('strengthify/jquery.strengthify'); \OC_Util::addVendorStyle('strengthify/strengthify'); @@ -168,6 +169,17 @@ $formsAndMore[]= ['anchor' => 'clientsbox', 'section-name' => $l->t('Sync client $forms=OC_App::getForms('personal'); + +// add bottom hardcoded forms from the template +if ($enableCertImport) { + $certificatesTemplate = new OC_Template('settings', 'certificates'); + $certificatesTemplate->assign('type', 'personal'); + $certificatesTemplate->assign('uploadRoute', 'settings.Certificate.addPersonalRootCertificate'); + $certificatesTemplate->assign('certs', $certificateManager->listCertificates()); + $certificatesTemplate->assign('urlGenerator', $urlGenerator); + $forms[] = $certificatesTemplate->fetchPage(); +} + $formsMap = array_map(function($form){ if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) { $sectionName = str_replace('<h2'.$regs['class'].'>', '', $regs[0]); @@ -188,12 +200,5 @@ $formsMap = array_map(function($form){ $formsAndMore = array_merge($formsAndMore, $formsMap); -// add bottom hardcoded forms from the template -if($enableCertImport) { - $formsAndMore[]= array( 'anchor' => 'ssl-root-certificates', 'section-name' => $l->t('SSL root certificates') ); -} - - - $tmpl->assign('forms', $formsAndMore); $tmpl->printPage(); diff --git a/settings/routes.php b/settings/routes.php index 6b6b0150168..0cc5e1eccab 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -57,6 +57,8 @@ $application->registerRoutes($this, [ ['name' => 'CheckSetup#rescanFailedIntegrityCheck', 'url' => '/settings/integrity/rescan', 'verb' => 'GET'], ['name' => 'Certificate#addPersonalRootCertificate', 'url' => '/settings/personal/certificate', 'verb' => 'POST'], ['name' => 'Certificate#removePersonalRootCertificate', 'url' => '/settings/personal/certificate/{certificateIdentifier}', 'verb' => 'DELETE'], + ['name' => 'Certificate#addSystemRootCertificate', 'url' => '/settings/admin/certificate', 'verb' => 'POST'], + ['name' => 'Certificate#removeSystemRootCertificate', 'url' => '/settings/admin/certificate/{certificateIdentifier}', 'verb' => 'DELETE'], ] ]); diff --git a/settings/templates/certificates.php b/settings/templates/certificates.php new file mode 100644 index 00000000000..c1ccdcaef95 --- /dev/null +++ b/settings/templates/certificates.php @@ -0,0 +1,44 @@ +<div class="section"> + <h2><?php p($l->t('SSL Root Certificates')); ?></h2> + <table id="sslCertificate" class="grid" data-type="<?php p($_['type']); ?>"> + <thead> + <tr> + <th><?php p($l->t('Common Name')); ?></th> + <th><?php p($l->t('Valid until')); ?></th> + <th><?php p($l->t('Issued By')); ?></th> + </tr> + </thead> + <tbody> + <?php foreach ($_['certs'] as $rootCert): /**@var \OCP\ICertificate $rootCert */ ?> + <tr class="<?php echo ($rootCert->isExpired()) ? 'expired' : 'valid' ?>" + data-name="<?php p($rootCert->getName()) ?>"> + <td class="rootCert" + title="<?php p($rootCert->getOrganization()) ?>"> + <?php p($rootCert->getCommonName()) ?> + </td> + <td title="<?php p($l->t('Valid until %s', $l->l('date', $rootCert->getExpireDate()))) ?>"> + <?php echo $l->l('date', $rootCert->getExpireDate()) ?> + </td> + <td title="<?php p($rootCert->getIssuerOrganization()) ?>"> + <?php p($rootCert->getIssuerName()) ?> + </td> + <td <?php if ($rootCert != ''): ?>class="remove" + <?php else: ?>style="visibility:hidden;" + <?php endif; ?>><img alt="<?php p($l->t('Delete')); ?>" + title="<?php p($l->t('Delete')); ?>" + class="svg action" + src="<?php print_unescaped(image_path('core', 'actions/delete.svg')); ?>"/> + </td> + </tr> + <?php endforeach; ?> + </tbody> + </table> + <form class="uploadButton" method="post" + action="<?php p($_['urlGenerator']->linkToRoute($_['uploadRoute'])); ?>" + target="certUploadFrame"> + <label for="rootcert_import" class="inlineblock button" + id="rootcert_import_button"><?php p($l->t('Import root certificate')); ?></label> + <input type="file" id="rootcert_import" name="rootcert_import" + class="hiddenuploadfield"> + </form> +</div> diff --git a/settings/templates/personal.php b/settings/templates/personal.php index ce179ca8788..5bae01742b6 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -204,48 +204,6 @@ if($_['passwordChangeSupported']) { <?php } };?> -<?php if($_['showCertificates']) : ?> -<div id="ssl-root-certificates" class="section"> - <h2><?php p($l->t('SSL root certificates')); ?></h2> - <table id="sslCertificate" class="grid"> - <thead> - <tr> - <th><?php p($l->t('Common Name')); ?></th> - <th><?php p($l->t('Valid until')); ?></th> - <th><?php p($l->t('Issued By')); ?></th> - <th></th> - </tr> - </thead> - <tbody> - <?php foreach ($_['certs'] as $rootCert): /**@var \OCP\ICertificate $rootCert*/ ?> - <tr class="<?php echo ($rootCert->isExpired()) ? 'expired' : 'valid' ?>" data-name="<?php p($rootCert->getName()) ?>"> - <td class="rootCert" title="<?php p($rootCert->getOrganization())?>"> - <?php p($rootCert->getCommonName()) ?> - </td> - <td title="<?php p($l->t('Valid until %s', $l->l('date', $rootCert->getExpireDate()))) ?>"> - <?php echo $l->l('date', $rootCert->getExpireDate()) ?> - </td> - <td title="<?php p($rootCert->getIssuerOrganization()) ?>"> - <?php p($rootCert->getIssuerName()) ?> - </td> - <td <?php if ($rootCert != ''): ?>class="remove" - <?php else: ?>style="visibility:hidden;" - <?php endif; ?>><img alt="<?php p($l->t('Delete')); ?>" - title="<?php p($l->t('Delete')); ?>" - class="svg action" - src="<?php print_unescaped(image_path('core', 'actions/delete.svg')); ?>"/> - </td> - </tr> - <?php endforeach; ?> - </tbody> - </table> - <form class="uploadButton" method="post" action="<?php p($_['urlGenerator']->linkToRoute('settings.Certificate.addPersonalRootCertificate')); ?>" target="certUploadFrame"> - <label for="rootcert_import" class="inlineblock button" id="rootcert_import_button"><?php p($l->t('Import root certificate')); ?></label> - <input type="file" id="rootcert_import" name="rootcert_import" class="hiddenuploadfield"> - </form> -</div> -<?php endif; ?> - <div class="section"> <h2><?php p($l->t('Version'));?></h2> <p><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></p> |