From ba8416a04fbeb292c00cb10c215bb03fe2f2628f Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Mon, 18 Aug 2014 13:43:25 +0200 Subject: move certificate classes to their own namespace --- lib/private/certificate.php | 116 ---------------------- lib/private/certificate/certificate.php | 116 ++++++++++++++++++++++ lib/private/certificate/certificatemanager.php | 127 +++++++++++++++++++++++++ lib/private/certificatemanager.php | 127 ------------------------- lib/private/server.php | 1 + 5 files changed, 244 insertions(+), 243 deletions(-) delete mode 100644 lib/private/certificate.php create mode 100644 lib/private/certificate/certificate.php create mode 100644 lib/private/certificate/certificatemanager.php delete mode 100644 lib/private/certificatemanager.php diff --git a/lib/private/certificate.php b/lib/private/certificate.php deleted file mode 100644 index 294722bc660..00000000000 --- a/lib/private/certificate.php +++ /dev/null @@ -1,116 +0,0 @@ - - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -namespace OC; - -use OCP\ICertificate; - -class Certificate implements ICertificate { - protected $name; - - protected $commonName; - - protected $organization; - - protected $serial; - - protected $issueDate; - - protected $expireDate; - - protected $issuerName; - - protected $issuerOrganization; - - public function __construct($data, $name) { - $this->name = $name; - $info = openssl_x509_parse($data); - $this->commonName = $info['subject']['CN']; - $this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null; - $this->serial = $this->formatSerial($info['serialNumber']); - $this->issueDate = new \DateTime('@' . $info['validFrom_time_t']); - $this->expireDate = new \DateTime('@' . $info['validTo_time_t']); - $this->issuerName = $info['issuer']['CN']; - $this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null; - } - - /** - * Format the numeric serial into AA:BB:CC hex format - * - * @param int $serial - * @return string - */ - protected function formatSerial($serial) { - $hex = strtoupper(dechex($serial)); - return trim(chunk_split($hex, 2, ':'), ':'); - } - - /** - * @return string - */ - public function getName() { - return $this->name; - } - - /** - * @return string - */ - public function getCommonName() { - return $this->commonName; - } - - /** - * @return string - */ - public function getOrganization() { - return $this->organization; - } - - /** - * @return string - */ - public function getSerial() { - return $this->getSerial(); - } - - /** - * @return \DateTime - */ - public function getIssueDate() { - return $this->issueDate; - } - - /** - * @return \DateTime - */ - public function getExpireDate() { - return $this->expireDate; - } - - /** - * @return bool - */ - public function isExpired() { - $now = new \DateTime(); - return !($this->issueDate <= $now and $now <= $this->expireDate); - } - - /** - * @return string - */ - public function getIssuerName() { - return $this->issuerName; - } - - /** - * @return string - */ - public function getIssuerOrganization() { - return $this->issuerOrganization; - } -} diff --git a/lib/private/certificate/certificate.php b/lib/private/certificate/certificate.php new file mode 100644 index 00000000000..801afa79167 --- /dev/null +++ b/lib/private/certificate/certificate.php @@ -0,0 +1,116 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Certificate; + +use OCP\ICertificate; + +class Certificate implements ICertificate { + protected $name; + + protected $commonName; + + protected $organization; + + protected $serial; + + protected $issueDate; + + protected $expireDate; + + protected $issuerName; + + protected $issuerOrganization; + + public function __construct($data, $name) { + $this->name = $name; + $info = openssl_x509_parse($data); + $this->commonName = $info['subject']['CN']; + $this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null; + $this->serial = $this->formatSerial($info['serialNumber']); + $this->issueDate = new \DateTime('@' . $info['validFrom_time_t']); + $this->expireDate = new \DateTime('@' . $info['validTo_time_t']); + $this->issuerName = $info['issuer']['CN']; + $this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null; + } + + /** + * Format the numeric serial into AA:BB:CC hex format + * + * @param int $serial + * @return string + */ + protected function formatSerial($serial) { + $hex = strtoupper(dechex($serial)); + return trim(chunk_split($hex, 2, ':'), ':'); + } + + /** + * @return string + */ + public function getName() { + return $this->name; + } + + /** + * @return string + */ + public function getCommonName() { + return $this->commonName; + } + + /** + * @return string + */ + public function getOrganization() { + return $this->organization; + } + + /** + * @return string + */ + public function getSerial() { + return $this->serial; + } + + /** + * @return \DateTime + */ + public function getIssueDate() { + return $this->issueDate; + } + + /** + * @return \DateTime + */ + public function getExpireDate() { + return $this->expireDate; + } + + /** + * @return bool + */ + public function isExpired() { + $now = new \DateTime(); + return !($this->issueDate <= $now and $now <= $this->expireDate); + } + + /** + * @return string + */ + public function getIssuerName() { + return $this->issuerName; + } + + /** + * @return string + */ + public function getIssuerOrganization() { + return $this->issuerOrganization; + } +} diff --git a/lib/private/certificate/certificatemanager.php b/lib/private/certificate/certificatemanager.php new file mode 100644 index 00000000000..c6207f057dc --- /dev/null +++ b/lib/private/certificate/certificatemanager.php @@ -0,0 +1,127 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Certificate; + +use OCP\ICertificateManager; + +/** + * Manage trusted certificates for users + */ +class CertificateManager implements ICertificateManager { + /** + * @var \OCP\IUser + */ + protected $user; + + /** + * @param \OCP\IUser $user + */ + public function __construct($user) { + $this->user = $user; + } + + /** + * Returns all certificates trusted by the user + * + * @return \OCP\ICertificate[] + */ + public function listCertificates() { + $path = $this->user->getHome() . '/files_external/uploads/'; + if (!is_dir($path)) { + //path might not exist (e.g. non-standard OC_User::getHome() value) + //in this case create full path using 3rd (recursive=true) parameter. + //note that we use "normal" php filesystem functions here since the certs need to be local + mkdir($path, 0700, true); + } + $result = array(); + $handle = opendir($path); + if (!is_resource($handle)) { + return array(); + } + while (false !== ($file = readdir($handle))) { + if ($file != '.' && $file != '..') { + $result[] = new Certificate(file_get_contents($path . $file), $file); + } + } + return $result; + } + + /** + * create the certificate bundle of all trusted certificated + */ + protected function createCertificateBundle() { + $path = $this->user->getHome() . '/files_external/'; + $certs = $this->listCertificates(); + + $fh_certs = fopen($path . '/rootcerts.crt', 'w'); + foreach ($certs as $cert) { + $file = $path . '/uploads/' . $cert; + $fh = fopen($file, 'r'); + $data = fread($fh, filesize($file)); + fclose($fh); + if (strpos($data, 'BEGIN CERTIFICATE')) { + fwrite($fh_certs, $data); + fwrite($fh_certs, "\r\n"); + } + } + + fclose($fh_certs); + } + + /** + * @param string $certificate the certificate data + * @param string $name the filename for the certificate + * @return bool | \OCP\ICertificate + */ + public function addCertificate($certificate, $name) { + if (!\OC\Files\Filesystem::isValidPath($name)) { + return false; + } + $isValid = openssl_pkey_get_public($certificate); + + if (!$isValid) { + $data = chunk_split(base64_encode($certificate), 64, "\n"); + $data = "-----BEGIN CERTIFICATE-----\n" . $data . "-----END CERTIFICATE-----\n"; + $isValid = openssl_pkey_get_public($data); + } + + if ($isValid) { + $file = $this->user->getHome() . '/files_external/uploads/' . $name; + file_put_contents($file, $certificate); + $this->createCertificateBundle(); + return new Certificate($certificate, $name); + } else { + return false; + } + } + + /** + * @param string $name + * @return bool + */ + public function removeCertificate($name) { + if (!\OC\Files\Filesystem::isValidPath($name)) { + return false; + } + $path = $this->user->getHome() . '/files_external/uploads/'; + if (file_exists($path . $name)) { + unlink($path . $name); + $this->createCertificateBundle(); + } + } + + /** + * Get the path to the certificate bundle for this user + * + * @return string + */ + public function getCertificateBundle() { + return $this->user->getHome() . '/files_external/rootcerts.crt'; + } +} diff --git a/lib/private/certificatemanager.php b/lib/private/certificatemanager.php deleted file mode 100644 index 90a30182c65..00000000000 --- a/lib/private/certificatemanager.php +++ /dev/null @@ -1,127 +0,0 @@ - - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. - */ - -namespace OC; - -use OCP\ICertificateManager; - -/** - * Manage trusted certificates for users - */ -class CertificateManager implements ICertificateManager { - /** - * @var \OCP\IUser - */ - protected $user; - - /** - * @param \OCP\IUser $user - */ - public function __construct($user) { - $this->user = $user; - } - - /** - * Returns all certificates trusted by the user - * - * @return \OCP\ICertificate[] - */ - public function listCertificates() { - $path = $this->user->getHome() . '/files_external/uploads/'; - if (!is_dir($path)) { - //path might not exist (e.g. non-standard OC_User::getHome() value) - //in this case create full path using 3rd (recursive=true) parameter. - //note that we use "normal" php filesystem functions here since the certs need to be local - mkdir($path, 0700, true); - } - $result = array(); - $handle = opendir($path); - if (!is_resource($handle)) { - return array(); - } - while (false !== ($file = readdir($handle))) { - if ($file != '.' && $file != '..') { - $result[] = new Certificate(file_get_contents($path . $file), $file); - } - } - return $result; - } - - /** - * create the certificate bundle of all trusted certificated - */ - protected function createCertificateBundle() { - $path = $this->user->getHome() . '/files_external/'; - $certs = $this->listCertificates(); - - $fh_certs = fopen($path . '/rootcerts.crt', 'w'); - foreach ($certs as $cert) { - $file = $path . '/uploads/' . $cert; - $fh = fopen($file, 'r'); - $data = fread($fh, filesize($file)); - fclose($fh); - if (strpos($data, 'BEGIN CERTIFICATE')) { - fwrite($fh_certs, $data); - fwrite($fh_certs, "\r\n"); - } - } - - fclose($fh_certs); - } - - /** - * @param string $certificate the certificate data - * @param string $name the filename for the certificate - * @return bool | \OCP\ICertificate - */ - public function addCertificate($certificate, $name) { - if (!\OC\Files\Filesystem::isValidPath($name)) { - return false; - } - $isValid = openssl_pkey_get_public($certificate); - - if (!$isValid) { - $data = chunk_split(base64_encode($certificate), 64, "\n"); - $data = "-----BEGIN CERTIFICATE-----\n" . $data . "-----END CERTIFICATE-----\n"; - $isValid = openssl_pkey_get_public($data); - } - - if ($isValid) { - $file = $this->user->getHome() . '/files_external/uploads/' . $name; - file_put_contents($file, $certificate); - $this->createCertificateBundle(); - return new Certificate($certificate, $name); - } else { - return false; - } - } - - /** - * @param string $name - * @return bool - */ - public function removeCertificate($name) { - if (!\OC\Files\Filesystem::isValidPath($name)) { - return false; - } - $path = $this->user->getHome() . '/files_external/uploads/'; - if (file_exists($path . $name)) { - unlink($path . $name); - $this->createCertificateBundle(); - } - } - - /** - * Get the path to the certificate bundle for this user - * - * @return string - */ - public function getCertificateBundle() { - return $this->user->getHome() . '/files_external/rootcerts.crt'; - } -} diff --git a/lib/private/server.php b/lib/private/server.php index a30571c1e13..311001ce407 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -6,6 +6,7 @@ use OC\AppFramework\Http\Request; use OC\AppFramework\Db\Db; use OC\AppFramework\Utility\SimpleContainer; use OC\Cache\UserCache; +use OC\Certificate\CertificateManager; use OC\DB\ConnectionWrapper; use OC\Files\Node\Root; use OC\Files\View; -- cgit v1.2.3