From 7a443863fe8fba0f33d1eee86d85dd3d5bea2fb6 Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Fri, 11 Nov 2022 02:52:32 +0100
Subject: [BUGFIX] check return value and improve error handling

With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error.
This commit improves the handling in CertificateManager and log unexpected behaviors.

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'lib/private/Security')

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index be884654bd0..bcc992caa5d 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -228,7 +228,7 @@ class CertificateManager implements ICertificateManager {
 	 */
 	public function getAbsoluteBundlePath(): string {
 		try {
-			if (!$this->bundlePath) {
+			if ($this->bundlePath === null) {
 				if (!$this->hasCertificates()) {
 					$this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 				}
@@ -237,13 +237,16 @@ class CertificateManager implements ICertificateManager {
 					$this->createCertificateBundle();
 				}
 
-				$this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle()) ?: null;
-			}
-			if ($this->bundlePath === null) {
-				throw new \Exception('Failed to get absolute bundle path');
+				$certificateBundle = $this->getCertificateBundle();
+				$this->bundlePath = $this->view->getLocalFile($certificateBundle) ?: null;
+
+				if ($this->bundlePath === null) {
+					throw new \RuntimeException('Unable to get certificate bundle "' . $certificateBundle . '".');
+				}
 			}
 			return $this->bundlePath;
 		} catch (\Exception $e) {
+			$this->logger->error('Failed to get absolute bundle path. Fallback to default ca-bundle.crt', ['exception' => $e]);
 			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 		}
 	}
-- 
cgit v1.2.3


From 647c65a640f3e4c4b27e96f63684be2a2f55674f Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Tue, 4 Apr 2023 22:01:35 +0200
Subject: [BUGFIX] throw exception instead of error if unable to create file
 handler (only exceptions are catch)

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/private/Security')

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index bcc992caa5d..3338c00f579 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -138,6 +138,10 @@ class CertificateManager implements ICertificateManager {
 		$tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS);
 		$fhCerts = $this->view->fopen($tmpPath, 'w');
 
+		if (!is_resource($fhCerts)) {
+			throw new \RuntimeException('Unable to open file handler to create certificate bundle "' . $tmpPath . '".');
+		}
+
 		// Write user certificates
 		foreach ($certs as $cert) {
 			$file = $path . '/uploads/' . $cert->getName();
-- 
cgit v1.2.3