2015-04-15 15:21:23 +03:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-21 18:07:57 +03:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Björn Schießle <bjoern@schiessle.org>
|
|
|
|
* @author Lukas Reschke <lukas@statuscode.ch>
|
2016-03-01 19:25:15 +03:00
|
|
|
* @author Robin Appelman <icewind@owncloud.com>
|
2015-10-26 15:54:55 +03:00
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
2015-04-15 15:21:23 +03:00
|
|
|
*
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OC\Settings\Controller;
|
|
|
|
|
2015-08-04 19:33:19 +03:00
|
|
|
use OCP\App\IAppManager;
|
2015-04-15 15:21:23 +03:00
|
|
|
use OCP\AppFramework\Controller;
|
|
|
|
use OCP\AppFramework\Http;
|
|
|
|
use OCP\AppFramework\Http\DataResponse;
|
|
|
|
use OCP\ICertificateManager;
|
|
|
|
use OCP\IL10N;
|
|
|
|
use OCP\IRequest;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @package OC\Settings\Controller
|
|
|
|
*/
|
|
|
|
class CertificateController extends Controller {
|
|
|
|
/** @var ICertificateManager */
|
2015-12-22 19:42:28 +03:00
|
|
|
private $userCertificateManager;
|
|
|
|
/** @var ICertificateManager */
|
|
|
|
private $systemCertificateManager;
|
2015-04-15 15:21:23 +03:00
|
|
|
/** @var IL10N */
|
|
|
|
private $l10n;
|
2015-08-04 19:33:19 +03:00
|
|
|
/** @var IAppManager */
|
|
|
|
private $appManager;
|
2015-04-15 15:21:23 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $appName
|
|
|
|
* @param IRequest $request
|
2015-12-22 19:42:28 +03:00
|
|
|
* @param ICertificateManager $userCertificateManager
|
|
|
|
* @param ICertificateManager $systemCertificateManager
|
2015-04-15 15:21:23 +03:00
|
|
|
* @param IL10N $l10n
|
2015-08-04 19:33:19 +03:00
|
|
|
* @param IAppManager $appManager
|
2015-04-15 15:21:23 +03:00
|
|
|
*/
|
|
|
|
public function __construct($appName,
|
|
|
|
IRequest $request,
|
2015-12-22 19:42:28 +03:00
|
|
|
ICertificateManager $userCertificateManager,
|
|
|
|
ICertificateManager $systemCertificateManager,
|
2015-08-04 19:33:19 +03:00
|
|
|
IL10N $l10n,
|
|
|
|
IAppManager $appManager) {
|
2015-04-15 15:21:23 +03:00
|
|
|
parent::__construct($appName, $request);
|
2015-12-22 19:42:28 +03:00
|
|
|
$this->userCertificateManager = $userCertificateManager;
|
|
|
|
$this->systemCertificateManager = $systemCertificateManager;
|
2015-04-15 15:21:23 +03:00
|
|
|
$this->l10n = $l10n;
|
2015-08-04 19:33:19 +03:00
|
|
|
$this->appManager = $appManager;
|
2015-04-15 15:21:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Add a new personal root certificate to the users' trust store
|
2015-05-12 18:49:34 +03:00
|
|
|
*
|
|
|
|
* @NoAdminRequired
|
2015-05-12 19:08:10 +03:00
|
|
|
* @NoSubadminRequired
|
2015-04-15 15:21:23 +03:00
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function addPersonalRootCertificate() {
|
2015-12-22 19:42:28 +03:00
|
|
|
return $this->addCertificate($this->userCertificateManager);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Add a new root certificate to a trust store
|
|
|
|
*
|
|
|
|
* @param ICertificateManager $certificateManager
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
private function addCertificate(ICertificateManager $certificateManager) {
|
2015-08-26 18:08:25 +03:00
|
|
|
$headers = [];
|
2015-10-07 12:13:47 +03:00
|
|
|
if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {
|
2015-08-26 18:08:25 +03:00
|
|
|
// due to upload iframe workaround, need to set content-type to text/plain
|
|
|
|
$headers['Content-Type'] = 'text/plain';
|
|
|
|
}
|
2015-08-04 19:33:19 +03:00
|
|
|
|
|
|
|
if ($this->isCertificateImportAllowed() === false) {
|
2015-08-26 18:08:25 +03:00
|
|
|
return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);
|
2015-08-04 19:33:19 +03:00
|
|
|
}
|
|
|
|
|
2015-04-15 15:21:23 +03:00
|
|
|
$file = $this->request->getUploadedFile('rootcert_import');
|
2015-12-22 19:42:28 +03:00
|
|
|
if (empty($file)) {
|
2015-08-26 18:08:25 +03:00
|
|
|
return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
|
2015-04-15 15:21:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2015-12-22 19:42:28 +03:00
|
|
|
$certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
|
2015-08-26 18:08:25 +03:00
|
|
|
return new DataResponse(
|
|
|
|
[
|
2015-12-22 19:42:28 +03:00
|
|
|
'name' => $certificate->getName(),
|
|
|
|
'commonName' => $certificate->getCommonName(),
|
|
|
|
'organization' => $certificate->getOrganization(),
|
|
|
|
'validFrom' => $certificate->getIssueDate()->getTimestamp(),
|
|
|
|
'validTill' => $certificate->getExpireDate()->getTimestamp(),
|
|
|
|
'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
|
|
|
|
'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
|
|
|
|
'issuer' => $certificate->getIssuerName(),
|
|
|
|
'issuerOrganization' => $certificate->getIssuerOrganization(),
|
2015-08-26 18:08:25 +03:00
|
|
|
],
|
|
|
|
Http::STATUS_OK,
|
|
|
|
$headers
|
|
|
|
);
|
2015-04-15 15:21:23 +03:00
|
|
|
} catch (\Exception $e) {
|
2015-08-26 18:08:25 +03:00
|
|
|
return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
|
2015-04-15 15:21:23 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Removes a personal root certificate from the users' trust store
|
2015-05-12 18:49:34 +03:00
|
|
|
*
|
|
|
|
* @NoAdminRequired
|
2015-05-12 19:08:10 +03:00
|
|
|
* @NoSubadminRequired
|
2015-04-15 15:21:23 +03:00
|
|
|
* @param string $certificateIdentifier
|
|
|
|
* @return DataResponse
|
|
|
|
*/
|
|
|
|
public function removePersonalRootCertificate($certificateIdentifier) {
|
2015-08-04 19:33:19 +03:00
|
|
|
|
|
|
|
if ($this->isCertificateImportAllowed() === false) {
|
|
|
|
return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
2015-12-22 19:42:28 +03:00
|
|
|
$this->userCertificateManager->removeCertificate($certificateIdentifier);
|
2015-04-15 15:21:23 +03:00
|
|
|
return new DataResponse();
|
|
|
|
}
|
|
|
|
|
2015-08-04 19:33:19 +03:00
|
|
|
/**
|
|
|
|
* check if certificate import is allowed
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function isCertificateImportAllowed() {
|
|
|
|
$externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
|
|
|
|
if ($externalStorageEnabled) {
|
2015-10-06 15:00:55 +03:00
|
|
|
/** @var \OCA\Files_External\Service\BackendService $backendService */
|
|
|
|
$backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');
|
|
|
|
if ($backendService->isUserMountingAllowed()) {
|
2015-08-04 19:33:19 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-12-22 19:42:28 +03:00
|
|
|
/**
|
|
|
|
* Add a new personal root certificate to the system's trust store
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function addSystemRootCertificate() {
|
|
|
|
return $this->addCertificate($this->systemCertificateManager);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Removes a personal root certificate from the users' trust store
|
|
|
|
*
|
|
|
|
* @param string $certificateIdentifier
|
|
|
|
* @return DataResponse
|
|
|
|
*/
|
|
|
|
public function removeSystemRootCertificate($certificateIdentifier) {
|
|
|
|
|
|
|
|
if ($this->isCertificateImportAllowed() === false) {
|
|
|
|
return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->systemCertificateManager->removeCertificate($certificateIdentifier);
|
|
|
|
return new DataResponse();
|
|
|
|
}
|
2015-04-15 15:21:23 +03:00
|
|
|
}
|