nextcloud/lib/private/security/certificatemanager.php

<?php
/**
 * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

namespace OC\Security;

use OC\Files\Filesystem;
use OCP\ICertificateManager;

/**
 * Manage trusted certificates for users
 */
class CertificateManager implements ICertificateManager {
	/**
	 * @var \OCP\IUser
	 */
	protected $user;

	/**
	 * @param \OCP\IUser $user
	 */
	public function __construct($user) {
		$this->user = $user;
	}

	/**
	 * Returns all certificates trusted by the user
	 *
	 * @return \OCP\ICertificate[]
	 */
	public function listCertificates() {
		$path = $this->user->getHome() . '/files_external/uploads/';
		if (!is_dir($path)) {
			return array();
		}
		$result = array();
		$handle = opendir($path);
		if (!is_resource($handle)) {
			return array();
		}
		while (false !== ($file = readdir($handle))) {
			if ($file != '.' && $file != '..') {
				try {
					$result[] = new Certificate(file_get_contents($path . $file), $file);
				} catch(\Exception $e) {}
			}
		}
		return $result;
	}

	/**
	 * create the certificate bundle of all trusted certificated
	 */
	protected function createCertificateBundle() {
		$path = $this->user->getHome() . '/files_external/';
		$certs = $this->listCertificates();

		$fh_certs = fopen($path . '/rootcerts.crt', 'w');
		foreach ($certs as $cert) {
			$file = $path . '/uploads/' . $cert->getName();
			$data = file_get_contents($file);
			if (strpos($data, 'BEGIN CERTIFICATE')) {
				fwrite($fh_certs, $data);
				fwrite($fh_certs, "\r\n");
			}
		}

		fclose($fh_certs);
	}

	/**
	 * Save the certificate and re-generate the certificate bundle
	 *
	 * @param string $certificate the certificate data
	 * @param string $name the filename for the certificate
	 * @return \OCP\ICertificate|void|bool
	 * @throws \Exception If the certificate could not get added
	 */
	public function addCertificate($certificate, $name) {
		if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) {
			return false;
		}

		$dir = $this->user->getHome() . '/files_external/uploads/';
		if (!file_exists($dir)) {
			//path might not exist (e.g. non-standard OC_User::getHome() value)
			//in this case create full path using 3rd (recursive=true) parameter.
			//note that we use "normal" php filesystem functions here since the certs need to be local
			mkdir($dir, 0700, true);
		}

		try {
			$file = $dir . $name;
			$certificateObject = new Certificate($certificate, $name);
			file_put_contents($file, $certificate);
			$this->createCertificateBundle();
			return $certificateObject;
		} catch (\Exception $e) {
			throw $e;
		}

	}

	/**
	 * Remove the certificate and re-generate the certificate bundle
	 *
	 * @param string $name
	 * @return bool
	 */
	public function removeCertificate($name) {
		if (!Filesystem::isValidPath($name)) {
			return false;
		}
		$path = $this->user->getHome() . '/files_external/uploads/';
		if (file_exists($path . $name)) {
			unlink($path . $name);
			$this->createCertificateBundle();
		}
		return true;
	}

	/**
	 * Get the path to the certificate bundle for this user
	 *
	 * @return string
	 */
	public function getCertificateBundle() {
		return $this->user->getHome() . '/files_external/rootcerts.crt';
	}
}
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`<?php`
			`/**`
			`* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later.`
			`* See the COPYING-README file.`
			`*/`

Rename namespace 2014-08-18 18:30:23 +04:00			`namespace OC\Security;`
Move certificate management code to core 2014-08-14 16:24:10 +04:00
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`use OC\Files\Filesystem;`
Verify names of certificates 2014-08-14 17:47:23 +04:00			`use OCP\ICertificateManager;`

Move certificate management code to core 2014-08-14 16:24:10 +04:00			`/**`
			`* Manage trusted certificates for users`
			`*/`
Verify names of certificates 2014-08-14 17:47:23 +04:00			`class CertificateManager implements ICertificateManager {`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`/**`
			`* @var \OCP\IUser`
			`*/`
			`protected $user;`

			`/**`
			`* @param \OCP\IUser $user`
			`*/`
			`public function __construct($user) {`
			`$this->user = $user;`
			`}`

			`/**`
			`* Returns all certificates trusted by the user`
			`*`
Move certificate management interface from files_external to core 2014-08-15 19:18:46 +04:00			`* @return \OCP\ICertificate[]`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`*/`
			`public function listCertificates() {`
			`$path = $this->user->getHome() . '/files_external/uploads/';`
			`if (!is_dir($path)) {`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`return array();`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`
			`$result = array();`
			`$handle = opendir($path);`
			`if (!is_resource($handle)) {`
			`return array();`
			`}`
			`while (false !== ($file = readdir($handle))) {`
Move certificate management interface from files_external to core 2014-08-15 19:18:46 +04:00			`if ($file != '.' && $file != '..') {`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`try {`
			`$result[] = new Certificate(file_get_contents($path . $file), $file);`
			`} catch(\Exception $e) {}`
Move certificate management interface from files_external to core 2014-08-15 19:18:46 +04:00			`}`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`
			`return $result;`
			`}`

			`/**`
			`* create the certificate bundle of all trusted certificated`
			`*/`
			`protected function createCertificateBundle() {`
			`$path = $this->user->getHome() . '/files_external/';`
			`$certs = $this->listCertificates();`

			`$fh_certs = fopen($path . '/rootcerts.crt', 'w');`
			`foreach ($certs as $cert) {`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`$file = $path . '/uploads/' . $cert->getName();`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`$data = file_get_contents($file);`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`if (strpos($data, 'BEGIN CERTIFICATE')) {`
			`fwrite($fh_certs, $data);`
			`fwrite($fh_certs, "\r\n");`
			`}`
			`}`

			`fclose($fh_certs);`
			`}`

			`/**`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`* Save the certificate and re-generate the certificate bundle`
			`*`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`* @param string $certificate the certificate data`
			`* @param string $name the filename for the certificate`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`* @return \OCP\ICertificate\|void\|bool`
			`* @throws \Exception If the certificate could not get added`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`*/`
			`public function addCertificate($certificate, $name) {`
check for blacklisted file certificate filenames 2014-08-21 16:09:40 +04:00			`if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) {`
Verify names of certificates 2014-08-14 17:47:23 +04:00			`return false;`
			`}`
Move certificate management code to core 2014-08-14 16:24:10 +04:00
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`$dir = $this->user->getHome() . '/files_external/uploads/';`
			`if (!file_exists($dir)) {`
			`//path might not exist (e.g. non-standard OC_User::getHome() value)`
			`//in this case create full path using 3rd (recursive=true) parameter.`
			`//note that we use "normal" php filesystem functions here since the certs need to be local`
			`mkdir($dir, 0700, true);`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`

Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`try {`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`$file = $dir . $name;`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`$certificateObject = new Certificate($certificate, $name);`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`file_put_contents($file, $certificate);`
			`$this->createCertificateBundle();`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00			`return $certificateObject;`
			`} catch (\Exception $e) {`
			`throw $e;`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`
Add unit tests and fix rootcerts creation bug 2014-08-27 18:28:51 +04:00
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`

			`/**`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`* Remove the certificate and re-generate the certificate bundle`
			`*`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`* @param string $name`
Verify names of certificates 2014-08-14 17:47:23 +04:00			`* @return bool`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`*/`
			`public function removeCertificate($name) {`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`if (!Filesystem::isValidPath($name)) {`
Verify names of certificates 2014-08-14 17:47:23 +04:00			`return false;`
			`}`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`$path = $this->user->getHome() . '/files_external/uploads/';`
			`if (file_exists($path . $name)) {`
			`unlink($path . $name);`
			`$this->createCertificateBundle();`
			`}`
Cleanup certificate code 2014-08-18 15:57:38 +04:00			`return true;`
Move certificate management code to core 2014-08-14 16:24:10 +04:00			`}`

			`/**`
			`* Get the path to the certificate bundle for this user`
			`*`
			`* @return string`
			`*/`
			`public function getCertificateBundle() {`
			`return $this->user->getHome() . '/files_external/rootcerts.crt';`
			`}`
			`}`