diff --git a/apps/settings/appinfo/routes.php b/apps/settings/appinfo/routes.php index d8a4b2aabd..b6d68d76d6 100644 --- a/apps/settings/appinfo/routes.php +++ b/apps/settings/appinfo/routes.php @@ -66,10 +66,6 @@ return [ ['name' => 'CheckSetup#check', 'url' => '/settings/ajax/checksetup', 'verb' => 'GET' , 'root' => ''], ['name' => 'CheckSetup#getFailedIntegrityCheckFiles', 'url' => '/settings/integrity/failed', 'verb' => 'GET' , 'root' => ''], ['name' => 'CheckSetup#rescanFailedIntegrityCheck', 'url' => '/settings/integrity/rescan', 'verb' => 'GET' , 'root' => ''], - ['name' => 'Certificate#addPersonalRootCertificate', 'url' => '/settings/personal/certificate', 'verb' => 'POST' , 'root' => ''], - ['name' => 'Certificate#removePersonalRootCertificate', 'url' => '/settings/personal/certificate/{certificateIdentifier}', 'verb' => 'DELETE' , 'root' => ''], - ['name' => 'Certificate#addSystemRootCertificate', 'url' => '/settings/admin/certificate', 'verb' => 'POST' , 'root' => ''], - ['name' => 'Certificate#removeSystemRootCertificate', 'url' => '/settings/admin/certificate/{certificateIdentifier}', 'verb' => 'DELETE' , 'root' => ''], ['name' => 'PersonalSettings#index', 'url' => '/settings/user/{section}', 'verb' => 'GET', 'defaults' => ['section' => 'personal-info'] , 'root' => ''], ['name' => 'AdminSettings#index', 'url' => '/settings/admin/{section}', 'verb' => 'GET', 'defaults' => ['section' => 'server'] , 'root' => ''], ['name' => 'AdminSettings#form', 'url' => '/settings/admin/{section}', 'verb' => 'GET' , 'root' => ''], diff --git a/apps/settings/lib/Controller/CertificateController.php b/apps/settings/lib/Controller/CertificateController.php deleted file mode 100644 index b7ce174966..0000000000 --- a/apps/settings/lib/Controller/CertificateController.php +++ /dev/null @@ -1,177 +0,0 @@ - - * @author Christoph Wurst - * @author Lukas Reschke - * @author Robin Appelman - * @author Roeland Jago Douma - * @author Vincent Petry - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Settings\Controller; - -use OCP\App\IAppManager; -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http; -use OCP\AppFramework\Http\DataResponse; -use OCP\ICertificateManager; -use OCP\IL10N; -use OCP\IRequest; - -class CertificateController extends Controller { - /** @var ICertificateManager */ - private $userCertificateManager; - /** @var ICertificateManager */ - private $systemCertificateManager; - /** @var IL10N */ - private $l10n; - /** @var IAppManager */ - private $appManager; - - /** - * @param string $appName - * @param IRequest $request - * @param ICertificateManager $userCertificateManager - * @param ICertificateManager $systemCertificateManager - * @param IL10N $l10n - * @param IAppManager $appManager - */ - public function __construct($appName, - IRequest $request, - ICertificateManager $userCertificateManager, - ICertificateManager $systemCertificateManager, - IL10N $l10n, - IAppManager $appManager) { - parent::__construct($appName, $request); - $this->userCertificateManager = $userCertificateManager; - $this->systemCertificateManager = $systemCertificateManager; - $this->l10n = $l10n; - $this->appManager = $appManager; - } - - /** - * Add a new personal root certificate to the users' trust store - * - * @NoAdminRequired - * @NoSubadminRequired - * @return DataResponse - */ - public function addPersonalRootCertificate() { - return $this->addCertificate($this->userCertificateManager); - } - - /** - * Add a new root certificate to a trust store - * - * @param ICertificateManager $certificateManager - * @return DataResponse - */ - private function addCertificate(ICertificateManager $certificateManager) { - $headers = []; - - if ($this->isCertificateImportAllowed() === false) { - return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers); - } - - $file = $this->request->getUploadedFile('rootcert_import'); - if (empty($file)) { - return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers); - } - - try { - $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']); - return new DataResponse( - [ - 'name' => $certificate->getName(), - 'commonName' => $certificate->getCommonName(), - 'organization' => $certificate->getOrganization(), - 'validFrom' => $certificate->getIssueDate()->getTimestamp(), - 'validTill' => $certificate->getExpireDate()->getTimestamp(), - 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()), - 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()), - 'issuer' => $certificate->getIssuerName(), - 'issuerOrganization' => $certificate->getIssuerOrganization(), - ], - Http::STATUS_OK, - $headers - ); - } catch (\Exception $e) { - return new DataResponse(['An error occurred.'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers); - } - } - - /** - * Removes a personal root certificate from the users' trust store - * - * @NoAdminRequired - * @NoSubadminRequired - * @param string $certificateIdentifier - * @return DataResponse - */ - public function removePersonalRootCertificate($certificateIdentifier) { - if ($this->isCertificateImportAllowed() === false) { - return new DataResponse(['Individual certificate management disabled'], Http::STATUS_FORBIDDEN); - } - - $this->userCertificateManager->removeCertificate($certificateIdentifier); - return new DataResponse(); - } - - /** - * check if certificate import is allowed - * - * @return bool - */ - protected function isCertificateImportAllowed() { - $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external'); - if ($externalStorageEnabled) { - /** @var \OCA\Files_External\Service\BackendService $backendService */ - $backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService'); - if ($backendService->isUserMountingAllowed()) { - return true; - } - } - return false; - } - - /** - * Add a new personal root certificate to the system's trust store - * - * @return DataResponse - */ - public function addSystemRootCertificate() { - return $this->addCertificate($this->systemCertificateManager); - } - - /** - * Removes a personal root certificate from the users' trust store - * - * @param string $certificateIdentifier - * @return DataResponse - */ - public function removeSystemRootCertificate($certificateIdentifier) { - if ($this->isCertificateImportAllowed() === false) { - return new DataResponse(['Individual certificate management disabled'], Http::STATUS_FORBIDDEN); - } - - $this->systemCertificateManager->removeCertificate($certificateIdentifier); - return new DataResponse(); - } -} diff --git a/apps/settings/templates/certificates.php b/apps/settings/templates/certificates.php deleted file mode 100644 index d9587f9794..0000000000 --- a/apps/settings/templates/certificates.php +++ /dev/null @@ -1,44 +0,0 @@ -
-

t('SSL Root Certificates')); ?>

- - - - - - - - - - - - - - - - - - -
t('Common Name')); ?>t('Valid until')); ?>t('Issued By')); ?>
- getCommonName()) ?> - - l('date', $rootCert->getExpireDate()) ?> - - getIssuerName()) ?> - class="remove" - style="visibility:hidden;" - ><?php p($l->t('Delete')); ?> -
-
- - -
-
diff --git a/apps/settings/tests/Controller/CertificateControllerTest.php b/apps/settings/tests/Controller/CertificateControllerTest.php deleted file mode 100644 index 0259868321..0000000000 --- a/apps/settings/tests/Controller/CertificateControllerTest.php +++ /dev/null @@ -1,196 +0,0 @@ - - * @author Christoph Wurst - * @author Joas Schilling - * @author Lukas Reschke - * @author Morris Jobke - * @author Robin Appelman - * @author Roeland Jago Douma - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Settings\Tests\Controller; - -use OCA\Settings\Controller\CertificateController; -use OCP\App\IAppManager; -use OCP\AppFramework\Http; -use OCP\AppFramework\Http\DataResponse; -use OCP\ICertificateManager; -use OCP\IL10N; -use OCP\IRequest; - -/** - * Class CertificateControllerTest - * - * @package Tests\Settings\Controller - */ -class CertificateControllerTest extends \Test\TestCase { - /** @var CertificateController */ - private $certificateController; - /** @var IRequest */ - private $request; - /** @var ICertificateManager */ - private $certificateManager; - /** @var IL10N */ - private $l10n; - /** @var IAppManager */ - private $appManager; - /** @var ICertificateManager */ - private $systemCertificateManager; - - protected function setUp(): void { - parent::setUp(); - - $this->request = $this->getMockBuilder(IRequest::class)->getMock(); - $this->certificateManager = $this->getMockBuilder(ICertificateManager::class)->getMock(); - $this->systemCertificateManager = $this->getMockBuilder(ICertificateManager::class)->getMock(); - $this->l10n = $this->getMockBuilder(IL10N::class)->getMock(); - $this->appManager = $this->getMockBuilder(IAppManager::class)->getMock(); - - $this->certificateController = $this->getMockBuilder(CertificateController::class) - ->setConstructorArgs( - [ - 'settings', - $this->request, - $this->certificateManager, - $this->systemCertificateManager, - $this->l10n, - $this->appManager - ] - )->setMethods(['isCertificateImportAllowed'])->getMock(); - - $this->certificateController->expects($this->any()) - ->method('isCertificateImportAllowed')->willReturn(true); - } - - public function testAddPersonalRootCertificateWithEmptyFile() { - $this->request - ->expects($this->once()) - ->method('getUploadedFile') - ->with('rootcert_import') - ->willReturn(null); - - $expected = new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY); - $this->assertEquals($expected, $this->certificateController->addPersonalRootCertificate()); - } - - public function testAddPersonalRootCertificateValidCertificate() { - $uploadedFile = [ - 'tmp_name' => __DIR__ . '/../../../../tests/data/certificates/goodCertificate.crt', - 'name' => 'goodCertificate.crt', - ]; - - $certificate = $this->getMockBuilder('\OCP\ICertificate')->getMock(); - $certificate - ->expects($this->once()) - ->method('getName') - ->willReturn('Name'); - $certificate - ->expects($this->once()) - ->method('getCommonName') - ->willReturn('CommonName'); - $certificate - ->expects($this->once()) - ->method('getOrganization') - ->willReturn('Organization'); - $certificate - ->expects($this->exactly(2)) - ->method('getIssueDate') - ->willReturn(new \DateTime('@1429099555')); - $certificate - ->expects($this->exactly(2)) - ->method('getExpireDate') - ->willReturn(new \DateTime('@1529099555')); - $certificate - ->expects($this->once()) - ->method('getIssuerName') - ->willReturn('Issuer'); - $certificate - ->expects($this->once()) - ->method('getIssuerOrganization') - ->willReturn('IssuerOrganization'); - - $this->request - ->expects($this->once()) - ->method('getUploadedFile') - ->with('rootcert_import') - ->willReturn($uploadedFile); - $this->certificateManager - ->expects($this->once()) - ->method('addCertificate') - ->with(file_get_contents($uploadedFile['tmp_name'], 'goodCertificate.crt')) - ->willReturn($certificate); - - $this->l10n - ->expects($this->at(0)) - ->method('l') - ->with('date', new \DateTime('@1429099555')) - ->willReturn('Valid From as String'); - $this->l10n - ->expects($this->at(1)) - ->method('l') - ->with('date', new \DateTime('@1529099555')) - ->willReturn('Valid Till as String'); - - - $expected = new DataResponse([ - 'name' => 'Name', - 'commonName' => 'CommonName', - 'organization' => 'Organization', - 'validFrom' => 1429099555, - 'validTill' => 1529099555, - 'validFromString' => 'Valid From as String', - 'validTillString' => 'Valid Till as String', - 'issuer' => 'Issuer', - 'issuerOrganization' => 'IssuerOrganization', - ]); - $this->assertEquals($expected, $this->certificateController->addPersonalRootCertificate()); - } - - public function testAddPersonalRootCertificateInvalidCertificate() { - $uploadedFile = [ - 'tmp_name' => __DIR__ . '/../../../../tests/data/certificates/badCertificate.crt', - 'name' => 'badCertificate.crt', - ]; - - $this->request - ->expects($this->once()) - ->method('getUploadedFile') - ->with('rootcert_import') - ->willReturn($uploadedFile); - $this->certificateManager - ->expects($this->once()) - ->method('addCertificate') - ->with(file_get_contents($uploadedFile['tmp_name'], 'badCertificate.crt')) - ->will($this->throwException(new \Exception())); - - $expected = new DataResponse(['An error occurred.'], Http::STATUS_UNPROCESSABLE_ENTITY); - $this->assertEquals($expected, $this->certificateController->addPersonalRootCertificate()); - } - - public function testRemoveCertificate() { - $this->certificateManager - ->expects($this->once()) - ->method('removeCertificate') - ->with('CertificateToRemove'); - - $this->assertEquals(new DataResponse(), $this->certificateController->removePersonalRootCertificate('CertificateToRemove')); - } -}