allow user to upload his own root certificate for secure webdav mount

apps/files_external/ajax/addRootCertificate.php

@@ -4,9 +4,23 @@ OCP\JSON::checkAppEnabled('files_external');
 
 $view = \OCP\Files::getStorage("files_external");
 $from = $_FILES['rootcert_import']['tmp_name'];
-$to = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$_FILES['rootcert_import']['name'];
+$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
+$to = $path.$_FILES['rootcert_import']['name'];
 move_uploaded_file($from, $to);
 
+//check if it is a PEM certificate, otherwise convert it if possible
+$fh = fopen($to, 'r');
+$data = fread($fh, filesize($to));
+fclose($fh);
+if (!strpos($data, 'BEGIN CERTIFICATE')) {
+	$pem = chunk_split(base64_encode($data), 64, "\n");
+	$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
+	$fh = fopen($to, 'w');
+	fwrite($fh, $pem);
+}
+
+OC_Mount_Config::createCertificateBundle();
+
 header("Location: settings/personal.php");
 exit;
 ?>

apps/files_external/ajax/removeRootCertificate.php

@@ -4,6 +4,7 @@ OCP\JSON::checkAppEnabled('files_external');
 
 $view = \OCP\Files::getStorage("files_external");
 $cert = $_POST['cert'];
-$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$cert;
+$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
 unlink($file);
+OC_Mount_Config::createCertificateBundle();
 ?>

apps/files_external/lib/config.php

@@ -244,7 +244,8 @@ class OC_Mount_Config {
 	 */
 	public static function getCertificates() {
 		$view = \OCP\Files::getStorage('files_external');
-		$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
+		$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
+		if (!is_dir($path)) mkdir($path);
 		$result = array();
 		$handle = opendir($path);
 		while (false !== ($file = readdir($handle))) {
@@ -252,6 +253,30 @@ class OC_Mount_Config {
 		}
 		return $result;
 	}
+	
+	/**
+	 * creates certificate bundle
+	 */
+	public static function createCertificateBundle() {
+		$view = \OCP\Files::getStorage("files_external");
+		$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
+		
+		$certs = OC_Mount_Config::getCertificates();
+		$fh_certs = fopen($path."/rootcerts.crt", 'w');
+		foreach ($certs as $cert) {
+			$file=$path.'/uploads/'.$cert;
+			$fh = fopen($file, "r");
+			$data = fread($fh, filesize($file));
+			fclose($fh);
+			if (strpos($data, 'BEGIN CERTIFICATE')) {
+				fwrite($fh_certs, $data);
+			}
+		}
+		
+		fclose($fh_certs);
+		
+		return true;
+	} 
 
 }
 

apps/files_external/lib/webdav.php

@@ -45,7 +45,7 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{
 		$this->client = new OC_Connector_Sabre_Client($settings);
 		
 		if($caview = \OCP\Files::getStorage('files_external')) {
-			$this->client->setCurlSettings(array(CURLOPT_CAPATH => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("")));
+			$this->client->setCurlSettings(array(CURLOPT_CAINFO => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("").'rootcerts.crt'));
 		}
 		//create the root folder if necesary
 		$this->mkdir('');

apps/files_external/templates/settings.php

@@ -81,7 +81,7 @@
 		</table>
 		<br />
 		
-		<?php if (!$_['isAdminPage'] && false):  // disabled until sabredav can handle uploaded ca certs   ?>
+		<?php if (!$_['isAdminPage']):  ?>
   		<table id="sslCertificate" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
 			<thead>
 				<tr>

lib/connector/sabre/client.php

@@ -68,7 +68,7 @@ class OC_Connector_Sabre_Client extends Sabre_DAV_Client {
 	 * @return array
 	 */
 	public function request($method, $url = '', $body = null, $headers = array()) {
-		 
+
 		$this->curlSettings[CURLOPT_POSTFIELDS] = $body;	 
 		$url = $this->getAbsoluteUrl($url);