allow user to upload his own root certificate for secure webdav mount

This commit is contained in:
Bjoern Schiessle 2012-07-06 15:58:38 +02:00
parent 75d01b065d
commit e91b4bc2ac
6 changed files with 46 additions and 6 deletions

View File

@ -4,9 +4,23 @@ OCP\JSON::checkAppEnabled('files_external');
$view = \OCP\Files::getStorage("files_external");
$from = $_FILES['rootcert_import']['tmp_name'];
$to = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$_FILES['rootcert_import']['name'];
$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
$to = $path.$_FILES['rootcert_import']['name'];
move_uploaded_file($from, $to);
//check if it is a PEM certificate, otherwise convert it if possible
$fh = fopen($to, 'r');
$data = fread($fh, filesize($to));
fclose($fh);
if (!strpos($data, 'BEGIN CERTIFICATE')) {
$pem = chunk_split(base64_encode($data), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
$fh = fopen($to, 'w');
fwrite($fh, $pem);
}
OC_Mount_Config::createCertificateBundle();
header("Location: settings/personal.php");
exit;
?>

View File

@ -4,6 +4,7 @@ OCP\JSON::checkAppEnabled('files_external');
$view = \OCP\Files::getStorage("files_external");
$cert = $_POST['cert'];
$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").$cert;
$file = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/'.$cert;
unlink($file);
OC_Mount_Config::createCertificateBundle();
?>

View File

@ -244,7 +244,8 @@ class OC_Mount_Config {
*/
public static function getCertificates() {
$view = \OCP\Files::getStorage('files_external');
$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
$path=\OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("").'uploads/';
if (!is_dir($path)) mkdir($path);
$result = array();
$handle = opendir($path);
while (false !== ($file = readdir($handle))) {
@ -253,6 +254,30 @@ class OC_Mount_Config {
return $result;
}
/**
* creates certificate bundle
*/
public static function createCertificateBundle() {
$view = \OCP\Files::getStorage("files_external");
$path = \OCP\Config::getSystemValue('datadirectory').$view->getAbsolutePath("");
$certs = OC_Mount_Config::getCertificates();
$fh_certs = fopen($path."/rootcerts.crt", 'w');
foreach ($certs as $cert) {
$file=$path.'/uploads/'.$cert;
$fh = fopen($file, "r");
$data = fread($fh, filesize($file));
fclose($fh);
if (strpos($data, 'BEGIN CERTIFICATE')) {
fwrite($fh_certs, $data);
}
}
fclose($fh_certs);
return true;
}
}
?>

View File

@ -45,7 +45,7 @@ class OC_FileStorage_DAV extends OC_Filestorage_Common{
$this->client = new OC_Connector_Sabre_Client($settings);
if($caview = \OCP\Files::getStorage('files_external')) {
$this->client->setCurlSettings(array(CURLOPT_CAPATH => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("")));
$this->client->setCurlSettings(array(CURLOPT_CAINFO => \OCP\Config::getSystemValue('datadirectory').$caview->getAbsolutePath("").'rootcerts.crt'));
}
//create the root folder if necesary
$this->mkdir('');

View File

@ -81,7 +81,7 @@
</table>
<br />
<?php if (!$_['isAdminPage'] && false): // disabled until sabredav can handle uploaded ca certs ?>
<?php if (!$_['isAdminPage']): ?>
<table id="sslCertificate" data-admin='<?php echo json_encode($_['isAdminPage']); ?>'>
<thead>
<tr>