certificatecontroller.php 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Robin Appelman <robin@icewind.nl>
  8. * @author Vincent Petry <pvince81@owncloud.com>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OC\Settings\Controller;
  26. use OCP\App\IAppManager;
  27. use OCP\AppFramework\Controller;
  28. use OCP\AppFramework\Http;
  29. use OCP\AppFramework\Http\DataResponse;
  30. use OCP\ICertificateManager;
  31. use OCP\IL10N;
  32. use OCP\IRequest;
  33. /**
  34. * @package OC\Settings\Controller
  35. */
  36. class CertificateController extends Controller {
  37. /** @var ICertificateManager */
  38. private $userCertificateManager;
  39. /** @var ICertificateManager */
  40. private $systemCertificateManager;
  41. /** @var IL10N */
  42. private $l10n;
  43. /** @var IAppManager */
  44. private $appManager;
  45. /**
  46. * @param string $appName
  47. * @param IRequest $request
  48. * @param ICertificateManager $userCertificateManager
  49. * @param ICertificateManager $systemCertificateManager
  50. * @param IL10N $l10n
  51. * @param IAppManager $appManager
  52. */
  53. public function __construct($appName,
  54. IRequest $request,
  55. ICertificateManager $userCertificateManager,
  56. ICertificateManager $systemCertificateManager,
  57. IL10N $l10n,
  58. IAppManager $appManager) {
  59. parent::__construct($appName, $request);
  60. $this->userCertificateManager = $userCertificateManager;
  61. $this->systemCertificateManager = $systemCertificateManager;
  62. $this->l10n = $l10n;
  63. $this->appManager = $appManager;
  64. }
  65. /**
  66. * Add a new personal root certificate to the users' trust store
  67. *
  68. * @NoAdminRequired
  69. * @NoSubadminRequired
  70. * @return array
  71. */
  72. public function addPersonalRootCertificate() {
  73. return $this->addCertificate($this->userCertificateManager);
  74. }
  75. /**
  76. * Add a new root certificate to a trust store
  77. *
  78. * @param ICertificateManager $certificateManager
  79. * @return array
  80. */
  81. private function addCertificate(ICertificateManager $certificateManager) {
  82. $headers = [];
  83. if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {
  84. // due to upload iframe workaround, need to set content-type to text/plain
  85. $headers['Content-Type'] = 'text/plain';
  86. }
  87. if ($this->isCertificateImportAllowed() === false) {
  88. return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);
  89. }
  90. $file = $this->request->getUploadedFile('rootcert_import');
  91. if (empty($file)) {
  92. return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
  93. }
  94. try {
  95. $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
  96. return new DataResponse(
  97. [
  98. 'name' => $certificate->getName(),
  99. 'commonName' => $certificate->getCommonName(),
  100. 'organization' => $certificate->getOrganization(),
  101. 'validFrom' => $certificate->getIssueDate()->getTimestamp(),
  102. 'validTill' => $certificate->getExpireDate()->getTimestamp(),
  103. 'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
  104. 'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
  105. 'issuer' => $certificate->getIssuerName(),
  106. 'issuerOrganization' => $certificate->getIssuerOrganization(),
  107. ],
  108. Http::STATUS_OK,
  109. $headers
  110. );
  111. } catch (\Exception $e) {
  112. return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
  113. }
  114. }
  115. /**
  116. * Removes a personal root certificate from the users' trust store
  117. *
  118. * @NoAdminRequired
  119. * @NoSubadminRequired
  120. * @param string $certificateIdentifier
  121. * @return DataResponse
  122. */
  123. public function removePersonalRootCertificate($certificateIdentifier) {
  124. if ($this->isCertificateImportAllowed() === false) {
  125. return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
  126. }
  127. $this->userCertificateManager->removeCertificate($certificateIdentifier);
  128. return new DataResponse();
  129. }
  130. /**
  131. * check if certificate import is allowed
  132. *
  133. * @return bool
  134. */
  135. protected function isCertificateImportAllowed() {
  136. $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
  137. if ($externalStorageEnabled) {
  138. /** @var \OCA\Files_External\Service\BackendService $backendService */
  139. $backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');
  140. if ($backendService->isUserMountingAllowed()) {
  141. return true;
  142. }
  143. }
  144. return false;
  145. }
  146. /**
  147. * Add a new personal root certificate to the system's trust store
  148. *
  149. * @return array
  150. */
  151. public function addSystemRootCertificate() {
  152. return $this->addCertificate($this->systemCertificateManager);
  153. }
  154. /**
  155. * Removes a personal root certificate from the users' trust store
  156. *
  157. * @param string $certificateIdentifier
  158. * @return DataResponse
  159. */
  160. public function removeSystemRootCertificate($certificateIdentifier) {
  161. if ($this->isCertificateImportAllowed() === false) {
  162. return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
  163. }
  164. $this->systemCertificateManager->removeCertificate($certificateIdentifier);
  165. return new DataResponse();
  166. }
  167. }