Merge pull request #10420 from owncloud/external-share-self-signed
Make external shares work with imported self signed certificatesremotes/origin/fix-10825
Lukas Reschke
12 years ago
commit
8009df0b60
@ -1,45 +0,0 @@ |
||||
<?php |
||||
|
||||
OCP\JSON::checkAppEnabled('files_external'); |
||||
OCP\JSON::callCheck(); |
||||
|
||||
if ( ! ($filename = $_FILES['rootcert_import']['name']) ) { |
||||
header('Location:' . OCP\Util::linkToRoute( "settings_personal" )); |
||||
exit; |
||||
} |
||||
|
||||
$fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r'); |
||||
$data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name'])); |
||||
fclose($fh); |
||||
$filename = $_FILES['rootcert_import']['name']; |
||||
|
||||
$view = new \OC\Files\View('/'.\OCP\User::getUser().'/files_external/uploads'); |
||||
if (!$view->file_exists('')) { |
||||
$view->mkdir(''); |
||||
} |
||||
|
||||
$isValid = openssl_pkey_get_public($data); |
||||
|
||||
//maybe it was just the wrong file format, try to convert it... |
||||
if ($isValid == false) { |
||||
$data = chunk_split(base64_encode($data), 64, "\n"); |
||||
$data = "-----BEGIN CERTIFICATE-----\n".$data."-----END CERTIFICATE-----\n"; |
||||
$isValid = openssl_pkey_get_public($data); |
||||
} |
||||
|
||||
// add the certificate if it could be verified |
||||
if ( $isValid ) { |
||||
// disable proxy to prevent multiple fopen calls |
||||
$proxyStatus = \OC_FileProxy::$enabled; |
||||
\OC_FileProxy::$enabled = false; |
||||
$view->file_put_contents($filename, $data); |
||||
OC_Mount_Config::createCertificateBundle(); |
||||
\OC_FileProxy::$enabled = $proxyStatus; |
||||
} else { |
||||
OCP\Util::writeLog('files_external', |
||||
'Couldn\'t import SSL root certificate ('.$filename.'), allowed formats: PEM and DER', |
||||
OCP\Util::WARN); |
||||
} |
||||
|
||||
header('Location:' . OCP\Util::linkToRoute( "settings_personal" )); |
||||
exit; |
||||
@ -1,13 +0,0 @@ |
||||
<?php |
||||
|
||||
OCP\JSON::checkAppEnabled('files_external'); |
||||
OCP\JSON::checkLoggedIn(); |
||||
OCP\JSON::callCheck(); |
||||
|
||||
$view = \OCP\Files::getStorage("files_external"); |
||||
$file = 'uploads/'.ltrim($_POST['cert'], "/\\."); |
||||
|
||||
if ( $view->file_exists($file) ) { |
||||
$view->unlink($file); |
||||
OC_Mount_Config::createCertificateBundle(); |
||||
} |
||||
@ -0,0 +1,126 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
namespace OC\Security; |
||||
|
||||
use OCP\ICertificate; |
||||
|
||||
class Certificate implements ICertificate { |
||||
protected $name; |
||||
|
||||
protected $commonName; |
||||
|
||||
protected $organization; |
||||
|
||||
protected $serial; |
||||
|
||||
protected $issueDate; |
||||
|
||||
protected $expireDate; |
||||
|
||||
protected $issuerName; |
||||
|
||||
protected $issuerOrganization; |
||||
|
||||
/** |
||||
* @param string $data base64 encoded certificate |
||||
* @param string $name |
||||
* @throws \Exception If the certificate could not get parsed |
||||
*/ |
||||
public function __construct($data, $name) { |
||||
$this->name = $name; |
||||
try { |
||||
$gmt = new \DateTimeZone('GMT'); |
||||
$info = openssl_x509_parse($data); |
||||
$this->commonName = isset($info['subject']['CN']) ? $info['subject']['CN'] : null; |
||||
$this->organization = isset($info['subject']['O']) ? $info['subject']['O'] : null; |
||||
$this->serial = $this->formatSerial($info['serialNumber']); |
||||
$this->issueDate = new \DateTime('@' . $info['validFrom_time_t'], $gmt); |
||||
$this->expireDate = new \DateTime('@' . $info['validTo_time_t'], $gmt); |
||||
$this->issuerName = isset($info['issuer']['CN']) ? $info['issuer']['CN'] : null; |
||||
$this->issuerOrganization = isset($info['issuer']['O']) ? $info['issuer']['O'] : null; |
||||
} catch (\Exception $e) { |
||||
throw new \Exception('Certificate could not get parsed.'); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Format the numeric serial into AA:BB:CC hex format |
||||
* |
||||
* @param int $serial |
||||
* @return string |
||||
*/ |
||||
protected function formatSerial($serial) { |
||||
$hex = strtoupper(dechex($serial)); |
||||
return trim(chunk_split($hex, 2, ':'), ':'); |
||||
} |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getName() { |
||||
return $this->name; |
||||
} |
||||
|
||||
/** |
||||
* @return string|null |
||||
*/ |
||||
public function getCommonName() { |
||||
return $this->commonName; |
||||
} |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getOrganization() { |
||||
return $this->organization; |
||||
} |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getSerial() { |
||||
return $this->serial; |
||||
} |
||||
|
||||
/** |
||||
* @return \DateTime |
||||
*/ |
||||
public function getIssueDate() { |
||||
return $this->issueDate; |
||||
} |
||||
|
||||
/** |
||||
* @return \DateTime |
||||
*/ |
||||
public function getExpireDate() { |
||||
return $this->expireDate; |
||||
} |
||||
|
||||
/** |
||||
* @return bool |
||||
*/ |
||||
public function isExpired() { |
||||
$now = new \DateTime(); |
||||
return $this->issueDate > $now or $now > $this->expireDate; |
||||
} |
||||
|
||||
/** |
||||
* @return string|null |
||||
*/ |
||||
public function getIssuerName() { |
||||
return $this->issuerName; |
||||
} |
||||
|
||||
/** |
||||
* @return string|null |
||||
*/ |
||||
public function getIssuerOrganization() { |
||||
return $this->issuerOrganization; |
||||
} |
||||
} |
||||
@ -0,0 +1,134 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
namespace OC\Security; |
||||
|
||||
use OC\Files\Filesystem; |
||||
use OCP\ICertificateManager; |
||||
|
||||
/** |
||||
* Manage trusted certificates for users |
||||
*/ |
||||
class CertificateManager implements ICertificateManager { |
||||
/** |
||||
* @var \OCP\IUser |
||||
*/ |
||||
protected $user; |
||||
|
||||
/** |
||||
* @param \OCP\IUser $user |
||||
*/ |
||||
public function __construct($user) { |
||||
$this->user = $user; |
||||
} |
||||
|
||||
/** |
||||
* Returns all certificates trusted by the user |
||||
* |
||||
* @return \OCP\ICertificate[] |
||||
*/ |
||||
public function listCertificates() { |
||||
$path = $this->user->getHome() . '/files_external/uploads/'; |
||||
if (!is_dir($path)) { |
||||
return array(); |
||||
} |
||||
$result = array(); |
||||
$handle = opendir($path); |
||||
if (!is_resource($handle)) { |
||||
return array(); |
||||
} |
||||
while (false !== ($file = readdir($handle))) { |
||||
if ($file != '.' && $file != '..') { |
||||
try { |
||||
$result[] = new Certificate(file_get_contents($path . $file), $file); |
||||
} catch(\Exception $e) {} |
||||
} |
||||
} |
||||
return $result; |
||||
} |
||||
|
||||
/** |
||||
* create the certificate bundle of all trusted certificated |
||||
*/ |
||||
protected function createCertificateBundle() { |
||||
$path = $this->user->getHome() . '/files_external/'; |
||||
$certs = $this->listCertificates(); |
||||
|
||||
$fh_certs = fopen($path . '/rootcerts.crt', 'w'); |
||||
foreach ($certs as $cert) { |
||||
$file = $path . '/uploads/' . $cert->getName(); |
||||
$data = file_get_contents($file); |
||||
if (strpos($data, 'BEGIN CERTIFICATE')) { |
||||
fwrite($fh_certs, $data); |
||||
fwrite($fh_certs, "\r\n"); |
||||
} |
||||
} |
||||
|
||||
fclose($fh_certs); |
||||
} |
||||
|
||||
/** |
||||
* Save the certificate and re-generate the certificate bundle |
||||
* |
||||
* @param string $certificate the certificate data |
||||
* @param string $name the filename for the certificate |
||||
* @return \OCP\ICertificate|void|bool |
||||
* @throws \Exception If the certificate could not get added |
||||
*/ |
||||
public function addCertificate($certificate, $name) { |
||||
if (!Filesystem::isValidPath($name) or Filesystem::isFileBlacklisted($name)) { |
||||
return false; |
||||
} |
||||
|
||||
$dir = $this->user->getHome() . '/files_external/uploads/'; |
||||
if (!file_exists($dir)) { |
||||
//path might not exist (e.g. non-standard OC_User::getHome() value) |
||||
//in this case create full path using 3rd (recursive=true) parameter. |
||||
//note that we use "normal" php filesystem functions here since the certs need to be local |
||||
mkdir($dir, 0700, true); |
||||
} |
||||
|
||||
try { |
||||
$file = $dir . $name; |
||||
$certificateObject = new Certificate($certificate, $name); |
||||
file_put_contents($file, $certificate); |
||||
$this->createCertificateBundle(); |
||||
return $certificateObject; |
||||
} catch (\Exception $e) { |
||||
throw $e; |
||||
} |
||||
|
||||
} |
||||
|
||||
/** |
||||
* Remove the certificate and re-generate the certificate bundle |
||||
* |
||||
* @param string $name |
||||
* @return bool |
||||
*/ |
||||
public function removeCertificate($name) { |
||||
if (!Filesystem::isValidPath($name)) { |
||||
return false; |
||||
} |
||||
$path = $this->user->getHome() . '/files_external/uploads/'; |
||||
if (file_exists($path . $name)) { |
||||
unlink($path . $name); |
||||
$this->createCertificateBundle(); |
||||
} |
||||
return true; |
||||
} |
||||
|
||||
/** |
||||
* Get the path to the certificate bundle for this user |
||||
* |
||||
* @return string |
||||
*/ |
||||
public function getCertificateBundle() { |
||||
return $this->user->getHome() . '/files_external/rootcerts.crt'; |
||||
} |
||||
} |
||||
@ -0,0 +1,56 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
namespace OCP; |
||||
|
||||
interface ICertificate { |
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getName(); |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getCommonName(); |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getOrganization(); |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getSerial(); |
||||
|
||||
/** |
||||
* @return \DateTime |
||||
*/ |
||||
public function getIssueDate(); |
||||
|
||||
/** |
||||
* @return \DateTime |
||||
*/ |
||||
public function getExpireDate(); |
||||
|
||||
/** |
||||
* @return bool |
||||
*/ |
||||
public function isExpired(); |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getIssuerName(); |
||||
|
||||
/** |
||||
* @return string |
||||
*/ |
||||
public function getIssuerOrganization(); |
||||
} |
||||
@ -0,0 +1,40 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Robin Appelman <icewind@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
namespace OCP; |
||||
|
||||
/** |
||||
* Manage trusted certificates for users |
||||
*/ |
||||
interface ICertificateManager { |
||||
/** |
||||
* Returns all certificates trusted by the user |
||||
* |
||||
* @return \OCP\ICertificate[] |
||||
*/ |
||||
public function listCertificates(); |
||||
|
||||
/** |
||||
* @param string $certificate the certificate data |
||||
* @param string $name the filename for the certificate |
||||
* @return bool | \OCP\ICertificate |
||||
*/ |
||||
public function addCertificate($certificate, $name); |
||||
|
||||
/** |
||||
* @param string $name |
||||
*/ |
||||
public function removeCertificate($name); |
||||
|
||||
/** |
||||
* Get the path to the certificate bundle for this user |
||||
* |
||||
* @return string |
||||
*/ |
||||
public function getCertificateBundle(); |
||||
} |
||||
@ -0,0 +1,32 @@ |
||||
<?php |
||||
OCP\JSON::checkLoggedIn(); |
||||
OCP\JSON::callCheck(); |
||||
|
||||
$l = new OC_L10N('core'); |
||||
|
||||
if (!isset($_FILES['rootcert_import'])) { |
||||
OCP\JSON::error(array('error' => 'No certificate uploaded')); |
||||
exit; |
||||
} |
||||
|
||||
$data = file_get_contents($_FILES['rootcert_import']['tmp_name']); |
||||
$filename = basename($_FILES['rootcert_import']['name']); |
||||
|
||||
$certificateManager = \OC::$server->getCertificateManager(); |
||||
|
||||
try { |
||||
$cert = $certificateManager->addCertificate($data, $filename); |
||||
OCP\JSON::success(array( |
||||
'name' => $cert->getName(), |
||||
'commonName' => $cert->getCommonName(), |
||||
'organization' => $cert->getOrganization(), |
||||
'validFrom' => $cert->getIssueDate()->getTimestamp(), |
||||
'validTill' => $cert->getExpireDate()->getTimestamp(), |
||||
'validFromString' => $l->l('date', $cert->getIssueDate()), |
||||
'validTillString' => $l->l('date', $cert->getExpireDate()), |
||||
'issuer' => $cert->getIssuerName(), |
||||
'issuerOrganization' => $cert->getIssuerOrganization() |
||||
)); |
||||
} catch(\Exception $e) { |
||||
OCP\JSON::error(array('error' => 'Couldn\'t import SSL root certificate, allowed formats: PEM and DER')); |
||||
} |
||||
@ -0,0 +1,7 @@ |
||||
<?php |
||||
OCP\JSON::checkLoggedIn(); |
||||
OCP\JSON::callCheck(); |
||||
|
||||
$name = $_POST['cert']; |
||||
$certificateManager = \OC::$server->getCertificateManager(); |
||||
$certificateManager->removeCertificate($name); |
||||
@ -0,0 +1,13 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIICATCCAWoCCQDNdmb4pJrUeDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
||||
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0 |
||||
cyBQdHkgTHRkMB4XDTE0MDgyNzA4NDg1MVoXDTE1MDgyNzA4NDg1MVowRTELMAkG |
||||
A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0 |
||||
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvrMe |
||||
x5D45HVMV2U4kqTU0mzHAihHT6r+OtO6g7S9yIlJZGGVcEet6An78Ow7aYM141eI |
||||
Jfbvqql7OIblHXSw7mvkw4bOQ1ee5lmJYOYCgaMNJ6mBLJfpK9xwidb0ZvhWOA8P |
||||
DLIiBKA3T5ChXCzilD5GF2+H/BXBE9lL9tuDjM0CAwEAATANBgkqhkiG9w0BAQUF |
||||
AAOBgQCJwfJe7j+aNkopw+P8uxobfOnMWU9XC4Pu+39TVLeakeSqu2Y8vJSHmkjF |
||||
WK3VXAJr33Eul5VP/3SWGwuRPd9X4i4iLh1gJfYvi9MJf1lQNYncGCM+xtdrNu2O |
||||
u0yexkOBRrapDYjcv58BiOaFgvFLquKvtVj9HlcYRfwfM77uKQ== |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,13 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIICATCCAWoCCQCjCIB6tCZ2sDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB |
||||
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0 |
||||
cyBQdHkgTHRkMB4XDTE0MDgyNzA5MTI0M1oXDTE0MDgyODA5MTI0M1owRTELMAkG |
||||
A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0 |
||||
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvrMe |
||||
x5D45HVMV2U4kqTU0mzHAihHT6r+OtO6g7S9yIlJZGGVcEet6An78Ow7aYM141eI |
||||
Jfbvqql7OIblHXSw7mvkw4bOQ1ee5lmJYOYCgaMNJ6mBLJfpK9xwidb0ZvhWOA8P |
||||
DLIiBKA3T5ChXCzilD5GF2+H/BXBE9lL9tuDjM0CAwEAATANBgkqhkiG9w0BAQUF |
||||
AAOBgQBuNClmOj3wudlX86nygcZgQT2+ZS8f1iJgM9lbrrkenT6tgcT1/YjcrN9C |
||||
BZR29Wz7htflpqverLUGZXh72K+gYercyR16Zu7zjt/NWuZldZmzJ3bUGq2HSoCX |
||||
2sDykAEuaDxUlzdJrztlOH4vPlRaGbxUogpC2hB1BQfxA90CIA== |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,15 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIICazCCAdQCCQCySF7HjQD78DANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJD |
||||
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFjAUBgNVBAoTDW93 |
||||
bkNsb3VkIEluYy4xETAPBgNVBAsTCFNlY3VyaXR5MR4wHAYDVQQDExVzZWN1cml0 |
||||
eS5vd25jbG91ZC5jb20wHhcNMTQwODI3MDg0NTUyWhcNMTUwODI3MDg0NTUyWjB6 |
||||
MQswCQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gx |
||||
FjAUBgNVBAoTDW93bkNsb3VkIEluYy4xETAPBgNVBAsTCFNlY3VyaXR5MR4wHAYD |
||||
VQQDExVzZWN1cml0eS5vd25jbG91ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A |
||||
MIGJAoGBAL55lB4RvU0pTyh7YsLCxPBq43xxkRZBxfZENoflCIUsBo7/mXNz2zVO |
||||
476oQ4L47heUOX3j8kemOgPmWEqA34JB8rusijCy5WqFBLnm4HsRLa66i+Jgd+Yl |
||||
QhcKvhGas1K/CVTG4oSLoAmA2coZUL94uxnRtd8aluflHMNGApIlAgMBAAEwDQYJ |
||||
KoZIhvcNAQEFBQADgYEADo08zWdOtIvCKFDnLbzRwIjSYTlAtQtQaULv7KQe3qIn |
||||
iaFAi6fAynHfdC8/2tvmSeniw0OZBkrfVGIVtUbwCSrljNSUY/lWrUR0pE61lb4r |
||||
DpX0JZjlk48XEaErRVDfu3wq6n/2nYg6HnaLOPwt8OSYYrxzvXlFPrKBH3q6R+M= |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,93 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
use \OC\Security\Certificate; |
||||
|
||||
class CertificateTest extends \PHPUnit_Framework_TestCase { |
||||
|
||||
/** @var Certificate That contains a valid certificate */ |
||||
protected $goodCertificate; |
||||
/** @var Certificate That contains an invalid certificate */ |
||||
protected $invalidCertificate; |
||||
/** @var Certificate That contains an expired certificate */ |
||||
protected $expiredCertificate; |
||||
|
||||
function setUp() { |
||||
$goodCertificate = file_get_contents(__DIR__ . '/../../data/certificates/goodCertificate.crt'); |
||||
$this->goodCertificate = new Certificate($goodCertificate, 'GoodCertificate'); |
||||
$badCertificate = file_get_contents(__DIR__ . '/../../data/certificates/badCertificate.crt'); |
||||
$this->invalidCertificate = new Certificate($badCertificate, 'BadCertificate'); |
||||
$expiredCertificate = file_get_contents(__DIR__ . '/../../data/certificates/expiredCertificate.crt'); |
||||
$this->expiredCertificate = new Certificate($expiredCertificate, 'ExpiredCertificate'); |
||||
} |
||||
|
||||
/** |
||||
* @expectedException \Exception |
||||
* @expectedExceptionMessage Certificate could not get parsed. |
||||
*/ |
||||
function testBogusData() { |
||||
new Certificate('foo', 'bar'); |
||||
} |
||||
|
||||
function testGetName() { |
||||
$this->assertSame('GoodCertificate', $this->goodCertificate->getName()); |
||||
$this->assertSame('BadCertificate', $this->invalidCertificate->getName()); |
||||
} |
||||
|
||||
function testGetCommonName() { |
||||
$this->assertSame('security.owncloud.com', $this->goodCertificate->getCommonName()); |
||||
$this->assertSame(null, $this->invalidCertificate->getCommonName()); |
||||
} |
||||
|
||||
function testGetOrganization() { |
||||
$this->assertSame('ownCloud Inc.', $this->goodCertificate->getOrganization()); |
||||
$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getOrganization()); |
||||
} |
||||
|
||||
function testGetSerial() { |
||||
$this->assertSame('7F:FF:FF:FF:FF:FF:FF:FF', $this->goodCertificate->getSerial()); |
||||
$this->assertSame('7F:FF:FF:FF:FF:FF:FF:FF', $this->invalidCertificate->getSerial()); |
||||
} |
||||
|
||||
function testGetIssueDate() { |
||||
$expected = new DateTime('2014-08-27 08:45:52 GMT'); |
||||
$this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getIssueDate()->getTimestamp()); |
||||
$expected = new DateTime('2014-08-27 08:48:51 GMT'); |
||||
$this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getIssueDate()->getTimestamp()); |
||||
} |
||||
|
||||
function testGetExpireDate() { |
||||
$expected = new DateTime('2015-08-27 08:45:52 GMT'); |
||||
$this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getExpireDate()->getTimestamp()); |
||||
$expected = new DateTime('2015-08-27 08:48:51 GMT'); |
||||
$this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getExpireDate()->getTimestamp()); |
||||
$expected = new DateTime('2014-08-28 09:12:43 GMT'); |
||||
$this->assertEquals($expected->getTimestamp(), $this->expiredCertificate->getExpireDate()->getTimestamp()); |
||||
} |
||||
|
||||
/** |
||||
* Obviously the following test case might fail after 2015-08-27, just create a new certificate with longer validity then |
||||
*/ |
||||
function testIsExpired() { |
||||
$this->assertSame(false, $this->goodCertificate->isExpired()); |
||||
$this->assertSame(false, $this->invalidCertificate->isExpired()); |
||||
$this->assertSame(true, $this->expiredCertificate->isExpired()); |
||||
} |
||||
|
||||
function testGetIssuerName() { |
||||
$this->assertSame('security.owncloud.com', $this->goodCertificate->getIssuerName()); |
||||
$this->assertSame(null, $this->invalidCertificate->getIssuerName()); |
||||
$this->assertSame(null, $this->expiredCertificate->getIssuerName()); |
||||
} |
||||
|
||||
function testGetIssuerOrganization() { |
||||
$this->assertSame('ownCloud Inc.', $this->goodCertificate->getIssuerOrganization()); |
||||
$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getIssuerOrganization()); |
||||
$this->assertSame('Internet Widgits Pty Ltd', $this->expiredCertificate->getIssuerOrganization()); |
||||
} |
||||
} |
||||
@ -0,0 +1,87 @@ |
||||
<?php |
||||
/** |
||||
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> |
||||
* This file is licensed under the Affero General Public License version 3 or |
||||
* later. |
||||
* See the COPYING-README file. |
||||
*/ |
||||
|
||||
use \OC\Security\CertificateManager; |
||||
|
||||
class CertificateManagerTest extends \PHPUnit_Framework_TestCase { |
||||
|
||||
/** @var CertificateManager */ |
||||
private $certificateManager; |
||||
/** @var String */ |
||||
private $username; |
||||
/** @var \OC\User\User */ |
||||
private $user; |
||||
|
||||
function setUp() { |
||||
$this->username = OC_Util::generateRandomBytes(20); |
||||
OC_User::createUser($this->username, OC_Util::generateRandomBytes(20)); |
||||
|
||||
\OC_Util::tearDownFS(); |
||||
\OC_User::setUserId(''); |
||||
\OC\Files\Filesystem::tearDown(); |
||||
\OC_Util::setupFS($this->username); |
||||
|
||||
$this->user = \OC::$server->getUserManager()->get($this->username); |
||||
|
||||
$this->certificateManager = new CertificateManager($this->user); |
||||
} |
||||
|
||||
function tearDown() { |
||||
\OC_User::deleteUser($this->username); |
||||
} |
||||
|
||||
protected function assertEqualsArrays($expected, $actual) { |
||||
sort($expected); |
||||
sort($actual); |
||||
|
||||
$this->assertEquals($expected, $actual); |
||||
} |
||||
|
||||
function testListCertificates() { |
||||
// Test empty certificate bundle |
||||
$this->assertSame(array(), $this->certificateManager->listCertificates()); |
||||
|
||||
// Add some certificates |
||||
$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); |
||||
$certificateStore = array(); |
||||
$certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); |
||||
$this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates()); |
||||
|
||||
// Add another certificates |
||||
$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate'); |
||||
$certificateStore[] = new \OC\Security\Certificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), 'ExpiredCertificate'); |
||||
$this->assertEqualsArrays($certificateStore, $this->certificateManager->listCertificates()); |
||||
} |
||||
|
||||
/** |
||||
* @expectedException \Exception |
||||
* @expectedExceptionMessage Certificate could not get parsed. |
||||
*/ |
||||
function testAddInvalidCertificate() { |
||||
$this->certificateManager->addCertificate('InvalidCertificate', 'invalidCertificate'); |
||||
} |
||||
|
||||
function testAddDangerousFile() { |
||||
$this->assertFalse($this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), '.htaccess')); |
||||
$this->assertFalse($this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/expiredCertificate.crt'), '../../foo.txt')); |
||||
} |
||||
|
||||
function testRemoveDangerousFile() { |
||||
$this->assertFalse($this->certificateManager->removeCertificate('../../foo.txt')); |
||||
} |
||||
|
||||
function testRemoveExistingFile() { |
||||
$this->certificateManager->addCertificate(file_get_contents(__DIR__.'/../../data/certificates/goodCertificate.crt'), 'GoodCertificate'); |
||||
$this->assertTrue($this->certificateManager->removeCertificate('GoodCertificate')); |
||||
} |
||||
|
||||
function testGetCertificateBundle() { |
||||
$this->assertSame($this->user->getHome().'/files_external/rootcerts.crt', $this->certificateManager->getCertificateBundle()); |
||||
} |
||||
|
||||
} |
||||
Loading…
Reference in new issue