Skip to content

Commit e7f8ab1

Browse files
juliusknorrjuliusknorr
authored
Merge pull request #47340 from nextcloud/fix/federation-certificate-store
fix(federation): Do not overwrite certificate bundle
2 parents 2a59f4f + 232c22f commit e7f8ab1

3 files changed

Lines changed: 46 additions & 43 deletions

File tree

apps/files_sharing/lib/External/Storage.php

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -259,19 +259,12 @@ private function testRemoteUrl(string $url): bool {
259259

260260
$client = $this->httpClient->newClient();
261261
try {
262-
$result = $client->get($url, [
263-
'timeout' => 10,
264-
'connect_timeout' => 10,
265-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
266-
])->getBody();
262+
$result = $client->get($url, $this->getDefaultRequestOptions())->getBody();
267263
$data = json_decode($result);
268264
$returnValue = (is_object($data) && !empty($data->version));
269-
} catch (ConnectException $e) {
270-
$returnValue = false;
271-
} catch (ClientException $e) {
272-
$returnValue = false;
273-
} catch (RequestException $e) {
265+
} catch (ConnectException|ClientException|RequestException $e) {
274266
$returnValue = false;
267+
$this->logger->warning('Failed to test remote URL', ['exception' => $e]);
275268
}
276269

277270
$cache->set($url, $returnValue, 60 * 60 * 24);
@@ -319,12 +312,11 @@ public function getShareInfo(int $depth = -1) {
319312
// TODO: DI
320313
$client = \OC::$server->getHTTPClientService()->newClient();
321314
try {
322-
$response = $client->post($url, [
315+
$response = $client->post($url, array_merge($this->getDefaultRequestOptions(), [
323316
'body' => ['password' => $password, 'depth' => $depth],
324-
'timeout' => 10,
325-
'connect_timeout' => 10,
326-
]);
317+
]));
327318
} catch (\GuzzleHttp\Exception\RequestException $e) {
319+
$this->logger->warning('Failed to fetch share info', ['exception' => $e]);
328320
if ($e->getCode() === Http::STATUS_UNAUTHORIZED || $e->getCode() === Http::STATUS_FORBIDDEN) {
329321
throw new ForbiddenException();
330322
}
@@ -422,4 +414,15 @@ protected function getDefaultPermissions(string $path): int {
422414
public function free_space($path) {
423415
return parent::free_space('');
424416
}
417+
418+
private function getDefaultRequestOptions(): array {
419+
$options = [
420+
'timeout' => 10,
421+
'connect_timeout' => 10,
422+
];
423+
if ($this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates')) {
424+
$options['verify'] = false;
425+
}
426+
return $options;
427+
}
425428
}

lib/private/Federation/CloudFederationProviderManager.php

Lines changed: 21 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -106,13 +106,9 @@ public function sendShare(ICloudFederationShare $share) {
106106

107107
$client = $this->httpClientService->newClient();
108108
try {
109-
$response = $client->post($ocmProvider->getEndPoint() . '/shares', [
109+
$response = $client->post($ocmProvider->getEndPoint() . '/shares', array_merge($this->getDefaultRequestOptions(), [
110110
'body' => json_encode($share->getShare()),
111-
'headers' => ['content-type' => 'application/json'],
112-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
113-
'timeout' => 10,
114-
'connect_timeout' => 10,
115-
]);
111+
]));
116112

117113
if ($response->getStatusCode() === Http::STATUS_CREATED) {
118114
$result = json_decode($response->getBody(), true);
@@ -143,13 +139,9 @@ public function sendCloudShare(ICloudFederationShare $share): IResponse {
143139

144140
$client = $this->httpClientService->newClient();
145141
try {
146-
return $client->post($ocmProvider->getEndPoint() . '/shares', [
142+
return $client->post($ocmProvider->getEndPoint() . '/shares', array_merge($this->getDefaultRequestOptions(), [
147143
'body' => json_encode($share->getShare()),
148-
'headers' => ['content-type' => 'application/json'],
149-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
150-
'timeout' => 10,
151-
'connect_timeout' => 10,
152-
]);
144+
]));
153145
} catch (\Throwable $e) {
154146
$this->logger->error('Error while sending share to federation server: ' . $e->getMessage(), ['exception' => $e]);
155147
try {
@@ -175,13 +167,9 @@ public function sendNotification($url, ICloudFederationNotification $notificatio
175167

176168
$client = $this->httpClientService->newClient();
177169
try {
178-
$response = $client->post($ocmProvider->getEndPoint() . '/notifications', [
170+
$response = $client->post($ocmProvider->getEndPoint() . '/notifications', array_merge($this->getDefaultRequestOptions(), [
179171
'body' => json_encode($notification->getMessage()),
180-
'headers' => ['content-type' => 'application/json'],
181-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
182-
'timeout' => 10,
183-
'connect_timeout' => 10,
184-
]);
172+
]));
185173
if ($response->getStatusCode() === Http::STATUS_CREATED) {
186174
$result = json_decode($response->getBody(), true);
187175
return (is_array($result)) ? $result : [];
@@ -205,13 +193,9 @@ public function sendCloudNotification(string $url, ICloudFederationNotification
205193

206194
$client = $this->httpClientService->newClient();
207195
try {
208-
return $client->post($ocmProvider->getEndPoint() . '/notifications', [
196+
return $client->post($ocmProvider->getEndPoint() . '/notifications', array_merge($this->getDefaultRequestOptions(), [
209197
'body' => json_encode($notification->getMessage()),
210-
'headers' => ['content-type' => 'application/json'],
211-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
212-
'timeout' => 10,
213-
'connect_timeout' => 10,
214-
]);
198+
]));
215199
} catch (\Throwable $e) {
216200
$this->logger->error('Error while sending notification to federation server: ' . $e->getMessage(), ['exception' => $e]);
217201
try {
@@ -230,4 +214,17 @@ public function sendCloudNotification(string $url, ICloudFederationNotification
230214
public function isReady() {
231215
return $this->appManager->isEnabledForUser('cloud_federation_api');
232216
}
217+
218+
private function getDefaultRequestOptions(): array {
219+
$options = [
220+
'headers' => ['content-type' => 'application/json'],
221+
'timeout' => 10,
222+
'connect_timeout' => 10,
223+
];
224+
225+
if ($this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates')) {
226+
$options['verify'] = false;
227+
}
228+
return $options;
229+
}
233230
}

lib/private/OCM/OCMDiscoveryService.php

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,16 @@ public function discover(string $remote, bool $skipCache = false): IOCMProvider
6666

6767
$client = $this->clientService->newClient();
6868
try {
69+
$options = [
70+
'timeout' => 10,
71+
'connect_timeout' => 10,
72+
];
73+
if ($this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates') === true) {
74+
$options['verify'] = false;
75+
}
6976
$response = $client->get(
7077
$remote . '/ocm-provider/',
71-
[
72-
'timeout' => 10,
73-
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'),
74-
'connect_timeout' => 10,
75-
]
78+
$options,
7679
);
7780

7881
if ($response->getStatusCode() === Http::STATUS_OK) {

0 commit comments

Comments
 (0)