fix(files_sharing): respect config to skip certificate verification

This is important especially for local development, as certificate are

self-signed.

Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>

[skip ci]

Author: salmart-dev

apps/files_sharing/lib/AppInfo/Application.php

@@ -90,7 +90,8 @@ public function register(IRegistrationContext $context): void {
 				function () use ($c) {
 					return $c->get(Manager::class);
 				},
-				$c->get(ICloudIdManager::class)
+				$c->get(ICloudIdManager::class),
+				$c->get(IConfig::class),
 			);
 		});
 

apps/files_sharing/lib/External/Manager.php

@@ -46,6 +46,7 @@
 use OCP\Files\NotFoundException;
 use OCP\Files\Storage\IStorageFactory;
 use OCP\Http\Client\IClientService;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
 use OCP\IUserManager;
@@ -98,6 +99,9 @@ class Manager {
 	/** @var LoggerInterface */
 	private $logger;
 
+	/** @var IConfig */
+	private $config;
+
 	public function __construct(
 		IDBConnection                   $connection,
 		\OC\Files\Mount\Manager         $mountManager,
@@ -111,7 +115,8 @@ public function __construct(
 		IUserManager                    $userManager,
 		IUserSession                    $userSession,
 		IEventDispatcher                $eventDispatcher,
-		LoggerInterface                 $logger
+		LoggerInterface                 $logger,
+		IConfig							$config,
 	) {
 		$user = $userSession->getUser();
 		$this->connection = $connection;
@@ -127,6 +132,7 @@ public function __construct(
 		$this->userManager = $userManager;
 		$this->eventDispatcher = $eventDispatcher;
 		$this->logger = $logger;
+		$tihs->config = $config;
 	}
 
 	/**
@@ -193,7 +199,8 @@ public function addShare($remote, $token, $password, $name, $owner, $shareType,
 			'token' => $token,
 			'password' => $password,
 			'mountpoint' => $mountPoint,
-			'owner' => $owner
+			'owner' => $owner,
+			'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'),
 		];
 		return $this->mountShare($options);
 	}

apps/files_sharing/lib/External/MountProvider.php

@@ -28,6 +28,7 @@
 use OCP\Federation\ICloudIdManager;
 use OCP\Files\Config\IMountProvider;
 use OCP\Files\Storage\IStorageFactory;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IUser;
 
@@ -49,15 +50,21 @@ class MountProvider implements IMountProvider {
 	 */
 	private $cloudIdManager;
 
+	/**
+	 * @var IConfig
+	 */
+	private $config;
+
 	/**
 	 * @param \OCP\IDBConnection $connection
 	 * @param callable $managerProvider due to setup order we need a callable that return the manager instead of the manager itself
 	 * @param ICloudIdManager $cloudIdManager
 	 */
-	public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager) {
+	public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager, IConfig $config) {
 		$this->connection = $connection;
 		$this->managerProvider = $managerProvider;
 		$this->cloudIdManager = $cloudIdManager;
+		$this->config = $config;
 	}
 
 	public function getMount(IUser $user, $data, IStorageFactory $storageFactory) {
@@ -69,6 +76,7 @@ public function getMount(IUser $user, $data, IStorageFactory $storageFactory) {
 		$data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']);
 		$data['certificateManager'] = \OC::$server->getCertificateManager();
 		$data['HttpClientService'] = \OC::$server->getHTTPClientService();
+		$data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates');
 		return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory);
 	}
 

apps/files_sharing/tests/External/ManagerTest.php

@@ -46,6 +46,7 @@
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\IResponse;
 use OCP\ICacheFactory;
+use OCP\IConfig;
 use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\IURLGenerator;
@@ -102,6 +103,7 @@ class ManagerTest extends TestCase {
 	private $testMountProvider;
 	/** @var IEventDispatcher|\PHPUnit\Framework\MockObject\MockObject */
 	private $eventDispatcher;
+	private IConfig $config;
 
 	protected function setUp(): void {
 		parent::setUp();
@@ -113,6 +115,7 @@ protected function setUp(): void {
 			->disableOriginalConstructor()->getMock();
 		$this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class);
 		$this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class);
+		$this->config = $this->createMock(IConfig::class);
 		$this->groupManager = $this->createMock(IGroupManager::class);
 		$this->userManager = $this->createMock(IUserManager::class);
 		$this->eventDispatcher = $this->createMock(IEventDispatcher::class);
@@ -136,7 +139,7 @@ protected function setUp(): void {
 			$this->userManager,
 			$this->createMock(ICacheFactory::class),
 			$this->createMock(IEventDispatcher::class)
-		));
+		), $this->config);
 
 		$group1 = $this->createMock(IGroup::class);
 		$group1->expects($this->any())->method('getGID')->willReturn('group1');
@@ -188,6 +191,7 @@ private function createManagerForUser($userId) {
 					$userSession,
 					$this->eventDispatcher,
 					$this->logger,
+					$this->config,
 				]
 			)->setMethods(['tryOCMEndPoint'])->getMock();
 	}

lib/private/Files/Storage/DAV.php

@@ -78,6 +78,7 @@ class DAV extends Common {
 	protected $host;
 	/** @var bool */
 	protected $secure;
+	protected bool $verify;
 	/** @var string */
 	protected $root;
 	/** @var string */
@@ -138,6 +139,7 @@ public function __construct($params) {
 					$this->secure = (bool)$params['secure'];
 				}
 			} else {
+				$this->verify = false;
 				$this->secure = false;
 			}
 			if ($this->secure === true) {
@@ -181,6 +183,9 @@ protected function init() {
 		$this->client->setThrowExceptions(true);
 
 		if ($this->secure === true) {
+			if ($this->verify === false) {
+				$this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false);
+			}
 			$certPath = $this->certManager->getAbsoluteBundlePath();
 			if (file_exists($certPath)) {
 				$this->certPath = $certPath;
@@ -368,7 +373,8 @@ public function fopen($path, $mode) {
 							'auth' => [$this->user, $this->password],
 							'stream' => true,
 							// set download timeout for users with slow connections or large files
-							'timeout' => $this->timeout
+							'timeout' => $this->timeout,
+							'verify' => $this->verify,
 						]);
 				} catch (\GuzzleHttp\Exception\ClientException $e) {
 					if ($e->getResponse() instanceof ResponseInterface
@@ -527,7 +533,8 @@ protected function uploadFile($path, $target) {
 				'body' => $source,
 				'auth' => [$this->user, $this->password],
 				// set upload timeout for users with slow connections or large files
-				'timeout' => $this->timeout
+				'timeout' => $this->timeout,
+				'verify' => $this->verify,
 			]);
 
 		$this->removeCachedFile($target);