You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1459 lines
51 KiB

Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
11 years ago
  1. <?php
  2. /**
  3. * @author Lukas Reschke <lukas@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2015, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  21. namespace Tests\Settings\Controller;
  22. use OC;
  23. use OC\DB\Connection;
  24. use OC\MemoryInfo;
  25. use OC\Security\SecureRandom;
  26. use OC\Settings\Controller\CheckSetupController;
  27. use OCP\AppFramework\Http;
  28. use OCP\AppFramework\Http\DataDisplayResponse;
  29. use OCP\AppFramework\Http\DataResponse;
  30. use OCP\AppFramework\Http\RedirectResponse;
  31. use OCP\Http\Client\IClientService;
  32. use OCP\IConfig;
  33. use OCP\IDateTimeFormatter;
  34. use OCP\IL10N;
  35. use OCP\ILogger;
  36. use OCP\IRequest;
  37. use OCP\IURLGenerator;
  38. use OC_Util;
  39. use OCP\Lock\ILockingProvider;
  40. use PHPUnit\Framework\MockObject\MockObject;
  41. use Psr\Http\Message\ResponseInterface;
  42. use Symfony\Component\EventDispatcher\EventDispatcher;
  43. use Test\TestCase;
  44. use OC\IntegrityCheck\Checker;
  45. /**
  46. * Class CheckSetupControllerTest
  47. *
  48. * @backupStaticAttributes
  49. * @package Tests\Settings\Controller
  50. */
  51. class CheckSetupControllerTest extends TestCase {
  52. /** @var CheckSetupController | \PHPUnit_Framework_MockObject_MockObject */
  53. private $checkSetupController;
  54. /** @var IRequest | \PHPUnit_Framework_MockObject_MockObject */
  55. private $request;
  56. /** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */
  57. private $config;
  58. /** @var IClientService | \PHPUnit_Framework_MockObject_MockObject*/
  59. private $clientService;
  60. /** @var IURLGenerator | \PHPUnit_Framework_MockObject_MockObject */
  61. private $urlGenerator;
  62. /** @var OC_Util */
  63. private $util;
  64. /** @var IL10N | \PHPUnit_Framework_MockObject_MockObject */
  65. private $l10n;
  66. /** @var ILogger */
  67. private $logger;
  68. /** @var Checker|\PHPUnit_Framework_MockObject_MockObject */
  69. private $checker;
  70. /** @var EventDispatcher|\PHPUnit_Framework_MockObject_MockObject */
  71. private $dispatcher;
  72. /** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
  73. private $db;
  74. /** @var ILockingProvider|\PHPUnit_Framework_MockObject_MockObject */
  75. private $lockingProvider;
  76. /** @var IDateTimeFormatter|\PHPUnit_Framework_MockObject_MockObject */
  77. private $dateTimeFormatter;
  78. /** @var MemoryInfo|MockObject */
  79. private $memoryInfo;
  80. /** @var SecureRandom|\PHPUnit_Framework_MockObject_MockObject */
  81. private $secureRandom;
  82. /**
  83. * Holds a list of directories created during tests.
  84. *
  85. * @var array
  86. */
  87. private $dirsToRemove = [];
  88. public function setUp() {
  89. parent::setUp();
  90. $this->request = $this->getMockBuilder(IRequest::class)
  91. ->disableOriginalConstructor()->getMock();
  92. $this->config = $this->getMockBuilder(IConfig::class)
  93. ->disableOriginalConstructor()->getMock();
  94. $this->clientService = $this->getMockBuilder(IClientService::class)
  95. ->disableOriginalConstructor()->getMock();
  96. $this->util = $this->getMockBuilder('\OC_Util')
  97. ->disableOriginalConstructor()->getMock();
  98. $this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)
  99. ->disableOriginalConstructor()->getMock();
  100. $this->l10n = $this->getMockBuilder(IL10N::class)
  101. ->disableOriginalConstructor()->getMock();
  102. $this->l10n->expects($this->any())
  103. ->method('t')
  104. ->will($this->returnCallback(function($message, array $replace) {
  105. return vsprintf($message, $replace);
  106. }));
  107. $this->dispatcher = $this->getMockBuilder(EventDispatcher::class)
  108. ->disableOriginalConstructor()->getMock();
  109. $this->checker = $this->getMockBuilder('\OC\IntegrityCheck\Checker')
  110. ->disableOriginalConstructor()->getMock();
  111. $this->logger = $this->getMockBuilder(ILogger::class)->getMock();
  112. $this->db = $this->getMockBuilder(Connection::class)
  113. ->disableOriginalConstructor()->getMock();
  114. $this->lockingProvider = $this->getMockBuilder(ILockingProvider::class)->getMock();
  115. $this->dateTimeFormatter = $this->getMockBuilder(IDateTimeFormatter::class)->getMock();
  116. $this->memoryInfo = $this->getMockBuilder(MemoryInfo::class)
  117. ->setMethods(['isMemoryLimitSufficient',])
  118. ->getMock();
  119. $this->secureRandom = $this->getMockBuilder(SecureRandom::class)->getMock();
  120. $this->checkSetupController = $this->getMockBuilder('\OC\Settings\Controller\CheckSetupController')
  121. ->setConstructorArgs([
  122. 'settings',
  123. $this->request,
  124. $this->config,
  125. $this->clientService,
  126. $this->urlGenerator,
  127. $this->util,
  128. $this->l10n,
  129. $this->checker,
  130. $this->logger,
  131. $this->dispatcher,
  132. $this->db,
  133. $this->lockingProvider,
  134. $this->dateTimeFormatter,
  135. $this->memoryInfo,
  136. $this->secureRandom,
  137. ])
  138. ->setMethods([
  139. 'isReadOnlyConfig',
  140. 'hasValidTransactionIsolationLevel',
  141. 'hasFileinfoInstalled',
  142. 'hasWorkingFileLocking',
  143. 'getLastCronInfo',
  144. 'getSuggestedOverwriteCliURL',
  145. 'getCurlVersion',
  146. 'isPhpOutdated',
  147. 'isOpcacheProperlySetup',
  148. 'hasFreeTypeSupport',
  149. 'hasMissingIndexes',
  150. 'isSqliteUsed',
  151. 'isPHPMailerUsed',
  152. 'hasOpcacheLoaded',
  153. 'getAppDirsWithDifferentOwner',
  154. 'hasRecommendedPHPModules',
  155. 'hasBigIntConversionPendingColumns',
  156. 'isMysqlUsedWithoutUTF8MB4',
  157. 'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed',
  158. ])->getMock();
  159. }
  160. /**
  161. * Removes directories created during tests.
  162. *
  163. * @after
  164. * @return void
  165. */
  166. public function removeTestDirectories() {
  167. foreach ($this->dirsToRemove as $dirToRemove) {
  168. rmdir($dirToRemove);
  169. }
  170. $this->dirsToRemove = [];
  171. }
  172. public function testIsInternetConnectionWorkingDisabledViaConfig() {
  173. $this->config->expects($this->once())
  174. ->method('getSystemValue')
  175. ->with('has_internet_connection', true)
  176. ->will($this->returnValue(false));
  177. $this->assertFalse(
  178. self::invokePrivate(
  179. $this->checkSetupController,
  180. 'isInternetConnectionWorking'
  181. )
  182. );
  183. }
  184. public function testIsInternetConnectionWorkingCorrectly() {
  185. $this->config->expects($this->at(0))
  186. ->method('getSystemValue')
  187. ->with('has_internet_connection', true)
  188. ->will($this->returnValue(true));
  189. $this->config->expects($this->at(1))
  190. ->method('getSystemValue')
  191. ->with('connectivity_check_domains', ['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org'])
  192. ->will($this->returnValue(['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org']));
  193. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  194. ->disableOriginalConstructor()->getMock();
  195. $client->expects($this->any())
  196. ->method('get');
  197. $this->clientService->expects($this->once())
  198. ->method('newClient')
  199. ->will($this->returnValue($client));
  200. $this->assertTrue(
  201. self::invokePrivate(
  202. $this->checkSetupController,
  203. 'isInternetConnectionWorking'
  204. )
  205. );
  206. }
  207. public function testIsInternetConnectionFail() {
  208. $this->config->expects($this->at(0))
  209. ->method('getSystemValue')
  210. ->with('has_internet_connection', true)
  211. ->will($this->returnValue(true));
  212. $this->config->expects($this->at(1))
  213. ->method('getSystemValue')
  214. ->with('connectivity_check_domains', ['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org'])
  215. ->will($this->returnValue(['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org']));
  216. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  217. ->disableOriginalConstructor()->getMock();
  218. $client->expects($this->any())
  219. ->method('get')
  220. ->will($this->throwException(new \Exception()));
  221. $this->clientService->expects($this->exactly(4))
  222. ->method('newClient')
  223. ->will($this->returnValue($client));
  224. $this->assertFalse(
  225. self::invokePrivate(
  226. $this->checkSetupController,
  227. 'isInternetConnectionWorking'
  228. )
  229. );
  230. }
  231. public function testIsMemcacheConfiguredFalse() {
  232. $this->config->expects($this->once())
  233. ->method('getSystemValue')
  234. ->with('memcache.local', null)
  235. ->will($this->returnValue(null));
  236. $this->assertFalse(
  237. self::invokePrivate(
  238. $this->checkSetupController,
  239. 'isMemcacheConfigured'
  240. )
  241. );
  242. }
  243. public function testIsMemcacheConfiguredTrue() {
  244. $this->config->expects($this->once())
  245. ->method('getSystemValue')
  246. ->with('memcache.local', null)
  247. ->will($this->returnValue('SomeProvider'));
  248. $this->assertTrue(
  249. self::invokePrivate(
  250. $this->checkSetupController,
  251. 'isMemcacheConfigured'
  252. )
  253. );
  254. }
  255. public function testIsPhpSupportedFalse() {
  256. $this->checkSetupController
  257. ->expects($this->once())
  258. ->method('isPhpOutdated')
  259. ->willReturn(true);
  260. $this->assertEquals(
  261. ['eol' => true, 'version' => PHP_VERSION],
  262. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  263. );
  264. }
  265. public function testIsPhpSupportedTrue() {
  266. $this->checkSetupController
  267. ->expects($this->exactly(2))
  268. ->method('isPhpOutdated')
  269. ->willReturn(false);
  270. $this->assertEquals(
  271. ['eol' => false, 'version' => PHP_VERSION],
  272. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  273. );
  274. $this->assertEquals(
  275. ['eol' => false, 'version' => PHP_VERSION],
  276. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  277. );
  278. }
  279. /**
  280. * @dataProvider dataForwardedForHeadersWorking
  281. *
  282. * @param array $trustedProxies
  283. * @param string $remoteAddrNotForwarded
  284. * @param string $remoteAddr
  285. * @param bool $result
  286. */
  287. public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, bool $result) {
  288. $this->config->expects($this->once())
  289. ->method('getSystemValue')
  290. ->with('trusted_proxies', [])
  291. ->willReturn($trustedProxies);
  292. $this->request->expects($this->atLeastOnce())
  293. ->method('getHeader')
  294. ->willReturnMap([
  295. ['REMOTE_ADDR', $remoteAddrNotForwarded],
  296. ['X-Forwarded-Host', '']
  297. ]);
  298. $this->request->expects($this->any())
  299. ->method('getRemoteAddress')
  300. ->willReturn($remoteAddr);
  301. $this->assertEquals(
  302. $result,
  303. self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
  304. );
  305. }
  306. public function dataForwardedForHeadersWorking() {
  307. return [
  308. // description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
  309. 'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', true],
  310. 'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', true],
  311. 'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', true],
  312. 'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', false],
  313. ];
  314. }
  315. public function testForwardedHostPresentButTrustedProxiesEmpty() {
  316. $this->config->expects($this->once())
  317. ->method('getSystemValue')
  318. ->with('trusted_proxies', [])
  319. ->willReturn([]);
  320. $this->request->expects($this->atLeastOnce())
  321. ->method('getHeader')
  322. ->willReturnMap([
  323. ['REMOTE_ADDR', '1.1.1.1'],
  324. ['X-Forwarded-Host', 'nextcloud.test']
  325. ]);
  326. $this->request->expects($this->any())
  327. ->method('getRemoteAddress')
  328. ->willReturn('1.1.1.1');
  329. $this->assertEquals(
  330. false,
  331. self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
  332. );
  333. }
  334. public function testCheck() {
  335. $this->config->expects($this->at(0))
  336. ->method('getAppValue')
  337. ->with('core', 'cronErrors')
  338. ->willReturn('');
  339. $this->config->expects($this->at(2))
  340. ->method('getSystemValue')
  341. ->with('connectivity_check_domains', ['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org'])
  342. ->will($this->returnValue(['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org']));
  343. $this->config->expects($this->at(3))
  344. ->method('getSystemValue')
  345. ->with('memcache.local', null)
  346. ->will($this->returnValue('SomeProvider'));
  347. $this->config->expects($this->at(4))
  348. ->method('getSystemValue')
  349. ->with('has_internet_connection', true)
  350. ->will($this->returnValue(true));
  351. $this->config->expects($this->at(5))
  352. ->method('getSystemValue')
  353. ->with('appstoreenabled', true)
  354. ->will($this->returnValue(false));
  355. $this->request->expects($this->atLeastOnce())
  356. ->method('getHeader')
  357. ->willReturnMap([
  358. ['REMOTE_ADDR', '4.3.2.1'],
  359. ['X-Forwarded-Host', '']
  360. ]);
  361. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  362. ->disableOriginalConstructor()->getMock();
  363. $client->expects($this->at(0))
  364. ->method('get')
  365. ->with('http://www.nextcloud.com/', [])
  366. ->will($this->throwException(new \Exception()));
  367. $client->expects($this->at(1))
  368. ->method('get')
  369. ->with('http://www.startpage.com/', [])
  370. ->will($this->throwException(new \Exception()));
  371. $client->expects($this->at(2))
  372. ->method('get')
  373. ->with('http://www.eff.org/', [])
  374. ->will($this->throwException(new \Exception()));
  375. $client->expects($this->at(3))
  376. ->method('get')
  377. ->with('http://www.edri.org/', [])
  378. ->will($this->throwException(new \Exception()));
  379. $this->clientService->expects($this->exactly(4))
  380. ->method('newClient')
  381. ->will($this->returnValue($client));
  382. $this->urlGenerator->expects($this->at(0))
  383. ->method('linkToDocs')
  384. ->with('admin-performance')
  385. ->willReturn('http://docs.example.org/server/go.php?to=admin-performance');
  386. $this->urlGenerator->expects($this->at(1))
  387. ->method('linkToDocs')
  388. ->with('admin-security')
  389. ->willReturn('https://docs.example.org/server/8.1/admin_manual/configuration_server/hardening.html');
  390. $this->checkSetupController
  391. ->expects($this->once())
  392. ->method('isPhpOutdated')
  393. ->willReturn(true);
  394. $this->checkSetupController
  395. ->expects($this->once())
  396. ->method('isOpcacheProperlySetup')
  397. ->willReturn(false);
  398. $this->urlGenerator->expects($this->at(2))
  399. ->method('linkToDocs')
  400. ->with('admin-reverse-proxy')
  401. ->willReturn('reverse-proxy-doc-link');
  402. $this->urlGenerator->expects($this->at(3))
  403. ->method('linkToDocs')
  404. ->with('admin-code-integrity')
  405. ->willReturn('http://docs.example.org/server/go.php?to=admin-code-integrity');
  406. $this->urlGenerator->expects($this->at(4))
  407. ->method('linkToDocs')
  408. ->with('admin-php-opcache')
  409. ->willReturn('http://docs.example.org/server/go.php?to=admin-php-opcache');
  410. $this->urlGenerator->expects($this->at(5))
  411. ->method('linkToDocs')
  412. ->with('admin-db-conversion')
  413. ->willReturn('http://docs.example.org/server/go.php?to=admin-db-conversion');
  414. $this->urlGenerator->expects($this->at(6))
  415. ->method('getAbsoluteURL')
  416. ->with('index.php/settings/admin')
  417. ->willReturn('https://server/index.php/settings/admin');
  418. $this->checkSetupController
  419. ->method('hasFreeTypeSupport')
  420. ->willReturn(false);
  421. $this->checkSetupController
  422. ->method('hasMissingIndexes')
  423. ->willReturn([]);
  424. $this->checkSetupController
  425. ->method('isSqliteUsed')
  426. ->willReturn(false);
  427. $this->checkSetupController
  428. ->expects($this->once())
  429. ->method('isReadOnlyConfig')
  430. ->willReturn(false);
  431. $this->checkSetupController
  432. ->expects($this->once())
  433. ->method('hasValidTransactionIsolationLevel')
  434. ->willReturn(true);
  435. $this->checkSetupController
  436. ->expects($this->once())
  437. ->method('hasFileinfoInstalled')
  438. ->willReturn(true);
  439. $this->checkSetupController
  440. ->expects($this->once())
  441. ->method('hasOpcacheLoaded')
  442. ->willReturn(true);
  443. $this->checkSetupController
  444. ->expects($this->once())
  445. ->method('hasWorkingFileLocking')
  446. ->willReturn(true);
  447. $this->checkSetupController
  448. ->expects($this->once())
  449. ->method('getSuggestedOverwriteCliURL')
  450. ->willReturn('');
  451. $this->checkSetupController
  452. ->expects($this->once())
  453. ->method('getLastCronInfo')
  454. ->willReturn([
  455. 'diffInSeconds' => 123,
  456. 'relativeTime' => '2 hours ago',
  457. 'backgroundJobsUrl' => 'https://example.org',
  458. ]);
  459. $this->checkSetupController
  460. ->expects($this->once())
  461. ->method('isPHPMailerUsed')
  462. ->willReturn(false);
  463. $this->checker
  464. ->expects($this->once())
  465. ->method('hasPassedCheck')
  466. ->willReturn(true);
  467. $this->memoryInfo
  468. ->method('isMemoryLimitSufficient')
  469. ->willReturn(true);
  470. $this->checkSetupController
  471. ->expects($this->once())
  472. ->method('getAppDirsWithDifferentOwner')
  473. ->willReturn([]);
  474. $this->checkSetupController
  475. ->expects($this->once())
  476. ->method('hasRecommendedPHPModules')
  477. ->willReturn([]);
  478. $this->checkSetupController
  479. ->expects($this->once())
  480. ->method('hasBigIntConversionPendingColumns')
  481. ->willReturn([]);
  482. $this->checkSetupController
  483. ->expects($this->once())
  484. ->method('isMysqlUsedWithoutUTF8MB4')
  485. ->willReturn(false);
  486. $this->checkSetupController
  487. ->expects($this->once())
  488. ->method('isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed')
  489. ->willReturn(true);
  490. $expected = new DataResponse(
  491. [
  492. 'isGetenvServerWorking' => true,
  493. 'isReadOnlyConfig' => false,
  494. 'hasValidTransactionIsolationLevel' => true,
  495. 'hasFileinfoInstalled' => true,
  496. 'hasWorkingFileLocking' => true,
  497. 'suggestedOverwriteCliURL' => '',
  498. 'cronInfo' => [
  499. 'diffInSeconds' => 123,
  500. 'relativeTime' => '2 hours ago',
  501. 'backgroundJobsUrl' => 'https://example.org',
  502. ],
  503. 'cronErrors' => [],
  504. 'serverHasInternetConnection' => false,
  505. 'isMemcacheConfigured' => true,
  506. 'memcacheDocs' => 'http://docs.example.org/server/go.php?to=admin-performance',
  507. 'isRandomnessSecure' => self::invokePrivate($this->checkSetupController, 'isRandomnessSecure'),
  508. 'securityDocs' => 'https://docs.example.org/server/8.1/admin_manual/configuration_server/hardening.html',
  509. 'isUsedTlsLibOutdated' => '',
  510. 'phpSupported' => [
  511. 'eol' => true,
  512. 'version' => PHP_VERSION
  513. ],
  514. 'forwardedForHeadersWorking' => true,
  515. 'reverseProxyDocs' => 'reverse-proxy-doc-link',
  516. 'isCorrectMemcachedPHPModuleInstalled' => true,
  517. 'hasPassedCodeIntegrityCheck' => true,
  518. 'codeIntegrityCheckerDocumentation' => 'http://docs.example.org/server/go.php?to=admin-code-integrity',
  519. 'isOpcacheProperlySetup' => false,
  520. 'hasOpcacheLoaded' => true,
  521. 'phpOpcacheDocumentation' => 'http://docs.example.org/server/go.php?to=admin-php-opcache',
  522. 'isSettimelimitAvailable' => true,
  523. 'hasFreeTypeSupport' => false,
  524. 'isSqliteUsed' => false,
  525. 'databaseConversionDocumentation' => 'http://docs.example.org/server/go.php?to=admin-db-conversion',
  526. 'missingIndexes' => [],
  527. 'isPHPMailerUsed' => false,
  528. 'mailSettingsDocumentation' => 'https://server/index.php/settings/admin',
  529. 'isMemoryLimitSufficient' => true,
  530. 'appDirsWithDifferentOwner' => [],
  531. 'recommendedPHPModules' => [],
  532. 'pendingBigIntConversionColumns' => [],
  533. 'isMysqlUsedWithoutUTF8MB4' => false,
  534. 'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed' => true,
  535. ]
  536. );
  537. $this->assertEquals($expected, $this->checkSetupController->check());
  538. }
  539. public function testIsPHPMailerUsed() {
  540. $checkSetupController = $this->getMockBuilder('\OC\Settings\Controller\CheckSetupController')
  541. ->setConstructorArgs([
  542. 'settings',
  543. $this->request,
  544. $this->config,
  545. $this->clientService,
  546. $this->urlGenerator,
  547. $this->util,
  548. $this->l10n,
  549. $this->checker,
  550. $this->logger,
  551. $this->dispatcher,
  552. $this->db,
  553. $this->lockingProvider,
  554. $this->dateTimeFormatter,
  555. $this->memoryInfo,
  556. $this->secureRandom,
  557. ])
  558. ->setMethods(null)->getMock();
  559. $this->config->expects($this->at(0))
  560. ->method('getSystemValue')
  561. ->with('mail_smtpmode', 'smtp')
  562. ->will($this->returnValue('php'));
  563. $this->config->expects($this->at(1))
  564. ->method('getSystemValue')
  565. ->with('mail_smtpmode', 'smtp')
  566. ->will($this->returnValue('not-php'));
  567. $this->assertTrue($this->invokePrivate($checkSetupController, 'isPHPMailerUsed'));
  568. $this->assertFalse($this->invokePrivate($checkSetupController, 'isPHPMailerUsed'));
  569. }
  570. public function testGetCurlVersion() {
  571. $checkSetupController = $this->getMockBuilder('\OC\Settings\Controller\CheckSetupController')
  572. ->setConstructorArgs([
  573. 'settings',
  574. $this->request,
  575. $this->config,
  576. $this->clientService,
  577. $this->urlGenerator,
  578. $this->util,
  579. $this->l10n,
  580. $this->checker,
  581. $this->logger,
  582. $this->dispatcher,
  583. $this->db,
  584. $this->lockingProvider,
  585. $this->dateTimeFormatter,
  586. $this->memoryInfo,
  587. $this->secureRandom,
  588. ])
  589. ->setMethods(null)->getMock();
  590. $this->assertArrayHasKey('ssl_version', $this->invokePrivate($checkSetupController, 'getCurlVersion'));
  591. }
  592. public function testIsUsedTlsLibOutdatedWithAnotherLibrary() {
  593. $this->config->expects($this->any())
  594. ->method('getSystemValue')
  595. ->will($this->returnValue(true));
  596. $this->checkSetupController
  597. ->expects($this->once())
  598. ->method('getCurlVersion')
  599. ->will($this->returnValue(['ssl_version' => 'SSLlib']));
  600. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  601. }
  602. public function testIsUsedTlsLibOutdatedWithMisbehavingCurl() {
  603. $this->config->expects($this->any())
  604. ->method('getSystemValue')
  605. ->will($this->returnValue(true));
  606. $this->checkSetupController
  607. ->expects($this->once())
  608. ->method('getCurlVersion')
  609. ->will($this->returnValue([]));
  610. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  611. }
  612. public function testIsUsedTlsLibOutdatedWithOlderOpenSsl() {
  613. $this->config->expects($this->any())
  614. ->method('getSystemValue')
  615. ->will($this->returnValue(true));
  616. $this->checkSetupController
  617. ->expects($this->once())
  618. ->method('getCurlVersion')
  619. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1c']));
  620. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.1c). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  621. }
  622. public function testIsUsedTlsLibOutdatedWithOlderOpenSslAndWithoutAppstore() {
  623. $this->config
  624. ->expects($this->at(0))
  625. ->method('getSystemValue')
  626. ->with('has_internet_connection', true)
  627. ->will($this->returnValue(true));
  628. $this->checkSetupController
  629. ->expects($this->once())
  630. ->method('getCurlVersion')
  631. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1c']));
  632. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.1c). Please update your operating system or features such as Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  633. }
  634. public function testIsUsedTlsLibOutdatedWithOlderOpenSsl1() {
  635. $this->config->expects($this->any())
  636. ->method('getSystemValue')
  637. ->will($this->returnValue(true));
  638. $this->checkSetupController
  639. ->expects($this->once())
  640. ->method('getCurlVersion')
  641. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.2a']));
  642. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.2a). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  643. }
  644. public function testIsUsedTlsLibOutdatedWithMatchingOpenSslVersion() {
  645. $this->config->expects($this->any())
  646. ->method('getSystemValue')
  647. ->will($this->returnValue(true));
  648. $this->checkSetupController
  649. ->expects($this->once())
  650. ->method('getCurlVersion')
  651. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1d']));
  652. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  653. }
  654. public function testIsUsedTlsLibOutdatedWithMatchingOpenSslVersion1() {
  655. $this->config->expects($this->any())
  656. ->method('getSystemValue')
  657. ->will($this->returnValue(true));
  658. $this->checkSetupController
  659. ->expects($this->once())
  660. ->method('getCurlVersion')
  661. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.2b']));
  662. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  663. }
  664. /**
  665. * Setups a temp directory and some subdirectories.
  666. * Then calls the 'getAppDirsWithDifferentOwner' method.
  667. * The result is expected to be empty since
  668. * there are no directories with different owners than the current user.
  669. *
  670. * @return void
  671. */
  672. public function testAppDirectoryOwnersOk() {
  673. $tempDir = tempnam(sys_get_temp_dir(), 'apps') . 'dir';
  674. mkdir($tempDir);
  675. mkdir($tempDir . DIRECTORY_SEPARATOR . 'app1');
  676. mkdir($tempDir . DIRECTORY_SEPARATOR . 'app2');
  677. $this->dirsToRemove[] = $tempDir . DIRECTORY_SEPARATOR . 'app1';
  678. $this->dirsToRemove[] = $tempDir . DIRECTORY_SEPARATOR . 'app2';
  679. $this->dirsToRemove[] = $tempDir;
  680. OC::$APPSROOTS = [
  681. [
  682. 'path' => $tempDir,
  683. 'url' => '/apps',
  684. 'writable' => true,
  685. ],
  686. ];
  687. $this->assertSame(
  688. [],
  689. $this->invokePrivate($this->checkSetupController, 'getAppDirsWithDifferentOwner')
  690. );
  691. }
  692. /**
  693. * Calls the check for a none existing app root that is marked as not writable.
  694. * It's expected that no error happens since the check shouldn't apply.
  695. *
  696. * @return void
  697. */
  698. public function testAppDirectoryOwnersNotWritable() {
  699. $tempDir = tempnam(sys_get_temp_dir(), 'apps') . 'dir';
  700. OC::$APPSROOTS = [
  701. [
  702. 'path' => $tempDir,
  703. 'url' => '/apps',
  704. 'writable' => false,
  705. ],
  706. ];
  707. $this->assertSame(
  708. [],
  709. $this->invokePrivate($this->checkSetupController, 'getAppDirsWithDifferentOwner')
  710. );
  711. }
  712. public function testIsBuggyNss400() {
  713. $this->config->expects($this->any())
  714. ->method('getSystemValue')
  715. ->will($this->returnValue(true));
  716. $this->checkSetupController
  717. ->expects($this->once())
  718. ->method('getCurlVersion')
  719. ->will($this->returnValue(['ssl_version' => 'NSS/1.0.2b']));
  720. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  721. ->disableOriginalConstructor()->getMock();
  722. $exception = $this->getMockBuilder('\GuzzleHttp\Exception\ClientException')
  723. ->disableOriginalConstructor()->getMock();
  724. $response = $this->getMockBuilder(ResponseInterface::class)
  725. ->disableOriginalConstructor()->getMock();
  726. $response->expects($this->once())
  727. ->method('getStatusCode')
  728. ->will($this->returnValue(400));
  729. $exception->expects($this->once())
  730. ->method('getResponse')
  731. ->will($this->returnValue($response));
  732. $client->expects($this->at(0))
  733. ->method('get')
  734. ->with('https://nextcloud.com/', [])
  735. ->will($this->throwException($exception));
  736. $this->clientService->expects($this->once())
  737. ->method('newClient')
  738. ->will($this->returnValue($client));
  739. $this->assertSame('cURL is using an outdated NSS version (NSS/1.0.2b). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  740. }
  741. public function testIsBuggyNss200() {
  742. $this->config->expects($this->any())
  743. ->method('getSystemValue')
  744. ->will($this->returnValue(true));
  745. $this->checkSetupController
  746. ->expects($this->once())
  747. ->method('getCurlVersion')
  748. ->will($this->returnValue(['ssl_version' => 'NSS/1.0.2b']));
  749. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  750. ->disableOriginalConstructor()->getMock();
  751. $exception = $this->getMockBuilder('\GuzzleHttp\Exception\ClientException')
  752. ->disableOriginalConstructor()->getMock();
  753. $response = $this->getMockBuilder(ResponseInterface::class)
  754. ->disableOriginalConstructor()->getMock();
  755. $response->expects($this->once())
  756. ->method('getStatusCode')
  757. ->will($this->returnValue(200));
  758. $exception->expects($this->once())
  759. ->method('getResponse')
  760. ->will($this->returnValue($response));
  761. $client->expects($this->at(0))
  762. ->method('get')
  763. ->with('https://nextcloud.com/', [])
  764. ->will($this->throwException($exception));
  765. $this->clientService->expects($this->once())
  766. ->method('newClient')
  767. ->will($this->returnValue($client));
  768. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  769. }
  770. public function testIsUsedTlsLibOutdatedWithInternetDisabled() {
  771. $this->config
  772. ->expects($this->at(0))
  773. ->method('getSystemValue')
  774. ->with('has_internet_connection', true)
  775. ->will($this->returnValue(false));
  776. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  777. }
  778. public function testIsUsedTlsLibOutdatedWithAppstoreDisabledAndServerToServerSharingEnabled() {
  779. $this->config
  780. ->expects($this->at(0))
  781. ->method('getSystemValue')
  782. ->with('has_internet_connection', true)
  783. ->will($this->returnValue(true));
  784. $this->config
  785. ->expects($this->at(1))
  786. ->method('getSystemValue')
  787. ->with('appstoreenabled', true)
  788. ->will($this->returnValue(false));
  789. $this->config
  790. ->expects($this->at(2))
  791. ->method('getAppValue')
  792. ->with('files_sharing', 'outgoing_server2server_share_enabled', 'yes')
  793. ->will($this->returnValue('no'));
  794. $this->config
  795. ->expects($this->at(3))
  796. ->method('getAppValue')
  797. ->with('files_sharing', 'incoming_server2server_share_enabled', 'yes')
  798. ->will($this->returnValue('yes'));
  799. $this->checkSetupController
  800. ->expects($this->once())
  801. ->method('getCurlVersion')
  802. ->will($this->returnValue([]));
  803. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  804. }
  805. public function testIsUsedTlsLibOutdatedWithAppstoreDisabledAndServerToServerSharingDisabled() {
  806. $this->config
  807. ->expects($this->at(0))
  808. ->method('getSystemValue')
  809. ->with('has_internet_connection', true)
  810. ->will($this->returnValue(true));
  811. $this->config
  812. ->expects($this->at(1))
  813. ->method('getSystemValue')
  814. ->with('appstoreenabled', true)
  815. ->will($this->returnValue(false));
  816. $this->config
  817. ->expects($this->at(2))
  818. ->method('getAppValue')
  819. ->with('files_sharing', 'outgoing_server2server_share_enabled', 'yes')
  820. ->will($this->returnValue('no'));
  821. $this->config
  822. ->expects($this->at(3))
  823. ->method('getAppValue')
  824. ->with('files_sharing', 'incoming_server2server_share_enabled', 'yes')
  825. ->will($this->returnValue('no'));
  826. $this->checkSetupController
  827. ->expects($this->never())
  828. ->method('getCurlVersion')
  829. ->will($this->returnValue([]));
  830. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  831. }
  832. public function testRescanFailedIntegrityCheck() {
  833. $this->checker
  834. ->expects($this->once())
  835. ->method('runInstanceVerification');
  836. $this->urlGenerator
  837. ->expects($this->once())
  838. ->method('linkToRoute')
  839. ->with('settings.AdminSettings.index')
  840. ->will($this->returnValue('/admin'));
  841. $expected = new RedirectResponse('/admin');
  842. $this->assertEquals($expected, $this->checkSetupController->rescanFailedIntegrityCheck());
  843. }
  844. public function testGetFailedIntegrityCheckDisabled() {
  845. $this->checker
  846. ->expects($this->once())
  847. ->method('isCodeCheckEnforced')
  848. ->willReturn(false);
  849. $expected = new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
  850. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  851. }
  852. public function testGetFailedIntegrityCheckFilesWithNoErrorsFound() {
  853. $this->checker
  854. ->expects($this->once())
  855. ->method('isCodeCheckEnforced')
  856. ->willReturn(true);
  857. $this->checker
  858. ->expects($this->once())
  859. ->method('getResults')
  860. ->will($this->returnValue([]));
  861. $expected = new DataDisplayResponse(
  862. 'No errors have been found.',
  863. Http::STATUS_OK,
  864. [
  865. 'Content-Type' => 'text/plain',
  866. ]
  867. );
  868. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  869. }
  870. public function testGetFailedIntegrityCheckFilesWithSomeErrorsFound() {
  871. $this->checker
  872. ->expects($this->once())
  873. ->method('isCodeCheckEnforced')
  874. ->willReturn(true);
  875. $this->checker
  876. ->expects($this->once())
  877. ->method('getResults')
  878. ->will($this->returnValue(array ( 'core' => array ( 'EXTRA_FILE' => array('/testfile' => array()), 'INVALID_HASH' => array ( '/.idea/workspace.xml' => array ( 'expected' => 'f1c5e2630d784bc9cb02d5a28f55d6f24d06dae2a0fee685f3c2521b050955d9d452769f61454c9ddfa9c308146ade10546cfa829794448eaffbc9a04a29d216', 'current' => 'ce08bf30bcbb879a18b49239a9bec6b8702f52452f88a9d32142cad8d2494d5735e6bfa0d8642b2762c62ca5be49f9bf4ec231d4a230559d4f3e2c471d3ea094', ), '/lib/private/integritycheck/checker.php' => array ( 'expected' => 'c5a03bacae8dedf8b239997901ba1fffd2fe51271d13a00cc4b34b09cca5176397a89fc27381cbb1f72855fa18b69b6f87d7d5685c3b45aee373b09be54742ea', 'current' => '88a3a92c11db91dec1ac3be0e1c87f862c95ba6ffaaaa3f2c3b8f682187c66f07af3a3b557a868342ef4a271218fe1c1e300c478e6c156c5955ed53c40d06585', ), '/settings/controller/checksetupcontroller.php' => array ( 'expected' => '3e1de26ce93c7bfe0ede7c19cb6c93cadc010340225b375607a7178812e9de163179b0dc33809f451e01f491d93f6f5aaca7929685d21594cccf8bda732327c4', 'current' => '09563164f9904a837f9ca0b5f626db56c838e5098e0ccc1d8b935f68fa03a25c5ec6f6b2d9e44a868e8b85764dafd1605522b4af8db0ae269d73432e9a01e63a', ), ), ), 'bookmarks' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'dav' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'encryption' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'external' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'federation' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_antivirus' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_drop' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_external' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_pdfviewer' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_sharing' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_trashbin' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_versions' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_videoviewer' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'firstrunwizard' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'gitsmart' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'logreader' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature could not get verified.', ), ), 'password_policy' => array ( 'EXCEPTION' => array ( 'class' => 'OC\
  879. $expected = new DataDisplayResponse(
  880. 'Technical information
  881. =====================
  882. The following list covers which files have failed the integrity check. Please read
  883. the previous linked documentation to learn more about the errors and how to fix
  884. them.
  885. Results
  886. =======
  887. - core
  888. - EXTRA_FILE
  889. - /testfile
  890. - INVALID_HASH
  891. - /.idea/workspace.xml
  892. - /lib/private/integritycheck/checker.php
  893. - /settings/controller/checksetupcontroller.php
  894. - bookmarks
  895. - EXCEPTION
  896. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  897. - Signature data not found.
  898. - dav
  899. - EXCEPTION
  900. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  901. - Signature data not found.
  902. - encryption
  903. - EXCEPTION
  904. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  905. - Signature data not found.
  906. - external
  907. - EXCEPTION
  908. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  909. - Signature data not found.
  910. - federation
  911. - EXCEPTION
  912. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  913. - Signature data not found.
  914. - files
  915. - EXCEPTION
  916. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  917. - Signature data not found.
  918. - files_antivirus
  919. - EXCEPTION
  920. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  921. - Signature data not found.
  922. - files_drop
  923. - EXCEPTION
  924. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  925. - Signature data not found.
  926. - files_external
  927. - EXCEPTION
  928. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  929. - Signature data not found.
  930. - files_pdfviewer
  931. - EXCEPTION
  932. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  933. - Signature data not found.
  934. - files_sharing
  935. - EXCEPTION
  936. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  937. - Signature data not found.
  938. - files_trashbin
  939. - EXCEPTION
  940. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  941. - Signature data not found.
  942. - files_versions
  943. - EXCEPTION
  944. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  945. - Signature data not found.
  946. - files_videoviewer
  947. - EXCEPTION
  948. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  949. - Signature data not found.
  950. - firstrunwizard
  951. - EXCEPTION
  952. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  953. - Signature data not found.
  954. - gitsmart
  955. - EXCEPTION
  956. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  957. - Signature data not found.
  958. - logreader
  959. - EXCEPTION
  960. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  961. - Signature could not get verified.
  962. - password_policy
  963. - EXCEPTION
  964. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  965. - Signature data not found.
  966. - provisioning_api
  967. - EXCEPTION
  968. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  969. - Signature data not found.
  970. - sketch
  971. - EXCEPTION
  972. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  973. - Signature data not found.
  974. - threatblock
  975. - EXCEPTION
  976. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  977. - Signature data not found.
  978. - two_factor_auth
  979. - EXCEPTION
  980. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  981. - Signature data not found.
  982. - user_ldap
  983. - EXCEPTION
  984. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  985. - Signature data not found.
  986. - user_shibboleth
  987. - EXCEPTION
  988. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  989. - Signature data not found.
  990. Raw output
  991. ==========
  992. Array
  993. (
  994. [core] => Array
  995. (
  996. [EXTRA_FILE] => Array
  997. (
  998. [/testfile] => Array
  999. (
  1000. )
  1001. )
  1002. [INVALID_HASH] => Array
  1003. (
  1004. [/.idea/workspace.xml] => Array
  1005. (
  1006. [expected] => f1c5e2630d784bc9cb02d5a28f55d6f24d06dae2a0fee685f3c2521b050955d9d452769f61454c9ddfa9c308146ade10546cfa829794448eaffbc9a04a29d216
  1007. [current] => ce08bf30bcbb879a18b49239a9bec6b8702f52452f88a9d32142cad8d2494d5735e6bfa0d8642b2762c62ca5be49f9bf4ec231d4a230559d4f3e2c471d3ea094
  1008. )
  1009. [/lib/private/integritycheck/checker.php] => Array
  1010. (
  1011. [expected] => c5a03bacae8dedf8b239997901ba1fffd2fe51271d13a00cc4b34b09cca5176397a89fc27381cbb1f72855fa18b69b6f87d7d5685c3b45aee373b09be54742ea
  1012. [current] => 88a3a92c11db91dec1ac3be0e1c87f862c95ba6ffaaaa3f2c3b8f682187c66f07af3a3b557a868342ef4a271218fe1c1e300c478e6c156c5955ed53c40d06585
  1013. )
  1014. [/settings/controller/checksetupcontroller.php] => Array
  1015. (
  1016. [expected] => 3e1de26ce93c7bfe0ede7c19cb6c93cadc010340225b375607a7178812e9de163179b0dc33809f451e01f491d93f6f5aaca7929685d21594cccf8bda732327c4
  1017. [current] => 09563164f9904a837f9ca0b5f626db56c838e5098e0ccc1d8b935f68fa03a25c5ec6f6b2d9e44a868e8b85764dafd1605522b4af8db0ae269d73432e9a01e63a
  1018. )
  1019. )
  1020. )
  1021. [bookmarks] => Array
  1022. (
  1023. [EXCEPTION] => Array
  1024. (
  1025. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1026. [message] => Signature data not found.
  1027. )
  1028. )
  1029. [dav] => Array
  1030. (
  1031. [EXCEPTION] => Array
  1032. (
  1033. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1034. [message] => Signature data not found.
  1035. )
  1036. )
  1037. [encryption] => Array
  1038. (
  1039. [EXCEPTION] => Array
  1040. (
  1041. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1042. [message] => Signature data not found.
  1043. )
  1044. )
  1045. [external] => Array
  1046. (
  1047. [EXCEPTION] => Array
  1048. (
  1049. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1050. [message] => Signature data not found.
  1051. )
  1052. )
  1053. [federation] => Array
  1054. (
  1055. [EXCEPTION] => Array
  1056. (
  1057. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1058. [message] => Signature data not found.
  1059. )
  1060. )
  1061. [files] => Array
  1062. (
  1063. [EXCEPTION] => Array
  1064. (
  1065. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1066. [message] => Signature data not found.
  1067. )
  1068. )
  1069. [files_antivirus] => Array
  1070. (
  1071. [EXCEPTION] => Array
  1072. (
  1073. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1074. [message] => Signature data not found.
  1075. )
  1076. )
  1077. [files_drop] => Array
  1078. (
  1079. [EXCEPTION] => Array
  1080. (
  1081. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1082. [message] => Signature data not found.
  1083. )
  1084. )
  1085. [files_external] => Array
  1086. (
  1087. [EXCEPTION] => Array
  1088. (
  1089. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1090. [message] => Signature data not found.
  1091. )
  1092. )
  1093. [files_pdfviewer] => Array
  1094. (
  1095. [EXCEPTION] => Array
  1096. (
  1097. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1098. [message] => Signature data not found.
  1099. )
  1100. )
  1101. [files_sharing] => Array
  1102. (
  1103. [EXCEPTION] => Array
  1104. (
  1105. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1106. [message] => Signature data not found.
  1107. )
  1108. )
  1109. [files_trashbin] => Array
  1110. (
  1111. [EXCEPTION] => Array
  1112. (
  1113. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1114. [message] => Signature data not found.
  1115. )
  1116. )
  1117. [files_versions] => Array
  1118. (
  1119. [EXCEPTION] => Array
  1120. (
  1121. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1122. [message] => Signature data not found.
  1123. )
  1124. )
  1125. [files_videoviewer] => Array
  1126. (
  1127. [EXCEPTION] => Array
  1128. (
  1129. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1130. [message] => Signature data not found.
  1131. )
  1132. )
  1133. [firstrunwizard] => Array
  1134. (
  1135. [EXCEPTION] => Array
  1136. (
  1137. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1138. [message] => Signature data not found.
  1139. )
  1140. )
  1141. [gitsmart] => Array
  1142. (
  1143. [EXCEPTION] => Array
  1144. (
  1145. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1146. [message] => Signature data not found.
  1147. )
  1148. )
  1149. [logreader] => Array
  1150. (
  1151. [EXCEPTION] => Array
  1152. (
  1153. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1154. [message] => Signature could not get verified.
  1155. )
  1156. )
  1157. [password_policy] => Array
  1158. (
  1159. [EXCEPTION] => Array
  1160. (
  1161. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1162. [message] => Signature data not found.
  1163. )
  1164. )
  1165. [provisioning_api] => Array
  1166. (
  1167. [EXCEPTION] => Array
  1168. (
  1169. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1170. [message] => Signature data not found.
  1171. )
  1172. )
  1173. [sketch] => Array
  1174. (
  1175. [EXCEPTION] => Array
  1176. (
  1177. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1178. [message] => Signature data not found.
  1179. )
  1180. )
  1181. [threatblock] => Array
  1182. (
  1183. [EXCEPTION] => Array
  1184. (
  1185. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1186. [message] => Signature data not found.
  1187. )
  1188. )
  1189. [two_factor_auth] => Array
  1190. (
  1191. [EXCEPTION] => Array
  1192. (
  1193. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1194. [message] => Signature data not found.
  1195. )
  1196. )
  1197. [user_ldap] => Array
  1198. (
  1199. [EXCEPTION] => Array
  1200. (
  1201. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1202. [message] => Signature data not found.
  1203. )
  1204. )
  1205. [user_shibboleth] => Array
  1206. (
  1207. [EXCEPTION] => Array
  1208. (
  1209. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1210. [message] => Signature data not found.
  1211. )
  1212. )
  1213. )
  1214. ',
  1215. Http::STATUS_OK,
  1216. [
  1217. 'Content-Type' => 'text/plain',
  1218. ]
  1219. );
  1220. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  1221. }
  1222. public function dataForIsMysqlUsedWithoutUTF8MB4() {
  1223. return [
  1224. ['sqlite', false, false],
  1225. ['sqlite', true, false],
  1226. ['postgres', false, false],
  1227. ['postgres', true, false],
  1228. ['oci', false, false],
  1229. ['oci', true, false],
  1230. ['mysql', false, true],
  1231. ['mysql', true, false],
  1232. ];
  1233. }
  1234. /**
  1235. * @dataProvider dataForIsMysqlUsedWithoutUTF8MB4
  1236. */
  1237. public function testIsMysqlUsedWithoutUTF8MB4(string $db, bool $useUTF8MB4, bool $expected) {
  1238. $this->config->method('getSystemValue')
  1239. ->will($this->returnCallback(function($key, $default) use ($db, $useUTF8MB4) {
  1240. if ($key === 'dbtype') {
  1241. return $db;
  1242. }
  1243. if ($key === 'mysql.utf8mb4') {
  1244. return $useUTF8MB4;
  1245. }
  1246. return $default;
  1247. }));
  1248. $checkSetupController = new CheckSetupController(
  1249. 'settings',
  1250. $this->request,
  1251. $this->config,
  1252. $this->clientService,
  1253. $this->urlGenerator,
  1254. $this->util,
  1255. $this->l10n,
  1256. $this->checker,
  1257. $this->logger,
  1258. $this->dispatcher,
  1259. $this->db,
  1260. $this->lockingProvider,
  1261. $this->dateTimeFormatter,
  1262. $this->memoryInfo,
  1263. $this->secureRandom
  1264. );
  1265. $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isMysqlUsedWithoutUTF8MB4'));
  1266. }
  1267. public function dataForIsEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed() {
  1268. return [
  1269. ['singlebucket', 'OC\\Files\\ObjectStore\\Swift', true],
  1270. ['multibucket', 'OC\\Files\\ObjectStore\\Swift', true],
  1271. ['singlebucket', 'OC\\Files\\ObjectStore\\Custom', true],
  1272. ['multibucket', 'OC\Files\\ObjectStore\\Custom', true],
  1273. ['singlebucket', 'OC\Files\ObjectStore\Swift', true],
  1274. ['multibucket', 'OC\Files\ObjectStore\Swift', true],
  1275. ['singlebucket', 'OC\Files\ObjectStore\Custom', true],
  1276. ['multibucket', 'OC\Files\ObjectStore\Custom', true],
  1277. ];
  1278. }
  1279. /**
  1280. * @dataProvider dataForIsEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed
  1281. */
  1282. public function testIsEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(string $mode, string $className, bool $expected) {
  1283. $this->config->method('getSystemValue')
  1284. ->will($this->returnCallback(function($key, $default) use ($mode, $className) {
  1285. if ($key === 'objectstore' && $mode === 'singlebucket') {
  1286. return ['class' => $className];
  1287. }
  1288. if ($key === 'objectstore_multibucket' && $mode === 'multibucket') {
  1289. return ['class' => $className];
  1290. }
  1291. return $default;
  1292. }));
  1293. $checkSetupController = new CheckSetupController(
  1294. 'settings',
  1295. $this->request,
  1296. $this->config,
  1297. $this->clientService,
  1298. $this->urlGenerator,
  1299. $this->util,
  1300. $this->l10n,
  1301. $this->checker,
  1302. $this->logger,
  1303. $this->dispatcher,
  1304. $this->db,
  1305. $this->lockingProvider,
  1306. $this->dateTimeFormatter,
  1307. $this->memoryInfo,
  1308. $this->secureRandom
  1309. );
  1310. $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed'));
  1311. }
  1312. }