From 6c7931b8466a377eef5e8be36d50e7cd20cda045 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Mon, 10 Jun 2024 16:34:15 +0200
Subject: [PATCH] fix(webhooks): Add Nextcloud certificate bundle to client
 options
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This way importing a certificate with occ security:certificate:import
 will allow to use it for webhooks.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 apps/webhooks/lib/BackgroundJobs/WebhookCall.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/apps/webhooks/lib/BackgroundJobs/WebhookCall.php b/apps/webhooks/lib/BackgroundJobs/WebhookCall.php
index 1d5eeafdc75..4edc76fbea9 100644
--- a/apps/webhooks/lib/BackgroundJobs/WebhookCall.php
+++ b/apps/webhooks/lib/BackgroundJobs/WebhookCall.php
@@ -14,11 +14,13 @@ use OCA\Webhooks\Db\WebhookListenerMapper;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\BackgroundJob\QueuedJob;
 use OCP\Http\Client\IClientService;
+use OCP\ICertificateManager;
 use Psr\Log\LoggerInterface;
 
 class WebhookCall extends QueuedJob {
 	public function __construct(
 		private IClientService $clientService,
+		private ICertificateManager $certificateManager,
 		private WebhookListenerMapper $mapper,
 		private LoggerInterface $logger,
 		ITimeFactory $timeFactory,
@@ -30,9 +32,11 @@ class WebhookCall extends QueuedJob {
 		[$data, $webhookId] = $argument;
 		$webhookListener = $this->mapper->getById($webhookId);
 		$client = $this->clientService->newClient();
-		$options = [];
-		$options['body'] = json_encode($data);
-		$options['headers'] = $webhookListener->getHeaders() ?? [];
+		$options = [
+			'verify' => $this->certificateManager->getAbsoluteBundlePath(),
+			'headers' => $webhookListener->getHeaders() ?? [],
+			'body' => json_encode($data),
+		];
 		try {
 			switch ($webhookListener->getAuthMethodEnum()) {
 				case AuthMethod::None: