upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-21 22:27:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 40

Merge pull request #31574 from nextcloud/s3-crt-bundle

Browse source 
use the nextcloud certificate bundle for s3
This commit is contained in:
Robin Appelman 2022-03-17 13:56:19 +00:00 committed by GitHub
commit bf48c0b1b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/private/Files/ObjectStore/S3.php
View file

@ -30,6 +30,7 @@ class S3 implements IObjectStore {
use S3ObjectTrait;
public function __construct($parameters) {
$parameters['primary_storage'] = true;
$this->parseParams($parameters);
}

13
lib/private/Files/ObjectStore/S3ConnectionTrait.php
View file

@ -38,6 +38,7 @@ use Aws\S3\Exception\S3Exception;
use Aws\S3\S3Client;
use GuzzleHttp\Promise;
use GuzzleHttp\Promise\RejectedPromise;
use OCP\ICertificateManager;
use OCP\ILogger;
trait S3ConnectionTrait {
@ -120,6 +121,15 @@ trait S3ConnectionTrait {
)
);
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
if (!isset($this->params['primary_storage'])) {
/** @var ICertificateManager $certManager */
$certManager = \OC::$server->get(ICertificateManager::class);
$certPath = $certManager->getAbsoluteBundlePath();
} else {
$certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
$options = [
'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
'credentials' => $provider,
@ -129,9 +139,10 @@ trait S3ConnectionTrait {
'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
'csm' => false,
'use_arn_region' => false,
'http' => ['verify' => $certPath],
];
if ($this->getProxy()) {
$options['http'] = [ 'proxy' => $this->getProxy() ];
$options['http']['proxy'] = $this->getProxy();
}
if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) {
$options['signature_version'] = 'v2';

18
lib/private/Security/CertificateManager.php
View file

@ -240,15 +240,19 @@ class CertificateManager implements ICertificateManager {
* @return string
*/
public function getAbsoluteBundlePath(): string {
if (!$this->hasCertificates()) {
try {
if (!$this->hasCertificates()) {
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
if ($this->needsRebundling()) {
$this->createCertificateBundle();
}
return $this->view->getLocalFile($this->getCertificateBundle());
} catch (\Exception $e) {
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
if ($this->needsRebundling()) {
$this->createCertificateBundle();
}
return $this->view->getLocalFile($this->getCertificateBundle());
}
/**