nextcloud

upstream/nextcloud

Fork 0

mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Micke Nordin	3b5107bc96	feat(http-sig): OCM Ed25519 keys, JWKS endpoint, http-sig capability OCM dual-stack integration of RFC 9421 alongside the existing cavage publicKey path: - OCMSignatoryManager: Ed25519 active/pending/retiring slot rotation backed by numbered pool appkeys, getRemoteKey for inbound JWK lookup with per-origin cache + cache-miss refetch, and getLocalEd25519Jwks for the JWKS endpoint. - Rfc9421SignatoryManager: per-call wrapper that swaps in the Ed25519 signatory and toggles `rfc9421.format`. - OCMJwksHandler: serves /.well-known/jwks.json (RFC 7517) when signing is enabled. - OCMDiscoveryService: advertises `http-sig` in capabilities when signing is enabled, and picks the signature scheme on outbound based on the remote's advertised capabilities. - Application.php: register the JWKS well-known handler. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Ferdinand Thiessen	e5b1799079	chore: add missing `Override` attribute to test files Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2026-04-28 21:29:28 +02:00
Maxence Lange	6af64a5495	feat(ocm): event on ocm discovery and ocm request Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2026-01-07 17:54:26 -01:00

Micke Nordin

3b5107bc96

feat(http-sig): OCM Ed25519 keys, JWKS endpoint, http-sig capability

OCM dual-stack integration of RFC 9421 alongside the existing cavage
publicKey path:

- OCMSignatoryManager: Ed25519 active/pending/retiring slot rotation
  backed by numbered pool appkeys, getRemoteKey for inbound JWK lookup
  with per-origin cache + cache-miss refetch, and getLocalEd25519Jwks
  for the JWKS endpoint.
- Rfc9421SignatoryManager: per-call wrapper that swaps in the Ed25519
  signatory and toggles `rfc9421.format`.
- OCMJwksHandler: serves /.well-known/jwks.json (RFC 7517) when signing
  is enabled.
- OCMDiscoveryService: advertises `http-sig` in capabilities when
  signing is enabled, and picks the signature scheme on outbound based
  on the remote's advertised capabilities.
- Application.php: register the JWKS well-known handler.

Signed-off-by: Micke Nordin <kano@sunet.se>

2026-05-27 11:03:55 +02:00

Ferdinand Thiessen

e5b1799079

chore: add missing Override attribute to test files

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

2026-04-28 21:29:28 +02:00

Maxence Lange

6af64a5495

feat(ocm): event on ocm discovery and ocm request

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

2026-01-07 17:54:26 -01:00

3 commits