upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-05 00:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 31

Client Certificate Authentication Support

Browse source 
Client Certificate Authentication Support

Signed-off-by: rhclayto <h+github@2milebridge.com>
This commit is contained in:
rhclayto 2026-02-09 20:53:10 -07:00 committed by GitHub
parent d65aa0b7c3
commit 79f5fc157c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
lib/private/Http/Client/Client.php
View file

@ -73,6 +73,14 @@ class Client implements IClient {
$options = array_merge($defaults, $options);
if ($this->isClientAuthenticationEnabled($options)) {
$client_auth_options = [
RequestOptions::CERT => $this->getClientAuthenticationCert($options),
RequestOptions::SSL_KEY => $this->getClientAuthenticationKey($options),
];
$options = array_merge($client_auth_options, $options);
}
if (!isset($options[RequestOptions::HEADERS]['User-Agent'])) {
$userAgent = 'Nextcloud-Server-Crawler/' . $this->serverVersion->getVersionString();
$options[RequestOptions::HEADERS]['User-Agent'] = $userAgent;
@ -109,6 +117,36 @@ class Client implements IClient {
return $this->certificateManager->getAbsoluteBundlePath();
}
private function isClientAuthenticationEnabled(array $options): bool {
if (($options['nextcloud']['client_authentication_enabled'] ?? false) ||
$this->config->getSystemValueBool('client_authentication_enabled', false)) {
return true;
}
return false;
}
private function getClientAuthenticationCert(array $options): ?string {
$clientCert = $this->config->getSystemValueString('internal_client_authentication_cert', \OC::$SERVERROOT . '/config/client_ssl/cert.pem');
if ($clientCert === '') {
return null;
}
return $clientCert;
}
private function getClientAuthenticationKey(array $options) {
$clientKey = $this->config->getSystemValueString('internal_client_authentication_key', \OC::$SERVERROOT . '/config/client_ssl/key.pem');
$clientKeyPass = $this->config->getSystemValueString('internal_client_authentication_key_pass', '<not specified>');
if ($clientKey === '') {
return null;
}
if ($clientKeyPass === '<not specified>') {
return $clientKey;
} else {
return array($clientKey, $clientKeyPass);
}
}
/**
* Returns a null or an associative array specifying the proxy URI for
* 'http' and 'https' schemes, in addition to a 'no' key value pair