The manager itself does not need to know what hardcoded-things an app provides,
instead the apps itself should handle this.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
OCM dual-stack integration of RFC 9421 alongside the existing cavage
publicKey path:
- OCMSignatoryManager: Ed25519 active/pending/retiring slot rotation
backed by numbered pool appkeys, getRemoteKey for inbound JWK lookup
with per-origin cache + cache-miss refetch, and getLocalEd25519Jwks
for the JWKS endpoint.
- Rfc9421SignatoryManager: per-call wrapper that swaps in the Ed25519
signatory and toggles `rfc9421.format`.
- OCMJwksHandler: serves /.well-known/jwks.json (RFC 7517) when signing
is enabled.
- OCMDiscoveryService: advertises `http-sig` in capabilities when
signing is enabled, and picks the signature scheme on outbound based
on the remote's advertised capabilities.
- Application.php: register the JWKS well-known handler.
Signed-off-by: Micke Nordin <kano@sunet.se>
This allows the admin to control the behavior whether link shares with
READ permissions should be extended to also gain SHARE permissions,
allowing users (public share receivers) to add the share to their cloud.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
