Skip to content

Commit 12c0858

Browse files
ArtificialOwlArtificialOwl
committed
fix(ocm): simpler code
Signed-off-by: Maxence Lange <[email protected]>
1 parent 06e35dc commit 12c0858

18 files changed

+525
-538
lines changed

apps/cloud_federation_api/lib/Controller/RequestHandlerController.php

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -336,8 +336,11 @@ private function mapUid($uid) {
336336
*/
337337
private function getSignedRequest(): ?IIncomingSignedRequest {
338338
try {
339-
return $this->signatureManager->getIncomingSignedRequest($this->signatoryManager);
339+
$signedRequest = $this->signatureManager->getIncomingSignedRequest($this->signatoryManager);
340+
$this->logger->debug('signed request available', ['signedRequest' => $signedRequest]);
341+
return $signedRequest;
340342
} catch (SignatureNotFoundException|SignatoryNotFoundException $e) {
343+
$this->logger->debug('remote does not support signed request', ['exception' => $e]);
341344
// remote does not support signed request.
342345
// currently we still accept unsigned request until lazy appconfig
343346
// core.enforce_signed_ocm_request is set to true (default: false)
@@ -346,7 +349,7 @@ private function getSignedRequest(): ?IIncomingSignedRequest {
346349
throw new IncomingRequestException('Unsigned request');
347350
}
348351
} catch (SignatureException $e) {
349-
$this->logger->notice('wrongly signed request', ['exception' => $e]);
352+
$this->logger->warning('wrongly signed request', ['exception' => $e]);
350353
throw new IncomingRequestException('Invalid signature');
351354
}
352355
return null;
@@ -406,10 +409,17 @@ private function confirmShareOrigin(?IIncomingSignedRequest $signedRequest, stri
406409
$share = $provider->getShareByToken($token);
407410
try {
408411
$this->confirmShareEntry($signedRequest, $share->getSharedWith());
409-
} catch (IncomingRequestException) {
412+
} catch (IncomingRequestException $e) {
410413
// notification might come from the instance that owns the share
411-
$this->logger->debug('could not confirm origin on sharedWith (' . $share->getSharedWIth() . '); going with shareOwner (' . $share->getShareOwner() . ')');
412-
$this->confirmShareEntry($signedRequest, $share->getShareOwner());
414+
$this->logger->debug('could not confirm origin on sharedWith (' . $share->getSharedWIth() . '); going with shareOwner (' . $share->getShareOwner() . ')', ['exception' => $e]);
415+
try {
416+
$this->confirmShareEntry($signedRequest, $share->getShareOwner());
417+
} catch (IncomingRequestException $f) {
418+
// if both entry are failing, we log first exception as warning and second exception
419+
// will be logged as warning by the controller
420+
$this->logger->warning('could not confirm origin on sharedWith (' . $share->getSharedWIth() . '); going with shareOwner (' . $share->getShareOwner() . ')', ['exception' => $e]);
421+
throw $f;
422+
}
413423
}
414424
}
415425

lib/composer/composer/autoload_classmap.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,25 @@
1212
'NCU\\Config\\Exceptions\\UnknownKeyException' => $baseDir . '/lib/unstable/Config/Exceptions/UnknownKeyException.php',
1313
'NCU\\Config\\IUserConfig' => $baseDir . '/lib/unstable/Config/IUserConfig.php',
1414
'NCU\\Config\\ValueType' => $baseDir . '/lib/unstable/Config/ValueType.php',
15+
'NCU\\Security\\Signature\\Exceptions\\IdentityNotFoundException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/IdentityNotFoundException.php',
16+
'NCU\\Security\\Signature\\Exceptions\\IncomingRequestException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/IncomingRequestException.php',
17+
'NCU\\Security\\Signature\\Exceptions\\InvalidKeyOriginException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/InvalidKeyOriginException.php',
18+
'NCU\\Security\\Signature\\Exceptions\\InvalidSignatureException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/InvalidSignatureException.php',
19+
'NCU\\Security\\Signature\\Exceptions\\SignatoryConflictException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatoryConflictException.php',
20+
'NCU\\Security\\Signature\\Exceptions\\SignatoryException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatoryException.php',
21+
'NCU\\Security\\Signature\\Exceptions\\SignatoryNotFoundException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatoryNotFoundException.php',
22+
'NCU\\Security\\Signature\\Exceptions\\SignatureElementNotFoundException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatureElementNotFoundException.php',
23+
'NCU\\Security\\Signature\\Exceptions\\SignatureException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatureException.php',
24+
'NCU\\Security\\Signature\\Exceptions\\SignatureNotFoundException' => $baseDir . '/lib/unstable/Security/Signature/Exceptions/SignatureNotFoundException.php',
25+
'NCU\\Security\\Signature\\ISignatoryManager' => $baseDir . '/lib/unstable/Security/Signature/ISignatoryManager.php',
26+
'NCU\\Security\\Signature\\ISignatureManager' => $baseDir . '/lib/unstable/Security/Signature/ISignatureManager.php',
27+
'NCU\\Security\\Signature\\Model\\IIncomingSignedRequest' => $baseDir . '/lib/unstable/Security/Signature/Model/IIncomingSignedRequest.php',
28+
'NCU\\Security\\Signature\\Model\\IOutgoingSignedRequest' => $baseDir . '/lib/unstable/Security/Signature/Model/IOutgoingSignedRequest.php',
29+
'NCU\\Security\\Signature\\Model\\ISignatory' => $baseDir . '/lib/unstable/Security/Signature/Model/ISignatory.php',
30+
'NCU\\Security\\Signature\\Model\\ISignedRequest' => $baseDir . '/lib/unstable/Security/Signature/Model/ISignedRequest.php',
31+
'NCU\\Security\\Signature\\Model\\SignatoryStatus' => $baseDir . '/lib/unstable/Security/Signature/Model/SignatoryStatus.php',
32+
'NCU\\Security\\Signature\\Model\\SignatoryType' => $baseDir . '/lib/unstable/Security/Signature/Model/SignatoryType.php',
33+
'NCU\\Security\\Signature\\SignatureAlgorithm' => $baseDir . '/lib/unstable/Security/Signature/SignatureAlgorithm.php',
1534
'OCP\\Accounts\\IAccount' => $baseDir . '/lib/public/Accounts/IAccount.php',
1635
'OCP\\Accounts\\IAccountManager' => $baseDir . '/lib/public/Accounts/IAccountManager.php',
1736
'OCP\\Accounts\\IAccountProperty' => $baseDir . '/lib/public/Accounts/IAccountProperty.php',
@@ -1393,6 +1412,8 @@
13931412
'OC\\Core\\Migrations\\Version30000Date20240814180800' => $baseDir . '/core/Migrations/Version30000Date20240814180800.php',
13941413
'OC\\Core\\Migrations\\Version30000Date20240815080800' => $baseDir . '/core/Migrations/Version30000Date20240815080800.php',
13951414
'OC\\Core\\Migrations\\Version30000Date20240906095113' => $baseDir . '/core/Migrations/Version30000Date20240906095113.php',
1415+
'OC\\Core\\Migrations\\Version31000Date20240101084401' => $baseDir . '/core/Migrations/Version31000Date20240101084401.php',
1416+
'OC\\Core\\Migrations\\Version31000Date20240814184402' => $baseDir . '/core/Migrations/Version31000Date20240814184402.php',
13961417
'OC\\Core\\Migrations\\Version31000Date20241018063111' => $baseDir . '/core/Migrations/Version31000Date20241018063111.php',
13971418
'OC\\Core\\Notification\\CoreNotifier' => $baseDir . '/core/Notification/CoreNotifier.php',
13981419
'OC\\Core\\ResponseDefinitions' => $baseDir . '/core/ResponseDefinitions.php',

lib/composer/composer/autoload_static.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,25 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
5353
'NCU\\Config\\Exceptions\\UnknownKeyException' => __DIR__ . '/../../..' . '/lib/unstable/Config/Exceptions/UnknownKeyException.php',
5454
'NCU\\Config\\IUserConfig' => __DIR__ . '/../../..' . '/lib/unstable/Config/IUserConfig.php',
5555
'NCU\\Config\\ValueType' => __DIR__ . '/../../..' . '/lib/unstable/Config/ValueType.php',
56+
'NCU\\Security\\Signature\\Exceptions\\IdentityNotFoundException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/IdentityNotFoundException.php',
57+
'NCU\\Security\\Signature\\Exceptions\\IncomingRequestException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/IncomingRequestException.php',
58+
'NCU\\Security\\Signature\\Exceptions\\InvalidKeyOriginException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/InvalidKeyOriginException.php',
59+
'NCU\\Security\\Signature\\Exceptions\\InvalidSignatureException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/InvalidSignatureException.php',
60+
'NCU\\Security\\Signature\\Exceptions\\SignatoryConflictException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatoryConflictException.php',
61+
'NCU\\Security\\Signature\\Exceptions\\SignatoryException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatoryException.php',
62+
'NCU\\Security\\Signature\\Exceptions\\SignatoryNotFoundException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatoryNotFoundException.php',
63+
'NCU\\Security\\Signature\\Exceptions\\SignatureElementNotFoundException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatureElementNotFoundException.php',
64+
'NCU\\Security\\Signature\\Exceptions\\SignatureException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatureException.php',
65+
'NCU\\Security\\Signature\\Exceptions\\SignatureNotFoundException' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Exceptions/SignatureNotFoundException.php',
66+
'NCU\\Security\\Signature\\ISignatoryManager' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/ISignatoryManager.php',
67+
'NCU\\Security\\Signature\\ISignatureManager' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/ISignatureManager.php',
68+
'NCU\\Security\\Signature\\Model\\IIncomingSignedRequest' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/IIncomingSignedRequest.php',
69+
'NCU\\Security\\Signature\\Model\\IOutgoingSignedRequest' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/IOutgoingSignedRequest.php',
70+
'NCU\\Security\\Signature\\Model\\ISignatory' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/ISignatory.php',
71+
'NCU\\Security\\Signature\\Model\\ISignedRequest' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/ISignedRequest.php',
72+
'NCU\\Security\\Signature\\Model\\SignatoryStatus' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/SignatoryStatus.php',
73+
'NCU\\Security\\Signature\\Model\\SignatoryType' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/Model/SignatoryType.php',
74+
'NCU\\Security\\Signature\\SignatureAlgorithm' => __DIR__ . '/../../..' . '/lib/unstable/Security/Signature/SignatureAlgorithm.php',
5675
'OCP\\Accounts\\IAccount' => __DIR__ . '/../../..' . '/lib/public/Accounts/IAccount.php',
5776
'OCP\\Accounts\\IAccountManager' => __DIR__ . '/../../..' . '/lib/public/Accounts/IAccountManager.php',
5877
'OCP\\Accounts\\IAccountProperty' => __DIR__ . '/../../..' . '/lib/public/Accounts/IAccountProperty.php',
@@ -1434,6 +1453,8 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
14341453
'OC\\Core\\Migrations\\Version30000Date20240814180800' => __DIR__ . '/../../..' . '/core/Migrations/Version30000Date20240814180800.php',
14351454
'OC\\Core\\Migrations\\Version30000Date20240815080800' => __DIR__ . '/../../..' . '/core/Migrations/Version30000Date20240815080800.php',
14361455
'OC\\Core\\Migrations\\Version30000Date20240906095113' => __DIR__ . '/../../..' . '/core/Migrations/Version30000Date20240906095113.php',
1456+
'OC\\Core\\Migrations\\Version31000Date20240101084401' => __DIR__ . '/../../..' . '/core/Migrations/Version31000Date20240101084401.php',
1457+
'OC\\Core\\Migrations\\Version31000Date20240814184402' => __DIR__ . '/../../..' . '/core/Migrations/Version31000Date20240814184402.php',
14371458
'OC\\Core\\Migrations\\Version31000Date20241018063111' => __DIR__ . '/../../..' . '/core/Migrations/Version31000Date20241018063111.php',
14381459
'OC\\Core\\Notification\\CoreNotifier' => __DIR__ . '/../../..' . '/core/Notification/CoreNotifier.php',
14391460
'OC\\Core\\ResponseDefinitions' => __DIR__ . '/../../..' . '/core/ResponseDefinitions.php',

lib/private/Federation/CloudFederationProviderManager.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,12 @@ private function postOcmPayload(string $cloudId, string $uri, string $payload, ?
226226
*/
227227
private function prepareOcmPayload(string $uri, string $payload): array {
228228
$payload = array_merge($this->getDefaultRequestOptions(), ['body' => $payload]);
229+
230+
if ($this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_ENFORCED, lazy: true) &&
231+
$this->signatoryManager->getRemoteSignatory($this->signatureManager->extractIdentityFromUri($uri)) === null) {
232+
return $payload;
233+
}
234+
229235
if (!$this->appConfig->getValueBool('core', OCMSignatoryManager::APPCONFIG_SIGN_DISABLED, lazy: true)) {
230236
$signedPayload = $this->signatureManager->signOutgoingRequestIClientPayload(
231237
$this->signatoryManager,

lib/private/OCM/OCMSignatoryManager.php

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,19 +6,20 @@
66
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
77
* SPDX-License-Identifier: AGPL-3.0-or-later
88
*/
9+
910
namespace OC\OCM;
1011

1112
use NCU\Security\Signature\Exceptions\IdentityNotFoundException;
1213
use NCU\Security\Signature\ISignatoryManager;
1314
use NCU\Security\Signature\ISignatureManager;
14-
use NCU\Security\Signature\Model\IIncomingSignedRequest;
1515
use NCU\Security\Signature\Model\ISignatory;
1616
use NCU\Security\Signature\Model\SignatoryType;
1717
use OC\Security\IdentityProof\Manager;
1818
use OC\Security\Signature\Model\Signatory;
1919
use OCP\IAppConfig;
2020
use OCP\IURLGenerator;
2121
use OCP\OCM\Exceptions\OCMProviderException;
22+
use Psr\Log\LoggerInterface;
2223

2324
/**
2425
* @inheritDoc
@@ -40,14 +41,15 @@ public function __construct(
4041
private readonly IURLGenerator $urlGenerator,
4142
private readonly Manager $identityProofManager,
4243
private readonly OCMDiscoveryService $ocmDiscoveryService,
44+
private readonly LoggerInterface $logger,
4345
) {
4446
}
4547

4648
/**
4749
* @inheritDoc
4850
*
49-
* @since 31.0.0
5051
* @return string
52+
* @since 31.0.0
5153
*/
5254
public function getProviderId(): string {
5355
return self::PROVIDER_ID;
@@ -56,8 +58,8 @@ public function getProviderId(): string {
5658
/**
5759
* @inheritDoc
5860
*
59-
* @since 31.0.0
6061
* @return array
62+
* @since 31.0.0
6163
*/
6264
public function getOptions(): array {
6365
return [];
@@ -121,14 +123,18 @@ private function generateKeyId(): string {
121123
/**
122124
* @inheritDoc
123125
*
124-
* @param IIncomingSignedRequest $signedRequest
126+
* @param string $remote
125127
*
126128
* @return ISignatory|null must be NULL if no signatory is found
127-
* @throws OCMProviderException on fail to discover ocm services
128129
* @since 31.0.0
129130
*/
130-
public function getRemoteSignatory(IIncomingSignedRequest $signedRequest): ?ISignatory {
131-
return $this->getRemoteSignatoryFromHost($signedRequest->getOrigin());
131+
public function getRemoteSignatory(string $remote): ?ISignatory {
132+
try {
133+
return $this->getRemoteSignatoryFromHost($remote);
134+
} catch (OCMProviderException $e) {
135+
$this->logger->warning('fail to get remote signatory', ['exception' => $e, 'remote' => $remote]);
136+
return null;
137+
}
132138
}
133139

134140
/**

0 commit comments

Comments
 (0)