fix(files_sharing): respect config to skip certificate verification

This is important especially for local development, as certificate are
self-signed.

Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>

Author: salmart-dev

apps/files_sharing/lib/AppInfo/Application.php

@@ -52,6 +52,7 @@
 use OCP\Group\Events\GroupDeletedEvent;
 use OCP\Group\Events\UserAddedEvent;
 use OCP\Group\Events\UserRemovedEvent;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IGroup;
 use OCP\Share\Events\BeforeShareDeletedEvent;
@@ -77,7 +78,8 @@ public function register(IRegistrationContext $context): void {
 				function () use ($c) {
 					return $c->get(Manager::class);
 				},
-				$c->get(ICloudIdManager::class)
+				$c->get(ICloudIdManager::class),
+				$c->get(IConfig::class),
 			);
 		});
 

apps/files_sharing/lib/External/Manager.php

@@ -26,6 +26,7 @@
 use OCP\Files\Storage\IStorageFactory;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IGroup;
 use OCP\IGroupManager;
@@ -56,6 +57,7 @@ public function __construct(
 		private ISetupManager $setupManager,
 		private ICertificateManager $certificateManager,
 		private ExternalShareMapper $externalShareMapper,
+		private IConfig $config,
 	) {
 		$this->user = $userSession->getUser();
 	}
@@ -113,6 +115,7 @@ public function addShare(ExternalShare $externalShare, IUser|IGroup|null $shareW
 			'password' => $externalShare->getPassword(),
 			'mountpoint' => $externalShare->getMountpoint(),
 			'owner' => $externalShare->getOwner(),
+			'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'),
 		];
 		return $this->mountShare($options, $user);
 	}

apps/files_sharing/lib/External/MountProvider.php

@@ -17,6 +17,7 @@
 use OCP\Files\Storage\IStorageFactory;
 use OCP\Http\Client\IClientService;
 use OCP\ICertificateManager;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IUser;
 use OCP\Server;
@@ -37,6 +38,7 @@ public function __construct(
 		private readonly IDBConnection $connection,
 		callable $managerProvider,
 		private readonly ICloudIdManager $cloudIdManager,
+		private IConfig $config,
 	) {
 		$this->managerProvider = $managerProvider;
 	}
@@ -50,6 +52,7 @@ private function getMount(IUser $user, array $data, IStorageFactory $storageFact
 		$data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']);
 		$data['certificateManager'] = Server::get(ICertificateManager::class);
 		$data['HttpClientService'] = Server::get(IClientService::class);
+		$data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates');
 
 		return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory);
 	}

apps/files_sharing/tests/External/ManagerTest.php

@@ -30,6 +30,7 @@
 use OCP\Http\Client\IResponse;
 use OCP\ICacheFactory;
 use OCP\ICertificateManager;
+use OCP\IConfig;
 use OCP\IDBConnection;
 use OCP\IGroup;
 use OCP\IGroupManager;
@@ -71,6 +72,7 @@ class ManagerTest extends TestCase {
 	protected ISetupManager&MockObject $setupManager;
 	protected ICertificateManager&MockObject $certificateManager;
 	private ExternalShareMapper $externalShareMapper;
+	private IConfig $config;
 
 	protected function setUp(): void {
 		parent::setUp();
@@ -81,6 +83,7 @@ protected function setUp(): void {
 			->disableOriginalConstructor()->getMock();
 		$this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class);
 		$this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class);
+		$this->config = $this->createMock(IConfig::class);
 		$this->groupManager = $this->createMock(IGroupManager::class);
 		$this->userManager = $this->createMock(IUserManager::class);
 		$this->eventDispatcher = $this->createMock(IEventDispatcher::class);
@@ -119,7 +122,7 @@ protected function setUp(): void {
 			$this->contactsManager,
 			$this->createMock(IURLGenerator::class),
 			$this->userManager,
-		));
+		), $this->config);
 
 		$this->group1 = $this->createMock(IGroup::class);
 		$this->group1->expects($this->any())->method('getGID')->willReturn('group1');
@@ -169,6 +172,7 @@ private function createManagerForUser(IUser $user): Manager&MockObject {
 					$this->setupManager,
 					$this->certificateManager,
 					$this->externalShareMapper,
+					$this->config,
 				]
 			)->onlyMethods(['tryOCMEndPoint'])->getMock();
 	}

lib/private/Files/Storage/DAV.php

@@ -54,6 +54,7 @@ class DAV extends Common {
 	protected $host;
 	/** @var bool */
 	protected $secure;
+	protected bool $verify;
 	/** @var string */
 	protected $root;
 	/** @var string */
@@ -108,12 +109,14 @@ public function __construct(array $parameters) {
 				$this->authType = $parameters['authType'];
 			}
 			if (isset($parameters['secure'])) {
+				$this->verify = $parameters['verify'] ?? true;
 				if (is_string($parameters['secure'])) {
 					$this->secure = ($parameters['secure'] === 'true');
 				} else {
 					$this->secure = (bool)$parameters['secure'];
 				}
 			} else {
+				$this->verify = false;
 				$this->secure = false;
 			}
 			if ($this->secure === true) {
@@ -157,6 +160,9 @@ protected function init(): void {
 		$this->client->setThrowExceptions(true);
 
 		if ($this->secure === true) {
+			if ($this->verify === false) {
+				$this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false);
+			}
 			$certPath = $this->certManager->getAbsoluteBundlePath();
 			if (file_exists($certPath)) {
 				$this->certPath = $certPath;
@@ -363,7 +369,8 @@ public function fopen(string $path, string $mode) {
 							'auth' => [$this->user, $this->password],
 							'stream' => true,
 							// set download timeout for users with slow connections or large files
-							'timeout' => $this->timeout
+							'timeout' => $this->timeout,
+							'verify' => $this->verify,
 						]);
 				} catch (\GuzzleHttp\Exception\ClientException $e) {
 					if ($e->getResponse() instanceof ResponseInterface
@@ -513,7 +520,8 @@ protected function uploadFile(string $path, string $target): void {
 				'body' => $source,
 				'auth' => [$this->user, $this->password],
 				// set upload timeout for users with slow connections or large files
-				'timeout' => $this->timeout
+				'timeout' => $this->timeout,
+				'verify' => $this->verify,
 			]);
 
 		$this->removeCachedFile($target);