chore: Implement administration settings of Certificate Policy

Signed-off-by: Vitor Mattos <vitor@php.rio>

Author: vitormattos

lib/Controller/AdminController.php

@@ -14,6 +14,7 @@
 use OCA\Libresign\Handler\CertificateEngine\IEngineHandler;
 use OCA\Libresign\Helper\ConfigureCheckHelper;
 use OCA\Libresign\ResponseDefinitions;
+use OCA\Libresign\Service\CertificatePolicyService;
 use OCA\Libresign\Service\Install\ConfigureCheckService;
 use OCA\Libresign\Service\Install\InstallService;
 use OCA\Libresign\Service\SignatureBackgroundService;
@@ -51,6 +52,7 @@ public function __construct(
 		private IL10N $l10n,
 		protected ISession $session,
 		private SignatureBackgroundService $signatureBackgroundService,
+		private CertificatePolicyService $certificatePolicyService,
 	) {
 		parent::__construct(Application::APP_ID, $request);
 		$this->eventSource = $this->eventSourceFactory->create();
@@ -525,4 +527,72 @@ public function signerName(
 			);
 		}
 	}
+
+	/**
+	 * Update certificate policy of this instance
+	 *
+	 * @return DataResponse<Http::STATUS_OK, array{status: 'success', url: string}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{status: 'failure', message: string}, array{}>
+	 *
+	 * 200: OK
+	 * 422: Not found
+	 */
+	#[ApiRoute(verb: 'POST', url: '/api/{apiVersion}/admin/certificate-policy', requirements: ['apiVersion' => '(v1)'])]
+	public function saveCertificatePolicy(): DataResponse {
+		$pdf = $this->request->getUploadedFile('pdf');
+		$phpFileUploadErrors = [
+			UPLOAD_ERR_OK => $this->l10n->t('The file was uploaded'),
+			UPLOAD_ERR_INI_SIZE => $this->l10n->t('The uploaded file exceeds the upload_max_filesize directive in php.ini'),
+			UPLOAD_ERR_FORM_SIZE => $this->l10n->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
+			UPLOAD_ERR_PARTIAL => $this->l10n->t('The file was only partially uploaded'),
+			UPLOAD_ERR_NO_FILE => $this->l10n->t('No file was uploaded'),
+			UPLOAD_ERR_NO_TMP_DIR => $this->l10n->t('Missing a temporary folder'),
+			UPLOAD_ERR_CANT_WRITE => $this->l10n->t('Could not write file to disk'),
+			UPLOAD_ERR_EXTENSION => $this->l10n->t('A PHP extension stopped the file upload'),
+		];
+		if (empty($pdf)) {
+			$error = $this->l10n->t('No file uploaded');
+		} elseif (!empty($pdf) && array_key_exists('error', $pdf) && $pdf['error'] !== UPLOAD_ERR_OK) {
+			$error = $phpFileUploadErrors[$pdf['error']];
+		}
+		if ($error !== null) {
+			return new DataResponse(
+				[
+					'message' => $error,
+					'status' => 'failure',
+				],
+				Http::STATUS_UNPROCESSABLE_ENTITY
+			);
+		}
+		try {
+			$url = $this->certificatePolicyService->updateFile($pdf['tmp_name']);
+		} catch (\Exception $e) {
+			return new DataResponse(
+				[
+					'message' => $e->getMessage(),
+					'status' => 'failure',
+				],
+				Http::STATUS_UNPROCESSABLE_ENTITY
+			);
+		}
+		return new DataResponse(
+			[
+				'url' => $url,
+				'status' => 'success',
+			]
+		);
+	}
+
+	/**
+	 * Delete certificate policy of this instance
+	 *
+	 * @return DataResponse<Http::STATUS_OK, array{}, array{}>
+	 *
+	 * 200: OK
+	 * 404: Not found
+	 */
+	#[ApiRoute(verb: 'DELETE', url: '/api/{apiVersion}/admin/certificate-policy', requirements: ['apiVersion' => '(v1)'])]
+	public function deleteCertificatePolicy(): DataResponse {
+		$this->certificatePolicyService->deleteFile();
+		return new DataResponse();
+	}
 }

lib/Controller/CertificatePolicyController.php

@@ -14,77 +14,20 @@
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\AnonRateLimit;
 use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\FileDisplayResponse;
-use OCP\IL10N;
 use OCP\IRequest;
 
 class CertificatePolicyController extends Controller {
 	public function __construct(
 		IRequest $request,
 		private CertificatePolicyService $certificatePolicyService,
-		private IL10N $l10n,
 	) {
 		parent::__construct(Application::APP_ID, $request);
 	}
 
-	/**
-	 * Update certificate policy of this instance
-	 *
-	 * @return DataResponse<Http::STATUS_OK, array{status: 'success'}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{status: 'failure', message: string}, array{}>
-	 *
-	 * 200: OK
-	 * 404: Not found
-	 */
-	#[PublicPage]
-	#[AnonRateLimit(limit: 10, period: 60)]
-	#[FrontpageRoute(verb: 'POST', url: '/certificate-policy.pdf')]
-	public function saveCertificatePolicy(): DataResponse {
-		$pdf = $this->request->getUploadedFile('pdf');
-		$phpFileUploadErrors = [
-			UPLOAD_ERR_OK => $this->l10n->t('The file was uploaded'),
-			UPLOAD_ERR_INI_SIZE => $this->l10n->t('The uploaded file exceeds the upload_max_filesize directive in php.ini'),
-			UPLOAD_ERR_FORM_SIZE => $this->l10n->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
-			UPLOAD_ERR_PARTIAL => $this->l10n->t('The file was only partially uploaded'),
-			UPLOAD_ERR_NO_FILE => $this->l10n->t('No file was uploaded'),
-			UPLOAD_ERR_NO_TMP_DIR => $this->l10n->t('Missing a temporary folder'),
-			UPLOAD_ERR_CANT_WRITE => $this->l10n->t('Could not write file to disk'),
-			UPLOAD_ERR_EXTENSION => $this->l10n->t('A PHP extension stopped the file upload'),
-		];
-		if (empty($pdf)) {
-			$error = $this->l10n->t('No file uploaded');
-		} elseif (!empty($pdf) && array_key_exists('error', $pdf) && $pdf['error'] !== UPLOAD_ERR_OK) {
-			$error = $phpFileUploadErrors[$pdf['error']];
-		}
-		if ($error !== null) {
-			return new DataResponse(
-				[
-					'message' => $error,
-					'status' => 'failure',
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-		try {
-			$this->certificatePolicyService->updateFile($pdf['tmp_name']);
-		} catch (\Exception $e) {
-			return new DataResponse(
-				[
-					'message' => $e->getMessage(),
-					'status' => 'failure',
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		return new DataResponse(
-			[
-				'status' => 'success',
-			]
-		);
-	}
-
 	/**
 	 * Certificate policy of this instance
 	 *
@@ -94,6 +37,7 @@ public function saveCertificatePolicy(): DataResponse {
 	 * 404: Not found
 	 */
 	#[PublicPage]
+	#[NoCSRFRequired]
 	#[AnonRateLimit(limit: 10, period: 60)]
 	#[FrontpageRoute(verb: 'GET', url: '/certificate-policy.pdf')]
 	public function getCertificatePolicy(): FileDisplayResponse {

lib/Service/CertificatePolicyService.php

@@ -11,14 +11,16 @@
 use OCP\Files\IAppData;
 use OCP\Files\NotFoundException;
 use OCP\Files\SimpleFS\ISimpleFile;
+use OCP\IURLGenerator;
 
 class CertificatePolicyService {
 	public function __construct(
 		private IAppData $appData,
+		private IURLGenerator $urlGenerator,
 	) {
 	}
 
-	public function updateFile(string $tmpFile): void {
+	public function updateFile(string $tmpFile): string {
 		$detectedMimeType = mime_content_type($tmpFile);
 		if (!in_array($detectedMimeType, ['application/pdf'], true)) {
 			throw new \Exception('Unsupported image type: ' . $detectedMimeType);
@@ -32,13 +34,30 @@ public function updateFile(string $tmpFile): void {
 			$file = $rootFolder->getFile('certificate-policy.pdf');
 			$file->putContent($blob);
 		}
+		return $this->urlGenerator->linkToRouteAbsolute('libresign.CertificatePolicy.getCertificatePolicy');
 	}
 
 	public function getFile(): ISimpleFile {
 		return $this->appData->getFolder('/')->getFile('certificate-policy.pdf');
 	}
 
 	public function deleteFile(): void {
-		$this->appData->getFolder('/')->getFile('certificate-policy.pdf')->delete();
+		try {
+			$this->appData->getFolder('/')->getFile('certificate-policy.pdf')->delete();
+		} catch (NotFoundException $e) {
+		}
+	}
+
+	public function getOid(): string {
+		return '';
+	}
+
+	public function getUrl(): string {
+		try {
+			$this->getFile();
+		} catch (NotFoundException $e) {
+			return '';
+		}
+		return $this->urlGenerator->linkToRouteAbsolute('libresign.CertificatePolicy.getCertificatePolicy');
 	}
 }

lib/Settings/Admin.php

@@ -11,6 +11,7 @@
 use OCA\Libresign\AppInfo\Application;
 use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
+use OCA\Libresign\Service\CertificatePolicyService;
 use OCA\Libresign\Service\IdentifyMethodService;
 use OCA\Libresign\Service\SignatureBackgroundService;
 use OCA\Libresign\Service\SignatureTextService;
@@ -25,6 +26,7 @@ public function __construct(
 		private IInitialState $initialState,
 		private IdentifyMethodService $identifyMethodService,
 		private CertificateEngineFactory $certificateEngineFactory,
+		private CertificatePolicyService $certificatePolicyService,
 		private IAppConfig $appConfig,
 		private SignatureTextService $signatureTextService,
 		private SignatureBackgroundService $signatureBackgroundService,
@@ -40,6 +42,8 @@ public function getForm(): TemplateResponse {
 			$this->initialState->provideInitialState('signature_text_template_error', $e->getMessage());
 		}
 		$this->initialState->provideInitialState('certificate_engine', $this->certificateEngineFactory->getEngine()->getName());
+		$this->initialState->provideInitialState('certificate_policies_oid', $this->certificatePolicyService->getOid());
+		$this->initialState->provideInitialState('certificate_policies_url', $this->certificatePolicyService->getUrl());
 		$this->initialState->provideInitialState('config_path', $this->appConfig->getValueString(Application::APP_ID, 'config_path'));
 		$this->initialState->provideInitialState('default_signature_font_size', SignatureTextService::SIGNATURE_DEFAULT_FONT_SIZE);
 		$this->initialState->provideInitialState('default_signature_height', SignatureTextService::DEFAULT_SIGNATURE_HEIGHT);