mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
change private/public key names for consistency reasons
This commit is contained in:
Bjoern Schiessle
parent
266f1a2afa
commit
a90606fb14
11 changed files with 204 additions and 228 deletions
|
|
@ -55,16 +55,15 @@ $proxyStatus = \OC_FileProxy::$enabled;
|
|||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$keyId = $util->getRecoveryKeyId();
|
||||
$keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
|
||||
|
||||
$encryptedRecoveryKey = $view->file_get_contents($keyPath);
|
||||
$decryptedRecoveryKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword);
|
||||
$encryptedRecoveryKey = Encryption\Keymanager::getPrivateSystemKey($keyId);
|
||||
$decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false;
|
||||
|
||||
if ($decryptedRecoveryKey) {
|
||||
$cipher = \OCA\Encryption\Helper::getCipher();
|
||||
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher);
|
||||
if ($encryptedKey) {
|
||||
\OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId . '.private.key');
|
||||
\OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId);
|
||||
$return = true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,10 +36,8 @@ if ($passwordCorrect !== false) {
|
|||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key';
|
||||
|
||||
$encryptedKey = $view->file_get_contents($keyPath);
|
||||
$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
|
||||
$encryptedKey = Encryption\Keymanager::getPrivateKey($view, $user);
|
||||
$decryptedKey = $encryptedKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false;
|
||||
|
||||
if ($decryptedKey) {
|
||||
$cipher = \OCA\Encryption\Helper::getCipher();
|
||||
|
|
|
|||
|
|
@ -152,18 +152,7 @@ class Hooks {
|
|||
public static function postDeleteUser($params) {
|
||||
|
||||
if (\OCP\App::isEnabled('files_encryption')) {
|
||||
$view = new \OC\Files\View('/');
|
||||
|
||||
// cleanup public key
|
||||
$publicKey = '/public-keys/' . $params['uid'] . '.public.key';
|
||||
|
||||
// Disable encryption proxy to prevent recursive calls
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$view->unlink($publicKey);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
Keymanager::deletePublicKey(new \OC\Files\View(), $params['uid']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -244,7 +233,7 @@ class Hooks {
|
|||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// Save public key
|
||||
$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
|
||||
Keymanager::setPublicKey($keypair['publicKey'], $user);
|
||||
|
||||
// Encrypt private key with new password
|
||||
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword, Helper::getCipher());
|
||||
|
|
@ -292,7 +281,7 @@ class Hooks {
|
|||
|
||||
$l = new \OC_L10N('files_encryption');
|
||||
$users = array();
|
||||
$view = new \OC\Files\View('/public-keys/');
|
||||
$view = new \OC\Files\View('/');
|
||||
|
||||
switch ($params['shareType']) {
|
||||
case \OCP\Share::SHARE_TYPE_USER:
|
||||
|
|
@ -305,7 +294,7 @@ class Hooks {
|
|||
|
||||
$notConfigured = array();
|
||||
foreach ($users as $user) {
|
||||
if (!$view->file_exists($user . '.public.key')) {
|
||||
if (!Keymanager::publicKeyExists($view, $user)) {
|
||||
$notConfigured[] = $user;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
* License alon with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
|
|
@ -107,6 +107,25 @@ class Helper {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* get recovery key id
|
||||
*
|
||||
* @return string|bool recovery key ID or false
|
||||
*/
|
||||
public static function getRecoveryKeyId() {
|
||||
$appConfig = \OC::$server->getAppConfig();
|
||||
$key = $appConfig->getValue('files_encryption', 'recoveryKeyId');
|
||||
|
||||
return ($key === null) ? false : $key;
|
||||
}
|
||||
|
||||
public static function getPublicShareKeyId() {
|
||||
$appConfig = \OC::$server->getAppConfig();
|
||||
$key = $appConfig->getValue('files_encryption', 'publicShareKeyId');
|
||||
|
||||
return ($key === null) ? false : $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* enable recovery
|
||||
*
|
||||
|
|
@ -126,38 +145,22 @@ class Helper {
|
|||
$appConfig->setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
|
||||
}
|
||||
|
||||
if (!$view->is_dir('/owncloud_private_key')) {
|
||||
$view->mkdir('/owncloud_private_key');
|
||||
}
|
||||
|
||||
if (
|
||||
(!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
|
||||
|| !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
|
||||
) {
|
||||
if (!Keymanager::recoveryKeyExists($view)) {
|
||||
|
||||
$keypair = \OCA\Encryption\Crypt::createKeypair();
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// Save public key
|
||||
|
||||
if (!$view->is_dir('/public-keys')) {
|
||||
$view->mkdir('/public-keys');
|
||||
}
|
||||
|
||||
$view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
|
||||
Keymanager::setPublicKey($keypair['publicKey'], $recoveryKeyId);
|
||||
|
||||
$cipher = \OCA\Encryption\Helper::getCipher();
|
||||
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword, $cipher);
|
||||
if ($encryptedKey) {
|
||||
Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId . '.private.key');
|
||||
Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId);
|
||||
// Set recoveryAdmin as enabled
|
||||
$appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1);
|
||||
$return = true;
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = true;
|
||||
|
||||
} else { // get recovery key and check the password
|
||||
$util = new \OCA\Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser());
|
||||
$return = $util->checkRecoveryPassword($recoveryPassword);
|
||||
|
|
|
|||
|
|
@ -33,6 +33,48 @@ class Keymanager {
|
|||
// base dir where all the file related keys are stored
|
||||
const KEYS_BASE_DIR = '/files_encryption/keys/';
|
||||
|
||||
/**
|
||||
* read key from hard disk
|
||||
*
|
||||
* @param string $path to key
|
||||
* @return string|bool either the key or false
|
||||
*/
|
||||
private static function getKey($path, $view) {
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$key = false;
|
||||
if ($view->file_exists($path)) {
|
||||
$key = $view->file_get_contents($path);
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* write key to disk
|
||||
*
|
||||
*
|
||||
* @param string $path path to key directory
|
||||
* @param string $name key name
|
||||
* @param string $key key
|
||||
* @param \OC\Files\View $view
|
||||
* @return bool
|
||||
*/
|
||||
private static function setKey($path, $name, $key, $view) {
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
self::keySetPreparation($view, $path);
|
||||
$result = $view->file_put_contents($path . '/' . $name, $key);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
return (is_int($result) && $result > 0) ? true : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* retrieve the ENCRYPTED private key from a user
|
||||
*
|
||||
|
|
@ -42,15 +84,8 @@ class Keymanager {
|
|||
* @note the key returned by this method must be decrypted before use
|
||||
*/
|
||||
public static function getPrivateKey(\OC\Files\View $view, $user) {
|
||||
|
||||
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key';
|
||||
$key = false;
|
||||
|
||||
if ($view->file_exists($path)) {
|
||||
$key = $view->file_get_contents($path);
|
||||
}
|
||||
|
||||
return $key;
|
||||
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.privateKey';
|
||||
return self::getKey($path, $view);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -60,11 +95,8 @@ class Keymanager {
|
|||
* @return string public key or false
|
||||
*/
|
||||
public static function getPublicKey(\OC\Files\View $view, $userId) {
|
||||
|
||||
$result = $view->file_get_contents('/public-keys/' . $userId . '.public.key');
|
||||
|
||||
return $result;
|
||||
|
||||
$path = '/public-keys/' . $userId . '.publicKey';
|
||||
return self::getKey($path, $view);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -91,7 +123,6 @@ class Keymanager {
|
|||
public static function getPublicKeys(\OC\Files\View $view, array $userIds) {
|
||||
|
||||
$keys = array();
|
||||
|
||||
foreach ($userIds as $userId) {
|
||||
$keys[$userId] = self::getPublicKey($view, $userId);
|
||||
}
|
||||
|
|
@ -112,15 +143,8 @@ class Keymanager {
|
|||
* asymmetrically encrypt the keyfile before passing it to this method
|
||||
*/
|
||||
public static function setFileKey(\OC\Files\View $view, $util, $path, $catfile) {
|
||||
|
||||
$basePath = self::getKeyPath($view, $util, $path);
|
||||
|
||||
self::keySetPreparation($view, $basePath);
|
||||
|
||||
$result = $view->file_put_contents(
|
||||
$basePath . '/fileKey', $catfile);
|
||||
|
||||
return $result;
|
||||
$path = self::getKeyPath($view, $util, $path);
|
||||
return self::setKey($path, 'fileKey', $catfile, $view);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -161,23 +185,8 @@ class Keymanager {
|
|||
* @return string
|
||||
*/
|
||||
public static function getFileKeyPath($view, $util, $path) {
|
||||
|
||||
if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
|
||||
throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
|
||||
}
|
||||
|
||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||
$filename = Helper::stripPartialFileExtension($filename);
|
||||
$filePath_f = ltrim($filename, '/');
|
||||
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if ($util->isSystemWideMountPoint($filename)) {
|
||||
$keyfilePath = self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
|
||||
} else {
|
||||
$keyfilePath = '/' . $owner . self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
|
||||
}
|
||||
|
||||
return $keyfilePath;
|
||||
$keyDir = self::getKeyPath($view, $util, $path);
|
||||
return $keyDir . 'fileKey';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -190,22 +199,37 @@ class Keymanager {
|
|||
* @retrun string
|
||||
*/
|
||||
public static function getShareKeyPath($view, $util, $path, $uid) {
|
||||
$keyDir = self::getKeyPath($view, $util, $path);
|
||||
return $keyDir . $uid . '.shareKey';
|
||||
}
|
||||
|
||||
if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
|
||||
throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
|
||||
/**
|
||||
* delete public key from a given user
|
||||
*
|
||||
* @param \OC\Files\View $view
|
||||
* @param string $uid user
|
||||
* @return bool
|
||||
*/
|
||||
public static function deletePublicKey($view, $uid) {
|
||||
|
||||
$result = false;
|
||||
|
||||
if (!\OCP\User::userExists($uid)) {
|
||||
$publicKey = '/public-keys/' . $uid . '.publicKey';
|
||||
$result = $view->unlink($publicKey);
|
||||
}
|
||||
|
||||
list($owner, $filename) = $util->getUidAndFilename($path);
|
||||
$filename = Helper::stripPartialFileExtension($filename);
|
||||
return $result;
|
||||
}
|
||||
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
if ($util->isSystemWideMountPoint($filename)) {
|
||||
$shareKeyPath = self::KEYS_BASE_DIR . $filename . '/'. $uid . '.shareKey';
|
||||
} else {
|
||||
$shareKeyPath = '/' . $owner . self::KEYS_BASE_DIR . $filename . '/' . $uid . '.shareKey';
|
||||
}
|
||||
|
||||
return $shareKeyPath;
|
||||
/**
|
||||
* check if public key for user exists
|
||||
*
|
||||
* @param \OC\Files\View $view
|
||||
* @param string $uid
|
||||
*/
|
||||
public static function publicKeyExists($view, $uid) {
|
||||
return $view->file_exists('/public-keys/'. $uid . '.publicKey');
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -221,17 +245,8 @@ class Keymanager {
|
|||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getFileKey($view, $util, $filePath) {
|
||||
|
||||
$keyfilePath = self::getFileKeyPath($view, $util, $filePath);
|
||||
|
||||
if ($view->file_exists($keyfilePath)) {
|
||||
$result = $view->file_get_contents($keyfilePath);
|
||||
} else {
|
||||
$result = false;
|
||||
}
|
||||
|
||||
return $result;
|
||||
|
||||
$path = self::getFileKeyPath($view, $util, $filePath);
|
||||
return self::getKey($path, $view);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -243,80 +258,86 @@ class Keymanager {
|
|||
*/
|
||||
public static function setPrivateKey($key, $user = '') {
|
||||
|
||||
if ($user === '') {
|
||||
$user = \OCP\User::getUser();
|
||||
}
|
||||
|
||||
$user = $user === '' ? \OCP\User::getUser() : $user;
|
||||
$path = '/' . $user . '/files_encryption';
|
||||
$header = Crypt::generateHeader();
|
||||
|
||||
$view = new \OC\Files\View('/' . $user . '/files_encryption');
|
||||
return self::setKey($path, $user . '.privateKey', $header . $key, new \OC\Files\View());
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
}
|
||||
|
||||
if (!$view->file_exists('')) {
|
||||
$view->mkdir('');
|
||||
/**
|
||||
* check if recovery key exists
|
||||
*
|
||||
* @param \OC\Files\View $view
|
||||
* @return bool
|
||||
*/
|
||||
public static function recoveryKeyExists($view) {
|
||||
|
||||
$result = false;
|
||||
|
||||
$recoveryKeyId = Helper::getRecoveryKeyId();
|
||||
if ($recoveryKeyId) {
|
||||
$result = ($view->file_exists("/public-keys/" . $recoveryKeyId . ".publicKey")
|
||||
&& $view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".privateKey"));
|
||||
}
|
||||
|
||||
$result = $view->file_put_contents($user . '.private.key', $header . $key);
|
||||
return $result;
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
public static function publicShareKeyExists($view) {
|
||||
$result = false;
|
||||
|
||||
$publicShareKeyId = Helper::getPublicShareKeyId();
|
||||
if ($publicShareKeyId) {
|
||||
$result = ($view->file_exists("/public-keys/" . $publicShareKeyId . ".publicKey")
|
||||
&& $view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".privateKey"));
|
||||
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* store public key from the user
|
||||
* @param string $key
|
||||
* @param string $user
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public static function setPublicKey($key, $user = '') {
|
||||
|
||||
$user = $user === '' ? \OCP\User::getUser() : $user;
|
||||
$path = '/public-keys';
|
||||
|
||||
return self::setKey($path, $user . '.publicKey', $key, new \OC\Files\View('/'));
|
||||
}
|
||||
|
||||
/**
|
||||
* write private system key (recovery and public share key) to disk
|
||||
*
|
||||
* @param string $key encrypted key
|
||||
* @param string $keyName name of the key file
|
||||
* @param string $keyName name of the key
|
||||
* @return boolean
|
||||
*/
|
||||
public static function setPrivateSystemKey($key, $keyName) {
|
||||
|
||||
$keyName = $keyName . '.privateKey';
|
||||
$path = '/owncloud_private_key';
|
||||
$header = Crypt::generateHeader();
|
||||
|
||||
$view = new \OC\Files\View('/owncloud_private_key');
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
if (!$view->file_exists('')) {
|
||||
$view->mkdir('');
|
||||
}
|
||||
|
||||
$result = $view->file_put_contents($keyName, $header . $key);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
return $result;
|
||||
return self::setKey($path, $keyName,$header . $key, new \OC\Files\View());
|
||||
}
|
||||
|
||||
/**
|
||||
* store share key
|
||||
* read private system key (recovery and public share key) from disk
|
||||
*
|
||||
* @param \OC\Files\View $view
|
||||
* @param string $path where the share key is stored
|
||||
* @param string $shareKey
|
||||
* @return bool true/false
|
||||
* @note The keyfile is not encrypted here. Client code must
|
||||
* asymmetrically encrypt the keyfile before passing it to this method
|
||||
* @param string $keyName name of the key
|
||||
* @return string|boolean private system key or false
|
||||
*/
|
||||
private static function setShareKey(\OC\Files\View $view, $path, $shareKey) {
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$result = $view->file_put_contents($path, $shareKey);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
if (is_int($result) && $result > 0) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
public static function getPrivateSystemKey($keyName) {
|
||||
$path = $keyName . '.privateKey';
|
||||
return self::getKey($path, new \OC\Files\View('/owncloud_private_key'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -337,11 +358,7 @@ class Keymanager {
|
|||
$result = true;
|
||||
|
||||
foreach ($shareKeys as $userId => $shareKey) {
|
||||
|
||||
$writePath = $basePath . '/' . $userId . '.shareKey';
|
||||
|
||||
if (!self::setShareKey($view, $writePath, $shareKey)) {
|
||||
|
||||
if (!self::setKey($basePath, $userId . '.shareKey', $shareKey, $view)) {
|
||||
// If any of the keys are not set, flag false
|
||||
$result = false;
|
||||
}
|
||||
|
|
@ -362,16 +379,8 @@ class Keymanager {
|
|||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getShareKey($view, $userId, $util, $filePath) {
|
||||
|
||||
$shareKeyPath = self::getShareKeyPath($view, $util, $filePath, $userId);
|
||||
|
||||
if ($view->file_exists($shareKeyPath)) {
|
||||
$result = $view->file_get_contents($shareKeyPath);
|
||||
} else {
|
||||
$result = false;
|
||||
}
|
||||
|
||||
return $result;
|
||||
$path = self::getShareKeyPath($view, $util, $filePath, $userId);
|
||||
return self::getKey($path, $view);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -432,7 +441,6 @@ class Keymanager {
|
|||
* @param string $basePath
|
||||
*/
|
||||
protected static function keySetPreparation($view, $path) {
|
||||
|
||||
// If the file resides within a subdirectory, create it
|
||||
if (!$view->file_exists($path)) {
|
||||
$sub_dirs = explode('/', $path);
|
||||
|
|
|
|||
|
|
@ -56,43 +56,30 @@ class Session {
|
|||
|
||||
$appConfig = \OC::$server->getAppConfig();
|
||||
|
||||
$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
|
||||
$publicShareKeyId = Helper::getPublicShareKeyId();
|
||||
|
||||
if ($publicShareKeyId === null) {
|
||||
if ($publicShareKeyId === false) {
|
||||
$publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
|
||||
$appConfig->setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
|
||||
}
|
||||
|
||||
if (
|
||||
!$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key")
|
||||
|| !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key")
|
||||
) {
|
||||
if (!Keymanager::publicShareKeyExists($view)) {
|
||||
|
||||
$keypair = Crypt::createKeypair();
|
||||
|
||||
// Disable encryption proxy to prevent recursive calls
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// Save public key
|
||||
|
||||
if (!$view->is_dir('/public-keys')) {
|
||||
$view->mkdir('/public-keys');
|
||||
}
|
||||
|
||||
$this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']);
|
||||
Keymanager::setPublicKey($keypair['publicKey'], $publicShareKeyId);
|
||||
|
||||
// Encrypt private key empty passphrase
|
||||
$cipher = \OCA\Encryption\Helper::getCipher();
|
||||
$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], '', $cipher);
|
||||
if ($encryptedKey) {
|
||||
Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId . '.private.key');
|
||||
Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId);
|
||||
} else {
|
||||
\OCP\Util::writeLog('files_encryption', 'Could not create public share keys', \OCP\Util::ERROR);
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
}
|
||||
|
||||
if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) {
|
||||
|
|
@ -100,8 +87,7 @@ class Session {
|
|||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$encryptedKey = $this->view->file_get_contents(
|
||||
'/owncloud_private_key/' . $publicShareKeyId . '.private.key');
|
||||
$encryptedKey = Keymanager::getPrivateSystemKey($publicShareKeyId);
|
||||
$privateKey = Crypt::decryptPrivateKey($encryptedKey, '');
|
||||
self::setPublicSharePrivateKey($privateKey);
|
||||
|
||||
|
|
|
|||
|
|
@ -77,9 +77,9 @@ class Util {
|
|||
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
||||
$this->keysPath = $this->encryptionDir . '/' . 'keys';
|
||||
$this->publicKeyPath =
|
||||
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||
$this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey
|
||||
$this->privateKeyPath =
|
||||
$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||
$this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey
|
||||
// make sure that the owners home is mounted
|
||||
\OC\Files\Filesystem::initMountPoints($userId);
|
||||
|
||||
|
|
@ -1363,22 +1363,14 @@ class Util {
|
|||
public function checkRecoveryPassword($password) {
|
||||
|
||||
$result = false;
|
||||
$pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key";
|
||||
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$recoveryKey = $this->view->file_get_contents($pathKey);
|
||||
|
||||
$recoveryKey = Keymanager::getPrivateSystemKey($this->recoveryKeyId);
|
||||
$decryptedRecoveryKey = Crypt::decryptPrivateKey($recoveryKey, $password);
|
||||
|
||||
if ($decryptedRecoveryKey) {
|
||||
$result = true;
|
||||
}
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
|
@ -1486,16 +1478,9 @@ class Util {
|
|||
*/
|
||||
public function recoverUsersFiles($recoveryPassword) {
|
||||
|
||||
// Disable encryption proxy to prevent recursive calls
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
$encryptedKey = $this->view->file_get_contents(
|
||||
'/owncloud_private_key/' . $this->recoveryKeyId . '.private.key');
|
||||
$encryptedKey = Keymanager::getPrivateSystemKey( $this->recoveryKeyId);
|
||||
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $recoveryPassword);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
||||
$this->recoverAllFiles('/', $privateKey);
|
||||
}
|
||||
|
||||
|
|
@ -1510,8 +1495,8 @@ class Util {
|
|||
$backupDir .= ($purpose === '') ? date("Y-m-d_H-i-s") . '/' : $purpose . '.' . date("Y-m-d_H-i-s") . '/';
|
||||
$this->view->mkdir($backupDir);
|
||||
$this->view->copy($this->keysPath, $backupDir . 'keys/');
|
||||
$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.private.key');
|
||||
$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.public.key');
|
||||
$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey');
|
||||
$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1571,7 +1556,10 @@ class Util {
|
|||
|
||||
$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
|
||||
|
||||
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
|
||||
$privateKey = false;
|
||||
if ($encryptedKey) {
|
||||
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
|
||||
}
|
||||
|
||||
if ($privateKey === false) {
|
||||
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid']
|
||||
|
|
|
|||
|
|
@ -439,8 +439,8 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
// set user password for the first time
|
||||
\OCA\Encryption\Hooks::postCreateUser(array('uid' => 'newUser', 'password' => 'newUserPassword'));
|
||||
|
||||
$this->assertTrue($view->file_exists('public-keys/newUser.public.key'));
|
||||
$this->assertTrue($view->file_exists('newUser/files_encryption/newUser.private.key'));
|
||||
$this->assertTrue($view->file_exists('public-keys/newUser.publicKey'));
|
||||
$this->assertTrue($view->file_exists('newUser/files_encryption/newUser.privateKey'));
|
||||
|
||||
// check if we are able to decrypt the private key
|
||||
$encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser');
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
|
||||
Encryption\Keymanager::setPrivateKey($key, 'dummyUser');
|
||||
|
||||
$this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.private.key'));
|
||||
$this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.privateKey'));
|
||||
|
||||
//clean up
|
||||
$this->view->deleteAll('/dummyUser');
|
||||
|
|
@ -187,14 +187,19 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
function testSetPrivateSystemKey() {
|
||||
|
||||
$key = "dummy key";
|
||||
$keyName = "myDummyKey.private.key";
|
||||
$keyName = "myDummyKey";
|
||||
$encHeader = Encryption\Crypt::generateHeader();
|
||||
|
||||
Encryption\Keymanager::setPrivateSystemKey($key, $keyName);
|
||||
|
||||
$this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName));
|
||||
$this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName . '.privateKey'));
|
||||
|
||||
$result = Encryption\Keymanager::getPrivateSystemKey($keyName);
|
||||
|
||||
$this->assertSame($encHeader . $key, $result);
|
||||
|
||||
// clean up
|
||||
$this->view->unlink('/owncloud_private_key/' . $keyName);
|
||||
$this->view->unlink('/owncloud_private_key/' . $keyName.'.privateKey');
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -915,8 +915,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
|
||||
|
||||
// break users public key
|
||||
$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key',
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup');
|
||||
$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey',
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup');
|
||||
|
||||
// re-enable the file proxy
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
|
|
@ -943,8 +943,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
|
||||
// break user1 public key
|
||||
$this->view->rename(
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup',
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key');
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup',
|
||||
'/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey');
|
||||
|
||||
// remove share file
|
||||
$this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/'
|
||||
|
|
|
|||
|
|
@ -89,9 +89,9 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
||||
$this->keysPath = $this->encryptionDir . '/' . 'keys';
|
||||
$this->publicKeyPath =
|
||||
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||
$this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey
|
||||
$this->privateKeyPath =
|
||||
$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||
$this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey
|
||||
|
||||
$this->view = new \OC\Files\View('/');
|
||||
|
||||
|
|
@ -402,8 +402,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
$this->assertTrue($this->view->is_dir($backupPath . '/keys'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/fileKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/' . $user . '.shareKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.private.key'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.public.key'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.privateKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.publicKey'));
|
||||
|
||||
// cleanup
|
||||
$this->view->unlink($this->userId . '/files/' . $filename);
|
||||
|
|
@ -435,8 +435,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase {
|
|||
$this->assertTrue($this->view->is_dir($backupPath . '/keys/foo'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/fileKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/user1.shareKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.private.key'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.public.key'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey'));
|
||||
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey'));
|
||||
|
||||
//cleanup
|
||||
$this->view->deleteAll($backupPath);
|
||||
|
|
|
|||
Loading…
Reference in a new issue