--- /dev/null
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OC\Core\Command\Encryption;
+
+use OC\Encryption\Keys\Storage;
+use OC\Encryption\Util;
+use OC\Files\View;
+use OCP\IConfig;
+use OCP\IUserManager;
+use OCP\Security\ICrypto;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\ProgressBar;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class MigrateKeyStorage extends Command {
+
+ /** @var View */
+ protected $rootView;
+
+ /** @var IUserManager */
+ protected $userManager;
+
+ /** @var IConfig */
+ protected $config;
+
+ /** @var Util */
+ protected $util;
+
+ /** @var QuestionHelper */
+ protected $questionHelper;
+ /**
+ * @var ICrypto
+ */
+ private $crypto;
+
+ public function __construct(View $view, IUserManager $userManager, IConfig $config, Util $util, ICrypto $crypto) {
+ parent::__construct();
+ $this->rootView = $view;
+ $this->userManager = $userManager;
+ $this->config = $config;
+ $this->util = $util;
+ $this->crypto = $crypto;
+ }
+
+ protected function configure() {
+ parent::configure();
+ $this
+ ->setName('encryption:migrate-key-storage-format')
+ ->setDescription('Migrate the format of the keystorage to a newer format');
+ }
+
+ protected function execute(InputInterface $input, OutputInterface $output): int {
+ $root = $this->util->getKeyStorageRoot();
+
+ $output->writeln("Updating key storage format");
+ $this->updateKeys($root, $output);
+ $output->writeln("Key storage format successfully updated");
+
+ return 0;
+ }
+
+ /**
+ * move keys to new key storage root
+ *
+ * @param string $root
+ * @param OutputInterface $output
+ * @return bool
+ * @throws \Exception
+ */
+ protected function updateKeys(string $root, OutputInterface $output) {
+ $output->writeln("Start to update the keys:");
+
+ $this->updateSystemKeys($root);
+ $this->updateUsersKeys($root, $output);
+ $this->config->deleteSystemValue('encryption.key_storage_migrated');
+ return true;
+ }
+
+ /**
+ * move system key folder
+ *
+ * @param string $root
+ */
+ protected function updateSystemKeys($root) {
+ if (!$this->rootView->is_dir($root . '/files_encryption')) {
+ return;
+ }
+
+ $this->traverseKeys($root . '/files_encryption', null);
+ }
+
+ private function traverseKeys(string $folder, ?string $uid) {
+ $listing = $this->rootView->getDirectoryContent($folder);
+
+ foreach ($listing as $node) {
+ if ($node['mimetype'] === 'httpd/unix-directory') {
+ //ignore
+ } else {
+ $endsWith = function ($haystack, $needle) {
+ $length = strlen($needle);
+ if ($length === 0) {
+ return true;
+ }
+
+ return (substr($haystack, -$length) === $needle);
+ };
+
+ if ($node['name'] === 'fileKey' ||
+ $endsWith($node['name'], '.privateKey') ||
+ $endsWith($node['name'], '.publicKey') ||
+ $endsWith($node['name'], '.shareKey')) {
+ $path = $folder . '/' . $node['name'];
+
+ $content = $this->rootView->file_get_contents($path);
+
+ try {
+ $this->crypto->decrypt($content);
+ continue;
+ } catch (\Exception $e) {
+ // Ignore we now update the data.
+ }
+
+ $data = [
+ 'key' => base64_encode($content),
+ 'uid' => $uid,
+ ];
+
+ $enc = $this->crypto->encrypt(json_encode($data));
+ $this->rootView->file_put_contents($path, $enc);
+ }
+ }
+ }
+ }
+
+ private function traverseFileKeys(string $folder) {
+ $listing = $this->rootView->getDirectoryContent($folder);
+
+ foreach ($listing as $node) {
+ if ($node['mimetype'] === 'httpd/unix-directory') {
+ $this->traverseFileKeys($folder . '/' . $node['name']);
+ } else {
+ $endsWith = function ($haystack, $needle) {
+ $length = strlen($needle);
+ if ($length === 0) {
+ return true;
+ }
+
+ return (substr($haystack, -$length) === $needle);
+ };
+
+ if ($node['name'] === 'fileKey' ||
+ $endsWith($node['name'], '.privateKey') ||
+ $endsWith($node['name'], '.publicKey') ||
+ $endsWith($node['name'], '.shareKey')) {
+ $path = $folder . '/' . $node['name'];
+
+ $content = $this->rootView->file_get_contents($path);
+
+ try {
+ $this->crypto->decrypt($content);
+ continue;
+ } catch (\Exception $e) {
+ // Ignore we now update the data.
+ }
+
+ $data = [
+ 'key' => base64_encode($content)
+ ];
+
+ $enc = $this->crypto->encrypt(json_encode($data));
+ $this->rootView->file_put_contents($path, $enc);
+ }
+ }
+ }
+ }
+
+
+ /**
+ * setup file system for the given user
+ *
+ * @param string $uid
+ */
+ protected function setupUserFS($uid) {
+ \OC_Util::tearDownFS();
+ \OC_Util::setupFS($uid);
+ }
+
+
+ /**
+ * iterate over each user and move the keys to the new storage
+ *
+ * @param string $root
+ * @param OutputInterface $output
+ */
+ protected function updateUsersKeys(string $root, OutputInterface $output) {
+ $progress = new ProgressBar($output);
+ $progress->start();
+
+ foreach ($this->userManager->getBackends() as $backend) {
+ $limit = 500;
+ $offset = 0;
+ do {
+ $users = $backend->getUsers('', $limit, $offset);
+ foreach ($users as $user) {
+ $progress->advance();
+ $this->setupUserFS($user);
+ $this->updateUserKeys($root, $user);
+ }
+ $offset += $limit;
+ } while (count($users) >= $limit);
+ }
+ $progress->finish();
+ }
+
+ /**
+ * move user encryption folder to new root folder
+ *
+ * @param string $root
+ * @param string $user
+ * @throws \Exception
+ */
+ protected function updateUserKeys(string $root, string $user) {
+ if ($this->userManager->userExists($user)) {
+ $source = $root . '/' . $user . '/files_encryption/OC_DEFAULT_MODULE';
+ if ($this->rootView->is_dir($source)) {
+ $this->traverseKeys($source, $user);
+ }
+
+ $source = $root . '/' . $user . '/files_encryption/keys';
+ if ($this->rootView->is_dir($source)) {
+ $this->traverseFileKeys($source);
+ }
+ }
+ }
+}
)
);
$application->add(new OC\Core\Command\Encryption\ShowKeyStorageRoot($util));
+ $application->add(new OC\Core\Command\Encryption\MigrateKeyStorage(
+ $view,
+ \OC::$server->getUserManager(),
+ \OC::$server->getConfig(),
+ $util,
+ \OC::$server->getCrypto()
+ )
+ );
$application->add(new OC\Core\Command\Maintenance\DataFingerprint(\OC::$server->getConfig(), new \OC\AppFramework\Utility\TimeFactory()));
$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
'OC\\Core\\Command\\Encryption\\Enable' => $baseDir . '/core/Command/Encryption/Enable.php',
'OC\\Core\\Command\\Encryption\\EncryptAll' => $baseDir . '/core/Command/Encryption/EncryptAll.php',
'OC\\Core\\Command\\Encryption\\ListModules' => $baseDir . '/core/Command/Encryption/ListModules.php',
+ 'OC\\Core\\Command\\Encryption\\MigrateKeyStorage' => $baseDir . '/core/Command/Encryption/MigrateKeyStorage.php',
'OC\\Core\\Command\\Encryption\\SetDefaultModule' => $baseDir . '/core/Command/Encryption/SetDefaultModule.php',
'OC\\Core\\Command\\Encryption\\ShowKeyStorageRoot' => $baseDir . '/core/Command/Encryption/ShowKeyStorageRoot.php',
'OC\\Core\\Command\\Encryption\\Status' => $baseDir . '/core/Command/Encryption/Status.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => $baseDir . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => $baseDir . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => $baseDir . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
+ 'OC\\Repair\\NC20\\EncryptionMigration' => $baseDir . '/lib/private/Repair/NC20/EncryptionMigration.php',
'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => $baseDir . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',
'OC\\Core\\Command\\Encryption\\Enable' => __DIR__ . '/../../..' . '/core/Command/Encryption/Enable.php',
'OC\\Core\\Command\\Encryption\\EncryptAll' => __DIR__ . '/../../..' . '/core/Command/Encryption/EncryptAll.php',
'OC\\Core\\Command\\Encryption\\ListModules' => __DIR__ . '/../../..' . '/core/Command/Encryption/ListModules.php',
+ 'OC\\Core\\Command\\Encryption\\MigrateKeyStorage' => __DIR__ . '/../../..' . '/core/Command/Encryption/MigrateKeyStorage.php',
'OC\\Core\\Command\\Encryption\\SetDefaultModule' => __DIR__ . '/../../..' . '/core/Command/Encryption/SetDefaultModule.php',
'OC\\Core\\Command\\Encryption\\ShowKeyStorageRoot' => __DIR__ . '/../../..' . '/core/Command/Encryption/ShowKeyStorageRoot.php',
'OC\\Core\\Command\\Encryption\\Status' => __DIR__ . '/../../..' . '/core/Command/Encryption/Status.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => __DIR__ . '/../../..' . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
+ 'OC\\Repair\\NC20\\EncryptionMigration' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionMigration.php',
'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',
use OC\Encryption\Util;
use OC\Files\Filesystem;
use OC\Files\View;
+use OC\ServerNotAvailableException;
use OC\User\NoUserException;
use OCP\Encryption\Keys\IStorage;
+use OCP\IConfig;
+use OCP\Security\ICrypto;
class Storage implements IStorage {
/** @var array */
private $keyCache = [];
+ /** @var ICrypto */
+ private $crypto;
+
+ /** @var IConfig */
+ private $config;
+
/**
* @param View $view
* @param Util $util
*/
- public function __construct(View $view, Util $util) {
+ public function __construct(View $view, Util $util, ICrypto $crypto, IConfig $config) {
$this->view = $view;
$this->util = $util;
$this->keys_base_dir = $this->encryption_base_dir .'/keys';
$this->backup_base_dir = $this->encryption_base_dir .'/backup';
$this->root_dir = $this->util->getKeyStorageRoot();
+ $this->crypto = $crypto;
+ $this->config = $config;
}
/**
*/
public function getUserKey($uid, $keyId, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid);
- return $this->getKey($path);
+ return base64_decode($this->getKeyWithUid($path, $uid));
}
/**
public function getFileKey($path, $keyId, $encryptionModuleId) {
$realFile = $this->util->stripPartialFileExtension($path);
$keyDir = $this->getFileKeyDir($encryptionModuleId, $realFile);
- $key = $this->getKey($keyDir . $keyId);
+ $key = $this->getKey($keyDir . $keyId)['key'];
if ($key === '' && $realFile !== $path) {
// Check if the part file has keys and use them, if no normal keys
// exist. This is required to fix copyBetweenStorage() when we
// rename a .part file over storage borders.
$keyDir = $this->getFileKeyDir($encryptionModuleId, $path);
- $key = $this->getKey($keyDir . $keyId);
+ $key = $this->getKey($keyDir . $keyId)['key'];
}
- return $key;
+ return base64_decode($key);
}
/**
*/
public function getSystemUserKey($keyId, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, null);
- return $this->getKey($path);
+ return base64_decode($this->getKeyWithUid($path, null));
}
/**
*/
public function setUserKey($uid, $keyId, $key, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid);
- return $this->setKey($path, $key);
+ return $this->setKey($path, [
+ 'key' => base64_encode($key),
+ 'uid' => $uid,
+ ]);
}
/**
*/
public function setFileKey($path, $keyId, $key, $encryptionModuleId) {
$keyDir = $this->getFileKeyDir($encryptionModuleId, $path);
- return $this->setKey($keyDir . $keyId, $key);
+ return $this->setKey($keyDir . $keyId, [
+ 'key' => base64_encode($key),
+ ]);
}
/**
*/
public function setSystemUserKey($keyId, $key, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, null);
- return $this->setKey($path, $key);
+ return $this->setKey($path, [
+ 'key' => base64_encode($key),
+ 'uid' => null,
+ ]);
}
/**
return \OC\Files\Filesystem::normalizePath($path);
}
+ /**
+ * @param string $path
+ * @param string|null $uid
+ * @return string
+ * @throws ServerNotAvailableException
+ *
+ * Small helper function to fetch the key and verify the value for user and system keys
+ */
+ private function getKeyWithUid(string $path, ?string $uid): string {
+ $data = $this->getKey($path);
+
+ if (!isset($data['key'])) {
+ throw new ServerNotAvailableException('Key is invalid');
+ }
+
+ if ($data['key'] === '') {
+ return '';
+ }
+
+ if (!array_key_exists('uid', $data) || $data['uid'] !== $uid) {
+ // If the migration is done we error out
+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+ if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
+ return $data['key'];
+ }
+
+ if ($this->config->getSystemValueBool('encryption.key_storage_migrated', true)) {
+ throw new ServerNotAvailableException('Key has been modified');
+ } else {
+ //Otherwise we migrate
+ $data['uid'] = $uid;
+ $this->setKey($path, $data);
+ }
+ }
+
+ return $data['key'];
+ }
+
/**
* read key from hard disk
*
* @param string $path to key
- * @return string
+ * @return array containing key as base64encoded key, and possible the uid
*/
- private function getKey($path) {
- $key = '';
+ private function getKey($path): array {
+ $key = [
+ 'key' => '',
+ ];
if ($this->view->file_exists($path)) {
if (isset($this->keyCache[$path])) {
$key = $this->keyCache[$path];
} else {
- $key = $this->view->file_get_contents($path);
+ $data = $this->view->file_get_contents($path);
+
+ // Version <20.0.0.1 doesn't have this
+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+ if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
+ $key = [
+ 'key' => base64_encode($data),
+ ];
+ } else {
+ if ($this->config->getSystemValueBool('encryption.key_storage_migrated', true)) {
+ try {
+ $clearData = $this->crypto->decrypt($data);
+ } catch (\Exception $e) {
+ throw new ServerNotAvailableException('Could not decrypt key', 0, $e);
+ }
+
+ $dataArray = json_decode($clearData, true);
+ if ($dataArray === null) {
+ throw new ServerNotAvailableException('Invalid encryption key');
+ }
+
+ $key = $dataArray;
+ } else {
+ /*
+ * Even if not all keys are migrated we should still try to decrypt it (in case some have moved).
+ * However it is only a failure now if it is an array and decryption fails
+ */
+ $fallback = false;
+ try {
+ $clearData = $this->crypto->decrypt($data);
+ } catch (\Exception $e) {
+ $fallback = true;
+ }
+
+ if (!$fallback) {
+ $dataArray = json_decode($clearData, true);
+ if ($dataArray === null) {
+ throw new ServerNotAvailableException('Invalid encryption key');
+ }
+ $key = $dataArray;
+ } else {
+ $key = [
+ 'key' => base64_encode($data),
+ ];
+ }
+ }
+ }
+
$this->keyCache[$path] = $key;
}
}
*
*
* @param string $path path to key directory
- * @param string $key key
+ * @param array $key key
* @return bool
*/
private function setKey($path, $key) {
$this->keySetPreparation(dirname($path));
- $result = $this->view->file_put_contents($path, $key);
+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+ if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
+ // Only store old format if this happens during the migration.
+ // TODO: Remove for 21
+ $data = base64_decode($key['key']);
+ } else {
+ // Wrap the data
+ $data = $this->crypto->encrypt(json_encode($key));
+ }
+
+ $result = $this->view->file_put_contents($path, $data);
if (is_int($result) && $result > 0) {
$this->keyCache[$path] = $key;
use OC\Repair\NC16\ClearCollectionsAccessCache;
use OC\Repair\NC18\ResetGeneratedAvatarFlag;
use OC\Repair\NC20\EncryptionLegacyCipher;
+use OC\Repair\NC20\EncryptionMigration;
use OC\Repair\OldGroupMembershipShares;
use OC\Repair\Owncloud\DropAccountTermsTable;
use OC\Repair\Owncloud\SaveAccountsTableData;
new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
\OC::$server->query(ResetGeneratedAvatarFlag::class),
\OC::$server->query(EncryptionLegacyCipher::class),
+ \OC::$server->query(EncryptionMigration::class),
];
}
--- /dev/null
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Repair\NC20;
+
+use OCP\Encryption\IManager;
+use OCP\IConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+class EncryptionMigration implements IRepairStep {
+
+ /** @var IConfig */
+ private $config;
+ /** @var IManager */
+ private $manager;
+
+ public function __construct(IConfig $config,
+ IManager $manager) {
+ $this->config = $config;
+ $this->manager = $manager;
+ }
+
+ public function getName(): string {
+ return 'Check encryption key format';
+ }
+
+ private function shouldRun(): bool {
+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+ return version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=');
+ }
+
+ public function run(IOutput $output): void {
+ if ($this->manager->isEnabled()) {
+ if ($this->config->getSystemValue('encryption.key_storage_migrated', '') === '') {
+ $this->config->setSystemValue('encryption.key_storage_migrated', false);
+ }
+ }
+ }
+}
$c->getConfig()
);
- return new Encryption\Keys\Storage($view, $util);
+ return new Encryption\Keys\Storage($view, $util, $c->getCrypto(), $c->getConfig());
});
/** @deprecated 20.0.0 */
$this->registerDeprecatedAlias('TagMapper', TagMapper::class);
use OC\Encryption\Keys\Storage;
use OC\Files\View;
use OCP\IConfig;
+use OCP\Security\ICrypto;
+use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase;
class StorageTest extends TestCase {
/** @var \PHPUnit\Framework\MockObject\MockObject */
protected $config;
+ /** @var MockObject|ICrypto */
+ protected $crypto;
+
protected function setUp(): void {
parent::setUp();
->disableOriginalConstructor()
->getMock();
+ $this->crypto = $this->createMock(ICrypto::class);
+ $this->crypto->method('encrypt')
+ ->willReturnCallback(function ($data, $pass) {
+ return $data;
+ });
+ $this->crypto->method('decrypt')
+ ->willReturnCallback(function ($data, $pass) {
+ return $data;
+ });
+
$this->config = $this->getMockBuilder(IConfig::class)
->disableOriginalConstructor()
->getMock();
- $this->storage = new Storage($this->view, $this->util);
+ $this->storage = new Storage($this->view, $this->util, $this->crypto, $this->config);
}
public function testSetFileKey() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+ $this->util->expects($this->any())
+ ->method('getUidAndFilename')
+ ->willReturn(['user1', '/files/foo.txt']);
+ $this->util->expects($this->any())
+ ->method('stripPartialFileExtension')
+ ->willReturnArgument(0);
+ $this->util->expects($this->any())
+ ->method('isSystemWideMountPoint')
+ ->willReturn(false);
+
+ $data = json_encode(['key' => base64_encode('key')]);
+ $this->view->expects($this->once())
+ ->method('file_put_contents')
+ ->with($this->equalTo('/user1/files_encryption/keys/files/foo.txt/encModule/fileKey'),
+ $this->equalTo($data))
+ ->willReturn(strlen($data));
+
+ $this->assertTrue(
+ $this->storage->setFileKey('user1/files/foo.txt', 'fileKey', 'key', 'encModule')
+ );
+ }
+
+ public function testSetFileOld() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.0');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
$this->util->expects($this->any())
->method('isSystemWideMountPoint')
->willReturn(false);
+ $this->crypto->expects($this->never())
+ ->method('encrypt');
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/user1/files_encryption/keys/files/foo.txt/encModule/fileKey'),
* @param string $expectedKeyContent
*/
public function testGetFileKey($path, $strippedPartialName, $originalKeyExists, $expectedKeyContent) {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturnMap([
->with($this->equalTo('/user1/files_encryption/keys' . $strippedPartialName . '/encModule/fileKey'))
->willReturn($originalKeyExists);
+ $this->crypto->method('decrypt')
+ ->willReturnCallback(function ($data, $pass) {
+ return $data;
+ });
+
if (!$originalKeyExists) {
$this->view->expects($this->at(1))
->method('file_exists')
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/keys' . $path . '/encModule/fileKey'))
- ->willReturn('key2');
+ ->willReturn(json_encode(['key' => base64_encode('key2')]));
} else {
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/keys' . $strippedPartialName . '/encModule/fileKey'))
- ->willReturn('key');
+ ->willReturn(json_encode(['key' => base64_encode('key')]));
}
$this->assertSame($expectedKeyContent,
}
public function testSetFileKeySystemWide() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
$this->util->expects($this->any())
->method('stripPartialFileExtension')
->willReturnArgument(0);
+
+ $this->crypto->method('encrypt')
+ ->willReturnCallback(function ($data, $pass) {
+ return $data;
+ });
+
+ $data = json_encode(['key' => base64_encode('key')]);
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'),
- $this->equalTo('key'))
- ->willReturn(strlen('key'));
+ $this->equalTo($data))
+ ->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setFileKey('user1/files/foo.txt', 'fileKey', 'key', 'encModule')
}
public function testGetFileKeySystemWide() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'))
- ->willReturn('key');
+ ->willReturn(json_encode(['key' => base64_encode('key')]));
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'))
}
public function testSetSystemUserKey() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
+ $data = json_encode([
+ 'key' => base64_encode('key'),
+ 'uid' => null]
+ );
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'),
- $this->equalTo('key'))
- ->willReturn(strlen('key'));
+ $this->equalTo($data))
+ ->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setSystemUserKey('shareKey_56884', 'key', 'encModule')
}
public function testSetUserKey() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
+ $data = json_encode([
+ 'key' => base64_encode('key'),
+ 'uid' => 'user1']
+ );
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'),
- $this->equalTo('key'))
- ->willReturn(strlen('key'));
+ $this->equalTo($data))
+ ->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setUserKey('user1', 'publicKey', 'key', 'encModule')
}
public function testGetSystemUserKey() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
+ $data = json_encode([
+ 'key' => base64_encode('key'),
+ 'uid' => null]
+ );
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'))
- ->willReturn('key');
+ ->willReturn($data);
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'))
}
public function testGetUserKey() {
+ $this->config->method('getSystemValue')
+ ->with('version')
+ ->willReturn('20.0.0.2');
+
+ $data = json_encode([
+ 'key' => base64_encode('key'),
+ 'uid' => 'user1']
+ );
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'))
- ->willReturn('key');
+ ->willReturn($data);
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'))
*/
public function testBackupUserKeys($createBackupDir) {
$storage = $this->getMockBuilder('OC\Encryption\Keys\Storage')
- ->setConstructorArgs([$this->view, $this->util])
+ ->setConstructorArgs([$this->view, $this->util, $this->crypto, $this->config])
->setMethods(['getTimestamp'])
->getMock();
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
// when updating major/minor version number.
-$OC_Version = [20, 0, 0, 1];
+$OC_Version = [20, 0, 0, 2];
// The human readable string
$OC_VersionString = '20.0.0 alpha';