\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
-$l=OC_L10N::get('files_encryption');
+$l = OC_L10N::get('files_encryption');
$return = false;
$recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
-if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1){
+if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1) {
$return = \OCA\Encryption\Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']);
$action = "enable";
// Return success or failure
if ($return) {
- \OCP\JSON::success(array("data" => array( "message" => $l->t('Recovery key successfully ' . $action.'d'))));
+ \OCP\JSON::success(array("data" => array("message" => $l->t('Recovery key successfully ' . $action . 'd'))));
} else {
- \OCP\JSON::error(array("data" => array( "message" => $l->t('Could not '.$action.' recovery key. Please check your recovery key password!'))));
+ \OCP\JSON::error(array(
+ "data" => array(
+ "message" => $l->t(
+ 'Could not ' . $action . ' recovery key. Please check your recovery key password!')
+ )
+ ));
}
* See the COPYING-README file.
*
* @brief Script to change recovery key password
- *
+ *
*/
use OCA\Encryption;
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
-$l=OC_L10N::get('core');
+$l = OC_L10N::get('core');
$return = false;
// success or failure
if ($return) {
- \OCP\JSON::success(array("data" => array( "message" => $l->t('Password successfully changed.'))));
+ \OCP\JSON::success(array("data" => array("message" => $l->t('Password successfully changed.'))));
} else {
- \OCP\JSON::error(array("data" => array( "message" => $l->t('Could not change the password. Maybe the old password was not correct.'))));
+ \OCP\JSON::error(array("data" => array("message" => $l->t('Could not change the password. Maybe the old password was not correct.'))));
}
\ No newline at end of file
use OCA\Encryption;
\OCP\JSON::checkLoggedIn();
-\OCP\JSON::checkAppEnabled( 'files_encryption' );
+\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
-if (
- isset( $_POST['userEnableRecovery'] )
- && ( 0 == $_POST['userEnableRecovery'] || 1 == $_POST['userEnableRecovery'] )
+if (
+ isset($_POST['userEnableRecovery'])
+ && (0 == $_POST['userEnableRecovery'] || 1 == $_POST['userEnableRecovery'])
) {
$userId = \OCP\USER::getUser();
- $view = new \OC_FilesystemView( '/' );
- $util = new \OCA\Encryption\Util( $view, $userId );
-
+ $view = new \OC_FilesystemView('/');
+ $util = new \OCA\Encryption\Util($view, $userId);
+
// Save recovery preference to DB
- $return = $util->setRecoveryForUser( $_POST['userEnableRecovery'] );
+ $return = $util->setRecoveryForUser($_POST['userEnableRecovery']);
if ($_POST['userEnableRecovery'] == "1") {
$util->addRecoveryKeys();
} else {
$util->removeRecoveryKeys();
}
-
+
} else {
$return = false;
-
+
}
// Return success or failure
-( $return ) ? \OCP\JSON::success() : \OCP\JSON::error();
\ No newline at end of file
+($return) ? \OCP\JSON::success() : \OCP\JSON::error();
\ No newline at end of file
OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php';
OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php';
-OC_FileProxy::register( new OCA\Encryption\Proxy() );
+OC_FileProxy::register(new OCA\Encryption\Proxy());
// User related hooks
OCA\Encryption\Helper::registerUserHooks();
// Filesystem related hooks
OCA\Encryption\Helper::registerFilesystemHooks();
-stream_wrapper_register( 'crypt', 'OCA\Encryption\Stream' );
+stream_wrapper_register('crypt', 'OCA\Encryption\Stream');
// check if we are logged in
if (OCP\User::isLoggedIn()) {
}
// Register settings scripts
-OCP\App::registerAdmin( 'files_encryption', 'settings-admin' );
-OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
+OCP\App::registerAdmin('files_encryption', 'settings-admin');
+OCP\App::registerPersonal('files_encryption', 'settings-personal');
* @brief Startup encryption backend upon user login\r
* @note This method should never be called for users using client side encryption\r
*/\r
- public static function login( $params ) {\r
- \r
+ public static function login($params) {\r
+\r
// Manually initialise Filesystem{} singleton with correct \r
// fake root path, in order to avoid fatal webdav errors\r
- // NOTE: disabled because this give errors on webdav!\r
+ // NOTE: disabled because this give errors on webdav!\r
//\OC\Files\Filesystem::init( $params['uid'], '/' . 'files' . '/' );\r
- \r
- $view = new \OC_FilesystemView( '/' );\r
\r
- $util = new Util( $view, $params['uid'] );\r
+ $view = new \OC_FilesystemView('/');\r
+\r
+ $util = new Util($view, $params['uid']);\r
+\r
+ // setup user, if user not ready force relogin\r
+ if (Helper::setupUser($util, $params['password']) === false) {\r
+ return false;\r
+ }\r
+\r
+ $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);\r
\r
- // setup user, if user not ready force relogin\r
- if(Helper::setupUser($util, $params['password']) === false) {\r
- return false;\r
- }\r
+ $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']);\r
\r
- $encryptedKey = Keymanager::getPrivateKey( $view, $params['uid'] );\r
- \r
- $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] );\r
+ $session = new Session($view);\r
+\r
+ $session->setPrivateKey($privateKey, $params['uid']);\r
\r
- $session = new Session( $view );\r
- \r
- $session->setPrivateKey( $privateKey, $params['uid'] );\r
- \r
// Check if first-run file migration has already been performed\r
$migrationCompleted = $util->getMigrationStatus();\r
- \r
+\r
// If migration not yet done\r
- if ( ! $migrationCompleted ) {\r
- \r
- $userView = new \OC_FilesystemView( '/' . $params['uid'] );\r
- \r
+ if (!$migrationCompleted) {\r
+\r
+ $userView = new \OC_FilesystemView('/' . $params['uid']);\r
+\r
// Set legacy encryption key if it exists, to support \r
// depreciated encryption system\r
if (\r
- $userView->file_exists( 'encryption.key' )\r
- && $encLegacyKey = $userView->file_get_contents( 'encryption.key' )\r
+ $userView->file_exists('encryption.key')\r
+ && $encLegacyKey = $userView->file_get_contents('encryption.key')\r
) {\r
- \r
- $plainLegacyKey = Crypt::legacyDecrypt( $encLegacyKey, $params['password'] );\r
- \r
- $session->setLegacyKey( $plainLegacyKey );\r
- \r
+\r
+ $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);\r
+\r
+ $session->setLegacyKey($plainLegacyKey);\r
+\r
}\r
\r
- $publicKey = Keymanager::getPublicKey( $view, $params['uid'] );\r
- \r
+ $publicKey = Keymanager::getPublicKey($view, $params['uid']);\r
+\r
// Encrypt existing user files:\r
// This serves to upgrade old versions of the encryption\r
// app (see appinfo/spec.txt)\r
if (\r
- $util->encryptAll( '/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'] )\r
+ $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])\r
) {\r
- \r
- \OC_Log::write( \r
+\r
+ \OC_Log::write(\r
'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed'\r
- , \OC_Log::INFO \r
+ , \OC_Log::INFO\r
);\r
- \r
+\r
}\r
\r
// Register successful migration in DB\r
- $util->setMigrationStatus( 1 );\r
- \r
+ $util->setMigrationStatus(1);\r
+\r
}\r
\r
return true;\r
\r
}\r
\r
- /**\r
- * @brief setup encryption backend upon user created\r
- * @note This method should never be called for users using client side encryption\r
- */\r
- public static function postCreateUser( $params ) {\r
- $view = new \OC_FilesystemView( '/' );\r
+ /**\r
+ * @brief setup encryption backend upon user created\r
+ * @note This method should never be called for users using client side encryption\r
+ */\r
+ public static function postCreateUser($params) {\r
+ $view = new \OC_FilesystemView('/');\r
\r
- $util = new Util( $view, $params['uid'] );\r
+ $util = new Util($view, $params['uid']);\r
\r
- Helper::setupUser($util, $params['password']);\r
- }\r
+ Helper::setupUser($util, $params['password']);\r
+ }\r
\r
- /**\r
- * @brief cleanup encryption backend upon user deleted\r
- * @note This method should never be called for users using client side encryption\r
- */\r
- public static function postDeleteUser( $params ) {\r
- $view = new \OC_FilesystemView( '/' );\r
+ /**\r
+ * @brief cleanup encryption backend upon user deleted\r
+ * @note This method should never be called for users using client side encryption\r
+ */\r
+ public static function postDeleteUser($params) {\r
+ $view = new \OC_FilesystemView('/');\r
\r
- // cleanup public key\r
- $publicKey = '/public-keys/' . $params['uid'] . '.public.key';\r
+ // cleanup public key\r
+ $publicKey = '/public-keys/' . $params['uid'] . '.public.key';\r
\r
- // Disable encryption proxy to prevent recursive calls\r
- $proxyStatus = \OC_FileProxy::$enabled;\r
- \OC_FileProxy::$enabled = false;\r
+ // Disable encryption proxy to prevent recursive calls\r
+ $proxyStatus = \OC_FileProxy::$enabled;\r
+ \OC_FileProxy::$enabled = false;\r
\r
- $view->unlink($publicKey);\r
+ $view->unlink($publicKey);\r
\r
- \OC_FileProxy::$enabled = $proxyStatus;\r
- }\r
+ \OC_FileProxy::$enabled = $proxyStatus;\r
+ }\r
\r
- /**\r
+ /**\r
* @brief Change a user's encryption passphrase\r
* @param array $params keys: uid, password\r
*/\r
// NOTE: Session does not need to be updated as the\r
// private key has not changed, only the passphrase\r
// used to decrypt it has changed\r
- \r
- \r
+\r
+\r
} else { // admin changed the password for a different user, create new keys and reencrypt file keys\r
- \r
+\r
$user = $params['uid'];\r
$recoveryPassword = $params['recoveryPassword'];\r
$newUserPassword = $params['password'];\r
\OC\Files\Filesystem::initMountPoints($user);\r
\r
$keypair = Crypt::createKeypair();\r
- \r
+\r
// Disable encryption proxy to prevent recursive calls\r
$proxyStatus = \OC_FileProxy::$enabled;\r
\OC_FileProxy::$enabled = false;\r
\r
// Save public key\r
- $view->file_put_contents( '/public-keys/'.$user.'.public.key', $keypair['publicKey'] );\r
+ $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);\r
\r
// Encrypt private key empty passphrase\r
- $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $newUserPassword );\r
+ $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);\r
\r
// Save private key\r
- $view->file_put_contents( '/'.$user.'/files_encryption/'.$user.'.private.key', $encryptedPrivateKey );\r
+ $view->file_put_contents(\r
+ '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);\r
\r
- if ( $recoveryPassword ) { // if recovery key is set we can re-encrypt the key files\r
+ if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files\r
$util = new Util($view, $user);\r
$util->recoverUsersFiles($recoveryPassword);\r
}\r
}\r
}\r
\r
- if($error)\r
- // Set flag var 'run' to notify emitting\r
+ if ($error) // Set flag var 'run' to notify emitting\r
// script that hook execution failed\r
+ {\r
$params['run']->run = false;\r
- // TODO: Make sure files_sharing provides user\r
- // feedback on failed share\r
+ }\r
+ // TODO: Make sure files_sharing provides user\r
+ // feedback on failed share\r
}\r
\r
/**\r
- * @brief \r
+ * @brief\r
*/\r
public static function postShared($params) {\r
\r
\r
foreach ($allFiles as $path) {\r
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $path);\r
- $util->setSharedFileKeyfiles( $session, $usersSharing, $path );\r
+ $util->setSharedFileKeyfiles($session, $usersSharing, $path);\r
}\r
}\r
}\r
- \r
+\r
/**\r
- * @brief \r
+ * @brief\r
*/\r
- public static function postUnshare( $params ) {\r
+ public static function postUnshare($params) {\r
\r
// NOTE: $params has keys:\r
// [itemType] => file\r
// [shareWith] => test1\r
// [itemParent] =>\r
\r
- if ( $params['itemType'] === 'file' || $params['itemType'] === 'folder' ) {\r
+ if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {\r
\r
- $view = new \OC_FilesystemView( '/' );\r
+ $view = new \OC_FilesystemView('/');\r
$userId = \OCP\User::getUser();\r
- $util = new Util( $view, $userId);\r
- $path = $util->fileIdToPath( $params['itemSource'] );\r
+ $util = new Util($view, $userId);\r
+ $path = $util->fileIdToPath($params['itemSource']);\r
\r
// check if this is a re-share\r
- if ( $params['itemParent'] ) {\r
+ if ($params['itemParent']) {\r
\r
// get the parent from current share\r
- $parent = $util->getShareParent( $params['itemParent'] );\r
+ $parent = $util->getShareParent($params['itemParent']);\r
\r
// get target path\r
- $targetPath = $util->fileIdToPath( $params['itemSource'] );\r
- $targetPathSplit = array_reverse( explode( '/', $targetPath ) );\r
+ $targetPath = $util->fileIdToPath($params['itemSource']);\r
+ $targetPathSplit = array_reverse(explode('/', $targetPath));\r
\r
// init values\r
$path = '';\r
- $sharedPart = ltrim( $parent['file_target'], '/' );\r
+ $sharedPart = ltrim($parent['file_target'], '/');\r
\r
// rebuild path\r
- foreach ( $targetPathSplit as $pathPart ) {\r
- \r
- if ( $pathPart !== $sharedPart ) {\r
- \r
+ foreach ($targetPathSplit as $pathPart) {\r
+\r
+ if ($pathPart !== $sharedPart) {\r
+\r
$path = '/' . $pathPart . $path;\r
- \r
+\r
} else {\r
- \r
+\r
break;\r
- \r
+\r
}\r
- \r
+\r
}\r
\r
// prefix path with Shared\r
}\r
\r
// for group shares get a list of the group members\r
- if ( $params['shareType'] == \OCP\Share::SHARE_TYPE_GROUP ) {\r
+ if ($params['shareType'] == \OCP\Share::SHARE_TYPE_GROUP) {\r
$userIds = \OC_Group::usersInGroup($params['shareWith']);\r
- } else if ( $params['shareType'] == \OCP\Share::SHARE_TYPE_LINK ){\r
- $userIds = array( $util->getPublicShareKeyId() );\r
} else {\r
- $userIds = array( $params['shareWith'] );\r
+ if ($params['shareType'] == \OCP\Share::SHARE_TYPE_LINK) {\r
+ $userIds = array($util->getPublicShareKeyId());\r
+ } else {\r
+ $userIds = array($params['shareWith']);\r
+ }\r
}\r
\r
// if we unshare a folder we need a list of all (sub-)files\r
- if ( $params['itemType'] === 'folder' ) {\r
- \r
- $allFiles = $util->getAllFiles( $path );\r
- \r
+ if ($params['itemType'] === 'folder') {\r
+\r
+ $allFiles = $util->getAllFiles($path);\r
+\r
} else {\r
- \r
- $allFiles = array( $path );\r
+\r
+ $allFiles = array($path);\r
}\r
\r
- foreach ( $allFiles as $path ) {\r
+ foreach ($allFiles as $path) {\r
\r
// check if the user still has access to the file, otherwise delete share key\r
- $sharingUsers = $util->getSharingUsersArray( true, $path );\r
+ $sharingUsers = $util->getSharingUsersArray(true, $path);\r
\r
// Unshare every user who no longer has access to the file\r
- $delUsers = array_diff( $userIds, $sharingUsers);\r
+ $delUsers = array_diff($userIds, $sharingUsers);\r
\r
// delete share key\r
- Keymanager::delShareKey( $view, $delUsers, $path );\r
+ Keymanager::delShareKey($view, $delUsers, $path);\r
}\r
\r
}\r
}\r
- \r
+\r
/**\r
- * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing\r
- * @param array with oldpath and newpath\r
- *\r
- * This function is connected to the rename signal of OC_Filesystem and adjust the name and location\r
- * of the stored versions along the actual file\r
- */\r
- public static function postRename($params) {\r
- // Disable encryption proxy to prevent recursive calls\r
- $proxyStatus = \OC_FileProxy::$enabled;\r
- \OC_FileProxy::$enabled = false;\r
-\r
- $view = new \OC_FilesystemView('/');\r
- $session = new Session($view);\r
- $userId = \OCP\User::getUser();\r
- $util = new Util( $view, $userId );\r
-\r
- // Format paths to be relative to user files dir\r
- $oldKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['oldpath']);\r
- $newKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['newpath']);\r
-\r
- // add key ext if this is not an folder\r
- if (!$view->is_dir($oldKeyfilePath)) {\r
- $oldKeyfilePath .= '.key';\r
- $newKeyfilePath .= '.key';\r
-\r
- // handle share-keys\r
- $localKeyPath = $view->getLocalFile($userId.'/files_encryption/share-keys/'.$params['oldpath']);\r
- $matches = glob(preg_quote($localKeyPath).'*.shareKey');\r
- foreach ($matches as $src) {\r
- $dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));\r
-\r
- // create destination folder if not exists\r
- if(!file_exists(dirname($dst))) {\r
- mkdir(dirname($dst), 0750, true);\r
- }\r
-\r
- rename($src, $dst);\r
- }\r
-\r
- } else {\r
- // handle share-keys folders\r
- $oldShareKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['oldpath']);\r
- $newShareKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['newpath']);\r
-\r
- // create destination folder if not exists\r
- if(!$view->file_exists(dirname($newShareKeyfilePath))) {\r
- $view->mkdir(dirname($newShareKeyfilePath), 0750, true);\r
- }\r
-\r
- $view->rename($oldShareKeyfilePath, $newShareKeyfilePath);\r
- }\r
-\r
- // Rename keyfile so it isn't orphaned\r
- if($view->file_exists($oldKeyfilePath)) {\r
-\r
- // create destination folder if not exists\r
- if(!$view->file_exists(dirname($newKeyfilePath))) {\r
- $view->mkdir(dirname($newKeyfilePath), 0750, true);\r
- }\r
-\r
- $view->rename($oldKeyfilePath, $newKeyfilePath);\r
- }\r
-\r
- // build the path to the file\r
- $newPath = '/' . $userId . '/files' .$params['newpath'];\r
- $newPathRelative = $params['newpath'];\r
-\r
- if($util->fixFileSize($newPath)) {\r
- // get sharing app state\r
- $sharingEnabled = \OCP\Share::isEnabled();\r
-\r
- // get users\r
- $usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative);\r
-\r
- // update sharing-keys\r
- $util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative);\r
- }\r
-\r
- \OC_FileProxy::$enabled = $proxyStatus;\r
- }\r
+ * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing\r
+ * @param array with oldpath and newpath\r
+ *\r
+ * This function is connected to the rename signal of OC_Filesystem and adjust the name and location\r
+ * of the stored versions along the actual file\r
+ */\r
+ public static function postRename($params) {\r
+ // Disable encryption proxy to prevent recursive calls\r
+ $proxyStatus = \OC_FileProxy::$enabled;\r
+ \OC_FileProxy::$enabled = false;\r
+\r
+ $view = new \OC_FilesystemView('/');\r
+ $session = new Session($view);\r
+ $userId = \OCP\User::getUser();\r
+ $util = new Util($view, $userId);\r
+\r
+ // Format paths to be relative to user files dir\r
+ $oldKeyfilePath = \OC\Files\Filesystem::normalizePath(\r
+ $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['oldpath']);\r
+ $newKeyfilePath = \OC\Files\Filesystem::normalizePath(\r
+ $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['newpath']);\r
+\r
+ // add key ext if this is not an folder\r
+ if (!$view->is_dir($oldKeyfilePath)) {\r
+ $oldKeyfilePath .= '.key';\r
+ $newKeyfilePath .= '.key';\r
+\r
+ // handle share-keys\r
+ $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $params['oldpath']);\r
+ $matches = glob(preg_quote($localKeyPath) . '*.shareKey');\r
+ foreach ($matches as $src) {\r
+ $dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));\r
+\r
+ // create destination folder if not exists\r
+ if (!file_exists(dirname($dst))) {\r
+ mkdir(dirname($dst), 0750, true);\r
+ }\r
+\r
+ rename($src, $dst);\r
+ }\r
+\r
+ } else {\r
+ // handle share-keys folders\r
+ $oldShareKeyfilePath = \OC\Files\Filesystem::normalizePath(\r
+ $userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['oldpath']);\r
+ $newShareKeyfilePath = \OC\Files\Filesystem::normalizePath(\r
+ $userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['newpath']);\r
+\r
+ // create destination folder if not exists\r
+ if (!$view->file_exists(dirname($newShareKeyfilePath))) {\r
+ $view->mkdir(dirname($newShareKeyfilePath), 0750, true);\r
+ }\r
+\r
+ $view->rename($oldShareKeyfilePath, $newShareKeyfilePath);\r
+ }\r
+\r
+ // Rename keyfile so it isn't orphaned\r
+ if ($view->file_exists($oldKeyfilePath)) {\r
+\r
+ // create destination folder if not exists\r
+ if (!$view->file_exists(dirname($newKeyfilePath))) {\r
+ $view->mkdir(dirname($newKeyfilePath), 0750, true);\r
+ }\r
+\r
+ $view->rename($oldKeyfilePath, $newKeyfilePath);\r
+ }\r
+\r
+ // build the path to the file\r
+ $newPath = '/' . $userId . '/files' . $params['newpath'];\r
+ $newPathRelative = $params['newpath'];\r
+\r
+ if ($util->fixFileSize($newPath)) {\r
+ // get sharing app state\r
+ $sharingEnabled = \OCP\Share::isEnabled();\r
+\r
+ // get users\r
+ $usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative);\r
+\r
+ // update sharing-keys\r
+ $util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative);\r
+ }\r
+\r
+ \OC_FileProxy::$enabled = $proxyStatus;\r
+ }\r
}\r
namespace OCA\Encryption;\r
\r
//require_once '../3rdparty/Crypt_Blowfish/Blowfish.php';\r
-require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' );\r
+require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php');\r
\r
/**\r
* Class for common cryptography functionality\r
*/\r
\r
-class Crypt\r
-{\r
+class Crypt {\r
\r
/**\r
* @brief return encryption mode client or server side encryption\r
* @param string $user name (use system wide setting if name=null)\r
* @return string 'client' or 'server'\r
*/\r
- public static function mode( $user = null ) {\r
+ public static function mode($user = null) {\r
\r
return 'server';\r
\r
*/\r
public static function createKeypair() {\r
\r
- $res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) );\r
+ $res = openssl_pkey_new(array('private_key_bits' => 4096));\r
\r
// Get private key\r
- openssl_pkey_export( $res, $privateKey );\r
+ openssl_pkey_export($res, $privateKey);\r
\r
// Get public key\r
- $publicKey = openssl_pkey_get_details( $res );\r
+ $publicKey = openssl_pkey_get_details($res);\r
\r
$publicKey = $publicKey['key'];\r
\r
- return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) );\r
+ return (array(\r
+ 'publicKey' => $publicKey,\r
+ 'privateKey' => $privateKey\r
+ ));\r
\r
}\r
\r
* blocks with encryption alone, hence padding is added to achieve the\r
* required length.\r
*/\r
- public static function addPadding( $data ) {\r
+ public static function addPadding($data) {\r
\r
$padded = $data . 'xx';\r
\r
* @param string $padded padded data to remove padding from\r
* @return string unpadded data on success, false on error\r
*/\r
- public static function removePadding( $padded ) {\r
+ public static function removePadding($padded) {\r
\r
- if ( substr( $padded, -2 ) == 'xx' ) {\r
+ if (substr($padded, -2) == 'xx') {\r
\r
- $data = substr( $padded, 0, -2 );\r
+ $data = substr($padded, 0, -2);\r
\r
return $data;\r
\r
* @return boolean\r
* @note see also OCA\Encryption\Util->isEncryptedPath()\r
*/\r
- public static function isCatfileContent( $content ) {\r
+ public static function isCatfileContent($content) {\r
\r
- if ( !$content ) {\r
+ if (!$content) {\r
\r
return false;\r
\r
}\r
\r
- $noPadding = self::removePadding( $content );\r
+ $noPadding = self::removePadding($content);\r
\r
// Fetch encryption metadata from end of file\r
- $meta = substr( $noPadding, -22 );\r
+ $meta = substr($noPadding, -22);\r
\r
// Fetch IV from end of file\r
- $iv = substr( $meta, -16 );\r
+ $iv = substr($meta, -16);\r
\r
// Fetch identifier from start of metadata\r
- $identifier = substr( $meta, 0, 6 );\r
+ $identifier = substr($meta, 0, 6);\r
\r
- if ( $identifier == '00iv00' ) {\r
+ if ($identifier == '00iv00') {\r
\r
return true;\r
\r
* @param string $path\r
* @return bool\r
*/\r
- public static function isEncryptedMeta( $path ) {\r
+ public static function isEncryptedMeta($path) {\r
\r
// TODO: Use DI to get \OC\Files\Filesystem out of here\r
\r
// Fetch all file metadata from DB\r
- $metadata = \OC\Files\Filesystem::getFileInfo( $path );\r
+ $metadata = \OC\Files\Filesystem::getFileInfo($path);\r
\r
// Return encryption status\r
- return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted'];\r
+ return isset($metadata['encrypted']) and ( bool )$metadata['encrypted'];\r
\r
}\r
\r
* e.g. filename or /Docs/filename, NOT admin/files/filename\r
* @return boolean\r
*/\r
- public static function isLegacyEncryptedContent( $data, $relPath ) {\r
+ public static function isLegacyEncryptedContent($data, $relPath) {\r
\r
// Fetch all file metadata from DB\r
- $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' );\r
+ $metadata = \OC\Files\Filesystem::getFileInfo($relPath, '');\r
\r
// If a file is flagged with encryption in DB, but isn't a \r
// valid content + IV combination, it's probably using the \r
// legacy encryption system\r
if (\r
- isset( $metadata['encrypted'] )\r
+ isset($metadata['encrypted'])\r
and $metadata['encrypted'] === true\r
- and !self::isCatfileContent( $data )\r
+ and !self::isCatfileContent($data)\r
) {\r
\r
return true;\r
* @param string $passphrase\r
* @return string encrypted file content\r
*/\r
- public static function encrypt( $plainContent, $iv, $passphrase = '' ) {\r
+ public static function encrypt($plainContent, $iv, $passphrase = '') {\r
\r
- if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {\r
+ if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) {\r
\r
return $encryptedContent;\r
\r
} else {\r
\r
- \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR );\r
+ \OC_Log::write('Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR);\r
\r
return false;\r
\r
* @throws \Exception\r
* @return string decrypted file content\r
*/\r
- public static function decrypt( $encryptedContent, $iv, $passphrase ) {\r
+ public static function decrypt($encryptedContent, $iv, $passphrase) {\r
\r
- if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) {\r
+ if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) {\r
\r
return $plainContent;\r
\r
} else {\r
\r
- throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' );\r
+ throw new \Exception('Encryption library: Decryption (symmetric) of content failed');\r
\r
}\r
\r
* @param string $iv IV to be concatenated\r
* @returns string concatenated content\r
*/\r
- public static function concatIv( $content, $iv ) {\r
+ public static function concatIv($content, $iv) {\r
\r
$combined = $content . '00iv00' . $iv;\r
\r
* @param string $catFile concatenated data to be split\r
* @returns array keys: encrypted, iv\r
*/\r
- public static function splitIv( $catFile ) {\r
+ public static function splitIv($catFile) {\r
\r
// Fetch encryption metadata from end of file\r
- $meta = substr( $catFile, -22 );\r
+ $meta = substr($catFile, -22);\r
\r
// Fetch IV from end of file\r
- $iv = substr( $meta, -16 );\r
+ $iv = substr($meta, -16);\r
\r
// Remove IV and IV identifier text to expose encrypted content\r
- $encrypted = substr( $catFile, 0, -22 );\r
+ $encrypted = substr($catFile, 0, -22);\r
\r
$split = array(\r
'encrypted' => $encrypted\r
- , 'iv' => $iv\r
+ ,\r
+ 'iv' => $iv\r
);\r
\r
return $split;\r
* @note IV need not be specified, as it will be stored in the returned keyfile\r
* and remain accessible therein.\r
*/\r
- public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) {\r
+ public static function symmetricEncryptFileContent($plainContent, $passphrase = '') {\r
\r
- if ( !$plainContent ) {\r
+ if (!$plainContent) {\r
\r
return false;\r
\r
\r
$iv = self::generateIv();\r
\r
- if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) {\r
+ if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) {\r
\r
// Combine content to encrypt with IV identifier and actual IV\r
- $catfile = self::concatIv( $encryptedContent, $iv );\r
+ $catfile = self::concatIv($encryptedContent, $iv);\r
\r
- $padded = self::addPadding( $catfile );\r
+ $padded = self::addPadding($catfile);\r
\r
return $padded;\r
\r
} else {\r
\r
- \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR );\r
+ \OC_Log::write('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR);\r
\r
return false;\r
\r
*\r
* This function decrypts a file\r
*/\r
- public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) {\r
+ public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '') {\r
\r
- if ( !$keyfileContent ) {\r
+ if (!$keyfileContent) {\r
\r
- throw new \Exception( 'Encryption library: no data provided for decryption' );\r
+ throw new \Exception('Encryption library: no data provided for decryption');\r
\r
}\r
\r
// Remove padding\r
- $noPadding = self::removePadding( $keyfileContent );\r
+ $noPadding = self::removePadding($keyfileContent);\r
\r
// Split into enc data and catfile\r
- $catfile = self::splitIv( $noPadding );\r
+ $catfile = self::splitIv($noPadding);\r
\r
- if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) {\r
+ if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) {\r
\r
return $plainContent;\r
\r
*\r
* This function decrypts a file\r
*/\r
- public static function symmetricEncryptFileContentKeyfile( $plainContent ) {\r
+ public static function symmetricEncryptFileContentKeyfile($plainContent) {\r
\r
$key = self::generateKey();\r
\r
- if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) {\r
+ if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) {\r
\r
return array(\r
'key' => $key,\r
* @returns array keys: keys (array, key = userId), data\r
* @note symmetricDecryptFileContent() can decrypt files created using this method\r
*/\r
- public static function multiKeyEncrypt( $plainContent, array $publicKeys ) {\r
+ public static function multiKeyEncrypt($plainContent, array $publicKeys) {\r
\r
// openssl_seal returns false without errors if $plainContent \r
// is empty, so trigger our own error\r
- if ( empty( $plainContent ) ) {\r
+ if (empty($plainContent)) {\r
\r
- throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' );\r
+ throw new \Exception('Cannot mutliKeyEncrypt empty plain content');\r
\r
}\r
\r
$shareKeys = array();\r
$mappedShareKeys = array();\r
\r
- if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) {\r
+ if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) {\r
\r
$i = 0;\r
\r
// Ensure each shareKey is labelled with its \r
// corresponding userId\r
- foreach ( $publicKeys as $userId => $publicKey ) {\r
+ foreach ($publicKeys as $userId => $publicKey) {\r
\r
$mappedShareKeys[$userId] = $shareKeys[$i];\r
$i++;\r
*\r
* This function decrypts a file\r
*/\r
- public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) {\r
+ public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) {\r
\r
- if ( !$encryptedContent ) {\r
+ if (!$encryptedContent) {\r
\r
return false;\r
\r
}\r
\r
- if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) {\r
+ if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) {\r
\r
return $plainContent;\r
\r
} else {\r
\r
- \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR );\r
+ \OC_Log::write('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR);\r
\r
return false;\r
\r
* @brief Asymetrically encrypt a string using a public key\r
* @return string encrypted file\r
*/\r
- public static function keyEncrypt( $plainContent, $publicKey ) {\r
+ public static function keyEncrypt($plainContent, $publicKey) {\r
\r
- openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey );\r
+ openssl_public_encrypt($plainContent, $encryptedContent, $publicKey);\r
\r
return $encryptedContent;\r
\r
* @brief Asymetrically decrypt a file using a private key\r
* @return string decrypted file\r
*/\r
- public static function keyDecrypt( $encryptedContent, $privatekey ) {\r
+ public static function keyDecrypt($encryptedContent, $privatekey) {\r
\r
- $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey );\r
+ $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey);\r
\r
- if ( $result ) {\r
+ if ($result) {\r
return $plainContent;\r
}\r
\r
*/\r
public static function generateIv() {\r
\r
- if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) {\r
+ if ($random = openssl_random_pseudo_bytes(12, $strong)) {\r
\r
- if ( !$strong ) {\r
+ if (!$strong) {\r
\r
// If OpenSSL indicates randomness is insecure, log error\r
- \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN );\r
+ \OC_Log::write('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN);\r
\r
}\r
\r
// We encode the iv purely for string manipulation \r
// purposes - it gets decoded before use\r
- $iv = base64_encode( $random );\r
+ $iv = base64_encode($random);\r
\r
return $iv;\r
\r
} else {\r
\r
- throw new \Exception( 'Generating IV failed' );\r
+ throw new \Exception('Generating IV failed');\r
\r
}\r
\r
public static function generateKey() {\r
\r
// Generate key\r
- if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) {\r
+ if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) {\r
\r
- if ( !$strong ) {\r
+ if (!$strong) {\r
\r
// If OpenSSL indicates randomness is insecure, log error\r
- throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' );\r
+ throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()');\r
\r
}\r
\r
*\r
* if the key is left out, the default handeler will be used\r
*/\r
- public static function getBlowfish( $key = '' ) {\r
+ public static function getBlowfish($key = '') {\r
\r
- if ( $key ) {\r
+ if ($key) {\r
\r
- return new \Crypt_Blowfish( $key );\r
+ return new \Crypt_Blowfish($key);\r
\r
} else {\r
\r
* @param $passphrase\r
* @return mixed\r
*/\r
- public static function legacyCreateKey( $passphrase ) {\r
+ public static function legacyCreateKey($passphrase) {\r
\r
// Generate a random integer\r
- $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 );\r
+ $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999);\r
\r
// Encrypt the key with the passphrase\r
- $legacyEncKey = self::legacyEncrypt( $key, $passphrase );\r
+ $legacyEncKey = self::legacyEncrypt($key, $passphrase);\r
\r
return $legacyEncKey;\r
\r
*\r
* This function encrypts an content\r
*/\r
- public static function legacyEncrypt( $content, $passphrase = '' ) {\r
+ public static function legacyEncrypt($content, $passphrase = '') {\r
\r
- $bf = self::getBlowfish( $passphrase );\r
+ $bf = self::getBlowfish($passphrase);\r
\r
- return $bf->encrypt( $content );\r
+ return $bf->encrypt($content);\r
\r
}\r
\r
*\r
* This function decrypts an content\r
*/\r
- public static function legacyDecrypt( $content, $passphrase = '' ) {\r
+ public static function legacyDecrypt($content, $passphrase = '') {\r
\r
- $bf = self::getBlowfish( $passphrase );\r
+ $bf = self::getBlowfish($passphrase);\r
\r
- $decrypted = $bf->decrypt( $content );\r
+ $decrypted = $bf->decrypt($content);\r
\r
- return rtrim( $decrypted, "\0" );;\r
+ return rtrim($decrypted, "\0");;\r
\r
}\r
\r
* @param int $maxLength\r
* @return string\r
*/\r
- private static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) {\r
+ private static function legacyBlockDecrypt($data, $key = '', $maxLength = 0) {\r
$result = '';\r
- while ( strlen( $data ) ) {\r
- $result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key );\r
- $data = substr( $data, 8192 );\r
+ while (strlen($data)) {\r
+ $result .= self::legacyDecrypt(substr($data, 0, 8192), $key);\r
+ $data = substr($data, 8192);\r
}\r
- if ( $maxLength > 0 ) {\r
- return substr( $result, 0, $maxLength );\r
+ if ($maxLength > 0) {\r
+ return substr($result, 0, $maxLength);\r
} else {\r
- return rtrim( $result, "\0" );\r
+ return rtrim($result, "\0");\r
}\r
}\r
\r
* @param $publicKeys\r
* @return array\r
*/\r
- public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys ) {\r
+ public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) {\r
\r
- $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase );\r
+ $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase);\r
\r
// Encrypt plain data, generate keyfile & encrypted file\r
- $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted );\r
+ $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted);\r
\r
// Encrypt plain keyfile to multiple sharefiles\r
- $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys );\r
+ $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys);\r
\r
- return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] );\r
+ return array(\r
+ 'data' => $cryptedData['encrypted'],\r
+ 'filekey' => $multiEncrypted['data'],\r
+ 'sharekeys' => $multiEncrypted['keys']\r
+ );\r
\r
}\r
\r
* Class Helper
* @package OCA\Encryption
*/
-class Helper
-{
+class Helper {
/**
* @brief register share related hooks
*/
public static function registerShareHooks() {
- \OCP\Util::connectHook( 'OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared' );
- \OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
- \OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' );
+ \OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared');
+ \OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared');
+ \OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare');
}
/**
*/
public static function registerUserHooks() {
- \OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' );
- \OCP\Util::connectHook( 'OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' );
- \OCP\Util::connectHook( 'OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser' );
- \OCP\Util::connectHook( 'OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser' );
+ \OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login');
+ \OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase');
+ \OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser');
+ \OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser');
}
/**
*/
public static function registerFilesystemHooks() {
- \OCP\Util::connectHook( 'OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename' );
+ \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename');
}
/**
* @param string $password
* @return bool
*/
- public static function setupUser( $util, $password ) {
+ public static function setupUser($util, $password) {
// Check files_encryption infrastructure is ready for action
- if ( !$util->ready() ) {
+ if (!$util->ready()) {
- \OC_Log::write( 'Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG );
+ \OC_Log::write('Encryption library', 'User account "' . $util->getUserId()
+ . '" is not ready for encryption; configuration started', \OC_Log::DEBUG);
- if ( !$util->setupServerSide( $password ) ) {
+ if (!$util->setupServerSide($password)) {
return false;
}
}
* @internal param string $password
* @return bool
*/
- public static function adminEnableRecovery( $recoveryKeyId, $recoveryPassword ) {
- $view = new \OC\Files\View( '/' );
+ public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) {
+ $view = new \OC\Files\View('/');
- if ( $recoveryKeyId === null ) {
- $recoveryKeyId = 'recovery_' . substr( md5( time() ), 0, 8 );
- \OC_Appconfig::setValue( 'files_encryption', 'recoveryKeyId', $recoveryKeyId );
+ if ($recoveryKeyId === null) {
+ $recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8);
+ \OC_Appconfig::setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
}
- if ( !$view->is_dir( '/owncloud_private_key' ) ) {
- $view->mkdir( '/owncloud_private_key' );
+ if (!$view->is_dir('/owncloud_private_key')) {
+ $view->mkdir('/owncloud_private_key');
}
if (
- ( !$view->file_exists( "/public-keys/" . $recoveryKeyId . ".public.key" )
- || !$view->file_exists( "/owncloud_private_key/" . $recoveryKeyId . ".private.key" ) )
+ (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
+ || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
) {
$keypair = \OCA\Encryption\Crypt::createKeypair();
// Save public key
- if ( !$view->is_dir( '/public-keys' ) ) {
- $view->mkdir( '/public-keys' );
+ if (!$view->is_dir('/public-keys')) {
+ $view->mkdir('/public-keys');
}
- $view->file_put_contents( '/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey'] );
+ $view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
// Encrypt private key empthy passphrase
- $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $recoveryPassword );
+ $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword);
// Save private key
- $view->file_put_contents( '/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey );
+ $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey);
// create control file which let us check later on if the entered password was correct.
- $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt( "ownCloud", $keypair['publicKey'] );
- if ( !$view->is_dir( '/control-file' ) ) {
- $view->mkdir( '/control-file' );
+ $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']);
+ if (!$view->is_dir('/control-file')) {
+ $view->mkdir('/control-file');
}
- $view->file_put_contents( '/control-file/controlfile.enc', $encryptedControlData );
+ $view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData);
\OC_FileProxy::$enabled = true;
// Set recoveryAdmin as enabled
- \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );
+ \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
$return = true;
} else { // get recovery key and check the password
- $util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() );
- $return = $util->checkRecoveryPassword( $recoveryPassword );
- if ( $return ) {
- \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 );
+ $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
+ $return = $util->checkRecoveryPassword($recoveryPassword);
+ if ($return) {
+ \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
}
}
* @param $recoveryPassword
* @return bool
*/
- public static function adminDisableRecovery( $recoveryPassword ) {
- $util = new Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() );
- $return = $util->checkRecoveryPassword( $recoveryPassword );
+ public static function adminDisableRecovery($recoveryPassword) {
+ $util = new Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
+ $return = $util->checkRecoveryPassword($recoveryPassword);
- if ( $return ) {
+ if ($return) {
// Set recoveryAdmin as disabled
- \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 );
+ \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0);
}
return $return;
* @brief Class to manage storage and retrieval of encryption keys
* @note Where a method requires a view object, it's root must be '/'
*/
-class Keymanager
-{
+class Keymanager {
/**
* @brief retrieve the ENCRYPTED private key from a user
* @return string private key or false (hopefully)
* @note the key returned by this method must be decrypted before use
*/
- public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
+ public static function getPrivateKey(\OC_FilesystemView $view, $user) {
$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key';
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $key = $view->file_get_contents( $path );
+ $key = $view->file_get_contents($path);
\OC_FileProxy::$enabled = $proxyStatus;
* @param $userId
* @return string public key or false
*/
- public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
+ public static function getPublicKey(\OC_FilesystemView $view, $userId) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' );
+ $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key');
\OC_FileProxy::$enabled = $proxyStatus;
* @param $userId
* @return array keys: privateKey, publicKey
*/
- public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
+ public static function getUserKeys(\OC_FilesystemView $view, $userId) {
return array(
- 'publicKey' => self::getPublicKey( $view, $userId )
- , 'privateKey' => self::getPrivateKey( $view, $userId )
+ 'publicKey' => self::getPublicKey($view, $userId)
+ ,
+ 'privateKey' => self::getPrivateKey($view, $userId)
);
}
* @param array $userIds
* @return array of public keys for the specified users
*/
- public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) {
+ public static function getPublicKeys(\OC_FilesystemView $view, array $userIds) {
$keys = array();
- foreach ( $userIds as $userId ) {
+ foreach ($userIds as $userId) {
- $keys[$userId] = self::getPublicKey( $view, $userId );
+ $keys[$userId] = self::getPublicKey($view, $userId);
}
* @note The keyfile is not encrypted here. Client code must
* asymmetrically encrypt the keyfile before passing it to this method
*/
- public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {
+ public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
- $util = new Util( $view, \OCP\User::getUser() );
- list( $owner, $filename ) = $util->getUidAndFilename( $path );
+ $util = new Util($view, \OCP\User::getUser());
+ list($owner, $filename) = $util->getUidAndFilename($path);
$basePath = '/' . $owner . '/files_encryption/keyfiles';
- $targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner );
+ $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner);
- if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) {
+ if (!$view->is_dir($basePath . '/' . $targetPath)) {
// create all parent folders
- $info = pathinfo( $basePath . '/' . $targetPath );
- $keyfileFolderName = $view->getLocalFolder( $info['dirname'] );
+ $info = pathinfo($basePath . '/' . $targetPath);
+ $keyfileFolderName = $view->getLocalFolder($info['dirname']);
- if ( !file_exists( $keyfileFolderName ) ) {
+ if (!file_exists($keyfileFolderName)) {
- mkdir( $keyfileFolderName, 0750, true );
+ mkdir($keyfileFolderName, 0750, true);
}
}
// try reusing key file if part file
- if ( self::isPartialFilePath( $targetPath ) ) {
+ if (self::isPartialFilePath($targetPath)) {
- $result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile );
+ $result = $view->file_put_contents(
+ $basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile);
} else {
- $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );
+ $result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile);
}
* @return string File path without .part extension
* @note this is needed for reusing keys
*/
- public static function fixPartialFilePath( $path ) {
+ public static function fixPartialFilePath($path) {
- if ( preg_match( '/\.part$/', $path ) ) {
+ if (preg_match('/\.part$/', $path)) {
- $newLength = strlen( $path ) - 5;
- $fPath = substr( $path, 0, $newLength );
+ $newLength = strlen($path) - 5;
+ $fPath = substr($path, 0, $newLength);
return $fPath;
* @param string $path Path that may identify a .part file
* @return bool
*/
- public static function isPartialFilePath( $path ) {
+ public static function isPartialFilePath($path) {
- if ( preg_match( '/\.part$/', $path ) ) {
+ if (preg_match('/\.part$/', $path)) {
return true;
* @note The keyfile returned is asymmetrically encrypted. Decryption
* of the keyfile must be performed by client code
*/
- public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
+ public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) {
// try reusing key file if part file
- if ( self::isPartialFilePath( $filePath ) ) {
+ if (self::isPartialFilePath($filePath)) {
- $result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) );
+ $result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath));
- if ( $result ) {
+ if ($result) {
return $result;
}
- $util = new Util( $view, \OCP\User::getUser() );
+ $util = new Util($view, \OCP\User::getUser());
- list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
- $filePath_f = ltrim( $filename, '/' );
+ list($owner, $filename) = $util->getUidAndFilename($filePath);
+ $filePath_f = ltrim($filename, '/');
$keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key';
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- if ( $view->file_exists( $keyfilePath ) ) {
+ if ($view->file_exists($keyfilePath)) {
- $result = $view->file_get_contents( $keyfilePath );
+ $result = $view->file_get_contents($keyfilePath);
} else {
* @note $path must be relative to data/user/files. e.g. mydoc.txt NOT
* /data/admin/files/mydoc.txt
*/
- public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) {
+ public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) {
- $trimmed = ltrim( $path, '/' );
+ $trimmed = ltrim($path, '/');
$keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed;
$result = false;
- if ( $view->is_dir( $keyPath ) ) {
+ if ($view->is_dir($keyPath)) {
- $result = $view->unlink( $keyPath );
+ $result = $view->unlink($keyPath);
- } else if ( $view->file_exists( $keyPath . '.key' ) ) {
+ } else {
+ if ($view->file_exists($keyPath . '.key')) {
- $result = $view->unlink( $keyPath . '.key' );
+ $result = $view->unlink($keyPath . '.key');
+ }
}
- if ( !$result ) {
+ if (!$result) {
- \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR );
+ \OC_Log::write('Encryption library',
+ 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR);
}
* @note Encryption of the private key must be performed by client code
* as no encryption takes place here
*/
- public static function setPrivateKey( $key ) {
+ public static function setPrivateKey($key) {
$user = \OCP\User::getUser();
- $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
+ $view = new \OC_FilesystemView('/' . $user . '/files_encryption');
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- if ( !$view->file_exists( '' ) )
- $view->mkdir( '' );
+ if (!$view->file_exists(''))
+ $view->mkdir('');
- $result = $view->file_put_contents( $user . '.private.key', $key );
+ $result = $view->file_put_contents($user . '.private.key', $key);
\OC_FileProxy::$enabled = $proxyStatus;
* @note The keyfile is not encrypted here. Client code must
* asymmetrically encrypt the keyfile before passing it to this method
*/
- public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {
+ public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) {
// Here we need the currently logged in user, while userId can be a different user
- $util = new Util( $view, \OCP\User::getUser() );
+ $util = new Util($view, \OCP\User::getUser());
- list( $owner, $filename ) = $util->getUidAndFilename( $path );
+ list($owner, $filename) = $util->getUidAndFilename($path);
$basePath = '/' . $owner . '/files_encryption/share-keys';
- $shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner );
+ $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner);
// try reusing key file if part file
- if ( self::isPartialFilePath( $shareKeyPath ) ) {
+ if (self::isPartialFilePath($shareKeyPath)) {
- $writePath = $basePath . '/' . self::fixPartialFilePath( $shareKeyPath ) . '.' . $userId . '.shareKey';
+ $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey';
} else {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $result = $view->file_put_contents( $writePath, $shareKey );
+ $result = $view->file_put_contents($writePath, $shareKey);
\OC_FileProxy::$enabled = $proxyStatus;
if (
- is_int( $result )
+ is_int($result)
&& $result > 0
) {
* @param array $shareKeys
* @return bool
*/
- public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) {
+ public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) {
// $shareKeys must be an array with the following format:
// [userId] => [encrypted key]
$result = true;
- foreach ( $shareKeys as $userId => $shareKey ) {
+ foreach ($shareKeys as $userId => $shareKey) {
- if ( !self::setShareKey( $view, $path, $userId, $shareKey ) ) {
+ if (!self::setShareKey($view, $path, $userId, $shareKey)) {
// If any of the keys are not set, flag false
$result = false;
* @note The sharekey returned is encrypted. Decryption
* of the keyfile must be performed by client code
*/
- public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) {
+ public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) {
// try reusing key file if part file
- if ( self::isPartialFilePath( $filePath ) ) {
+ if (self::isPartialFilePath($filePath)) {
- $result = self::getShareKey( $view, $userId, self::fixPartialFilePath( $filePath ) );
+ $result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath));
- if ( $result ) {
+ if ($result) {
return $result;
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
- $util = new Util( $view, \OCP\User::getUser() );
+ $util = new Util($view, \OCP\User::getUser());
- list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
- $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey' );
+ list($owner, $filename) = $util->getUidAndFilename($filePath);
+ $shareKeyPath = \OC\Files\Filesystem::normalizePath(
+ '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
- if ( $view->file_exists( $shareKeyPath ) ) {
+ if ($view->file_exists($shareKeyPath)) {
- $result = $view->file_get_contents( $shareKeyPath );
+ $result = $view->file_get_contents($shareKeyPath);
} else {
* @param string $userId owner of the file
* @param string $filePath path to the file, relative to the owners file dir
*/
- public static function delAllShareKeys( \OC_FilesystemView $view, $userId, $filePath ) {
+ public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) {
- if ( $view->is_dir( $userId . '/files/' . $filePath ) ) {
- $view->unlink( $userId . '/files_encryption/share-keys/' . $filePath );
+ if ($view->is_dir($userId . '/files/' . $filePath)) {
+ $view->unlink($userId . '/files_encryption/share-keys/' . $filePath);
} else {
- $localKeyPath = $view->getLocalFile( $userId . '/files_encryption/share-keys/' . $filePath );
- $matches = glob( preg_quote( $localKeyPath ) . '*.shareKey' );
- foreach ( $matches as $ma ) {
- $result = unlink( $ma );
- if ( !$result ) {
- \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR );
+ $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath);
+ $matches = glob(preg_quote($localKeyPath) . '*.shareKey');
+ foreach ($matches as $ma) {
+ $result = unlink($ma);
+ if (!$result) {
+ \OC_Log::write('Encryption library',
+ 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR);
}
}
}
/**
* @brief Delete a single user's shareKey for a single file
*/
- public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) {
+ public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
//here we need the currently logged in user, while userId can be a different user
- $util = new Util( $view, \OCP\User::getUser() );
+ $util = new Util($view, \OCP\User::getUser());
- list( $owner, $filename ) = $util->getUidAndFilename( $filePath );
+ list($owner, $filename) = $util->getUidAndFilename($filePath);
- $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename );
+ $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename);
- if ( $view->is_dir( $shareKeyPath ) ) {
+ if ($view->is_dir($shareKeyPath)) {
- $localPath = \OC\Files\Filesystem::normalizePath( $view->getLocalFolder( $shareKeyPath ) );
- self::recursiveDelShareKeys( $localPath, $userIds );
+ $localPath = \OC\Files\Filesystem::normalizePath($view->getLocalFolder($shareKeyPath));
+ self::recursiveDelShareKeys($localPath, $userIds);
} else {
- foreach ( $userIds as $userId ) {
+ foreach ($userIds as $userId) {
- if ( !$view->unlink( $shareKeyPath . '.' . $userId . '.shareKey' ) ) {
- \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR );
+ if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) {
+ \OC_Log::write('Encryption library',
+ 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId
+ . '.shareKey"', \OC_Log::ERROR);
}
}
* @param string $dir directory
* @param array $userIds user ids for which the share keys should be deleted
*/
- private static function recursiveDelShareKeys( $dir, $userIds ) {
- foreach ( $userIds as $userId ) {
- $matches = glob( preg_quote( $dir ) . '/*' . preg_quote( '.' . $userId . '.shareKey' ) );
+ private static function recursiveDelShareKeys($dir, $userIds) {
+ foreach ($userIds as $userId) {
+ $matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey'));
}
/** @var $matches array */
- foreach ( $matches as $ma ) {
- if ( !unlink( $ma ) ) {
- \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR );
+ foreach ($matches as $ma) {
+ if (!unlink($ma)) {
+ \OC_Log::write('Encryption library',
+ 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR);
}
}
- $subdirs = $directories = glob( preg_quote( $dir ) . '/*', GLOB_ONLYDIR );
- foreach ( $subdirs as $subdir ) {
- self::recursiveDelShareKeys( $subdir, $userIds );
+ $subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR);
+ foreach ($subdirs as $subdir) {
+ self::recursiveDelShareKeys($subdir, $userIds);
}
}
/**
* @brief Make preparations to vars and filesystem for saving a keyfile
*/
- public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {
+ public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) {
- $targetPath = ltrim( $path, '/' );
+ $targetPath = ltrim($path, '/');
- $path_parts = pathinfo( $targetPath );
+ $path_parts = pathinfo($targetPath);
// If the file resides within a subdirectory, create it
if (
- isset( $path_parts['dirname'] )
- && !$view->file_exists( $basePath . '/' . $path_parts['dirname'] )
+ isset($path_parts['dirname'])
+ && !$view->file_exists($basePath . '/' . $path_parts['dirname'])
) {
- $sub_dirs = explode( DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname'] );
+ $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']);
$dir = '';
- foreach ( $sub_dirs as $sub_dir ) {
+ foreach ($sub_dirs as $sub_dir) {
$dir .= '/' . $sub_dir;
- if ( !$view->is_dir( $dir ) ) {
- $view->mkdir( $dir );
+ if (!$view->is_dir($dir)) {
+ $view->mkdir($dir);
}
}
}
* Class Proxy
* @package OCA\Encryption
*/
-class Proxy extends \OC_FileProxy
-{
+class Proxy extends \OC_FileProxy {
private static $blackList = null; //mimetypes blacklisted from encryption
*
* Tests if server side encryption is enabled, and file is allowed by blacklists
*/
- private static function shouldEncrypt( $path ) {
+ private static function shouldEncrypt($path) {
- if ( is_null( self::$enableEncryption ) ) {
+ if (is_null(self::$enableEncryption)) {
if (
- \OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true'
+ \OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') == 'true'
&& Crypt::mode() == 'server'
) {
}
- if ( !self::$enableEncryption ) {
+ if (!self::$enableEncryption) {
return false;
}
- if ( is_null( self::$blackList ) ) {
+ if (is_null(self::$blackList)) {
- self::$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) );
+ self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', ''));
}
- if ( Crypt::isCatfileContent( $path ) ) {
+ if (Crypt::isCatfileContent($path)) {
return true;
}
- $extension = substr( $path, strrpos( $path, '.' ) + 1 );
+ $extension = substr($path, strrpos($path, '.') + 1);
- if ( array_search( $extension, self::$blackList ) === false ) {
+ if (array_search($extension, self::$blackList) === false) {
return true;
* @param $data
* @return bool
*/
- public function preFile_put_contents( $path, &$data ) {
+ public function preFile_put_contents($path, &$data) {
- if ( self::shouldEncrypt( $path ) ) {
+ if (self::shouldEncrypt($path)) {
// Stream put contents should have been converted to fopen
- if ( !is_resource( $data ) ) {
+ if (!is_resource($data)) {
$userId = \OCP\USER::getUser();
- $view = new \OC_FilesystemView( '/' );
- $util = new Util( $view, $userId );
- $session = new Session( $view );
+ $view = new \OC_FilesystemView('/');
+ $util = new Util($view, $userId);
+ $session = new Session($view);
$privateKey = $session->getPrivateKey();
- $filePath = $util->stripUserFilesPath( $path );
+ $filePath = $util->stripUserFilesPath($path);
// Set the filesize for userland, before encrypting
- $size = strlen( $data );
+ $size = strlen($data);
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Check if there is an existing key we can reuse
- if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) {
+ if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) {
// Fetch shareKey
- $shareKey = Keymanager::getShareKey( $view, $userId, $filePath );
+ $shareKey = Keymanager::getShareKey($view, $userId, $filePath);
// Decrypt the keyfile
- $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
+ $plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
} else {
}
// Encrypt data
- $encData = Crypt::symmetricEncryptFileContent( $data, $plainKey );
+ $encData = Crypt::symmetricEncryptFileContent($data, $plainKey);
$sharingEnabled = \OCP\Share::isEnabled();
// if file exists try to get sharing users
- if ( $view->file_exists( $path ) ) {
- $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
+ if ($view->file_exists($path)) {
+ $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId);
} else {
$uniqueUserIds[] = $userId;
}
// Fetch public keys for all users who will share the file
- $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
+ $publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds);
// Encrypt plain keyfile to multiple sharefiles
- $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
+ $multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys);
// Save sharekeys to user folders
- Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] );
+ Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']);
// Set encrypted keyfile as common varname
$encKey = $multiEncrypted['data'];
// Save keyfile for newly encrypted file in parallel directory tree
- Keymanager::setFileKey( $view, $filePath, $userId, $encKey );
+ Keymanager::setFileKey($view, $filePath, $userId, $encKey);
// Replace plain content with encrypted content by reference
$data = $encData;
// Update the file cache with file info
- \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted' => true, 'size' => strlen( $data ), 'unencrypted_size' => $size ), '' );
+ \OC\Files\Filesystem::putFileInfo($filePath, array(
+ 'encrypted' => true,
+ 'size' => strlen($data),
+ 'unencrypted_size' => $size
+ ), '');
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
* @param string $path Path of file from which has been read
* @param string $data Data that has been read from file
*/
- public function postFile_get_contents( $path, $data ) {
+ public function postFile_get_contents($path, $data) {
$userId = \OCP\USER::getUser();
- $view = new \OC_FilesystemView( '/' );
- $util = new Util( $view, $userId );
+ $view = new \OC_FilesystemView('/');
+ $util = new Util($view, $userId);
- $relPath = $util->stripUserFilesPath( $path );
+ $relPath = $util->stripUserFilesPath($path);
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// init session
- $session = new Session( $view );
+ $session = new Session($view);
// If data is a catfile
if (
Crypt::mode() == 'server'
- && Crypt::isCatfileContent( $data )
+ && Crypt::isCatfileContent($data)
) {
- $privateKey = $session->getPrivateKey( $userId );
+ $privateKey = $session->getPrivateKey($userId);
// Get the encrypted keyfile
- $encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath );
+ $encKeyfile = Keymanager::getFileKey($view, $userId, $relPath);
// Attempt to fetch the user's shareKey
- $shareKey = Keymanager::getShareKey( $view, $userId, $relPath );
+ $shareKey = Keymanager::getShareKey($view, $userId, $relPath);
// Decrypt keyfile with shareKey
- $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
+ $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
- $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile );
+ $plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile);
} elseif (
Crypt::mode() == 'server'
- && isset( $_SESSION['legacyenckey'] )
- && Crypt::isEncryptedMeta( $path )
+ && isset($_SESSION['legacyenckey'])
+ && Crypt::isEncryptedMeta($path)
) {
- $plainData = Crypt::legacyDecrypt( $data, $session->getLegacyKey() );
+ $plainData = Crypt::legacyDecrypt($data, $session->getLegacyKey());
}
\OC_FileProxy::$enabled = $proxyStatus;
- if ( !isset( $plainData ) ) {
+ if (!isset($plainData)) {
$plainData = $data;
/**
* @brief When a file is deleted, remove its keyfile also
*/
- public function preUnlink( $path ) {
+ public function preUnlink($path) {
// let the trashbin handle this
- if ( \OCP\App::isEnabled( 'files_trashbin' ) ) {
+ if (\OCP\App::isEnabled('files_trashbin')) {
return true;
}
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $view = new \OC_FilesystemView( '/' );
+ $view = new \OC_FilesystemView('/');
$userId = \OCP\USER::getUser();
- $util = new Util( $view, $userId );
+ $util = new Util($view, $userId);
// Format path to be relative to user files dir
- $relPath = $util->stripUserFilesPath( $path );
+ $relPath = $util->stripUserFilesPath($path);
- list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath );
+ list($owner, $ownerPath) = $util->getUidAndFilename($relPath);
// Delete keyfile & shareKey so it isn't orphaned
- if ( !Keymanager::deleteFileKey( $view, $owner, $ownerPath ) ) {
- \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR );
+ if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) {
+ \OC_Log::write('Encryption library',
+ 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR);
}
- Keymanager::delAllShareKeys( $view, $owner, $ownerPath );
+ Keymanager::delAllShareKeys($view, $owner, $ownerPath);
\OC_FileProxy::$enabled = $proxyStatus;
* @param $path
* @return bool
*/
- public function postTouch( $path ) {
- $this->handleFile( $path );
+ public function postTouch($path) {
+ $this->handleFile($path);
return true;
}
* @param $result
* @return resource
*/
- public function postFopen( $path, &$result ) {
+ public function postFopen($path, &$result) {
- if ( !$result ) {
+ if (!$result) {
return $result;
}
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
- if ( count($path_split) >= 2 && $path_split[2] == 'cache' ) {
+ if (count($path_split) >= 2 && $path_split[2] == 'cache') {
return $result;
}
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $meta = stream_get_meta_data( $result );
+ $meta = stream_get_meta_data($result);
- $view = new \OC_FilesystemView( '' );
+ $view = new \OC_FilesystemView('');
- $util = new Util( $view, \OCP\USER::getUser() );
+ $util = new Util($view, \OCP\USER::getUser());
// If file is already encrypted, decrypt using crypto protocol
if (
Crypt::mode() == 'server'
- && $util->isEncryptedPath( $path )
+ && $util->isEncryptedPath($path)
) {
// Close the original encrypted file
- fclose( $result );
+ fclose($result);
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
- $result = fopen( 'crypt://' . $path_f, $meta['mode'] );
+ $result = fopen('crypt://' . $path_f, $meta['mode']);
} elseif (
- self::shouldEncrypt( $path )
+ self::shouldEncrypt($path)
and $meta ['mode'] != 'r'
- and $meta['mode'] != 'rb'
+ and $meta['mode'] != 'rb'
) {
- $result = fopen( 'crypt://' . $path_f, $meta['mode'] );
+ $result = fopen('crypt://' . $path_f, $meta['mode']);
}
// Re-enable the proxy
* @param $data
* @return array
*/
- public function postGetFileInfo( $path, $data ) {
+ public function postGetFileInfo($path, $data) {
// if path is a folder do nothing
- if ( is_array( $data ) && array_key_exists( 'size', $data ) ) {
+ if (is_array($data) && array_key_exists('size', $data)) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get file size
- $data['size'] = self::postFileSize( $path, $data['size'] );
+ $data['size'] = self::postFileSize($path, $data['size']);
// Re-enable the proxy
\OC_FileProxy::$enabled = $proxyStatus;
* @param $size
* @return bool
*/
- public function postFileSize( $path, $size ) {
+ public function postFileSize($path, $size) {
- $view = new \OC_FilesystemView( '/' );
+ $view = new \OC_FilesystemView('/');
// if path is a folder do nothing
- if ( $view->is_dir( $path ) ) {
+ if ($view->is_dir($path)) {
return $size;
}
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// if path is empty we cannot resolve anything
- if ( empty( $path_f ) ) {
+ if (empty($path_f)) {
return $size;
}
$fileInfo = false;
// get file info from database/cache if not .part file
- if ( !Keymanager::isPartialFilePath( $path ) ) {
- $fileInfo = $view->getFileInfo( $path );
+ if (!Keymanager::isPartialFilePath($path)) {
+ $fileInfo = $view->getFileInfo($path);
}
// if file is encrypted return real file size
- if ( is_array( $fileInfo ) && $fileInfo['encrypted'] === true ) {
+ if (is_array($fileInfo) && $fileInfo['encrypted'] === true) {
$size = $fileInfo['unencrypted_size'];
} else {
// self healing if file was removed from file cache
- if ( !is_array( $fileInfo ) ) {
+ if (!is_array($fileInfo)) {
$fileInfo = array();
}
$userId = \OCP\User::getUser();
- $util = new Util( $view, $userId );
- $fixSize = $util->getFileSize( $path );
- if ( $fixSize > 0 ) {
+ $util = new Util($view, $userId);
+ $fixSize = $util->getFileSize($path);
+ if ($fixSize > 0) {
$size = $fixSize;
$fileInfo['encrypted'] = true;
$fileInfo['unencrypted_size'] = $size;
// put file info if not .part file
- if ( !Keymanager::isPartialFilePath( $path_f ) ) {
- $view->putFileInfo( $path, $fileInfo );
+ if (!Keymanager::isPartialFilePath($path_f)) {
+ $view->putFileInfo($path, $fileInfo);
}
}
/**
* @param $path
*/
- public function handleFile( $path ) {
+ public function handleFile($path) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $view = new \OC_FilesystemView( '/' );
- $session = new Session( $view );
+ $view = new \OC_FilesystemView('/');
+ $session = new Session($view);
$userId = \OCP\User::getUser();
- $util = new Util( $view, $userId );
+ $util = new Util($view, $userId);
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// only if file is on 'files' folder fix file size and sharing
- if ( count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize( $path ) ) {
+ if (count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize($path)) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
- $usersSharing = $util->getSharingUsersArray( $sharingEnabled, $path_f );
+ $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f);
// update sharing-keys
- $util->setSharedFileKeyfiles( $session, $usersSharing, $path_f );
+ $util->setSharedFileKeyfiles($session, $usersSharing, $path_f);
}
\OC_FileProxy::$enabled = $proxyStatus;
* Class for handling encryption related session data
*/
-class Session
-{
+class Session {
private $view;
*
* @note The ownCloud key pair is used to allow public link sharing even if encryption is enabled
*/
- public function __construct( $view ) {
+ public function __construct($view) {
$this->view = $view;
- if ( !$this->view->is_dir( 'owncloud_private_key' ) ) {
+ if (!$this->view->is_dir('owncloud_private_key')) {
- $this->view->mkdir( 'owncloud_private_key' );
+ $this->view->mkdir('owncloud_private_key');
}
- $publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' );
+ $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
- if ( $publicShareKeyId === null ) {
- $publicShareKeyId = 'pubShare_' . substr( md5( time() ), 0, 8 );
- \OC_Appconfig::setValue( 'files_encryption', 'publicShareKeyId', $publicShareKeyId );
+ if ($publicShareKeyId === null) {
+ $publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
+ \OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
}
if (
- !$this->view->file_exists( "/public-keys/" . $publicShareKeyId . ".public.key" )
- || !$this->view->file_exists( "/owncloud_private_key/" . $publicShareKeyId . ".private.key" )
+ !$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key")
+ || !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key")
) {
$keypair = Crypt::createKeypair();
// Save public key
- if ( !$view->is_dir( '/public-keys' ) ) {
- $view->mkdir( '/public-keys' );
+ if (!$view->is_dir('/public-keys')) {
+ $view->mkdir('/public-keys');
}
- $this->view->file_put_contents( '/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey'] );
+ $this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']);
// Encrypt private key empty passphrase
- $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' );
+ $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], '');
// Save private key
- $this->view->file_put_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey );
+ $this->view->file_put_contents(
+ '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey);
\OC_FileProxy::$enabled = $proxyStatus;
}
- if ( \OCP\USER::getUser() === false ||
- ( isset( $_GET['service'] ) && $_GET['service'] == 'files' &&
- isset( $_GET['t'] ) )
+ if (\OCP\USER::getUser() === false
+ || (isset($_GET['service']) && $_GET['service'] == 'files'
+ && isset($_GET['t']))
) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key' );
- $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
- $this->setPrivateKey( $privateKey );
+ $encryptedKey = $this->view->file_get_contents(
+ '/owncloud_private_key/' . $publicShareKeyId . '.private.key');
+ $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, '');
+ $this->setPrivateKey($privateKey);
\OC_FileProxy::$enabled = $proxyStatus;
}
* @param string $privateKey
* @return bool
*/
- public function setPrivateKey( $privateKey ) {
+ public function setPrivateKey($privateKey) {
$_SESSION['privateKey'] = $privateKey;
public function getPrivateKey() {
if (
- isset( $_SESSION['privateKey'] )
- && !empty( $_SESSION['privateKey'] )
+ isset($_SESSION['privateKey'])
+ && !empty($_SESSION['privateKey'])
) {
return $_SESSION['privateKey'];
* @param $legacyKey
* @return bool
*/
- public function setLegacyKey( $legacyKey ) {
+ public function setLegacyKey($legacyKey) {
$_SESSION['legacyKey'] = $legacyKey;
public function getLegacyKey() {
if (
- isset( $_SESSION['legacyKey'] )
- && !empty( $_SESSION['legacyKey'] )
+ isset($_SESSION['legacyKey'])
+ && !empty($_SESSION['legacyKey'])
) {
return $_SESSION['legacyKey'];
* previous version deleted, this is handled by OC\Files\View, and thus the
* encryption proxies are used and keyfiles deleted.
*/
-class Stream
-{
+class Stream {
private $plainKey;
private $encKeyfiles;
* @param $opened_path
* @return bool
*/
- public function stream_open( $path, $mode, $options, &$opened_path ) {
+ public function stream_open($path, $mode, $options, &$opened_path) {
- if ( !isset( $this->rootView ) ) {
- $this->rootView = new \OC_FilesystemView( '/' );
+ if (!isset($this->rootView)) {
+ $this->rootView = new \OC_FilesystemView('/');
}
- $util = new Util( $this->rootView, \OCP\USER::getUser() );
+ $util = new Util($this->rootView, \OCP\USER::getUser());
$this->userId = $util->getUserId();
// Strip identifier text from path, this gives us the path relative to data/<user>/files
- $this->relPath = \OC\Files\Filesystem::normalizePath( str_replace( 'crypt://', '', $path ) );
+ $this->relPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
// rawPath is relative to the data directory
$this->rawPath = $util->getUserFilesDir() . $this->relPath;
} else {
- $this->size = $this->rootView->filesize( $this->rawPath, $mode );
+ $this->size = $this->rootView->filesize($this->rawPath, $mode);
}
- $this->handle = $this->rootView->fopen( $this->rawPath, $mode );
+ $this->handle = $this->rootView->fopen($this->rawPath, $mode);
\OC_FileProxy::$enabled = $proxyStatus;
- if ( !is_resource( $this->handle ) ) {
+ if (!is_resource($this->handle)) {
- \OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR );
+ \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
- $this->meta = stream_get_meta_data( $this->handle );
+ $this->meta = stream_get_meta_data($this->handle);
}
- return is_resource( $this->handle );
+ return is_resource($this->handle);
}
* @param $offset
* @param int $whence
*/
- public function stream_seek( $offset, $whence = SEEK_SET ) {
+ public function stream_seek($offset, $whence = SEEK_SET) {
$this->flush();
- fseek( $this->handle, $offset, $whence );
+ fseek($this->handle, $offset, $whence);
}
* @return bool|string
* @throws \Exception
*/
- public function stream_read( $count ) {
+ public function stream_read($count) {
$this->writeCache = '';
- if ( $count != 8192 ) {
+ if ($count != 8192) {
// $count will always be 8192 https://bugs.php.net/bug.php?id=21641
// This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed'
- \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL );
+ \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL);
die();
}
// Get the data from the file handle
- $data = fread( $this->handle, 8192 );
+ $data = fread($this->handle, 8192);
$result = '';
- if ( strlen( $data ) ) {
+ if (strlen($data)) {
- if ( !$this->getKey() ) {
+ if (!$this->getKey()) {
// Error! We don't have a key to decrypt the file with
- throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream' );
+ throw new \Exception(
+ 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream');
}
// Decrypt data
- $result = Crypt::symmetricDecryptFileContent( $data, $this->plainKey );
+ $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey);
}
* @param string $key key to use for encryption
* @return string encrypted data on success, false on failure
*/
- public function preWriteEncrypt( $plainData, $key ) {
+ public function preWriteEncrypt($plainData, $key) {
// Encrypt data to 'catfile', which includes IV
- if ( $encrypted = Crypt::symmetricEncryptFileContent( $plainData, $key ) ) {
+ if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key)) {
return $encrypted;
public function getKey() {
// Check if key is already set
- if ( isset( $this->plainKey ) && isset( $this->encKeyfile ) ) {
+ if (isset($this->plainKey) && isset($this->encKeyfile)) {
return true;
// Fetch and decrypt keyfile
// Fetch existing keyfile
- $this->encKeyfile = Keymanager::getFileKey( $this->rootView, $this->userId, $this->relPath );
+ $this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath);
// If a keyfile already exists
- if ( $this->encKeyfile ) {
+ if ($this->encKeyfile) {
- $session = new Session( $this->rootView );
+ $session = new Session($this->rootView);
- $privateKey = $session->getPrivateKey( $this->userId );
+ $privateKey = $session->getPrivateKey($this->userId);
- $shareKey = Keymanager::getShareKey( $this->rootView, $this->userId, $this->relPath );
+ $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
- $this->plainKey = Crypt::multiKeyDecrypt( $this->encKeyfile, $shareKey, $privateKey );
+ $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey);
return true;
* @note Padding is added to each encrypted block to ensure that the resulting block is exactly 8192 bytes. This is removed during stream_read
* @note PHP automatically updates the file pointer after writing data to reflect it's length. There is generally no need to update the poitner manually using fseek
*/
- public function stream_write( $data ) {
+ public function stream_write($data) {
// Disable the file proxies so that encryption is not
// automatically attempted when the file is written to disk -
\OC_FileProxy::$enabled = false;
// Get the length of the unencrypted data that we are handling
- $length = strlen( $data );
+ $length = strlen($data);
// Find out where we are up to in the writing of data to the
// file
- $pointer = ftell( $this->handle );
+ $pointer = ftell($this->handle);
// Get / generate the keyfile for the file we're handling
// If we're writing a new file (not overwriting an existing
// one), save the newly generated keyfile
- if ( !$this->getKey() ) {
+ if (!$this->getKey()) {
$this->plainKey = Crypt::generateKey();
// If extra data is left over from the last round, make sure it
// is integrated into the next 6126 / 8192 block
- if ( $this->writeCache ) {
+ if ($this->writeCache) {
// Concat writeCache to start of $data
$data = $this->writeCache . $data;
}
// While there still remains some data to be processed & written
- while ( strlen( $data ) > 0 ) {
+ while (strlen($data) > 0) {
// Remaining length for this iteration, not of the
// entire file (may be greater than 8192 bytes)
- $remainingLength = strlen( $data );
+ $remainingLength = strlen($data);
// If data remaining to be written is less than the
// size of 1 6126 byte block
- if ( $remainingLength < 6126 ) {
+ if ($remainingLength < 6126) {
// Set writeCache to contents of $data
// The writeCache will be carried over to the
} else {
// Read the chunk from the start of $data
- $chunk = substr( $data, 0, 6126 );
+ $chunk = substr($data, 0, 6126);
- $encrypted = $this->preWriteEncrypt( $chunk, $this->plainKey );
+ $encrypted = $this->preWriteEncrypt($chunk, $this->plainKey);
// Write the data chunk to disk. This will be
// attended to the last data chunk if the file
// being handled totals more than 6126 bytes
- fwrite( $this->handle, $encrypted );
+ fwrite($this->handle, $encrypted);
// Remove the chunk we just processed from
// $data, leaving only unprocessed data in $data
// var, for handling on the next round
- $data = substr( $data, 6126 );
+ $data = substr($data, 6126);
}
}
- $this->size = max( $this->size, $pointer + $length );
+ $this->size = max($this->size, $pointer + $length);
$this->unencryptedSize += $length;
\OC_FileProxy::$enabled = $proxyStatus;
* @param $arg1
* @param $arg2
*/
- public function stream_set_option( $option, $arg1, $arg2 ) {
+ public function stream_set_option($option, $arg1, $arg2) {
$return = false;
- switch ( $option ) {
+ switch ($option) {
case STREAM_OPTION_BLOCKING:
- $return = stream_set_blocking( $this->handle, $arg1 );
+ $return = stream_set_blocking($this->handle, $arg1);
break;
case STREAM_OPTION_READ_TIMEOUT:
- $return = stream_set_timeout( $this->handle, $arg1, $arg2 );
+ $return = stream_set_timeout($this->handle, $arg1, $arg2);
break;
case STREAM_OPTION_WRITE_BUFFER:
- $return = stream_set_write_buffer( $this->handle, $arg1 );
+ $return = stream_set_write_buffer($this->handle, $arg1);
}
return $return;
* @return array
*/
public function stream_stat() {
- return fstat( $this->handle );
+ return fstat($this->handle);
}
/**
* @param $mode
*/
- public function stream_lock( $mode ) {
- return flock( $this->handle, $mode );
+ public function stream_lock($mode) {
+ return flock($this->handle, $mode);
}
/**
*/
public function stream_flush() {
- return fflush( $this->handle );
+ return fflush($this->handle);
// Not a typo: http://php.net/manual/en/function.fflush.php
}
* @return bool
*/
public function stream_eof() {
- return feof( $this->handle );
+ return feof($this->handle);
}
private function flush() {
- if ( $this->writeCache ) {
+ if ($this->writeCache) {
// Set keyfile property for file in question
$this->getKey();
- $encrypted = $this->preWriteEncrypt( $this->writeCache, $this->plainKey );
+ $encrypted = $this->preWriteEncrypt($this->writeCache, $this->plainKey);
- fwrite( $this->handle, $encrypted );
+ fwrite($this->handle, $encrypted);
$this->writeCache = '';
if (
$this->meta['mode'] != 'r'
and $this->meta['mode'] != 'rb'
- and $this->size > 0
+ and $this->size > 0
) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Fetch user's public key
- $this->publicKey = Keymanager::getPublicKey( $this->rootView, $this->userId );
+ $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
- $util = new Util( $this->rootView, $this->userId );
+ $util = new Util($this->rootView, $this->userId);
// Get all users sharing the file includes current user
- $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $this->relPath, $this->userId );
+ $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
// Fetch public keys for all sharing users
- $publicKeys = Keymanager::getPublicKeys( $this->rootView, $uniqueUserIds );
+ $publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds);
// Encrypt enc key for all sharing users
- $this->encKeyfiles = Crypt::multiKeyEncrypt( $this->plainKey, $publicKeys );
+ $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
- $view = new \OC_FilesystemView( '/' );
+ $view = new \OC_FilesystemView('/');
// Save the new encrypted file key
- Keymanager::setFileKey( $this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data'] );
+ Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']);
// Save the sharekeys
- Keymanager::setShareKeys( $view, $this->relPath, $this->encKeyfiles['keys'] );
+ Keymanager::setShareKeys($view, $this->relPath, $this->encKeyfiles['keys']);
// get file info
- $fileInfo = $view->getFileInfo( $this->rawPath );
- if ( !is_array( $fileInfo ) ) {
+ $fileInfo = $view->getFileInfo($this->rawPath);
+ if (!is_array($fileInfo)) {
$fileInfo = array();
}
$fileInfo['unencrypted_size'] = $this->unencryptedSize;
// set fileinfo
- $view->putFileInfo( $this->rawPath, $fileInfo );
+ $view->putFileInfo($this->rawPath, $fileInfo);
}
- return fclose( $this->handle );
+ return fclose($this->handle);
}
projects / nextcloud-server.git / commitdiff