$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
+$view = new \OC\Files\View('/');
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
-$result = $util->checkRecoveryPassword($oldPassword);
+$proxyStatus = \OC_FileProxy::$enabled;
+\OC_FileProxy::$enabled = false;
-if ($result) {
- $keyId = $util->getRecoveryKeyId();
- $keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
- $view = new \OC\Files\View('/');
+$keyId = $util->getRecoveryKeyId();
+$keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
- $proxyStatus = \OC_FileProxy::$enabled;
- \OC_FileProxy::$enabled = false;
+$encryptedRecoveryKey = $view->file_get_contents($keyPath);
+$decryptedRecoveryKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword);
+
+if ($decryptedRecoveryKey) {
- $encryptedRecoveryKey = $view->file_get_contents($keyPath);
- $decryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricDecryptFileContent($encryptedRecoveryKey, $oldPassword);
$encryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword);
$view->file_put_contents($keyPath, $encryptedRecoveryKey);
- \OC_FileProxy::$enabled = $proxyStatus;
-
$return = true;
}
+\OC_FileProxy::$enabled = $proxyStatus;
+
// success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.'))));
\r
$encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);\r
\r
- $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']);\r
-\r
- // check if this a valid private key\r
- $res = openssl_pkey_get_private($privateKey);\r
- if(is_resource($res)) {\r
- $sslInfo = openssl_pkey_get_details($res);\r
- if(!isset($sslInfo['key'])) {\r
- $privateKey = false;\r
- }\r
- } else {\r
- $privateKey = false;\r
- }\r
+ $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);\r
\r
if($privateKey === false) {\r
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);\r
\r
}\r
\r
+ /**\r
+ * @brief Decrypt private key and check if the result is a valid keyfile\r
+ * @param string $encryptedKey encrypted keyfile\r
+ * @param string $passphrase to decrypt keyfile\r
+ * @returns encrypted private key or false\r
+ *\r
+ * This function decrypts a file\r
+ */\r
+ public static function decryptPrivateKey($encryptedKey, $passphrase) {\r
+\r
+ $plainKey = self::symmetricDecryptFileContent($encryptedKey, $passphrase);\r
+\r
+ // check if this a valid private key\r
+ $res = openssl_pkey_get_private($plainKey);\r
+ if(is_resource($res)) {\r
+ $sslInfo = openssl_pkey_get_details($res);\r
+ if(!isset($sslInfo['key'])) {\r
+ $plainKey = false;\r
+ }\r
+ } else {\r
+ $plainKey = false;\r
+ }\r
+\r
+ return $plainKey;\r
+\r
+ }\r
+\r
+\r
/**\r
* @brief Creates symmetric keyfile content using a generated key\r
* @param string $plainContent content to be encrypted\r
* @return bool
*/
public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) {
+
$view = new \OC\Files\View('/');
if ($recoveryKeyId === null) {
// Save private key
$view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey);
- // create control file which let us check later on if the entered password was correct.
- $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']);
- if (!$view->is_dir('/control-file')) {
- $view->mkdir('/control-file');
- }
- $view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData);
-
\OC_FileProxy::$enabled = true;
// Set recoveryAdmin as enabled
}
-}
\ No newline at end of file
+}
*/
public function checkRecoveryPassword($password) {
+ $result = false;
$pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key";
- $pathControlData = '/control-file/controlfile.enc';
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$recoveryKey = $this->view->file_get_contents($pathKey);
- $decryptedRecoveryKey = Crypt::symmetricDecryptFileContent($recoveryKey, $password);
+ $decryptedRecoveryKey = Crypt::decryptPrivateKey($recoveryKey, $password);
- $controlData = $this->view->file_get_contents($pathControlData);
- $decryptedControlData = Crypt::keyDecrypt($controlData, $decryptedRecoveryKey);
+ if ($decryptedRecoveryKey) {
+ $result = true;
+ }
\OC_FileProxy::$enabled = $proxyStatus;
- if ($decryptedControlData === 'ownCloud') {
- return true;
- }
- return false;
+ return $result;
}
/**
$encryptedKey = $this->view->file_get_contents(
'/owncloud_private_key/' . $this->recoveryKeyId . '.private.key');
- $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $recoveryPassword);
+ $privateKey = Crypt::decryptPrivateKey($encryptedKey, $recoveryPassword);
\OC_FileProxy::$enabled = $proxyStatus;
projects / nextcloud-server.git / commitdiff