public function registerEncryptionModule() {
$container = $this->getContainer();
$container->registerService('EncryptionModule', function (IAppContainer $c) {
- return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager'));
+ return new \OCA\Encryption\Crypto\Encryption(
+ $c->query('Crypt'),
+ $c->query('KeyManager'),
+ $c->query('Util'));
});
$module = $container->query('EncryptionModule');
$this->encryptionManager->registerEncryptionModule($module);
/** @var boolean */
private $isWriteOperation;
- public function __construct(Crypt $crypt, KeyManager $keymanager) {
+ /** @var \OC\Encryption\Util */
+ private $util;
+
+ /**
+ *
+ * @param \OCA\Encryption\Crypto\Crypt $crypt
+ * @param KeyManager $keymanager
+ * @param \OC\Encryption\Util $util
+ */
+ public function __construct(Crypt $crypt, KeyManager $keymanager, \OC\Encryption\Util $util) {
$this->crypt = $crypt;
$this->keymanager = $keymanager;
+ $this->util = $util;
}
/**
$publicKeys[$user] = $this->keymanager->getPublicKey($user);
}
- if (!empty($accessList['public'])) {
- $publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
- }
+ $publicKeys = $this->addSystemKeys($accessList, $publicKeys);
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
return true;
}
+ /**
+ * add system keys such as the public share key and the recovery key
+ *
+ * @param array $accessList
+ * @param array $publicKeys
+ * @return array
+ */
+ public function addSystemKeys(array $accessList, array $publicKeys) {
+ if (!empty($accessList['public'])) {
+ $publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
+ }
+
+ if ($this->keymanager->recoveryKeyExists() &&
+ $this->util->recoveryEnabled($this->user)) {
+
+ $publicKeys[$this->keymanager->getRecoveryKeyId()] = $this->keymanager->getRecoveryKey();
+ }
+
+
+ return $publicKeys;
+ }
+
+
/**
* should the file be encrypted or not
*
* @return bool
*/
public function recoveryKeyExists() {
- return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0);
+ return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId)));
+ }
+
+ /**
+ * get recovery key
+ *
+ * @return string
+ */
+ public function getRecoveryKey() {
+ return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey');
+ }
+
+ /**
+ * get recovery key ID
+ *
+ * @return string
+ */
+ public function getRecoveryKeyId() {
+ return $this->recoveryKeyId;
}
/**
use OC\Encryption\Exceptions\EncryptionHeaderToLargeException;
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
use OCP\Encryption\IEncryptionModule;
+use OCP\IConfig;
class Util {
/** @var \OC\User\Manager */
protected $userManager;
+ /** @var IConfig */
+ protected $config;
+
/** @var array paths excluded from encryption */
protected $excludedPaths;
/**
* @param \OC\Files\View $view root view
*/
- public function __construct(\OC\Files\View $view, \OC\User\Manager $userManager) {
+ public function __construct(
+ \OC\Files\View $view,
+ \OC\User\Manager $userManager,
+ IConfig $config) {
+
$this->ocHeaderKeys = [
self::HEADER_ENCRYPTION_MODULE_KEY
];
$this->view = $view;
$this->userManager = $userManager;
+ $this->config = $config;
$this->excludedPaths[] = 'files_encryption';
}
return false;
}
+ /**
+ * check if recovery key is enabled for user
+ *
+ * @param string $uid
+ * @return boolean
+ */
+ public function recoveryEnabled($uid) {
+ $enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
+
+ return ($enabled === '1') ? true : false;
+ }
+
}
projects / nextcloud-server.git / commitdiff