OC_FileProxy::register( new OCA\Encryption\Proxy() );
+// User-related hooks
OCP\Util::connectHook( 'OC_User','post_login', 'OCA\Encryption\Hooks', 'login' );
-OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' );
OCP\Util::connectHook( 'OC_User','post_setPassword','OCA\Encryption\Hooks' ,'setPassphrase' );
+// Sharing-related hooks
+OCP\Util::connectHook( 'OCP\Share','post_shared','OCA\Encryption\Hooks' ,'postShared' );
+OCP\Util::connectHook( 'OCP\Share','pre_unshare','OCA\Encryption\Hooks' ,'preUnshare' );
+OCP\Util::connectHook( 'OCP\Share','pre_unshareAll','OCA\Encryption\Hooks' ,'preUnshareAll' );
+
+// Webdav-related hooks
+OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' );
+
stream_wrapper_register( 'crypt', 'OCA\Encryption\Stream' );
$session = new OCA\Encryption\Session();
&& OCA\Encryption\Crypt::mode() == 'server'
) {
- // Force the user to re-log in if the encryption key isn't unlocked (happens when a user is logged in before the encryption app is enabled)
+ // Force the user to re-log in if the encryption key isn't unlocked
+ // (happens when a user is logged in before the encryption app is
+ // enabled)
OCP\User::logout();
header( "Location: " . OC::$WEBROOT.'/' );
}
-OCP\App::registerAdmin( 'files_encryption', 'settings');
+OCP\App::registerAdmin( 'files_encryption', 'settings' );
OCP\App::registerPersonal( 'files_encryption', 'settings-personal' );
\ No newline at end of file
\r
if ( isset( $params['properties']['key'] ) ) {\r
\r
- Keymanager::setFileKey( $params['path'], $params['properties']['key'] );\r
- \r
+ $view = new \OC_FilesystemView( '/' );\r
+ $userId = \OCP\User::getUser();\r
+ \r
+ Keymanager::setFileKey( $view, $params['path'], $userId, $params['properties']['key'] );\r
+ \r
} else {\r
\r
\OC_Log::write( \r
\r
}\r
\r
+ /**\r
+ * @brief \r
+ */\r
+ public static function postShared( $params ) {\r
+ \r
+ // Delete existing catfile\r
+ Keymanager::deleteFileKey( );\r
+ \r
+ // Generate new catfile and env keys\r
+ Crypt::multiKeyEncrypt( $plainContent, $publicKeys );\r
+ \r
+ // Save env keys to user folders\r
+ \r
+ \r
+ }\r
+ \r
+ /**\r
+ * @brief \r
+ */\r
+ public static function preUnshare( $params ) {\r
+ \r
+ // Delete existing catfile\r
+ \r
+ // Generate new catfile and env keys\r
+ \r
+ // Save env keys to user folders\r
+ }\r
+ \r
+ /**\r
+ * @brief \r
+ */\r
+ public static function preUnshareAll( $params ) {\r
+ \r
+ trigger_error( "preUnshareAll" );\r
+ \r
+ }\r
+ \r
}\r
\r
?>
\ No newline at end of file
*/\r
public static function setUserKeys($privatekey, $publickey) {\r
\r
- return (self::setPrivateKey($privatekey) && self::setPublicKey($publickey));\r
+ return ( self::setPrivateKey( $privatekey ) && self::setPublicKey( $publickey ) );\r
\r
}\r
\r
\r
}\r
\r
+ /**\r
+ * @note 'shareKey' is a more user-friendly name for env_key\r
+ */\r
+ public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) {\r
+ \r
+ $basePath = '/' . $userId . '/files_encryption/share-keys';\r
+ \r
+ $shareKeyPath = self::keySetPreparation( $view, $path, $basePath, $userId );\r
+ \r
+ return $view->file_put_contents( $basePath . '/' . $shareKeyPath . '.shareKey', $shareKey );\r
+ \r
+ }\r
+ \r
+ /**\r
+ * @brief Make preparations to vars and filesystem for saving a keyfile\r
+ */\r
+ public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) {\r
+ \r
+ $targetPath = ltrim( $path, '/' );\r
+ \r
+ $path_parts = pathinfo( $targetPath );\r
+ \r
+ // If the file resides within a subdirectory, create it\r
+ if ( \r
+ isset( $path_parts['dirname'] )\r
+ && ! $view->file_exists( $basePath . $path_parts['dirname'] ) \r
+ ) {\r
+ \r
+ $view->mkdir( $basePath . $path_parts['dirname'] );\r
+ \r
+ }\r
+ \r
+ return $targetPath;\r
+ \r
+ }\r
+ \r
/**\r
* @brief store file encryption key\r
*\r
* @note The keyfile is not encrypted here. Client code must \r
* asymmetrically encrypt the keyfile before passing it to this method\r
*/\r
- public static function setFileKey( $path, $key, $view = Null, $dbClassName = '\OC_DB') {\r
-\r
- $targetPath = ltrim( $path, '/' );\r
- $user = \OCP\User::getUser();\r
+ public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) {\r
+ \r
+ $basePath = '/' . $userId . '/files_encryption/keyfiles';\r
\r
-// // update $keytarget and $user if key belongs to a file shared by someone else\r
+ $targetPath = self::keySetPreparation( $view, $path, $basePath, $userId );\r
+ \r
+// // update $keytarget and $userId if key belongs to a file shared by someone else\r
// $query = $dbClassName::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );\r
// \r
-// $result = $query->execute( array ( '/'.$user.'/files/'.$targetPath, $user ) );\r
+// $result = $query->execute( array ( '/'.$userId.'/files/'.$targetPath, $userId ) );\r
// \r
// if ( $row = $result->fetchRow( ) ) {\r
// \r
// \r
// $targetPath_parts = explode( '/', $targetPath );\r
// \r
-// $user = $targetPath_parts[1];\r
+// $userId = $targetPath_parts[1];\r
// \r
// $rootview = new \OC_FilesystemView( '/' );\r
// \r
// \r
// }\r
// \r
-// $targetPath = str_replace( '/'.$user.'/files/', '', $targetPath );\r
+// $targetPath = str_replace( '/'.$userId.'/files/', '', $targetPath );\r
// \r
// //TODO: check for write permission on shared file once the new sharing API is in place\r
// \r
// }\r
\r
- $path_parts = pathinfo( $targetPath );\r
- \r
- if ( !$view ) {\r
- \r
- $view = new \OC_FilesystemView( '/' );\r
- \r
- }\r
- \r
- $view->chroot( '/' . $user . '/files_encryption/keyfiles' );\r
- \r
- // If the file resides within a subdirectory, create it\r
- if ( \r
- isset( $path_parts['dirname'] )\r
- && ! $view->file_exists( $path_parts['dirname'] ) \r
- ) {\r
- \r
- $view->mkdir( $path_parts['dirname'] );\r
- \r
- }\r
- \r
// Save the keyfile in parallel directory\r
- return $view->file_put_contents( '/' . $targetPath . '.key', $key );\r
+ return $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile );\r
\r
}\r
\r
// Disable encryption proxy to prevent recursive calls
\OC_FileProxy::$enabled = false;
+ # TODO: Check if file is shared, if so, use multiKeyEncrypt
+
// Encrypt plain data and fetch key
$encrypted = Crypt::keyEncryptKeyfile( $data, Keymanager::getPublicKey( $rootView, $userId ) );
$filePath = '/' . implode( '/', $filePath );
# TODO: make keyfile dir dynamic from app config
- $view = new \OC_FilesystemView( '/' . $userId . '/files_encryption/keyfiles' );
+
+ $view = new \OC_FilesystemView( '/' );
// Save keyfile for newly encrypted file in parallel directory tree
- Keymanager::setFileKey( $filePath, $encrypted['key'], $view, '\OC_DB' );
+ Keymanager::setFileKey( $view, $filePath, $userId, $encrypted['key'] );
// Update the file cache with file info
\OC_FileCache::put( $path, array( 'encrypted'=>true, 'size' => $size ), '' );
$userId = \OCP\USER::getUser();
+ # TODO: Check if file is shared, if so, use multiKeyDecrypt
+
$encryptedKeyfile = Keymanager::getFileKey( $view, $userId, $filePath );
$session = new Session();
// Make sure the userId is set
$this->getuser();
+ # TODO: Check if file is shared, if so, use multiKeyEncrypt and
+ # save shareKeys in necessary user directories
+
// Get / generate the keyfile for the file we're handling
- // If we're writing a new file (not overwriting an existing one), save the newly generated keyfile
+ // If we're writing a new file (not overwriting an existing
+ // one), save the newly generated keyfile
if ( ! $this->getKey() ) {
$this->keyfile = Crypt::generateKey();
$this->encKeyfile = Crypt::keyEncrypt( $this->keyfile, $this->publicKey );
- // Save the new encrypted file key
- Keymanager::setFileKey( $this->rawPath, $this->encKeyfile, new \OC_FilesystemView( '/' ) );
+ $view = new \OC_FilesystemView( '/' );
+ $userId = \OCP\User::getUser();
- # TODO: move this new OCFSV out of here some how, use DI
+ // Save the new encrypted file key
+ Keymanager::setFileKey( $view, $this->rawPath, $userId, $this->encKeyfile );
}
# NOTE: This cannot be tested until we are able to break out
# of the FileSystemView data directory root
-// $key = Crypt::symmetricEncryptFileContentKeyfile( $this->data, 'hat' );
-//
-// $tmpPath = sys_get_temp_dir(). '/' . 'testSetFileKey';
-//
-// $view = new \OC_FilesystemView( '/tmp/' );
-//
-// //$view = new \OC_FilesystemView( '/' . $this->userId . '/files_encryption/keyfiles' );
-//
-// Encryption\Keymanager::setFileKey( $tmpPath, $key['key'], $view );
+ $key = Encryption\Crypt::symmetricEncryptFileContentKeyfile( $this->randomKey, 'hat' );
+
+ $path = 'unittest-'.time().'txt';
+
+ //$view = new \OC_FilesystemView( '/' . $this->userId . '/files_encryption/keyfiles' );
+
+ Encryption\Keymanager::setFileKey( $this->view, $path, $this->userId, $key['key'] );
}
projects / nextcloud-server.git / commitdiff