From: Bjoern Schiessle Date: Tue, 17 Mar 2015 12:11:38 +0000 (+0100) Subject: fix keystorage and add unit tests X-Git-Tag: v8.1.0alpha1~78^2~116 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5bc9ababeb06c3e901b7d11b8c2c1d44865d3339;p=nextcloud-server.git fix keystorage and add unit tests --- diff --git a/lib/private/encryption/keys/storage.php b/lib/private/encryption/keys/storage.php index 041db2a2cb8..fba86e1737c 100644 --- a/lib/private/encryption/keys/storage.php +++ b/lib/private/encryption/keys/storage.php @@ -67,7 +67,8 @@ class Storage implements \OCP\Encryption\Keys\IStorage { * @return mixed key */ public function getUserKey($uid, $keyId) { - $path = $this->constructUserKeyPath($keyId, $uid); + $path = '/' . $uid . $this->encryption_base_dir . '/' + . $this->encryptionModuleId . '/' . $uid . '.' . $keyId; return $this->getKey($path); } @@ -93,7 +94,7 @@ class Storage implements \OCP\Encryption\Keys\IStorage { * @return mixed key */ public function getSystemUserKey($keyId) { - $path = $this->constructUserKeyPath($keyId); + $path = $this->encryption_base_dir . '/' . $this->encryptionModuleId . '/' . $keyId; return $this->getKey($path); } @@ -105,7 +106,8 @@ class Storage implements \OCP\Encryption\Keys\IStorage { * @param mixed $key */ public function setUserKey($uid, $keyId, $key) { - $path = $this->constructUserKeyPath($keyId, $uid); + $path = '/' . $uid . $this->encryption_base_dir . '/' + . $this->encryptionModuleId . '/' . $uid . '.' . $keyId; return $this->setKey($path, $key); } @@ -114,7 +116,7 @@ class Storage implements \OCP\Encryption\Keys\IStorage { * * @param string $path path to file * @param string $keyId id of the key - * @param boolean + * @param mixed $key */ public function setFileKey($path, $keyId, $key) { $keyDir = $this->getFileKeyDir($path); @@ -131,79 +133,11 @@ class Storage implements \OCP\Encryption\Keys\IStorage { * @return mixed key */ public function setSystemUserKey($keyId, $key) { - $path = $this->constructUserKeyPath($keyId); + $path = $this->encryption_base_dir . '/' + . $this->encryptionModuleId . '/' . $keyId; return $this->setKey($path, $key); } - /** - * delete user specific key - * - * @param string $uid ID if the user for whom we want to delete the key - * @param string $keyId id of the key - * - * @return boolean - */ - public function deleteUserKey($uid, $keyId) { - $path = $this->constructUserKeyPath($keyId, $uid); - return $this->view->unlink($path); - } - - /** - * delete file specific key - * - * @param string $path path to file - * @param string $keyId id of the key - * - * @return boolean - */ - public function deleteFileKey($path, $keyId) { - $keyDir = $this->getFileKeyDir($path); - return $this->view->unlink($keyDir . $keyId); - } - - /** - * delete all file keys for a given file - * - * @param string $path to the file - * @return boolean - */ - public function deleteAllFileKeys($path) { - $keyDir = $this->getFileKeyDir($path); - return $this->view->deleteAll(dirname($keyDir)); - } - - /** - * delete system-wide encryption keys not related to a specific user, - * e.g something like a key for public link shares - * - * @param string $keyId id of the key - * - * @return boolean - */ - public function deleteSystemUserKey($keyId) { - $path = $this->constructUserKeyPath($keyId); - return $this->view->unlink($path); - } - - - /** - * construct path to users key - * - * @param string $keyId - * @param string $uid - * @return string - */ - protected function constructUserKeyPath($keyId, $uid = null) { - - if ($uid === null) { - $path = $this->encryption_base_dir . '/' . $this->encryptionModuleId . '/' . $keyId; - } else { - $path = '/' . $uid . $this->encryption_base_dir . '/' - . $this->encryptionModuleId . '/' . $uid . '.' . $keyId; - } - - return $path; - } /** * read key from hard disk @@ -275,29 +209,6 @@ class Storage implements \OCP\Encryption\Keys\IStorage { return \OC\Files\Filesystem::normalizePath($keyPath . $this->encryptionModuleId . '/', false); } - /** - * move keys if a file was renamed - * - * @param string $source - * @param string $target - * @param string $owner - * @param bool $systemWide - */ - public function renameKeys($source, $target, $owner, $systemWide) { - if ($systemWide) { - $sourcePath = $this->keys_base_dir . $source . '/'; - $targetPath = $this->keys_base_dir . $target . '/'; - } else { - $sourcePath = '/' . $owner . $this->keys_base_dir . $source . '/'; - $targetPath = '/' . $owner . $this->keys_base_dir . $target . '/'; - } - - if ($this->view->file_exists($sourcePath)) { - $this->keySetPreparation(dirname($targetPath)); - $this->view->rename($sourcePath, $targetPath); - } - } - /** * Make preparations to filesystem for saving a keyfile * diff --git a/lib/private/encryption/keystorage.php b/lib/private/encryption/keystorage.php deleted file mode 100644 index fbc427edf0f..00000000000 --- a/lib/private/encryption/keystorage.php +++ /dev/null @@ -1,250 +0,0 @@ - - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see . - */ - -namespace OC\Encryption; - -use OC\Encryption\Util; -use OC\Files\View; -use OCA\Files_Encryption\Exception\EncryptionException; - -class KeyStorage implements \OCP\Encryption\IKeyStorage { - - /** @var View */ - private $view; - - /** @var Util */ - private $util; - - // base dir where all the file related keys are stored - private static $keys_base_dir = '/files_encryption/keys/'; - private static $encryption_base_dir = '/files_encryption'; - - private $keyCache = array(); - - /** - * @param View $view - * @param Util $util - */ - public function __construct(View $view, Util $util) { - $this->view = $view; - $this->util = $util; - } - - /** - * get user specific key - * - * @param string $uid ID if the user for whom we want the key - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getUserKey($uid, $keyId) { - $path = '/' . $uid . self::$encryption_base_dir . '/' . $uid . '.' . $keyId; - return $this->getKey($path); - } - - /** - * get file specific key - * - * @param string $path path to file - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getFileKey($path, $keyId) { - $keyDir = $this->getFileKeyDir($path); - return $this->getKey($keyDir . $keyId); - } - - /** - * get system-wide encryption keys not related to a specific user, - * e.g something like a key for public link shares - * - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getSystemUserKey($keyId) { - $path = '/' . self::$encryption_base_dir . '/' . $keyId; - return $this->getKey($path); - } - - /** - * set user specific key - * - * @param string $uid ID if the user for whom we want the key - * @param string $keyId id of the key - * @param mixed $key - */ - public function setUserKey($uid, $keyId, $key) { - $path = '/' . $uid . self::$encryption_base_dir . '/' . $uid . '.' . $keyId; - return $this->setKey($path, $key); - } - - /** - * set file specific key - * - * @param string $path path to file - * @param string $keyId id of the key - * @param mixed $key - */ - public function setFileKey($path, $keyId, $key) { - $keyDir = $this->getFileKeyDir($path); - return $this->setKey($keyDir . $keyId, $key); - } - - /** - * set system-wide encryption keys not related to a specific user, - * e.g something like a key for public link shares - * - * @param string $keyId id of the key - * @param mixed $key - * - * @return mixed key - */ - public function setSystemUserKey($keyId, $key) { - $path = '/' . self::$encryption_base_dir . '/' . $keyId; - return $this->setKey($path, $key); - } - - - /** - * read key from hard disk - * - * @param string $path to key - * @return string - */ - private function getKey($path) { - - $key = ''; - - if (isset($this->keyCache[$path])) { - $key = $this->keyCache[$path]; - } else { - - /** @var \OCP\Files\Storage $storage */ - list($storage, $internalPath) = $this->view->resolvePath($path); - - if ($storage->file_exists($internalPath)) { - $key = $storage->file_get_contents($internalPath); - $this->keyCache[$path] = $key; - } - - } - - return $key; - } - - /** - * write key to disk - * - * - * @param string $path path to key directory - * @param string $key key - * @return bool - */ - private function setKey($path, $key) { - $this->keySetPreparation(dirname($path)); - - /** @var \OCP\Files\Storage $storage */ - list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($path); - $result = $storage->file_put_contents($internalPath, $key); - - if (is_int($result) && $result > 0) { - $this->keyCache[$path] = $key; - return true; - } - - return false; - } - - /** - * get path to key folder for a given file - * - * @param string $path path to the file, relative to the users file directory - * @return string - * @throws EncryptionException - * @internal param string $keyId - */ - private function getFileKeyDir($path) { - - // - // TODO: NO DEPRICATED API !!! - // - if ($this->view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) { - throw new EncryptionException('file was expected but directory was given', EncryptionException::GENERIC); - } - - list($owner, $filename) = $this->util->getUidAndFilename($path); - $filename = $this->util->stripPartialFileExtension($filename); - $filePath_f = ltrim($filename, '/'); - - // in case of system wide mount points the keys are stored directly in the data directory - if ($this->util->isSystemWideMountPoint($filename)) { - $keyPath = self::$keys_base_dir . $filePath_f . '/'; - } else { - $keyPath = '/' . $owner . self::$keys_base_dir . $filePath_f . '/'; - } - - return $keyPath; - } - - /** - * Make preparations to filesystem for saving a keyfile - * - * @param string $path relative to the views root - */ - protected function keySetPreparation($path) { - // If the file resides within a subdirectory, create it - if (!$this->view->file_exists($path)) { - $sub_dirs = explode('/', $path); - $dir = ''; - foreach ($sub_dirs as $sub_dir) { - $dir .= '/' . $sub_dir; - if (!$this->view->is_dir($dir)) { - $this->view->mkdir($dir); - } - } - } - } - - /** - * Check if encryption system is ready to begin encrypting - * all the things - * - * @return bool - */ - public function ready() { - $paths = [ - self::$encryption_base_dir, - self::$keys_base_dir - ]; - foreach ($paths as $path) { - if (!$this->view->file_exists($path)) { - return false; - } - } - return true; - } - -} diff --git a/lib/public/encryption/ikeystorage.php b/lib/public/encryption/ikeystorage.php deleted file mode 100644 index 2ab5048709e..00000000000 --- a/lib/public/encryption/ikeystorage.php +++ /dev/null @@ -1,93 +0,0 @@ - - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see . - */ - -namespace OCP\Encryption; - -interface IKeyStorage { - - /** - * get user specific key - * - * @param string $uid ID if the user for whom we want the key - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getUserKey($uid, $keyId); - - /** - * get file specific key - * - * @param string $path path to file - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getFileKey($path, $keyId); - - /** - * get system-wide encryption keys not related to a specific user, - * e.g something like a key for public link shares - * - * @param string $keyId id of the key - * - * @return mixed key - */ - public function getSystemUserKey($keyId); - - /** - * set user specific key - * - * @param string $uid ID if the user for whom we want the key - * @param string $keyId id of the key - * @param mixed $key - */ - public function setUserKey($uid, $keyId, $key); - - /** - * set file specific key - * - * @param string $path path to file - * @param string $keyId id of the key - * @param mixed $key - */ - public function setFileKey($path, $keyId, $key); - - /** - * set system-wide encryption keys not related to a specific user, - * e.g something like a key for public link shares - * - * @param string $keyId id of the key - * @param mixed $key - * - * @return mixed key - */ - public function setSystemUserKey($keyId, $key); - - /** - * Return if encryption is setup and ready encrypt things - * - * @return bool - */ - public function ready(); -} diff --git a/lib/public/encryption/keys/istorage.php b/lib/public/encryption/keys/istorage.php index 4c2b01f4ad0..c4c970804e9 100644 --- a/lib/public/encryption/keys/istorage.php +++ b/lib/public/encryption/keys/istorage.php @@ -69,7 +69,7 @@ interface IStorage { * * @param string $path path to file * @param string $keyId id of the key - * @param boolean + * @param mixed $key */ public function setFileKey($path, $keyId, $key);