From a90606fb14adc0aa149a87528d4f1ce61d0250e9 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 14 Nov 2014 17:30:38 +0100 Subject: [PATCH] change private/public key names for consistency reasons --- .../ajax/changeRecoveryPassword.php | 7 +- .../ajax/updatePrivateKeyPassword.php | 6 +- apps/files_encryption/hooks/hooks.php | 19 +- apps/files_encryption/lib/helper.php | 43 +-- apps/files_encryption/lib/keymanager.php | 258 +++++++++--------- apps/files_encryption/lib/session.php | 26 +- apps/files_encryption/lib/util.php | 32 +-- apps/files_encryption/tests/hooks.php | 4 +- apps/files_encryption/tests/keymanager.php | 13 +- apps/files_encryption/tests/share.php | 8 +- apps/files_encryption/tests/util.php | 12 +- 11 files changed, 202 insertions(+), 226 deletions(-) diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php index bf647f2c8fa..01b76a969b6 100644 --- a/apps/files_encryption/ajax/changeRecoveryPassword.php +++ b/apps/files_encryption/ajax/changeRecoveryPassword.php @@ -55,16 +55,15 @@ $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $keyId = $util->getRecoveryKeyId(); -$keyPath = '/owncloud_private_key/' . $keyId . '.private.key'; -$encryptedRecoveryKey = $view->file_get_contents($keyPath); -$decryptedRecoveryKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword); +$encryptedRecoveryKey = Encryption\Keymanager::getPrivateSystemKey($keyId); +$decryptedRecoveryKey = $encryptedRecoveryKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword) : false; if ($decryptedRecoveryKey) { $cipher = \OCA\Encryption\Helper::getCipher(); $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword, $cipher); if ($encryptedKey) { - \OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId . '.private.key'); + \OCA\Encryption\Keymanager::setPrivateSystemKey($encryptedKey, $keyId); $return = true; } } diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php index fa5e279b21b..97da3811a0f 100644 --- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php +++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php @@ -36,10 +36,8 @@ if ($passwordCorrect !== false) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; -$keyPath = '/' . $user . '/files_encryption/' . $user . '.private.key'; - -$encryptedKey = $view->file_get_contents($keyPath); -$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword); +$encryptedKey = Encryption\Keymanager::getPrivateKey($view, $user); +$decryptedKey = $encryptedKey ? \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false; if ($decryptedKey) { $cipher = \OCA\Encryption\Helper::getCipher(); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 1413a0580a1..e9d0235d167 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -152,18 +152,7 @@ class Hooks { public static function postDeleteUser($params) { if (\OCP\App::isEnabled('files_encryption')) { - $view = new \OC\Files\View('/'); - - // cleanup public key - $publicKey = '/public-keys/' . $params['uid'] . '.public.key'; - - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $view->unlink($publicKey); - - \OC_FileProxy::$enabled = $proxyStatus; + Keymanager::deletePublicKey(new \OC\Files\View(), $params['uid']); } } @@ -244,7 +233,7 @@ class Hooks { \OC_FileProxy::$enabled = false; // Save public key - $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); + Keymanager::setPublicKey($keypair['publicKey'], $user); // Encrypt private key with new password $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword, Helper::getCipher()); @@ -292,7 +281,7 @@ class Hooks { $l = new \OC_L10N('files_encryption'); $users = array(); - $view = new \OC\Files\View('/public-keys/'); + $view = new \OC\Files\View('/'); switch ($params['shareType']) { case \OCP\Share::SHARE_TYPE_USER: @@ -305,7 +294,7 @@ class Hooks { $notConfigured = array(); foreach ($users as $user) { - if (!$view->file_exists($user . '.public.key')) { + if (!Keymanager::publicKeyExists($view, $user)) { $notConfigured[] = $user; } } diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index 3f4d2c99e19..24e1494fc00 100644 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -19,7 +19,7 @@ * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see . + * License alon with this library. If not, see . * */ @@ -107,6 +107,25 @@ class Helper { return true; } + /** + * get recovery key id + * + * @return string|bool recovery key ID or false + */ + public static function getRecoveryKeyId() { + $appConfig = \OC::$server->getAppConfig(); + $key = $appConfig->getValue('files_encryption', 'recoveryKeyId'); + + return ($key === null) ? false : $key; + } + + public static function getPublicShareKeyId() { + $appConfig = \OC::$server->getAppConfig(); + $key = $appConfig->getValue('files_encryption', 'publicShareKeyId'); + + return ($key === null) ? false : $key; + } + /** * enable recovery * @@ -126,38 +145,22 @@ class Helper { $appConfig->setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId); } - if (!$view->is_dir('/owncloud_private_key')) { - $view->mkdir('/owncloud_private_key'); - } - - if ( - (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key") - || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key")) - ) { + if (!Keymanager::recoveryKeyExists($view)) { $keypair = \OCA\Encryption\Crypt::createKeypair(); - \OC_FileProxy::$enabled = false; - // Save public key - - if (!$view->is_dir('/public-keys')) { - $view->mkdir('/public-keys'); - } - - $view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']); + Keymanager::setPublicKey($keypair['publicKey'], $recoveryKeyId); $cipher = \OCA\Encryption\Helper::getCipher(); $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword, $cipher); if ($encryptedKey) { - Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId . '.private.key'); + Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId); // Set recoveryAdmin as enabled $appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1); $return = true; } - \OC_FileProxy::$enabled = true; - } else { // get recovery key and check the password $util = new \OCA\Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser()); $return = $util->checkRecoveryPassword($recoveryPassword); diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index 0885267ece0..2c340bcb23f 100644 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -34,25 +34,60 @@ class Keymanager { const KEYS_BASE_DIR = '/files_encryption/keys/'; /** - * retrieve the ENCRYPTED private key from a user + * read key from hard disk * - * @param \OC\Files\View $view - * @param string $user - * @return string private key or false (hopefully) - * @note the key returned by this method must be decrypted before use + * @param string $path to key + * @return string|bool either the key or false */ - public static function getPrivateKey(\OC\Files\View $view, $user) { + private static function getKey($path, $view) { + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key'; $key = false; - if ($view->file_exists($path)) { $key = $view->file_get_contents($path); } + \OC_FileProxy::$enabled = $proxyStatus; + return $key; } + /** + * write key to disk + * + * + * @param string $path path to key directory + * @param string $name key name + * @param string $key key + * @param \OC\Files\View $view + * @return bool + */ + private static function setKey($path, $name, $key, $view) { + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + self::keySetPreparation($view, $path); + $result = $view->file_put_contents($path . '/' . $name, $key); + + \OC_FileProxy::$enabled = $proxyStatus; + + return (is_int($result) && $result > 0) ? true : false; + } + + /** + * retrieve the ENCRYPTED private key from a user + * + * @param \OC\Files\View $view + * @param string $user + * @return string private key or false (hopefully) + * @note the key returned by this method must be decrypted before use + */ + public static function getPrivateKey(\OC\Files\View $view, $user) { + $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.privateKey'; + return self::getKey($path, $view); + } + /** * retrieve public key for a specified user * @param \OC\Files\View $view @@ -60,11 +95,8 @@ class Keymanager { * @return string public key or false */ public static function getPublicKey(\OC\Files\View $view, $userId) { - - $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key'); - - return $result; - + $path = '/public-keys/' . $userId . '.publicKey'; + return self::getKey($path, $view); } /** @@ -91,7 +123,6 @@ class Keymanager { public static function getPublicKeys(\OC\Files\View $view, array $userIds) { $keys = array(); - foreach ($userIds as $userId) { $keys[$userId] = self::getPublicKey($view, $userId); } @@ -112,15 +143,8 @@ class Keymanager { * asymmetrically encrypt the keyfile before passing it to this method */ public static function setFileKey(\OC\Files\View $view, $util, $path, $catfile) { - - $basePath = self::getKeyPath($view, $util, $path); - - self::keySetPreparation($view, $basePath); - - $result = $view->file_put_contents( - $basePath . '/fileKey', $catfile); - - return $result; + $path = self::getKeyPath($view, $util, $path); + return self::setKey($path, 'fileKey', $catfile, $view); } @@ -161,23 +185,8 @@ class Keymanager { * @return string */ public static function getFileKeyPath($view, $util, $path) { - - if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) { - throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC); - } - - list($owner, $filename) = $util->getUidAndFilename($path); - $filename = Helper::stripPartialFileExtension($filename); - $filePath_f = ltrim($filename, '/'); - - // in case of system wide mount points the keys are stored directly in the data directory - if ($util->isSystemWideMountPoint($filename)) { - $keyfilePath = self::KEYS_BASE_DIR . $filePath_f . '/fileKey'; - } else { - $keyfilePath = '/' . $owner . self::KEYS_BASE_DIR . $filePath_f . '/fileKey'; - } - - return $keyfilePath; + $keyDir = self::getKeyPath($view, $util, $path); + return $keyDir . 'fileKey'; } /** @@ -190,22 +199,37 @@ class Keymanager { * @retrun string */ public static function getShareKeyPath($view, $util, $path, $uid) { + $keyDir = self::getKeyPath($view, $util, $path); + return $keyDir . $uid . '.shareKey'; + } - if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) { - throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC); - } + /** + * delete public key from a given user + * + * @param \OC\Files\View $view + * @param string $uid user + * @return bool + */ + public static function deletePublicKey($view, $uid) { - list($owner, $filename) = $util->getUidAndFilename($path); - $filename = Helper::stripPartialFileExtension($filename); + $result = false; - // in case of system wide mount points the keys are stored directly in the data directory - if ($util->isSystemWideMountPoint($filename)) { - $shareKeyPath = self::KEYS_BASE_DIR . $filename . '/'. $uid . '.shareKey'; - } else { - $shareKeyPath = '/' . $owner . self::KEYS_BASE_DIR . $filename . '/' . $uid . '.shareKey'; + if (!\OCP\User::userExists($uid)) { + $publicKey = '/public-keys/' . $uid . '.publicKey'; + $result = $view->unlink($publicKey); } - return $shareKeyPath; + return $result; + } + + /** + * check if public key for user exists + * + * @param \OC\Files\View $view + * @param string $uid + */ + public static function publicKeyExists($view, $uid) { + return $view->file_exists('/public-keys/'. $uid . '.publicKey'); } @@ -221,17 +245,8 @@ class Keymanager { * of the keyfile must be performed by client code */ public static function getFileKey($view, $util, $filePath) { - - $keyfilePath = self::getFileKeyPath($view, $util, $filePath); - - if ($view->file_exists($keyfilePath)) { - $result = $view->file_get_contents($keyfilePath); - } else { - $result = false; - } - - return $result; - + $path = self::getFileKeyPath($view, $util, $filePath); + return self::getKey($path, $view); } /** @@ -243,80 +258,86 @@ class Keymanager { */ public static function setPrivateKey($key, $user = '') { - if ($user === '') { - $user = \OCP\User::getUser(); - } - + $user = $user === '' ? \OCP\User::getUser() : $user; + $path = '/' . $user . '/files_encryption'; $header = Crypt::generateHeader(); - $view = new \OC\Files\View('/' . $user . '/files_encryption'); + return self::setKey($path, $user . '.privateKey', $header . $key, new \OC\Files\View()); - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + } - if (!$view->file_exists('')) { - $view->mkdir(''); + /** + * check if recovery key exists + * + * @param \OC\Files\View $view + * @return bool + */ + public static function recoveryKeyExists($view) { + + $result = false; + + $recoveryKeyId = Helper::getRecoveryKeyId(); + if ($recoveryKeyId) { + $result = ($view->file_exists("/public-keys/" . $recoveryKeyId . ".publicKey") + && $view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".privateKey")); } - $result = $view->file_put_contents($user . '.private.key', $header . $key); + return $result; + } + + public static function publicShareKeyExists($view) { + $result = false; - \OC_FileProxy::$enabled = $proxyStatus; + $publicShareKeyId = Helper::getPublicShareKeyId(); + if ($publicShareKeyId) { + $result = ($view->file_exists("/public-keys/" . $publicShareKeyId . ".publicKey") + && $view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".privateKey")); + + } return $result; + } + + /** + * store public key from the user + * @param string $key + * @param string $user + * + * @return bool + */ + public static function setPublicKey($key, $user = '') { + $user = $user === '' ? \OCP\User::getUser() : $user; + $path = '/public-keys'; + + return self::setKey($path, $user . '.publicKey', $key, new \OC\Files\View('/')); } /** * write private system key (recovery and public share key) to disk * * @param string $key encrypted key - * @param string $keyName name of the key file + * @param string $keyName name of the key * @return boolean */ public static function setPrivateSystemKey($key, $keyName) { + $keyName = $keyName . '.privateKey'; + $path = '/owncloud_private_key'; $header = Crypt::generateHeader(); - $view = new \OC\Files\View('/owncloud_private_key'); - - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - if (!$view->file_exists('')) { - $view->mkdir(''); - } - - $result = $view->file_put_contents($keyName, $header . $key); - - \OC_FileProxy::$enabled = $proxyStatus; - - return $result; + return self::setKey($path, $keyName,$header . $key, new \OC\Files\View()); } /** - * store share key + * read private system key (recovery and public share key) from disk * - * @param \OC\Files\View $view - * @param string $path where the share key is stored - * @param string $shareKey - * @return bool true/false - * @note The keyfile is not encrypted here. Client code must - * asymmetrically encrypt the keyfile before passing it to this method + * @param string $keyName name of the key + * @return string|boolean private system key or false */ - private static function setShareKey(\OC\Files\View $view, $path, $shareKey) { - - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $result = $view->file_put_contents($path, $shareKey); - - \OC_FileProxy::$enabled = $proxyStatus; - - if (is_int($result) && $result > 0) { - return true; - } else { - return false; - } + public static function getPrivateSystemKey($keyName) { + $path = $keyName . '.privateKey'; + return self::getKey($path, new \OC\Files\View('/owncloud_private_key')); } /** @@ -337,11 +358,7 @@ class Keymanager { $result = true; foreach ($shareKeys as $userId => $shareKey) { - - $writePath = $basePath . '/' . $userId . '.shareKey'; - - if (!self::setShareKey($view, $writePath, $shareKey)) { - + if (!self::setKey($basePath, $userId . '.shareKey', $shareKey, $view)) { // If any of the keys are not set, flag false $result = false; } @@ -362,16 +379,8 @@ class Keymanager { * of the keyfile must be performed by client code */ public static function getShareKey($view, $userId, $util, $filePath) { - - $shareKeyPath = self::getShareKeyPath($view, $util, $filePath, $userId); - - if ($view->file_exists($shareKeyPath)) { - $result = $view->file_get_contents($shareKeyPath); - } else { - $result = false; - } - - return $result; + $path = self::getShareKeyPath($view, $util, $filePath, $userId); + return self::getKey($path, $view); } /** @@ -432,7 +441,6 @@ class Keymanager { * @param string $basePath */ protected static function keySetPreparation($view, $path) { - // If the file resides within a subdirectory, create it if (!$view->file_exists($path)) { $sub_dirs = explode('/', $path); diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index e4fef536235..355264a5070 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -56,43 +56,30 @@ class Session { $appConfig = \OC::$server->getAppConfig(); - $publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId'); + $publicShareKeyId = Helper::getPublicShareKeyId(); - if ($publicShareKeyId === null) { + if ($publicShareKeyId === false) { $publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); $appConfig->setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId); } - if ( - !$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key") - || !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key") - ) { + if (!Keymanager::publicShareKeyExists($view)) { $keypair = Crypt::createKeypair(); - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; // Save public key - - if (!$view->is_dir('/public-keys')) { - $view->mkdir('/public-keys'); - } - - $this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']); + Keymanager::setPublicKey($keypair['publicKey'], $publicShareKeyId); // Encrypt private key empty passphrase $cipher = \OCA\Encryption\Helper::getCipher(); $encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], '', $cipher); if ($encryptedKey) { - Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId . '.private.key'); + Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId); } else { \OCP\Util::writeLog('files_encryption', 'Could not create public share keys', \OCP\Util::ERROR); } - \OC_FileProxy::$enabled = $proxyStatus; - } if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) { @@ -100,8 +87,7 @@ class Session { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $encryptedKey = $this->view->file_get_contents( - '/owncloud_private_key/' . $publicShareKeyId . '.private.key'); + $encryptedKey = Keymanager::getPrivateSystemKey($publicShareKeyId); $privateKey = Crypt::decryptPrivateKey($encryptedKey, ''); self::setPublicSharePrivateKey($privateKey); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 8299ed5fe6e..6c1b2f60d7e 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -77,9 +77,9 @@ class Util { $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keysPath = $this->encryptionDir . '/' . 'keys'; $this->publicKeyPath = - $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey $this->privateKeyPath = - $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key + $this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey // make sure that the owners home is mounted \OC\Files\Filesystem::initMountPoints($userId); @@ -1363,22 +1363,14 @@ class Util { public function checkRecoveryPassword($password) { $result = false; - $pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key"; - - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $recoveryKey = $this->view->file_get_contents($pathKey); + $recoveryKey = Keymanager::getPrivateSystemKey($this->recoveryKeyId); $decryptedRecoveryKey = Crypt::decryptPrivateKey($recoveryKey, $password); if ($decryptedRecoveryKey) { $result = true; } - \OC_FileProxy::$enabled = $proxyStatus; - - return $result; } @@ -1486,16 +1478,9 @@ class Util { */ public function recoverUsersFiles($recoveryPassword) { - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - $encryptedKey = $this->view->file_get_contents( - '/owncloud_private_key/' . $this->recoveryKeyId . '.private.key'); + $encryptedKey = Keymanager::getPrivateSystemKey( $this->recoveryKeyId); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $recoveryPassword); - \OC_FileProxy::$enabled = $proxyStatus; - $this->recoverAllFiles('/', $privateKey); } @@ -1510,8 +1495,8 @@ class Util { $backupDir .= ($purpose === '') ? date("Y-m-d_H-i-s") . '/' : $purpose . '.' . date("Y-m-d_H-i-s") . '/'; $this->view->mkdir($backupDir); $this->view->copy($this->keysPath, $backupDir . 'keys/'); - $this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.private.key'); - $this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.public.key'); + $this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey'); + $this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey'); } /** @@ -1571,7 +1556,10 @@ class Util { $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); - $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); + $privateKey = false; + if ($encryptedKey) { + $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); + } if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] diff --git a/apps/files_encryption/tests/hooks.php b/apps/files_encryption/tests/hooks.php index 944d8a38870..fc40d4cd61f 100644 --- a/apps/files_encryption/tests/hooks.php +++ b/apps/files_encryption/tests/hooks.php @@ -439,8 +439,8 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase { // set user password for the first time \OCA\Encryption\Hooks::postCreateUser(array('uid' => 'newUser', 'password' => 'newUserPassword')); - $this->assertTrue($view->file_exists('public-keys/newUser.public.key')); - $this->assertTrue($view->file_exists('newUser/files_encryption/newUser.private.key')); + $this->assertTrue($view->file_exists('public-keys/newUser.publicKey')); + $this->assertTrue($view->file_exists('newUser/files_encryption/newUser.privateKey')); // check if we are able to decrypt the private key $encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser'); diff --git a/apps/files_encryption/tests/keymanager.php b/apps/files_encryption/tests/keymanager.php index d4a3f85ed48..f86f7d894ce 100644 --- a/apps/files_encryption/tests/keymanager.php +++ b/apps/files_encryption/tests/keymanager.php @@ -175,7 +175,7 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase { Encryption\Keymanager::setPrivateKey($key, 'dummyUser'); - $this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.private.key')); + $this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.privateKey')); //clean up $this->view->deleteAll('/dummyUser'); @@ -187,14 +187,19 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase { function testSetPrivateSystemKey() { $key = "dummy key"; - $keyName = "myDummyKey.private.key"; + $keyName = "myDummyKey"; + $encHeader = Encryption\Crypt::generateHeader(); Encryption\Keymanager::setPrivateSystemKey($key, $keyName); - $this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName)); + $this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName . '.privateKey')); + + $result = Encryption\Keymanager::getPrivateSystemKey($keyName); + + $this->assertSame($encHeader . $key, $result); // clean up - $this->view->unlink('/owncloud_private_key/' . $keyName); + $this->view->unlink('/owncloud_private_key/' . $keyName.'.privateKey'); } diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php index 48aaec5c196..d7afc9e2da7 100755 --- a/apps/files_encryption/tests/share.php +++ b/apps/files_encryption/tests/share.php @@ -915,8 +915,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase { $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); // break users public key - $this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key', - '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup'); + $this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey', + '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup'); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; @@ -943,8 +943,8 @@ class Test_Encryption_Share extends \OCA\Files_Encryption\Tests\TestCase { // break user1 public key $this->view->rename( - '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup', - '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key'); + '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup', + '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey'); // remove share file $this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index fc6145a8cb5..96e8fcd81fe 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -89,9 +89,9 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase { $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keysPath = $this->encryptionDir . '/' . 'keys'; $this->publicKeyPath = - $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key + $this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey $this->privateKeyPath = - $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key + $this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey $this->view = new \OC\Files\View('/'); @@ -402,8 +402,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase { $this->assertTrue($this->view->is_dir($backupPath . '/keys')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/fileKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/' . $user . '.shareKey')); - $this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.private.key')); - $this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.public.key')); + $this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.privateKey')); + $this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.publicKey')); // cleanup $this->view->unlink($this->userId . '/files/' . $filename); @@ -435,8 +435,8 @@ class Test_Encryption_Util extends \OCA\Files_Encryption\Tests\TestCase { $this->assertTrue($this->view->is_dir($backupPath . '/keys/foo')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/fileKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/user1.shareKey')); - $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.private.key')); - $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.public.key')); + $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey')); + $this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey')); //cleanup $this->view->deleteAll($backupPath); -- 2.39.5