@@ -124,7 +124,8 @@ class Application extends \OCP\AppFramework\App { | |||
$server->getConfig(), | |||
$server->getUserSession(), | |||
new \OCA\Encryption\Session($server->getSession()), | |||
$server->getLogger() | |||
$server->getLogger(), | |||
$c->query('Util') | |||
); | |||
}); | |||
@@ -167,8 +168,12 @@ class Application extends \OCP\AppFramework\App { | |||
function (IAppContainer $c) { | |||
$server = $c->getServer(); | |||
return new Util(new View(), $c->query('Crypt'), $c->query('KeyManager'), $server->getLogger(), $server->getUserSession(), $server->getConfig() | |||
); | |||
return new Util( | |||
new View(), | |||
$c->query('Crypt'), | |||
$server->getLogger(), | |||
$server->getUserSession(), | |||
$server->getConfig()); | |||
}); | |||
} |
@@ -9,7 +9,7 @@ function updatePrivateKeyPasswd() { | |||
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val(); | |||
OC.msg.startSaving('#encryption .msg'); | |||
$.post( | |||
OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' ) | |||
OC.generateUrl('/apps/encryption/ajax/updatePrivateKeyPassword') | |||
, { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword } | |||
, function( data ) { | |||
if (data.status === "error") { |
@@ -131,6 +131,8 @@ class Encryption implements IEncryptionModule { | |||
$publicKeys[$uid] = $this->keymanager->getPublicKey($uid); | |||
} | |||
$publicKeys = $this->keymanager->addSystemKeys($this->accessList, $publicKeys); | |||
$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys); | |||
$this->keymanager->setAllFileKeys($path, $encryptedKeyfiles); | |||
} | |||
@@ -235,7 +237,7 @@ class Encryption implements IEncryptionModule { | |||
$publicKeys[$user] = $this->keymanager->getPublicKey($user); | |||
} | |||
$publicKeys = $this->addSystemKeys($accessList, $publicKeys); | |||
$publicKeys = $this->keymanager->addSystemKeys($accessList, $publicKeys); | |||
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); | |||
@@ -27,6 +27,7 @@ use OCA\Encryption\Exceptions\PrivateKeyMissingException; | |||
use OC\Encryption\Exceptions\PublicKeyMissingException; | |||
use OCA\Encryption\Crypto\Crypt; | |||
use OCP\Encryption\Keys\IStorage; | |||
use OCA\Encryption\Util; | |||
use OCP\IConfig; | |||
use OCP\ILogger; | |||
use OCP\IUserSession; | |||
@@ -84,6 +85,10 @@ class KeyManager { | |||
* @var ILogger | |||
*/ | |||
private $log; | |||
/** | |||
* @var Util | |||
*/ | |||
private $util; | |||
/** | |||
* @param IStorage $keyStorage | |||
@@ -92,6 +97,7 @@ class KeyManager { | |||
* @param IUserSession $userSession | |||
* @param Session $session | |||
* @param ILogger $log | |||
* @param Util $util | |||
*/ | |||
public function __construct( | |||
IStorage $keyStorage, | |||
@@ -99,9 +105,11 @@ class KeyManager { | |||
IConfig $config, | |||
IUserSession $userSession, | |||
Session $session, | |||
ILogger $log | |||
ILogger $log, | |||
Util $util | |||
) { | |||
$this->util = $util; | |||
$this->session = $session; | |||
$this->keyStorage = $keyStorage; | |||
$this->crypt = $crypt; | |||
@@ -153,7 +161,7 @@ class KeyManager { | |||
* @return bool | |||
*/ | |||
public function recoveryKeyExists() { | |||
return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId))); | |||
return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'))); | |||
} | |||
/** | |||
@@ -471,4 +479,25 @@ class KeyManager { | |||
public function setSystemPrivateKey($keyId, $key) { | |||
return $this->keyStorage->setSystemUserKey($keyId . '.' . $this->privateKeyId, $key); | |||
} | |||
/** | |||
* add system keys such as the public share key and the recovery key | |||
* | |||
* @param array $accessList | |||
* @param array $publicKeys | |||
* @return array | |||
*/ | |||
public function addSystemKeys(array $accessList, array $publicKeys) { | |||
if (!empty($accessList['public'])) { | |||
$publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey(); | |||
} | |||
if ($this->recoveryKeyExists() && | |||
$this->util->isRecoveryEnabledForUser()) { | |||
$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey(); | |||
} | |||
return $publicKeys; | |||
} | |||
} |
@@ -90,7 +90,7 @@ class Recovery { | |||
IStorage $keyStorage, | |||
IFile $file, | |||
View $view) { | |||
$this->user = $user && $user->isLoggedIn() ? $user->getUser() : false; | |||
$this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false; | |||
$this->crypt = $crypt; | |||
$this->random = $random; | |||
$this->keyManager = $keyManager; | |||
@@ -180,7 +180,7 @@ class Recovery { | |||
$value); | |||
if ($value === '1') { | |||
$this->addRecoveryKeys('/' . $this->user . '/files/'); | |||
$this->addRecoveryKeys('/' . $this->user->getUID() . '/files/'); | |||
} else { | |||
$this->removeRecoveryKeys(); | |||
} | |||
@@ -198,20 +198,22 @@ class Recovery { | |||
$dirContent = $this->view->getDirectoryContent($path); | |||
foreach ($dirContent as $item) { | |||
// get relative path from files_encryption/keyfiles/ | |||
$filePath = $item['path']; | |||
$filePath = $item->getPath(); | |||
if ($item['type'] === 'dir') { | |||
$this->addRecoveryKeys($filePath . '/'); | |||
} else { | |||
$fileKey = $this->keyManager->getFileKey($filePath, $this->user); | |||
$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); | |||
if (!empty($fileKey)) { | |||
$accessList = $this->file->getAccessList($path); | |||
$accessList = $this->file->getAccessList($filePath); | |||
$publicKeys = array(); | |||
foreach ($accessList['users'] as $uid) { | |||
$publicKeys[$uid] = $this->keymanager->getPublicKey($uid); | |||
$publicKeys[$uid] = $this->keyManager->getPublicKey($uid); | |||
} | |||
$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); | |||
$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); | |||
$this->keymanager->setAllFileKeys($path, $encryptedKeyfiles); | |||
$this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles); | |||
} | |||
} | |||
} | |||
@@ -221,6 +223,7 @@ class Recovery { | |||
* remove recovery key to all encrypted files | |||
*/ | |||
private function removeRecoveryKeys($path = '/') { | |||
return true; | |||
$dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); | |||
foreach ($dirContent as $item) { | |||
// get relative path from files_encryption/keyfiles |
@@ -23,16 +23,13 @@ | |||
namespace OCA\Encryption; | |||
use OC\Files\Filesystem; | |||
use OC\Files\View; | |||
use OCA\Encryption\Crypto\Crypt; | |||
use OCP\App; | |||
use OCP\IConfig; | |||
use OCP\ILogger; | |||
use OCP\IUser; | |||
use OCP\IUserSession; | |||
use OCP\PreConditionNotMetException; | |||
use OCP\Share; | |||
class Util { | |||
/** | |||
@@ -43,10 +40,6 @@ class Util { | |||
* @var Crypt | |||
*/ | |||
private $crypt; | |||
/** | |||
* @var KeyManager | |||
*/ | |||
private $keyManager; | |||
/** | |||
* @var ILogger | |||
*/ | |||
@@ -65,21 +58,18 @@ class Util { | |||
* | |||
* @param View $files | |||
* @param Crypt $crypt | |||
* @param KeyManager $keyManager | |||
* @param ILogger $logger | |||
* @param IUserSession $userSession | |||
* @param IConfig $config | |||
*/ | |||
public function __construct(View $files, | |||
Crypt $crypt, | |||
KeyManager $keyManager, | |||
ILogger $logger, | |||
IUserSession $userSession, | |||
IConfig $config | |||
) { | |||
$this->files = $files; | |||
$this->crypt = $crypt; | |||
$this->keyManager = $keyManager; | |||
$this->logger = $logger; | |||
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; | |||
$this->config = $config; | |||
@@ -88,7 +78,7 @@ class Util { | |||
/** | |||
* @return bool | |||
*/ | |||
public function recoveryEnabledForUser() { | |||
public function isRecoveryEnabledForUser() { | |||
$recoveryMode = $this->config->getUserValue($this->user->getUID(), | |||
'encryption', | |||
'recoveryEnabled', | |||
@@ -115,18 +105,6 @@ class Util { | |||
} | |||
} | |||
/** | |||
* @param $recoveryPassword | |||
*/ | |||
public function recoverUsersFiles($recoveryPassword) { | |||
$encryptedKey = $this->keyManager->getSystemPrivateKey(); | |||
$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, | |||
$recoveryPassword); | |||
$this->recoverAllFiles('/', $privateKey); | |||
} | |||
/** | |||
* @param string $uid | |||
* @return bool |
@@ -16,38 +16,38 @@ $crypt = new \OCA\Encryption\Crypto\Crypt( | |||
\OC::$server->getLogger(), | |||
\OC::$server->getUserSession(), | |||
\OC::$server->getConfig()); | |||
$util = new \OCA\Encryption\Util( | |||
new \OC\Files\View(), | |||
$crypt, | |||
\OC::$server->getLogger(), | |||
\OC::$server->getUserSession(), | |||
\OC::$server->getConfig()); | |||
$keymanager = new \OCA\Encryption\KeyManager( | |||
\OC::$server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID), | |||
$crypt, | |||
\OC::$server->getConfig(), | |||
\OC::$server->getUserSession(), | |||
$session, | |||
\OC::$server->getLogger(), null); | |||
\OC::$server->getLogger(), $util); | |||
$user = \OCP\User::getUser(); | |||
$view = new \OC\Files\View('/'); | |||
$util = new \OCA\Encryption\Util( | |||
new \OC\Files\View(), | |||
$crypt, $keymanager, | |||
\OC::$server->getLogger(), | |||
\OC::$server->getUserSession(), | |||
\OC::$server->getConfig()); | |||
$privateKeySet = $session->isPrivateKeySet(); | |||
// did we tried to initialize the keys for this session? | |||
$initialized = $session->getStatus(); | |||
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled'); | |||
$recoveryEnabledForUser = $util->recoveryEnabledForUser(); | |||
$recoveryEnabledForUser = $util->isRecoveryEnabledForUser(); | |||
$result = false; | |||
if ($recoveryAdminEnabled || !$privateKeySet) { | |||
\OCP\Util::addscript('encryption', 'settings-personal'); | |||
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); | |||
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser); | |||
$tmpl->assign('privateKeySet', $privateKeySet); |