mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62826 Commits
371 Branches
Tree: 1164c762eb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1164c762eb'
${ noResults }
nextcloud/core/Command/Encryption/MigrateKeyStorage.php

MigrateKeyStorage.php 6.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>

  7.  *

  8.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  9.  *

  10.  * @license GNU AGPL version 3 or any later version

  11.  *

  12.  * This program is free software: you can redistribute it and/or modify

  13.  * it under the terms of the GNU Affero General Public License as

  14.  * published by the Free Software Foundation, either version 3 of the

  15.  * License, or (at your option) any later version.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU Affero General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU Affero General Public License

  23.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  24.  *

  25.  */

  26. namespace OC\Core\Command\Encryption;

  27. 

  28. use OC\Encryption\Keys\Storage;

  29. use OC\Encryption\Util;

  30. use OC\Files\View;

  31. use OCP\IConfig;

  32. use OCP\IUserManager;

  33. use OCP\Security\ICrypto;

  34. use Symfony\Component\Console\Command\Command;

  35. use Symfony\Component\Console\Helper\ProgressBar;

  36. use Symfony\Component\Console\Helper\QuestionHelper;

  37. use Symfony\Component\Console\Input\InputInterface;

  38. use Symfony\Component\Console\Output\OutputInterface;

  39. 

  40. class MigrateKeyStorage extends Command {

  41. 	protected View $rootView;

  42. 	protected IUserManager $userManager;

  43. 	protected IConfig $config;

  44. 	protected Util $util;

  45. 	protected QuestionHelper $questionHelper;

  46. 	private ICrypto $crypto;

  47. 

  48. 	public function __construct(View $view, IUserManager $userManager, IConfig $config, Util $util, ICrypto $crypto) {

  49. 		parent::__construct();

  50. 		$this->rootView = $view;

  51. 		$this->userManager = $userManager;

  52. 		$this->config = $config;

  53. 		$this->util = $util;

  54. 		$this->crypto = $crypto;

  55. 	}

  56. 

  57. 	protected function configure() {

  58. 		parent::configure();

  59. 		$this

  60. 			->setName('encryption:migrate-key-storage-format')

  61. 			->setDescription('Migrate the format of the keystorage to a newer format');

  62. 	}

  63. 

  64. 	protected function execute(InputInterface $input, OutputInterface $output): int {

  65. 		$root = $this->util->getKeyStorageRoot();

  66. 

  67. 		$output->writeln("Updating key storage format");

  68. 		$this->updateKeys($root, $output);

  69. 		$output->writeln("Key storage format successfully updated");

  70. 

  71. 		return 0;

  72. 	}

  73. 

  74. 	/**

  75. 	 * Move keys to new key storage root

  76. 	 *

  77. 	 * @param string $root

  78. 	 * @param OutputInterface $output

  79. 	 * @return bool

  80. 	 * @throws \Exception

  81. 	 */

  82. 	protected function updateKeys(string $root, OutputInterface $output): bool {

  83. 		$output->writeln("Start to update the keys:");

  84. 

  85. 		$this->updateSystemKeys($root);

  86. 		$this->updateUsersKeys($root, $output);

  87. 		$this->config->deleteSystemValue('encryption.key_storage_migrated');

  88. 		return true;

  89. 	}

  90. 

  91. 	/**

  92. 	 * Move system key folder

  93. 	 */

  94. 	protected function updateSystemKeys(string $root): void {

  95. 		if (!$this->rootView->is_dir($root . '/files_encryption')) {

  96. 			return;

  97. 		}

  98. 

  99. 		$this->traverseKeys($root . '/files_encryption', null);

  100. 	}

  101. 

  102. 	private function traverseKeys(string $folder, ?string $uid) {

  103. 		$listing = $this->rootView->getDirectoryContent($folder);

  104. 

  105. 		foreach ($listing as $node) {

  106. 			if ($node['mimetype'] === 'httpd/unix-directory') {

  107. 				continue;

  108. 			}

  109. 

  110. 			if ($node['name'] === 'fileKey' ||

  111. 				str_ends_with($node['name'], '.privateKey') ||

  112. 				str_ends_with($node['name'], '.publicKey') ||

  113. 				str_ends_with($node['name'], '.shareKey')) {

  114. 				$path = $folder . '/' . $node['name'];

  115. 

  116. 				$content = $this->rootView->file_get_contents($path);

  117. 

  118. 				try {

  119. 					$this->crypto->decrypt($content);

  120. 					continue;

  121. 				} catch (\Exception $e) {

  122. 					// Ignore we now update the data.

  123. 				}

  124. 

  125. 				$data = [

  126. 					'key' => base64_encode($content),

  127. 					'uid' => $uid,

  128. 				];

  129. 

  130. 				$enc = $this->crypto->encrypt(json_encode($data));

  131. 				$this->rootView->file_put_contents($path, $enc);

  132. 			}

  133. 		}

  134. 	}

  135. 

  136. 	private function traverseFileKeys(string $folder) {

  137. 		$listing = $this->rootView->getDirectoryContent($folder);

  138. 

  139. 		foreach ($listing as $node) {

  140. 			if ($node['mimetype'] === 'httpd/unix-directory') {

  141. 				$this->traverseFileKeys($folder . '/' . $node['name']);

  142. 			} else {

  143. 				$endsWith = function ($haystack, $needle) {

  144. 					$length = strlen($needle);

  145. 					if ($length === 0) {

  146. 						return true;

  147. 					}

  148. 

  149. 					return (substr($haystack, -$length) === $needle);

  150. 				};

  151. 

  152. 				if ($node['name'] === 'fileKey' ||

  153. 					$endsWith($node['name'], '.privateKey') ||

  154. 					$endsWith($node['name'], '.publicKey') ||

  155. 					$endsWith($node['name'], '.shareKey')) {

  156. 					$path = $folder . '/' . $node['name'];

  157. 

  158. 					$content = $this->rootView->file_get_contents($path);

  159. 

  160. 					try {

  161. 						$this->crypto->decrypt($content);

  162. 						continue;

  163. 					} catch (\Exception $e) {

  164. 						// Ignore we now update the data.

  165. 					}

  166. 

  167. 					$data = [

  168. 						'key' => base64_encode($content)

  169. 					];

  170. 

  171. 					$enc = $this->crypto->encrypt(json_encode($data));

  172. 					$this->rootView->file_put_contents($path, $enc);

  173. 				}

  174. 			}

  175. 		}

  176. 	}

  177. 

  178. 

  179. 	/**

  180. 	 * setup file system for the given user

  181. 	 *

  182. 	 * @param string $uid

  183. 	 */

  184. 	protected function setupUserFS($uid) {

  185. 		\OC_Util::tearDownFS();

  186. 		\OC_Util::setupFS($uid);

  187. 	}

  188. 

  189. 

  190. 	/**

  191. 	 * iterate over each user and move the keys to the new storage

  192. 	 *

  193. 	 * @param string $root

  194. 	 * @param OutputInterface $output

  195. 	 */

  196. 	protected function updateUsersKeys(string $root, OutputInterface $output) {

  197. 		$progress = new ProgressBar($output);

  198. 		$progress->start();

  199. 

  200. 		foreach ($this->userManager->getBackends() as $backend) {

  201. 			$limit = 500;

  202. 			$offset = 0;

  203. 			do {

  204. 				$users = $backend->getUsers('', $limit, $offset);

  205. 				foreach ($users as $user) {

  206. 					$progress->advance();

  207. 					$this->setupUserFS($user);

  208. 					$this->updateUserKeys($root, $user);

  209. 				}

  210. 				$offset += $limit;

  211. 			} while (count($users) >= $limit);

  212. 		}

  213. 		$progress->finish();

  214. 	}

  215. 

  216. 	/**

  217. 	 * move user encryption folder to new root folder

  218. 	 *

  219. 	 * @param string $root

  220. 	 * @param string $user

  221. 	 * @throws \Exception

  222. 	 */

  223. 	protected function updateUserKeys(string $root, string $user) {

  224. 		if ($this->userManager->userExists($user)) {

  225. 			$source = $root . '/' . $user . '/files_encryption/OC_DEFAULT_MODULE';

  226. 			if ($this->rootView->is_dir($source)) {

  227. 				$this->traverseKeys($source, $user);

  228. 			}

  229. 

  230. 			$source = $root . '/' . $user . '/files_encryption/keys';

  231. 			if ($this->rootView->is_dir($source)) {

  232. 				$this->traverseFileKeys($source);

  233. 			}

  234. 		}

  235. 	}

  236. }