mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55472 Commits
370 Branches
Tree: d9015a8c94
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd9015a8c94'
${ noResults }
nextcloud/apps/encryption/lib/Crypto/DecryptAll.php

DecryptAll.php 4.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Björn Schießle <bjoern@schiessle.org>

  6.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  7.  *

  8.  * @license AGPL-3.0

  9.  *

  10.  * This code is free software: you can redistribute it and/or modify

  11.  * it under the terms of the GNU Affero General Public License, version 3,

  12.  * as published by the Free Software Foundation.

  13.  *

  14.  * This program is distributed in the hope that it will be useful,

  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  17.  * GNU Affero General Public License for more details.

  18.  *

  19.  * You should have received a copy of the GNU Affero General Public License, version 3,

  20.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  21.  *

  22.  */

  23. 

  24. namespace OCA\Encryption\Crypto;

  25. 

  26. use OCA\Encryption\KeyManager;

  27. use OCA\Encryption\Session;

  28. use OCA\Encryption\Util;

  29. use Symfony\Component\Console\Helper\QuestionHelper;

  30. use Symfony\Component\Console\Input\InputInterface;

  31. use Symfony\Component\Console\Output\OutputInterface;

  32. use Symfony\Component\Console\Question\ConfirmationQuestion;

  33. use Symfony\Component\Console\Question\Question;

  34. 

  35. class DecryptAll {

  36. 

  37. 	/** @var Util  */

  38. 	protected $util;

  39. 

  40. 	/** @var QuestionHelper  */

  41. 	protected $questionHelper;

  42. 

  43. 	/** @var  Crypt */

  44. 	protected $crypt;

  45. 

  46. 	/** @var  KeyManager */

  47. 	protected $keyManager;

  48. 

  49. 	/** @var Session  */

  50. 	protected $session;

  51. 

  52. 	/**

  53. 	 * @param Util $util

  54. 	 * @param KeyManager $keyManager

  55. 	 * @param Crypt $crypt

  56. 	 * @param Session $session

  57. 	 * @param QuestionHelper $questionHelper

  58. 	 */

  59. 	public function __construct(

  60. 		Util $util,

  61. 		KeyManager $keyManager,

  62. 		Crypt $crypt,

  63. 		Session $session,

  64. 		QuestionHelper $questionHelper

  65. 	) {

  66. 		$this->util = $util;

  67. 		$this->keyManager = $keyManager;

  68. 		$this->crypt = $crypt;

  69. 		$this->session = $session;

  70. 		$this->questionHelper = $questionHelper;

  71. 	}

  72. 

  73. 	/**

  74. 	 * prepare encryption module to decrypt all files

  75. 	 *

  76. 	 * @param InputInterface $input

  77. 	 * @param OutputInterface $output

  78. 	 * @param $user

  79. 	 * @return bool

  80. 	 */

  81. 	public function prepare(InputInterface $input, OutputInterface $output, $user) {

  82. 		$question = new Question('Please enter the recovery key password: ');

  83. 

  84. 		if ($this->util->isMasterKeyEnabled()) {

  85. 			$output->writeln('Use master key to decrypt all files');

  86. 			$user = $this->keyManager->getMasterKeyId();

  87. 			$password = $this->keyManager->getMasterKeyPassword();

  88. 		} else {

  89. 			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();

  90. 			if (!empty($user)) {

  91. 				$output->writeln('You can only decrypt the users files if you know');

  92. 				$output->writeln('the users password or if he activated the recovery key.');

  93. 				$output->writeln('');

  94. 				$questionUseLoginPassword = new ConfirmationQuestion(

  95. 					'Do you want to use the users login password to decrypt all files? (y/n) ',

  96. 					false

  97. 				);

  98. 				$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);

  99. 				if ($useLoginPassword) {

  100. 					$question = new Question('Please enter the user\'s login password: ');

  101. 				} elseif ($this->util->isRecoveryEnabledForUser($user) === false) {

  102. 					$output->writeln('No recovery key available for user ' . $user);

  103. 					return false;

  104. 				} else {

  105. 					$user = $recoveryKeyId;

  106. 				}

  107. 			} else {

  108. 				$output->writeln('You can only decrypt the files of all users if the');

  109. 				$output->writeln('recovery key is enabled by the admin and activated by the users.');

  110. 				$output->writeln('');

  111. 				$user = $recoveryKeyId;

  112. 			}

  113. 

  114. 			$question->setHidden(true);

  115. 			$question->setHiddenFallback(false);

  116. 			$password = $this->questionHelper->ask($input, $output, $question);

  117. 		}

  118. 

  119. 		$privateKey = $this->getPrivateKey($user, $password);

  120. 		if ($privateKey !== false) {

  121. 			$this->updateSession($user, $privateKey);

  122. 			return true;

  123. 		} else {

  124. 			$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');

  125. 		}

  126. 

  127. 

  128. 		return false;

  129. 	}

  130. 

  131. 	/**

  132. 	 * get the private key which will be used to decrypt all files

  133. 	 *

  134. 	 * @param string $user

  135. 	 * @param string $password

  136. 	 * @return bool|string

  137. 	 * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException

  138. 	 */

  139. 	protected function getPrivateKey($user, $password) {

  140. 		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();

  141. 		$masterKeyId = $this->keyManager->getMasterKeyId();

  142. 		if ($user === $recoveryKeyId) {

  143. 			$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);

  144. 			$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);

  145. 		} elseif ($user === $masterKeyId) {

  146. 			$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);

  147. 			$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);

  148. 		} else {

  149. 			$userKey = $this->keyManager->getPrivateKey($user);

  150. 			$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);

  151. 		}

  152. 

  153. 		return $privateKey;

  154. 	}

  155. 

  156. 	protected function updateSession($user, $privateKey) {

  157. 		$this->session->prepareDecryptAll($user, $privateKey);

  158. 	}

  159. }