summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Schießle <bjoern@schiessle.org>2016-01-11 13:02:11 +0100
committerBjörn Schießle <bjoern@schiessle.org>2016-01-11 13:09:06 +0100
commit46f6c289cac2ad20f9b57e1aff2894a38221a917 (patch)
tree4aeddafc7dd8b87d5ec69ec613b9480c940de730
parentdf2abda814e8909136a27fdac136dc15e62fe429 (diff)
downloadnextcloud-server-46f6c289cac2ad20f9b57e1aff2894a38221a917.tar.gz
nextcloud-server-46f6c289cac2ad20f9b57e1aff2894a38221a917.zip
only use master key ID if a user is logged in. Otherwise keep the public link share key
-rw-r--r--apps/encryption/lib/keymanager.php9
-rw-r--r--apps/encryption/tests/lib/KeyManagerTest.php76
2 files changed, 69 insertions, 16 deletions
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 8fa42be27fc..ae34286d21c 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -386,16 +386,17 @@ class KeyManager {
public function getFileKey($path, $uid) {
$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
- if ($this->util->isMasterKeyEnabled()) {
- $uid = $this->getMasterKeyId();
- }
-
if (is_null($uid)) {
$uid = $this->getPublicShareKeyId();
$shareKey = $this->getShareKey($path, $uid);
$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
$privateKey = $this->crypt->decryptPrivateKey($privateKey);
} else {
+
+ if ($this->util->isMasterKeyEnabled()) {
+ $uid = $this->getMasterKeyId();
+ }
+
$shareKey = $this->getShareKey($path, $uid);
$privateKey = $this->session->getPrivateKey();
}
diff --git a/apps/encryption/tests/lib/KeyManagerTest.php b/apps/encryption/tests/lib/KeyManagerTest.php
index 35ae8ad6ca0..3df9434e65a 100644
--- a/apps/encryption/tests/lib/KeyManagerTest.php
+++ b/apps/encryption/tests/lib/KeyManagerTest.php
@@ -342,25 +342,77 @@ class KeyManagerTest extends TestCase {
$this->assertTrue($this->instance->getEncryptedFileKey('/'));
}
- public function testGetFileKey() {
- $this->keyStorageMock->expects($this->exactly(4))
+ /**
+ * @dataProvider dataTestGetFileKey
+ *
+ * @param $uid
+ * @param $isMasterKeyEnabled
+ * @param $privateKey
+ * @param $expected
+ */
+ public function testGetFileKey($uid, $isMasterKeyEnabled, $privateKey, $expected) {
+
+ $path = '/foo.txt';
+
+ if ($isMasterKeyEnabled) {
+ $expectedUid = 'masterKeyId';
+ } else {
+ $expectedUid = $uid;
+ }
+
+ $this->invokePrivate($this->instance, 'masterKeyId', ['masterKeyId']);
+
+ $this->keyStorageMock->expects($this->at(0))
->method('getFileKey')
+ ->with($path, 'fileKey', 'OC_DEFAULT_MODULE')
->willReturn(true);
- $this->keyStorageMock->expects($this->once())
- ->method('getSystemUserKey')
+ $this->keyStorageMock->expects($this->at(1))
+ ->method('getFileKey')
+ ->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE')
->willReturn(true);
- $this->cryptMock->expects($this->once())
- ->method('decryptPrivateKey')
- ->willReturn(true);
+ if (is_null($uid)) {
+ $this->keyStorageMock->expects($this->once())
+ ->method('getSystemUserKey')
+ ->willReturn(true);
+ $this->cryptMock->expects($this->once())
+ ->method('decryptPrivateKey')
+ ->willReturn($privateKey);
+ } else {
+ $this->keyStorageMock->expects($this->never())
+ ->method('getSystemUserKey');
+ $this->utilMock->expects($this->once())->method('isMasterKeyEnabled')
+ ->willReturn($isMasterKeyEnabled);
+ $this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey);
+ }
- $this->cryptMock->expects($this->once())
- ->method('multiKeyDecrypt')
- ->willReturn(true);
+ if($privateKey) {
+ $this->cryptMock->expects($this->once())
+ ->method('multiKeyDecrypt')
+ ->willReturn(true);
+ } else {
+ $this->cryptMock->expects($this->never())
+ ->method('multiKeyDecrypt');
+ }
- $this->assertTrue($this->instance->getFileKey('/', null));
- $this->assertEmpty($this->instance->getFileKey('/', $this->userId));
+ $this->assertSame($expected,
+ $this->instance->getFileKey($path, $uid)
+ );
+
+ }
+
+ public function dataTestGetFileKey() {
+ return [
+ ['user1', false, 'privateKey', true],
+ ['user1', false, false, ''],
+ ['user1', true, 'privateKey', true],
+ ['user1', true, false, ''],
+ ['', false, 'privateKey', true],
+ ['', false, false, ''],
+ ['', true, 'privateKey', true],
+ ['', true, false, '']
+ ];
}
public function testDeletePrivateKey() {