diff options
author | Björn Schießle <bjoern@schiessle.org> | 2016-01-11 13:02:11 +0100 |
---|---|---|
committer | Björn Schießle <bjoern@schiessle.org> | 2016-01-11 13:09:06 +0100 |
commit | 46f6c289cac2ad20f9b57e1aff2894a38221a917 (patch) | |
tree | 4aeddafc7dd8b87d5ec69ec613b9480c940de730 | |
parent | df2abda814e8909136a27fdac136dc15e62fe429 (diff) | |
download | nextcloud-server-46f6c289cac2ad20f9b57e1aff2894a38221a917.tar.gz nextcloud-server-46f6c289cac2ad20f9b57e1aff2894a38221a917.zip |
only use master key ID if a user is logged in. Otherwise keep the public link share key
-rw-r--r-- | apps/encryption/lib/keymanager.php | 9 | ||||
-rw-r--r-- | apps/encryption/tests/lib/KeyManagerTest.php | 76 |
2 files changed, 69 insertions, 16 deletions
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 8fa42be27fc..ae34286d21c 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -386,16 +386,17 @@ class KeyManager { public function getFileKey($path, $uid) { $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID); - if ($this->util->isMasterKeyEnabled()) { - $uid = $this->getMasterKeyId(); - } - if (is_null($uid)) { $uid = $this->getPublicShareKeyId(); $shareKey = $this->getShareKey($path, $uid); $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID); $privateKey = $this->crypt->decryptPrivateKey($privateKey); } else { + + if ($this->util->isMasterKeyEnabled()) { + $uid = $this->getMasterKeyId(); + } + $shareKey = $this->getShareKey($path, $uid); $privateKey = $this->session->getPrivateKey(); } diff --git a/apps/encryption/tests/lib/KeyManagerTest.php b/apps/encryption/tests/lib/KeyManagerTest.php index 35ae8ad6ca0..3df9434e65a 100644 --- a/apps/encryption/tests/lib/KeyManagerTest.php +++ b/apps/encryption/tests/lib/KeyManagerTest.php @@ -342,25 +342,77 @@ class KeyManagerTest extends TestCase { $this->assertTrue($this->instance->getEncryptedFileKey('/')); } - public function testGetFileKey() { - $this->keyStorageMock->expects($this->exactly(4)) + /** + * @dataProvider dataTestGetFileKey + * + * @param $uid + * @param $isMasterKeyEnabled + * @param $privateKey + * @param $expected + */ + public function testGetFileKey($uid, $isMasterKeyEnabled, $privateKey, $expected) { + + $path = '/foo.txt'; + + if ($isMasterKeyEnabled) { + $expectedUid = 'masterKeyId'; + } else { + $expectedUid = $uid; + } + + $this->invokePrivate($this->instance, 'masterKeyId', ['masterKeyId']); + + $this->keyStorageMock->expects($this->at(0)) ->method('getFileKey') + ->with($path, 'fileKey', 'OC_DEFAULT_MODULE') ->willReturn(true); - $this->keyStorageMock->expects($this->once()) - ->method('getSystemUserKey') + $this->keyStorageMock->expects($this->at(1)) + ->method('getFileKey') + ->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE') ->willReturn(true); - $this->cryptMock->expects($this->once()) - ->method('decryptPrivateKey') - ->willReturn(true); + if (is_null($uid)) { + $this->keyStorageMock->expects($this->once()) + ->method('getSystemUserKey') + ->willReturn(true); + $this->cryptMock->expects($this->once()) + ->method('decryptPrivateKey') + ->willReturn($privateKey); + } else { + $this->keyStorageMock->expects($this->never()) + ->method('getSystemUserKey'); + $this->utilMock->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn($isMasterKeyEnabled); + $this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey); + } - $this->cryptMock->expects($this->once()) - ->method('multiKeyDecrypt') - ->willReturn(true); + if($privateKey) { + $this->cryptMock->expects($this->once()) + ->method('multiKeyDecrypt') + ->willReturn(true); + } else { + $this->cryptMock->expects($this->never()) + ->method('multiKeyDecrypt'); + } - $this->assertTrue($this->instance->getFileKey('/', null)); - $this->assertEmpty($this->instance->getFileKey('/', $this->userId)); + $this->assertSame($expected, + $this->instance->getFileKey($path, $uid) + ); + + } + + public function dataTestGetFileKey() { + return [ + ['user1', false, 'privateKey', true], + ['user1', false, false, ''], + ['user1', true, 'privateKey', true], + ['user1', true, false, ''], + ['', false, 'privateKey', true], + ['', false, false, ''], + ['', true, 'privateKey', true], + ['', true, false, ''] + ]; } public function testDeletePrivateKey() { |