aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2015-03-31 17:13:36 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-04-07 13:30:29 +0200
commit1358d07d3516ffb6ecedc451bd1a0ad60d3cb673 (patch)
tree9e25e4c5c98a31c4edf0a9a4139cd93a90ac6e2d
parente4895bda01f9c94fc33e094ae9466e1cf5502916 (diff)
downloadnextcloud-server-1358d07d3516ffb6ecedc451bd1a0ad60d3cb673.tar.gz
nextcloud-server-1358d07d3516ffb6ecedc451bd1a0ad60d3cb673.zip
let user enable recovery key
-rw-r--r--apps/encryption/appinfo/application.php11
-rw-r--r--apps/encryption/js/settings-personal.js2
-rw-r--r--apps/encryption/lib/crypto/encryption.php4
-rw-r--r--apps/encryption/lib/keymanager.php33
-rw-r--r--apps/encryption/lib/recovery.php17
-rw-r--r--apps/encryption/lib/util.php24
-rw-r--r--apps/encryption/settings/settings-personal.php22
7 files changed, 65 insertions, 48 deletions
diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php
index 372d49e5ef7..955146f7182 100644
--- a/apps/encryption/appinfo/application.php
+++ b/apps/encryption/appinfo/application.php
@@ -124,7 +124,8 @@ class Application extends \OCP\AppFramework\App {
$server->getConfig(),
$server->getUserSession(),
new \OCA\Encryption\Session($server->getSession()),
- $server->getLogger()
+ $server->getLogger(),
+ $c->query('Util')
);
});
@@ -167,8 +168,12 @@ class Application extends \OCP\AppFramework\App {
function (IAppContainer $c) {
$server = $c->getServer();
- return new Util(new View(), $c->query('Crypt'), $c->query('KeyManager'), $server->getLogger(), $server->getUserSession(), $server->getConfig()
- );
+ return new Util(
+ new View(),
+ $c->query('Crypt'),
+ $server->getLogger(),
+ $server->getUserSession(),
+ $server->getConfig());
});
}
diff --git a/apps/encryption/js/settings-personal.js b/apps/encryption/js/settings-personal.js
index 7f0f4c6c26d..dcfbba4ecde 100644
--- a/apps/encryption/js/settings-personal.js
+++ b/apps/encryption/js/settings-personal.js
@@ -9,7 +9,7 @@ function updatePrivateKeyPasswd() {
var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
OC.msg.startSaving('#encryption .msg');
$.post(
- OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' )
+ OC.generateUrl('/apps/encryption/ajax/updatePrivateKeyPassword')
, { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword }
, function( data ) {
if (data.status === "error") {
diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php
index 3c93f759407..aa620785824 100644
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@@ -131,6 +131,8 @@ class Encryption implements IEncryptionModule {
$publicKeys[$uid] = $this->keymanager->getPublicKey($uid);
}
+ $publicKeys = $this->keymanager->addSystemKeys($this->accessList, $publicKeys);
+
$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
$this->keymanager->setAllFileKeys($path, $encryptedKeyfiles);
}
@@ -235,7 +237,7 @@ class Encryption implements IEncryptionModule {
$publicKeys[$user] = $this->keymanager->getPublicKey($user);
}
- $publicKeys = $this->addSystemKeys($accessList, $publicKeys);
+ $publicKeys = $this->keymanager->addSystemKeys($accessList, $publicKeys);
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 67a32d75908..9aae6fb2d9d 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -27,6 +27,7 @@ use OCA\Encryption\Exceptions\PrivateKeyMissingException;
use OC\Encryption\Exceptions\PublicKeyMissingException;
use OCA\Encryption\Crypto\Crypt;
use OCP\Encryption\Keys\IStorage;
+use OCA\Encryption\Util;
use OCP\IConfig;
use OCP\ILogger;
use OCP\IUserSession;
@@ -84,6 +85,10 @@ class KeyManager {
* @var ILogger
*/
private $log;
+ /**
+ * @var Util
+ */
+ private $util;
/**
* @param IStorage $keyStorage
@@ -92,6 +97,7 @@ class KeyManager {
* @param IUserSession $userSession
* @param Session $session
* @param ILogger $log
+ * @param Util $util
*/
public function __construct(
IStorage $keyStorage,
@@ -99,9 +105,11 @@ class KeyManager {
IConfig $config,
IUserSession $userSession,
Session $session,
- ILogger $log
+ ILogger $log,
+ Util $util
) {
+ $this->util = $util;
$this->session = $session;
$this->keyStorage = $keyStorage;
$this->crypt = $crypt;
@@ -153,7 +161,7 @@ class KeyManager {
* @return bool
*/
public function recoveryKeyExists() {
- return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId)));
+ return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey')));
}
/**
@@ -471,4 +479,25 @@ class KeyManager {
public function setSystemPrivateKey($keyId, $key) {
return $this->keyStorage->setSystemUserKey($keyId . '.' . $this->privateKeyId, $key);
}
+
+ /**
+ * add system keys such as the public share key and the recovery key
+ *
+ * @param array $accessList
+ * @param array $publicKeys
+ * @return array
+ */
+ public function addSystemKeys(array $accessList, array $publicKeys) {
+ if (!empty($accessList['public'])) {
+ $publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey();
+ }
+
+ if ($this->recoveryKeyExists() &&
+ $this->util->isRecoveryEnabledForUser()) {
+
+ $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
+ }
+
+ return $publicKeys;
+ }
}
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
index 701c0934c95..b3da82a3cc5 100644
--- a/apps/encryption/lib/recovery.php
+++ b/apps/encryption/lib/recovery.php
@@ -90,7 +90,7 @@ class Recovery {
IStorage $keyStorage,
IFile $file,
View $view) {
- $this->user = $user && $user->isLoggedIn() ? $user->getUser() : false;
+ $this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false;
$this->crypt = $crypt;
$this->random = $random;
$this->keyManager = $keyManager;
@@ -180,7 +180,7 @@ class Recovery {
$value);
if ($value === '1') {
- $this->addRecoveryKeys('/' . $this->user . '/files/');
+ $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
} else {
$this->removeRecoveryKeys();
}
@@ -198,20 +198,22 @@ class Recovery {
$dirContent = $this->view->getDirectoryContent($path);
foreach ($dirContent as $item) {
// get relative path from files_encryption/keyfiles/
- $filePath = $item['path'];
+ $filePath = $item->getPath();
if ($item['type'] === 'dir') {
$this->addRecoveryKeys($filePath . '/');
} else {
- $fileKey = $this->keyManager->getFileKey($filePath, $this->user);
+ $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
if (!empty($fileKey)) {
- $accessList = $this->file->getAccessList($path);
+ $accessList = $this->file->getAccessList($filePath);
$publicKeys = array();
foreach ($accessList['users'] as $uid) {
- $publicKeys[$uid] = $this->keymanager->getPublicKey($uid);
+ $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
}
+ $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys);
+
$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
- $this->keymanager->setAllFileKeys($path, $encryptedKeyfiles);
+ $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
}
}
}
@@ -221,6 +223,7 @@ class Recovery {
* remove recovery key to all encrypted files
*/
private function removeRecoveryKeys($path = '/') {
+ return true;
$dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path);
foreach ($dirContent as $item) {
// get relative path from files_encryption/keyfiles
diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php
index 45891be5dad..6b6b8b6b38c 100644
--- a/apps/encryption/lib/util.php
+++ b/apps/encryption/lib/util.php
@@ -23,16 +23,13 @@
namespace OCA\Encryption;
-use OC\Files\Filesystem;
use OC\Files\View;
use OCA\Encryption\Crypto\Crypt;
-use OCP\App;
use OCP\IConfig;
use OCP\ILogger;
use OCP\IUser;
use OCP\IUserSession;
use OCP\PreConditionNotMetException;
-use OCP\Share;
class Util {
/**
@@ -44,10 +41,6 @@ class Util {
*/
private $crypt;
/**
- * @var KeyManager
- */
- private $keyManager;
- /**
* @var ILogger
*/
private $logger;
@@ -65,21 +58,18 @@ class Util {
*
* @param View $files
* @param Crypt $crypt
- * @param KeyManager $keyManager
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
*/
public function __construct(View $files,
Crypt $crypt,
- KeyManager $keyManager,
ILogger $logger,
IUserSession $userSession,
IConfig $config
) {
$this->files = $files;
$this->crypt = $crypt;
- $this->keyManager = $keyManager;
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
$this->config = $config;
@@ -88,7 +78,7 @@ class Util {
/**
* @return bool
*/
- public function recoveryEnabledForUser() {
+ public function isRecoveryEnabledForUser() {
$recoveryMode = $this->config->getUserValue($this->user->getUID(),
'encryption',
'recoveryEnabled',
@@ -116,18 +106,6 @@ class Util {
}
/**
- * @param $recoveryPassword
- */
- public function recoverUsersFiles($recoveryPassword) {
- $encryptedKey = $this->keyManager->getSystemPrivateKey();
-
- $privateKey = $this->crypt->decryptPrivateKey($encryptedKey,
- $recoveryPassword);
-
- $this->recoverAllFiles('/', $privateKey);
- }
-
- /**
* @param string $uid
* @return bool
*/
diff --git a/apps/encryption/settings/settings-personal.php b/apps/encryption/settings/settings-personal.php
index 8caacbd19ca..417bf1433bf 100644
--- a/apps/encryption/settings/settings-personal.php
+++ b/apps/encryption/settings/settings-personal.php
@@ -16,38 +16,38 @@ $crypt = new \OCA\Encryption\Crypto\Crypt(
\OC::$server->getLogger(),
\OC::$server->getUserSession(),
\OC::$server->getConfig());
+
+$util = new \OCA\Encryption\Util(
+ new \OC\Files\View(),
+ $crypt,
+ \OC::$server->getLogger(),
+ \OC::$server->getUserSession(),
+ \OC::$server->getConfig());
+
$keymanager = new \OCA\Encryption\KeyManager(
\OC::$server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID),
$crypt,
\OC::$server->getConfig(),
\OC::$server->getUserSession(),
$session,
- \OC::$server->getLogger(), null);
+ \OC::$server->getLogger(), $util);
$user = \OCP\User::getUser();
$view = new \OC\Files\View('/');
-$util = new \OCA\Encryption\Util(
- new \OC\Files\View(),
- $crypt, $keymanager,
- \OC::$server->getLogger(),
- \OC::$server->getUserSession(),
- \OC::$server->getConfig());
+
$privateKeySet = $session->isPrivateKeySet();
// did we tried to initialize the keys for this session?
$initialized = $session->getStatus();
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled');
-$recoveryEnabledForUser = $util->recoveryEnabledForUser();
+$recoveryEnabledForUser = $util->isRecoveryEnabledForUser();
$result = false;
if ($recoveryAdminEnabled || !$privateKeySet) {
-
- \OCP\Util::addscript('encryption', 'settings-personal');
-
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
$tmpl->assign('privateKeySet', $privateKeySet);