diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-04-01 13:59:29 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-04-07 13:30:30 +0200 |
| commit | cac83642f2df98497ecedcded1716c28fa676313 (patch) | |
| tree | 4ac7401d90eea42ec970919d59f19f9c81ef9d60 /apps/encryption/lib | |
| parent | d203296e3514e5d987942f71fc80421a55ec477a (diff) | |
| download | nextcloud-server-cac83642f2df98497ecedcded1716c28fa676313.tar.gz nextcloud-server-cac83642f2df98497ecedcded1716c28fa676313.zip | |
Finally fixing encryption with public share
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/keymanager.php | 58 |
1 files changed, 31 insertions, 27 deletions
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index f96c426a725..f3f96b9ef21 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -23,6 +23,7 @@ namespace OCA\Encryption; use OC\Encryption\Exceptions\DecryptionFailedException; +use OCA\Encryption\Exceptions\FileKeyMissingException; use OCA\Encryption\Exceptions\PrivateKeyMissingException; use OC\Encryption\Exceptions\PublicKeyMissingException; use OCA\Encryption\Crypto\Crypt; @@ -114,6 +115,8 @@ class KeyManager { $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; + $this->log = $log; + $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { @@ -123,34 +126,24 @@ class KeyManager { $this->recoveryKeyId); } - $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); - $this->log = $log; - if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); - $this->config->setAppValue('encryption', - 'publicShareKeyId', - $this->publicShareKeyId); + $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); + } + $shareKey = $this->getPublicShareKey(); + if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey( - $this->publicShareKeyId . '.publicKey', - $keyPair['publicKey']); + $this->publicShareKeyId . '.publicKey', $keyPair['publicKey']); // Encrypt private key empty passphrase - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], - ''); - if ($encryptedKey) { - $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', - $encryptedKey); - } else { - $this->log->error('Could not create public share keys'); - } - + $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); + $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; @@ -161,7 +154,8 @@ class KeyManager { * @return bool */ public function recoveryKeyExists() { - return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'))); + $key = $this->getRecoveryKey(); + return (!empty($key)); } /** @@ -340,19 +334,25 @@ class KeyManager { * @return string */ public function getFileKey($path, $uid) { - $key = ''; - $encryptedFileKey = $this->keyStorage->getFileKey($path, - $this->fileKeyId); - $shareKey = $this->getShareKey($path, $uid); - $privateKey = $this->session->getPrivateKey(); + $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId); + + if (is_null($uid)) { + $uid = $this->getPublicShareKeyId(); + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey'); + $privateKey = $this->crypt->symmetricDecryptFileContent($privateKey); + } else { + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->session->getPrivateKey(); + } if ($encryptedFileKey && $shareKey && $privateKey) { - $key = $this->crypt->multiKeyDecrypt($encryptedFileKey, + return $this->crypt->multiKeyDecrypt($encryptedFileKey, $shareKey, $privateKey); } - return $key; + throw new FileKeyMissingException(); } /** @@ -412,7 +412,7 @@ class KeyManager { } /** - * get public key for public link shares + * get public key for public link shares * * @return string */ @@ -504,7 +504,11 @@ class KeyManager { */ public function addSystemKeys(array $accessList, array $publicKeys) { if (!empty($accessList['public'])) { - $publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey(); + $publicShareKey = $this->getPublicShareKey(); + if (empty($publicShareKey)) { + throw new PublicKeyMissingException(); + } + $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey; } if ($this->recoveryKeyExists() && |