fix set recovery key and implement change password

author: Bjoern Schiessle <schiessle@owncloud.com> 2015-03-31 13:48:03 +0200
committer: Thomas Müller <thomas.mueller@tmit.eu> 2015-04-07 13:30:29 +0200
commit: 4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a (patch)
tree: bc8ece1aaca29577622012920eb0d70020827196 /apps/encryption/lib
parent: a98b7dbf6fc3a190d995326ea97f88296ed89080 (diff)
download: nextcloud-server-4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a.tar.gz
nextcloud-server-4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a.zip
3 files changed, 61 insertions, 16 deletions
diff --git a/apps/encryption/lib/exceptions/privatekeymissingexception.php b/apps/encryption/lib/exceptions/privatekeymissingexception.php
index e06940f7ac8..ddc3d11cdbc 100644
--- a/apps/encryption/lib/exceptions/privatekeymissingexception.php
+++ b/apps/encryption/lib/exceptions/privatekeymissingexception.php
@@ -23,6 +23,6 @@
 namespace OCA\Encryption\Exceptions;
 
 
-class PrivateKeyMissingException extends GenericEncryptionException{
+class PrivateKeyMissingException extends \Exception{
 
 }
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php
index 87b19fe35ea..67a32d75908 100644
--- a/apps/encryption/lib/keymanager.php
+++ b/apps/encryption/lib/keymanager.php
@@ -108,6 +108,14 @@ class KeyManager {
 		$this->config = $config;
 		$this->recoveryKeyId = $this->config->getAppValue('encryption',
 			'recoveryKeyId');
+		if (empty($this->recoveryKeyId)) {
+			$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
+			$this->config->setAppValue('encryption',
+				'recoveryKeyId',
+				$this->recoveryKeyId);
+		}
+
+
 		$this->publicShareKeyId = $this->config->getAppValue('encryption',
 			'publicShareKeyId');
 		$this->log = $log;
@@ -171,7 +179,7 @@ class KeyManager {
 	 * @return bool
 	 */
 	public function checkRecoveryPassword($password) {
-		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId);
+		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey');
 		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey,
 			$password);
 
@@ -202,6 +210,26 @@ class KeyManager {
 		return false;
 	}
 
+		/**
+	 * @param string $uid
+	 * @param string $password
+	 * @param array $keyPair
+	 * @return bool
+	 */
+	public function setRecoveryKey($password, $keyPair) {
+		// Save Public Key
+		$this->keyStorage->setSystemUserKey($this->getRecoveryKeyId(). '.publicKey', $keyPair['publicKey']);
+
+		$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'],
+			$password);
+
+		if ($encryptedKey) {
+			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $encryptedKey);
+			return true;
+		}
+		return false;
+	}
+
 	/**
 	 * @param $userId
 	 * @param $key
@@ -428,9 +456,19 @@ class KeyManager {
 	}
 
 	/**
+	 * @param string $keyId
+	 * @return string returns openssl key
+	 */
+	public function getSystemPrivateKey($keyId) {
+		return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId);
+	}
+
+	/**
+	 * @param string $keyId
+	 * @param string $key
 	 * @return string returns openssl key
 	 */
-	public function getSystemPrivateKey() {
-		return $this->keyStorage->getSystemUserKey($this->privateKeyId);
+	public function setSystemPrivateKey($keyId, $key) {
+		return $this->keyStorage->setSystemUserKey($keyId . '.' . $this->privateKeyId, $key);
 	}
 }
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php
index 376d3ef83ba..0426c3746ed 100644
--- a/apps/encryption/lib/recovery.php
+++ b/apps/encryption/lib/recovery.php
@@ -88,24 +88,14 @@ class Recovery {
 	 * @param $password
 	 * @return bool
 	 */
-	public function enableAdminRecovery($recoveryKeyId, $password) {
+	public function enableAdminRecovery($password) {
 		$appConfig = $this->config;
-
-		if ($recoveryKeyId === null) {
-			$recoveryKeyId = $this->random->getLowStrengthGenerator();
-			$appConfig->setAppValue('encryption',
-				'recoveryKeyId',
-				$recoveryKeyId);
-		}
-
 		$keyManager = $this->keyManager;
 
 		if (!$keyManager->recoveryKeyExists()) {
 			$keyPair = $this->crypt->createKeyPair();
 
-			return $this->keyManager->storeKeyPair($this->user->getUID(),
-				$password,
-				$keyPair);
+			$this->keyManager->setRecoveryKey($password, $keyPair);
 		}
 
 		if ($keyManager->checkRecoveryPassword($password)) {
@@ -117,6 +107,23 @@ class Recovery {
 	}
 
 	/**
+	 * change recovery key id
+	 *
+	 * @param string $newPassword
+	 * @param string $oldPassword
+	 */
+	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
+		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
+		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
+		$encryptedRecoveryKey = $this->crypt->symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword);
+		if ($encryptedRecoveryKey) {
+			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $encryptedRecoveryKey);
+			return true;
+		}
+		return false;
+	}
+
+	/**
 	 * @param $recoveryPassword
 	 * @return bool
 	 */
author	Bjoern Schiessle <schiessle@owncloud.com>	2015-03-31 13:48:03 +0200
committer	Thomas Müller <thomas.mueller@tmit.eu>	2015-04-07 13:30:29 +0200
commit	4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a (patch)
tree	bc8ece1aaca29577622012920eb0d70020827196 /apps/encryption/lib
parent	a98b7dbf6fc3a190d995326ea97f88296ed89080 (diff)
download	nextcloud-server-4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a.tar.gz nextcloud-server-4b4aeaa5b2e13ae4272bf8f4b44564e5b8cb046a.zip