diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2015-03-31 16:23:31 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-04-07 13:30:29 +0200 |
| commit | e4895bda01f9c94fc33e094ae9466e1cf5502916 (patch) | |
| tree | f78a79ef0c3035d443fc10e2eaedcb4f436d7091 /apps/encryption/lib | |
| parent | bd933b1c85dff950e83591a6245ba2e15db33caf (diff) | |
| download | nextcloud-server-e4895bda01f9c94fc33e094ae9466e1cf5502916.tar.gz nextcloud-server-e4895bda01f9c94fc33e094ae9466e1cf5502916.zip | |
add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/recovery.php | 87 |
1 files changed, 73 insertions, 14 deletions
diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index 0426c3746ed..701c0934c95 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -29,7 +29,8 @@ use OCP\IUser; use OCP\IUserSession; use OCP\PreConditionNotMetException; use OCP\Security\ISecureRandom; -use OCP\Share; +use OC\Files\View; +use OCP\Encryption\IFile; class Recovery { @@ -58,7 +59,17 @@ class Recovery { * @var IStorage */ private $keyStorage; - + /** + * @var View + */ + private $view; + /** + * @var IFile + */ + private $file; + /** + * @var string + */ private $recoveryKeyId; /** @@ -68,19 +79,25 @@ class Recovery { * @param KeyManager $keyManager * @param IConfig $config * @param IStorage $keyStorage + * @param IFile $file + * @param View $view */ public function __construct(IUserSession $user, Crypt $crypt, ISecureRandom $random, KeyManager $keyManager, IConfig $config, - IStorage $keyStorage) { + IStorage $keyStorage, + IFile $file, + View $view) { $this->user = $user && $user->isLoggedIn() ? $user->getUser() : false; $this->crypt = $crypt; $this->random = $random; $this->keyManager = $keyManager; $this->config = $config; $this->keyStorage = $keyStorage; + $this->view = $view; + $this->file = $file; } /** @@ -138,14 +155,6 @@ class Recovery { return false; } - public function addRecoveryKeys($keyId) { - // No idea new way to do this.... - } - - public function removeRecoveryKeys() { - // No idea new way to do this.... - } - /** * @return bool */ @@ -159,17 +168,23 @@ class Recovery { } /** - * @param $enabled + * @param string $value * @return bool */ - public function setRecoveryForUser($enabled) { - $value = $enabled ? '1' : '0'; + public function setRecoveryForUser($value) { try { $this->config->setUserValue($this->user->getUID(), 'encryption', 'recoveryEnabled', $value); + + if ($value === '1') { + $this->addRecoveryKeys('/' . $this->user . '/files/'); + } else { + $this->removeRecoveryKeys(); + } + return true; } catch (PreConditionNotMetException $e) { return false; @@ -177,6 +192,50 @@ class Recovery { } /** + * add recovery key to all encrypted files + */ + private function addRecoveryKeys($path = '/') { + $dirContent = $this->view->getDirectoryContent($path); + foreach ($dirContent as $item) { + // get relative path from files_encryption/keyfiles/ + $filePath = $item['path']; + if ($item['type'] === 'dir') { + $this->addRecoveryKeys($filePath . '/'); + } else { + $fileKey = $this->keyManager->getFileKey($filePath, $this->user); + if (!empty($fileKey)) { + $accessList = $this->file->getAccessList($path); + $publicKeys = array(); + foreach ($accessList['users'] as $uid) { + $publicKeys[$uid] = $this->keymanager->getPublicKey($uid); + } + + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); + $this->keymanager->setAllFileKeys($path, $encryptedKeyfiles); + } + } + } + } + + /** + * remove recovery key to all encrypted files + */ + private function removeRecoveryKeys($path = '/') { + $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); + foreach ($dirContent as $item) { + // get relative path from files_encryption/keyfiles + $filePath = substr($item['path'], strlen('files_encryption/keyfiles')); + if ($item['type'] === 'dir') { + $this->removeRecoveryKeys($filePath . '/'); + } else { + // remove '.key' extension from path e.g. 'file.txt.key' to 'file.txt' + $file = substr($filePath, 0, -4); + $this->view->unlink($this->shareKeysPath . '/' . $file . '.' . $this->recoveryKeyId . '.shareKey'); + } + } + } + + /** * @param $recoveryPassword */ public function recoverUsersFiles($recoveryPassword) { |