occ script to disable encryption and to decrypt all files again

3 files changed, 258 insertions, 0 deletions

diff --git a/apps/encryption/tests/lib/SessionTest.php b/apps/encryption/tests/lib/SessionTest.php
index e036c439939..0fa48666d70 100644
--- a/apps/encryption/tests/lib/SessionTest.php
+++ b/apps/encryption/tests/lib/SessionTest.php
@@ -56,6 +56,7 @@ class SessionTest extends TestCase {
 	 * @depends testSetAndGetPrivateKey
 	 */
 	public function testIsPrivateKeySet() {
+		$this->instance->setPrivateKey('dummyPrivateKey');
 		$this->assertTrue($this->instance->isPrivateKeySet());
 
 		unset(self::$tempStorage['privateKey']);
@@ -65,6 +66,51 @@ class SessionTest extends TestCase {
 		self::$tempStorage['privateKey'] = 'dummyPrivateKey';
 	}
 
+	public function testDecryptAllModeActivated() {
+		$this->instance->prepareDecryptAll('user1', 'usersKey');
+		$this->assertTrue($this->instance->decryptAllModeActivated());
+		$this->assertSame('user1', $this->instance->getDecryptAllUid());
+		$this->assertSame('usersKey', $this->instance->getDecryptAllKey());
+	}
+
+	public function testDecryptAllModeDeactivated() {
+		$this->assertFalse($this->instance->decryptAllModeActivated());
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectExceptionMessage 'Please activate decrypt all mode first'
+	 */
+	public function testGetDecryptAllUidException() {
+		$this->instance->getDecryptAllUid();
+	}
+
+	/**
+	 * @expectedException \Exception
+	 * @expectExceptionMessage 'No uid found while in decrypt all mode'
+	 */
+	public function testGetDecryptAllUidException2() {
+		$this->instance->prepareDecryptAll(null, 'key');
+		$this->instance->getDecryptAllUid();
+	}
+
+	/**
+	 * @expectedException \OCA\Encryption\Exceptions\PrivateKeyMissingException
+	 * @expectExceptionMessage 'Please activate decrypt all mode first'
+	 */
+	public function testGetDecryptAllKeyException() {
+		$this->instance->getDecryptAllKey();
+	}
+
+	/**
+	 * @expectedException \OCA\Encryption\Exceptions\PrivateKeyMissingException
+	 * @expectExceptionMessage 'No key found while in decrypt all mode'
+	 */
+	public function testGetDecryptAllKeyException2() {
+		$this->instance->prepareDecryptAll('user', null);
+		$this->instance->getDecryptAllKey();
+	}
+
 	/**
 	 *
 	 */
@@ -112,6 +158,10 @@ class SessionTest extends TestCase {
 	 *
 	 */
 	public function testClearWillRemoveValues() {
+		$this->instance->setPrivateKey('privateKey');
+		$this->instance->setStatus('initStatus');
+		$this->instance->prepareDecryptAll('user', 'key');
+		$this->assertNotEmpty(self::$tempStorage);
 		$this->instance->clear();
 		$this->assertEmpty(self::$tempStorage);
 	}
@@ -138,4 +188,9 @@ class SessionTest extends TestCase {
 
 		$this->instance = new Session($this->sessionMock);
 	}
+
+	protected function tearDown() {
+		self::$tempStorage = [];
+		parent::tearDown();
+	}
 }
diff --git a/apps/encryption/tests/lib/crypto/decryptalltest.php b/apps/encryption/tests/lib/crypto/decryptalltest.php
new file mode 100644
index 00000000000..d6a52fe97c0
--- /dev/null
+++ b/apps/encryption/tests/lib/crypto/decryptalltest.php
@@ -0,0 +1,125 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\Encryption\Tests\lib\Crypto;
+
+
+use OCA\Encryption\Crypto\Crypt;
+use OCA\Encryption\Crypto\DecryptAll;
+use OCA\Encryption\KeyManager;
+use OCA\Encryption\Session;
+use OCA\Encryption\Util;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Test\TestCase;
+
+class DecryptAllTest extends TestCase {
+
+	/** @var  DecryptAll */
+	protected $instance;
+
+	/** @var Util | \PHPUnit_Framework_MockObject_MockObject  */
+	protected $util;
+
+	/** @var KeyManager | \PHPUnit_Framework_MockObject_MockObject  */
+	protected $keyManager;
+
+	/** @var  Crypt | \PHPUnit_Framework_MockObject_MockObject */
+	protected $crypt;
+
+	/** @var  Session | \PHPUnit_Framework_MockObject_MockObject */
+	protected $session;
+
+	/** @var QuestionHelper | \PHPUnit_Framework_MockObject_MockObject  */
+	protected $questionHelper;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->util = $this->getMockBuilder('OCA\Encryption\Util')
+			->disableOriginalConstructor()->getMock();
+		$this->keyManager = $this->getMockBuilder('OCA\Encryption\KeyManager')
+			->disableOriginalConstructor()->getMock();
+		$this->crypt = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
+			->disableOriginalConstructor()->getMock();
+		$this->session = $this->getMockBuilder('OCA\Encryption\Session')
+			->disableOriginalConstructor()->getMock();
+		$this->questionHelper = $this->getMockBuilder('Symfony\Component\Console\Helper\QuestionHelper')
+			->disableOriginalConstructor()->getMock();
+
+		$this->instance = new DecryptAll(
+			$this->util,
+			$this->keyManager,
+			$this->crypt,
+			$this->session,
+			$this->questionHelper
+		);
+	}
+
+	public function testUpdateSession() {
+		$this->session->expects($this->once())->method('prepareDecryptAll')
+			->with('user1', 'key1');
+
+		$this->invokePrivate($this->instance, 'updateSession', ['user1', 'key1']);
+	}
+
+	/**
+	 * @dataProvider dataTestGetPrivateKey
+	 *
+	 * @param string $user
+	 * @param string $recoveryKeyId
+	 */
+	public function testGetPrivateKey($user, $recoveryKeyId) {
+		$password = 'passwd';
+		$recoveryKey = 'recoveryKey';
+		$userKey = 'userKey';
+		$unencryptedKey = 'unencryptedKey';
+
+		$this->keyManager->expects($this->any())->method('getRecoveryKeyId')
+			->willReturn($recoveryKeyId);
+
+		if ($user === $recoveryKeyId) {
+			$this->keyManager->expects($this->once())->method('getSystemPrivateKey')
+				->with($recoveryKeyId)->willReturn($recoveryKey);
+			$this->keyManager->expects($this->never())->method('getPrivateKey');
+			$this->crypt->expects($this->once())->method('decryptPrivateKey')
+				->with($recoveryKey, $password)->willReturn($unencryptedKey);
+		} else {
+			$this->keyManager->expects($this->never())->method('getSystemPrivateKey');
+			$this->keyManager->expects($this->once())->method('getPrivateKey')
+				->with($user)->willReturn($userKey);
+			$this->crypt->expects($this->once())->method('decryptPrivateKey')
+				->with($userKey, $password, $user)->willReturn($unencryptedKey);
+		}
+
+		$this->assertSame($unencryptedKey,
+			$this->invokePrivate($this->instance, 'getPrivateKey', [$user, $password])
+		);
+	}
+
+	public function dataTestGetPrivateKey() {
+		return [
+			['user1', 'recoveryKey'],
+			['recoveryKeyId', 'recoveryKeyId']
+		];
+	}
+
+}
diff --git a/apps/encryption/tests/lib/crypto/encryptionTest.php b/apps/encryption/tests/lib/crypto/encryptionTest.php
index f58aa5d3ccb..9e0cb2f09d1 100644
--- a/apps/encryption/tests/lib/crypto/encryptionTest.php
+++ b/apps/encryption/tests/lib/crypto/encryptionTest.php
@@ -40,6 +40,12 @@ class EncryptionTest extends TestCase {
 	private $encryptAllMock;
 
 	/** @var \PHPUnit_Framework_MockObject_MockObject */
+	private $decryptAllMock;
+
+	/** @var \PHPUnit_Framework_MockObject_MockObject */
+	private $sessionMock;
+
+	/** @var \PHPUnit_Framework_MockObject_MockObject */
 	private $cryptMock;
 
 	/** @var \PHPUnit_Framework_MockObject_MockObject */
@@ -63,9 +69,15 @@ class EncryptionTest extends TestCase {
 		$this->keyManagerMock = $this->getMockBuilder('OCA\Encryption\KeyManager')
 			->disableOriginalConstructor()
 			->getMock();
+		$this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session')
+			->disableOriginalConstructor()
+			->getMock();
 		$this->encryptAllMock = $this->getMockBuilder('OCA\Encryption\Crypto\EncryptAll')
 			->disableOriginalConstructor()
 			->getMock();
+		$this->decryptAllMock = $this->getMockBuilder('OCA\Encryption\Crypto\DecryptAll')
+			->disableOriginalConstructor()
+			->getMock();
 		$this->loggerMock = $this->getMockBuilder('OCP\ILogger')
 			->disableOriginalConstructor()
 			->getMock();
@@ -81,7 +93,9 @@ class EncryptionTest extends TestCase {
 			$this->cryptMock,
 			$this->keyManagerMock,
 			$this->utilMock,
+			$this->sessionMock,
 			$this->encryptAllMock,
+			$this->decryptAllMock,
 			$this->loggerMock,
 			$this->l10nMock
 		);
@@ -170,6 +184,16 @@ class EncryptionTest extends TestCase {
 	 */
 	public function testBegin($mode, $header, $legacyCipher, $defaultCipher, $fileKey, $expected) {
 
+		$this->sessionMock->expects($this->once())
+			->method('decryptAllModeActivated')
+			->willReturn(false);
+
+		$this->sessionMock->expects($this->never())->method('getDecryptAllUid');
+		$this->sessionMock->expects($this->never())->method('getDecryptAllKey');
+		$this->keyManagerMock->expects($this->never())->method('getEncryptedFileKey');
+		$this->keyManagerMock->expects($this->never())->method('getShareKey');
+		$this->cryptMock->expects($this->never())->method('multiKeyDecrypt');
+
 		$this->cryptMock->expects($this->any())
 			->method('getCipher')
 			->willReturn($defaultCipher);
@@ -209,6 +233,49 @@ class EncryptionTest extends TestCase {
 		);
 	}
 
+
+	/**
+	 * test begin() if decryptAll mode was activated
+	 */
+	public function testBeginDecryptAll() {
+
+		$path = '/user/files/foo.txt';
+		$recoveryKeyId = 'recoveryKeyId';
+		$recoveryShareKey = 'recoveryShareKey';
+		$decryptAllKey = 'decryptAllKey';
+		$fileKey = 'fileKey';
+
+		$this->sessionMock->expects($this->once())
+			->method('decryptAllModeActivated')
+			->willReturn(true);
+		$this->sessionMock->expects($this->once())
+			->method('getDecryptAllUid')
+			->willReturn($recoveryKeyId);
+		$this->sessionMock->expects($this->once())
+			->method('getDecryptAllKey')
+			->willReturn($decryptAllKey);
+
+		$this->keyManagerMock->expects($this->once())
+			->method('getEncryptedFileKey')
+			->willReturn('encryptedFileKey');
+		$this->keyManagerMock->expects($this->once())
+			->method('getShareKey')
+			->with($path, $recoveryKeyId)
+			->willReturn($recoveryShareKey);
+		$this->cryptMock->expects($this->once())
+			->method('multiKeyDecrypt')
+			->with('encryptedFileKey', $recoveryShareKey, $decryptAllKey)
+			->willReturn($fileKey);
+
+		$this->keyManagerMock->expects($this->never())->method('getFileKey');
+
+		$this->instance->begin($path, 'user', 'r', [], []);
+
+		$this->assertSame($fileKey,
+			$this->invokePrivate($this->instance, 'fileKey')
+		);
+	}
+
 	/**
 	 * @dataProvider dataTestUpdate
 	 *
@@ -273,4 +340,15 @@ class EncryptionTest extends TestCase {
 	public function testDecrypt() {
 		$this->instance->decrypt('abc');
 	}
+
+	public function testPrepareDecryptAll() {
+		$input = $this->getMock('Symfony\Component\Console\Input\InputInterface');
+		$output = $this->getMock('Symfony\Component\Console\Output\OutputInterface');
+
+		$this->decryptAllMock->expects($this->once())->method('prepare')
+			->with($input, $output, 'user');
+
+		$this->instance->prepareDecryptAll($input, $output, 'user');
+	}
+
 }