diff options
| author | Sam Tuke <samtuke@owncloud.com> | 2013-02-19 19:16:50 +0000 |
|---|---|---|
| committer | Sam Tuke <samtuke@owncloud.com> | 2013-02-19 19:16:50 +0000 |
| commit | 1b880f2f96df514c68a17e90141cff9620c2ddb5 (patch) | |
| tree | 3fa7eb572f314c2250bbf0162f9e0583789d8382 /apps/files_encryption/lib/crypt.php | |
| parent | 14ae373dfe86b34b3e027306b5f857a3f38ff418 (diff) | |
| download | nextcloud-server-1b880f2f96df514c68a17e90141cff9620c2ddb5.tar.gz nextcloud-server-1b880f2f96df514c68a17e90141cff9620c2ddb5.zip | |
Moved dependencies out of Crypt methods (encKeyfileToMultipleUsers)(DI)
Fixed bug preventing sharing with users other than 'ownCloud'
Added comments
Moved functionality into filterShareReadyUsers()
Other changes
Diffstat (limited to 'apps/files_encryption/lib/crypt.php')
| -rwxr-xr-x | apps/files_encryption/lib/crypt.php | 97 |
1 files changed, 51 insertions, 46 deletions
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 49b75c17f6a..1b0167834e1 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -746,52 +746,44 @@ class Crypt { /**
- * @brief encrypt file key to multiple users
- * @param $users list of users which should be able to access the file
- * @param $fileTarget target of the file
+ * @brief Encrypt keyfile to multiple users
+ * @param array $users list of users which should be able to access the file
+ * @param string $filePath path of the file to be shared
*/
- private static function encKeyfileToMultipleUsers($users, $filePath) {
- $view = new \OC_FilesystemView( '/' );
- $owner = \OCP\User::getUser();
- $util = new Util( $view, $userId );
- $session = new Session();
+ private static function encKeyfileToMultipleUsers( \OC_FilesystemView $view, Util $util, Session $session, $userId, array $users, $filePath ) {
+
+ // Make sure users are capable of sharing
+ $filteredUids = $util->filterShareReadyUsers( $users );
- $userIds = array();
+ // Get public keys for each user, ready for generating sharekeys
+ $userPubKeys = Keymanager::getPublicKeys( $view, $filteredUids ); // TODO: check this includes the owner's public key
+
+ \OC_FileProxy::$enabled = false;
+
+ // Get the current users's private key for decrypting existing keyfile
+ $privateKey = $session->getPrivateKey();
- foreach ( $users as $user ) {
+ // We need to get a decrypted key for the file
+ // Determine how to decrypt the keyfile by checking if current user is owner
+ if ( $userId == \OC\Files\Filesystem::getOwner( $filePath ) ) {
- $util = new Util( $view, $user );
-
- // Check that the user is encryption capable
- if ( $util->ready() && $user == 'ownCloud' ) {
- // Construct array of just UIDs for Keymanager{}
- $userIds[] = $user;
-
- } else {
-
- // Log warning; we can't do necessary setup here
- // because we don't have the user passphrase
- // TODO: Provide user feedback indicating that
- // sharing failed
- \OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$user.'" is not setup for encryption', \OC_Log::WARN );
+ // If current user is owner, decrypt without using sharekey
- }
+ } else {
+
+ // Current user is resharing a file they don't own
+ // Decrypt keyfile using sharekey
}
-
- $userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
-
- \OC_FileProxy::$enabled = false;
-
- // get the keyfile
+ // get the existing keyfile
$encKeyfile = Keymanager::getFileKey( $view, $owner, $filePath );
- $privateKey = $session->getPrivateKey();
-
- // decrypt the keyfile
+ // decrypt the existing keyfile
$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );
-
+
+ trigger_error("PUBKEYS = ". var_export($userPubKeys, 1));
+
// re-enc keyfile to sharekeys
$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
@@ -816,29 +808,42 @@ class Crypt { * @param path which needs to be updated
* @return bool success
*/
- public static function updateKeyfile($path) {
+ public static function updateKeyfile( \OC_FilesystemView $view, Util $util, Session $session, $path ) {
- $filesView = \OCP\Files::getStorage('files');
+ // Make path include 'files' dir for OC_FSV operations
+ $fPath = 'files' . $path;
$result = true;
- if ( $filesView->is_dir($path) ) {
- $content = $filesView->getDirectoryContent($path);
- foreach ( $content as $c) {
+ if ( ! $view->is_dir( $fPath ) ) {
+
+ $shares = \OCP\Share::getUsersSharingFile( $path, true );
+ $result = self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path );
+
+ } else {
+
+ $content = $view->getDirectoryContent( $fPath );
+
+ foreach ( $content as $c ) {
+
$path = substr($c['path'], 5);
- if ( $filesView->is_dir($path) ) {
- $result &= self::updateKeyfile($path);
+
+ if ( $view->is_dir( $fPath ) ) {
+
+ $result &= self::updateKeyfile( $path );
+
} else {
+
$shares = \OCP\Share::getUsersSharingFile( $path, true );
- $result &= self::encKeyfileToMultipleUsers($shares, $path);
+ $result &= self::encKeyfileToMultipleUsers( $view, $util, $session, $shares, $path );
+
}
}
- } else {
- $shares = \OCP\Share::getUsersSharingFile( $path, true );
- $result = self::encKeyfileToMultipleUsers($shares, $path);
+
}
return $result;
}
+
}
\ No newline at end of file |