change private/public key names for consistency reasons

4 files changed, 172 insertions, 187 deletions

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 3f4d2c99e19..24e1494fc00 100644
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -19,7 +19,7 @@
  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
  *
  * You should have received a copy of the GNU Affero General Public
- * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ * License alon with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
@@ -108,6 +108,25 @@ class Helper {
 	}
 
 	/**
+	 * get recovery key id
+	 *
+	 * @return string|bool recovery key ID or false
+	 */
+	public static function getRecoveryKeyId() {
+		$appConfig = \OC::$server->getAppConfig();
+		$key = $appConfig->getValue('files_encryption', 'recoveryKeyId');
+
+		return ($key === null) ? false : $key;
+	}
+
+	public static function getPublicShareKeyId() {
+		$appConfig = \OC::$server->getAppConfig();
+		$key = $appConfig->getValue('files_encryption', 'publicShareKeyId');
+
+		return ($key === null) ? false : $key;
+	}
+
+	/**
 	 * enable recovery
 	 *
 	 * @param string $recoveryKeyId
@@ -126,38 +145,22 @@ class Helper {
 			$appConfig->setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId);
 		}
 
-		if (!$view->is_dir('/owncloud_private_key')) {
-			$view->mkdir('/owncloud_private_key');
-		}
-
-		if (
-			(!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key")
-			 || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key"))
-		) {
+		if (!Keymanager::recoveryKeyExists($view)) {
 
 			$keypair = \OCA\Encryption\Crypt::createKeypair();
 
-			\OC_FileProxy::$enabled = false;
-
 			// Save public key
-
-			if (!$view->is_dir('/public-keys')) {
-				$view->mkdir('/public-keys');
-			}
-
-			$view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']);
+			Keymanager::setPublicKey($keypair['publicKey'], $recoveryKeyId);
 
 			$cipher = \OCA\Encryption\Helper::getCipher();
 			$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword, $cipher);
 			if ($encryptedKey) {
-				Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId . '.private.key');
+				Keymanager::setPrivateSystemKey($encryptedKey, $recoveryKeyId);
 				// Set recoveryAdmin as enabled
 				$appConfig->setValue('files_encryption', 'recoveryAdminEnabled', 1);
 				$return = true;
 			}
 
-			\OC_FileProxy::$enabled = true;
-
 		} else { // get recovery key and check the password
 			$util = new \OCA\Encryption\Util(new \OC\Files\View('/'), \OCP\User::getUser());
 			$return = $util->checkRecoveryPassword($recoveryPassword);
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 0885267ece0..2c340bcb23f 100644
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -34,37 +34,69 @@ class Keymanager {
 	const KEYS_BASE_DIR = '/files_encryption/keys/';
 
 	/**
-	 * retrieve the ENCRYPTED private key from a user
+	 * read key from hard disk
 	 *
-	 * @param \OC\Files\View $view
-	 * @param string $user
-	 * @return string private key or false (hopefully)
-	 * @note the key returned by this method must be decrypted before use
+	 * @param string $path to key
+	 * @return string|bool either the key or false
 	 */
-	public static function getPrivateKey(\OC\Files\View $view, $user) {
+	private static function getKey($path, $view) {
+		$proxyStatus = \OC_FileProxy::$enabled;
+		\OC_FileProxy::$enabled = false;
 
-		$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key';
 		$key = false;
-
 		if ($view->file_exists($path)) {
 			$key = $view->file_get_contents($path);
 		}
 
+		\OC_FileProxy::$enabled = $proxyStatus;
+
 		return $key;
 	}
 
 	/**
+	 * write key to disk
+	 *
+	 *
+	 * @param string $path path to key directory
+	 * @param string $name key name
+	 * @param string $key key
+	 * @param \OC\Files\View $view
+	 * @return bool
+	 */
+	private static function setKey($path, $name, $key, $view) {
+		$proxyStatus = \OC_FileProxy::$enabled;
+		\OC_FileProxy::$enabled = false;
+
+		self::keySetPreparation($view, $path);
+		$result = $view->file_put_contents($path . '/' . $name, $key);
+
+		\OC_FileProxy::$enabled = $proxyStatus;
+
+		return (is_int($result) && $result > 0) ? true : false;
+	}
+
+	/**
+	 * retrieve the ENCRYPTED private key from a user
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $user
+	 * @return string private key or false (hopefully)
+	 * @note the key returned by this method must be decrypted before use
+	 */
+	public static function getPrivateKey(\OC\Files\View $view, $user) {
+		$path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.privateKey';
+		return self::getKey($path, $view);
+	}
+
+	/**
 	 * retrieve public key for a specified user
 	 * @param \OC\Files\View $view
 	 * @param string $userId
 	 * @return string public key or false
 	 */
 	public static function getPublicKey(\OC\Files\View $view, $userId) {
-
-		$result = $view->file_get_contents('/public-keys/' . $userId . '.public.key');
-
-		return $result;
-
+		$path = '/public-keys/' . $userId . '.publicKey';
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -91,7 +123,6 @@ class Keymanager {
 	public static function getPublicKeys(\OC\Files\View $view, array $userIds) {
 
 		$keys = array();
-
 		foreach ($userIds as $userId) {
 			$keys[$userId] = self::getPublicKey($view, $userId);
 		}
@@ -112,15 +143,8 @@ class Keymanager {
 	 * asymmetrically encrypt the keyfile before passing it to this method
 	 */
 	public static function setFileKey(\OC\Files\View $view, $util, $path, $catfile) {
-
-		$basePath = self::getKeyPath($view, $util, $path);
-
-		self::keySetPreparation($view, $basePath);
-
-		$result = $view->file_put_contents(
-				$basePath . '/fileKey', $catfile);
-
-		return $result;
+		$path = self::getKeyPath($view, $util, $path);
+		return self::setKey($path, 'fileKey', $catfile, $view);
 
 	}
 
@@ -161,23 +185,8 @@ class Keymanager {
 	 * @return string
 	 */
 	public static function getFileKeyPath($view, $util, $path) {
-
-		if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
-			throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
-		}
-
-		list($owner, $filename) = $util->getUidAndFilename($path);
-		$filename = Helper::stripPartialFileExtension($filename);
-		$filePath_f = ltrim($filename, '/');
-
-		// in case of system wide mount points the keys are stored directly in the data directory
-		if ($util->isSystemWideMountPoint($filename)) {
-			$keyfilePath = self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
-		} else {
-			$keyfilePath = '/' . $owner . self::KEYS_BASE_DIR . $filePath_f . '/fileKey';
-		}
-
-		return $keyfilePath;
+		$keyDir = self::getKeyPath($view, $util, $path);
+		return $keyDir . 'fileKey';
 	}
 
 	/**
@@ -190,22 +199,37 @@ class Keymanager {
 	 * @retrun string
 	 */
 	public static function getShareKeyPath($view, $util, $path, $uid) {
+		$keyDir = self::getKeyPath($view, $util, $path);
+		return $keyDir . $uid . '.shareKey';
+	}
 
-		if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
-			throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
-		}
+	/**
+	 * delete public key from a given user
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $uid user
+	 * @return bool
+	 */
+	public static function deletePublicKey($view, $uid) {
 
-		list($owner, $filename) = $util->getUidAndFilename($path);
-		$filename = Helper::stripPartialFileExtension($filename);
+		$result = false;
 
-		// in case of system wide mount points the keys are stored directly in the data directory
-		if ($util->isSystemWideMountPoint($filename)) {
-			$shareKeyPath = self::KEYS_BASE_DIR . $filename . '/'. $uid . '.shareKey';
-		} else {
-			$shareKeyPath = '/' . $owner . self::KEYS_BASE_DIR . $filename . '/' . $uid . '.shareKey';
+		if (!\OCP\User::userExists($uid)) {
+			$publicKey = '/public-keys/' . $uid . '.publicKey';
+			$result = $view->unlink($publicKey);
 		}
 
-		return $shareKeyPath;
+		return $result;
+	}
+
+	/**
+	 * check if public key for user exists
+	 *
+	 * @param \OC\Files\View $view
+	 * @param string $uid
+	 */
+	public static function publicKeyExists($view, $uid) {
+		return $view->file_exists('/public-keys/'. $uid . '.publicKey');
 	}
 
 
@@ -221,17 +245,8 @@ class Keymanager {
 	 * of the keyfile must be performed by client code
 	 */
 	public static function getFileKey($view, $util, $filePath) {
-
-		$keyfilePath = self::getFileKeyPath($view, $util, $filePath);
-
-		if ($view->file_exists($keyfilePath)) {
-			$result = $view->file_get_contents($keyfilePath);
-		} else {
-			$result = false;
-		}
-
-		return $result;
-
+		$path = self::getFileKeyPath($view, $util, $filePath);
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -243,80 +258,86 @@ class Keymanager {
 	 */
 	public static function setPrivateKey($key, $user = '') {
 
-		if ($user === '') {
-			$user = \OCP\User::getUser();
-		}
-
+		$user = $user === '' ? \OCP\User::getUser() : $user;
+		$path = '/' . $user . '/files_encryption';
 		$header = Crypt::generateHeader();
 
-		$view = new \OC\Files\View('/' . $user . '/files_encryption');
+		return self::setKey($path, $user . '.privateKey', $header . $key, new \OC\Files\View());
 
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
+	}
 
-		if (!$view->file_exists('')) {
-			$view->mkdir('');
+	/**
+	 * check if recovery key exists
+	 *
+	 * @param \OC\Files\View $view
+	 * @return bool
+	 */
+	public static function recoveryKeyExists($view) {
+
+		$result = false;
+
+		$recoveryKeyId = Helper::getRecoveryKeyId();
+		if ($recoveryKeyId) {
+			$result = ($view->file_exists("/public-keys/" . $recoveryKeyId . ".publicKey")
+					&& $view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".privateKey"));
 		}
 
-		$result = $view->file_put_contents($user . '.private.key', $header . $key);
+		return $result;
+	}
+
+	public static function publicShareKeyExists($view) {
+		$result = false;
 
-		\OC_FileProxy::$enabled = $proxyStatus;
+		$publicShareKeyId = Helper::getPublicShareKeyId();
+		if ($publicShareKeyId) {
+			$result = ($view->file_exists("/public-keys/" . $publicShareKeyId . ".publicKey")
+					&& $view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".privateKey"));
+
+		}
 
 		return $result;
+	}
+
+	/**
+	 * store public key from the user
+	 * @param string $key
+	 * @param string $user
+	 *
+	 * @return bool
+	 */
+	public static function setPublicKey($key, $user = '') {
 
+		$user = $user === '' ? \OCP\User::getUser() : $user;
+		$path = '/public-keys';
+
+		return self::setKey($path, $user . '.publicKey', $key, new \OC\Files\View('/'));
 	}
 
 	/**
 	 * write private system key (recovery and public share key) to disk
 	 *
 	 * @param string $key encrypted key
-	 * @param string $keyName name of the key file
+	 * @param string $keyName name of the key
 	 * @return boolean
 	 */
 	public static function setPrivateSystemKey($key, $keyName) {
 
+		$keyName = $keyName . '.privateKey';
+		$path = '/owncloud_private_key';
 		$header = Crypt::generateHeader();
 
-		$view = new \OC\Files\View('/owncloud_private_key');
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		if (!$view->file_exists('')) {
-			$view->mkdir('');
-		}
-
-		$result = $view->file_put_contents($keyName, $header . $key);
-
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-		return $result;
+		return self::setKey($path, $keyName,$header . $key, new \OC\Files\View());
 	}
 
 	/**
-	 * store share key
+	 * read private system key (recovery and public share key) from disk
 	 *
-	 * @param \OC\Files\View $view
-	 * @param string $path where the share key is stored
-	 * @param string $shareKey
-	 * @return bool true/false
-	 * @note The keyfile is not encrypted here. Client code must
-	 * asymmetrically encrypt the keyfile before passing it to this method
+	 * @param string $keyName name of the key
+	 * @return string|boolean private system key or false
 	 */
-	private static function setShareKey(\OC\Files\View $view, $path, $shareKey) {
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$result = $view->file_put_contents($path, $shareKey);
-
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-		if (is_int($result) && $result > 0) {
-			return true;
-		} else {
-			return false;
-		}
+	public static function getPrivateSystemKey($keyName) {
+		$path = $keyName . '.privateKey';
+		return self::getKey($path, new \OC\Files\View('/owncloud_private_key'));
 	}
 
 	/**
@@ -337,11 +358,7 @@ class Keymanager {
 		$result = true;
 
 		foreach ($shareKeys as $userId => $shareKey) {
-
-			$writePath = $basePath . '/' . $userId . '.shareKey';
-
-			if (!self::setShareKey($view, $writePath, $shareKey)) {
-
+			if (!self::setKey($basePath, $userId . '.shareKey', $shareKey, $view)) {
 				// If any of the keys are not set, flag false
 				$result = false;
 			}
@@ -362,16 +379,8 @@ class Keymanager {
 	 * of the keyfile must be performed by client code
 	 */
 	public static function getShareKey($view, $userId, $util, $filePath) {
-
-		$shareKeyPath = self::getShareKeyPath($view, $util, $filePath, $userId);
-
-		if ($view->file_exists($shareKeyPath)) {
-			$result = $view->file_get_contents($shareKeyPath);
-		} else {
-			$result = false;
-		}
-
-		return $result;
+		$path = self::getShareKeyPath($view, $util, $filePath, $userId);
+		return self::getKey($path, $view);
 	}
 
 	/**
@@ -432,7 +441,6 @@ class Keymanager {
 	 * @param string $basePath
 	 */
 	protected static function keySetPreparation($view, $path) {
-
 		// If the file resides within a subdirectory, create it
 		if (!$view->file_exists($path)) {
 			$sub_dirs = explode('/', $path);
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index e4fef536235..355264a5070 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -56,43 +56,30 @@ class Session {
 
 		$appConfig = \OC::$server->getAppConfig();
 
-		$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
+		$publicShareKeyId = Helper::getPublicShareKeyId();
 
-		if ($publicShareKeyId === null) {
+		if ($publicShareKeyId === false) {
 			$publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
 			$appConfig->setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId);
 		}
 
-		if (
-			!$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key")
-			|| !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key")
-		) {
+		if (!Keymanager::publicShareKeyExists($view)) {
 
 			$keypair = Crypt::createKeypair();
 
-			// Disable encryption proxy to prevent recursive calls
-			$proxyStatus = \OC_FileProxy::$enabled;
-			\OC_FileProxy::$enabled = false;
 
 			// Save public key
-
-			if (!$view->is_dir('/public-keys')) {
-				$view->mkdir('/public-keys');
-			}
-
-			$this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']);
+			Keymanager::setPublicKey($keypair['publicKey'], $publicShareKeyId);
 
 			// Encrypt private key empty passphrase
 			$cipher = \OCA\Encryption\Helper::getCipher();
 			$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], '', $cipher);
 			if ($encryptedKey) {
-				Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId . '.private.key');
+				Keymanager::setPrivateSystemKey($encryptedKey, $publicShareKeyId);
 			} else {
 				\OCP\Util::writeLog('files_encryption', 'Could not create public share keys', \OCP\Util::ERROR);
 			}
 
-			\OC_FileProxy::$enabled = $proxyStatus;
-
 		}
 
 		if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) {
@@ -100,8 +87,7 @@ class Session {
 			$proxyStatus = \OC_FileProxy::$enabled;
 			\OC_FileProxy::$enabled = false;
 
-			$encryptedKey = $this->view->file_get_contents(
-				'/owncloud_private_key/' . $publicShareKeyId . '.private.key');
+			$encryptedKey = Keymanager::getPrivateSystemKey($publicShareKeyId);
 			$privateKey = Crypt::decryptPrivateKey($encryptedKey, '');
 			self::setPublicSharePrivateKey($privateKey);
 
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 8299ed5fe6e..6c1b2f60d7e 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -77,9 +77,9 @@ class Util {
 		$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
 		$this->keysPath = $this->encryptionDir . '/' . 'keys';
 		$this->publicKeyPath =
-				$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
+				$this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey
 		$this->privateKeyPath =
-				$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
+				$this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey
 		// make sure that the owners home is mounted
 		\OC\Files\Filesystem::initMountPoints($userId);
 
@@ -1363,22 +1363,14 @@ class Util {
 	public function checkRecoveryPassword($password) {
 
 		$result = false;
-		$pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key";
-
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$recoveryKey = $this->view->file_get_contents($pathKey);
 
+		$recoveryKey = Keymanager::getPrivateSystemKey($this->recoveryKeyId);
 		$decryptedRecoveryKey = Crypt::decryptPrivateKey($recoveryKey, $password);
 
 		if ($decryptedRecoveryKey) {
 			$result = true;
 		}
 
-		\OC_FileProxy::$enabled = $proxyStatus;
-
-
 		return $result;
 	}
 
@@ -1486,16 +1478,9 @@ class Util {
 	 */
 	public function recoverUsersFiles($recoveryPassword) {
 
-		// Disable encryption proxy to prevent recursive calls
-		$proxyStatus = \OC_FileProxy::$enabled;
-		\OC_FileProxy::$enabled = false;
-
-		$encryptedKey = $this->view->file_get_contents(
-			'/owncloud_private_key/' . $this->recoveryKeyId . '.private.key');
+		$encryptedKey = Keymanager::getPrivateSystemKey( $this->recoveryKeyId);
 		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $recoveryPassword);
 
-		\OC_FileProxy::$enabled = $proxyStatus;
-
 		$this->recoverAllFiles('/', $privateKey);
 	}
 
@@ -1510,8 +1495,8 @@ class Util {
 		$backupDir .= ($purpose === '') ? date("Y-m-d_H-i-s") . '/' : $purpose . '.' . date("Y-m-d_H-i-s") . '/';
 		$this->view->mkdir($backupDir);
 		$this->view->copy($this->keysPath, $backupDir . 'keys/');
-		$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.private.key');
-		$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.public.key');
+		$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey');
+		$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey');
 	}
 
 	/**
@@ -1571,7 +1556,10 @@ class Util {
 
 		$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
 
-		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
+		$privateKey = false;
+		if ($encryptedKey) {
+			$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
+		}
 
 		if ($privateKey === false) {
 			\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid']