- moved the enrcyption of the filekey ifg file gets shared from the post shared hook to

  Crypt::encKeyfileToMultipleUsers() because this can be reused if files get unshared
- switch from preUnshare hook to postUnshare hook because afterward we can simply get the
  updated list of users with access to the file and call Crypt::encKeyfileToMultipleUsers()

3 files changed, 54 insertions, 39 deletions

diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php
index f83109a18ea..6778e1faa3c 100644
--- a/apps/files_encryption/appinfo/app.php
+++ b/apps/files_encryption/appinfo/app.php
@@ -16,8 +16,8 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set
 
 // Sharing-related hooks
 OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
-OCP\Util::connectHook( 'OCP\Share', 'pre_unshare', 'OCA\Encryption\Hooks', 'preUnshare' );
-OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' );
+OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' );
+OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' );
 
 // Webdav-related hooks
 OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' );
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index b0075a3ada7..c8565964ba9 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -179,7 +179,6 @@ class Hooks {
 		$view = new \OC_FilesystemView( '/' );

 		$userId = \OCP\User::getUser();

 		$util = new Util( $view, $userId );

-		$session = new Session();

 		

 		$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );

 		

@@ -207,55 +206,29 @@ class Hooks {
 			}

 		

 		}

-		

-		$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );

-		

-		\OC_FileProxy::$enabled = false;

-		

-		// get the keyfile

-		$encKeyfile = Keymanager::getFileKey( $view, $userId, $params['fileTarget'] );

-		

-		$privateKey = $session->getPrivateKey();

-		

-		// decrypt the keyfile

-		$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );

-		

-		// re-enc keyfile to sharekeys

-		$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );

-		

-		// save sharekeys

-		if ( ! Keymanager::setShareKeys( $view, $params['fileTarget'], $shareKeys['keys'] ) ) {

-		

-			trigger_error( "SET Share keys failed" );

-			

-		}

-		

-		// Delete existing keyfile

-		// Do this last to ensure file is recoverable in case of error

-// 		Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );

-		

-		\OC_FileProxy::$enabled = true;

-		

-		return true;

+

+		return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']);

 		

 	}

 	

 	/**

 	 * @brief 

 	 */

-	public static function preUnshare( $params ) {

-		

-		// Delete existing catfile

+	public static function postUnshare( $params ) {

+		$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );

 		

-		// Generate new catfile and env keys

+		$userIds = array();		

+		foreach ( $shares as $share ) {

+			$userIds[] = $share['userId'];

+		}

 		

-		// Save env keys to user folders

+		return Crypt::encKeyfileToMultipleUsers($userIDs, $params['fileTarget']);

 	}

 	

 	/**

 	 * @brief 

 	 */

-	public static function preUnshareAll( $params ) {

+	public static function postUnshareAll( $params ) {

 		

 		trigger_error( "preUnshareAll" );

 		

diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index fdee03eeaf5..6704ea6bf18 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -744,4 +744,46 @@ class Crypt {
 	

 	}

 	

+	

+	/**

+	 * @brief encrypt file key to multiple users

+	 * @param $users list of users which should be able to access the file

+	 * @param $fileTarget target of the file

+	 */

+	public static function encKeyfileToMultipleUsers($users, $fileTarget) {

+		$view = new \OC_FilesystemView( '/' );

+		$userId = \OCP\User::getUser();

+		$util = new Util( $view, $userId );

+		$session = new Session();

+

+		$userPubKeys = Keymanager::getPublicKeys( $view, $users );

+

+		\OC_FileProxy::$enabled = false;

+

+		// get the keyfile

+		$encKeyfile = Keymanager::getFileKey( $view, $userId, $fileTarget );

+

+		$privateKey = $session->getPrivateKey();

+

+		// decrypt the keyfile

+		$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );

+

+		// re-enc keyfile to sharekeys

+		$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );

+

+		// save sharekeys

+		if ( ! Keymanager::setShareKeys( $view, $fileTarget, $shareKeys['keys'] ) ) {

+

+			trigger_error( "SET Share keys failed" );

+

+		}

+

+		// Delete existing keyfile

+		// Do this last to ensure file is recoverable in case of error

+		// 		Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );

+	

+		\OC_FileProxy::$enabled = true;

+

+		return true;

+	}

 }
\ No newline at end of file