Move \OCP\Encryption to PSR-4 (#24680)

5 files changed, 548 insertions, 0 deletions

diff --git a/lib/public/Encryption/Exceptions/GenericEncryptionException.php b/lib/public/Encryption/Exceptions/GenericEncryptionException.php
new file mode 100644
index 00000000000..c1331689c7f
--- /dev/null
+++ b/lib/public/Encryption/Exceptions/GenericEncryptionException.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Clark Tomlinson <fallen013@gmail.com>
+ * @author Lukas Reschke <lukas@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCP\Encryption\Exceptions;
+use OC\HintException;
+
+/**
+ * Class GenericEncryptionException
+ *
+ * @package OCP\Encryption\Exceptions
+ * @since 8.1.0
+ */
+class GenericEncryptionException extends HintException {
+
+	/**
+	 * @param string $message
+	 * @param string $hint
+	 * @param int $code
+	 * @param \Exception $previous
+	 * @since 8.1.0
+	 */
+	public function __construct($message = '', $hint = '', $code = 0, \Exception $previous = null) {
+		if (empty($message)) {
+			$message = 'Unspecified encryption exception';
+		}
+		parent::__construct($message, $hint, $code, $previous);
+	}
+
+}
diff --git a/lib/public/Encryption/IEncryptionModule.php b/lib/public/Encryption/IEncryptionModule.php
new file mode 100644
index 00000000000..8d20a1ab57d
--- /dev/null
+++ b/lib/public/Encryption/IEncryptionModule.php
@@ -0,0 +1,183 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Lukas Reschke <lukas@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCP\Encryption;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+/**
+ * Interface IEncryptionModule
+ *
+ * @package OCP\Encryption
+ * @since 8.1.0
+ */
+interface IEncryptionModule {
+
+	/**
+	 * @return string defining the technical unique id
+	 * @since 8.1.0
+	 */
+	public function getId();
+
+	/**
+	 * In comparison to getKey() this function returns a human readable (maybe translated) name
+	 *
+	 * @return string
+	 * @since 8.1.0
+	 */
+	public function getDisplayName();
+
+	/**
+	 * start receiving chunks from a file. This is the place where you can
+	 * perform some initial step before starting encrypting/decrypting the
+	 * chunks
+	 *
+	 * @param string $path to the file
+	 * @param string $user who read/write the file (null for public access)
+	 * @param string $mode php stream open mode
+	 * @param array $header contains the header data read from the file
+	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
+	 *
+	 * $return array $header contain data as key-value pairs which should be
+	 *                       written to the header, in case of a write operation
+	 *                       or if no additional data is needed return a empty array
+	 * @since 8.1.0
+	 */
+	public function begin($path, $user, $mode, array $header, array $accessList);
+
+	/**
+	 * last chunk received. This is the place where you can perform some final
+	 * operation and return some remaining data if something is left in your
+	 * buffer.
+	 *
+	 * @param string $path to the file
+	 * @param string $position id of the last block (looks like "<Number>end")
+	 *
+	 * @return string remained data which should be written to the file in case
+	 *                of a write operation
+	 *
+	 * @since 8.1.0
+	 * @since 9.0.0 parameter $position added
+	 */
+	public function end($path, $position);
+
+	/**
+	 * encrypt data
+	 *
+	 * @param string $data you want to encrypt
+	 * @param string $position position of the block we want to encrypt (starts with '0')
+	 *
+	 * @return mixed encrypted data
+	 *
+	 * @since 8.1.0
+	 * @since 9.0.0 parameter $position added
+	 */
+	public function encrypt($data, $position);
+
+	/**
+	 * decrypt data
+	 *
+	 * @param string $data you want to decrypt
+	 * @param string $position position of the block we want to decrypt
+	 *
+	 * @return mixed decrypted data
+	 *
+	 * @since 8.1.0
+	 * @since 9.0.0 parameter $position added
+	 */
+	public function decrypt($data, $position);
+
+	/**
+	 * update encrypted file, e.g. give additional users access to the file
+	 *
+	 * @param string $path path to the file which should be updated
+	 * @param string $uid of the user who performs the operation
+	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
+	 * @return boolean
+	 * @since 8.1.0
+	 */
+	public function update($path, $uid, array $accessList);
+
+	/**
+	 * should the file be encrypted or not
+	 *
+	 * @param string $path
+	 * @return boolean
+	 * @since 8.1.0
+	 */
+	public function shouldEncrypt($path);
+
+	/**
+	 * get size of the unencrypted payload per block.
+	 * ownCloud read/write files with a block size of 8192 byte
+	 *
+	 * @param bool $signed
+	 * @return int
+	 * @since 8.1.0 optional parameter $signed was added in 9.0.0
+	 */
+	public function getUnencryptedBlockSize($signed = false);
+
+	/**
+	 * check if the encryption module is able to read the file,
+	 * e.g. if all encryption keys exists
+	 *
+	 * @param string $path
+	 * @param string $uid user for whom we want to check if he can read the file
+	 * @return boolean
+	 * @since 8.1.0
+	 */
+	public function isReadable($path, $uid);
+
+	/**
+	 * Initial encryption of all files
+	 *
+	 * @param InputInterface $input
+	 * @param OutputInterface $output write some status information to the terminal during encryption
+	 * @since 8.2.0
+	 */
+	public function encryptAll(InputInterface $input, OutputInterface $output);
+
+	/**
+	 * prepare encryption module to decrypt all files
+	 *
+	 * @param InputInterface $input
+	 * @param OutputInterface $output write some status information to the terminal during encryption
+	 * @param $user (optional) for which the files should be decrypted, default = all users
+	 * @return bool return false on failure or if it isn't supported by the module
+	 * @since 8.2.0
+	 */
+	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '');
+
+	/**
+	 * Check if the module is ready to be used by that specific user.
+	 * In case a module is not ready - because e.g. key pairs have not been generated
+	 * upon login this method can return false before any operation starts and might
+	 * cause issues during operations.
+	 *
+	 * @param string $user
+	 * @return boolean
+	 * @since 9.1.0
+	 */
+	public function isReadyForUser($user);
+
+}
diff --git a/lib/public/Encryption/IFile.php b/lib/public/Encryption/IFile.php
new file mode 100644
index 00000000000..9933cb0164e
--- /dev/null
+++ b/lib/public/Encryption/IFile.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCP\Encryption;
+
+/**
+ * Interface IFile
+ *
+ * @package OCP\Encryption
+ * @since 8.1.0
+ */
+interface IFile {
+
+	/**
+	 * get list of users with access to the file
+	 *
+	 * @param string $path to the file
+	 * @return array
+	 * @since 8.1.0
+	 */
+	public function getAccessList($path);
+
+}
diff --git a/lib/public/Encryption/IManager.php b/lib/public/Encryption/IManager.php
new file mode 100644
index 00000000000..b07de0cbb4f
--- /dev/null
+++ b/lib/public/Encryption/IManager.php
@@ -0,0 +1,99 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCP\Encryption;
+
+use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
+use OC\Encryption\Exceptions\ModuleAlreadyExistsException;
+
+/**
+ * This class provides access to files encryption apps.
+ *
+ * @since 8.1.0
+ */
+interface IManager {
+
+	/**
+	 * Check if encryption is available (at least one encryption module needs to be enabled)
+	 *
+	 * @return bool true if enabled, false if not
+	 * @since 8.1.0
+	 */
+	public function isEnabled();
+
+	/**
+	 * Registers an callback function which must return an encryption module instance
+	 *
+	 * @param string $id
+	 * @param string $displayName
+	 * @param callable $callback
+	 * @throws ModuleAlreadyExistsException
+	 * @since 8.1.0
+	 */
+	public function registerEncryptionModule($id, $displayName, callable $callback);
+
+	/**
+	 * Unregisters an encryption module
+	 *
+	 * @param string $moduleId
+	 * @since 8.1.0
+	 */
+	public function unregisterEncryptionModule($moduleId);
+
+	/**
+	 * get a list of all encryption modules
+	 *
+	 * @return array [id => ['id' => $id, 'displayName' => $displayName, 'callback' => callback]]
+	 * @since 8.1.0
+	 */
+	public function getEncryptionModules();
+
+
+	/**
+	 * get a specific encryption module
+	 *
+	 * @param string $moduleId Empty to get the default module
+	 * @return IEncryptionModule
+	 * @throws ModuleDoesNotExistsException
+	 * @since 8.1.0
+	 */
+	public function getEncryptionModule($moduleId = '');
+
+	/**
+	 * get default encryption module Id
+	 *
+	 * @return string
+	 * @since 8.1.0
+	 */
+	public function getDefaultEncryptionModuleId();
+
+	/**
+	 * set default encryption module Id
+	 *
+	 * @param string $moduleId
+	 * @return string
+	 * @since 8.1.0
+	 */
+	public function setDefaultEncryptionModule($moduleId);
+
+}
diff --git a/lib/public/Encryption/Keys/IStorage.php b/lib/public/Encryption/Keys/IStorage.php
new file mode 100644
index 00000000000..cfac4ba58f7
--- /dev/null
+++ b/lib/public/Encryption/Keys/IStorage.php
@@ -0,0 +1,172 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ * @author Morris Jobke <hey@morrisjobke.de>
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCP\Encryption\Keys;
+
+/**
+ * Interface IStorage
+ *
+ * @package OCP\Encryption\Keys
+ * @since 8.1.0
+ */
+interface IStorage {
+
+	/**
+	 * get user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want the key
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return mixed key
+	 * @since 8.1.0
+	 */
+	public function getUserKey($uid, $keyId, $encryptionModuleId);
+
+	/**
+	 * get file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return mixed key
+	 * @since 8.1.0
+	 */
+	public function getFileKey($path, $keyId, $encryptionModuleId);
+
+	/**
+	 * get system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return mixed key
+	 * @since 8.1.0
+	 */
+	public function getSystemUserKey($keyId, $encryptionModuleId);
+
+	/**
+	 * set user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want the key
+	 * @param string $keyId id of the key
+	 * @param mixed $key
+	 * @param string $encryptionModuleId
+	 * @since 8.1.0
+	 */
+	public function setUserKey($uid, $keyId, $key, $encryptionModuleId);
+
+	/**
+	 * set file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 * @param mixed $key
+	 * @param string $encryptionModuleId
+	 * @since 8.1.0
+	 */
+	public function setFileKey($path, $keyId, $key, $encryptionModuleId);
+
+	/**
+	 * set system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 * @param mixed $key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return mixed key
+	 * @since 8.1.0
+	 */
+	public function setSystemUserKey($keyId, $key, $encryptionModuleId);
+
+	/**
+	 * delete user specific key
+	 *
+	 * @param string $uid ID if the user for whom we want to delete the key
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return boolean False when the key could not be deleted
+	 * @since 8.1.0
+	 */
+	public function deleteUserKey($uid, $keyId, $encryptionModuleId);
+
+	/**
+	 * delete file specific key
+	 *
+	 * @param string $path path to file
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return boolean False when the key could not be deleted
+	 * @since 8.1.0
+	 */
+	public function deleteFileKey($path, $keyId, $encryptionModuleId);
+
+	/**
+	 * delete all file keys for a given file
+	 *
+	 * @param string $path to the file
+	 *
+	 * @return boolean False when the keys could not be deleted
+	 * @since 8.1.0
+	 */
+	public function deleteAllFileKeys($path);
+
+	/**
+	 * delete system-wide encryption keys not related to a specific user,
+	 * e.g something like a key for public link shares
+	 *
+	 * @param string $keyId id of the key
+	 * @param string $encryptionModuleId
+	 *
+	 * @return boolean False when the key could not be deleted
+	 * @since 8.1.0
+	 */
+	public function deleteSystemUserKey($keyId, $encryptionModuleId);
+
+	/**
+	 * copy keys if a file was renamed
+	 *
+	 * @param string $source
+	 * @param string $target
+	 * @return boolean
+	 * @since 8.1.0
+	 */
+	public function renameKeys($source, $target);
+
+	/**
+	 * move keys if a file was renamed
+	 *
+	 * @param string $source
+	 * @param string $target
+	 * @return boolean
+	 * @since 8.1.0
+	 */
+	public function copyKeys($source, $target);
+
+}