aboutsummaryrefslogtreecommitdiffstats
path: root/apps/encryption/lib/Command/FixKeyLocation.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/encryption/lib/Command/FixKeyLocation.php')
-rw-r--r--apps/encryption/lib/Command/FixKeyLocation.php111
1 files changed, 32 insertions, 79 deletions
diff --git a/apps/encryption/lib/Command/FixKeyLocation.php b/apps/encryption/lib/Command/FixKeyLocation.php
index 5001da4bb92..da529a4be2f 100644
--- a/apps/encryption/lib/Command/FixKeyLocation.php
+++ b/apps/encryption/lib/Command/FixKeyLocation.php
@@ -2,23 +2,8 @@
declare(strict_types=1);
/**
- * @copyright Copyright (c) 2022 Robin Appelman <robin@icewind.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Encryption\Command;
@@ -43,29 +28,21 @@ use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
class FixKeyLocation extends Command {
- private IUserManager $userManager;
- private IUserMountCache $userMountCache;
- private Util $encryptionUtil;
- private IRootFolder $rootFolder;
private string $keyRootDirectory;
private View $rootView;
private Manager $encryptionManager;
public function __construct(
- IUserManager $userManager,
- IUserMountCache $userMountCache,
- Util $encryptionUtil,
- IRootFolder $rootFolder,
- IManager $encryptionManager
+ private IUserManager $userManager,
+ private IUserMountCache $userMountCache,
+ private Util $encryptionUtil,
+ private IRootFolder $rootFolder,
+ IManager $encryptionManager,
) {
- $this->userManager = $userManager;
- $this->userMountCache = $userMountCache;
- $this->encryptionUtil = $encryptionUtil;
- $this->rootFolder = $rootFolder;
$this->keyRootDirectory = rtrim($this->encryptionUtil->getKeyStorageRoot(), '/');
$this->rootView = new View();
if (!$encryptionManager instanceof Manager) {
- throw new \Exception("Wrong encryption manager");
+ throw new \Exception('Wrong encryption manager');
}
$this->encryptionManager = $encryptionManager;
@@ -80,7 +57,7 @@ class FixKeyLocation extends Command {
->setName('encryption:fix-key-location')
->setDescription('Fix the location of encryption keys for external storage')
->addOption('dry-run', null, InputOption::VALUE_NONE, "Only list files that require key migration, don't try to perform any migration")
- ->addArgument('user', InputArgument::REQUIRED, "User id to fix the key locations for");
+ ->addArgument('user', InputArgument::REQUIRED, 'User id to fix the key locations for');
}
protected function execute(InputInterface $input, OutputInterface $output): int {
@@ -89,7 +66,7 @@ class FixKeyLocation extends Command {
$user = $this->userManager->get($userId);
if (!$user) {
$output->writeln("<error>User $userId not found</error>");
- return 1;
+ return self::FAILURE;
}
\OC_Util::setupFS($user->getUID());
@@ -98,7 +75,7 @@ class FixKeyLocation extends Command {
foreach ($mounts as $mount) {
$mountRootFolder = $this->rootFolder->get($mount->getMountPoint());
if (!$mountRootFolder instanceof Folder) {
- $output->writeln("<error>System wide mount point is not a directory, skipping: " . $mount->getMountPoint() . "</error>");
+ $output->writeln('<error>System wide mount point is not a directory, skipping: ' . $mount->getMountPoint() . '</error>');
continue;
}
@@ -112,14 +89,14 @@ class FixKeyLocation extends Command {
// key was stored incorrectly as user key, migrate
if ($dryRun) {
- $output->writeln("<info>" . $file->getPath() . "</info> needs migration");
+ $output->writeln('<info>' . $file->getPath() . '</info> needs migration');
} else {
- $output->write("Migrating key for <info>" . $file->getPath() . "</info> ");
+ $output->write('Migrating key for <info>' . $file->getPath() . '</info> ');
if ($this->copyUserKeyToSystemAndValidate($user, $file)) {
- $output->writeln("<info>✓</info>");
+ $output->writeln('<info>✓</info>');
} else {
- $output->writeln("<fg=red>❌</>");
- $output->writeln(" Failed to validate key for <error>" . $file->getPath() . "</error>, key will not be migrated");
+ $output->writeln('<fg=red>❌</>');
+ $output->writeln(' Failed to validate key for <error>' . $file->getPath() . '</error>, key will not be migrated');
}
}
} else {
@@ -130,42 +107,42 @@ class FixKeyLocation extends Command {
if ($isActuallyEncrypted) {
if ($dryRun) {
if ($shouldBeEncrypted) {
- $output->write("<info>" . $file->getPath() . "</info> needs migration");
+ $output->write('<info>' . $file->getPath() . '</info> needs migration');
} else {
- $output->write("<info>" . $file->getPath() . "</info> needs decryption");
+ $output->write('<info>' . $file->getPath() . '</info> needs decryption');
}
$foundKey = $this->findUserKeyForSystemFile($user, $file);
if ($foundKey) {
- $output->writeln(", valid key found at <info>" . $foundKey . "</info>");
+ $output->writeln(', valid key found at <info>' . $foundKey . '</info>');
} else {
- $output->writeln(" <error>❌ No key found</error>");
+ $output->writeln(' <error>❌ No key found</error>');
}
} else {
if ($shouldBeEncrypted) {
- $output->write("<info>Migrating key for " . $file->getPath() . "</info>");
+ $output->write('<info>Migrating key for ' . $file->getPath() . '</info>');
} else {
- $output->write("<info>Decrypting " . $file->getPath() . "</info>");
+ $output->write('<info>Decrypting ' . $file->getPath() . '</info>');
}
$foundKey = $this->findUserKeyForSystemFile($user, $file);
if ($foundKey) {
if ($shouldBeEncrypted) {
$systemKeyPath = $this->getSystemKeyPath($file);
$this->rootView->copy($foundKey, $systemKeyPath);
- $output->writeln(" Migrated key from <info>" . $foundKey . "</info>");
+ $output->writeln(' Migrated key from <info>' . $foundKey . '</info>');
} else {
$this->decryptWithSystemKey($file, $foundKey);
- $output->writeln(" Decrypted with key from <info>" . $foundKey . "</info>");
+ $output->writeln(' Decrypted with key from <info>' . $foundKey . '</info>');
}
} else {
- $output->writeln(" <error>❌ No key found</error>");
+ $output->writeln(' <error>❌ No key found</error>');
}
}
} else {
if ($dryRun) {
- $output->writeln("<info>" . $file->getPath() . " needs to be marked as not encrypted</info>");
+ $output->writeln('<info>' . $file->getPath() . ' needs to be marked as not encrypted</info>');
} else {
$this->markAsUnEncrypted($file);
- $output->writeln("<info>" . $file->getPath() . " marked as not encrypted</info>");
+ $output->writeln('<info>' . $file->getPath() . ' marked as not encrypted</info>');
}
}
}
@@ -173,7 +150,7 @@ class FixKeyLocation extends Command {
}
}
- return 0;
+ return self::SUCCESS;
}
private function getUserRelativePath(string $path): string {
@@ -186,7 +163,6 @@ class FixKeyLocation extends Command {
}
/**
- * @param IUser $user
* @return ICachedMountInfo[]
*/
private function getSystemMountsForUser(IUser $user): array {
@@ -201,7 +177,6 @@ class FixKeyLocation extends Command {
/**
* Get all files in a folder which are marked as encrypted
*
- * @param Folder $folder
* @return \Generator<File>
*/
private function getAllEncryptedFiles(Folder $folder) {
@@ -242,10 +217,6 @@ class FixKeyLocation extends Command {
/**
* Check that the user key stored for a file can decrypt the file
- *
- * @param IUser $user
- * @param File $node
- * @return bool
*/
private function copyUserKeyToSystemAndValidate(IUser $user, File $node): bool {
$path = trim(substr($node->getPath(), strlen($user->getUID()) + 1), '/');
@@ -282,7 +253,6 @@ class FixKeyLocation extends Command {
/**
* Get the contents of a file without decrypting it
*
- * @param File $node
* @return resource
*/
private function openWithoutDecryption(File $node, string $mode) {
@@ -303,16 +273,13 @@ class FixKeyLocation extends Command {
}
/** @var resource|false $handle */
if ($handle === false) {
- throw new \Exception("Failed to open " . $node->getPath());
+ throw new \Exception('Failed to open ' . $node->getPath());
}
return $handle;
}
/**
* Check if the data stored for a file is encrypted, regardless of it's metadata
- *
- * @param File $node
- * @return bool
*/
private function isDataEncrypted(File $node): bool {
$handle = $this->openWithoutDecryption($node, 'r');
@@ -325,9 +292,6 @@ class FixKeyLocation extends Command {
/**
* Attempt to find a key (stored for user) for a file (that needs a system key) even when it's not stored in the expected location
- *
- * @param File $node
- * @return string
*/
private function findUserKeyForSystemFile(IUser $user, File $node): ?string {
$userKeyPath = $this->getUserBaseKeyPath($user);
@@ -343,8 +307,6 @@ class FixKeyLocation extends Command {
/**
* Attempt to find a key for a file even when it's not stored in the expected location
*
- * @param string $basePath
- * @param string $name
* @return \Generator<string>
*/
private function findKeysByFileName(string $basePath, string $name) {
@@ -354,7 +316,7 @@ class FixKeyLocation extends Command {
/** @var false|resource $dh */
$dh = $this->rootView->opendir($basePath);
if (!$dh) {
- throw new \Exception("Invalid base path " . $basePath);
+ throw new \Exception('Invalid base path ' . $basePath);
}
while ($child = readdir($dh)) {
if ($child != '..' && $child != '.') {
@@ -371,11 +333,6 @@ class FixKeyLocation extends Command {
/**
* Test if the provided key is valid as a system key for the file
- *
- * @param IUser $user
- * @param string $key
- * @param File $node
- * @return bool
*/
private function testSystemKey(IUser $user, string $key, File $node): bool {
$systemKeyPath = $this->getSystemKeyPath($node);
@@ -393,10 +350,6 @@ class FixKeyLocation extends Command {
/**
* Decrypt a file with the specified system key and mark the key as not-encrypted
- *
- * @param File $node
- * @param string $key
- * @return void
*/
private function decryptWithSystemKey(File $node, string $key): void {
$storage = $node->getStorage();
@@ -413,7 +366,7 @@ class FixKeyLocation extends Command {
/** @var false|resource $source */
$source = $storage->fopen($node->getInternalPath(), 'r');
if (!$source) {
- throw new \Exception("Failed to open " . $node->getPath() . " with " . $key);
+ throw new \Exception('Failed to open ' . $node->getPath() . ' with ' . $key);
}
$decryptedNode = $node->getParent()->newFile($name);
@@ -433,7 +386,7 @@ class FixKeyLocation extends Command {
}
if ($this->isDataEncrypted($decryptedNode)) {
- throw new \Exception($node->getPath() . " still encrypted after attempting to decrypt with " . $key);
+ throw new \Exception($node->getPath() . ' still encrypted after attempting to decrypt with ' . $key);
}
$this->markAsUnEncrypted($decryptedNode);
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 17:01:46 +0000