diff options
Diffstat (limited to 'apps/files_encryption/lib/keymanager.php')
-rwxr-xr-x | apps/files_encryption/lib/keymanager.php | 227 |
1 files changed, 118 insertions, 109 deletions
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index aaa2e4ba1b5..49e76b2dc88 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -27,8 +27,7 @@ namespace OCA\Encryption; * @brief Class to manage storage and retrieval of encryption keys * @note Where a method requires a view object, it's root must be '/' */ -class Keymanager -{ +class Keymanager { /** * @brief retrieve the ENCRYPTED private key from a user @@ -38,14 +37,14 @@ class Keymanager * @return string private key or false (hopefully) * @note the key returned by this method must be decrypted before use */ - public static function getPrivateKey( \OC_FilesystemView $view, $user ) { + public static function getPrivateKey(\OC_FilesystemView $view, $user) { $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $key = $view->file_get_contents( $path ); + $key = $view->file_get_contents($path); \OC_FileProxy::$enabled = $proxyStatus; @@ -58,12 +57,12 @@ class Keymanager * @param $userId * @return string public key or false */ - public static function getPublicKey( \OC_FilesystemView $view, $userId ) { + public static function getPublicKey(\OC_FilesystemView $view, $userId) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' ); + $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key'); \OC_FileProxy::$enabled = $proxyStatus; @@ -77,11 +76,12 @@ class Keymanager * @param $userId * @return array keys: privateKey, publicKey */ - public static function getUserKeys( \OC_FilesystemView $view, $userId ) { + public static function getUserKeys(\OC_FilesystemView $view, $userId) { return array( - 'publicKey' => self::getPublicKey( $view, $userId ) - , 'privateKey' => self::getPrivateKey( $view, $userId ) + 'publicKey' => self::getPublicKey($view, $userId) + , + 'privateKey' => self::getPrivateKey($view, $userId) ); } @@ -92,13 +92,13 @@ class Keymanager * @param array $userIds * @return array of public keys for the specified users */ - public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) { + public static function getPublicKeys(\OC_FilesystemView $view, array $userIds) { $keys = array(); - foreach ( $userIds as $userId ) { + foreach ($userIds as $userId) { - $keys[$userId] = self::getPublicKey( $view, $userId ); + $keys[$userId] = self::getPublicKey($view, $userId); } @@ -118,40 +118,41 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { + public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + $util = new Util($view, \OCP\User::getUser()); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/keyfiles'; - $targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); + $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner); - if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) { + if (!$view->is_dir($basePath . '/' . $targetPath)) { // create all parent folders - $info = pathinfo( $basePath . '/' . $targetPath ); - $keyfileFolderName = $view->getLocalFolder( $info['dirname'] ); + $info = pathinfo($basePath . '/' . $targetPath); + $keyfileFolderName = $view->getLocalFolder($info['dirname']); - if ( !file_exists( $keyfileFolderName ) ) { + if (!file_exists($keyfileFolderName)) { - mkdir( $keyfileFolderName, 0750, true ); + mkdir($keyfileFolderName, 0750, true); } } // try reusing key file if part file - if ( self::isPartialFilePath( $targetPath ) ) { + if (self::isPartialFilePath($targetPath)) { - $result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile ); + $result = $view->file_put_contents( + $basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile); } else { - $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); + $result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile); } @@ -167,12 +168,12 @@ class Keymanager * @return string File path without .part extension * @note this is needed for reusing keys */ - public static function fixPartialFilePath( $path ) { + public static function fixPartialFilePath($path) { - if ( preg_match( '/\.part$/', $path ) ) { + if (preg_match('/\.part$/', $path)) { - $newLength = strlen( $path ) - 5; - $fPath = substr( $path, 0, $newLength ); + $newLength = strlen($path) - 5; + $fPath = substr($path, 0, $newLength); return $fPath; @@ -189,9 +190,9 @@ class Keymanager * @param string $path Path that may identify a .part file * @return bool */ - public static function isPartialFilePath( $path ) { + public static function isPartialFilePath($path) { - if ( preg_match( '/\.part$/', $path ) ) { + if (preg_match('/\.part$/', $path)) { return true; @@ -213,14 +214,14 @@ class Keymanager * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) { // try reusing key file if part file - if ( self::isPartialFilePath( $filePath ) ) { + if (self::isPartialFilePath($filePath)) { - $result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); + $result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath)); - if ( $result ) { + if ($result) { return $result; @@ -228,19 +229,19 @@ class Keymanager } - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); - $filePath_f = ltrim( $filename, '/' ); + list($owner, $filename) = $util->getUidAndFilename($filePath); + $filePath_f = ltrim($filename, '/'); $keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if ( $view->file_exists( $keyfilePath ) ) { + if ($view->file_exists($keyfilePath)) { - $result = $view->file_get_contents( $keyfilePath ); + $result = $view->file_get_contents($keyfilePath); } else { @@ -264,26 +265,29 @@ class Keymanager * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT * /data/admin/files/mydoc.txt */ - public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { + public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) { - $trimmed = ltrim( $path, '/' ); + $trimmed = ltrim($path, '/'); $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed; $result = false; - if ( $view->is_dir( $keyPath ) ) { + if ($view->is_dir($keyPath)) { - $result = $view->unlink( $keyPath ); + $result = $view->unlink($keyPath); - } else if ( $view->file_exists( $keyPath . '.key' ) ) { + } else { + if ($view->file_exists($keyPath . '.key')) { - $result = $view->unlink( $keyPath . '.key' ); + $result = $view->unlink($keyPath . '.key'); + } } - if ( !$result ) { + if (!$result) { - \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR ); + \OC_Log::write('Encryption library', + 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR); } @@ -298,19 +302,19 @@ class Keymanager * @note Encryption of the private key must be performed by client code * as no encryption takes place here */ - public static function setPrivateKey( $key ) { + public static function setPrivateKey($key) { $user = \OCP\User::getUser(); - $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); + $view = new \OC_FilesystemView('/' . $user . '/files_encryption'); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if ( !$view->file_exists( '' ) ) - $view->mkdir( '' ); + if (!$view->file_exists('')) + $view->mkdir(''); - $result = $view->file_put_contents( $user . '.private.key', $key ); + $result = $view->file_put_contents($user . '.private.key', $key); \OC_FileProxy::$enabled = $proxyStatus; @@ -331,21 +335,21 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { + public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) { // Here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/share-keys'; - $shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); + $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner); // try reusing key file if part file - if ( self::isPartialFilePath( $shareKeyPath ) ) { + if (self::isPartialFilePath($shareKeyPath)) { - $writePath = $basePath . '/' . self::fixPartialFilePath( $shareKeyPath ) . '.' . $userId . '.shareKey'; + $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey'; } else { @@ -356,12 +360,12 @@ class Keymanager $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_put_contents( $writePath, $shareKey ); + $result = $view->file_put_contents($writePath, $shareKey); \OC_FileProxy::$enabled = $proxyStatus; if ( - is_int( $result ) + is_int($result) && $result > 0 ) { @@ -382,16 +386,16 @@ class Keymanager * @param array $shareKeys * @return bool */ - public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) { + public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] $result = true; - foreach ( $shareKeys as $userId => $shareKey ) { + foreach ($shareKeys as $userId => $shareKey) { - if ( !self::setShareKey( $view, $path, $userId, $shareKey ) ) { + if (!self::setShareKey($view, $path, $userId, $shareKey)) { // If any of the keys are not set, flag false $result = false; @@ -415,14 +419,14 @@ class Keymanager * @note The sharekey returned is encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) { // try reusing key file if part file - if ( self::isPartialFilePath( $filePath ) ) { + if (self::isPartialFilePath($filePath)) { - $result = self::getShareKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); + $result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath)); - if ( $result ) { + if ($result) { return $result; @@ -434,14 +438,15 @@ class Keymanager \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); - $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey' ); + list($owner, $filename) = $util->getUidAndFilename($filePath); + $shareKeyPath = \OC\Files\Filesystem::normalizePath( + '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey'); - if ( $view->file_exists( $shareKeyPath ) ) { + if ($view->file_exists($shareKeyPath)) { - $result = $view->file_get_contents( $shareKeyPath ); + $result = $view->file_get_contents($shareKeyPath); } else { @@ -461,17 +466,18 @@ class Keymanager * @param string $userId owner of the file * @param string $filePath path to the file, relative to the owners file dir */ - public static function delAllShareKeys( \OC_FilesystemView $view, $userId, $filePath ) { + public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) { - if ( $view->is_dir( $userId . '/files/' . $filePath ) ) { - $view->unlink( $userId . '/files_encryption/share-keys/' . $filePath ); + if ($view->is_dir($userId . '/files/' . $filePath)) { + $view->unlink($userId . '/files_encryption/share-keys/' . $filePath); } else { - $localKeyPath = $view->getLocalFile( $userId . '/files_encryption/share-keys/' . $filePath ); - $matches = glob( preg_quote( $localKeyPath ) . '*.shareKey' ); - foreach ( $matches as $ma ) { - $result = unlink( $ma ); - if ( !$result ) { - \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR ); + $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath); + $matches = glob(preg_quote($localKeyPath) . '*.shareKey'); + foreach ($matches as $ma) { + $result = unlink($ma); + if (!$result) { + \OC_Log::write('Encryption library', + 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR); } } } @@ -480,29 +486,31 @@ class Keymanager /** * @brief Delete a single user's shareKey for a single file */ - public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) { + public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); + list($owner, $filename) = $util->getUidAndFilename($filePath); - $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename ); + $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename); - if ( $view->is_dir( $shareKeyPath ) ) { + if ($view->is_dir($shareKeyPath)) { - $localPath = \OC\Files\Filesystem::normalizePath( $view->getLocalFolder( $shareKeyPath ) ); - self::recursiveDelShareKeys( $localPath, $userIds ); + $localPath = \OC\Files\Filesystem::normalizePath($view->getLocalFolder($shareKeyPath)); + self::recursiveDelShareKeys($localPath, $userIds); } else { - foreach ( $userIds as $userId ) { + foreach ($userIds as $userId) { - if ( !$view->unlink( $shareKeyPath . '.' . $userId . '.shareKey' ) ) { - \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR ); + if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) { + \OC_Log::write('Encryption library', + 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId + . '.shareKey"', \OC_Log::ERROR); } } @@ -517,42 +525,43 @@ class Keymanager * @param string $dir directory * @param array $userIds user ids for which the share keys should be deleted */ - private static function recursiveDelShareKeys( $dir, $userIds ) { - foreach ( $userIds as $userId ) { - $matches = glob( preg_quote( $dir ) . '/*' . preg_quote( '.' . $userId . '.shareKey' ) ); + private static function recursiveDelShareKeys($dir, $userIds) { + foreach ($userIds as $userId) { + $matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey')); } /** @var $matches array */ - foreach ( $matches as $ma ) { - if ( !unlink( $ma ) ) { - \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR ); + foreach ($matches as $ma) { + if (!unlink($ma)) { + \OC_Log::write('Encryption library', + 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR); } } - $subdirs = $directories = glob( preg_quote( $dir ) . '/*', GLOB_ONLYDIR ); - foreach ( $subdirs as $subdir ) { - self::recursiveDelShareKeys( $subdir, $userIds ); + $subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR); + foreach ($subdirs as $subdir) { + self::recursiveDelShareKeys($subdir, $userIds); } } /** * @brief Make preparations to vars and filesystem for saving a keyfile */ - public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { + public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) { - $targetPath = ltrim( $path, '/' ); + $targetPath = ltrim($path, '/'); - $path_parts = pathinfo( $targetPath ); + $path_parts = pathinfo($targetPath); // If the file resides within a subdirectory, create it if ( - isset( $path_parts['dirname'] ) - && !$view->file_exists( $basePath . '/' . $path_parts['dirname'] ) + isset($path_parts['dirname']) + && !$view->file_exists($basePath . '/' . $path_parts['dirname']) ) { - $sub_dirs = explode( DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname'] ); + $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']); $dir = ''; - foreach ( $sub_dirs as $sub_dir ) { + foreach ($sub_dirs as $sub_dir) { $dir .= '/' . $sub_dir; - if ( !$view->is_dir( $dir ) ) { - $view->mkdir( $dir ); + if (!$view->is_dir($dir)) { + $view->mkdir($dir); } } } |