1 files changed, 365 insertions, 0 deletions
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
new file mode 100755
index 00000000000..706e1c2661e
--- /dev/null
+++ b/apps/files_encryption/lib/keymanager.php
@@ -0,0 +1,365 @@
+<?php
+/***
+ * ownCloud
+ *
+ * @author Bjoern Schiessle
+ * @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Encryption;
+
+/**
+ * @brief Class to manage storage and retrieval of encryption keys
+ * @note Where a method requires a view object, it's root must be '/'
+ */
+class Keymanager {
+	
+	# TODO: make all dependencies (including static classes) explicit, such as ocfsview objects, by adding them as method arguments (dependency injection)
+		
+	/**
+	 * @brief retrieve the ENCRYPTED private key from a user
+	 * 
+	 * @return string private key or false
+	 * @note the key returned by this method must be decrypted before use
+	 */
+	public static function getPrivateKey( \OC_FilesystemView $view, $user ) {
+	
+		$path =  '/' . $user . '/' . 'files_encryption' . '/' . $user.'.private.key';
+		
+		$key = $view->file_get_contents( $path );
+		
+		return $key;
+	}
+
+	/**
+	 * @brief retrieve public key for a specified user
+	 * @return string public key or false
+	 */
+	public static function getPublicKey( \OC_FilesystemView $view, $userId ) {
+		
+		return $view->file_get_contents( '/public-keys/' . '/' . $userId . '.public.key' );
+		
+	}
+	
+	/**
+	 * @brief retrieve both keys from a user (private and public)
+	 * @return array keys: privateKey, publicKey
+	 */
+	public static function getUserKeys( \OC_FilesystemView $view, $userId ) {
+	
+		return array(
+			'publicKey' => self::getPublicKey( $view, $userId )
+			, 'privateKey' => self::getPrivateKey( $view, $userId )
+		);
+	
+	}
+	
+	/**
+	 * @brief Retrieve public keys of all users with access to a file
+	 * @param string $path Path to file
+	 * @return array of public keys for the given file
+	 * @note Checks that the sharing app is enabled should be performed 
+	 * by client code, that isn't checked here
+	 */
+	public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
+		
+		$path = ltrim( $path, '/' );
+		
+		$filepath = '/' . $userId . '/files/' . $filePath;
+		
+		// Check if sharing is enabled
+		if ( OC_App::isEnabled( 'files_sharing' ) ) {
+			
+// 			// Check if file was shared with other users
+// 			$query = \OC_DB::prepare( "
+// 				SELECT 
+// 					uid_owner
+// 					, source
+// 					, target
+// 					, uid_shared_with 
+// 				FROM 
+// 					`*PREFIX*sharing` 
+// 				WHERE 
+// 					( target = ? AND uid_shared_with = ? ) 
+// 					OR source = ? 
+// 			" );
+// 			
+// 			$result = $query->execute( array ( $filepath, $userId, $filepath ) );
+// 
+// 			$users = array();
+// 
+// 			if ( $row = $result->fetchRow() ) 
+// {
+// 				$source = $row['source'];
+// 				$owner = $row['uid_owner'];
+// 				$users[] = $owner;
+// 				// get the uids of all user with access to the file
+// 				$query = \OC_DB::prepare( "SELECT source, uid_shared_with FROM `*PREFIX*sharing` WHERE source = ?" );
+// 				$result = $query->execute( array ($source));
+// 				while ( ($row = $result->fetchRow()) ) {
+// 					$users[] = $row['uid_shared_with'];
+// 
+// 				}
+// 
+// 			}
+		
+		} else {
+		
+			// check if it is a file owned by the user and not shared at all
+			$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
+			
+			if ( $userview->file_exists( $path ) ) {
+			
+				$users[] = $userId;
+				
+			}
+			
+		}
+		
+		$view = new \OC_FilesystemView( '/public-keys/' );
+		
+		$keylist = array();
+		
+		$count = 0;
+		
+		foreach ( $users as $user ) {
+		
+			$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
+			
+		}
+		
+		return $keylist;
+		
+	}
+	
+	/**
+	 * @brief retrieve keyfile for an encrypted file
+	 * @param string file name
+	 * @return string file key or false
+	 * @note The keyfile returned is asymmetrically encrypted. Decryption
+	 * of the keyfile must be performed by client code
+	 */
+	public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) {
+		
+		$filePath_f = ltrim( $filePath, '/' );
+
+// 		// update $keypath and $userId if path point to a file shared by someone else
+// 		$query = \OC_DB::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );
+// 		
+// 		$result = $query->execute( array ('/'.$userId.'/files/'.$keypath, $userId));
+// 		
+// 		if ($row = $result->fetchRow()) {
+// 		
+// 			$keypath = $row['source'];
+// 			$keypath_parts = explode( '/', $keypath );
+// 			$userId = $keypath_parts[1];
+// 			$keypath = str_replace( '/' . $userId . '/files/', '', $keypath );
+// 			
+// 		}
+
+		return $view->file_get_contents( '/' . $userId . '/files_encryption/keyfiles/' . $filePath_f . '.key' );
+		
+	}
+	
+	/**
+	 * @brief retrieve file encryption key
+	 *
+	 * @param string file name
+	 * @return string file key or false
+	 */
+	public static function deleteFileKey( $path, $staticUserClass = 'OCP\User' ) {
+		
+		$keypath = ltrim( $path, '/' );
+		$user = $staticUserClass::getUser();
+
+		// update $keypath and $user if path point to a file shared by someone else
+// 		$query = \OC_DB::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );
+// 		
+// 		$result = $query->execute( array ('/'.$user.'/files/'.$keypath, $user));
+// 		
+// 		if ($row = $result->fetchRow()) {
+// 		
+// 			$keypath = $row['source'];
+// 			$keypath_parts = explode( '/', $keypath );
+// 			$user = $keypath_parts[1];
+// 			$keypath = str_replace( '/' . $user . '/files/', '', $keypath );
+// 			
+// 		}
+		
+		$view = new \OC_FilesystemView('/'.$user.'/files_encryption/keyfiles/');
+		
+		return $view->unlink( $keypath . '.key' );
+		
+	}
+	
+	/**
+	 * @brief store private key from the user
+	 * @param string key
+	 * @return bool
+	 * @note Encryption of the private key must be performed by client code
+	 * as no encryption takes place here
+	 */
+	public static function setPrivateKey( $key ) {
+		
+		$user = \OCP\User::getUser();
+		
+		$view = new \OC_FilesystemView( '/' . $user . '/files_encryption' );
+		
+		\OC_FileProxy::$enabled = false;
+		
+		if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+		
+		return $view->file_put_contents( $user . '.private.key', $key );
+		
+		\OC_FileProxy::$enabled = true;
+		
+	}
+	
+	/**
+	 * @brief store private keys from the user
+	 *
+	 * @param string privatekey
+	 * @param string publickey
+	 * @return bool true/false
+	 */
+	public static function setUserKeys($privatekey, $publickey) {
+	
+		return (self::setPrivateKey($privatekey) && self::setPublicKey($publickey));
+	
+	}
+	
+	/**
+	 * @brief store public key of the user
+	 *
+	 * @param string key
+	 * @return bool true/false
+	 */
+	public static function setPublicKey( $key ) {
+		
+		$view = new \OC_FilesystemView( '/public-keys' );
+		
+		\OC_FileProxy::$enabled = false;
+		
+		if ( !$view->file_exists( '' ) ) $view->mkdir( '' );
+		
+		return $view->file_put_contents( \OCP\User::getUser() . '.public.key', $key );
+		
+		\OC_FileProxy::$enabled = true;
+		
+	}
+	
+	/**
+	 * @brief store file encryption key
+	 *
+	 * @param string $path relative path of the file, including filename
+	 * @param string $key
+	 * @return bool true/false
+	 * @note The keyfile is not encrypted here. Client code must 
+	 * asymmetrically encrypt the keyfile before passing it to this method
+	 */
+	public static function setFileKey( $path, $key, $view = Null, $dbClassName = '\OC_DB') {
+
+		$targetPath = ltrim(  $path, '/'  );
+		$user = \OCP\User::getUser();
+		
+// 		// update $keytarget and $user if key belongs to a file shared by someone else
+// 		$query = $dbClassName::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );
+// 		
+// 		$result = $query->execute(  array ( '/'.$user.'/files/'.$targetPath, $user ) );
+// 		
+// 		if ( $row = $result->fetchRow(  ) ) {
+// 		
+// 			$targetPath = $row['source'];
+// 			
+// 			$targetPath_parts = explode( '/', $targetPath );
+// 			
+// 			$user = $targetPath_parts[1];
+// 
+// 			$rootview = new \OC_FilesystemView( '/' );
+// 			
+// 			if ( ! $rootview->is_writable( $targetPath ) ) {
+// 			
+// 				\OC_Log::write( 'Encryption library', "File Key not updated because you don't have write access for the corresponding file", \OC_Log::ERROR );
+// 				
+// 				return false;
+// 				
+// 			}
+// 			
+// 			$targetPath = str_replace( '/'.$user.'/files/', '', $targetPath );
+// 			
+// 			//TODO: check for write permission on shared file once the new sharing API is in place
+// 			
+// 		}
+		
+		$path_parts = pathinfo( $targetPath );
+		
+		if ( !$view ) {
+		
+			$view = new \OC_FilesystemView( '/' );
+			
+		}
+		
+		$view->chroot( '/' . $user . '/files_encryption/keyfiles' );
+		
+		// If the file resides within a subdirectory, create it
+		if ( 
+		isset( $path_parts['dirname'] )
+		&& ! $view->file_exists( $path_parts['dirname'] ) 
+		) {
+		
+			$view->mkdir( $path_parts['dirname'] );
+			
+		}
+		
+		// Save the keyfile in parallel directory
+		return $view->file_put_contents( '/' . $targetPath . '.key', $key );
+		
+	}
+	
+	/**
+	 * @brief change password of private encryption key
+	 *
+	 * @param string $oldpasswd old password
+	 * @param string $newpasswd new password
+	 * @return bool true/false
+	 */
+	public static function changePasswd($oldpasswd, $newpasswd) {
+		
+		if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
+			return Crypt::changekeypasscode($oldpasswd, $newpasswd);
+		}
+		return false;
+		
+	}
+	
+	/**
+	 * @brief Fetch the legacy encryption key from user files
+	 * @param string $login used to locate the legacy key
+	 * @param string $passphrase used to decrypt the legacy key
+	 * @return true / false
+	 *
+	 * if the key is left out, the default handeler will be used
+	 */
+	public function getLegacyKey() {
+		
+		$user = \OCP\User::getUser();
+		$view = new \OC_FilesystemView( '/' . $user );
+		return $view->file_get_contents( 'encryption.key' );
+		
+	}
+	
+}
+\ No newline at end of file