aboutsummaryrefslogtreecommitdiffstats
path: root/apps/files_encryption/lib/proxy.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files_encryption/lib/proxy.php')
-rw-r--r--apps/files_encryption/lib/proxy.php206
1 files changed, 105 insertions, 101 deletions
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index e381ecab5c3..11308612daf 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -34,8 +34,7 @@ namespace OCA\Encryption;
* Class Proxy
* @package OCA\Encryption
*/
-class Proxy extends \OC_FileProxy
-{
+class Proxy extends \OC_FileProxy {
private static $blackList = null; //mimetypes blacklisted from encryption
@@ -48,13 +47,13 @@ class Proxy extends \OC_FileProxy
*
* Tests if server side encryption is enabled, and file is allowed by blacklists
*/
- private static function shouldEncrypt( $path ) {
+ private static function shouldEncrypt($path) {
- if ( is_null( self::$enableEncryption ) ) {
+ if (is_null(self::$enableEncryption)) {
if (
- \OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true'
- && Crypt::mode() == 'server'
+ \OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') === 'true'
+ && Crypt::mode() === 'server'
) {
self::$enableEncryption = true;
@@ -67,27 +66,27 @@ class Proxy extends \OC_FileProxy
}
- if ( !self::$enableEncryption ) {
+ if (!self::$enableEncryption) {
return false;
}
- if ( is_null( self::$blackList ) ) {
+ if (is_null(self::$blackList)) {
- self::$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) );
+ self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', ''));
}
- if ( Crypt::isCatfileContent( $path ) ) {
+ if (Crypt::isCatfileContent($path)) {
return true;
}
- $extension = substr( $path, strrpos( $path, '.' ) + 1 );
+ $extension = substr($path, strrpos($path, '.') + 1);
- if ( array_search( $extension, self::$blackList ) === false ) {
+ if (array_search($extension, self::$blackList) === false) {
return true;
@@ -101,34 +100,34 @@ class Proxy extends \OC_FileProxy
* @param $data
* @return bool
*/
- public function preFile_put_contents( $path, &$data ) {
+ public function preFile_put_contents($path, &$data) {
- if ( self::shouldEncrypt( $path ) ) {
+ if (self::shouldEncrypt($path)) {
// Stream put contents should have been converted to fopen
- if ( !is_resource( $data ) ) {
+ if (!is_resource($data)) {
$userId = \OCP\USER::getUser();
- $view = new \OC_FilesystemView( '/' );
- $util = new Util( $view, $userId );
- $session = new \OCA\Encryption\Session( $view );
+ $view = new \OC_FilesystemView('/');
+ $util = new Util($view, $userId);
+ $session = new \OCA\Encryption\Session($view);
$privateKey = $session->getPrivateKey();
- $filePath = $util->stripUserFilesPath( $path );
+ $filePath = $util->stripUserFilesPath($path);
// Set the filesize for userland, before encrypting
- $size = strlen( $data );
+ $size = strlen($data);
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Check if there is an existing key we can reuse
- if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) {
+ if ($encKeyfile = Keymanager::getFileKey($view, $userId, $filePath)) {
// Fetch shareKey
- $shareKey = Keymanager::getShareKey( $view, $userId, $filePath );
+ $shareKey = Keymanager::getShareKey($view, $userId, $filePath);
// Decrypt the keyfile
- $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
+ $plainKey = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
} else {
@@ -138,37 +137,41 @@ class Proxy extends \OC_FileProxy
}
// Encrypt data
- $encData = Crypt::symmetricEncryptFileContent( $data, $plainKey );
+ $encData = Crypt::symmetricEncryptFileContent($data, $plainKey);
$sharingEnabled = \OCP\Share::isEnabled();
// if file exists try to get sharing users
- if ( $view->file_exists( $path ) ) {
- $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId );
+ if ($view->file_exists($path)) {
+ $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $filePath, $userId);
} else {
$uniqueUserIds[] = $userId;
}
// Fetch public keys for all users who will share the file
- $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds );
+ $publicKeys = Keymanager::getPublicKeys($view, $uniqueUserIds);
// Encrypt plain keyfile to multiple sharefiles
- $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys );
+ $multiEncrypted = Crypt::multiKeyEncrypt($plainKey, $publicKeys);
// Save sharekeys to user folders
- Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] );
+ Keymanager::setShareKeys($view, $filePath, $multiEncrypted['keys']);
// Set encrypted keyfile as common varname
$encKey = $multiEncrypted['data'];
// Save keyfile for newly encrypted file in parallel directory tree
- Keymanager::setFileKey( $view, $filePath, $userId, $encKey );
+ Keymanager::setFileKey($view, $filePath, $userId, $encKey);
// Replace plain content with encrypted content by reference
$data = $encData;
// Update the file cache with file info
- \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted' => true, 'size' => strlen( $data ), 'unencrypted_size' => $size ), '' );
+ \OC\Files\Filesystem::putFileInfo($filePath, array(
+ 'encrypted' => true,
+ 'size' => strlen($data),
+ 'unencrypted_size' => $size
+ ), '');
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
@@ -184,51 +187,51 @@ class Proxy extends \OC_FileProxy
* @param string $path Path of file from which has been read
* @param string $data Data that has been read from file
*/
- public function postFile_get_contents( $path, $data ) {
+ public function postFile_get_contents($path, $data) {
$userId = \OCP\USER::getUser();
- $view = new \OC_FilesystemView( '/' );
- $util = new Util( $view, $userId );
+ $view = new \OC_FilesystemView('/');
+ $util = new Util($view, $userId);
- $relPath = $util->stripUserFilesPath( $path );
+ $relPath = $util->stripUserFilesPath($path);
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// init session
- $session = new \OCA\Encryption\Session( $view );
+ $session = new \OCA\Encryption\Session($view);
// If data is a catfile
if (
- Crypt::mode() == 'server'
- && Crypt::isCatfileContent( $data )
+ Crypt::mode() === 'server'
+ && Crypt::isCatfileContent($data)
) {
- $privateKey = $session->getPrivateKey( $userId );
+ $privateKey = $session->getPrivateKey($userId);
// Get the encrypted keyfile
- $encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath );
+ $encKeyfile = Keymanager::getFileKey($view, $userId, $relPath);
// Attempt to fetch the user's shareKey
- $shareKey = Keymanager::getShareKey( $view, $userId, $relPath );
+ $shareKey = Keymanager::getShareKey($view, $userId, $relPath);
// Decrypt keyfile with shareKey
- $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey );
+ $plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
- $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile );
+ $plainData = Crypt::symmetricDecryptFileContent($data, $plainKeyfile);
} elseif (
Crypt::mode() == 'server'
- &&\OC::$session->exists('legacyenckey')
- && Crypt::isEncryptedMeta( $path )
+ && \OC::$session->exists('legacyenckey')
+ && Crypt::isEncryptedMeta($path)
) {
- $plainData = Crypt::legacyBlockDecrypt( $data, $session->getLegacyKey() );
+ $plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey());
}
\OC_FileProxy::$enabled = $proxyStatus;
- if ( !isset( $plainData ) ) {
+ if (!isset($plainData)) {
$plainData = $data;
@@ -241,10 +244,10 @@ class Proxy extends \OC_FileProxy
/**
* @brief When a file is deleted, remove its keyfile also
*/
- public function preUnlink( $path ) {
+ public function preUnlink($path) {
// let the trashbin handle this
- if ( \OCP\App::isEnabled( 'files_trashbin' ) ) {
+ if (\OCP\App::isEnabled('files_trashbin')) {
return true;
}
@@ -252,23 +255,24 @@ class Proxy extends \OC_FileProxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $view = new \OC_FilesystemView( '/' );
+ $view = new \OC_FilesystemView('/');
$userId = \OCP\USER::getUser();
- $util = new Util( $view, $userId );
+ $util = new Util($view, $userId);
// Format path to be relative to user files dir
- $relPath = $util->stripUserFilesPath( $path );
+ $relPath = $util->stripUserFilesPath($path);
- list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath );
+ list($owner, $ownerPath) = $util->getUidAndFilename($relPath);
// Delete keyfile & shareKey so it isn't orphaned
- if ( !Keymanager::deleteFileKey( $view, $owner, $ownerPath ) ) {
- \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR );
+ if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) {
+ \OCP\Util::writeLog('Encryption library',
+ 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OCP\Util::ERROR);
}
- Keymanager::delAllShareKeys( $view, $owner, $ownerPath );
+ Keymanager::delAllShareKeys($view, $owner, $ownerPath);
\OC_FileProxy::$enabled = $proxyStatus;
@@ -282,8 +286,8 @@ class Proxy extends \OC_FileProxy
* @param $path
* @return bool
*/
- public function postTouch( $path ) {
- $this->handleFile( $path );
+ public function postTouch($path) {
+ $this->handleFile($path);
return true;
}
@@ -293,20 +297,20 @@ class Proxy extends \OC_FileProxy
* @param $result
* @return resource
*/
- public function postFopen( $path, &$result ) {
+ public function postFopen($path, &$result) {
- if ( !$result ) {
+ if (!$result) {
return $result;
}
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted
- if ( count($path_split) >= 2 && $path_split[2] == 'cache' ) {
+ if (isset($path_split) && $path_split[2] === 'cache') {
return $result;
}
@@ -314,31 +318,31 @@ class Proxy extends \OC_FileProxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $meta = stream_get_meta_data( $result );
+ $meta = stream_get_meta_data($result);
- $view = new \OC_FilesystemView( '' );
+ $view = new \OC_FilesystemView('');
- $util = new Util( $view, \OCP\USER::getUser() );
+ $util = new Util($view, \OCP\USER::getUser());
// If file is already encrypted, decrypt using crypto protocol
if (
- Crypt::mode() == 'server'
- && $util->isEncryptedPath( $path )
+ Crypt::mode() === 'server'
+ && $util->isEncryptedPath($path)
) {
// Close the original encrypted file
- fclose( $result );
+ fclose($result);
// Open the file using the crypto stream wrapper
// protocol and let it do the decryption work instead
- $result = fopen( 'crypt://' . $path_f, $meta['mode'] );
+ $result = fopen('crypt://' . $path_f, $meta['mode']);
} elseif (
- self::shouldEncrypt( $path )
- and $meta ['mode'] != 'r'
- and $meta['mode'] != 'rb'
+ self::shouldEncrypt($path)
+ and $meta ['mode'] !== 'r'
+ and $meta['mode'] !== 'rb'
) {
- $result = fopen( 'crypt://' . $path_f, $meta['mode'] );
+ $result = fopen('crypt://' . $path_f, $meta['mode']);
}
// Re-enable the proxy
@@ -353,17 +357,17 @@ class Proxy extends \OC_FileProxy
* @param $data
* @return array
*/
- public function postGetFileInfo( $path, $data ) {
+ public function postGetFileInfo($path, $data) {
// if path is a folder do nothing
- if ( is_array( $data ) && array_key_exists( 'size', $data ) ) {
+ if (is_array($data) && array_key_exists('size', $data)) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get file size
- $data['size'] = self::postFileSize( $path, $data['size'] );
+ $data['size'] = self::postFileSize($path, $data['size']);
// Re-enable the proxy
\OC_FileProxy::$enabled = $proxyStatus;
@@ -377,51 +381,51 @@ class Proxy extends \OC_FileProxy
* @param $size
* @return bool
*/
- public function postFileSize( $path, $size ) {
+ public function postFileSize($path, $size) {
- $view = new \OC_FilesystemView( '/' );
+ $view = new \OC_FilesystemView('/');
// if path is a folder do nothing
- if ( $view->is_dir( $path ) ) {
+ if ($view->is_dir($path)) {
return $size;
}
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// if path is empty we cannot resolve anything
- if ( empty( $path_f ) ) {
+ if (empty($path_f)) {
return $size;
}
$fileInfo = false;
// get file info from database/cache if not .part file
- if ( !Keymanager::isPartialFilePath( $path ) ) {
- $fileInfo = $view->getFileInfo( $path );
+ if (!Keymanager::isPartialFilePath($path)) {
+ $fileInfo = $view->getFileInfo($path);
}
// if file is encrypted return real file size
- if ( is_array( $fileInfo ) && $fileInfo['encrypted'] === true ) {
+ if (is_array($fileInfo) && $fileInfo['encrypted'] === true) {
$size = $fileInfo['unencrypted_size'];
} else {
// self healing if file was removed from file cache
- if ( !is_array( $fileInfo ) ) {
+ if (!is_array($fileInfo)) {
$fileInfo = array();
}
$userId = \OCP\User::getUser();
- $util = new Util( $view, $userId );
- $fixSize = $util->getFileSize( $path );
- if ( $fixSize > 0 ) {
+ $util = new Util($view, $userId);
+ $fixSize = $util->getFileSize($path);
+ if ($fixSize > 0) {
$size = $fixSize;
$fileInfo['encrypted'] = true;
$fileInfo['unencrypted_size'] = $size;
// put file info if not .part file
- if ( !Keymanager::isPartialFilePath( $path_f ) ) {
- $view->putFileInfo( $path, $fileInfo );
+ if (!Keymanager::isPartialFilePath($path_f)) {
+ $view->putFileInfo($path, $fileInfo);
}
}
@@ -432,32 +436,32 @@ class Proxy extends \OC_FileProxy
/**
* @param $path
*/
- public function handleFile( $path ) {
+ public function handleFile($path) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
- $view = new \OC_FilesystemView( '/' );
- $session = new \OCA\Encryption\Session( $view );
+ $view = new \OC_FilesystemView('/');
+ $session = new \OCA\Encryption\Session($view);
$userId = \OCP\User::getUser();
- $util = new Util( $view, $userId );
+ $util = new Util($view, $userId);
// Reformat path for use with OC_FSV
- $path_split = explode( '/', $path );
- $path_f = implode( '/', array_slice( $path_split, 3 ) );
+ $path_split = explode('/', $path);
+ $path_f = implode('/', array_slice($path_split, 3));
// only if file is on 'files' folder fix file size and sharing
- if ( count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize( $path ) ) {
+ if (isset($path_split) && $path_split[2] === 'files' && $util->fixFileSize($path)) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
- $usersSharing = $util->getSharingUsersArray( $sharingEnabled, $path_f );
+ $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path_f);
// update sharing-keys
- $util->setSharedFileKeyfiles( $session, $usersSharing, $path_f );
+ $util->setSharedFileKeyfiles($session, $usersSharing, $path_f);
}
\OC_FileProxy::$enabled = $proxyStatus;
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 03:15:46 +0000