From e4895bda01f9c94fc33e094ae9466e1cf5502916 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 31 Mar 2015 16:23:31 +0200 Subject: add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files --- lib/private/encryption/update.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib/private/encryption/update.php') diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index 06dc330151e..21cedde6140 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -46,12 +46,16 @@ class Update { /** @var string */ protected $uid; + /** @var \OC\Encryption\File */ + protected $file; + /** * * @param \OC\Files\View $view * @param \OC\Encryption\Util $util * @param \OC\Files\Mount\Manager $mountManager * @param \OC\Encryption\Manager $encryptionManager + * @param \OC\Encryption\File $file * @param string $uid */ public function __construct( @@ -59,6 +63,7 @@ class Update { Util $util, Mount\Manager $mountManager, Manager $encryptionManager, + File $file, $uid ) { @@ -66,6 +71,7 @@ class Update { $this->util = $util; $this->mountManager = $mountManager; $this->encryptionManager = $encryptionManager; + $this->file = $file; $this->uid = $uid; } @@ -103,7 +109,7 @@ class Update { $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); foreach ($allFiles as $path) { - $usersSharing = $this->util->getSharingUsersArray($path); + $usersSharing = $this->file->getAccessList($path); $encryptionModule->update($absPath, $this->uid, $usersSharing); } } -- cgit v1.2.3 From cac83642f2df98497ecedcded1716c28fa676313 Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Wed, 1 Apr 2015 13:59:29 +0200 Subject: Finally fixing encryption with public share --- apps/encryption/lib/keymanager.php | 58 ++++++++++++++++++--------------- lib/private/encryption/update.php | 32 +++++++++--------- lib/private/files/stream/encryption.php | 2 +- 3 files changed, 48 insertions(+), 44 deletions(-) (limited to 'lib/private/encryption/update.php') diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index f96c426a725..f3f96b9ef21 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -23,6 +23,7 @@ namespace OCA\Encryption; use OC\Encryption\Exceptions\DecryptionFailedException; +use OCA\Encryption\Exceptions\FileKeyMissingException; use OCA\Encryption\Exceptions\PrivateKeyMissingException; use OC\Encryption\Exceptions\PublicKeyMissingException; use OCA\Encryption\Crypto\Crypt; @@ -114,6 +115,8 @@ class KeyManager { $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; + $this->log = $log; + $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { @@ -123,34 +126,24 @@ class KeyManager { $this->recoveryKeyId); } - $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); - $this->log = $log; - if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); - $this->config->setAppValue('encryption', - 'publicShareKeyId', - $this->publicShareKeyId); + $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); + } + $shareKey = $this->getPublicShareKey(); + if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey( - $this->publicShareKeyId . '.publicKey', - $keyPair['publicKey']); + $this->publicShareKeyId . '.publicKey', $keyPair['publicKey']); // Encrypt private key empty passphrase - $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], - ''); - if ($encryptedKey) { - $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', - $encryptedKey); - } else { - $this->log->error('Could not create public share keys'); - } - + $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); + $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; @@ -161,7 +154,8 @@ class KeyManager { * @return bool */ public function recoveryKeyExists() { - return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'))); + $key = $this->getRecoveryKey(); + return (!empty($key)); } /** @@ -340,19 +334,25 @@ class KeyManager { * @return string */ public function getFileKey($path, $uid) { - $key = ''; - $encryptedFileKey = $this->keyStorage->getFileKey($path, - $this->fileKeyId); - $shareKey = $this->getShareKey($path, $uid); - $privateKey = $this->session->getPrivateKey(); + $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId); + + if (is_null($uid)) { + $uid = $this->getPublicShareKeyId(); + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey'); + $privateKey = $this->crypt->symmetricDecryptFileContent($privateKey); + } else { + $shareKey = $this->getShareKey($path, $uid); + $privateKey = $this->session->getPrivateKey(); + } if ($encryptedFileKey && $shareKey && $privateKey) { - $key = $this->crypt->multiKeyDecrypt($encryptedFileKey, + return $this->crypt->multiKeyDecrypt($encryptedFileKey, $shareKey, $privateKey); } - return $key; + throw new FileKeyMissingException(); } /** @@ -412,7 +412,7 @@ class KeyManager { } /** - * get public key for public link shares + * get public key for public link shares * * @return string */ @@ -504,7 +504,11 @@ class KeyManager { */ public function addSystemKeys(array $accessList, array $publicKeys) { if (!empty($accessList['public'])) { - $publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey(); + $publicShareKey = $this->getPublicShareKey(); + if (empty($publicShareKey)) { + throw new PublicKeyMissingException(); + } + $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey; } if ($this->recoveryKeyExists() && diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index 21cedde6140..e838e870502 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -93,25 +93,25 @@ class Update { * @param int $fileSource file source id */ private function update($fileSource) { - $path = \OC\Files\Filesystem::getPath($fileSource); - $absPath = '/' . $this->uid . '/files' . $path; + $path = \OC\Files\Filesystem::getPath($fileSource); + $absPath = '/' . $this->uid . '/files' . $path; - $mount = $this->mountManager->find($path); - $mountPoint = $mount->getMountPoint(); + $mount = $this->mountManager->find($path); + $mountPoint = $mount->getMountPoint(); - // if a folder was shared, get a list of all (sub-)folders - if ($this->view->is_dir($absPath)) { - $allFiles = $this->util->getAllFiles($absPath, $mountPoint); - } else { - $allFiles = array($absPath); - } + // if a folder was shared, get a list of all (sub-)folders + if ($this->view->is_dir($absPath)) { + $allFiles = $this->util->getAllFiles($absPath, $mountPoint); + } else { + $allFiles = array($absPath); + } - $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); + $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); - foreach ($allFiles as $path) { - $usersSharing = $this->file->getAccessList($path); - $encryptionModule->update($absPath, $this->uid, $usersSharing); - } + foreach ($allFiles as $path) { + $usersSharing = $this->file->getAccessList($path); + $encryptionModule->update($absPath, $this->uid, $usersSharing); + } } -} \ No newline at end of file +} diff --git a/lib/private/files/stream/encryption.php b/lib/private/files/stream/encryption.php index a96d573723c..88957825de0 100644 --- a/lib/private/files/stream/encryption.php +++ b/lib/private/files/stream/encryption.php @@ -198,7 +198,7 @@ class Encryption extends Wrapper { $context = parent::loadContext($name); foreach ($this->expectedContextProperties as $property) { - if (isset($context[$property])) { + if (array_key_exists($property, $context)) { $this->{$property} = $context[$property]; } else { throw new \BadMethodCallException('Invalid context, "' . $property . '" options not set'); -- cgit v1.2.3 From fac7ec3fc445ed528d84b258717e856e3638d734 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 2 Apr 2015 12:03:37 +0200 Subject: fix re-shares with encryption --- apps/files_sharing/tests/testcase.php | 2 +- lib/private/encryption/update.php | 8 ++++++-- lib/private/encryption/util.php | 6 +++--- 3 files changed, 10 insertions(+), 6 deletions(-) (limited to 'lib/private/encryption/update.php') diff --git a/apps/files_sharing/tests/testcase.php b/apps/files_sharing/tests/testcase.php index 69f68f7dfe8..b9f8658a69e 100644 --- a/apps/files_sharing/tests/testcase.php +++ b/apps/files_sharing/tests/testcase.php @@ -157,7 +157,7 @@ abstract class TestCase extends \Test\TestCase { $storage = new \ReflectionClass('\OC\Files\Storage\Shared'); $isInitialized = $storage->getProperty('isInitialized'); $isInitialized->setAccessible(true); - $isInitialized->setValue(false); + $isInitialized->setValue(array()); $isInitialized->setAccessible(false); } diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index e838e870502..1cfe935e584 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -94,7 +94,11 @@ class Update { */ private function update($fileSource) { $path = \OC\Files\Filesystem::getPath($fileSource); - $absPath = '/' . $this->uid . '/files' . $path; + $info = \OC\Files\Filesystem::getFileInfo($path); + $owner = \OC\Files\Filesystem::getOwner($path); + $view = new \OC\Files\View('/' . $owner . '/files'); + $ownerPath = $view->getPath($info->getId()); + $absPath = '/' . $owner . '/files' . $ownerPath; $mount = $this->mountManager->find($path); $mountPoint = $mount->getMountPoint(); @@ -110,7 +114,7 @@ class Update { foreach ($allFiles as $path) { $usersSharing = $this->file->getAccessList($path); - $encryptionModule->update($absPath, $this->uid, $usersSharing); + $encryptionModule->update($path, $this->uid, $usersSharing); } } diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php index e2c7fa26e66..54d587715bf 100644 --- a/lib/private/encryption/util.php +++ b/lib/private/encryption/util.php @@ -180,11 +180,11 @@ class Util { foreach ($content as $c) { // getDirectoryContent() returns the paths relative to the mount points, so we need // to re-construct the complete path - $path = ($mountPoint !== '') ? $mountPoint . '/' . $c['path'] : $c['path']; + $path = ($mountPoint !== '') ? $mountPoint . '/' . $c->getPath() : $c->getPath(); if ($c['type'] === 'dir') { - $dirList[] = $path; + $dirList[] = \OC\Files\Filesystem::normalizePath($path); } else { - $result[] = $path; + $result[] = \OC\Files\Filesystem::normalizePath($path); } } -- cgit v1.2.3