1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
<?php
/**
* SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OCA\Encryption\Crypto;
use OCA\Encryption\KeyManager;
use OCA\Encryption\Session;
use OCA\Encryption\Util;
use Symfony\Component\Console\Helper\QuestionHelper;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\ConfirmationQuestion;
use Symfony\Component\Console\Question\Question;
class DecryptAll {
/** @var Util */
protected $util;
/** @var QuestionHelper */
protected $questionHelper;
/** @var Crypt */
protected $crypt;
/** @var KeyManager */
protected $keyManager;
/** @var Session */
protected $session;
/**
* @param Util $util
* @param KeyManager $keyManager
* @param Crypt $crypt
* @param Session $session
* @param QuestionHelper $questionHelper
*/
public function __construct(
Util $util,
KeyManager $keyManager,
Crypt $crypt,
Session $session,
QuestionHelper $questionHelper,
) {
$this->util = $util;
$this->keyManager = $keyManager;
$this->crypt = $crypt;
$this->session = $session;
$this->questionHelper = $questionHelper;
}
/**
* prepare encryption module to decrypt all files
*
* @param InputInterface $input
* @param OutputInterface $output
* @param $user
* @return bool
*/
public function prepare(InputInterface $input, OutputInterface $output, $user) {
$question = new Question('Please enter the recovery key password: ');
if ($this->util->isMasterKeyEnabled()) {
$output->writeln('Use master key to decrypt all files');
$user = $this->keyManager->getMasterKeyId();
$password = $this->keyManager->getMasterKeyPassword();
} else {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if (!empty($user)) {
$output->writeln('You can only decrypt the users files if you know');
$output->writeln('the users password or if they activated the recovery key.');
$output->writeln('');
$questionUseLoginPassword = new ConfirmationQuestion(
'Do you want to use the users login password to decrypt all files? (y/n) ',
false
);
$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
if ($useLoginPassword) {
$question = new Question('Please enter the user\'s login password: ');
} elseif ($this->util->isRecoveryEnabledForUser($user) === false) {
$output->writeln('No recovery key available for user ' . $user);
return false;
} else {
$user = $recoveryKeyId;
}
} else {
$output->writeln('You can only decrypt the files of all users if the');
$output->writeln('recovery key is enabled by the admin and activated by the users.');
$output->writeln('');
$user = $recoveryKeyId;
}
$question->setHidden(true);
$question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question);
}
$privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) {
$this->updateSession($user, $privateKey);
return true;
} else {
$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
}
return false;
}
/**
* get the private key which will be used to decrypt all files
*
* @param string $user
* @param string $password
* @return bool|string
* @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
*/
protected function getPrivateKey($user, $password) {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
$masterKeyId = $this->keyManager->getMasterKeyId();
if ($user === $recoveryKeyId) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
} elseif ($user === $masterKeyId) {
$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
} else {
$userKey = $this->keyManager->getPrivateKey($user);
$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
}
return $privateKey;
}
protected function updateSession($user, $privateKey) {
$this->session->prepareDecryptAll($user, $privateKey);
}
}
|
