sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'encryption_work_with_public_gallery' into encryption_enable_public_upload 

Conflicts:
	apps/files_encryption/lib/stream.php
remotes/origin/stable6
Bjoern Schiessle 2013-11-21 10:24:47 +07:00
parent b27fc42e1f 2b361ea085
commit 18c80e47b6
2 changed files with 34 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
apps/files_encryption/lib/stream.php
Unescape Escape View File

@ -55,6 +55,7 @@ class Stream {
private $rawPath; // The raw path relative to the data dir
private $relPath; // rel path to users file dir
private $userId;
private $keyId;
private $handle; // Resource returned by fopen
private $meta = array(); // Header / meta for source stream
private $writeCache;
@ -90,20 +91,21 @@ class Stream {
$this->rootView = new \OC_FilesystemView('/');
}
// rawPath is relative to the data directory
$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
$this->session = new \OCA\Encryption\Session($this->rootView);
$this->privateKey = $this->session->getPrivateKey();
$userId = Helper::getUser($this->rawPath);
// rawPath is relative to the data directory
$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
$this->userId = Helper::getUser($this->rawPath);
$util = new Util($this->rootView, $userId);
$util = new Util($this->rootView, $this->userId);
// need to get the userId once more from util, because now this can be the
// public share key ID
$this->userId = $util->getUserId();
// get the key ID which we want to use, canm be the users key or the
// public share key
$this->keyId = $util->getKeyId();
// Strip identifier text from path, this gives us the path relative to data/<user>/files
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
@ -254,14 +256,13 @@ class Stream {
// Fetch and decrypt keyfile
// Fetch existing keyfile
$userId = Helper::getUser($this->rawPath);
$util = new \OCA\Encryption\Util($this->rootView, $userId);
$util = new \OCA\Encryption\Util($this->rootView, $this->userId);
$this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath);
// If a keyfile already exists
if ($this->encKeyfile) {
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $util, $this->relPath);
$shareKey = Keymanager::getShareKey($this->rootView, $this->keyId, $util, $this->relPath);
// if there is no valid private key return false
if ($this->privateKey === false) {
@ -508,17 +509,15 @@ class Stream {
\OC_FileProxy::$enabled = false;
// Fetch user's public key
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId);
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
$userId = Helper::getUser($this->rawPath);
$util = new Util($this->rootView, $userId);
$util = new Util($this->rootView, $this->userId);
// Get all users sharing the file includes current user
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $userId);
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
$checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds);
// Fetch public keys for all sharing users
@ -528,7 +527,7 @@ class Stream {
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
// Save the new encrypted file key
Keymanager::setFileKey($this->rootView, $util, $this->relPath, $userId, $this->encKeyfiles['data']);
Keymanager::setFileKey($this->rootView, $util, $this->relPath, $this->keyId, $this->encKeyfiles['data']);
// Save the sharekeys
Keymanager::setShareKeys($this->rootView, $util, $this->relPath, $this->encKeyfiles['keys']);

32
apps/files_encryption/lib/util.php
Unescape Escape View File

@ -39,7 +39,7 @@ class Util {
private $view; // OC_FilesystemView object for filesystem operations
private $userId; // ID of the user we use to encrypt/decrypt files
private $ownerId; // ID of the user who accesses the file/folder
private $keyId; // ID of the key we want to manipulate
private $client; // Client side encryption mode flag
private $publicKeyDir; // Dir containing all public user keys
private $encryptionDir; // Dir containing user's files_encryption
@ -60,32 +60,31 @@ class Util {
$this->view = $view;
$this->client = $client;
$this->userId = $userId;
$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
$this->userDir = '/' . $userId;
$this->userDir = '/' . $this->userId;
$this->fileFolderName = 'files';
$this->userFilesDir =
'/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
$this->publicKeyDir = '/' . 'public-keys';
$this->encryptionDir = '/' . $userId . '/' . 'files_encryption';
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
$this->publicKeyPath =
$this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
$this->privateKeyPath =
$this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key
$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
// make sure that the owners home is mounted
\OC\Files\Filesystem::initMountPoints($userId);
if (\OCA\Encryption\Helper::isPublicAccess()) {
$this->userId = $this->publicShareKeyId;
$this->ownerId = $userId;
$this->keyId = $this->publicShareKeyId;
$this->isPublic = true;
} else {
$this->userId = $userId;
$this->ownerId = $userId;
$this->keyId = $this->userId;
$this->isPublic = false;
}
}
@ -172,13 +171,13 @@ class Util {
// check if public-key exists but private-key is missing
if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library',
'public key exists but private key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
} else {
if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)
) {
\OCP\Util::writeLog('Encryption library',
'private key exists but public key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
}
}
@ -1046,7 +1045,7 @@ class Util {
$encKeyfile = Keymanager::getFileKey($this->view, $this, $filePath);
// The file has a shareKey and must use it for decryption
$shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $filePath);
$shareKey = Keymanager::getShareKey($this->view, $this->keyId, $this, $filePath);
$plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
@ -1322,7 +1321,7 @@ class Util {
// handle public access
if ($this->isPublic) {
$filename = $path;
$fileOwnerUid = $this->ownerId;
$fileOwnerUid = $this->userId;
return array(
$fileOwnerUid,
@ -1547,6 +1546,13 @@ class Util {
return $this->userId;
}
/**
* @return string
*/
public function getKeyId() {
return $this->keyId;
}
/**
* @return string
*/