2015-01-14 22:39:23 +03:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-21 18:07:57 +03:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2016-05-26 20:56:05 +03:00
|
|
|
* @author Björn Schießle <bjoern@schiessle.org>
|
2015-06-25 12:43:55 +03:00
|
|
|
* @author Jan-Christoph Borchardt <hey@jancborchardt.net>
|
2016-07-21 18:07:57 +03:00
|
|
|
* @author Joas Schilling <coding@schilljs.com>
|
2015-04-07 18:02:49 +03:00
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
2015-01-14 22:39:23 +03:00
|
|
|
*
|
2015-04-07 18:02:49 +03:00
|
|
|
* @license AGPL-3.0
|
2015-01-14 22:39:23 +03:00
|
|
|
*
|
2015-04-07 18:02:49 +03:00
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
2015-01-14 22:39:23 +03:00
|
|
|
*
|
2015-04-07 18:02:49 +03:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2015-01-14 22:39:23 +03:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2015-04-07 18:02:49 +03:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
2015-01-14 22:39:23 +03:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OC\Encryption;
|
|
|
|
|
2015-07-24 13:24:18 +03:00
|
|
|
use OC\Encryption\Keys\Storage;
|
2015-04-23 17:48:11 +03:00
|
|
|
use OC\Files\Filesystem;
|
2015-04-07 19:05:54 +03:00
|
|
|
use OC\Files\View;
|
2016-03-31 00:20:37 +03:00
|
|
|
use OC\Memcache\ArrayCache;
|
2015-07-24 13:24:18 +03:00
|
|
|
use OC\ServiceUnavailableException;
|
2015-01-14 22:39:23 +03:00
|
|
|
use OCP\Encryption\IEncryptionModule;
|
2015-04-07 19:05:54 +03:00
|
|
|
use OCP\Encryption\IManager;
|
|
|
|
use OCP\IConfig;
|
2015-05-27 11:37:12 +03:00
|
|
|
use OCP\IL10N;
|
2015-04-07 19:05:54 +03:00
|
|
|
use OCP\ILogger;
|
2015-01-14 22:39:23 +03:00
|
|
|
|
2015-04-07 19:05:54 +03:00
|
|
|
class Manager implements IManager {
|
2015-01-14 22:39:23 +03:00
|
|
|
|
|
|
|
/** @var array */
|
|
|
|
protected $encryptionModules;
|
|
|
|
|
2015-04-07 19:05:54 +03:00
|
|
|
/** @var IConfig */
|
2015-01-14 22:39:23 +03:00
|
|
|
protected $config;
|
|
|
|
|
2015-04-07 19:05:54 +03:00
|
|
|
/** @var ILogger */
|
|
|
|
protected $logger;
|
|
|
|
|
2015-05-27 11:37:12 +03:00
|
|
|
/** @var Il10n */
|
|
|
|
protected $l;
|
|
|
|
|
2015-07-24 13:24:18 +03:00
|
|
|
/** @var View */
|
|
|
|
protected $rootView;
|
|
|
|
|
|
|
|
/** @var Util */
|
|
|
|
protected $util;
|
|
|
|
|
2016-03-31 00:20:37 +03:00
|
|
|
/** @var ArrayCache */
|
|
|
|
protected $arrayCache;
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
/**
|
2015-04-07 19:05:54 +03:00
|
|
|
* @param IConfig $config
|
|
|
|
* @param ILogger $logger
|
2015-05-27 11:37:12 +03:00
|
|
|
* @param IL10N $l10n
|
2015-07-24 13:24:18 +03:00
|
|
|
* @param View $rootView
|
|
|
|
* @param Util $util
|
2016-03-31 00:20:37 +03:00
|
|
|
* @param ArrayCache $arrayCache
|
2015-01-14 22:39:23 +03:00
|
|
|
*/
|
2016-03-31 00:20:37 +03:00
|
|
|
public function __construct(IConfig $config, ILogger $logger, IL10N $l10n, View $rootView, Util $util, ArrayCache $arrayCache) {
|
2015-01-14 22:39:23 +03:00
|
|
|
$this->encryptionModules = array();
|
|
|
|
$this->config = $config;
|
2015-04-07 19:05:54 +03:00
|
|
|
$this->logger = $logger;
|
2015-05-27 11:37:12 +03:00
|
|
|
$this->l = $l10n;
|
2015-07-24 13:24:18 +03:00
|
|
|
$this->rootView = $rootView;
|
|
|
|
$this->util = $util;
|
2016-03-31 00:20:37 +03:00
|
|
|
$this->arrayCache = $arrayCache;
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if encryption is enabled
|
|
|
|
*
|
|
|
|
* @return bool true if enabled, false if not
|
|
|
|
*/
|
|
|
|
public function isEnabled() {
|
|
|
|
|
|
|
|
$installed = $this->config->getSystemValue('installed', false);
|
|
|
|
if (!$installed) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$enabled = $this->config->getAppValue('core', 'encryption_enabled', 'no');
|
|
|
|
return $enabled === 'yes';
|
|
|
|
}
|
|
|
|
|
2015-04-07 19:05:54 +03:00
|
|
|
/**
|
|
|
|
* check if new encryption is ready
|
|
|
|
*
|
2015-07-24 13:24:18 +03:00
|
|
|
* @return bool
|
|
|
|
* @throws ServiceUnavailableException
|
2015-04-07 19:05:54 +03:00
|
|
|
*/
|
|
|
|
public function isReady() {
|
|
|
|
// check if we are still in transit between the old and the new encryption
|
|
|
|
$oldEncryption = $this->config->getAppValue('files_encryption', 'installed_version');
|
|
|
|
if (!empty($oldEncryption)) {
|
|
|
|
$warning = 'Installation is in transit between the old Encryption (ownCloud <= 8.0)
|
2015-05-05 23:08:16 +03:00
|
|
|
and the new encryption. Please enable the "Default encryption module"
|
2015-04-07 19:05:54 +03:00
|
|
|
and run \'occ encryption:migrate\'';
|
|
|
|
$this->logger->warning($warning);
|
|
|
|
return false;
|
|
|
|
}
|
2015-07-24 13:24:18 +03:00
|
|
|
|
|
|
|
if ($this->isKeyStorageReady() === false) {
|
|
|
|
throw new ServiceUnavailableException('Key Storage is not ready');
|
|
|
|
}
|
|
|
|
|
2015-04-07 19:05:54 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
/**
|
2016-04-14 18:32:25 +03:00
|
|
|
* @param string $user
|
|
|
|
*/
|
|
|
|
public function isReadyForUser($user) {
|
|
|
|
if (!$this->isReady()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
foreach ($this->getEncryptionModules() as $module) {
|
|
|
|
/** @var IEncryptionModule $m */
|
|
|
|
$m = call_user_func($module['callback']);
|
|
|
|
if (!$m->isReadyForUser($user)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-04-14 17:48:39 +03:00
|
|
|
* Registers an callback function which must return an encryption module instance
|
2015-01-14 22:39:23 +03:00
|
|
|
*
|
2015-04-14 17:48:39 +03:00
|
|
|
* @param string $id
|
|
|
|
* @param string $displayName
|
|
|
|
* @param callable $callback
|
2015-01-14 22:39:23 +03:00
|
|
|
* @throws Exceptions\ModuleAlreadyExistsException
|
|
|
|
*/
|
2015-04-14 17:48:39 +03:00
|
|
|
public function registerEncryptionModule($id, $displayName, callable $callback) {
|
2015-03-30 12:49:03 +03:00
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
if (isset($this->encryptionModules[$id])) {
|
2015-04-14 17:48:39 +03:00
|
|
|
throw new Exceptions\ModuleAlreadyExistsException($id, $displayName);
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
2015-03-31 14:48:27 +03:00
|
|
|
|
2015-04-18 11:18:58 +03:00
|
|
|
$this->encryptionModules[$id] = [
|
2015-04-14 17:48:39 +03:00
|
|
|
'id' => $id,
|
2015-04-18 11:18:58 +03:00
|
|
|
'displayName' => $displayName,
|
|
|
|
'callback' => $callback,
|
|
|
|
];
|
2015-04-16 18:37:31 +03:00
|
|
|
|
|
|
|
$defaultEncryptionModuleId = $this->getDefaultEncryptionModuleId();
|
|
|
|
|
|
|
|
if (empty($defaultEncryptionModuleId)) {
|
|
|
|
$this->setDefaultEncryptionModule($id);
|
|
|
|
}
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Unregisters an encryption module
|
|
|
|
*
|
2015-04-14 17:48:39 +03:00
|
|
|
* @param string $moduleId
|
2015-01-14 22:39:23 +03:00
|
|
|
*/
|
2015-04-14 17:48:39 +03:00
|
|
|
public function unregisterEncryptionModule($moduleId) {
|
|
|
|
unset($this->encryptionModules[$moduleId]);
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get a list of all encryption modules
|
|
|
|
*
|
2015-04-14 17:48:39 +03:00
|
|
|
* @return array [id => ['id' => $id, 'displayName' => $displayName, 'callback' => callback]]
|
2015-01-14 22:39:23 +03:00
|
|
|
*/
|
|
|
|
public function getEncryptionModules() {
|
|
|
|
return $this->encryptionModules;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get a specific encryption module
|
|
|
|
*
|
|
|
|
* @param string $moduleId
|
|
|
|
* @return IEncryptionModule
|
|
|
|
* @throws Exceptions\ModuleDoesNotExistsException
|
|
|
|
*/
|
2015-03-18 12:58:02 +03:00
|
|
|
public function getEncryptionModule($moduleId = '') {
|
|
|
|
if (!empty($moduleId)) {
|
|
|
|
if (isset($this->encryptionModules[$moduleId])) {
|
2015-04-14 17:48:39 +03:00
|
|
|
return call_user_func($this->encryptionModules[$moduleId]['callback']);
|
2015-03-18 12:58:02 +03:00
|
|
|
} else {
|
2015-06-03 16:00:56 +03:00
|
|
|
$message = "Module with id: $moduleId does not exist.";
|
2015-06-03 15:56:18 +03:00
|
|
|
$hint = $this->l->t('Module with id: %s does not exist. Please enable it in your apps settings or contact your administrator.', [$moduleId]);
|
2015-05-27 11:37:12 +03:00
|
|
|
throw new Exceptions\ModuleDoesNotExistsException($message, $hint);
|
2015-03-18 12:58:02 +03:00
|
|
|
}
|
2015-04-14 17:48:39 +03:00
|
|
|
} else {
|
|
|
|
return $this->getDefaultEncryptionModule();
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get default encryption module
|
|
|
|
*
|
|
|
|
* @return \OCP\Encryption\IEncryptionModule
|
|
|
|
* @throws Exceptions\ModuleDoesNotExistsException
|
|
|
|
*/
|
2015-04-20 12:11:52 +03:00
|
|
|
protected function getDefaultEncryptionModule() {
|
2015-01-14 22:39:23 +03:00
|
|
|
$defaultModuleId = $this->getDefaultEncryptionModuleId();
|
|
|
|
if (!empty($defaultModuleId)) {
|
|
|
|
if (isset($this->encryptionModules[$defaultModuleId])) {
|
2015-04-14 17:48:39 +03:00
|
|
|
return call_user_func($this->encryptionModules[$defaultModuleId]['callback']);
|
2015-01-14 22:39:23 +03:00
|
|
|
} else {
|
|
|
|
$message = 'Default encryption module not loaded';
|
|
|
|
throw new Exceptions\ModuleDoesNotExistsException($message);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$message = 'No default encryption module defined';
|
|
|
|
throw new Exceptions\ModuleDoesNotExistsException($message);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* set default encryption module Id
|
|
|
|
*
|
|
|
|
* @param string $moduleId
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function setDefaultEncryptionModule($moduleId) {
|
|
|
|
try {
|
2015-04-16 18:37:31 +03:00
|
|
|
$this->getEncryptionModule($moduleId);
|
2015-01-14 22:39:23 +03:00
|
|
|
} catch (\Exception $e) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-04-20 12:11:52 +03:00
|
|
|
$this->config->setAppValue('core', 'default_encryption_module', $moduleId);
|
|
|
|
return true;
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get default encryption module Id
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2015-04-20 12:11:52 +03:00
|
|
|
public function getDefaultEncryptionModuleId() {
|
|
|
|
return $this->config->getAppValue('core', 'default_encryption_module');
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|
|
|
|
|
2015-06-02 13:27:30 +03:00
|
|
|
/**
|
|
|
|
* Add storage wrapper
|
|
|
|
*/
|
2016-03-31 00:20:37 +03:00
|
|
|
public function setupStorage() {
|
2017-03-29 13:23:46 +03:00
|
|
|
// If encryption is disabled and there are no loaded modules it makes no sense to load the wrapper
|
|
|
|
if (!empty($this->encryptionModules) || $this->isEnabled()) {
|
|
|
|
$encryptionWrapper = new EncryptionWrapper($this->arrayCache, $this, $this->logger);
|
|
|
|
Filesystem::addStorageWrapper('oc_encryption', array($encryptionWrapper, 'wrapStorage'), 2);
|
|
|
|
}
|
2015-03-31 14:25:11 +03:00
|
|
|
}
|
2015-07-24 13:24:18 +03:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if key storage is ready
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function isKeyStorageReady() {
|
|
|
|
|
|
|
|
$rootDir = $this->util->getKeyStorageRoot();
|
|
|
|
|
|
|
|
// the default root is always valid
|
|
|
|
if ($rootDir === '') {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// check if key storage is mounted correctly
|
|
|
|
if ($this->rootView->file_exists($rootDir . '/' . Storage::KEY_STORAGE_MARKER)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-14 22:39:23 +03:00
|
|
|
}
|