nextcloud/apps/files_encryption/tests/keymanager.php

410 lines
16 KiB
PHP
Raw Normal View History

<?php
/**
2015-02-23 13:28:53 +03:00
* @author Andreas Fischer <bantu@owncloud.com>
* @author Bjoern Schiessle <schiessle@owncloud.com>
* @author Florin Peter <github@florin-peter.de>
* @author Joas Schilling <nickvergessen@gmx.de>
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
* @author Sam Tuke <mail@samtuke.com>
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Vincent Petry <pvince81@owncloud.com>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
2014-12-03 19:20:04 +03:00
namespace OCA\Files_Encryption\Tests;
2013-05-20 00:28:48 +04:00
/**
2014-12-03 19:20:04 +03:00
* Class Keymanager
2013-05-20 00:28:48 +04:00
*/
2014-12-03 19:20:04 +03:00
class Keymanager extends TestCase {
2013-05-20 00:28:48 +04:00
const TEST_USER = "test-keymanager-user.dot";
2013-05-20 00:28:48 +04:00
public $userId;
public $pass;
2014-06-26 19:38:06 +04:00
public static $stateFilesTrashbin;
2013-05-20 00:28:48 +04:00
/**
2014-12-03 19:20:04 +03:00
* @var \OC\Files\View
2013-05-20 00:28:48 +04:00
*/
public $view;
public $randomKey;
2013-05-22 02:55:16 +04:00
public $dataShort;
2013-05-20 00:28:48 +04:00
public static function setUpBeforeClass() {
parent::setUpBeforeClass();
// disable file proxy by default
\OC_FileProxy::$enabled = false;
2013-05-20 03:24:36 +04:00
2014-06-26 19:38:06 +04:00
// remember files_trashbin state
2014-12-03 19:20:04 +03:00
self::$stateFilesTrashbin = \OC_App::isEnabled('files_trashbin');
2014-06-26 19:38:06 +04:00
// we don't want to tests with app files_trashbin enabled
\OC_App::disable('files_trashbin');
// create test user
\OC_User::deleteUser(self::TEST_USER);
parent::loginHelper(self::TEST_USER, true);
}
protected function setUp() {
parent::setUp();
// set content for encrypting / decrypting in tests
$this->dataLong = file_get_contents(__DIR__ . '/../lib/crypt.php');
$this->dataShort = 'hats';
$this->dataUrl = __DIR__ . '/../lib/crypt.php';
$this->legacyData = __DIR__ . '/legacy-text.txt';
$this->legacyEncryptedData = __DIR__ . '/legacy-encrypted-text.txt';
2014-12-03 19:20:04 +03:00
$this->randomKey = \OCA\Files_Encryption\Crypt::generateKey();
2013-05-20 03:24:36 +04:00
2014-12-03 19:20:04 +03:00
$keypair = \OCA\Files_Encryption\Crypt::createKeypair();
2013-05-20 03:24:36 +04:00
$this->genPublicKey = $keypair['publicKey'];
$this->genPrivateKey = $keypair['privateKey'];
$this->view = new \OC\Files\View('/');
self::loginHelper(self::TEST_USER);
$this->userId = self::TEST_USER;
$this->pass = self::TEST_USER;
$userHome = \OC_User::getHome($this->userId);
$this->dataDir = str_replace('/' . $this->userId, '', $userHome);
}
2013-05-20 03:24:36 +04:00
function tearDown() {
$this->view->deleteAll('/' . self::TEST_USER . '/files_encryption/keys');
parent::tearDown();
}
public static function tearDownAfterClass() {
\OC_FileProxy::$enabled = true;
// cleanup test user
\OC_User::deleteUser(self::TEST_USER);
2014-06-26 19:38:06 +04:00
// reset app files_trashbin
if (self::$stateFilesTrashbin) {
2014-12-03 19:20:04 +03:00
\OC_App::enable('files_trashbin');
2014-06-26 19:38:06 +04:00
}
parent::tearDownAfterClass();
}
function testKeyCacheUpdate() {
$testUser = 'testKeyCacheUpdate';
\OCA\Files_Encryption\Keymanager::setPublicKey('oldKey', $testUser);
$this->assertSame('oldKey',
\OCA\Files_Encryption\Keymanager::getPublicKey($this->view, $testUser));
// update key
\OCA\Files_Encryption\Keymanager::setPublicKey('newKey', $testUser);
$this->assertSame('newKey',
\OCA\Files_Encryption\Keymanager::getPublicKey($this->view, $testUser));
// cleanup
\OCA\Files_Encryption\Keymanager::deletePublicKey($this->view, $testUser);
}
2013-06-10 11:31:22 +04:00
/**
* @medium
*/
function testGetPrivateKey() {
2013-05-20 03:24:36 +04:00
2014-12-03 19:20:04 +03:00
$key = \OCA\Files_Encryption\Keymanager::getPrivateKey($this->view, $this->userId);
2013-04-30 03:54:19 +04:00
2014-12-03 19:20:04 +03:00
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($key, $this->pass);
2013-04-30 03:54:19 +04:00
$res = openssl_pkey_get_private($privateKey);
2013-04-30 03:54:19 +04:00
$this->assertTrue(is_resource($res));
2013-05-19 00:00:35 +04:00
$sslInfo = openssl_pkey_get_details($res);
2013-05-19 00:00:35 +04:00
$this->assertArrayHasKey('key', $sslInfo);
2013-05-20 03:24:36 +04:00
}
2013-06-10 11:31:22 +04:00
/**
* @medium
*/
function testGetPublicKey() {
2013-05-20 03:24:36 +04:00
2014-12-03 19:20:04 +03:00
$publiceKey = \OCA\Files_Encryption\Keymanager::getPublicKey($this->view, $this->userId);
2013-05-19 00:00:35 +04:00
$res = openssl_pkey_get_public($publiceKey);
2013-05-19 00:00:35 +04:00
$this->assertTrue(is_resource($res));
2013-05-19 00:00:35 +04:00
$sslInfo = openssl_pkey_get_details($res);
2013-05-19 00:00:35 +04:00
$this->assertArrayHasKey('key', $sslInfo);
}
2013-05-20 03:24:36 +04:00
2013-06-10 11:31:22 +04:00
/**
* @medium
*/
function testSetFileKey() {
2013-05-20 03:24:36 +04:00
$key = $this->randomKey;
2013-05-20 03:24:36 +04:00
$file = 'unittest-' . $this->getUniqueID() . '.txt';
2014-12-03 19:20:04 +03:00
$util = new \OCA\Files_Encryption\Util($this->view, $this->userId);
2013-05-20 03:24:36 +04:00
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$this->view->file_put_contents($this->userId . '/files/' . $file, $this->dataShort);
2013-05-20 03:24:36 +04:00
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::setFileKey($this->view, $util, $file, $key);
$this->assertTrue($this->view->file_exists('/' . $this->userId . '/files_encryption/keys/' . $file . '/fileKey'));
2013-05-17 03:07:26 +04:00
// cleanup
$this->view->unlink('/' . $this->userId . '/files/' . $file);
2013-05-17 03:07:26 +04:00
2013-05-22 02:55:16 +04:00
// change encryption proxy to previous state
2013-05-17 03:07:26 +04:00
\OC_FileProxy::$enabled = $proxyStatus;
}
2013-05-20 03:24:36 +04:00
2014-07-22 19:22:15 +04:00
/**
* @medium
*/
function testSetPrivateKey() {
$key = "dummy key";
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::setPrivateKey($key, 'dummyUser');
2014-07-22 19:22:15 +04:00
$this->assertTrue($this->view->file_exists('/dummyUser/files_encryption/dummyUser.privateKey'));
2014-07-22 19:22:15 +04:00
//clean up
$this->view->deleteAll('/dummyUser');
}
/**
* @medium
*/
function testSetPrivateSystemKey() {
$key = "dummy key";
$keyName = "myDummyKey";
2014-12-03 19:20:04 +03:00
$encHeader = \OCA\Files_Encryption\Crypt::generateHeader();
2014-07-22 19:22:15 +04:00
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::setPrivateSystemKey($key, $keyName);
2014-07-22 19:22:15 +04:00
2014-11-18 19:25:36 +03:00
$this->assertTrue($this->view->file_exists('/files_encryption/' . $keyName . '.privateKey'));
2014-12-03 19:20:04 +03:00
$result = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyName);
$this->assertSame($encHeader . $key, $result);
2014-07-22 19:22:15 +04:00
// clean up
2014-11-18 19:25:36 +03:00
$this->view->unlink('/files_encryption/' . $keyName.'.privateKey');
2014-07-22 19:22:15 +04:00
}
2013-06-10 11:31:22 +04:00
/**
* @medium
*/
function testGetUserKeys() {
2013-05-20 03:24:36 +04:00
2014-12-03 19:20:04 +03:00
$keys = \OCA\Files_Encryption\Keymanager::getUserKeys($this->view, $this->userId);
2013-04-30 03:54:19 +04:00
$resPublic = openssl_pkey_get_public($keys['publicKey']);
2013-04-30 03:54:19 +04:00
$this->assertTrue(is_resource($resPublic));
2013-04-30 03:54:19 +04:00
$sslInfoPublic = openssl_pkey_get_details($resPublic);
2013-04-30 03:54:19 +04:00
$this->assertArrayHasKey('key', $sslInfoPublic);
2013-05-19 00:25:47 +04:00
2014-12-03 19:20:04 +03:00
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($keys['privateKey'], $this->pass);
2013-05-19 00:25:47 +04:00
$resPrivate = openssl_pkey_get_private($privateKey);
2013-05-19 00:25:47 +04:00
$this->assertTrue(is_resource($resPrivate));
2013-05-19 00:25:47 +04:00
$sslInfoPrivate = openssl_pkey_get_details($resPrivate);
2013-05-19 00:25:47 +04:00
$this->assertArrayHasKey('key', $sslInfoPrivate);
}
2013-05-22 02:55:16 +04:00
2013-06-10 11:31:22 +04:00
/**
* @medium
*/
2014-06-26 19:38:06 +04:00
function testRecursiveDelShareKeysFolder() {
$this->view->mkdir('/' . self::TEST_USER . '/files/folder1');
$this->view->file_put_contents('/' . self::TEST_USER . '/files/folder1/existingFile.txt', 'data');
2013-05-22 02:55:16 +04:00
2014-06-26 19:38:06 +04:00
// create folder structure for some dummy share key files
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/file2');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/file2');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file1');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file2');
2014-06-23 19:13:56 +04:00
// create some dummy share keys
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user1.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/' . self::TEST_USER . '.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/user1.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/user1.test.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/test-keymanager-userxdot.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/userx.' . self::TEST_USER . '.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/' . self::TEST_USER . '.userx.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/user1.' . self::TEST_USER . '.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/' . self::TEST_USER . '.user1.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file2/user2.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/file2/user3.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/file2/user3.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file1/user1.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file2/user2.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file2/user3.shareKey', 'data');
2014-06-23 19:13:56 +04:00
// recursive delete share keys from user1 and user2
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::delShareKey($this->view,
array('user1', 'user2', self::TEST_USER),
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::getKeyPath($this->view, new \OCA\Files_Encryption\Util($this->view, self::TEST_USER), '/folder1'),
self::TEST_USER,
'/folder1');
2014-06-23 19:13:56 +04:00
// check if share keys from user1 and user2 are deleted
2014-06-26 19:38:06 +04:00
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user1.shareKey'));
2014-06-23 19:13:56 +04:00
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/share-keys/folder1/file1/user1.shareKey'));
2014-06-23 19:13:56 +04:00
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/share-keys/folder1/file2/user2.shareKey'));
2014-06-23 19:13:56 +04:00
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/share-keys/folder1/subfolder/subsubfolder/file1/user1.shareKey'));
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/share-keys/folder1/subfolder/subsubfolder/file2/user2.shareKey'));
2013-05-22 02:55:16 +04:00
2014-06-23 19:13:56 +04:00
// check if share keys from user3 still exists
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file2/user3.shareKey'));
2014-06-23 19:13:56 +04:00
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/subsubfolder/file2/user3.shareKey'));
2014-06-23 19:13:56 +04:00
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/subfolder/file2/user3.shareKey'));
2013-05-22 02:55:16 +04:00
// check if share keys for user or file with similar name
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/user1.test.shareKey'));
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/test-keymanager-userxdot.shareKey'));
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/' . self::TEST_USER . '.userx.shareKey'));
// FIXME: this case currently cannot be distinguished, needs further fixing
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/userx.' . self::TEST_USER . '.shareKey'));
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/user1.' . self::TEST_USER . '.shareKey'));
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/file1/' . self::TEST_USER . '.user1.shareKey'));
2014-06-26 19:38:06 +04:00
// owner key from existing file should still exists because the file is still there
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/' . self::TEST_USER . '.shareKey'));
2014-06-26 19:38:06 +04:00
2013-05-22 02:55:16 +04:00
// cleanup
$this->view->deleteAll('/' . self::TEST_USER . '/files/folder1');
2014-06-26 19:38:06 +04:00
}
/**
* @medium
*/
function testRecursiveDelShareKeysFile() {
$this->view->mkdir('/' . self::TEST_USER . '/files/folder1');
$this->view->file_put_contents('/' . self::TEST_USER . '/files/folder1/existingFile.txt', 'data');
2014-06-26 19:38:06 +04:00
// create folder structure for some dummy share key files
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1');
$this->view->mkdir('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt');
2014-06-26 19:38:06 +04:00
// create some dummy share keys
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user1.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user2.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user3.shareKey', 'data');
$this->view->file_put_contents('/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/' . self::TEST_USER . '.shareKey', 'data');
2014-06-26 19:38:06 +04:00
// recursive delete share keys from user1 and user2
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::delShareKey($this->view,
array('user1', 'user2', self::TEST_USER),
2014-12-03 19:20:04 +03:00
\OCA\Files_Encryption\Keymanager::getKeyPath($this->view, new \OCA\Files_Encryption\Util($this->view, self::TEST_USER), '/folder1/existingFile.txt'),
self::TEST_USER,
'/folder1/existingFile.txt');
2014-06-26 19:38:06 +04:00
// check if share keys from user1 and user2 are deleted
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile/user1.shareKey'));
2014-06-26 19:38:06 +04:00
$this->assertFalse($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile/user2.shareKey'));
2014-06-26 19:38:06 +04:00
// check if share keys for user3 and owner
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/' . self::TEST_USER . '.shareKey'));
2014-06-26 19:38:06 +04:00
$this->assertTrue($this->view->file_exists(
'/' . self::TEST_USER . '/files_encryption/keys/folder1/existingFile.txt/user3.shareKey'));
2014-06-26 19:38:06 +04:00
// cleanup
$this->view->deleteAll('/' . self::TEST_USER . '/files/folder1');
2014-06-26 19:38:06 +04:00
}
2014-06-24 12:43:07 +04:00
function testKeySetPreperation() {
$basePath = '/' . self::TEST_USER . '/files';
2014-06-25 14:38:26 +04:00
$path = '/folder1/subfolder/subsubfolder/file.txt';
2014-06-24 12:43:07 +04:00
$this->assertFalse($this->view->is_dir($basePath . '/testKeySetPreperation'));
TestProtectedKeymanagerMethods::testKeySetPreperation($this->view, $basePath . $path);
2014-06-24 12:43:07 +04:00
// check if directory structure was created
$this->assertTrue($this->view->is_dir($basePath . $path));
2014-06-24 12:43:07 +04:00
// cleanup
$this->view->deleteAll($basePath . '/folder1');
}
}
/**
* dummy class to access protected methods of \OCA\Files_Encryption\Keymanager for testing
*/
class TestProtectedKeymanagerMethods extends \OCA\Files_Encryption\Keymanager {
2014-06-24 12:43:07 +04:00
/**
* @param \OC\Files\View $view relative to data/
* @param string $path
* @param string $basePath
*/
public static function testKeySetPreperation($view, $path) {
2014-12-03 19:20:04 +03:00
self::keySetPreparation($view, $path);
2014-06-24 12:43:07 +04:00
}
}