2012-07-25 19:51:48 +04:00
|
|
|
<?php
|
|
|
|
|
/***
|
2012-07-25 18:59:55 +04:00
|
|
|
* ownCloud
|
|
|
|
|
*
|
|
|
|
|
* @author Bjoern Schiessle
|
|
|
|
|
* @copyright 2012 Bjoern Schiessle <schiessle@owncloud.com>
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*
|
2012-07-25 19:51:48 +04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace OCA_Encryption;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This class provides basic operations to read/write encryption keys from/to the filesystem
|
|
|
|
|
*/
|
|
|
|
|
class Keymanager {
|
|
|
|
|
|
2012-07-25 21:28:56 +04:00
|
|
|
# TODO: Try and get rid of username dependencies as these methods need to be used in a proxy class that doesn't have username access
|
2012-07-25 19:51:48 +04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief retrieve private key from a user
|
|
|
|
|
*
|
|
|
|
|
* @param string user name
|
|
|
|
|
* @return string private key or false
|
|
|
|
|
*/
|
2012-07-25 19:56:52 +04:00
|
|
|
public static function getPrivateKey( $user ) {
|
|
|
|
|
|
2012-07-25 21:28:56 +04:00
|
|
|
$view = new \OC_FilesystemView( '/' . $user . '/' . 'files_encryption' );
|
2012-07-25 19:56:52 +04:00
|
|
|
|
2012-07-25 21:28:56 +04:00
|
|
|
return $view->file_get_contents( '/' . $user.'.private.key' );
|
2012-07-25 19:51:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2012-07-25 18:59:55 +04:00
|
|
|
* @brief retrieve public key from a user
|
|
|
|
|
*
|
|
|
|
|
* @param string user name
|
|
|
|
|
* @return string private key or false
|
|
|
|
|
*/
|
|
|
|
|
public static function getPublicKey($user) {
|
2012-07-26 15:49:22 +04:00
|
|
|
$view = new \OC_FilesystemView( '/public-keys/' );
|
2012-07-25 18:59:55 +04:00
|
|
|
return $view->file_get_contents($user.'.public.key');
|
2012-07-25 19:51:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2012-07-25 18:59:55 +04:00
|
|
|
* @brief retrieve file encryption key
|
|
|
|
|
*
|
2012-07-25 19:51:48 +04:00
|
|
|
* @param string file name
|
|
|
|
|
* @param string user name of the file owner
|
2012-07-25 18:59:55 +04:00
|
|
|
* @return string file key or false
|
|
|
|
|
*/
|
2012-07-30 14:38:38 +04:00
|
|
|
public static function getFileKey($userId, $path) {
|
|
|
|
|
|
|
|
|
|
$keypath = ltrim($path, '/');
|
|
|
|
|
$user = $userId;
|
|
|
|
|
|
|
|
|
|
// update $keypath and $user if path point to a file shared by someone else
|
|
|
|
|
$query = \OC_DB::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );
|
|
|
|
|
$result = $query->execute( array ('/'.$userId.'/files/'.$keypath, $userId));
|
|
|
|
|
if ($row = $result->fetchRow()){
|
|
|
|
|
$keypath = $row['source'];
|
|
|
|
|
$keypath_parts=explode('/',$keypath);
|
|
|
|
|
$user = $keypath_parts[1];
|
|
|
|
|
$keypath = str_replace('/'.$user.'/files/', '', $keypath);
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 15:49:22 +04:00
|
|
|
$view = new \OC_FilesystemView('/'.$user.'/files_encryption/keyfiles/');
|
2012-07-30 14:38:38 +04:00
|
|
|
return $view->file_get_contents($keypath.'.key');
|
2012-07-25 19:51:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2012-07-25 18:59:55 +04:00
|
|
|
* @brief store private key from a user
|
|
|
|
|
*
|
2012-07-25 19:51:48 +04:00
|
|
|
* @param string user name
|
2012-07-25 18:59:55 +04:00
|
|
|
* @param string key
|
|
|
|
|
* @return bool true/false
|
2012-07-25 19:51:48 +04:00
|
|
|
*/
|
2012-07-25 18:59:55 +04:00
|
|
|
public static function setPrivateKey($user, $key) {
|
2012-07-26 19:19:55 +04:00
|
|
|
|
|
|
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
|
|
|
|
|
|
$view = new \OC_FilesystemView('/'.$user.'/files_encryption');
|
|
|
|
|
if (!$view->file_exists('')) $view->mkdir('');
|
|
|
|
|
$result = $view->file_put_contents($user.'.private.key', $key);
|
|
|
|
|
|
|
|
|
|
\OC_FileProxy::$enabled = true;
|
|
|
|
|
|
|
|
|
|
return $result;
|
2012-07-25 19:51:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-07-25 18:59:55 +04:00
|
|
|
* @brief store public key from a user
|
|
|
|
|
*
|
|
|
|
|
* @param string user name
|
|
|
|
|
* @param string key
|
|
|
|
|
* @return bool true/false
|
2012-07-25 19:51:48 +04:00
|
|
|
*/
|
|
|
|
|
public static function setPublicKey($user, $key) {
|
2012-07-26 19:19:55 +04:00
|
|
|
|
|
|
|
|
\OC_FileProxy::$enabled = false;
|
|
|
|
|
|
|
|
|
|
$view = new \OC_FilesystemView('/public-keys');
|
|
|
|
|
if (!$view->file_exists('')) $view->mkdir('');
|
|
|
|
|
$result = $view->file_put_contents($user.'.public.key', $key);
|
|
|
|
|
|
|
|
|
|
\OC_FileProxy::$enabled = true;
|
|
|
|
|
|
|
|
|
|
return $result;
|
2012-07-25 18:59:55 +04:00
|
|
|
}
|
2012-07-25 19:51:48 +04:00
|
|
|
|
|
|
|
|
/**
|
2012-07-25 18:59:55 +04:00
|
|
|
* @brief store file encryption key
|
2012-07-25 19:51:48 +04:00
|
|
|
*
|
2012-07-25 21:28:56 +04:00
|
|
|
* @param string $userId name of the file owner
|
|
|
|
|
* @param string $path relative path of the file, including filename
|
|
|
|
|
* @param string $key
|
2012-07-25 18:59:55 +04:00
|
|
|
* @return bool true/false
|
2012-07-26 16:06:39 +04:00
|
|
|
*/
|
2012-07-25 21:28:56 +04:00
|
|
|
public static function setFileKey( $userId, $path, $key ) {
|
2012-07-30 14:38:38 +04:00
|
|
|
|
2012-07-25 21:28:56 +04:00
|
|
|
\OC_FileProxy::$enabled = false;
|
2012-07-30 14:38:38 +04:00
|
|
|
|
|
|
|
|
$targetpath = ltrim($path, '/');
|
|
|
|
|
$user = $userId;
|
|
|
|
|
|
|
|
|
|
// update $keytarget and $user if key belongs to a file shared by someone else
|
|
|
|
|
$query = \OC_DB::prepare( "SELECT uid_owner, source, target FROM `*PREFIX*sharing` WHERE target = ? AND uid_shared_with = ?" );
|
|
|
|
|
$result = $query->execute( array ('/'.$userId.'/files/'.$targetpath, $userId));
|
|
|
|
|
if ($row = $result->fetchRow()){
|
|
|
|
|
$targetpath = $row['source'];
|
|
|
|
|
$targetpath_parts=explode('/',$targetpath);
|
|
|
|
|
$user = $targetpath_parts[1];
|
|
|
|
|
$targetpath = str_replace('/'.$user.'/files/', '', $targetpath);
|
2012-07-30 14:43:17 +04:00
|
|
|
//TODO: check for write permission on shared file once the new sharing API is in place
|
2012-07-30 14:38:38 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$view = new \OC_FilesystemView( '/' . $user . '/files_encryption/keyfiles' );
|
|
|
|
|
$path_parts = pathinfo($targetpath);
|
2012-07-25 21:28:56 +04:00
|
|
|
|
2012-07-26 19:19:55 +04:00
|
|
|
if (!$view->file_exists($path_parts['dirname'])) $view->mkdir($path_parts['dirname']);
|
2012-07-30 14:38:38 +04:00
|
|
|
$result = $view->file_put_contents( '/' . $targetpath . '.key', $key );
|
2012-07-25 21:28:56 +04:00
|
|
|
|
2012-07-26 16:06:39 +04:00
|
|
|
\OC_FileProxy::$enabled = true;
|
2012-07-26 19:19:55 +04:00
|
|
|
|
|
|
|
|
return $result;
|
2012-07-25 19:51:48 +04:00
|
|
|
}
|
|
|
|
|
|
2012-07-25 18:59:55 +04:00
|
|
|
}
|
