From 088ffd05d7a60c5be2dbe8b56b6223a774b0822c Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 2 Mar 2016 11:16:53 +0100 Subject: [PATCH] don't create a private-/public-key pair for each user if the master key is enabled --- apps/encryption/appinfo/application.php | 1 + apps/encryption/lib/crypto/encryptall.php | 81 ++++++++++++++----- .../tests/lib/crypto/encryptalltest.php | 20 ++++- 3 files changed, 78 insertions(+), 24 deletions(-) diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php index 6080a29d5f..c7c8d2a3d3 100644 --- a/apps/encryption/appinfo/application.php +++ b/apps/encryption/appinfo/application.php @@ -242,6 +242,7 @@ class Application extends \OCP\AppFramework\App { $c->getServer()->getUserManager(), new View(), $c->query('KeyManager'), + $c->query('Util'), $server->getConfig(), $server->getMailer(), $server->getL10N('encryption'), diff --git a/apps/encryption/lib/crypto/encryptall.php b/apps/encryption/lib/crypto/encryptall.php index 18e93d2e12..0037c21326 100644 --- a/apps/encryption/lib/crypto/encryptall.php +++ b/apps/encryption/lib/crypto/encryptall.php @@ -28,12 +28,12 @@ use OC\Encryption\Exceptions\DecryptionFailedException; use OC\Files\View; use OCA\Encryption\KeyManager; use OCA\Encryption\Users\Setup; +use OCA\Encryption\Util; use OCP\IConfig; use OCP\IL10N; use OCP\IUserManager; use OCP\Mail\IMailer; use OCP\Security\ISecureRandom; -use OCP\Util; use Symfony\Component\Console\Helper\ProgressBar; use Symfony\Component\Console\Helper\QuestionHelper; use Symfony\Component\Console\Helper\Table; @@ -55,6 +55,9 @@ class EncryptAll { /** @var KeyManager */ protected $keyManager; + /** @var Util */ + protected $util; + /** @var array */ protected $userPasswords; @@ -84,6 +87,7 @@ class EncryptAll { * @param IUserManager $userManager * @param View $rootView * @param KeyManager $keyManager + * @param Util $util * @param IConfig $config * @param IMailer $mailer * @param IL10N $l @@ -95,6 +99,7 @@ class EncryptAll { IUserManager $userManager, View $rootView, KeyManager $keyManager, + Util $util, IConfig $config, IMailer $mailer, IL10N $l, @@ -105,6 +110,7 @@ class EncryptAll { $this->userManager = $userManager; $this->rootView = $rootView; $this->keyManager = $keyManager; + $this->util = $util; $this->config = $config; $this->mailer = $mailer; $this->l = $l; @@ -129,16 +135,21 @@ class EncryptAll { $this->output->writeln("\n"); $this->output->writeln($headline); $this->output->writeln(str_pad('', strlen($headline), '=')); - - //create private/public keys for each user and store the private key password $this->output->writeln("\n"); - $this->output->writeln('Create key-pair for every user'); - $this->output->writeln('------------------------------'); - $this->output->writeln(''); - $this->output->writeln('This module will encrypt all files in the users files folder initially.'); - $this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.'); - $this->output->writeln(''); - $this->createKeyPairs(); + + if ($this->util->isMasterKeyEnabled()) { + $this->output->writeln('Use master key to encrypt all files.'); + $this->keyManager->validateMasterKey(); + } else { + //create private/public keys for each user and store the private key password + $this->output->writeln('Create key-pair for every user'); + $this->output->writeln('------------------------------'); + $this->output->writeln(''); + $this->output->writeln('This module will encrypt all files in the users files folder initially.'); + $this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.'); + $this->output->writeln(''); + $this->createKeyPairs(); + } //setup users file system and encrypt all files one by one (take should encrypt setting of storage into account) $this->output->writeln("\n"); @@ -146,12 +157,14 @@ class EncryptAll { $this->output->writeln('----------------------------'); $this->output->writeln(''); $this->encryptAllUsersFiles(); - //send-out or display password list and write it to a file - $this->output->writeln("\n"); - $this->output->writeln('Generated encryption key passwords'); - $this->output->writeln('----------------------------------'); - $this->output->writeln(''); - $this->outputPasswords(); + if ($this->util->isMasterKeyEnabled() === false) { + //send-out or display password list and write it to a file + $this->output->writeln("\n"); + $this->output->writeln('Generated encryption key passwords'); + $this->output->writeln('----------------------------------'); + $this->output->writeln(''); + $this->outputPasswords(); + } $this->output->writeln("\n"); } @@ -200,16 +213,42 @@ class EncryptAll { $progress->start(); $numberOfUsers = count($this->userPasswords); $userNo = 1; - foreach ($this->userPasswords as $uid => $password) { - $userCount = "$uid ($userNo of $numberOfUsers)"; - $this->encryptUsersFiles($uid, $progress, $userCount); - $userNo++; + if ($this->util->isMasterKeyEnabled()) { + $this->encryptAllUserFilesWithMasterKey($progress); + } else { + foreach ($this->userPasswords as $uid => $password) { + $userCount = "$uid ($userNo of $numberOfUsers)"; + $this->encryptUsersFiles($uid, $progress, $userCount); + $userNo++; + } } $progress->setMessage("all files encrypted"); $progress->finish(); } + /** + * encrypt all user files with the master key + * + * @param ProgressBar $progress + */ + protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) { + $userNo = 1; + foreach($this->userManager->getBackends() as $backend) { + $limit = 500; + $offset = 0; + do { + $users = $backend->getUsers('', $limit, $offset); + foreach ($users as $user) { + $userCount = "$user ($userNo)"; + $this->encryptUsersFiles($user, $progress, $userCount); + $userNo++; + } + $offset += $limit; + } while(count($users) >= $limit); + } + } + /** * encrypt files from the given user * @@ -384,7 +423,7 @@ class EncryptAll { $message->setHtmlBody($htmlBody); $message->setPlainBody($textBody); $message->setFrom([ - Util::getDefaultEmailAddress('admin-noreply') + \OCP\Util::getDefaultEmailAddress('admin-noreply') ]); $this->mailer->send($message); diff --git a/apps/encryption/tests/lib/crypto/encryptalltest.php b/apps/encryption/tests/lib/crypto/encryptalltest.php index 04d931342a..837883fded 100644 --- a/apps/encryption/tests/lib/crypto/encryptalltest.php +++ b/apps/encryption/tests/lib/crypto/encryptalltest.php @@ -31,6 +31,9 @@ class EncryptAllTest extends TestCase { /** @var \PHPUnit_Framework_MockObject_MockObject | \OCA\Encryption\KeyManager */ protected $keyManager; + /** @var \PHPUnit_Framework_MockObject_MockObject | \OCA\Encryption\Util */ + protected $util; + /** @var \PHPUnit_Framework_MockObject_MockObject | \OCP\IUserManager */ protected $userManager; @@ -73,6 +76,8 @@ class EncryptAllTest extends TestCase { ->disableOriginalConstructor()->getMock(); $this->keyManager = $this->getMockBuilder('OCA\Encryption\KeyManager') ->disableOriginalConstructor()->getMock(); + $this->util = $this->getMockBuilder('OCA\Encryption\Util') + ->disableOriginalConstructor()->getMock(); $this->userManager = $this->getMockBuilder('OCP\IUserManager') ->disableOriginalConstructor()->getMock(); $this->view = $this->getMockBuilder('OC\Files\View') @@ -110,6 +115,7 @@ class EncryptAllTest extends TestCase { $this->userManager, $this->view, $this->keyManager, + $this->util, $this->config, $this->mailer, $this->l, @@ -127,6 +133,7 @@ class EncryptAllTest extends TestCase { $this->userManager, $this->view, $this->keyManager, + $this->util, $this->config, $this->mailer, $this->l, @@ -137,6 +144,7 @@ class EncryptAllTest extends TestCase { ->setMethods(['createKeyPairs', 'encryptAllUsersFiles', 'outputPasswords']) ->getMock(); + $this->util->expects($this->any())->method('isMasterKeyEnabled')->willReturn(false); $encryptAll->expects($this->at(0))->method('createKeyPairs')->with(); $encryptAll->expects($this->at(1))->method('encryptAllUsersFiles')->with(); $encryptAll->expects($this->at(2))->method('outputPasswords')->with(); @@ -154,6 +162,7 @@ class EncryptAllTest extends TestCase { $this->userManager, $this->view, $this->keyManager, + $this->util, $this->config, $this->mailer, $this->l, @@ -202,6 +211,7 @@ class EncryptAllTest extends TestCase { $this->userManager, $this->view, $this->keyManager, + $this->util, $this->config, $this->mailer, $this->l, @@ -212,6 +222,8 @@ class EncryptAllTest extends TestCase { ->setMethods(['encryptUsersFiles']) ->getMock(); + $this->util->expects($this->any())->method('isMasterKeyEnabled')->willReturn(false); + // set protected property $output $this->invokePrivate($encryptAll, 'output', [$this->outputInterface]); $this->invokePrivate($encryptAll, 'userPasswords', [['user1' => 'pwd1', 'user2' => 'pwd2']]); @@ -232,6 +244,7 @@ class EncryptAllTest extends TestCase { $this->userManager, $this->view, $this->keyManager, + $this->util, $this->config, $this->mailer, $this->l, @@ -239,9 +252,10 @@ class EncryptAllTest extends TestCase { $this->secureRandom ] ) - ->setMethods(['encryptFile']) + ->setMethods(['encryptFile', 'setupUserFS']) ->getMock(); + $this->util->expects($this->any())->method('isMasterKeyEnabled')->willReturn(false); $this->view->expects($this->at(0))->method('getDirectoryContent') ->with('/user1/files')->willReturn( @@ -268,8 +282,8 @@ class EncryptAllTest extends TestCase { } ); - $encryptAll->expects($this->at(0))->method('encryptFile')->with('/user1/files/bar'); - $encryptAll->expects($this->at(1))->method('encryptFile')->with('/user1/files/foo/subfile'); + $encryptAll->expects($this->at(1))->method('encryptFile')->with('/user1/files/bar'); + $encryptAll->expects($this->at(2))->method('encryptFile')->with('/user1/files/foo/subfile'); $progressBar = $this->getMockBuilder('Symfony\Component\Console\Helper\ProgressBar') ->disableOriginalConstructor()->getMock();