From 2b361ea085812a7b97102d026c421905549b5142 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 21 Nov 2013 10:09:07 +0100
Subject: [PATCH] better distinction between userID and keyId

---
 apps/files_encryption/lib/stream.php | 30 ++++++++++++--------------
 apps/files_encryption/lib/util.php   | 32 +++++++++++++++++-----------
 2 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 2497e56e89..409c6ff627 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -55,6 +55,7 @@ class Stream {
 	private $rawPath; // The raw path relative to the data dir
 	private $relPath; // rel path to users file dir
 	private $userId;
+	private $keyId;
 	private $handle; // Resource returned by fopen
 	private $meta = array(); // Header / meta for source stream
 	private $writeCache;
@@ -94,17 +95,17 @@ class Stream {
 
 		$this->privateKey = $this->session->getPrivateKey();
 
-		$userId = Helper::getUser($path);
-
-		$util = new Util($this->rootView, $userId);
-
-		// need to get the userId once more from util, because now this can be the
-		// public share key ID
-		$this->userId = $util->getUserId();
-
 		// rawPath is relative to the data directory
 		$this->rawPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
 
+		$this->userId = Helper::getUser($this->rawPath);
+
+		$util = new Util($this->rootView, $this->userId);
+
+		// get the key ID which we want to use, canm be the users key or the
+		// public share key
+		$this->keyId = $util->getKeyId();
+
 		// Strip identifier text from path, this gives us the path relative to data/<user>/files
 		$this->relPath = Helper::stripUserFilesPath($this->rawPath);
 		// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
@@ -254,14 +255,13 @@ class Stream {
 
 		// Fetch and decrypt keyfile
 		// Fetch existing keyfile
-		$userId = Helper::getUser($this->rawPath);
-		$util = new \OCA\Encryption\Util($this->rootView, $userId);
+		$util = new \OCA\Encryption\Util($this->rootView, $this->userId);
 		$this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath);
 
 		// If a keyfile already exists
 		if ($this->encKeyfile) {
 
-			$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $util, $this->relPath);
+			$shareKey = Keymanager::getShareKey($this->rootView, $this->keyId, $util, $this->relPath);
 
 			// if there is no valid private key return false
 			if ($this->privateKey === false) {
@@ -508,14 +508,12 @@ class Stream {
 				\OC_FileProxy::$enabled = false;
 
 				// Fetch user's public key
-				$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId);
+				$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
 
 				// Check if OC sharing api is enabled
 				$sharingEnabled = \OCP\Share::isEnabled();
 
-				$userId = Helper::getUser($this->rawPath);
-
-				$util = new Util($this->rootView, $userId);
+				$util = new Util($this->rootView, $this->userId);
 
 				// Get all users sharing the file includes current user
 				$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId);
@@ -528,7 +526,7 @@ class Stream {
 				$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
 
 				// Save the new encrypted file key
-				Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']);
+				Keymanager::setFileKey($this->rootView, $this->relPath, $this->keyId, $this->encKeyfiles['data']);
 
 				// Save the sharekeys
 				Keymanager::setShareKeys($this->rootView, $this->relPath, $this->encKeyfiles['keys']);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 1e8b852fb3..2dd4fd9c16 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -39,7 +39,7 @@ class Util {
 
 	private $view; // OC_FilesystemView object for filesystem operations
 	private $userId; // ID of the user we use to encrypt/decrypt files
-	private $ownerId; // ID of the user who accesses the file/folder
+	private $keyId; // ID of the key we want to manipulate
 	private $client; // Client side encryption mode flag
 	private $publicKeyDir; // Dir containing all public user keys
 	private $encryptionDir; // Dir containing user's files_encryption
@@ -60,32 +60,31 @@ class Util {
 
 		$this->view = $view;
 		$this->client = $client;
+		$this->userId = $userId;
 
 		$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
 		$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
 
-		$this->userDir = '/' . $userId;
+		$this->userDir = '/' . $this->userId;
 		$this->fileFolderName = 'files';
 		$this->userFilesDir =
 				'/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
 		$this->publicKeyDir = '/' . 'public-keys';
-		$this->encryptionDir = '/' . $userId . '/' . 'files_encryption';
+		$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
 		$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
 		$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
 		$this->publicKeyPath =
-				$this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key
+				$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
 		$this->privateKeyPath =
-				$this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key
+				$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
 		// make sure that the owners home is mounted
 		\OC\Files\Filesystem::initMountPoints($userId);
 
 		if (\OCA\Encryption\Helper::isPublicAccess()) {
-			$this->userId = $this->publicShareKeyId;
-			$this->ownerId = $userId;
+			$this->keyId = $this->publicShareKeyId;
 			$this->isPublic = true;
 		} else {
-			$this->userId = $userId;
-			$this->ownerId = $userId;
+			$this->keyId = $this->userId;
 			$this->isPublic = false;
 		}
 	}
@@ -172,13 +171,13 @@ class Util {
 			// check if public-key exists but private-key is missing
 			if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
 				\OCP\Util::writeLog('Encryption library',
-					'public key exists but private key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
+					'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
 				return false;
 			} else {
 				if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)
 				) {
 					\OCP\Util::writeLog('Encryption library',
-						'private key exists but public key is missing for "' . $this->userId . '"', \OCP\Util::FATAL);
+						'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
 					return false;
 				}
 			}
@@ -1046,7 +1045,7 @@ class Util {
 		$encKeyfile = Keymanager::getFileKey($this->view, $this, $filePath);
 
 		// The file has a shareKey and must use it for decryption
-		$shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $filePath);
+		$shareKey = Keymanager::getShareKey($this->view, $this->keyId, $this, $filePath);
 
 		$plainKeyfile = Crypt::multiKeyDecrypt($encKeyfile, $shareKey, $privateKey);
 
@@ -1322,7 +1321,7 @@ class Util {
 		// handle public access
 		if ($this->isPublic) {
 			$filename = $path;
-			$fileOwnerUid = $this->ownerId;
+			$fileOwnerUid = $this->userId;
 
 			return array(
 				$fileOwnerUid,
@@ -1547,6 +1546,13 @@ class Util {
 		return $this->userId;
 	}
 
+	/**
+	 * @return string
+	 */
+	public function getKeyId() {
+		return $this->keyId;
+	}
+
 	/**
 	 * @return string
 	 */