Enhance identify proof storage
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma
parent
bf86050c77
commit
1e3f84244e
|
|
@ -32,6 +32,7 @@ namespace OC\Security\IdentityProof;
|
||||||
|
|
||||||
use OC\Files\AppData\Factory;
|
use OC\Files\AppData\Factory;
|
||||||
use OCP\Files\IAppData;
|
use OCP\Files\IAppData;
|
||||||
|
use OCP\Files\SimpleFS\ISimpleFolder;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
use OCP\ILogger;
|
use OCP\ILogger;
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
|
|
@ -108,14 +109,39 @@ class Manager {
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
}
|
}
|
||||||
$folder = $this->appData->getFolder($id);
|
$folder = $this->appData->getFolder($id);
|
||||||
$folder->newFile('private')
|
$folder->newFile('private_enc')
|
||||||
->putContent($this->crypto->encrypt($privateKey));
|
->putContent($this->encrypt($privateKey, $id));
|
||||||
$folder->newFile('public')
|
$folder->newFile('public_enc')
|
||||||
->putContent($publicKey);
|
->putContent($this->encrypt($publicKey, $id));
|
||||||
|
|
||||||
return new Key($publicKey, $privateKey);
|
return new Key($publicKey, $privateKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function encrypt(string $key, string $id): string {
|
||||||
|
$data = [
|
||||||
|
'key' => $key,
|
||||||
|
'id' => $id,
|
||||||
|
'version' => 1
|
||||||
|
];
|
||||||
|
|
||||||
|
return $this->crypto->encrypt(json_encode($data));
|
||||||
|
}
|
||||||
|
|
||||||
|
private function decrypt(string $cipherText, string $id): string {
|
||||||
|
$plain = $this->crypto->decrypt($cipherText);
|
||||||
|
$data = json_decode($plain, true);
|
||||||
|
|
||||||
|
if ($data['version'] !== 1) {
|
||||||
|
throw new \RuntimeException('Invalid version');
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($data['id'] !== $id) {
|
||||||
|
throw new \RuntimeException($data['id'] . ' does not match ' . $id);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $data['key'];
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get key for a specific id
|
* Get key for a specific id
|
||||||
*
|
*
|
||||||
|
|
@ -126,16 +152,40 @@ class Manager {
|
||||||
protected function retrieveKey(string $id): Key {
|
protected function retrieveKey(string $id): Key {
|
||||||
try {
|
try {
|
||||||
$folder = $this->appData->getFolder($id);
|
$folder = $this->appData->getFolder($id);
|
||||||
$privateKey = $this->crypto->decrypt(
|
|
||||||
$folder->getFile('private')->getContent()
|
$this->migrate($folder, $id);
|
||||||
|
|
||||||
|
$privateKey = $this->decrypt(
|
||||||
|
$folder->getFile('private_enc')->getContent(),
|
||||||
|
$id
|
||||||
);
|
);
|
||||||
$publicKey = $folder->getFile('public')->getContent();
|
$publicKey = $this->decrypt(
|
||||||
|
$folder->getFile('public_enc')->getContent(),
|
||||||
|
$id
|
||||||
|
);
|
||||||
|
|
||||||
return new Key($publicKey, $privateKey);
|
return new Key($publicKey, $privateKey);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
return $this->generateKey($id);
|
return $this->generateKey($id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function migrate(ISimpleFolder $folder, string $id): void {
|
||||||
|
if (!$folder->fileExists('private') && !$folder->fileExists('public')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$private = $folder->getFile('private');
|
||||||
|
$folder->newFile('private_enc')
|
||||||
|
->putContent($this->encrypt($this->crypto->decrypt($private->getContent()), $id));
|
||||||
|
$private->delete();
|
||||||
|
|
||||||
|
$public = $folder->getFile('public');
|
||||||
|
$folder->newFile('public_enc')
|
||||||
|
->putContent($this->encrypt($public->getContent(), $id));
|
||||||
|
$public->delete();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get public and private key for $user
|
* Get public and private key for $user
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue