mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- moved the enrcyption of the filekey ifg file gets shared from the post shared hook to 

Crypt::encKeyfileToMultipleUsers() because this can be reused if files get unshared
- switch from preUnshare hook to postUnshare hook because afterward we can simply get the
  updated list of users with access to the file and call Crypt::encKeyfileToMultipleUsers()
This commit is contained in:
Björn Schießle 2013-02-11 13:28:37 +01:00
parent 2787aafae6
commit 3e3cee98c8
3 changed files with 58 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/files_encryption/appinfo/app.php
View File

@ -16,8 +16,8 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set
// Sharing-related hooks
OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
OCP\Util::connectHook( 'OCP\Share', 'pre_unshare', 'OCA\Encryption\Hooks', 'preUnshare' );
OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' );
OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' );
OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' );
// Webdav-related hooks
OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' );

55
apps/files_encryption/hooks/hooks.php
View File

@ -179,7 +179,6 @@ class Hooks {
$view = new \OC_FilesystemView( '/' );
$userId = \OCP\User::getUser();
$util = new Util( $view, $userId );
$session = new Session();
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );
@ -207,55 +206,29 @@ class Hooks {
}
}
return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']);
$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
}
/**
* @brief
*/
public static function postUnshare( $params ) {
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );
\OC_FileProxy::$enabled = false;
// get the keyfile
$encKeyfile = Keymanager::getFileKey( $view, $userId, $params['fileTarget'] );
$privateKey = $session->getPrivateKey();
// decrypt the keyfile
$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );
// re-enc keyfile to sharekeys
$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
// save sharekeys
if ( ! Keymanager::setShareKeys( $view, $params['fileTarget'], $shareKeys['keys'] ) ) {
trigger_error( "SET Share keys failed" );
$userIds = array();
foreach ( $shares as $share ) {
$userIds[] = $share['userId'];
}
// Delete existing keyfile
// Do this last to ensure file is recoverable in case of error
// Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );
\OC_FileProxy::$enabled = true;
return true;
return Crypt::encKeyfileToMultipleUsers($userIDs, $params['fileTarget']);
}
/**
* @brief
*/
public static function preUnshare( $params ) {
// Delete existing catfile
// Generate new catfile and env keys
// Save env keys to user folders
}
/**
* @brief
*/
public static function preUnshareAll( $params ) {
public static function postUnshareAll( $params ) {
trigger_error( "preUnshareAll" );

42
apps/files_encryption/lib/crypt.php
View File

@ -744,4 +744,46 @@ class Crypt {
}
/**
* @brief encrypt file key to multiple users
* @param $users list of users which should be able to access the file
* @param $fileTarget target of the file
*/
public static function encKeyfileToMultipleUsers($users, $fileTarget) {
$view = new \OC_FilesystemView( '/' );
$userId = \OCP\User::getUser();
$util = new Util( $view, $userId );
$session = new Session();
$userPubKeys = Keymanager::getPublicKeys( $view, $users );
\OC_FileProxy::$enabled = false;
// get the keyfile
$encKeyfile = Keymanager::getFileKey( $view, $userId, $fileTarget );
$privateKey = $session->getPrivateKey();
// decrypt the keyfile
$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );
// re-enc keyfile to sharekeys
$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
// save sharekeys
if ( ! Keymanager::setShareKeys( $view, $fileTarget, $shareKeys['keys'] ) ) {
trigger_error( "SET Share keys failed" );
}
// Delete existing keyfile
// Do this last to ensure file is recoverable in case of error
// Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );
\OC_FileProxy::$enabled = true;
return true;
}
}