- moved the enrcyption of the filekey ifg file gets shared from the post shared hook to
Crypt::encKeyfileToMultipleUsers() because this can be reused if files get unshared - switch from preUnshare hook to postUnshare hook because afterward we can simply get the updated list of users with access to the file and call Crypt::encKeyfileToMultipleUsers()
This commit is contained in:
parent
2787aafae6
commit
3e3cee98c8
|
@ -16,8 +16,8 @@ OCP\Util::connectHook( 'OC_User', 'pre_setPassword','OCA\Encryption\Hooks', 'set
|
|||
|
||||
// Sharing-related hooks
|
||||
OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' );
|
||||
OCP\Util::connectHook( 'OCP\Share', 'pre_unshare', 'OCA\Encryption\Hooks', 'preUnshare' );
|
||||
OCP\Util::connectHook( 'OCP\Share', 'pre_unshareAll', 'OCA\Encryption\Hooks', 'preUnshareAll' );
|
||||
OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' );
|
||||
OCP\Util::connectHook( 'OCP\Share', 'post_unshareAll', 'OCA\Encryption\Hooks', 'postUnshareAll' );
|
||||
|
||||
// Webdav-related hooks
|
||||
OCP\Util::connectHook( 'OC_Webdav_Properties', 'update', 'OCA\Encryption\Hooks', 'updateKeyfile' );
|
||||
|
|
|
@ -179,7 +179,6 @@ class Hooks {
|
|||
$view = new \OC_FilesystemView( '/' );
|
||||
$userId = \OCP\User::getUser();
|
||||
$util = new Util( $view, $userId );
|
||||
$session = new Session();
|
||||
|
||||
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );
|
||||
|
||||
|
@ -207,55 +206,29 @@ class Hooks {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
return Crypt::encKeyfileToMultipleUsers($shares, $params['fileTarget']);
|
||||
|
||||
$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
public static function postUnshare( $params ) {
|
||||
$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'], 1 );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// get the keyfile
|
||||
$encKeyfile = Keymanager::getFileKey( $view, $userId, $params['fileTarget'] );
|
||||
|
||||
$privateKey = $session->getPrivateKey();
|
||||
|
||||
// decrypt the keyfile
|
||||
$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );
|
||||
|
||||
// re-enc keyfile to sharekeys
|
||||
$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
|
||||
|
||||
// save sharekeys
|
||||
if ( ! Keymanager::setShareKeys( $view, $params['fileTarget'], $shareKeys['keys'] ) ) {
|
||||
|
||||
trigger_error( "SET Share keys failed" );
|
||||
|
||||
$userIds = array();
|
||||
foreach ( $shares as $share ) {
|
||||
$userIds[] = $share['userId'];
|
||||
}
|
||||
|
||||
// Delete existing keyfile
|
||||
// Do this last to ensure file is recoverable in case of error
|
||||
// Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );
|
||||
|
||||
\OC_FileProxy::$enabled = true;
|
||||
|
||||
return true;
|
||||
|
||||
return Crypt::encKeyfileToMultipleUsers($userIDs, $params['fileTarget']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
public static function preUnshare( $params ) {
|
||||
|
||||
// Delete existing catfile
|
||||
|
||||
// Generate new catfile and env keys
|
||||
|
||||
// Save env keys to user folders
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
public static function preUnshareAll( $params ) {
|
||||
public static function postUnshareAll( $params ) {
|
||||
|
||||
trigger_error( "preUnshareAll" );
|
||||
|
||||
|
|
|
@ -744,4 +744,46 @@ class Crypt {
|
|||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief encrypt file key to multiple users
|
||||
* @param $users list of users which should be able to access the file
|
||||
* @param $fileTarget target of the file
|
||||
*/
|
||||
public static function encKeyfileToMultipleUsers($users, $fileTarget) {
|
||||
$view = new \OC_FilesystemView( '/' );
|
||||
$userId = \OCP\User::getUser();
|
||||
$util = new Util( $view, $userId );
|
||||
$session = new Session();
|
||||
|
||||
$userPubKeys = Keymanager::getPublicKeys( $view, $users );
|
||||
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
// get the keyfile
|
||||
$encKeyfile = Keymanager::getFileKey( $view, $userId, $fileTarget );
|
||||
|
||||
$privateKey = $session->getPrivateKey();
|
||||
|
||||
// decrypt the keyfile
|
||||
$plainKeyfile = Crypt::keyDecrypt( $encKeyfile, $privateKey );
|
||||
|
||||
// re-enc keyfile to sharekeys
|
||||
$shareKeys = Crypt::multiKeyEncrypt( $plainKeyfile, $userPubKeys );
|
||||
|
||||
// save sharekeys
|
||||
if ( ! Keymanager::setShareKeys( $view, $fileTarget, $shareKeys['keys'] ) ) {
|
||||
|
||||
trigger_error( "SET Share keys failed" );
|
||||
|
||||
}
|
||||
|
||||
// Delete existing keyfile
|
||||
// Do this last to ensure file is recoverable in case of error
|
||||
// Keymanager::deleteFileKey( $view, $userId, $params['fileTarget'] );
|
||||
|
||||
\OC_FileProxy::$enabled = true;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue