New SSE key format

* Encrypt the keys with the instance secret
* Store them as json (so we can add other things if needed)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2020-06-22 15:35:52 +02:00
parent 886466d510
commit 5340ab3a75
No known key found for this signature in database
GPG Key ID: F941078878347C0C
10 changed files with 584 additions and 30 deletions

View File

@ -0,0 +1,261 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
*
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Core\Command\Encryption;
use OC\Encryption\Keys\Storage;
use OC\Encryption\Util;
use OC\Files\View;
use OCP\IConfig;
use OCP\IUserManager;
use OCP\Security\ICrypto;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\ProgressBar;
use Symfony\Component\Console\Helper\QuestionHelper;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
class MigrateKeyStorage extends Command {
/** @var View */
protected $rootView;
/** @var IUserManager */
protected $userManager;
/** @var IConfig */
protected $config;
/** @var Util */
protected $util;
/** @var QuestionHelper */
protected $questionHelper;
/**
* @var ICrypto
*/
private $crypto;
public function __construct(View $view, IUserManager $userManager, IConfig $config, Util $util, ICrypto $crypto) {
parent::__construct();
$this->rootView = $view;
$this->userManager = $userManager;
$this->config = $config;
$this->util = $util;
$this->crypto = $crypto;
}
protected function configure() {
parent::configure();
$this
->setName('encryption:migrate-key-storage-format')
->setDescription('Migrate the format of the keystorage to a newer format');
}
protected function execute(InputInterface $input, OutputInterface $output): int {
$root = $this->util->getKeyStorageRoot();
$output->writeln("Updating key storage format");
$this->updateKeys($root, $output);
$output->writeln("Key storage format successfully updated");
return 0;
}
/**
* move keys to new key storage root
*
* @param string $root
* @param OutputInterface $output
* @return bool
* @throws \Exception
*/
protected function updateKeys(string $root, OutputInterface $output) {
$output->writeln("Start to update the keys:");
$this->updateSystemKeys($root);
$this->updateUsersKeys($root, $output);
$this->config->deleteSystemValue('encryption.key_storage_migrated');
return true;
}
/**
* move system key folder
*
* @param string $root
*/
protected function updateSystemKeys($root) {
if (!$this->rootView->is_dir($root . '/files_encryption')) {
return;
}
$this->traverseKeys($root . '/files_encryption', null);
}
private function traverseKeys(string $folder, ?string $uid) {
$listing = $this->rootView->getDirectoryContent($folder);
foreach ($listing as $node) {
if ($node['mimetype'] === 'httpd/unix-directory') {
//ignore
} else {
$endsWith = function ($haystack, $needle) {
$length = strlen($needle);
if ($length === 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
};
if ($node['name'] === 'fileKey' ||
$endsWith($node['name'], '.privateKey') ||
$endsWith($node['name'], '.publicKey') ||
$endsWith($node['name'], '.shareKey')) {
$path = $folder . '/' . $node['name'];
$content = $this->rootView->file_get_contents($path);
try {
$this->crypto->decrypt($content);
continue;
} catch (\Exception $e) {
// Ignore we now update the data.
}
$data = [
'key' => base64_encode($content),
'uid' => $uid,
];
$enc = $this->crypto->encrypt(json_encode($data));
$this->rootView->file_put_contents($path, $enc);
}
}
}
}
private function traverseFileKeys(string $folder) {
$listing = $this->rootView->getDirectoryContent($folder);
foreach ($listing as $node) {
if ($node['mimetype'] === 'httpd/unix-directory') {
$this->traverseFileKeys($folder . '/' . $node['name']);
} else {
$endsWith = function ($haystack, $needle) {
$length = strlen($needle);
if ($length === 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
};
if ($node['name'] === 'fileKey' ||
$endsWith($node['name'], '.privateKey') ||
$endsWith($node['name'], '.publicKey') ||
$endsWith($node['name'], '.shareKey')) {
$path = $folder . '/' . $node['name'];
$content = $this->rootView->file_get_contents($path);
try {
$this->crypto->decrypt($content);
continue;
} catch (\Exception $e) {
// Ignore we now update the data.
}
$data = [
'key' => base64_encode($content)
];
$enc = $this->crypto->encrypt(json_encode($data));
$this->rootView->file_put_contents($path, $enc);
}
}
}
}
/**
* setup file system for the given user
*
* @param string $uid
*/
protected function setupUserFS($uid) {
\OC_Util::tearDownFS();
\OC_Util::setupFS($uid);
}
/**
* iterate over each user and move the keys to the new storage
*
* @param string $root
* @param OutputInterface $output
*/
protected function updateUsersKeys(string $root, OutputInterface $output) {
$progress = new ProgressBar($output);
$progress->start();
foreach ($this->userManager->getBackends() as $backend) {
$limit = 500;
$offset = 0;
do {
$users = $backend->getUsers('', $limit, $offset);
foreach ($users as $user) {
$progress->advance();
$this->setupUserFS($user);
$this->updateUserKeys($root, $user);
}
$offset += $limit;
} while (count($users) >= $limit);
}
$progress->finish();
}
/**
* move user encryption folder to new root folder
*
* @param string $root
* @param string $user
* @throws \Exception
*/
protected function updateUserKeys(string $root, string $user) {
if ($this->userManager->userExists($user)) {
$source = $root . '/' . $user . '/files_encryption/OC_DEFAULT_MODULE';
if ($this->rootView->is_dir($source)) {
$this->traverseKeys($source, $user);
}
$source = $root . '/' . $user . '/files_encryption/keys';
if ($this->rootView->is_dir($source)) {
$this->traverseFileKeys($source);
}
}
}
}

View File

@ -139,6 +139,14 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) {
)
);
$application->add(new OC\Core\Command\Encryption\ShowKeyStorageRoot($util));
$application->add(new OC\Core\Command\Encryption\MigrateKeyStorage(
$view,
\OC::$server->getUserManager(),
\OC::$server->getConfig(),
$util,
\OC::$server->getCrypto()
)
);
$application->add(new OC\Core\Command\Maintenance\DataFingerprint(\OC::$server->getConfig(), new \OC\AppFramework\Utility\TimeFactory()));
$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));

View File

@ -808,6 +808,7 @@ return array(
'OC\\Core\\Command\\Encryption\\Enable' => $baseDir . '/core/Command/Encryption/Enable.php',
'OC\\Core\\Command\\Encryption\\EncryptAll' => $baseDir . '/core/Command/Encryption/EncryptAll.php',
'OC\\Core\\Command\\Encryption\\ListModules' => $baseDir . '/core/Command/Encryption/ListModules.php',
'OC\\Core\\Command\\Encryption\\MigrateKeyStorage' => $baseDir . '/core/Command/Encryption/MigrateKeyStorage.php',
'OC\\Core\\Command\\Encryption\\SetDefaultModule' => $baseDir . '/core/Command/Encryption/SetDefaultModule.php',
'OC\\Core\\Command\\Encryption\\ShowKeyStorageRoot' => $baseDir . '/core/Command/Encryption/ShowKeyStorageRoot.php',
'OC\\Core\\Command\\Encryption\\Status' => $baseDir . '/core/Command/Encryption/Status.php',
@ -1248,6 +1249,7 @@ return array(
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => $baseDir . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => $baseDir . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => $baseDir . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
'OC\\Repair\\NC20\\EncryptionMigration' => $baseDir . '/lib/private/Repair/NC20/EncryptionMigration.php',
'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => $baseDir . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',

View File

@ -837,6 +837,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Core\\Command\\Encryption\\Enable' => __DIR__ . '/../../..' . '/core/Command/Encryption/Enable.php',
'OC\\Core\\Command\\Encryption\\EncryptAll' => __DIR__ . '/../../..' . '/core/Command/Encryption/EncryptAll.php',
'OC\\Core\\Command\\Encryption\\ListModules' => __DIR__ . '/../../..' . '/core/Command/Encryption/ListModules.php',
'OC\\Core\\Command\\Encryption\\MigrateKeyStorage' => __DIR__ . '/../../..' . '/core/Command/Encryption/MigrateKeyStorage.php',
'OC\\Core\\Command\\Encryption\\SetDefaultModule' => __DIR__ . '/../../..' . '/core/Command/Encryption/SetDefaultModule.php',
'OC\\Core\\Command\\Encryption\\ShowKeyStorageRoot' => __DIR__ . '/../../..' . '/core/Command/Encryption/ShowKeyStorageRoot.php',
'OC\\Core\\Command\\Encryption\\Status' => __DIR__ . '/../../..' . '/core/Command/Encryption/Status.php',
@ -1277,6 +1278,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC18\\ResetGeneratedAvatarFlag' => __DIR__ . '/../../..' . '/lib/private/Repair/NC18/ResetGeneratedAvatarFlag.php',
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php',
'OC\\Repair\\NC20\\EncryptionMigration' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionMigration.php',
'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php',

View File

@ -31,8 +31,11 @@ namespace OC\Encryption\Keys;
use OC\Encryption\Util;
use OC\Files\Filesystem;
use OC\Files\View;
use OC\ServerNotAvailableException;
use OC\User\NoUserException;
use OCP\Encryption\Keys\IStorage;
use OCP\IConfig;
use OCP\Security\ICrypto;
class Storage implements IStorage {
@ -62,11 +65,17 @@ class Storage implements IStorage {
/** @var array */
private $keyCache = [];
/** @var ICrypto */
private $crypto;
/** @var IConfig */
private $config;
/**
* @param View $view
* @param Util $util
*/
public function __construct(View $view, Util $util) {
public function __construct(View $view, Util $util, ICrypto $crypto, IConfig $config) {
$this->view = $view;
$this->util = $util;
@ -74,6 +83,8 @@ class Storage implements IStorage {
$this->keys_base_dir = $this->encryption_base_dir .'/keys';
$this->backup_base_dir = $this->encryption_base_dir .'/backup';
$this->root_dir = $this->util->getKeyStorageRoot();
$this->crypto = $crypto;
$this->config = $config;
}
/**
@ -81,7 +92,7 @@ class Storage implements IStorage {
*/
public function getUserKey($uid, $keyId, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid);
return $this->getKey($path);
return base64_decode($this->getKeyWithUid($path, $uid));
}
/**
@ -90,17 +101,17 @@ class Storage implements IStorage {
public function getFileKey($path, $keyId, $encryptionModuleId) {
$realFile = $this->util->stripPartialFileExtension($path);
$keyDir = $this->getFileKeyDir($encryptionModuleId, $realFile);
$key = $this->getKey($keyDir . $keyId);
$key = $this->getKey($keyDir . $keyId)['key'];
if ($key === '' && $realFile !== $path) {
// Check if the part file has keys and use them, if no normal keys
// exist. This is required to fix copyBetweenStorage() when we
// rename a .part file over storage borders.
$keyDir = $this->getFileKeyDir($encryptionModuleId, $path);
$key = $this->getKey($keyDir . $keyId);
$key = $this->getKey($keyDir . $keyId)['key'];
}
return $key;
return base64_decode($key);
}
/**
@ -108,7 +119,7 @@ class Storage implements IStorage {
*/
public function getSystemUserKey($keyId, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, null);
return $this->getKey($path);
return base64_decode($this->getKeyWithUid($path, null));
}
/**
@ -116,7 +127,10 @@ class Storage implements IStorage {
*/
public function setUserKey($uid, $keyId, $key, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid);
return $this->setKey($path, $key);
return $this->setKey($path, [
'key' => base64_encode($key),
'uid' => $uid,
]);
}
/**
@ -124,7 +138,9 @@ class Storage implements IStorage {
*/
public function setFileKey($path, $keyId, $key, $encryptionModuleId) {
$keyDir = $this->getFileKeyDir($encryptionModuleId, $path);
return $this->setKey($keyDir . $keyId, $key);
return $this->setKey($keyDir . $keyId, [
'key' => base64_encode($key),
]);
}
/**
@ -132,7 +148,10 @@ class Storage implements IStorage {
*/
public function setSystemUserKey($keyId, $key, $encryptionModuleId) {
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, null);
return $this->setKey($path, $key);
return $this->setKey($path, [
'key' => base64_encode($key),
'uid' => null,
]);
}
/**
@ -199,20 +218,107 @@ class Storage implements IStorage {
return \OC\Files\Filesystem::normalizePath($path);
}
/**
* @param string $path
* @param string|null $uid
* @return string
* @throws ServerNotAvailableException
*
* Small helper function to fetch the key and verify the value for user and system keys
*/
private function getKeyWithUid(string $path, ?string $uid): string {
$data = $this->getKey($path);
if (!isset($data['key'])) {
throw new ServerNotAvailableException('Key is invalid');
}
if ($data['key'] === '') {
return '';
}
if (!array_key_exists('uid', $data) || $data['uid'] !== $uid) {
// If the migration is done we error out
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
return $data['key'];
}
if ($this->config->getSystemValueBool('encryption.key_storage_migrated', true)) {
throw new ServerNotAvailableException('Key has been modified');
} else {
//Otherwise we migrate
$data['uid'] = $uid;
$this->setKey($path, $data);
}
}
return $data['key'];
}
/**
* read key from hard disk
*
* @param string $path to key
* @return string
* @return array containing key as base64encoded key, and possible the uid
*/
private function getKey($path) {
$key = '';
private function getKey($path): array {
$key = [
'key' => '',
];
if ($this->view->file_exists($path)) {
if (isset($this->keyCache[$path])) {
$key = $this->keyCache[$path];
} else {
$key = $this->view->file_get_contents($path);
$data = $this->view->file_get_contents($path);
// Version <20.0.0.1 doesn't have this
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
$key = [
'key' => base64_encode($data),
];
} else {
if ($this->config->getSystemValueBool('encryption.key_storage_migrated', true)) {
try {
$clearData = $this->crypto->decrypt($data);
} catch (\Exception $e) {
throw new ServerNotAvailableException('Could not decrypt key', 0, $e);
}
$dataArray = json_decode($clearData, true);
if ($dataArray === null) {
throw new ServerNotAvailableException('Invalid encryption key');
}
$key = $dataArray;
} else {
/*
* Even if not all keys are migrated we should still try to decrypt it (in case some have moved).
* However it is only a failure now if it is an array and decryption fails
*/
$fallback = false;
try {
$clearData = $this->crypto->decrypt($data);
} catch (\Exception $e) {
$fallback = true;
}
if (!$fallback) {
$dataArray = json_decode($clearData, true);
if ($dataArray === null) {
throw new ServerNotAvailableException('Invalid encryption key');
}
$key = $dataArray;
} else {
$key = [
'key' => base64_encode($data),
];
}
}
}
$this->keyCache[$path] = $key;
}
}
@ -225,13 +331,23 @@ class Storage implements IStorage {
*
*
* @param string $path path to key directory
* @param string $key key
* @param array $key key
* @return bool
*/
private function setKey($path, $key) {
$this->keySetPreparation(dirname($path));
$result = $this->view->file_put_contents($path, $key);
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
if (version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=')) {
// Only store old format if this happens during the migration.
// TODO: Remove for 21
$data = base64_decode($key['key']);
} else {
// Wrap the data
$data = $this->crypto->encrypt(json_encode($key));
}
$result = $this->view->file_put_contents($path, $data);
if (is_int($result) && $result > 0) {
$this->keyCache[$path] = $key;

View File

@ -49,6 +49,7 @@ use OC\Repair\NC16\CleanupCardDAVPhotoCache;
use OC\Repair\NC16\ClearCollectionsAccessCache;
use OC\Repair\NC18\ResetGeneratedAvatarFlag;
use OC\Repair\NC20\EncryptionLegacyCipher;
use OC\Repair\NC20\EncryptionMigration;
use OC\Repair\OldGroupMembershipShares;
use OC\Repair\Owncloud\DropAccountTermsTable;
use OC\Repair\Owncloud\SaveAccountsTableData;
@ -158,6 +159,7 @@ class Repair implements IOutput {
new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
\OC::$server->query(ResetGeneratedAvatarFlag::class),
\OC::$server->query(EncryptionLegacyCipher::class),
\OC::$server->query(EncryptionMigration::class),
];
}

View File

@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
*
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Repair\NC20;
use OCP\Encryption\IManager;
use OCP\IConfig;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
class EncryptionMigration implements IRepairStep {
/** @var IConfig */
private $config;
/** @var IManager */
private $manager;
public function __construct(IConfig $config,
IManager $manager) {
$this->config = $config;
$this->manager = $manager;
}
public function getName(): string {
return 'Check encryption key format';
}
private function shouldRun(): bool {
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
return version_compare($versionFromBeforeUpdate, '20.0.0.1', '<=');
}
public function run(IOutput $output): void {
if ($this->manager->isEnabled()) {
if ($this->config->getSystemValue('encryption.key_storage_migrated', '') === '') {
$this->config->setSystemValue('encryption.key_storage_migrated', false);
}
}
}
}

View File

@ -348,7 +348,7 @@ class Server extends ServerContainer implements IServerContainer {
$c->getConfig()
);
return new Encryption\Keys\Storage($view, $util);
return new Encryption\Keys\Storage($view, $util, $c->getCrypto(), $c->getConfig());
});
/** @deprecated 20.0.0 */
$this->registerDeprecatedAlias('TagMapper', TagMapper::class);

View File

@ -26,6 +26,8 @@ namespace Test\Encryption\Keys;
use OC\Encryption\Keys\Storage;
use OC\Files\View;
use OCP\IConfig;
use OCP\Security\ICrypto;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase;
class StorageTest extends TestCase {
@ -42,6 +44,9 @@ class StorageTest extends TestCase {
/** @var \PHPUnit\Framework\MockObject\MockObject */
protected $config;
/** @var MockObject|ICrypto */
protected $crypto;
protected function setUp(): void {
parent::setUp();
@ -53,14 +58,27 @@ class StorageTest extends TestCase {
->disableOriginalConstructor()
->getMock();
$this->crypto = $this->createMock(ICrypto::class);
$this->crypto->method('encrypt')
->willReturnCallback(function ($data, $pass) {
return $data;
});
$this->crypto->method('decrypt')
->willReturnCallback(function ($data, $pass) {
return $data;
});
$this->config = $this->getMockBuilder(IConfig::class)
->disableOriginalConstructor()
->getMock();
$this->storage = new Storage($this->view, $this->util);
$this->storage = new Storage($this->view, $this->util, $this->crypto, $this->config);
}
public function testSetFileKey() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
@ -70,6 +88,34 @@ class StorageTest extends TestCase {
$this->util->expects($this->any())
->method('isSystemWideMountPoint')
->willReturn(false);
$data = json_encode(['key' => base64_encode('key')]);
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/user1/files_encryption/keys/files/foo.txt/encModule/fileKey'),
$this->equalTo($data))
->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setFileKey('user1/files/foo.txt', 'fileKey', 'key', 'encModule')
);
}
public function testSetFileOld() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.0');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
$this->util->expects($this->any())
->method('stripPartialFileExtension')
->willReturnArgument(0);
$this->util->expects($this->any())
->method('isSystemWideMountPoint')
->willReturn(false);
$this->crypto->expects($this->never())
->method('encrypt');
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/user1/files_encryption/keys/files/foo.txt/encModule/fileKey'),
@ -98,6 +144,9 @@ class StorageTest extends TestCase {
* @param string $expectedKeyContent
*/
public function testGetFileKey($path, $strippedPartialName, $originalKeyExists, $expectedKeyContent) {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturnMap([
@ -118,6 +167,11 @@ class StorageTest extends TestCase {
->with($this->equalTo('/user1/files_encryption/keys' . $strippedPartialName . '/encModule/fileKey'))
->willReturn($originalKeyExists);
$this->crypto->method('decrypt')
->willReturnCallback(function ($data, $pass) {
return $data;
});
if (!$originalKeyExists) {
$this->view->expects($this->at(1))
->method('file_exists')
@ -127,12 +181,12 @@ class StorageTest extends TestCase {
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/keys' . $path . '/encModule/fileKey'))
->willReturn('key2');
->willReturn(json_encode(['key' => base64_encode('key2')]));
} else {
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/keys' . $strippedPartialName . '/encModule/fileKey'))
->willReturn('key');
->willReturn(json_encode(['key' => base64_encode('key')]));
}
$this->assertSame($expectedKeyContent,
@ -141,6 +195,10 @@ class StorageTest extends TestCase {
}
public function testSetFileKeySystemWide() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
@ -150,11 +208,18 @@ class StorageTest extends TestCase {
$this->util->expects($this->any())
->method('stripPartialFileExtension')
->willReturnArgument(0);
$this->crypto->method('encrypt')
->willReturnCallback(function ($data, $pass) {
return $data;
});
$data = json_encode(['key' => base64_encode('key')]);
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'),
$this->equalTo('key'))
->willReturn(strlen('key'));
$this->equalTo($data))
->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setFileKey('user1/files/foo.txt', 'fileKey', 'key', 'encModule')
@ -162,6 +227,10 @@ class StorageTest extends TestCase {
}
public function testGetFileKeySystemWide() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$this->util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', '/files/foo.txt']);
@ -174,7 +243,7 @@ class StorageTest extends TestCase {
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'))
->willReturn('key');
->willReturn(json_encode(['key' => base64_encode('key')]));
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/files_encryption/keys/files/foo.txt/encModule/fileKey'))
@ -186,11 +255,19 @@ class StorageTest extends TestCase {
}
public function testSetSystemUserKey() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$data = json_encode([
'key' => base64_encode('key'),
'uid' => null]
);
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'),
$this->equalTo('key'))
->willReturn(strlen('key'));
$this->equalTo($data))
->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setSystemUserKey('shareKey_56884', 'key', 'encModule')
@ -198,11 +275,19 @@ class StorageTest extends TestCase {
}
public function testSetUserKey() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$data = json_encode([
'key' => base64_encode('key'),
'uid' => 'user1']
);
$this->view->expects($this->once())
->method('file_put_contents')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'),
$this->equalTo('key'))
->willReturn(strlen('key'));
$this->equalTo($data))
->willReturn(strlen($data));
$this->assertTrue(
$this->storage->setUserKey('user1', 'publicKey', 'key', 'encModule')
@ -210,10 +295,18 @@ class StorageTest extends TestCase {
}
public function testGetSystemUserKey() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$data = json_encode([
'key' => base64_encode('key'),
'uid' => null]
);
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'))
->willReturn('key');
->willReturn($data);
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/files_encryption/encModule/shareKey_56884'))
@ -225,10 +318,18 @@ class StorageTest extends TestCase {
}
public function testGetUserKey() {
$this->config->method('getSystemValue')
->with('version')
->willReturn('20.0.0.2');
$data = json_encode([
'key' => base64_encode('key'),
'uid' => 'user1']
);
$this->view->expects($this->once())
->method('file_get_contents')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'))
->willReturn('key');
->willReturn($data);
$this->view->expects($this->once())
->method('file_exists')
->with($this->equalTo('/user1/files_encryption/encModule/user1.publicKey'))
@ -516,7 +617,7 @@ class StorageTest extends TestCase {
*/
public function testBackupUserKeys($createBackupDir) {
$storage = $this->getMockBuilder('OC\Encryption\Keys\Storage')
->setConstructorArgs([$this->view, $this->util])
->setConstructorArgs([$this->view, $this->util, $this->crypto, $this->config])
->setMethods(['getTimestamp'])
->getMock();

View File

@ -29,7 +29,7 @@
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
// when updating major/minor version number.
$OC_Version = [20, 0, 0, 1];
$OC_Version = [20, 0, 0, 2];
// The human readable string
$OC_VersionString = '20.0.0 alpha';