mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adapt decrypt all and restore/delete key backups to the new folder structure for encryption key introduced with OC8

This commit is contained in:
Bjoern Schiessle 2015-01-13 12:45:33 +01:00
parent dc86cbd1e2
commit 89f17ef6fe
5 changed files with 145 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
apps/files_encryption/lib/util.php
View File

@ -734,7 +734,7 @@ class Util {
} }
if ($successful) { if ($successful) {
$this->backupAllKeys('decryptAll'); $this->backupAllKeys('decryptAll', false, false);
$this->view->deleteAll($this->keysPath); $this->view->deleteAll($this->keysPath);
} }
@ -1495,16 +1495,61 @@ class Util {
/** /**
* create a backup of all keys from the user * create a backup of all keys from the user
* *
* @param string $purpose (optional) define the purpose of the backup, will be part of the backup folder * @param string $purpose define the purpose of the backup, will be part of the backup folder name
* @param boolean $timestamp (optional) should a timestamp be added, default true
* @param boolean $includeUserKeys (optional) include users private-/public-key, default true
*/ */
public function backupAllKeys($purpose = '') { public function backupAllKeys($purpose, $timestamp = true, $includeUserKeys = true) {
$this->userId; $this->userId;
$backupDir = $this->encryptionDir . '/backup.'; $backupDir = $this->encryptionDir . '/backup.' . $purpose;
$backupDir .= ($purpose === '') ? date("Y-m-d_H-i-s") . '/' : $purpose . '.' . date("Y-m-d_H-i-s") . '/'; $backupDir .= ($timestamp) ? '.' . date("Y-m-d_H-i-s") . '/' : '/';
$this->view->mkdir($backupDir); $this->view->mkdir($backupDir);
$this->view->copy($this->keysPath, $backupDir . 'keys/'); $this->view->copy($this->keysPath, $backupDir . 'keys/');
$this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey'); if ($includeUserKeys) {
$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey'); $this->view->copy($this->privateKeyPath, $backupDir . $this->userId . '.privateKey');
$this->view->copy($this->publicKeyPath, $backupDir . $this->userId . '.publicKey');
}
}
/**
* restore backup
*
* @param string $backup complete name of the backup
* @return boolean
*/
public function restoreBackup($backup) {
$backupDir = $this->encryptionDir . '/backup.' . $backup . '/';
$fileKeysRestored = $this->view->rename($backupDir . 'keys', $this->encryptionDir . '/keys');
$pubKeyRestored = $privKeyRestored = true;
if (
$this->view->file_exists($backupDir . $this->userId . '.privateKey') &&
$this->view->file_exists($backupDir . $this->userId . '.privateKey')
) {
$pubKeyRestored = $this->view->rename($backupDir . $this->userId . '.publicKey', $this->publicKeyPath);
$privKeyRestored = $this->view->rename($backupDir . $this->userId . '.privateKey', $this->privateKeyPath);
}
if ($fileKeysRestored && $pubKeyRestored && $privKeyRestored) {
$this->view->deleteAll($backupDir);
return true;
}
return false;
}
/**
* delete backup
*
* @param string $backup complete name of the backup
* @return boolean
*/
public function deleteBackup($backup) {
$backupDir = $this->encryptionDir . '/backup.' . $backup . '/';
return $this->view->deleteAll($backupDir);
} }
/** /**

97
apps/files_encryption/tests/util.php
View File

@ -27,7 +27,7 @@ class Util extends TestCase {
* @var \OC\Files\View * @var \OC\Files\View
*/ */
public $view; public $view;
public $keyfilesPath; public $keysPath;
public $publicKeyPath; public $publicKeyPath;
public $privateKeyPath; public $privateKeyPath;
/** /**
@ -379,8 +379,6 @@ class Util extends TestCase {
$this->assertTrue($this->view->is_dir($backupPath . '/keys')); $this->assertTrue($this->view->is_dir($backupPath . '/keys'));
$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/fileKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/fileKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/' . $user . '.shareKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/' . $filename . '/' . $user . '.shareKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.privateKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . $user . '.publicKey'));
// cleanup // cleanup
$this->view->unlink($this->userId . '/files/' . $filename); $this->view->unlink($this->userId . '/files/' . $filename);
@ -389,21 +387,27 @@ class Util extends TestCase {
} }
/** private function createDummyKeysForBackupTest() {
* test if all keys get moved to the backup folder correctly
*/
function testBackupAllKeys() {
self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1);
// create some dummy key files // create some dummy key files
$encPath = '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '/files_encryption'; $encPath = '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '/files_encryption';
$this->view->mkdir($encPath . '/keys/foo'); $this->view->mkdir($encPath . '/keys/foo');
$this->view->file_put_contents($encPath . '/keys/foo/fileKey', 'key'); $this->view->file_put_contents($encPath . '/keys/foo/fileKey', 'key');
$this->view->file_put_contents($encPath . '/keys/foo/user1.shareKey', 'share key'); $this->view->file_put_contents($encPath . '/keys/foo/user1.shareKey', 'share key');
}
/**
* test if all keys get moved to the backup folder correctly
*
* @dataProvider dataBackupAllKeys
*/
function testBackupAllKeys($addTimestamp, $includeUserKeys) {
self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1);
$this->createDummyKeysForBackupTest();
$util = new \OCA\Files_Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1); $util = new \OCA\Files_Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1);
$util->backupAllKeys('testBackupAllKeys'); $util->backupAllKeys('testBackupAllKeys', $addTimestamp, $includeUserKeys);
$backupPath = $this->getBackupPath('testBackupAllKeys'); $backupPath = $this->getBackupPath('testBackupAllKeys');
@ -412,15 +416,80 @@ class Util extends TestCase {
$this->assertTrue($this->view->is_dir($backupPath . '/keys/foo')); $this->assertTrue($this->view->is_dir($backupPath . '/keys/foo'));
$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/fileKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/fileKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/user1.shareKey')); $this->assertTrue($this->view->file_exists($backupPath . '/keys/foo/user1.shareKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey')); if ($includeUserKeys) {
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey'));
} else {
$this->assertFalse($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.privateKey'));
$this->assertFalse($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.publicKey'));
}
//cleanup //cleanup
$this->view->deleteAll($backupPath); $this->view->deleteAll($backupPath);
$this->view->unlink($encPath . '/keys/foo/fileKey'); $this->view->unlink($this->encryptionDir . '/keys/foo/fileKey');
$this->view->unlink($encPath . '/keys/foo/user1.shareKey'); $this->view->unlink($this->encryptionDir . '/keys/foo/user1.shareKey');
} }
function dataBackupAllKeys() {
return array(
array(true, true),
array(false, true),
array(true, false),
array(false, false),
);
}
/**
* @dataProvider dataBackupAllKeys
*/
function testRestoreBackup($addTimestamp, $includeUserKeys) {
$util = new \OCA\Files_Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1);
$this->createDummyKeysForBackupTest();
$util->backupAllKeys('restoreKeysBackupTest', $addTimestamp, $includeUserKeys);
$this->view->deleteAll($this->keysPath);
if ($includeUserKeys) {
$this->view->unlink($this->privateKeyPath);
$this->view->unlink($this->publicKeyPath);
}
// key should be removed after backup was created
$this->assertFalse($this->view->is_dir($this->keysPath));
if ($includeUserKeys) {
$this->assertFalse($this->view->file_exists($this->privateKeyPath));
$this->assertFalse($this->view->file_exists($this->publicKeyPath));
}
$backupPath = $this->getBackupPath('restoreKeysBackupTest');
$backupName = substr(basename($backupPath), strlen('backup.'));
$this->assertTrue($util->restoreBackup($backupName));
// check if all keys are restored
$this->assertFalse($this->view->is_dir($backupPath));
$this->assertTrue($this->view->is_dir($this->keysPath));
$this->assertTrue($this->view->is_dir($this->keysPath . '/foo'));
$this->assertTrue($this->view->file_exists($this->keysPath . '/foo/fileKey'));
$this->assertTrue($this->view->file_exists($this->keysPath . '/foo/user1.shareKey'));
$this->assertTrue($this->view->file_exists($this->privateKeyPath));
$this->assertTrue($this->view->file_exists($this->publicKeyPath));
}
function testDeleteBackup() {
$util = new \OCA\Files_Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1);
$this->createDummyKeysForBackupTest();
$util->backupAllKeys('testDeleteBackup', false, false);
$this->assertTrue($this->view->is_dir($this->encryptionDir . '/backup.testDeleteBackup'));
$util->deleteBackup('testDeleteBackup');
$this->assertFalse($this->view->is_dir($this->encryptionDir . '/backup.testDeleteBackup'));
}
function testDescryptAllWithBrokenFiles() { function testDescryptAllWithBrokenFiles() {

8
lib/private/util.php
View File

@ -692,9 +692,9 @@ class OC_Util {
$encryptedFiles = false; $encryptedFiles = false;
if (OC_App::isEnabled('files_encryption') === false) { if (OC_App::isEnabled('files_encryption') === false) {
$view = new OC\Files\View('/' . OCP\User::getUser()); $view = new OC\Files\View('/' . OCP\User::getUser());
$keyfilePath = '/files_encryption/keyfiles'; $keysPath = '/files_encryption/keys';
if ($view->is_dir($keyfilePath)) { if ($view->is_dir($keysPath)) {
$dircontent = $view->getDirectoryContent($keyfilePath); $dircontent = $view->getDirectoryContent($keysPath);
if (!empty($dircontent)) { if (!empty($dircontent)) {
$encryptedFiles = true; $encryptedFiles = true;
} }
@ -714,7 +714,7 @@ class OC_Util {
$backupExists = false; $backupExists = false;
if (OC_App::isEnabled('files_encryption') === false) { if (OC_App::isEnabled('files_encryption') === false) {
$view = new OC\Files\View('/' . OCP\User::getUser()); $view = new OC\Files\View('/' . OCP\User::getUser());
$backupPath = '/files_encryption/keyfiles.backup'; $backupPath = '/files_encryption/backup.decryptAll';
if ($view->is_dir($backupPath)) { if ($view->is_dir($backupPath)) {
$dircontent = $view->getDirectoryContent($backupPath); $dircontent = $view->getDirectoryContent($backupPath);
if (!empty($dircontent)) { if (!empty($dircontent)) {

8
settings/ajax/deletekeys.php
View File

@ -4,13 +4,11 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$l = \OC::$server->getL10N('settings'); $l = \OC::$server->getL10N('settings');
$user = \OC_User::getUser();
$view = new \OC\Files\View('/' . $user . '/files_encryption');
$keyfilesDeleted = $view->deleteAll('keyfiles.backup'); $util = new \OCA\Files_Encryption\Util(new \OC\Files\View(), \OC_User::getUser());
$sharekeysDeleted = $view->deleteAll('share-keys.backup'); $result = $util->deleteBackup('decryptAll');
if ($keyfilesDeleted && $sharekeysDeleted) { if ($result) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Encryption keys deleted permanently')))); \OCP\JSON::success(array('data' => array('message' => $l->t('Encryption keys deleted permanently'))));
} else { } else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t permanently delete your encryption keys, please check your owncloud.log or ask your administrator')))); \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t permanently delete your encryption keys, please check your owncloud.log or ask your administrator'))));

15
settings/ajax/restorekeys.php
View File

@ -4,21 +4,12 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$l = \OC::$server->getL10N('settings'); $l = \OC::$server->getL10N('settings');
$user = \OC_User::getUser();
$view = new \OC\Files\View('/' . $user . '/files_encryption');
$keyfilesRestored = $view->rename('keyfiles.backup', 'keyfiles'); $util = new \OCA\Files_Encryption\Util(new \OC\Files\View(), \OC_User::getUser());
$sharekeysRestored = $view->rename('share-keys.backup' , 'share-keys'); $result = $util->restoreBackup('decryptAll');
if ($keyfilesRestored && $sharekeysRestored) { if ($result) {
\OCP\JSON::success(array('data' => array('message' => $l->t('Backups restored successfully')))); \OCP\JSON::success(array('data' => array('message' => $l->t('Backups restored successfully'))));
} else { } else {
// if one of the move operation was succesful we remove the files back to have a consistent state
if($keyfilesRestored) {
$view->rename('keyfiles', 'keyfiles.backup');
}
if($sharekeysRestored) {
$view->rename('share-keys' , 'share-keys.backup');
}
\OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t restore your encryption keys, please check your owncloud.log or ask your administrator')))); \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t restore your encryption keys, please check your owncloud.log or ask your administrator'))));
} }