extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle
Roeland Jago Douma
parent
073216e827
commit
9524badccc
|
|
@ -171,7 +171,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
|
|||
$this->registerService(\OC\Security\IdentityProof\Manager::class, function ($c) {
|
||||
return new \OC\Security\IdentityProof\Manager(
|
||||
$this->getServer()->query(\OC\Files\AppData\Factory::class),
|
||||
$this->getServer()->getCrypto()
|
||||
$this->getServer()->getCrypto(),
|
||||
$this->getServer()->getConfig()
|
||||
);
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ namespace OC\Security\IdentityProof;
|
|||
|
||||
use OC\Files\AppData\Factory;
|
||||
use OCP\Files\IAppData;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUser;
|
||||
use OCP\Security\ICrypto;
|
||||
|
||||
|
|
@ -31,15 +32,21 @@ class Manager {
|
|||
private $appData;
|
||||
/** @var ICrypto */
|
||||
private $crypto;
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
/**
|
||||
* @param Factory $appDataFactory
|
||||
* @param ICrypto $crypto
|
||||
* @param IConfig $config
|
||||
*/
|
||||
public function __construct(Factory $appDataFactory,
|
||||
ICrypto $crypto) {
|
||||
ICrypto $crypto,
|
||||
IConfig $config
|
||||
) {
|
||||
$this->appData = $appDataFactory->get('identityproof');
|
||||
$this->crypto = $crypto;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -66,20 +73,20 @@ class Manager {
|
|||
}
|
||||
|
||||
/**
|
||||
* Generate a key for $user
|
||||
* Generate a key for a given ID
|
||||
* Note: If a key already exists it will be overwritten
|
||||
*
|
||||
* @param IUser $user
|
||||
* @param string $id key id
|
||||
* @return Key
|
||||
*/
|
||||
protected function generateKey(IUser $user) {
|
||||
protected function generateKey($id) {
|
||||
list($publicKey, $privateKey) = $this->generateKeyPair();
|
||||
|
||||
// Write the private and public key to the disk
|
||||
try {
|
||||
$this->appData->newFolder($user->getUID());
|
||||
$this->appData->newFolder($id);
|
||||
} catch (\Exception $e) {}
|
||||
$folder = $this->appData->getFolder($user->getUID());
|
||||
$folder = $this->appData->getFolder($id);
|
||||
$folder->newFile('private')
|
||||
->putContent($this->crypto->encrypt($privateKey));
|
||||
$folder->newFile('public')
|
||||
|
|
@ -89,21 +96,47 @@ class Manager {
|
|||
}
|
||||
|
||||
/**
|
||||
* Get public and private key for $user
|
||||
* Get key for a specific id
|
||||
*
|
||||
* @param IUser $user
|
||||
* @param string $id
|
||||
* @return Key
|
||||
*/
|
||||
public function getKey(IUser $user) {
|
||||
protected function retrieveKey($id) {
|
||||
try {
|
||||
$folder = $this->appData->getFolder($user->getUID());
|
||||
$folder = $this->appData->getFolder($id);
|
||||
$privateKey = $this->crypto->decrypt(
|
||||
$folder->getFile('private')->getContent()
|
||||
);
|
||||
$publicKey = $folder->getFile('public')->getContent();
|
||||
return new Key($publicKey, $privateKey);
|
||||
} catch (\Exception $e) {
|
||||
return $this->generateKey($user);
|
||||
return $this->generateKey($id);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get public and private key for $user
|
||||
*
|
||||
* @param IUser $user
|
||||
* @return Key
|
||||
*/
|
||||
public function getKey(IUser $user) {
|
||||
return $this->retrieveKey($user->getUID());
|
||||
}
|
||||
|
||||
/**
|
||||
* Get instance wide public and private key
|
||||
*
|
||||
* @return Key
|
||||
* @throws \RuntimeException
|
||||
*/
|
||||
public function getSystemKey() {
|
||||
$instanceId = $this->config->getSystemValue('instanceid', null);
|
||||
if ($instanceId === null) {
|
||||
throw new \RuntimeException('no instance id!');
|
||||
}
|
||||
return $this->retrieveKey($instanceId);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,8 +27,10 @@ use OC\Security\IdentityProof\Manager;
|
|||
use OCP\Files\IAppData;
|
||||
use OCP\Files\SimpleFS\ISimpleFile;
|
||||
use OCP\Files\SimpleFS\ISimpleFolder;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUser;
|
||||
use OCP\Security\ICrypto;
|
||||
use SebastianBergmann\Comparator\MockObjectComparator;
|
||||
use Test\TestCase;
|
||||
|
||||
class ManagerTest extends TestCase {
|
||||
|
|
@ -40,6 +42,8 @@ class ManagerTest extends TestCase {
|
|||
private $crypto;
|
||||
/** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $manager;
|
||||
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $config;
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
|
|
@ -47,19 +51,37 @@ class ManagerTest extends TestCase {
|
|||
/** @var Factory|\PHPUnit_Framework_MockObject_MockObject $factory */
|
||||
$this->factory = $this->createMock(Factory::class);
|
||||
$this->appData = $this->createMock(IAppData::class);
|
||||
$this->config = $this->createMock(IConfig::class);
|
||||
$this->factory->expects($this->any())
|
||||
->method('get')
|
||||
->with('identityproof')
|
||||
->willReturn($this->appData);
|
||||
|
||||
$this->crypto = $this->createMock(ICrypto::class);
|
||||
$this->manager = $this->getMockBuilder(Manager::class)
|
||||
->setConstructorArgs([
|
||||
$this->manager = $this->getManager(['generateKeyPair']);
|
||||
}
|
||||
|
||||
/**
|
||||
* create manager object
|
||||
*
|
||||
* @param array $setMethods
|
||||
* @return Manager|\PHPUnit_Framework_MockObject_MockObject
|
||||
*/
|
||||
protected function getManager($setMethods = []) {
|
||||
if (empty($setMethods)) {
|
||||
return new Manager(
|
||||
$this->factory,
|
||||
$this->crypto
|
||||
])
|
||||
->setMethods(['generateKeyPair'])
|
||||
->getMock();
|
||||
$this->crypto,
|
||||
$this->config
|
||||
);
|
||||
} else {
|
||||
return $this->getMockBuilder(Manager::class)
|
||||
->setConstructorArgs([
|
||||
$this->factory,
|
||||
$this->crypto,
|
||||
$this->config
|
||||
])->setMethods($setMethods)->getMock();
|
||||
}
|
||||
}
|
||||
|
||||
public function testGetKeyWithExistingKey() {
|
||||
|
|
@ -107,7 +129,7 @@ class ManagerTest extends TestCase {
|
|||
public function testGetKeyWithNotExistingKey() {
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user
|
||||
->expects($this->exactly(3))
|
||||
->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('MyUid');
|
||||
$this->appData
|
||||
|
|
@ -161,10 +183,7 @@ class ManagerTest extends TestCase {
|
|||
}
|
||||
|
||||
public function testGenerateKeyPair() {
|
||||
$manager = new Manager(
|
||||
$this->factory,
|
||||
$this->crypto
|
||||
);
|
||||
$manager = $this->getManager();
|
||||
$data = 'MyTestData';
|
||||
|
||||
list($resultPublicKey, $resultPrivateKey) = self::invokePrivate($manager, 'generateKeyPair');
|
||||
|
|
@ -174,4 +193,36 @@ class ManagerTest extends TestCase {
|
|||
$this->assertSame(1, openssl_verify($data, $signature, $resultPublicKey));
|
||||
$this->assertSame(2048, $details['bits']);
|
||||
}
|
||||
|
||||
public function testGetSystemKey() {
|
||||
$manager = $this->getManager(['retrieveKey']);
|
||||
|
||||
/** @var Key|\PHPUnit_Framework_MockObject_MockObject $key */
|
||||
$key = $this->createMock(Key::class);
|
||||
|
||||
$this->config->expects($this->once())->method('getSystemValue')
|
||||
->with('instanceid', null)->willReturn('instanceId');
|
||||
|
||||
$manager->expects($this->once())->method('retrieveKey')->with('instanceId')
|
||||
->willReturn($key);
|
||||
|
||||
$this->assertSame($key, $manager->getSystemKey());
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @expectedException \RuntimeException
|
||||
*/
|
||||
public function testGetSystemKeyFailure() {
|
||||
$manager = $this->getManager(['retrieveKey']);
|
||||
|
||||
/** @var Key|\PHPUnit_Framework_MockObject_MockObject $key */
|
||||
$key = $this->createMock(Key::class);
|
||||
|
||||
$this->config->expects($this->once())->method('getSystemValue')
|
||||
->with('instanceid', null)->willReturn(null);
|
||||
|
||||
$manager->getSystemKey();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue