make decrypt all work with the master key

This commit is contained in:
Bjoern Schiessle 2016-02-29 14:50:56 +01:00
parent a38e8b6436
commit 95ea2ccb53
3 changed files with 46 additions and 27 deletions

View File

@ -81,8 +81,13 @@ class DecryptAll {
public function prepare(InputInterface $input, OutputInterface $output, $user) {
$question = new Question('Please enter the recovery key password: ');
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if($this->util->isMasterKeyEnabled()) {
$output->writeln('Use master key to decrypt all files');
$user = $this->keyManager->getMasterKeyId();
$password =$this->keyManager->getMasterKeyPassword();
} else {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if (!empty($user)) {
$output->writeln('You can only decrypt the users files if you know');
$output->writeln('the users password or if he activated the recovery key.');
@ -110,6 +115,8 @@ class DecryptAll {
$question->setHidden(true);
$question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question);
}
$privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) {
$this->updateSession($user, $privateKey);
@ -132,9 +139,13 @@ class DecryptAll {
*/
protected function getPrivateKey($user, $password) {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
$masterKeyId = $this->keyManager->getMasterKeyId();
if ($user === $recoveryKeyId) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
} elseif ($user === $masterKeyId) {
$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
} else {
$userKey = $this->keyManager->getPrivateKey($user);
$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);

View File

@ -658,7 +658,7 @@ class KeyManager {
* @return string
* @throws \Exception
*/
protected function getMasterKeyPassword() {
public function getMasterKeyPassword() {
$password = $this->config->getSystemValue('secret');
if (empty($password)){
throw new \Exception('Can not get secret from ownCloud instance');

View File

@ -87,7 +87,7 @@ class DecryptAllTest extends TestCase {
* @param string $user
* @param string $recoveryKeyId
*/
public function testGetPrivateKey($user, $recoveryKeyId) {
public function testGetPrivateKey($user, $recoveryKeyId, $masterKeyId) {
$password = 'passwd';
$recoveryKey = 'recoveryKey';
$userKey = 'userKey';
@ -102,6 +102,13 @@ class DecryptAllTest extends TestCase {
$this->keyManager->expects($this->never())->method('getPrivateKey');
$this->crypt->expects($this->once())->method('decryptPrivateKey')
->with($recoveryKey, $password)->willReturn($unencryptedKey);
} elseif ($user === $masterKeyId) {
$this->keyManager->expects($this->once())->method('getSystemPrivateKey')
->with($masterKeyId)->willReturn($masterKey);
$this->keyManager->expects($this->never())->method('getPrivateKey');
$this->crypt->expects($this->once())->method('decryptPrivateKey')
->with($masterKey, $password, $masterKeyId)->willReturn($unencryptedKey);
} else {
$this->keyManager->expects($this->never())->method('getSystemPrivateKey');
$this->keyManager->expects($this->once())->method('getPrivateKey')
@ -117,8 +124,9 @@ class DecryptAllTest extends TestCase {
public function dataTestGetPrivateKey() {
return [
['user1', 'recoveryKey'],
['recoveryKeyId', 'recoveryKeyId']
['user1', 'recoveryKey', 'masterKeyId'],
['recoveryKeyId', 'recoveryKeyId', 'masterKeyId'],
['masterKeyId', 'masterKeyId', 'masterKeyId']
];
}