From 9bab06537c8d455c1a93b167193ec7cdebe89ffe Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 31 Jul 2012 15:03:28 +0200 Subject: [PATCH] update file encryption key over webdav properties for client side encryption --- apps/files_encryption/appinfo/app.php | 1 + apps/files_encryption/hooks/hooks.php | 12 +++++++++++ lib/connector/sabre/node.php | 30 ++++++++++++++++++++++++++- lib/ocs.php | 4 +--- 4 files changed, 43 insertions(+), 4 deletions(-) diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 1a4021e939..2047bdbb1f 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,6 +10,7 @@ OC::$CLASSPATH['OCA_Encryption\Proxy'] = 'apps/files_encryption/lib/proxy.php'; OC_FileProxy::register(new OCA_Encryption\Proxy()); OCP\Util::connectHook('OC_User','post_login','OCA_Encryption\Hooks','login'); +OCP\Util::connectHook('OC_Webdav_Properties', 'update', 'OCA_Encryption\Hooks', 'updateKeyfile'); stream_wrapper_register('crypt','OC_CryptStream'); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 80daf50a24..35e14e2810 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -58,6 +58,18 @@ class Hooks { } + + /** + * @brief update the encryption key of the file uploaded by the client + */ + public static function updateKeyfile( $params ) { + if (Crypt::mode(\OCP\User::getUser()) == 'client') + if (isset($params['properties']['key'])) { + Keymanager::setFileKey(\OCP\User::getUser(), $params['path'], $params['properties']['key']); + } else { + error_log("Client side encryption is enabled but the client doesn't provide a encryption key for the file!"); + } + } } ?> \ No newline at end of file diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php index be315a0ffd..90f88566a4 100644 --- a/lib/connector/sabre/node.php +++ b/lib/connector/sabre/node.php @@ -22,6 +22,7 @@ */ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IProperties { + const GETETAG_PROPERTYNAME = '{DAV:}getetag'; /** * The path to the current node @@ -140,7 +141,9 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr */ public function updateProperties($properties) { $existing = $this->getProperties(array()); + OC_Hook::emit('OC_Webdav_Properties', 'update', array('properties' => $properties, 'path' => $this->path)); foreach($properties as $propertyName => $propertyValue) { + $propertyName = preg_replace("/^{.*}/", "", $propertyName); // remove leading namespace from property name // If it was null, we need to delete the property if (is_null($propertyValue)) { if(array_key_exists( $propertyName, $existing )){ @@ -178,7 +181,7 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr * @param array $properties * @return void */ - function getProperties($properties) { + public function getProperties($properties) { if (is_null($this->property_cache)) { $query = OC_DB::prepare( 'SELECT * FROM *PREFIX*properties WHERE userid = ? AND propertypath = ?' ); $result = $query->execute( array( OC_User::getUser(), $this->path )); @@ -200,4 +203,29 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr } return $props; } + + /** + * Returns the ETag surrounded by double-quotes for this path. + * @param string $path Path of the file + * @return string|null Returns null if the ETag can not effectively be determined + */ + static public function getETagPropertyForFile($path) { + $tag = OC_Filesystem::hash('md5', $path); + if (empty($tag)) { + return null; + } + $etag = '"'.$tag.'"'; + $query = OC_DB::prepare( 'INSERT INTO *PREFIX*properties (userid,propertypath,propertyname,propertyvalue) VALUES(?,?,?,?)' ); + $query->execute( array( OC_User::getUser(), $path, self::GETETAG_PROPERTYNAME, $etag )); + return $etag; + } + + /** + * Remove the ETag from the cache. + * @param string $path Path of the file + */ + static public function removeETagPropertyForFile($path) { + $query = OC_DB::prepare( 'DELETE FROM *PREFIX*properties WHERE userid = ? AND propertypath = ? AND propertyname = ?' ); + $query->execute( array( OC_User::getUser(), $path, self::GETETAG_PROPERTYNAME )); + } } diff --git a/lib/ocs.php b/lib/ocs.php index cf4248395f..17ae649deb 100644 --- a/lib/ocs.php +++ b/lib/ocs.php @@ -808,8 +808,7 @@ class OC_OCS { $login=OC_OCS::checkpassword(); if(($login==$user)) { if(OC_App::isEnabled('files_encryption') && OCA_Encryption\Crypt::mode($user) === 'client') { - if (($key = OCA_Encryption\Keymanager::setFileKey($user, $file, $key))) { - // TODO: emit hook to move file from tmp location to the right place + if (($key = OCA_Encryption\Keymanager::setFileKey($user, $file, $key))) { echo self::generateXml('', 'ok', 100, ''); return true; } else { @@ -821,7 +820,6 @@ class OC_OCS { }else{ echo self::generateXml('', 'fail', 300, 'You donĀ“t have permission to access this ressource.'); } - //TODO: emit signal to remove file from tmp location return false; }