Work on post_share hook for files_encryption

New method in OCP\Share{}:: getUsersSharingFile()
Development shapshot

apps/files_encryption/hooks/hooks.php

@@ -166,14 +166,77 @@ class Hooks {
 	 */
 	public static function postShared( $params ) {
 		
-		// Delete existing catfile
-		Keymanager::deleteFileKey(  );
+		// NOTE: $params is an array with these keys:
+		// itemSource -> int, filecache file ID
+		// shareWith -> string, uid of user being shared to
+		// fileTarget -> path of file being shared
+		// uidOwner -> owner of the original file being shared
 		
-		// Generate new catfile and env keys
-		Crypt::multiKeyEncrypt( $plainContent, $publicKeys );
+		$view = new \OC_FilesystemView( '/' );
+		$userId = \OCP\User::getUser();
+		$util = new Util( $view, $userId );
+		
+		$shares = \OCP\Share::getUsersSharingFile( $params['fileTarget'] );
+		
+		$userIds = array();
+		
+		foreach ( $shares as $share ) {
+		
+			$util = new Util( $view, $share['userId'] );
+			
+			// Check that the user is encryption capable
+			if ( $util->ready() ) {
+		
+				// Construct array of just UIDs for Keymanager{}
+				$userIds[] = $share['userId'];
+			
+			} else {
+			
+				// Log warning; we can't do necessary setup here
+				// because we don't have the user passphrase
+				// TODO: Provide user feedback indicating that
+				// sharing failed
+				\OC_Log::write( 'Encryption library', 'File cannot be shared: user "'.$share['userId'].'" is not setup for encryption', \OC_Log::WARN );
+				
+			}
+		
+		}
+		
+		trigger_error("UIDS = ".var_export($userIds, 1));
+		
+		$userPubKeys = Keymanager::getPublicKeys( $view, $userIds );
+		
+// 		trigger_error("PUB KEYS = ".var_export($userPubKeys, 1));
+		
+		// TODO: Fetch path from Crypt{} getter
+		$plainContent = $view->file_get_contents( $userId . '/' . 'files'. '/' . $params['fileTarget'] );
+		
+		// Generate new catfile and share keys
+		if ( ! $encrypted = Crypt::multiKeyEncrypt( $plainContent, $userPubKeys ) ) {
+		
+			// If the re-encryption failed, don't risk deleting data
+			return false;
+			
+		}
+		
+		trigger_error("ENCRYPTED = ". var_export($encrypted, 1));
 		
 		// Save env keys to user folders
+		foreach ( $encrypted['keys'] as $key ) {
 		
+// 			Keymanager::setShareKey( $view, $params['fileTarget'], $userId, $key );
+		
+		}
+		
+		// Delete existing catfile
+		// Check if keyfile exists (it won't if file has been shared before)
+		// Do this last to ensure file is recoverable in case of error
+		if ( $util->isEncryptedPath( $params['fileTarget'] ) ) {
+			
+			// NOTE: This will trigger an error if keyfile isn't found
+// 			Keymanager::deleteFileKey( $params['fileTarget'] );
+		
+		}
 		
 	}
 	

apps/files_encryption/lib/keymanager.php

@@ -57,7 +57,7 @@ class Keymanager {
 	}
 	
 	/**
-	 * @brief retrieve both keys from a user (private and public)
+	 * @brief Retrieve a user's public and private key
 	 * @param \OC_FilesystemView $view
 	 * @param $userId
 	 * @return array keys: privateKey, publicKey
@@ -72,49 +72,26 @@ class Keymanager {
 	}
 	
 	/**
-	 * @brief Retrieve public keys of all users with access to a file
-	 * @param string $path Path to file
-	 * @return array of public keys for the given file
-	 * @note Checks that the sharing app is enabled should be performed 
-	 * by client code, that isn't checked here
+	 * @brief Retrieve public keys for given users
+	 * @param \OC_FilesystemView $view
+	 * @param array $userIds
+	 * @return array of public keys for the specified users
 	 */
-	public static function getPublicKeys( \OC_FilesystemView $view, $userId, $filePath ) {
+	public static function getPublicKeys( \OC_FilesystemView $view, $userIds ) {
 		
-		$path = ltrim( $path, '/' );
+		$i = 0;
+		$keys = array();
 		
-		$filepath = '/' . $userId . '/files/' . $filePath;
+		foreach ( $userIds as $userId ) {
 		
-		// Check if sharing is enabled
-		if ( OC_App::isEnabled( 'files_sharing' ) ) {
-			
-
-		
-		} else {
-		
-			// check if it is a file owned by the user and not shared at all
-			$userview = new \OC_FilesystemView( '/'.$userId.'/files/' );
-			
-			if ( $userview->file_exists( $path ) ) {
-			
-				$users[] = $userId;
+			$i++;
+			$keys[$userId] = self::getPublicKey( $view, $userId );
 		
 		}
 		
-		}
+		$keys['total'] = $i;
 		
-		$view = new \OC_FilesystemView( '/public-keys/' );
-		
-		$keylist = array();
-		
-		$count = 0;
-		
-		foreach ( $users as $user ) {
-		
-			$keylist['key'.++$count] = $view->file_get_contents( $user.'.public.key' );
-			
-		}
-		
-		return $keylist;
+		return $keys;
 		
 	}
 	

apps/files_encryption/lib/proxy.php

@@ -95,7 +95,8 @@ class Proxy extends \OC_FileProxy {
 		
 		if ( self::shouldEncrypt( $path ) ) {
 		
-			if ( !is_resource( $data ) ) { //stream put contents should have been converted to fopen
+			// Stream put contents should have been converted to fopen
+			if ( !is_resource( $data ) ) {
 			
 				$userId = \OCP\USER::getUser();
 				
@@ -107,10 +108,33 @@ class Proxy extends \OC_FileProxy {
 				// Disable encryption proxy to prevent recursive calls
 				\OC_FileProxy::$enabled = false;
 				
-				// TODO: Check if file is shared, if so, use multiKeyEncrypt
+				$fileOwner = \OC\Files\Filesystem::getOwner( $path );
 				
-				// Encrypt plain data and fetch key
-				$encrypted = Crypt::keyEncryptKeyfile( $data, Keymanager::getPublicKey( $rootView, $userId ) );
+				// Check if the keyfile needs to be shared
+				if ( 
+					$fileOwner !== true
+					or $fileOwner !== $userId 
+				) {
+					
+					// Shared storage backend isn't loaded
+					
+					$users = \OCP\Share::getItemShared( 'file', $path, \OC_Share_backend_File::FORMAT_SHARED_STORAGE );
+// 					
+					trigger_error("SHARE USERS = ". var_export($users, 1));
+// 					
+// 					$publicKeys = Keymanager::getPublicKeys( $rootView, $users);
+// 					
+// 					// Encrypt plain data to multiple users
+// 					$encrypted = Crypt::multiKeyEncrypt( $data, $publicKeys );
+				
+				} else {
+				
+					$publicKey = Keymanager::getPublicKey( $rootView, $userId );
+				
+					// Encrypt plain data to a single user
+					$encrypted = Crypt::keyEncryptKeyfile( $data, $publicKey );
+				
+				}
 				
 				// Replace plain content with encrypted content by reference
 				$data = $encrypted['data'];

lib/public/share.php

@@ -92,6 +92,60 @@ class Share {
 		return false;
 	}
 	
+	/**
+	* @brief Find which users can access a shared item
+	* @param string Item type
+	* @param int Format (optional) Format type must be defined by the backend
+	* @param int Number of items to return (optional) Returns all by default
+	* @return Return depends on format
+	*/
+	public static function getUsersSharingFile( $path ) {
+		
+		// Fetch all shares of this file path from DB
+		$query = \OC_DB::prepare( 
+			'SELECT 
+				share_type
+				, share_with
+				, permissions
+			FROM 
+				`*PREFIX*share` 
+			WHERE 
+				file_target = ?'
+			);
+			
+		$result = $query->execute( array( $path ) );
+		
+		if ( \OC_DB::isError( $result ) ) {
+		
+			\OC_Log::write( 'OCP\Share', \OC_DB::getErrorMessage($result) . ', path=' . $path, \OC_Log::ERROR );
+		
+		}
+		
+		$shares = array();
+		
+		while( $row = $result->fetchRow() ) {
+		
+			// Set helpful array keys
+			$shares[] = array( 
+				'userId' => $row['share_with']
+				, 'shareType' => $row['share_type']
+				, 'permissions' => $row['permissions']
+			);
+			
+		}
+		
+		if ( ! empty( $shares ) ) {
+		
+			return $shares;
+			
+		} else {
+		
+			return false;
+			
+		}
+	
+	}
+
 	/**
 	* @brief Get the items of item type shared with the current user
 	* @param string Item type