check if recovery key exists and encrypt the file with the recovery key if needed
This commit is contained in:
Bjoern Schiessle
Thomas Müller
parent
24c6604388
commit
c64e0af4fb
|
|
@ -102,7 +102,10 @@ class Encryption extends \OCP\AppFramework\App {
|
|||
public function registerEncryptionModule() {
|
||||
$container = $this->getContainer();
|
||||
$container->registerService('EncryptionModule', function (IAppContainer $c) {
|
||||
return new \OCA\Encryption\Crypto\Encryption($c->query('Crypt'), $c->query('KeyManager'));
|
||||
return new \OCA\Encryption\Crypto\Encryption(
|
||||
$c->query('Crypt'),
|
||||
$c->query('KeyManager'),
|
||||
$c->query('Util'));
|
||||
});
|
||||
$module = $container->query('EncryptionModule');
|
||||
$this->encryptionManager->registerEncryptionModule($module);
|
||||
|
|
|
|||
|
|
@ -46,9 +46,19 @@ class Encryption implements IEncryptionModule {
|
|||
/** @var boolean */
|
||||
private $isWriteOperation;
|
||||
|
||||
public function __construct(Crypt $crypt, KeyManager $keymanager) {
|
||||
/** @var \OC\Encryption\Util */
|
||||
private $util;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param \OCA\Encryption\Crypto\Crypt $crypt
|
||||
* @param KeyManager $keymanager
|
||||
* @param \OC\Encryption\Util $util
|
||||
*/
|
||||
public function __construct(Crypt $crypt, KeyManager $keymanager, \OC\Encryption\Util $util) {
|
||||
$this->crypt = $crypt;
|
||||
$this->keymanager = $keymanager;
|
||||
$this->util = $util;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -225,9 +235,7 @@ class Encryption implements IEncryptionModule {
|
|||
$publicKeys[$user] = $this->keymanager->getPublicKey($user);
|
||||
}
|
||||
|
||||
if (!empty($accessList['public'])) {
|
||||
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
|
||||
}
|
||||
$publicKeys = $this->addSystemKeys($accessList, $publicKeys);
|
||||
|
||||
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
|
||||
|
||||
|
|
@ -238,6 +246,29 @@ class Encryption implements IEncryptionModule {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* add system keys such as the public share key and the recovery key
|
||||
*
|
||||
* @param array $accessList
|
||||
* @param array $publicKeys
|
||||
* @return array
|
||||
*/
|
||||
public function addSystemKeys(array $accessList, array $publicKeys) {
|
||||
if (!empty($accessList['public'])) {
|
||||
$publicKeys[$this->keymanager->getPublicShareKeyId()] = $this->keymanager->getPublicShareKey();
|
||||
}
|
||||
|
||||
if ($this->keymanager->recoveryKeyExists() &&
|
||||
$this->util->recoveryEnabled($this->user)) {
|
||||
|
||||
$publicKeys[$this->keymanager->getRecoveryKeyId()] = $this->keymanager->getRecoveryKey();
|
||||
}
|
||||
|
||||
|
||||
return $publicKeys;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* should the file be encrypted or not
|
||||
*
|
||||
|
|
|
|||
|
|
@ -141,7 +141,25 @@ class KeyManager {
|
|||
* @return bool
|
||||
*/
|
||||
public function recoveryKeyExists() {
|
||||
return (strlen($this->keyStorage->getSystemUserKey($this->recoveryKeyId)) !== 0);
|
||||
return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId)));
|
||||
}
|
||||
|
||||
/**
|
||||
* get recovery key
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getRecoveryKey() {
|
||||
return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey');
|
||||
}
|
||||
|
||||
/**
|
||||
* get recovery key ID
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getRecoveryKeyId() {
|
||||
return $this->recoveryKeyId;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ namespace OC\Encryption;
|
|||
use OC\Encryption\Exceptions\EncryptionHeaderToLargeException;
|
||||
use OC\Encryption\Exceptions\EncryptionHeaderKeyExistsException;
|
||||
use OCP\Encryption\IEncryptionModule;
|
||||
use OCP\IConfig;
|
||||
|
||||
class Util {
|
||||
|
||||
|
|
@ -58,19 +59,27 @@ class Util {
|
|||
/** @var \OC\User\Manager */
|
||||
protected $userManager;
|
||||
|
||||
/** @var IConfig */
|
||||
protected $config;
|
||||
|
||||
/** @var array paths excluded from encryption */
|
||||
protected $excludedPaths;
|
||||
|
||||
/**
|
||||
* @param \OC\Files\View $view root view
|
||||
*/
|
||||
public function __construct(\OC\Files\View $view, \OC\User\Manager $userManager) {
|
||||
public function __construct(
|
||||
\OC\Files\View $view,
|
||||
\OC\User\Manager $userManager,
|
||||
IConfig $config) {
|
||||
|
||||
$this->ocHeaderKeys = [
|
||||
self::HEADER_ENCRYPTION_MODULE_KEY
|
||||
];
|
||||
|
||||
$this->view = $view;
|
||||
$this->userManager = $userManager;
|
||||
$this->config = $config;
|
||||
|
||||
$this->excludedPaths[] = 'files_encryption';
|
||||
}
|
||||
|
|
@ -411,4 +420,16 @@ class Util {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* check if recovery key is enabled for user
|
||||
*
|
||||
* @param string $uid
|
||||
* @return boolean
|
||||
*/
|
||||
public function recoveryEnabled($uid) {
|
||||
$enabled = $this->config->getUserValue($uid, 'encryption', 'recovery_enabled', '0');
|
||||
|
||||
return ($enabled === '1') ? true : false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue