/**
* Action to take if this item is infected
* @param Status $status
* @param boolean $isBackground
*/
public function processInfected(Status $status, $isBackground)
{
$application = new \OCA\Files_Antivirus\AppInfo\Application();
$appConfig = $application->getContainer()->query('AppConfig');
$infectedAction = $appConfig->getAvInfectedAction();
$shouldDelete = !$isBackground || $isBackground && $infectedAction === 'delete';
$message = $shouldDelete ? Activity::MESSAGE_FILE_DELETED : '';
\OC::$server->getActivityManager()->publishActivity('files_antivirus', Activity::SUBJECT_VIRUS_DETECTED, array($this->path, $status->getDetails()), $message, array(), $this->path, '', $this->view->getOwner($this->path), Activity::TYPE_VIRUS_DETECTED, Activity::PRIORITY_HIGH);
if ($isBackground) {
if ($shouldDelete) {
$this->logError('Infected file deleted. ' . $status->getDetails());
$this->view->unlink($this->path);
} else {
$this->logError('File is infected. ' . $status->getDetails());
}
} else {
$this->logError('Virus(es) found: ' . $status->getDetails());
//remove file
$this->view->unlink($this->path);
Notification::sendMail($this->path);
$message = $this->l10n->t("Virus detected! Can't upload the file %s", array(basename($this->path)));
\OCP\JSON::error(array("data" => array("message" => $message)));
exit;
}
}
public function testRecipientUnsharesFromSelf()
{
$this->loginAsUser(self::TEST_FILES_SHARING_API_USER2);
$this->assertTrue($this->rootView->unlink('/' . self::TEST_FILES_SHARING_API_USER2 . '/files/sub1/sub2/folder'));
$this->assertEtagsForFoldersChanged([self::TEST_FILES_SHARING_API_USER2, self::TEST_FILES_SHARING_API_USER4]);
$this->assertAllUnchaged();
}
/**
* @medium
* Test that data that is written by the crypto stream wrapper with AES 128
* @note Encrypted data is manually prepared and decrypted here to avoid dependency on success of stream_read
* @note If this test fails with truncate content, check that enough array slices are being rejoined to form $e, as the crypt.php file may have gotten longer and broken the manual
* reassembly of its data
*/
public function testStreamDecryptLongFileContentWithoutHeader()
{
// Generate a a random filename
$filename = 'tmp-' . $this->getUniqueID() . '.test';
$this->config->setSystemValue('cipher', 'AES-128-CFB');
// Save long data as encrypted file using stream wrapper
$cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataLong . $this->dataLong);
$this->config->deleteSystemValue('cipher');
// Test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Get file contents without using any wrapper to get it's actual contents on disk
$retreivedCryptedFile = $this->view->file_get_contents($this->userId . '/files/' . $filename);
// Check that the file was encrypted before being written to disk
$this->assertNotEquals($this->dataLong . $this->dataLong, $retreivedCryptedFile);
// remove the header to check if we can also decrypt old files without a header,
// this files should fall back to AES-128
$cryptedWithoutHeader = substr($retreivedCryptedFile, \OCA\Files_Encryption\Crypt::BLOCKSIZE);
$this->view->file_put_contents($this->userId . '/files/' . $filename, $cryptedWithoutHeader);
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
$decrypted = file_get_contents('crypt:///' . $this->userId . '/files/' . $filename);
$this->assertEquals($this->dataLong . $this->dataLong, $decrypted);
// Teardown
$this->view->unlink($this->userId . '/files/' . $filename);
}
/**
* @return bool
*/
public function stream_close()
{
$this->flush();
// if there is no valid private key return false
if ($this->privateKey === false) {
// cleanup
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && !$this->isLocalTmpFile) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($this->rootView->file_exists($this->rawPath) && $this->size === 0) {
$this->rootView->unlink($this->rawPath);
}
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// if private key is not valid redirect user to a error page
\OCA\Encryption\Helper::redirectToErrorPage($this->session);
}
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && $this->isLocalTmpFile === false && $this->size > 0 && $this->unencryptedSize > 0) {
// only write keyfiles if it was a new file
if ($this->newFile === true) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Fetch user's public key
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
$util = new Util($this->rootView, $this->userId);
// Get all users sharing the file includes current user
$uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath);
$checkedUserIds = $util->filterShareReadyUsers($uniqueUserIds);
// Fetch public keys for all sharing users
$publicKeys = Keymanager::getPublicKeys($this->rootView, $checkedUserIds['ready']);
// Encrypt enc key for all sharing users
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
// Save the new encrypted file key
Keymanager::setFileKey($this->rootView, $util, $this->relPath, $this->encKeyfiles['data']);
// Save the sharekeys
Keymanager::setShareKeys($this->rootView, $util, $this->relPath, $this->encKeyfiles['keys']);
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// we need to update the file info for the real file, not for the
// part file.
$path = Helper::stripPartialFileExtension($this->rawPath);
// get file info
$fileInfo = $this->rootView->getFileInfo($path);
if (is_array($fileInfo)) {
// set encryption data
$fileInfo['encrypted'] = true;
$fileInfo['size'] = $this->size;
$fileInfo['unencrypted_size'] = $this->unencryptedSize;
// set fileinfo
$this->rootView->putFileInfo($path, $fileInfo);
}
}
return fclose($this->handle);
}
/**
* @medium
* test if stream wrapper can read files outside from the data folder
*/
function testStreamFromLocalFile()
{
$filename = '/' . $this->userId . '/files/' . 'tmp-' . $this->getUniqueID() . '.txt';
$tmpFilename = "/tmp/" . $this->getUniqueID() . ".txt";
// write an encrypted file
$cryptedFile = $this->view->file_put_contents($filename, $this->dataShort);
// Test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// create a copy outside of the data folder in /tmp
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$encryptedContent = $this->view->file_get_contents($filename);
\OC_FileProxy::$enabled = $proxyStatus;
file_put_contents($tmpFilename, $encryptedContent);
\OCA\Files_Encryption\Helper::addTmpFileToMapper($tmpFilename, $filename);
// try to read the file from /tmp
$handle = fopen("crypt://" . $tmpFilename, "r");
$contentFromTmpFile = stream_get_contents($handle);
// check if it was successful
$this->assertEquals($this->dataShort, $contentFromTmpFile);
fclose($handle);
// clean up
unlink($tmpFilename);
$this->view->unlink($filename);
}
/**
* Test that deleting a file doesn't error when nobody is logged in
*/
public function testSingleStorageDeleteFileLoggedOut()
{
$this->logout();
if (!$this->userView->file_exists('test.txt')) {
$this->markTestSkipped('Skipping since the current home storage backend requires the user to logged in');
} else {
$this->userView->unlink('test.txt');
}
}
/**
* Remove the certificate and re-generate the certificate bundle
*
* @param string $name
* @return bool
*/
public function removeCertificate($name)
{
if (!Filesystem::isValidPath($name)) {
return false;
}
$path = $this->getPathToCertificates() . 'uploads/';
if ($this->view->file_exists($path . $name)) {
$this->view->unlink($path . $name);
$this->createCertificateBundle();
}
return true;
}
/**
* @medium
*/
function testSetPrivateSystemKey()
{
$key = "dummy key";
$keyName = "myDummyKey";
$encHeader = \OCA\Files_Encryption\Crypt::generateHeader();
\OCA\Files_Encryption\Keymanager::setPrivateSystemKey($key, $keyName);
$this->assertTrue($this->view->file_exists('/files_encryption/' . $keyName . '.privateKey'));
$result = \OCA\Files_Encryption\Keymanager::getPrivateSystemKey($keyName);
$this->assertSame($encHeader . $key, $result);
// clean up
$this->view->unlink('/files_encryption/' . $keyName . '.privateKey');
}
function testPostFileSizeWithDirectory()
{
$this->view->file_put_contents($this->filename, $this->data);
\OC_FileProxy::$enabled = false;
// get root size, must match the file's unencrypted size
$unencryptedSize = $this->view->filesize('');
\OC_FileProxy::$enabled = true;
$encryptedSize = $this->view->filesize('');
$this->assertTrue($encryptedSize !== $unencryptedSize);
// cleanup
$this->view->unlink($this->filename);
}
/**
* remove recovery key to all encrypted files
*/
public function removeRecoveryKeys($path = '/')
{
$dirContent = $this->view->getDirectoryContent($this->keysPath . '/' . $path);
foreach ($dirContent as $item) {
// get relative path from files_encryption/keyfiles
$filePath = substr($item['path'], strlen('files_encryption/keys'));
if ($this->view->is_dir($this->userFilesDir . '/' . $filePath)) {
$this->removeRecoveryKeys($filePath . '/');
} else {
$this->view->unlink($this->keysPath . '/' . $filePath . '/' . $this->recoveryKeyId . '.shareKey');
}
}
}
/**
* encrypt file
*
* @param string $path
* @return bool
*/
protected function encryptFile($path)
{
$source = $path;
$target = $path . '.encrypted.' . time();
try {
$this->rootView->copy($source, $target);
$this->rootView->rename($target, $source);
} catch (DecryptionFailedException $e) {
if ($this->rootView->file_exists($target)) {
$this->rootView->unlink($target);
}
return false;
}
return true;
}
/**
* Tests that filterShareReadyUsers() returns the correct list of
* users that are ready or not ready for encryption
*/
public function testFilterShareReadyUsers()
{
$appConfig = \OC::$server->getAppConfig();
$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
$recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId');
$usersToTest = array('readyUser', 'notReadyUser', 'nonExistingUser', $publicShareKeyId, $recoveryKeyId);
self::loginHelper('readyUser', true);
self::loginHelper('notReadyUser', true);
// delete encryption dir to make it not ready
$this->view->unlink('notReadyUser/files_encryption/');
// login as user1
self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1);
$result = $this->util->filterShareReadyUsers($usersToTest);
$this->assertEquals(array('readyUser', $publicShareKeyId, $recoveryKeyId), $result['ready']);
$this->assertEquals(array('notReadyUser', 'nonExistingUser'), $result['unready']);
\OC_User::deleteUser('readyUser');
}
/**
* Delete should fail is the source file cant be deleted
*/
public function testSingleStorageDeleteFileFail()
{
/**
* @var \OC\Files\Storage\Temporary | \PHPUnit_Framework_MockObject_MockObject $storage
*/
$storage = $this->getMockBuilder('\\OC\\Files\\Storage\\Temporary')->setConstructorArgs([[]])->setMethods(['rename', 'unlink'])->getMock();
$storage->expects($this->any())->method('unlink')->will($this->returnValue(false));
$cache = $storage->getCache();
Filesystem::mount($storage, [], '/' . $this->user . '/files');
$this->userView->file_put_contents('test.txt', 'foo');
$this->assertTrue($storage->file_exists('test.txt'));
$this->assertFalse($this->userView->unlink('test.txt'));
$this->assertTrue($storage->file_exists('test.txt'));
$this->assertTrue($cache->inCache('test.txt'));
// file should not be in the trashbin
$results = $this->rootView->getDirectoryContent($this->user . '/files_trashbin/files/');
$this->assertEquals(0, count($results));
}
/**
* test rename operation
*/
function doTestCopyHook($filename) {
// check if keys exists
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/share-keys/'
. $filename . '.' . self::TEST_ENCRYPTION_HOOKS_USER1 . '.shareKey'));
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/keyfiles/'
. $filename . '.key'));
// make subfolder and sub-subfolder
$this->rootView->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder);
$this->rootView->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder . '/' . $this->folder);
$this->assertTrue($this->rootView->is_dir('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder . '/' . $this->folder));
// copy the file to the sub-subfolder
\OC\Files\Filesystem::copy($filename, '/' . $this->folder . '/' . $this->folder . '/' . $filename);
$this->assertTrue($this->rootView->file_exists('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $filename));
$this->assertTrue($this->rootView->file_exists('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder . '/' . $this->folder . '/' . $filename));
// keys should be copied too
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/share-keys/'
. $filename . '.' . self::TEST_ENCRYPTION_HOOKS_USER1 . '.shareKey'));
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/keyfiles/'
. $filename . '.key'));
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/share-keys/' . $this->folder . '/' . $this->folder . '/'
. $filename . '.' . self::TEST_ENCRYPTION_HOOKS_USER1 . '.shareKey'));
$this->assertTrue($this->rootView->file_exists(
'/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files_encryption/keyfiles/' . $this->folder . '/' . $this->folder . '/'
. $filename . '.key'));
// cleanup
$this->rootView->unlink('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder);
$this->rootView->unlink('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $filename);
}
/**
* test rename a shared file mount point
*/
function testRename()
{
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
// save file with content
$cryptedFile = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertInternalType('int', $cryptedFile);
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename);
// check if we have a valid file info
$this->assertInstanceOf('\\OC\\Files\\FileInfo', $fileInfo);
// share the file
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, self::TEST_ENCRYPTION_SHARE_USER2, \OCP\Constants::PERMISSION_ALL);
// check if share key for user1 and user2 exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER1 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
// login as user2
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2);
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename));
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
\OC\Files\Filesystem::mkdir($this->folder1);
// move the file to a subfolder
\OC\Files\Filesystem::rename($this->filename, $this->folder1 . $this->filename);
// check if we can read the moved file
$retrievedRenamedFile = $this->view->file_get_contents('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->folder1 . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedRenamedFile);
// check if share key for user2 and user1 still exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER1 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
// cleanup
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
$this->view->unlink('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename);
}
/** {@inheritDoc} */
public function run(IOutput $out)
{
$rootView = new View();
$dataDirectory = $this->config->getSystemValue('datadirectory', null);
if (is_null($dataDirectory)) {
throw new \Exception('No data directory specified');
}
$pathToRootCerts = '/files_external/rootcerts.crt';
foreach ($rootView->getDirectoryContent('', 'httpd/unix-directory') as $fileInfo) {
$uid = trim($fileInfo->getPath(), '/');
if ($rootView->file_exists($uid . $pathToRootCerts)) {
// Delete the existing root certificate
$rootView->unlink($uid . $pathToRootCerts);
/**
* FIXME: The certificate manager does only allow specifying the user
* within the constructor. This makes DI impossible.
*/
// Regenerate the certificates
$certificateManager = $this->server->getCertificateManager($uid);
$certificateManager->createCertificateBundle();
}
}
}
/**
* @expectedException \OCP\Files\NotFoundException
*/
public function testDownloadShareWithDeletedFile()
{
$this->container['UserManager']->expects($this->once())->method('userExists')->with($this->user)->will($this->returnValue(true));
$view = new View('/' . $this->user . '/files');
$view->unlink('file1.txt');
$linkItem = Share::getShareByToken($this->token, false);
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
$this->shareController->downloadShare($this->token);
}
/**
* @param \OC\Files\View $view
*/
private static function deleteEncryptionKeys($view, $file, $filename, $timestamp)
{
$size = 0;
if (\OCP\App::isEnabled('files_encryption')) {
$user = \OCP\User::getUser();
if ($view->is_dir('/files_trashbin/files/' . $file)) {
$keyfile = \OC\Files\Filesystem::normalizePath('files_trashbin/keyfiles/' . $filename);
$sharekeys = \OC\Files\Filesystem::normalizePath('files_trashbin/share-keys/' . $filename);
} else {
$keyfile = \OC\Files\Filesystem::normalizePath('files_trashbin/keyfiles/' . $filename . '.key');
$sharekeys = \OC\Files\Filesystem::normalizePath('files_trashbin/share-keys/' . $filename . '.' . $user . '.shareKey');
}
if ($timestamp) {
$keyfile .= '.d' . $timestamp;
$sharekeys .= '.d' . $timestamp;
}
if ($view->file_exists($keyfile)) {
if ($view->is_dir($keyfile)) {
$size += self::calculateSize(new \OC\Files\View('/' . $user . '/' . $keyfile));
$size += self::calculateSize(new \OC\Files\View('/' . $user . '/' . $sharekeys));
} else {
$size += $view->filesize($keyfile);
$size += $view->filesize($sharekeys);
}
$view->unlink($keyfile);
$view->unlink($sharekeys);
}
}
return $size;
}
/**
* delete all share keys of a given file
* @param \OC\Files\View $view
* @param string $userId owner of the file
* @param string $filePath path to the file, relative to the owners file dir
*/
public static function delAllShareKeys($view, $userId, $filePath)
{
$filePath = ltrim($filePath, '/');
if ($view->file_exists('/' . $userId . '/files/' . $filePath)) {
\OCP\Util::writeLog('Encryption library', 'File still exists, stop deleting share keys!', \OCP\Util::ERROR);
return false;
}
if ($filePath === '') {
\OCP\Util::writeLog('Encryption library', 'Can\'t delete share-keys empty path given!', \OCP\Util::ERROR);
return false;
}
$util = new util($view, $userId);
if ($util->isSystemWideMountPoint($filePath)) {
$baseDir = '/files_encryption/share-keys/';
} else {
$baseDir = $userId . '/files_encryption/share-keys/';
}
$result = true;
if ($view->is_dir($baseDir . $filePath)) {
\OCP\Util::writeLog('files_encryption', 'delAllShareKeys: delete share keys: ' . $baseDir . $filePath, \OCP\Util::DEBUG);
$result = $view->unlink($baseDir . $filePath);
} else {
$parentDir = dirname($baseDir . $filePath);
$filename = pathinfo($filePath, PATHINFO_BASENAME);
foreach ($view->getDirectoryContent($parentDir) as $content) {
$path = $content['path'];
if (self::getFilenameFromShareKey($content['name']) === $filename) {
\OCP\Util::writeLog('files_encryption', 'dellAllShareKeys: delete share keys: ' . '/' . $userId . '/' . $path, \OCP\Util::DEBUG);
$result &= $view->unlink('/' . $userId . '/' . $path);
}
}
}
return (bool) $result;
}
/**
* @param \OC\Files\View $view
* @param $file
* @param $filename
* @param $timestamp
* @return int
*/
private static function deleteVersions(\OC\Files\View $view, $file, $filename, $timestamp, $user)
{
$size = 0;
if (\OCP\App::isEnabled('files_versions')) {
if ($view->is_dir('files_trashbin/versions/' . $file)) {
$size += self::calculateSize(new \OC\Files\view('/' . $user . '/files_trashbin/versions/' . $file));
$view->unlink('files_trashbin/versions/' . $file);
} else {
if ($versions = self::getVersionsFromTrash($filename, $timestamp, $user)) {
foreach ($versions as $v) {
if ($timestamp) {
$size += $view->filesize('/files_trashbin/versions/' . $filename . '.v' . $v . '.d' . $timestamp);
$view->unlink('/files_trashbin/versions/' . $filename . '.v' . $v . '.d' . $timestamp);
} else {
$size += $view->filesize('/files_trashbin/versions/' . $filename . '.v' . $v);
$view->unlink('/files_trashbin/versions/' . $filename . '.v' . $v);
}
}
}
}
}
return $size;
}
/**
* remove the users avatar
* @return void
*/
public function remove()
{
$this->view->unlink('avatar.jpg');
$this->view->unlink('avatar.png');
}
/**
* delete the version from the storage and cache
*
* @param View $view
* @param string $path
*/
protected static function deleteVersion($view, $path)
{
$view->unlink($path);
/**
* @var \OC\Files\Storage\Storage $storage
* @var string $internalPath
*/
list($storage, $internalPath) = $view->resolvePath($path);
$cache = $storage->getCache($internalPath);
$cache->remove($internalPath);
}
public static function unlink($path)
{
return self::$defaultInstance->unlink($path);
}
public function unlink($path)
{
$this->setup();
$path = substr($path, strlen('oc://'));
return self::$rootView->unlink($path);
}
/**
* @inheritdoc
*/
public function deleteSystemUserKey($keyId, $encryptionModuleId)
{
$path = $this->constructUserKeyPath($encryptionModuleId, $keyId, null);
return !$this->view->file_exists($path) || $this->view->unlink($path);
}
/**
* @return bool
*/
public function stream_close()
{
$this->flush();
// if there is no valid private key return false
if ($this->privateKey === false) {
// cleanup
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && !$this->isLocalTmpFile) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($this->rootView->file_exists($this->rawPath) && $this->size === 0) {
fclose($this->handle);
$this->rootView->unlink($this->rawPath);
}
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// if private key is not valid redirect user to a error page
Helper::redirectToErrorPage($this->session);
}
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && $this->isLocalTmpFile === false && $this->size > 0 && $this->unencryptedSize > 0) {
// only write keyfiles if it was a new file
if ($this->newFile === true) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Fetch user's public key
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
// Get all users sharing the file includes current user
$uniqueUserIds = $this->util->getSharingUsersArray($sharingEnabled, $this->relPath);
$checkedUserIds = $this->util->filterShareReadyUsers($uniqueUserIds);
// Fetch public keys for all sharing users
$publicKeys = Keymanager::getPublicKeys($this->rootView, $checkedUserIds['ready']);
// Encrypt enc key for all sharing users
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
// Save the new encrypted file key
Keymanager::setFileKey($this->rootView, $this->util, $this->relPath, $this->encKeyfiles['data']);
// Save the sharekeys
Keymanager::setShareKeys($this->rootView, $this->util, $this->relPath, $this->encKeyfiles['keys']);
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// we need to update the file info for the real file, not for the
// part file.
$path = Helper::stripPartialFileExtension($this->rawPath);
$fileInfo = array('mimetype' => $this->rootView->getMimeType($this->rawPath), 'encrypted' => true, 'unencrypted_size' => $this->unencryptedSize);
// if we write a part file we also store the unencrypted size for
// the part file so that it can be re-used later
$this->rootView->putFileInfo($this->rawPath, $fileInfo);
if ($path !== $this->rawPath) {
$this->rootView->putFileInfo($path, $fileInfo);
}
}
$result = fclose($this->handle);
if ($result === false) {
\OCP\Util::writeLog('Encryption library', 'Could not close stream, file could be corrupted', \OCP\Util::FATAL);
}
return $result;
}
/**
* delete all share keys of a given file
* @param \OC\Files\View $view
* @param string $userId owner of the file
* @param string $filePath path to the file, relative to the owners file dir
*/
public static function delAllShareKeys($view, $userId, $filePath)
{
$filePath = ltrim($filePath, '/');
if ($view->file_exists('/' . $userId . '/files/' . $filePath)) {
\OCP\Util::writeLog('Encryption library', 'File still exists, stop deleting share keys!', \OCP\Util::ERROR);
return false;
}
if ($filePath === '') {
\OCP\Util::writeLog('Encryption library', 'Can\'t delete share-keys empty path given!', \OCP\Util::ERROR);
return false;
}
$util = new util($view, $userId);
if ($util->isSystemWideMountPoint($filePath)) {
$baseDir = '/files_encryption/share-keys/';
} else {
$baseDir = $userId . '/files_encryption/share-keys/';
}
$result = true;
if ($view->is_dir($baseDir . $filePath)) {
\OCP\Util::writeLog('files_encryption', 'delAllShareKeys: delete share keys: ' . $baseDir . $filePath, \OCP\Util::DEBUG);
$result = $view->unlink($baseDir . $filePath);
} else {
$sharingEnabled = \OCP\Share::isEnabled();
$users = $util->getSharingUsersArray($sharingEnabled, $filePath);
foreach ($users as $user) {
$keyName = $baseDir . $filePath . '.' . $user . '.shareKey';
if ($view->file_exists($keyName)) {
\OCP\Util::writeLog('files_encryption', 'dellAllShareKeys: delete share keys: "' . $keyName . '"', \OCP\Util::DEBUG);
$result &= $view->unlink($keyName);
}
}
}
return (bool) $result;
}
/**
* delete key
*
* @param \OC\Files\View $view
* @param string $path
* @return boolean
*/
private static function deleteKey($view, $path)
{
$normalizedPath = \OC\Files\Filesystem::normalizePath($path);
$result = $view->unlink($normalizedPath);
if ($result) {
unset(self::$key_cache[$normalizedPath]);
return true;
}
return false;
}
