/**
* @param string $uid user id
* @param string $password user password
* @return bool
*/
public function setupUser($uid, $password)
{
if (!$this->keyManager->userHasKeys($uid)) {
return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair());
}
return true;
}
/**
* @param string $uid userid
* @param string $password user password
* @return bool
*/
public function setupServerSide($uid, $password)
{
// Check if user already has keys
if (!$this->keyManager->userHasKeys($uid)) {
return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair());
}
return true;
}
/**
* @param $recoveryKeyId
* @param $password
* @return bool
*/
public function enableAdminRecovery($password)
{
$appConfig = $this->config;
$keyManager = $this->keyManager;
if (!$keyManager->recoveryKeyExists()) {
$keyPair = $this->crypt->createKeyPair();
$this->keyManager->setRecoveryKey($password, $keyPair);
}
if ($keyManager->checkRecoveryPassword($password)) {
$appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
return true;
}
return false;
}
/**
* @param IStorage $keyStorage
* @param Crypt $crypt
* @param IConfig $config
* @param IUserSession $userSession
* @param Session $session
* @param ILogger $log
* @param Util $util
*/
public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util)
{
$this->util = $util;
$this->session = $session;
$this->keyStorage = $keyStorage;
$this->crypt = $crypt;
$this->config = $config;
$this->log = $log;
$this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId');
if (empty($this->recoveryKeyId)) {
$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId);
}
$this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId');
if (empty($this->publicShareKeyId)) {
$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
}
$shareKey = $this->getPublicShareKey();
if (empty($shareKey)) {
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey']);
// Encrypt private key empty passphrase
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], '');
$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey);
}
$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
$this->log = $log;
}
/**
* check if a key pair for the master key exists, if not we create one
*/
public function validateMasterKey()
{
$masterKey = $this->getPublicMasterKey();
if (empty($masterKey)) {
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyStorage->setSystemUserKey($this->masterKeyId . '.publicKey', $keyPair['publicKey'], Encryption::ID);
// Encrypt private key with system password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
$header = $this->crypt->generateHeader();
$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
}
}
public function validateShareKey()
{
$shareKey = $this->getPublicShareKey();
if (empty($shareKey)) {
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey'], Encryption::ID);
// Encrypt private key empty passphrase
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
$header = $this->crypt->generateHeader();
$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
}
}
/**
* Change a user's encryption passphrase
*
* @param array $params keys: uid, password
* @return boolean|null
*/
public function setPassphrase($params)
{
// Get existing decrypted private key
$privateKey = $this->session->getPrivateKey();
$user = $this->user->getUser();
// current logged in user changes his own password
if ($user && $params['uid'] === $user->getUID() && $privateKey) {
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
// Save private key
if ($encryptedPrivateKey) {
$this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey);
} else {
$this->logger->error('Encryption could not update users encryption password');
}
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
} else {
// admin changed the password for a different user, create new keys and re-encrypt file keys
$user = $params['uid'];
$this->initMountPoints($user);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
// we generate new keys if...
// ...we have a recovery password and the user enabled the recovery key
// ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files
if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) {
// backup old keys
//$this->backupAllKeys('recovery');
$newUserPassword = $params['password'];
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
// Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
if ($recoveryPassword) {
// if recovery key is set we can re-encrypt the key files
$this->recovery->recoverUsersFiles($recoveryPassword, $user);
}
} else {
$this->logger->error('Encryption Could not update users encryption password');
}
}
}
}
