protected function execute(InputInterface $input, OutputInterface $output)
{
$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
if ($isAlreadyEnabled) {
$output->writeln('Master key already enabled');
} else {
$question = new ConfirmationQuestion('Warning: Only available for fresh installations with no existing encrypted data! ' . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
if ($this->questionHelper->ask($input, $output, $question)) {
$this->config->setAppValue('encryption', 'useMasterKey', '1');
$output->writeln('Master key successfully enabled.');
} else {
$output->writeln('aborted.');
}
}
}
/**
* prepare encryption module to decrypt all files
*
* @param InputInterface $input
* @param OutputInterface $output
* @param $user
* @return bool
*/
public function prepare(InputInterface $input, OutputInterface $output, $user)
{
$question = new Question('Please enter the recovery key password: '******'Use master key to decrypt all files');
$user = $this->keyManager->getMasterKeyId();
$password = $this->keyManager->getMasterKeyPassword();
} else {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if (!empty($user)) {
$output->writeln('You can only decrypt the users files if you know');
$output->writeln('the users password or if he activated the recovery key.');
$output->writeln('');
$questionUseLoginPassword = new ConfirmationQuestion('Do you want to use the users login password to decrypt all files? (y/n) ', false);
$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
if ($useLoginPassword) {
$question = new Question('Please enter the user\'s login password: '******'No recovery key available for user ' . $user);
return false;
} else {
$user = $recoveryKeyId;
}
}
} else {
$output->writeln('You can only decrypt the files of all users if the');
$output->writeln('recovery key is enabled by the admin and activated by the users.');
$output->writeln('');
$user = $recoveryKeyId;
}
$question->setHidden(true);
$question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question);
}
$privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) {
$this->updateSession($user, $privateKey);
return true;
} else {
$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
}
return false;
}
/**
* Startup encryption backend upon user login
*
* @note This method should never be called for users using client side encryption
* @param array $params
* @return boolean|null
*/
public function login($params)
{
if (!App::isEnabled('encryption')) {
return true;
}
// ensure filesystem is loaded
if (!\OC\Files\Filesystem::$loaded) {
$this->setupFS($params['uid']);
}
if ($this->util->isMasterKeyEnabled() === false) {
$this->userSetup->setupUser($params['uid'], $params['password']);
}
$this->keyManager->init($params['uid'], $params['password']);
}
/**
* iterate over all user and encrypt their files
*/
protected function encryptAllUsersFiles()
{
$this->output->writeln("\n");
$progress = new ProgressBar($this->output);
$progress->setFormat(" %message% \n [%bar%]");
$progress->start();
$numberOfUsers = count($this->userPasswords);
$userNo = 1;
if ($this->util->isMasterKeyEnabled()) {
$this->encryptAllUserFilesWithMasterKey($progress);
} else {
foreach ($this->userPasswords as $uid => $password) {
$userCount = "{$uid} ({$userNo} of {$numberOfUsers})";
$this->encryptUsersFiles($uid, $progress, $userCount);
$userNo++;
}
}
$progress->setMessage("all files encrypted");
$progress->finish();
}
/**
* @dataProvider dataTestIsMasterKeyEnabled
*
* @param string $value
* @param bool $expect
*/
public function testIsMasterKeyEnabled($value, $expect)
{
$this->configMock->expects($this->once())->method('getAppValue')->with('encryption', 'useMasterKey', '0')->willReturn($value);
$this->assertSame($expect, $this->instance->isMasterKeyEnabled());
}
/**
* @param string $path
* @param $uid
* @return string
*/
public function getFileKey($path, $uid)
{
$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
if (is_null($uid)) {
$uid = $this->getPublicShareKeyId();
$shareKey = $this->getShareKey($path, $uid);
$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
$privateKey = $this->crypt->decryptPrivateKey($privateKey);
} else {
if ($this->util->isMasterKeyEnabled()) {
$uid = $this->getMasterKeyId();
}
$shareKey = $this->getShareKey($path, $uid);
$privateKey = $this->session->getPrivateKey();
}
if ($encryptedFileKey && $shareKey && $privateKey) {
return $this->crypt->multiKeyDecrypt($encryptedFileKey, $shareKey, $privateKey);
}
return '';
}
/**
*
* @param Crypt $crypt
* @param KeyManager $keyManager
* @param Util $util
* @param Session $session
* @param EncryptAll $encryptAll
* @param DecryptAll $decryptAll
* @param ILogger $logger
* @param IL10N $il10n
*/
public function __construct(Crypt $crypt, KeyManager $keyManager, Util $util, Session $session, EncryptAll $encryptAll, DecryptAll $decryptAll, ILogger $logger, IL10N $il10n)
{
$this->crypt = $crypt;
$this->keyManager = $keyManager;
$this->util = $util;
$this->session = $session;
$this->encryptAll = $encryptAll;
$this->decryptAll = $decryptAll;
$this->logger = $logger;
$this->l = $il10n;
$this->useMasterPassword = $util->isMasterKeyEnabled();
}
