protected function setUp() { parent::setUp(); // login user self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1); \OC_User::setUserId(self::TEST_ENCRYPTION_UTIL_USER1); $this->userId = self::TEST_ENCRYPTION_UTIL_USER1; $this->pass = self::TEST_ENCRYPTION_UTIL_USER1; // set content for encrypting / decrypting in tests $this->dataUrl = __DIR__ . '/../lib/crypt.php'; $this->dataShort = 'hats'; $this->dataLong = file_get_contents(__DIR__ . '/../lib/crypt.php'); $this->legacyData = __DIR__ . '/legacy-text.txt'; $this->legacyEncryptedData = __DIR__ . '/legacy-encrypted-text.txt'; $this->legacyEncryptedDataKey = __DIR__ . '/encryption.key'; $this->legacyKey = "30943623843030686906"; $keypair = \OCA\Files_Encryption\Crypt::createKeypair(); $this->genPublicKey = $keypair['publicKey']; $this->genPrivateKey = $keypair['privateKey']; $this->publicKeyDir = \OCA\Files_Encryption\Keymanager::getPublicKeyPath(); $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keysPath = $this->encryptionDir . '/' . 'keys'; $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey $this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey $this->view = new \OC\Files\View('/'); $this->util = new \OCA\Files_Encryption\Util($this->view, $this->userId); // remember files_trashbin state $this->stateFilesTrashbin = \OC_App::isEnabled('files_trashbin'); // we don't want to tests with app files_trashbin enabled \OC_App::disable('files_trashbin'); }
/** * @param \OC\Files\View $view * @param string $userId * @param bool $client */ public function __construct($view, $userId, $client = false) { $this->view = $view; $this->client = $client; $this->userId = $userId; $appConfig = \OC::$server->getAppConfig(); $this->publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId'); $this->recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId'); $this->userDir = '/' . $this->userId; $this->fileFolderName = 'files'; $this->userFilesDir = '/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable? $this->publicKeyDir = Keymanager::getPublicKeyPath(); $this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption'; $this->keysPath = $this->encryptionDir . '/' . 'keys'; $this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.publicKey'; // e.g. data/public-keys/admin.publicKey $this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.privateKey'; // e.g. data/admin/admin.privateKey // make sure that the owners home is mounted \OC\Files\Filesystem::initMountPoints($userId); if (Helper::isPublicAccess()) { $this->keyId = $this->publicShareKeyId; $this->isPublic = true; } else { $this->keyId = $this->userId; $this->isPublic = false; } }
/** * @brief replacing encryption keys during password change should be allowed * until the user logged in for the first time */ public function testSetPassphrase() { $view = new \OC\Files\View(); // set user password for the first time \OC_User::createUser(self::TEST_ENCRYPTION_HOOKS_USER3, 'newUserPassword'); \OCA\Files_Encryption\Hooks::postCreateUser(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'newUserPassword')); $this->assertTrue($view->file_exists(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.publicKey')); $this->assertTrue($view->file_exists(self::TEST_ENCRYPTION_HOOKS_USER3 . '/files_encryption/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.privateKey')); // check if we are able to decrypt the private key $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword'); $this->assertTrue(is_string($privateKey)); // change the password before the user logged-in for the first time, // we can replace the encryption keys \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged')); $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged'); $this->assertTrue(is_string($privateKey)); // now create a files folder to simulate a already used account $view->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '/files'); // change the password after the user logged in, now the password should not change \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged2')); $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2'); $this->assertFalse($privateKey); $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged'); $this->assertTrue(is_string($privateKey)); }
/** * @medium */ function testFailShareFile() { // login as admin self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1); // save file with content $cryptedFile = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertInternalType('int', $cryptedFile); // disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // get the file info from previous created file $fileInfo = $this->view->getFileInfo('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info $this->assertInstanceOf('\\OC\\Files\\FileInfo', $fileInfo); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); // break users public key $this->view->rename(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey', \OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup'); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; // share the file try { \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, self::TEST_ENCRYPTION_SHARE_GROUP1, \OCP\Constants::PERMISSION_ALL); } catch (\Exception $e) { $this->assertEquals(0, strpos($e->getMessage(), "Following users are not set up for encryption")); } // login as admin self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1); // check if share key for user1 not exists $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey')); // disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // break user1 public key $this->view->rename(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey_backup', \OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.publicKey'); // remove share file $this->view->unlink('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey'); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; // unshare the file with user1 \OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, self::TEST_ENCRYPTION_SHARE_GROUP1); // check if share key not exists $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey')); // cleanup $this->view->chroot('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/'); $this->view->unlink($this->filename); $this->view->chroot('/'); }