public static function init($login, $password)
{
$view = new OC_FilesystemView('/');
if (!$view->file_exists('/' . $login)) {
$view->mkdir('/' . $login);
}
OC_FileProxy::$enabled = false;
if (!$view->file_exists('/' . $login . '/encryption.key')) {
// does key exist?
OC_Crypt::createkey($login, $password);
}
$key = $view->file_get_contents('/' . $login . '/encryption.key');
OC_FileProxy::$enabled = true;
$_SESSION['enckey'] = OC_Crypt::decrypt($key, $password);
}
/**
* @medium
*/
function testRecursiveDelShareKeys()
{
// generate filename
$filename = '/tmp-' . time() . '.txt';
// create folder structure
$this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1');
$this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder');
$this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder');
// enable encryption proxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = true;
// save file with content
$cryptedFile = file_put_contents('crypt:///' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder' . $filename, $this->dataShort);
// test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// change encryption proxy to previous state
\OC_FileProxy::$enabled = $proxyStatus;
// recursive delete keys
Encryption\Keymanager::delShareKey($this->view, array('admin'), '/folder1/');
// check if share key not exists
$this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/folder1/subfolder/subsubfolder/' . $filename . '.admin.shareKey'));
// enable encryption proxy
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = true;
// cleanup
$this->view->unlink('/admin/files/folder1');
// change encryption proxy to previous state
\OC_FileProxy::$enabled = $proxyStatus;
}
/**
* @brief test moving a shared file out of the Shared folder
*/
function testRename()
{
// login as admin
\Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1);
// save file with content
$cryptedFile = file_put_contents('crypt:///' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename);
// check if we have a valid file info
$this->assertTrue(is_array($fileInfo));
// share the file
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2, OCP\PERMISSION_ALL);
// check if share key for user2exists
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
// login as user2
\Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2);
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename));
// get file contents
$retrievedCryptedFile = $this->view->file_get_contents('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedCryptedFile);
// move the file out of the shared folder
$this->view->rename('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/Shared/' . $this->filename, '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
// check if we can read the moved file
$retrievedRenamedFile = $this->view->file_get_contents('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedRenamedFile);
// the owners file should be deleted
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename));
// cleanup
$this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
}
/**
* store a new version of a file.
*/
public function store($filename)
{
if (\OCP\Config::getSystemValue('files_versions', Storage::DEFAULTENABLED) == 'true') {
list($uid, $filename) = self::getUidAndFilename($filename);
$files_view = new \OC_FilesystemView('/' . $uid . '/files');
$users_view = new \OC_FilesystemView('/' . $uid);
//check if source file already exist as version to avoid recursions.
// todo does this check work?
if ($users_view->file_exists($filename)) {
return false;
}
// check if filename is a directory
if ($files_view->is_dir($filename)) {
return false;
}
// check filetype blacklist
$blacklist = explode(' ', \OCP\Config::getSystemValue('files_versionsblacklist', Storage::DEFAULTBLACKLIST));
foreach ($blacklist as $bl) {
$parts = explode('.', $filename);
$ext = end($parts);
if (strtolower($ext) == $bl) {
return false;
}
}
// we should have a source file to work with
if (!$files_view->file_exists($filename)) {
return false;
}
// check filesize
if ($files_view->filesize($filename) > \OCP\Config::getSystemValue('files_versionsmaxfilesize', Storage::DEFAULTMAXFILESIZE)) {
return false;
}
// check mininterval if the file is being modified by the owner (all shared files should be versioned despite mininterval)
if ($uid == \OCP\User::getUser()) {
$versions_fileview = new \OC_FilesystemView('/' . $uid . '/files_versions');
$versionsName = \OCP\Config::getSystemValue('datadirectory') . $versions_fileview->getAbsolutePath($filename);
$versionsFolderName = \OCP\Config::getSystemValue('datadirectory') . $versions_fileview->getAbsolutePath('');
$matches = glob($versionsName . '.v*');
sort($matches);
$parts = explode('.v', end($matches));
if (end($parts) + Storage::DEFAULTMININTERVAL > time()) {
return false;
}
}
// create all parent folders
$info = pathinfo($filename);
if (!file_exists($versionsFolderName . '/' . $info['dirname'])) {
mkdir($versionsFolderName . '/' . $info['dirname'], 0750, true);
}
// store a new version of a file
$users_view->copy('files' . $filename, 'files_versions' . $filename . '.v' . time());
// expire old revisions if necessary
Storage::expire($filename);
}
}
/**
* @brief test webdav delete random file
* @depends testWebdavGET
*/
function testWebdavDELETE($filename)
{
// set server vars
$_SERVER['REQUEST_METHOD'] = 'DELETE';
$_SERVER['REQUEST_URI'] = '/remote.php/webdav' . $filename;
$_SERVER['HTTP_AUTHORIZATION'] = 'Basic dGVzdC13ZWJkYXYtdXNlcjE6dGVzdC13ZWJkYXYtdXNlcjE=';
$_SERVER['PATH_INFO'] = '/webdav' . $filename;
// handle webdav request
$content = $this->handleWebdavRequest();
// check if file was removed
$this->assertFalse($this->view->file_exists('/' . $this->userId . '/files' . $filename));
// check if key-file was removed
$this->assertFalse($this->view->file_exists('/' . $this->userId . '/files_encryption/keyfiles' . $filename . '.key'));
// check if shareKey-file was removed
$this->assertFalse($this->view->file_exists('/' . $this->userId . '/files_encryption/share-keys' . $filename . '.' . $this->userId . '.shareKey'));
}
/**
* @medium
*/
function testFailShareFile()
{
// login as admin
\Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1);
// save file with content
$cryptedFile = file_put_contents('crypt:///' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// get the file info from previous created file
$fileInfo = $this->view->getFileInfo('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename);
// check if we have a valid file info
$this->assertTrue(is_array($fileInfo));
// check if the unencrypted file size is stored
$this->assertGreaterThan(0, $fileInfo['unencrypted_size']);
// break users public key
$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key', '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup');
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// share the file
try {
\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_GROUP1, OCP\PERMISSION_ALL);
} catch (Exception $e) {
$this->assertEquals(0, strpos($e->getMessage(), "Following users are not set up for encryption"));
}
// login as admin
\Test_Encryption_Util::loginHelper(\Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1);
// check if share key for user1 not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey'));
// disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// break user1 public key
$this->view->rename('/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key_backup', '/public-keys/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.public.key');
// remove share file
$this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey');
// re-enable the file proxy
\OC_FileProxy::$enabled = $proxyStatus;
// unshare the file with user1
\OCP\Share::unshare('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_GROUP1);
// check if share key not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/share-keys/' . $this->filename . '.' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER3 . '.shareKey'));
// cleanup
$this->view->unlink('/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename);
}
protected function getStorage()
{
if (isset($this->storage)) {
return $this->storage;
}
if (OC_User::isLoggedIn()) {
$subdir = 'cache';
$view = new OC_FilesystemView('/' . OC_User::getUser());
if (!$view->file_exists($subdir)) {
$view->mkdir($subdir);
}
$this->storage = new OC_FilesystemView('/' . OC_User::getUser() . '/' . $subdir);
return $this->storage;
} else {
OC_Log::write('core', 'Can\'t get cache storage, user not logged in', OC_Log::ERROR);
return false;
}
}
/**
* @medium
* @brief test delete file forever
*/
function testPermanentDeleteFile()
{
// generate filename
$filename = 'tmp-' . time() . '.txt';
// save file with content
$cryptedFile = file_put_contents('crypt:///' . $this->userId . '/files/' . $filename, $this->dataShort);
// test that data was successfully written
$this->assertTrue(is_int($cryptedFile));
// check if key for admin exists
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/keyfiles/' . $filename . '.key'));
// check if share key for admin exists
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey'));
// delete file
\OC\FIles\Filesystem::unlink($filename);
// check if file not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files/' . $filename));
// check if key for admin not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/keyfiles/' . $filename . '.key'));
// check if share key for admin not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_encryption/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey'));
// find created file with timestamp
$query = \OC_DB::prepare('SELECT `timestamp`,`type` FROM `*PREFIX*files_trash`' . ' WHERE `id`=?');
$result = $query->execute(array($filename))->fetchRow();
$this->assertTrue(is_array($result));
// build suffix
$trashFileSuffix = 'd' . $result['timestamp'];
// check if key for admin exists
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/keyfiles/' . $filename . '.key.' . $trashFileSuffix));
// check if share key for admin exists
$this->assertTrue($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey.' . $trashFileSuffix));
// get timestamp from file
$timestamp = str_replace('d', '', $trashFileSuffix);
// delete file forever
$this->assertGreaterThan(0, \OCA\Files_Trashbin\Trashbin::delete($filename, $timestamp));
// check if key for admin not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/files/' . $filename . '.' . $trashFileSuffix));
// check if key for admin not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/keyfiles/' . $filename . '.key.' . $trashFileSuffix));
// check if share key for admin not exists
$this->assertFalse($this->view->file_exists('/' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '/files_trashbin/share-keys/' . $filename . '.' . \Test_Encryption_Trashbin::TEST_ENCRYPTION_TRASHBIN_USER1 . '.shareKey.' . $trashFileSuffix));
}
/**
* delete non existing files from the cache
*/
public static function cleanFolder($path, $root = false)
{
if ($root === false) {
$view = OC_Filesystem::getView();
} else {
$view = new OC_FilesystemView($root);
}
$cachedContent = OC_FileCache_Cached::getFolderContent($path, $root);
foreach ($cachedContent as $fileData) {
$path = $fileData['path'];
$file = $view->getRelativePath($path);
if (!$view->file_exists($file)) {
if ($root === false) {
//filesystem hooks are only valid for the default root
OC_Hook::emit('OC_Filesystem', 'post_delete', array('path' => $file));
} else {
self::delete($file, $root);
}
}
}
}
/**
* test if all keys get moved to the backup folder correctly
*/
function testBackupAllKeys()
{
self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1);
// create some dummy key files
$encPath = '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '/files_encryption';
$this->view->file_put_contents($encPath . '/keyfiles/foo.key', 'key');
$this->view->file_put_contents($encPath . '/share-keys/foo.user1.shareKey', 'share key');
$this->view->mkdir($encPath . '/keyfiles/subfolder/');
$this->view->mkdir($encPath . '/share-keys/subfolder/');
$this->view->file_put_contents($encPath . '/keyfiles/subfolder/foo.key', 'key');
$this->view->file_put_contents($encPath . '/share-keys/subfolder/foo.user1.shareKey', 'share key');
$util = new \OCA\Encryption\Util($this->view, self::TEST_ENCRYPTION_UTIL_USER1);
$util->backupAllKeys('testing');
$encFolderContent = $this->view->getDirectoryContent($encPath);
$backupPath = '';
foreach ($encFolderContent as $c) {
$name = $c['name'];
if (substr($name, 0, strlen('backup')) === 'backup') {
$backupPath = $encPath . '/' . $c['name'];
break;
}
}
$this->assertTrue($backupPath !== '');
// check backupDir Content
$this->assertTrue($this->view->is_dir($backupPath . '/keyfiles'));
$this->assertTrue($this->view->is_dir($backupPath . '/share-keys'));
$this->assertTrue($this->view->file_exists($backupPath . '/keyfiles/foo.key'));
$this->assertTrue($this->view->file_exists($backupPath . '/share-keys/foo.user1.shareKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/keyfiles/subfolder/foo.key'));
$this->assertTrue($this->view->file_exists($backupPath . '/share-keys/subfolder/foo.user1.shareKey'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.private.key'));
$this->assertTrue($this->view->file_exists($backupPath . '/' . self::TEST_ENCRYPTION_UTIL_USER1 . '.public.key'));
//cleanup
$this->view->deleteAll($backupPath);
$this->view->unlink($encPath . '/keyfiles/foo.key', 'key');
$this->view->unlink($encPath . '/share-keys/foo.user1.shareKey', 'share key');
}
function testDelAllShareKeysFile()
{
$this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/existingFile.txt', 'data');
// create folder structure for some dummy share key files
$this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1');
// create some dummy share keys for the existing file
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data');
// create some dummy share keys for a non-existing file
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey', 'data');
$this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data');
// try to del all share keys from a existing file, should fail because the file still exists
$result = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/existingFile.txt');
$this->assertFalse($result);
// check if share keys still exists
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey'));
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey'));
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey'));
// try to del all share keys from file, should succeed because the does not exist any more
$result2 = Encryption\Keymanager::delAllShareKeys($this->view, Test_Encryption_Keymanager::TEST_USER, 'folder1/nonexistingFile.txt');
$this->assertTrue($result2);
// check if share keys are really gone
$this->assertFalse($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey'));
// check that it only deleted keys or users who had access, others remain
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user1.shareKey'));
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user2.shareKey'));
$this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/nonexistingFile.txt.user3.shareKey'));
// cleanup
$this->view->deleteAll('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1');
}
OCA\Encryption\Helper::registerAppHooks();
stream_wrapper_register('crypt', 'OCA\\Encryption\\Stream');
// check if we are logged in
if (OCP\User::isLoggedIn()) {
// ensure filesystem is loaded
if (!\OC\Files\Filesystem::$loaded) {
\OC_Util::setupFS();
}
$view = new OC_FilesystemView('/');
$sessionReady = OCA\Encryption\Helper::checkRequirements();
if ($sessionReady) {
$session = new \OCA\Encryption\Session($view);
}
$user = \OCP\USER::getUser();
// check if user has a private key
if ($sessionReady === false || !$view->file_exists('/' . $user . '/files_encryption/' . $user . '.private.key') && OCA\Encryption\Crypt::mode() === 'server') {
// Force the user to log-in again if the encryption key isn't unlocked
// (happens when a user is logged in before the encryption app is
// enabled)
OCP\User::logout();
header("Location: " . OC::$WEBROOT . '/');
exit;
}
}
} else {
// logout user if we are in maintenance to force re-login
OCP\User::logout();
}
// Register settings scripts
OCP\App::registerAdmin('files_encryption', 'settings-admin');
OCP\App::registerPersonal('files_encryption', 'settings-personal');
<?php
OCP\JSON::checkAppEnabled('files_external');
if (!($filename = $_FILES['rootcert_import']['name'])) {
header("Location: settings/personal.php");
exit;
}
$fh = fopen($_FILES['rootcert_import']['tmp_name'], 'r');
$data = fread($fh, filesize($_FILES['rootcert_import']['tmp_name']));
fclose($fh);
$filename = $_FILES['rootcert_import']['name'];
$view = new \OC_FilesystemView('/' . \OCP\User::getUser() . '/files_external/uploads');
if (!$view->file_exists('')) {
$view->mkdir('');
}
$isValid = openssl_pkey_get_public($data);
//maybe it was just the wrong file format, try to convert it...
if ($isValid == false) {
$data = chunk_split(base64_encode($data), 64, "\n");
$data = "-----BEGIN CERTIFICATE-----\n" . $data . "-----END CERTIFICATE-----\n";
$isValid = openssl_pkey_get_public($data);
}
// add the certificate if it could be verified
if ($isValid) {
$view->file_put_contents($filename, $data);
OC_Mount_Config::createCertificateBundle();
} else {
OCP\Util::writeLog("files_external", "Couldn't import SSL root certificate ({$filename}), allowed formats: PEM and DER", OCP\Util::WARN);
}
header("Location: settings/personal.php");
exit;
/**
* @brief Make preparations to vars and filesystem for saving a keyfile
*/
public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId)
{
$targetPath = ltrim($path, '/');
$path_parts = pathinfo($targetPath);
// If the file resides within a subdirectory, create it
if (isset($path_parts['dirname']) && !$view->file_exists($basePath . '/' . $path_parts['dirname'])) {
$sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']);
$dir = '';
foreach ($sub_dirs as $sub_dir) {
$dir .= '/' . $sub_dir;
if (!$view->is_dir($dir)) {
$view->mkdir($dir);
}
}
}
return $targetPath;
}
/**
* @param string $appid
* @return OC_FilesystemView
*/
public static function getStorage($appid)
{
if (OC_App::isEnabled($appid)) {
//sanity check
if (OC_User::isLoggedIn()) {
$view = new OC_FilesystemView('/' . OC_User::getUser());
if (!$view->file_exists($appid)) {
$view->mkdir($appid);
}
return new OC_FilesystemView('/' . OC_User::getUser() . '/' . $appid);
} else {
OC_Log::write('core', 'Can\'t get app storage, app, user not logged in', OC_Log::ERROR);
return false;
}
} else {
OC_Log::write('core', 'Can\'t get app storage, app ' . $appid . ' not enabled', OC_Log::ERROR);
return false;
}
}
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
// Check if we are a user
OCP\User::checkLoggedIn();
$filename = $_GET["file"];
$view = new OC_FilesystemView('/' . \OCP\User::getUser() . '/files_trashbin/files');
if (!$view->file_exists($filename)) {
header("HTTP/1.0 404 Not Found");
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->assign('file', $filename);
$tmpl->printPage();
exit;
}
$ftype = $view->getMimeType($filename);
header('Content-Type:' . $ftype);
if (preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) {
header('Content-Disposition: attachment; filename="' . rawurlencode(basename($filename)) . '"');
} else {
header('Content-Disposition: attachment; filename*=UTF-8\'\'' . rawurlencode(basename($filename)) . '; filename="' . rawurlencode(basename($filename)) . '"');
}
OCP\Response::disableCaching();
header('Content-Length: ' . $view->filesize($filename));
/**
* delete non existing files from the cache
*/
private static function cleanFolder($path, $root = '')
{
if (!$root) {
$view = OC_Filesystem::getView();
} else {
$view = new OC_FilesystemView($root == '/' ? '' : $root);
}
//check for removed files, not using getFolderContent to prevent loops
$parent = self::getFileId($view->getRoot() . $path);
$query = OC_DB::prepare('SELECT name FROM *PREFIX*fscache WHERE parent=?');
$result = $query->execute(array($parent));
while ($row = $result->fetchRow()) {
$file = $path . '/' . $row['name'];
if (!$view->file_exists($file)) {
if (!$root) {
//filesystem hooks are only valid for the default root
OC_Hook::emit('OC_Filesystem', 'post_delete', array('path' => $file));
} else {
self::fileSystemWatcherDelete(array('path' => $file), $root);
}
}
}
}
/**
* @brief Change a user's encryption passphrase
* @param array $params keys: uid, password
*/
public static function setPassphrase($params)
{
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
// Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to
// the necessary keys)
if (Crypt::mode() === 'server') {
$view = new \OC_FilesystemView('/');
$session = new \OCA\Encryption\Session($view);
// Get existing decrypted private key
$privateKey = $session->getPrivateKey();
if ($params['uid'] === \OCP\User::getUser() && $privateKey) {
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']);
// Save private key
if ($encryptedPrivateKey) {
Keymanager::setPrivateKey($encryptedPrivateKey);
} else {
\OCP\Util::writeLog('files_encryption', 'Could not update users encryption password', \OCP\Util::ERROR);
}
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
} else {
// admin changed the password for a different user, create new keys and reencrypt file keys
$user = $params['uid'];
$util = new Util($view, $user);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
// we generate new keys if...
// ...we have a recovery password and the user enabled the recovery key
// ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files
if ($util->recoveryEnabledForUser() && $recoveryPassword || !$util->userKeysExists() || !$view->file_exists($user . '/files')) {
// backup old keys
$util->backupAllKeys('recovery');
$newUserPassword = $params['password'];
// make sure that the users home is mounted
\OC\Files\Filesystem::initMountPoints($user);
$keypair = Crypt::createKeypair();
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Save public key
$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
// Encrypt private key empty passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
// Save private key
$view->file_put_contents('/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
if ($recoveryPassword) {
// if recovery key is set we can re-encrypt the key files
$util = new Util($view, $user);
$util->recoverUsersFiles($recoveryPassword);
}
\OC_FileProxy::$enabled = $proxyStatus;
}
}
}
}
/**
* @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing
* @param array with oldpath and newpath
*
* This function is connected to the rename signal of OC_Filesystem and adjust the name and location
* of the stored versions along the actual file
*/
public static function postRename($params)
{
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$view = new \OC_FilesystemView('/');
$session = new \OCA\Encryption\Session($view);
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
// Format paths to be relative to user files dir
if ($util->isSystemWideMountPoint($params['oldpath'])) {
$baseDir = 'files_encryption/';
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
} else {
$baseDir = $userId . '/' . 'files_encryption/';
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
}
if ($util->isSystemWideMountPoint($params['newpath'])) {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];
} else {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];
}
// add key ext if this is not an folder
if (!$view->is_dir($oldKeyfilePath)) {
$oldKeyfilePath .= '.key';
$newKeyfilePath .= '.key';
// handle share-keys
$localKeyPath = $view->getLocalFile($baseDir . 'share-keys/' . $params['oldpath']);
$escapedPath = Helper::escapeGlobPattern($localKeyPath);
$matches = glob($escapedPath . '*.shareKey');
foreach ($matches as $src) {
$dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));
// create destination folder if not exists
if (!file_exists(dirname($dst))) {
mkdir(dirname($dst), 0750, true);
}
rename($src, $dst);
}
} else {
// handle share-keys folders
$oldShareKeyfilePath = $baseDir . 'share-keys/' . $params['oldpath'];
$newShareKeyfilePath = $baseDir . 'share-keys/' . $params['newpath'];
// create destination folder if not exists
if (!$view->file_exists(dirname($newShareKeyfilePath))) {
$view->mkdir(dirname($newShareKeyfilePath), 0750, true);
}
$view->rename($oldShareKeyfilePath, $newShareKeyfilePath);
}
// Rename keyfile so it isn't orphaned
if ($view->file_exists($oldKeyfilePath)) {
// create destination folder if not exists
if (!$view->file_exists(dirname($newKeyfilePath))) {
$view->mkdir(dirname($newKeyfilePath), 0750, true);
}
$view->rename($oldKeyfilePath, $newKeyfilePath);
}
// build the path to the file
$newPath = '/' . $userId . '/files' . $params['newpath'];
$newPathRelative = $params['newpath'];
if ($util->fixFileSize($newPath)) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative);
// update sharing-keys
$util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative);
}
\OC_FileProxy::$enabled = $proxyStatus;
}
