/** * @dataProvider dataTestGetFileKey * * @param $uid * @param $isMasterKeyEnabled * @param $privateKey * @param $expected */ public function testGetFileKey($uid, $isMasterKeyEnabled, $privateKey, $expected) { $path = '/foo.txt'; if ($isMasterKeyEnabled) { $expectedUid = 'masterKeyId'; } else { $expectedUid = $uid; } $this->invokePrivate($this->instance, 'masterKeyId', ['masterKeyId']); $this->keyStorageMock->expects($this->at(0))->method('getFileKey')->with($path, 'fileKey', 'OC_DEFAULT_MODULE')->willReturn(true); $this->keyStorageMock->expects($this->at(1))->method('getFileKey')->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE')->willReturn(true); if (is_null($uid)) { $this->keyStorageMock->expects($this->once())->method('getSystemUserKey')->willReturn(true); $this->cryptMock->expects($this->once())->method('decryptPrivateKey')->willReturn($privateKey); } else { $this->keyStorageMock->expects($this->never())->method('getSystemUserKey'); $this->utilMock->expects($this->once())->method('isMasterKeyEnabled')->willReturn($isMasterKeyEnabled); $this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey); } if ($privateKey) { $this->cryptMock->expects($this->once())->method('multiKeyDecrypt')->willReturn(true); } else { $this->cryptMock->expects($this->never())->method('multiKeyDecrypt'); } $this->assertSame($expected, $this->instance->getFileKey($path, $uid)); }
public function testGetFileKey() { $this->keyStorageMock->expects($this->exactly(4))->method('getFileKey')->willReturn(true); $this->keyStorageMock->expects($this->once())->method('getSystemUserKey')->willReturn(true); $this->cryptMock->expects($this->once())->method('decryptPrivateKey')->willReturn(true); $this->cryptMock->expects($this->once())->method('multiKeyDecrypt')->willReturn(true); $this->assertTrue($this->instance->getFileKey('/', null)); $this->assertEmpty($this->instance->getFileKey('/', $this->userId)); }
/** * update encrypted file, e.g. give additional users access to the file * * @param string $path path to the file which should be updated * @param string $uid of the user who performs the operation * @param array $accessList who has access to the file contains the key 'users' and 'public' * @return boolean */ public function update($path, $uid, array $accessList) { $fileKey = $this->keyManager->getFileKey($path, $uid); $publicKeys = array(); foreach ($accessList['users'] as $user) { $publicKeys[$user] = $this->keyManager->getPublicKey($user); } $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); $this->keyManager->deleteAllFileKeys($path); $this->keyManager->setAllFileKeys($path, $encryptedFileKey); return true; }
/** * check if the encryption module is able to read the file, * e.g. if all encryption keys exists * * @param string $path * @param string $uid user for whom we want to check if he can read the file * @return bool * @throws DecryptionFailedException */ public function isReadable($path, $uid) { $fileKey = $this->keyManager->getFileKey($path, $uid); if (empty($fileKey)) { $owner = $this->util->getOwner($path); if ($owner !== $uid) { // if it is a shared file we throw a exception with a useful // error message because in this case it means that the file was // shared with the user at a point where the user didn't had a // valid private/public key $msg = 'Encryption module "' . $this->getDisplayName() . '" is not able to read ' . $path; $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.'); $this->logger->warning($msg); throw new DecryptionFailedException($msg, $hint); } return false; } return true; }
/** * add recovery key to all encrypted files * @param string $path */ private function addRecoveryKeys($path) { $dirContent = $this->view->getDirectoryContent($path); foreach ($dirContent as $item) { $filePath = $item->getPath(); if ($item['type'] === 'dir') { $this->addRecoveryKeys($filePath . '/'); } else { $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); if (!empty($fileKey)) { $accessList = $this->file->getAccessList($filePath); $publicKeys = array(); foreach ($accessList['users'] as $uid) { $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); } $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID()); $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles); } } } }