/**
* @param string $path raw path relative to data/
* @param string $mode
* @param int $options
* @param string $opened_path
* @return bool
* @throw \OCA\Files_Encryption\Exception\EncryptionException
*/
public function stream_open($path, $mode, $options, &$opened_path)
{
// read default cipher from config
$this->cipher = Helper::getCipher();
// assume that the file already exist before we decide it finally in getKey()
$this->newFile = false;
$this->rootView = new \OC\Files\View('/');
$this->session = new Session($this->rootView);
$this->privateKey = $this->session->getPrivateKey();
if ($this->privateKey === false) {
throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING);
}
$normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
$originalFile = Helper::getPathFromTmpFile($normalizedPath);
if ($originalFile) {
$this->rawPath = $originalFile;
$this->isLocalTmpFile = true;
$this->localTmpFile = $normalizedPath;
} else {
$this->rawPath = $normalizedPath;
}
$this->util = new Util($this->rootView, Helper::getUser($this->rawPath));
// get the key ID which we want to use, can be the users key or the
// public share key
$this->keyId = $this->util->getKeyId();
$fileType = Helper::detectFileType($this->rawPath);
switch ($fileType) {
case Util::FILE_TYPE_FILE:
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
$user = \OC::$server->getUserSession()->getUser();
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
break;
case Util::FILE_TYPE_VERSION:
$this->relPath = Helper::getPathFromVersion($this->rawPath);
$this->userId = Helper::getUserFromPath($this->rawPath);
break;
case Util::FILE_TYPE_CACHE:
$this->relPath = Helper::getPathFromCachedFile($this->rawPath);
Helper::mkdirr($this->rawPath, new \OC\Files\View('/'));
$user = \OC::$server->getUserSession()->getUser();
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
break;
default:
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR);
return false;
}
// Disable fileproxies so we can get the file size and open the source file without recursive encryption
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') {
// We're writing a new file so start write counter with 0 bytes
$this->size = 0;
$this->unencryptedSize = 0;
} else {
$this->size = $this->rootView->filesize($this->rawPath);
$this->readHeader();
}
if ($this->isLocalTmpFile) {
$this->handle = fopen($this->localTmpFile, $mode);
} else {
$this->handle = $this->rootView->fopen($this->rawPath, $mode);
}
\OC_FileProxy::$enabled = $proxyStatus;
if (!is_resource($this->handle)) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
$this->meta = stream_get_meta_data($this->handle);
// sometimes fopen changes the mode, e.g. for a url "r" convert to "r+"
// but we need to remember the original access type
$this->meta['mode'] = $mode;
}
return is_resource($this->handle);
}
/**
* Encrypt keyfile to multiple users
* @param Session $session
* @param array $users list of users which should be able to access the file
* @param string $filePath path of the file to be shared
* @return bool
*/
public function setSharedFileKeyfiles(Session $session, array $users, $filePath)
{
// Make sure users are capable of sharing
$filteredUids = $this->filterShareReadyUsers($users);
// If we're attempting to share to unready users
if (!empty($filteredUids['unready'])) {
\OCP\Util::writeLog('Encryption library', 'Sharing to these user(s) failed as they are unready for encryption:"' . print_r($filteredUids['unready'], 1), \OCP\Util::WARN);
return false;
}
// Get public keys for each user, ready for generating sharekeys
$userPubKeys = Keymanager::getPublicKeys($this->view, $filteredUids['ready']);
// Note proxy status then disable it
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Get the current users's private key for decrypting existing keyfile
$privateKey = $session->getPrivateKey();
try {
// Decrypt keyfile
$plainKeyfile = $this->decryptKeyfile($filePath, $privateKey);
// Re-enc keyfile to (additional) sharekeys
$multiEncKey = Crypt::multiKeyEncrypt($plainKeyfile, $userPubKeys);
} catch (Exception\EncryptionException $e) {
$msg = 'set shareFileKeyFailed (code: ' . $e->getCode() . '): ' . $e->getMessage();
\OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL);
return false;
} catch (\Exception $e) {
$msg = 'set shareFileKeyFailed (unknown error): ' . $e->getMessage();
\OCP\Util::writeLog('files_encryption', $msg, \OCP\Util::FATAL);
return false;
}
// Save the recrypted key to it's owner's keyfiles directory
// Save new sharekeys to all necessary user directory
if (!Keymanager::setFileKey($this->view, $this, $filePath, $multiEncKey['data']) || !Keymanager::setShareKeys($this->view, $this, $filePath, $multiEncKey['keys'])) {
\OCP\Util::writeLog('Encryption library', 'Keyfiles could not be saved for users sharing ' . $filePath, \OCP\Util::ERROR);
return false;
}
// Return proxy to original status
\OC_FileProxy::$enabled = $proxyStatus;
return true;
}
/**
* @param string $path raw path relative to data/
* @param string $mode
* @param int $options
* @param string $opened_path
* @return bool
* @throw \OCA\Files_Encryption\Exception\EncryptionException
*/
public function stream_open($path, $mode, $options, &$opened_path)
{
// read default cipher from config
$this->cipher = Helper::getCipher();
// assume that the file already exist before we decide it finally in getKey()
$this->newFile = false;
if (!isset($this->rootView)) {
$this->rootView = new \OC\Files\View('/');
}
$this->session = new Session($this->rootView);
$this->privateKey = $this->session->getPrivateKey();
if ($this->privateKey === false) {
throw new EncryptionException('Session does not contain a private key, maybe your login password changed?', EncryptionException::PRIVATE_KEY_MISSING);
}
$normalizedPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path));
if ($originalFile = Helper::getPathFromTmpFile($normalizedPath)) {
$this->rawPath = $originalFile;
$this->isLocalTmpFile = true;
$this->localTmpFile = $normalizedPath;
} else {
$this->rawPath = $normalizedPath;
}
$this->userId = Helper::getUser($this->rawPath);
$util = new Util($this->rootView, $this->userId);
// get the key ID which we want to use, can be the users key or the
// public share key
$this->keyId = $util->getKeyId();
// Strip identifier text from path, this gives us the path relative to data/<user>/files
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
// if raw path doesn't point to a real file, check if it is a version or a file in the trash bin
if ($this->relPath === false) {
$this->relPath = Helper::getPathToRealFile($this->rawPath);
}
if ($this->relPath === false) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR);
return false;
}
// Disable fileproxies so we can get the file size and open the source file without recursive encryption
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($mode === 'w' or $mode === 'w+' or $mode === 'wb' or $mode === 'wb+') {
// We're writing a new file so start write counter with 0 bytes
$this->size = 0;
$this->unencryptedSize = 0;
} else {
if ($this->privateKey === false) {
// if private key is not valid redirect user to a error page
Helper::redirectToErrorPage($this->session);
}
$this->size = $this->rootView->filesize($this->rawPath);
$this->readHeader();
}
if ($this->isLocalTmpFile) {
$this->handle = fopen($this->localTmpFile, $mode);
} else {
$this->handle = $this->rootView->fopen($this->rawPath, $mode);
}
\OC_FileProxy::$enabled = $proxyStatus;
if (!is_resource($this->handle)) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR);
} else {
$this->meta = stream_get_meta_data($this->handle);
// sometimes fopen changes the mode, e.g. for a url "r" convert to "r+"
// but we need to remember the original access type
$this->meta['mode'] = $mode;
}
return is_resource($this->handle);
}
