/**
* @dataProvider dataTestGetFileKey
*
* @param $uid
* @param $isMasterKeyEnabled
* @param $privateKey
* @param $expected
*/
public function testGetFileKey($uid, $isMasterKeyEnabled, $privateKey, $expected)
{
$path = '/foo.txt';
if ($isMasterKeyEnabled) {
$expectedUid = 'masterKeyId';
} else {
$expectedUid = $uid;
}
$this->invokePrivate($this->instance, 'masterKeyId', ['masterKeyId']);
$this->keyStorageMock->expects($this->at(0))->method('getFileKey')->with($path, 'fileKey', 'OC_DEFAULT_MODULE')->willReturn(true);
$this->keyStorageMock->expects($this->at(1))->method('getFileKey')->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE')->willReturn(true);
if (is_null($uid)) {
$this->keyStorageMock->expects($this->once())->method('getSystemUserKey')->willReturn(true);
$this->cryptMock->expects($this->once())->method('decryptPrivateKey')->willReturn($privateKey);
} else {
$this->keyStorageMock->expects($this->never())->method('getSystemUserKey');
$this->utilMock->expects($this->once())->method('isMasterKeyEnabled')->willReturn($isMasterKeyEnabled);
$this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey);
}
if ($privateKey) {
$this->cryptMock->expects($this->once())->method('multiKeyDecrypt')->willReturn(true);
} else {
$this->cryptMock->expects($this->never())->method('multiKeyDecrypt');
}
$this->assertSame($expected, $this->instance->getFileKey($path, $uid));
}
public function testGetFileKey()
{
$this->keyStorageMock->expects($this->exactly(4))->method('getFileKey')->willReturn(true);
$this->keyStorageMock->expects($this->once())->method('getSystemUserKey')->willReturn(true);
$this->cryptMock->expects($this->once())->method('decryptPrivateKey')->willReturn(true);
$this->cryptMock->expects($this->once())->method('multiKeyDecrypt')->willReturn(true);
$this->assertTrue($this->instance->getFileKey('/', null));
$this->assertEmpty($this->instance->getFileKey('/', $this->userId));
}
/**
* update encrypted file, e.g. give additional users access to the file
*
* @param string $path path to the file which should be updated
* @param string $uid of the user who performs the operation
* @param array $accessList who has access to the file contains the key 'users' and 'public'
* @return boolean
*/
public function update($path, $uid, array $accessList)
{
$fileKey = $this->keyManager->getFileKey($path, $uid);
$publicKeys = array();
foreach ($accessList['users'] as $user) {
$publicKeys[$user] = $this->keyManager->getPublicKey($user);
}
$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys);
$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
$this->keyManager->deleteAllFileKeys($path);
$this->keyManager->setAllFileKeys($path, $encryptedFileKey);
return true;
}
/**
* check if the encryption module is able to read the file,
* e.g. if all encryption keys exists
*
* @param string $path
* @param string $uid user for whom we want to check if he can read the file
* @return bool
* @throws DecryptionFailedException
*/
public function isReadable($path, $uid)
{
$fileKey = $this->keyManager->getFileKey($path, $uid);
if (empty($fileKey)) {
$owner = $this->util->getOwner($path);
if ($owner !== $uid) {
// if it is a shared file we throw a exception with a useful
// error message because in this case it means that the file was
// shared with the user at a point where the user didn't had a
// valid private/public key
$msg = 'Encryption module "' . $this->getDisplayName() . '" is not able to read ' . $path;
$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
$this->logger->warning($msg);
throw new DecryptionFailedException($msg, $hint);
}
return false;
}
return true;
}
/**
* add recovery key to all encrypted files
* @param string $path
*/
private function addRecoveryKeys($path)
{
$dirContent = $this->view->getDirectoryContent($path);
foreach ($dirContent as $item) {
$filePath = $item->getPath();
if ($item['type'] === 'dir') {
$this->addRecoveryKeys($filePath . '/');
} else {
$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
if (!empty($fileKey)) {
$accessList = $this->file->getAccessList($filePath);
$publicKeys = array();
foreach ($accessList['users'] as $uid) {
$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
}
$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
$this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
}
}
}
}
