示例#1
0
 /**
  * decrypt private key and add it to the current session
  * @param array $params with 'uid' and 'password'
  * @return mixed session or false
  */
 public function initEncryption($params)
 {
     $session = new Session($this->view);
     // we tried to initialize the encryption app for this session
     $session->setInitialized(Session::INIT_EXECUTED);
     $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
     $privateKey = false;
     if ($encryptedKey) {
         $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
     }
     if ($privateKey === false) {
         \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
         return false;
     }
     $session->setPrivateKey($privateKey);
     $session->setInitialized(Session::INIT_SUCCESSFUL);
     return $session;
 }
示例#2
0
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('core');
$return = false;
$errorMessage = $l->t('Could not update the private key password.');
$oldPassword = (string) $_POST['oldPassword'];
$newPassword = (string) $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Files_Encryption\Session($view);
$user = \OCP\User::getUser();
$loginName = \OC::$server->getUserSession()->getLoginName();
// check new password
$passwordCorrect = \OCP\User::checkPassword($loginName, $newPassword);
if ($passwordCorrect !== false) {
    $proxyStatus = \OC_FileProxy::$enabled;
    \OC_FileProxy::$enabled = false;
    $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, $user);
    $decryptedKey = $encryptedKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false;
    if ($decryptedKey) {
        $cipher = \OCA\Files_Encryption\Helper::getCipher();
        $encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher);
        if ($encryptedKey) {
            \OCA\Files_Encryption\Keymanager::setPrivateKey($encryptedKey, $user);
            $session->setPrivateKey($decryptedKey);
            $return = true;
        }
    } else {
        $result = false;
        $errorMessage = $l->t('The old password was not correct, please try again.');
    }
    \OC_FileProxy::$enabled = $proxyStatus;
} else {
示例#3
0
 /**
  * @brief replacing encryption keys during password change should be allowed
  *        until the user logged in for the first time
  */
 public function testSetPassphrase()
 {
     $view = new \OC\Files\View();
     // set user password for the first time
     \OC_User::createUser(self::TEST_ENCRYPTION_HOOKS_USER3, 'newUserPassword');
     \OCA\Files_Encryption\Hooks::postCreateUser(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'newUserPassword'));
     $this->assertTrue($view->file_exists(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.publicKey'));
     $this->assertTrue($view->file_exists(self::TEST_ENCRYPTION_HOOKS_USER3 . '/files_encryption/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.privateKey'));
     // check if we are able to decrypt the private key
     $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
     $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword');
     $this->assertTrue(is_string($privateKey));
     // change the password before the user logged-in for the first time,
     // we can replace the encryption keys
     \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged'));
     $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
     $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
     $this->assertTrue(is_string($privateKey));
     // now create a files folder to simulate a already used account
     $view->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '/files');
     // change the password after the user logged in, now the password should not change
     \OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged2'));
     $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
     $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2');
     $this->assertFalse($privateKey);
     $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
     $this->assertTrue(is_string($privateKey));
 }
示例#4
0
 /**
  * @medium
  */
 function testGetPrivateKey()
 {
     $key = \OCA\Files_Encryption\Keymanager::getPrivateKey($this->view, $this->userId);
     $privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($key, $this->pass);
     $res = openssl_pkey_get_private($privateKey);
     $this->assertTrue(is_resource($res));
     $sslInfo = openssl_pkey_get_details($res);
     $this->assertArrayHasKey('key', $sslInfo);
 }