Browse Source
create basic interfaces and wrapper to make encryption more modular
remotes/origin/poc-doctrine-migrations
create basic interfaces and wrapper to make encryption more modular
remotes/origin/poc-doctrine-migrations
Bjoern Schiessle
11 years ago
committed by
Thomas Müller
Thomas Müller
2 changed files with 310 additions and 0 deletions
@ -0,0 +1,223 @@ |
|||
<?php |
|||
|
|||
/** |
|||
* ownCloud |
|||
* |
|||
* @copyright (C) 2015 ownCloud, Inc. |
|||
* |
|||
* @author Bjoern Schiessle <schiessle@owncloud.com> |
|||
* |
|||
* This library is free software; you can redistribute it and/or |
|||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE |
|||
* License as published by the Free Software Foundation; either |
|||
* version 3 of the License, or any later version. |
|||
* |
|||
* This library is distributed in the hope that it will be useful, |
|||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details. |
|||
* |
|||
* You should have received a copy of the GNU Affero General Public |
|||
* License along with this library. If not, see <http://www.gnu.org/licenses/>. |
|||
*/ |
|||
|
|||
namespace OC\Encryption; |
|||
|
|||
class KeyStorage implements \OCP\Encryption\IKeyStorage { |
|||
|
|||
/** @var \OC\Files\View */ |
|||
private $view; |
|||
|
|||
/** @var \OC\Encryption\Util */ |
|||
private $util; |
|||
|
|||
// base dir where all the file related keys are stored
|
|||
private static $keys_base_dir = '/files_encryption/keys/'; |
|||
private static $encryption_base_dir = '/files_encryption'; |
|||
|
|||
private static $key_cache = array(); // cache keys
|
|||
|
|||
/** |
|||
* @param \OC\Files\View $view |
|||
* @param \OC\Encryption\Util $util |
|||
*/ |
|||
public function __construct(\OC\Files\View $view, \OC\Encryption\Util $util) { |
|||
$this->view = $view; |
|||
$this->util = $util; |
|||
} |
|||
|
|||
/** |
|||
* get user specific key |
|||
* |
|||
* @param string $uid ID if the user for whom we want the key |
|||
* @param string $keyid id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getUserKey($uid, $keyid) { |
|||
$path = '/' . $uid . self::$encryption_base_dir . '/' . $uid . '.' . $keyid; |
|||
return $this->getKey($path); |
|||
|
|||
} |
|||
|
|||
/** |
|||
* get file specific key |
|||
* |
|||
* @param string $path path to file |
|||
* @param string $keyId id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getFileKey($path, $keyId) { |
|||
$keyDir = $this->getFileKeyDir($path); |
|||
return $this->getKey($keyDir . $keyId); |
|||
} |
|||
|
|||
/** |
|||
* get system-wide encryption keys not related to a specific user, |
|||
* e.g something like a key for public link shares |
|||
* |
|||
* @param string $keyId id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getSystemUserKey($keyId) { |
|||
$path = '/' . self::$encryption_base_dir . '/' . $keyId; |
|||
return $this->getKey($path); |
|||
} |
|||
|
|||
/** |
|||
* set user specific key |
|||
* |
|||
* @param string $uid ID if the user for whom we want the key |
|||
* @param string $keyId id of the key |
|||
* @param mixed $key |
|||
*/ |
|||
public function setUserKey($uid, $keyId, $key) { |
|||
$path = '/' . $uid . self::$encryption_base_dir . '/' . $uid . '.' . $keyId; |
|||
return $this->setKey($path, $key); |
|||
} |
|||
|
|||
/** |
|||
* set file specific key |
|||
* |
|||
* @param string $path path to file |
|||
* @param string $keyId id of the key |
|||
* @param mixed $key |
|||
*/ |
|||
public function setFileKey($path, $keyId, $key) { |
|||
$keyDir = $this->getFileKeyDir($path); |
|||
return $this->setKey($keyDir . $keyId, $key); |
|||
} |
|||
|
|||
/** |
|||
* set system-wide encryption keys not related to a specific user, |
|||
* e.g something like a key for public link shares |
|||
* |
|||
* @param string $keyId id of the key |
|||
* @param mixed $key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function setSystemUserKey($keyId, $key) { |
|||
$path = '/' . self::$encryption_base_dir . '/' . $keyId; |
|||
return $this->setKey($path, $key); |
|||
} |
|||
|
|||
|
|||
/** |
|||
* read key from hard disk |
|||
* |
|||
* @param string $path to key |
|||
* @return string |
|||
*/ |
|||
private function getKey($path) { |
|||
|
|||
$key = ''; |
|||
|
|||
if (isset(self::$key_cache[$path])) { |
|||
$key = self::$key_cache[$path]; |
|||
} else { |
|||
|
|||
/** @var \OCP\Files\Storage $storage */ |
|||
list($storage, $internalPath) = $this->view->resolvePath($path); |
|||
|
|||
if ($storage->file_exists($internalPath)) { |
|||
$key = $storage->file_get_contents($internalPath); |
|||
self::$key_cache[$path] = $key; |
|||
} |
|||
|
|||
} |
|||
|
|||
return $key; |
|||
} |
|||
|
|||
/** |
|||
* write key to disk |
|||
* |
|||
* |
|||
* @param string $path path to key directory |
|||
* @param string $key key |
|||
* @return bool |
|||
*/ |
|||
private function setKey($path, $key) { |
|||
$this->keySetPreparation(dirname($path)); |
|||
|
|||
/** @var \OCP\Files\Storage $storage */ |
|||
list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($path); |
|||
$result = $storage->file_put_contents($internalPath, $key); |
|||
|
|||
if (is_int($result) && $result > 0) { |
|||
self::$key_cache[$path] = $key; |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
|
|||
/** |
|||
* get path to key folder for a given file |
|||
* |
|||
* @param string $path path to the file, relative to the users file directory |
|||
* @return string |
|||
*/ |
|||
private function getFileKeyDir($path) { |
|||
|
|||
if ($this->view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) { |
|||
throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC); |
|||
} |
|||
|
|||
list($owner, $filename) = $this->util->getUidAndFilename($path); |
|||
$filename = $this->util->stripPartialFileExtension($filename); |
|||
$filePath_f = ltrim($filename, '/'); |
|||
|
|||
// in case of system wide mount points the keys are stored directly in the data directory
|
|||
if ($this->util->isSystemWideMountPoint($filename)) { |
|||
$keyPath = self::$keys_base_dir . $filePath_f . '/'; |
|||
} else { |
|||
$keyPath = '/' . $owner . self::$keys_base_dir . $filePath_f . '/'; |
|||
} |
|||
|
|||
return $keyPath; |
|||
} |
|||
|
|||
/** |
|||
* Make preparations to filesystem for saving a keyfile |
|||
* |
|||
* @param string $path relative to the views root |
|||
*/ |
|||
protected function keySetPreparation($path) { |
|||
// If the file resides within a subdirectory, create it
|
|||
if (!$this->view->file_exists($path)) { |
|||
$sub_dirs = explode('/', $path); |
|||
$dir = ''; |
|||
foreach ($sub_dirs as $sub_dir) { |
|||
$dir .= '/' . $sub_dir; |
|||
if (!$this->view->is_dir($dir)) { |
|||
$this->view->mkdir($dir); |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
} |
|||
@ -0,0 +1,87 @@ |
|||
<?php |
|||
|
|||
/** |
|||
* ownCloud |
|||
* |
|||
* @copyright (C) 2015 ownCloud, Inc. |
|||
* |
|||
* @author Bjoern Schiessle <schiessle@owncloud.com> |
|||
* |
|||
* This library is free software; you can redistribute it and/or |
|||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE |
|||
* License as published by the Free Software Foundation; either |
|||
* version 3 of the License, or any later version. |
|||
* |
|||
* This library is distributed in the hope that it will be useful, |
|||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details. |
|||
* |
|||
* You should have received a copy of the GNU Affero General Public |
|||
* License along with this library. If not, see <http://www.gnu.org/licenses/>. |
|||
*/ |
|||
|
|||
namespace OCP\Encryption; |
|||
|
|||
interface IKeyStorage { |
|||
|
|||
/** |
|||
* get user specific key |
|||
* |
|||
* @param string $uid ID if the user for whom we want the key |
|||
* @param string $keyid id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getUserKey($uid, $keyid); |
|||
|
|||
/** |
|||
* get file specific key |
|||
* |
|||
* @param string $path path to file |
|||
* @param string $keyid id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getFileKey($path, $keyid); |
|||
|
|||
/** |
|||
* get system-wide encryption keys not related to a specific user, |
|||
* e.g something like a key for public link shares |
|||
* |
|||
* @param string $keyid id of the key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function getSystemUserKey($uid, $keyid); |
|||
|
|||
/** |
|||
* set user specific key |
|||
* |
|||
* @param string $uid ID if the user for whom we want the key |
|||
* @param string $keyid id of the key |
|||
* @param mixed $key |
|||
*/ |
|||
public function setUserKey($uid, $keyid, $key); |
|||
|
|||
/** |
|||
* set file specific key |
|||
* |
|||
* @param string $path path to file |
|||
* @param string $keyid id of the key |
|||
* @param mixed $key |
|||
*/ |
|||
public function setFileKey($path, $keyid, $key); |
|||
|
|||
/** |
|||
* set system-wide encryption keys not related to a specific user, |
|||
* e.g something like a key for public link shares |
|||
* |
|||
* @param string $keyid id of the key |
|||
* @param mixed $key |
|||
* |
|||
* @return mixed key |
|||
*/ |
|||
public function setSystemUserKey($uid, $keyid, $key); |
|||
|
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue