Commit 49cfc303 authored by Bjoern Schiessle's avatar Bjoern Schiessle
Browse files

upgrade to new folder structure

parent a90606fb
......@@ -4,7 +4,8 @@ use OCA\Files_Encryption\Migration;
$installedVersion=OCP\Config::getAppValue('files_encryption', 'installed_version');
if (version_compare($installedVersion, '0.6', '<')) {
// Migration OC7 -> OC8
if (version_compare($installedVersion, '0.7', '<')) {
$m = new Migration();
$m->dropTableEncryption();
$m->reorganizeFolderStructure();
}
......@@ -31,7 +31,9 @@ namespace OCA\Encryption;
class Keymanager {
// base dir where all the file related keys are stored
const KEYS_BASE_DIR = '/files_encryption/keys/';
private static $keys_base_dir = '/files_encryption/keys/';
private static $encryption_base_dir = '/files_encryption';
private static $public_key_dir = '/files_encryption/public_keys';
/**
* read key from hard disk
......@@ -95,10 +97,14 @@ class Keymanager {
* @return string public key or false
*/
public static function getPublicKey(\OC\Files\View $view, $userId) {
$path = '/public-keys/' . $userId . '.publicKey';
$path = self::$public_key_dir . '/' . $userId . '.publicKey';
return self::getKey($path, $view);
}
public static function getPublicKeyPath() {
return self::$public_key_dir;
}
/**
* Retrieve a user's public and private key
* @param \OC\Files\View $view
......@@ -168,9 +174,9 @@ class Keymanager {
// in case of system wide mount points the keys are stored directly in the data directory
if ($util->isSystemWideMountPoint($filename)) {
$keyPath = self::KEYS_BASE_DIR . $filePath_f . '/';
$keyPath = self::$keys_base_dir . $filePath_f . '/';
} else {
$keyPath = '/' . $owner . self::KEYS_BASE_DIR . $filePath_f . '/';
$keyPath = '/' . $owner . self::$keys_base_dir . $filePath_f . '/';
}
return $keyPath;
......@@ -215,7 +221,7 @@ class Keymanager {
$result = false;
if (!\OCP\User::userExists($uid)) {
$publicKey = '/public-keys/' . $uid . '.publicKey';
$publicKey = self::$public_key_dir . '/' . $uid . '.publicKey';
$result = $view->unlink($publicKey);
}
......@@ -229,7 +235,7 @@ class Keymanager {
* @param string $uid
*/
public static function publicKeyExists($view, $uid) {
return $view->file_exists('/public-keys/'. $uid . '.publicKey');
return $view->file_exists(self::$public_key_dir . '/'. $uid . '.publicKey');
}
......@@ -278,8 +284,8 @@ class Keymanager {
$recoveryKeyId = Helper::getRecoveryKeyId();
if ($recoveryKeyId) {
$result = ($view->file_exists("/public-keys/" . $recoveryKeyId . ".publicKey")
&& $view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".privateKey"));
$result = ($view->file_exists(self::$public_key_dir . '/' . $recoveryKeyId . ".publicKey")
&& $view->file_exists(self::$encryption_base_dir . '/' . $recoveryKeyId . ".privateKey"));
}
return $result;
......@@ -290,8 +296,8 @@ class Keymanager {
$publicShareKeyId = Helper::getPublicShareKeyId();
if ($publicShareKeyId) {
$result = ($view->file_exists("/public-keys/" . $publicShareKeyId . ".publicKey")
&& $view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".privateKey"));
$result = ($view->file_exists(self::$public_key_dir . '/' . $publicShareKeyId . ".publicKey")
&& $view->file_exists(self::$encryption_base_dir . '/' . $publicShareKeyId . ".privateKey"));
}
......@@ -308,9 +314,8 @@ class Keymanager {
public static function setPublicKey($key, $user = '') {
$user = $user === '' ? \OCP\User::getUser() : $user;
$path = '/public-keys';
return self::setKey($path, $user . '.publicKey', $key, new \OC\Files\View('/'));
return self::setKey(self::$public_key_dir, $user . '.publicKey', $key, new \OC\Files\View('/'));
}
/**
......@@ -323,10 +328,9 @@ class Keymanager {
public static function setPrivateSystemKey($key, $keyName) {
$keyName = $keyName . '.privateKey';
$path = '/owncloud_private_key';
$header = Crypt::generateHeader();
return self::setKey($path, $keyName,$header . $key, new \OC\Files\View());
return self::setKey(self::$encryption_base_dir, $keyName,$header . $key, new \OC\Files\View());
}
/**
......@@ -337,7 +341,7 @@ class Keymanager {
*/
public static function getPrivateSystemKey($keyName) {
$path = $keyName . '.privateKey';
return self::getKey($path, new \OC\Files\View('/owncloud_private_key'));
return self::getKey($path, new \OC\Files\View(self::$encryption_base_dir));
}
/**
......
......@@ -4,7 +4,7 @@
*
* @copyright (C) 2014 ownCloud, Inc.
*
* @author Thomas Müller <deepdiver@owncloud.com>
* @author Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
......@@ -26,26 +26,257 @@ namespace OCA\Files_Encryption;
class Migration {
public function __construct($tableName = 'encryption') {
$this->tableName = $tableName;
/**
* @var \OC\Files\View
*/
private $view;
private $public_share_key_id;
private $recovery_key_id;
public function __construct() {
$this->view = new \OC\Files\View();
$this->public_share_key_id = \OCA\Encryption\Helper::getPublicShareKeyId();
$this->recovery_key_id = \OCA\Encryption\Helper::getRecoveryKeyId();
}
public function reorganizeFolderStructure() {
$this->createPathForKeys('/files_encryption');
// backup system wide folders
$this->backupSystemWideKeys();
// rename public keys
$this->renamePublicKeys();
// rename system wide mount point
$this->renameFileKeys('', '/files_encryption/keyfiles');
// rename system private keys
$this->renameSystemPrivateKeys();
// delete old system wide folders
$this->view->deleteAll('/public-keys');
$this->view->deleteAll('/owncloud_private_key');
$this->view->deleteAll('/files_encryption/share-keys');
$this->view->deleteAll('/files_encryption/keyfiles');
$users = \OCP\User::getUsers();
foreach ($users as $user) {
// backup all keys
if ($this->backupUserKeys($user)) {
// create new 'key' folder
$this->view->mkdir($user . '/files_encryption/keys');
// rename users private key
$this->renameUsersPrivateKey($user);
// rename file keys
$path = $user . '/files_encryption/keyfiles';
$this->renameFileKeys($user, $path);
$trashPath = $user . '/files_trashbin/keyfiles';
if (\OC_App::isEnabled('files_trashbin') && $this->view->is_dir($trashPath)) {
$this->renameFileKeys($user, $trashPath, true);
$this->view->deleteAll($trashPath);
$this->view->deleteAll($user . '/files_trashbin/share-keys');
}
// delete old folders
$this->deleteOldKeys($user);
}
}
}
private function backupSystemWideKeys() {
$backupDir = 'encryption_migration_backup_' . date("Y-m-d_H-i-s");
$this->view->mkdir($backupDir);
$this->view->copy('owncloud_private_key', $backupDir . '/owncloud_private_key');
$this->view->copy('public-keys', $backupDir . '/public-keys');
$this->view->copy('files_encryption', $backupDir . '/files_encryption');
}
private function backupUserKeys($user) {
$encryptionDir = $user . '/files_encryption';
if ($this->view->is_dir($encryptionDir)) {
$backupDir = $user . '/encryption_migration_backup_' . date("Y-m-d_H-i-s");
$this->view->mkdir($backupDir);
$this->view->copy($encryptionDir, $backupDir);
return true;
}
return false;
}
private function renamePublicKeys() {
$dh = $this->view->opendir('public-keys');
$this->createPathForKeys('files_encryption/public_keys');
if (is_resource($dh)) {
while (($oldPublicKey = readdir($dh)) !== false) {
if (!\OC\Files\Filesystem::isIgnoredDir($oldPublicKey)) {
$newPublicKey = substr($oldPublicKey, 0, strlen($oldPublicKey) - strlen('.public.key')) . '.publicKey';
$this->view->rename('public-keys/' . $oldPublicKey , 'files_encryption/public_keys/' . $newPublicKey);
}
}
closedir($dh);
}
}
// migrate settings from oc_encryption to oc_preferences
public function dropTableEncryption() {
$tableName = $this->tableName;
if (!\OC_DB::tableExists($tableName)) {
return;
private function renameSystemPrivateKeys() {
$dh = $this->view->opendir('owncloud_private_key');
if (is_resource($dh)) {
while (($oldPrivateKey = readdir($dh)) !== false) {
if (!\OC\Files\Filesystem::isIgnoredDir($oldPrivateKey)) {
$newPrivateKey = substr($oldPrivateKey, 0, strlen($oldPrivateKey) - strlen('.private.key')) . '.privateKey';
$this->view->rename('owncloud_private_key/' . $oldPrivateKey , 'files_encryption/' . $newPrivateKey);
}
}
closedir($dh);
}
$sql = "select `uid`, max(`recovery_enabled`) as `recovery_enabled`, min(`migration_status`) as `migration_status` from `*PREFIX*$tableName` group by `uid`";
$query = \OCP\DB::prepare($sql);
$result = $query->execute(array())->fetchAll();
}
private function renameUsersPrivateKey($user) {
$oldPrivateKey = $user . '/files_encryption/' . $user . '.private.key';
$newPrivateKey = substr($oldPrivateKey, 0, strlen($oldPrivateKey) - strlen('.private.key')) . '.privateKey';
$this->view->rename($oldPrivateKey, $newPrivateKey);
}
foreach ($result as $row) {
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'recovery_enabled', $row['recovery_enabled']);
\OC_Preferences::setValue($row['uid'], 'files_encryption', 'migration_status', $row['migration_status']);
private function getFileName($file, $trash) {
$extLength = strlen('.key');
if ($trash) {
$parts = explode('.', $file);
if ($parts[count($parts) - 1] !== 'key') {
$extLength = $extLength + strlen('.' . $parts[count($parts) - 1]);
}
}
\OC_DB::dropTable($tableName);
$filename = substr($file, 0, strlen($file) - $extLength);
return $filename;
}
private function getExtension($file, $trash) {
$extension = '';
if ($trash) {
$parts = explode('.', $file);
if ($parts[count($parts) - 1] !== 'key') {
$extension = '.' . $parts[count($parts) - 1];
}
}
return $extension;
}
private function getFilePath($path, $user, $trash) {
$offset = $trash ? strlen($user . '/files_trashbin/keyfiles') : strlen($user . '/files_encryption/keyfiles');
return substr($path, $offset);
}
private function getTargetDir($user, $filePath, $filename, $extension, $trash) {
if ($trash) {
$targetDir = $user . '/files_trashbin/keys/' . $filePath . '/' . $filename . $extension;
} else {
$targetDir = $user . '/files_encryption/keys/' . $filePath . '/' . $filename . $extension;
}
return $targetDir;
}
private function renameFileKeys($user, $path, $trash = false) {
$dh = $this->view->opendir($path);
if (is_resource($dh)) {
while (($file = readdir($dh)) !== false) {
if (!\OC\Files\Filesystem::isIgnoredDir($file)) {
if ($this->view->is_dir($path . '/' . $file)) {
$this->renameFileKeys($user, $path . '/' . $file, $trash);
} else {
$filename = $this->getFileName($file, $trash);
$filePath = $this->getFilePath($path, $user, $trash);
$extension = $this->getExtension($file, $trash);
$targetDir = $this->getTargetDir($user, $filePath, $filename, $extension, $trash);
$this->createPathForKeys($targetDir);
$this->view->copy($path . '/' . $file, $targetDir . '/fileKey');
$this->renameShareKeys($user, $filePath, $filename, $targetDir, $trash);
}
}
}
closedir($dh);
}
}
private function getOldShareKeyPath($user, $filePath, $trash) {
if ($trash) {
$oldShareKeyPath = $user . '/files_trashbin/share-keys/' . $filePath;
} else {
$oldShareKeyPath = $user . '/files_encryption/share-keys/' . $filePath;
}
return $oldShareKeyPath;
}
private function getUidFromShareKey($file, $filename, $trash) {
$extLength = strlen('.shareKey');
if ($trash) {
$parts = explode('.', $file);
if ($parts[count($parts) - 1] !== 'shareKey') {
$extLength = $extLength + strlen('.' . $parts[count($parts) - 1]);
}
}
$uid = substr($file, strlen($filename) + 1, $extLength * -1);
return $uid;
}
private function renameShareKeys($user, $filePath, $filename, $target, $trash) {
$oldShareKeyPath = $this->getOldShareKeyPath($user, $filePath, $trash);
$dh = $this->view->opendir($oldShareKeyPath);
if (is_resource($dh)) {
while (($file = readdir($dh)) !== false) {
if (!\OC\Files\Filesystem::isIgnoredDir($file)) {
if ($this->view->is_dir($oldShareKeyPath . '/' . $file)) {
continue;
} else {
if (substr($file, 0, strlen($filename) +1) === $filename . '.') {
$uid = $this->getUidFromShareKey($file, $filename, $trash);
if ($uid === $this->public_share_key_id ||
$uid === $this->recovery_key_id ||
\OCP\User::userExists($uid)) {
$this->view->copy($oldShareKeyPath . '/' . $file, $target . '/' . $uid . '.shareKey');
}
}
}
}
}
closedir($dh);
}
}
private function deleteOldKeys($user) {
$this->view->deleteAll($user . '/files_encryption/keyfiles');
$this->view->deleteAll($user . '/files_encryption/share-keys');
}
private function createPathForKeys($path) {
if (!$this->view->file_exists($path)) {
$sub_dirs = explode('/', $path);
$dir = '';
foreach ($sub_dirs as $sub_dir) {
$dir .= '/' . $sub_dir;
if (!$this->view->is_dir($dir)) {
$this->view->mkdir($dir);
}
}
}
}
}
......@@ -48,9 +48,9 @@ class Session {
$this->view = $view;
if (!$this->view->is_dir('owncloud_private_key')) {
if (!$this->view->is_dir('files_encryption')) {
$this->view->mkdir('owncloud_private_key');
$this->view->mkdir('files_encryption');
}
......
......@@ -73,7 +73,7 @@ class Util {
$this->fileFolderName = 'files';
$this->userFilesDir =
'/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
$this->publicKeyDir = '/' . 'public-keys';
$this->publicKeyDir = Keymanager::getPublicKeyPath();
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
$this->keysPath = $this->encryptionDir . '/' . 'keys';
$this->publicKeyPath =
......
......@@ -33,20 +33,6 @@ class Test_Encryption_Crypt extends \OCA\Files_Encryption\Tests\TestCase {
public static function setUpBeforeClass() {
parent::setUpBeforeClass();
// reset backend
\OC_User::clearBackends();
\OC_User::useBackend('database');
// Filesystem related hooks
\OCA\Encryption\Helper::registerFilesystemHooks();
// Filesystem related hooks
\OCA\Encryption\Helper::registerUserHooks();
// clear and register hooks
\OC_FileProxy::clearProxies();
\OC_FileProxy::register(new OCA\Encryption\Proxy());
// create test user
self::loginHelper(\Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1, true);
}
......@@ -99,14 +85,6 @@ class Test_Encryption_Crypt extends \OCA\Files_Encryption\Tests\TestCase {
// cleanup test user
\OC_User::deleteUser(\Test_Encryption_Crypt::TEST_ENCRYPTION_CRYPT_USER1);
\OC_Hook::clear();
\OC_FileProxy::clearProxies();
// Delete keys in /data/
$view = new \OC\Files\View('/');
$view->rmdir('public-keys');
$view->rmdir('owncloud_private_key');
parent::tearDownAfterClass();
}
......
......@@ -38,14 +38,6 @@ class Test_Encryption_Helper extends \OCA\Files_Encryption\Tests\TestCase {
}
public static function tearDownAfterClass() {
\OC_Hook::clear();
\OC_FileProxy::clearProxies();
// Delete keys in /data/
$view = new \OC\Files\View('/');
$view->rmdir('public-keys');
$view->rmdir('owncloud_private_key');
parent::tearDownAfterClass();
}
......
......@@ -63,28 +63,6 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase {
'.t est.txt'
);
// reset backend
\OC_User::clearBackends();
\OC_User::useBackend('database');
\OC_Hook::clear('OC_Filesystem');
\OC_Hook::clear('OC_User');
// clear share hooks
\OC_Hook::clear('OCP\\Share');
\OC::registerShareHooks();
\OCP\Util::connectHook('OC_Filesystem', 'setup', '\OC\Files\Storage\Shared', 'setup');
// Filesystem related hooks
\OCA\Encryption\Helper::registerFilesystemHooks();
// Sharing related hooks
\OCA\Encryption\Helper::registerShareHooks();
// clear and register proxies
\OC_FileProxy::clearProxies();
\OC_FileProxy::register(new OCA\Encryption\Proxy());
// create test user
self::loginHelper(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER1, true);
self::loginHelper(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2, true);
......@@ -114,14 +92,6 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase {
\OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER1);
\OC_User::deleteUser(\Test_Encryption_Hooks::TEST_ENCRYPTION_HOOKS_USER2);
\OC_Hook::clear();
\OC_FileProxy::clearProxies();
// Delete keys in /data/
$view = new \OC\Files\View('/');
$view->rmdir('public-keys');
$view->rmdir('owncloud_private_key');
parent::tearDownAfterClass();
}
......@@ -439,7 +409,7 @@ class Test_Encryption_Hooks extends \OCA\Files_Encryption\Tests\TestCase {
// set user password for the first time
\OCA\Encryption\Hooks::postCreateUser(array('uid' => 'newUser', 'password' => 'newUserPassword'));
$this->assertTrue($view->file_exists('public-keys/newUser.publicKey'));
$this->assertTrue($view->file_exists(\OCA\Encryption\Keymanager::getPublicKeyPath() . '/newUser.publicKey'));
$this->assertTrue($view->file_exists('newUser/files_encryption/newUser.privateKey'));
// check if we are able to decrypt the private key
......
......@@ -28,17 +28,6 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
public static function setUpBeforeClass() {
parent::setUpBeforeClass();
// reset backend
\OC_User::clearBackends();
\OC_User::useBackend('database');
// Filesystem related hooks
\OCA\Encryption\Helper::registerFilesystemHooks();
// clear and register hooks
\OC_FileProxy::clearProxies();
\OC_FileProxy::register(new OCA\Encryption\Proxy());
// disable file proxy by default
\OC_FileProxy::$enabled = false;
......@@ -92,14 +81,6 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
OC_App::enable('files_trashbin');
}
\OC_Hook::clear();
\OC_FileProxy::clearProxies();
// Delete keys in /data/
$view = new \OC\Files\View('/');
$view->rmdir('public-keys');
$view->rmdir('owncloud_private_key');
parent::tearDownAfterClass();
}
......@@ -192,14 +173,14 @@ class Test_Encryption_Keymanager extends \OCA\Files_Encryption\Tests\TestCase {
Encryption\Keymanager::setPrivateSystemKey($key, $keyName);
$this->assertTrue($this->view->file_exists('/owncloud_private_key/' . $keyName . '.privateKey'));
$this->assertTrue($this->view->file_exists('/files_encryption/' . $keyName . '.privateKey'));
$result = Encryption\Keymanager::getPrivateSystemKey($keyName);
$this->assertSame($encHeader . $key, $result);
// clean up
$this->view->unlink('/owncloud_private_key/' . $keyName.'.privateKey');
$this->view->unlink('/files_encryption/' . $keyName.'.privateKey');
}
......
......@@ -2,8 +2,9 @@
/**
* ownCloud
*
* @author Thomas Müller
* @copyright 2014 Thomas Müller deepdiver@owncloud.com
* @copyright (C) 2014 ownCloud, Inc.
*
* @author Bjoern Schiessle <schiessle@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
......@@ -23,7 +24,29 @@
use OCA\Encryption;
use OCA\Files_Encryption\Migration;
class Test_Migration extends \Test\TestCase {
class Test_Migration extends \OCA\Files_Encryption\Tests\TestCase {
const TEST_ENCRYPTION_MIGRATION_USER1='test_encryption_user1';