123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 |
- <?php
- declare(strict_types=1);
- namespace OCA\Encryption\Services;
- use OC\Files\Filesystem;
- use OCA\Encryption\Crypto\Crypt;
- use OCA\Encryption\KeyManager;
- use OCA\Encryption\Recovery;
- use OCA\Encryption\Session;
- use OCA\Encryption\Util;
- use OCP\Encryption\Exceptions\GenericEncryptionException;
- use OCP\IUser;
- use OCP\IUserManager;
- use OCP\IUserSession;
- use Psr\Log\LoggerInterface;
- class PassphraseService {
-
- private static array $passwordResetUsers = [];
- public function __construct(
- private Util $util,
- private Crypt $crypt,
- private Session $session,
- private Recovery $recovery,
- private KeyManager $keyManager,
- private LoggerInterface $logger,
- private IUserManager $userManager,
- private IUserSession $userSession,
- ) {
- }
- public function setProcessingReset(string $uid, bool $processing = true): void {
- if ($processing) {
- self::$passwordResetUsers[$uid] = true;
- } else {
- unset(self::$passwordResetUsers[$uid]);
- }
- }
-
- public function setPassphraseForUser(string $userId, string $password, ?string $recoveryPassword = null): bool {
-
-
- if (isset(self::$passwordResetUsers[$userId])) {
- return true;
- }
-
- $user = $this->userManager->get($userId);
- if ($user === null) {
- return false;
- }
-
- $currentUser = $this->userSession->getUser();
-
- if ($currentUser !== null && $userId === $currentUser->getUID()) {
- $privateKey = $this->session->getPrivateKey();
-
- $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $password, $userId);
-
- if ($encryptedPrivateKey !== false) {
- $key = $this->crypt->generateHeader() . $encryptedPrivateKey;
- $this->keyManager->setPrivateKey($userId, $key);
- return true;
- }
- $this->logger->error('Encryption could not update users encryption password');
-
-
-
- } else {
-
- $recoveryPassword = $recoveryPassword ?? '';
- $this->initMountPoints($user);
- $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
- $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
- try {
- $this->crypt->decryptPrivateKey($recoveryKey, $recoveryPassword);
- } catch (\Exception) {
- $message = 'Can not decrypt the recovery key. Maybe you provided the wrong password. Try again.';
- throw new GenericEncryptionException($message, $message);
- }
-
-
-
-
- if (
- ($this->recovery->isRecoveryEnabledForUser($userId) && $recoveryPassword !== '')
- || !$this->keyManager->userHasKeys($userId)
- || !$this->util->userHasFiles($userId)
- ) {
- $keyPair = $this->crypt->createKeyPair();
- if ($keyPair === false) {
- $this->logger->error('Could not create new private key-pair for user.');
- return false;
- }
-
- $this->keyManager->setPublicKey($userId, $keyPair['publicKey']);
-
- $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $userId);
- if ($encryptedKey === false) {
- $this->logger->error('Encryption could not update users encryption password');
- return false;
- }
- $this->keyManager->setPrivateKey($userId, $this->crypt->generateHeader() . $encryptedKey);
- if ($recoveryPassword !== '') {
-
- $this->recovery->recoverUsersFiles($recoveryPassword, $userId);
- }
- return true;
- }
- }
- return false;
- }
-
- private function initMountPoints(IUser $user): void {
- Filesystem::initMountPoints($user);
- }
- }
|