123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449 |
- <?php
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Björn Schießle <bjoern@schiessle.org>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OCA\Encryption\Tests\Crypto;
- use OCA\Encryption\Crypto\Crypt;
- use OCA\Encryption\Crypto\DecryptAll;
- use OCA\Encryption\Crypto\EncryptAll;
- use OCA\Encryption\Crypto\Encryption;
- use OCA\Encryption\Exceptions\PublicKeyMissingException;
- use OCA\Encryption\KeyManager;
- use OCA\Encryption\Session;
- use OCA\Encryption\Util;
- use OCP\Files\Storage;
- use OCP\IL10N;
- use OCP\ILogger;
- use Symfony\Component\Console\Input\InputInterface;
- use Symfony\Component\Console\Output\OutputInterface;
- use Test\TestCase;
- class EncryptionTest extends TestCase {
- /** @var Encryption */
- private $instance;
- /** @var \OCA\Encryption\KeyManager|\PHPUnit\Framework\MockObject\MockObject */
- private $keyManagerMock;
- /** @var \OCA\Encryption\Crypto\EncryptAll|\PHPUnit\Framework\MockObject\MockObject */
- private $encryptAllMock;
- /** @var \OCA\Encryption\Crypto\DecryptAll|\PHPUnit\Framework\MockObject\MockObject */
- private $decryptAllMock;
- /** @var \OCA\Encryption\Session|\PHPUnit\Framework\MockObject\MockObject */
- private $sessionMock;
- /** @var \OCA\Encryption\Crypto\Crypt|\PHPUnit\Framework\MockObject\MockObject */
- private $cryptMock;
- /** @var \OCA\Encryption\Util|\PHPUnit\Framework\MockObject\MockObject */
- private $utilMock;
- /** @var \OCP\ILogger|\PHPUnit\Framework\MockObject\MockObject */
- private $loggerMock;
- /** @var \OCP\IL10N|\PHPUnit\Framework\MockObject\MockObject */
- private $l10nMock;
- /** @var \OCP\Files\Storage|\PHPUnit\Framework\MockObject\MockObject */
- private $storageMock;
- protected function setUp(): void {
- parent::setUp();
- $this->storageMock = $this->getMockBuilder(Storage::class)
- ->disableOriginalConstructor()->getMock();
- $this->cryptMock = $this->getMockBuilder(Crypt::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->utilMock = $this->getMockBuilder(Util::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->keyManagerMock = $this->getMockBuilder(KeyManager::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->sessionMock = $this->getMockBuilder(Session::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->encryptAllMock = $this->getMockBuilder(EncryptAll::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->decryptAllMock = $this->getMockBuilder(DecryptAll::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->loggerMock = $this->getMockBuilder(ILogger::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->l10nMock = $this->getMockBuilder(IL10N::class)
- ->disableOriginalConstructor()
- ->getMock();
- $this->l10nMock->expects($this->any())
- ->method('t')
- ->with($this->anything())
- ->willReturnArgument(0);
- $this->instance = new Encryption(
- $this->cryptMock,
- $this->keyManagerMock,
- $this->utilMock,
- $this->sessionMock,
- $this->encryptAllMock,
- $this->decryptAllMock,
- $this->loggerMock,
- $this->l10nMock
- );
- }
- /**
- * test if public key from one of the recipients is missing
- */
- public function testEndUser1() {
- $this->instance->begin('/foo/bar', 'user1', 'r', [], ['users' => ['user1', 'user2', 'user3']]);
- $this->endTest();
- }
- /**
- * test if public key from owner is missing
- *
- */
- public function testEndUser2() {
- $this->expectException(\OCA\Encryption\Exceptions\PublicKeyMissingException::class);
- $this->instance->begin('/foo/bar', 'user2', 'r', [], ['users' => ['user1', 'user2', 'user3']]);
- $this->endTest();
- }
- /**
- * common part of testEndUser1 and testEndUser2
- *
- * @throws PublicKeyMissingException
- */
- public function endTest() {
- // prepare internal variables
- self::invokePrivate($this->instance, 'isWriteOperation', [true]);
- self::invokePrivate($this->instance, 'writeCache', ['']);
- $this->keyManagerMock->expects($this->any())
- ->method('getPublicKey')
- ->willReturnCallback([$this, 'getPublicKeyCallback']);
- $this->keyManagerMock->expects($this->any())
- ->method('addSystemKeys')
- ->willReturnCallback([$this, 'addSystemKeysCallback']);
- $this->cryptMock->expects($this->any())
- ->method('multiKeyEncrypt')
- ->willReturn([]);
- $this->instance->end('/foo/bar');
- }
- public function getPublicKeyCallback($uid) {
- if ($uid === 'user2') {
- throw new PublicKeyMissingException($uid);
- }
- return $uid;
- }
- public function addSystemKeysCallback($accessList, $publicKeys) {
- $this->assertSame(2, count($publicKeys));
- $this->assertArrayHasKey('user1', $publicKeys);
- $this->assertArrayHasKey('user3', $publicKeys);
- return $publicKeys;
- }
- /**
- * @dataProvider dataProviderForTestGetPathToRealFile
- */
- public function testGetPathToRealFile($path, $expected) {
- $this->assertSame($expected,
- self::invokePrivate($this->instance, 'getPathToRealFile', [$path])
- );
- }
- public function dataProviderForTestGetPathToRealFile() {
- return [
- ['/user/files/foo/bar.txt', '/user/files/foo/bar.txt'],
- ['/user/files/foo.txt', '/user/files/foo.txt'],
- ['/user/files_versions/foo.txt.v543534', '/user/files/foo.txt'],
- ['/user/files_versions/foo/bar.txt.v5454', '/user/files/foo/bar.txt'],
- ];
- }
- /**
- * @dataProvider dataTestBegin
- */
- public function testBegin($mode, $header, $legacyCipher, $defaultCipher, $fileKey, $expected) {
- $this->sessionMock->expects($this->once())
- ->method('decryptAllModeActivated')
- ->willReturn(false);
- $this->sessionMock->expects($this->never())->method('getDecryptAllUid');
- $this->sessionMock->expects($this->never())->method('getDecryptAllKey');
- $this->keyManagerMock->expects($this->never())->method('getEncryptedFileKey');
- $this->keyManagerMock->expects($this->never())->method('getShareKey');
- $this->cryptMock->expects($this->never())->method('multiKeyDecrypt');
- $this->cryptMock->expects($this->any())
- ->method('getCipher')
- ->willReturn($defaultCipher);
- $this->cryptMock->expects($this->any())
- ->method('getLegacyCipher')
- ->willReturn($legacyCipher);
- if (empty($fileKey)) {
- $this->cryptMock->expects($this->once())
- ->method('generateFileKey')
- ->willReturn('fileKey');
- } else {
- $this->cryptMock->expects($this->never())
- ->method('generateFileKey');
- }
- $this->keyManagerMock->expects($this->once())
- ->method('getFileKey')
- ->willReturn($fileKey);
- $result = $this->instance->begin('/user/files/foo.txt', 'user', $mode, $header, []);
- $this->assertArrayHasKey('cipher', $result);
- $this->assertSame($expected, $result['cipher']);
- if ($mode === 'w') {
- $this->assertTrue(self::invokePrivate($this->instance, 'isWriteOperation'));
- } else {
- $this->assertFalse(self::invokePrivate($this->instance, 'isWriteOperation'));
- }
- }
- public function dataTestBegin() {
- return [
- ['w', ['cipher' => 'myCipher'], 'legacyCipher', 'defaultCipher', 'fileKey', 'defaultCipher'],
- ['r', ['cipher' => 'myCipher'], 'legacyCipher', 'defaultCipher', 'fileKey', 'myCipher'],
- ['w', [], 'legacyCipher', 'defaultCipher', '', 'defaultCipher'],
- ['r', [], 'legacyCipher', 'defaultCipher', 'file_key', 'legacyCipher'],
- ];
- }
- /**
- * test begin() if decryptAll mode was activated
- */
- public function testBeginDecryptAll() {
- $path = '/user/files/foo.txt';
- $recoveryKeyId = 'recoveryKeyId';
- $recoveryShareKey = 'recoveryShareKey';
- $decryptAllKey = 'decryptAllKey';
- $fileKey = 'fileKey';
- $this->sessionMock->expects($this->once())
- ->method('decryptAllModeActivated')
- ->willReturn(true);
- $this->sessionMock->expects($this->once())
- ->method('getDecryptAllUid')
- ->willReturn($recoveryKeyId);
- $this->sessionMock->expects($this->once())
- ->method('getDecryptAllKey')
- ->willReturn($decryptAllKey);
- $this->keyManagerMock->expects($this->once())
- ->method('getEncryptedFileKey')
- ->willReturn('encryptedFileKey');
- $this->keyManagerMock->expects($this->once())
- ->method('getShareKey')
- ->with($path, $recoveryKeyId)
- ->willReturn($recoveryShareKey);
- $this->cryptMock->expects($this->once())
- ->method('multiKeyDecryptLegacy')
- ->with('encryptedFileKey', $recoveryShareKey, $decryptAllKey)
- ->willReturn($fileKey);
- $this->keyManagerMock->expects($this->never())->method('getFileKey');
- $this->instance->begin($path, 'user', 'r', [], []);
- $this->assertSame($fileKey,
- $this->invokePrivate($this->instance, 'fileKey')
- );
- }
- /**
- * test begin() if encryption is not initialized but the master key is enabled
- * in this case we can initialize the encryption without a username/password
- * and continue
- */
- public function testBeginInitMasterKey() {
- $this->sessionMock->expects($this->once())->method('isReady')->willReturn(false);
- $this->utilMock->expects($this->once())->method('isMasterKeyEnabled')
- ->willReturn(true);
- $this->keyManagerMock->expects($this->once())->method('init')->with('', '');
- $this->instance->begin('/user/files/welcome.txt', 'user', 'r', [], []);
- }
- /**
- * @dataProvider dataTestUpdate
- *
- * @param string $fileKey
- * @param boolean $expected
- */
- public function testUpdate($fileKey, $expected) {
- $this->keyManagerMock->expects($this->once())
- ->method('getFileKey')->willReturn($fileKey);
- $this->keyManagerMock->expects($this->any())
- ->method('getPublicKey')->willReturn('publicKey');
- $this->keyManagerMock->expects($this->any())
- ->method('addSystemKeys')
- ->willReturnCallback(function ($accessList, $publicKeys) {
- return $publicKeys;
- });
- $this->keyManagerMock->expects($this->never())->method('getVersion');
- $this->keyManagerMock->expects($this->never())->method('setVersion');
- $this->assertSame($expected,
- $this->instance->update('path', 'user1', ['users' => ['user1']])
- );
- }
- public function dataTestUpdate() {
- return [
- ['', false],
- ['fileKey', true]
- ];
- }
- public function testUpdateNoUsers() {
- $this->invokePrivate($this->instance, 'rememberVersion', [['path' => 2]]);
- $this->keyManagerMock->expects($this->never())->method('getFileKey');
- $this->keyManagerMock->expects($this->never())->method('getPublicKey');
- $this->keyManagerMock->expects($this->never())->method('addSystemKeys');
- $this->keyManagerMock->expects($this->once())->method('setVersion')
- ->willReturnCallback(function ($path, $version, $view) {
- $this->assertSame('path', $path);
- $this->assertSame(2, $version);
- $this->assertTrue($view instanceof \OC\Files\View);
- });
- $this->instance->update('path', 'user1', []);
- }
- /**
- * Test case if the public key is missing. Nextcloud should still encrypt
- * the file for the remaining users
- */
- public function testUpdateMissingPublicKey() {
- $this->keyManagerMock->expects($this->once())
- ->method('getFileKey')->willReturn('fileKey');
- $this->keyManagerMock->expects($this->any())
- ->method('getPublicKey')->willReturnCallback(
- function ($user) {
- throw new PublicKeyMissingException($user);
- }
- );
- $this->keyManagerMock->expects($this->any())
- ->method('addSystemKeys')
- ->willReturnCallback(function ($accessList, $publicKeys) {
- return $publicKeys;
- });
- $this->cryptMock->expects($this->once())->method('multiKeyEncrypt')
- ->willReturnCallback(
- function ($fileKey, $publicKeys) {
- $this->assertEmpty($publicKeys);
- $this->assertSame('fileKey', $fileKey);
- return [];
- }
- );
- $this->keyManagerMock->expects($this->never())->method('getVersion');
- $this->keyManagerMock->expects($this->never())->method('setVersion');
- $this->assertTrue(
- $this->instance->update('path', 'user1', ['users' => ['user1']])
- );
- }
- /**
- * by default the encryption module should encrypt regular files, files in
- * files_versions and files in files_trashbin
- *
- * @dataProvider dataTestShouldEncrypt
- */
- public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected) {
- $this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage')
- ->willReturn($shouldEncryptHomeStorage);
- if ($shouldEncryptHomeStorage === false) {
- $this->storageMock->expects($this->once())->method('instanceOfStorage')
- ->with('\OCP\Files\IHomeStorage')->willReturn($isHomeStorage);
- $this->utilMock->expects($this->once())->method('getStorage')->with($path)
- ->willReturn($this->storageMock);
- }
- $this->assertSame($expected,
- $this->instance->shouldEncrypt($path)
- );
- }
- public function dataTestShouldEncrypt() {
- return [
- ['/user1/files/foo.txt', true, true, true],
- ['/user1/files_versions/foo.txt', true, true, true],
- ['/user1/files_trashbin/foo.txt', true, true, true],
- ['/user1/some_folder/foo.txt', true, true, false],
- ['/user1/foo.txt', true, true, false],
- ['/user1/files', true, true, false],
- ['/user1/files_trashbin', true, true, false],
- ['/user1/files_versions', true, true, false],
- // test if shouldEncryptHomeStorage is set to false
- ['/user1/files/foo.txt', false, true, false],
- ['/user1/files_versions/foo.txt', false, false, true],
- ];
- }
- public function testDecrypt() {
- $this->expectException(\OC\Encryption\Exceptions\DecryptionFailedException::class);
- $this->expectExceptionMessage('Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
- $this->instance->decrypt('abc');
- }
- public function testPrepareDecryptAll() {
- /** @var \Symfony\Component\Console\Input\InputInterface $input */
- $input = $this->createMock(InputInterface::class);
- /** @var \Symfony\Component\Console\Output\OutputInterface $output */
- $output = $this->createMock(OutputInterface::class);
- $this->decryptAllMock->expects($this->once())->method('prepare')
- ->with($input, $output, 'user');
- $this->instance->prepareDecryptAll($input, $output, 'user');
- }
- }
|