1
0

storage.php 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352
  1. <?php
  2. /**
  3. * @author Björn Schießle <schiessle@owncloud.com>
  4. * @author Thomas Müller <thomas.mueller@tmit.eu>
  5. *
  6. * @copyright Copyright (c) 2015, ownCloud, Inc.
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace OC\Encryption\Keys;
  23. use OC\Encryption\Util;
  24. use OC\Files\View;
  25. use OCP\Encryption\Exceptions\GenericEncryptionException;
  26. class Storage implements \OCP\Encryption\Keys\IStorage {
  27. /** @var View */
  28. private $view;
  29. /** @var Util */
  30. private $util;
  31. // base dir where all the file related keys are stored
  32. private $keys_base_dir;
  33. private $encryption_base_dir;
  34. private $keyCache = array();
  35. /** @var string */
  36. private $encryptionModuleId;
  37. /**
  38. * @param string $encryptionModuleId
  39. * @param View $view
  40. * @param Util $util
  41. */
  42. public function __construct($encryptionModuleId, View $view, Util $util) {
  43. $this->view = $view;
  44. $this->util = $util;
  45. $this->encryptionModuleId = $encryptionModuleId;
  46. $this->encryption_base_dir = '/files_encryption';
  47. $this->keys_base_dir = $this->encryption_base_dir .'/keys';
  48. }
  49. /**
  50. * get user specific key
  51. *
  52. * @param string $uid ID if the user for whom we want the key
  53. * @param string $keyId id of the key
  54. *
  55. * @return mixed key
  56. */
  57. public function getUserKey($uid, $keyId) {
  58. $path = $this->constructUserKeyPath($keyId, $uid);
  59. return $this->getKey($path);
  60. }
  61. /**
  62. * get file specific key
  63. *
  64. * @param string $path path to file
  65. * @param string $keyId id of the key
  66. *
  67. * @return mixed key
  68. */
  69. public function getFileKey($path, $keyId) {
  70. $keyDir = $this->getFileKeyDir($path);
  71. return $this->getKey($keyDir . $keyId);
  72. }
  73. /**
  74. * get system-wide encryption keys not related to a specific user,
  75. * e.g something like a key for public link shares
  76. *
  77. * @param string $keyId id of the key
  78. *
  79. * @return mixed key
  80. */
  81. public function getSystemUserKey($keyId) {
  82. $path = $this->constructUserKeyPath($keyId);
  83. return $this->getKey($path);
  84. }
  85. /**
  86. * set user specific key
  87. *
  88. * @param string $uid ID if the user for whom we want the key
  89. * @param string $keyId id of the key
  90. * @param mixed $key
  91. */
  92. public function setUserKey($uid, $keyId, $key) {
  93. $path = $this->constructUserKeyPath($keyId, $uid);
  94. return $this->setKey($path, $key);
  95. }
  96. /**
  97. * set file specific key
  98. *
  99. * @param string $path path to file
  100. * @param string $keyId id of the key
  101. * @param boolean
  102. */
  103. public function setFileKey($path, $keyId, $key) {
  104. $keyDir = $this->getFileKeyDir($path);
  105. return $this->setKey($keyDir . $keyId, $key);
  106. }
  107. /**
  108. * set system-wide encryption keys not related to a specific user,
  109. * e.g something like a key for public link shares
  110. *
  111. * @param string $keyId id of the key
  112. * @param mixed $key
  113. *
  114. * @return mixed key
  115. */
  116. public function setSystemUserKey($keyId, $key) {
  117. $path = $this->constructUserKeyPath($keyId);
  118. return $this->setKey($path, $key);
  119. }
  120. /**
  121. * delete user specific key
  122. *
  123. * @param string $uid ID if the user for whom we want to delete the key
  124. * @param string $keyId id of the key
  125. *
  126. * @return boolean
  127. */
  128. public function deleteUserKey($uid, $keyId) {
  129. $path = $this->constructUserKeyPath($keyId, $uid);
  130. return $this->view->unlink($path);
  131. }
  132. /**
  133. * delete file specific key
  134. *
  135. * @param string $path path to file
  136. * @param string $keyId id of the key
  137. *
  138. * @return boolean
  139. */
  140. public function deleteFileKey($path, $keyId) {
  141. $keyDir = $this->getFileKeyDir($path);
  142. return $this->view->unlink($keyDir . $keyId);
  143. }
  144. /**
  145. * delete all file keys for a given file
  146. *
  147. * @param string $path to the file
  148. * @return boolean
  149. */
  150. public function deleteAllFileKeys($path) {
  151. $keyDir = $this->getFileKeyDir($path);
  152. return $this->view->deleteAll(dirname($keyDir));
  153. }
  154. /**
  155. * delete system-wide encryption keys not related to a specific user,
  156. * e.g something like a key for public link shares
  157. *
  158. * @param string $keyId id of the key
  159. *
  160. * @return boolean
  161. */
  162. public function deleteSystemUserKey($keyId) {
  163. $path = $this->constructUserKeyPath($keyId);
  164. return $this->view->unlink($path);
  165. }
  166. /**
  167. * construct path to users key
  168. *
  169. * @param string $keyId
  170. * @param string $uid
  171. * @return string
  172. */
  173. protected function constructUserKeyPath($keyId, $uid = null) {
  174. if ($uid === null) {
  175. $path = $this->encryption_base_dir . '/' . $this->encryptionModuleId . '/' . $keyId;
  176. } else {
  177. $path = '/' . $uid . $this->encryption_base_dir . '/'
  178. . $this->encryptionModuleId . '/' . $uid . '.' . $keyId;
  179. }
  180. return $path;
  181. }
  182. /**
  183. * read key from hard disk
  184. *
  185. * @param string $path to key
  186. * @return string
  187. */
  188. private function getKey($path) {
  189. $key = '';
  190. if ($this->view->file_exists($path)) {
  191. if (isset($this->keyCache[$path])) {
  192. $key = $this->keyCache[$path];
  193. } else {
  194. $key = $this->view->file_get_contents($path);
  195. $this->keyCache[$path] = $key;
  196. }
  197. }
  198. return $key;
  199. }
  200. /**
  201. * write key to disk
  202. *
  203. *
  204. * @param string $path path to key directory
  205. * @param string $key key
  206. * @return bool
  207. */
  208. private function setKey($path, $key) {
  209. $this->keySetPreparation(dirname($path));
  210. $result = $this->view->file_put_contents($path, $key);
  211. if (is_int($result) && $result > 0) {
  212. $this->keyCache[$path] = $key;
  213. return true;
  214. }
  215. return false;
  216. }
  217. /**
  218. * get path to key folder for a given file
  219. *
  220. * @param string $path path to the file, relative to data/
  221. * @return string
  222. * @throws GenericEncryptionException
  223. * @internal param string $keyId
  224. */
  225. private function getFileKeyDir($path) {
  226. if ($this->view->is_dir($path)) {
  227. throw new GenericEncryptionException("file was expected but directory was given: $path");
  228. }
  229. list($owner, $filename) = $this->util->getUidAndFilename($path);
  230. $filename = $this->util->stripPartialFileExtension($filename);
  231. // in case of system wide mount points the keys are stored directly in the data directory
  232. if ($this->util->isSystemWideMountPoint($filename)) {
  233. $keyPath = $this->keys_base_dir . $filename . '/';
  234. } else {
  235. $keyPath = '/' . $owner . $this->keys_base_dir . $filename . '/';
  236. }
  237. return \OC\Files\Filesystem::normalizePath($keyPath . $this->encryptionModuleId . '/', false);
  238. }
  239. /**
  240. * move keys if a file was renamed
  241. *
  242. * @param string $source
  243. * @param string $target
  244. * @param string $owner
  245. * @param bool $systemWide
  246. */
  247. public function renameKeys($source, $target) {
  248. list($owner, $source) = $this->util->getUidAndFilename($source);
  249. list(, $target) = $this->util->getUidAndFilename($target);
  250. $systemWide = $this->util->isSystemWideMountPoint($target);
  251. if ($systemWide) {
  252. $sourcePath = $this->keys_base_dir . $source . '/';
  253. $targetPath = $this->keys_base_dir . $target . '/';
  254. } else {
  255. $sourcePath = '/' . $owner . $this->keys_base_dir . $source . '/';
  256. $targetPath = '/' . $owner . $this->keys_base_dir . $target . '/';
  257. }
  258. if ($this->view->file_exists($sourcePath)) {
  259. $this->keySetPreparation(dirname($targetPath));
  260. $this->view->rename($sourcePath, $targetPath);
  261. }
  262. }
  263. /**
  264. * copy keys if a file was renamed
  265. *
  266. * @param string $source
  267. * @param string $target
  268. * @param string $owner
  269. * @param bool $systemWide
  270. */
  271. public function copyKeys($source, $target) {
  272. list($owner, $source) = $this->util->getUidAndFilename($source);
  273. list(, $target) = $this->util->getUidAndFilename($target);
  274. $systemWide = $this->util->isSystemWideMountPoint($target);
  275. if ($systemWide) {
  276. $sourcePath = $this->keys_base_dir . $source . '/';
  277. $targetPath = $this->keys_base_dir . $target . '/';
  278. } else {
  279. $sourcePath = '/' . $owner . $this->keys_base_dir . $source . '/';
  280. $targetPath = '/' . $owner . $this->keys_base_dir . $target . '/';
  281. }
  282. if ($this->view->file_exists($sourcePath)) {
  283. $this->keySetPreparation(dirname($targetPath));
  284. $this->view->copy($sourcePath, $targetPath);
  285. }
  286. }
  287. /**
  288. * Make preparations to filesystem for saving a keyfile
  289. *
  290. * @param string $path relative to the views root
  291. */
  292. protected function keySetPreparation($path) {
  293. // If the file resides within a subdirectory, create it
  294. if (!$this->view->file_exists($path)) {
  295. $sub_dirs = explode('/', ltrim($path, '/'));
  296. $dir = '';
  297. foreach ($sub_dirs as $sub_dir) {
  298. $dir .= '/' . $sub_dir;
  299. if (!$this->view->is_dir($dir)) {
  300. $this->view->mkdir($dir);
  301. }
  302. }
  303. }
  304. }
  305. }