You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
4.8 KiB
161 lines
4.8 KiB
<?php |
|
/** |
|
* @copyright Copyright (c) 2016, ownCloud, Inc. |
|
* |
|
* @author Björn Schießle <bjoern@schiessle.org> |
|
* |
|
* @license AGPL-3.0 |
|
* |
|
* This code is free software: you can redistribute it and/or modify |
|
* it under the terms of the GNU Affero General Public License, version 3, |
|
* as published by the Free Software Foundation. |
|
* |
|
* This program is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU Affero General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU Affero General Public License, version 3, |
|
* along with this program. If not, see <http://www.gnu.org/licenses/> |
|
* |
|
*/ |
|
|
|
|
|
namespace OCA\Encryption\Crypto; |
|
|
|
|
|
use OCA\Encryption\KeyManager; |
|
use OCA\Encryption\Session; |
|
use OCA\Encryption\Util; |
|
use Symfony\Component\Console\Helper\QuestionHelper; |
|
use Symfony\Component\Console\Input\InputInterface; |
|
use Symfony\Component\Console\Output\OutputInterface; |
|
use Symfony\Component\Console\Question\ConfirmationQuestion; |
|
use Symfony\Component\Console\Question\Question; |
|
|
|
class DecryptAll { |
|
|
|
/** @var Util */ |
|
protected $util; |
|
|
|
/** @var QuestionHelper */ |
|
protected $questionHelper; |
|
|
|
/** @var Crypt */ |
|
protected $crypt; |
|
|
|
/** @var KeyManager */ |
|
protected $keyManager; |
|
|
|
/** @var Session */ |
|
protected $session; |
|
|
|
/** |
|
* @param Util $util |
|
* @param KeyManager $keyManager |
|
* @param Crypt $crypt |
|
* @param Session $session |
|
* @param QuestionHelper $questionHelper |
|
*/ |
|
public function __construct( |
|
Util $util, |
|
KeyManager $keyManager, |
|
Crypt $crypt, |
|
Session $session, |
|
QuestionHelper $questionHelper |
|
) { |
|
$this->util = $util; |
|
$this->keyManager = $keyManager; |
|
$this->crypt = $crypt; |
|
$this->session = $session; |
|
$this->questionHelper = $questionHelper; |
|
} |
|
|
|
/** |
|
* prepare encryption module to decrypt all files |
|
* |
|
* @param InputInterface $input |
|
* @param OutputInterface $output |
|
* @param $user |
|
* @return bool |
|
*/ |
|
public function prepare(InputInterface $input, OutputInterface $output, $user) { |
|
|
|
$question = new Question('Please enter the recovery key password: '); |
|
|
|
if($this->util->isMasterKeyEnabled()) { |
|
$output->writeln('Use master key to decrypt all files'); |
|
$user = $this->keyManager->getMasterKeyId(); |
|
$password =$this->keyManager->getMasterKeyPassword(); |
|
} else { |
|
$recoveryKeyId = $this->keyManager->getRecoveryKeyId(); |
|
if (!empty($user)) { |
|
$output->writeln('You can only decrypt the users files if you know'); |
|
$output->writeln('the users password or if he activated the recovery key.'); |
|
$output->writeln(''); |
|
$questionUseLoginPassword = new ConfirmationQuestion( |
|
'Do you want to use the users login password to decrypt all files? (y/n) ', |
|
false |
|
); |
|
$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword); |
|
if ($useLoginPassword) { |
|
$question = new Question('Please enter the user\'s login password: '); |
|
} else if ($this->util->isRecoveryEnabledForUser($user) === false) { |
|
$output->writeln('No recovery key available for user ' . $user); |
|
return false; |
|
} else { |
|
$user = $recoveryKeyId; |
|
} |
|
} else { |
|
$output->writeln('You can only decrypt the files of all users if the'); |
|
$output->writeln('recovery key is enabled by the admin and activated by the users.'); |
|
$output->writeln(''); |
|
$user = $recoveryKeyId; |
|
} |
|
|
|
$question->setHidden(true); |
|
$question->setHiddenFallback(false); |
|
$password = $this->questionHelper->ask($input, $output, $question); |
|
} |
|
|
|
$privateKey = $this->getPrivateKey($user, $password); |
|
if ($privateKey !== false) { |
|
$this->updateSession($user, $privateKey); |
|
return true; |
|
} else { |
|
$output->writeln('Could not decrypt private key, maybe you entered the wrong password?'); |
|
} |
|
|
|
|
|
return false; |
|
} |
|
|
|
/** |
|
* get the private key which will be used to decrypt all files |
|
* |
|
* @param string $user |
|
* @param string $password |
|
* @return bool|string |
|
* @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException |
|
*/ |
|
protected function getPrivateKey($user, $password) { |
|
$recoveryKeyId = $this->keyManager->getRecoveryKeyId(); |
|
$masterKeyId = $this->keyManager->getMasterKeyId(); |
|
if ($user === $recoveryKeyId) { |
|
$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId); |
|
$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password); |
|
} elseif ($user === $masterKeyId) { |
|
$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId); |
|
$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId); |
|
} else { |
|
$userKey = $this->keyManager->getPrivateKey($user); |
|
$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user); |
|
} |
|
|
|
return $privateKey; |
|
} |
|
|
|
protected function updateSession($user, $privateKey) { |
|
$this->session->prepareDecryptAll($user, $privateKey); |
|
} |
|
}
|
|
|