Inspection of "Merge pull request #22218 from nextcloud/enh/sse/m..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 4361d6...b604d5 )

by Roeland

created 2020-08-19 18:10 UTC

Status

Indentation +661 added lines, -661 removed lines patch added patch discarded remove patch

@@ -56,665 +56,665 @@
 block discarded – undo
  * @package OCA\Encryption\Crypto
  */
 class Crypt {
-	public const DEFAULT_CIPHER = 'AES-256-CTR';
-	// default cipher from old Nextcloud versions
-	public const LEGACY_CIPHER = 'AES-128-CFB';
-
-	// default key format, old Nextcloud version encrypted the private key directly
-	// with the user password
-	public const LEGACY_KEY_FORMAT = 'password';
-
-	public const HEADER_START = 'HBEGIN';
-	public const HEADER_END = 'HEND';
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var string */
-	private $user;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var array */
-	private $supportedKeyFormats;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var array */
-	private $supportedCiphersAndKeySize = [
-		'AES-256-CTR' => 32,
-		'AES-128-CTR' => 16,
-		'AES-256-CFB' => 32,
-		'AES-128-CFB' => 16,
-	];
-
-	/** @var bool */
-	private $supportLegacy;
-
-	/**
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param IL10N $l
-	 */
-	public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) {
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
-		$this->config = $config;
-		$this->l = $l;
-		$this->supportedKeyFormats = ['hash', 'password'];
-
-		$this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
-	}
-
-	/**
-	 * create new private/public key-pair for user
-	 *
-	 * @return array|bool
-	 */
-	public function createKeyPair() {
-		$log = $this->logger;
-		$res = $this->getOpenSSLPKey();
-
-		if (!$res) {
-			$log->error("Encryption Library couldn't generate users key-pair for {$this->user}",
-				['app' => 'encryption']);
-
-			if (openssl_error_string()) {
-				$log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
-					['app' => 'encryption']);
-			}
-		} elseif (openssl_pkey_export($res,
-			$privateKey,
-			null,
-			$this->getOpenSSLConfig())) {
-			$keyDetails = openssl_pkey_get_details($res);
-			$publicKey = $keyDetails['key'];
-
-			return [
-				'publicKey' => $publicKey,
-				'privateKey' => $privateKey
-			];
-		}
-		$log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
-			['app' => 'encryption']);
-		if (openssl_error_string()) {
-			$log->error('Encryption Library:' . openssl_error_string(),
-				['app' => 'encryption']);
-		}
-
-		return false;
-	}
-
-	/**
-	 * Generates a new private key
-	 *
-	 * @return resource
-	 */
-	public function getOpenSSLPKey() {
-		$config = $this->getOpenSSLConfig();
-		return openssl_pkey_new($config);
-	}
-
-	/**
-	 * get openSSL Config
-	 *
-	 * @return array
-	 */
-	private function getOpenSSLConfig() {
-		$config = ['private_key_bits' => 4096];
-		$config = array_merge(
-			$config,
-			$this->config->getSystemValue('openssl', [])
-		);
-		return $config;
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param string $passPhrase
-	 * @param int $version
-	 * @param int $position
-	 * @return false|string
-	 * @throws EncryptionFailedException
-	 */
-	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
-		if (!$plainContent) {
-			$this->logger->error('Encryption Library, symmetrical encryption failed no content given',
-				['app' => 'encryption']);
-			return false;
-		}
-
-		$iv = $this->generateIv();
-
-		$encryptedContent = $this->encrypt($plainContent,
-			$iv,
-			$passPhrase,
-			$this->getCipher());
-
-		// Create a signature based on the key as well as the current version
-		$sig = $this->createSignature($encryptedContent, $passPhrase.'_'.$version.'_'.$position);
-
-		// combine content to encrypt the IV identifier and actual IV
-		$catFile = $this->concatIV($encryptedContent, $iv);
-		$catFile = $this->concatSig($catFile, $sig);
-		return $this->addPadding($catFile);
-	}
-
-	/**
-	 * generate header for encrypted file
-	 *
-	 * @param string $keyFormat (can be 'hash' or 'password')
-	 * @return string
-	 * @throws \InvalidArgumentException
-	 */
-	public function generateHeader($keyFormat = 'hash') {
-		if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
-			throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
-		}
-
-		$cipher = $this->getCipher();
-
-		$header = self::HEADER_START
-			. ':cipher:' . $cipher
-			. ':keyFormat:' . $keyFormat
-			. ':' . self::HEADER_END;
-
-		return $header;
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param string $iv
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @return string
-	 * @throws EncryptionFailedException
-	 */
-	private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
-		$encryptedContent = openssl_encrypt($plainContent,
-			$cipher,
-			$passPhrase,
-			false,
-			$iv);
-
-		if (!$encryptedContent) {
-			$error = 'Encryption (symmetric) of content failed';
-			$this->logger->error($error . openssl_error_string(),
-				['app' => 'encryption']);
-			throw new EncryptionFailedException($error);
-		}
-
-		return $encryptedContent;
-	}
-
-	/**
-	 * return Cipher either from config.php or the default cipher defined in
-	 * this class
-	 *
-	 * @return string
-	 */
-	public function getCipher() {
-		$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
-		if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
-			$this->logger->warning(
-					sprintf(
-							'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
-							$cipher,
-							self::DEFAULT_CIPHER
-					),
-				['app' => 'encryption']);
-			$cipher = self::DEFAULT_CIPHER;
-		}
-
-		// Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
-		if (OPENSSL_VERSION_NUMBER < 0x1000101f) {
-			if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
-				$cipher = self::LEGACY_CIPHER;
-			}
-		}
-
-		return $cipher;
-	}
-
-	/**
-	 * get key size depending on the cipher
-	 *
-	 * @param string $cipher
-	 * @return int
-	 * @throws \InvalidArgumentException
-	 */
-	protected function getKeySize($cipher) {
-		if (isset($this->supportedCiphersAndKeySize[$cipher])) {
-			return $this->supportedCiphersAndKeySize[$cipher];
-		}
-
-		throw new \InvalidArgumentException(
-			sprintf(
-					'Unsupported cipher (%s) defined.',
-					$cipher
-			)
-		);
-	}
-
-	/**
-	 * get legacy cipher
-	 *
-	 * @return string
-	 */
-	public function getLegacyCipher() {
-		if (!$this->supportLegacy) {
-			throw new ServerNotAvailableException('Legacy cipher is no longer supported!');
-		}
-
-		return self::LEGACY_CIPHER;
-	}
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $iv
-	 * @return string
-	 */
-	private function concatIV($encryptedContent, $iv) {
-		return $encryptedContent . '00iv00' . $iv;
-	}
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $signature
-	 * @return string
-	 */
-	private function concatSig($encryptedContent, $signature) {
-		return $encryptedContent . '00sig00' . $signature;
-	}
-
-	/**
-	 * Note: This is _NOT_ a padding used for encryption purposes. It is solely
-	 * used to achieve the PHP stream size. It has _NOTHING_ to do with the
-	 * encrypted content and is not used in any crypto primitive.
-	 *
-	 * @param string $data
-	 * @return string
-	 */
-	private function addPadding($data) {
-		return $data . 'xxx';
-	}
-
-	/**
-	 * generate password hash used to encrypt the users private key
-	 *
-	 * @param string $password
-	 * @param string $cipher
-	 * @param string $uid only used for user keys
-	 * @return string
-	 */
-	protected function generatePasswordHash($password, $cipher, $uid = '') {
-		$instanceId = $this->config->getSystemValue('instanceid');
-		$instanceSecret = $this->config->getSystemValue('secret');
-		$salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
-		$keySize = $this->getKeySize($cipher);
-
-		$hash = hash_pbkdf2(
-			'sha256',
-			$password,
-			$salt,
-			100000,
-			$keySize,
-			true
-		);
-
-		return $hash;
-	}
-
-	/**
-	 * encrypt private key
-	 *
-	 * @param string $privateKey
-	 * @param string $password
-	 * @param string $uid for regular users, empty for system keys
-	 * @return false|string
-	 */
-	public function encryptPrivateKey($privateKey, $password, $uid = '') {
-		$cipher = $this->getCipher();
-		$hash = $this->generatePasswordHash($password, $cipher, $uid);
-		$encryptedKey = $this->symmetricEncryptFileContent(
-			$privateKey,
-			$hash,
-			0,
-			0
-		);
-
-		return $encryptedKey;
-	}
-
-	/**
-	 * @param string $privateKey
-	 * @param string $password
-	 * @param string $uid for regular users, empty for system keys
-	 * @return false|string
-	 */
-	public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
-		$header = $this->parseHeader($privateKey);
-
-		if (isset($header['cipher'])) {
-			$cipher = $header['cipher'];
-		} else {
-			$cipher = $this->getLegacyCipher();
-		}
-
-		if (isset($header['keyFormat'])) {
-			$keyFormat = $header['keyFormat'];
-		} else {
-			$keyFormat = self::LEGACY_KEY_FORMAT;
-		}
-
-		if ($keyFormat === 'hash') {
-			$password = $this->generatePasswordHash($password, $cipher, $uid);
-		}
-
-		// If we found a header we need to remove it from the key we want to decrypt
-		if (!empty($header)) {
-			$privateKey = substr($privateKey,
-				strpos($privateKey,
-					self::HEADER_END) + strlen(self::HEADER_END));
-		}
-
-		$plainKey = $this->symmetricDecryptFileContent(
-			$privateKey,
-			$password,
-			$cipher,
-			0
-		);
-
-		if ($this->isValidPrivateKey($plainKey) === false) {
-			return false;
-		}
-
-		return $plainKey;
-	}
-
-	/**
-	 * check if it is a valid private key
-	 *
-	 * @param string $plainKey
-	 * @return bool
-	 */
-	protected function isValidPrivateKey($plainKey) {
-		$res = openssl_get_privatekey($plainKey);
-		if (is_resource($res)) {
-			$sslInfo = openssl_pkey_get_details($res);
-			if (isset($sslInfo['key'])) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * @param string $keyFileContents
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @param int $version
-	 * @param int $position
-	 * @return string
-	 * @throws DecryptionFailedException
-	 */
-	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
-		if ($keyFileContents == '') {
-			return '';
-		}
-
-		$catFile = $this->splitMetaData($keyFileContents, $cipher);
-
-		if ($catFile['signature'] !== false) {
-			try {
-				// First try the new format
-				$this->checkSignature($catFile['encrypted'], $passPhrase . '_' . $version . '_' . $position, $catFile['signature']);
-			} catch (GenericEncryptionException $e) {
-				// For compatibility with old files check the version without _
-				$this->checkSignature($catFile['encrypted'], $passPhrase . $version . $position, $catFile['signature']);
-			}
-		}
-
-		return $this->decrypt($catFile['encrypted'],
-			$catFile['iv'],
-			$passPhrase,
-			$cipher);
-	}
-
-	/**
-	 * check for valid signature
-	 *
-	 * @param string $data
-	 * @param string $passPhrase
-	 * @param string $expectedSignature
-	 * @throws GenericEncryptionException
-	 */
-	private function checkSignature($data, $passPhrase, $expectedSignature) {
-		$enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
-
-		$signature = $this->createSignature($data, $passPhrase);
-		$isCorrectHash = hash_equals($expectedSignature, $signature);
-
-		if (!$isCorrectHash && $enforceSignature) {
-			throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
-		} elseif (!$isCorrectHash && !$enforceSignature) {
-			$this->logger->info("Signature check skipped", ['app' => 'encryption']);
-		}
-	}
-
-	/**
-	 * create signature
-	 *
-	 * @param string $data
-	 * @param string $passPhrase
-	 * @return string
-	 */
-	private function createSignature($data, $passPhrase) {
-		$passPhrase = hash('sha512', $passPhrase . 'a', true);
-		return hash_hmac('sha256', $data, $passPhrase);
-	}
-
-
-	/**
-	 * remove padding
-	 *
-	 * @param string $padded
-	 * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
-	 * @return string|false
-	 */
-	private function removePadding($padded, $hasSignature = false) {
-		if ($hasSignature === false && substr($padded, -2) === 'xx') {
-			return substr($padded, 0, -2);
-		} elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
-			return substr($padded, 0, -3);
-		}
-		return false;
-	}
-
-	/**
-	 * split meta data from encrypted file
-	 * Note: for now, we assume that the meta data always start with the iv
-	 *       followed by the signature, if available
-	 *
-	 * @param string $catFile
-	 * @param string $cipher
-	 * @return array
-	 */
-	private function splitMetaData($catFile, $cipher) {
-		if ($this->hasSignature($catFile, $cipher)) {
-			$catFile = $this->removePadding($catFile, true);
-			$meta = substr($catFile, -93);
-			$iv = substr($meta, strlen('00iv00'), 16);
-			$sig = substr($meta, 22 + strlen('00sig00'));
-			$encrypted = substr($catFile, 0, -93);
-		} else {
-			$catFile = $this->removePadding($catFile);
-			$meta = substr($catFile, -22);
-			$iv = substr($meta, -16);
-			$sig = false;
-			$encrypted = substr($catFile, 0, -22);
-		}
-
-		return [
-			'encrypted' => $encrypted,
-			'iv' => $iv,
-			'signature' => $sig
-		];
-	}
-
-	/**
-	 * check if encrypted block is signed
-	 *
-	 * @param string $catFile
-	 * @param string $cipher
-	 * @return bool
-	 * @throws GenericEncryptionException
-	 */
-	private function hasSignature($catFile, $cipher) {
-		$skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
-
-		$meta = substr($catFile, -93);
-		$signaturePosition = strpos($meta, '00sig00');
-
-		// If we no longer support the legacy format then everything needs a signature
-		if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) {
-			throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
-		}
-
-		// enforce signature for the new 'CTR' ciphers
-		if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
-			throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
-		}
-
-		return ($signaturePosition !== false);
-	}
-
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $iv
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @return string
-	 * @throws DecryptionFailedException
-	 */
-	private function decrypt($encryptedContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
-		$plainContent = openssl_decrypt($encryptedContent,
-			$cipher,
-			$passPhrase,
-			false,
-			$iv);
-
-		if ($plainContent) {
-			return $plainContent;
-		} else {
-			throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
-		}
-	}
-
-	/**
-	 * @param string $data
-	 * @return array
-	 */
-	protected function parseHeader($data) {
-		$result = [];
-
-		if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
-			$endAt = strpos($data, self::HEADER_END);
-			$header = substr($data, 0, $endAt + strlen(self::HEADER_END));
-
-			// +1 not to start with an ':' which would result in empty element at the beginning
-			$exploded = explode(':',
-				substr($header, strlen(self::HEADER_START) + 1));
-
-			$element = array_shift($exploded);
-
-			while ($element !== self::HEADER_END) {
-				$result[$element] = array_shift($exploded);
-				$element = array_shift($exploded);
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * generate initialization vector
-	 *
-	 * @return string
-	 * @throws GenericEncryptionException
-	 */
-	private function generateIv() {
-		return random_bytes(16);
-	}
-
-	/**
-	 * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
-	 * as file key
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function generateFileKey() {
-		return random_bytes(32);
-	}
-
-	/**
-	 * @param $encKeyFile
-	 * @param $shareKey
-	 * @param $privateKey
-	 * @return string
-	 * @throws MultiKeyDecryptException
-	 */
-	public function multiKeyDecrypt($encKeyFile, $shareKey, $privateKey) {
-		if (!$encKeyFile) {
-			throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
-		}
-
-		if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
-			return $plainContent;
-		} else {
-			throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
-		}
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param array $keyFiles
-	 * @return array
-	 * @throws MultiKeyEncryptException
-	 */
-	public function multiKeyEncrypt($plainContent, array $keyFiles) {
-		// openssl_seal returns false without errors if plaincontent is empty
-		// so trigger our own error
-		if (empty($plainContent)) {
-			throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
-		}
-
-		// Set empty vars to be set by openssl by reference
-		$sealed = '';
-		$shareKeys = [];
-		$mappedShareKeys = [];
-
-		if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles)) {
-			$i = 0;
-
-			// Ensure each shareKey is labelled with its corresponding key id
-			foreach ($keyFiles as $userId => $publicKey) {
-				$mappedShareKeys[$userId] = $shareKeys[$i];
-				$i++;
-			}
-
-			return [
-				'keys' => $mappedShareKeys,
-				'data' => $sealed
-			];
-		} else {
-			throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
-		}
-	}
+    public const DEFAULT_CIPHER = 'AES-256-CTR';
+    // default cipher from old Nextcloud versions
+    public const LEGACY_CIPHER = 'AES-128-CFB';
+
+    // default key format, old Nextcloud version encrypted the private key directly
+    // with the user password
+    public const LEGACY_KEY_FORMAT = 'password';
+
+    public const HEADER_START = 'HBEGIN';
+    public const HEADER_END = 'HEND';
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var string */
+    private $user;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var array */
+    private $supportedKeyFormats;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var array */
+    private $supportedCiphersAndKeySize = [
+        'AES-256-CTR' => 32,
+        'AES-128-CTR' => 16,
+        'AES-256-CFB' => 32,
+        'AES-128-CFB' => 16,
+    ];
+
+    /** @var bool */
+    private $supportLegacy;
+
+    /**
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param IL10N $l
+     */
+    public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) {
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
+        $this->config = $config;
+        $this->l = $l;
+        $this->supportedKeyFormats = ['hash', 'password'];
+
+        $this->supportLegacy = $this->config->getSystemValueBool('encryption.legacy_format_support', false);
+    }
+
+    /**
+     * create new private/public key-pair for user
+     *
+     * @return array|bool
+     */
+    public function createKeyPair() {
+        $log = $this->logger;
+        $res = $this->getOpenSSLPKey();
+
+        if (!$res) {
+            $log->error("Encryption Library couldn't generate users key-pair for {$this->user}",
+                ['app' => 'encryption']);
+
+            if (openssl_error_string()) {
+                $log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
+                    ['app' => 'encryption']);
+            }
+        } elseif (openssl_pkey_export($res,
+            $privateKey,
+            null,
+            $this->getOpenSSLConfig())) {
+            $keyDetails = openssl_pkey_get_details($res);
+            $publicKey = $keyDetails['key'];
+
+            return [
+                'publicKey' => $publicKey,
+                'privateKey' => $privateKey
+            ];
+        }
+        $log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
+            ['app' => 'encryption']);
+        if (openssl_error_string()) {
+            $log->error('Encryption Library:' . openssl_error_string(),
+                ['app' => 'encryption']);
+        }
+
+        return false;
+    }
+
+    /**
+     * Generates a new private key
+     *
+     * @return resource
+     */
+    public function getOpenSSLPKey() {
+        $config = $this->getOpenSSLConfig();
+        return openssl_pkey_new($config);
+    }
+
+    /**
+     * get openSSL Config
+     *
+     * @return array
+     */
+    private function getOpenSSLConfig() {
+        $config = ['private_key_bits' => 4096];
+        $config = array_merge(
+            $config,
+            $this->config->getSystemValue('openssl', [])
+        );
+        return $config;
+    }
+
+    /**
+     * @param string $plainContent
+     * @param string $passPhrase
+     * @param int $version
+     * @param int $position
+     * @return false|string
+     * @throws EncryptionFailedException
+     */
+    public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
+        if (!$plainContent) {
+            $this->logger->error('Encryption Library, symmetrical encryption failed no content given',
+                ['app' => 'encryption']);
+            return false;
+        }
+
+        $iv = $this->generateIv();
+
+        $encryptedContent = $this->encrypt($plainContent,
+            $iv,
+            $passPhrase,
+            $this->getCipher());
+
+        // Create a signature based on the key as well as the current version
+        $sig = $this->createSignature($encryptedContent, $passPhrase.'_'.$version.'_'.$position);
+
+        // combine content to encrypt the IV identifier and actual IV
+        $catFile = $this->concatIV($encryptedContent, $iv);
+        $catFile = $this->concatSig($catFile, $sig);
+        return $this->addPadding($catFile);
+    }
+
+    /**
+     * generate header for encrypted file
+     *
+     * @param string $keyFormat (can be 'hash' or 'password')
+     * @return string
+     * @throws \InvalidArgumentException
+     */
+    public function generateHeader($keyFormat = 'hash') {
+        if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
+            throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
+        }
+
+        $cipher = $this->getCipher();
+
+        $header = self::HEADER_START
+            . ':cipher:' . $cipher
+            . ':keyFormat:' . $keyFormat
+            . ':' . self::HEADER_END;
+
+        return $header;
+    }
+
+    /**
+     * @param string $plainContent
+     * @param string $iv
+     * @param string $passPhrase
+     * @param string $cipher
+     * @return string
+     * @throws EncryptionFailedException
+     */
+    private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
+        $encryptedContent = openssl_encrypt($plainContent,
+            $cipher,
+            $passPhrase,
+            false,
+            $iv);
+
+        if (!$encryptedContent) {
+            $error = 'Encryption (symmetric) of content failed';
+            $this->logger->error($error . openssl_error_string(),
+                ['app' => 'encryption']);
+            throw new EncryptionFailedException($error);
+        }
+
+        return $encryptedContent;
+    }
+
+    /**
+     * return Cipher either from config.php or the default cipher defined in
+     * this class
+     *
+     * @return string
+     */
+    public function getCipher() {
+        $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
+        if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
+            $this->logger->warning(
+                    sprintf(
+                            'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
+                            $cipher,
+                            self::DEFAULT_CIPHER
+                    ),
+                ['app' => 'encryption']);
+            $cipher = self::DEFAULT_CIPHER;
+        }
+
+        // Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
+        if (OPENSSL_VERSION_NUMBER < 0x1000101f) {
+            if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
+                $cipher = self::LEGACY_CIPHER;
+            }
+        }
+
+        return $cipher;
+    }
+
+    /**
+     * get key size depending on the cipher
+     *
+     * @param string $cipher
+     * @return int
+     * @throws \InvalidArgumentException
+     */
+    protected function getKeySize($cipher) {
+        if (isset($this->supportedCiphersAndKeySize[$cipher])) {
+            return $this->supportedCiphersAndKeySize[$cipher];
+        }
+
+        throw new \InvalidArgumentException(
+            sprintf(
+                    'Unsupported cipher (%s) defined.',
+                    $cipher
+            )
+        );
+    }
+
+    /**
+     * get legacy cipher
+     *
+     * @return string
+     */
+    public function getLegacyCipher() {
+        if (!$this->supportLegacy) {
+            throw new ServerNotAvailableException('Legacy cipher is no longer supported!');
+        }
+
+        return self::LEGACY_CIPHER;
+    }
+
+    /**
+     * @param string $encryptedContent
+     * @param string $iv
+     * @return string
+     */
+    private function concatIV($encryptedContent, $iv) {
+        return $encryptedContent . '00iv00' . $iv;
+    }
+
+    /**
+     * @param string $encryptedContent
+     * @param string $signature
+     * @return string
+     */
+    private function concatSig($encryptedContent, $signature) {
+        return $encryptedContent . '00sig00' . $signature;
+    }
+
+    /**
+     * Note: This is _NOT_ a padding used for encryption purposes. It is solely
+     * used to achieve the PHP stream size. It has _NOTHING_ to do with the
+     * encrypted content and is not used in any crypto primitive.
+     *
+     * @param string $data
+     * @return string
+     */
+    private function addPadding($data) {
+        return $data . 'xxx';
+    }
+
+    /**
+     * generate password hash used to encrypt the users private key
+     *
+     * @param string $password
+     * @param string $cipher
+     * @param string $uid only used for user keys
+     * @return string
+     */
+    protected function generatePasswordHash($password, $cipher, $uid = '') {
+        $instanceId = $this->config->getSystemValue('instanceid');
+        $instanceSecret = $this->config->getSystemValue('secret');
+        $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
+        $keySize = $this->getKeySize($cipher);
+
+        $hash = hash_pbkdf2(
+            'sha256',
+            $password,
+            $salt,
+            100000,
+            $keySize,
+            true
+        );
+
+        return $hash;
+    }
+
+    /**
+     * encrypt private key
+     *
+     * @param string $privateKey
+     * @param string $password
+     * @param string $uid for regular users, empty for system keys
+     * @return false|string
+     */
+    public function encryptPrivateKey($privateKey, $password, $uid = '') {
+        $cipher = $this->getCipher();
+        $hash = $this->generatePasswordHash($password, $cipher, $uid);
+        $encryptedKey = $this->symmetricEncryptFileContent(
+            $privateKey,
+            $hash,
+            0,
+            0
+        );
+
+        return $encryptedKey;
+    }
+
+    /**
+     * @param string $privateKey
+     * @param string $password
+     * @param string $uid for regular users, empty for system keys
+     * @return false|string
+     */
+    public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
+        $header = $this->parseHeader($privateKey);
+
+        if (isset($header['cipher'])) {
+            $cipher = $header['cipher'];
+        } else {
+            $cipher = $this->getLegacyCipher();
+        }
+
+        if (isset($header['keyFormat'])) {
+            $keyFormat = $header['keyFormat'];
+        } else {
+            $keyFormat = self::LEGACY_KEY_FORMAT;
+        }
+
+        if ($keyFormat === 'hash') {
+            $password = $this->generatePasswordHash($password, $cipher, $uid);
+        }
+
+        // If we found a header we need to remove it from the key we want to decrypt
+        if (!empty($header)) {
+            $privateKey = substr($privateKey,
+                strpos($privateKey,
+                    self::HEADER_END) + strlen(self::HEADER_END));
+        }
+
+        $plainKey = $this->symmetricDecryptFileContent(
+            $privateKey,
+            $password,
+            $cipher,
+            0
+        );
+
+        if ($this->isValidPrivateKey($plainKey) === false) {
+            return false;
+        }
+
+        return $plainKey;
+    }
+
+    /**
+     * check if it is a valid private key
+     *
+     * @param string $plainKey
+     * @return bool
+     */
+    protected function isValidPrivateKey($plainKey) {
+        $res = openssl_get_privatekey($plainKey);
+        if (is_resource($res)) {
+            $sslInfo = openssl_pkey_get_details($res);
+            if (isset($sslInfo['key'])) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @param string $keyFileContents
+     * @param string $passPhrase
+     * @param string $cipher
+     * @param int $version
+     * @param int $position
+     * @return string
+     * @throws DecryptionFailedException
+     */
+    public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
+        if ($keyFileContents == '') {
+            return '';
+        }
+
+        $catFile = $this->splitMetaData($keyFileContents, $cipher);
+
+        if ($catFile['signature'] !== false) {
+            try {
+                // First try the new format
+                $this->checkSignature($catFile['encrypted'], $passPhrase . '_' . $version . '_' . $position, $catFile['signature']);
+            } catch (GenericEncryptionException $e) {
+                // For compatibility with old files check the version without _
+                $this->checkSignature($catFile['encrypted'], $passPhrase . $version . $position, $catFile['signature']);
+            }
+        }
+
+        return $this->decrypt($catFile['encrypted'],
+            $catFile['iv'],
+            $passPhrase,
+            $cipher);
+    }
+
+    /**
+     * check for valid signature
+     *
+     * @param string $data
+     * @param string $passPhrase
+     * @param string $expectedSignature
+     * @throws GenericEncryptionException
+     */
+    private function checkSignature($data, $passPhrase, $expectedSignature) {
+        $enforceSignature = !$this->config->getSystemValue('encryption_skip_signature_check', false);
+
+        $signature = $this->createSignature($data, $passPhrase);
+        $isCorrectHash = hash_equals($expectedSignature, $signature);
+
+        if (!$isCorrectHash && $enforceSignature) {
+            throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
+        } elseif (!$isCorrectHash && !$enforceSignature) {
+            $this->logger->info("Signature check skipped", ['app' => 'encryption']);
+        }
+    }
+
+    /**
+     * create signature
+     *
+     * @param string $data
+     * @param string $passPhrase
+     * @return string
+     */
+    private function createSignature($data, $passPhrase) {
+        $passPhrase = hash('sha512', $passPhrase . 'a', true);
+        return hash_hmac('sha256', $data, $passPhrase);
+    }
+
+
+    /**
+     * remove padding
+     *
+     * @param string $padded
+     * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
+     * @return string|false
+     */
+    private function removePadding($padded, $hasSignature = false) {
+        if ($hasSignature === false && substr($padded, -2) === 'xx') {
+            return substr($padded, 0, -2);
+        } elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
+            return substr($padded, 0, -3);
+        }
+        return false;
+    }
+
+    /**
+     * split meta data from encrypted file
+     * Note: for now, we assume that the meta data always start with the iv
+     *       followed by the signature, if available
+     *
+     * @param string $catFile
+     * @param string $cipher
+     * @return array
+     */
+    private function splitMetaData($catFile, $cipher) {
+        if ($this->hasSignature($catFile, $cipher)) {
+            $catFile = $this->removePadding($catFile, true);
+            $meta = substr($catFile, -93);
+            $iv = substr($meta, strlen('00iv00'), 16);
+            $sig = substr($meta, 22 + strlen('00sig00'));
+            $encrypted = substr($catFile, 0, -93);
+        } else {
+            $catFile = $this->removePadding($catFile);
+            $meta = substr($catFile, -22);
+            $iv = substr($meta, -16);
+            $sig = false;
+            $encrypted = substr($catFile, 0, -22);
+        }
+
+        return [
+            'encrypted' => $encrypted,
+            'iv' => $iv,
+            'signature' => $sig
+        ];
+    }
+
+    /**
+     * check if encrypted block is signed
+     *
+     * @param string $catFile
+     * @param string $cipher
+     * @return bool
+     * @throws GenericEncryptionException
+     */
+    private function hasSignature($catFile, $cipher) {
+        $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false);
+
+        $meta = substr($catFile, -93);
+        $signaturePosition = strpos($meta, '00sig00');
+
+        // If we no longer support the legacy format then everything needs a signature
+        if (!$skipSignatureCheck && !$this->supportLegacy && $signaturePosition === false) {
+            throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
+        }
+
+        // enforce signature for the new 'CTR' ciphers
+        if (!$skipSignatureCheck && $signaturePosition === false && stripos($cipher, 'ctr') !== false) {
+            throw new GenericEncryptionException('Missing Signature', $this->l->t('Missing Signature'));
+        }
+
+        return ($signaturePosition !== false);
+    }
+
+
+    /**
+     * @param string $encryptedContent
+     * @param string $iv
+     * @param string $passPhrase
+     * @param string $cipher
+     * @return string
+     * @throws DecryptionFailedException
+     */
+    private function decrypt($encryptedContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
+        $plainContent = openssl_decrypt($encryptedContent,
+            $cipher,
+            $passPhrase,
+            false,
+            $iv);
+
+        if ($plainContent) {
+            return $plainContent;
+        } else {
+            throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
+        }
+    }
+
+    /**
+     * @param string $data
+     * @return array
+     */
+    protected function parseHeader($data) {
+        $result = [];
+
+        if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
+            $endAt = strpos($data, self::HEADER_END);
+            $header = substr($data, 0, $endAt + strlen(self::HEADER_END));
+
+            // +1 not to start with an ':' which would result in empty element at the beginning
+            $exploded = explode(':',
+                substr($header, strlen(self::HEADER_START) + 1));
+
+            $element = array_shift($exploded);
+
+            while ($element !== self::HEADER_END) {
+                $result[$element] = array_shift($exploded);
+                $element = array_shift($exploded);
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * generate initialization vector
+     *
+     * @return string
+     * @throws GenericEncryptionException
+     */
+    private function generateIv() {
+        return random_bytes(16);
+    }
+
+    /**
+     * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
+     * as file key
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function generateFileKey() {
+        return random_bytes(32);
+    }
+
+    /**
+     * @param $encKeyFile
+     * @param $shareKey
+     * @param $privateKey
+     * @return string
+     * @throws MultiKeyDecryptException
+     */
+    public function multiKeyDecrypt($encKeyFile, $shareKey, $privateKey) {
+        if (!$encKeyFile) {
+            throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
+        }
+
+        if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
+            return $plainContent;
+        } else {
+            throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
+        }
+    }
+
+    /**
+     * @param string $plainContent
+     * @param array $keyFiles
+     * @return array
+     * @throws MultiKeyEncryptException
+     */
+    public function multiKeyEncrypt($plainContent, array $keyFiles) {
+        // openssl_seal returns false without errors if plaincontent is empty
+        // so trigger our own error
+        if (empty($plainContent)) {
+            throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
+        }
+
+        // Set empty vars to be set by openssl by reference
+        $sealed = '';
+        $shareKeys = [];
+        $mappedShareKeys = [];
+
+        if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles)) {
+            $i = 0;
+
+            // Ensure each shareKey is labelled with its corresponding key id
+            foreach ($keyFiles as $userId => $publicKey) {
+                $mappedShareKeys[$userId] = $shareKeys[$i];
+                $i++;
+            }
+
+            return [
+                'keys' => $mappedShareKeys,
+                'data' => $sealed
+            ];
+        } else {
+            throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
+        }
+    }
 }

Please login to merge, or discard this patch.

apps/encryption/lib/Command/ScanLegacyFormat.php 1 patch

Indentation +101 added lines, -101 removed lines patch added patch discarded remove patch

@@ -36,105 +36,105 @@
 block discarded – undo
 
 class ScanLegacyFormat extends Command {
 
-	/** @var Util */
-	protected $util;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var View */
-	private $rootView;
-
-	/**
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(Util $util,
-								IConfig $config,
-								QuestionHelper $questionHelper,
-								IUserManager $userManager) {
-		parent::__construct();
-
-		$this->util = $util;
-		$this->config = $config;
-		$this->questionHelper = $questionHelper;
-		$this->userManager = $userManager;
-		$this->rootView = new View();
-	}
-
-	protected function configure() {
-		$this
-			->setName('encryption:scan:legacy-format')
-			->setDescription('Scan the files for the legacy format');
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output): int {
-		$result = true;
-
-		$output->writeln('Scanning all files for legacy encryption');
-
-		foreach ($this->userManager->getBackends() as $backend) {
-			$limit = 500;
-			$offset = 0;
-			do {
-				$users = $backend->getUsers('', $limit, $offset);
-				foreach ($users as $user) {
-					$output->writeln('Scanning all files for ' . $user);
-					$this->setupUserFS($user);
-					$result &= $this->scanFolder($output, '/' . $user);
-				}
-				$offset += $limit;
-			} while (count($users) >= $limit);
-		}
-
-		if ($result) {
-			$output->writeln('All scanned files are propperly encrypted. You can disable the legacy compatibility mode.');
-			return 0;
-		}
-
-		return 1;
-	}
-
-	private function scanFolder(OutputInterface $output, string $folder): bool {
-		$clean = true;
-
-		foreach ($this->rootView->getDirectoryContent($folder) as $item) {
-			$path = $folder . '/' . $item['name'];
-			if ($this->rootView->is_dir($path)) {
-				if ($this->scanFolder($output, $path) === false) {
-					$clean = false;
-				}
-			} else {
-				if (!$item->isEncrypted()) {
-					// ignore
-					continue;
-				}
-
-				$stats = $this->rootView->stat($path);
-				if (!isset($stats['hasHeader']) || $stats['hasHeader'] === false) {
-					$clean = false;
-					$output->writeln($path . ' does not have a proper header');
-				}
-			}
-		}
-
-		return $clean;
-	}
-
-	/**
-	 * setup user file system
-	 *
-	 * @param string $uid
-	 */
-	protected function setupUserFS($uid) {
-		\OC_Util::tearDownFS();
-		\OC_Util::setupFS($uid);
-	}
+    /** @var Util */
+    protected $util;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var View */
+    private $rootView;
+
+    /**
+     * @param Util $util
+     * @param IConfig $config
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(Util $util,
+                                IConfig $config,
+                                QuestionHelper $questionHelper,
+                                IUserManager $userManager) {
+        parent::__construct();
+
+        $this->util = $util;
+        $this->config = $config;
+        $this->questionHelper = $questionHelper;
+        $this->userManager = $userManager;
+        $this->rootView = new View();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('encryption:scan:legacy-format')
+            ->setDescription('Scan the files for the legacy format');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int {
+        $result = true;
+
+        $output->writeln('Scanning all files for legacy encryption');
+
+        foreach ($this->userManager->getBackends() as $backend) {
+            $limit = 500;
+            $offset = 0;
+            do {
+                $users = $backend->getUsers('', $limit, $offset);
+                foreach ($users as $user) {
+                    $output->writeln('Scanning all files for ' . $user);
+                    $this->setupUserFS($user);
+                    $result &= $this->scanFolder($output, '/' . $user);
+                }
+                $offset += $limit;
+            } while (count($users) >= $limit);
+        }
+
+        if ($result) {
+            $output->writeln('All scanned files are propperly encrypted. You can disable the legacy compatibility mode.');
+            return 0;
+        }
+
+        return 1;
+    }
+
+    private function scanFolder(OutputInterface $output, string $folder): bool {
+        $clean = true;
+
+        foreach ($this->rootView->getDirectoryContent($folder) as $item) {
+            $path = $folder . '/' . $item['name'];
+            if ($this->rootView->is_dir($path)) {
+                if ($this->scanFolder($output, $path) === false) {
+                    $clean = false;
+                }
+            } else {
+                if (!$item->isEncrypted()) {
+                    // ignore
+                    continue;
+                }
+
+                $stats = $this->rootView->stat($path);
+                if (!isset($stats['hasHeader']) || $stats['hasHeader'] === false) {
+                    $clean = false;
+                    $output->writeln($path . ' does not have a proper header');
+                }
+            }
+        }
+
+        return $clean;
+    }
+
+    /**
+     * setup user file system
+     *
+     * @param string $uid
+     */
+    protected function setupUserFS($uid) {
+        \OC_Util::tearDownFS();
+        \OC_Util::setupFS($uid);
+    }
 }

Please login to merge, or discard this patch.

apps/settings/lib/Controller/CheckSetupController.php 1 patch

Indentation +650 added lines, -650 removed lines patch added patch discarded remove patch

@@ -74,288 +74,288 @@  discard block
 block discarded – undo
 use Symfony\Component\EventDispatcher\GenericEvent;
 
 class CheckSetupController extends Controller {
-	/** @var IConfig */
-	private $config;
-	/** @var IClientService */
-	private $clientService;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Checker */
-	private $checker;
-	/** @var ILogger */
-	private $logger;
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-	/** @var IDBConnection|Connection */
-	private $db;
-	/** @var ILockingProvider */
-	private $lockingProvider;
-	/** @var IDateTimeFormatter */
-	private $dateTimeFormatter;
-	/** @var MemoryInfo */
-	private $memoryInfo;
-	/** @var ISecureRandom */
-	private $secureRandom;
-
-	public function __construct($AppName,
-								IRequest $request,
-								IConfig $config,
-								IClientService $clientService,
-								IURLGenerator $urlGenerator,
-								IL10N $l10n,
-								Checker $checker,
-								ILogger $logger,
-								EventDispatcherInterface $dispatcher,
-								IDBConnection $db,
-								ILockingProvider $lockingProvider,
-								IDateTimeFormatter $dateTimeFormatter,
-								MemoryInfo $memoryInfo,
-								ISecureRandom $secureRandom) {
-		parent::__construct($AppName, $request);
-		$this->config = $config;
-		$this->clientService = $clientService;
-		$this->urlGenerator = $urlGenerator;
-		$this->l10n = $l10n;
-		$this->checker = $checker;
-		$this->logger = $logger;
-		$this->dispatcher = $dispatcher;
-		$this->db = $db;
-		$this->lockingProvider = $lockingProvider;
-		$this->dateTimeFormatter = $dateTimeFormatter;
-		$this->memoryInfo = $memoryInfo;
-		$this->secureRandom = $secureRandom;
-	}
-
-	/**
-	 * Checks if the server can connect to the internet using HTTPS and HTTP
-	 * @return bool
-	 */
-	private function hasInternetConnectivityProblems(): bool {
-		if ($this->config->getSystemValue('has_internet_connection', true) === false) {
-			return false;
-		}
-
-		$siteArray = $this->config->getSystemValue('connectivity_check_domains', [
-			'www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org'
-		]);
-
-		foreach ($siteArray as $site) {
-			if ($this->isSiteReachable($site)) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
-	 * Checks if the Nextcloud server can connect to a specific URL using both HTTPS and HTTP
-	 * @return bool
-	 */
-	private function isSiteReachable($sitename) {
-		$httpSiteName = 'http://' . $sitename . '/';
-		$httpsSiteName = 'https://' . $sitename . '/';
-
-		try {
-			$client = $this->clientService->newClient();
-			$client->get($httpSiteName);
-			$client->get($httpsSiteName);
-		} catch (\Exception $e) {
-			$this->logger->logException($e, ['app' => 'internet_connection_check']);
-			return false;
-		}
-		return true;
-	}
-
-	/**
-	 * Checks whether a local memcache is installed or not
-	 * @return bool
-	 */
-	private function isMemcacheConfigured() {
-		return $this->config->getSystemValue('memcache.local', null) !== null;
-	}
-
-	/**
-	 * Whether PHP can generate "secure" pseudorandom integers
-	 *
-	 * @return bool
-	 */
-	private function isRandomnessSecure() {
-		try {
-			$this->secureRandom->generate(1);
-		} catch (\Exception $ex) {
-			return false;
-		}
-		return true;
-	}
-
-	/**
-	 * Public for the sake of unit-testing
-	 *
-	 * @return array
-	 */
-	protected function getCurlVersion() {
-		return curl_version();
-	}
-
-	/**
-	 * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do
-	 * have multiple bugs which likely lead to problems in combination with
-	 * functionality required by ownCloud such as SNI.
-	 *
-	 * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546
-	 * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172
-	 * @return string
-	 */
-	private function isUsedTlsLibOutdated() {
-		// Don't run check when:
-		// 1. Server has `has_internet_connection` set to false
-		// 2. AppStore AND S2S is disabled
-		if (!$this->config->getSystemValue('has_internet_connection', true)) {
-			return '';
-		}
-		if (!$this->config->getSystemValue('appstoreenabled', true)
-			&& $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
-			&& $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
-			return '';
-		}
-
-		$versionString = $this->getCurlVersion();
-		if (isset($versionString['ssl_version'])) {
-			$versionString = $versionString['ssl_version'];
-		} else {
-			return '';
-		}
-
-		$features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
-		if (!$this->config->getSystemValue('appstoreenabled', true)) {
-			$features = (string)$this->l10n->t('Federated Cloud Sharing');
-		}
-
-		// Check if at least OpenSSL after 1.01d or 1.0.2b
-		if (strpos($versionString, 'OpenSSL/') === 0) {
-			$majorVersion = substr($versionString, 8, 5);
-			$patchRelease = substr($versionString, 13, 6);
-
-			if (($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
-				($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
-				return $this->l10n->t('cURL is using an outdated %1$s version (%2$s). Please update your operating system or features such as %3$s will not work reliably.', ['OpenSSL', $versionString, $features]);
-			}
-		}
-
-		// Check if NSS and perform heuristic check
-		if (strpos($versionString, 'NSS/') === 0) {
-			try {
-				$firstClient = $this->clientService->newClient();
-				$firstClient->get('https://nextcloud.com/');
-
-				$secondClient = $this->clientService->newClient();
-				$secondClient->get('https://nextcloud.com/');
-			} catch (ClientException $e) {
-				if ($e->getResponse()->getStatusCode() === 400) {
-					return $this->l10n->t('cURL is using an outdated %1$s version (%2$s). Please update your operating system or features such as %3$s will not work reliably.', ['NSS', $versionString, $features]);
-				}
-			}
-		}
-
-		return '';
-	}
-
-	/**
-	 * Whether the version is outdated
-	 *
-	 * @return bool
-	 */
-	protected function isPhpOutdated(): bool {
-		return PHP_VERSION_ID < 70300;
-	}
-
-	/**
-	 * Whether the php version is still supported (at time of release)
-	 * according to: https://secure.php.net/supported-versions.php
-	 *
-	 * @return array
-	 */
-	private function isPhpSupported(): array {
-		return ['eol' => $this->isPhpOutdated(), 'version' => PHP_VERSION];
-	}
-
-	/**
-	 * Check if the reverse proxy configuration is working as expected
-	 *
-	 * @return bool
-	 */
-	private function forwardedForHeadersWorking() {
-		$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
-		$remoteAddress = $this->request->getHeader('REMOTE_ADDR');
-
-		if (empty($trustedProxies) && $this->request->getHeader('X-Forwarded-Host') !== '') {
-			return false;
-		}
-
-		if (\is_array($trustedProxies) && \in_array($remoteAddress, $trustedProxies, true)) {
-			return $remoteAddress !== $this->request->getRemoteAddress();
-		}
-
-		// either not enabled or working correctly
-		return true;
-	}
-
-	/**
-	 * Checks if the correct memcache module for PHP is installed. Only
-	 * fails if memcached is configured and the working module is not installed.
-	 *
-	 * @return bool
-	 */
-	private function isCorrectMemcachedPHPModuleInstalled() {
-		if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {
-			return true;
-		}
-
-		// there are two different memcached modules for PHP
-		// we only support memcached and not memcache
-		// https://code.google.com/p/memcached/wiki/PHPClientComparison
-		return !(!extension_loaded('memcached') && extension_loaded('memcache'));
-	}
-
-	/**
-	 * Checks if set_time_limit is not disabled.
-	 *
-	 * @return bool
-	 */
-	private function isSettimelimitAvailable() {
-		if (function_exists('set_time_limit')
-			&& strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return RedirectResponse
-	 */
-	public function rescanFailedIntegrityCheck() {
-		$this->checker->runInstanceVerification();
-		return new RedirectResponse(
-			$this->urlGenerator->linkToRoute('settings.AdminSettings.index', ['section' => 'overview'])
-		);
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @return DataResponse
-	 */
-	public function getFailedIntegrityCheckFiles() {
-		if (!$this->checker->isCodeCheckEnforced()) {
-			return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
-		}
-
-		$completeResults = $this->checker->getResults();
-
-		if (!empty($completeResults)) {
-			$formattedTextResponse = 'Technical information
+    /** @var IConfig */
+    private $config;
+    /** @var IClientService */
+    private $clientService;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Checker */
+    private $checker;
+    /** @var ILogger */
+    private $logger;
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+    /** @var IDBConnection|Connection */
+    private $db;
+    /** @var ILockingProvider */
+    private $lockingProvider;
+    /** @var IDateTimeFormatter */
+    private $dateTimeFormatter;
+    /** @var MemoryInfo */
+    private $memoryInfo;
+    /** @var ISecureRandom */
+    private $secureRandom;
+
+    public function __construct($AppName,
+                                IRequest $request,
+                                IConfig $config,
+                                IClientService $clientService,
+                                IURLGenerator $urlGenerator,
+                                IL10N $l10n,
+                                Checker $checker,
+                                ILogger $logger,
+                                EventDispatcherInterface $dispatcher,
+                                IDBConnection $db,
+                                ILockingProvider $lockingProvider,
+                                IDateTimeFormatter $dateTimeFormatter,
+                                MemoryInfo $memoryInfo,
+                                ISecureRandom $secureRandom) {
+        parent::__construct($AppName, $request);
+        $this->config = $config;
+        $this->clientService = $clientService;
+        $this->urlGenerator = $urlGenerator;
+        $this->l10n = $l10n;
+        $this->checker = $checker;
+        $this->logger = $logger;
+        $this->dispatcher = $dispatcher;
+        $this->db = $db;
+        $this->lockingProvider = $lockingProvider;
+        $this->dateTimeFormatter = $dateTimeFormatter;
+        $this->memoryInfo = $memoryInfo;
+        $this->secureRandom = $secureRandom;
+    }
+
+    /**
+     * Checks if the server can connect to the internet using HTTPS and HTTP
+     * @return bool
+     */
+    private function hasInternetConnectivityProblems(): bool {
+        if ($this->config->getSystemValue('has_internet_connection', true) === false) {
+            return false;
+        }
+
+        $siteArray = $this->config->getSystemValue('connectivity_check_domains', [
+            'www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org'
+        ]);
+
+        foreach ($siteArray as $site) {
+            if ($this->isSiteReachable($site)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * Checks if the Nextcloud server can connect to a specific URL using both HTTPS and HTTP
+     * @return bool
+     */
+    private function isSiteReachable($sitename) {
+        $httpSiteName = 'http://' . $sitename . '/';
+        $httpsSiteName = 'https://' . $sitename . '/';
+
+        try {
+            $client = $this->clientService->newClient();
+            $client->get($httpSiteName);
+            $client->get($httpsSiteName);
+        } catch (\Exception $e) {
+            $this->logger->logException($e, ['app' => 'internet_connection_check']);
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Checks whether a local memcache is installed or not
+     * @return bool
+     */
+    private function isMemcacheConfigured() {
+        return $this->config->getSystemValue('memcache.local', null) !== null;
+    }
+
+    /**
+     * Whether PHP can generate "secure" pseudorandom integers
+     *
+     * @return bool
+     */
+    private function isRandomnessSecure() {
+        try {
+            $this->secureRandom->generate(1);
+        } catch (\Exception $ex) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Public for the sake of unit-testing
+     *
+     * @return array
+     */
+    protected function getCurlVersion() {
+        return curl_version();
+    }
+
+    /**
+     * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do
+     * have multiple bugs which likely lead to problems in combination with
+     * functionality required by ownCloud such as SNI.
+     *
+     * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546
+     * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172
+     * @return string
+     */
+    private function isUsedTlsLibOutdated() {
+        // Don't run check when:
+        // 1. Server has `has_internet_connection` set to false
+        // 2. AppStore AND S2S is disabled
+        if (!$this->config->getSystemValue('has_internet_connection', true)) {
+            return '';
+        }
+        if (!$this->config->getSystemValue('appstoreenabled', true)
+            && $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
+            && $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
+            return '';
+        }
+
+        $versionString = $this->getCurlVersion();
+        if (isset($versionString['ssl_version'])) {
+            $versionString = $versionString['ssl_version'];
+        } else {
+            return '';
+        }
+
+        $features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
+        if (!$this->config->getSystemValue('appstoreenabled', true)) {
+            $features = (string)$this->l10n->t('Federated Cloud Sharing');
+        }
+
+        // Check if at least OpenSSL after 1.01d or 1.0.2b
+        if (strpos($versionString, 'OpenSSL/') === 0) {
+            $majorVersion = substr($versionString, 8, 5);
+            $patchRelease = substr($versionString, 13, 6);
+
+            if (($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
+                ($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
+                return $this->l10n->t('cURL is using an outdated %1$s version (%2$s). Please update your operating system or features such as %3$s will not work reliably.', ['OpenSSL', $versionString, $features]);
+            }
+        }
+
+        // Check if NSS and perform heuristic check
+        if (strpos($versionString, 'NSS/') === 0) {
+            try {
+                $firstClient = $this->clientService->newClient();
+                $firstClient->get('https://nextcloud.com/');
+
+                $secondClient = $this->clientService->newClient();
+                $secondClient->get('https://nextcloud.com/');
+            } catch (ClientException $e) {
+                if ($e->getResponse()->getStatusCode() === 400) {
+                    return $this->l10n->t('cURL is using an outdated %1$s version (%2$s). Please update your operating system or features such as %3$s will not work reliably.', ['NSS', $versionString, $features]);
+                }
+            }
+        }
+
+        return '';
+    }
+
+    /**
+     * Whether the version is outdated
+     *
+     * @return bool
+     */
+    protected function isPhpOutdated(): bool {
+        return PHP_VERSION_ID < 70300;
+    }
+
+    /**
+     * Whether the php version is still supported (at time of release)
+     * according to: https://secure.php.net/supported-versions.php
+     *
+     * @return array
+     */
+    private function isPhpSupported(): array {
+        return ['eol' => $this->isPhpOutdated(), 'version' => PHP_VERSION];
+    }
+
+    /**
+     * Check if the reverse proxy configuration is working as expected
+     *
+     * @return bool
+     */
+    private function forwardedForHeadersWorking() {
+        $trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
+        $remoteAddress = $this->request->getHeader('REMOTE_ADDR');
+
+        if (empty($trustedProxies) && $this->request->getHeader('X-Forwarded-Host') !== '') {
+            return false;
+        }
+
+        if (\is_array($trustedProxies) && \in_array($remoteAddress, $trustedProxies, true)) {
+            return $remoteAddress !== $this->request->getRemoteAddress();
+        }
+
+        // either not enabled or working correctly
+        return true;
+    }
+
+    /**
+     * Checks if the correct memcache module for PHP is installed. Only
+     * fails if memcached is configured and the working module is not installed.
+     *
+     * @return bool
+     */
+    private function isCorrectMemcachedPHPModuleInstalled() {
+        if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {
+            return true;
+        }
+
+        // there are two different memcached modules for PHP
+        // we only support memcached and not memcache
+        // https://code.google.com/p/memcached/wiki/PHPClientComparison
+        return !(!extension_loaded('memcached') && extension_loaded('memcache'));
+    }
+
+    /**
+     * Checks if set_time_limit is not disabled.
+     *
+     * @return bool
+     */
+    private function isSettimelimitAvailable() {
+        if (function_exists('set_time_limit')
+            && strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return RedirectResponse
+     */
+    public function rescanFailedIntegrityCheck() {
+        $this->checker->runInstanceVerification();
+        return new RedirectResponse(
+            $this->urlGenerator->linkToRoute('settings.AdminSettings.index', ['section' => 'overview'])
+        );
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @return DataResponse
+     */
+    public function getFailedIntegrityCheckFiles() {
+        if (!$this->checker->isCodeCheckEnforced()) {
+            return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
+        }
+
+        $completeResults = $this->checker->getResults();
+
+        if (!empty($completeResults)) {
+            $formattedTextResponse = 'Technical information
 =====================
 The following list covers which files have failed the integrity check. Please read
 the previous linked documentation to learn more about the errors and how to fix
@@ -364,375 +364,375 @@  discard block
 block discarded – undo
 Results
 =======
 ';
-			foreach ($completeResults as $context => $contextResult) {
-				$formattedTextResponse .= "- $context\n";
-
-				foreach ($contextResult as $category => $result) {
-					$formattedTextResponse .= "\t- $category\n";
-					if ($category !== 'EXCEPTION') {
-						foreach ($result as $key => $results) {
-							$formattedTextResponse .= "\t\t- $key\n";
-						}
-					} else {
-						foreach ($result as $key => $results) {
-							$formattedTextResponse .= "\t\t- $results\n";
-						}
-					}
-				}
-			}
-
-			$formattedTextResponse .= '
+            foreach ($completeResults as $context => $contextResult) {
+                $formattedTextResponse .= "- $context\n";
+
+                foreach ($contextResult as $category => $result) {
+                    $formattedTextResponse .= "\t- $category\n";
+                    if ($category !== 'EXCEPTION') {
+                        foreach ($result as $key => $results) {
+                            $formattedTextResponse .= "\t\t- $key\n";
+                        }
+                    } else {
+                        foreach ($result as $key => $results) {
+                            $formattedTextResponse .= "\t\t- $results\n";
+                        }
+                    }
+                }
+            }
+
+            $formattedTextResponse .= '
 Raw output
 ==========
 ';
-			$formattedTextResponse .= print_r($completeResults, true);
-		} else {
-			$formattedTextResponse = 'No errors have been found.';
-		}
-
-
-		$response = new DataDisplayResponse(
-			$formattedTextResponse,
-			Http::STATUS_OK,
-			[
-				'Content-Type' => 'text/plain',
-			]
-		);
-
-		return $response;
-	}
-
-	/**
-	 * Checks whether a PHP opcache is properly set up
-	 * @return bool
-	 */
-	protected function isOpcacheProperlySetup() {
-		$iniWrapper = new IniGetWrapper();
-
-		if (!$iniWrapper->getBool('opcache.enable')) {
-			return false;
-		}
-
-		if (!$iniWrapper->getBool('opcache.save_comments')) {
-			return false;
-		}
-
-		if ($iniWrapper->getNumeric('opcache.max_accelerated_files') < 10000) {
-			return false;
-		}
-
-		if ($iniWrapper->getNumeric('opcache.memory_consumption') < 128) {
-			return false;
-		}
-
-		if ($iniWrapper->getNumeric('opcache.interned_strings_buffer') < 8) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if the required FreeType functions are present
-	 * @return bool
-	 */
-	protected function hasFreeTypeSupport() {
-		return function_exists('imagettfbbox') && function_exists('imagettftext');
-	}
-
-	protected function hasMissingIndexes(): array {
-		$indexInfo = new MissingIndexInformation();
-		// Dispatch event so apps can also hint for pending index updates if needed
-		$event = new GenericEvent($indexInfo);
-		$this->dispatcher->dispatch(IDBConnection::CHECK_MISSING_INDEXES_EVENT, $event);
-
-		return $indexInfo->getListOfMissingIndexes();
-	}
-
-	protected function hasMissingColumns(): array {
-		$indexInfo = new MissingColumnInformation();
-		// Dispatch event so apps can also hint for pending index updates if needed
-		$event = new GenericEvent($indexInfo);
-		$this->dispatcher->dispatch(IDBConnection::CHECK_MISSING_COLUMNS_EVENT, $event);
-
-		return $indexInfo->getListOfMissingColumns();
-	}
-
-	protected function isSqliteUsed() {
-		return strpos($this->config->getSystemValue('dbtype'), 'sqlite') !== false;
-	}
-
-	protected function isReadOnlyConfig(): bool {
-		return \OC_Helper::isReadOnlyConfigEnabled();
-	}
-
-	protected function hasValidTransactionIsolationLevel(): bool {
-		try {
-			if ($this->db->getDatabasePlatform() instanceof SqlitePlatform) {
-				return true;
-			}
-
-			return $this->db->getTransactionIsolation() === Connection::TRANSACTION_READ_COMMITTED;
-		} catch (DBALException $e) {
-			// ignore
-		}
-
-		return true;
-	}
-
-	protected function hasFileinfoInstalled(): bool {
-		return \OC_Util::fileInfoLoaded();
-	}
-
-	protected function hasWorkingFileLocking(): bool {
-		return !($this->lockingProvider instanceof NoopLockingProvider);
-	}
-
-	protected function getSuggestedOverwriteCliURL(): string {
-		$suggestedOverwriteCliUrl = '';
-		if ($this->config->getSystemValue('overwrite.cli.url', '') === '') {
-			$suggestedOverwriteCliUrl = $this->request->getServerProtocol() . '://' . $this->request->getInsecureServerHost() . \OC::$WEBROOT;
-			if (!$this->config->getSystemValue('config_is_read_only', false)) {
-				// Set the overwrite URL when it was not set yet.
-				$this->config->setSystemValue('overwrite.cli.url', $suggestedOverwriteCliUrl);
-				$suggestedOverwriteCliUrl = '';
-			}
-		}
-		return $suggestedOverwriteCliUrl;
-	}
-
-	protected function getLastCronInfo(): array {
-		$lastCronRun = $this->config->getAppValue('core', 'lastcron', 0);
-		return [
-			'diffInSeconds' => time() - $lastCronRun,
-			'relativeTime' => $this->dateTimeFormatter->formatTimeSpan($lastCronRun),
-			'backgroundJobsUrl' => $this->urlGenerator->linkToRoute('settings.AdminSettings.index', ['section' => 'server']) . '#backgroundjobs',
-		];
-	}
-
-	protected function getCronErrors() {
-		$errors = json_decode($this->config->getAppValue('core', 'cronErrors', ''), true);
-
-		if (is_array($errors)) {
-			return $errors;
-		}
-
-		return [];
-	}
-
-	protected function isPHPMailerUsed(): bool {
-		return $this->config->getSystemValue('mail_smtpmode', 'smtp') === 'php';
-	}
-
-	protected function hasOpcacheLoaded(): bool {
-		return extension_loaded('Zend OPcache');
-	}
-
-	/**
-	 * Iterates through the configured app roots and
-	 * tests if the subdirectories are owned by the same user than the current user.
-	 *
-	 * @return array
-	 */
-	protected function getAppDirsWithDifferentOwner(): array {
-		$currentUser = posix_getuid();
-		$appDirsWithDifferentOwner = [[]];
-
-		foreach (OC::$APPSROOTS as $appRoot) {
-			if ($appRoot['writable'] === true) {
-				$appDirsWithDifferentOwner[] = $this->getAppDirsWithDifferentOwnerForAppRoot($currentUser, $appRoot);
-			}
-		}
-
-		$appDirsWithDifferentOwner = array_merge(...$appDirsWithDifferentOwner);
-		sort($appDirsWithDifferentOwner);
-
-		return $appDirsWithDifferentOwner;
-	}
-
-	/**
-	 * Tests if the directories for one apps directory are writable by the current user.
-	 *
-	 * @param int $currentUser The current user
-	 * @param array $appRoot The app root config
-	 * @return string[] The none writable directory paths inside the app root
-	 */
-	private function getAppDirsWithDifferentOwnerForAppRoot(int $currentUser, array $appRoot): array {
-		$appDirsWithDifferentOwner = [];
-		$appsPath = $appRoot['path'];
-		$appsDir = new DirectoryIterator($appRoot['path']);
-
-		foreach ($appsDir as $fileInfo) {
-			if ($fileInfo->isDir() && !$fileInfo->isDot()) {
-				$absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
-				$appDirUser = fileowner($absAppPath);
-				if ($appDirUser !== $currentUser) {
-					$appDirsWithDifferentOwner[] = $absAppPath;
-				}
-			}
-		}
-
-		return $appDirsWithDifferentOwner;
-	}
-
-	/**
-	 * Checks for potential PHP modules that would improve the instance
-	 *
-	 * @return string[] A list of PHP modules that is recommended
-	 */
-	protected function hasRecommendedPHPModules(): array {
-		$recommendedPHPModules = [];
-
-		if (!extension_loaded('intl')) {
-			$recommendedPHPModules[] = 'intl';
-		}
-
-		if (!extension_loaded('bcmath')) {
-			$recommendedPHPModules[] = 'bcmath';
-		}
-
-		if (!extension_loaded('gmp')) {
-			$recommendedPHPModules[] = 'gmp';
-		}
-
-		if ($this->config->getAppValue('theming', 'enabled', 'no') === 'yes') {
-			if (!extension_loaded('imagick')) {
-				$recommendedPHPModules[] = 'imagick';
-			}
-		}
-
-		return $recommendedPHPModules;
-	}
-
-	protected function isMysqlUsedWithoutUTF8MB4(): bool {
-		return ($this->config->getSystemValue('dbtype', 'sqlite') === 'mysql') && ($this->config->getSystemValue('mysql.utf8mb4', false) === false);
-	}
-
-	protected function hasBigIntConversionPendingColumns(): array {
-		// copy of ConvertFilecacheBigInt::getColumnsByTable()
-		$tables = [
-			'activity' => ['activity_id', 'object_id'],
-			'activity_mq' => ['mail_id'],
-			'authtoken' => ['id'],
-			'bruteforce_attempts' => ['id'],
-			'filecache' => ['fileid', 'storage', 'parent', 'mimetype', 'mimepart', 'mtime', 'storage_mtime'],
-			'file_locks' => ['id'],
-			'jobs' => ['id'],
-			'mimetypes' => ['id'],
-			'mounts' => ['id', 'storage_id', 'root_id', 'mount_id'],
-			'storages' => ['numeric_id'],
-		];
-
-		$schema = new SchemaWrapper($this->db);
-		$isSqlite = $this->db->getDatabasePlatform() instanceof SqlitePlatform;
-		$pendingColumns = [];
-
-		foreach ($tables as $tableName => $columns) {
-			if (!$schema->hasTable($tableName)) {
-				continue;
-			}
-
-			$table = $schema->getTable($tableName);
-			foreach ($columns as $columnName) {
-				$column = $table->getColumn($columnName);
-				$isAutoIncrement = $column->getAutoincrement();
-				$isAutoIncrementOnSqlite = $isSqlite && $isAutoIncrement;
-				if ($column->getType()->getName() !== Types::BIGINT && !$isAutoIncrementOnSqlite) {
-					$pendingColumns[] = $tableName . '.' . $columnName;
-				}
-			}
-		}
-
-		return $pendingColumns;
-	}
-
-	protected function isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(): bool {
-		$objectStore = $this->config->getSystemValue('objectstore', null);
-		$objectStoreMultibucket = $this->config->getSystemValue('objectstore_multibucket', null);
-
-		if (!isset($objectStoreMultibucket) && !isset($objectStore)) {
-			return true;
-		}
-
-		if (isset($objectStoreMultibucket['class']) && $objectStoreMultibucket['class'] !== 'OC\\Files\\ObjectStore\\S3') {
-			return true;
-		}
-
-		if (isset($objectStore['class']) && $objectStore['class'] !== 'OC\\Files\\ObjectStore\\S3') {
-			return true;
-		}
-
-		$tempPath = sys_get_temp_dir();
-		if (!is_dir($tempPath)) {
-			$this->logger->error('Error while checking the temporary PHP path - it was not properly set to a directory. value: ' . $tempPath);
-			return false;
-		}
-		$freeSpaceInTemp = disk_free_space($tempPath);
-		if ($freeSpaceInTemp === false) {
-			$this->logger->error('Error while checking the available disk space of temporary PHP path - no free disk space returned. temporary path: ' . $tempPath);
-			return false;
-		}
-
-		$freeSpaceInTempInGB = $freeSpaceInTemp / 1024 / 1024 / 1024;
-		if ($freeSpaceInTempInGB > 50) {
-			return true;
-		}
-
-		$this->logger->warning('Checking the available space in the temporary path resulted in ' . round($freeSpaceInTempInGB, 1) . ' GB instead of the recommended 50GB. Path: ' . $tempPath);
-		return false;
-	}
-
-	/**
-	 * @return DataResponse
-	 */
-	public function check() {
-		$phpDefaultCharset = new PhpDefaultCharset();
-		$phpOutputBuffering = new PhpOutputBuffering();
-		$legacySSEKeyFormat = new LegacySSEKeyFormat($this->l10n, $this->config, $this->urlGenerator);
-		return new DataResponse(
-			[
-				'isGetenvServerWorking' => !empty(getenv('PATH')),
-				'isReadOnlyConfig' => $this->isReadOnlyConfig(),
-				'hasValidTransactionIsolationLevel' => $this->hasValidTransactionIsolationLevel(),
-				'hasFileinfoInstalled' => $this->hasFileinfoInstalled(),
-				'hasWorkingFileLocking' => $this->hasWorkingFileLocking(),
-				'suggestedOverwriteCliURL' => $this->getSuggestedOverwriteCliURL(),
-				'cronInfo' => $this->getLastCronInfo(),
-				'cronErrors' => $this->getCronErrors(),
-				'serverHasInternetConnectionProblems' => $this->hasInternetConnectivityProblems(),
-				'isMemcacheConfigured' => $this->isMemcacheConfigured(),
-				'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
-				'isRandomnessSecure' => $this->isRandomnessSecure(),
-				'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
-				'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
-				'phpSupported' => $this->isPhpSupported(),
-				'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),
-				'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
-				'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
-				'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
-				'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
-				'isOpcacheProperlySetup' => $this->isOpcacheProperlySetup(),
-				'hasOpcacheLoaded' => $this->hasOpcacheLoaded(),
-				'phpOpcacheDocumentation' => $this->urlGenerator->linkToDocs('admin-php-opcache'),
-				'isSettimelimitAvailable' => $this->isSettimelimitAvailable(),
-				'hasFreeTypeSupport' => $this->hasFreeTypeSupport(),
-				'missingIndexes' => $this->hasMissingIndexes(),
-				'missingColumns' => $this->hasMissingColumns(),
-				'isSqliteUsed' => $this->isSqliteUsed(),
-				'databaseConversionDocumentation' => $this->urlGenerator->linkToDocs('admin-db-conversion'),
-				'isPHPMailerUsed' => $this->isPHPMailerUsed(),
-				'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin'),
-				'isMemoryLimitSufficient' => $this->memoryInfo->isMemoryLimitSufficient(),
-				'appDirsWithDifferentOwner' => $this->getAppDirsWithDifferentOwner(),
-				'recommendedPHPModules' => $this->hasRecommendedPHPModules(),
-				'pendingBigIntConversionColumns' => $this->hasBigIntConversionPendingColumns(),
-				'isMysqlUsedWithoutUTF8MB4' => $this->isMysqlUsedWithoutUTF8MB4(),
-				'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed' => $this->isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(),
-				'reverseProxyGeneratedURL' => $this->urlGenerator->getAbsoluteURL('index.php'),
-				PhpDefaultCharset::class => ['pass' => $phpDefaultCharset->run(), 'description' => $phpDefaultCharset->description(), 'severity' => $phpDefaultCharset->severity()],
-				PhpOutputBuffering::class => ['pass' => $phpOutputBuffering->run(), 'description' => $phpOutputBuffering->description(), 'severity' => $phpOutputBuffering->severity()],
-				LegacySSEKeyFormat::class => ['pass' => $legacySSEKeyFormat->run(), 'description' => $legacySSEKeyFormat->description(), 'severity' => $legacySSEKeyFormat->severity(), 'linkToDocumentation' => $legacySSEKeyFormat->linkToDocumentation()],
-			]
-		);
-	}
+            $formattedTextResponse .= print_r($completeResults, true);
+        } else {
+            $formattedTextResponse = 'No errors have been found.';
+        }
+
+
+        $response = new DataDisplayResponse(
+            $formattedTextResponse,
+            Http::STATUS_OK,
+            [
+                'Content-Type' => 'text/plain',
+            ]
+        );
+
+        return $response;
+    }
+
+    /**
+     * Checks whether a PHP opcache is properly set up
+     * @return bool
+     */
+    protected function isOpcacheProperlySetup() {
+        $iniWrapper = new IniGetWrapper();
+
+        if (!$iniWrapper->getBool('opcache.enable')) {
+            return false;
+        }
+
+        if (!$iniWrapper->getBool('opcache.save_comments')) {
+            return false;
+        }
+
+        if ($iniWrapper->getNumeric('opcache.max_accelerated_files') < 10000) {
+            return false;
+        }
+
+        if ($iniWrapper->getNumeric('opcache.memory_consumption') < 128) {
+            return false;
+        }
+
+        if ($iniWrapper->getNumeric('opcache.interned_strings_buffer') < 8) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if the required FreeType functions are present
+     * @return bool
+     */
+    protected function hasFreeTypeSupport() {
+        return function_exists('imagettfbbox') && function_exists('imagettftext');
+    }
+
+    protected function hasMissingIndexes(): array {
+        $indexInfo = new MissingIndexInformation();
+        // Dispatch event so apps can also hint for pending index updates if needed
+        $event = new GenericEvent($indexInfo);
+        $this->dispatcher->dispatch(IDBConnection::CHECK_MISSING_INDEXES_EVENT, $event);
+
+        return $indexInfo->getListOfMissingIndexes();
+    }
+
+    protected function hasMissingColumns(): array {
+        $indexInfo = new MissingColumnInformation();
+        // Dispatch event so apps can also hint for pending index updates if needed
+        $event = new GenericEvent($indexInfo);
+        $this->dispatcher->dispatch(IDBConnection::CHECK_MISSING_COLUMNS_EVENT, $event);
+
+        return $indexInfo->getListOfMissingColumns();
+    }
+
+    protected function isSqliteUsed() {
+        return strpos($this->config->getSystemValue('dbtype'), 'sqlite') !== false;
+    }
+
+    protected function isReadOnlyConfig(): bool {
+        return \OC_Helper::isReadOnlyConfigEnabled();
+    }
+
+    protected function hasValidTransactionIsolationLevel(): bool {
+        try {
+            if ($this->db->getDatabasePlatform() instanceof SqlitePlatform) {
+                return true;
+            }
+
+            return $this->db->getTransactionIsolation() === Connection::TRANSACTION_READ_COMMITTED;
+        } catch (DBALException $e) {
+            // ignore
+        }
+
+        return true;
+    }
+
+    protected function hasFileinfoInstalled(): bool {
+        return \OC_Util::fileInfoLoaded();
+    }
+
+    protected function hasWorkingFileLocking(): bool {
+        return !($this->lockingProvider instanceof NoopLockingProvider);
+    }
+
+    protected function getSuggestedOverwriteCliURL(): string {
+        $suggestedOverwriteCliUrl = '';
+        if ($this->config->getSystemValue('overwrite.cli.url', '') === '') {
+            $suggestedOverwriteCliUrl = $this->request->getServerProtocol() . '://' . $this->request->getInsecureServerHost() . \OC::$WEBROOT;
+            if (!$this->config->getSystemValue('config_is_read_only', false)) {
+                // Set the overwrite URL when it was not set yet.
+                $this->config->setSystemValue('overwrite.cli.url', $suggestedOverwriteCliUrl);
+                $suggestedOverwriteCliUrl = '';
+            }
+        }
+        return $suggestedOverwriteCliUrl;
+    }
+
+    protected function getLastCronInfo(): array {
+        $lastCronRun = $this->config->getAppValue('core', 'lastcron', 0);
+        return [
+            'diffInSeconds' => time() - $lastCronRun,
+            'relativeTime' => $this->dateTimeFormatter->formatTimeSpan($lastCronRun),
+            'backgroundJobsUrl' => $this->urlGenerator->linkToRoute('settings.AdminSettings.index', ['section' => 'server']) . '#backgroundjobs',
+        ];
+    }
+
+    protected function getCronErrors() {
+        $errors = json_decode($this->config->getAppValue('core', 'cronErrors', ''), true);
+
+        if (is_array($errors)) {
+            return $errors;
+        }
+
+        return [];
+    }
+
+    protected function isPHPMailerUsed(): bool {
+        return $this->config->getSystemValue('mail_smtpmode', 'smtp') === 'php';
+    }
+
+    protected function hasOpcacheLoaded(): bool {
+        return extension_loaded('Zend OPcache');
+    }
+
+    /**
+     * Iterates through the configured app roots and
+     * tests if the subdirectories are owned by the same user than the current user.
+     *
+     * @return array
+     */
+    protected function getAppDirsWithDifferentOwner(): array {
+        $currentUser = posix_getuid();
+        $appDirsWithDifferentOwner = [[]];
+
+        foreach (OC::$APPSROOTS as $appRoot) {
+            if ($appRoot['writable'] === true) {
+                $appDirsWithDifferentOwner[] = $this->getAppDirsWithDifferentOwnerForAppRoot($currentUser, $appRoot);
+            }
+        }
+
+        $appDirsWithDifferentOwner = array_merge(...$appDirsWithDifferentOwner);
+        sort($appDirsWithDifferentOwner);
+
+        return $appDirsWithDifferentOwner;
+    }
+
+    /**
+     * Tests if the directories for one apps directory are writable by the current user.
+     *
+     * @param int $currentUser The current user
+     * @param array $appRoot The app root config
+     * @return string[] The none writable directory paths inside the app root
+     */
+    private function getAppDirsWithDifferentOwnerForAppRoot(int $currentUser, array $appRoot): array {
+        $appDirsWithDifferentOwner = [];
+        $appsPath = $appRoot['path'];
+        $appsDir = new DirectoryIterator($appRoot['path']);
+
+        foreach ($appsDir as $fileInfo) {
+            if ($fileInfo->isDir() && !$fileInfo->isDot()) {
+                $absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename();
+                $appDirUser = fileowner($absAppPath);
+                if ($appDirUser !== $currentUser) {
+                    $appDirsWithDifferentOwner[] = $absAppPath;
+                }
+            }
+        }
+
+        return $appDirsWithDifferentOwner;
+    }
+
+    /**
+     * Checks for potential PHP modules that would improve the instance
+     *
+     * @return string[] A list of PHP modules that is recommended
+     */
+    protected function hasRecommendedPHPModules(): array {
+        $recommendedPHPModules = [];
+
+        if (!extension_loaded('intl')) {
+            $recommendedPHPModules[] = 'intl';
+        }
+
+        if (!extension_loaded('bcmath')) {
+            $recommendedPHPModules[] = 'bcmath';
+        }
+
+        if (!extension_loaded('gmp')) {
+            $recommendedPHPModules[] = 'gmp';
+        }
+
+        if ($this->config->getAppValue('theming', 'enabled', 'no') === 'yes') {
+            if (!extension_loaded('imagick')) {
+                $recommendedPHPModules[] = 'imagick';
+            }
+        }
+
+        return $recommendedPHPModules;
+    }
+
+    protected function isMysqlUsedWithoutUTF8MB4(): bool {
+        return ($this->config->getSystemValue('dbtype', 'sqlite') === 'mysql') && ($this->config->getSystemValue('mysql.utf8mb4', false) === false);
+    }
+
+    protected function hasBigIntConversionPendingColumns(): array {
+        // copy of ConvertFilecacheBigInt::getColumnsByTable()
+        $tables = [
+            'activity' => ['activity_id', 'object_id'],
+            'activity_mq' => ['mail_id'],
+            'authtoken' => ['id'],
+            'bruteforce_attempts' => ['id'],
+            'filecache' => ['fileid', 'storage', 'parent', 'mimetype', 'mimepart', 'mtime', 'storage_mtime'],
+            'file_locks' => ['id'],
+            'jobs' => ['id'],
+            'mimetypes' => ['id'],
+            'mounts' => ['id', 'storage_id', 'root_id', 'mount_id'],
+            'storages' => ['numeric_id'],
+        ];
+
+        $schema = new SchemaWrapper($this->db);
+        $isSqlite = $this->db->getDatabasePlatform() instanceof SqlitePlatform;
+        $pendingColumns = [];
+
+        foreach ($tables as $tableName => $columns) {
+            if (!$schema->hasTable($tableName)) {
+                continue;
+            }
+
+            $table = $schema->getTable($tableName);
+            foreach ($columns as $columnName) {
+                $column = $table->getColumn($columnName);
+                $isAutoIncrement = $column->getAutoincrement();
+                $isAutoIncrementOnSqlite = $isSqlite && $isAutoIncrement;
+                if ($column->getType()->getName() !== Types::BIGINT && !$isAutoIncrementOnSqlite) {
+                    $pendingColumns[] = $tableName . '.' . $columnName;
+                }
+            }
+        }
+
+        return $pendingColumns;
+    }
+
+    protected function isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(): bool {
+        $objectStore = $this->config->getSystemValue('objectstore', null);
+        $objectStoreMultibucket = $this->config->getSystemValue('objectstore_multibucket', null);
+
+        if (!isset($objectStoreMultibucket) && !isset($objectStore)) {
+            return true;
+        }
+
+        if (isset($objectStoreMultibucket['class']) && $objectStoreMultibucket['class'] !== 'OC\\Files\\ObjectStore\\S3') {
+            return true;
+        }
+
+        if (isset($objectStore['class']) && $objectStore['class'] !== 'OC\\Files\\ObjectStore\\S3') {
+            return true;
+        }
+
+        $tempPath = sys_get_temp_dir();
+        if (!is_dir($tempPath)) {
+            $this->logger->error('Error while checking the temporary PHP path - it was not properly set to a directory. value: ' . $tempPath);
+            return false;
+        }
+        $freeSpaceInTemp = disk_free_space($tempPath);
+        if ($freeSpaceInTemp === false) {
+            $this->logger->error('Error while checking the available disk space of temporary PHP path - no free disk space returned. temporary path: ' . $tempPath);
+            return false;
+        }
+
+        $freeSpaceInTempInGB = $freeSpaceInTemp / 1024 / 1024 / 1024;
+        if ($freeSpaceInTempInGB > 50) {
+            return true;
+        }
+
+        $this->logger->warning('Checking the available space in the temporary path resulted in ' . round($freeSpaceInTempInGB, 1) . ' GB instead of the recommended 50GB. Path: ' . $tempPath);
+        return false;
+    }
+
+    /**
+     * @return DataResponse
+     */
+    public function check() {
+        $phpDefaultCharset = new PhpDefaultCharset();
+        $phpOutputBuffering = new PhpOutputBuffering();
+        $legacySSEKeyFormat = new LegacySSEKeyFormat($this->l10n, $this->config, $this->urlGenerator);
+        return new DataResponse(
+            [
+                'isGetenvServerWorking' => !empty(getenv('PATH')),
+                'isReadOnlyConfig' => $this->isReadOnlyConfig(),
+                'hasValidTransactionIsolationLevel' => $this->hasValidTransactionIsolationLevel(),
+                'hasFileinfoInstalled' => $this->hasFileinfoInstalled(),
+                'hasWorkingFileLocking' => $this->hasWorkingFileLocking(),
+                'suggestedOverwriteCliURL' => $this->getSuggestedOverwriteCliURL(),
+                'cronInfo' => $this->getLastCronInfo(),
+                'cronErrors' => $this->getCronErrors(),
+                'serverHasInternetConnectionProblems' => $this->hasInternetConnectivityProblems(),
+                'isMemcacheConfigured' => $this->isMemcacheConfigured(),
+                'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
+                'isRandomnessSecure' => $this->isRandomnessSecure(),
+                'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
+                'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
+                'phpSupported' => $this->isPhpSupported(),
+                'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),
+                'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
+                'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
+                'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
+                'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
+                'isOpcacheProperlySetup' => $this->isOpcacheProperlySetup(),
+                'hasOpcacheLoaded' => $this->hasOpcacheLoaded(),
+                'phpOpcacheDocumentation' => $this->urlGenerator->linkToDocs('admin-php-opcache'),
+                'isSettimelimitAvailable' => $this->isSettimelimitAvailable(),
+                'hasFreeTypeSupport' => $this->hasFreeTypeSupport(),
+                'missingIndexes' => $this->hasMissingIndexes(),
+                'missingColumns' => $this->hasMissingColumns(),
+                'isSqliteUsed' => $this->isSqliteUsed(),
+                'databaseConversionDocumentation' => $this->urlGenerator->linkToDocs('admin-db-conversion'),
+                'isPHPMailerUsed' => $this->isPHPMailerUsed(),
+                'mailSettingsDocumentation' => $this->urlGenerator->getAbsoluteURL('index.php/settings/admin'),
+                'isMemoryLimitSufficient' => $this->memoryInfo->isMemoryLimitSufficient(),
+                'appDirsWithDifferentOwner' => $this->getAppDirsWithDifferentOwner(),
+                'recommendedPHPModules' => $this->hasRecommendedPHPModules(),
+                'pendingBigIntConversionColumns' => $this->hasBigIntConversionPendingColumns(),
+                'isMysqlUsedWithoutUTF8MB4' => $this->isMysqlUsedWithoutUTF8MB4(),
+                'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed' => $this->isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed(),
+                'reverseProxyGeneratedURL' => $this->urlGenerator->getAbsoluteURL('index.php'),
+                PhpDefaultCharset::class => ['pass' => $phpDefaultCharset->run(), 'description' => $phpDefaultCharset->description(), 'severity' => $phpDefaultCharset->severity()],
+                PhpOutputBuffering::class => ['pass' => $phpOutputBuffering->run(), 'description' => $phpOutputBuffering->description(), 'severity' => $phpOutputBuffering->severity()],
+                LegacySSEKeyFormat::class => ['pass' => $legacySSEKeyFormat->run(), 'description' => $legacySSEKeyFormat->description(), 'severity' => $legacySSEKeyFormat->severity(), 'linkToDocumentation' => $legacySSEKeyFormat->linkToDocumentation()],
+            ]
+        );
+    }
 }

Please login to merge, or discard this patch.

apps/settings/lib/SetupChecks/LegacySSEKeyFormat.php 1 patch

Indentation +28 added lines, -28 removed lines patch added patch discarded remove patch

@@ -32,32 +32,32 @@
 block discarded – undo
 use OCP\IURLGenerator;
 
 class LegacySSEKeyFormat {
-	/** @var IL10N */
-	private $l10n;
-	/** @var IConfig */
-	private $config;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) {
-		$this->l10n = $l10n;
-		$this->config = $config;
-		$this->urlGenerator = $urlGenerator;
-	}
-
-	public function description(): string {
-		return $this->l10n->t('The old server-side-encryption format is enabled. We recommend disabling this.');
-	}
-
-	public function severity(): string {
-		return 'warning';
-	}
-
-	public function run(): bool {
-		return $this->config->getSystemValueBool('encryption.legacy_format_support', false) === false;
-	}
-
-	public function linkToDocumentation(): string {
-		return $this->urlGenerator->linkToDocs('admin-sse-legacy-format');
-	}
+    /** @var IL10N */
+    private $l10n;
+    /** @var IConfig */
+    private $config;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) {
+        $this->l10n = $l10n;
+        $this->config = $config;
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    public function description(): string {
+        return $this->l10n->t('The old server-side-encryption format is enabled. We recommend disabling this.');
+    }
+
+    public function severity(): string {
+        return 'warning';
+    }
+
+    public function run(): bool {
+        return $this->config->getSystemValueBool('encryption.legacy_format_support', false) === false;
+    }
+
+    public function linkToDocumentation(): string {
+        return $this->urlGenerator->linkToDocs('admin-sse-legacy-format');
+    }
 }

Please login to merge, or discard this patch.

lib/private/Repair.php 1 patch

Indentation +173 added lines, -173 removed lines patch added patch discarded remove patch

@@ -68,177 +68,177 @@
 block discarded – undo
 
 class Repair implements IOutput {
 
-	/** @var IRepairStep[] */
-	private $repairSteps;
-
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-
-	/** @var string */
-	private $currentStep;
-
-	/**
-	 * Creates a new repair step runner
-	 *
-	 * @param IRepairStep[] $repairSteps array of RepairStep instances
-	 * @param EventDispatcherInterface $dispatcher
-	 */
-	public function __construct(array $repairSteps, EventDispatcherInterface $dispatcher) {
-		$this->repairSteps = $repairSteps;
-		$this->dispatcher  = $dispatcher;
-	}
-
-	/**
-	 * Run a series of repair steps for common problems
-	 */
-	public function run() {
-		if (count($this->repairSteps) === 0) {
-			$this->emit('\OC\Repair', 'info', ['No repair steps available']);
-
-			return;
-		}
-		// run each repair step
-		foreach ($this->repairSteps as $step) {
-			$this->currentStep = $step->getName();
-			$this->emit('\OC\Repair', 'step', [$this->currentStep]);
-			$step->run($this);
-		}
-	}
-
-	/**
-	 * Add repair step
-	 *
-	 * @param IRepairStep|string $repairStep repair step
-	 * @throws \Exception
-	 */
-	public function addStep($repairStep) {
-		if (is_string($repairStep)) {
-			try {
-				$s = \OC::$server->query($repairStep);
-			} catch (QueryException $e) {
-				if (class_exists($repairStep)) {
-					$s = new $repairStep();
-				} else {
-					throw new \Exception("Repair step '$repairStep' is unknown");
-				}
-			}
-
-			if ($s instanceof IRepairStep) {
-				$this->repairSteps[] = $s;
-			} else {
-				throw new \Exception("Repair step '$repairStep' is not of type \\OCP\\Migration\\IRepairStep");
-			}
-		} else {
-			$this->repairSteps[] = $repairStep;
-		}
-	}
-
-	/**
-	 * Returns the default repair steps to be run on the
-	 * command line or after an upgrade.
-	 *
-	 * @return IRepairStep[]
-	 */
-	public static function getRepairSteps() {
-		return [
-			new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->getDatabaseConnection(), false),
-			new RepairMimeTypes(\OC::$server->getConfig()),
-			new CleanTags(\OC::$server->getDatabaseConnection(), \OC::$server->getUserManager()),
-			new RepairInvalidShares(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()),
-			new MoveUpdaterStepFile(\OC::$server->getConfig()),
-			new FixMountStorages(\OC::$server->getDatabaseConnection()),
-			new AddLogRotateJob(\OC::$server->getJobList()),
-			new ClearFrontendCaches(\OC::$server->getMemCacheFactory(), \OC::$server->query(SCSSCacher::class), \OC::$server->query(JSCombiner::class)),
-			new ClearGeneratedAvatarCache(\OC::$server->getConfig(), \OC::$server->query(AvatarManager::class)),
-			new AddPreviewBackgroundCleanupJob(\OC::$server->getJobList()),
-			new AddCleanupUpdaterBackupsJob(\OC::$server->getJobList()),
-			new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()),
-			new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()),
-			new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
-			new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
-			\OC::$server->query(ResetGeneratedAvatarFlag::class),
-			\OC::$server->query(EncryptionLegacyCipher::class),
-		];
-	}
-
-	/**
-	 * Returns expensive repair steps to be run on the
-	 * command line with a special option.
-	 *
-	 * @return IRepairStep[]
-	 */
-	public static function getExpensiveRepairSteps() {
-		return [
-			new OldGroupMembershipShares(\OC::$server->getDatabaseConnection(), \OC::$server->getGroupManager())
-		];
-	}
-
-	/**
-	 * Returns the repair steps to be run before an
-	 * upgrade.
-	 *
-	 * @return IRepairStep[]
-	 */
-	public static function getBeforeUpgradeRepairSteps() {
-		$connection = \OC::$server->getDatabaseConnection();
-		$config     = \OC::$server->getConfig();
-		$steps      = [
-			new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), $connection, true),
-			new SqliteAutoincrement($connection),
-			new SaveAccountsTableData($connection, $config),
-			new DropAccountTermsTable($connection)
-		];
-
-		return $steps;
-	}
-
-	/**
-	 * @param string $scope
-	 * @param string $method
-	 * @param array $arguments
-	 */
-	public function emit($scope, $method, array $arguments = []) {
-		if (!is_null($this->dispatcher)) {
-			$this->dispatcher->dispatch("$scope::$method",
-				new GenericEvent("$scope::$method", $arguments));
-		}
-	}
-
-	public function info($string) {
-		// for now just emit as we did in the past
-		$this->emit('\OC\Repair', 'info', [$string]);
-	}
-
-	/**
-	 * @param string $message
-	 */
-	public function warning($message) {
-		// for now just emit as we did in the past
-		$this->emit('\OC\Repair', 'warning', [$message]);
-	}
-
-	/**
-	 * @param int $max
-	 */
-	public function startProgress($max = 0) {
-		// for now just emit as we did in the past
-		$this->emit('\OC\Repair', 'startProgress', [$max, $this->currentStep]);
-	}
-
-	/**
-	 * @param int $step
-	 * @param string $description
-	 */
-	public function advance($step = 1, $description = '') {
-		// for now just emit as we did in the past
-		$this->emit('\OC\Repair', 'advance', [$step, $description]);
-	}
-
-	/**
-	 * @param int $max
-	 */
-	public function finishProgress() {
-		// for now just emit as we did in the past
-		$this->emit('\OC\Repair', 'finishProgress', []);
-	}
+    /** @var IRepairStep[] */
+    private $repairSteps;
+
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+
+    /** @var string */
+    private $currentStep;
+
+    /**
+     * Creates a new repair step runner
+     *
+     * @param IRepairStep[] $repairSteps array of RepairStep instances
+     * @param EventDispatcherInterface $dispatcher
+     */
+    public function __construct(array $repairSteps, EventDispatcherInterface $dispatcher) {
+        $this->repairSteps = $repairSteps;
+        $this->dispatcher  = $dispatcher;
+    }
+
+    /**
+     * Run a series of repair steps for common problems
+     */
+    public function run() {
+        if (count($this->repairSteps) === 0) {
+            $this->emit('\OC\Repair', 'info', ['No repair steps available']);
+
+            return;
+        }
+        // run each repair step
+        foreach ($this->repairSteps as $step) {
+            $this->currentStep = $step->getName();
+            $this->emit('\OC\Repair', 'step', [$this->currentStep]);
+            $step->run($this);
+        }
+    }
+
+    /**
+     * Add repair step
+     *
+     * @param IRepairStep|string $repairStep repair step
+     * @throws \Exception
+     */
+    public function addStep($repairStep) {
+        if (is_string($repairStep)) {
+            try {
+                $s = \OC::$server->query($repairStep);
+            } catch (QueryException $e) {
+                if (class_exists($repairStep)) {
+                    $s = new $repairStep();
+                } else {
+                    throw new \Exception("Repair step '$repairStep' is unknown");
+                }
+            }
+
+            if ($s instanceof IRepairStep) {
+                $this->repairSteps[] = $s;
+            } else {
+                throw new \Exception("Repair step '$repairStep' is not of type \\OCP\\Migration\\IRepairStep");
+            }
+        } else {
+            $this->repairSteps[] = $repairStep;
+        }
+    }
+
+    /**
+     * Returns the default repair steps to be run on the
+     * command line or after an upgrade.
+     *
+     * @return IRepairStep[]
+     */
+    public static function getRepairSteps() {
+        return [
+            new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->getDatabaseConnection(), false),
+            new RepairMimeTypes(\OC::$server->getConfig()),
+            new CleanTags(\OC::$server->getDatabaseConnection(), \OC::$server->getUserManager()),
+            new RepairInvalidShares(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()),
+            new MoveUpdaterStepFile(\OC::$server->getConfig()),
+            new FixMountStorages(\OC::$server->getDatabaseConnection()),
+            new AddLogRotateJob(\OC::$server->getJobList()),
+            new ClearFrontendCaches(\OC::$server->getMemCacheFactory(), \OC::$server->query(SCSSCacher::class), \OC::$server->query(JSCombiner::class)),
+            new ClearGeneratedAvatarCache(\OC::$server->getConfig(), \OC::$server->query(AvatarManager::class)),
+            new AddPreviewBackgroundCleanupJob(\OC::$server->getJobList()),
+            new AddCleanupUpdaterBackupsJob(\OC::$server->getJobList()),
+            new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()),
+            new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()),
+            new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
+            new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
+            \OC::$server->query(ResetGeneratedAvatarFlag::class),
+            \OC::$server->query(EncryptionLegacyCipher::class),
+        ];
+    }
+
+    /**
+     * Returns expensive repair steps to be run on the
+     * command line with a special option.
+     *
+     * @return IRepairStep[]
+     */
+    public static function getExpensiveRepairSteps() {
+        return [
+            new OldGroupMembershipShares(\OC::$server->getDatabaseConnection(), \OC::$server->getGroupManager())
+        ];
+    }
+
+    /**
+     * Returns the repair steps to be run before an
+     * upgrade.
+     *
+     * @return IRepairStep[]
+     */
+    public static function getBeforeUpgradeRepairSteps() {
+        $connection = \OC::$server->getDatabaseConnection();
+        $config     = \OC::$server->getConfig();
+        $steps      = [
+            new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), $connection, true),
+            new SqliteAutoincrement($connection),
+            new SaveAccountsTableData($connection, $config),
+            new DropAccountTermsTable($connection)
+        ];
+
+        return $steps;
+    }
+
+    /**
+     * @param string $scope
+     * @param string $method
+     * @param array $arguments
+     */
+    public function emit($scope, $method, array $arguments = []) {
+        if (!is_null($this->dispatcher)) {
+            $this->dispatcher->dispatch("$scope::$method",
+                new GenericEvent("$scope::$method", $arguments));
+        }
+    }
+
+    public function info($string) {
+        // for now just emit as we did in the past
+        $this->emit('\OC\Repair', 'info', [$string]);
+    }
+
+    /**
+     * @param string $message
+     */
+    public function warning($message) {
+        // for now just emit as we did in the past
+        $this->emit('\OC\Repair', 'warning', [$message]);
+    }
+
+    /**
+     * @param int $max
+     */
+    public function startProgress($max = 0) {
+        // for now just emit as we did in the past
+        $this->emit('\OC\Repair', 'startProgress', [$max, $this->currentStep]);
+    }
+
+    /**
+     * @param int $step
+     * @param string $description
+     */
+    public function advance($step = 1, $description = '') {
+        // for now just emit as we did in the past
+        $this->emit('\OC\Repair', 'advance', [$step, $description]);
+    }
+
+    /**
+     * @param int $max
+     */
+    public function finishProgress() {
+        // for now just emit as we did in the past
+        $this->emit('\OC\Repair', 'finishProgress', []);
+    }
 }

Please login to merge, or discard this patch.

lib/private/Files/Storage/Wrapper/Encryption.php 1 patch

Indentation +988 added lines, -988 removed lines patch added patch discarded remove patch

@@ -51,992 +51,992 @@
 block discarded – undo
 use OCP\ILogger;
 
 class Encryption extends Wrapper {
-	use LocalTempFileTrait;
-
-	/** @var string */
-	private $mountPoint;
-
-	/** @var \OC\Encryption\Util */
-	private $util;
-
-	/** @var \OCP\Encryption\IManager */
-	private $encryptionManager;
-
-	/** @var \OCP\ILogger */
-	private $logger;
-
-	/** @var string */
-	private $uid;
-
-	/** @var array */
-	protected $unencryptedSize;
-
-	/** @var \OCP\Encryption\IFile */
-	private $fileHelper;
-
-	/** @var IMountPoint */
-	private $mount;
-
-	/** @var IStorage */
-	private $keyStorage;
-
-	/** @var Update */
-	private $update;
-
-	/** @var Manager */
-	private $mountManager;
-
-	/** @var array remember for which path we execute the repair step to avoid recursions */
-	private $fixUnencryptedSizeOf = [];
-
-	/** @var  ArrayCache */
-	private $arrayCache;
-
-	/**
-	 * @param array $parameters
-	 * @param IManager $encryptionManager
-	 * @param Util $util
-	 * @param ILogger $logger
-	 * @param IFile $fileHelper
-	 * @param string $uid
-	 * @param IStorage $keyStorage
-	 * @param Update $update
-	 * @param Manager $mountManager
-	 * @param ArrayCache $arrayCache
-	 */
-	public function __construct(
-		$parameters,
-		IManager $encryptionManager = null,
-		Util $util = null,
-		ILogger $logger = null,
-		IFile $fileHelper = null,
-		$uid = null,
-		IStorage $keyStorage = null,
-		Update $update = null,
-		Manager $mountManager = null,
-		ArrayCache $arrayCache = null
-	) {
-		$this->mountPoint = $parameters['mountPoint'];
-		$this->mount = $parameters['mount'];
-		$this->encryptionManager = $encryptionManager;
-		$this->util = $util;
-		$this->logger = $logger;
-		$this->uid = $uid;
-		$this->fileHelper = $fileHelper;
-		$this->keyStorage = $keyStorage;
-		$this->unencryptedSize = [];
-		$this->update = $update;
-		$this->mountManager = $mountManager;
-		$this->arrayCache = $arrayCache;
-		parent::__construct($parameters);
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.filesize.php
-	 * The result for filesize when called on a folder is required to be 0
-	 *
-	 * @param string $path
-	 * @return int
-	 */
-	public function filesize($path) {
-		$fullPath = $this->getFullPath($path);
-
-		/** @var CacheEntry $info */
-		$info = $this->getCache()->get($path);
-		if (isset($this->unencryptedSize[$fullPath])) {
-			$size = $this->unencryptedSize[$fullPath];
-			// update file cache
-			if ($info instanceof ICacheEntry) {
-				$info = $info->getData();
-				$info['encrypted'] = $info['encryptedVersion'];
-			} else {
-				if (!is_array($info)) {
-					$info = [];
-				}
-				$info['encrypted'] = true;
-			}
-
-			$info['size'] = $size;
-			$this->getCache()->put($path, $info);
-
-			return $size;
-		}
-
-		if (isset($info['fileid']) && $info['encrypted']) {
-			return $this->verifyUnencryptedSize($path, $info['size']);
-		}
-
-		return $this->storage->filesize($path);
-	}
-
-	private function modifyMetaData(string $path, array $data): array {
-		$fullPath = $this->getFullPath($path);
-		$info = $this->getCache()->get($path);
-
-		if (isset($this->unencryptedSize[$fullPath])) {
-			$data['encrypted'] = true;
-			$data['size'] = $this->unencryptedSize[$fullPath];
-		} else {
-			if (isset($info['fileid']) && $info['encrypted']) {
-				$data['size'] = $this->verifyUnencryptedSize($path, $info['size']);
-				$data['encrypted'] = true;
-			}
-		}
-
-		if (isset($info['encryptedVersion']) && $info['encryptedVersion'] > 1) {
-			$data['encryptedVersion'] = $info['encryptedVersion'];
-		}
-
-		return $data;
-	}
-
-	/**
-	 * @param string $path
-	 * @return array
-	 */
-	public function getMetaData($path) {
-		$data = $this->storage->getMetaData($path);
-		if (is_null($data)) {
-			return null;
-		}
-		return $this->modifyMetaData($path, $data);
-	}
-
-	public function getDirectoryContent($directory): \Traversable {
-		$parent = rtrim($directory, '/');
-		foreach ($this->getWrapperStorage()->getDirectoryContent($directory) as $data) {
-			yield $this->modifyMetaData($parent . '/' . $data['name'], $data);
-		}
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.file_get_contents.php
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function file_get_contents($path) {
-		$encryptionModule = $this->getEncryptionModule($path);
-
-		if ($encryptionModule) {
-			$handle = $this->fopen($path, "r");
-			if (!$handle) {
-				return false;
-			}
-			$data = stream_get_contents($handle);
-			fclose($handle);
-			return $data;
-		}
-		return $this->storage->file_get_contents($path);
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.file_put_contents.php
-	 *
-	 * @param string $path
-	 * @param string $data
-	 * @return bool
-	 */
-	public function file_put_contents($path, $data) {
-		// file put content will always be translated to a stream write
-		$handle = $this->fopen($path, 'w');
-		if (is_resource($handle)) {
-			$written = fwrite($handle, $data);
-			fclose($handle);
-			return $written;
-		}
-
-		return false;
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.unlink.php
-	 *
-	 * @param string $path
-	 * @return bool
-	 */
-	public function unlink($path) {
-		$fullPath = $this->getFullPath($path);
-		if ($this->util->isExcluded($fullPath)) {
-			return $this->storage->unlink($path);
-		}
-
-		$encryptionModule = $this->getEncryptionModule($path);
-		if ($encryptionModule) {
-			$this->keyStorage->deleteAllFileKeys($this->getFullPath($path));
-		}
-
-		return $this->storage->unlink($path);
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.rename.php
-	 *
-	 * @param string $path1
-	 * @param string $path2
-	 * @return bool
-	 */
-	public function rename($path1, $path2) {
-		$result = $this->storage->rename($path1, $path2);
-
-		if ($result &&
-			// versions always use the keys from the original file, so we can skip
-			// this step for versions
-			$this->isVersion($path2) === false &&
-			$this->encryptionManager->isEnabled()) {
-			$source = $this->getFullPath($path1);
-			if (!$this->util->isExcluded($source)) {
-				$target = $this->getFullPath($path2);
-				if (isset($this->unencryptedSize[$source])) {
-					$this->unencryptedSize[$target] = $this->unencryptedSize[$source];
-				}
-				$this->keyStorage->renameKeys($source, $target);
-				$module = $this->getEncryptionModule($path2);
-				if ($module) {
-					$module->update($target, $this->uid, []);
-				}
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.rmdir.php
-	 *
-	 * @param string $path
-	 * @return bool
-	 */
-	public function rmdir($path) {
-		$result = $this->storage->rmdir($path);
-		$fullPath = $this->getFullPath($path);
-		if ($result &&
-			$this->util->isExcluded($fullPath) === false &&
-			$this->encryptionManager->isEnabled()
-		) {
-			$this->keyStorage->deleteAllFileKeys($fullPath);
-		}
-
-		return $result;
-	}
-
-	/**
-	 * check if a file can be read
-	 *
-	 * @param string $path
-	 * @return bool
-	 */
-	public function isReadable($path) {
-		$isReadable = true;
-
-		$metaData = $this->getMetaData($path);
-		if (
-			!$this->is_dir($path) &&
-			isset($metaData['encrypted']) &&
-			$metaData['encrypted'] === true
-		) {
-			$fullPath = $this->getFullPath($path);
-			$module = $this->getEncryptionModule($path);
-			$isReadable = $module->isReadable($fullPath, $this->uid);
-		}
-
-		return $this->storage->isReadable($path) && $isReadable;
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.copy.php
-	 *
-	 * @param string $path1
-	 * @param string $path2
-	 * @return bool
-	 */
-	public function copy($path1, $path2) {
-		$source = $this->getFullPath($path1);
-
-		if ($this->util->isExcluded($source)) {
-			return $this->storage->copy($path1, $path2);
-		}
-
-		// need to stream copy file by file in case we copy between a encrypted
-		// and a unencrypted storage
-		$this->unlink($path2);
-		return $this->copyFromStorage($this, $path1, $path2);
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.fopen.php
-	 *
-	 * @param string $path
-	 * @param string $mode
-	 * @return resource|bool
-	 * @throws GenericEncryptionException
-	 * @throws ModuleDoesNotExistsException
-	 */
-	public function fopen($path, $mode) {
-
-		// check if the file is stored in the array cache, this means that we
-		// copy a file over to the versions folder, in this case we don't want to
-		// decrypt it
-		if ($this->arrayCache->hasKey('encryption_copy_version_' . $path)) {
-			$this->arrayCache->remove('encryption_copy_version_' . $path);
-			return $this->storage->fopen($path, $mode);
-		}
-
-		$encryptionEnabled = $this->encryptionManager->isEnabled();
-		$shouldEncrypt = false;
-		$encryptionModule = null;
-		$header = $this->getHeader($path);
-		$signed = isset($header['signed']) && $header['signed'] === 'true';
-		$fullPath = $this->getFullPath($path);
-		$encryptionModuleId = $this->util->getEncryptionModuleId($header);
-
-		if ($this->util->isExcluded($fullPath) === false) {
-			$size = $unencryptedSize = 0;
-			$realFile = $this->util->stripPartialFileExtension($path);
-			$targetExists = $this->file_exists($realFile) || $this->file_exists($path);
-			$targetIsEncrypted = false;
-			if ($targetExists) {
-				// in case the file exists we require the explicit module as
-				// specified in the file header - otherwise we need to fail hard to
-				// prevent data loss on client side
-				if (!empty($encryptionModuleId)) {
-					$targetIsEncrypted = true;
-					$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
-				}
-
-				if ($this->file_exists($path)) {
-					$size = $this->storage->filesize($path);
-					$unencryptedSize = $this->filesize($path);
-				} else {
-					$size = $unencryptedSize = 0;
-				}
-			}
-
-			try {
-				if (
-					$mode === 'w'
-					|| $mode === 'w+'
-					|| $mode === 'wb'
-					|| $mode === 'wb+'
-				) {
-					// if we update a encrypted file with a un-encrypted one we change the db flag
-					if ($targetIsEncrypted && $encryptionEnabled === false) {
-						$cache = $this->storage->getCache();
-						if ($cache) {
-							$entry = $cache->get($path);
-							$cache->update($entry->getId(), ['encrypted' => 0]);
-						}
-					}
-					if ($encryptionEnabled) {
-						// if $encryptionModuleId is empty, the default module will be used
-						$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
-						$shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath);
-						$signed = true;
-					}
-				} else {
-					$info = $this->getCache()->get($path);
-					// only get encryption module if we found one in the header
-					// or if file should be encrypted according to the file cache
-					if (!empty($encryptionModuleId)) {
-						$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
-						$shouldEncrypt = true;
-					} elseif (empty($encryptionModuleId) && $info['encrypted'] === true) {
-						// we come from a old installation. No header and/or no module defined
-						// but the file is encrypted. In this case we need to use the
-						// OC_DEFAULT_MODULE to read the file
-						$encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE');
-						$shouldEncrypt = true;
-						$targetIsEncrypted = true;
-					}
-				}
-			} catch (ModuleDoesNotExistsException $e) {
-				$this->logger->logException($e, [
-					'message' => 'Encryption module "' . $encryptionModuleId . '" not found, file will be stored unencrypted',
-					'level' => ILogger::WARN,
-					'app' => 'core',
-				]);
-			}
-
-			// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
-			if (!$encryptionEnabled || !$this->shouldEncrypt($path)) {
-				if (!$targetExists || !$targetIsEncrypted) {
-					$shouldEncrypt = false;
-				}
-			}
-
-			if ($shouldEncrypt === true && $encryptionModule !== null) {
-				$headerSize = $this->getHeaderSize($path);
-				$source = $this->storage->fopen($path, $mode);
-				if (!is_resource($source)) {
-					return false;
-				}
-				$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
-					$this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode,
-					$size, $unencryptedSize, $headerSize, $signed);
-				return $handle;
-			}
-		}
-
-		return $this->storage->fopen($path, $mode);
-	}
-
-
-	/**
-	 * perform some plausibility checks if the the unencrypted size is correct.
-	 * If not, we calculate the correct unencrypted size and return it
-	 *
-	 * @param string $path internal path relative to the storage root
-	 * @param int $unencryptedSize size of the unencrypted file
-	 *
-	 * @return int unencrypted size
-	 */
-	protected function verifyUnencryptedSize($path, $unencryptedSize) {
-		$size = $this->storage->filesize($path);
-		$result = $unencryptedSize;
-
-		if ($unencryptedSize < 0 ||
-			($size > 0 && $unencryptedSize === $size)
-		) {
-			// check if we already calculate the unencrypted size for the
-			// given path to avoid recursions
-			if (isset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]) === false) {
-				$this->fixUnencryptedSizeOf[$this->getFullPath($path)] = true;
-				try {
-					$result = $this->fixUnencryptedSize($path, $size, $unencryptedSize);
-				} catch (\Exception $e) {
-					$this->logger->error('Couldn\'t re-calculate unencrypted size for ' . $path);
-					$this->logger->logException($e);
-				}
-				unset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]);
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * calculate the unencrypted size
-	 *
-	 * @param string $path internal path relative to the storage root
-	 * @param int $size size of the physical file
-	 * @param int $unencryptedSize size of the unencrypted file
-	 *
-	 * @return int calculated unencrypted size
-	 */
-	protected function fixUnencryptedSize($path, $size, $unencryptedSize) {
-		$headerSize = $this->getHeaderSize($path);
-		$header = $this->getHeader($path);
-		$encryptionModule = $this->getEncryptionModule($path);
-
-		$stream = $this->storage->fopen($path, 'r');
-
-		// if we couldn't open the file we return the old unencrypted size
-		if (!is_resource($stream)) {
-			$this->logger->error('Could not open ' . $path . '. Recalculation of unencrypted size aborted.');
-			return $unencryptedSize;
-		}
-
-		$newUnencryptedSize = 0;
-		$size -= $headerSize;
-		$blockSize = $this->util->getBlockSize();
-
-		// if a header exists we skip it
-		if ($headerSize > 0) {
-			fread($stream, $headerSize);
-		}
-
-		// fast path, else the calculation for $lastChunkNr is bogus
-		if ($size === 0) {
-			return 0;
-		}
-
-		$signed = isset($header['signed']) && $header['signed'] === 'true';
-		$unencryptedBlockSize = $encryptionModule->getUnencryptedBlockSize($signed);
-
-		// calculate last chunk nr
-		// next highest is end of chunks, one subtracted is last one
-		// we have to read the last chunk, we can't just calculate it (because of padding etc)
-
-		$lastChunkNr = ceil($size / $blockSize) - 1;
-		// calculate last chunk position
-		$lastChunkPos = ($lastChunkNr * $blockSize);
-		// try to fseek to the last chunk, if it fails we have to read the whole file
-		if (@fseek($stream, $lastChunkPos, SEEK_CUR) === 0) {
-			$newUnencryptedSize += $lastChunkNr * $unencryptedBlockSize;
-		}
-
-		$lastChunkContentEncrypted = '';
-		$count = $blockSize;
-
-		while ($count > 0) {
-			$data = fread($stream, $blockSize);
-			$count = strlen($data);
-			$lastChunkContentEncrypted .= $data;
-			if (strlen($lastChunkContentEncrypted) > $blockSize) {
-				$newUnencryptedSize += $unencryptedBlockSize;
-				$lastChunkContentEncrypted = substr($lastChunkContentEncrypted, $blockSize);
-			}
-		}
-
-		fclose($stream);
-
-		// we have to decrypt the last chunk to get it actual size
-		$encryptionModule->begin($this->getFullPath($path), $this->uid, 'r', $header, []);
-		$decryptedLastChunk = $encryptionModule->decrypt($lastChunkContentEncrypted, $lastChunkNr . 'end');
-		$decryptedLastChunk .= $encryptionModule->end($this->getFullPath($path), $lastChunkNr . 'end');
-
-		// calc the real file size with the size of the last chunk
-		$newUnencryptedSize += strlen($decryptedLastChunk);
-
-		$this->updateUnencryptedSize($this->getFullPath($path), $newUnencryptedSize);
-
-		// write to cache if applicable
-		$cache = $this->storage->getCache();
-		if ($cache) {
-			$entry = $cache->get($path);
-			$cache->update($entry['fileid'], ['size' => $newUnencryptedSize]);
-		}
-
-		return $newUnencryptedSize;
-	}
-
-	/**
-	 * @param Storage\IStorage $sourceStorage
-	 * @param string $sourceInternalPath
-	 * @param string $targetInternalPath
-	 * @param bool $preserveMtime
-	 * @return bool
-	 */
-	public function moveFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = true) {
-		if ($sourceStorage === $this) {
-			return $this->rename($sourceInternalPath, $targetInternalPath);
-		}
-
-		// TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
-		// - call $this->storage->moveFromStorage() instead of $this->copyBetweenStorage
-		// - copy the file cache update from  $this->copyBetweenStorage to this method
-		// - copy the copyKeys() call from  $this->copyBetweenStorage to this method
-		// - remove $this->copyBetweenStorage
-
-		if (!$sourceStorage->isDeletable($sourceInternalPath)) {
-			return false;
-		}
-
-		$result = $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, true);
-		if ($result) {
-			if ($sourceStorage->is_dir($sourceInternalPath)) {
-				$result &= $sourceStorage->rmdir($sourceInternalPath);
-			} else {
-				$result &= $sourceStorage->unlink($sourceInternalPath);
-			}
-		}
-		return $result;
-	}
-
-
-	/**
-	 * @param Storage\IStorage $sourceStorage
-	 * @param string $sourceInternalPath
-	 * @param string $targetInternalPath
-	 * @param bool $preserveMtime
-	 * @param bool $isRename
-	 * @return bool
-	 */
-	public function copyFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false, $isRename = false) {
-
-		// TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
-		// - call $this->storage->copyFromStorage() instead of $this->copyBetweenStorage
-		// - copy the file cache update from  $this->copyBetweenStorage to this method
-		// - copy the copyKeys() call from  $this->copyBetweenStorage to this method
-		// - remove $this->copyBetweenStorage
-
-		return $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename);
-	}
-
-	/**
-	 * Update the encrypted cache version in the database
-	 *
-	 * @param Storage\IStorage $sourceStorage
-	 * @param string $sourceInternalPath
-	 * @param string $targetInternalPath
-	 * @param bool $isRename
-	 * @param bool $keepEncryptionVersion
-	 */
-	private function updateEncryptedVersion(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, $keepEncryptionVersion) {
-		$isEncrypted = $this->encryptionManager->isEnabled() && $this->shouldEncrypt($targetInternalPath);
-		$cacheInformation = [
-			'encrypted' => $isEncrypted,
-		];
-		if ($isEncrypted) {
-			$encryptedVersion = $sourceStorage->getCache()->get($sourceInternalPath)['encryptedVersion'];
-
-			// In case of a move operation from an unencrypted to an encrypted
-			// storage the old encrypted version would stay with "0" while the
-			// correct value would be "1". Thus we manually set the value to "1"
-			// for those cases.
-			// See also https://github.com/owncloud/core/issues/23078
-			if ($encryptedVersion === 0 || !$keepEncryptionVersion) {
-				$encryptedVersion = 1;
-			}
-
-			$cacheInformation['encryptedVersion'] = $encryptedVersion;
-		}
-
-		// in case of a rename we need to manipulate the source cache because
-		// this information will be kept for the new target
-		if ($isRename) {
-			$sourceStorage->getCache()->put($sourceInternalPath, $cacheInformation);
-		} else {
-			$this->getCache()->put($targetInternalPath, $cacheInformation);
-		}
-	}
-
-	/**
-	 * copy file between two storages
-	 *
-	 * @param Storage\IStorage $sourceStorage
-	 * @param string $sourceInternalPath
-	 * @param string $targetInternalPath
-	 * @param bool $preserveMtime
-	 * @param bool $isRename
-	 * @return bool
-	 * @throws \Exception
-	 */
-	private function copyBetweenStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename) {
-
-		// for versions we have nothing to do, because versions should always use the
-		// key from the original file. Just create a 1:1 copy and done
-		if ($this->isVersion($targetInternalPath) ||
-			$this->isVersion($sourceInternalPath)) {
-			// remember that we try to create a version so that we can detect it during
-			// fopen($sourceInternalPath) and by-pass the encryption in order to
-			// create a 1:1 copy of the file
-			$this->arrayCache->set('encryption_copy_version_' . $sourceInternalPath, true);
-			$result = $this->storage->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
-			$this->arrayCache->remove('encryption_copy_version_' . $sourceInternalPath);
-			if ($result) {
-				$info = $this->getCache('', $sourceStorage)->get($sourceInternalPath);
-				// make sure that we update the unencrypted size for the version
-				if (isset($info['encrypted']) && $info['encrypted'] === true) {
-					$this->updateUnencryptedSize(
-						$this->getFullPath($targetInternalPath),
-						$info['size']
-					);
-				}
-				$this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, true);
-			}
-			return $result;
-		}
-
-		// first copy the keys that we reuse the existing file key on the target location
-		// and don't create a new one which would break versions for example.
-		$mount = $this->mountManager->findByStorageId($sourceStorage->getId());
-		if (count($mount) === 1) {
-			$mountPoint = $mount[0]->getMountPoint();
-			$source = $mountPoint . '/' . $sourceInternalPath;
-			$target = $this->getFullPath($targetInternalPath);
-			$this->copyKeys($source, $target);
-		} else {
-			$this->logger->error('Could not find mount point, can\'t keep encryption keys');
-		}
-
-		if ($sourceStorage->is_dir($sourceInternalPath)) {
-			$dh = $sourceStorage->opendir($sourceInternalPath);
-			$result = $this->mkdir($targetInternalPath);
-			if (is_resource($dh)) {
-				while ($result and ($file = readdir($dh)) !== false) {
-					if (!Filesystem::isIgnoredDir($file)) {
-						$result &= $this->copyFromStorage($sourceStorage, $sourceInternalPath . '/' . $file, $targetInternalPath . '/' . $file, false, $isRename);
-					}
-				}
-			}
-		} else {
-			try {
-				$source = $sourceStorage->fopen($sourceInternalPath, 'r');
-				$target = $this->fopen($targetInternalPath, 'w');
-				[, $result] = \OC_Helper::streamCopy($source, $target);
-				fclose($source);
-				fclose($target);
-			} catch (\Exception $e) {
-				fclose($source);
-				fclose($target);
-				throw $e;
-			}
-			if ($result) {
-				if ($preserveMtime) {
-					$this->touch($targetInternalPath, $sourceStorage->filemtime($sourceInternalPath));
-				}
-				$this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, false);
-			} else {
-				// delete partially written target file
-				$this->unlink($targetInternalPath);
-				// delete cache entry that was created by fopen
-				$this->getCache()->remove($targetInternalPath);
-			}
-		}
-		return (bool)$result;
-	}
-
-	/**
-	 * get the path to a local version of the file.
-	 * The local version of the file can be temporary and doesn't have to be persistent across requests
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function getLocalFile($path) {
-		if ($this->encryptionManager->isEnabled()) {
-			$cachedFile = $this->getCachedFile($path);
-			if (is_string($cachedFile)) {
-				return $cachedFile;
-			}
-		}
-		return $this->storage->getLocalFile($path);
-	}
-
-	/**
-	 * Returns the wrapped storage's value for isLocal()
-	 *
-	 * @return bool wrapped storage's isLocal() value
-	 */
-	public function isLocal() {
-		if ($this->encryptionManager->isEnabled()) {
-			return false;
-		}
-		return $this->storage->isLocal();
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.stat.php
-	 * only the following keys are required in the result: size and mtime
-	 *
-	 * @param string $path
-	 * @return array
-	 */
-	public function stat($path) {
-		$stat = $this->storage->stat($path);
-		$fileSize = $this->filesize($path);
-		$stat['size'] = $fileSize;
-		$stat[7] = $fileSize;
-		$stat['hasHeader'] = $this->getHeaderSize($path) > 0;
-		return $stat;
-	}
-
-	/**
-	 * see http://php.net/manual/en/function.hash.php
-	 *
-	 * @param string $type
-	 * @param string $path
-	 * @param bool $raw
-	 * @return string
-	 */
-	public function hash($type, $path, $raw = false) {
-		$fh = $this->fopen($path, 'rb');
-		$ctx = hash_init($type);
-		hash_update_stream($ctx, $fh);
-		fclose($fh);
-		return hash_final($ctx, $raw);
-	}
-
-	/**
-	 * return full path, including mount point
-	 *
-	 * @param string $path relative to mount point
-	 * @return string full path including mount point
-	 */
-	protected function getFullPath($path) {
-		return Filesystem::normalizePath($this->mountPoint . '/' . $path);
-	}
-
-	/**
-	 * read first block of encrypted file, typically this will contain the
-	 * encryption header
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function readFirstBlock($path) {
-		$firstBlock = '';
-		if ($this->storage->file_exists($path)) {
-			$handle = $this->storage->fopen($path, 'r');
-			$firstBlock = fread($handle, $this->util->getHeaderSize());
-			fclose($handle);
-		}
-		return $firstBlock;
-	}
-
-	/**
-	 * return header size of given file
-	 *
-	 * @param string $path
-	 * @return int
-	 */
-	protected function getHeaderSize($path) {
-		$headerSize = 0;
-		$realFile = $this->util->stripPartialFileExtension($path);
-		if ($this->storage->file_exists($realFile)) {
-			$path = $realFile;
-		}
-		$firstBlock = $this->readFirstBlock($path);
-
-		if (substr($firstBlock, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
-			$headerSize = $this->util->getHeaderSize();
-		}
-
-		return $headerSize;
-	}
-
-	/**
-	 * parse raw header to array
-	 *
-	 * @param string $rawHeader
-	 * @return array
-	 */
-	protected function parseRawHeader($rawHeader) {
-		$result = [];
-		if (substr($rawHeader, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
-			$header = $rawHeader;
-			$endAt = strpos($header, Util::HEADER_END);
-			if ($endAt !== false) {
-				$header = substr($header, 0, $endAt + strlen(Util::HEADER_END));
-
-				// +1 to not start with an ':' which would result in empty element at the beginning
-				$exploded = explode(':', substr($header, strlen(Util::HEADER_START) + 1));
-
-				$element = array_shift($exploded);
-				while ($element !== Util::HEADER_END) {
-					$result[$element] = array_shift($exploded);
-					$element = array_shift($exploded);
-				}
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * read header from file
-	 *
-	 * @param string $path
-	 * @return array
-	 */
-	protected function getHeader($path) {
-		$realFile = $this->util->stripPartialFileExtension($path);
-		$exists = $this->storage->file_exists($realFile);
-		if ($exists) {
-			$path = $realFile;
-		}
-
-		$firstBlock = $this->readFirstBlock($path);
-		$result = $this->parseRawHeader($firstBlock);
-
-		// if the header doesn't contain a encryption module we check if it is a
-		// legacy file. If true, we add the default encryption module
-		if (!isset($result[Util::HEADER_ENCRYPTION_MODULE_KEY])) {
-			if (!empty($result)) {
-				$result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
-			} elseif ($exists) {
-				// if the header was empty we have to check first if it is a encrypted file at all
-				// We would do query to filecache only if we know that entry in filecache exists
-				$info = $this->getCache()->get($path);
-				if (isset($info['encrypted']) && $info['encrypted'] === true) {
-					$result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
-				}
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * read encryption module needed to read/write the file located at $path
-	 *
-	 * @param string $path
-	 * @return null|\OCP\Encryption\IEncryptionModule
-	 * @throws ModuleDoesNotExistsException
-	 * @throws \Exception
-	 */
-	protected function getEncryptionModule($path) {
-		$encryptionModule = null;
-		$header = $this->getHeader($path);
-		$encryptionModuleId = $this->util->getEncryptionModuleId($header);
-		if (!empty($encryptionModuleId)) {
-			try {
-				$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
-			} catch (ModuleDoesNotExistsException $e) {
-				$this->logger->critical('Encryption module defined in "' . $path . '" not loaded!');
-				throw $e;
-			}
-		}
-
-		return $encryptionModule;
-	}
-
-	/**
-	 * @param string $path
-	 * @param int $unencryptedSize
-	 */
-	public function updateUnencryptedSize($path, $unencryptedSize) {
-		$this->unencryptedSize[$path] = $unencryptedSize;
-	}
-
-	/**
-	 * copy keys to new location
-	 *
-	 * @param string $source path relative to data/
-	 * @param string $target path relative to data/
-	 * @return bool
-	 */
-	protected function copyKeys($source, $target) {
-		if (!$this->util->isExcluded($source)) {
-			return $this->keyStorage->copyKeys($source, $target);
-		}
-
-		return false;
-	}
-
-	/**
-	 * check if path points to a files version
-	 *
-	 * @param $path
-	 * @return bool
-	 */
-	protected function isVersion($path) {
-		$normalized = Filesystem::normalizePath($path);
-		return substr($normalized, 0, strlen('/files_versions/')) === '/files_versions/';
-	}
-
-	/**
-	 * check if the given storage should be encrypted or not
-	 *
-	 * @param $path
-	 * @return bool
-	 */
-	protected function shouldEncrypt($path) {
-		$fullPath = $this->getFullPath($path);
-		$mountPointConfig = $this->mount->getOption('encrypt', true);
-		if ($mountPointConfig === false) {
-			return false;
-		}
-
-		try {
-			$encryptionModule = $this->getEncryptionModule($fullPath);
-		} catch (ModuleDoesNotExistsException $e) {
-			return false;
-		}
-
-		if ($encryptionModule === null) {
-			$encryptionModule = $this->encryptionManager->getEncryptionModule();
-		}
-
-		return $encryptionModule->shouldEncrypt($fullPath);
-	}
-
-	public function writeStream(string $path, $stream, int $size = null): int {
-		// always fall back to fopen
-		$target = $this->fopen($path, 'w');
-		[$count, $result] = \OC_Helper::streamCopy($stream, $target);
-		fclose($target);
-		return $count;
-	}
+    use LocalTempFileTrait;
+
+    /** @var string */
+    private $mountPoint;
+
+    /** @var \OC\Encryption\Util */
+    private $util;
+
+    /** @var \OCP\Encryption\IManager */
+    private $encryptionManager;
+
+    /** @var \OCP\ILogger */
+    private $logger;
+
+    /** @var string */
+    private $uid;
+
+    /** @var array */
+    protected $unencryptedSize;
+
+    /** @var \OCP\Encryption\IFile */
+    private $fileHelper;
+
+    /** @var IMountPoint */
+    private $mount;
+
+    /** @var IStorage */
+    private $keyStorage;
+
+    /** @var Update */
+    private $update;
+
+    /** @var Manager */
+    private $mountManager;
+
+    /** @var array remember for which path we execute the repair step to avoid recursions */
+    private $fixUnencryptedSizeOf = [];
+
+    /** @var  ArrayCache */
+    private $arrayCache;
+
+    /**
+     * @param array $parameters
+     * @param IManager $encryptionManager
+     * @param Util $util
+     * @param ILogger $logger
+     * @param IFile $fileHelper
+     * @param string $uid
+     * @param IStorage $keyStorage
+     * @param Update $update
+     * @param Manager $mountManager
+     * @param ArrayCache $arrayCache
+     */
+    public function __construct(
+        $parameters,
+        IManager $encryptionManager = null,
+        Util $util = null,
+        ILogger $logger = null,
+        IFile $fileHelper = null,
+        $uid = null,
+        IStorage $keyStorage = null,
+        Update $update = null,
+        Manager $mountManager = null,
+        ArrayCache $arrayCache = null
+    ) {
+        $this->mountPoint = $parameters['mountPoint'];
+        $this->mount = $parameters['mount'];
+        $this->encryptionManager = $encryptionManager;
+        $this->util = $util;
+        $this->logger = $logger;
+        $this->uid = $uid;
+        $this->fileHelper = $fileHelper;
+        $this->keyStorage = $keyStorage;
+        $this->unencryptedSize = [];
+        $this->update = $update;
+        $this->mountManager = $mountManager;
+        $this->arrayCache = $arrayCache;
+        parent::__construct($parameters);
+    }
+
+    /**
+     * see http://php.net/manual/en/function.filesize.php
+     * The result for filesize when called on a folder is required to be 0
+     *
+     * @param string $path
+     * @return int
+     */
+    public function filesize($path) {
+        $fullPath = $this->getFullPath($path);
+
+        /** @var CacheEntry $info */
+        $info = $this->getCache()->get($path);
+        if (isset($this->unencryptedSize[$fullPath])) {
+            $size = $this->unencryptedSize[$fullPath];
+            // update file cache
+            if ($info instanceof ICacheEntry) {
+                $info = $info->getData();
+                $info['encrypted'] = $info['encryptedVersion'];
+            } else {
+                if (!is_array($info)) {
+                    $info = [];
+                }
+                $info['encrypted'] = true;
+            }
+
+            $info['size'] = $size;
+            $this->getCache()->put($path, $info);
+
+            return $size;
+        }
+
+        if (isset($info['fileid']) && $info['encrypted']) {
+            return $this->verifyUnencryptedSize($path, $info['size']);
+        }
+
+        return $this->storage->filesize($path);
+    }
+
+    private function modifyMetaData(string $path, array $data): array {
+        $fullPath = $this->getFullPath($path);
+        $info = $this->getCache()->get($path);
+
+        if (isset($this->unencryptedSize[$fullPath])) {
+            $data['encrypted'] = true;
+            $data['size'] = $this->unencryptedSize[$fullPath];
+        } else {
+            if (isset($info['fileid']) && $info['encrypted']) {
+                $data['size'] = $this->verifyUnencryptedSize($path, $info['size']);
+                $data['encrypted'] = true;
+            }
+        }
+
+        if (isset($info['encryptedVersion']) && $info['encryptedVersion'] > 1) {
+            $data['encryptedVersion'] = $info['encryptedVersion'];
+        }
+
+        return $data;
+    }
+
+    /**
+     * @param string $path
+     * @return array
+     */
+    public function getMetaData($path) {
+        $data = $this->storage->getMetaData($path);
+        if (is_null($data)) {
+            return null;
+        }
+        return $this->modifyMetaData($path, $data);
+    }
+
+    public function getDirectoryContent($directory): \Traversable {
+        $parent = rtrim($directory, '/');
+        foreach ($this->getWrapperStorage()->getDirectoryContent($directory) as $data) {
+            yield $this->modifyMetaData($parent . '/' . $data['name'], $data);
+        }
+    }
+
+    /**
+     * see http://php.net/manual/en/function.file_get_contents.php
+     *
+     * @param string $path
+     * @return string
+     */
+    public function file_get_contents($path) {
+        $encryptionModule = $this->getEncryptionModule($path);
+
+        if ($encryptionModule) {
+            $handle = $this->fopen($path, "r");
+            if (!$handle) {
+                return false;
+            }
+            $data = stream_get_contents($handle);
+            fclose($handle);
+            return $data;
+        }
+        return $this->storage->file_get_contents($path);
+    }
+
+    /**
+     * see http://php.net/manual/en/function.file_put_contents.php
+     *
+     * @param string $path
+     * @param string $data
+     * @return bool
+     */
+    public function file_put_contents($path, $data) {
+        // file put content will always be translated to a stream write
+        $handle = $this->fopen($path, 'w');
+        if (is_resource($handle)) {
+            $written = fwrite($handle, $data);
+            fclose($handle);
+            return $written;
+        }
+
+        return false;
+    }
+
+    /**
+     * see http://php.net/manual/en/function.unlink.php
+     *
+     * @param string $path
+     * @return bool
+     */
+    public function unlink($path) {
+        $fullPath = $this->getFullPath($path);
+        if ($this->util->isExcluded($fullPath)) {
+            return $this->storage->unlink($path);
+        }
+
+        $encryptionModule = $this->getEncryptionModule($path);
+        if ($encryptionModule) {
+            $this->keyStorage->deleteAllFileKeys($this->getFullPath($path));
+        }
+
+        return $this->storage->unlink($path);
+    }
+
+    /**
+     * see http://php.net/manual/en/function.rename.php
+     *
+     * @param string $path1
+     * @param string $path2
+     * @return bool
+     */
+    public function rename($path1, $path2) {
+        $result = $this->storage->rename($path1, $path2);
+
+        if ($result &&
+            // versions always use the keys from the original file, so we can skip
+            // this step for versions
+            $this->isVersion($path2) === false &&
+            $this->encryptionManager->isEnabled()) {
+            $source = $this->getFullPath($path1);
+            if (!$this->util->isExcluded($source)) {
+                $target = $this->getFullPath($path2);
+                if (isset($this->unencryptedSize[$source])) {
+                    $this->unencryptedSize[$target] = $this->unencryptedSize[$source];
+                }
+                $this->keyStorage->renameKeys($source, $target);
+                $module = $this->getEncryptionModule($path2);
+                if ($module) {
+                    $module->update($target, $this->uid, []);
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * see http://php.net/manual/en/function.rmdir.php
+     *
+     * @param string $path
+     * @return bool
+     */
+    public function rmdir($path) {
+        $result = $this->storage->rmdir($path);
+        $fullPath = $this->getFullPath($path);
+        if ($result &&
+            $this->util->isExcluded($fullPath) === false &&
+            $this->encryptionManager->isEnabled()
+        ) {
+            $this->keyStorage->deleteAllFileKeys($fullPath);
+        }
+
+        return $result;
+    }
+
+    /**
+     * check if a file can be read
+     *
+     * @param string $path
+     * @return bool
+     */
+    public function isReadable($path) {
+        $isReadable = true;
+
+        $metaData = $this->getMetaData($path);
+        if (
+            !$this->is_dir($path) &&
+            isset($metaData['encrypted']) &&
+            $metaData['encrypted'] === true
+        ) {
+            $fullPath = $this->getFullPath($path);
+            $module = $this->getEncryptionModule($path);
+            $isReadable = $module->isReadable($fullPath, $this->uid);
+        }
+
+        return $this->storage->isReadable($path) && $isReadable;
+    }
+
+    /**
+     * see http://php.net/manual/en/function.copy.php
+     *
+     * @param string $path1
+     * @param string $path2
+     * @return bool
+     */
+    public function copy($path1, $path2) {
+        $source = $this->getFullPath($path1);
+
+        if ($this->util->isExcluded($source)) {
+            return $this->storage->copy($path1, $path2);
+        }
+
+        // need to stream copy file by file in case we copy between a encrypted
+        // and a unencrypted storage
+        $this->unlink($path2);
+        return $this->copyFromStorage($this, $path1, $path2);
+    }
+
+    /**
+     * see http://php.net/manual/en/function.fopen.php
+     *
+     * @param string $path
+     * @param string $mode
+     * @return resource|bool
+     * @throws GenericEncryptionException
+     * @throws ModuleDoesNotExistsException
+     */
+    public function fopen($path, $mode) {
+
+        // check if the file is stored in the array cache, this means that we
+        // copy a file over to the versions folder, in this case we don't want to
+        // decrypt it
+        if ($this->arrayCache->hasKey('encryption_copy_version_' . $path)) {
+            $this->arrayCache->remove('encryption_copy_version_' . $path);
+            return $this->storage->fopen($path, $mode);
+        }
+
+        $encryptionEnabled = $this->encryptionManager->isEnabled();
+        $shouldEncrypt = false;
+        $encryptionModule = null;
+        $header = $this->getHeader($path);
+        $signed = isset($header['signed']) && $header['signed'] === 'true';
+        $fullPath = $this->getFullPath($path);
+        $encryptionModuleId = $this->util->getEncryptionModuleId($header);
+
+        if ($this->util->isExcluded($fullPath) === false) {
+            $size = $unencryptedSize = 0;
+            $realFile = $this->util->stripPartialFileExtension($path);
+            $targetExists = $this->file_exists($realFile) || $this->file_exists($path);
+            $targetIsEncrypted = false;
+            if ($targetExists) {
+                // in case the file exists we require the explicit module as
+                // specified in the file header - otherwise we need to fail hard to
+                // prevent data loss on client side
+                if (!empty($encryptionModuleId)) {
+                    $targetIsEncrypted = true;
+                    $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
+                }
+
+                if ($this->file_exists($path)) {
+                    $size = $this->storage->filesize($path);
+                    $unencryptedSize = $this->filesize($path);
+                } else {
+                    $size = $unencryptedSize = 0;
+                }
+            }
+
+            try {
+                if (
+                    $mode === 'w'
+                    || $mode === 'w+'
+                    || $mode === 'wb'
+                    || $mode === 'wb+'
+                ) {
+                    // if we update a encrypted file with a un-encrypted one we change the db flag
+                    if ($targetIsEncrypted && $encryptionEnabled === false) {
+                        $cache = $this->storage->getCache();
+                        if ($cache) {
+                            $entry = $cache->get($path);
+                            $cache->update($entry->getId(), ['encrypted' => 0]);
+                        }
+                    }
+                    if ($encryptionEnabled) {
+                        // if $encryptionModuleId is empty, the default module will be used
+                        $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
+                        $shouldEncrypt = $encryptionModule->shouldEncrypt($fullPath);
+                        $signed = true;
+                    }
+                } else {
+                    $info = $this->getCache()->get($path);
+                    // only get encryption module if we found one in the header
+                    // or if file should be encrypted according to the file cache
+                    if (!empty($encryptionModuleId)) {
+                        $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
+                        $shouldEncrypt = true;
+                    } elseif (empty($encryptionModuleId) && $info['encrypted'] === true) {
+                        // we come from a old installation. No header and/or no module defined
+                        // but the file is encrypted. In this case we need to use the
+                        // OC_DEFAULT_MODULE to read the file
+                        $encryptionModule = $this->encryptionManager->getEncryptionModule('OC_DEFAULT_MODULE');
+                        $shouldEncrypt = true;
+                        $targetIsEncrypted = true;
+                    }
+                }
+            } catch (ModuleDoesNotExistsException $e) {
+                $this->logger->logException($e, [
+                    'message' => 'Encryption module "' . $encryptionModuleId . '" not found, file will be stored unencrypted',
+                    'level' => ILogger::WARN,
+                    'app' => 'core',
+                ]);
+            }
+
+            // encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
+            if (!$encryptionEnabled || !$this->shouldEncrypt($path)) {
+                if (!$targetExists || !$targetIsEncrypted) {
+                    $shouldEncrypt = false;
+                }
+            }
+
+            if ($shouldEncrypt === true && $encryptionModule !== null) {
+                $headerSize = $this->getHeaderSize($path);
+                $source = $this->storage->fopen($path, $mode);
+                if (!is_resource($source)) {
+                    return false;
+                }
+                $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,
+                    $this->uid, $encryptionModule, $this->storage, $this, $this->util, $this->fileHelper, $mode,
+                    $size, $unencryptedSize, $headerSize, $signed);
+                return $handle;
+            }
+        }
+
+        return $this->storage->fopen($path, $mode);
+    }
+
+
+    /**
+     * perform some plausibility checks if the the unencrypted size is correct.
+     * If not, we calculate the correct unencrypted size and return it
+     *
+     * @param string $path internal path relative to the storage root
+     * @param int $unencryptedSize size of the unencrypted file
+     *
+     * @return int unencrypted size
+     */
+    protected function verifyUnencryptedSize($path, $unencryptedSize) {
+        $size = $this->storage->filesize($path);
+        $result = $unencryptedSize;
+
+        if ($unencryptedSize < 0 ||
+            ($size > 0 && $unencryptedSize === $size)
+        ) {
+            // check if we already calculate the unencrypted size for the
+            // given path to avoid recursions
+            if (isset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]) === false) {
+                $this->fixUnencryptedSizeOf[$this->getFullPath($path)] = true;
+                try {
+                    $result = $this->fixUnencryptedSize($path, $size, $unencryptedSize);
+                } catch (\Exception $e) {
+                    $this->logger->error('Couldn\'t re-calculate unencrypted size for ' . $path);
+                    $this->logger->logException($e);
+                }
+                unset($this->fixUnencryptedSizeOf[$this->getFullPath($path)]);
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * calculate the unencrypted size
+     *
+     * @param string $path internal path relative to the storage root
+     * @param int $size size of the physical file
+     * @param int $unencryptedSize size of the unencrypted file
+     *
+     * @return int calculated unencrypted size
+     */
+    protected function fixUnencryptedSize($path, $size, $unencryptedSize) {
+        $headerSize = $this->getHeaderSize($path);
+        $header = $this->getHeader($path);
+        $encryptionModule = $this->getEncryptionModule($path);
+
+        $stream = $this->storage->fopen($path, 'r');
+
+        // if we couldn't open the file we return the old unencrypted size
+        if (!is_resource($stream)) {
+            $this->logger->error('Could not open ' . $path . '. Recalculation of unencrypted size aborted.');
+            return $unencryptedSize;
+        }
+
+        $newUnencryptedSize = 0;
+        $size -= $headerSize;
+        $blockSize = $this->util->getBlockSize();
+
+        // if a header exists we skip it
+        if ($headerSize > 0) {
+            fread($stream, $headerSize);
+        }
+
+        // fast path, else the calculation for $lastChunkNr is bogus
+        if ($size === 0) {
+            return 0;
+        }
+
+        $signed = isset($header['signed']) && $header['signed'] === 'true';
+        $unencryptedBlockSize = $encryptionModule->getUnencryptedBlockSize($signed);
+
+        // calculate last chunk nr
+        // next highest is end of chunks, one subtracted is last one
+        // we have to read the last chunk, we can't just calculate it (because of padding etc)
+
+        $lastChunkNr = ceil($size / $blockSize) - 1;
+        // calculate last chunk position
+        $lastChunkPos = ($lastChunkNr * $blockSize);
+        // try to fseek to the last chunk, if it fails we have to read the whole file
+        if (@fseek($stream, $lastChunkPos, SEEK_CUR) === 0) {
+            $newUnencryptedSize += $lastChunkNr * $unencryptedBlockSize;
+        }
+
+        $lastChunkContentEncrypted = '';
+        $count = $blockSize;
+
+        while ($count > 0) {
+            $data = fread($stream, $blockSize);
+            $count = strlen($data);
+            $lastChunkContentEncrypted .= $data;
+            if (strlen($lastChunkContentEncrypted) > $blockSize) {
+                $newUnencryptedSize += $unencryptedBlockSize;
+                $lastChunkContentEncrypted = substr($lastChunkContentEncrypted, $blockSize);
+            }
+        }
+
+        fclose($stream);
+
+        // we have to decrypt the last chunk to get it actual size
+        $encryptionModule->begin($this->getFullPath($path), $this->uid, 'r', $header, []);
+        $decryptedLastChunk = $encryptionModule->decrypt($lastChunkContentEncrypted, $lastChunkNr . 'end');
+        $decryptedLastChunk .= $encryptionModule->end($this->getFullPath($path), $lastChunkNr . 'end');
+
+        // calc the real file size with the size of the last chunk
+        $newUnencryptedSize += strlen($decryptedLastChunk);
+
+        $this->updateUnencryptedSize($this->getFullPath($path), $newUnencryptedSize);
+
+        // write to cache if applicable
+        $cache = $this->storage->getCache();
+        if ($cache) {
+            $entry = $cache->get($path);
+            $cache->update($entry['fileid'], ['size' => $newUnencryptedSize]);
+        }
+
+        return $newUnencryptedSize;
+    }
+
+    /**
+     * @param Storage\IStorage $sourceStorage
+     * @param string $sourceInternalPath
+     * @param string $targetInternalPath
+     * @param bool $preserveMtime
+     * @return bool
+     */
+    public function moveFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = true) {
+        if ($sourceStorage === $this) {
+            return $this->rename($sourceInternalPath, $targetInternalPath);
+        }
+
+        // TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
+        // - call $this->storage->moveFromStorage() instead of $this->copyBetweenStorage
+        // - copy the file cache update from  $this->copyBetweenStorage to this method
+        // - copy the copyKeys() call from  $this->copyBetweenStorage to this method
+        // - remove $this->copyBetweenStorage
+
+        if (!$sourceStorage->isDeletable($sourceInternalPath)) {
+            return false;
+        }
+
+        $result = $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, true);
+        if ($result) {
+            if ($sourceStorage->is_dir($sourceInternalPath)) {
+                $result &= $sourceStorage->rmdir($sourceInternalPath);
+            } else {
+                $result &= $sourceStorage->unlink($sourceInternalPath);
+            }
+        }
+        return $result;
+    }
+
+
+    /**
+     * @param Storage\IStorage $sourceStorage
+     * @param string $sourceInternalPath
+     * @param string $targetInternalPath
+     * @param bool $preserveMtime
+     * @param bool $isRename
+     * @return bool
+     */
+    public function copyFromStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false, $isRename = false) {
+
+        // TODO clean this up once the underlying moveFromStorage in OC\Files\Storage\Wrapper\Common is fixed:
+        // - call $this->storage->copyFromStorage() instead of $this->copyBetweenStorage
+        // - copy the file cache update from  $this->copyBetweenStorage to this method
+        // - copy the copyKeys() call from  $this->copyBetweenStorage to this method
+        // - remove $this->copyBetweenStorage
+
+        return $this->copyBetweenStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename);
+    }
+
+    /**
+     * Update the encrypted cache version in the database
+     *
+     * @param Storage\IStorage $sourceStorage
+     * @param string $sourceInternalPath
+     * @param string $targetInternalPath
+     * @param bool $isRename
+     * @param bool $keepEncryptionVersion
+     */
+    private function updateEncryptedVersion(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, $keepEncryptionVersion) {
+        $isEncrypted = $this->encryptionManager->isEnabled() && $this->shouldEncrypt($targetInternalPath);
+        $cacheInformation = [
+            'encrypted' => $isEncrypted,
+        ];
+        if ($isEncrypted) {
+            $encryptedVersion = $sourceStorage->getCache()->get($sourceInternalPath)['encryptedVersion'];
+
+            // In case of a move operation from an unencrypted to an encrypted
+            // storage the old encrypted version would stay with "0" while the
+            // correct value would be "1". Thus we manually set the value to "1"
+            // for those cases.
+            // See also https://github.com/owncloud/core/issues/23078
+            if ($encryptedVersion === 0 || !$keepEncryptionVersion) {
+                $encryptedVersion = 1;
+            }
+
+            $cacheInformation['encryptedVersion'] = $encryptedVersion;
+        }
+
+        // in case of a rename we need to manipulate the source cache because
+        // this information will be kept for the new target
+        if ($isRename) {
+            $sourceStorage->getCache()->put($sourceInternalPath, $cacheInformation);
+        } else {
+            $this->getCache()->put($targetInternalPath, $cacheInformation);
+        }
+    }
+
+    /**
+     * copy file between two storages
+     *
+     * @param Storage\IStorage $sourceStorage
+     * @param string $sourceInternalPath
+     * @param string $targetInternalPath
+     * @param bool $preserveMtime
+     * @param bool $isRename
+     * @return bool
+     * @throws \Exception
+     */
+    private function copyBetweenStorage(Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime, $isRename) {
+
+        // for versions we have nothing to do, because versions should always use the
+        // key from the original file. Just create a 1:1 copy and done
+        if ($this->isVersion($targetInternalPath) ||
+            $this->isVersion($sourceInternalPath)) {
+            // remember that we try to create a version so that we can detect it during
+            // fopen($sourceInternalPath) and by-pass the encryption in order to
+            // create a 1:1 copy of the file
+            $this->arrayCache->set('encryption_copy_version_' . $sourceInternalPath, true);
+            $result = $this->storage->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath);
+            $this->arrayCache->remove('encryption_copy_version_' . $sourceInternalPath);
+            if ($result) {
+                $info = $this->getCache('', $sourceStorage)->get($sourceInternalPath);
+                // make sure that we update the unencrypted size for the version
+                if (isset($info['encrypted']) && $info['encrypted'] === true) {
+                    $this->updateUnencryptedSize(
+                        $this->getFullPath($targetInternalPath),
+                        $info['size']
+                    );
+                }
+                $this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, true);
+            }
+            return $result;
+        }
+
+        // first copy the keys that we reuse the existing file key on the target location
+        // and don't create a new one which would break versions for example.
+        $mount = $this->mountManager->findByStorageId($sourceStorage->getId());
+        if (count($mount) === 1) {
+            $mountPoint = $mount[0]->getMountPoint();
+            $source = $mountPoint . '/' . $sourceInternalPath;
+            $target = $this->getFullPath($targetInternalPath);
+            $this->copyKeys($source, $target);
+        } else {
+            $this->logger->error('Could not find mount point, can\'t keep encryption keys');
+        }
+
+        if ($sourceStorage->is_dir($sourceInternalPath)) {
+            $dh = $sourceStorage->opendir($sourceInternalPath);
+            $result = $this->mkdir($targetInternalPath);
+            if (is_resource($dh)) {
+                while ($result and ($file = readdir($dh)) !== false) {
+                    if (!Filesystem::isIgnoredDir($file)) {
+                        $result &= $this->copyFromStorage($sourceStorage, $sourceInternalPath . '/' . $file, $targetInternalPath . '/' . $file, false, $isRename);
+                    }
+                }
+            }
+        } else {
+            try {
+                $source = $sourceStorage->fopen($sourceInternalPath, 'r');
+                $target = $this->fopen($targetInternalPath, 'w');
+                [, $result] = \OC_Helper::streamCopy($source, $target);
+                fclose($source);
+                fclose($target);
+            } catch (\Exception $e) {
+                fclose($source);
+                fclose($target);
+                throw $e;
+            }
+            if ($result) {
+                if ($preserveMtime) {
+                    $this->touch($targetInternalPath, $sourceStorage->filemtime($sourceInternalPath));
+                }
+                $this->updateEncryptedVersion($sourceStorage, $sourceInternalPath, $targetInternalPath, $isRename, false);
+            } else {
+                // delete partially written target file
+                $this->unlink($targetInternalPath);
+                // delete cache entry that was created by fopen
+                $this->getCache()->remove($targetInternalPath);
+            }
+        }
+        return (bool)$result;
+    }
+
+    /**
+     * get the path to a local version of the file.
+     * The local version of the file can be temporary and doesn't have to be persistent across requests
+     *
+     * @param string $path
+     * @return string
+     */
+    public function getLocalFile($path) {
+        if ($this->encryptionManager->isEnabled()) {
+            $cachedFile = $this->getCachedFile($path);
+            if (is_string($cachedFile)) {
+                return $cachedFile;
+            }
+        }
+        return $this->storage->getLocalFile($path);
+    }
+
+    /**
+     * Returns the wrapped storage's value for isLocal()
+     *
+     * @return bool wrapped storage's isLocal() value
+     */
+    public function isLocal() {
+        if ($this->encryptionManager->isEnabled()) {
+            return false;
+        }
+        return $this->storage->isLocal();
+    }
+
+    /**
+     * see http://php.net/manual/en/function.stat.php
+     * only the following keys are required in the result: size and mtime
+     *
+     * @param string $path
+     * @return array
+     */
+    public function stat($path) {
+        $stat = $this->storage->stat($path);
+        $fileSize = $this->filesize($path);
+        $stat['size'] = $fileSize;
+        $stat[7] = $fileSize;
+        $stat['hasHeader'] = $this->getHeaderSize($path) > 0;
+        return $stat;
+    }
+
+    /**
+     * see http://php.net/manual/en/function.hash.php
+     *
+     * @param string $type
+     * @param string $path
+     * @param bool $raw
+     * @return string
+     */
+    public function hash($type, $path, $raw = false) {
+        $fh = $this->fopen($path, 'rb');
+        $ctx = hash_init($type);
+        hash_update_stream($ctx, $fh);
+        fclose($fh);
+        return hash_final($ctx, $raw);
+    }
+
+    /**
+     * return full path, including mount point
+     *
+     * @param string $path relative to mount point
+     * @return string full path including mount point
+     */
+    protected function getFullPath($path) {
+        return Filesystem::normalizePath($this->mountPoint . '/' . $path);
+    }
+
+    /**
+     * read first block of encrypted file, typically this will contain the
+     * encryption header
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function readFirstBlock($path) {
+        $firstBlock = '';
+        if ($this->storage->file_exists($path)) {
+            $handle = $this->storage->fopen($path, 'r');
+            $firstBlock = fread($handle, $this->util->getHeaderSize());
+            fclose($handle);
+        }
+        return $firstBlock;
+    }
+
+    /**
+     * return header size of given file
+     *
+     * @param string $path
+     * @return int
+     */
+    protected function getHeaderSize($path) {
+        $headerSize = 0;
+        $realFile = $this->util->stripPartialFileExtension($path);
+        if ($this->storage->file_exists($realFile)) {
+            $path = $realFile;
+        }
+        $firstBlock = $this->readFirstBlock($path);
+
+        if (substr($firstBlock, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
+            $headerSize = $this->util->getHeaderSize();
+        }
+
+        return $headerSize;
+    }
+
+    /**
+     * parse raw header to array
+     *
+     * @param string $rawHeader
+     * @return array
+     */
+    protected function parseRawHeader($rawHeader) {
+        $result = [];
+        if (substr($rawHeader, 0, strlen(Util::HEADER_START)) === Util::HEADER_START) {
+            $header = $rawHeader;
+            $endAt = strpos($header, Util::HEADER_END);
+            if ($endAt !== false) {
+                $header = substr($header, 0, $endAt + strlen(Util::HEADER_END));
+
+                // +1 to not start with an ':' which would result in empty element at the beginning
+                $exploded = explode(':', substr($header, strlen(Util::HEADER_START) + 1));
+
+                $element = array_shift($exploded);
+                while ($element !== Util::HEADER_END) {
+                    $result[$element] = array_shift($exploded);
+                    $element = array_shift($exploded);
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * read header from file
+     *
+     * @param string $path
+     * @return array
+     */
+    protected function getHeader($path) {
+        $realFile = $this->util->stripPartialFileExtension($path);
+        $exists = $this->storage->file_exists($realFile);
+        if ($exists) {
+            $path = $realFile;
+        }
+
+        $firstBlock = $this->readFirstBlock($path);
+        $result = $this->parseRawHeader($firstBlock);
+
+        // if the header doesn't contain a encryption module we check if it is a
+        // legacy file. If true, we add the default encryption module
+        if (!isset($result[Util::HEADER_ENCRYPTION_MODULE_KEY])) {
+            if (!empty($result)) {
+                $result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
+            } elseif ($exists) {
+                // if the header was empty we have to check first if it is a encrypted file at all
+                // We would do query to filecache only if we know that entry in filecache exists
+                $info = $this->getCache()->get($path);
+                if (isset($info['encrypted']) && $info['encrypted'] === true) {
+                    $result[Util::HEADER_ENCRYPTION_MODULE_KEY] = 'OC_DEFAULT_MODULE';
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * read encryption module needed to read/write the file located at $path
+     *
+     * @param string $path
+     * @return null|\OCP\Encryption\IEncryptionModule
+     * @throws ModuleDoesNotExistsException
+     * @throws \Exception
+     */
+    protected function getEncryptionModule($path) {
+        $encryptionModule = null;
+        $header = $this->getHeader($path);
+        $encryptionModuleId = $this->util->getEncryptionModuleId($header);
+        if (!empty($encryptionModuleId)) {
+            try {
+                $encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
+            } catch (ModuleDoesNotExistsException $e) {
+                $this->logger->critical('Encryption module defined in "' . $path . '" not loaded!');
+                throw $e;
+            }
+        }
+
+        return $encryptionModule;
+    }
+
+    /**
+     * @param string $path
+     * @param int $unencryptedSize
+     */
+    public function updateUnencryptedSize($path, $unencryptedSize) {
+        $this->unencryptedSize[$path] = $unencryptedSize;
+    }
+
+    /**
+     * copy keys to new location
+     *
+     * @param string $source path relative to data/
+     * @param string $target path relative to data/
+     * @return bool
+     */
+    protected function copyKeys($source, $target) {
+        if (!$this->util->isExcluded($source)) {
+            return $this->keyStorage->copyKeys($source, $target);
+        }
+
+        return false;
+    }
+
+    /**
+     * check if path points to a files version
+     *
+     * @param $path
+     * @return bool
+     */
+    protected function isVersion($path) {
+        $normalized = Filesystem::normalizePath($path);
+        return substr($normalized, 0, strlen('/files_versions/')) === '/files_versions/';
+    }
+
+    /**
+     * check if the given storage should be encrypted or not
+     *
+     * @param $path
+     * @return bool
+     */
+    protected function shouldEncrypt($path) {
+        $fullPath = $this->getFullPath($path);
+        $mountPointConfig = $this->mount->getOption('encrypt', true);
+        if ($mountPointConfig === false) {
+            return false;
+        }
+
+        try {
+            $encryptionModule = $this->getEncryptionModule($fullPath);
+        } catch (ModuleDoesNotExistsException $e) {
+            return false;
+        }
+
+        if ($encryptionModule === null) {
+            $encryptionModule = $this->encryptionManager->getEncryptionModule();
+        }
+
+        return $encryptionModule->shouldEncrypt($fullPath);
+    }
+
+    public function writeStream(string $path, $stream, int $size = null): int {
+        // always fall back to fopen
+        $target = $this->fopen($path, 'w');
+        [$count, $result] = \OC_Helper::streamCopy($stream, $target);
+        fclose($target);
+        return $count;
+    }
 }

Please login to merge, or discard this patch.

lib/private/Repair/NC20/EncryptionLegacyCipher.php 1 patch

Indentation +27 added lines, -27 removed lines patch added patch discarded remove patch

@@ -32,31 +32,31 @@
 block discarded – undo
 
 class EncryptionLegacyCipher implements IRepairStep {
 
-	/** @var IConfig */
-	private $config;
-	/** @var IManager */
-	private $manager;
-
-	public function __construct(IConfig $config,
-								IManager $manager) {
-		$this->config = $config;
-		$this->manager = $manager;
-	}
-
-	public function getName(): string {
-		return 'Keep legacy encryption enabled';
-	}
-
-	private function shouldRun(): bool {
-		$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
-		return version_compare($versionFromBeforeUpdate, '20.0.0.0', '<=');
-	}
-
-	public function run(IOutput $output): void {
-		if ($this->manager->isEnabled()) {
-			if ($this->config->getSystemValue('encryption.legacy_format_support', '') === '') {
-				$this->config->setSystemValue('encryption.legacy_format_support', true);
-			}
-		}
-	}
+    /** @var IConfig */
+    private $config;
+    /** @var IManager */
+    private $manager;
+
+    public function __construct(IConfig $config,
+                                IManager $manager) {
+        $this->config = $config;
+        $this->manager = $manager;
+    }
+
+    public function getName(): string {
+        return 'Keep legacy encryption enabled';
+    }
+
+    private function shouldRun(): bool {
+        $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
+        return version_compare($versionFromBeforeUpdate, '20.0.0.0', '<=');
+    }
+
+    public function run(IOutput $output): void {
+        if ($this->manager->isEnabled()) {
+            if ($this->config->getSystemValue('encryption.legacy_format_support', '') === '') {
+                $this->config->setSystemValue('encryption.legacy_format_support', true);
+            }
+        }
+    }
 }

Please login to merge, or discard this patch.

		@@ -36,105 +36,105 @@
		block discarded – undo
36	36
37	37	class ScanLegacyFormat extends Command {
38	38
39		- /** @var Util */
40		- protected $util;
41		-
42		- /** @var IConfig */
43		- protected $config;
44		-
45		- /** @var QuestionHelper */
46		- protected $questionHelper;
47		-
48		- /** @var IUserManager */
49		- private $userManager;
50		-
51		- /** @var View */
52		- private $rootView;
53		-
54		- /**
55		- * @param Util $util
56		- * @param IConfig $config
57		- * @param QuestionHelper $questionHelper
58		- */
59		- public function __construct(Util $util,
60		- IConfig $config,
61		- QuestionHelper $questionHelper,
62		- IUserManager $userManager) {
63		- parent::__construct();
64		-
65		- $this->util = $util;
66		- $this->config = $config;
67		- $this->questionHelper = $questionHelper;
68		- $this->userManager = $userManager;
69		- $this->rootView = new View();
70		- }
71		-
72		- protected function configure() {
73		- $this
74		- ->setName('encryption:scan:legacy-format')
75		- ->setDescription('Scan the files for the legacy format');
76		- }
77		-
78		- protected function execute(InputInterface $input, OutputInterface $output): int {
79		- $result = true;
80		-
81		- $output->writeln('Scanning all files for legacy encryption');
82		-
83		- foreach ($this->userManager->getBackends() as $backend) {
84		- $limit = 500;
85		- $offset = 0;
86		- do {
87		- $users = $backend->getUsers('', $limit, $offset);
88		- foreach ($users as $user) {
89		- $output->writeln('Scanning all files for ' . $user);
90		- $this->setupUserFS($user);
91		- $result &= $this->scanFolder($output, '/' . $user);
92		- }
93		- $offset += $limit;
94		- } while (count($users) >= $limit);
95		- }
96		-
97		- if ($result) {
98		- $output->writeln('All scanned files are propperly encrypted. You can disable the legacy compatibility mode.');
99		- return 0;
100		- }
101		-
102		- return 1;
103		- }
104		-
105		- private function scanFolder(OutputInterface $output, string $folder): bool {
106		- $clean = true;
107		-
108		- foreach ($this->rootView->getDirectoryContent($folder) as $item) {
109		- $path = $folder . '/' . $item['name'];
110		- if ($this->rootView->is_dir($path)) {
111		- if ($this->scanFolder($output, $path) === false) {
112		- $clean = false;
113		- }
114		- } else {
115		- if (!$item->isEncrypted()) {
116		- // ignore
117		- continue;
118		- }
119		-
120		- $stats = $this->rootView->stat($path);
121		- if (!isset($stats['hasHeader']) \|\| $stats['hasHeader'] === false) {
122		- $clean = false;
123		- $output->writeln($path . ' does not have a proper header');
124		- }
125		- }
126		- }
127		-
128		- return $clean;
129		- }
130		-
131		- /**
132		- * setup user file system
133		- *
134		- * @param string $uid
135		- */
136		- protected function setupUserFS($uid) {
137		- \OC_Util::tearDownFS();
138		- \OC_Util::setupFS($uid);
139		- }
	39	+ /** @var Util */
	40	+ protected $util;
	41	+
	42	+ /** @var IConfig */
	43	+ protected $config;
	44	+
	45	+ /** @var QuestionHelper */
	46	+ protected $questionHelper;
	47	+
	48	+ /** @var IUserManager */
	49	+ private $userManager;
	50	+
	51	+ /** @var View */
	52	+ private $rootView;
	53	+
	54	+ /**
	55	+ * @param Util $util
	56	+ * @param IConfig $config
	57	+ * @param QuestionHelper $questionHelper
	58	+ */
	59	+ public function __construct(Util $util,
	60	+ IConfig $config,
	61	+ QuestionHelper $questionHelper,
	62	+ IUserManager $userManager) {
	63	+ parent::__construct();
	64	+
	65	+ $this->util = $util;
	66	+ $this->config = $config;
	67	+ $this->questionHelper = $questionHelper;
	68	+ $this->userManager = $userManager;
	69	+ $this->rootView = new View();
	70	+ }
	71	+
	72	+ protected function configure() {
	73	+ $this
	74	+ ->setName('encryption:scan:legacy-format')
	75	+ ->setDescription('Scan the files for the legacy format');
	76	+ }
	77	+
	78	+ protected function execute(InputInterface $input, OutputInterface $output): int {
	79	+ $result = true;
	80	+
	81	+ $output->writeln('Scanning all files for legacy encryption');
	82	+
	83	+ foreach ($this->userManager->getBackends() as $backend) {
	84	+ $limit = 500;
	85	+ $offset = 0;
	86	+ do {
	87	+ $users = $backend->getUsers('', $limit, $offset);
	88	+ foreach ($users as $user) {
	89	+ $output->writeln('Scanning all files for ' . $user);
	90	+ $this->setupUserFS($user);
	91	+ $result &= $this->scanFolder($output, '/' . $user);
	92	+ }
	93	+ $offset += $limit;
	94	+ } while (count($users) >= $limit);
	95	+ }
	96	+
	97	+ if ($result) {
	98	+ $output->writeln('All scanned files are propperly encrypted. You can disable the legacy compatibility mode.');
	99	+ return 0;
	100	+ }
	101	+
	102	+ return 1;
	103	+ }
	104	+
	105	+ private function scanFolder(OutputInterface $output, string $folder): bool {
	106	+ $clean = true;
	107	+
	108	+ foreach ($this->rootView->getDirectoryContent($folder) as $item) {
	109	+ $path = $folder . '/' . $item['name'];
	110	+ if ($this->rootView->is_dir($path)) {
	111	+ if ($this->scanFolder($output, $path) === false) {
	112	+ $clean = false;
	113	+ }
	114	+ } else {
	115	+ if (!$item->isEncrypted()) {
	116	+ // ignore
	117	+ continue;
	118	+ }
	119	+
	120	+ $stats = $this->rootView->stat($path);
	121	+ if (!isset($stats['hasHeader']) \|\| $stats['hasHeader'] === false) {
	122	+ $clean = false;
	123	+ $output->writeln($path . ' does not have a proper header');
	124	+ }
	125	+ }
	126	+ }
	127	+
	128	+ return $clean;
	129	+ }
	130	+
	131	+ /**
	132	+ * setup user file system
	133	+ *
	134	+ * @param string $uid
	135	+ */
	136	+ protected function setupUserFS($uid) {
	137	+ \OC_Util::tearDownFS();
	138	+ \OC_Util::setupFS($uid);
	139	+ }
140	140	}

		@@ -32,32 +32,32 @@
		block discarded – undo
32	32	use OCP\IURLGenerator;
33	33
34	34	class LegacySSEKeyFormat {
35		- /** @var IL10N */
36		- private $l10n;
37		- /** @var IConfig */
38		- private $config;
39		- /** @var IURLGenerator */
40		- private $urlGenerator;
41		-
42		- public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) {
43		- $this->l10n = $l10n;
44		- $this->config = $config;
45		- $this->urlGenerator = $urlGenerator;
46		- }
47		-
48		- public function description(): string {
49		- return $this->l10n->t('The old server-side-encryption format is enabled. We recommend disabling this.');
50		- }
51		-
52		- public function severity(): string {
53		- return 'warning';
54		- }
55		-
56		- public function run(): bool {
57		- return $this->config->getSystemValueBool('encryption.legacy_format_support', false) === false;
58		- }
59		-
60		- public function linkToDocumentation(): string {
61		- return $this->urlGenerator->linkToDocs('admin-sse-legacy-format');
62		- }
	35	+ /** @var IL10N */
	36	+ private $l10n;
	37	+ /** @var IConfig */
	38	+ private $config;
	39	+ /** @var IURLGenerator */
	40	+ private $urlGenerator;
	41	+
	42	+ public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) {
	43	+ $this->l10n = $l10n;
	44	+ $this->config = $config;
	45	+ $this->urlGenerator = $urlGenerator;
	46	+ }
	47	+
	48	+ public function description(): string {
	49	+ return $this->l10n->t('The old server-side-encryption format is enabled. We recommend disabling this.');
	50	+ }
	51	+
	52	+ public function severity(): string {
	53	+ return 'warning';
	54	+ }
	55	+
	56	+ public function run(): bool {
	57	+ return $this->config->getSystemValueBool('encryption.legacy_format_support', false) === false;
	58	+ }
	59	+
	60	+ public function linkToDocumentation(): string {
	61	+ return $this->urlGenerator->linkToDocs('admin-sse-legacy-format');
	62	+ }
63	63	}

		@@ -68,177 +68,177 @@
		block discarded – undo
68	68
69	69	class Repair implements IOutput {
70	70
71		- /** @var IRepairStep[] */
72		- private $repairSteps;
73		-
74		- /** @var EventDispatcherInterface */
75		- private $dispatcher;
76		-
77		- /** @var string */
78		- private $currentStep;
79		-
80		- /**
81		- * Creates a new repair step runner
82		- *
83		- * @param IRepairStep[] $repairSteps array of RepairStep instances
84		- * @param EventDispatcherInterface $dispatcher
85		- */
86		- public function __construct(array $repairSteps, EventDispatcherInterface $dispatcher) {
87		- $this->repairSteps = $repairSteps;
88		- $this->dispatcher = $dispatcher;
89		- }
90		-
91		- /**
92		- * Run a series of repair steps for common problems
93		- */
94		- public function run() {
95		- if (count($this->repairSteps) === 0) {
96		- $this->emit('\OC\Repair', 'info', ['No repair steps available']);
97		-
98		- return;
99		- }
100		- // run each repair step
101		- foreach ($this->repairSteps as $step) {
102		- $this->currentStep = $step->getName();
103		- $this->emit('\OC\Repair', 'step', [$this->currentStep]);
104		- $step->run($this);
105		- }
106		- }
107		-
108		- /**
109		- * Add repair step
110		- *
111		- * @param IRepairStep\|string $repairStep repair step
112		- * @throws \Exception
113		- */
114		- public function addStep($repairStep) {
115		- if (is_string($repairStep)) {
116		- try {
117		- $s = \OC::$server->query($repairStep);
118		- } catch (QueryException $e) {
119		- if (class_exists($repairStep)) {
120		- $s = new $repairStep();
121		- } else {
122		- throw new \Exception("Repair step '$repairStep' is unknown");
123		- }
124		- }
125		-
126		- if ($s instanceof IRepairStep) {
127		- $this->repairSteps[] = $s;
128		- } else {
129		- throw new \Exception("Repair step '$repairStep' is not of type \\OCP\\Migration\\IRepairStep");
130		- }
131		- } else {
132		- $this->repairSteps[] = $repairStep;
133		- }
134		- }
135		-
136		- /**
137		- * Returns the default repair steps to be run on the
138		- * command line or after an upgrade.
139		- *
140		- * @return IRepairStep[]
141		- */
142		- public static function getRepairSteps() {
143		- return [
144		- new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->getDatabaseConnection(), false),
145		- new RepairMimeTypes(\OC::$server->getConfig()),
146		- new CleanTags(\OC::$server->getDatabaseConnection(), \OC::$server->getUserManager()),
147		- new RepairInvalidShares(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()),
148		- new MoveUpdaterStepFile(\OC::$server->getConfig()),
149		- new FixMountStorages(\OC::$server->getDatabaseConnection()),
150		- new AddLogRotateJob(\OC::$server->getJobList()),
151		- new ClearFrontendCaches(\OC::$server->getMemCacheFactory(), \OC::$server->query(SCSSCacher::class), \OC::$server->query(JSCombiner::class)),
152		- new ClearGeneratedAvatarCache(\OC::$server->getConfig(), \OC::$server->query(AvatarManager::class)),
153		- new AddPreviewBackgroundCleanupJob(\OC::$server->getJobList()),
154		- new AddCleanupUpdaterBackupsJob(\OC::$server->getJobList()),
155		- new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()),
156		- new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()),
157		- new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
158		- new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
159		- \OC::$server->query(ResetGeneratedAvatarFlag::class),
160		- \OC::$server->query(EncryptionLegacyCipher::class),
161		- ];
162		- }
163		-
164		- /**
165		- * Returns expensive repair steps to be run on the
166		- * command line with a special option.
167		- *
168		- * @return IRepairStep[]
169		- */
170		- public static function getExpensiveRepairSteps() {
171		- return [
172		- new OldGroupMembershipShares(\OC::$server->getDatabaseConnection(), \OC::$server->getGroupManager())
173		- ];
174		- }
175		-
176		- /**
177		- * Returns the repair steps to be run before an
178		- * upgrade.
179		- *
180		- * @return IRepairStep[]
181		- */
182		- public static function getBeforeUpgradeRepairSteps() {
183		- $connection = \OC::$server->getDatabaseConnection();
184		- $config = \OC::$server->getConfig();
185		- $steps = [
186		- new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), $connection, true),
187		- new SqliteAutoincrement($connection),
188		- new SaveAccountsTableData($connection, $config),
189		- new DropAccountTermsTable($connection)
190		- ];
191		-
192		- return $steps;
193		- }
194		-
195		- /**
196		- * @param string $scope
197		- * @param string $method
198		- * @param array $arguments
199		- */
200		- public function emit($scope, $method, array $arguments = []) {
201		- if (!is_null($this->dispatcher)) {
202		- $this->dispatcher->dispatch("$scope::$method",
203		- new GenericEvent("$scope::$method", $arguments));
204		- }
205		- }
206		-
207		- public function info($string) {
208		- // for now just emit as we did in the past
209		- $this->emit('\OC\Repair', 'info', [$string]);
210		- }
211		-
212		- /**
213		- * @param string $message
214		- */
215		- public function warning($message) {
216		- // for now just emit as we did in the past
217		- $this->emit('\OC\Repair', 'warning', [$message]);
218		- }
219		-
220		- /**
221		- * @param int $max
222		- */
223		- public function startProgress($max = 0) {
224		- // for now just emit as we did in the past
225		- $this->emit('\OC\Repair', 'startProgress', [$max, $this->currentStep]);
226		- }
227		-
228		- /**
229		- * @param int $step
230		- * @param string $description
231		- */
232		- public function advance($step = 1, $description = '') {
233		- // for now just emit as we did in the past
234		- $this->emit('\OC\Repair', 'advance', [$step, $description]);
235		- }
236		-
237		- /**
238		- * @param int $max
239		- */
240		- public function finishProgress() {
241		- // for now just emit as we did in the past
242		- $this->emit('\OC\Repair', 'finishProgress', []);
243		- }
	71	+ /** @var IRepairStep[] */
	72	+ private $repairSteps;
	73	+
	74	+ /** @var EventDispatcherInterface */
	75	+ private $dispatcher;
	76	+
	77	+ /** @var string */
	78	+ private $currentStep;
	79	+
	80	+ /**
	81	+ * Creates a new repair step runner
	82	+ *
	83	+ * @param IRepairStep[] $repairSteps array of RepairStep instances
	84	+ * @param EventDispatcherInterface $dispatcher
	85	+ */
	86	+ public function __construct(array $repairSteps, EventDispatcherInterface $dispatcher) {
	87	+ $this->repairSteps = $repairSteps;
	88	+ $this->dispatcher = $dispatcher;
	89	+ }
	90	+
	91	+ /**
	92	+ * Run a series of repair steps for common problems
	93	+ */
	94	+ public function run() {
	95	+ if (count($this->repairSteps) === 0) {
	96	+ $this->emit('\OC\Repair', 'info', ['No repair steps available']);
	97	+
	98	+ return;
	99	+ }
	100	+ // run each repair step
	101	+ foreach ($this->repairSteps as $step) {
	102	+ $this->currentStep = $step->getName();
	103	+ $this->emit('\OC\Repair', 'step', [$this->currentStep]);
	104	+ $step->run($this);
	105	+ }
	106	+ }
	107	+
	108	+ /**
	109	+ * Add repair step
	110	+ *
	111	+ * @param IRepairStep\|string $repairStep repair step
	112	+ * @throws \Exception
	113	+ */
	114	+ public function addStep($repairStep) {
	115	+ if (is_string($repairStep)) {
	116	+ try {
	117	+ $s = \OC::$server->query($repairStep);
	118	+ } catch (QueryException $e) {
	119	+ if (class_exists($repairStep)) {
	120	+ $s = new $repairStep();
	121	+ } else {
	122	+ throw new \Exception("Repair step '$repairStep' is unknown");
	123	+ }
	124	+ }
	125	+
	126	+ if ($s instanceof IRepairStep) {
	127	+ $this->repairSteps[] = $s;
	128	+ } else {
	129	+ throw new \Exception("Repair step '$repairStep' is not of type \\OCP\\Migration\\IRepairStep");
	130	+ }
	131	+ } else {
	132	+ $this->repairSteps[] = $repairStep;
	133	+ }
	134	+ }
	135	+
	136	+ /**
	137	+ * Returns the default repair steps to be run on the
	138	+ * command line or after an upgrade.
	139	+ *
	140	+ * @return IRepairStep[]
	141	+ */
	142	+ public static function getRepairSteps() {
	143	+ return [
	144	+ new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->getDatabaseConnection(), false),
	145	+ new RepairMimeTypes(\OC::$server->getConfig()),
	146	+ new CleanTags(\OC::$server->getDatabaseConnection(), \OC::$server->getUserManager()),
	147	+ new RepairInvalidShares(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()),
	148	+ new MoveUpdaterStepFile(\OC::$server->getConfig()),
	149	+ new FixMountStorages(\OC::$server->getDatabaseConnection()),
	150	+ new AddLogRotateJob(\OC::$server->getJobList()),
	151	+ new ClearFrontendCaches(\OC::$server->getMemCacheFactory(), \OC::$server->query(SCSSCacher::class), \OC::$server->query(JSCombiner::class)),
	152	+ new ClearGeneratedAvatarCache(\OC::$server->getConfig(), \OC::$server->query(AvatarManager::class)),
	153	+ new AddPreviewBackgroundCleanupJob(\OC::$server->getJobList()),
	154	+ new AddCleanupUpdaterBackupsJob(\OC::$server->getJobList()),
	155	+ new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()),
	156	+ new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()),
	157	+ new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
	158	+ new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
	159	+ \OC::$server->query(ResetGeneratedAvatarFlag::class),
	160	+ \OC::$server->query(EncryptionLegacyCipher::class),
	161	+ ];
	162	+ }
	163	+
	164	+ /**
	165	+ * Returns expensive repair steps to be run on the
	166	+ * command line with a special option.
	167	+ *
	168	+ * @return IRepairStep[]
	169	+ */
	170	+ public static function getExpensiveRepairSteps() {
	171	+ return [
	172	+ new OldGroupMembershipShares(\OC::$server->getDatabaseConnection(), \OC::$server->getGroupManager())
	173	+ ];
	174	+ }
	175	+
	176	+ /**
	177	+ * Returns the repair steps to be run before an
	178	+ * upgrade.
	179	+ *
	180	+ * @return IRepairStep[]
	181	+ */
	182	+ public static function getBeforeUpgradeRepairSteps() {
	183	+ $connection = \OC::$server->getDatabaseConnection();
	184	+ $config = \OC::$server->getConfig();
	185	+ $steps = [
	186	+ new Collation(\OC::$server->getConfig(), \OC::$server->getLogger(), $connection, true),
	187	+ new SqliteAutoincrement($connection),
	188	+ new SaveAccountsTableData($connection, $config),
	189	+ new DropAccountTermsTable($connection)
	190	+ ];
	191	+
	192	+ return $steps;
	193	+ }
	194	+
	195	+ /**
	196	+ * @param string $scope
	197	+ * @param string $method
	198	+ * @param array $arguments
	199	+ */
	200	+ public function emit($scope, $method, array $arguments = []) {
	201	+ if (!is_null($this->dispatcher)) {
	202	+ $this->dispatcher->dispatch("$scope::$method",
	203	+ new GenericEvent("$scope::$method", $arguments));
	204	+ }
	205	+ }
	206	+
	207	+ public function info($string) {
	208	+ // for now just emit as we did in the past
	209	+ $this->emit('\OC\Repair', 'info', [$string]);
	210	+ }
	211	+
	212	+ /**
	213	+ * @param string $message
	214	+ */
	215	+ public function warning($message) {
	216	+ // for now just emit as we did in the past
	217	+ $this->emit('\OC\Repair', 'warning', [$message]);
	218	+ }
	219	+
	220	+ /**
	221	+ * @param int $max
	222	+ */
	223	+ public function startProgress($max = 0) {
	224	+ // for now just emit as we did in the past
	225	+ $this->emit('\OC\Repair', 'startProgress', [$max, $this->currentStep]);
	226	+ }
	227	+
	228	+ /**
	229	+ * @param int $step
	230	+ * @param string $description
	231	+ */
	232	+ public function advance($step = 1, $description = '') {
	233	+ // for now just emit as we did in the past
	234	+ $this->emit('\OC\Repair', 'advance', [$step, $description]);
	235	+ }
	236	+
	237	+ /**
	238	+ * @param int $max
	239	+ */
	240	+ public function finishProgress() {
	241	+ // for now just emit as we did in the past
	242	+ $this->emit('\OC\Repair', 'finishProgress', []);
	243	+ }
244	244	}

		@@ -32,31 +32,31 @@
		block discarded – undo
32	32
33	33	class EncryptionLegacyCipher implements IRepairStep {
34	34
35		- /** @var IConfig */
36		- private $config;
37		- /** @var IManager */
38		- private $manager;
39		-
40		- public function __construct(IConfig $config,
41		- IManager $manager) {
42		- $this->config = $config;
43		- $this->manager = $manager;
44		- }
45		-
46		- public function getName(): string {
47		- return 'Keep legacy encryption enabled';
48		- }
49		-
50		- private function shouldRun(): bool {
51		- $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
52		- return version_compare($versionFromBeforeUpdate, '20.0.0.0', '<=');
53		- }
54		-
55		- public function run(IOutput $output): void {
56		- if ($this->manager->isEnabled()) {
57		- if ($this->config->getSystemValue('encryption.legacy_format_support', '') === '') {
58		- $this->config->setSystemValue('encryption.legacy_format_support', true);
59		- }
60		- }
61		- }
	35	+ /** @var IConfig */
	36	+ private $config;
	37	+ /** @var IManager */
	38	+ private $manager;
	39	+
	40	+ public function __construct(IConfig $config,
	41	+ IManager $manager) {
	42	+ $this->config = $config;
	43	+ $this->manager = $manager;
	44	+ }
	45	+
	46	+ public function getName(): string {
	47	+ return 'Keep legacy encryption enabled';
	48	+ }
	49	+
	50	+ private function shouldRun(): bool {
	51	+ $versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
	52	+ return version_compare($versionFromBeforeUpdate, '20.0.0.0', '<=');
	53	+ }
	54	+
	55	+ public function run(IOutput $output): void {
	56	+ if ($this->manager->isEnabled()) {
	57	+ if ($this->config->getSystemValue('encryption.legacy_format_support', '') === '') {
	58	+ $this->config->setSystemValue('encryption.legacy_format_support', true);
	59	+ }
	60	+ }
	61	+ }
62	62	}

nextcloud / server

Push — master ( 4361d6...b604d5 )

Status

Category

Indentation +661 added lines, -661 removed lines patch added patch discarded remove patch

Indentation +101 added lines, -101 removed lines patch added patch discarded remove patch

Indentation +650 added lines, -650 removed lines patch added patch discarded remove patch

Indentation +28 added lines, -28 removed lines patch added patch discarded remove patch

Indentation +173 added lines, -173 removed lines patch added patch discarded remove patch

Indentation +988 added lines, -988 removed lines patch added patch discarded remove patch

Indentation +27 added lines, -27 removed lines patch added patch discarded remove patch