nextcloud / server

apps/encryption/templates/altmail.php

Indentation +2 added lines, -2 removed lines

@@ -4,8 +4,8 @@
 
 print_unescaped($l->t("Hey there,\n\nthe admin enabled server-side-encryption. Your files were encrypted using the password '%s'.\n\nPlease login to the web interface, go to the section 'basic encryption module' of your personal settings and update your encryption password by entering this password into the 'old log-in password' field and your current login-password.\n\n", array($_['password'])));
 if ( isset($_['expiration']) ) {
-	print_unescaped($l->t("The share will expire on %s.", array($_['expiration'])));
-	print_unescaped("\n\n");
+    print_unescaped($l->t("The share will expire on %s.", array($_['expiration'])));
+    print_unescaped("\n\n");
 }
 // TRANSLATORS term at the end of a mail
 p($l->t("Cheers!"));

apps/encryption/templates/settings-personal.php

Indentation +4 added lines, -4 removed lines

@@ -1,6 +1,6 @@ 
 <?php
-	/** @var array $_ */
-	/** @var \OCP\IL10N $l */
+    /** @var array $_ */
+    /** @var \OCP\IL10N $l */
 script('encryption', 'settings-personal');
 script('core', 'multiselect');
 ?>
@@ -20,8 +20,8 @@ 
 			<br />
 			<?php p( $l->t( "Set your old private key password to your current log-in password:" ) ); ?>
 			<?php if (  $_["recoveryEnabledForUser"] ):
-					p( $l->t( " If you don't remember your old password you can ask your administrator to recover your files." ) );
-			endif; ?>
+                    p( $l->t( " If you don't remember your old password you can ask your administrator to recover your files." ) );
+            endif; ?>
 			<br />
 			<input
 				type="password"

apps/encryption/templates/mail.php

Indentation +4 added lines, -4 removed lines

@@ -15,10 +15,10 @@
 					<td width="20px">&nbsp;</td>
 					<td style="font-weight:normal; font-size:0.8em; line-height:1.2em; font-family:verdana,'arial',sans;">
 						<?php
-						print_unescaped($l->t('Hey there,<br><br>the admin enabled server-side-encryption. Your files were encrypted using the password <strong>%s</strong>.<br><br>Please login to the web interface, go to the section "basic encryption module" of your personal settings and update your encryption password by entering this password into the "old log-in password" field and your current login-password.<br><br>', array($_['password'])));
-						// TRANSLATORS term at the end of a mail
-						p($l->t('Cheers!'));
-						?>
+                        print_unescaped($l->t('Hey there,<br><br>the admin enabled server-side-encryption. Your files were encrypted using the password <strong>%s</strong>.<br><br>Please login to the web interface, go to the section "basic encryption module" of your personal settings and update your encryption password by entering this password into the "old log-in password" field and your current login-password.<br><br>', array($_['password'])));
+                        // TRANSLATORS term at the end of a mail
+                        p($l->t('Cheers!'));
+                        ?>
 					</td>
 				</tr>
 				<tr><td colspan="2">&nbsp;</td></tr>

apps/encryption/lib/Migration.php

Indentation +355 added lines, -355 removed lines

@@ -32,359 +32,359 @@
 
 class Migration {
 
-	private $moduleId;
-	/** @var \OC\Files\View */
-	private $view;
-	/** @var \OCP\IDBConnection */
-	private $connection;
-	/** @var IConfig */
-	private $config;
-	/** @var  ILogger */
-	private $logger;
-	/** @var string*/
-	protected $installedVersion;
-
-	/**
-	 * @param IConfig $config
-	 * @param View $view
-	 * @param IDBConnection $connection
-	 * @param ILogger $logger
-	 */
-	public function __construct(IConfig $config, View $view, IDBConnection $connection, ILogger $logger) {
-		$this->view = $view;
-		$this->view->disableCacheUpdate();
-		$this->connection = $connection;
-		$this->moduleId = \OCA\Encryption\Crypto\Encryption::ID;
-		$this->config = $config;
-		$this->logger = $logger;
-		$this->installedVersion = $this->config->getAppValue('files_encryption', 'installed_version', '-1');
-	}
-
-	public function finalCleanUp() {
-		$this->view->deleteAll('files_encryption/public_keys');
-		$this->updateFileCache();
-		$this->config->deleteAppValue('files_encryption', 'installed_version');
-	}
-
-	/**
-	 * update file cache, copy unencrypted_size to the 'size' column
-	 */
-	private function updateFileCache() {
-		// make sure that we don't update the file cache multiple times
-		// only update during the first run
-		if ($this->installedVersion !== '-1') {
-			$query = $this->connection->getQueryBuilder();
-			$query->update('filecache')
-				->set('size', 'unencrypted_size')
-				->where($query->expr()->eq('encrypted', $query->createParameter('encrypted')))
-				->setParameter('encrypted', 1);
-			$query->execute();
-		}
-	}
-
-	/**
-	 * iterate through users and reorganize the folder structure
-	 */
-	public function reorganizeFolderStructure() {
-		$this->reorganizeSystemFolderStructure();
-
-		$limit = 500;
-		$offset = 0;
-		do {
-			$users = \OCP\User::getUsers('', $limit, $offset);
-			foreach ($users as $user) {
-				$this->reorganizeFolderStructureForUser($user);
-			}
-			$offset += $limit;
-		} while (count($users) >= $limit);
-	}
-
-	/**
-	 * reorganize system wide folder structure
-	 */
-	public function reorganizeSystemFolderStructure() {
-
-		$this->createPathForKeys('/files_encryption');
-
-		// backup system wide folders
-		$this->backupSystemWideKeys();
-
-		// rename system wide mount point
-		$this->renameFileKeys('', '/files_encryption/keys');
-
-		// rename system private keys
-		$this->renameSystemPrivateKeys();
-
-		$storage = $this->view->getMount('')->getStorage();
-		$storage->getScanner()->scan('files_encryption');
-	}
-
-
-	/**
-	 * reorganize folder structure for user
-	 *
-	 * @param string $user
-	 */
-	public function reorganizeFolderStructureForUser($user) {
-		// backup all keys
-		\OC_Util::tearDownFS();
-		\OC_Util::setupFS($user);
-		if ($this->backupUserKeys($user)) {
-			// rename users private key
-			$this->renameUsersPrivateKey($user);
-			$this->renameUsersPublicKey($user);
-			// rename file keys
-			$path = '/files_encryption/keys';
-			$this->renameFileKeys($user, $path);
-			$trashPath = '/files_trashbin/keys';
-			if (\OC_App::isEnabled('files_trashbin') && $this->view->is_dir($user . '/' . $trashPath)) {
-				$this->renameFileKeys($user, $trashPath, true);
-				$this->view->deleteAll($trashPath);
-			}
-			// delete old folders
-			$this->deleteOldKeys($user);
-			$this->view->getMount('/' . $user)->getStorage()->getScanner()->scan('files_encryption');
-		}
-	}
-
-	/**
-	 * update database
-	 */
-	public function updateDB() {
-
-		// make sure that we don't update the file cache multiple times
-		// only update during the first run
-		if ($this->installedVersion === '-1') {
-			return;
-		}
-
-		// delete left-over from old encryption which is no longer needed
-		$this->config->deleteAppValue('files_encryption', 'ocsid');
-		$this->config->deleteAppValue('files_encryption', 'types');
-		$this->config->deleteAppValue('files_encryption', 'enabled');
-
-		$oldAppValues = $this->connection->getQueryBuilder();
-		$oldAppValues->select('*')
-			->from('appconfig')
-			->where($oldAppValues->expr()->eq('appid', $oldAppValues->createParameter('appid')))
-			->setParameter('appid', 'files_encryption');
-		$appSettings = $oldAppValues->execute();
-
-		while ($row = $appSettings->fetch()) {
-			// 'installed_version' gets deleted at the end of the migration process
-			if ($row['configkey'] !== 'installed_version' ) {
-				$this->config->setAppValue('encryption', $row['configkey'], $row['configvalue']);
-				$this->config->deleteAppValue('files_encryption', $row['configkey']);
-			}
-		}
-
-		$oldPreferences = $this->connection->getQueryBuilder();
-		$oldPreferences->select('*')
-			->from('preferences')
-			->where($oldPreferences->expr()->eq('appid', $oldPreferences->createParameter('appid')))
-			->setParameter('appid', 'files_encryption');
-		$preferenceSettings = $oldPreferences->execute();
-
-		while ($row = $preferenceSettings->fetch()) {
-			$this->config->setUserValue($row['userid'], 'encryption', $row['configkey'], $row['configvalue']);
-			$this->config->deleteUserValue($row['userid'], 'files_encryption', $row['configkey']);
-		}
-	}
-
-	/**
-	 * create backup of system-wide keys
-	 */
-	private function backupSystemWideKeys() {
-		$backupDir = 'encryption_migration_backup_' . date("Y-m-d_H-i-s");
-		$this->view->mkdir($backupDir);
-		$this->view->copy('files_encryption', $backupDir . '/files_encryption');
-	}
-
-	/**
-	 * create backup of user specific keys
-	 *
-	 * @param string $user
-	 * @return bool
-	 */
-	private function backupUserKeys($user) {
-		$encryptionDir = $user . '/files_encryption';
-		if ($this->view->is_dir($encryptionDir)) {
-			$backupDir = $user . '/encryption_migration_backup_' . date("Y-m-d_H-i-s");
-			$this->view->mkdir($backupDir);
-			$this->view->copy($encryptionDir, $backupDir);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * rename system-wide private keys
-	 */
-	private function renameSystemPrivateKeys() {
-		$dh = $this->view->opendir('files_encryption');
-		$this->createPathForKeys('/files_encryption/' . $this->moduleId );
-		if (is_resource($dh)) {
-			while (($privateKey = readdir($dh)) !== false) {
-				if (!\OC\Files\Filesystem::isIgnoredDir($privateKey) ) {
-					if (!$this->view->is_dir('/files_encryption/' . $privateKey)) {
-						$this->view->rename('files_encryption/' . $privateKey, 'files_encryption/' . $this->moduleId . '/' . $privateKey);
-						$this->renameSystemPublicKey($privateKey);
-					}
-				}
-			}
-			closedir($dh);
-		}
-	}
-
-	/**
-	 * rename system wide public key
-	 *
-	 * @param string $privateKey private key for which we want to rename the corresponding public key
-	 */
-	private function renameSystemPublicKey($privateKey) {
-		$publicKey = substr($privateKey,0 , strrpos($privateKey, '.privateKey')) . '.publicKey';
-		$this->view->rename('files_encryption/public_keys/' . $publicKey, 'files_encryption/' . $this->moduleId . '/' . $publicKey);
-	}
-
-	/**
-	 * rename user-specific private keys
-	 *
-	 * @param string $user
-	 */
-	private function renameUsersPrivateKey($user) {
-		$oldPrivateKey = $user . '/files_encryption/' . $user . '.privateKey';
-		$newPrivateKey = $user . '/files_encryption/' . $this->moduleId . '/' . $user . '.privateKey';
-		if ($this->view->file_exists($oldPrivateKey)) {
-			$this->createPathForKeys(dirname($newPrivateKey));
-			$this->view->rename($oldPrivateKey, $newPrivateKey);
-		}
-	}
-
-	/**
-	 * rename user-specific public keys
-	 *
-	 * @param string $user
-	 */
-	private function renameUsersPublicKey($user) {
-		$oldPublicKey = '/files_encryption/public_keys/' . $user . '.publicKey';
-		$newPublicKey = $user . '/files_encryption/' . $this->moduleId . '/' . $user . '.publicKey';
-		if ($this->view->file_exists($oldPublicKey)) {
-			$this->createPathForKeys(dirname($newPublicKey));
-			$this->view->rename($oldPublicKey, $newPublicKey);
-		}
-	}
-
-	/**
-	 * rename file keys
-	 *
-	 * @param string $user
-	 * @param string $path
-	 * @param bool $trash
-	 */
-	private function renameFileKeys($user, $path, $trash = false) {
-
-		if ($this->view->is_dir($user . '/' . $path) === false) {
-			$this->logger->info('Skip dir /' . $user . '/' . $path . ': does not exist');
-			return;
-		}
-
-		$dh = $this->view->opendir($user . '/' . $path);
-
-		if (is_resource($dh)) {
-			while (($file = readdir($dh)) !== false) {
-				if (!\OC\Files\Filesystem::isIgnoredDir($file)) {
-					if ($this->view->is_dir($user . '/' . $path . '/' . $file)) {
-						$this->renameFileKeys($user, $path . '/' . $file, $trash);
-					} else {
-						$target = $this->getTargetDir($user, $path, $file, $trash);
-						if ($target !== false) {
-							$this->createPathForKeys(dirname($target));
-							$this->view->rename($user . '/' . $path . '/' . $file, $target);
-						} else {
-							$this->logger->warning(
-								'did not move key "' . $file
-								. '" could not find the corresponding file in /data/' . $user . '/files.'
-							. 'Most likely the key was already moved in a previous migration run and is already on the right place.');
-						}
-					}
-				}
-			}
-			closedir($dh);
-		}
-	}
-
-	/**
-	 * get system mount points
-	 * wrap static method so that it can be mocked for testing
-	 *
-	 * @internal
-	 * @return array
-	 */
-	protected function getSystemMountPoints() {
-		return \OC_Mount_Config::getSystemMountPoints();
-	}
-
-	/**
-	 * generate target directory
-	 *
-	 * @param string $user
-	 * @param string $keyPath
-	 * @param string $filename
-	 * @param bool $trash
-	 * @return string
-	 */
-	private function getTargetDir($user, $keyPath, $filename, $trash) {
-		if ($trash) {
-			$filePath = substr($keyPath, strlen('/files_trashbin/keys/'));
-			$targetDir = $user . '/files_encryption/keys/files_trashbin/' . $filePath . '/' . $this->moduleId . '/' . $filename;
-		} else {
-			$filePath = substr($keyPath, strlen('/files_encryption/keys/'));
-			$targetDir = $user . '/files_encryption/keys/files/' . $filePath . '/' . $this->moduleId . '/' . $filename;
-		}
-
-		if ($user === '') {
-			// for system wide mounts we need to check if the mount point really exists
-			$normalized = \OC\Files\Filesystem::normalizePath($filePath);
-			$systemMountPoints = $this->getSystemMountPoints();
-			foreach ($systemMountPoints as $mountPoint) {
-				$normalizedMountPoint = \OC\Files\Filesystem::normalizePath($mountPoint['mountpoint']) . '/';
-				if (strpos($normalized, $normalizedMountPoint) === 0)
-					return $targetDir;
-			}
-		} else if ($trash === false && $this->view->file_exists('/' . $user. '/files/' . $filePath)) {
-			return $targetDir;
-		} else if ($trash === true && $this->view->file_exists('/' . $user. '/files_trashbin/' . $filePath)) {
-				return $targetDir;
-			}
-
-		return false;
-	}
-
-	/**
-	 * delete old keys
-	 *
-	 * @param string $user
-	 */
-	private function deleteOldKeys($user) {
-		$this->view->deleteAll($user . '/files_encryption/keyfiles');
-		$this->view->deleteAll($user . '/files_encryption/share-keys');
-	}
-
-	/**
-	 * create directories for the keys recursively
-	 *
-	 * @param string $path
-	 */
-	private function createPathForKeys($path) {
-		if (!$this->view->file_exists($path)) {
-			$sub_dirs = explode('/', $path);
-			$dir = '';
-			foreach ($sub_dirs as $sub_dir) {
-				$dir .= '/' . $sub_dir;
-				if (!$this->view->is_dir($dir)) {
-					$this->view->mkdir($dir);
-				}
-			}
-		}
-	}
+    private $moduleId;
+    /** @var \OC\Files\View */
+    private $view;
+    /** @var \OCP\IDBConnection */
+    private $connection;
+    /** @var IConfig */
+    private $config;
+    /** @var  ILogger */
+    private $logger;
+    /** @var string*/
+    protected $installedVersion;
+
+    /**
+     * @param IConfig $config
+     * @param View $view
+     * @param IDBConnection $connection
+     * @param ILogger $logger
+     */
+    public function __construct(IConfig $config, View $view, IDBConnection $connection, ILogger $logger) {
+        $this->view = $view;
+        $this->view->disableCacheUpdate();
+        $this->connection = $connection;
+        $this->moduleId = \OCA\Encryption\Crypto\Encryption::ID;
+        $this->config = $config;
+        $this->logger = $logger;
+        $this->installedVersion = $this->config->getAppValue('files_encryption', 'installed_version', '-1');
+    }
+
+    public function finalCleanUp() {
+        $this->view->deleteAll('files_encryption/public_keys');
+        $this->updateFileCache();
+        $this->config->deleteAppValue('files_encryption', 'installed_version');
+    }
+
+    /**
+     * update file cache, copy unencrypted_size to the 'size' column
+     */
+    private function updateFileCache() {
+        // make sure that we don't update the file cache multiple times
+        // only update during the first run
+        if ($this->installedVersion !== '-1') {
+            $query = $this->connection->getQueryBuilder();
+            $query->update('filecache')
+                ->set('size', 'unencrypted_size')
+                ->where($query->expr()->eq('encrypted', $query->createParameter('encrypted')))
+                ->setParameter('encrypted', 1);
+            $query->execute();
+        }
+    }
+
+    /**
+     * iterate through users and reorganize the folder structure
+     */
+    public function reorganizeFolderStructure() {
+        $this->reorganizeSystemFolderStructure();
+
+        $limit = 500;
+        $offset = 0;
+        do {
+            $users = \OCP\User::getUsers('', $limit, $offset);
+            foreach ($users as $user) {
+                $this->reorganizeFolderStructureForUser($user);
+            }
+            $offset += $limit;
+        } while (count($users) >= $limit);
+    }
+
+    /**
+     * reorganize system wide folder structure
+     */
+    public function reorganizeSystemFolderStructure() {
+
+        $this->createPathForKeys('/files_encryption');
+
+        // backup system wide folders
+        $this->backupSystemWideKeys();
+
+        // rename system wide mount point
+        $this->renameFileKeys('', '/files_encryption/keys');
+
+        // rename system private keys
+        $this->renameSystemPrivateKeys();
+
+        $storage = $this->view->getMount('')->getStorage();
+        $storage->getScanner()->scan('files_encryption');
+    }
+
+
+    /**
+     * reorganize folder structure for user
+     *
+     * @param string $user
+     */
+    public function reorganizeFolderStructureForUser($user) {
+        // backup all keys
+        \OC_Util::tearDownFS();
+        \OC_Util::setupFS($user);
+        if ($this->backupUserKeys($user)) {
+            // rename users private key
+            $this->renameUsersPrivateKey($user);
+            $this->renameUsersPublicKey($user);
+            // rename file keys
+            $path = '/files_encryption/keys';
+            $this->renameFileKeys($user, $path);
+            $trashPath = '/files_trashbin/keys';
+            if (\OC_App::isEnabled('files_trashbin') && $this->view->is_dir($user . '/' . $trashPath)) {
+                $this->renameFileKeys($user, $trashPath, true);
+                $this->view->deleteAll($trashPath);
+            }
+            // delete old folders
+            $this->deleteOldKeys($user);
+            $this->view->getMount('/' . $user)->getStorage()->getScanner()->scan('files_encryption');
+        }
+    }
+
+    /**
+     * update database
+     */
+    public function updateDB() {
+
+        // make sure that we don't update the file cache multiple times
+        // only update during the first run
+        if ($this->installedVersion === '-1') {
+            return;
+        }
+
+        // delete left-over from old encryption which is no longer needed
+        $this->config->deleteAppValue('files_encryption', 'ocsid');
+        $this->config->deleteAppValue('files_encryption', 'types');
+        $this->config->deleteAppValue('files_encryption', 'enabled');
+
+        $oldAppValues = $this->connection->getQueryBuilder();
+        $oldAppValues->select('*')
+            ->from('appconfig')
+            ->where($oldAppValues->expr()->eq('appid', $oldAppValues->createParameter('appid')))
+            ->setParameter('appid', 'files_encryption');
+        $appSettings = $oldAppValues->execute();
+
+        while ($row = $appSettings->fetch()) {
+            // 'installed_version' gets deleted at the end of the migration process
+            if ($row['configkey'] !== 'installed_version' ) {
+                $this->config->setAppValue('encryption', $row['configkey'], $row['configvalue']);
+                $this->config->deleteAppValue('files_encryption', $row['configkey']);
+            }
+        }
+
+        $oldPreferences = $this->connection->getQueryBuilder();
+        $oldPreferences->select('*')
+            ->from('preferences')
+            ->where($oldPreferences->expr()->eq('appid', $oldPreferences->createParameter('appid')))
+            ->setParameter('appid', 'files_encryption');
+        $preferenceSettings = $oldPreferences->execute();
+
+        while ($row = $preferenceSettings->fetch()) {
+            $this->config->setUserValue($row['userid'], 'encryption', $row['configkey'], $row['configvalue']);
+            $this->config->deleteUserValue($row['userid'], 'files_encryption', $row['configkey']);
+        }
+    }
+
+    /**
+     * create backup of system-wide keys
+     */
+    private function backupSystemWideKeys() {
+        $backupDir = 'encryption_migration_backup_' . date("Y-m-d_H-i-s");
+        $this->view->mkdir($backupDir);
+        $this->view->copy('files_encryption', $backupDir . '/files_encryption');
+    }
+
+    /**
+     * create backup of user specific keys
+     *
+     * @param string $user
+     * @return bool
+     */
+    private function backupUserKeys($user) {
+        $encryptionDir = $user . '/files_encryption';
+        if ($this->view->is_dir($encryptionDir)) {
+            $backupDir = $user . '/encryption_migration_backup_' . date("Y-m-d_H-i-s");
+            $this->view->mkdir($backupDir);
+            $this->view->copy($encryptionDir, $backupDir);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * rename system-wide private keys
+     */
+    private function renameSystemPrivateKeys() {
+        $dh = $this->view->opendir('files_encryption');
+        $this->createPathForKeys('/files_encryption/' . $this->moduleId );
+        if (is_resource($dh)) {
+            while (($privateKey = readdir($dh)) !== false) {
+                if (!\OC\Files\Filesystem::isIgnoredDir($privateKey) ) {
+                    if (!$this->view->is_dir('/files_encryption/' . $privateKey)) {
+                        $this->view->rename('files_encryption/' . $privateKey, 'files_encryption/' . $this->moduleId . '/' . $privateKey);
+                        $this->renameSystemPublicKey($privateKey);
+                    }
+                }
+            }
+            closedir($dh);
+        }
+    }
+
+    /**
+     * rename system wide public key
+     *
+     * @param string $privateKey private key for which we want to rename the corresponding public key
+     */
+    private function renameSystemPublicKey($privateKey) {
+        $publicKey = substr($privateKey,0 , strrpos($privateKey, '.privateKey')) . '.publicKey';
+        $this->view->rename('files_encryption/public_keys/' . $publicKey, 'files_encryption/' . $this->moduleId . '/' . $publicKey);
+    }
+
+    /**
+     * rename user-specific private keys
+     *
+     * @param string $user
+     */
+    private function renameUsersPrivateKey($user) {
+        $oldPrivateKey = $user . '/files_encryption/' . $user . '.privateKey';
+        $newPrivateKey = $user . '/files_encryption/' . $this->moduleId . '/' . $user . '.privateKey';
+        if ($this->view->file_exists($oldPrivateKey)) {
+            $this->createPathForKeys(dirname($newPrivateKey));
+            $this->view->rename($oldPrivateKey, $newPrivateKey);
+        }
+    }
+
+    /**
+     * rename user-specific public keys
+     *
+     * @param string $user
+     */
+    private function renameUsersPublicKey($user) {
+        $oldPublicKey = '/files_encryption/public_keys/' . $user . '.publicKey';
+        $newPublicKey = $user . '/files_encryption/' . $this->moduleId . '/' . $user . '.publicKey';
+        if ($this->view->file_exists($oldPublicKey)) {
+            $this->createPathForKeys(dirname($newPublicKey));
+            $this->view->rename($oldPublicKey, $newPublicKey);
+        }
+    }
+
+    /**
+     * rename file keys
+     *
+     * @param string $user
+     * @param string $path
+     * @param bool $trash
+     */
+    private function renameFileKeys($user, $path, $trash = false) {
+
+        if ($this->view->is_dir($user . '/' . $path) === false) {
+            $this->logger->info('Skip dir /' . $user . '/' . $path . ': does not exist');
+            return;
+        }
+
+        $dh = $this->view->opendir($user . '/' . $path);
+
+        if (is_resource($dh)) {
+            while (($file = readdir($dh)) !== false) {
+                if (!\OC\Files\Filesystem::isIgnoredDir($file)) {
+                    if ($this->view->is_dir($user . '/' . $path . '/' . $file)) {
+                        $this->renameFileKeys($user, $path . '/' . $file, $trash);
+                    } else {
+                        $target = $this->getTargetDir($user, $path, $file, $trash);
+                        if ($target !== false) {
+                            $this->createPathForKeys(dirname($target));
+                            $this->view->rename($user . '/' . $path . '/' . $file, $target);
+                        } else {
+                            $this->logger->warning(
+                                'did not move key "' . $file
+                                . '" could not find the corresponding file in /data/' . $user . '/files.'
+                            . 'Most likely the key was already moved in a previous migration run and is already on the right place.');
+                        }
+                    }
+                }
+            }
+            closedir($dh);
+        }
+    }
+
+    /**
+     * get system mount points
+     * wrap static method so that it can be mocked for testing
+     *
+     * @internal
+     * @return array
+     */
+    protected function getSystemMountPoints() {
+        return \OC_Mount_Config::getSystemMountPoints();
+    }
+
+    /**
+     * generate target directory
+     *
+     * @param string $user
+     * @param string $keyPath
+     * @param string $filename
+     * @param bool $trash
+     * @return string
+     */
+    private function getTargetDir($user, $keyPath, $filename, $trash) {
+        if ($trash) {
+            $filePath = substr($keyPath, strlen('/files_trashbin/keys/'));
+            $targetDir = $user . '/files_encryption/keys/files_trashbin/' . $filePath . '/' . $this->moduleId . '/' . $filename;
+        } else {
+            $filePath = substr($keyPath, strlen('/files_encryption/keys/'));
+            $targetDir = $user . '/files_encryption/keys/files/' . $filePath . '/' . $this->moduleId . '/' . $filename;
+        }
+
+        if ($user === '') {
+            // for system wide mounts we need to check if the mount point really exists
+            $normalized = \OC\Files\Filesystem::normalizePath($filePath);
+            $systemMountPoints = $this->getSystemMountPoints();
+            foreach ($systemMountPoints as $mountPoint) {
+                $normalizedMountPoint = \OC\Files\Filesystem::normalizePath($mountPoint['mountpoint']) . '/';
+                if (strpos($normalized, $normalizedMountPoint) === 0)
+                    return $targetDir;
+            }
+        } else if ($trash === false && $this->view->file_exists('/' . $user. '/files/' . $filePath)) {
+            return $targetDir;
+        } else if ($trash === true && $this->view->file_exists('/' . $user. '/files_trashbin/' . $filePath)) {
+                return $targetDir;
+            }
+
+        return false;
+    }
+
+    /**
+     * delete old keys
+     *
+     * @param string $user
+     */
+    private function deleteOldKeys($user) {
+        $this->view->deleteAll($user . '/files_encryption/keyfiles');
+        $this->view->deleteAll($user . '/files_encryption/share-keys');
+    }
+
+    /**
+     * create directories for the keys recursively
+     *
+     * @param string $path
+     */
+    private function createPathForKeys($path) {
+        if (!$this->view->file_exists($path)) {
+            $sub_dirs = explode('/', $path);
+            $dir = '';
+            foreach ($sub_dirs as $sub_dir) {
+                $dir .= '/' . $sub_dir;
+                if (!$this->view->is_dir($dir)) {
+                    $this->view->mkdir($dir);
+                }
+            }
+        }
+    }
 }

apps/encryption/lib/Util.php

Indentation +162 added lines, -162 removed lines

@@ -36,167 +36,167 @@
 use OCP\PreConditionNotMetException;
 
 class Util {
-	/**
-	 * @var View
-	 */
-	private $files;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var bool|IUser
-	 */
-	private $user;
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IUserManager
-	 */
-	private $userManager;
-
-	/**
-	 * Util constructor.
-	 *
-	 * @param View $files
-	 * @param Crypt $crypt
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 */
-	public function __construct(View $files,
-								Crypt $crypt,
-								ILogger $logger,
-								IUserSession $userSession,
-								IConfig $config,
-								IUserManager $userManager
-	) {
-		$this->files = $files;
-		$this->crypt = $crypt;
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
-		$this->config = $config;
-		$this->userManager = $userManager;
-	}
-
-	/**
-	 * check if recovery key is enabled for user
-	 *
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function isRecoveryEnabledForUser($uid) {
-		$recoveryMode = $this->config->getUserValue($uid,
-			'encryption',
-			'recoveryEnabled',
-			'0');
-
-		return ($recoveryMode === '1');
-	}
-
-	/**
-	 * check if the home storage should be encrypted
-	 *
-	 * @return bool
-	 */
-	public function shouldEncryptHomeStorage() {
-		$encryptHomeStorage = $this->config->getAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			'1'
-		);
-
-		return ($encryptHomeStorage === '1');
-	}
-
-	/**
-	 * set the home storage encryption on/off
-	 *
-	 * @param bool $encryptHomeStorage
-	 */
-	public function setEncryptHomeStorage($encryptHomeStorage) {
-		$value = $encryptHomeStorage ? '1' : '0';
-		$this->config->setAppValue(
-			'encryption',
-			'encryptHomeStorage',
-			$value
-		);
-	}
-
-	/**
-	 * check if master key is enabled
-	 *
-	 * @return bool
-	 */
-	public function isMasterKeyEnabled() {
-		$userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '0');
-		return ($userMasterKey === '1');
-	}
-
-	/**
-	 * @param $enabled
-	 * @return bool
-	 */
-	public function setRecoveryForUser($enabled) {
-		$value = $enabled ? '1' : '0';
-
-		try {
-			$this->config->setUserValue($this->user->getUID(),
-				'encryption',
-				'recoveryEnabled',
-				$value);
-			return true;
-		} catch (PreConditionNotMetException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	public function userHasFiles($uid) {
-		return $this->files->file_exists($uid . '/files');
-	}
-
-	/**
-	 * get owner from give path, path relative to data/ expected
-	 *
-	 * @param string $path relative to data/
-	 * @return string
-	 * @throws \BadMethodCallException
-	 */
-	public function getOwner($path) {
-		$owner = '';
-		$parts = explode('/', $path, 3);
-		if (count($parts) > 1) {
-			$owner = $parts[1];
-			if ($this->userManager->userExists($owner) === false) {
-				throw new \BadMethodCallException('Unknown user: ' .
-				'method expects path to a user folder relative to the data folder');
-			}
-
-		}
-
-		return $owner;
-	}
-
-	/**
-	 * get storage of path
-	 *
-	 * @param string $path
-	 * @return \OC\Files\Storage\Storage
-	 */
-	public function getStorage($path) {
-		$storage = $this->files->getMount($path)->getStorage();
-		return $storage;
-	}
+    /**
+     * @var View
+     */
+    private $files;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var bool|IUser
+     */
+    private $user;
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IUserManager
+     */
+    private $userManager;
+
+    /**
+     * Util constructor.
+     *
+     * @param View $files
+     * @param Crypt $crypt
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param IUserManager $userManager
+     */
+    public function __construct(View $files,
+                                Crypt $crypt,
+                                ILogger $logger,
+                                IUserSession $userSession,
+                                IConfig $config,
+                                IUserManager $userManager
+    ) {
+        $this->files = $files;
+        $this->crypt = $crypt;
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
+        $this->config = $config;
+        $this->userManager = $userManager;
+    }
+
+    /**
+     * check if recovery key is enabled for user
+     *
+     * @param string $uid
+     * @return bool
+     */
+    public function isRecoveryEnabledForUser($uid) {
+        $recoveryMode = $this->config->getUserValue($uid,
+            'encryption',
+            'recoveryEnabled',
+            '0');
+
+        return ($recoveryMode === '1');
+    }
+
+    /**
+     * check if the home storage should be encrypted
+     *
+     * @return bool
+     */
+    public function shouldEncryptHomeStorage() {
+        $encryptHomeStorage = $this->config->getAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            '1'
+        );
+
+        return ($encryptHomeStorage === '1');
+    }
+
+    /**
+     * set the home storage encryption on/off
+     *
+     * @param bool $encryptHomeStorage
+     */
+    public function setEncryptHomeStorage($encryptHomeStorage) {
+        $value = $encryptHomeStorage ? '1' : '0';
+        $this->config->setAppValue(
+            'encryption',
+            'encryptHomeStorage',
+            $value
+        );
+    }
+
+    /**
+     * check if master key is enabled
+     *
+     * @return bool
+     */
+    public function isMasterKeyEnabled() {
+        $userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '0');
+        return ($userMasterKey === '1');
+    }
+
+    /**
+     * @param $enabled
+     * @return bool
+     */
+    public function setRecoveryForUser($enabled) {
+        $value = $enabled ? '1' : '0';
+
+        try {
+            $this->config->setUserValue($this->user->getUID(),
+                'encryption',
+                'recoveryEnabled',
+                $value);
+            return true;
+        } catch (PreConditionNotMetException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    public function userHasFiles($uid) {
+        return $this->files->file_exists($uid . '/files');
+    }
+
+    /**
+     * get owner from give path, path relative to data/ expected
+     *
+     * @param string $path relative to data/
+     * @return string
+     * @throws \BadMethodCallException
+     */
+    public function getOwner($path) {
+        $owner = '';
+        $parts = explode('/', $path, 3);
+        if (count($parts) > 1) {
+            $owner = $parts[1];
+            if ($this->userManager->userExists($owner) === false) {
+                throw new \BadMethodCallException('Unknown user: ' .
+                'method expects path to a user folder relative to the data folder');
+            }
+
+        }
+
+        return $owner;
+    }
+
+    /**
+     * get storage of path
+     *
+     * @param string $path
+     * @return \OC\Files\Storage\Storage
+     */
+    public function getStorage($path) {
+        $storage = $this->files->getMount($path)->getStorage();
+        return $storage;
+    }
 
 }

apps/encryption/lib/Users/Setup.php

Indentation +50 added lines, -50 removed lines

@@ -32,58 +32,58 @@
 use OCP\IUserSession;
 
 class Setup {
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var KeyManager
-	 */
-	private $keyManager;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var bool|string
-	 */
-	private $user;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var KeyManager
+     */
+    private $keyManager;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var bool|string
+     */
+    private $user;
 
 
-	/**
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param Crypt $crypt
-	 * @param KeyManager $keyManager
-	 */
-	public function __construct(ILogger $logger,
-								IUserSession $userSession,
-								Crypt $crypt,
-								KeyManager $keyManager) {
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
-		$this->crypt = $crypt;
-		$this->keyManager = $keyManager;
- 	}
+    /**
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param Crypt $crypt
+     * @param KeyManager $keyManager
+     */
+    public function __construct(ILogger $logger,
+                                IUserSession $userSession,
+                                Crypt $crypt,
+                                KeyManager $keyManager) {
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+        $this->crypt = $crypt;
+        $this->keyManager = $keyManager;
+        }
 
-	/**
-	 * @param string $uid user id
-	 * @param string $password user password
-	 * @return bool
-	 */
-	public function setupUser($uid, $password) {
-		if (!$this->keyManager->userHasKeys($uid)) {
-			return $this->keyManager->storeKeyPair($uid, $password,
-				$this->crypt->createKeyPair());
-		}
-		return true;
-	}
+    /**
+     * @param string $uid user id
+     * @param string $password user password
+     * @return bool
+     */
+    public function setupUser($uid, $password) {
+        if (!$this->keyManager->userHasKeys($uid)) {
+            return $this->keyManager->storeKeyPair($uid, $password,
+                $this->crypt->createKeyPair());
+        }
+        return true;
+    }
 
-	/**
-	 * make sure that all system keys exists
-	 */
-	public function setupSystem() {
-		$this->keyManager->validateShareKey();
-		$this->keyManager->validateMasterKey();
-	}
+    /**
+     * make sure that all system keys exists
+     */
+    public function setupSystem() {
+        $this->keyManager->validateShareKey();
+        $this->keyManager->validateMasterKey();
+    }
 }

apps/encryption/lib/Controller/SettingsController.php

Indentation +124 added lines, -124 removed lines

@@ -38,129 +38,129 @@
 
 class SettingsController extends Controller {
 
-	/** @var IL10N */
-	private $l;
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var KeyManager */
-	private $keyManager;
-
-	/** @var Crypt */
-	private $crypt;
-
-	/** @var Session */
-	private $session;
-
-	/** @var ISession  */
-	private $ocSession;
-
-	/** @var  Util */
-	private $util;
-
-	/**
-	 * @param string $AppName
-	 * @param IRequest $request
-	 * @param IL10N $l10n
-	 * @param IUserManager $userManager
-	 * @param IUserSession $userSession
-	 * @param KeyManager $keyManager
-	 * @param Crypt $crypt
-	 * @param Session $session
-	 * @param ISession $ocSession
-	 * @param Util $util
-	 */
-	public function __construct($AppName,
-								IRequest $request,
-								IL10N $l10n,
-								IUserManager $userManager,
-								IUserSession $userSession,
-								KeyManager $keyManager,
-								Crypt $crypt,
-								Session $session,
-								ISession $ocSession,
-								Util $util
+    /** @var IL10N */
+    private $l;
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var KeyManager */
+    private $keyManager;
+
+    /** @var Crypt */
+    private $crypt;
+
+    /** @var Session */
+    private $session;
+
+    /** @var ISession  */
+    private $ocSession;
+
+    /** @var  Util */
+    private $util;
+
+    /**
+     * @param string $AppName
+     * @param IRequest $request
+     * @param IL10N $l10n
+     * @param IUserManager $userManager
+     * @param IUserSession $userSession
+     * @param KeyManager $keyManager
+     * @param Crypt $crypt
+     * @param Session $session
+     * @param ISession $ocSession
+     * @param Util $util
+     */
+    public function __construct($AppName,
+                                IRequest $request,
+                                IL10N $l10n,
+                                IUserManager $userManager,
+                                IUserSession $userSession,
+                                KeyManager $keyManager,
+                                Crypt $crypt,
+                                Session $session,
+                                ISession $ocSession,
+                                Util $util
 ) {
-		parent::__construct($AppName, $request);
-		$this->l = $l10n;
-		$this->userSession = $userSession;
-		$this->userManager = $userManager;
-		$this->keyManager = $keyManager;
-		$this->crypt = $crypt;
-		$this->session = $session;
-		$this->ocSession = $ocSession;
-		$this->util = $util;
-	}
-
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $oldPassword
-	 * @param string $newPassword
-	 * @return DataResponse
-	 */
-	public function updatePrivateKeyPassword($oldPassword, $newPassword) {
-		$result = false;
-		$uid = $this->userSession->getUser()->getUID();
-		$errorMessage = $this->l->t('Could not update the private key password.');
-
-		//check if password is correct
-		$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
-		if ($passwordCorrect === false) {
-			// if check with uid fails we need to check the password with the login name
-			// e.g. in the ldap case. For local user we need to check the password with
-			// the uid because in this case the login name is case insensitive
-			$loginName = $this->ocSession->get('loginname');
-			$passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword);
-		}
-
-		if ($passwordCorrect !== false) {
-			$encryptedKey = $this->keyManager->getPrivateKey($uid);
-			$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);
-
-			if ($decryptedKey) {
-				$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
-				$header = $this->crypt->generateHeader();
-				if ($encryptedKey) {
-					$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
-					$this->session->setPrivateKey($decryptedKey);
-					$result = true;
-				}
-			} else {
-				$errorMessage = $this->l->t('The old password was not correct, please try again.');
-			}
-		} else {
-			$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
-		}
-
-		if ($result === true) {
-			$this->session->setStatus(Session::INIT_SUCCESSFUL);
-			return new DataResponse(
-				['message' => (string) $this->l->t('Private key password successfully updated.')]
-			);
-		} else {
-			return new DataResponse(
-				['message' => (string) $errorMessage],
-				Http::STATUS_BAD_REQUEST
-			);
-		}
-
-	}
-
-	/**
-	 * @UseSession
-	 *
-	 * @param bool $encryptHomeStorage
-	 * @return DataResponse
-	 */
-	public function setEncryptHomeStorage($encryptHomeStorage) {
-		$this->util->setEncryptHomeStorage($encryptHomeStorage);
-		return new DataResponse();
-	}
+        parent::__construct($AppName, $request);
+        $this->l = $l10n;
+        $this->userSession = $userSession;
+        $this->userManager = $userManager;
+        $this->keyManager = $keyManager;
+        $this->crypt = $crypt;
+        $this->session = $session;
+        $this->ocSession = $ocSession;
+        $this->util = $util;
+    }
+
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $oldPassword
+     * @param string $newPassword
+     * @return DataResponse
+     */
+    public function updatePrivateKeyPassword($oldPassword, $newPassword) {
+        $result = false;
+        $uid = $this->userSession->getUser()->getUID();
+        $errorMessage = $this->l->t('Could not update the private key password.');
+
+        //check if password is correct
+        $passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
+        if ($passwordCorrect === false) {
+            // if check with uid fails we need to check the password with the login name
+            // e.g. in the ldap case. For local user we need to check the password with
+            // the uid because in this case the login name is case insensitive
+            $loginName = $this->ocSession->get('loginname');
+            $passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword);
+        }
+
+        if ($passwordCorrect !== false) {
+            $encryptedKey = $this->keyManager->getPrivateKey($uid);
+            $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);
+
+            if ($decryptedKey) {
+                $encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
+                $header = $this->crypt->generateHeader();
+                if ($encryptedKey) {
+                    $this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
+                    $this->session->setPrivateKey($decryptedKey);
+                    $result = true;
+                }
+            } else {
+                $errorMessage = $this->l->t('The old password was not correct, please try again.');
+            }
+        } else {
+            $errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
+        }
+
+        if ($result === true) {
+            $this->session->setStatus(Session::INIT_SUCCESSFUL);
+            return new DataResponse(
+                ['message' => (string) $this->l->t('Private key password successfully updated.')]
+            );
+        } else {
+            return new DataResponse(
+                ['message' => (string) $errorMessage],
+                Http::STATUS_BAD_REQUEST
+            );
+        }
+
+    }
+
+    /**
+     * @UseSession
+     *
+     * @param bool $encryptHomeStorage
+     * @return DataResponse
+     */
+    public function setEncryptHomeStorage($encryptHomeStorage) {
+        $this->util->setEncryptHomeStorage($encryptHomeStorage);
+        return new DataResponse();
+    }
 }

apps/encryption/lib/Controller/RecoveryController.php

Indentation +155 added lines, -155 removed lines

@@ -34,160 +34,160 @@
 use OCP\AppFramework\Http\DataResponse;
 
 class RecoveryController extends Controller {
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IL10N
-	 */
-	private $l;
-	/**
-	 * @var Recovery
-	 */
-	private $recovery;
-
-	/**
-	 * @param string $AppName
-	 * @param IRequest $request
-	 * @param IConfig $config
-	 * @param IL10N $l10n
-	 * @param Recovery $recovery
-	 */
-	public function __construct($AppName,
-								IRequest $request,
-								IConfig $config,
-								IL10N $l10n,
-								Recovery $recovery) {
-		parent::__construct($AppName, $request);
-		$this->config = $config;
-		$this->l = $l10n;
-		$this->recovery = $recovery;
-	}
-
-	/**
-	 * @param string $recoveryPassword
-	 * @param string $confirmPassword
-	 * @param string $adminEnableRecovery
-	 * @return DataResponse
-	 */
-	public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) {
-		// Check if both passwords are the same
-		if (empty($recoveryPassword)) {
-			$errorMessage = (string)$this->l->t('Missing recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($recoveryPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') {
-			if ($this->recovery->enableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]);
-			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
-		} elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') {
-			if ($this->recovery->disableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]);
-			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
-		}
-		// this response should never be sent but just in case.
-		return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
-	}
-
-	/**
-	 * @param string $newPassword
-	 * @param string $oldPassword
-	 * @param string $confirmPassword
-	 * @return DataResponse
-	 */
-	public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) {
-		//check if both passwords are the same
-		if (empty($oldPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide the old recovery password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($newPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide a new recovery password');
-			return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the new recovery password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($newPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		$result = $this->recovery->changeRecoveryKeyPassword($newPassword,
-			$oldPassword);
-
-		if ($result) {
-			return new DataResponse(
-				[
-					'data' => [
-						'message' => (string)$this->l->t('Password successfully changed.')]
-				]
-			);
-		}
-		return new DataResponse(
-			[
-				'data' => [
-					'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.')
-				]
-			], Http::STATUS_BAD_REQUEST);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 *
-	 * @param string $userEnableRecovery
-	 * @return DataResponse
-	 */
-	public function userSetRecovery($userEnableRecovery) {
-		if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
-
-			$result = $this->recovery->setRecoveryForUser($userEnableRecovery);
-
-			if ($result) {
-				if ($userEnableRecovery === '0') {
-					return new DataResponse(
-						[
-							'data' => [
-								'message' => (string)$this->l->t('Recovery Key disabled')]
-						]
-					);
-				}
-				return new DataResponse(
-					[
-						'data' => [
-							'message' => (string)$this->l->t('Recovery Key enabled')]
-					]
-				);
-			}
-
-		}
-		return new DataResponse(
-			[
-				'data' => [
-					'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator')
-				]
-			], Http::STATUS_BAD_REQUEST);
-	}
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IL10N
+     */
+    private $l;
+    /**
+     * @var Recovery
+     */
+    private $recovery;
+
+    /**
+     * @param string $AppName
+     * @param IRequest $request
+     * @param IConfig $config
+     * @param IL10N $l10n
+     * @param Recovery $recovery
+     */
+    public function __construct($AppName,
+                                IRequest $request,
+                                IConfig $config,
+                                IL10N $l10n,
+                                Recovery $recovery) {
+        parent::__construct($AppName, $request);
+        $this->config = $config;
+        $this->l = $l10n;
+        $this->recovery = $recovery;
+    }
+
+    /**
+     * @param string $recoveryPassword
+     * @param string $confirmPassword
+     * @param string $adminEnableRecovery
+     * @return DataResponse
+     */
+    public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) {
+        // Check if both passwords are the same
+        if (empty($recoveryPassword)) {
+            $errorMessage = (string)$this->l->t('Missing recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($confirmPassword)) {
+            $errorMessage = (string)$this->l->t('Please repeat the recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($recoveryPassword !== $confirmPassword) {
+            $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') {
+            if ($this->recovery->enableAdminRecovery($recoveryPassword)) {
+                return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]);
+            }
+            return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+        } elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') {
+            if ($this->recovery->disableAdminRecovery($recoveryPassword)) {
+                return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]);
+            }
+            return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+        }
+        // this response should never be sent but just in case.
+        return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
+    }
+
+    /**
+     * @param string $newPassword
+     * @param string $oldPassword
+     * @param string $confirmPassword
+     * @return DataResponse
+     */
+    public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) {
+        //check if both passwords are the same
+        if (empty($oldPassword)) {
+            $errorMessage = (string)$this->l->t('Please provide the old recovery password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($newPassword)) {
+            $errorMessage = (string)$this->l->t('Please provide a new recovery password');
+            return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($confirmPassword)) {
+            $errorMessage = (string)$this->l->t('Please repeat the new recovery password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($newPassword !== $confirmPassword) {
+            $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        $result = $this->recovery->changeRecoveryKeyPassword($newPassword,
+            $oldPassword);
+
+        if ($result) {
+            return new DataResponse(
+                [
+                    'data' => [
+                        'message' => (string)$this->l->t('Password successfully changed.')]
+                ]
+            );
+        }
+        return new DataResponse(
+            [
+                'data' => [
+                    'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.')
+                ]
+            ], Http::STATUS_BAD_REQUEST);
+    }
+
+    /**
+     * @NoAdminRequired
+     *
+     * @param string $userEnableRecovery
+     * @return DataResponse
+     */
+    public function userSetRecovery($userEnableRecovery) {
+        if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
+
+            $result = $this->recovery->setRecoveryForUser($userEnableRecovery);
+
+            if ($result) {
+                if ($userEnableRecovery === '0') {
+                    return new DataResponse(
+                        [
+                            'data' => [
+                                'message' => (string)$this->l->t('Recovery Key disabled')]
+                        ]
+                    );
+                }
+                return new DataResponse(
+                    [
+                        'data' => [
+                            'message' => (string)$this->l->t('Recovery Key enabled')]
+                    ]
+                );
+            }
+
+        }
+        return new DataResponse(
+            [
+                'data' => [
+                    'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator')
+                ]
+            ], Http::STATUS_BAD_REQUEST);
+    }
 
 }

apps/encryption/lib/KeyManager.php

Indentation +661 added lines, -661 removed lines

@@ -38,665 +38,665 @@
 
 class KeyManager {
 
-	/**
-	 * @var Session
-	 */
-	protected $session;
-	/**
-	 * @var IStorage
-	 */
-	private $keyStorage;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var string
-	 */
-	private $recoveryKeyId;
-	/**
-	 * @var string
-	 */
-	private $publicShareKeyId;
-	/**
-	 * @var string
-	 */
-	private $masterKeyId;
-	/**
-	 * @var string UserID
-	 */
-	private $keyId;
-	/**
-	 * @var string
-	 */
-	private $publicKeyId = 'publicKey';
-	/**
-	 * @var string
-	 */
-	private $privateKeyId = 'privateKey';
-
-	/**
-	 * @var string
-	 */
-	private $shareKeyId = 'shareKey';
-
-	/**
-	 * @var string
-	 */
-	private $fileKeyId = 'fileKey';
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var ILogger
-	 */
-	private $log;
-	/**
-	 * @var Util
-	 */
-	private $util;
-
-	/**
-	 * @param IStorage $keyStorage
-	 * @param Crypt $crypt
-	 * @param IConfig $config
-	 * @param IUserSession $userSession
-	 * @param Session $session
-	 * @param ILogger $log
-	 * @param Util $util
-	 */
-	public function __construct(
-		IStorage $keyStorage,
-		Crypt $crypt,
-		IConfig $config,
-		IUserSession $userSession,
-		Session $session,
-		ILogger $log,
-		Util $util
-	) {
-
-		$this->util = $util;
-		$this->session = $session;
-		$this->keyStorage = $keyStorage;
-		$this->crypt = $crypt;
-		$this->config = $config;
-		$this->log = $log;
-
-		$this->recoveryKeyId = $this->config->getAppValue('encryption',
-			'recoveryKeyId');
-		if (empty($this->recoveryKeyId)) {
-			$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption',
-				'recoveryKeyId',
-				$this->recoveryKeyId);
-		}
-
-		$this->publicShareKeyId = $this->config->getAppValue('encryption',
-			'publicShareKeyId');
-		if (empty($this->publicShareKeyId)) {
-			$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
-		}
-
-		$this->masterKeyId = $this->config->getAppValue('encryption',
-			'masterKeyId');
-		if (empty($this->masterKeyId)) {
-			$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
-		}
-
-		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
-		$this->log = $log;
-	}
-
-	/**
-	 * check if key pair for public link shares exists, if not we create one
-	 */
-	public function validateShareKey() {
-		$shareKey = $this->getPublicShareKey();
-		if (empty($shareKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key empty passphrase
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
-		}
-	}
-
-	/**
-	 * check if a key pair for the master key exists, if not we create one
-	 */
-	public function validateMasterKey() {
-
-		if ($this->util->isMasterKeyEnabled() === false) {
-			return;
-		}
-
-		$masterKey = $this->getPublicMasterKey();
-		if (empty($masterKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->masterKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key with system password
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
-		}
-	}
-
-	/**
-	 * @return bool
-	 */
-	public function recoveryKeyExists() {
-		$key = $this->getRecoveryKey();
-		return (!empty($key));
-	}
-
-	/**
-	 * get recovery key
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKey() {
-		return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * get recovery key ID
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKeyId() {
-		return $this->recoveryKeyId;
-	}
-
-	/**
-	 * @param string $password
-	 * @return bool
-	 */
-	public function checkRecoveryPassword($password) {
-		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
-		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-
-		if ($decryptedRecoveryKey) {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $uid
-	 * @param string $password
-	 * @param string $keyPair
-	 * @return bool
-	 */
-	public function storeKeyPair($uid, $password, $keyPair) {
-		// Save Public Key
-		$this->setPublicKey($uid, $keyPair['publicKey']);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
-
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setPrivateKey($uid, $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $password
-	 * @param array $keyPair
-	 * @return bool
-	 */
-	public function setRecoveryKey($password, $keyPair) {
-		// Save Public Key
-		$this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
-			'.publicKey',
-			$keyPair['publicKey'],
-			Encryption::ID);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @param $key
-	 * @return bool
-	 */
-	public function setPublicKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * @param $userId
-	 * @param string $key
-	 * @return bool
-	 */
-	public function setPrivateKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId,
-			$this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * write file key to key storage
-	 *
-	 * @param string $path
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setFileKey($path, $key) {
-		return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * set all file keys (the file key and the corresponding share keys)
-	 *
-	 * @param string $path
-	 * @param array $keys
-	 */
-	public function setAllFileKeys($path, $keys) {
-		$this->setFileKey($path, $keys['data']);
-		foreach ($keys['keys'] as $uid => $keyFile) {
-			$this->setShareKey($path, $uid, $keyFile);
-		}
-	}
-
-	/**
-	 * write share key to the key storage
-	 *
-	 * @param string $path
-	 * @param string $uid
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setShareKey($path, $uid, $key) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * Decrypt private key and store it
-	 *
-	 * @param string $uid user id
-	 * @param string $passPhrase users password
-	 * @return boolean
-	 */
-	public function init($uid, $passPhrase) {
-
-		$this->session->setStatus(Session::INIT_EXECUTED);
-
-		try {
-			if($this->util->isMasterKeyEnabled()) {
-				$uid = $this->getMasterKeyId();
-				$passPhrase = $this->getMasterKeyPassword();
-				$privateKey = $this->getSystemPrivateKey($uid);
-			} else {
-				$privateKey = $this->getPrivateKey($uid);
-			}
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
-		} catch (PrivateKeyMissingException $e) {
-			return false;
-		} catch (DecryptionFailedException $e) {
-			return false;
-		} catch (\Exception $e) {
-			$this->log->warning(
-				'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
-				'Assume password change on the user back-end. Error message: '
-				. $e->getMessage()
-			);
-			return false;
-		}
-
-		if ($privateKey) {
-			$this->session->setPrivateKey($privateKey);
-			$this->session->setStatus(Session::INIT_SUCCESSFUL);
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @return string
-	 * @throws PrivateKeyMissingException
-	 */
-	public function getPrivateKey($userId) {
-		$privateKey = $this->keyStorage->getUserKey($userId,
-			$this->privateKeyId, Encryption::ID);
-
-		if (strlen($privateKey) !== 0) {
-			return $privateKey;
-		}
-		throw new PrivateKeyMissingException($userId);
-	}
-
-	/**
-	 * @param string $path
-	 * @param $uid
-	 * @return string
-	 */
-	public function getFileKey($path, $uid) {
-		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
-
-		if (empty($encryptedFileKey)) {
-			return '';
-		}
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$uid = $this->getMasterKeyId();
-		}
-
-		if (is_null($uid)) {
-			$uid = $this->getPublicShareKeyId();
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey);
-		} else {
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->session->getPrivateKey();
-		}
-
-		if ($encryptedFileKey && $shareKey && $privateKey) {
-			return $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$privateKey);
-		}
-
-		return '';
-	}
-
-	/**
-	 * Get the current version of a file
-	 *
-	 * @param string $path
-	 * @param View $view
-	 * @return int
-	 */
-	public function getVersion($path, View $view) {
-		$fileInfo = $view->getFileInfo($path);
-		if($fileInfo === false) {
-			return 0;
-		}
-		return $fileInfo->getEncryptedVersion();
-	}
-
-	/**
-	 * Set the current version of a file
-	 *
-	 * @param string $path
-	 * @param int $version
-	 * @param View $view
-	 */
-	public function setVersion($path, $version, View $view) {
-		$fileInfo= $view->getFileInfo($path);
-
-		if($fileInfo !== false) {
-			$cache = $fileInfo->getStorage()->getCache();
-			$cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
-		}
-	}
-
-	/**
-	 * get the encrypted file key
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function getEncryptedFileKey($path) {
-		$encryptedFileKey = $this->keyStorage->getFileKey($path,
-			$this->fileKeyId, Encryption::ID);
-
-		return $encryptedFileKey;
-	}
-
-	/**
-	 * delete share key
-	 *
-	 * @param string $path
-	 * @param string $keyId
-	 * @return boolean
-	 */
-	public function deleteShareKey($path, $keyId) {
-		return $this->keyStorage->deleteFileKey(
-			$path,
-			$keyId . '.' . $this->shareKeyId,
-			Encryption::ID);
-	}
-
-
-	/**
-	 * @param $path
-	 * @param $uid
-	 * @return mixed
-	 */
-	public function getShareKey($path, $uid) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
-	}
-
-	/**
-	 * check if user has a private and a public key
-	 *
-	 * @param string $userId
-	 * @return bool
-	 * @throws PrivateKeyMissingException
-	 * @throws PublicKeyMissingException
-	 */
-	public function userHasKeys($userId) {
-		$privateKey = $publicKey = true;
-		$exception = null;
-
-		try {
-			$this->getPrivateKey($userId);
-		} catch (PrivateKeyMissingException $e) {
-			$privateKey = false;
-			$exception = $e;
-		}
-		try {
-			$this->getPublicKey($userId);
-		} catch (PublicKeyMissingException $e) {
-			$publicKey = false;
-			$exception = $e;
-		}
-
-		if ($privateKey && $publicKey) {
-			return true;
-		} elseif (!$privateKey && !$publicKey) {
-			return false;
-		} else {
-			throw $exception;
-		}
-	}
-
-	/**
-	 * @param $userId
-	 * @return mixed
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKey($userId) {
-		$publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
-
-		if (strlen($publicKey) !== 0) {
-			return $publicKey;
-		}
-		throw new PublicKeyMissingException($userId);
-	}
-
-	public function getPublicShareKeyId() {
-		return $this->publicShareKeyId;
-	}
-
-	/**
-	 * get public key for public link shares
-	 *
-	 * @return string
-	 */
-	public function getPublicShareKey() {
-		return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * @param string $purpose
-	 * @param string $uid
-	 */
-	public function backupUserKeys($purpose, $uid) {
-		$this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
-	}
-
-	/**
-	 * creat a backup of the users private and public key and then  delete it
-	 *
-	 * @param string $uid
-	 */
-	public function deleteUserKeys($uid) {
-		$this->deletePublicKey($uid);
-		$this->deletePrivateKey($uid);
-	}
-
-	/**
-	 * @param $uid
-	 * @return bool
-	 */
-	public function deletePublicKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	private function deletePrivateKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $path
-	 * @return bool
-	 */
-	public function deleteAllFileKeys($path) {
-		return $this->keyStorage->deleteAllFileKeys($path);
-	}
-
-	/**
-	 * @param array $userIds
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKeys(array $userIds) {
-		$keys = [];
-
-		foreach ($userIds as $userId) {
-			try {
-				$keys[$userId] = $this->getPublicKey($userId);
-			} catch (PublicKeyMissingException $e) {
-				continue;
-			}
-		}
-
-		return $keys;
-
-	}
-
-	/**
-	 * @param string $keyId
-	 * @return string returns openssl key
-	 */
-	public function getSystemPrivateKey($keyId) {
-		return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $keyId
-	 * @param string $key
-	 * @return string returns openssl key
-	 */
-	public function setSystemPrivateKey($keyId, $key) {
-		return $this->keyStorage->setSystemUserKey(
-			$keyId . '.' . $this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * add system keys such as the public share key and the recovery key
-	 *
-	 * @param array $accessList
-	 * @param array $publicKeys
-	 * @param string $uid
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
-		if (!empty($accessList['public'])) {
-			$publicShareKey = $this->getPublicShareKey();
-			if (empty($publicShareKey)) {
-				throw new PublicKeyMissingException($this->getPublicShareKeyId());
-			}
-			$publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
-		}
-
-		if ($this->recoveryKeyExists() &&
-			$this->util->isRecoveryEnabledForUser($uid)) {
-
-			$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
-		}
-
-		return $publicKeys;
-	}
-
-	/**
-	 * get master key password
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function getMasterKeyPassword() {
-		$password = $this->config->getSystemValue('secret');
-		if (empty($password)){
-			throw new \Exception('Can not get secret from ownCloud instance');
-		}
-
-		return $password;
-	}
-
-	/**
-	 * return master key id
-	 *
-	 * @return string
-	 */
-	public function getMasterKeyId() {
-		return $this->masterKeyId;
-	}
-
-	/**
-	 * get public master key
-	 *
-	 * @return string
-	 */
-	public function getPublicMasterKey() {
-		return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
-	}
+    /**
+     * @var Session
+     */
+    protected $session;
+    /**
+     * @var IStorage
+     */
+    private $keyStorage;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var string
+     */
+    private $recoveryKeyId;
+    /**
+     * @var string
+     */
+    private $publicShareKeyId;
+    /**
+     * @var string
+     */
+    private $masterKeyId;
+    /**
+     * @var string UserID
+     */
+    private $keyId;
+    /**
+     * @var string
+     */
+    private $publicKeyId = 'publicKey';
+    /**
+     * @var string
+     */
+    private $privateKeyId = 'privateKey';
+
+    /**
+     * @var string
+     */
+    private $shareKeyId = 'shareKey';
+
+    /**
+     * @var string
+     */
+    private $fileKeyId = 'fileKey';
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var ILogger
+     */
+    private $log;
+    /**
+     * @var Util
+     */
+    private $util;
+
+    /**
+     * @param IStorage $keyStorage
+     * @param Crypt $crypt
+     * @param IConfig $config
+     * @param IUserSession $userSession
+     * @param Session $session
+     * @param ILogger $log
+     * @param Util $util
+     */
+    public function __construct(
+        IStorage $keyStorage,
+        Crypt $crypt,
+        IConfig $config,
+        IUserSession $userSession,
+        Session $session,
+        ILogger $log,
+        Util $util
+    ) {
+
+        $this->util = $util;
+        $this->session = $session;
+        $this->keyStorage = $keyStorage;
+        $this->crypt = $crypt;
+        $this->config = $config;
+        $this->log = $log;
+
+        $this->recoveryKeyId = $this->config->getAppValue('encryption',
+            'recoveryKeyId');
+        if (empty($this->recoveryKeyId)) {
+            $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption',
+                'recoveryKeyId',
+                $this->recoveryKeyId);
+        }
+
+        $this->publicShareKeyId = $this->config->getAppValue('encryption',
+            'publicShareKeyId');
+        if (empty($this->publicShareKeyId)) {
+            $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
+        }
+
+        $this->masterKeyId = $this->config->getAppValue('encryption',
+            'masterKeyId');
+        if (empty($this->masterKeyId)) {
+            $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
+        }
+
+        $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+        $this->log = $log;
+    }
+
+    /**
+     * check if key pair for public link shares exists, if not we create one
+     */
+    public function validateShareKey() {
+        $shareKey = $this->getPublicShareKey();
+        if (empty($shareKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key empty passphrase
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
+        }
+    }
+
+    /**
+     * check if a key pair for the master key exists, if not we create one
+     */
+    public function validateMasterKey() {
+
+        if ($this->util->isMasterKeyEnabled() === false) {
+            return;
+        }
+
+        $masterKey = $this->getPublicMasterKey();
+        if (empty($masterKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->masterKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key with system password
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
+        }
+    }
+
+    /**
+     * @return bool
+     */
+    public function recoveryKeyExists() {
+        $key = $this->getRecoveryKey();
+        return (!empty($key));
+    }
+
+    /**
+     * get recovery key
+     *
+     * @return string
+     */
+    public function getRecoveryKey() {
+        return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * get recovery key ID
+     *
+     * @return string
+     */
+    public function getRecoveryKeyId() {
+        return $this->recoveryKeyId;
+    }
+
+    /**
+     * @param string $password
+     * @return bool
+     */
+    public function checkRecoveryPassword($password) {
+        $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
+        $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+
+        if ($decryptedRecoveryKey) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $uid
+     * @param string $password
+     * @param string $keyPair
+     * @return bool
+     */
+    public function storeKeyPair($uid, $password, $keyPair) {
+        // Save Public Key
+        $this->setPublicKey($uid, $keyPair['publicKey']);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
+
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setPrivateKey($uid, $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $password
+     * @param array $keyPair
+     * @return bool
+     */
+    public function setRecoveryKey($password, $keyPair) {
+        // Save Public Key
+        $this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
+            '.publicKey',
+            $keyPair['publicKey'],
+            Encryption::ID);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @param $key
+     * @return bool
+     */
+    public function setPublicKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * @param $userId
+     * @param string $key
+     * @return bool
+     */
+    public function setPrivateKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId,
+            $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * write file key to key storage
+     *
+     * @param string $path
+     * @param string $key
+     * @return boolean
+     */
+    public function setFileKey($path, $key) {
+        return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * set all file keys (the file key and the corresponding share keys)
+     *
+     * @param string $path
+     * @param array $keys
+     */
+    public function setAllFileKeys($path, $keys) {
+        $this->setFileKey($path, $keys['data']);
+        foreach ($keys['keys'] as $uid => $keyFile) {
+            $this->setShareKey($path, $uid, $keyFile);
+        }
+    }
+
+    /**
+     * write share key to the key storage
+     *
+     * @param string $path
+     * @param string $uid
+     * @param string $key
+     * @return boolean
+     */
+    public function setShareKey($path, $uid, $key) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
+    }
+
+    /**
+     * Decrypt private key and store it
+     *
+     * @param string $uid user id
+     * @param string $passPhrase users password
+     * @return boolean
+     */
+    public function init($uid, $passPhrase) {
+
+        $this->session->setStatus(Session::INIT_EXECUTED);
+
+        try {
+            if($this->util->isMasterKeyEnabled()) {
+                $uid = $this->getMasterKeyId();
+                $passPhrase = $this->getMasterKeyPassword();
+                $privateKey = $this->getSystemPrivateKey($uid);
+            } else {
+                $privateKey = $this->getPrivateKey($uid);
+            }
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
+        } catch (PrivateKeyMissingException $e) {
+            return false;
+        } catch (DecryptionFailedException $e) {
+            return false;
+        } catch (\Exception $e) {
+            $this->log->warning(
+                'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
+                'Assume password change on the user back-end. Error message: '
+                . $e->getMessage()
+            );
+            return false;
+        }
+
+        if ($privateKey) {
+            $this->session->setPrivateKey($privateKey);
+            $this->session->setStatus(Session::INIT_SUCCESSFUL);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @return string
+     * @throws PrivateKeyMissingException
+     */
+    public function getPrivateKey($userId) {
+        $privateKey = $this->keyStorage->getUserKey($userId,
+            $this->privateKeyId, Encryption::ID);
+
+        if (strlen($privateKey) !== 0) {
+            return $privateKey;
+        }
+        throw new PrivateKeyMissingException($userId);
+    }
+
+    /**
+     * @param string $path
+     * @param $uid
+     * @return string
+     */
+    public function getFileKey($path, $uid) {
+        $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
+
+        if (empty($encryptedFileKey)) {
+            return '';
+        }
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $uid = $this->getMasterKeyId();
+        }
+
+        if (is_null($uid)) {
+            $uid = $this->getPublicShareKeyId();
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey);
+        } else {
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->session->getPrivateKey();
+        }
+
+        if ($encryptedFileKey && $shareKey && $privateKey) {
+            return $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $privateKey);
+        }
+
+        return '';
+    }
+
+    /**
+     * Get the current version of a file
+     *
+     * @param string $path
+     * @param View $view
+     * @return int
+     */
+    public function getVersion($path, View $view) {
+        $fileInfo = $view->getFileInfo($path);
+        if($fileInfo === false) {
+            return 0;
+        }
+        return $fileInfo->getEncryptedVersion();
+    }
+
+    /**
+     * Set the current version of a file
+     *
+     * @param string $path
+     * @param int $version
+     * @param View $view
+     */
+    public function setVersion($path, $version, View $view) {
+        $fileInfo= $view->getFileInfo($path);
+
+        if($fileInfo !== false) {
+            $cache = $fileInfo->getStorage()->getCache();
+            $cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
+        }
+    }
+
+    /**
+     * get the encrypted file key
+     *
+     * @param string $path
+     * @return string
+     */
+    public function getEncryptedFileKey($path) {
+        $encryptedFileKey = $this->keyStorage->getFileKey($path,
+            $this->fileKeyId, Encryption::ID);
+
+        return $encryptedFileKey;
+    }
+
+    /**
+     * delete share key
+     *
+     * @param string $path
+     * @param string $keyId
+     * @return boolean
+     */
+    public function deleteShareKey($path, $keyId) {
+        return $this->keyStorage->deleteFileKey(
+            $path,
+            $keyId . '.' . $this->shareKeyId,
+            Encryption::ID);
+    }
+
+
+    /**
+     * @param $path
+     * @param $uid
+     * @return mixed
+     */
+    public function getShareKey($path, $uid) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
+    }
+
+    /**
+     * check if user has a private and a public key
+     *
+     * @param string $userId
+     * @return bool
+     * @throws PrivateKeyMissingException
+     * @throws PublicKeyMissingException
+     */
+    public function userHasKeys($userId) {
+        $privateKey = $publicKey = true;
+        $exception = null;
+
+        try {
+            $this->getPrivateKey($userId);
+        } catch (PrivateKeyMissingException $e) {
+            $privateKey = false;
+            $exception = $e;
+        }
+        try {
+            $this->getPublicKey($userId);
+        } catch (PublicKeyMissingException $e) {
+            $publicKey = false;
+            $exception = $e;
+        }
+
+        if ($privateKey && $publicKey) {
+            return true;
+        } elseif (!$privateKey && !$publicKey) {
+            return false;
+        } else {
+            throw $exception;
+        }
+    }
+
+    /**
+     * @param $userId
+     * @return mixed
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKey($userId) {
+        $publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
+
+        if (strlen($publicKey) !== 0) {
+            return $publicKey;
+        }
+        throw new PublicKeyMissingException($userId);
+    }
+
+    public function getPublicShareKeyId() {
+        return $this->publicShareKeyId;
+    }
+
+    /**
+     * get public key for public link shares
+     *
+     * @return string
+     */
+    public function getPublicShareKey() {
+        return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * @param string $purpose
+     * @param string $uid
+     */
+    public function backupUserKeys($purpose, $uid) {
+        $this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
+    }
+
+    /**
+     * creat a backup of the users private and public key and then  delete it
+     *
+     * @param string $uid
+     */
+    public function deleteUserKeys($uid) {
+        $this->deletePublicKey($uid);
+        $this->deletePrivateKey($uid);
+    }
+
+    /**
+     * @param $uid
+     * @return bool
+     */
+    public function deletePublicKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    private function deletePrivateKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $path
+     * @return bool
+     */
+    public function deleteAllFileKeys($path) {
+        return $this->keyStorage->deleteAllFileKeys($path);
+    }
+
+    /**
+     * @param array $userIds
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKeys(array $userIds) {
+        $keys = [];
+
+        foreach ($userIds as $userId) {
+            try {
+                $keys[$userId] = $this->getPublicKey($userId);
+            } catch (PublicKeyMissingException $e) {
+                continue;
+            }
+        }
+
+        return $keys;
+
+    }
+
+    /**
+     * @param string $keyId
+     * @return string returns openssl key
+     */
+    public function getSystemPrivateKey($keyId) {
+        return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $keyId
+     * @param string $key
+     * @return string returns openssl key
+     */
+    public function setSystemPrivateKey($keyId, $key) {
+        return $this->keyStorage->setSystemUserKey(
+            $keyId . '.' . $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * add system keys such as the public share key and the recovery key
+     *
+     * @param array $accessList
+     * @param array $publicKeys
+     * @param string $uid
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
+        if (!empty($accessList['public'])) {
+            $publicShareKey = $this->getPublicShareKey();
+            if (empty($publicShareKey)) {
+                throw new PublicKeyMissingException($this->getPublicShareKeyId());
+            }
+            $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
+        }
+
+        if ($this->recoveryKeyExists() &&
+            $this->util->isRecoveryEnabledForUser($uid)) {
+
+            $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
+        }
+
+        return $publicKeys;
+    }
+
+    /**
+     * get master key password
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function getMasterKeyPassword() {
+        $password = $this->config->getSystemValue('secret');
+        if (empty($password)){
+            throw new \Exception('Can not get secret from ownCloud instance');
+        }
+
+        return $password;
+    }
+
+    /**
+     * return master key id
+     *
+     * @return string
+     */
+    public function getMasterKeyId() {
+        return $this->masterKeyId;
+    }
+
+    /**
+     * get public master key
+     *
+     * @return string
+     */
+    public function getPublicMasterKey() {
+        return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
+    }
 }