nextcloud / server

apps/encryption/lib/Crypto/EncryptAll.php

Indentation +426 added lines, -426 removed lines

@@ -45,431 +45,431 @@
 
 class EncryptAll {
 
-	/** @var Setup */
-	protected $userSetup;
-
-	/** @var IUserManager */
-	protected $userManager;
-
-	/** @var View */
-	protected $rootView;
-
-	/** @var KeyManager */
-	protected $keyManager;
-
-	/** @var Util */
-	protected $util;
-
-	/** @var array  */
-	protected $userPasswords;
-
-	/** @var  IConfig */
-	protected $config;
-
-	/** @var IMailer */
-	protected $mailer;
-
-	/** @var  IL10N */
-	protected $l;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/** @var  OutputInterface */
-	protected $output;
-
-	/** @var  InputInterface */
-	protected $input;
-
-	/** @var ISecureRandom */
-	protected $secureRandom;
-
-	/**
-	 * @param Setup $userSetup
-	 * @param IUserManager $userManager
-	 * @param View $rootView
-	 * @param KeyManager $keyManager
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param IMailer $mailer
-	 * @param IL10N $l
-	 * @param QuestionHelper $questionHelper
-	 * @param ISecureRandom $secureRandom
-	 */
-	public function __construct(
-		Setup $userSetup,
-		IUserManager $userManager,
-		View $rootView,
-		KeyManager $keyManager,
-		Util $util,
-		IConfig $config,
-		IMailer $mailer,
-		IL10N $l,
-		QuestionHelper $questionHelper,
-		ISecureRandom $secureRandom
-	) {
-		$this->userSetup = $userSetup;
-		$this->userManager = $userManager;
-		$this->rootView = $rootView;
-		$this->keyManager = $keyManager;
-		$this->util = $util;
-		$this->config = $config;
-		$this->mailer = $mailer;
-		$this->l = $l;
-		$this->questionHelper = $questionHelper;
-		$this->secureRandom = $secureRandom;
-		// store one time passwords for the users
-		$this->userPasswords = array();
-	}
-
-	/**
-	 * start to encrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output) {
-
-		$this->input = $input;
-		$this->output = $output;
-
-		$headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
-		$this->output->writeln("\n");
-		$this->output->writeln($headline);
-		$this->output->writeln(str_pad('', strlen($headline), '='));
-		$this->output->writeln("\n");
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$this->output->writeln('Use master key to encrypt all files.');
-			$this->keyManager->validateMasterKey();
-		} else {
-			//create private/public keys for each user and store the private key password
-			$this->output->writeln('Create key-pair for every user');
-			$this->output->writeln('------------------------------');
-			$this->output->writeln('');
-			$this->output->writeln('This module will encrypt all files in the users files folder initially.');
-			$this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.');
-			$this->output->writeln('');
-			$this->createKeyPairs();
-		}
-
-		//setup users file system and encrypt all files one by one (take should encrypt setting of storage into account)
-		$this->output->writeln("\n");
-		$this->output->writeln('Start to encrypt users files');
-		$this->output->writeln('----------------------------');
-		$this->output->writeln('');
-		$this->encryptAllUsersFiles();
-		if ($this->util->isMasterKeyEnabled() === false) {
-			//send-out or display password list and write it to a file
-			$this->output->writeln("\n");
-			$this->output->writeln('Generated encryption key passwords');
-			$this->output->writeln('----------------------------------');
-			$this->output->writeln('');
-			$this->outputPasswords();
-		}
-		$this->output->writeln("\n");
-	}
-
-	/**
-	 * create key-pair for every user
-	 */
-	protected function createKeyPairs() {
-		$this->output->writeln("\n");
-		$progress = new ProgressBar($this->output);
-		$progress->setFormat(" %message% \n [%bar%]");
-		$progress->start();
-
-		foreach($this->userManager->getBackends() as $backend) {
-			$limit = 500;
-			$offset = 0;
-			do {
-				$users = $backend->getUsers('', $limit, $offset);
-				foreach ($users as $user) {
-					if ($this->keyManager->userHasKeys($user) === false) {
-						$progress->setMessage('Create key-pair for ' . $user);
-						$progress->advance();
-						$this->setupUserFS($user);
-						$password = $this->generateOneTimePassword($user);
-						$this->userSetup->setupUser($user, $password);
-					} else {
-						// users which already have a key-pair will be stored with a
-						// empty password and filtered out later
-						$this->userPasswords[$user] = '';
-					}
-				}
-				$offset += $limit;
-			} while(count($users) >= $limit);
-		}
-
-		$progress->setMessage('Key-pair created for all users');
-		$progress->finish();
-	}
-
-	/**
-	 * iterate over all user and encrypt their files
-	 */
-	protected function encryptAllUsersFiles() {
-		$this->output->writeln("\n");
-		$progress = new ProgressBar($this->output);
-		$progress->setFormat(" %message% \n [%bar%]");
-		$progress->start();
-		$numberOfUsers = count($this->userPasswords);
-		$userNo = 1;
-		if ($this->util->isMasterKeyEnabled()) {
-			$this->encryptAllUserFilesWithMasterKey($progress);
-		} else {
-			foreach ($this->userPasswords as $uid => $password) {
-				$userCount = "$uid ($userNo of $numberOfUsers)";
-				$this->encryptUsersFiles($uid, $progress, $userCount);
-				$userNo++;
-			}
-		}
-		$progress->setMessage("all files encrypted");
-		$progress->finish();
-
-	}
-
-	/**
-	 * encrypt all user files with the master key
-	 *
-	 * @param ProgressBar $progress
-	 */
-	protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
-		$userNo = 1;
-		foreach($this->userManager->getBackends() as $backend) {
-			$limit = 500;
-			$offset = 0;
-			do {
-				$users = $backend->getUsers('', $limit, $offset);
-				foreach ($users as $user) {
-					$userCount = "$user ($userNo)";
-					$this->encryptUsersFiles($user, $progress, $userCount);
-					$userNo++;
-				}
-				$offset += $limit;
-			} while(count($users) >= $limit);
-		}
-	}
-
-	/**
-	 * encrypt files from the given user
-	 *
-	 * @param string $uid
-	 * @param ProgressBar $progress
-	 * @param string $userCount
-	 */
-	protected function encryptUsersFiles($uid, ProgressBar $progress, $userCount) {
-
-		$this->setupUserFS($uid);
-		$directories = array();
-		$directories[] =  '/' . $uid . '/files';
-
-		while($root = array_pop($directories)) {
-			$content = $this->rootView->getDirectoryContent($root);
-			foreach ($content as $file) {
-				$path = $root . '/' . $file['name'];
-				if ($this->rootView->is_dir($path)) {
-					$directories[] = $path;
-					continue;
-				} else {
-					$progress->setMessage("encrypt files for user $userCount: $path");
-					$progress->advance();
-					if($this->encryptFile($path) === false) {
-						$progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
-						$progress->advance();
-					}
-				}
-			}
-		}
-	}
-
-	/**
-	 * encrypt file
-	 *
-	 * @param string $path
-	 * @return bool
-	 */
-	protected function encryptFile($path) {
-
-		$source = $path;
-		$target = $path . '.encrypted.' . time();
-
-		try {
-			$this->rootView->copy($source, $target);
-			$this->rootView->rename($target, $source);
-		} catch (DecryptionFailedException $e) {
-			if ($this->rootView->file_exists($target)) {
-				$this->rootView->unlink($target);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * output one-time encryption passwords
-	 */
-	protected function outputPasswords() {
-		$table = new Table($this->output);
-		$table->setHeaders(array('Username', 'Private key password'));
-
-		//create rows
-		$newPasswords = array();
-		$unchangedPasswords = array();
-		foreach ($this->userPasswords as $uid => $password) {
-			if (empty($password)) {
-				$unchangedPasswords[] = $uid;
-			} else {
-				$newPasswords[] = [$uid, $password];
-			}
-		}
-
-		if (empty($newPasswords)) {
-			$this->output->writeln("\nAll users already had a key-pair, no further action needed.\n");
-			return;
-		}
-
-		$table->setRows($newPasswords);
-		$table->render();
-
-		if (!empty($unchangedPasswords)) {
-			$this->output->writeln("\nThe following users already had a key-pair which was reused without setting a new password:\n");
-			foreach ($unchangedPasswords as $uid) {
-				$this->output->writeln("    $uid");
-			}
-		}
-
-		$this->writePasswordsToFile($newPasswords);
-
-		$this->output->writeln('');
-		$question = new ConfirmationQuestion('Do you want to send the passwords directly to the users by mail? (y/n) ', false);
-		if ($this->questionHelper->ask($this->input, $this->output, $question)) {
-			$this->sendPasswordsByMail();
-		}
-	}
-
-	/**
-	 * write one-time encryption passwords to a csv file
-	 *
-	 * @param array $passwords
-	 */
-	protected function writePasswordsToFile(array $passwords) {
-		$fp = $this->rootView->fopen('oneTimeEncryptionPasswords.csv', 'w');
-		foreach ($passwords as $pwd) {
-			fputcsv($fp, $pwd);
-		}
-		fclose($fp);
-		$this->output->writeln("\n");
-		$this->output->writeln('A list of all newly created passwords was written to data/oneTimeEncryptionPasswords.csv');
-		$this->output->writeln('');
-		$this->output->writeln('Each of these users need to login to the web interface, go to the');
-		$this->output->writeln('personal settings section "basic encryption module" and');
-		$this->output->writeln('update the private key password to match the login password again by');
-		$this->output->writeln('entering the one-time password into the "old log-in password" field');
-		$this->output->writeln('and their current login password');
-	}
-
-	/**
-	 * setup user file system
-	 *
-	 * @param string $uid
-	 */
-	protected function setupUserFS($uid) {
-		\OC_Util::tearDownFS();
-		\OC_Util::setupFS($uid);
-	}
-
-	/**
-	 * generate one time password for the user and store it in a array
-	 *
-	 * @param string $uid
-	 * @return string password
-	 */
-	protected function generateOneTimePassword($uid) {
-		$password = $this->secureRandom->generate(8);
-		$this->userPasswords[$uid] = $password;
-		return $password;
-	}
-
-	/**
-	 * send encryption key passwords to the users by mail
-	 */
-	protected function sendPasswordsByMail() {
-		$noMail = [];
-
-		$this->output->writeln('');
-		$progress = new ProgressBar($this->output, count($this->userPasswords));
-		$progress->start();
-
-		foreach ($this->userPasswords as $uid => $password) {
-			$progress->advance();
-			if (!empty($password)) {
-				$recipient = $this->userManager->get($uid);
-				$recipientDisplayName = $recipient->getDisplayName();
-				$to = $recipient->getEMailAddress();
-
-				if ($to === '') {
-					$noMail[] = $uid;
-					continue;
-				}
-
-				$subject = (string)$this->l->t('one-time password for server-side-encryption');
-				list($htmlBody, $textBody) = $this->createMailBody($password);
-
-				// send it out now
-				try {
-					$message = $this->mailer->createMessage();
-					$message->setSubject($subject);
-					$message->setTo([$to => $recipientDisplayName]);
-					$message->setHtmlBody($htmlBody);
-					$message->setPlainBody($textBody);
-					$message->setFrom([
-						\OCP\Util::getDefaultEmailAddress('admin-noreply')
-					]);
-
-					$this->mailer->send($message);
-				} catch (\Exception $e) {
-					$noMail[] = $uid;
-				}
-			}
-		}
-
-		$progress->finish();
-
-		if (empty($noMail)) {
-			$this->output->writeln("\n\nPassword successfully send to all users");
-		} else {
-			$table = new Table($this->output);
-			$table->setHeaders(array('Username', 'Private key password'));
-			$this->output->writeln("\n\nCould not send password to following users:\n");
-			$rows = [];
-			foreach ($noMail as $uid) {
-				$rows[] = [$uid, $this->userPasswords[$uid]];
-			}
-			$table->setRows($rows);
-			$table->render();
-		}
-
-	}
-
-	/**
-	 * create mail body for plain text and html mail
-	 *
-	 * @param string $password one-time encryption password
-	 * @return array an array of the html mail body and the plain text mail body
-	 */
-	protected function createMailBody($password) {
-
-		$html = new \OC_Template("encryption", "mail", "");
-		$html->assign ('password', $password);
-		$htmlMail = $html->fetchPage();
-
-		$plainText = new \OC_Template("encryption", "altmail", "");
-		$plainText->assign ('password', $password);
-		$plainTextMail = $plainText->fetchPage();
-
-		return [$htmlMail, $plainTextMail];
-	}
+    /** @var Setup */
+    protected $userSetup;
+
+    /** @var IUserManager */
+    protected $userManager;
+
+    /** @var View */
+    protected $rootView;
+
+    /** @var KeyManager */
+    protected $keyManager;
+
+    /** @var Util */
+    protected $util;
+
+    /** @var array  */
+    protected $userPasswords;
+
+    /** @var  IConfig */
+    protected $config;
+
+    /** @var IMailer */
+    protected $mailer;
+
+    /** @var  IL10N */
+    protected $l;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /** @var  OutputInterface */
+    protected $output;
+
+    /** @var  InputInterface */
+    protected $input;
+
+    /** @var ISecureRandom */
+    protected $secureRandom;
+
+    /**
+     * @param Setup $userSetup
+     * @param IUserManager $userManager
+     * @param View $rootView
+     * @param KeyManager $keyManager
+     * @param Util $util
+     * @param IConfig $config
+     * @param IMailer $mailer
+     * @param IL10N $l
+     * @param QuestionHelper $questionHelper
+     * @param ISecureRandom $secureRandom
+     */
+    public function __construct(
+        Setup $userSetup,
+        IUserManager $userManager,
+        View $rootView,
+        KeyManager $keyManager,
+        Util $util,
+        IConfig $config,
+        IMailer $mailer,
+        IL10N $l,
+        QuestionHelper $questionHelper,
+        ISecureRandom $secureRandom
+    ) {
+        $this->userSetup = $userSetup;
+        $this->userManager = $userManager;
+        $this->rootView = $rootView;
+        $this->keyManager = $keyManager;
+        $this->util = $util;
+        $this->config = $config;
+        $this->mailer = $mailer;
+        $this->l = $l;
+        $this->questionHelper = $questionHelper;
+        $this->secureRandom = $secureRandom;
+        // store one time passwords for the users
+        $this->userPasswords = array();
+    }
+
+    /**
+     * start to encrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output) {
+
+        $this->input = $input;
+        $this->output = $output;
+
+        $headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
+        $this->output->writeln("\n");
+        $this->output->writeln($headline);
+        $this->output->writeln(str_pad('', strlen($headline), '='));
+        $this->output->writeln("\n");
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $this->output->writeln('Use master key to encrypt all files.');
+            $this->keyManager->validateMasterKey();
+        } else {
+            //create private/public keys for each user and store the private key password
+            $this->output->writeln('Create key-pair for every user');
+            $this->output->writeln('------------------------------');
+            $this->output->writeln('');
+            $this->output->writeln('This module will encrypt all files in the users files folder initially.');
+            $this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.');
+            $this->output->writeln('');
+            $this->createKeyPairs();
+        }
+
+        //setup users file system and encrypt all files one by one (take should encrypt setting of storage into account)
+        $this->output->writeln("\n");
+        $this->output->writeln('Start to encrypt users files');
+        $this->output->writeln('----------------------------');
+        $this->output->writeln('');
+        $this->encryptAllUsersFiles();
+        if ($this->util->isMasterKeyEnabled() === false) {
+            //send-out or display password list and write it to a file
+            $this->output->writeln("\n");
+            $this->output->writeln('Generated encryption key passwords');
+            $this->output->writeln('----------------------------------');
+            $this->output->writeln('');
+            $this->outputPasswords();
+        }
+        $this->output->writeln("\n");
+    }
+
+    /**
+     * create key-pair for every user
+     */
+    protected function createKeyPairs() {
+        $this->output->writeln("\n");
+        $progress = new ProgressBar($this->output);
+        $progress->setFormat(" %message% \n [%bar%]");
+        $progress->start();
+
+        foreach($this->userManager->getBackends() as $backend) {
+            $limit = 500;
+            $offset = 0;
+            do {
+                $users = $backend->getUsers('', $limit, $offset);
+                foreach ($users as $user) {
+                    if ($this->keyManager->userHasKeys($user) === false) {
+                        $progress->setMessage('Create key-pair for ' . $user);
+                        $progress->advance();
+                        $this->setupUserFS($user);
+                        $password = $this->generateOneTimePassword($user);
+                        $this->userSetup->setupUser($user, $password);
+                    } else {
+                        // users which already have a key-pair will be stored with a
+                        // empty password and filtered out later
+                        $this->userPasswords[$user] = '';
+                    }
+                }
+                $offset += $limit;
+            } while(count($users) >= $limit);
+        }
+
+        $progress->setMessage('Key-pair created for all users');
+        $progress->finish();
+    }
+
+    /**
+     * iterate over all user and encrypt their files
+     */
+    protected function encryptAllUsersFiles() {
+        $this->output->writeln("\n");
+        $progress = new ProgressBar($this->output);
+        $progress->setFormat(" %message% \n [%bar%]");
+        $progress->start();
+        $numberOfUsers = count($this->userPasswords);
+        $userNo = 1;
+        if ($this->util->isMasterKeyEnabled()) {
+            $this->encryptAllUserFilesWithMasterKey($progress);
+        } else {
+            foreach ($this->userPasswords as $uid => $password) {
+                $userCount = "$uid ($userNo of $numberOfUsers)";
+                $this->encryptUsersFiles($uid, $progress, $userCount);
+                $userNo++;
+            }
+        }
+        $progress->setMessage("all files encrypted");
+        $progress->finish();
+
+    }
+
+    /**
+     * encrypt all user files with the master key
+     *
+     * @param ProgressBar $progress
+     */
+    protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
+        $userNo = 1;
+        foreach($this->userManager->getBackends() as $backend) {
+            $limit = 500;
+            $offset = 0;
+            do {
+                $users = $backend->getUsers('', $limit, $offset);
+                foreach ($users as $user) {
+                    $userCount = "$user ($userNo)";
+                    $this->encryptUsersFiles($user, $progress, $userCount);
+                    $userNo++;
+                }
+                $offset += $limit;
+            } while(count($users) >= $limit);
+        }
+    }
+
+    /**
+     * encrypt files from the given user
+     *
+     * @param string $uid
+     * @param ProgressBar $progress
+     * @param string $userCount
+     */
+    protected function encryptUsersFiles($uid, ProgressBar $progress, $userCount) {
+
+        $this->setupUserFS($uid);
+        $directories = array();
+        $directories[] =  '/' . $uid . '/files';
+
+        while($root = array_pop($directories)) {
+            $content = $this->rootView->getDirectoryContent($root);
+            foreach ($content as $file) {
+                $path = $root . '/' . $file['name'];
+                if ($this->rootView->is_dir($path)) {
+                    $directories[] = $path;
+                    continue;
+                } else {
+                    $progress->setMessage("encrypt files for user $userCount: $path");
+                    $progress->advance();
+                    if($this->encryptFile($path) === false) {
+                        $progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
+                        $progress->advance();
+                    }
+                }
+            }
+        }
+    }
+
+    /**
+     * encrypt file
+     *
+     * @param string $path
+     * @return bool
+     */
+    protected function encryptFile($path) {
+
+        $source = $path;
+        $target = $path . '.encrypted.' . time();
+
+        try {
+            $this->rootView->copy($source, $target);
+            $this->rootView->rename($target, $source);
+        } catch (DecryptionFailedException $e) {
+            if ($this->rootView->file_exists($target)) {
+                $this->rootView->unlink($target);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * output one-time encryption passwords
+     */
+    protected function outputPasswords() {
+        $table = new Table($this->output);
+        $table->setHeaders(array('Username', 'Private key password'));
+
+        //create rows
+        $newPasswords = array();
+        $unchangedPasswords = array();
+        foreach ($this->userPasswords as $uid => $password) {
+            if (empty($password)) {
+                $unchangedPasswords[] = $uid;
+            } else {
+                $newPasswords[] = [$uid, $password];
+            }
+        }
+
+        if (empty($newPasswords)) {
+            $this->output->writeln("\nAll users already had a key-pair, no further action needed.\n");
+            return;
+        }
+
+        $table->setRows($newPasswords);
+        $table->render();
+
+        if (!empty($unchangedPasswords)) {
+            $this->output->writeln("\nThe following users already had a key-pair which was reused without setting a new password:\n");
+            foreach ($unchangedPasswords as $uid) {
+                $this->output->writeln("    $uid");
+            }
+        }
+
+        $this->writePasswordsToFile($newPasswords);
+
+        $this->output->writeln('');
+        $question = new ConfirmationQuestion('Do you want to send the passwords directly to the users by mail? (y/n) ', false);
+        if ($this->questionHelper->ask($this->input, $this->output, $question)) {
+            $this->sendPasswordsByMail();
+        }
+    }
+
+    /**
+     * write one-time encryption passwords to a csv file
+     *
+     * @param array $passwords
+     */
+    protected function writePasswordsToFile(array $passwords) {
+        $fp = $this->rootView->fopen('oneTimeEncryptionPasswords.csv', 'w');
+        foreach ($passwords as $pwd) {
+            fputcsv($fp, $pwd);
+        }
+        fclose($fp);
+        $this->output->writeln("\n");
+        $this->output->writeln('A list of all newly created passwords was written to data/oneTimeEncryptionPasswords.csv');
+        $this->output->writeln('');
+        $this->output->writeln('Each of these users need to login to the web interface, go to the');
+        $this->output->writeln('personal settings section "basic encryption module" and');
+        $this->output->writeln('update the private key password to match the login password again by');
+        $this->output->writeln('entering the one-time password into the "old log-in password" field');
+        $this->output->writeln('and their current login password');
+    }
+
+    /**
+     * setup user file system
+     *
+     * @param string $uid
+     */
+    protected function setupUserFS($uid) {
+        \OC_Util::tearDownFS();
+        \OC_Util::setupFS($uid);
+    }
+
+    /**
+     * generate one time password for the user and store it in a array
+     *
+     * @param string $uid
+     * @return string password
+     */
+    protected function generateOneTimePassword($uid) {
+        $password = $this->secureRandom->generate(8);
+        $this->userPasswords[$uid] = $password;
+        return $password;
+    }
+
+    /**
+     * send encryption key passwords to the users by mail
+     */
+    protected function sendPasswordsByMail() {
+        $noMail = [];
+
+        $this->output->writeln('');
+        $progress = new ProgressBar($this->output, count($this->userPasswords));
+        $progress->start();
+
+        foreach ($this->userPasswords as $uid => $password) {
+            $progress->advance();
+            if (!empty($password)) {
+                $recipient = $this->userManager->get($uid);
+                $recipientDisplayName = $recipient->getDisplayName();
+                $to = $recipient->getEMailAddress();
+
+                if ($to === '') {
+                    $noMail[] = $uid;
+                    continue;
+                }
+
+                $subject = (string)$this->l->t('one-time password for server-side-encryption');
+                list($htmlBody, $textBody) = $this->createMailBody($password);
+
+                // send it out now
+                try {
+                    $message = $this->mailer->createMessage();
+                    $message->setSubject($subject);
+                    $message->setTo([$to => $recipientDisplayName]);
+                    $message->setHtmlBody($htmlBody);
+                    $message->setPlainBody($textBody);
+                    $message->setFrom([
+                        \OCP\Util::getDefaultEmailAddress('admin-noreply')
+                    ]);
+
+                    $this->mailer->send($message);
+                } catch (\Exception $e) {
+                    $noMail[] = $uid;
+                }
+            }
+        }
+
+        $progress->finish();
+
+        if (empty($noMail)) {
+            $this->output->writeln("\n\nPassword successfully send to all users");
+        } else {
+            $table = new Table($this->output);
+            $table->setHeaders(array('Username', 'Private key password'));
+            $this->output->writeln("\n\nCould not send password to following users:\n");
+            $rows = [];
+            foreach ($noMail as $uid) {
+                $rows[] = [$uid, $this->userPasswords[$uid]];
+            }
+            $table->setRows($rows);
+            $table->render();
+        }
+
+    }
+
+    /**
+     * create mail body for plain text and html mail
+     *
+     * @param string $password one-time encryption password
+     * @return array an array of the html mail body and the plain text mail body
+     */
+    protected function createMailBody($password) {
+
+        $html = new \OC_Template("encryption", "mail", "");
+        $html->assign ('password', $password);
+        $htmlMail = $html->fetchPage();
+
+        $plainText = new \OC_Template("encryption", "altmail", "");
+        $plainText->assign ('password', $password);
+        $plainTextMail = $plainText->fetchPage();
+
+        return [$htmlMail, $plainTextMail];
+    }
 
 }

Spacing +14 added lines, -14 removed lines

@@ -133,7 +133,7 @@ 
 		$this->input = $input;
 		$this->output = $output;
 
-		$headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
+		$headline = 'Encrypt all files with the '.Encryption::DISPLAY_NAME;
 		$this->output->writeln("\n");
 		$this->output->writeln($headline);
 		$this->output->writeln(str_pad('', strlen($headline), '='));
@@ -179,14 +179,14 @@ 
 		$progress->setFormat(" %message% \n [%bar%]");
 		$progress->start();
 
-		foreach($this->userManager->getBackends() as $backend) {
+		foreach ($this->userManager->getBackends() as $backend) {
 			$limit = 500;
 			$offset = 0;
 			do {
 				$users = $backend->getUsers('', $limit, $offset);
 				foreach ($users as $user) {
 					if ($this->keyManager->userHasKeys($user) === false) {
-						$progress->setMessage('Create key-pair for ' . $user);
+						$progress->setMessage('Create key-pair for '.$user);
 						$progress->advance();
 						$this->setupUserFS($user);
 						$password = $this->generateOneTimePassword($user);
@@ -198,7 +198,7 @@ 
 					}
 				}
 				$offset += $limit;
-			} while(count($users) >= $limit);
+			} while (count($users) >= $limit);
 		}
 
 		$progress->setMessage('Key-pair created for all users');
@@ -236,7 +236,7 @@ 
 	 */
 	protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
 		$userNo = 1;
-		foreach($this->userManager->getBackends() as $backend) {
+		foreach ($this->userManager->getBackends() as $backend) {
 			$limit = 500;
 			$offset = 0;
 			do {
@@ -247,7 +247,7 @@ 
 					$userNo++;
 				}
 				$offset += $limit;
-			} while(count($users) >= $limit);
+			} while (count($users) >= $limit);
 		}
 	}
 
@@ -262,19 +262,19 @@ 
 
 		$this->setupUserFS($uid);
 		$directories = array();
-		$directories[] =  '/' . $uid . '/files';
+		$directories[] = '/'.$uid.'/files';
 
-		while($root = array_pop($directories)) {
+		while ($root = array_pop($directories)) {
 			$content = $this->rootView->getDirectoryContent($root);
 			foreach ($content as $file) {
-				$path = $root . '/' . $file['name'];
+				$path = $root.'/'.$file['name'];
 				if ($this->rootView->is_dir($path)) {
 					$directories[] = $path;
 					continue;
 				} else {
 					$progress->setMessage("encrypt files for user $userCount: $path");
 					$progress->advance();
-					if($this->encryptFile($path) === false) {
+					if ($this->encryptFile($path) === false) {
 						$progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
 						$progress->advance();
 					}
@@ -292,7 +292,7 @@ 
 	protected function encryptFile($path) {
 
 		$source = $path;
-		$target = $path . '.encrypted.' . time();
+		$target = $path.'.encrypted.'.time();
 
 		try {
 			$this->rootView->copy($source, $target);
@@ -414,7 +414,7 @@ 
 					continue;
 				}
 
-				$subject = (string)$this->l->t('one-time password for server-side-encryption');
+				$subject = (string) $this->l->t('one-time password for server-side-encryption');
 				list($htmlBody, $textBody) = $this->createMailBody($password);
 
 				// send it out now
@@ -462,11 +462,11 @@ 
 	protected function createMailBody($password) {
 
 		$html = new \OC_Template("encryption", "mail", "");
-		$html->assign ('password', $password);
+		$html->assign('password', $password);
 		$htmlMail = $html->fetchPage();
 
 		$plainText = new \OC_Template("encryption", "altmail", "");
-		$plainText->assign ('password', $password);
+		$plainText->assign('password', $password);
 		$plainTextMail = $plainText->fetchPage();
 
 		return [$htmlMail, $plainTextMail];

apps/encryption/lib/Crypto/Crypt.php

Indentation +636 added lines, -636 removed lines

@@ -54,641 +54,641 @@
  */
 class Crypt {
 
-	const DEFAULT_CIPHER = 'AES-256-CTR';
-	// default cipher from old ownCloud versions
-	const LEGACY_CIPHER = 'AES-128-CFB';
-
-	// default key format, old ownCloud version encrypted the private key directly
-	// with the user password
-	const LEGACY_KEY_FORMAT = 'password';
-
-	const HEADER_START = 'HBEGIN';
-	const HEADER_END = 'HEND';
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var string */
-	private $user;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var array */
-	private $supportedKeyFormats;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var array */
-	private $supportedCiphersAndKeySize = [
-		'AES-256-CTR' => 32,
-		'AES-128-CTR' => 16,
-		'AES-256-CFB' => 32,
-		'AES-128-CFB' => 16,
-	];
-
-	/**
-	 * @param ILogger $logger
-	 * @param IUserSession $userSession
-	 * @param IConfig $config
-	 * @param IL10N $l
-	 */
-	public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) {
-		$this->logger = $logger;
-		$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
-		$this->config = $config;
-		$this->l = $l;
-		$this->supportedKeyFormats = ['hash', 'password'];
-	}
-
-	/**
-	 * create new private/public key-pair for user
-	 *
-	 * @return array|bool
-	 */
-	public function createKeyPair() {
-
-		$log = $this->logger;
-		$res = $this->getOpenSSLPKey();
-
-		if (!$res) {
-			$log->error("Encryption Library couldn't generate users key-pair for {$this->user}",
-				['app' => 'encryption']);
-
-			if (openssl_error_string()) {
-				$log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
-					['app' => 'encryption']);
-			}
-		} elseif (openssl_pkey_export($res,
-			$privateKey,
-			null,
-			$this->getOpenSSLConfig())) {
-			$keyDetails = openssl_pkey_get_details($res);
-			$publicKey = $keyDetails['key'];
-
-			return [
-				'publicKey' => $publicKey,
-				'privateKey' => $privateKey
-			];
-		}
-		$log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
-			['app' => 'encryption']);
-		if (openssl_error_string()) {
-			$log->error('Encryption Library:' . openssl_error_string(),
-				['app' => 'encryption']);
-		}
-
-		return false;
-	}
-
-	/**
-	 * Generates a new private key
-	 *
-	 * @return resource
-	 */
-	public function getOpenSSLPKey() {
-		$config = $this->getOpenSSLConfig();
-		return openssl_pkey_new($config);
-	}
-
-	/**
-	 * get openSSL Config
-	 *
-	 * @return array
-	 */
-	private function getOpenSSLConfig() {
-		$config = ['private_key_bits' => 4096];
-		$config = array_merge(
-			$config,
-			$this->config->getSystemValue('openssl', [])
-		);
-		return $config;
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param string $passPhrase
-	 * @param int $version
-	 * @param int $position
-	 * @return false|string
-	 * @throws EncryptionFailedException
-	 */
-	public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
-
-		if (!$plainContent) {
-			$this->logger->error('Encryption Library, symmetrical encryption failed no content given',
-				['app' => 'encryption']);
-			return false;
-		}
-
-		$iv = $this->generateIv();
-
-		$encryptedContent = $this->encrypt($plainContent,
-			$iv,
-			$passPhrase,
-			$this->getCipher());
-
-		// Create a signature based on the key as well as the current version
-		$sig = $this->createSignature($encryptedContent, $passPhrase.$version.$position);
-
-		// combine content to encrypt the IV identifier and actual IV
-		$catFile = $this->concatIV($encryptedContent, $iv);
-		$catFile = $this->concatSig($catFile, $sig);
-		$padded = $this->addPadding($catFile);
-
-		return $padded;
-	}
-
-	/**
-	 * generate header for encrypted file
-	 *
-	 * @param string $keyFormat (can be 'hash' or 'password')
-	 * @return string
-	 * @throws \InvalidArgumentException
-	 */
-	public function generateHeader($keyFormat = 'hash') {
-
-		if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
-			throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
-		}
-
-		$cipher = $this->getCipher();
-
-		$header = self::HEADER_START
-			. ':cipher:' . $cipher
-			. ':keyFormat:' . $keyFormat
-			. ':' . self::HEADER_END;
-
-		return $header;
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param string $iv
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @return string
-	 * @throws EncryptionFailedException
-	 */
-	private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
-		$encryptedContent = openssl_encrypt($plainContent,
-			$cipher,
-			$passPhrase,
-			false,
-			$iv);
-
-		if (!$encryptedContent) {
-			$error = 'Encryption (symmetric) of content failed';
-			$this->logger->error($error . openssl_error_string(),
-				['app' => 'encryption']);
-			throw new EncryptionFailedException($error);
-		}
-
-		return $encryptedContent;
-	}
-
-	/**
-	 * return Cipher either from config.php or the default cipher defined in
-	 * this class
-	 *
-	 * @return string
-	 */
-	public function getCipher() {
-		$cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
-		if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
-			$this->logger->warning(
-					sprintf(
-							'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
-							$cipher,
-							self::DEFAULT_CIPHER
-					),
-				['app' => 'encryption']);
-			$cipher = self::DEFAULT_CIPHER;
-		}
-
-		// Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
-		if(OPENSSL_VERSION_NUMBER < 0x1000101f) {
-			if($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
-				$cipher = self::LEGACY_CIPHER;
-			}
-		}
-
-		return $cipher;
-	}
-
-	/**
-	 * get key size depending on the cipher
-	 *
-	 * @param string $cipher
-	 * @return int
-	 * @throws \InvalidArgumentException
-	 */
-	protected function getKeySize($cipher) {
-		if(isset($this->supportedCiphersAndKeySize[$cipher])) {
-			return $this->supportedCiphersAndKeySize[$cipher];
-		}
-
-		throw new \InvalidArgumentException(
-			sprintf(
-					'Unsupported cipher (%s) defined.',
-					$cipher
-			)
-		);
-	}
-
-	/**
-	 * get legacy cipher
-	 *
-	 * @return string
-	 */
-	public function getLegacyCipher() {
-		return self::LEGACY_CIPHER;
-	}
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $iv
-	 * @return string
-	 */
-	private function concatIV($encryptedContent, $iv) {
-		return $encryptedContent . '00iv00' . $iv;
-	}
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $signature
-	 * @return string
-	 */
-	private function concatSig($encryptedContent, $signature) {
-		return $encryptedContent . '00sig00' . $signature;
-	}
-
-	/**
-	 * Note: This is _NOT_ a padding used for encryption purposes. It is solely
-	 * used to achieve the PHP stream size. It has _NOTHING_ to do with the
-	 * encrypted content and is not used in any crypto primitive.
-	 *
-	 * @param string $data
-	 * @return string
-	 */
-	private function addPadding($data) {
-		return $data . 'xxx';
-	}
-
-	/**
-	 * generate password hash used to encrypt the users private key
-	 *
-	 * @param string $password
-	 * @param string $cipher
-	 * @param string $uid only used for user keys
-	 * @return string
-	 */
-	protected function generatePasswordHash($password, $cipher, $uid = '') {
-		$instanceId = $this->config->getSystemValue('instanceid');
-		$instanceSecret = $this->config->getSystemValue('secret');
-		$salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
-		$keySize = $this->getKeySize($cipher);
-
-		$hash = hash_pbkdf2(
-			'sha256',
-			$password,
-			$salt,
-			100000,
-			$keySize,
-			true
-		);
-
-		return $hash;
-	}
-
-	/**
-	 * encrypt private key
-	 *
-	 * @param string $privateKey
-	 * @param string $password
-	 * @param string $uid for regular users, empty for system keys
-	 * @return false|string
-	 */
-	public function encryptPrivateKey($privateKey, $password, $uid = '') {
-		$cipher = $this->getCipher();
-		$hash = $this->generatePasswordHash($password, $cipher, $uid);
-		$encryptedKey = $this->symmetricEncryptFileContent(
-			$privateKey,
-			$hash,
-			0,
-			0
-		);
-
-		return $encryptedKey;
-	}
-
-	/**
-	 * @param string $privateKey
-	 * @param string $password
-	 * @param string $uid for regular users, empty for system keys
-	 * @return false|string
-	 */
-	public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
-
-		$header = $this->parseHeader($privateKey);
-
-		if (isset($header['cipher'])) {
-			$cipher = $header['cipher'];
-		} else {
-			$cipher = self::LEGACY_CIPHER;
-		}
-
-		if (isset($header['keyFormat'])) {
-			$keyFormat = $header['keyFormat'];
-		} else {
-			$keyFormat = self::LEGACY_KEY_FORMAT;
-		}
-
-		if ($keyFormat === 'hash') {
-			$password = $this->generatePasswordHash($password, $cipher, $uid);
-		}
-
-		// If we found a header we need to remove it from the key we want to decrypt
-		if (!empty($header)) {
-			$privateKey = substr($privateKey,
-				strpos($privateKey,
-					self::HEADER_END) + strlen(self::HEADER_END));
-		}
-
-		$plainKey = $this->symmetricDecryptFileContent(
-			$privateKey,
-			$password,
-			$cipher,
-			0
-		);
-
-		if ($this->isValidPrivateKey($plainKey) === false) {
-			return false;
-		}
-
-		return $plainKey;
-	}
-
-	/**
-	 * check if it is a valid private key
-	 *
-	 * @param string $plainKey
-	 * @return bool
-	 */
-	protected function isValidPrivateKey($plainKey) {
-		$res = openssl_get_privatekey($plainKey);
-		if (is_resource($res)) {
-			$sslInfo = openssl_pkey_get_details($res);
-			if (isset($sslInfo['key'])) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * @param string $keyFileContents
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @param int $version
-	 * @param int $position
-	 * @return string
-	 * @throws DecryptionFailedException
-	 */
-	public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
-		$catFile = $this->splitMetaData($keyFileContents, $cipher);
-
-		if ($catFile['signature'] !== false) {
-			$this->checkSignature($catFile['encrypted'], $passPhrase.$version.$position, $catFile['signature']);
-		}
-
-		return $this->decrypt($catFile['encrypted'],
-			$catFile['iv'],
-			$passPhrase,
-			$cipher);
-	}
-
-	/**
-	 * check for valid signature
-	 *
-	 * @param string $data
-	 * @param string $passPhrase
-	 * @param string $expectedSignature
-	 * @throws HintException
-	 */
-	private function checkSignature($data, $passPhrase, $expectedSignature) {
-		$signature = $this->createSignature($data, $passPhrase);
-		if (!hash_equals($expectedSignature, $signature)) {
-			throw new HintException('Bad Signature', $this->l->t('Bad Signature'));
-		}
-	}
-
-	/**
-	 * create signature
-	 *
-	 * @param string $data
-	 * @param string $passPhrase
-	 * @return string
-	 */
-	private function createSignature($data, $passPhrase) {
-		$passPhrase = hash('sha512', $passPhrase . 'a', true);
-		$signature = hash_hmac('sha256', $data, $passPhrase);
-		return $signature;
-	}
-
-
-	/**
-	 * remove padding
-	 *
-	 * @param string $padded
-	 * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
-	 * @return string|false
-	 */
-	private function removePadding($padded, $hasSignature = false) {
-		if ($hasSignature === false && substr($padded, -2) === 'xx') {
-			return substr($padded, 0, -2);
-		} elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
-			return substr($padded, 0, -3);
-		}
-		return false;
-	}
-
-	/**
-	 * split meta data from encrypted file
-	 * Note: for now, we assume that the meta data always start with the iv
-	 *       followed by the signature, if available
-	 *
-	 * @param string $catFile
-	 * @param string $cipher
-	 * @return array
-	 */
-	private function splitMetaData($catFile, $cipher) {
-		if ($this->hasSignature($catFile, $cipher)) {
-			$catFile = $this->removePadding($catFile, true);
-			$meta = substr($catFile, -93);
-			$iv = substr($meta, strlen('00iv00'), 16);
-			$sig = substr($meta, 22 + strlen('00sig00'));
-			$encrypted = substr($catFile, 0, -93);
-		} else {
-			$catFile = $this->removePadding($catFile);
-			$meta = substr($catFile, -22);
-			$iv = substr($meta, -16);
-			$sig = false;
-			$encrypted = substr($catFile, 0, -22);
-		}
-
-		return [
-			'encrypted' => $encrypted,
-			'iv' => $iv,
-			'signature' => $sig
-		];
-	}
-
-	/**
-	 * check if encrypted block is signed
-	 *
-	 * @param string $catFile
-	 * @param string $cipher
-	 * @return bool
-	 * @throws HintException
-	 */
-	private function hasSignature($catFile, $cipher) {
-		$meta = substr($catFile, -93);
-		$signaturePosition = strpos($meta, '00sig00');
-
-		// enforce signature for the new 'CTR' ciphers
-		if ($signaturePosition === false && strpos(strtolower($cipher), 'ctr') !== false) {
-			throw new HintException('Missing Signature', $this->l->t('Missing Signature'));
-		}
-
-		return ($signaturePosition !== false);
-	}
-
-
-	/**
-	 * @param string $encryptedContent
-	 * @param string $iv
-	 * @param string $passPhrase
-	 * @param string $cipher
-	 * @return string
-	 * @throws DecryptionFailedException
-	 */
-	private function decrypt($encryptedContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
-		$plainContent = openssl_decrypt($encryptedContent,
-			$cipher,
-			$passPhrase,
-			false,
-			$iv);
-
-		if ($plainContent) {
-			return $plainContent;
-		} else {
-			throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
-		}
-	}
-
-	/**
-	 * @param string $data
-	 * @return array
-	 */
-	protected function parseHeader($data) {
-		$result = [];
-
-		if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
-			$endAt = strpos($data, self::HEADER_END);
-			$header = substr($data, 0, $endAt + strlen(self::HEADER_END));
-
-			// +1 not to start with an ':' which would result in empty element at the beginning
-			$exploded = explode(':',
-				substr($header, strlen(self::HEADER_START) + 1));
-
-			$element = array_shift($exploded);
-
-			while ($element != self::HEADER_END) {
-				$result[$element] = array_shift($exploded);
-				$element = array_shift($exploded);
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * generate initialization vector
-	 *
-	 * @return string
-	 * @throws GenericEncryptionException
-	 */
-	private function generateIv() {
-		return random_bytes(16);
-	}
-
-	/**
-	 * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
-	 * as file key
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function generateFileKey() {
-		return random_bytes(32);
-	}
-
-	/**
-	 * @param $encKeyFile
-	 * @param $shareKey
-	 * @param $privateKey
-	 * @return string
-	 * @throws MultiKeyDecryptException
-	 */
-	public function multiKeyDecrypt($encKeyFile, $shareKey, $privateKey) {
-		if (!$encKeyFile) {
-			throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
-		}
-
-		if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
-			return $plainContent;
-		} else {
-			throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
-		}
-	}
-
-	/**
-	 * @param string $plainContent
-	 * @param array $keyFiles
-	 * @return array
-	 * @throws MultiKeyEncryptException
-	 */
-	public function multiKeyEncrypt($plainContent, array $keyFiles) {
-		// openssl_seal returns false without errors if plaincontent is empty
-		// so trigger our own error
-		if (empty($plainContent)) {
-			throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
-		}
-
-		// Set empty vars to be set by openssl by reference
-		$sealed = '';
-		$shareKeys = [];
-		$mappedShareKeys = [];
-
-		if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles)) {
-			$i = 0;
-
-			// Ensure each shareKey is labelled with its corresponding key id
-			foreach ($keyFiles as $userId => $publicKey) {
-				$mappedShareKeys[$userId] = $shareKeys[$i];
-				$i++;
-			}
-
-			return [
-				'keys' => $mappedShareKeys,
-				'data' => $sealed
-			];
-		} else {
-			throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
-		}
-	}
+    const DEFAULT_CIPHER = 'AES-256-CTR';
+    // default cipher from old ownCloud versions
+    const LEGACY_CIPHER = 'AES-128-CFB';
+
+    // default key format, old ownCloud version encrypted the private key directly
+    // with the user password
+    const LEGACY_KEY_FORMAT = 'password';
+
+    const HEADER_START = 'HBEGIN';
+    const HEADER_END = 'HEND';
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var string */
+    private $user;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var array */
+    private $supportedKeyFormats;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var array */
+    private $supportedCiphersAndKeySize = [
+        'AES-256-CTR' => 32,
+        'AES-128-CTR' => 16,
+        'AES-256-CFB' => 32,
+        'AES-128-CFB' => 16,
+    ];
+
+    /**
+     * @param ILogger $logger
+     * @param IUserSession $userSession
+     * @param IConfig $config
+     * @param IL10N $l
+     */
+    public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) {
+        $this->logger = $logger;
+        $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
+        $this->config = $config;
+        $this->l = $l;
+        $this->supportedKeyFormats = ['hash', 'password'];
+    }
+
+    /**
+     * create new private/public key-pair for user
+     *
+     * @return array|bool
+     */
+    public function createKeyPair() {
+
+        $log = $this->logger;
+        $res = $this->getOpenSSLPKey();
+
+        if (!$res) {
+            $log->error("Encryption Library couldn't generate users key-pair for {$this->user}",
+                ['app' => 'encryption']);
+
+            if (openssl_error_string()) {
+                $log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
+                    ['app' => 'encryption']);
+            }
+        } elseif (openssl_pkey_export($res,
+            $privateKey,
+            null,
+            $this->getOpenSSLConfig())) {
+            $keyDetails = openssl_pkey_get_details($res);
+            $publicKey = $keyDetails['key'];
+
+            return [
+                'publicKey' => $publicKey,
+                'privateKey' => $privateKey
+            ];
+        }
+        $log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
+            ['app' => 'encryption']);
+        if (openssl_error_string()) {
+            $log->error('Encryption Library:' . openssl_error_string(),
+                ['app' => 'encryption']);
+        }
+
+        return false;
+    }
+
+    /**
+     * Generates a new private key
+     *
+     * @return resource
+     */
+    public function getOpenSSLPKey() {
+        $config = $this->getOpenSSLConfig();
+        return openssl_pkey_new($config);
+    }
+
+    /**
+     * get openSSL Config
+     *
+     * @return array
+     */
+    private function getOpenSSLConfig() {
+        $config = ['private_key_bits' => 4096];
+        $config = array_merge(
+            $config,
+            $this->config->getSystemValue('openssl', [])
+        );
+        return $config;
+    }
+
+    /**
+     * @param string $plainContent
+     * @param string $passPhrase
+     * @param int $version
+     * @param int $position
+     * @return false|string
+     * @throws EncryptionFailedException
+     */
+    public function symmetricEncryptFileContent($plainContent, $passPhrase, $version, $position) {
+
+        if (!$plainContent) {
+            $this->logger->error('Encryption Library, symmetrical encryption failed no content given',
+                ['app' => 'encryption']);
+            return false;
+        }
+
+        $iv = $this->generateIv();
+
+        $encryptedContent = $this->encrypt($plainContent,
+            $iv,
+            $passPhrase,
+            $this->getCipher());
+
+        // Create a signature based on the key as well as the current version
+        $sig = $this->createSignature($encryptedContent, $passPhrase.$version.$position);
+
+        // combine content to encrypt the IV identifier and actual IV
+        $catFile = $this->concatIV($encryptedContent, $iv);
+        $catFile = $this->concatSig($catFile, $sig);
+        $padded = $this->addPadding($catFile);
+
+        return $padded;
+    }
+
+    /**
+     * generate header for encrypted file
+     *
+     * @param string $keyFormat (can be 'hash' or 'password')
+     * @return string
+     * @throws \InvalidArgumentException
+     */
+    public function generateHeader($keyFormat = 'hash') {
+
+        if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
+            throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
+        }
+
+        $cipher = $this->getCipher();
+
+        $header = self::HEADER_START
+            . ':cipher:' . $cipher
+            . ':keyFormat:' . $keyFormat
+            . ':' . self::HEADER_END;
+
+        return $header;
+    }
+
+    /**
+     * @param string $plainContent
+     * @param string $iv
+     * @param string $passPhrase
+     * @param string $cipher
+     * @return string
+     * @throws EncryptionFailedException
+     */
+    private function encrypt($plainContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
+        $encryptedContent = openssl_encrypt($plainContent,
+            $cipher,
+            $passPhrase,
+            false,
+            $iv);
+
+        if (!$encryptedContent) {
+            $error = 'Encryption (symmetric) of content failed';
+            $this->logger->error($error . openssl_error_string(),
+                ['app' => 'encryption']);
+            throw new EncryptionFailedException($error);
+        }
+
+        return $encryptedContent;
+    }
+
+    /**
+     * return Cipher either from config.php or the default cipher defined in
+     * this class
+     *
+     * @return string
+     */
+    public function getCipher() {
+        $cipher = $this->config->getSystemValue('cipher', self::DEFAULT_CIPHER);
+        if (!isset($this->supportedCiphersAndKeySize[$cipher])) {
+            $this->logger->warning(
+                    sprintf(
+                            'Unsupported cipher (%s) defined in config.php supported. Falling back to %s',
+                            $cipher,
+                            self::DEFAULT_CIPHER
+                    ),
+                ['app' => 'encryption']);
+            $cipher = self::DEFAULT_CIPHER;
+        }
+
+        // Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
+        if(OPENSSL_VERSION_NUMBER < 0x1000101f) {
+            if($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
+                $cipher = self::LEGACY_CIPHER;
+            }
+        }
+
+        return $cipher;
+    }
+
+    /**
+     * get key size depending on the cipher
+     *
+     * @param string $cipher
+     * @return int
+     * @throws \InvalidArgumentException
+     */
+    protected function getKeySize($cipher) {
+        if(isset($this->supportedCiphersAndKeySize[$cipher])) {
+            return $this->supportedCiphersAndKeySize[$cipher];
+        }
+
+        throw new \InvalidArgumentException(
+            sprintf(
+                    'Unsupported cipher (%s) defined.',
+                    $cipher
+            )
+        );
+    }
+
+    /**
+     * get legacy cipher
+     *
+     * @return string
+     */
+    public function getLegacyCipher() {
+        return self::LEGACY_CIPHER;
+    }
+
+    /**
+     * @param string $encryptedContent
+     * @param string $iv
+     * @return string
+     */
+    private function concatIV($encryptedContent, $iv) {
+        return $encryptedContent . '00iv00' . $iv;
+    }
+
+    /**
+     * @param string $encryptedContent
+     * @param string $signature
+     * @return string
+     */
+    private function concatSig($encryptedContent, $signature) {
+        return $encryptedContent . '00sig00' . $signature;
+    }
+
+    /**
+     * Note: This is _NOT_ a padding used for encryption purposes. It is solely
+     * used to achieve the PHP stream size. It has _NOTHING_ to do with the
+     * encrypted content and is not used in any crypto primitive.
+     *
+     * @param string $data
+     * @return string
+     */
+    private function addPadding($data) {
+        return $data . 'xxx';
+    }
+
+    /**
+     * generate password hash used to encrypt the users private key
+     *
+     * @param string $password
+     * @param string $cipher
+     * @param string $uid only used for user keys
+     * @return string
+     */
+    protected function generatePasswordHash($password, $cipher, $uid = '') {
+        $instanceId = $this->config->getSystemValue('instanceid');
+        $instanceSecret = $this->config->getSystemValue('secret');
+        $salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
+        $keySize = $this->getKeySize($cipher);
+
+        $hash = hash_pbkdf2(
+            'sha256',
+            $password,
+            $salt,
+            100000,
+            $keySize,
+            true
+        );
+
+        return $hash;
+    }
+
+    /**
+     * encrypt private key
+     *
+     * @param string $privateKey
+     * @param string $password
+     * @param string $uid for regular users, empty for system keys
+     * @return false|string
+     */
+    public function encryptPrivateKey($privateKey, $password, $uid = '') {
+        $cipher = $this->getCipher();
+        $hash = $this->generatePasswordHash($password, $cipher, $uid);
+        $encryptedKey = $this->symmetricEncryptFileContent(
+            $privateKey,
+            $hash,
+            0,
+            0
+        );
+
+        return $encryptedKey;
+    }
+
+    /**
+     * @param string $privateKey
+     * @param string $password
+     * @param string $uid for regular users, empty for system keys
+     * @return false|string
+     */
+    public function decryptPrivateKey($privateKey, $password = '', $uid = '') {
+
+        $header = $this->parseHeader($privateKey);
+
+        if (isset($header['cipher'])) {
+            $cipher = $header['cipher'];
+        } else {
+            $cipher = self::LEGACY_CIPHER;
+        }
+
+        if (isset($header['keyFormat'])) {
+            $keyFormat = $header['keyFormat'];
+        } else {
+            $keyFormat = self::LEGACY_KEY_FORMAT;
+        }
+
+        if ($keyFormat === 'hash') {
+            $password = $this->generatePasswordHash($password, $cipher, $uid);
+        }
+
+        // If we found a header we need to remove it from the key we want to decrypt
+        if (!empty($header)) {
+            $privateKey = substr($privateKey,
+                strpos($privateKey,
+                    self::HEADER_END) + strlen(self::HEADER_END));
+        }
+
+        $plainKey = $this->symmetricDecryptFileContent(
+            $privateKey,
+            $password,
+            $cipher,
+            0
+        );
+
+        if ($this->isValidPrivateKey($plainKey) === false) {
+            return false;
+        }
+
+        return $plainKey;
+    }
+
+    /**
+     * check if it is a valid private key
+     *
+     * @param string $plainKey
+     * @return bool
+     */
+    protected function isValidPrivateKey($plainKey) {
+        $res = openssl_get_privatekey($plainKey);
+        if (is_resource($res)) {
+            $sslInfo = openssl_pkey_get_details($res);
+            if (isset($sslInfo['key'])) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @param string $keyFileContents
+     * @param string $passPhrase
+     * @param string $cipher
+     * @param int $version
+     * @param int $position
+     * @return string
+     * @throws DecryptionFailedException
+     */
+    public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) {
+        $catFile = $this->splitMetaData($keyFileContents, $cipher);
+
+        if ($catFile['signature'] !== false) {
+            $this->checkSignature($catFile['encrypted'], $passPhrase.$version.$position, $catFile['signature']);
+        }
+
+        return $this->decrypt($catFile['encrypted'],
+            $catFile['iv'],
+            $passPhrase,
+            $cipher);
+    }
+
+    /**
+     * check for valid signature
+     *
+     * @param string $data
+     * @param string $passPhrase
+     * @param string $expectedSignature
+     * @throws HintException
+     */
+    private function checkSignature($data, $passPhrase, $expectedSignature) {
+        $signature = $this->createSignature($data, $passPhrase);
+        if (!hash_equals($expectedSignature, $signature)) {
+            throw new HintException('Bad Signature', $this->l->t('Bad Signature'));
+        }
+    }
+
+    /**
+     * create signature
+     *
+     * @param string $data
+     * @param string $passPhrase
+     * @return string
+     */
+    private function createSignature($data, $passPhrase) {
+        $passPhrase = hash('sha512', $passPhrase . 'a', true);
+        $signature = hash_hmac('sha256', $data, $passPhrase);
+        return $signature;
+    }
+
+
+    /**
+     * remove padding
+     *
+     * @param string $padded
+     * @param bool $hasSignature did the block contain a signature, in this case we use a different padding
+     * @return string|false
+     */
+    private function removePadding($padded, $hasSignature = false) {
+        if ($hasSignature === false && substr($padded, -2) === 'xx') {
+            return substr($padded, 0, -2);
+        } elseif ($hasSignature === true && substr($padded, -3) === 'xxx') {
+            return substr($padded, 0, -3);
+        }
+        return false;
+    }
+
+    /**
+     * split meta data from encrypted file
+     * Note: for now, we assume that the meta data always start with the iv
+     *       followed by the signature, if available
+     *
+     * @param string $catFile
+     * @param string $cipher
+     * @return array
+     */
+    private function splitMetaData($catFile, $cipher) {
+        if ($this->hasSignature($catFile, $cipher)) {
+            $catFile = $this->removePadding($catFile, true);
+            $meta = substr($catFile, -93);
+            $iv = substr($meta, strlen('00iv00'), 16);
+            $sig = substr($meta, 22 + strlen('00sig00'));
+            $encrypted = substr($catFile, 0, -93);
+        } else {
+            $catFile = $this->removePadding($catFile);
+            $meta = substr($catFile, -22);
+            $iv = substr($meta, -16);
+            $sig = false;
+            $encrypted = substr($catFile, 0, -22);
+        }
+
+        return [
+            'encrypted' => $encrypted,
+            'iv' => $iv,
+            'signature' => $sig
+        ];
+    }
+
+    /**
+     * check if encrypted block is signed
+     *
+     * @param string $catFile
+     * @param string $cipher
+     * @return bool
+     * @throws HintException
+     */
+    private function hasSignature($catFile, $cipher) {
+        $meta = substr($catFile, -93);
+        $signaturePosition = strpos($meta, '00sig00');
+
+        // enforce signature for the new 'CTR' ciphers
+        if ($signaturePosition === false && strpos(strtolower($cipher), 'ctr') !== false) {
+            throw new HintException('Missing Signature', $this->l->t('Missing Signature'));
+        }
+
+        return ($signaturePosition !== false);
+    }
+
+
+    /**
+     * @param string $encryptedContent
+     * @param string $iv
+     * @param string $passPhrase
+     * @param string $cipher
+     * @return string
+     * @throws DecryptionFailedException
+     */
+    private function decrypt($encryptedContent, $iv, $passPhrase = '', $cipher = self::DEFAULT_CIPHER) {
+        $plainContent = openssl_decrypt($encryptedContent,
+            $cipher,
+            $passPhrase,
+            false,
+            $iv);
+
+        if ($plainContent) {
+            return $plainContent;
+        } else {
+            throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
+        }
+    }
+
+    /**
+     * @param string $data
+     * @return array
+     */
+    protected function parseHeader($data) {
+        $result = [];
+
+        if (substr($data, 0, strlen(self::HEADER_START)) === self::HEADER_START) {
+            $endAt = strpos($data, self::HEADER_END);
+            $header = substr($data, 0, $endAt + strlen(self::HEADER_END));
+
+            // +1 not to start with an ':' which would result in empty element at the beginning
+            $exploded = explode(':',
+                substr($header, strlen(self::HEADER_START) + 1));
+
+            $element = array_shift($exploded);
+
+            while ($element != self::HEADER_END) {
+                $result[$element] = array_shift($exploded);
+                $element = array_shift($exploded);
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * generate initialization vector
+     *
+     * @return string
+     * @throws GenericEncryptionException
+     */
+    private function generateIv() {
+        return random_bytes(16);
+    }
+
+    /**
+     * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
+     * as file key
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function generateFileKey() {
+        return random_bytes(32);
+    }
+
+    /**
+     * @param $encKeyFile
+     * @param $shareKey
+     * @param $privateKey
+     * @return string
+     * @throws MultiKeyDecryptException
+     */
+    public function multiKeyDecrypt($encKeyFile, $shareKey, $privateKey) {
+        if (!$encKeyFile) {
+            throw new MultiKeyDecryptException('Cannot multikey decrypt empty plain content');
+        }
+
+        if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
+            return $plainContent;
+        } else {
+            throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
+        }
+    }
+
+    /**
+     * @param string $plainContent
+     * @param array $keyFiles
+     * @return array
+     * @throws MultiKeyEncryptException
+     */
+    public function multiKeyEncrypt($plainContent, array $keyFiles) {
+        // openssl_seal returns false without errors if plaincontent is empty
+        // so trigger our own error
+        if (empty($plainContent)) {
+            throw new MultiKeyEncryptException('Cannot multikeyencrypt empty plain content');
+        }
+
+        // Set empty vars to be set by openssl by reference
+        $sealed = '';
+        $shareKeys = [];
+        $mappedShareKeys = [];
+
+        if (openssl_seal($plainContent, $sealed, $shareKeys, $keyFiles)) {
+            $i = 0;
+
+            // Ensure each shareKey is labelled with its corresponding key id
+            foreach ($keyFiles as $userId => $publicKey) {
+                $mappedShareKeys[$userId] = $shareKeys[$i];
+                $i++;
+            }
+
+            return [
+                'keys' => $mappedShareKeys,
+                'data' => $sealed
+            ];
+        } else {
+            throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
+        }
+    }
 }
 

Spacing +19 added lines, -19 removed lines

@@ -117,7 +117,7 @@ 
 				['app' => 'encryption']);
 
 			if (openssl_error_string()) {
-				$log->error('Encryption library openssl_pkey_new() fails: ' . openssl_error_string(),
+				$log->error('Encryption library openssl_pkey_new() fails: '.openssl_error_string(),
 					['app' => 'encryption']);
 			}
 		} elseif (openssl_pkey_export($res,
@@ -132,10 +132,10 @@ 
 				'privateKey' => $privateKey
 			];
 		}
-		$log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.' . $this->user,
+		$log->error('Encryption library couldn\'t export users private key, please check your servers OpenSSL configuration.'.$this->user,
 			['app' => 'encryption']);
 		if (openssl_error_string()) {
-			$log->error('Encryption Library:' . openssl_error_string(),
+			$log->error('Encryption Library:'.openssl_error_string(),
 				['app' => 'encryption']);
 		}
 
@@ -210,15 +210,15 @@ 
 	public function generateHeader($keyFormat = 'hash') {
 
 		if (in_array($keyFormat, $this->supportedKeyFormats, true) === false) {
-			throw new \InvalidArgumentException('key format "' . $keyFormat . '" is not supported');
+			throw new \InvalidArgumentException('key format "'.$keyFormat.'" is not supported');
 		}
 
 		$cipher = $this->getCipher();
 
 		$header = self::HEADER_START
-			. ':cipher:' . $cipher
-			. ':keyFormat:' . $keyFormat
-			. ':' . self::HEADER_END;
+			. ':cipher:'.$cipher
+			. ':keyFormat:'.$keyFormat
+			. ':'.self::HEADER_END;
 
 		return $header;
 	}
@@ -240,7 +240,7 @@ 
 
 		if (!$encryptedContent) {
 			$error = 'Encryption (symmetric) of content failed';
-			$this->logger->error($error . openssl_error_string(),
+			$this->logger->error($error.openssl_error_string(),
 				['app' => 'encryption']);
 			throw new EncryptionFailedException($error);
 		}
@@ -268,8 +268,8 @@ 
 		}
 
 		// Workaround for OpenSSL 0.9.8. Fallback to an old cipher that should work.
-		if(OPENSSL_VERSION_NUMBER < 0x1000101f) {
-			if($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
+		if (OPENSSL_VERSION_NUMBER < 0x1000101f) {
+			if ($cipher === 'AES-256-CTR' || $cipher === 'AES-128-CTR') {
 				$cipher = self::LEGACY_CIPHER;
 			}
 		}
@@ -285,7 +285,7 @@ 
 	 * @throws \InvalidArgumentException
 	 */
 	protected function getKeySize($cipher) {
-		if(isset($this->supportedCiphersAndKeySize[$cipher])) {
+		if (isset($this->supportedCiphersAndKeySize[$cipher])) {
 			return $this->supportedCiphersAndKeySize[$cipher];
 		}
 
@@ -312,7 +312,7 @@ 
 	 * @return string
 	 */
 	private function concatIV($encryptedContent, $iv) {
-		return $encryptedContent . '00iv00' . $iv;
+		return $encryptedContent.'00iv00'.$iv;
 	}
 
 	/**
@@ -321,7 +321,7 @@ 
 	 * @return string
 	 */
 	private function concatSig($encryptedContent, $signature) {
-		return $encryptedContent . '00sig00' . $signature;
+		return $encryptedContent.'00sig00'.$signature;
 	}
 
 	/**
@@ -333,7 +333,7 @@ 
 	 * @return string
 	 */
 	private function addPadding($data) {
-		return $data . 'xxx';
+		return $data.'xxx';
 	}
 
 	/**
@@ -347,7 +347,7 @@ 
 	protected function generatePasswordHash($password, $cipher, $uid = '') {
 		$instanceId = $this->config->getSystemValue('instanceid');
 		$instanceSecret = $this->config->getSystemValue('secret');
-		$salt = hash('sha256', $uid . $instanceId . $instanceSecret, true);
+		$salt = hash('sha256', $uid.$instanceId.$instanceSecret, true);
 		$keySize = $this->getKeySize($cipher);
 
 		$hash = hash_pbkdf2(
@@ -493,7 +493,7 @@ 
 	 * @return string
 	 */
 	private function createSignature($data, $passPhrase) {
-		$passPhrase = hash('sha512', $passPhrase . 'a', true);
+		$passPhrase = hash('sha512', $passPhrase.'a', true);
 		$signature = hash_hmac('sha256', $data, $passPhrase);
 		return $signature;
 	}
@@ -585,7 +585,7 @@ 
 		if ($plainContent) {
 			return $plainContent;
 		} else {
-			throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: ' . openssl_error_string());
+			throw new DecryptionFailedException('Encryption library: Decryption (symmetric) of content failed: '.openssl_error_string());
 		}
 	}
 
@@ -651,7 +651,7 @@ 
 		if (openssl_open($encKeyFile, $plainContent, $shareKey, $privateKey)) {
 			return $plainContent;
 		} else {
-			throw new MultiKeyDecryptException('multikeydecrypt with share key failed:' . openssl_error_string());
+			throw new MultiKeyDecryptException('multikeydecrypt with share key failed:'.openssl_error_string());
 		}
 	}
 
@@ -687,7 +687,7 @@ 
 				'data' => $sealed
 			];
 		} else {
-			throw new MultiKeyEncryptException('multikeyencryption failed ' . openssl_error_string());
+			throw new MultiKeyEncryptException('multikeyencryption failed '.openssl_error_string());
 		}
 	}
 }

apps/encryption/lib/Crypto/DecryptAll.php

Indentation +123 added lines, -123 removed lines

@@ -35,127 +35,127 @@
 
 class DecryptAll {
 
-	/** @var Util  */
-	protected $util;
-
-	/** @var QuestionHelper  */
-	protected $questionHelper;
-
-	/** @var  Crypt */
-	protected $crypt;
-
-	/** @var  KeyManager */
-	protected $keyManager;
-
-	/** @var Session  */
-	protected $session;
-
-	/**
-	 * @param Util $util
-	 * @param KeyManager $keyManager
-	 * @param Crypt $crypt
-	 * @param Session $session
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(
-		Util $util,
-		KeyManager $keyManager,
-		Crypt $crypt,
-		Session $session,
-		QuestionHelper $questionHelper
-	) {
-		$this->util = $util;
-		$this->keyManager = $keyManager;
-		$this->crypt = $crypt;
-		$this->session = $session;
-		$this->questionHelper = $questionHelper;
-	}
-
-	/**
-	 * prepare encryption module to decrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param $user
-	 * @return bool
-	 */
-	public function prepare(InputInterface $input, OutputInterface $output, $user) {
-
-		$question = new Question('Please enter the recovery key password: ');
-
-		if($this->util->isMasterKeyEnabled()) {
-			$output->writeln('Use master key to decrypt all files');
-			$user = $this->keyManager->getMasterKeyId();
-			$password =$this->keyManager->getMasterKeyPassword();
-		} else {
-			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-			if (!empty($user)) {
-				$output->writeln('You can only decrypt the users files if you know');
-				$output->writeln('the users password or if he activated the recovery key.');
-				$output->writeln('');
-				$questionUseLoginPassword = new ConfirmationQuestion(
-					'Do you want to use the users login password to decrypt all files? (y/n) ',
-					false
-				);
-				$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
-				if ($useLoginPassword) {
-					$question = new Question('Please enter the user\'s login password: ');
-				} else if ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
-					return false;
-				} else {
-					$user = $recoveryKeyId;
-				}
-			} else {
-				$output->writeln('You can only decrypt the files of all users if the');
-				$output->writeln('recovery key is enabled by the admin and activated by the users.');
-				$output->writeln('');
-				$user = $recoveryKeyId;
-			}
-
-			$question->setHidden(true);
-			$question->setHiddenFallback(false);
-			$password = $this->questionHelper->ask($input, $output, $question);
-		}
-
-		$privateKey = $this->getPrivateKey($user, $password);
-		if ($privateKey !== false) {
-			$this->updateSession($user, $privateKey);
-			return true;
-		} else {
-			$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
-		}
-
-
-		return false;
-	}
-
-	/**
-	 * get the private key which will be used to decrypt all files
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @return bool|string
-	 * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
-	 */
-	protected function getPrivateKey($user, $password) {
-		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-		$masterKeyId = $this->keyManager->getMasterKeyId();
-		if ($user === $recoveryKeyId) {
-			$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-		} elseif ($user === $masterKeyId) {
-			$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
-		} else {
-			$userKey = $this->keyManager->getPrivateKey($user);
-			$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
-		}
-
-		return $privateKey;
-	}
-
-	protected function updateSession($user, $privateKey) {
-		$this->session->prepareDecryptAll($user, $privateKey);
-	}
+    /** @var Util  */
+    protected $util;
+
+    /** @var QuestionHelper  */
+    protected $questionHelper;
+
+    /** @var  Crypt */
+    protected $crypt;
+
+    /** @var  KeyManager */
+    protected $keyManager;
+
+    /** @var Session  */
+    protected $session;
+
+    /**
+     * @param Util $util
+     * @param KeyManager $keyManager
+     * @param Crypt $crypt
+     * @param Session $session
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(
+        Util $util,
+        KeyManager $keyManager,
+        Crypt $crypt,
+        Session $session,
+        QuestionHelper $questionHelper
+    ) {
+        $this->util = $util;
+        $this->keyManager = $keyManager;
+        $this->crypt = $crypt;
+        $this->session = $session;
+        $this->questionHelper = $questionHelper;
+    }
+
+    /**
+     * prepare encryption module to decrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param $user
+     * @return bool
+     */
+    public function prepare(InputInterface $input, OutputInterface $output, $user) {
+
+        $question = new Question('Please enter the recovery key password: ');
+
+        if($this->util->isMasterKeyEnabled()) {
+            $output->writeln('Use master key to decrypt all files');
+            $user = $this->keyManager->getMasterKeyId();
+            $password =$this->keyManager->getMasterKeyPassword();
+        } else {
+            $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+            if (!empty($user)) {
+                $output->writeln('You can only decrypt the users files if you know');
+                $output->writeln('the users password or if he activated the recovery key.');
+                $output->writeln('');
+                $questionUseLoginPassword = new ConfirmationQuestion(
+                    'Do you want to use the users login password to decrypt all files? (y/n) ',
+                    false
+                );
+                $useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
+                if ($useLoginPassword) {
+                    $question = new Question('Please enter the user\'s login password: ');
+                } else if ($this->util->isRecoveryEnabledForUser($user) === false) {
+                    $output->writeln('No recovery key available for user ' . $user);
+                    return false;
+                } else {
+                    $user = $recoveryKeyId;
+                }
+            } else {
+                $output->writeln('You can only decrypt the files of all users if the');
+                $output->writeln('recovery key is enabled by the admin and activated by the users.');
+                $output->writeln('');
+                $user = $recoveryKeyId;
+            }
+
+            $question->setHidden(true);
+            $question->setHiddenFallback(false);
+            $password = $this->questionHelper->ask($input, $output, $question);
+        }
+
+        $privateKey = $this->getPrivateKey($user, $password);
+        if ($privateKey !== false) {
+            $this->updateSession($user, $privateKey);
+            return true;
+        } else {
+            $output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
+        }
+
+
+        return false;
+    }
+
+    /**
+     * get the private key which will be used to decrypt all files
+     *
+     * @param string $user
+     * @param string $password
+     * @return bool|string
+     * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
+     */
+    protected function getPrivateKey($user, $password) {
+        $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+        $masterKeyId = $this->keyManager->getMasterKeyId();
+        if ($user === $recoveryKeyId) {
+            $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+        } elseif ($user === $masterKeyId) {
+            $masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
+        } else {
+            $userKey = $this->keyManager->getPrivateKey($user);
+            $privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
+        }
+
+        return $privateKey;
+    }
+
+    protected function updateSession($user, $privateKey) {
+        $this->session->prepareDecryptAll($user, $privateKey);
+    }
 }

Spacing +3 added lines, -3 removed lines

@@ -83,10 +83,10 @@ 
 
 		$question = new Question('Please enter the recovery key password: ');
 
-		if($this->util->isMasterKeyEnabled()) {
+		if ($this->util->isMasterKeyEnabled()) {
 			$output->writeln('Use master key to decrypt all files');
 			$user = $this->keyManager->getMasterKeyId();
-			$password =$this->keyManager->getMasterKeyPassword();
+			$password = $this->keyManager->getMasterKeyPassword();
 		} else {
 			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
 			if (!empty($user)) {
@@ -101,7 +101,7 @@ 
 				if ($useLoginPassword) {
 					$question = new Question('Please enter the user\'s login password: ');
 				} else if ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
+					$output->writeln('No recovery key available for user '.$user);
 					return false;
 				} else {
 					$user = $recoveryKeyId;

apps/encryption/lib/HookManager.php

Indentation +29 added lines, -29 removed lines

@@ -28,38 +28,38 @@
 
 class HookManager {
 
-	private $hookInstances = [];
+    private $hookInstances = [];
 
-	/**
-	 * @param array|IHook $instances
-	 *        - This accepts either a single instance of IHook or an array of instances of IHook
-	 * @return bool
-	 */
-	public function registerHook($instances) {
-		if (is_array($instances)) {
-			foreach ($instances as $instance) {
-				if (!$instance instanceof IHook) {
-					return false;
-				}
-				$this->hookInstances[] = $instance;
-			}
+    /**
+     * @param array|IHook $instances
+     *        - This accepts either a single instance of IHook or an array of instances of IHook
+     * @return bool
+     */
+    public function registerHook($instances) {
+        if (is_array($instances)) {
+            foreach ($instances as $instance) {
+                if (!$instance instanceof IHook) {
+                    return false;
+                }
+                $this->hookInstances[] = $instance;
+            }
 
-		} elseif ($instances instanceof IHook) {
-			$this->hookInstances[] = $instances;
-		}
-		return true;
-	}
+        } elseif ($instances instanceof IHook) {
+            $this->hookInstances[] = $instances;
+        }
+        return true;
+    }
 
-	public function fireHooks() {
-		foreach ($this->hookInstances as $instance) {
-			/**
-			 * Fire off the add hooks method of each instance stored in cache
-			 *
-			 * @var $instance IHook
-			 */
-			$instance->addHooks();
-		}
+    public function fireHooks() {
+        foreach ($this->hookInstances as $instance) {
+            /**
+             * Fire off the add hooks method of each instance stored in cache
+             *
+             * @var $instance IHook
+             */
+            $instance->addHooks();
+        }
 
-	}
+    }
 
 }

apps/encryption/appinfo/routes.php

Indentation +30 added lines, -30 removed lines

@@ -26,36 +26,36 @@
 
 (new Application())->registerRoutes($this, array('routes' => array(
 
-	[
-		'name' => 'Recovery#adminRecovery',
-		'url' => '/ajax/adminRecovery',
-		'verb' => 'POST'
-	],
-	[
-		'name' => 'Settings#updatePrivateKeyPassword',
-		'url' => '/ajax/updatePrivateKeyPassword',
-		'verb' => 'POST'
-	],
-	[
-		'name' => 'Settings#setEncryptHomeStorage',
-		'url' => '/ajax/setEncryptHomeStorage',
-		'verb' => 'POST'
-	],
-	[
-		'name' => 'Recovery#changeRecoveryPassword',
-		'url' => '/ajax/changeRecoveryPassword',
-		'verb' => 'POST'
-	],
-	[
-		'name' => 'Recovery#userSetRecovery',
-		'url' => '/ajax/userSetRecovery',
-		'verb' => 'POST'
-	],
-	[
-		'name' => 'Status#getStatus',
-		'url' => '/ajax/getStatus',
-		'verb' => 'GET'
-	]
+    [
+        'name' => 'Recovery#adminRecovery',
+        'url' => '/ajax/adminRecovery',
+        'verb' => 'POST'
+    ],
+    [
+        'name' => 'Settings#updatePrivateKeyPassword',
+        'url' => '/ajax/updatePrivateKeyPassword',
+        'verb' => 'POST'
+    ],
+    [
+        'name' => 'Settings#setEncryptHomeStorage',
+        'url' => '/ajax/setEncryptHomeStorage',
+        'verb' => 'POST'
+    ],
+    [
+        'name' => 'Recovery#changeRecoveryPassword',
+        'url' => '/ajax/changeRecoveryPassword',
+        'verb' => 'POST'
+    ],
+    [
+        'name' => 'Recovery#userSetRecovery',
+        'url' => '/ajax/userSetRecovery',
+        'verb' => 'POST'
+    ],
+    [
+        'name' => 'Status#getStatus',
+        'url' => '/ajax/getStatus',
+        'verb' => 'GET'
+    ]
 
 
 )));

apps/encryption/appinfo/app.php

Indentation +3 added lines, -3 removed lines

@@ -29,7 +29,7 @@
 
 $app = new Application([], $encryptionSystemReady);
 if ($encryptionSystemReady) {
-	$app->registerEncryptionModule();
-	$app->registerHooks();
-	$app->registerSettings();
+    $app->registerEncryptionModule();
+    $app->registerHooks();
+    $app->registerSettings();
 }

apps/encryption/settings/settings-personal.php

Indentation +21 added lines, -21 removed lines

@@ -27,26 +27,26 @@ 
 
 $template = new OCP\Template('encryption', 'settings-personal');
 $crypt = new \OCA\Encryption\Crypto\Crypt(
-	\OC::$server->getLogger(),
-	$userSession,
-	\OC::$server->getConfig(),
-	\OC::$server->getL10N('encryption'));
+    \OC::$server->getLogger(),
+    $userSession,
+    \OC::$server->getConfig(),
+    \OC::$server->getL10N('encryption'));
 
 $util = new \OCA\Encryption\Util(
-	new \OC\Files\View(),
-	$crypt,
-	\OC::$server->getLogger(),
-	$userSession,
-	\OC::$server->getConfig(),
-	\OC::$server->getUserManager());
+    new \OC\Files\View(),
+    $crypt,
+    \OC::$server->getLogger(),
+    $userSession,
+    \OC::$server->getConfig(),
+    \OC::$server->getUserManager());
 
 $keyManager = new \OCA\Encryption\KeyManager(
-	\OC::$server->getEncryptionKeyStorage(),
-	$crypt,
-	\OC::$server->getConfig(),
-	$userSession,
-	$session,
-	\OC::$server->getLogger(), $util);
+    \OC::$server->getEncryptionKeyStorage(),
+    $crypt,
+    \OC::$server->getConfig(),
+    $userSession,
+    $session,
+    \OC::$server->getLogger(), $util);
 
 $user = $userSession->getUser()->getUID();
 
@@ -64,12 +64,12 @@ 
 $result = false;
 
 if ($recoveryAdminEnabled || !$privateKeySet) {
-	$template->assign('recoveryEnabled', $recoveryAdminEnabled);
-	$template->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
-	$template->assign('privateKeySet', $privateKeySet);
-	$template->assign('initialized', $initialized);
+    $template->assign('recoveryEnabled', $recoveryAdminEnabled);
+    $template->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
+    $template->assign('privateKeySet', $privateKeySet);
+    $template->assign('initialized', $initialized);
 
-	$result = $template->fetchPage();
+    $result = $template->fetchPage();
 }
 
 return $result;

apps/comments/lib/Activity/Listener.php

Spacing +2 added lines, -2 removed lines

@@ -92,8 +92,8 @@
 				/** @var Node $node */
 				$node = array_shift($nodes);
 				$path = $node->getPath();
-				if (strpos($path, '/' . $owner . '/files/') === 0) {
-					$path = substr($path, strlen('/' . $owner . '/files'));
+				if (strpos($path, '/'.$owner.'/files/') === 0) {
+					$path = substr($path, strlen('/'.$owner.'/files'));
 				}
 				// Get all users that have access to the mount point
 				$users = array_merge($users, Share::getUsersSharingFile($path, $owner, true, true));

Indentation +85 added lines, -85 removed lines

@@ -33,97 +33,97 @@
 use OCP\Share;
 
 class Listener {
-	/** @var IManager */
-	protected $activityManager;
-	/** @var IUserSession */
-	protected $session;
-	/** @var \OCP\App\IAppManager */
-	protected $appManager;
-	/** @var \OCP\Files\Config\IMountProviderCollection */
-	protected $mountCollection;
-	/** @var \OCP\Files\IRootFolder */
-	protected $rootFolder;
+    /** @var IManager */
+    protected $activityManager;
+    /** @var IUserSession */
+    protected $session;
+    /** @var \OCP\App\IAppManager */
+    protected $appManager;
+    /** @var \OCP\Files\Config\IMountProviderCollection */
+    protected $mountCollection;
+    /** @var \OCP\Files\IRootFolder */
+    protected $rootFolder;
 
-	/**
-	 * Listener constructor.
-	 *
-	 * @param IManager $activityManager
-	 * @param IUserSession $session
-	 * @param IAppManager $appManager
-	 * @param IMountProviderCollection $mountCollection
-	 * @param IRootFolder $rootFolder
-	 */
-	public function __construct(IManager $activityManager,
-								IUserSession $session,
-								IAppManager $appManager,
-								IMountProviderCollection $mountCollection,
-								IRootFolder $rootFolder) {
-		$this->activityManager = $activityManager;
-		$this->session = $session;
-		$this->appManager = $appManager;
-		$this->mountCollection = $mountCollection;
-		$this->rootFolder = $rootFolder;
-	}
+    /**
+     * Listener constructor.
+     *
+     * @param IManager $activityManager
+     * @param IUserSession $session
+     * @param IAppManager $appManager
+     * @param IMountProviderCollection $mountCollection
+     * @param IRootFolder $rootFolder
+     */
+    public function __construct(IManager $activityManager,
+                                IUserSession $session,
+                                IAppManager $appManager,
+                                IMountProviderCollection $mountCollection,
+                                IRootFolder $rootFolder) {
+        $this->activityManager = $activityManager;
+        $this->session = $session;
+        $this->appManager = $appManager;
+        $this->mountCollection = $mountCollection;
+        $this->rootFolder = $rootFolder;
+    }
 
-	/**
-	 * @param CommentsEvent $event
-	 */
-	public function commentEvent(CommentsEvent $event) {
-		if ($event->getComment()->getObjectType() !== 'files'
-			|| !in_array($event->getEvent(), [CommentsEvent::EVENT_ADD])
-			|| !$this->appManager->isInstalled('activity')) {
-			// Comment not for file, not adding a comment or no activity-app enabled (save the energy)
-			return;
-		}
+    /**
+     * @param CommentsEvent $event
+     */
+    public function commentEvent(CommentsEvent $event) {
+        if ($event->getComment()->getObjectType() !== 'files'
+            || !in_array($event->getEvent(), [CommentsEvent::EVENT_ADD])
+            || !$this->appManager->isInstalled('activity')) {
+            // Comment not for file, not adding a comment or no activity-app enabled (save the energy)
+            return;
+        }
 
-		// Get all mount point owners
-		$cache = $this->mountCollection->getMountCache();
-		$mounts = $cache->getMountsForFileId($event->getComment()->getObjectId());
-		if (empty($mounts)) {
-			return;
-		}
+        // Get all mount point owners
+        $cache = $this->mountCollection->getMountCache();
+        $mounts = $cache->getMountsForFileId($event->getComment()->getObjectId());
+        if (empty($mounts)) {
+            return;
+        }
 
-		$users = [];
-		foreach ($mounts as $mount) {
-			$owner = $mount->getUser()->getUID();
-			$ownerFolder = $this->rootFolder->getUserFolder($owner);
-			$nodes = $ownerFolder->getById($event->getComment()->getObjectId());
-			if (!empty($nodes)) {
-				/** @var Node $node */
-				$node = array_shift($nodes);
-				$path = $node->getPath();
-				if (strpos($path, '/' . $owner . '/files/') === 0) {
-					$path = substr($path, strlen('/' . $owner . '/files'));
-				}
-				// Get all users that have access to the mount point
-				$users = array_merge($users, Share::getUsersSharingFile($path, $owner, true, true));
-			}
-		}
+        $users = [];
+        foreach ($mounts as $mount) {
+            $owner = $mount->getUser()->getUID();
+            $ownerFolder = $this->rootFolder->getUserFolder($owner);
+            $nodes = $ownerFolder->getById($event->getComment()->getObjectId());
+            if (!empty($nodes)) {
+                /** @var Node $node */
+                $node = array_shift($nodes);
+                $path = $node->getPath();
+                if (strpos($path, '/' . $owner . '/files/') === 0) {
+                    $path = substr($path, strlen('/' . $owner . '/files'));
+                }
+                // Get all users that have access to the mount point
+                $users = array_merge($users, Share::getUsersSharingFile($path, $owner, true, true));
+            }
+        }
 
-		$actor = $this->session->getUser();
-		if ($actor instanceof IUser) {
-			$actor = $actor->getUID();
-		} else {
-			$actor = '';
-		}
+        $actor = $this->session->getUser();
+        if ($actor instanceof IUser) {
+            $actor = $actor->getUID();
+        } else {
+            $actor = '';
+        }
 
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp(Extension::APP_NAME)
-			->setType(Extension::APP_NAME)
-			->setAuthor($actor)
-			->setObject($event->getComment()->getObjectType(), $event->getComment()->getObjectId())
-			->setMessage(Extension::ADD_COMMENT_MESSAGE, [
-				$event->getComment()->getId(),
-			]);
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp(Extension::APP_NAME)
+            ->setType(Extension::APP_NAME)
+            ->setAuthor($actor)
+            ->setObject($event->getComment()->getObjectType(), $event->getComment()->getObjectId())
+            ->setMessage(Extension::ADD_COMMENT_MESSAGE, [
+                $event->getComment()->getId(),
+            ]);
 
-		foreach ($users as $user => $path) {
-			$activity->setAffectedUser($user);
+        foreach ($users as $user => $path) {
+            $activity->setAffectedUser($user);
 
-			$activity->setSubject(Extension::ADD_COMMENT_SUBJECT, [
-				$actor,
-				$path,
-			]);
-			$this->activityManager->publish($activity);
-		}
-	}
+            $activity->setSubject(Extension::ADD_COMMENT_SUBJECT, [
+                $actor,
+                $path,
+            ]);
+            $this->activityManager->publish($activity);
+        }
+    }
 }

apps/files_trashbin/templates/index.php

Spacing +2 added lines, -2 removed lines

@@ -27,7 +27,7 @@ 
 					<label for="select_all_trash">
 						<span class="hidden-visually"><?php p($l->t('Select all'))?></span>
 					</label>
-					<a class="name sort columntitle" data-sort="name"><span><?php p($l->t( 'Name' )); ?></span><span class="sort-indicator"></span></a>
+					<a class="name sort columntitle" data-sort="name"><span><?php p($l->t('Name')); ?></span><span class="sort-indicator"></span></a>
 					<span id="selectedActionsList" class='selectedActions'>
 						<a href="" class="undelete">
 							<span class="icon icon-history"></span>
@@ -37,7 +37,7 @@ 
 				</div>
 			</th>
 			<th id="headerDate" class="hidden column-mtime">
-				<a id="modified" class="columntitle" data-sort="mtime"><span><?php p($l->t( 'Deleted' )); ?></span><span class="sort-indicator"></span></a>
+				<a id="modified" class="columntitle" data-sort="mtime"><span><?php p($l->t('Deleted')); ?></span><span class="sort-indicator"></span></a>
 				<span class="selectedActions">
 					<a href="" class="delete-selected">
 						<span><?php p($l->t('Delete'))?></span>