Encryption - Code Metrics - Inspection of "Merge pull request #2240 from nextcloud/daita-encr..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 25f519...aa30c4 )

by Lukas

created 2016-11-23 14:19 UTC

Encryption C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	529
Duplicated Lines	3.4 %

Coupling/Cohesion

Components	3
Dependencies	13

Importance

Changes

Metric	Value
wmc	55
lcom	3
cbo	13
dl	18
loc	529
rs	6.8
c	0
b	0
f	0

16 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	18	18	1
A	getId()	0	3	1
A	getDisplayName()	0	3	1
C	begin()	0	61	12
C	end()	0	41	8
A	encrypt()	0	57	4
A	decrypt()	0	11	2
C	update()	0	44	7
C	shouldEncrypt()	0	24	7
A	getUnencryptedBlockSize()	0	7	2
A	isReadable()	0	20	3
A	encryptAll()	0	3	1
A	prepareDecryptAll()	0	3	1
A	getPathToRealFile()	0	11	2
A	stripPartFileExtension()	0	8	2
A	isReadyForUser()	0	3	1

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like Encryption often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use Encryption, and based on these observations, apply Extract Interface, too.

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Björn Schießle <[email protected]>
 * @author Clark Tomlinson <[email protected]>
 * @author Jan-Christoph Borchardt <[email protected]>
 * @author Joas Schilling <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Thomas Müller <[email protected]>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OCA\Encryption\Crypto;


use OC\Encryption\Exceptions\DecryptionFailedException;
use OC\Files\Cache\Scanner;
use OC\Files\View;
use OCA\Encryption\Exceptions\PublicKeyMissingException;
use OCA\Encryption\Session;
use OCA\Encryption\Util;
use OCP\Encryption\IEncryptionModule;
use OCA\Encryption\KeyManager;
use OCP\IL10N;
use OCP\ILogger;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;

class Encryption implements IEncryptionModule {

	const ID = 'OC_DEFAULT_MODULE';
	const DISPLAY_NAME = 'Default encryption module';

	/**
	 * @var Crypt
	 */
	private $crypt;

	/** @var string */
	private $cipher;

	/** @var string */
	private $path;

	/** @var string */
	private $user;

	/** @var string */
	private $fileKey;

	/** @var string */
	private $writeCache;

	/** @var KeyManager */
	private $keyManager;

	/** @var array */
	private $accessList;

	/** @var boolean */
	private $isWriteOperation;

	/** @var Util */
	private $util;

	/** @var  Session */
	private $session;

	/** @var  ILogger */
	private $logger;

	/** @var IL10N */
	private $l;

	/** @var EncryptAll */
	private $encryptAll;

	/** @var  bool */
	private $useMasterPassword;

	/** @var DecryptAll  */
	private $decryptAll;

	/** @var int unencrypted block size if block contains signature */
	private $unencryptedBlockSizeSigned = 6072;

	/** @var int unencrypted block size */
	private $unencryptedBlockSize = 6126;

	/** @var int Current version of the file */
	private $version = 0;

	/** @var array remember encryption signature version */
	private static $rememberVersion = [];


	/**
	 *
	 * @param Crypt $crypt
	 * @param KeyManager $keyManager
	 * @param Util $util
	 * @param Session $session
	 * @param EncryptAll $encryptAll
	 * @param DecryptAll $decryptAll
	 * @param ILogger $logger
	 * @param IL10N $il10n
	 */
	public function __construct(Crypt $crypt,

								KeyManager $keyManager,
								Util $util,
								Session $session,
								EncryptAll $encryptAll,
								DecryptAll $decryptAll,
								ILogger $logger,
								IL10N $il10n) {
		$this->crypt = $crypt;
		$this->keyManager = $keyManager;
		$this->util = $util;
		$this->session = $session;
		$this->encryptAll = $encryptAll;
		$this->decryptAll = $decryptAll;
		$this->logger = $logger;
		$this->l = $il10n;
		$this->useMasterPassword = $util->isMasterKeyEnabled();
	}

	/**
	 * @return string defining the technical unique id
	 */
	public function getId() {
		return self::ID;
	}

	/**
	 * In comparison to getKey() this function returns a human readable (maybe translated) name
	 *
	 * @return string
	 */
	public function getDisplayName() {
		return self::DISPLAY_NAME;
	}

	/**
	 * start receiving chunks from a file. This is the place where you can
	 * perform some initial step before starting encrypting/decrypting the
	 * chunks
	 *
	 * @param string $path to the file
	 * @param string $user who read/write the file
	 * @param string $mode php stream open mode
	 * @param array $header contains the header data read from the file
	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
	 *
	 * @return array $header contain data as key-value pairs which should be
	 *                       written to the header, in case of a write operation
	 *                       or if no additional data is needed return a empty array
	 */
	public function begin($path, $user, $mode, array $header, array $accessList) {
		$this->path = $this->getPathToRealFile($path);
		$this->accessList = $accessList;
		$this->user = $user;
		$this->isWriteOperation = false;
		$this->writeCache = '';

		if($this->session->isReady() === false) {
			// if the master key is enabled we can initialize encryption
			// with a empty password and user name
			if ($this->util->isMasterKeyEnabled()) {
				$this->keyManager->init('', '');
			}
		}

		if ($this->session->decryptAllModeActivated()) {
			$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
			$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
			$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
				$shareKey,
				$this->session->getDecryptAllKey());
		} else {
			$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
		}

		// always use the version from the original file, also part files
		// need to have a correct version number if they get moved over to the
		// final location
		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());

		if (
			$mode === 'w'
			|| $mode === 'w+'
			|| $mode === 'wb'
			|| $mode === 'wb+'
		) {
			$this->isWriteOperation = true;
			if (empty($this->fileKey)) {
				$this->fileKey = $this->crypt->generateFileKey();
			}
		} else {
			// if we read a part file we need to increase the version by 1
			// because the version number was also increased by writing
			// the part file
			if(Scanner::isPartialFile($path)) {
				$this->version = $this->version + 1;
			}
		}

		if ($this->isWriteOperation) {
			$this->cipher = $this->crypt->getCipher();
		} elseif (isset($header['cipher'])) {
			$this->cipher = $header['cipher'];
		} else {
			// if we read a file without a header we fall-back to the legacy cipher
			// which was used in <=oC6
			$this->cipher = $this->crypt->getLegacyCipher();
		}

		return array('cipher' => $this->cipher, 'signed' => 'true');
	}

	/**
	 * last chunk received. This is the place where you can perform some final
	 * operation and return some remaining data if something is left in your
	 * buffer.
	 *
	 * @param string $path to the file
	 * @param int $position
	 * @return string remained data which should be written to the file in case
	 *                of a write operation
	 * @throws PublicKeyMissingException
	 * @throws \Exception
	 * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
	 */
	public function end($path, $position = 0) {
		$result = '';
		if ($this->isWriteOperation) {
			$this->keyManager->setVersion($path, $this->version + 1, new View());
			// in case of a part file we remember the new signature versions
			// the version will be set later on update.
			// This way we make sure that other apps listening to the pre-hooks
			// still get the old version which should be the correct value for them
			if (Scanner::isPartialFile($path)) {
				self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
			}
			if (!empty($this->writeCache)) {
				$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);

				$this->writeCache = '';
			}
			$publicKeys = array();
			if ($this->useMasterPassword === true) {
				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
			} else {
				foreach ($this->accessList['users'] as $uid) {
					try {
						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
					} catch (PublicKeyMissingException $e) {
						$this->logger->warning(
							'no public key found for user "{uid}", user will not be able to read the file',
							['app' => 'encryption', 'uid' => $uid]
						);
						// if the public key of the owner is missing we should fail
						if ($uid === $this->user) {
							throw $e;
						}
					}
				}
			}

			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
			$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
		}
		return $result;
	}

	/**
	 * encrypt data
	 *
	 * @param string $data you want to encrypt
	 * @param int $position
	 * @return string encrypted data
	 */
	public function encrypt($data, $position = 0) {
		// If extra data is left over from the last round, make sure it
		// is integrated into the next block
		if ($this->writeCache) {

			// Concat writeCache to start of $data
			$data = $this->writeCache . $data;

			// Clear the write cache, ready for reuse - it has been
			// flushed and its old contents processed
			$this->writeCache = '';

		}

		$encrypted = '';
		// While there still remains some data to be processed & written
		while (strlen($data) > 0) {

			// Remaining length for this iteration, not of the
			// entire file (may be greater than 8192 bytes)
			$remainingLength = strlen($data);

			// If data remaining to be written is less than the
			// size of 1 6126 byte block
			if ($remainingLength < $this->unencryptedBlockSizeSigned) {

				// Set writeCache to contents of $data
				// The writeCache will be carried over to the
				// next write round, and added to the start of
				// $data to ensure that written blocks are
				// always the correct length. If there is still
				// data in writeCache after the writing round
				// has finished, then the data will be written
				// to disk by $this->flush().
				$this->writeCache = $data;

				// Clear $data ready for next round
				$data = '';

			} else {

				// Read the chunk from the start of $data
				$chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);

				$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);

				// Remove the chunk we just processed from
				// $data, leaving only unprocessed data in $data
				// var, for handling on the next round
				$data = substr($data, $this->unencryptedBlockSizeSigned);

			}

		}

		return $encrypted;
	}

	/**
	 * decrypt data
	 *
	 * @param string $data you want to decrypt
	 * @param int $position
	 * @return string decrypted data
	 * @throws DecryptionFailedException
	 */
	public function decrypt($data, $position = 0) {
		if (empty($this->fileKey)) {
			$msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
			$hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
			$this->logger->error($msg);

			throw new DecryptionFailedException($msg, $hint);
		}

		return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
	}

	/**
	 * update encrypted file, e.g. give additional users access to the file
	 *
	 * @param string $path path to the file which should be updated
	 * @param string $uid of the user who performs the operation
	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
	 * @return boolean
	 */
	public function update($path, $uid, array $accessList) {

		if (empty($accessList)) {
			if (isset(self::$rememberVersion[$path])) {
				$this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
				unset(self::$rememberVersion[$path]);
			}
			return;
		}

		$fileKey = $this->keyManager->getFileKey($path, $uid);

		if (!empty($fileKey)) {

			$publicKeys = array();
			if ($this->useMasterPassword === true) {
				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
			} else {
				foreach ($accessList['users'] as $user) {
					try {
						$publicKeys[$user] = $this->keyManager->getPublicKey($user);
					} catch (PublicKeyMissingException $e) {
						$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
					}
				}
			}

			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);

			$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);

			$this->keyManager->deleteAllFileKeys($path);

			$this->keyManager->setAllFileKeys($path, $encryptedFileKey);

		} else {
			$this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
				array('file' => $path, 'app' => 'encryption'));

			return false;
		}

		return true;
	}

	/**
	 * should the file be encrypted or not
	 *
	 * @param string $path
	 * @return boolean
	 */
	public function shouldEncrypt($path) {
		if ($this->util->shouldEncryptHomeStorage() === false) {
			$storage = $this->util->getStorage($path);
			if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
				return false;
			}
		}
		$parts = explode('/', $path);
		if (count($parts) < 4) {
			return false;
		}

		if ($parts[2] == 'files') {
			return true;
		}
		if ($parts[2] == 'files_versions') {
			return true;
		}
		if ($parts[2] == 'files_trashbin') {
			return true;
		}

		return false;
	}

	/**
	 * get size of the unencrypted payload per block.
	 * ownCloud read/write files with a block size of 8192 byte
	 *
	 * @param bool $signed
	 * @return int
	 */
	public function getUnencryptedBlockSize($signed = false) {
		if ($signed === false) {
			return $this->unencryptedBlockSize;
		}

		return $this->unencryptedBlockSizeSigned;
	}

	/**
	 * check if the encryption module is able to read the file,
	 * e.g. if all encryption keys exists
	 *
	 * @param string $path
	 * @param string $uid user for whom we want to check if he can read the file
	 * @return bool
	 * @throws DecryptionFailedException
	 */
	public function isReadable($path, $uid) {
		$fileKey = $this->keyManager->getFileKey($path, $uid);
		if (empty($fileKey)) {
			$owner = $this->util->getOwner($path);
			if ($owner !== $uid) {
				// if it is a shared file we throw a exception with a useful
				// error message because in this case it means that the file was
				// shared with the user at a point where the user didn't had a
				// valid private/public key
				$msg = 'Encryption module "' . $this->getDisplayName() .
					'" is not able to read ' . $path;
				$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
				$this->logger->warning($msg);
				throw new DecryptionFailedException($msg, $hint);
			}
			return false;
		}

		return true;
	}

	/**
	 * Initial encryption of all files
	 *
	 * @param InputInterface $input
	 * @param OutputInterface $output write some status information to the terminal during encryption
	 */
	public function encryptAll(InputInterface $input, OutputInterface $output) {
		$this->encryptAll->encryptAll($input, $output);
	}

	/**
	 * prepare module to perform decrypt all operation
	 *
	 * @param InputInterface $input
	 * @param OutputInterface $output
	 * @param string $user
	 * @return bool
	 */
	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
		return $this->decryptAll->prepare($input, $output, $user);
	}


	/**
	 * @param string $path
	 * @return string
	 */
	protected function getPathToRealFile($path) {
		$realPath = $path;
		$parts = explode('/', $path);
		if ($parts[2] === 'files_versions') {
			$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
			$length = strrpos($realPath, '.');
			$realPath = substr($realPath, 0, $length);
		}

		return $realPath;
	}

	/**
	 * remove .part file extension and the ocTransferId from the file to get the
	 * original file name
	 *
	 * @param string $path
	 * @return string
	 */
	protected function stripPartFileExtension($path) {
		if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
			$pos = strrpos($path, '.', -6);
			$path = substr($path, 0, $pos);
		}

		return $path;
	}

	/**
	 * Check if the module is ready to be used by that specific user.
	 * In case a module is not ready - because e.g. key pairs have not been generated
	 * upon login this method can return false before any operation starts and might
	 * cause issues during operations.
	 *
	 * @param string $user
	 * @return boolean
	 * @since 9.1.0
	 */
	public function isReadyForUser($user) {
		return $this->keyManager->userHasKeys($user);
	}
}


1		<?php
2		/**
3		* @copyright Copyright (c) 2016, ownCloud, Inc.
4		*
5		* @author Björn Schießle <[email protected]>
6		* @author Clark Tomlinson <[email protected]>
7		* @author Jan-Christoph Borchardt <[email protected]>
8		* @author Joas Schilling <[email protected]>
9		* @author Lukas Reschke <[email protected]>
10		* @author Thomas Müller <[email protected]>
11		*
12		* @license AGPL-3.0
13		*
14		* This code is free software: you can redistribute it and/or modify
15		* it under the terms of the GNU Affero General Public License, version 3,
16		* as published by the Free Software Foundation.
17		*
18		* This program is distributed in the hope that it will be useful,
19		* but WITHOUT ANY WARRANTY; without even the implied warranty of
20		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21		* GNU Affero General Public License for more details.
22		*
23		* You should have received a copy of the GNU Affero General Public License, version 3,
24		* along with this program. If not, see <http://www.gnu.org/licenses/>
25		*
26		*/
27
28		namespace OCA\Encryption\Crypto;
29
30
31		use OC\Encryption\Exceptions\DecryptionFailedException;
32		use OC\Files\Cache\Scanner;
33		use OC\Files\View;
34		use OCA\Encryption\Exceptions\PublicKeyMissingException;
35		use OCA\Encryption\Session;
36		use OCA\Encryption\Util;
37		use OCP\Encryption\IEncryptionModule;
38		use OCA\Encryption\KeyManager;
39		use OCP\IL10N;
40		use OCP\ILogger;
41		use Symfony\Component\Console\Input\InputInterface;
42		use Symfony\Component\Console\Output\OutputInterface;
43
44		class Encryption implements IEncryptionModule {
45
46		const ID = 'OC_DEFAULT_MODULE';
47		const DISPLAY_NAME = 'Default encryption module';
48
49		/**
50		* @var Crypt
51		*/
52		private $crypt;
53
54		/** @var string */
55		private $cipher;
56
57		/** @var string */
58		private $path;
59
60		/** @var string */
61		private $user;
62
63		/** @var string */
64		private $fileKey;
65
66		/** @var string */
67		private $writeCache;
68
69		/** @var KeyManager */
70		private $keyManager;
71
72		/** @var array */
73		private $accessList;
74
75		/** @var boolean */
76		private $isWriteOperation;
77
78		/** @var Util */
79		private $util;
80
81		/** @var Session */
82		private $session;
83
84		/** @var ILogger */
85		private $logger;
86
87		/** @var IL10N */
88		private $l;
89
90		/** @var EncryptAll */
91		private $encryptAll;
92
93		/** @var bool */
94		private $useMasterPassword;
95
96		/** @var DecryptAll */
97		private $decryptAll;
98
99		/** @var int unencrypted block size if block contains signature */
100		private $unencryptedBlockSizeSigned = 6072;
101
102		/** @var int unencrypted block size */
103		private $unencryptedBlockSize = 6126;
104
105		/** @var int Current version of the file */
106		private $version = 0;
107
108		/** @var array remember encryption signature version */
109		private static $rememberVersion = [];
110
111
112		/**
113		*
114		* @param Crypt $crypt
115		* @param KeyManager $keyManager
116		* @param Util $util
117		* @param Session $session
118		* @param EncryptAll $encryptAll
119		* @param DecryptAll $decryptAll
120		* @param ILogger $logger
121		* @param IL10N $il10n
122		*/
123	View Code Duplication	public function __construct(Crypt $crypt,
		0 ignored issues – show Duplication introduced 2016-06-09 12:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
124		KeyManager $keyManager,
125		Util $util,
126		Session $session,
127		EncryptAll $encryptAll,
128		DecryptAll $decryptAll,
129		ILogger $logger,
130		IL10N $il10n) {
131		$this->crypt = $crypt;
132		$this->keyManager = $keyManager;
133		$this->util = $util;
134		$this->session = $session;
135		$this->encryptAll = $encryptAll;
136		$this->decryptAll = $decryptAll;
137		$this->logger = $logger;
138		$this->l = $il10n;
139		$this->useMasterPassword = $util->isMasterKeyEnabled();
140		}
141
142		/**
143		* @return string defining the technical unique id
144		*/
145		public function getId() {
146		return self::ID;
147		}
148
149		/**
150		* In comparison to getKey() this function returns a human readable (maybe translated) name
151		*
152		* @return string
153		*/
154		public function getDisplayName() {
155		return self::DISPLAY_NAME;
156		}
157
158		/**
159		* start receiving chunks from a file. This is the place where you can
160		* perform some initial step before starting encrypting/decrypting the
161		* chunks
162		*
163		* @param string $path to the file
164		* @param string $user who read/write the file
165		* @param string $mode php stream open mode
166		* @param array $header contains the header data read from the file
167		* @param array $accessList who has access to the file contains the key 'users' and 'public'
168		*
169		* @return array $header contain data as key-value pairs which should be
170		* written to the header, in case of a write operation
171		* or if no additional data is needed return a empty array
172		*/
173		public function begin($path, $user, $mode, array $header, array $accessList) {
174		$this->path = $this->getPathToRealFile($path);
175		$this->accessList = $accessList;
176		$this->user = $user;
177		$this->isWriteOperation = false;
178		$this->writeCache = '';
179
180		if($this->session->isReady() === false) {
181		// if the master key is enabled we can initialize encryption
182		// with a empty password and user name
183		if ($this->util->isMasterKeyEnabled()) {
184		$this->keyManager->init('', '');
185		}
186		}
187
188		if ($this->session->decryptAllModeActivated()) {
189		$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
190		$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
191		$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
192		$shareKey,
193		$this->session->getDecryptAllKey());
194		} else {
195		$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
196		}
197
198		// always use the version from the original file, also part files
199		// need to have a correct version number if they get moved over to the
200		// final location
201		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
202
203		if (
204		$mode === 'w'
205		\|\| $mode === 'w+'
206		\|\| $mode === 'wb'
207		\|\| $mode === 'wb+'
208		) {
209		$this->isWriteOperation = true;
210		if (empty($this->fileKey)) {
211		$this->fileKey = $this->crypt->generateFileKey();
212		}
213		} else {
214		// if we read a part file we need to increase the version by 1
215		// because the version number was also increased by writing
216		// the part file
217		if(Scanner::isPartialFile($path)) {
218		$this->version = $this->version + 1;
219		}
220		}
221
222		if ($this->isWriteOperation) {
223		$this->cipher = $this->crypt->getCipher();
224		} elseif (isset($header['cipher'])) {
225		$this->cipher = $header['cipher'];
226		} else {
227		// if we read a file without a header we fall-back to the legacy cipher
228		// which was used in <=oC6
229		$this->cipher = $this->crypt->getLegacyCipher();
230		}
231
232		return array('cipher' => $this->cipher, 'signed' => 'true');
233		}
234
235		/**
236		* last chunk received. This is the place where you can perform some final
237		* operation and return some remaining data if something is left in your
238		* buffer.
239		*
240		* @param string $path to the file
241		* @param int $position
242		* @return string remained data which should be written to the file in case
243		* of a write operation
244		* @throws PublicKeyMissingException
245		* @throws \Exception
246		* @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
247		*/
248		public function end($path, $position = 0) {
249		$result = '';
250		if ($this->isWriteOperation) {
251		$this->keyManager->setVersion($path, $this->version + 1, new View());
252		// in case of a part file we remember the new signature versions
253		// the version will be set later on update.
254		// This way we make sure that other apps listening to the pre-hooks
255		// still get the old version which should be the correct value for them
256		if (Scanner::isPartialFile($path)) {
257		self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
258		}
259		if (!empty($this->writeCache)) {
260		$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
		0 ignored issues – show Comprehensibility Best Practice introduced 2016-06-09 12:21 UTC by Report Bug Copy Issue Report The expression `$this->crypt->symmetricE...ersion + 1, $position);` of type `false\|string` adds `false` to the return on line 287 which is incompatible with the return type declared by the interface `OCP\Encryption\IEncryptionModule::end` of type `string`. It seems like you forgot to handle an error condition. Loading history...
261		$this->writeCache = '';
262		}
263		$publicKeys = array();
264		if ($this->useMasterPassword === true) {
265		$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
266		} else {
267		foreach ($this->accessList['users'] as $uid) {
268		try {
269		$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
270		} catch (PublicKeyMissingException $e) {
271		$this->logger->warning(
272		'no public key found for user "{uid}", user will not be able to read the file',
273		['app' => 'encryption', 'uid' => $uid]
274		);
275		// if the public key of the owner is missing we should fail
276		if ($uid === $this->user) {
277		throw $e;
278		}
279		}
280		}
281		}
282
283		$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user);
284		$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
285		$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
286		}
287		return $result;
288		}
289
290		/**
291		* encrypt data
292		*
293		* @param string $data you want to encrypt
294		* @param int $position
295		* @return string encrypted data
296		*/
297		public function encrypt($data, $position = 0) {
298		// If extra data is left over from the last round, make sure it
299		// is integrated into the next block
300		if ($this->writeCache) {
301
302		// Concat writeCache to start of $data
303		$data = $this->writeCache . $data;
304
305		// Clear the write cache, ready for reuse - it has been
306		// flushed and its old contents processed
307		$this->writeCache = '';
308
309		}
310
311		$encrypted = '';
312		// While there still remains some data to be processed & written
313		while (strlen($data) > 0) {
314
315		// Remaining length for this iteration, not of the
316		// entire file (may be greater than 8192 bytes)
317		$remainingLength = strlen($data);
318
319		// If data remaining to be written is less than the
320		// size of 1 6126 byte block
321		if ($remainingLength < $this->unencryptedBlockSizeSigned) {
322
323		// Set writeCache to contents of $data
324		// The writeCache will be carried over to the
325		// next write round, and added to the start of
326		// $data to ensure that written blocks are
327		// always the correct length. If there is still
328		// data in writeCache after the writing round
329		// has finished, then the data will be written
330		// to disk by $this->flush().
331		$this->writeCache = $data;
332
333		// Clear $data ready for next round
334		$data = '';
335
336		} else {
337
338		// Read the chunk from the start of $data
339		$chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
340
341		$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
342
343		// Remove the chunk we just processed from
344		// $data, leaving only unprocessed data in $data
345		// var, for handling on the next round
346		$data = substr($data, $this->unencryptedBlockSizeSigned);
347
348		}
349
350		}
351
352		return $encrypted;
353		}
354
355		/**
356		* decrypt data
357		*
358		* @param string $data you want to decrypt
359		* @param int $position
360		* @return string decrypted data
361		* @throws DecryptionFailedException
362		*/
363		public function decrypt($data, $position = 0) {
364		if (empty($this->fileKey)) {
365		$msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
366		$hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
367		$this->logger->error($msg);
368
369		throw new DecryptionFailedException($msg, $hint);
370		}
371
372		return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
373		}
374
375		/**
376		* update encrypted file, e.g. give additional users access to the file
377		*
378		* @param string $path path to the file which should be updated
379		* @param string $uid of the user who performs the operation
380		* @param array $accessList who has access to the file contains the key 'users' and 'public'
381		* @return boolean
382		*/
383		public function update($path, $uid, array $accessList) {
384
385		if (empty($accessList)) {
386		if (isset(self::$rememberVersion[$path])) {
387		$this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
388		unset(self::$rememberVersion[$path]);
389		}
390		return;
391		}
392
393		$fileKey = $this->keyManager->getFileKey($path, $uid);
394
395		if (!empty($fileKey)) {
396
397		$publicKeys = array();
398		if ($this->useMasterPassword === true) {
399		$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
400		} else {
401		foreach ($accessList['users'] as $user) {
402		try {
403		$publicKeys[$user] = $this->keyManager->getPublicKey($user);
404		} catch (PublicKeyMissingException $e) {
405		$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
406		}
407		}
408		}
409
410		$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
411
412		$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
413
414		$this->keyManager->deleteAllFileKeys($path);
415
416		$this->keyManager->setAllFileKeys($path, $encryptedFileKey);
417
418		} else {
419		$this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
420		array('file' => $path, 'app' => 'encryption'));
421
422		return false;
423		}
424
425		return true;
426		}
427
428		/**
429		* should the file be encrypted or not
430		*
431		* @param string $path
432		* @return boolean
433		*/
434		public function shouldEncrypt($path) {
435		if ($this->util->shouldEncryptHomeStorage() === false) {
436		$storage = $this->util->getStorage($path);
437		if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
438		return false;
439		}
440		}
441		$parts = explode('/', $path);
442		if (count($parts) < 4) {
443		return false;
444		}
445
446		if ($parts[2] == 'files') {
447		return true;
448		}
449		if ($parts[2] == 'files_versions') {
450		return true;
451		}
452		if ($parts[2] == 'files_trashbin') {
453		return true;
454		}
455
456		return false;
457		}
458
459		/**
460		* get size of the unencrypted payload per block.
461		* ownCloud read/write files with a block size of 8192 byte
462		*
463		* @param bool $signed
464		* @return int
465		*/
466		public function getUnencryptedBlockSize($signed = false) {
467		if ($signed === false) {
468		return $this->unencryptedBlockSize;
469		}
470
471		return $this->unencryptedBlockSizeSigned;
472		}
473
474		/**
475		* check if the encryption module is able to read the file,
476		* e.g. if all encryption keys exists
477		*
478		* @param string $path
479		* @param string $uid user for whom we want to check if he can read the file
480		* @return bool
481		* @throws DecryptionFailedException
482		*/
483		public function isReadable($path, $uid) {
484		$fileKey = $this->keyManager->getFileKey($path, $uid);
485		if (empty($fileKey)) {
486		$owner = $this->util->getOwner($path);
487		if ($owner !== $uid) {
488		// if it is a shared file we throw a exception with a useful
489		// error message because in this case it means that the file was
490		// shared with the user at a point where the user didn't had a
491		// valid private/public key
492		$msg = 'Encryption module "' . $this->getDisplayName() .
493		'" is not able to read ' . $path;
494		$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
495		$this->logger->warning($msg);
496		throw new DecryptionFailedException($msg, $hint);
497		}
498		return false;
499		}
500
501		return true;
502		}
503
504		/**
505		* Initial encryption of all files
506		*
507		* @param InputInterface $input
508		* @param OutputInterface $output write some status information to the terminal during encryption
509		*/
510		public function encryptAll(InputInterface $input, OutputInterface $output) {
511		$this->encryptAll->encryptAll($input, $output);
512		}
513
514		/**
515		* prepare module to perform decrypt all operation
516		*
517		* @param InputInterface $input
518		* @param OutputInterface $output
519		* @param string $user
520		* @return bool
521		*/
522		public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
523		return $this->decryptAll->prepare($input, $output, $user);
524		}
525
526
527		/**
528		* @param string $path
529		* @return string
530		*/
531		protected function getPathToRealFile($path) {
532		$realPath = $path;
533		$parts = explode('/', $path);
534		if ($parts[2] === 'files_versions') {
535		$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
536		$length = strrpos($realPath, '.');
537		$realPath = substr($realPath, 0, $length);
538		}
539
540		return $realPath;
541		}
542
543		/**
544		* remove .part file extension and the ocTransferId from the file to get the
545		* original file name
546		*
547		* @param string $path
548		* @return string
549		*/
550		protected function stripPartFileExtension($path) {
551		if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
552		$pos = strrpos($path, '.', -6);
553		$path = substr($path, 0, $pos);
554		}
555
556		return $path;
557		}
558
559		/**
560		* Check if the module is ready to be used by that specific user.
561		* In case a module is not ready - because e.g. key pairs have not been generated
562		* upon login this method can return false before any operation starts and might
563		* cause issues during operations.
564		*
565		* @param string $user
566		* @return boolean
567		* @since 9.1.0
568		*/
569		public function isReadyForUser($user) {
570		return $this->keyManager->userHasKeys($user);
571		}
572		}
573

nextcloud / server