diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2021-05-11 10:54:55 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2021-05-11 10:54:55 +0300 |
commit | 1e3f84244e756dea3d4b7e998fdc963c069dfc97 (patch) | |
tree | f5219122ac6e66f9d3962d5e935ff06b4e3b875f | |
parent | bf86050c77c9a77ab9471750281002e7cade2379 (diff) |
Enhance identify proof storageenh/identityproof/key_storage
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r-- | lib/private/Security/IdentityProof/Manager.php | 64 |
1 files changed, 57 insertions, 7 deletions
diff --git a/lib/private/Security/IdentityProof/Manager.php b/lib/private/Security/IdentityProof/Manager.php index 6c54f1fa2de..04e6af075d1 100644 --- a/lib/private/Security/IdentityProof/Manager.php +++ b/lib/private/Security/IdentityProof/Manager.php @@ -32,6 +32,7 @@ namespace OC\Security\IdentityProof; use OC\Files\AppData\Factory; use OCP\Files\IAppData; +use OCP\Files\SimpleFS\ISimpleFolder; use OCP\IConfig; use OCP\ILogger; use OCP\IUser; @@ -108,14 +109,39 @@ class Manager { } catch (\Exception $e) { } $folder = $this->appData->getFolder($id); - $folder->newFile('private') - ->putContent($this->crypto->encrypt($privateKey)); - $folder->newFile('public') - ->putContent($publicKey); + $folder->newFile('private_enc') + ->putContent($this->encrypt($privateKey, $id)); + $folder->newFile('public_enc') + ->putContent($this->encrypt($publicKey, $id)); return new Key($publicKey, $privateKey); } + private function encrypt(string $key, string $id): string { + $data = [ + 'key' => $key, + 'id' => $id, + 'version' => 1 + ]; + + return $this->crypto->encrypt(json_encode($data)); + } + + private function decrypt(string $cipherText, string $id): string { + $plain = $this->crypto->decrypt($cipherText); + $data = json_decode($plain, true); + + if ($data['version'] !== 1) { + throw new \RuntimeException('Invalid version'); + } + + if ($data['id'] !== $id) { + throw new \RuntimeException($data['id'] . ' does not match ' . $id); + } + + return $data['key']; + } + /** * Get key for a specific id * @@ -126,16 +152,40 @@ class Manager { protected function retrieveKey(string $id): Key { try { $folder = $this->appData->getFolder($id); - $privateKey = $this->crypto->decrypt( - $folder->getFile('private')->getContent() + + $this->migrate($folder, $id); + + $privateKey = $this->decrypt( + $folder->getFile('private_enc')->getContent(), + $id ); - $publicKey = $folder->getFile('public')->getContent(); + $publicKey = $this->decrypt( + $folder->getFile('public_enc')->getContent(), + $id + ); + return new Key($publicKey, $privateKey); } catch (\Exception $e) { return $this->generateKey($id); } } + private function migrate(ISimpleFolder $folder, string $id): void { + if (!$folder->fileExists('private') && !$folder->fileExists('public')) { + return; + } + + $private = $folder->getFile('private'); + $folder->newFile('private_enc') + ->putContent($this->encrypt($this->crypto->decrypt($private->getContent()), $id)); + $private->delete(); + + $public = $folder->getFile('public'); + $folder->newFile('public_enc') + ->putContent($this->encrypt($public->getContent(), $id)); + $public->delete(); + } + /** * Get public and private key for $user * |