Skip to content

Commit 1e3f842

Browse files
rullzerrullzer
committed
Enhance identify proof storage
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
1 parent bf86050 commit 1e3f842

File tree

1 file changed

+57
-7
lines changed

1 file changed

+57
-7
lines changed

lib/private/Security/IdentityProof/Manager.php

Lines changed: 57 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232

3333
use OC\Files\AppData\Factory;
3434
use OCP\Files\IAppData;
35+
use OCP\Files\SimpleFS\ISimpleFolder;
3536
use OCP\IConfig;
3637
use OCP\ILogger;
3738
use OCP\IUser;
@@ -108,14 +109,39 @@ protected function generateKey(string $id): Key {
108109
} catch (\Exception $e) {
109110
}
110111
$folder = $this->appData->getFolder($id);
111-
$folder->newFile('private')
112-
->putContent($this->crypto->encrypt($privateKey));
113-
$folder->newFile('public')
114-
->putContent($publicKey);
112+
$folder->newFile('private_enc')
113+
->putContent($this->encrypt($privateKey, $id));
114+
$folder->newFile('public_enc')
115+
->putContent($this->encrypt($publicKey, $id));
115116

116117
return new Key($publicKey, $privateKey);
117118
}
118119

120+
private function encrypt(string $key, string $id): string {
121+
$data = [
122+
'key' => $key,
123+
'id' => $id,
124+
'version' => 1
125+
];
126+
127+
return $this->crypto->encrypt(json_encode($data));
128+
}
129+
130+
private function decrypt(string $cipherText, string $id): string {
131+
$plain = $this->crypto->decrypt($cipherText);
132+
$data = json_decode($plain, true);
133+
134+
if ($data['version'] !== 1) {
135+
throw new \RuntimeException('Invalid version');
136+
}
137+
138+
if ($data['id'] !== $id) {
139+
throw new \RuntimeException($data['id'] . ' does not match ' . $id);
140+
}
141+
142+
return $data['key'];
143+
}
144+
119145
/**
120146
* Get key for a specific id
121147
*
@@ -126,16 +152,40 @@ protected function generateKey(string $id): Key {
126152
protected function retrieveKey(string $id): Key {
127153
try {
128154
$folder = $this->appData->getFolder($id);
129-
$privateKey = $this->crypto->decrypt(
130-
$folder->getFile('private')->getContent()
155+
156+
$this->migrate($folder, $id);
157+
158+
$privateKey = $this->decrypt(
159+
$folder->getFile('private_enc')->getContent(),
160+
$id
131161
);
132-
$publicKey = $folder->getFile('public')->getContent();
162+
$publicKey = $this->decrypt(
163+
$folder->getFile('public_enc')->getContent(),
164+
$id
165+
);
166+
133167
return new Key($publicKey, $privateKey);
134168
} catch (\Exception $e) {
135169
return $this->generateKey($id);
136170
}
137171
}
138172

173+
private function migrate(ISimpleFolder $folder, string $id): void {
174+
if (!$folder->fileExists('private') && !$folder->fileExists('public')) {
175+
return;
176+
}
177+
178+
$private = $folder->getFile('private');
179+
$folder->newFile('private_enc')
180+
->putContent($this->encrypt($this->crypto->decrypt($private->getContent()), $id));
181+
$private->delete();
182+
183+
$public = $folder->getFile('public');
184+
$folder->newFile('public_enc')
185+
->putContent($this->encrypt($public->getContent(), $id));
186+
$public->delete();
187+
}
188+
139189
/**
140190
* Get public and private key for $user
141191
*

0 commit comments

Comments
 (0)