feat: encryption keys location can be specified by the storage implem…

…entation
owncloud · Jul 27, 2023 · faae8d8 · faae8d8
1 parent 515d81b
commit faae8d8
Show file tree

Hide file tree

Showing 7 changed files with 139 additions and 84 deletions.
diff --git a/changelog/unreleased/39091 b/changelog/unreleased/39091
@@ -0,0 +1,7 @@
+Change: Allow storage implementations to have their own encryption key storage
+
+The default encryption key storage location is not suitable for all storage
+implementations because e.g. the storage is not linked to a user.
+This is required for files_spaces.
+
+https://github.com/owncloud/core/pull/39091
diff --git a/lib/private/Encryption/Keys/Storage.php b/lib/private/Encryption/Keys/Storage.php
@@ -28,6 +28,7 @@
 use OC\Files\Filesystem;
 use OC\Files\View;
 use OCP\Encryption\Keys\IStorage;
+use OCP\Files\Mount\IMountManager;
 use OCP\IUserSession;
 use OC\User\NoUserException;
 
@@ -58,13 +59,17 @@ class Storage implements IStorage {
 
 	/** @var string */
 	private $currentUser = null;
+	/**
+	 * @var IMountManager
+	 */
+	private $mountManager;
 
 	/**
 	 * @param View $view view
 	 * @param Util $util encryption util class
 	 * @param IUserSession $session user session
 	 */
-	public function __construct(View $view, Util $util, IUserSession $session) {
+	public function __construct(View $view, Util $util, IUserSession $session, IMountManager $mountManager) {
 		$this->view = $view;
 		$this->util = $util;
 
@@ -75,6 +80,7 @@ public function __construct(View $view, Util $util, IUserSession $session) {
 		if ($session !== null && $session->getUser() !== null) {
 			$this->currentUser = $session->getUser()->getUID();
 		}
+		$this->mountManager = $mountManager;
 	}
 
 	/**
@@ -274,6 +280,13 @@ private function setKey($path, $key) {
 	 * @return string
 	 */
 	private function getFileKeyDir($encryptionModuleId, $path) {
+		# ask the storage implementation for the key storage
+		$mount = $this->mountManager->find($path);
+		$keyPath = $mount ? $mount->getStorage()->getEncryptionFileKeyDirectory($encryptionModuleId, $mount->getInternalPath($path)) : null;
+		if ($keyPath) {
+			return $keyPath;
+		}
+
 		list($owner, $filename) = $this->util->getUidAndFilename($path);
 
 		// in case of system wide mount points the keys are stored directly in the data directory

diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php
@@ -797,4 +797,8 @@ public function getLocks($internalPath, $returnChildLocks = false) {
 			return $lock;
 		}, $locks);
 	}
+
+	public function getEncryptionFileKeyDirectory(string $encryptionModuleId, string $path): ?string {
+		return null;
+	}
 }
diff --git a/lib/private/Files/Storage/Storage.php b/lib/private/Files/Storage/Storage.php
@@ -115,4 +115,6 @@ public function releaseLock($path, $type, ILockingProvider $provider);
 	 * @throws \OCP\Lock\LockedException
 	 */
 	public function changeLock($path, $type, ILockingProvider $provider);
+
+	public function getEncryptionFileKeyDirectory(string $encryptionModuleId, string $path): ?string;
 }
diff --git a/lib/private/Files/Storage/Wrapper/Wrapper.php b/lib/private/Files/Storage/Wrapper/Wrapper.php
@@ -651,4 +651,8 @@ public function getLocks($internalPath, $returnChildLocks = false) {
 
 		return [];
 	}
+
+	public function getEncryptionFileKeyDirectory(string $encryptionModuleId, string $path): ?string {
+		return $this->getWrapperStorage()->getEncryptionFileKeyDirectory($encryptionModuleId, $path);
+	}
 }
diff --git a/lib/private/Server.php b/lib/private/Server.php
@@ -216,7 +216,8 @@ public function __construct($webRoot, \OC\Config $config) {
 			return new Encryption\Keys\Storage(
 				$view,
 				$util,
-				$c->getUserSession()
+				$c->getUserSession(),
+				$c->getMountManager()
 			);
 		});
 		$this->registerService('TagMapper', function (Server $c) {