-
Notifications
You must be signed in to change notification settings - Fork 811
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: alex-z <[email protected]>
- Loading branch information
1 parent
b3249a1
commit 969612d
Showing
6 changed files
with
43 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
#pragma once | ||
/* | ||
* Copyright (C) 2023 by Oleksandr Zolotov <[email protected]> | ||
* Copyright (C) 2024 by Oleksandr Zolotov <[email protected]> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License as published by | ||
|
@@ -32,11 +32,13 @@ class TestClientSideEncryptionV2; | |
class TestSecureFileDrop; | ||
namespace OCC | ||
{ | ||
// Handles parsing and altering the metadata, encryption and decryption. Setup of the instance is always asynchronouse and emits void setupComplete() | ||
class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject | ||
{ | ||
friend class TestClientSideEncryptionV2; | ||
friend class TestSecureFileDrop; | ||
Q_OBJECT | ||
|
||
// represents a user that has access to a folder for which metadata instance is created | ||
struct FolderUser { | ||
QString userId; | ||
|
@@ -52,7 +54,7 @@ class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject | |
Version2_0, | ||
}; | ||
|
||
// represents a user that has access to a specific filedrop entry | ||
// represents a user that has access to a specific filedrop entry of the current folder | ||
struct FileDropEntryUser { | ||
QString userId; | ||
QByteArray decryptedFiledropKey; | ||
|
@@ -113,15 +115,16 @@ class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject | |
|
||
[[nodiscard]] bool moveFromFileDropToFiles(); | ||
|
||
bool addUser(const QString &userId, const QSslCertificate &certificate); //adds a user to have access to this folder (always generates new metadata key) | ||
bool removeUser(const QString &userId); // removes a user from this folder and removes and generates a new metadata key | ||
// adds a user to have access to this folder (always generates new metadata key) | ||
[[nodiscard]] bool addUser(const QString &userId, const QSslCertificate &certificate); | ||
// removes a user from this folder and removes and generates a new metadata key | ||
[[nodiscard]] bool removeUser(const QString &userId); | ||
|
||
[[nodiscard]] const QByteArray metadataKeyForEncryption() const; | ||
[[nodiscard]] const QByteArray metadataKeyForDecryption() const; | ||
[[nodiscard]] const QSet<QByteArray> &keyChecksums() const; | ||
[[nodiscard]] const QSet<QByteArray> &keyChecksumsRemoved() const; | ||
|
||
QByteArray encryptedMetadata(); | ||
[[nodiscard]] QByteArray encryptedMetadata(); | ||
|
||
[[nodiscard]] EncryptionStatusEnums::ItemEncryptionStatus existingMetadataEncryptionStatus() const; | ||
[[nodiscard]] EncryptionStatusEnums::ItemEncryptionStatus encryptedMetadataEncryptionStatus() const; | ||
|
@@ -135,8 +138,13 @@ class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject | |
|
||
[[nodiscard]] QByteArray initialMetadata() const; | ||
|
||
public slots: | ||
void addEncryptedFile(const EncryptedFile &f); | ||
void removeEncryptedFile(const EncryptedFile &f); | ||
void removeAllEncryptedFiles(); | ||
|
||
private: | ||
QByteArray encryptedMetadataLegacy(); | ||
[[nodiscard]] QByteArray encryptedMetadataLegacy(); | ||
|
||
[[nodiscard]] bool verifyMetadataKey(const QByteArray &metadataKey) const; | ||
|
||
|
@@ -165,11 +173,6 @@ class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject | |
|
||
static QByteArray prepareMetadataForSignature(const QJsonDocument &fullMetadata); | ||
|
||
public slots: | ||
void addEncryptedFile(const EncryptedFile &f); | ||
void removeEncryptedFile(const EncryptedFile &f); | ||
void removeAllEncryptedFiles(); | ||
|
||
private slots: | ||
void initMetadata(); | ||
void initEmptyMetadata(); | ||
|
@@ -196,34 +199,43 @@ private slots: | |
QByteArray _initialMetadata; | ||
|
||
bool _isRootEncryptedFolder = false; | ||
// always contains the last generated metadata key (non-encrypted and non-base64) | ||
QByteArray _metadataKeyForEncryption; | ||
QByteArray _metadataKeyForDecryption; // used for storing initial metadataKey to use for decryption, especially in nested folders when changing the metadataKey and re-encrypting nested dirs | ||
QSet<QByteArray> _keyChecksums; | ||
QSet<QByteArray> _keyChecksumsRemoved; | ||
// used for storing initial metadataKey to use for decryption, especially in nested folders when changing the metadataKey and re-encrypting nested dirs | ||
QByteArray _metadataKeyForDecryption; | ||
QByteArray _metadataNonce; | ||
// metadatakey checksums for validation during setting up from existing metadata | ||
QSet<QByteArray> _keyChecksums; | ||
|
||
// filedrop part non-parsed, for upload in case parsing can not be done (due to not having access for the current user, etc.) | ||
QJsonObject _fileDrop; | ||
// used by unit tests, must get assigned simultaneously with _fileDrop and never erased | ||
QJsonObject _fileDropFromServer; | ||
|
||
QMap<int, QByteArray> _metadataKeys; //legacy, remove after migration is done | ||
// legacy, remove after migration is done | ||
QMap<int, QByteArray> _metadataKeys; | ||
|
||
// users that have access to current folder's "ciphertext", except "filedrop" part | ||
QHash<QString, FolderUser> _folderUsers; | ||
|
||
// must increment on each metadata upload | ||
quint64 _counter = 0; | ||
|
||
MetadataVersion _existingMetadataVersion = MetadataVersion::VersionUndefined; | ||
MetadataVersion _encryptedMetadataVersion = MetadataVersion::VersionUndefined; | ||
|
||
// generated each time QByteArray encryptedMetadata() is called, and will later be used for validation if uploaded | ||
QByteArray _metadataSignature; | ||
|
||
// signature from server-side metadata | ||
QByteArray _initialSignature; | ||
|
||
// both files and folders info | ||
QVector<EncryptedFile> _files; | ||
|
||
// for parsed filedrop entries | ||
// parsed filedrop entries ready for move | ||
QVector<FileDropEntry> _fileDropEntries; | ||
|
||
// sets to "true" on successful parse | ||
bool _isMetadataValid = false; | ||
|
||
QScopedPointer<EncryptedFolderMetadataHandler> _encryptedFolderMetadataHandler; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
/* | ||
* Copyright (C) by Oleksandr Zolotov <[email protected]> | ||
* Copyright (C) 2024 by Oleksandr Zolotov <[email protected]> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License as published by | ||
|
@@ -214,6 +214,10 @@ private slots: | |
|
||
QVERIFY(metadata->addUser(_secondAccount->davUser(), _secondAccount->e2e()->_certificate)); | ||
|
||
QVERIFY(metadata->removeUser(_secondAccount->davUser())); | ||
|
||
QVERIFY(metadata->addUser(_secondAccount->davUser(), _secondAccount->e2e()->_certificate)); | ||
|
||
const auto encryptedMetadata = metadata->encryptedMetadata(); | ||
QVERIFY(!encryptedMetadata.isEmpty()); | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
/* | ||
* Copyright (C) by Oleksandr Zolotov <[email protected]> | ||
* Copyright (C) 2024 by Oleksandr Zolotov <[email protected]> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License as published by | ||
|