[cse] Request public key from server

This is the first step needed to properly communicate. Next, get private key.
2024-10-27 15:05:19 +03:00 · 2017-09-12 11:21:53 +02:00 · 2017-09-12 11:21:53 +02:00 · 17693a75e5
commit 17693a75e5
parent f4bbec1019
6 changed files with 103 additions and 27 deletions
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@ -41,7 +41,6 @@ Q_LOGGING_CATEGORY(lcAccount, "sync.account", QtInfoMsg)
 Account::Account(QObject *parent)
    : QObject(parent)
    , _capabilities(QVariantMap())
-    , _encryption(new ClientSideEncryption(this))
    , _davPath(Theme::instance()->webDavPath())
 {
    qRegisterMetaType<AccountPtr>("AccountPtr");
@ -485,9 +484,4 @@ void Account::setNonShib(bool nonShib)
    }
 }

-ClientSideEncryption *Account::cse() const
-{
-    return _encryption;
-}
-
 } // namespace OCC
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@ -226,7 +226,6 @@ public:
    /// Called by network jobs on credential errors, emits invalidCredentials()
    void handleInvalidCredentials();

-    ClientSideEncryption *cse() const;
 public slots:
    /// Used when forgetting credentials
    void clearQNAMCache();
@ -276,7 +275,6 @@ private:
    QuotaInfo *_quotaInfo;
    QSharedPointer<QNetworkAccessManager> _am;
    QScopedPointer<AbstractCredentials> _credentials;
-    ClientSideEncryption *_encryption;
    bool _http2Supported = false;

    /// Certificates that were explicitly rejected by the user
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@ -1,34 +1,104 @@
 #include "clientsideencryption.h"
 #include "account.h"
 #include "capabilities.h"
+#include "networkjobs.h"

 #include <QDebug>
 #include <QLoggingCategory>
+#include <QFileInfo>
+#include <QDir>

 namespace OCC
 {

-Q_LOGGING_CATEGORY(lcCse, "sync.connectionvalidator", QtInfoMsg)
+Q_LOGGING_CATEGORY(lcCse, "sync.clientsideencryption", QtInfoMsg)

 QString baseUrl = QStringLiteral("ocs/v2.php/apps/client_side_encryption/api/v1/");
+QString baseDirectory = QDir::homePath() + QStringLiteral("/.nextcloud-keys/");

-ClientSideEncryption::ClientSideEncryption(Account *parent) : _account(parent)
+ClientSideEncryption::ClientSideEncryption()
 {
 }

-void OCC::ClientSideEncryption::initialize()
+void ClientSideEncryption::setAccount(AccountPtr account)
 {
+    _account = account;
+}
+
+void ClientSideEncryption::initialize()
+{
+    qCInfo(lcCse()) << "Initializing";
    if (!_account->capabilities().clientSideEncryptionAvaliable()) {
-        qCInfo(lcCse()) << "No client side encryption, do not initialize anything.";
+        qCInfo(lcCse()) << "No Client side encryption avaliable on server.";
        emit initializationFinished();
    }

-    fetchPrivateKey();
+    if (hasPrivateKey() && hasPublicKey()) {
+        qCInfo(lcCse()) << "Public and private keys already downloaded";
+        emit initializationFinished();
    }

-void ClientSideEncryption::fetchPrivateKey()
+    getPublicKeyFromServer();
+}
+
+QString ClientSideEncryption::publicKeyPath() const
 {
-    qCInfo(lcCse()) << "Client side encryption enabled, trying to retrieve the key.";
+    return baseDirectory + _account->displayName() + ".pub";
+}
+
+QString ClientSideEncryption::privateKeyPath() const
+{
+    return baseDirectory + _account->displayName() + ".rsa";
+}
+
+bool ClientSideEncryption::hasPrivateKey() const
+{
+    return QFileInfo(privateKeyPath()).exists();
+}
+
+bool ClientSideEncryption::hasPublicKey() const
+{
+    return QFileInfo(publicKeyPath()).exists();
+}
+
+void ClientSideEncryption::generateKeyPair()
+{
+
+}
+
+QString ClientSideEncryption::generateSCR()
+{
+    return {};
+}
+
+void ClientSideEncryption::getPrivateKeyFromServer()
+{
+
+}
+
+void ClientSideEncryption::getPublicKeyFromServer()
+{
+    qCInfo(lcCse()) << "Retrieving public key from server";
+    auto job = new JsonApiJob(_account, baseUrl + "public-key", this);
+    connect(job, &JsonApiJob::jsonReceived, [this](const QJsonDocument& doc, int retCode) {
+        switch(retCode) {
+            case 404: // no public key
+                qCInfo(lcCse()) << "No public key, generating a pair.";
+                break;
+            case 400: // internal error
+                qCInfo(lcCse()) << "Internal server error while requesting the public key, encryption aborted.";
+                break;
+            case 200: // ok
+                qCInfo(lcCse()) << "Found Public key, requesting Private Key.";
+                break;
+        }
+    });
+    job->start();
+}
+
+void ClientSideEncryption::signPublicKey()
+{
+
 }

 }
--- a/src/libsync/clientsideencryption.h
+++ b/src/libsync/clientsideencryption.h
@ -3,23 +3,35 @@

 #include <QString>
 #include <QObject>
+#include <QJsonDocument>
+
+
+#include "accountfwd.h"

 namespace OCC {

-class Account;

 class ClientSideEncryption : public QObject {
    Q_OBJECT
 public:
-    ClientSideEncryption(OCC::Account *parent);
+    ClientSideEncryption();
    void initialize();
+    void setAccount(AccountPtr account);
+    bool hasPrivateKey() const;
+    bool hasPublicKey() const;
+    void generateKeyPair();
+    QString generateSCR();
+    void getPrivateKeyFromServer();
+    void getPublicKeyFromServer();
+    void signPublicKey();
+    QString privateKeyPath() const;
+    QString publicKeyPath() const;

-    void fetchPrivateKey();
 signals:
    void initializationFinished();

 private:
-    OCC::Account *_account;
+    OCC::AccountPtr _account;
    bool isInitialized = false;
 };

--- a/src/libsync/connectionvalidator.cpp
+++ b/src/libsync/connectionvalidator.cpp
@ -326,8 +326,9 @@ void ConnectionValidator::slotUserFetched(const QJsonDocument &json)
 void ConnectionValidator::slotAvatarImage(const QImage &img)
 {
    _account->setAvatar(img);
-    connect(_account->cse(), &ClientSideEncryption::initializationFinished, this, &ConnectionValidator::reportConnected);
-    _account->cse()->initialize();
+    cse.setAccount(_account);
+    connect(&cse, &ClientSideEncryption::initializationFinished, this, &ConnectionValidator::reportConnected);
+    cse.initialize();
 }

 void ConnectionValidator::reportConnected() {
--- a/src/libsync/connectionvalidator.h
+++ b/src/libsync/connectionvalidator.h
@ -21,6 +21,7 @@
 #include <QVariantMap>
 #include <QNetworkReply>
 #include "accountfwd.h"
+#include "clientsideencryption.h"

 namespace OCC {

@ -63,10 +64,6 @@ namespace OCC {
        |
        +-> slotCapabilitiesRecieved -+
                                      |
-  +-----------------------------------+
-  |
-  +-> Client Side Encryption Checks --+
-                                      |
    +---------------------------------+
    |
  fetchUser
@ -75,10 +72,13 @@ namespace OCC {
        +-> slotUserFetched
              AvatarJob
              |
-              +-> slotAvatarImage --> reportResult()
-
+              +-> slotAvatarImage -->
+  +-----------------------------------+
+  |
+  +-> Client Side Encryption Checks --+ --reportResult()
    \endcode
 */
+
 class OWNCLOUDSYNC_EXPORT ConnectionValidator : public QObject
 {
    Q_OBJECT
@ -144,6 +144,7 @@ private:
    QStringList _errors;
    AccountPtr _account;
    bool _isCheckingServerAndAuth;
+    ClientSideEncryption cse;
 };
 }