mirror of
https://github.com/nextcloud/server.git
synced 2024-12-29 16:38:28 +00:00
d1977b8d25
Signed-off-by: provokateurin <kate@provokateurin.de>
386 lines
14 KiB
PHP
386 lines
14 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
namespace Test\Files\Stream;
|
|
|
|
use OC\Files\Cache\CacheEntry;
|
|
use OC\Files\Storage\Wrapper\Wrapper;
|
|
use OC\Files\View;
|
|
use OC\Memcache\ArrayCache;
|
|
use OCP\Encryption\IEncryptionModule;
|
|
use OCP\EventDispatcher\IEventDispatcher;
|
|
use OCP\Files\Cache\ICache;
|
|
use OCP\ICacheFactory;
|
|
use OCP\IConfig;
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
class EncryptionTest extends \Test\TestCase {
|
|
public const DEFAULT_WRAPPER = '\OC\Files\Stream\Encryption';
|
|
|
|
private IEncryptionModule&MockObject $encryptionModule;
|
|
|
|
/**
|
|
* @param class-string<Wrapper> $wrapper
|
|
* @return resource
|
|
*/
|
|
protected function getStream(string $fileName, string $mode, int $unencryptedSize, string $wrapper = self::DEFAULT_WRAPPER, int $unencryptedSizeOnClose = 0) {
|
|
clearstatcache();
|
|
$size = filesize($fileName);
|
|
$source = fopen($fileName, $mode);
|
|
$internalPath = $fileName;
|
|
$fullPath = $fileName;
|
|
$header = [];
|
|
$uid = '';
|
|
$this->encryptionModule = $this->buildMockModule();
|
|
$cache = $this->createMock(ICache::class);
|
|
$storage = $this->getMockBuilder('\OC\Files\Storage\Storage')
|
|
->disableOriginalConstructor()->getMock();
|
|
$encStorage = $this->getMockBuilder('\OC\Files\Storage\Wrapper\Encryption')
|
|
->disableOriginalConstructor()->getMock();
|
|
$config = $this->getMockBuilder(IConfig::class)
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
$arrayCache = $this->createMock(ArrayCache::class);
|
|
$groupManager = $this->getMockBuilder('\OC\Group\Manager')
|
|
->disableOriginalConstructor()
|
|
->getMock();
|
|
$file = $this->getMockBuilder('\OC\Encryption\File')
|
|
->disableOriginalConstructor()
|
|
->setMethods(['getAccessList'])
|
|
->getMock();
|
|
$file->expects($this->any())->method('getAccessList')->willReturn([]);
|
|
$util = $this->getMockBuilder('\OC\Encryption\Util')
|
|
->setMethods(['getUidAndFilename'])
|
|
->setConstructorArgs([new View(), new \OC\User\Manager(
|
|
$config,
|
|
$this->createMock(ICacheFactory::class),
|
|
$this->createMock(IEventDispatcher::class),
|
|
$this->createMock(LoggerInterface::class),
|
|
), $groupManager, $config, $arrayCache])
|
|
->getMock();
|
|
$util->expects($this->any())
|
|
->method('getUidAndFilename')
|
|
->willReturn(['user1', $internalPath]);
|
|
$storage->expects($this->any())->method('getCache')->willReturn($cache);
|
|
$entry = new CacheEntry([
|
|
'fileid' => 5,
|
|
'encryptedVersion' => 2,
|
|
'unencrypted_size' => $unencryptedSizeOnClose,
|
|
]);
|
|
$cache->expects($this->any())->method('get')->willReturn($entry);
|
|
$cache->expects($this->any())->method('update')->with(5, ['encrypted' => 3, 'encryptedVersion' => 3, 'unencrypted_size' => $unencryptedSizeOnClose]);
|
|
|
|
return $wrapper::wrap(
|
|
$source,
|
|
$internalPath,
|
|
$fullPath,
|
|
$header,
|
|
$uid,
|
|
$this->encryptionModule,
|
|
$storage,
|
|
$encStorage,
|
|
$util,
|
|
$file,
|
|
$mode,
|
|
$size,
|
|
$unencryptedSize,
|
|
8192,
|
|
true,
|
|
$wrapper,
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @dataProvider dataProviderStreamOpen()
|
|
*/
|
|
public function testStreamOpen(
|
|
$isMasterKeyUsed,
|
|
$mode,
|
|
$fullPath,
|
|
$fileExists,
|
|
$expectedSharePath,
|
|
$expectedSize,
|
|
$expectedUnencryptedSize,
|
|
$expectedReadOnly,
|
|
): void {
|
|
// build mocks
|
|
$encryptionModuleMock = $this->getMockBuilder('\OCP\Encryption\IEncryptionModule')
|
|
->disableOriginalConstructor()->getMock();
|
|
$encryptionModuleMock->expects($this->any())->method('needDetailedAccessList')->willReturn(!$isMasterKeyUsed);
|
|
$encryptionModuleMock->expects($this->once())
|
|
->method('getUnencryptedBlockSize')->willReturn(99);
|
|
$encryptionModuleMock->expects($this->once())
|
|
->method('begin')->willReturn([]);
|
|
|
|
$storageMock = $this->getMockBuilder('\OC\Files\Storage\Storage')
|
|
->disableOriginalConstructor()->getMock();
|
|
$storageMock->expects($this->once())->method('file_exists')->willReturn($fileExists);
|
|
|
|
$fileMock = $this->getMockBuilder('\OC\Encryption\File')
|
|
->disableOriginalConstructor()->getMock();
|
|
if ($isMasterKeyUsed) {
|
|
$fileMock->expects($this->never())->method('getAccessList');
|
|
} else {
|
|
$fileMock->expects($this->once())->method('getAccessList')
|
|
->willReturnCallback(function ($sharePath) use ($expectedSharePath) {
|
|
$this->assertSame($expectedSharePath, $sharePath);
|
|
return [];
|
|
});
|
|
}
|
|
$utilMock = $this->getMockBuilder('\OC\Encryption\Util')
|
|
->disableOriginalConstructor()->getMock();
|
|
$utilMock->expects($this->any())
|
|
->method('getHeaderSize')
|
|
->willReturn(8192);
|
|
|
|
// get a instance of the stream wrapper
|
|
$streamWrapper = $this->getMockBuilder('\OC\Files\Stream\Encryption')
|
|
->setMethods(['loadContext', 'writeHeader', 'skipHeader'])->disableOriginalConstructor()->getMock();
|
|
|
|
// set internal properties of the stream wrapper
|
|
$stream = new \ReflectionClass('\OC\Files\Stream\Encryption');
|
|
$encryptionModule = $stream->getProperty('encryptionModule');
|
|
$encryptionModule->setAccessible(true);
|
|
$encryptionModule->setValue($streamWrapper, $encryptionModuleMock);
|
|
$encryptionModule->setAccessible(false);
|
|
$storage = $stream->getProperty('storage');
|
|
$storage->setAccessible(true);
|
|
$storage->setValue($streamWrapper, $storageMock);
|
|
$storage->setAccessible(false);
|
|
$file = $stream->getProperty('file');
|
|
$file->setAccessible(true);
|
|
$file->setValue($streamWrapper, $fileMock);
|
|
$file->setAccessible(false);
|
|
$util = $stream->getProperty('util');
|
|
$util->setAccessible(true);
|
|
$util->setValue($streamWrapper, $utilMock);
|
|
$util->setAccessible(false);
|
|
$fullPathP = $stream->getProperty('fullPath');
|
|
$fullPathP->setAccessible(true);
|
|
$fullPathP->setValue($streamWrapper, $fullPath);
|
|
$fullPathP->setAccessible(false);
|
|
$header = $stream->getProperty('header');
|
|
$header->setAccessible(true);
|
|
$header->setValue($streamWrapper, []);
|
|
$header->setAccessible(false);
|
|
$this->invokePrivate($streamWrapper, 'signed', [true]);
|
|
$this->invokePrivate($streamWrapper, 'internalPath', [$fullPath]);
|
|
$this->invokePrivate($streamWrapper, 'uid', ['test']);
|
|
|
|
// call stream_open, that's the method we want to test
|
|
$dummyVar = 'foo';
|
|
$streamWrapper->stream_open('', $mode, '', $dummyVar);
|
|
|
|
// check internal properties
|
|
$size = $stream->getProperty('size');
|
|
$size->setAccessible(true);
|
|
$this->assertSame($expectedSize, $size->getValue($streamWrapper));
|
|
$size->setAccessible(false);
|
|
|
|
$unencryptedSize = $stream->getProperty('unencryptedSize');
|
|
$unencryptedSize->setAccessible(true);
|
|
$this->assertSame($expectedUnencryptedSize, $unencryptedSize->getValue($streamWrapper));
|
|
$unencryptedSize->setAccessible(false);
|
|
|
|
$readOnly = $stream->getProperty('readOnly');
|
|
$readOnly->setAccessible(true);
|
|
$this->assertSame($expectedReadOnly, $readOnly->getValue($streamWrapper));
|
|
$readOnly->setAccessible(false);
|
|
}
|
|
|
|
public function dataProviderStreamOpen() {
|
|
return [
|
|
[false, 'r', '/foo/bar/test.txt', true, '/foo/bar/test.txt', null, null, true],
|
|
[false, 'r', '/foo/bar/test.txt', false, '/foo/bar', null, null, true],
|
|
[false, 'w', '/foo/bar/test.txt', true, '/foo/bar/test.txt', 8192, 0, false],
|
|
[true, 'r', '/foo/bar/test.txt', true, '/foo/bar/test.txt', null, null, true],
|
|
[true, 'r', '/foo/bar/test.txt', false, '/foo/bar', null, null, true],
|
|
[true, 'w', '/foo/bar/test.txt', true, '/foo/bar/test.txt', 8192, 0, false],
|
|
];
|
|
}
|
|
|
|
public function testWriteRead(): void {
|
|
$fileName = tempnam('/tmp', 'FOO');
|
|
$stream = $this->getStream($fileName, 'w+', 0, self::DEFAULT_WRAPPER, 6);
|
|
$this->assertEquals(6, fwrite($stream, 'foobar'));
|
|
fclose($stream);
|
|
|
|
$stream = $this->getStream($fileName, 'r', 6);
|
|
$this->assertEquals('foobar', fread($stream, 100));
|
|
fclose($stream);
|
|
|
|
$stream = $this->getStream($fileName, 'r+', 6, self::DEFAULT_WRAPPER, 6);
|
|
$this->assertEquals(3, fwrite($stream, 'bar'));
|
|
fclose($stream);
|
|
|
|
$stream = $this->getStream($fileName, 'r', 6);
|
|
$this->assertEquals('barbar', fread($stream, 100));
|
|
fclose($stream);
|
|
|
|
unlink($fileName);
|
|
}
|
|
|
|
public function testRewind(): void {
|
|
$fileName = tempnam('/tmp', 'FOO');
|
|
$stream = $this->getStream($fileName, 'w+', 0, self::DEFAULT_WRAPPER, 6);
|
|
$this->assertEquals(6, fwrite($stream, 'foobar'));
|
|
$this->assertEquals(true, rewind($stream));
|
|
$this->assertEquals('foobar', fread($stream, 100));
|
|
$this->assertEquals(true, rewind($stream));
|
|
$this->assertEquals(3, fwrite($stream, 'bar'));
|
|
fclose($stream);
|
|
|
|
$stream = $this->getStream($fileName, 'r', 6);
|
|
$this->assertEquals('barbar', fread($stream, 100));
|
|
fclose($stream);
|
|
|
|
unlink($fileName);
|
|
}
|
|
|
|
public function testSeek(): void {
|
|
$fileName = tempnam('/tmp', 'FOO');
|
|
|
|
$stream = $this->getStream($fileName, 'w+', 0, self::DEFAULT_WRAPPER, 9);
|
|
$this->assertEquals(6, fwrite($stream, 'foobar'));
|
|
$this->assertEquals(0, fseek($stream, 3));
|
|
$this->assertEquals(6, fwrite($stream, 'foobar'));
|
|
fclose($stream);
|
|
|
|
$stream = $this->getStream($fileName, 'r', 9);
|
|
$this->assertEquals('foofoobar', fread($stream, 100));
|
|
$this->assertEquals(-1, fseek($stream, 10));
|
|
$this->assertEquals(0, fseek($stream, 9));
|
|
$this->assertEquals(-1, fseek($stream, -10, SEEK_CUR));
|
|
$this->assertEquals(0, fseek($stream, -9, SEEK_CUR));
|
|
$this->assertEquals(-1, fseek($stream, -10, SEEK_END));
|
|
$this->assertEquals(0, fseek($stream, -9, SEEK_END));
|
|
fclose($stream);
|
|
|
|
unlink($fileName);
|
|
}
|
|
|
|
public function dataFilesProvider() {
|
|
return [
|
|
['lorem-big.txt'],
|
|
['block-aligned.txt'],
|
|
['block-aligned-plus-one.txt'],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider dataFilesProvider
|
|
*/
|
|
public function testWriteReadBigFile($testFile): void {
|
|
$expectedData = file_get_contents(\OC::$SERVERROOT . '/tests/data/' . $testFile);
|
|
// write it
|
|
$fileName = tempnam('/tmp', 'FOO');
|
|
$stream = $this->getStream($fileName, 'w+', 0, self::DEFAULT_WRAPPER, strlen($expectedData));
|
|
// while writing the file from the beginning to the end we should never try
|
|
// to read parts of the file. This should only happen for write operations
|
|
// in the middle of a file
|
|
$this->encryptionModule->expects($this->never())->method('decrypt');
|
|
fwrite($stream, $expectedData);
|
|
fclose($stream);
|
|
|
|
// read it all
|
|
$stream = $this->getStream($fileName, 'r', strlen($expectedData));
|
|
$data = stream_get_contents($stream);
|
|
fclose($stream);
|
|
|
|
$this->assertEquals($expectedData, $data);
|
|
|
|
// another read test with a loop like we do in several places:
|
|
$stream = $this->getStream($fileName, 'r', strlen($expectedData));
|
|
$data = '';
|
|
while (!feof($stream)) {
|
|
$data .= fread($stream, 8192);
|
|
}
|
|
fclose($stream);
|
|
|
|
$this->assertEquals($expectedData, $data);
|
|
|
|
unlink($fileName);
|
|
}
|
|
|
|
/**
|
|
* simulate a non-seekable storage
|
|
*
|
|
* @dataProvider dataFilesProvider
|
|
*/
|
|
public function testWriteToNonSeekableStorage($testFile): void {
|
|
$wrapper = $this->getMockBuilder('\OC\Files\Stream\Encryption')
|
|
->setMethods(['parentSeekStream'])->getMock();
|
|
$wrapper->expects($this->any())->method('parentSeekStream')->willReturn(false);
|
|
|
|
$expectedData = file_get_contents(\OC::$SERVERROOT . '/tests/data/' . $testFile);
|
|
// write it
|
|
$fileName = tempnam('/tmp', 'FOO');
|
|
$stream = $this->getStream($fileName, 'w+', 0, '\Test\Files\Stream\DummyEncryptionWrapper', strlen($expectedData));
|
|
// while writing the file from the beginning to the end we should never try
|
|
// to read parts of the file. This should only happen for write operations
|
|
// in the middle of a file
|
|
$this->encryptionModule->expects($this->never())->method('decrypt');
|
|
fwrite($stream, $expectedData);
|
|
fclose($stream);
|
|
|
|
// read it all
|
|
$stream = $this->getStream($fileName, 'r', strlen($expectedData), '\Test\Files\Stream\DummyEncryptionWrapper', strlen($expectedData));
|
|
$data = stream_get_contents($stream);
|
|
fclose($stream);
|
|
|
|
$this->assertEquals($expectedData, $data);
|
|
|
|
// another read test with a loop like we do in several places:
|
|
$stream = $this->getStream($fileName, 'r', strlen($expectedData));
|
|
$data = '';
|
|
while (!feof($stream)) {
|
|
$data .= fread($stream, 8192);
|
|
}
|
|
fclose($stream);
|
|
|
|
$this->assertEquals($expectedData, $data);
|
|
|
|
unlink($fileName);
|
|
}
|
|
|
|
protected function buildMockModule(): IEncryptionModule&MockObject {
|
|
$encryptionModule = $this->getMockBuilder('\OCP\Encryption\IEncryptionModule')
|
|
->disableOriginalConstructor()
|
|
->setMethods(['getId', 'getDisplayName', 'begin', 'end', 'encrypt', 'decrypt', 'update', 'shouldEncrypt', 'getUnencryptedBlockSize', 'isReadable', 'encryptAll', 'prepareDecryptAll', 'isReadyForUser', 'needDetailedAccessList'])
|
|
->getMock();
|
|
|
|
$encryptionModule->expects($this->any())->method('getId')->willReturn('UNIT_TEST_MODULE');
|
|
$encryptionModule->expects($this->any())->method('getDisplayName')->willReturn('Unit test module');
|
|
$encryptionModule->expects($this->any())->method('begin')->willReturn([]);
|
|
$encryptionModule->expects($this->any())->method('end')->willReturn('');
|
|
$encryptionModule->expects($this->any())->method('isReadable')->willReturn(true);
|
|
$encryptionModule->expects($this->any())->method('needDetailedAccessList')->willReturn(false);
|
|
$encryptionModule->expects($this->any())->method('encrypt')->willReturnCallback(function ($data) {
|
|
// simulate different block size by adding some padding to the data
|
|
if (isset($data[6125])) {
|
|
return str_pad($data, 8192, 'X');
|
|
}
|
|
// last block
|
|
return $data;
|
|
});
|
|
$encryptionModule->expects($this->any())->method('decrypt')->willReturnCallback(function ($data) {
|
|
if (isset($data[8191])) {
|
|
return substr($data, 0, 6126);
|
|
}
|
|
// last block
|
|
return $data;
|
|
});
|
|
$encryptionModule->expects($this->any())->method('update')->willReturn(true);
|
|
$encryptionModule->expects($this->any())->method('shouldEncrypt')->willReturn(true);
|
|
$encryptionModule->expects($this->any())->method('getUnencryptedBlockSize')->willReturn(6126);
|
|
return $encryptionModule;
|
|
}
|
|
}
|