Merge branch 'release/0.2.0' into main

Author: overheadhunter

.github/workflows/build.yml

@@ -7,10 +7,10 @@ jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
-    outputs:
-      artifact-version: ${{ steps.setversion.outputs.version }}
     env:
       BUILD_VERSION: SNAPSHOT
+    outputs:
+      artifact-version: ${{ steps.setversion.outputs.version }}
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-java@v1
@@ -36,14 +36,15 @@ jobs:
           echo "::set-output name=version::${v}"
       - name: Build and Test
         run: mvn -B install
-      - name: Upload snapshot artifact cloud-access-${{ env.BUILD_VERSION }}.jar
+      - name: Upload snapshot artifact cloud-access-${{ env.BUILD_VERSION }}.jar build on Linux
+        if: runner.os == 'Linux' # The build artifacts are the same on all os, therefore we upload from the "cheapest" runner
         uses: actions/upload-artifact@v2
         with:
           name: cloud-access-${{ env.BUILD_VERSION }}.jar
           path: target/cloud-access-*.jar
-      - name: Deploy to jcenter
-        run: mvn -B deploy
+      - name: Build and deploy to jcenter
         if: startsWith(github.ref, 'refs/tags/')
+        run: mvn -B deploy -DskipTests
         env:
           BINTRAY_USERNAME: cryptobot
           BINTRAY_API_KEY: ${{ secrets.BINTRAY_API_KEY }}

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.cryptomator</groupId>
     <artifactId>cloud-access</artifactId>
-    <version>0.1.0</version>
+    <version>0.2.0</version>
 
     <name>Cryptomator CloudAccess in Java</name>
     <description>CloudAccess is used in e.g. Cryptomator for Android to access different cloud providers.</description>
@@ -16,6 +16,13 @@
         <url>[email protected]:cryptomator/cloud-access-java.git</url>
     </scm>
     <developers>
+        <developer>
+            <name>Armin Schrenk</name>
+            <email>[email protected]</email>
+            <timezone>+1</timezone>
+            <organization>Skymatic GmbH</organization>
+            <organizationUrl>http://skymatic.de</organizationUrl>
+        </developer>
         <developer>
             <name>Julian Raufelder</name>
             <email>[email protected]</email>
@@ -37,7 +44,7 @@
         <guava.version>29.0-jre</guava.version>
 
         <okhttp.version>4.7.2</okhttp.version>
-        <okhttp-digest.version>2.3</okhttp-digest.version>
+        <okhttp-digest.version>2.4</okhttp-digest.version>
         <okhttp.mockwebserver.version>4.7.2</okhttp.mockwebserver.version>
         <kxml2.version>2.3.0</kxml2.version>
 
@@ -78,19 +85,18 @@
             <artifactId>guava</artifactId>
             <version>${guava.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.cryptomator</groupId>
+            <artifactId>cryptolib</artifactId>
+            <version>1.4.0-beta3</version>
+        </dependency>
 
         <!-- Logging -->
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
             <version>${slf4j.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-simple</artifactId>
-            <version>${slf4j.version}</version>
-            <scope>test</scope>
-        </dependency>
 
         <!-- WebDAV -->
         <dependency>
@@ -129,6 +135,12 @@
             <version>${okhttp.mockwebserver.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/module-info.java

@@ -5,6 +5,7 @@
 
 	requires java.xml;
 	requires com.google.common;
+	requires org.cryptomator.cryptolib;
 	requires org.slf4j;
 	requires okhttp3;
 	requires okhttp.digest;

src/main/java/org/cryptomator/cloudaccess/CloudAccess.java

@@ -1,25 +1,58 @@
 package org.cryptomator.cloudaccess;
 
-import java.net.URL;
-import java.nio.file.Path;
-
+import org.cryptomator.cloudaccess.api.CloudPath;
 import org.cryptomator.cloudaccess.api.CloudProvider;
+import org.cryptomator.cloudaccess.api.exceptions.CloudProviderException;
 import org.cryptomator.cloudaccess.localfs.LocalFsCloudProvider;
+import org.cryptomator.cloudaccess.vaultformat8.VaultFormat8ProviderDecorator;
 import org.cryptomator.cloudaccess.webdav.WebDavCloudProvider;
 import org.cryptomator.cloudaccess.webdav.WebDavCredential;
+import org.cryptomator.cryptolib.Cryptors;
+
+import java.net.URL;
+import java.nio.file.Path;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
 
 public class CloudAccess {
 
 	private CloudAccess() {
 	}
 
+	/**
+	 * Decorates an existing CloudProvider by encrypting paths and file contents using Cryptomator's Vault Format 8.
+	 * Uses an externally managed masterkey, i.e. it will only validate the vault version but not parse any vault config.
+	 *
+	 * @param cloudProvider A CloudProvider providing access to a storage space on which to store ciphertext data
+	 * @param pathToVault	Path that can be used within the given <code>cloudProvider</code> leading to the vault's root
+	 * @param rawKey        512 bit key used for cryptographic operations
+	 * @return A cleartext view on the given CloudProvider
+	 */
+	public static CloudProvider vaultFormat8GCMCloudAccess(CloudProvider cloudProvider, CloudPath pathToVault, byte[] rawKey) {
+		try {
+			var csprng = SecureRandom.getInstanceStrong();
+			var cryptor = Cryptors.version2(csprng).createFromRawKey(rawKey);
+			// TODO validate vaultFormat.jwt before creating decorator
+			VaultFormat8ProviderDecorator provider = new VaultFormat8ProviderDecorator(cloudProvider, pathToVault.resolve("d"), cryptor);
+			provider.initialize();
+			return provider;
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("JVM doesn't supply a CSPRNG", e);
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			throw new CloudProviderException("Vault initialization interrupted.", e);
+		}
+	}
+
 	/**
 	 * Creates a new CloudProvider which provides access to the given URL via WebDAV.
 	 *
-	 * @param url Base URL leading to the root resource
+	 * @param url      Base URL leading to the root resource
 	 * @param username Username used during basic or digest auth challenges
 	 * @param password Password used during basic or digest auth challenges
-	 * @return A cloud access provider that provides access to the given WebDAV URL.
+	 * @return A cloud access provider that provides access to the given WebDAV URL
 	 */
 	public static CloudProvider toWebDAV(URL url, String username, CharSequence password) {
 		// TODO can we pass though CharSequence to the auth mechanism?
@@ -29,8 +62,8 @@ public static CloudProvider toWebDAV(URL url, String username, CharSequence pass
 	/**
 	 * Creates a new CloudProvider which provides access to the given <code>folder</code>. Mainly for test purposes.
 	 *
-	 * @param folder An existing folder on the (local) default file system.
-	 * @return A cloud access provider that provides access to the given local directory.
+	 * @param folder An existing folder on the (local) default file system
+	 * @return A cloud access provider that provides access to the given local directory
 	 */
 	public static CloudProvider toLocalFileSystem(Path folder) {
 		return new LocalFsCloudProvider(folder);

src/main/java/org/cryptomator/cloudaccess/api/CloudItemMetadata.java

@@ -2,34 +2,33 @@
 
 import com.google.common.base.Objects;
 
-import java.nio.file.Path;
 import java.time.Instant;
 import java.util.Optional;
 
 public class CloudItemMetadata {
 	private final String name;
-	private final Path path;
+	private final CloudPath path;
 	private final CloudItemType itemType;
 	private final Optional<Instant> lastModifiedDate;
 	private final Optional<Long> size;
 
-	public CloudItemMetadata(String name, Path path, CloudItemType itemType, Optional<Instant> lastModifiedDate, Optional<Long> size) {
+	public CloudItemMetadata(String name, CloudPath path, CloudItemType itemType, Optional<Instant> lastModifiedDate, Optional<Long> size) {
 		this.name = name;
 		this.path = path;
 		this.itemType = itemType;
 		this.lastModifiedDate = lastModifiedDate;
 		this.size = size;
 	}
 
-	public CloudItemMetadata(String name, Path path, CloudItemType itemType) {
+	public CloudItemMetadata(String name, CloudPath path, CloudItemType itemType) {
 		this(name, path, itemType, Optional.empty(), Optional.empty());
 	}
 
 	public String getName() {
 		return name;
 	}
 
-	public Path getPath() {
+	public CloudPath getPath() {
 		return path;
 	}
 
@@ -61,4 +60,9 @@ public boolean equals(Object o) {
 	public int hashCode() {
 		return Objects.hashCode(name, path, itemType, lastModifiedDate, size);
 	}
+
+	@Override
+	public String toString() {
+		return "CloudItemMetadata{itemType=" + itemType + ", path=" + path + ", name=" + name + '}';
+	}
 }