Merge pull request #260 from cryptomator/feature/dir-id-file-refactor

Feature: Extend dir id backup class

Author: infeo

src/main/java/org/cryptomator/cryptofs/CryptoFileSystemImpl.java

@@ -331,7 +331,7 @@ void createDirectory(CryptoPath cleartextDir, FileAttribute<?>... attrs) throws
 		// create dir if and only if the dirFile has been created right now (not if it has been created before):
 		try {
 			Files.createDirectories(ciphertextDir.path());
-			dirIdBackup.execute(ciphertextDir);
+			dirIdBackup.write(ciphertextDir);
 			ciphertextPath.persistLongFileName();
 		} catch (IOException e) {
 			// make sure there is no orphan dir file:

src/main/java/org/cryptomator/cryptofs/CryptoFileSystemProvider.java

@@ -155,7 +155,7 @@ public static void initialize(Path pathToVault, CryptoFileSystemProperties prope
 			Path vaultCipherRootPath = pathToVault.resolve(Constants.DATA_DIR_NAME).resolve(dirHash.substring(0, 2)).resolve(dirHash.substring(2));
 			Files.createDirectories(vaultCipherRootPath);
 			// create dirId backup:
-			DirectoryIdBackup.backupManually(cryptor, new CiphertextDirectory(Constants.ROOT_DIR_ID, vaultCipherRootPath));
+			DirectoryIdBackup.write(cryptor, new CiphertextDirectory(Constants.ROOT_DIR_ID, vaultCipherRootPath));
 		} finally {
 			Arrays.fill(rawKey, (byte) 0x00);
 		}

src/main/java/org/cryptomator/cryptofs/DirectoryIdBackup.java

@@ -1,7 +1,9 @@
 package org.cryptomator.cryptofs;
 
 import org.cryptomator.cryptofs.common.Constants;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.common.DecryptingReadableByteChannel;
 import org.cryptomator.cryptolib.common.EncryptingWritableByteChannel;
 
 import javax.inject.Inject;
@@ -10,31 +12,32 @@
 import java.nio.channels.ByteChannel;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
 
 /**
- * Single purpose class to back up the directory id of an encrypted directory when it is created.
+ * Single purpose class to read or write the directory id backup of an encrypted directory.
  */
 @CryptoFileSystemScoped
 public class DirectoryIdBackup {
 
-	private Cryptor cryptor;
+	private final Cryptor cryptor;
 
 	@Inject
 	public DirectoryIdBackup(Cryptor cryptor) {
 		this.cryptor = cryptor;
 	}
 
 	/**
-	 * Performs the backup operation for the given {@link CiphertextDirectory} object.
+	 * Writes the dirId backup file for the {@link CiphertextDirectory} object.
 	 * <p>
-	 * The directory id is written via an encrypting channel to the file {@link CiphertextDirectory#path()} /{@value Constants#DIR_BACKUP_FILE_NAME}.
+	 * The directory id is written via an encrypting channel to the file {@link CiphertextDirectory#path()}.resolve({@value Constants#DIR_ID_BACKUP_FILE_NAME});
 	 *
 	 * @param ciphertextDirectory The cipher dir object containing the dir id and the encrypted content root
 	 * @throws IOException if an IOException is raised during the write operation
 	 */
-	public void execute(CiphertextDirectory ciphertextDirectory) throws IOException {
-		try (var channel = Files.newByteChannel(ciphertextDirectory.path().resolve(Constants.DIR_BACKUP_FILE_NAME), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE); //
+	public void write(CiphertextDirectory ciphertextDirectory) throws IOException {
+		try (var channel = Files.newByteChannel(getBackupFilePath(ciphertextDirectory.path()), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE); //
 			 var encryptingChannel = wrapEncryptionAround(channel, cryptor)) {
 			encryptingChannel.write(ByteBuffer.wrap(ciphertextDirectory.dirId().getBytes(StandardCharsets.US_ASCII)));
 		}
@@ -43,16 +46,65 @@ public void execute(CiphertextDirectory ciphertextDirectory) throws IOException
 	/**
 	 * Static method to explicitly back up the directory id for a specified ciphertext directory.
 	 *
-	 * @param cryptor The cryptor to be used
+	 * @param cryptor The cryptor to be used for encryption
 	 * @param ciphertextDirectory A {@link CiphertextDirectory} for which the dirId should be back up'd.
 	 * @throws IOException when the dirId file already exists, or it cannot be written to.
 	 */
-	public static void backupManually(Cryptor cryptor, CiphertextDirectory ciphertextDirectory) throws IOException {
-		new DirectoryIdBackup(cryptor).execute(ciphertextDirectory);
+	public static void write(Cryptor cryptor, CiphertextDirectory ciphertextDirectory) throws IOException {
+		new DirectoryIdBackup(cryptor).write(ciphertextDirectory);
 	}
 
 
-	static EncryptingWritableByteChannel wrapEncryptionAround(ByteChannel channel, Cryptor cryptor) {
+	/**
+	 * Reads the dirId backup file and retrieves the directory id from it.
+	 *
+	 * @param ciphertextContentDir path of a ciphertext <strong>content</strong> directory
+	 * @return a byte array containing the directory id
+	 * @throws IOException if the dirId backup file cannot be read
+	 * @throws CryptoException if the content of dirId backup file cannot be decrypted/authenticated
+	 * @throws IllegalStateException if the directory id exceeds {@value Constants#MAX_DIR_ID_LENGTH} chars
+	 */
+	public byte[] read(Path ciphertextContentDir) throws IOException, CryptoException, IllegalStateException {
+		var dirIdBackupFile = getBackupFilePath(ciphertextContentDir);
+		var dirIdBuffer = ByteBuffer.allocate(Constants.MAX_DIR_ID_LENGTH + 1); //a dir id contains at most 36 ascii chars, we add for security checks one more
+
+		try (var channel = Files.newByteChannel(dirIdBackupFile, StandardOpenOption.READ); //
+			 var decryptingChannel = wrapDecryptionAround(channel, cryptor)) {
+			int read = decryptingChannel.read(dirIdBuffer);
+			if (read < 0 || read > Constants.MAX_DIR_ID_LENGTH) {
+				throw new IllegalStateException("Read directory id exceeds the maximum length of %d characters".formatted(Constants.MAX_DIR_ID_LENGTH));
+			}
+		}
+
+		var dirId = new byte[dirIdBuffer.position()];
+		dirIdBuffer.get(0, dirId);
+		return dirId;
+	}
+
+	/**
+	 * Static method to explicitly retrieve the directory id of a ciphertext directory from the dirId backup file
+	 *
+	 * @param cryptor The cryptor to be used for decryption
+	 * @param ciphertextContentDir path of a ciphertext <strong>content</strong> directory
+	 * @return a byte array containing the directory id
+	 * @throws IOException if the dirId backup file cannot be read
+	 * @throws CryptoException if the content of dirId backup file cannot be decrypted/authenticated
+	 * @throws IllegalStateException if the directory id exceeds {@value Constants#MAX_DIR_ID_LENGTH} chars
+	 */
+	public static byte[] read(Cryptor cryptor, Path ciphertextContentDir) throws IOException, CryptoException, IllegalStateException {
+		return new DirectoryIdBackup(cryptor).read(ciphertextContentDir);
+	}
+
+
+	private static Path getBackupFilePath(Path ciphertextContentDir) {
+		return ciphertextContentDir.resolve(Constants.DIR_ID_BACKUP_FILE_NAME);
+	}
+
+	DecryptingReadableByteChannel wrapDecryptionAround(ByteChannel channel, Cryptor cryptor) {
+		return new DecryptingReadableByteChannel(channel, cryptor, true);
+	}
+
+	EncryptingWritableByteChannel wrapEncryptionAround(ByteChannel channel, Cryptor cryptor) {
 		return new EncryptingWritableByteChannel(channel, cryptor);
 	}
 }

src/main/java/org/cryptomator/cryptofs/common/Constants.java

@@ -25,10 +25,10 @@ private Constants() {
 	public static final String SYMLINK_FILE_NAME = "symlink.c9r";
 	public static final String CONTENTS_FILE_NAME = "contents.c9r";
 	public static final String INFLATED_FILE_NAME = "name.c9s";
-	public static final String DIR_BACKUP_FILE_NAME = "dirid.c9r";
+	public static final String DIR_ID_BACKUP_FILE_NAME = "dirid.c9r";
 
 	public static final int MAX_SYMLINK_LENGTH = 32767; // max path length on NTFS and FAT32: 32k-1
-	public static final int MAX_DIR_FILE_LENGTH = 36; // UUIDv4: hex-encoded 16 byte int + 4 hyphens = 36 ASCII chars
+	public static final int MAX_DIR_ID_LENGTH = 36; // UUIDv4: hex-encoded 16 byte int + 4 hyphens = 36 ASCII chars
 	public static final int MIN_CIPHER_NAME_LENGTH = 26; //rounded up base64url encoded (16 bytes IV + 0 bytes empty string) + file suffix = 26 ASCII chars
 
 	public static final String SEPARATOR = "/";

src/main/java/org/cryptomator/cryptofs/dir/C9rConflictResolver.java

@@ -21,7 +21,7 @@
 import java.util.stream.Stream;
 
 import static org.cryptomator.cryptofs.common.Constants.DIR_FILE_NAME;
-import static org.cryptomator.cryptofs.common.Constants.MAX_DIR_FILE_LENGTH;
+import static org.cryptomator.cryptofs.common.Constants.MAX_DIR_ID_LENGTH;
 import static org.cryptomator.cryptofs.common.Constants.MAX_SYMLINK_LENGTH;
 import static org.cryptomator.cryptofs.common.Constants.SYMLINK_FILE_NAME;
 
@@ -127,7 +127,7 @@ private boolean resolveConflictTrivially(Path canonicalPath, Path conflictingPat
 		if (!Files.exists(canonicalPath)) {
 			Files.move(conflictingPath, canonicalPath); // boom. conflict solved.
 			return true;
-		} else if (hasSameFileContent(conflictingPath.resolve(DIR_FILE_NAME), canonicalPath.resolve(DIR_FILE_NAME), MAX_DIR_FILE_LENGTH)) {
+		} else if (hasSameFileContent(conflictingPath.resolve(DIR_FILE_NAME), canonicalPath.resolve(DIR_FILE_NAME), MAX_DIR_ID_LENGTH)) {
 			LOG.info("Removing conflicting directory {} (identical to {})", conflictingPath, canonicalPath);
 			MoreFiles.deleteRecursively(conflictingPath, RecursiveDeleteOption.ALLOW_INSECURE);
 			return true;

src/main/java/org/cryptomator/cryptofs/dir/DirectoryStreamFilters.java

@@ -7,6 +7,6 @@
 
 public interface DirectoryStreamFilters {
 
-	static DirectoryStream.Filter<Path> EXCLUDE_DIR_ID_BACKUP = p -> !p.equals(p.resolveSibling(Constants.DIR_BACKUP_FILE_NAME));
+	static DirectoryStream.Filter<Path> EXCLUDE_DIR_ID_BACKUP = p -> !p.equals(p.resolveSibling(Constants.DIR_ID_BACKUP_FILE_NAME));
 
 }

src/main/java/org/cryptomator/cryptofs/health/dirid/DirIdCheck.java

@@ -62,7 +62,7 @@ public void check(Path pathToVault, VaultConfig config, Masterkey masterkey, Cry
 			if (foundDir) {
 				iter.remove();
 				var expectedDirVaultRel = Path.of(Constants.DATA_DIR_NAME).resolve(expectedDir);
-				if (Files.exists(pathToVault.resolve(expectedDirVaultRel).resolve(Constants.DIR_BACKUP_FILE_NAME))) {
+				if (Files.exists(pathToVault.resolve(expectedDirVaultRel).resolve(Constants.DIR_ID_BACKUP_FILE_NAME))) {
 					resultCollector.accept(new HealthyDir(dirId, dirFile, expectedDirVaultRel));
 				} else {
 					resultCollector.accept(new MissingDirIdBackup(dirId, expectedDirVaultRel));
@@ -116,7 +116,7 @@ private FileVisitResult visitDirFile(Path dirFile, BasicFileAttributes attrs) th
 				return FileVisitResult.CONTINUE;
 			}
 
-			if (attrs.size() > Constants.MAX_DIR_FILE_LENGTH) {
+			if (attrs.size() > Constants.MAX_DIR_ID_LENGTH) {
 				LOG.warn("Encountered dir.c9r file of size {}", attrs.size());
 				resultCollector.accept(new ObeseDirFile(dirFile, attrs.size()));
 			} else if (attrs.size() == 0) {

src/main/java/org/cryptomator/cryptofs/health/dirid/MissingContentDir.java

@@ -51,7 +51,7 @@ void fix(Path pathToVault, Cryptor cryptor) throws IOException {
 		var dirIdHash = cryptor.fileNameCryptor().hashDirectoryId(dirId);
 		Path dirPath = pathToVault.resolve(Constants.DATA_DIR_NAME).resolve(dirIdHash.substring(0, 2)).resolve(dirIdHash.substring(2, 32));
 		Files.createDirectories(dirPath);
-		DirectoryIdBackup.backupManually(cryptor, new CiphertextDirectory(dirId, dirPath));
+		DirectoryIdBackup.write(cryptor, new CiphertextDirectory(dirId, dirPath));
 	}
 
 	@Override

src/main/java/org/cryptomator/cryptofs/health/dirid/MissingDirIdBackup.java

@@ -12,7 +12,7 @@
 import java.util.Optional;
 
 /**
- * The dir id backup file {@value org.cryptomator.cryptofs.common.Constants#DIR_BACKUP_FILE_NAME} is missing.
+ * The dir id backup file {@value org.cryptomator.cryptofs.common.Constants#DIR_ID_BACKUP_FILE_NAME} is missing.
  */
 public record MissingDirIdBackup(String dirId, Path contentDir) implements DiagnosticResult {
 
@@ -29,7 +29,7 @@ public String toString() {
 	//visible for testing
 	void fix(Path pathToVault, Cryptor cryptor) throws IOException {
 		Path absCipherDir = pathToVault.resolve(contentDir);
-		DirectoryIdBackup.backupManually(cryptor, new CiphertextDirectory(dirId, absCipherDir));
+		DirectoryIdBackup.write(cryptor, new CiphertextDirectory(dirId, absCipherDir));
 	}
 
 	@Override

src/main/java/org/cryptomator/cryptofs/health/dirid/ObeseDirFile.java

@@ -28,7 +28,7 @@ public Severity getSeverity() {
 
 	@Override
 	public String toString() {
-		return String.format("Unexpected file size of %s: %d should be ≤ %d", dirFile, size, Constants.MAX_DIR_FILE_LENGTH);
+		return String.format("Unexpected file size of %s: %d should be ≤ %d", dirFile, size, Constants.MAX_DIR_ID_LENGTH);
 	}
 
 	@Override