Adapt interface changes for Vault#load.

ylangisc · dkocher · commit 408ac2e06ce0 · 2025-11-04T16:35:56.000+01:00
diff --git a/hub/src/main/java/cloud/katta/crypto/uvf/UvfJWKCallback.java b/hub/src/main/java/cloud/katta/crypto/uvf/UvfJWKCallback.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2025 shift7 GmbH. All rights reserved.
+ */
+
+package cloud.katta.crypto.uvf;
+
+import ch.cyberduck.core.Host;
+import ch.cyberduck.core.LoginOptions;
+import ch.cyberduck.core.exception.LoginCanceledException;
+import ch.cyberduck.core.vault.JWKCallback;
+import ch.cyberduck.core.vault.JWKCredentials;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.nimbusds.jose.jwk.JWK;
+
+public class UvfJWKCallback implements JWKCallback {
+
+    private final JWK key;
+
+    public UvfJWKCallback(final JWK key) throws JsonProcessingException {
+        this.key = key;
+    }
+
+    @Override
+    public void close(final String input) {
+        //
+    }
+
+    @Override
+    public JWKCredentials prompt(final Host bookmark, final String title, final String reason, final LoginOptions options) throws LoginCanceledException {
+        return new JWKCredentials(key);
+    }
+}
diff --git a/hub/src/main/java/cloud/katta/crypto/uvf/UvfMetadataPayloadPasswordCallback.java b/hub/src/main/java/cloud/katta/crypto/uvf/UvfMetadataPayloadPasswordCallback.java
diff --git a/hub/src/main/java/cloud/katta/protocols/hub/HubUVFVault.java b/hub/src/main/java/cloud/katta/protocols/hub/HubUVFVault.java
@@ -151,10 +151,11 @@ public AbstractVault create(final Session<?> session, final String region, final
      *
      * @param session Hub Connection
      * @param prompt  Return user keys
+     * @param metadata  metadata
      * @return Vault configuration with storage connection
      */
     @Override
-    public HubUVFVault load(final Session<?> session, final PasswordCallback prompt) throws BackgroundException {
+    public HubUVFVault load(final Session<?> session, final PasswordCallback prompt, final VaultMetadataProvider metadata) throws BackgroundException {
         log.debug("Connect to {}", storage);
         try {
             storage.open(ProxyFactory.get(), new DisabledHostKeyCallback(), login, new DisabledCancelCallback());
@@ -165,7 +166,7 @@ public HubUVFVault load(final Session<?> session, final PasswordCallback prompt)
         }
         log.debug("Initialize vault {}", this);
         // Initialize cryptors
-        super.load(storage, prompt);
+        super.load(storage, prompt, metadata);
         return this;
     }
 
diff --git a/hub/src/main/java/cloud/katta/protocols/hub/HubVaultListService.java b/hub/src/main/java/cloud/katta/protocols/hub/HubVaultListService.java
@@ -22,20 +22,26 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
+import java.nio.charset.StandardCharsets;
 import java.text.MessageFormat;
+import java.util.Base64;
 import java.util.EnumSet;
 
 import cloud.katta.client.ApiException;
 import cloud.katta.client.api.VaultResourceApi;
 import cloud.katta.client.model.VaultDto;
 import cloud.katta.core.DeviceSetupCallback;
+import cloud.katta.crypto.uvf.UvfAccessTokenPayload;
+import cloud.katta.crypto.uvf.UvfJWKCallback;
 import cloud.katta.crypto.uvf.UvfMetadataPayload;
-import cloud.katta.crypto.uvf.UvfMetadataPayloadPasswordCallback;
+import cloud.katta.crypto.uvf.VaultIdMetadataUVFProvider;
 import cloud.katta.protocols.hub.exceptions.HubExceptionMappingService;
 import cloud.katta.workflows.VaultServiceImpl;
 import cloud.katta.workflows.exceptions.AccessException;
 import cloud.katta.workflows.exceptions.SecurityFailure;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.jwk.OctetSequenceKey;
 
 public class HubVaultListService implements ListService {
     private static final Logger log = LogManager.getLogger(HubVaultListService.class);
@@ -69,7 +75,12 @@ public AttributedList<Path> list(final Path directory, final ListProgressListene
                         final Path bucket = new Path(vaultMetadata.storage().getDefaultPath(), EnumSet.of(Path.Type.directory, Path.Type.volume),
                                 new PathAttributes().setDisplayname(vaultMetadata.storage().getNickname()));
                         try {
-                            final HubUVFVault vault = new HubUVFVault(storage, bucket, prompt).load(session, new UvfMetadataPayloadPasswordCallback(vaultMetadata.toJSON()));
+                            final UvfAccessTokenPayload accessToken = vaultService.getVaultAccessTokenJWE(vaultDto.getId(), session.getUserKeys(setup));
+                            final OctetSequenceKey rawMemberKey = UvfMetadataPayload.UniversalVaultFormatJWKS.memberKeyFromRawKey(Base64.getDecoder().decode(accessToken.key()));
+                            final HubUVFVault vault = new HubUVFVault(storage, bucket, prompt).load(session, new UvfJWKCallback(rawMemberKey), new VaultIdMetadataUVFProvider(
+                                    vaultDto.getId(), UvfMetadataPayload.createKeys(), vaultDto.getUvfMetadataFile().getBytes(StandardCharsets.US_ASCII),
+                                    vaultMetadata.computeRootDirUvf(), vaultMetadata.computeRootDirIdHash()
+                            ));
                             log.info("Loaded vault {}", vault);
                             registry.add(vault);
                             vaults.add(vault.getHome());
@@ -78,7 +89,7 @@ public AttributedList<Path> list(final Path directory, final ListProgressListene
                         catch(VaultUnlockCancelException e) {
                             log.warn("Skip vault {} with failure {} loading", vaultDto, e);
                         }
-                        catch(JsonProcessingException e) {
+                        catch(JsonProcessingException | JOSEException e) {
                             throw new SecurityFailure(e);
                         }
                     }
diff --git a/hub/src/test/java/cloud/katta/crypto/uvf/UvfMetadataPayloadTest.java b/hub/src/test/java/cloud/katta/crypto/uvf/UvfMetadataPayloadTest.java
@@ -8,6 +8,7 @@
 import ch.cyberduck.core.AlphanumericRandomStringService;
 import ch.cyberduck.core.Host;
 import ch.cyberduck.core.Path;
+import ch.cyberduck.core.TestProtocol;
 import ch.cyberduck.core.cryptomator.impl.uvf.CryptoVault;
 import ch.cyberduck.core.cryptomator.random.FastSecureRandomProvider;
 import ch.cyberduck.core.exception.BackgroundException;
@@ -169,10 +170,14 @@ void testUVFMasterkeyFromUvfMetadataPayload() throws JsonProcessingException {
     }
 
     @Test
-    void testUvfVaultLoadFromMetadataPayload() throws JsonProcessingException, BackgroundException {
+    void testUvfVaultLoadFromMetadataPayload() throws JsonProcessingException, BackgroundException, JOSEException {
         final UvfMetadataPayload uvfMetadataPayload = UvfMetadataPayload.create();
+        final UvfMetadataPayload.UniversalVaultFormatJWKS keys = UvfMetadataPayload.createKeys();
+        final UUID vaultId = UUID.randomUUID();
+        final VaultIdMetadataUVFProvider provider = new VaultIdMetadataUVFProvider(new Host(new TestProtocol()), vaultId, keys, uvfMetadataPayload);
         final CryptoVault uvfVault = new CryptoVault(new Path("/", EnumSet.of(AbstractPath.Type.directory)));
-        uvfVault.load(new HubSession(new Host(new HubProtocol()), new DisabledX509TrustManager(), new DefaultX509KeyManager()),
-                new UvfMetadataPayloadPasswordCallback(uvfMetadataPayload));
+        final Host host = new Host(new HubProtocol());
+        uvfVault.load(new HubSession(host, new DisabledX509TrustManager(), new DefaultX509KeyManager()),
+                new UvfJWKCallback(keys.memberKey()), provider);
     }
 }
