Merge branch 'release/2.3.0'

Author: infeo

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptofs</artifactId>
-	<version>2.2.0</version>
+	<version>2.3.0</version>
 	<name>Cryptomator Crypto Filesystem</name>
 	<description>This library provides the Java filesystem provider used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptofs</url>
@@ -18,7 +18,7 @@
 		<maven.compiler.release>17</maven.compiler.release>
 
 		<!-- dependencies -->
-		<cryptolib.version>2.0.2</cryptolib.version>
+		<cryptolib.version>2.0.3</cryptolib.version>
 		<jwt.version>3.18.1</jwt.version>
 		<dagger.version>2.37</dagger.version>
 		<guava.version>30.1.1-jre</guava.version>
@@ -295,7 +295,7 @@
 				<repository>
 					<id>ossrh</id>
 					<name>Maven Central</name>
-					<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+					<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
 				</repository>
 			</distributionManagement>
 			<build>
@@ -307,7 +307,7 @@
 						<extensions>true</extensions>
 						<configuration>
 							<serverId>ossrh</serverId>
-							<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
 							<autoReleaseAfterClose>true</autoReleaseAfterClose>
 						</configuration>
 					</plugin>

src/main/java/org/cryptomator/cryptofs/CryptoFileSystems.java

@@ -1,5 +1,6 @@
 package org.cryptomator.cryptofs;
 
+import org.cryptomator.cryptofs.common.BackupHelper;
 import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -51,6 +52,7 @@ public CryptoFileSystemImpl create(CryptoFileSystemProvider provider, Path pathT
 		var keyId = configLoader.getKeyId();
 		try (Masterkey key = properties.keyLoader().loadKey(keyId)) {
 			var config = configLoader.verify(key.getEncoded(), Constants.VAULT_VERSION);
+			backupVaultConfigFile(normalizedPathToVault, properties);
 			var adjustedProperties = adjustForCapabilities(pathToVault, properties);
 			var cryptor = CryptorProvider.forScheme(config.getCipherCombo()).provide(key.copy(), csprng);
 			try {
@@ -71,6 +73,7 @@ public CryptoFileSystemImpl create(CryptoFileSystemProvider provider, Path pathT
 
 	/**
 	 * Checks if the vault has a content root folder. If not, an exception is raised.
+	 *
 	 * @param pathToVault Path to the vault root
 	 * @param cryptor Cryptor object initialized with the correct masterkey
 	 * @throws ContentRootMissingException If the existence of encrypted vault content root cannot be ensured
@@ -119,6 +122,18 @@ private String readVaultConfigFile(Path pathToVault, CryptoFileSystemProperties
 		}
 	}
 
+	/**
+	 * Attempts to create a backup of the vault config or compares to an existing one.
+	 *
+	 * @param pathToVault path to the vault's root
+	 * @param properties properties used when attempting to construct a fs for this vault
+	 * @throws IOException If the config cannot be read
+	 */
+	private void backupVaultConfigFile(Path pathToVault, CryptoFileSystemProperties properties) throws IOException {
+		Path vaultConfigFile = pathToVault.resolve(properties.vaultConfigFilename());
+		BackupHelper.attemptBackup(vaultConfigFile);
+	}
+
 	private CryptoFileSystemProperties adjustForCapabilities(Path pathToVault, CryptoFileSystemProperties originalProperties) throws FileSystemCapabilityChecker.MissingCapabilityException {
 		if (!originalProperties.readonly()) {
 			try {

src/test/java/org/cryptomator/cryptofs/CryptoFileSystemsTest.java

@@ -1,5 +1,6 @@
 package org.cryptomator.cryptofs;
 
+import org.cryptomator.cryptofs.common.BackupHelper;
 import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -36,6 +37,7 @@ public class CryptoFileSystemsTest {
 	private final Path pathToVault = mock(Path.class, "vaultPath");
 	private final Path normalizedPathToVault = mock(Path.class, "normalizedVaultPath");
 	private final Path configFilePath = mock(Path.class, "normalizedVaultPath/vault.cryptomator");
+	private final Path configFileBackupPath = mock(Path.class, "normalizedVaultPath/vault.cryptomator.12345678.bkup");
 	private final Path dataDirPath = mock(Path.class, "normalizedVaultPath/d");
 	private final Path preContenRootPath = mock(Path.class, "normalizedVaultPath/d/AB");
 	private final Path contenRootPath = mock(Path.class, "normalizedVaultPath/d/AB/CDEFGHIJKLMNOP");
@@ -61,6 +63,7 @@ public class CryptoFileSystemsTest {
 	private MockedStatic<VaultConfig> vaultConficClass;
 	private MockedStatic<Files> filesClass;
 	private MockedStatic<CryptorProvider> cryptorProviderClass;
+	private MockedStatic<BackupHelper> backupHelperClass;
 
 	private final CryptoFileSystems inTest = new CryptoFileSystems(cryptoFileSystemComponentBuilder, capabilityChecker, csprng);
 
@@ -69,6 +72,7 @@ public void setup() throws IOException, MasterkeyLoadingFailedException {
 		vaultConficClass = Mockito.mockStatic(VaultConfig.class);
 		filesClass = Mockito.mockStatic(Files.class);
 		cryptorProviderClass = Mockito.mockStatic(CryptorProvider.class);
+		backupHelperClass = Mockito.mockStatic(BackupHelper.class);
 
 		when(pathToVault.normalize()).thenReturn(normalizedPathToVault);
 		when(normalizedPathToVault.resolve("vault.cryptomator")).thenReturn(configFilePath);
@@ -77,6 +81,7 @@ public void setup() throws IOException, MasterkeyLoadingFailedException {
 		filesClass.when(() -> Files.readString(configFilePath, StandardCharsets.US_ASCII)).thenReturn("jwt-vault-config");
 		vaultConficClass.when(() -> VaultConfig.decode("jwt-vault-config")).thenReturn(configLoader);
 		cryptorProviderClass.when(() -> CryptorProvider.forScheme(cipherCombo)).thenReturn(cryptorProvider);
+		backupHelperClass.when(() -> BackupHelper.attemptBackup(configFilePath)).thenReturn(configFileBackupPath);
 		when(VaultConfig.decode("jwt-vault-config")).thenReturn(configLoader);
 		when(configLoader.getKeyId()).thenReturn(URI.create("test:key"));
 		when(keyLoader.loadKey(Mockito.any())).thenReturn(masterkey);
@@ -105,6 +110,7 @@ public void tearDown() {
 		vaultConficClass.close();
 		filesClass.close();
 		cryptorProviderClass.close();
+		backupHelperClass.close();
 	}
 
 	@Test
@@ -153,6 +159,25 @@ public void testCreateThrowsIOExceptionIfContentRootExistenceCheckFails() {
 		Assertions.assertThrows(IOException.class, () -> inTest.create(provider, pathToVault, properties));
 	}
 
+	@Test
+	public void testCreateAttemptsBackupOnSuccessfulVerification() throws IOException {
+		inTest.create(provider, pathToVault, properties);
+		backupHelperClass.verify(() -> BackupHelper.attemptBackup(configFilePath));
+	}
+
+	@Test
+	public void testCreateWithFailedConfigVerificationMakesNoBackup() throws IOException {
+		when(configLoader.verify(rawKey, Constants.VAULT_VERSION)).thenThrow(VaultKeyInvalidException.class);
+		Assertions.assertThrows(VaultKeyInvalidException.class, () -> inTest.create(provider, pathToVault, properties));
+		backupHelperClass.verify(() -> BackupHelper.attemptBackup(configFilePath), Mockito.never());
+	}
+
+	@Test
+	public void testCreateThrowsIOExceptionIfBackupAttemptThrowsOne() throws IOException {
+		backupHelperClass.when(() -> BackupHelper.attemptBackup(configFilePath)).thenThrow(new IOException());
+		Assertions.assertThrows(IOException.class,() -> inTest.create(provider, pathToVault, properties));
+	}
+
 	@Test
 	public void testGetReturnsFileSystemForPathIfItExists() throws IOException, MasterkeyLoadingFailedException {
 		CryptoFileSystemImpl fileSystem = inTest.create(provider, pathToVault, properties);