Merge branch 'release/1.5.0'

.gitignore

@@ -17,3 +17,4 @@ test-output/
 out/
 .idea_modules/
 *.iws
+*.iml

.travis.yml

@@ -1,7 +1,7 @@
 language: java
-sudo: required
+sudo: false
 jdk:
-- oraclejdk8
+- oraclejdk9
 env:
   global:
   - secure: LT4nMSKCu4qL+jQ80BdBIOqFO3GCyAPoxNkskS0q0wvscDpEx2bvFZa9KF6/dQxubhWnfACqWxxPKfF3VadfZoKn1z01TaZ/rKHkA5GedZweFO0wBIvi/gDIcAxVX0oPOkIruugYY3iDOzOqTUuBM686cW1XWs0LEV7qPTb6KM02/IeckQs+P9SSiarqSKROlQ8dABGdyxJTXheHHphFu4mDiQsi1vtub6OoQclKLLuK2MJvFiyDeZDYYXAnjFNC/pcBUBjr5b886zPB6HLLGgvQKRLvzQudedz08ZlJdnt3k6u7HvLINbs00U60fnD/+4krQQN4EEx0Natv4L1SxFjYO4wFK2FTCKoBMkVfjINqiWzmb/yhoG33Sw9VGiYdcV45QbH32CX1oiATohV+79gfIID6p3UOL1SZuELR2XzRq70K4Kw2BXig99a0+LjYCv4ynnzetqyWVZIdhBQ1Srf/4GxUwF21Urn9TJCNr2F5BcbqGrMUMvXNjTI0WqQCTMqM+Ha9Rbe27GG7ZMtMUHd83YWP0GDiSIg2S0T0lNL2e9iQGXsGBiX3Bz+E3HEWhnE4l6XKYVgn3NXrlDjwc2B6GTGeImZXkrbFFJwQihUSujj5H6l/+5a7NxbyA1MvzNwjeTaHzdNdYovTq6ywydVtF/Kt5h7oA2KmUoajaFs= #CODACY_PROJECT_TOKEN
@@ -10,20 +10,22 @@ env:
   - secure: aLCaSgLfFniEPpiEdvEyFLlak4cTspVE3uqeGFCncPFUyyxPZ0JW+DdyFpvO5DXBa3hr9oS240H6f1T6Eo/J4K5SaKq3gS3yIzbvs2BS5yoCE4hGIZ6yS/70sIhlxvFvujJDT9KPYo8J6KE0w5vqy8BHEMZYBMEDWWvswwrvlqdaoZqe6vaoV1TsOeWeW+2qFdYu5j1KVQgSwOgzMdQuqQVSsrdA1FH+AzmMMbk3QgdGGd1U4MnFStIeG5/YfqVHkUVpZayhYB9yFzUCObT9R5zZ1OtghdOrkX1FRTKbFPAmJouToeFrIqrZEMbaE9PWaajuUZeqL2hQD1s0A+wj65cXjgbQhz4v7Gr0J/+2AU+9N+IRAIguiq6rXtt1HeR3YbBwlxFdwmEgYJjqO7+XFZFNYbr3YPgqbqJbgXpoxeUTdPNdNwckBUEQTTN6fs89Og6wHLDgoZb5niypSKWd/SFCU81FAGQ0mxy41jJOdltxVtG1+UOfb/41PRAzS6br7CpNnaq379kKlMiyOXY4UCWuFgwW4KhlUx0dgidqi2etcYrDZhZbguHmfLRfumEQ8nCp8LJ5FwJWlkmJhE8hFTu3sGmVUl06Ly1gybMPazev8hYjyr3vaexmek7qeqDtNT6n8L96qZkResjFI2pJmzZaNIg2yK92ZS/5v073OgM= # MAVEN_OSSRH_PASSWORD
   - secure: JUBj12rP7sEsNp8R3o9Mjwl7HCYKQan58CZ1WDm7L2MteFRDBJr625P4fk4cQOTjR6fb3jiogCD7dqkHoGJQlvi2ReQJLXKBhy3Bqtnzksf4c1By9bLB5NYH6MQV1FFazzAjjPjGlQYJB+kUx+pQ8vxMJC5yzp6vpKWu3vTobEFNtuFAWZq7qM91VJBUc8z+k1awas9vqgDlqWxH+K05L2c+tpnnmqXk9/HN9Z4akkKB++oACenE+w+D9Snyiif9WyhVR3+ZcMtL44YAQDabl6LlrTdM4afNaPcwgOdFuxL7GCZyIMgMP26O8JquK4ZtE2b/ZMz5h0jtE+r6M0E+yVAN+kG7UviNd9kKItiRiokDsaYeNCWVPHndGBtw6GU5GFNJTDhEb/oeqzclI/PaFHXA4O/o4A9N+nrzb28xWaihAM/NymVOE1iNNQfyNqPb9fjsMntNOTDT/sLH3tTJ62nvVPpurUXVV0+jbSrE20xclOZ1xBbMztQwya4EB/0fS+raCiR5spXHTNHpmSp2ubKAuo6V4AUXQXk6LHxiiIvcYSRYVgnBeOcreuDYv7+09xeIejxVcSzh7Nz7aK/0Fkq42ALYs/cDOq0mJGwoJ4yC7vlMj6GQNwZtCP+bzdGM3+cjTcD2F997Hf75lEVeYXK2oNE3/ycSQjdYlc3wTl0= #COVERITY_SCAN_TOKEN
 install:
-- sudo apt-get install haveged
-- mvn dependency:go-offline -Pdependency-check
-- mvn dependency:go-offline -Pcoverage
-- mvn source:help javadoc:help dependency:go-offline -Prelease
+- mvn source:help javadoc:help dependency:go-offline -Pdependency-check,coverage,release
 before_script:
 - "if [[ ${TRAVIS_BRANCH} == 'develop' && ${TRAVIS_PULL_REQUEST} == 'false' ]]; then mvn dependency-check:check -Pdependency-check; fi"
 script:
 - "mvn clean test jacoco:report verify -Pcoverage"
 after_success:
-- "bash <(curl -s https://codecov.io/bash)"
+- jdk_switcher use oraclejdk8
+- curl -o ~/codacy-coverage-reporter-assembly-latest.jar https://oss.sonatype.org/service/local/repositories/releases/content/com/codacy/codacy-coverage-reporter/2.0.1/codacy-coverage-reporter-2.0.1-assembly.jar
+- $JAVA_HOME/bin/java -cp ~/codacy-coverage-reporter-assembly-latest.jar com.codacy.CodacyCoverageReporter -l Java -r target/site/jacoco/jacoco.xml
 cache:
   directories:
   - $HOME/.m2
 addons:
+  apt:
+    packages:
+    - haveged
   coverity_scan:
     project:
       name: "cryptomator/cryptofs"
@@ -33,6 +35,7 @@ addons:
     build_command: "mvn compile -DskipTests=true"
     branch_pattern: release.*
 before_deploy:
+- jdk_switcher use oraclejdk9
 - "if ! gpg --list-secret-keys 34C80F11; then gpg --import 34C80F11.gpg; fi"
 deploy:
 - provider: script # SNAPSHOTS

README.md

@@ -3,7 +3,7 @@
 [![Build Status](https://travis-ci.org/cryptomator/cryptofs.svg?branch=develop)](https://travis-ci.org/cryptomator/cryptofs)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/7248ca7d466843f785f79f33374302c2)](https://www.codacy.com/app/cryptomator/cryptofs)
 [![Codacy Badge](https://api.codacy.com/project/badge/Coverage/7248ca7d466843f785f79f33374302c2)](https://www.codacy.com/app/cryptomator/cryptofs?utm_source=github.com&utm_medium=referral&utm_content=cryptomator/cryptofs&utm_campaign=Badge_Coverage)
-[![Coverity Scan Build Status](https://scan.coverity.com/projects/10006/badge.svg)](https://scan.coverity.com/projects/cryptomator-cryptofs)
+[![Known Vulnerabilities](https://snyk.io/test/github/cryptomator/cryptofs/badge.svg)](https://snyk.io/test/github/cryptomator/cryptofs)
 
 **CryptoFS:** Implementation of the [Cryptomator](https://github.com/cryptomator/cryptomator) encryption scheme.
 
@@ -17,6 +17,15 @@
 
 For more information on the security details, visit [cryptomator.org](https://cryptomator.org/architecture/).
 
+## Audits
+
+- [Version 1.4.0 audit by Cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf)
+
+| Finding | Comment |
+|---|---|
+| 1u1-22-001 | The GPG key is used exclusively for the Maven repositories, is designed for signing only and is protected by a 30-character generated password (alphabet size: 96 chars). It is iterated and salted (SHA1 with 20971520 iterations). An offline attack is also very unattractive. Apart from that, this finding has no influence on the Tresor apps<sup>[1](#footnote-tresor-apps)</sup>. This was not known to Cure53 at the time of reporting. |
+| 1u1-22-002 | This issue is related to [siv-mode](https://github.com/cryptomator/siv-mode/). |
+
 ## Usage
 
 CryptoFS depends on Java 8 JRE/JDK. In addition, the JCE unlimited strength policy files (needed for 256-bit keys) must be installed.
@@ -106,3 +115,7 @@ Help us keep Cryptomator open and inclusive. Please read and follow our [Code of
 ## License
 
 This project is dual-licensed under the AGPLv3 for FOSS projects as well as a commercial license derived from the LGPL for independent software vendors and resellers. If you want to use this library in applications that are *not* licensed under the AGPL, feel free to contact our [sales team](https://cryptomator.org/enterprise/).
+
+---
+
+<sup><a name="footnote-tresor-apps">1</a></sup> The Cure53 pentesting was performed during the development of the apps for 1&1 Mail & Media GmbH.

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptofs</artifactId>
-	<version>1.4.5</version>
+	<version>1.5.0</version>
 	<name>Cryptomator Crypto Filesystem</name>
 	<description>This library provides the Java filesystem provider used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptofs</url>
@@ -14,10 +14,10 @@
 	</scm>
 
 	<properties>
-		<java.version>1.8</java.version>
-		<cryptolib.version>1.1.7</cryptolib.version>
-		<dagger.version>2.13</dagger.version>
-		<guava.version>23.5-jre</guava.version>
+		<java.version>8</java.version>
+		<cryptolib.version>1.2.0</cryptolib.version>
+		<dagger.version>2.15</dagger.version>
+		<guava.version>23.6-jre</guava.version>
 		<slf4j.version>1.7.25</slf4j.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 	</properties>
@@ -85,6 +85,12 @@
 			<artifactId>dagger</artifactId>
 			<version>${dagger.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>com.google.dagger</groupId>
+			<artifactId>dagger-compiler</artifactId>
+			<version>${dagger.version}</version>
+			<optional>true</optional>
+		</dependency>
 
 		<!-- Test -->
 		<dependency>
@@ -135,13 +141,6 @@
 					<source>${java.version}</source>
 					<target>${java.version}</target>
 					<showWarnings>true</showWarnings>
-					<annotationProcessorPaths>
-						<path>
-							<groupId>com.google.dagger</groupId>
-							<artifactId>dagger-compiler</artifactId>
-							<version>${dagger.version}</version>
-						</path>
-					</annotationProcessorPaths>
 				</configuration>
 			</plugin>
 		</plugins>
@@ -174,20 +173,6 @@
 
 		<profile>
 			<id>coverage</id>
-			<dependencies>
-				<dependency>
-					<groupId>com.codacy</groupId>
-					<artifactId>codacy-coverage-reporter</artifactId>
-					<version>2.0.1</version>
-					<classifier>assembly</classifier>
-					<exclusions>
-						<exclusion>
-							<groupId>*</groupId>
-							<artifactId>*</artifactId>
-						</exclusion>
-					</exclusions>
-				</dependency>
-			</dependencies>
 			<build>
 				<plugins>
 					<plugin>
@@ -203,28 +188,6 @@
 							</execution>
 						</executions>
 					</plugin>
-					<plugin>
-						<groupId>org.codehaus.mojo</groupId>
-						<artifactId>exec-maven-plugin</artifactId>
-						<version>1.6.0</version>
-						<executions>
-							<execution>
-								<phase>verify</phase>
-								<goals>
-									<goal>java</goal>
-								</goals>
-								<configuration>
-									<mainClass>com.codacy.CodacyCoverageReporter</mainClass>
-									<arguments>
-										<argument>-l</argument>
-										<argument>Java</argument>
-										<argument>-r</argument>
-										<argument>${project.build.directory}/site/jacoco/jacoco.xml</argument>
-									</arguments>
-								</configuration>
-							</execution>
-						</executions>
-					</plugin>
 				</plugins>
 			</build>
 		</profile>
@@ -257,7 +220,7 @@
 					</plugin>
 					<plugin>
 						<artifactId>maven-javadoc-plugin</artifactId>
-						<version>2.10.4</version>
+						<version>3.0.0</version>
 						<executions>
 							<execution>
 								<id>attach-javadocs</id>

src/main/java/org/cryptomator/cryptofs/CiphertextDirectoryDeleter.java

@@ -1,20 +1,19 @@
 package org.cryptomator.cryptofs;
 
-import static com.google.common.io.MoreFiles.deleteRecursively;
-import static com.google.common.io.RecursiveDeleteOption.ALLOW_INSECURE;
-import static java.util.stream.Collectors.toSet;
-import static org.cryptomator.cryptofs.CiphertextDirectoryDeleter.DeleteResult.NO_FILES_DELETED;
-import static org.cryptomator.cryptofs.CiphertextDirectoryDeleter.DeleteResult.SOME_FILES_DELETED;
-
 import java.io.IOException;
 import java.nio.file.DirectoryNotEmptyException;
 import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.attribute.DosFileAttributeView;
 import java.util.Set;
 
 import javax.inject.Inject;
 
+import static java.util.stream.Collectors.toSet;
+import static org.cryptomator.cryptofs.CiphertextDirectoryDeleter.DeleteResult.NO_FILES_DELETED;
+import static org.cryptomator.cryptofs.CiphertextDirectoryDeleter.DeleteResult.SOME_FILES_DELETED;
+
 @PerFileSystem
 class CiphertextDirectoryDeleter {
 
@@ -27,12 +26,21 @@ public CiphertextDirectoryDeleter(DirectoryStreamFactory directoryStreamFactory)
 
 	public void deleteCiphertextDirIncludingNonCiphertextFiles(Path ciphertextDir, CryptoPath cleartextDir) throws IOException {
 		try {
-			Files.deleteIfExists(ciphertextDir);
+			DeletingFileVisitor.forceDeleteIfExists(ciphertextDir);
 		} catch (DirectoryNotEmptyException e) {
 			/*
 			 * The directory may not be empty due to two reasons:
-			 * 1.
-			 * 2.
+			 * 1. The directory really contains some valid ciphertext files
+			 * 2. The directory does only contain files which are no cyphertext files
+			 *
+			 * In the first case the exception must be rethrown. In the second case the non cyphertext files and the
+			 * directory must be deleted.
+			 *
+			 * Because we do not know at this point what is true we try to delete all non ciphertext files. If no non
+			 * ciphertext files were deleted, we know that case 1 is true. If we deleted non ciphertext files both,
+			 * case 1 or 2 could be true, thus we then reattempt the delete of the directory. If delete fails now, we
+			 * can be sure that case 1 was true. Otherwise the exception is directly thrown because we are sure that
+			 * case 2 is true.
 			 */
 			switch (deleteNonCiphertextFiles(ciphertextDir, cleartextDir)) {
 			case NO_FILES_DELETED:
@@ -52,7 +60,7 @@ private DeleteResult deleteNonCiphertextFiles(Path ciphertextDir, CryptoPath cle
 		try (DirectoryStream<Path> stream = Files.newDirectoryStream(ciphertextDir, p -> !ciphertextFiles.contains(p))) {
 			for (Path path : stream) {
 				result = SOME_FILES_DELETED;
-				deleteRecursively(path, ALLOW_INSECURE);
+				Files.walkFileTree(path, DeletingFileVisitor.INSTANCE);
 			}
 		}
 		return result;
@@ -64,7 +72,7 @@ private Set<Path> ciphertextFiles(CryptoPath cleartextDir) throws IOException {
 		}
 	}
 
-	static enum DeleteResult {
+	enum DeleteResult {
 		NO_FILES_DELETED, SOME_FILES_DELETED
 	}
 

src/main/java/org/cryptomator/cryptofs/CryptoDirectoryStream.java

@@ -8,11 +8,9 @@
  *******************************************************************************/
 package org.cryptomator.cryptofs;
 
-import static org.cryptomator.cryptofs.Constants.SHORT_NAMES_MAX_LENGTH;
-
 import java.io.IOException;
-import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.DirectoryIteratorException;
 import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -29,6 +27,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.cryptomator.cryptofs.Constants.SHORT_NAMES_MAX_LENGTH;
+
 class CryptoDirectoryStream implements DirectoryStream<Path> {
 
 	private static final Logger LOG = LoggerFactory.getLogger(CryptoDirectoryStream.class);
@@ -52,7 +52,7 @@ public CryptoDirectoryStream(Directory ciphertextDir, Path cleartextDir, FileNam
 		this.finallyUtil = finallyUtil;
 		this.encryptedNamePattern = encryptedNamePattern;
 		this.directoryId = ciphertextDir.dirId;
-		this.ciphertextDirStream = Files.newDirectoryStream(ciphertextDir.path, p -> true);
+		this.ciphertextDirStream = Files.newDirectoryStream(ciphertextDir.path);
 		LOG.trace("OPEN {}", directoryId);
 		this.cleartextDir = cleartextDir;
 		this.filenameCryptor = filenameCryptor;
@@ -134,7 +134,7 @@ private ProcessedPaths decrypt(ProcessedPaths paths) {
 	/**
 	 * Checks if a given file belongs into this ciphertext dir.
 	 * 
-	 * @param ciphertextPath The path to check.
+	 * @param paths The path to check.
 	 * @return <code>true</code> if the file is an existing ciphertext or directory file.
 	 */
 	private boolean passesPlausibilityChecks(ProcessedPaths paths) {
@@ -169,7 +169,12 @@ private boolean isAcceptableByFilter(Path path) {
 		try {
 			return filter.accept(path);
 		} catch (IOException e) {
-			throw new UncheckedIOException(e);
+			// as defined by DirectoryStream's contract:
+			// > If an I/O error is encountered when accessing the directory then it
+			// > causes the {@code Iterator}'s {@code hasNext} or {@code next} methods to
+			// > throw {@link DirectoryIteratorException} with the {@link IOException} as the
+			// > cause.
+			throw new DirectoryIteratorException(e);
 		}
 	}
 

src/main/java/org/cryptomator/cryptofs/CryptoPath.java

@@ -8,8 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.cryptofs;
 
-import static org.cryptomator.cryptofs.Constants.SEPARATOR;
-
 import java.io.File;
 import java.io.IOException;
 import java.net.URI;
@@ -25,6 +23,8 @@
 import java.util.LinkedList;
 import java.util.List;
 
+import static org.cryptomator.cryptofs.Constants.SEPARATOR;
+
 class CryptoPath implements Path {
 
 	private static final String CURRENT_DIR = ".";
@@ -64,6 +64,11 @@ public CryptoFileSystemImpl getFileSystem() {
 		return fileSystem;
 	}
 
+	// visible for testing
+	List<String> getElements() {
+		return elements;
+	}
+
 	@Override
 	public boolean isAbsolute() {
 		fileSystem.assertOpen();