Merge branch 'develop' into release/2.9.0

Author: infeo

src/main/java/org/cryptomator/cryptofs/CiphertextPathValidations.java

@@ -0,0 +1,21 @@
+package org.cryptomator.cryptofs;
+
+import com.google.common.io.BaseEncoding;
+
+import java.nio.file.Path;
+
+public class CiphertextPathValidations {
+
+
+	private CiphertextPathValidations() {}
+
+	public static boolean isCiphertextContentDir(Path p) {
+		var twoCharDir = p.getParent();
+		if (twoCharDir == null) {
+			return false;
+		}
+		var testString = twoCharDir.getFileName().toString() + p.getFileName().toString();
+		return testString.length() == 32 && BaseEncoding.base32().canDecode(testString);
+	}
+
+}

src/main/java/org/cryptomator/cryptofs/DirectoryIdBackup.java

@@ -1,12 +1,12 @@
 package org.cryptomator.cryptofs;
 
+import jakarta.inject.Inject;
 import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.common.DecryptingReadableByteChannel;
 import org.cryptomator.cryptolib.common.EncryptingWritableByteChannel;
 
-import jakarta.inject.Inject;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.channels.ByteChannel;
@@ -65,6 +65,9 @@ public static void write(Cryptor cryptor, CiphertextDirectory ciphertextDirector
 	 * @throws IllegalStateException if the directory id exceeds {@value Constants#MAX_DIR_ID_LENGTH} chars
 	 */
 	public byte[] read(Path ciphertextContentDir) throws IOException, CryptoException, IllegalStateException {
+		if (!CiphertextPathValidations.isCiphertextContentDir(ciphertextContentDir)) {
+			throw new IllegalArgumentException("Directory %s is not a ciphertext content dir".formatted(ciphertextContentDir));
+		}
 		var dirIdBackupFile = getBackupFilePath(ciphertextContentDir);
 		var dirIdBuffer = ByteBuffer.allocate(Constants.MAX_DIR_ID_LENGTH + 1); //a dir id contains at most 36 ascii chars, we add for security checks one more
 

src/main/java/org/cryptomator/cryptofs/FileNameDecryptor.java

@@ -43,7 +43,7 @@ public String decryptFilename(Path ciphertextNode) throws IOException, Unsupport
 	String decryptFilenameInternal(Path ciphertextNode) throws IOException, UnsupportedOperationException {
 		byte[] dirId = null;
 		try {
-			dirId = dirIdBackup.read(ciphertextNode);
+			dirId = dirIdBackup.read(ciphertextNode.getParent());
 		} catch (NoSuchFileException e) {
 			throw new UnsupportedOperationException("Directory does not have a " + Constants.DIR_ID_BACKUP_FILE_NAME + " file.");
 		} catch (CryptoException | IllegalStateException e) {

src/main/java/org/cryptomator/cryptofs/event/BrokenDirFileEvent.java

@@ -1,12 +1,22 @@
 package org.cryptomator.cryptofs.event;
 
 import java.nio.file.Path;
+import java.time.Instant;
 
 /**
  * Emitted, if a dir.c9r file is empty or exceeds 1000 Bytes.
  *
+ * @param timestamp timestamp of event appearance
  * @param ciphertextPath path to the broken dir.c9r file
  */
-public record BrokenDirFileEvent(Path ciphertextPath) implements FilesystemEvent {
+public record BrokenDirFileEvent(Instant timestamp, Path ciphertextPath) implements FilesystemEvent {
 
+	public BrokenDirFileEvent(Path ciphertextPath) {
+		this(Instant.now(), ciphertextPath);
+	}
+
+	@Override
+	public Instant getTimestamp() {
+		return timestamp;
+	}
 }

src/main/java/org/cryptomator/cryptofs/event/BrokenFileNodeEvent.java

@@ -1,15 +1,24 @@
 package org.cryptomator.cryptofs.event;
 
 import java.nio.file.Path;
+import java.time.Instant;
 
 /**
  * Emitted, if a path within the cryptographic filesystem is accessed, but the directory representing it is missing identification files.
  *
+ * @param timestamp timestamp of event appearance
  * @param cleartextPath path within the cryptographic filesystem
  * @param ciphertextPath path of the incomplete, encrypted directory
- *
  * @see org.cryptomator.cryptofs.health.type.UnknownType
  */
-public record BrokenFileNodeEvent(Path cleartextPath, Path ciphertextPath) implements FilesystemEvent {
+public record BrokenFileNodeEvent(Instant timestamp, Path cleartextPath, Path ciphertextPath) implements FilesystemEvent {
+
+	public BrokenFileNodeEvent(Path cleartextPath, Path ciphertextPath) {
+		this(Instant.now(), cleartextPath, ciphertextPath);
+	}
 
+	@Override
+	public Instant getTimestamp() {
+		return timestamp;
+	}
 }

src/main/java/org/cryptomator/cryptofs/event/ConflictResolutionFailedEvent.java

@@ -1,14 +1,24 @@
 package org.cryptomator.cryptofs.event;
 
 import java.nio.file.Path;
+import java.time.Instant;
 
 /**
  * Emitted, if the conflict resolution inside an encrypted directory failed
  *
+ * @param timestamp timestamp of event appearance
  * @param canonicalCleartextPath path of the canonical file within the cryptographic filesystem
  * @param conflictingCiphertextPath path of the encrypted, conflicting file
  * @param reason exception, why the resolution failed
  */
-public record ConflictResolutionFailedEvent(Path canonicalCleartextPath, Path conflictingCiphertextPath, Exception reason) implements FilesystemEvent {
+public record ConflictResolutionFailedEvent(Instant timestamp, Path canonicalCleartextPath, Path conflictingCiphertextPath, Exception reason) implements FilesystemEvent {
 
+	public ConflictResolutionFailedEvent(Path canonicalCleartextPath, Path conflictingCiphertextPath, Exception reason) {
+		this(Instant.now(), canonicalCleartextPath, conflictingCiphertextPath, reason);
+	}
+
+	@Override
+	public Instant getTimestamp() {
+		return timestamp;
+	}
 }

src/main/java/org/cryptomator/cryptofs/event/ConflictResolvedEvent.java

@@ -1,6 +1,7 @@
 package org.cryptomator.cryptofs.event;
 
 import java.nio.file.Path;
+import java.time.Instant;
 
 /**
  * Emitted, if a conflict inside an encrypted directory was resolved.
@@ -10,11 +11,20 @@
  * The file <i>with the suffix</i> is called <b>conflicting</b>
  * On successful conflict resolution the conflicting file is renamed to the <b>resolved</b> file
  *
+ * @param timestamp timestamp of event appearance
  * @param canonicalCleartextPath path of the canonical file within the cryptographic filesystem
  * @param conflictingCiphertextPath path of the encrypted, conflicting file
  * @param resolvedCleartextPath path of the resolved file within the cryptographic filesystem
  * @param resolvedCiphertextPath path of the resolved, encrypted file
  */
-public record ConflictResolvedEvent(Path canonicalCleartextPath, Path conflictingCiphertextPath, Path resolvedCleartextPath, Path resolvedCiphertextPath) implements FilesystemEvent {
+public record ConflictResolvedEvent(Instant timestamp, Path canonicalCleartextPath, Path conflictingCiphertextPath, Path resolvedCleartextPath, Path resolvedCiphertextPath) implements FilesystemEvent {
 
+	public ConflictResolvedEvent(Path canonicalCleartextPath, Path conflictingCiphertextPath, Path resolvedCleartextPath, Path resolvedCiphertextPath) {
+		this(Instant.now(), canonicalCleartextPath, conflictingCiphertextPath, resolvedCleartextPath, resolvedCiphertextPath);
+	}
+
+	@Override
+	public Instant getTimestamp() {
+		return timestamp;
+	}
 }

src/main/java/org/cryptomator/cryptofs/event/DecryptionFailedEvent.java

@@ -1,12 +1,23 @@
 package org.cryptomator.cryptofs.event;
 
 import java.nio.file.Path;
+import java.time.Instant;
 
 /**
  * Emitted, if a decryption operation fails.
  *
+ * @param timestamp timestamp of event appearance
  * @param ciphertextPath path to the encrypted resource
  * @param e thrown exception
  */
-public record DecryptionFailedEvent(Path ciphertextPath, Exception e) implements FilesystemEvent {
+public record DecryptionFailedEvent(Instant timestamp, Path ciphertextPath, Exception e) implements FilesystemEvent {
+
+	public DecryptionFailedEvent(Path ciphertextPath, Exception e) {
+		this(Instant.now(), ciphertextPath, e);
+	}
+
+	@Override
+	public Instant getTimestamp() {
+		return timestamp;
+	}
 }

src/main/java/org/cryptomator/cryptofs/event/FilesystemEvent.java

@@ -1,5 +1,6 @@
 package org.cryptomator.cryptofs.event;
 
+import java.time.Instant;
 import java.util.function.Consumer;
 
 /**
@@ -11,11 +12,11 @@
  * {@code
  * FilesystemEvent fse;
  * switch (fse) {
- *   case DecryptionFailedEvent e -> //do stuff
  *   case ConflictResolvedEvent e -> //do other stuff
- *   //other cases
+ *   case DecryptionFailedEvent(Instant timestamp, Path ciphertext, Exception ex)  -> //do stuff
+ *   //... other cases
  * }
- * if( fse instanceof DecryptionFailedEvent dfe) {
+ * if( fse instanceof DecryptionFailedEvent(Instant timestamp, Path ciphertext, Exception ex) {
  *   //do more stuff
  * }
  * }.
@@ -24,4 +25,10 @@
  */
 public sealed interface FilesystemEvent permits BrokenDirFileEvent, BrokenFileNodeEvent, ConflictResolutionFailedEvent, ConflictResolvedEvent, DecryptionFailedEvent {
 
+	/**
+	 * Gets the timestamp when the event occurred.
+	 *
+	 * @return the event timestamp as an {@link Instant}
+	 */
+	Instant getTimestamp();
 }

src/test/java/org/cryptomator/cryptofs/DirectoryIdBackupTest.java

@@ -1,7 +1,7 @@
 package org.cryptomator.cryptofs;
 
+import com.google.common.io.BaseEncoding;
 import org.cryptomator.cryptofs.common.Constants;
-import org.cryptomator.cryptofs.health.dirid.OrphanContentDirTest;
 import org.cryptomator.cryptofs.util.TestCryptoException;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -28,7 +28,7 @@
 public class DirectoryIdBackupTest {
 
 	@TempDir
-	Path contentPath;
+	Path testDir;
 
 	private String dirId = "12345678";
 	private Cryptor cryptor;
@@ -50,7 +50,7 @@ public class Write {
 
 		@BeforeEach
 		public void beforeEachWriteTest() {
-			ciphertextDirectoryObject = new CiphertextDirectory(dirId, contentPath);
+			ciphertextDirectoryObject = new CiphertextDirectory(dirId, testDir);
 			encChannel = Mockito.mock(EncryptingWritableByteChannel.class);
 		}
 
@@ -62,7 +62,7 @@ public void testIdFileCreated() throws IOException {
 
 			dirIdBackupSpy.write(ciphertextDirectoryObject);
 
-			Assertions.assertTrue(Files.exists(contentPath.resolve(Constants.DIR_ID_BACKUP_FILE_NAME)));
+			Assertions.assertTrue(Files.exists(testDir.resolve(Constants.DIR_ID_BACKUP_FILE_NAME)));
 		}
 
 		@Test
@@ -83,22 +83,34 @@ public void testContentIsWritten() throws IOException {
 	public class Read {
 
 		private DecryptingReadableByteChannel decChannel;
+		private Path cipherContentDir;
 
 		@BeforeEach
 		public void beforeEachRead() throws IOException {
-			var backupFile = contentPath.resolve(Constants.DIR_ID_BACKUP_FILE_NAME);
+			var dirNames = BaseEncoding.base32().encode(new byte [20]); //a directory id hash is due to SHA1 always 20 bytes long
+			var twoCharDir = testDir.resolve(dirNames.substring(0,2));
+			cipherContentDir = twoCharDir.resolve(dirNames.substring(2));
+			var backupFile = cipherContentDir.resolve(Constants.DIR_ID_BACKUP_FILE_NAME);
+			Files.createDirectories(cipherContentDir);
 			Files.writeString(backupFile, dirId, StandardCharsets.US_ASCII, StandardOpenOption.CREATE, StandardOpenOption.WRITE);
 
 			decChannel = mock(DecryptingReadableByteChannel.class);
 		}
 
+		@Test
+		@DisplayName("If the given path is not a cipherContentDir, throw IllegalArgumentException")
+		public void wrongPath() throws IOException {
+			var dirIdBackupSpy = spy(dirIdBackup);
+			Assertions.assertThrows(IllegalArgumentException.class, () -> dirIdBackupSpy.read(testDir));
+		}
+
 		@Test
 		@DisplayName("If the directory id is longer than 36 characters, throw IllegalStateException")
 		public void contentLongerThan36Chars() throws IOException {
 			var dirIdBackupSpy = spy(dirIdBackup);
 			Mockito.when(dirIdBackupSpy.wrapDecryptionAround(Mockito.any(), Mockito.eq(cryptor))).thenReturn(decChannel);
 			Mockito.when(decChannel.read(Mockito.any())).thenReturn(Constants.MAX_DIR_ID_LENGTH + 1);
-			Assertions.assertThrows(IllegalStateException.class, () -> dirIdBackupSpy.read(contentPath));
+			Assertions.assertThrows(IllegalStateException.class, () -> dirIdBackupSpy.read(cipherContentDir));
 		}
 
 		@Test
@@ -108,7 +120,7 @@ public void invalidEncryptionThrowsCryptoException() throws IOException {
 			var expectedException = new TestCryptoException();
 			Mockito.when(dirIdBackupSpy.wrapDecryptionAround(Mockito.any(), Mockito.eq(cryptor))).thenReturn(decChannel);
 			Mockito.when(decChannel.read(Mockito.any())).thenThrow(expectedException);
-			var actual = Assertions.assertThrows(CryptoException.class, () -> dirIdBackupSpy.read(contentPath));
+			var actual = Assertions.assertThrows(CryptoException.class, () -> dirIdBackupSpy.read(cipherContentDir));
 			Assertions.assertEquals(expectedException, actual);
 		}
 
@@ -119,7 +131,7 @@ public void ioException() throws IOException {
 			var expectedException = new IOException("my oh my");
 			Mockito.when(dirIdBackupSpy.wrapDecryptionAround(Mockito.any(), Mockito.eq(cryptor))).thenReturn(decChannel);
 			Mockito.when(decChannel.read(Mockito.any())).thenThrow(expectedException);
-			var actual = Assertions.assertThrows(IOException.class, () -> dirIdBackupSpy.read(contentPath));
+			var actual = Assertions.assertThrows(IOException.class, () -> dirIdBackupSpy.read(cipherContentDir));
 			Assertions.assertEquals(expectedException, actual);
 		}
 
@@ -136,9 +148,10 @@ public void success() throws IOException {
 				return expectedArray.length;
 			}).when(decChannel).read(Mockito.any());
 
-			var readDirId = dirIdBackupSpy.read(contentPath);
+			var readDirId = dirIdBackupSpy.read(cipherContentDir);
 			Assertions.assertArrayEquals(expectedArray, readDirId);
 		}
+
 	}