Health-API: Implement OrphanDir.fix() (#106)

Armin Schrenk · overheadhunter · web-flow · commit a304bd06eb40 · 2021-06-24T16:08:07.000+02:00
* introduce new directory with fixed dirId CRYPTOMATOR_RECOVERY * a stepparent dir is always created inside this dir * adopted files are suffixd with a random id constant over each fix() attempt * fix mockito to reflectively access certain classes (fixes #107) * remove ATOMIC_MOVE and manual code formatting Co-authored-by: Sebastian Stenzel <sebastian.stenzel@gmail.com>
diff --git a/pom.xml b/pom.xml
@@ -141,6 +141,10 @@
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
 				<version>3.0.0-M5</version>
+				<configuration>
+					<!-- Allow reflection for Mockito, so it can properly mock non-public classes -->
+					<argLine>--add-opens=org.cryptomator.cryptofs/org.cryptomator.cryptofs.health.dirid=ALL-UNNAMED</argLine>
+				</configuration>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
diff --git a/src/main/java/org/cryptomator/cryptofs/common/Constants.java b/src/main/java/org/cryptomator/cryptofs/common/Constants.java
@@ -17,6 +17,8 @@ private Constants() {
 	public static final String MASTERKEY_BACKUP_SUFFIX = ".bkup";
 	public static final String DATA_DIR_NAME = "d";
 	public static final String ROOT_DIR_ID = "";
+	public static final String RECOVERY_DIR_ID = "recovery";
+
 	public static final String CRYPTOMATOR_FILE_SUFFIX = ".c9r";
 	public static final String DEFLATED_FILE_SUFFIX = ".c9s";
 	public static final String DIR_FILE_NAME = "dir.c9r";
@@ -29,4 +31,5 @@ private Constants() {
 	public static final int MAX_DIR_FILE_LENGTH = 36; // UUIDv4: hex-encoded 16 byte int + 4 hyphens = 36 ASCII chars
 
 	public static final String SEPARATOR = "/";
+	public static final String RECOVERY_DIR_NAME = "CRYPTOMATOR_RECOVERY";
 }
diff --git a/src/main/java/org/cryptomator/cryptofs/health/api/DiagnosticResult.java b/src/main/java/org/cryptomator/cryptofs/health/api/DiagnosticResult.java
@@ -4,6 +4,7 @@
 import org.cryptomator.cryptolib.api.Cryptor;
 import org.cryptomator.cryptolib.api.Masterkey;
 
+import java.io.IOException;
 import java.nio.file.Path;
 import java.util.Map;
 
@@ -39,7 +40,7 @@ enum Severity {
 	@Override
 	String toString();
 
-	default void fix(Path pathToVault, VaultConfig config, Masterkey masterkey, Cryptor cryptor) {
+	default void fix(Path pathToVault, VaultConfig config, Masterkey masterkey, Cryptor cryptor) throws IOException {
 		throw new UnsupportedOperationException("Preliminary API not yet implemented");
 	}
 
diff --git a/src/main/java/org/cryptomator/cryptofs/health/dirid/OrphanDir.java b/src/main/java/org/cryptomator/cryptofs/health/dirid/OrphanDir.java
@@ -1,9 +1,28 @@
 package org.cryptomator.cryptofs.health.dirid;
 
+import com.google.common.io.BaseEncoding;
+import org.cryptomator.cryptofs.CryptoPathMapper;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.common.CiphertextFileType;
+import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.cryptolib.api.Cryptor;
+import org.cryptomator.cryptolib.api.FileNameCryptor;
+import org.cryptomator.cryptolib.api.Masterkey;
 
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.FileAlreadyExistsException;
+import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.atomic.AtomicInteger;
 
 import static org.cryptomator.cryptofs.health.api.CommonDetailKeys.ENCRYPTED_PATH;
 
@@ -12,6 +31,11 @@
  */
 public class OrphanDir implements DiagnosticResult {
 
+	private static final String FILE_PREFIX = "file";
+	private static final String DIR_PREFIX = "directory";
+	private static final String SYMLINK_PREFIX = "symlink";
+	private static final String LONG_NAME_SUFFIX_BASE = "_withVeryLongName";
+
 	final Path dir;
 
 	OrphanDir(Path dir) {
@@ -33,5 +57,127 @@ public Map<String, String> details() {
 		return Map.of(ENCRYPTED_PATH, dir.toString());
 	}
 
-	// fix: create new dirId inside of L+F dir and rename existing dir accordingly.
+	@Override
+	public void fix(Path pathToVault, VaultConfig config, Masterkey masterkey, Cryptor cryptor) throws IOException {
+		var sha1 = getSha1MessageDigest();
+		String runId = Integer.toString((short) UUID.randomUUID().getMostSignificantBits(), 32);
+		Path dataDir = pathToVault.resolve(Constants.DATA_DIR_NAME);
+		Path orphanedDir = dataDir.resolve(this.dir);
+		String orphanDirIdHash = dir.getParent().getFileName().toString() + dir.getFileName().toString();
+
+		Path recoveryDir = prepareRecoveryDir(pathToVault, cryptor.fileNameCryptor());
+		if (recoveryDir.toAbsolutePath().equals(orphanedDir.toAbsolutePath())) {
+			return; //recovery dir was orphaned, already recovered by prepare method
+		}
+
+		var stepParentDir = prepareStepParent(dataDir, recoveryDir, cryptor.fileNameCryptor(), orphanDirIdHash);
+		AtomicInteger fileCounter = new AtomicInteger(1);
+		AtomicInteger dirCounter = new AtomicInteger(1);
+		AtomicInteger symlinkCounter = new AtomicInteger(1);
+		String longNameSuffix = createClearnameToBeShortened(config.getShorteningThreshold());
+		try (var orphanedContentStream = Files.newDirectoryStream(orphanedDir)) {
+			for (Path orphanedResource : orphanedContentStream) {
+				//@formatter:off
+				var newClearName = switch (determineCiphertextFileType(orphanedResource)) {
+						case FILE -> FILE_PREFIX + fileCounter.getAndIncrement();
+						case DIRECTORY -> DIR_PREFIX + dirCounter.getAndIncrement();
+						case SYMLINK -> SYMLINK_PREFIX + symlinkCounter.getAndIncrement();
+					} + "_" + runId;
+				//@formatter:on
+				adoptOrphanedResource(orphanedResource, newClearName, stepParentDir, cryptor.fileNameCryptor(), longNameSuffix, sha1);
+			}
+		}
+		Files.delete(orphanedDir);
+	}
+
+	//visible for testing
+	Path prepareRecoveryDir(Path pathToVault, FileNameCryptor cryptor) throws IOException {
+		Path dataDir = pathToVault.resolve(Constants.DATA_DIR_NAME);
+		String rootDirHash = cryptor.hashDirectoryId(Constants.ROOT_DIR_ID);
+		Path vaultCipherRootPath = dataDir.resolve(rootDirHash.substring(0, 2)).resolve(rootDirHash.substring(2)).toAbsolutePath();
+
+		//check if recovery dir exists and has unique recovery id
+		String cipherRecoveryDirName = convertClearToCiphertext(cryptor, Constants.RECOVERY_DIR_NAME, Constants.ROOT_DIR_ID);
+		Path cipherRecoveryDirFile = vaultCipherRootPath.resolve(cipherRecoveryDirName + "/" + Constants.DIR_FILE_NAME);
+		if (Files.notExists(cipherRecoveryDirFile, LinkOption.NOFOLLOW_LINKS)) {
+			Files.createDirectories(cipherRecoveryDirFile.getParent());
+			Files.writeString(cipherRecoveryDirFile, Constants.RECOVERY_DIR_ID, StandardCharsets.UTF_8, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE);
+		} else {
+			String uuid = Files.readString(cipherRecoveryDirFile, StandardCharsets.UTF_8);
+			if (!Constants.RECOVERY_DIR_ID.equals(uuid)) {
+				throw new FileAlreadyExistsException("Directory /" + Constants.RECOVERY_DIR_NAME + " already exists, but with wrong directory id.");
+			}
+		}
+		String recoveryDirHash = cryptor.hashDirectoryId(Constants.RECOVERY_DIR_ID);
+		Path cipherRecoveryDir = dataDir.resolve(recoveryDirHash.substring(0, 2)).resolve(recoveryDirHash.substring(2)).toAbsolutePath();
+		Files.createDirectories(cipherRecoveryDir);
+
+		return cipherRecoveryDir;
+	}
+
+	// visible for testing
+	CryptoPathMapper.CiphertextDirectory prepareStepParent(Path dataDir, Path cipherRecoveryDir, FileNameCryptor cryptor, String clearStepParentDirName) throws IOException {
+		//create "step-parent" directory to move orphaned files to
+		String cipherStepParentDirName = convertClearToCiphertext(cryptor, clearStepParentDirName, Constants.RECOVERY_DIR_ID);
+		Path cipherStepParentDirFile = cipherRecoveryDir.resolve(cipherStepParentDirName + "/" + Constants.DIR_FILE_NAME);
+		final String stepParentUUID;
+		if (Files.exists(cipherStepParentDirFile, LinkOption.NOFOLLOW_LINKS)) {
+			stepParentUUID = Files.readString(cipherStepParentDirFile, StandardCharsets.UTF_8);
+		} else {
+			Files.createDirectories(cipherStepParentDirFile.getParent());
+			stepParentUUID = UUID.randomUUID().toString();
+			Files.writeString(cipherStepParentDirFile, stepParentUUID, StandardCharsets.UTF_8, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE);
+		}
+		String stepParentDirHash = cryptor.hashDirectoryId(stepParentUUID);
+		Path stepParentDir = dataDir.resolve(stepParentDirHash.substring(0, 2)).resolve(stepParentDirHash.substring(2)).toAbsolutePath();
+		Files.createDirectories(stepParentDir);
+		return new CryptoPathMapper.CiphertextDirectory(stepParentUUID, stepParentDir);
+	}
+
+	// visible for testing
+	void adoptOrphanedResource(Path oldCipherPath, String newClearname, CryptoPathMapper.CiphertextDirectory stepParentDir, FileNameCryptor cryptor, String longNameSuffix, MessageDigest sha1) throws IOException {
+		if (oldCipherPath.toString().endsWith(Constants.DEFLATED_FILE_SUFFIX)) {
+			var newCipherName = convertClearToCiphertext(cryptor, newClearname + longNameSuffix, stepParentDir.dirId);
+			var deflatedName = BaseEncoding.base64Url().encode(sha1.digest(newCipherName.getBytes(StandardCharsets.UTF_8))) + Constants.DEFLATED_FILE_SUFFIX;
+			Path targetPath = stepParentDir.path.resolve(deflatedName);
+			Files.move(oldCipherPath, targetPath);
+
+			//adjust name.c9s
+			try (var fc = Files.newByteChannel(targetPath.resolve(Constants.INFLATED_FILE_NAME), StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING)) {
+				fc.write(ByteBuffer.wrap(newCipherName.getBytes(StandardCharsets.UTF_8)));
+			}
+		} else {
+			var newCipherName = convertClearToCiphertext(cryptor, newClearname, stepParentDir.dirId);
+			Path targetPath = stepParentDir.path.resolve(newCipherName);
+			Files.move(oldCipherPath, targetPath);
+		}
+	}
+
+	private static String createClearnameToBeShortened(int threshold) {
+		int neededLength = (threshold - 4) / 4 * 3 - 16;
+		return LONG_NAME_SUFFIX_BASE.repeat((neededLength % LONG_NAME_SUFFIX_BASE.length()) + 1);
+	}
+
+	private static String convertClearToCiphertext(FileNameCryptor cryptor, String clearTextName, String dirId) {
+		return cryptor.encryptFilename(BaseEncoding.base64Url(), clearTextName, dirId.getBytes(StandardCharsets.UTF_8)) + Constants.CRYPTOMATOR_FILE_SUFFIX;
+	}
+
+	private static CiphertextFileType determineCiphertextFileType(Path ciphertextPath) {
+		if (Files.exists(ciphertextPath.resolve(Constants.DIR_FILE_NAME), LinkOption.NOFOLLOW_LINKS)) {
+			return CiphertextFileType.DIRECTORY;
+		} else if (Files.exists(ciphertextPath.resolve(Constants.SYMLINK_FILE_NAME), LinkOption.NOFOLLOW_LINKS)) {
+			return CiphertextFileType.SYMLINK;
+		} else {
+			return CiphertextFileType.FILE;
+		}
+	}
+
+	private static MessageDigest getSha1MessageDigest() {
+		try {
+			return MessageDigest.getInstance("SHA1");
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("Every JVM needs to provide a SHA1 implementation.");
+		}
+	}
+
 }
diff --git a/src/test/java/org/cryptomator/cryptofs/health/dirid/OrphanDirTest.java b/src/test/java/org/cryptomator/cryptofs/health/dirid/OrphanDirTest.java
