Skip to content

Commit

Permalink
Merge branch 'release/1.2.3'
Browse files Browse the repository at this point in the history
  • Loading branch information
infeo committed Sep 19, 2023
2 parents f240475 + 4d4676c commit 18d22df
Show file tree
Hide file tree
Showing 13 changed files with 103 additions and 85 deletions.
22 changes: 22 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
version: 2
updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "06:00"
timezone: "UTC"
groups:
maven-dependencies:
patterns:
- "*"

- package-ecosystem: "github-actions"
directory: "/" # even for `.github/workflows`
schedule:
interval: "monthly"
groups:
github-actions:
patterns:
- "*"
5 changes: 3 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: windows-latest
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
Expand All @@ -25,7 +25,8 @@ jobs:
- name: Build and Test
id: buildAndTest
run: mvn -B clean test -Pdependency-check
- name: Codesign DLL
- name: Codesign DLL on release
if: startsWith(github.ref, 'refs/tags/')
uses: skymatic/code-sign-action@v2
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on: windows-2019
if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/setup-java@v3
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-central.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
publish:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
ref: "refs/tags/${{ github.event.inputs.tag }}"
- uses: actions/setup-java@v3
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-github.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: windows-latest
if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
Expand Down
1 change: 1 addition & 0 deletions .idea/misc.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

51 changes: 28 additions & 23 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.cryptomator</groupId>
<artifactId>integrations-win</artifactId>
<version>1.2.2</version>
<version>1.2.3</version>

<name>Cryptomator Integrations for Windows</name>
<description>Provides optional Windows services used by Cryptomator</description>
Expand Down Expand Up @@ -37,17 +37,17 @@
<project.jdk.version>17</project.jdk.version>

<!-- runtime dependencies -->
<api.version>1.2.0</api.version>
<slf4j.version>1.7.36</slf4j.version>
<gson.version>2.9.0</gson.version>
<api.version>1.3.0</api.version>
<slf4j.version>2.0.9</slf4j.version>
<jackson.version>2.15.2</jackson.version>

<!-- test dependencies -->
<junit.jupiter.version>5.8.2</junit.jupiter.version>
<mockito.version>4.4.0</mockito.version>
<junit.jupiter.version>5.10.0</junit.jupiter.version>
<mockito.version>5.5.0</mockito.version>

<!-- build plugin dependencies -->
<dependency-check.version>8.1.0</dependency-check.version>
<nexus-staging.version>1.6.8</nexus-staging.version>
<dependency-check.version>8.4.0</dependency-check.version>
<nexus-staging.version>1.6.13</nexus-staging.version>
</properties>

<licenses>
Expand All @@ -69,11 +69,16 @@
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>

<!-- JUnit / Mockito / Hamcrest -->
<dependency>
Expand Down Expand Up @@ -101,7 +106,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
<version>3.3.1</version>
<configuration>
<filesets>
<fileset>
Expand All @@ -117,7 +122,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<version>3.11.0</version>
<configuration>
<compilerArgs>
<arg>-h</arg>
Expand All @@ -129,7 +134,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0</version>
<version>3.4.1</version>
<executions>
<execution>
<id>check-preconditions</id>
Expand All @@ -149,7 +154,7 @@
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.2.0</version>
<version>3.3.1</version>
<executions>
<execution>
<id>copy-dlls</id>
Expand All @@ -175,11 +180,11 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.0.0-M5</version>
<version>3.1.2</version>
</plugin>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
<version>3.3.0</version>
<executions>
<execution>
<id>attach-sources</id>
Expand All @@ -191,7 +196,7 @@
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.3.2</version>
<version>3.6.0</version>
<executions>
<execution>
<id>attach-javadocs</id>
Expand Down Expand Up @@ -274,7 +279,7 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.0.0</version>
<version>3.1.0</version>
<executions>
<execution>
<goals>
Expand Down Expand Up @@ -304,7 +309,7 @@
<plugins>
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<version>3.1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
Expand Down Expand Up @@ -365,7 +370,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.0</version>
<version>3.1.1</version>
</plugin>
</plugins>
</build>
Expand Down
5 changes: 3 additions & 2 deletions src/main/java/module-info.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@
module org.cryptomator.integrations.win {
requires org.cryptomator.integrations.api;
requires org.slf4j;
requires com.google.gson;
requires com.fasterxml.jackson.annotation;
requires com.fasterxml.jackson.databind;

opens org.cryptomator.windows.keychain to com.google.gson;
opens org.cryptomator.windows.keychain to com.fasterxml.jackson.databind;

provides AutoStartProvider with WindowsAutoStart;
provides KeychainAccessProvider with WindowsProtectedKeychainAccess;
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,12 +1,7 @@
package org.cryptomator.windows.keychain;

import com.google.gson.annotations.SerializedName;

class KeychainEntry {
import com.fasterxml.jackson.annotation.JsonProperty;

@SerializedName("ciphertext")
byte[] ciphertext;

@SerializedName("salt")
byte[] salt;
record KeychainEntry(@JsonProperty("ciphertext") byte[] ciphertext, @JsonProperty("salt") byte[] salt) {
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package org.cryptomator.windows.keychain;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonParseException;
import com.google.gson.reflect.TypeToken;
import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.cryptomator.integrations.common.OperatingSystem;
import org.cryptomator.integrations.common.Priority;
import org.cryptomator.integrations.keychain.KeychainAccessException;
Expand All @@ -19,7 +18,6 @@
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Type;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.file.Files;
Expand Down Expand Up @@ -49,11 +47,7 @@ public class WindowsProtectedKeychainAccess implements KeychainAccessProvider {
private static final Logger LOG = LoggerFactory.getLogger(WindowsProtectedKeychainAccess.class);
private static final Path USER_HOME_REL = Path.of("~");
private static final Path USER_HOME = Path.of(System.getProperty("user.home"));
private static final Gson GSON = new GsonBuilder() //
.setPrettyPrinting() //
.registerTypeHierarchyAdapter(byte[].class, new ByteArrayJsonAdapter()) //
.disableHtmlEscaping() //
.create();
private static final ObjectMapper JSON_MAPPER = new ObjectMapper();

private final List<Path> keychainPaths;
private final WinDataProtection dataProtection;
Expand Down Expand Up @@ -103,12 +97,11 @@ public void storePassphrase(String key, String displayName, CharSequence passphr
ByteBuffer buf = UTF_8.encode(CharBuffer.wrap(passphrase));
byte[] cleartext = new byte[buf.remaining()];
buf.get(cleartext);
KeychainEntry entry = new KeychainEntry();
entry.salt = generateSalt();
entry.ciphertext = dataProtection.protect(cleartext, entry.salt);
var salt = generateSalt();
var ciphertext = dataProtection.protect(cleartext, salt);
Arrays.fill(buf.array(), (byte) 0x00);
Arrays.fill(cleartext, (byte) 0x00);
keychainEntries.put(key, entry);
keychainEntries.put(key, new KeychainEntry(ciphertext, salt));
saveKeychainEntries();
}

Expand All @@ -119,7 +112,7 @@ public char[] loadPassphrase(String key) throws KeychainAccessException {
if (entry == null) {
return null;
}
byte[] cleartext = dataProtection.unprotect(entry.ciphertext, entry.salt);
byte[] cleartext = dataProtection.unprotect(entry.ciphertext(), entry.salt());
if (cleartext == null) {
return null;
}
Expand Down Expand Up @@ -184,12 +177,15 @@ private void loadKeychainEntriesIfNeeded() throws KeychainAccessException {
//visible for testing
Optional<Map<String, KeychainEntry>> loadKeychainEntries(Path keychainPath) throws KeychainAccessException {
LOG.debug("Attempting to load keychain from {}", keychainPath);
Type type = new TypeToken<Map<String, KeychainEntry>>() {
}.getType();
TypeReference<Map<String, KeychainEntry>> type = new TypeReference<>() {
};
try (InputStream in = Files.newInputStream(keychainPath, StandardOpenOption.READ); //
Reader reader = new InputStreamReader(in, UTF_8)) {
return Optional.ofNullable(GSON.fromJson(reader, type));
} catch (NoSuchFileException | JsonParseException e) {
return Optional.ofNullable(JSON_MAPPER.readValue(reader, type));
} catch (NoSuchFileException e) {
return Optional.empty();
} catch (JacksonException je) {
LOG.warn("Unable to parse keychain file, overwriting existing one.");
return Optional.empty();
} catch (IOException e) {
throw new KeychainAccessException("Could not read keychain from path " + keychainPath, e);
Expand All @@ -206,7 +202,7 @@ private void saveKeychainEntries() throws KeychainAccessException {
private void saveKeychainEntries(Path keychainPath) throws KeychainAccessException {
try (OutputStream out = Files.newOutputStream(keychainPath, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); //
Writer writer = new OutputStreamWriter(out, UTF_8)) {
GSON.toJson(keychainEntries, writer);
JSON_MAPPER.writeValue(writer, keychainEntries);
} catch (IOException e) {
throw new KeychainAccessException("Could not read keychain from path " + keychainPath, e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@
import org.junit.jupiter.api.io.TempDir;

import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Objects;

public class KeychainAccessProviderTest {
public class WindowsProtectedKeychainAccessIntegrationTest {

@BeforeAll
public static void setup(@TempDir Path tmpDir) {
Expand Down Expand Up @@ -59,6 +59,15 @@ public void testEmptyFileReturnsEmpty() throws KeychainAccessException, IOExcept

Assertions.assertTrue(result.isEmpty());
}

@Test
public void testLegacyKeychainFiles() throws URISyntaxException, KeychainAccessException {
var keychainPath = Path.of(this.getClass().getResource("keychain.v1.2.2.json").toURI());
var result = keychainAccess.loadKeychainEntries(keychainPath);

Assertions.assertTrue(result.isPresent());
Assertions.assertEquals(3, result.get().size());
}
}

}
Loading

0 comments on commit 18d22df

Please sign in to comment.