Merge branch 'release/1.2.0' into develop

# Conflicts:
#	main/ant-kit/pom.xml
#	main/commons-test/pom.xml
#	main/commons/pom.xml
#	main/filesystem-api/pom.xml
#	main/filesystem-charsets/pom.xml
#	main/filesystem-crypto-integration-tests/pom.xml
#	main/filesystem-crypto/pom.xml
#	main/filesystem-inmemory/pom.xml
#	main/filesystem-invariants-tests/pom.xml
#	main/filesystem-nameshortening/pom.xml
#	main/filesystem-nio/pom.xml
#	main/filesystem-stats/pom.xml
#	main/frontend-api/pom.xml
#	main/frontend-webdav/pom.xml
#	main/jacoco-report/pom.xml
#	main/keychain/pom.xml
#	main/pom.xml
#	main/uber-jar/pom.xml
#	main/ui/pom.xml

Author: overheadhunter

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/CryptorImpl.java

@@ -109,7 +109,7 @@ public void readKeysFromMasterkeyFile(byte[] masterkeyFileContents, CharSequence
 		assert keyFile != null;
 
 		// check version
-		if (CURRENT_VAULT_VERSION != keyFile.getVersion()) {
+		if (!CURRENT_VAULT_VERSION.equals(keyFile.getVersion())) {
 			throw new UnsupportedVaultFormatException(keyFile.getVersion(), CURRENT_VAULT_VERSION);
 		}
 

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImpl.java

@@ -54,6 +54,11 @@ public FileContentDecryptorImpl(SecretKey headerKey, SecretKey macKey, ByteBuffe
 		this.header = FileHeader.decrypt(headerKey, hmacSha256, header);
 		this.authenticate = authenticate;
 		this.chunkNumber = firstCiphertextByte / CHUNK_SIZE; // floor() by int-truncation
+		
+		// vault version 5 and onwards should have filesize: -1
+		if (this.header.getPayload().getFilesize() != -1l) {
+			throw new UncheckedIOException(new IOException("Attempted to decrypt file with invalid header (probably from previous vault version)"));
+		}
 	}
 
 	@Override

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImplTest.java

@@ -45,7 +45,7 @@ public void testDecryption() throws InterruptedException {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 		final byte[] content = Base64.decode("AAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3Og=");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
@@ -68,7 +68,7 @@ public void testManipulatedHeaderDecryption() throws InterruptedException {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJa==");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJG==");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 
@@ -80,7 +80,7 @@ public void testManipulatedContentDecryption() throws InterruptedException {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 		final byte[] content = Base64.decode("aAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3Og=");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
@@ -101,7 +101,7 @@ public void testManipulatedDecryptionWithSuppressedAuthentication() throws Inter
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 		final byte[] content = Base64.decode("AAAAAAAAAAAAAAAAAAAAALTwrBTNYP7m3yTGKlhka9WPvX1Lpn5EYfVxlyX1ISgRXtdRnivM7r6F3OG=");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, false)) {
@@ -124,7 +124,7 @@ public void testPassthroughException() throws InterruptedException {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "AES");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA==");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg==");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header), 0, true)) {
 			decryptor.cancelWithException(new IOException("can not do"));

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileHeaderTest.java

@@ -53,13 +53,26 @@ public void testEncryption() {
 
 	@Test
 	public void testDecryption() {
+		final byte[] keyBytes = new byte[32];
+		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
+		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
+		final ByteBuffer headerBuf = ByteBuffer.wrap(Base64.decode("AAAAAAAAAAAAAAAAAAAAACNqP4ddv3Z2rUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga24VjC86+zlHN49BfMdzvHF3f9EE0LSnRLSsu6ps3IRcJg=="));
+		final FileHeader header = FileHeader.decrypt(headerKey, new ThreadLocalMac(macKey, "HmacSHA256"), headerBuf);
+
+		Assert.assertEquals(-1l, header.getPayload().getFilesize());
+		Assert.assertArrayEquals(new byte[16], header.getIv());
+		Assert.assertArrayEquals(new byte[32], header.getPayload().getContentKey().getEncoded());
+	}
+
+	@Test
+	public void testDecryptionOfOldHeader() {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "HmacSHA256");
 		final ByteBuffer headerBuf = ByteBuffer.wrap(Base64.decode("AAAAAAAAAAAAAAAAAAAAANyVwHiiQImjrUiiFJKEIIdTD4r7x0U2ualjtPHEy3OLzqdAPU1ga26lJzstK9RUv1hj5zDC4wC9FgMfoVE1mD0HnuENuYXkJA=="));
 		final FileHeader header = FileHeader.decrypt(headerKey, new ThreadLocalMac(macKey, "HmacSHA256"), headerBuf);
 
-		Assert.assertEquals(42, header.getPayload().getFilesize());
+		Assert.assertEquals(42l, header.getPayload().getFilesize());
 		Assert.assertArrayEquals(new byte[16], header.getIv());
 		Assert.assertArrayEquals(new byte[32], header.getPayload().getContentKey().getEncoded());
 	}

main/ui/src/main/java/org/cryptomator/ui/controllers/ChangePasswordController.java

@@ -124,6 +124,7 @@ void setVault(Vault vault) {
 		// trigger "default" change to refresh key bindings:
 		changePasswordButton.setDefaultButton(false);
 		changePasswordButton.setDefaultButton(true);
+		messageText.setText(null);
 	}
 
 	// ****************************************
@@ -144,7 +145,7 @@ private void didClickChangePasswordButton(ActionEvent event) {
 		downloadsPageLink.setVisible(false);
 		try {
 			vault.changePassphrase(oldPasswordField.getCharacters(), newPasswordField.getCharacters());
-			messageText.setText(localization.getString("changePassword.infoMessage.success"));
+			messageText.setText(null);
 			listener.ifPresent(this::invokeListenerLater);
 		} catch (InvalidPassphraseException e) {
 			messageText.setText(localization.getString("changePassword.errorMessage.wrongPassword"));

main/ui/src/main/java/org/cryptomator/ui/controllers/UnlockController.java

@@ -178,7 +178,7 @@ void setVault(Vault vault) {
 
 	@FXML
 	public void didClickDownloadsLink(ActionEvent event) {
-		app.getHostServices().showDocument("https://cryptomator.org/downloads/");
+		app.getHostServices().showDocument("https://cryptomator.org/downloads/#allVersions");
 	}
 
 	// ****************************************
@@ -311,11 +311,15 @@ private void unlock(CharSequence password) {
 			});
 		} catch (UnsupportedVaultFormatException e) {
 			Platform.runLater(() -> {
-				downloadsPageLink.setVisible(true);
 				if (e.isVaultOlderThanSoftware()) {
+					// whitespace after localized text used as separator between text and hyperlink
 					messageText.setText(localization.getString("unlock.errorMessage.unsupportedVersion.vaultOlderThanSoftware") + " ");
+					downloadsPageLink.setVisible(true);
 				} else if (e.isSoftwareOlderThanVault()) {
 					messageText.setText(localization.getString("unlock.errorMessage.unsupportedVersion.softwareOlderThanVault") + " ");
+					downloadsPageLink.setVisible(true);
+				} else if (e.getDetectedVersion() == Integer.MAX_VALUE) {
+					messageText.setText(localization.getString("unlock.errorMessage.unauthenticVersionMac"));
 				}
 			});
 		} catch (FrontendCreationFailedException | CommandFailedException e) {

main/ui/src/main/java/org/cryptomator/ui/model/UpgradeStrategy.java

@@ -57,7 +57,15 @@ public void upgrade(Vault vault, CharSequence passphrase) throws UpgradeFailedEx
 			Files.write(masterkeyFileAfterUpgrade, upgradedMasterkeyFileContents, StandardOpenOption.TRUNCATE_EXISTING);
 		} catch (InvalidPassphraseException e) {
 			throw new UpgradeFailedException(localization.getString("unlock.errorMessage.wrongPassword"));
-		} catch (IOException | UnsupportedVaultFormatException e) {
+		} catch (UnsupportedVaultFormatException e) {
+			if (e.getDetectedVersion() == Integer.MAX_VALUE) {
+				LOG.warn("Version MAC authentication error in vault {}", vault.path().get());
+				throw new UpgradeFailedException(localization.getString("unlock.errorMessage.unauthenticVersionMac"));
+			} else {
+				LOG.warn("Upgrade failed.", e);
+				throw new UpgradeFailedException("Upgrade failed. Details in log message.");
+			}
+		} catch (IOException e) {
 			LOG.warn("Upgrade failed.", e);
 			throw new UpgradeFailedException("Upgrade failed. Details in log message.");
 		} finally {

main/ui/src/main/java/org/cryptomator/ui/model/Vault.java

@@ -168,7 +168,7 @@ private Map<MountParam, Optional<String>> getMountParams(Settings settings) {
 		);
 	}
 
-	public void reveal() throws CommandFailedException {
+	public synchronized void reveal() throws CommandFailedException {
 		Optionals.ifPresent(filesystemFrontend.get(), Frontend::reveal);
 	}
 
@@ -190,7 +190,7 @@ public boolean shouldSkipAuthentication(String cleartextPath) {
 	// Getter/Setter
 	// *******************************************************************************/
 
-	public String getWebDavUrl() {
+	public synchronized String getWebDavUrl() {
 		return filesystemFrontend.get().map(Frontend::getWebDavUrl).orElseThrow(IllegalStateException::new);
 	}
 

main/ui/src/main/resources/localization/de.txt

@@ -82,4 +82,10 @@ main.directoryList.remove.confirmation.title = Tresor entfernen
 main.directoryList.remove.confirmation.header = Möchten Sie diesen Tresor wirklich entfernen?
 main.directoryList.remove.confirmation.content = Dieser Tresor wird nur aus der Liste entfernt. Um den Tresor unwiderruflich zu löschen, entfernen Sie bitte die Dateien aus Ihrem Dateisystem.
 upgrade.version3to4.msg = Dieser Tresor muss auf ein neueres Format aktualisiert werden.\nVerschlüsselte Ordnernamen werden dabei aktualisiert.\nStellen Sie bitte sicher, dass derzeit keine Synchronisation stattfindet.
-upgrade.version3to4.err.io = Migration aufgrund eines I/O-Fehlers fehlgeschlagen.\nWeitere Informationen in der Log-Datei.
+upgrade.version3to4.err.io = Migration aufgrund eines I/O-Fehlers fehlgeschlagen.\nWeitere Informationen in der Log-Datei.
+settings.prefGvfsScheme.label = WebDAV Schema
+# upgrade.fxml
+upgrade.confirmation.label = Ja, die Synchronisation ist abgeschlossen
+initialize.messageLabel.notEmpty = Tresor ist nicht leer
+unlock.label.savePassword = Passwort speichern
+unlock.errorMessage.unauthenticVersionMac = Versions-MAC konnte nicht authentifiziert werden.

main/ui/src/main/resources/localization/en.txt

@@ -63,6 +63,7 @@ unlock.errorMessage.wrongPassword=Wrong password
 unlock.errorMessage.mountingFailed=Mounting failed. See log file for details.
 unlock.errorMessage.unsupportedVersion.vaultOlderThanSoftware=Unsupported vault. This vault has been created with an older version of Cryptomator.
 unlock.errorMessage.unsupportedVersion.softwareOlderThanVault=Unsupported vault. This vault has been created with a newer version of Cryptomator.
+unlock.errorMessage.unauthenticVersionMac=Could not authenticate version MAC.
 unlock.messageLabel.startServerFailed=Starting WebDAV server failed.
 
 # change_password.fxml
@@ -73,7 +74,6 @@ changePassword.label.downloadsPageLink=All Cryptomator versions
 changePassword.button.change=Change password
 changePassword.errorMessage.wrongPassword=Wrong password
 changePassword.errorMessage.decryptionFailed=Decryption failed
-changePassword.infoMessage.success=Password changed
 
 # unlocked.fxml
 unlocked.button.lock=Lock vault

main/ui/src/main/resources/localization/es.txt

@@ -14,7 +14,7 @@ initialize.label.password = Contraseña
 initialize.label.retypePassword = Reintroduzca contraseña
 initialize.button.ok = Crear caja fuerte
 initialize.messageLabel.alreadyInitialized = Caja fuerte ya está inicializado
-initialize.messageLabel.initializationFailed = No se pudo inicializar la caja fuerte. Ver archivo de registro para detalles. 
+initialize.messageLabel.initializationFailed = No se pudo inicializar la caja fuerte. Ver archivo de registro para detalles.
 # notfound.fxml
 notfound.label = No se pudo encontrar la caja fuerte. Se movió a otro lugar?
 # upgrade.fxml
@@ -83,4 +83,10 @@ main.directoryList.remove.confirmation.title = Borrar caja fuerte
 main.directoryList.remove.confirmation.header = ¿Quieres de verdad borrar este caja fuerte?
 main.directoryList.remove.confirmation.content = La caja fuerte solo se borra de la lista. Para eliminarla permanente por favor elimina los datos de tú sistema de archivos.
 upgrade.version3to4.msg = Este caja fuerte se debe migrar a un formato más reciente.\nLos nombres de las carpetas cifradas se actualizan.\nPor favor asegurarse de que la sincronización ha terminado antes de seguir.
-upgrade.version3to4.err.io = Migración ha fallado por causa de una excepción I/O. Para detalles revisa el archivo de registro.
+upgrade.version3to4.err.io = Migración ha fallado por causa de una excepción I/O. Para detalles revisa el archivo de registro.
+settings.prefGvfsScheme.label = WebDAV scheme
+# upgrade.fxml
+upgrade.confirmation.label = Yes, I've made sure that synchronization has finished
+initialize.messageLabel.notEmpty = Vault not empty
+unlock.label.savePassword = Save password
+unlock.errorMessage.unauthenticVersionMac = Could not authenticate version MAC.

main/ui/src/main/resources/localization/fr.txt

@@ -78,10 +78,16 @@ initialize.messageLabel.passwordStrength.0 = Très faible
 initialize.messageLabel.passwordStrength.1 = Faible
 initialize.messageLabel.passwordStrength.2 = Raisonnable
 initialize.messageLabel.passwordStrength.3 = Fort
-initialize.messageLabel.passwordStrength.4 = Très fort\n
+initialize.messageLabel.passwordStrength.4 = Très fort
 initialize.label.doNotForget = ATTENTION \: Si vous oubliez votre mot de passe, il n'y aura aucun moyen de récupérer vos données.
 main.directoryList.remove.confirmation.title = Retirer un coffre
 main.directoryList.remove.confirmation.header = Voulez-vous vraiment retirer ce coffre ?
 main.directoryList.remove.confirmation.content = Le coffre sera simplement retiré de la liste. Pour le supprimer complètement, supprimez les fichiers depuis votre système de fichiers.
 upgrade.version3to4.msg = Ce coffre doit être converti dans un nouveau format. Les noms de dossiers chiffrés seront mis à jour.\nMerci de vous assurer que la procédure de synchronisation est terminée avant de continuer.
-upgrade.version3to4.err.io = La migration a échoué à cause d'une erreur d'entrée/sortie. Référez-vous au fichier log pour plus de détails.
+upgrade.version3to4.err.io = La migration a échoué à cause d'une erreur d'entrée/sortie. Référez-vous au fichier log pour plus de détails.
+settings.prefGvfsScheme.label = Schéma d'URI WebDAV
+# upgrade.fxml
+upgrade.confirmation.label = Oui, je suis certain que la synchronisation est finie
+initialize.messageLabel.notEmpty = Vault not empty
+unlock.label.savePassword = Save password
+unlock.errorMessage.unauthenticVersionMac = Could not authenticate version MAC.

main/ui/src/main/resources/localization/hu.txt

@@ -79,4 +79,12 @@ initialize.messageLabel.passwordStrength.4 = Nagyon erős
 initialize.label.doNotForget = FONTOS\: Ha elfelejted a jelszavadat, akkor nincs lehetőség az adataid visszaállítására.
 main.directoryList.remove.confirmation.title = Széf eltávolítása
 main.directoryList.remove.confirmation.header = Tényleg törölni akarod ezt a széfet?
-main.directoryList.remove.confirmation.content = A széf csak a listából lesz eltávolítva. Végleges törléshez kérlek töröld a merevlemezen tárolt fájlokat.
+main.directoryList.remove.confirmation.content = A széf csak a listából lesz eltávolítva. Végleges törléshez kérlek töröld a merevlemezen tárolt fájlokat.
+upgrade.version3to4.msg = Ennek a széfnek egy újabb formátumra való migrációja szükséges. A titkosított könyvtárnevek frissítve lesznek. Kérlek, győződj meg a szinkronizáció befejeztéről mielőtt továbblépnél.
+upgrade.version3to4.err.io = Migráció meghíusúlt egy I/O kivétel miatt. Kérlek nézd meg a naplófájlt a további részletekért.
+settings.prefGvfsScheme.label = WebDAV séma
+# upgrade.fxml
+upgrade.confirmation.label = Yes, I've made sure that synchronization has finished
+initialize.messageLabel.notEmpty = Vault not empty
+unlock.label.savePassword = Save password
+unlock.errorMessage.unauthenticVersionMac = Could not authenticate version MAC.