From 06ff23ecea64cc5a0c3c2eb127ebf8c0c390dbac Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 15 Nov 2021 13:12:48 +0100
Subject: [PATCH 1/4] bump cryptolib to 2.0.3

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1a62939b..c2122bd9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
 		<maven.compiler.release>17</maven.compiler.release>
 
 		<!-- dependencies -->
-		<cryptolib.version>2.0.2</cryptolib.version>
+		<cryptolib.version>2.0.3</cryptolib.version>
 		<jwt.version>3.18.1</jwt.version>
 		<dagger.version>2.37</dagger.version>
 		<guava.version>30.1.1-jre</guava.version>

From 96385f0b48042eb19a0af838f2be01d937c526ec Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 15 Nov 2021 13:14:59 +0100
Subject: [PATCH 2/4] attempt backup of vault config on every filesystem
 creation

---
 .../cryptofs/CryptoFileSystems.java           | 15 +++++++++++
 .../cryptofs/CryptoFileSystemsTest.java       | 25 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/src/main/java/org/cryptomator/cryptofs/CryptoFileSystems.java b/src/main/java/org/cryptomator/cryptofs/CryptoFileSystems.java
index 001e2189..6c10a1d9 100644
--- a/src/main/java/org/cryptomator/cryptofs/CryptoFileSystems.java
+++ b/src/main/java/org/cryptomator/cryptofs/CryptoFileSystems.java
@@ -1,5 +1,6 @@
 package org.cryptomator.cryptofs;
 
+import org.cryptomator.cryptofs.common.BackupHelper;
 import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -51,6 +52,7 @@ public CryptoFileSystemImpl create(CryptoFileSystemProvider provider, Path pathT
 		var keyId = configLoader.getKeyId();
 		try (Masterkey key = properties.keyLoader().loadKey(keyId)) {
 			var config = configLoader.verify(key.getEncoded(), Constants.VAULT_VERSION);
+			backupVaultConfigFile(normalizedPathToVault, properties);
 			var adjustedProperties = adjustForCapabilities(pathToVault, properties);
 			var cryptor = CryptorProvider.forScheme(config.getCipherCombo()).provide(key.copy(), csprng);
 			try {
@@ -71,6 +73,7 @@ public CryptoFileSystemImpl create(CryptoFileSystemProvider provider, Path pathT
 
 	/**
 	 * Checks if the vault has a content root folder. If not, an exception is raised.
+	 *
 	 * @param pathToVault Path to the vault root
 	 * @param cryptor Cryptor object initialized with the correct masterkey
 	 * @throws ContentRootMissingException If the existence of encrypted vault content root cannot be ensured
@@ -119,6 +122,18 @@ private String readVaultConfigFile(Path pathToVault, CryptoFileSystemProperties
 		}
 	}
 
+	/**
+	 * Attempts to create a backup of the vault config or compares to an existing one.
+	 *
+	 * @param pathToVault path to the vault's root
+	 * @param properties properties used when attempting to construct a fs for this vault
+	 * @throws IOException If the config cannot be read
+	 */
+	private void backupVaultConfigFile(Path pathToVault, CryptoFileSystemProperties properties) throws IOException {
+		Path vaultConfigFile = pathToVault.resolve(properties.vaultConfigFilename());
+		BackupHelper.attemptBackup(vaultConfigFile);
+	}
+
 	private CryptoFileSystemProperties adjustForCapabilities(Path pathToVault, CryptoFileSystemProperties originalProperties) throws FileSystemCapabilityChecker.MissingCapabilityException {
 		if (!originalProperties.readonly()) {
 			try {
diff --git a/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemsTest.java b/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemsTest.java
index 8f5461c0..fc2e80ac 100644
--- a/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemsTest.java
+++ b/src/test/java/org/cryptomator/cryptofs/CryptoFileSystemsTest.java
@@ -1,5 +1,6 @@
 package org.cryptomator.cryptofs;
 
+import org.cryptomator.cryptofs.common.BackupHelper;
 import org.cryptomator.cryptofs.common.Constants;
 import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -36,6 +37,7 @@ public class CryptoFileSystemsTest {
 	private final Path pathToVault = mock(Path.class, "vaultPath");
 	private final Path normalizedPathToVault = mock(Path.class, "normalizedVaultPath");
 	private final Path configFilePath = mock(Path.class, "normalizedVaultPath/vault.cryptomator");
+	private final Path configFileBackupPath = mock(Path.class, "normalizedVaultPath/vault.cryptomator.12345678.bkup");
 	private final Path dataDirPath = mock(Path.class, "normalizedVaultPath/d");
 	private final Path preContenRootPath = mock(Path.class, "normalizedVaultPath/d/AB");
 	private final Path contenRootPath = mock(Path.class, "normalizedVaultPath/d/AB/CDEFGHIJKLMNOP");
@@ -61,6 +63,7 @@ public class CryptoFileSystemsTest {
 	private MockedStatic<VaultConfig> vaultConficClass;
 	private MockedStatic<Files> filesClass;
 	private MockedStatic<CryptorProvider> cryptorProviderClass;
+	private MockedStatic<BackupHelper> backupHelperClass;
 
 	private final CryptoFileSystems inTest = new CryptoFileSystems(cryptoFileSystemComponentBuilder, capabilityChecker, csprng);
 
@@ -69,6 +72,7 @@ public void setup() throws IOException, MasterkeyLoadingFailedException {
 		vaultConficClass = Mockito.mockStatic(VaultConfig.class);
 		filesClass = Mockito.mockStatic(Files.class);
 		cryptorProviderClass = Mockito.mockStatic(CryptorProvider.class);
+		backupHelperClass = Mockito.mockStatic(BackupHelper.class);
 
 		when(pathToVault.normalize()).thenReturn(normalizedPathToVault);
 		when(normalizedPathToVault.resolve("vault.cryptomator")).thenReturn(configFilePath);
@@ -77,6 +81,7 @@ public void setup() throws IOException, MasterkeyLoadingFailedException {
 		filesClass.when(() -> Files.readString(configFilePath, StandardCharsets.US_ASCII)).thenReturn("jwt-vault-config");
 		vaultConficClass.when(() -> VaultConfig.decode("jwt-vault-config")).thenReturn(configLoader);
 		cryptorProviderClass.when(() -> CryptorProvider.forScheme(cipherCombo)).thenReturn(cryptorProvider);
+		backupHelperClass.when(() -> BackupHelper.attemptBackup(configFilePath)).thenReturn(configFileBackupPath);
 		when(VaultConfig.decode("jwt-vault-config")).thenReturn(configLoader);
 		when(configLoader.getKeyId()).thenReturn(URI.create("test:key"));
 		when(keyLoader.loadKey(Mockito.any())).thenReturn(masterkey);
@@ -105,6 +110,7 @@ public void tearDown() {
 		vaultConficClass.close();
 		filesClass.close();
 		cryptorProviderClass.close();
+		backupHelperClass.close();
 	}
 
 	@Test
@@ -153,6 +159,25 @@ public void testCreateThrowsIOExceptionIfContentRootExistenceCheckFails() {
 		Assertions.assertThrows(IOException.class, () -> inTest.create(provider, pathToVault, properties));
 	}
 
+	@Test
+	public void testCreateAttemptsBackupOnSuccessfulVerification() throws IOException {
+		inTest.create(provider, pathToVault, properties);
+		backupHelperClass.verify(() -> BackupHelper.attemptBackup(configFilePath));
+	}
+
+	@Test
+	public void testCreateWithFailedConfigVerificationMakesNoBackup() throws IOException {
+		when(configLoader.verify(rawKey, Constants.VAULT_VERSION)).thenThrow(VaultKeyInvalidException.class);
+		Assertions.assertThrows(VaultKeyInvalidException.class, () -> inTest.create(provider, pathToVault, properties));
+		backupHelperClass.verify(() -> BackupHelper.attemptBackup(configFilePath), Mockito.never());
+	}
+
+	@Test
+	public void testCreateThrowsIOExceptionIfBackupAttemptThrowsOne() throws IOException {
+		backupHelperClass.when(() -> BackupHelper.attemptBackup(configFilePath)).thenThrow(new IOException());
+		Assertions.assertThrows(IOException.class,() -> inTest.create(provider, pathToVault, properties));
+	}
+
 	@Test
 	public void testGetReturnsFileSystemForPathIfItExists() throws IOException, MasterkeyLoadingFailedException {
 		CryptoFileSystemImpl fileSystem = inTest.create(provider, pathToVault, properties);

From 7d8ba1a8d84ecd780dcc0dc8730c320be83eb976 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 15 Nov 2021 13:17:44 +0100
Subject: [PATCH 3/4] use new maven staging server

https://github.com/cryptomator/cryptomator/issues/1910
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index c2122bd9..8eb83e5d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -295,7 +295,7 @@
 				<repository>
 					<id>ossrh</id>
 					<name>Maven Central</name>
-					<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+					<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
 				</repository>
 			</distributionManagement>
 			<build>
@@ -307,7 +307,7 @@
 						<extensions>true</extensions>
 						<configuration>
 							<serverId>ossrh</serverId>
-							<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
 							<autoReleaseAfterClose>true</autoReleaseAfterClose>
 						</configuration>
 					</plugin>

From 41eda8c4114ef7ac3a4d995cbedaa4d14a1bd87d Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 29 Nov 2021 16:59:51 +0100
Subject: [PATCH 4/4] prepare 2.3.0

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 8eb83e5d..eb820a71 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptofs</artifactId>
-	<version>2.3.0-SNAPSHOT</version>
+	<version>2.3.0</version>
 	<name>Cryptomator Crypto Filesystem</name>
 	<description>This library provides the Java filesystem provider used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptofs</url>