Merge branch 'release/1.4.4'

cryptomator · Feb 8, 2022 · a3ac5d1 · a3ac5d1
2 parents 58f836b + 72fea8c
commit a3ac5d1
Show file tree

Hide file tree

Showing 18 changed files with 107 additions and 77 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,21 +8,35 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-java@v2
         with:
           java-version: 11
-      - uses: actions/cache@v2
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v2
         with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
         run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
         id: buildAndTest
-        run: mvn -B clean install jacoco:report -Pcoverage,dependency-check
+        run: >
+          mvn -B verify
+          jacoco:report
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -Pcoverage,dependency-check
+          -Dsonar.projectKey=cryptomator_siv-mode
+          -Dsonar.organization=cryptomator
+          -Dsonar.host.url=https://sonarcloud.io
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Upload code coverage report
         id: codacyCoverageReporter
         run: bash <(curl -Ls https://coverage.codacy.com/get.sh)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -18,15 +18,11 @@ jobs:
     - uses: actions/checkout@v2
       with:
         fetch-depth: 2
-    - uses: actions/setup-java@v1
+    - uses: actions/setup-java@v2
       with:
         java-version: 11
-    - uses: actions/cache@v2
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+        distribution: 'temurin'
+        cache: 'maven'
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:

diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
@@ -13,20 +13,16 @@ jobs:
       - uses: actions/checkout@v2
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
           java-version: 11
+          distribution: 'temurin'
+          cache: 'maven'
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
           server-username: MAVEN_USERNAME # env variable for username in deploy
           server-password: MAVEN_PASSWORD # env variable for token in deploy
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
       - name: Enforce project version ${{ github.event.inputs.tag }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
       - name: Deploy

diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
@@ -8,17 +8,13 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
           java-version: 11
+          distribution: 'temurin'
+          cache: 'maven'
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy

diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # Java RFC 5297 SIV Authenticated Encryption
 
 [![Build](https://github.com/cryptomator/siv-mode/workflows/Build/badge.svg)](https://github.com/cryptomator/siv-mode/actions?query=workflow%3ABuild)
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/8b274788dab046259a40e56688236790)](https://www.codacy.com/gh/cryptomator/siv-mode/dashboard)
-[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/8b274788dab046259a40e56688236790)](https://www.codacy.com/gh/cryptomator/siv-mode/dashboard)
-[![Known Vulnerabilities](https://snyk.io/test/github/cryptomator/siv-mode/badge.svg)](https://snyk.io/test/github/cryptomator/siv-mode)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=cryptomator_siv-mode&metric=alert_status)](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=cryptomator_siv-mode&metric=coverage)](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=cryptomator_siv-mode&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
 [![Maven Central](https://img.shields.io/maven-central/v/org.cryptomator/siv-mode.svg?maxAge=86400)](https://repo1.maven.org/maven2/org/cryptomator/siv-mode/)
 [![Javadocs](http://www.javadoc.io/badge/org.cryptomator/siv-mode.svg)](http://www.javadoc.io/doc/org.cryptomator/siv-mode)
 

diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>siv-mode</artifactId>
-	<version>1.4.3</version>
+	<version>1.4.4</version>
 
 	<name>SIV Mode</name>
 	<description>RFC 5297 SIV mode: deterministic authenticated encryption</description>
@@ -37,14 +37,14 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
 		<!-- dependencies -->
-		<bouncycastle.version>1.69</bouncycastle.version>
+		<bouncycastle.version>1.70</bouncycastle.version>
 
 		<!-- test dependencies -->
-		<junit.version>5.7.2</junit.version>
-		<mockito.version>3.11.2</mockito.version>
-		<jmh.version>1.32</jmh.version>
+		<junit.version>5.8.2</junit.version>
+		<mockito.version>3.12.4</mockito.version>
+		<jmh.version>1.34</jmh.version>
 		<hamcrest.version>2.2</hamcrest.version>
-		<guava.version>30.1.1-jre</guava.version>
+		<guava.version>31.0.1-jre</guava.version>
 	</properties>
 
 	<dependencies>
@@ -100,7 +100,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>3.0.0-M3</version>
+				<version>3.0.0</version>
 				<executions>
 					<execution>
 						<id>enforce-java</id>
@@ -120,7 +120,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.8.1</version>
+				<version>3.9.0</version>
 				<configuration>
 					<release>8</release>
 					<encoding>UTF-8</encoding>
@@ -150,7 +150,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.2.0</version>
+				<version>3.2.2</version>
 				<configuration>
 					<archive>
 						<manifestEntries>
@@ -174,7 +174,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.3.0</version>
+				<version>3.3.1</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -235,7 +235,7 @@
 					<plugin>
 						<groupId>org.owasp</groupId>
 						<artifactId>dependency-check-maven</artifactId>
-						<version>6.2.2</version>
+						<version>6.5.3</version>
 						<configuration>
 							<cveValidForHours>24</cveValidForHours>
 							<failBuildOnCVSS>0</failBuildOnCVSS>
@@ -279,7 +279,7 @@
 			</build>
 		</profile>
 
-				<profile>
+		<profile>
 			<id>sign</id>
 			<build>
 				<plugins>
@@ -312,7 +312,7 @@
 				<repository>
 					<id>ossrh</id>
 					<name>Maven Central</name>
-					<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+					<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
 				</repository>
 			</distributionManagement>
 			<build>
@@ -324,7 +324,7 @@
 						<extensions>true</extensions>
 						<configuration>
 							<serverId>ossrh</serverId>
-							<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
 							<autoReleaseAfterClose>true</autoReleaseAfterClose>
 						</configuration>
 					</plugin>

diff --git a/src/main/java/org/cryptomator/siv/JceAesCtrComputer.java b/src/main/java/org/cryptomator/siv/JceAesCtrComputer.java
@@ -19,20 +19,17 @@ final class JceAesCtrComputer implements SivMode.CtrComputer {
 	private final ThreadLocal<Cipher> threadLocalCipher;
 
 	public JceAesCtrComputer(final Provider jceSecurityProvider) {
-		this.threadLocalCipher = new ThreadLocal<Cipher>(){
-			@Override
-			protected Cipher initialValue() {
-				try {
-					if (jceSecurityProvider == null) {
-						return Cipher.getInstance("AES/CTR/NoPadding");
-					} else {
-						return Cipher.getInstance("AES/CTR/NoPadding", jceSecurityProvider);
-					}
-				} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-					throw new IllegalStateException("AES/CTR/NoPadding not available on this platform.", e);
+		this.threadLocalCipher = ThreadLocals.withInitial(() -> {
+			try {
+				if (jceSecurityProvider == null) {
+					return Cipher.getInstance("AES/CTR/NoPadding");
+				} else {
+					return Cipher.getInstance("AES/CTR/NoPadding", jceSecurityProvider);
 				}
+			} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
+				throw new IllegalStateException("AES/CTR/NoPadding not available on this platform.", e);
 			}
-		};
+		});
 	}
 
 	@Override

diff --git a/src/main/java/org/cryptomator/siv/SivMode.java b/src/main/java/org/cryptomator/siv/SivMode.java
@@ -60,7 +60,7 @@ public SivMode(final Provider jceSecurityProvider) {
 	 * @param cipherFactory A factory method creating a Blockcipher.get(). Must use a block size of 128 bits (16 bytes).
 	 */
 	public SivMode(final BlockCipherFactory cipherFactory) {
-		this(ThreadLocals.withInitial(() -> cipherFactory.create()));
+		this(ThreadLocals.withInitial(cipherFactory::create));
 	}
 
 	private SivMode(final ThreadLocal<BlockCipher> threadLocalCipher) {
@@ -83,6 +83,9 @@ private SivMode(final ThreadLocal<BlockCipher> threadLocalCipher, final CtrCompu
 	 */
 	@FunctionalInterface
 	public interface BlockCipherFactory {
+		/**
+		 * @return New {@link BlockCipher} instance
+		 */
 		BlockCipher create();
 	}
 
@@ -134,7 +137,6 @@ public byte[] encrypt(byte[] ctrKey, byte[] macKey, byte[] plaintext, byte[]...
 			throw new IllegalArgumentException("Plaintext is too long");
 		}
 
-		assert plaintext.length + 15 < Integer.MAX_VALUE;
 		final byte[] iv = s2v(macKey, plaintext, associatedData);
 		final byte[] ciphertext = computeCtr(plaintext, ctrKey, iv);
 
@@ -190,9 +192,6 @@ public byte[] decrypt(byte[] ctrKey, byte[] macKey, byte[] ciphertext, byte[]...
 
 		final byte[] iv = Arrays.copyOf(ciphertext, 16);
 		final byte[] actualCiphertext = Arrays.copyOfRange(ciphertext, 16, ciphertext.length);
-
-		assert actualCiphertext.length == ciphertext.length - 16;
-		assert actualCiphertext.length + 15 < Integer.MAX_VALUE;
 		final byte[] plaintext = computeCtr(actualCiphertext, ctrKey, iv);
 		final byte[] control = s2v(macKey, plaintext, associatedData);
 

diff --git a/src/main/java/org/cryptomator/siv/ThreadLocals.java b/src/main/java/org/cryptomator/siv/ThreadLocals.java
@@ -2,8 +2,15 @@
 
 import java.util.function.Supplier;
 
+/**
+ * Shim for Android 7.x
+ * @see <a href="https://github.com/cryptomator/siv-mode/issues/17">Issue 17</a>
+ */
 class ThreadLocals {
 
+	private ThreadLocals() {
+	}
+
 	static <S> ThreadLocal<S> withInitial(Supplier<S> supplier) {
 		// ThreadLocal.withInitial is unavailable on Android 7.x
 		return new ThreadLocal<S>() {

diff --git a/src/main/java/org/cryptomator/siv/UnauthenticCiphertextException.java b/src/main/java/org/cryptomator/siv/UnauthenticCiphertextException.java
@@ -7,6 +7,12 @@
  */
 public class UnauthenticCiphertextException extends BadPaddingException {
 
+	/**
+	 * Constructs a UnauthenticCiphertextException with the specified
+	 * detail message.
+	 *
+	 * @param message the detail message.
+	 */
 	public UnauthenticCiphertextException(String message) {
 		super(message);
 	}

diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/macs/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/macs/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/modes/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/modes/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/paddings/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/paddings/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/params/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/crypto/params/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java/org/cryptomator/siv/org/bouncycastle/util/Placeholder.java b/src/main/java/org/cryptomator/siv/org/bouncycastle/util/Placeholder.java
@@ -4,5 +4,5 @@
  * module-info will be evaluated before maven-shade-plugin, so we need this placeholder
  * to avoid complaints about this package being empty.
  */
-class Placeholder {
+interface Placeholder {
 }
diff --git a/src/main/java9/org.cryptomator.siv/ThreadLocals.java b/src/main/java9/org.cryptomator.siv/ThreadLocals.java
@@ -4,6 +4,9 @@
 
 class ThreadLocals {
 
+	private ThreadLocals() {
+	}
+
 	static <S> ThreadLocal<S> withInitial(Supplier<S> supplier) {
 		return ThreadLocal.withInitial(supplier);
 	}