Example 1 with CryptoException
use of com.dracoon.sdk.crypto.error.CryptoException in project cyberduck by iterate-ch.
the class SDSMissingFileKeysSchedulerFeature method operate.
@Override
public List<UserFileKeySetRequest> operate(final Session<?> client, final PasswordCallback callback, final Path file) throws BackgroundException {
final SDSSession session = (SDSSession) client;
final SDSNodeIdProvider nodeid = (SDSNodeIdProvider) session._getFeature(VersionIdProvider.class);
try {
final UserAccountWrapper account = session.userAccount();
if (!account.isEncryptionEnabled()) {
log.warn(String.format("No key pair found in user account %s", account));
return Collections.emptyList();
}
final List<UserFileKeySetRequest> processed = new ArrayList<>();
final UserKeyPairContainer userKeyPairContainer = session.keyPair();
final UserKeyPair keyPair = TripleCryptConverter.toCryptoUserKeyPair(userKeyPairContainer);
final TripleCryptKeyPair triplecrypt = new TripleCryptKeyPair();
final Credentials passphrase = triplecrypt.unlock(callback, session.getHost(), keyPair);
final UserKeyPairContainer userKeyPairContainerDeprecated = session.keyPairDeprecated();
Credentials passphraseDeprecated = passphrase;
if (userKeyPairContainerDeprecated != null) {
passphraseDeprecated = triplecrypt.unlock(callback, session.getHost(), TripleCryptConverter.toCryptoUserKeyPair(userKeyPairContainerDeprecated));
}
// Null when operating from scheduler. File reference is set for post upload.
final Long fileId = file != null ? Long.parseLong(nodeid.getVersionId(file, new DisabledListProgressListener())) : null;
UserFileKeySetBatchRequest request;
do {
if (log.isDebugEnabled()) {
log.debug(String.format("Request a list of missing file keys for file %s", file));
}
request = new UserFileKeySetBatchRequest();
final MissingKeysResponse missingKeys = new NodesApi(session.getClient()).requestMissingFileKeys(null, null, null, fileId, null, null, null);
final Map<Long, List<UserUserPublicKey>> userPublicKeys = missingKeys.getUsers().stream().collect(groupingBy(UserUserPublicKey::getId));
final Map<Long, List<FileFileKeys>> files = missingKeys.getFiles().stream().collect(groupingBy(FileFileKeys::getId));
for (UserIdFileIdItem item : missingKeys.getItems()) {
for (FileFileKeys fileKey : files.get(item.getFileId())) {
final EncryptedFileKey encryptedFileKey = TripleCryptConverter.toCryptoEncryptedFileKey(fileKey.getFileKeyContainer());
final UserKeyPairContainer keyPairForDecryption = session.getKeyPairForFileKey(encryptedFileKey.getVersion());
for (UserUserPublicKey userPublicKey : userPublicKeys.get(item.getUserId())) {
final EncryptedFileKey fk = this.encryptFileKey(TripleCryptConverter.toCryptoUserPrivateKey(keyPairForDecryption.getPrivateKeyContainer()), encryptedFileKey.getVersion() == EncryptedFileKey.Version.RSA2048_AES256GCM ? passphraseDeprecated : passphrase, userPublicKey, fileKey);
final UserFileKeySetRequest keySetRequest = new UserFileKeySetRequest().fileId(item.getFileId()).userId(item.getUserId()).fileKey(TripleCryptConverter.toSwaggerFileKey(fk));
if (log.isDebugEnabled()) {
log.debug(String.format("Missing file key processed for file %d and user %d", item.getFileId(), item.getUserId()));
}
request.addItemsItem(keySetRequest);
}
}
}
if (!request.getItems().isEmpty()) {
if (log.isDebugEnabled()) {
log.debug(String.format("Set file keys with %s", request));
}
new NodesApi(session.getClient()).setUserFileKeys(request, StringUtils.EMPTY);
processed.addAll(request.getItems());
}
} while (!request.getItems().isEmpty());
this.deleteDeprecatedKeyPair(session);
return processed;
} catch (ApiException e) {
throw new SDSExceptionMappingService(nodeid).map(e);
} catch (CryptoException e) {
throw new TripleCryptExceptionMappingService().map(e);
}
}
Also used :
MissingKeysResponse(ch.cyberduck.core.sds.io.swagger.client.model.MissingKeysResponse)
DisabledListProgressListener(ch.cyberduck.core.DisabledListProgressListener)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
ArrayList(java.util.ArrayList)
TripleCryptKeyPair(ch.cyberduck.core.sds.triplecrypt.TripleCryptKeyPair)
NodesApi(ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)
FileFileKeys(ch.cyberduck.core.sds.io.swagger.client.model.FileFileKeys)
ArrayList(java.util.ArrayList)
List(java.util.List)
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
VersionIdProvider(ch.cyberduck.core.features.VersionIdProvider)
UserUserPublicKey(ch.cyberduck.core.sds.io.swagger.client.model.UserUserPublicKey)
UserFileKeySetRequest(ch.cyberduck.core.sds.io.swagger.client.model.UserFileKeySetRequest)
UserIdFileIdItem(ch.cyberduck.core.sds.io.swagger.client.model.UserIdFileIdItem)
UserFileKeySetBatchRequest(ch.cyberduck.core.sds.io.swagger.client.model.UserFileKeySetBatchRequest)
TripleCryptExceptionMappingService(ch.cyberduck.core.sds.triplecrypt.TripleCryptExceptionMappingService)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
Credentials(ch.cyberduck.core.Credentials)
ApiException(ch.cyberduck.core.sds.io.swagger.client.ApiException)
Example 2 with CryptoException
use of com.dracoon.sdk.crypto.error.CryptoException in project cyberduck by iterate-ch.
the class SDSSharesUrlProvider method toDownloadUrl.
@Override
public DescriptiveUrl toDownloadUrl(final Path file, CreateDownloadShareRequest options, final PasswordCallback callback) throws BackgroundException {
try {
if (log.isDebugEnabled()) {
log.debug(String.format("Create download share for %s", file));
}
if (null == options) {
options = new CreateDownloadShareRequest();
log.warn(String.format("Use default share options %s", options));
}
final Long fileid = Long.parseLong(nodeid.getVersionId(file, new DisabledListProgressListener()));
final Host bookmark = session.getHost();
if (SDSNodeIdProvider.isEncrypted(file)) {
// get existing file key associated with the sharing user
final FileKey key = new NodesApi(session.getClient()).requestUserFileKey(fileid, null, null);
final EncryptedFileKey encFileKey = TripleCryptConverter.toCryptoEncryptedFileKey(key);
final UserKeyPairContainer keyPairContainer = session.getKeyPairForFileKey(encFileKey.getVersion());
final UserKeyPair userKeyPair = TripleCryptConverter.toCryptoUserKeyPair(keyPairContainer);
final Credentials passphrase = new TripleCryptKeyPair().unlock(callback, bookmark, userKeyPair);
final PlainFileKey plainFileKey = Crypto.decryptFileKey(encFileKey, userKeyPair.getUserPrivateKey(), passphrase.getPassword());
// encrypt file key with a new key pair
final UserKeyPair pair;
if (null == options.getPassword()) {
pair = Crypto.generateUserKeyPair(session.requiredKeyPairVersion(), callback.prompt(bookmark, LocaleFactory.localizedString("Passphrase", "Cryptomator"), LocaleFactory.localizedString("Provide additional login credentials", "Credentials"), new LoginOptions().icon(session.getHost().getProtocol().disk())).getPassword());
} else {
pair = Crypto.generateUserKeyPair(session.requiredKeyPairVersion(), options.getPassword());
}
final EncryptedFileKey encryptedFileKey = Crypto.encryptFileKey(plainFileKey, pair.getUserPublicKey());
options.setPassword(null);
options.setKeyPair(TripleCryptConverter.toSwaggerUserKeyPairContainer(pair));
options.setFileKey(TripleCryptConverter.toSwaggerFileKey(encryptedFileKey));
}
final DownloadShare share = new SharesApi(session.getClient()).createDownloadShare(options.nodeId(fileid), StringUtils.EMPTY, null);
final String help;
if (null == share.getExpireAt()) {
help = MessageFormat.format(LocaleFactory.localizedString("{0} URL"), LocaleFactory.localizedString("Pre-Signed", "S3"));
} else {
final long expiry = share.getExpireAt().getMillis();
help = MessageFormat.format(LocaleFactory.localizedString("{0} URL"), LocaleFactory.localizedString("Pre-Signed", "S3")) + " (" + MessageFormat.format(LocaleFactory.localizedString("Expires {0}", "S3") + ")", UserDateFormatterFactory.get().getShortFormat(expiry * 1000));
}
return new DescriptiveUrl(URI.create(String.format("%s://%s/#/public/shares-downloads/%s", bookmark.getProtocol().getScheme(), bookmark.getHostname(), share.getAccessKey())), DescriptiveUrl.Type.signed, help);
} catch (ApiException e) {
throw new SDSExceptionMappingService(nodeid).map(e);
} catch (CryptoException e) {
throw new TripleCryptExceptionMappingService().map(e);
}
}
Also used :
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
PlainFileKey(com.dracoon.sdk.crypto.model.PlainFileKey)
FileKey(ch.cyberduck.core.sds.io.swagger.client.model.FileKey)
DownloadShare(ch.cyberduck.core.sds.io.swagger.client.model.DownloadShare)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
DisabledListProgressListener(ch.cyberduck.core.DisabledListProgressListener)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
Host(ch.cyberduck.core.Host)
CreateDownloadShareRequest(ch.cyberduck.core.sds.io.swagger.client.model.CreateDownloadShareRequest)
TripleCryptKeyPair(ch.cyberduck.core.sds.triplecrypt.TripleCryptKeyPair)
LoginOptions(ch.cyberduck.core.LoginOptions)
NodesApi(ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)
DescriptiveUrl(ch.cyberduck.core.DescriptiveUrl)
SharesApi(ch.cyberduck.core.sds.io.swagger.client.api.SharesApi)
TripleCryptExceptionMappingService(ch.cyberduck.core.sds.triplecrypt.TripleCryptExceptionMappingService)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
Credentials(ch.cyberduck.core.Credentials)
PlainFileKey(com.dracoon.sdk.crypto.model.PlainFileKey)
ApiException(ch.cyberduck.core.sds.io.swagger.client.ApiException)
Example 3 with CryptoException
use of com.dracoon.sdk.crypto.error.CryptoException in project cyberduck by iterate-ch.
the class TripleCryptReadFeature method read.
@Override
public InputStream read(final Path file, final TransferStatus status, final ConnectionCallback callback) throws BackgroundException {
try {
final FileKey key = new NodesApi(session.getClient()).requestUserFileKey(Long.parseLong(nodeid.getVersionId(file, new DisabledListProgressListener())), null, null);
final EncryptedFileKey encFileKey = TripleCryptConverter.toCryptoEncryptedFileKey(key);
try {
final UserKeyPair userKeyPair = this.getUserKeyPair(encFileKey);
final PlainFileKey plainFileKey = Crypto.decryptFileKey(encFileKey, userKeyPair.getUserPrivateKey(), this.unlock(callback, userKeyPair).getPassword());
return new TripleCryptDecryptingInputStream(proxy.read(file, status, callback), Crypto.createFileDecryptionCipher(plainFileKey), CryptoUtils.stringToByteArray(plainFileKey.getTag()));
} catch (InvalidFileKeyException e) {
log.warn(String.format("Failure %s decrypting file key for %s. Invalidate cache", e, file));
session.resetUserKeyPairs();
final UserKeyPair userKeyPair = this.getUserKeyPair(encFileKey);
final PlainFileKey plainFileKey = Crypto.decryptFileKey(encFileKey, userKeyPair.getUserPrivateKey(), this.unlock(callback, userKeyPair).getPassword());
return new TripleCryptDecryptingInputStream(proxy.read(file, status, callback), Crypto.createFileDecryptionCipher(plainFileKey), CryptoUtils.stringToByteArray(plainFileKey.getTag()));
}
} catch (ApiException e) {
throw new SDSExceptionMappingService(nodeid).map("Download {0} failed", e, file);
} catch (CryptoException e) {
throw new TripleCryptExceptionMappingService().map("Download {0} failed", e, file);
}
}
Also used :
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
PlainFileKey(com.dracoon.sdk.crypto.model.PlainFileKey)
FileKey(ch.cyberduck.core.sds.io.swagger.client.model.FileKey)
NodesApi(ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)
InvalidFileKeyException(com.dracoon.sdk.crypto.error.InvalidFileKeyException)
DisabledListProgressListener(ch.cyberduck.core.DisabledListProgressListener)
SDSExceptionMappingService(ch.cyberduck.core.sds.SDSExceptionMappingService)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
PlainFileKey(com.dracoon.sdk.crypto.model.PlainFileKey)
ApiException(ch.cyberduck.core.sds.io.swagger.client.ApiException)
Example 4 with CryptoException
use of com.dracoon.sdk.crypto.error.CryptoException in project cyberduck by iterate-ch.
the class TripleCryptDecryptingInputStream method readNextChunk.
private int readNextChunk() throws IOException {
final ByteBuffer ciphertextBuf = ByteBuffer.allocate(SDSSession.DEFAULT_CHUNKSIZE);
final int read = IOUtils.read(proxy, ciphertextBuf.array());
if (lastread == 0) {
return IOUtils.EOF;
}
ciphertextBuf.position(read);
ciphertextBuf.flip();
try {
final PlainDataContainer pDataContainer;
if (read == 0) {
final PlainDataContainer c1 = cipher.processBytes(createEncryptedDataContainer(ciphertextBuf.array(), read, null));
final PlainDataContainer c2 = cipher.doFinal(new EncryptedDataContainer(null, tag));
pDataContainer = new PlainDataContainer(ArrayUtils.addAll(c1.getContent(), c2.getContent()));
} else {
pDataContainer = cipher.processBytes(createEncryptedDataContainer(ciphertextBuf.array(), read, null));
}
final byte[] content = pDataContainer.getContent();
buffer = ByteBuffer.allocate(content.length);
buffer.put(content);
buffer.flip();
lastread = read;
return content.length;
} catch (CryptoException e) {
throw new IOException(e);
}
}
Also used :
EncryptedDataContainer(com.dracoon.sdk.crypto.model.EncryptedDataContainer)
PlainDataContainer(com.dracoon.sdk.crypto.model.PlainDataContainer)
IOException(java.io.IOException)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
ByteBuffer(java.nio.ByteBuffer)
Example 5 with CryptoException
use of com.dracoon.sdk.crypto.error.CryptoException in project cyberduck by iterate-ch.
the class TripleCryptEncryptingInputStream method read.
@Override
public int read(final byte[] b, final int off, final int len) throws IOException {
try {
int read = 0;
if (buffer.hasRemaining()) {
// Buffer still has encrypted content available
read = Math.min(len, buffer.remaining());
System.arraycopy(buffer.array(), buffer.position(), b, off, read);
buffer.position(buffer.position() + read);
} else if (eof) {
// Buffer is consumed and EOF flag set
return IOUtils.EOF;
}
if (buffer.hasRemaining()) {
return read;
}
if (!eof) {
this.fillBuffer(len);
}
return read;
} catch (CryptoException e) {
throw new IOException(e);
}
}
Also used :
IOException(java.io.IOException)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
Aggregations
CryptoException (com.dracoon.sdk.crypto.error.CryptoException)6
ApiException (ch.cyberduck.core.sds.io.swagger.client.ApiException)4
UserKeyPair (com.dracoon.sdk.crypto.model.UserKeyPair)4
DisabledListProgressListener (ch.cyberduck.core.DisabledListProgressListener)3
NodesApi (ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)3
UserKeyPairContainer (ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)3
TripleCryptExceptionMappingService (ch.cyberduck.core.sds.triplecrypt.TripleCryptExceptionMappingService)3
TripleCryptKeyPair (ch.cyberduck.core.sds.triplecrypt.TripleCryptKeyPair)3
EncryptedFileKey (com.dracoon.sdk.crypto.model.EncryptedFileKey)3
Credentials (ch.cyberduck.core.Credentials)2
FileKey (ch.cyberduck.core.sds.io.swagger.client.model.FileKey)2
PlainFileKey (com.dracoon.sdk.crypto.model.PlainFileKey)2
IOException (java.io.IOException)2
DescriptiveUrl (ch.cyberduck.core.DescriptiveUrl)1
Host (ch.cyberduck.core.Host)1
LoginOptions (ch.cyberduck.core.LoginOptions)1
LoginCanceledException (ch.cyberduck.core.exception.LoginCanceledException)1
VersionIdProvider (ch.cyberduck.core.features.VersionIdProvider)1
SDSExceptionMappingService (ch.cyberduck.core.sds.SDSExceptionMappingService)1
SharesApi (ch.cyberduck.core.sds.io.swagger.client.api.SharesApi)1
