Merge branch 'release/1.2.3'

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "UTC"
+    groups:
+      maven-dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/build.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: windows-latest
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
@@ -25,7 +25,8 @@ jobs:
       - name: Build and Test
         id: buildAndTest
         run: mvn -B clean test -Pdependency-check
-      - name: Codesign DLL
+      - name: Codesign DLL on release
+        if: startsWith(github.ref, 'refs/tags/')
         uses: skymatic/code-sign-action@v2
         with:
           certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}

.github/workflows/codeql-analysis.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: windows-2019
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 2
     - uses: actions/setup-java@v3

.github/workflows/publish-central.yml

@@ -15,7 +15,7 @@ jobs:
   publish:
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
       - uses: actions/setup-java@v3

.github/workflows/publish-github.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: windows-latest
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-java@v3
         with:
           distribution: 'temurin'

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.cryptomator</groupId>
     <artifactId>integrations-win</artifactId>
-    <version>1.2.2</version>
+    <version>1.2.3</version>
 
     <name>Cryptomator Integrations for Windows</name>
     <description>Provides optional Windows services used by Cryptomator</description>
@@ -37,17 +37,17 @@
 		<project.jdk.version>17</project.jdk.version>
 
         <!-- runtime dependencies -->
-        <api.version>1.2.0</api.version>
-        <slf4j.version>1.7.36</slf4j.version>
-        <gson.version>2.9.0</gson.version>
+        <api.version>1.3.0</api.version>
+        <slf4j.version>2.0.9</slf4j.version>
+		<jackson.version>2.15.2</jackson.version>
 
         <!-- test dependencies -->
-		<junit.jupiter.version>5.8.2</junit.jupiter.version>
-		<mockito.version>4.4.0</mockito.version>
+		<junit.jupiter.version>5.10.0</junit.jupiter.version>
+		<mockito.version>5.5.0</mockito.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>8.1.0</dependency-check.version>
-		<nexus-staging.version>1.6.8</nexus-staging.version>
+		<dependency-check.version>8.4.0</dependency-check.version>
+		<nexus-staging.version>1.6.13</nexus-staging.version>
     </properties>
 
     <licenses>
@@ -69,11 +69,16 @@
             <artifactId>slf4j-api</artifactId>
             <version>${slf4j.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>${gson.version}</version>
-        </dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+			<version>${jackson.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-annotations</artifactId>
+			<version>${jackson.version}</version>
+		</dependency>
 
         <!-- JUnit / Mockito / Hamcrest -->
         <dependency>
@@ -101,7 +106,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.3.1</version>
                 <configuration>
                     <filesets>
                         <fileset>
@@ -117,7 +122,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.11.0</version>
                 <configuration>
                     <compilerArgs>
                         <arg>-h</arg>
@@ -129,7 +134,7 @@
             <plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>3.0.0</version>
+				<version>3.4.1</version>
 				<executions>
 					<execution>
 						<id>check-preconditions</id>
@@ -149,7 +154,7 @@
 			</plugin>
             <plugin>
                 <artifactId>maven-resources-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.1</version>
                 <executions>
                     <execution>
                         <id>copy-dlls</id>
@@ -175,11 +180,11 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.0.0-M5</version>
+                <version>3.1.2</version>
             </plugin>
             <plugin>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -191,7 +196,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.3.2</version>
+                <version>3.6.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>
@@ -274,7 +279,7 @@
 					<plugin>
 						<groupId>org.codehaus.mojo</groupId>
 						<artifactId>exec-maven-plugin</artifactId>
-						<version>3.0.0</version>
+						<version>3.1.0</version>
 						<executions>
 							<execution>
 								<goals>
@@ -304,7 +309,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.1.0</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -365,7 +370,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-deploy-plugin</artifactId>
-						<version>3.1.0</version>
+						<version>3.1.1</version>
 					</plugin>
 				</plugins>
 			</build>

src/main/java/module-info.java

@@ -10,9 +10,10 @@
 module org.cryptomator.integrations.win {
 	requires org.cryptomator.integrations.api;
 	requires org.slf4j;
-	requires com.google.gson;
+	requires com.fasterxml.jackson.annotation;
+	requires com.fasterxml.jackson.databind;
 
-	opens org.cryptomator.windows.keychain to com.google.gson;
+	opens org.cryptomator.windows.keychain to com.fasterxml.jackson.databind;
 
 	provides AutoStartProvider with WindowsAutoStart;
 	provides KeychainAccessProvider with WindowsProtectedKeychainAccess;

src/main/java/org/cryptomator/windows/keychain/KeychainEntry.java

@@ -1,12 +1,7 @@
 package org.cryptomator.windows.keychain;
 
-import com.google.gson.annotations.SerializedName;
 
-class KeychainEntry {
+import com.fasterxml.jackson.annotation.JsonProperty;
 
-	@SerializedName("ciphertext")
-	byte[] ciphertext;
-
-	@SerializedName("salt")
-	byte[] salt;
+record KeychainEntry(@JsonProperty("ciphertext") byte[] ciphertext, @JsonProperty("salt") byte[] salt) {
 }

src/main/java/org/cryptomator/windows/keychain/WindowsProtectedKeychainAccess.java

@@ -1,9 +1,8 @@
 package org.cryptomator.windows.keychain;
 
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonParseException;
-import com.google.gson.reflect.TypeToken;
+import com.fasterxml.jackson.core.JacksonException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.cryptomator.integrations.common.OperatingSystem;
 import org.cryptomator.integrations.common.Priority;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
@@ -19,7 +18,6 @@
 import java.io.OutputStreamWriter;
 import java.io.Reader;
 import java.io.Writer;
-import java.lang.reflect.Type;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.file.Files;
@@ -49,11 +47,7 @@ public class WindowsProtectedKeychainAccess implements KeychainAccessProvider {
 	private static final Logger LOG = LoggerFactory.getLogger(WindowsProtectedKeychainAccess.class);
 	private static final Path USER_HOME_REL = Path.of("~");
 	private static final Path USER_HOME = Path.of(System.getProperty("user.home"));
-	private static final Gson GSON = new GsonBuilder() //
-			.setPrettyPrinting() //
-			.registerTypeHierarchyAdapter(byte[].class, new ByteArrayJsonAdapter()) //
-			.disableHtmlEscaping() //
-			.create();
+	private static final ObjectMapper JSON_MAPPER = new ObjectMapper();
 
 	private final List<Path> keychainPaths;
 	private final WinDataProtection dataProtection;
@@ -103,12 +97,11 @@ public void storePassphrase(String key, String displayName, CharSequence passphr
 		ByteBuffer buf = UTF_8.encode(CharBuffer.wrap(passphrase));
 		byte[] cleartext = new byte[buf.remaining()];
 		buf.get(cleartext);
-		KeychainEntry entry = new KeychainEntry();
-		entry.salt = generateSalt();
-		entry.ciphertext = dataProtection.protect(cleartext, entry.salt);
+		var salt = generateSalt();
+		var ciphertext = dataProtection.protect(cleartext, salt);
 		Arrays.fill(buf.array(), (byte) 0x00);
 		Arrays.fill(cleartext, (byte) 0x00);
-		keychainEntries.put(key, entry);
+		keychainEntries.put(key, new KeychainEntry(ciphertext, salt));
 		saveKeychainEntries();
 	}
 
@@ -119,7 +112,7 @@ public char[] loadPassphrase(String key) throws KeychainAccessException {
 		if (entry == null) {
 			return null;
 		}
-		byte[] cleartext = dataProtection.unprotect(entry.ciphertext, entry.salt);
+		byte[] cleartext = dataProtection.unprotect(entry.ciphertext(), entry.salt());
 		if (cleartext == null) {
 			return null;
 		}
@@ -184,12 +177,15 @@ private void loadKeychainEntriesIfNeeded() throws KeychainAccessException {
 	//visible for testing
 	Optional<Map<String, KeychainEntry>> loadKeychainEntries(Path keychainPath) throws KeychainAccessException {
 		LOG.debug("Attempting to load keychain from {}", keychainPath);
-		Type type = new TypeToken<Map<String, KeychainEntry>>() {
-		}.getType();
+		TypeReference<Map<String, KeychainEntry>> type = new TypeReference<>() {
+		};
 		try (InputStream in = Files.newInputStream(keychainPath, StandardOpenOption.READ); //
 			 Reader reader = new InputStreamReader(in, UTF_8)) {
-			return Optional.ofNullable(GSON.fromJson(reader, type));
-		} catch (NoSuchFileException | JsonParseException e) {
+			return Optional.ofNullable(JSON_MAPPER.readValue(reader, type));
+		} catch (NoSuchFileException e) {
+			return Optional.empty();
+		} catch (JacksonException je) {
+			LOG.warn("Unable to parse keychain file, overwriting existing one.");
 			return Optional.empty();
 		} catch (IOException e) {
 			throw new KeychainAccessException("Could not read keychain from path " + keychainPath, e);
@@ -206,7 +202,7 @@ private void saveKeychainEntries() throws KeychainAccessException {
 	private void saveKeychainEntries(Path keychainPath) throws KeychainAccessException {
 		try (OutputStream out = Files.newOutputStream(keychainPath, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); //
 			 Writer writer = new OutputStreamWriter(out, UTF_8)) {
-			GSON.toJson(keychainEntries, writer);
+			JSON_MAPPER.writeValue(writer, keychainEntries);
 		} catch (IOException e) {
 			throw new KeychainAccessException("Could not read keychain from path " + keychainPath, e);
 		}

src/test/java/org/cryptomator/windows/keychain/KeychainAccessProviderTest.java → src/test/java/org/cryptomator/windows/keychain/WindowsProtectedKeychainAccessIntegrationTest.java

@@ -11,11 +11,11 @@
 import org.junit.jupiter.api.io.TempDir;
 
 import java.io.IOException;
+import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.util.Objects;
 
-public class KeychainAccessProviderTest {
+public class WindowsProtectedKeychainAccessIntegrationTest {
 
 	@BeforeAll
 	public static void setup(@TempDir Path tmpDir) {
@@ -59,6 +59,15 @@ public void testEmptyFileReturnsEmpty() throws KeychainAccessException, IOExcept
 
 			Assertions.assertTrue(result.isEmpty());
 		}
+
+		@Test
+		public void testLegacyKeychainFiles() throws URISyntaxException, KeychainAccessException {
+			var keychainPath = Path.of(this.getClass().getResource("keychain.v1.2.2.json").toURI());
+			var result = keychainAccess.loadKeychainEntries(keychainPath);
+
+			Assertions.assertTrue(result.isPresent());
+			Assertions.assertEquals(3, result.get().size());
+		}
 	}
 
 }