cryptomator
diff --git a/‎.github/CONTRIBUTING.md
Lines changed: 1 addition & 1 deletion b/‎.github/CONTRIBUTING.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/SUPPORT.md
Lines changed: 1 addition & 1 deletion b/‎.github/SUPPORT.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎Gemfile.lock
Lines changed: 47 additions & 43 deletions b/‎Gemfile.lock
Lines changed: 47 additions & 43 deletions
diff --git a/‎buildsystem/dependencies.gradle
Lines changed: 17 additions & 9 deletions b/‎buildsystem/dependencies.gradle
Lines changed: 17 additions & 9 deletions
diff --git a/‎data/build.gradle
Lines changed: 2 additions & 0 deletions b/‎data/build.gradle
Lines changed: 2 additions & 0 deletions
diff --git a/‎data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Lines changed: 28 additions & 8 deletions b/‎data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Lines changed: 28 additions & 8 deletions
@@ -4,7 +4,7 @@
 
 - Ensure you're running the latest version of Cryptomator.
 - Ensure the bug is related to the Android version of Cryptomator. Bugs concerning the Cryptomator desktop application and iOS app can be reported on the [Cryptomator issues list](https://github.com/cryptomator/cryptomator/issues) and [Cryptomator for iOS issues list](https://github.com/cryptomator/cryptomator-ios/issues) respectively.
-- Ensure the bug was not [already reported](https://github.com/cryptomator/android/issues). You can also check out our [FAQ](https://community.cryptomator.org/c/faq).
+- Ensure the bug was not [already reported](https://github.com/cryptomator/android/issues). You can also check out our [FAQ](https://community.cryptomator.org/c/kb/faq).
 - If you're unable to find an open issue addressing the problem, [submit a new one](https://github.com/cryptomator/android/issues/new).
 
 ## Code of Conduct
 
@@ -14,5 +14,5 @@ For _everything else_, please visit our official [Cryptomator Community](https:/
   - Discussions about the apps
 - [Development discussions](https://community.cryptomator.org/c/development)
   - General questions
-  - Discussions regarding our design decissions
+  - Discussions regarding our design decisions
   - Our roadmap
@@ -5,27 +5,27 @@ GEM
       base64
       nkf
       rexml
-    addressable (2.8.6)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     apktools (0.7.5)
       rubyzip (~> 2.0)
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.3.0)
-    aws-partitions (1.933.0)
-    aws-sdk-core (3.196.1)
+    aws-partitions (1.1027.0)
+    aws-sdk-core (3.214.0)
       aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.82.0)
-      aws-sdk-core (~> 3, >= 3.193.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.151.0)
-      aws-sdk-core (~> 3, >= 3.194.0)
+    aws-sdk-kms (1.96.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.176.1)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.8)
-    aws-sigv4 (1.8.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.2.0)
@@ -42,8 +42,8 @@ GEM
     dotenv (2.8.1)
     ed25519 (1.3.0)
     emoji_regex (3.2.3)
-    excon (0.110.0)
-    faraday (1.10.3)
+    excon (0.112.0)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -62,17 +62,17 @@ GEM
     faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
-    faraday-net_http (1.0.1)
+    faraday-multipart (1.1.0)
+      multipart-post (~> 2.0)
+    faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    faraday_middleware (1.2.0)
+    faraday_middleware (1.2.1)
       faraday (~> 1.0)
     fastimage (2.3.1)
-    fastlane (2.220.0)
+    fastlane (2.226.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -88,6 +88,7 @@ GEM
       faraday-cookie_jar (~> 0.0.6)
       faraday_middleware (~> 1.0)
       fastimage (>= 2.1.0, < 3.0.0)
+      fastlane-sirp (>= 1.0.0)
       gh_inspector (>= 1.1.2, < 2.0.0)
       google-apis-androidpublisher_v3 (~> 0.3)
       google-apis-playcustomapp_v1 (~> 0.1)
@@ -111,13 +112,15 @@ GEM
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.3.0)
+      xcpretty (~> 0.4.0)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
     fastlane-plugin-aws_s3 (2.1.0)
       apktools (~> 0.7)
       aws-sdk-s3 (~> 1)
       mime-types (~> 3.3)
     fastlane-plugin-get_version_name (0.2.2)
+    fastlane-sirp (1.0.0)
+      sysrandom (~> 1.0)
     gh_inspector (1.1.3)
     google-apis-androidpublisher_v3 (0.54.0)
       google-apis-core (>= 0.11.0, < 2.a)
@@ -135,7 +138,7 @@ GEM
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-storage_v1 (0.31.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.7.0)
+    google-cloud-core (1.7.1)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
@@ -156,39 +159,40 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.5)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
     httpclient (2.8.3)
     jmespath (1.6.2)
-    json (2.7.2)
-    jwt (2.8.1)
+    json (2.9.1)
+    jwt (2.9.3)
       base64
-    mime-types (3.5.2)
+    logger (1.6.4)
+    mime-types (3.6.0)
+      logger
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.0507)
-    mini_magick (4.12.0)
+    mime-types-data (3.2024.1203)
+    mini_magick (4.13.2)
     mini_mime (1.1.5)
     multi_json (1.15.0)
     multipart-post (2.4.1)
-    nanaimo (0.3.0)
+    nanaimo (0.4.0)
     naturally (2.2.1)
     net-sftp (4.0.0)
       net-ssh (>= 5.0.0, < 8.0.0)
-    net-ssh (7.2.3)
+    net-ssh (7.3.0)
     nkf (0.2.0)
-    optparse (0.5.0)
+    optparse (0.6.0)
     os (1.1.4)
     plist (3.7.1)
-    public_suffix (5.0.5)
+    public_suffix (6.0.1)
     rake (13.2.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
-    rouge (2.0.7)
+    rexml (3.4.0)
+    rouge (3.28.0)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     security (0.1.5)
@@ -200,7 +204,7 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
-    strscan (3.1.0)
+    sysrandom (1.0.5)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
@@ -210,17 +214,17 @@ GEM
     tty-spinner (0.9.3)
       tty-cursor (~> 0.7)
     uber (0.1.0)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.6.0)
     word_wrap (1.0.0)
-    xcodeproj (1.24.0)
+    xcodeproj (1.27.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
-      rexml (~> 3.2.4)
-    xcpretty (0.3.0)
-      rouge (~> 2.0.7)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
+    xcpretty (0.4.0)
+      rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
 
@@ -236,4 +240,4 @@ DEPENDENCIES
   net-sftp
 
 BUNDLED WITH
-   2.2.5
+   2.6.0
@@ -60,14 +60,18 @@ ext {
 	rxAndroidVersion = '2.1.1'
 	rxBindingVersion = '2.2.0'
 
-	daggerVersion = '2.51.1'
+	daggerVersion = '2.54'
 
 	gsonVersion = '2.11.0'
 
+	joseJwtVersion = '9.48'
+
+	appauthVersion = '0.11.1'
+
 	okHttpVersion = '4.12.0'
-	okHttpDigestVersion = '3.1.0'
+	okHttpDigestVersion = '3.1.1'
 
-	velocityVersion = '2.3'
+	velocityVersion = '2.4.1'
 
 	timberVersion = '5.0.1'
 
@@ -81,7 +85,7 @@ ext {
 	greenDaoVersion = '3.3.0'
 
 	// cloud provider libs
-	cryptolibVersion = '2.1.2'
+	cryptolibVersion = '2.2.0'
 
 	dropboxVersion = '7.0.0'
 
@@ -93,20 +97,21 @@ ext {
 	msgraphVersion = '5.47.0'
 	msgraphAuthVersion = '4.0.5' // contains com.microsoft.identity:common lib which added opentelemetry in 9.0.0, do we need to fork another lib before updating to >=4.2.0 ???
 
-	minIoVersion = '8.5.10'
+	minIoVersion = '8.5.14'
 	pcloudVersion = '1.9.2-dev.0001'
 	staxVersion = '1.2.0' // needed for minIO
-	commonsCodecVersion = '1.17.0'
+	commonsCodecVersion = '1.17.1'
 
 	recyclerViewFastScrollVersion = '2.0.1'
 
 	// testing dependencies
 
-	jUnitVersion = '5.10.2'
+	jUnitVersion = '5.11.4'
 	assertJVersion = '1.7.1'
-	mockitoVersion = '5.12.0'
-	mockitoKotlinVersion = '5.3.1'
+	mockitoVersion = '5.14.2'
+	mockitoKotlinVersion = '5.4.0'
 	mockitoInlineVersion = '5.2.0'
+	mockitoAndroidVersion = '5.14.2'
 	hamcrestVersion = '1.3'
 	dexmakerVersion = '1.0'
 	espressoVersion = '3.4.0'
@@ -140,6 +145,7 @@ ext {
 			androidxViewpager              : "androidx.viewpager:viewpager:${androidxViewpagerVersion}",
 			androidxSwiperefresh           : "androidx.swiperefreshlayout:swiperefreshlayout:${androidxSwiperefreshVersion}",
 			androidxPreference             : "androidx.preference:preference:${androidxPreferenceVersion}",
+			appauth                        : "net.openid:appauth:${appauthVersion}",
 			documentFile                   : "androidx.documentfile:documentfile:${androidxDocumentfileVersion}",
 			recyclerView                   : "androidx.recyclerview:recyclerview:${androidxRecyclerViewVersion}",
 			androidxSplashscreen           : "androidx.core:core-splashscreen:${androidxSplashscreenVersion}",
@@ -163,6 +169,7 @@ ext {
 			gson                           : "com.google.code.gson:gson:${gsonVersion}",
 			hamcrest                       : "org.hamcrest:hamcrest-all:${hamcrestVersion}",
 			javaxAnnotation                : "javax.annotation:jsr250-api:${javaxAnnotationVersion}",
+			joseJwt                        : "com.nimbusds:nimbus-jose-jwt:${joseJwtVersion}",
 			junit                          : "org.junit.jupiter:junit-jupiter:${jUnitVersion}",
 			junitApi                       : "org.junit.jupiter:junit-jupiter-api:${jUnitVersion}",
 			junitEngine                    : "org.junit.jupiter:junit-jupiter-engine:${jUnitVersion}",
@@ -172,6 +179,7 @@ ext {
 			mockito                        : "org.mockito:mockito-core:${mockitoVersion}",
 			mockitoInline                  : "org.mockito:mockito-inline:${mockitoInlineVersion}",
 			mockitoKotlin                  : "org.mockito.kotlin:mockito-kotlin:${mockitoKotlinVersion}",
+			mockitoAndroid                 : "org.mockito:mockito-android:${mockitoAndroidVersion}",
 			msgraph                        : "com.microsoft.graph:microsoft-graph:${msgraphVersion}",
 			msgraphAuth                    : "com.microsoft.identity.client:msal:${msgraphAuthVersion}",
 			multidex                       : "androidx.multidex:multidex:${multidexVersion}",
 
@@ -196,6 +196,8 @@ dependencies {
 	compileOnly dependencies.javaxAnnotation
 	implementation dependencies.gson
 
+	implementation dependencies.joseJwt
+
 	implementation dependencies.commonsCodec
 
 	implementation dependencies.documentFile
 
@@ -9,19 +9,20 @@
 import org.cryptomator.domain.UnverifiedVaultConfig;
 import org.cryptomator.domain.Vault;
 import org.cryptomator.domain.exception.BackendException;
+import org.cryptomator.domain.exception.FatalBackendException;
 import org.cryptomator.domain.repository.CloudContentRepository;
 import org.cryptomator.domain.usecases.ProgressAware;
 import org.cryptomator.domain.usecases.cloud.Flag;
 import org.cryptomator.domain.usecases.vault.UnlockToken;
 
 import java.io.ByteArrayOutputStream;
 import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
 
-import static org.cryptomator.data.cloud.crypto.CryptoConstants.MASTERKEY_SCHEME;
 import static org.cryptomator.data.cloud.crypto.CryptoConstants.VAULT_FILE_NAME;
 import static org.cryptomator.domain.Vault.aCopyOf;
 
@@ -30,7 +31,6 @@ public class CryptoCloudFactory {
 
 	private final CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository;
 	private final CryptoCloudContentRepositoryFactory cryptoCloudContentRepositoryFactory;
-	private final SecureRandom secureRandom = new SecureRandom();
 
 	@Inject
 	public CryptoCloudFactory(CloudContentRepository/*<Cloud, CloudNode, CloudFolder, CloudFile>*/ cloudContentRepository, //
@@ -40,7 +40,7 @@ public CryptoCloudFactory(CloudContentRepository/*<Cloud, CloudNode, CloudFolder
 	}
 
 	public void create(CloudFolder location, CharSequence password) throws BackendException {
-		cryptoCloudProvider(Optional.absent()).create(location, password);
+		masterkeyCryptoCloudProvider().create(location, password);
 	}
 
 	public Cloud decryptedViewOf(Vault vault) throws BackendException {
@@ -68,6 +68,10 @@ public Vault unlock(UnlockToken token, Optional<UnverifiedVaultConfig> unverifie
 		return cryptoCloudProvider(unverifiedVaultConfig).unlock(token, unverifiedVaultConfig, password, cancelledFlag);
 	}
 
+	public Vault unlock(Vault vault, UnverifiedVaultConfig unverifiedVaultConfig, String vaultKeyJwe, String userKeyJwe, Flag cancelledFlag) throws BackendException {
+		return cryptoCloudProvider(unverifiedVaultConfig).unlock(vault, unverifiedVaultConfig, vaultKeyJwe, userKeyJwe, cancelledFlag);
+	}
+
 	public UnlockToken createUnlockToken(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig) throws BackendException {
 		return cryptoCloudProvider(unverifiedVaultConfig).createUnlockToken(vault, unverifiedVaultConfig);
 	}
@@ -84,14 +88,30 @@ public void changePassword(Vault vault, Optional<UnverifiedVaultConfig> unverifi
 		cryptoCloudProvider(unverifiedVaultConfig).changePassword(vault, unverifiedVaultConfig, oldPassword, newPassword);
 	}
 
+	private CryptoCloudProvider masterkeyCryptoCloudProvider() {
+		return cryptoCloudProvider(Optional.absent());
+	}
+
+	private CryptoCloudProvider cryptoCloudProvider(UnverifiedVaultConfig unverifiedVaultConfigOptional) {
+		return cryptoCloudProvider(Optional.of(unverifiedVaultConfigOptional));
+	}
+
 	private CryptoCloudProvider cryptoCloudProvider(Optional<UnverifiedVaultConfig> unverifiedVaultConfigOptional) {
 		if (unverifiedVaultConfigOptional.isPresent()) {
-			if (MASTERKEY_SCHEME.equals(unverifiedVaultConfigOptional.get().getKeyId().getScheme())) {
-				return new MasterkeyCryptoCloudProvider(cloudContentRepository, cryptoCloudContentRepositoryFactory, secureRandom);
-			}
-			throw new IllegalStateException(String.format("Provider with scheme %s not supported", unverifiedVaultConfigOptional.get().getKeyId().getScheme()));
+			return switch (unverifiedVaultConfigOptional.get().keyLoadingStrategy()) {
+				case MASTERKEY -> new MasterkeyCryptoCloudProvider(cloudContentRepository, cryptoCloudContentRepositoryFactory, secureRandom());
+				case HUB -> new HubkeyCryptoCloudProvider(cryptoCloudContentRepositoryFactory, secureRandom());
+			};
 		} else {
-			return new MasterkeyCryptoCloudProvider(cloudContentRepository, cryptoCloudContentRepositoryFactory, secureRandom);
+			return new MasterkeyCryptoCloudProvider(cloudContentRepository, cryptoCloudContentRepositoryFactory, secureRandom());
+		}
+	}
+
+	private SecureRandom secureRandom() {
+		try {
+			return SecureRandom.getInstanceStrong();
+		} catch (NoSuchAlgorithmException e) {
+			throw new FatalBackendException("A strong algorithm must exist in every Java platform.", e);
 		}
 	}
 }