Merge branch 'release/2.2.1'

Author: overheadhunter

.github/workflows/build.yml

@@ -1,6 +1,8 @@
 name: Build
 on:
-  [push]
+  push:
+  pull_request_target:
+    types: [labeled]
 jobs:
   build:
     name: Build and Test
@@ -11,7 +13,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-java@v4
         with:
-          java-version: 22
+          java-version: 23
           distribution: 'temurin'
           cache: 'maven'
       - name: Cache SonarCloud packages
@@ -46,4 +48,4 @@ jobs:
         with:
           prerelease: true
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
-          generate_release_notes: true
+          generate_release_notes: true

.github/workflows/codeql-analysis.yml

@@ -19,7 +19,7 @@ jobs:
         fetch-depth: 2
     - uses: actions/setup-java@v4
       with:
-        java-version: 22
+        java-version: 23
         distribution: 'temurin'
         cache: 'maven'
     - name: Initialize CodeQL

.github/workflows/dependency-check.yml

@@ -14,7 +14,7 @@ jobs:
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
-      java-version: 22
+      java-version: 23
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
       slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/publish-central.yml

@@ -1,34 +1,29 @@
 name: Publish to Maven Central
 on:
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Tag'
-        required: true
-        default: '0.0.0'
+  release:
+    types: [published]
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-        with:
-          ref: "refs/tags/${{ github.event.inputs.tag }}"
       - uses: actions/setup-java@v4
         with:
-          java-version: 22
+          java-version: 23
           distribution: 'temurin'
           cache: 'maven'
-          server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
-          server-username: MAVEN_USERNAME # env variable for username in deploy
-          server-password: MAVEN_PASSWORD # env variable for token in deploy
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-      - name: Enforce project version ${{ github.event.inputs.tag }}
-        run: mvn versions:set -B -DnewVersion=$GIT_TAG
+          server-id: central
+          server-username: MAVEN_CENTRAL_USERNAME
+          server-password: MAVEN_CENTRAL_PASSWORD
+      - name: Enforce project version ${{ github.event.release.tag_name }}
+        run: mvn versions:set -B -DnewVersion="$GIT_TAG"
+        env:
+          GIT_TAG: ${{ github.event.release.tag_name }}
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
         env:
-          GIT_TAG: ${{ github.event.inputs.tag }}
-          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}

.github/workflows/publish-github.yml

@@ -10,27 +10,15 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-java@v4
         with:
-          java-version: 22
+          java-version: 23
           distribution: 'temurin'
           cache: 'maven'
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
-      - name: Slack Notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_USERNAME: 'Cryptobot'
-          SLACK_ICON:
-          SLACK_ICON_EMOJI: ':bot:'
-          SLACK_CHANNEL: 'cryptomator-desktop'
-          SLACK_TITLE: "Published ${{ github.event.repository.name }} ${{ github.event.release.tag_name }}"
-          SLACK_MESSAGE: "Ready to <https://github.com/${{ github.repository }}/actions/workflows/publish-central.yml|deploy to Maven Central>."
-          SLACK_FOOTER:
-          MSG_MINIMAL: true
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}

.idea/misc.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptolib</artifactId>
-	<version>2.2.0</version>
+	<version>2.2.1</version>
 	<name>Cryptomator Crypto Library</name>
 	<description>This library contains all cryptographic functions that are used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptolib</url>
@@ -18,22 +18,22 @@
 		<maven.compiler.release>8</maven.compiler.release>
 
 		<!-- dependencies -->
-		<gson.version>2.10.1</gson.version>
-		<guava.version>33.1.0-jre</guava.version>
-		<siv-mode.version>1.5.2</siv-mode.version>
-		<bouncycastle.version>1.78.1</bouncycastle.version>
-		<slf4j.version>2.0.13</slf4j.version>
+		<gson.version>2.12.1</gson.version>
+		<guava.version>33.4.0-jre</guava.version>
+		<siv-mode.version>1.6.1</siv-mode.version>
+		<bouncycastle.version>1.80</bouncycastle.version>
+		<slf4j.version>2.0.17</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.10.2</junit.jupiter.version>
-		<mockito.version>5.11.0</mockito.version>
-		<hamcrest.version>2.2</hamcrest.version>
+		<junit.jupiter.version>5.12.0</junit.jupiter.version>
+		<mockito.version>5.15.2</mockito.version>
+		<hamcrest.version>3.0</hamcrest.version>
 		<jmh.version>1.37</jmh.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>9.1.0</dependency-check.version>
+		<dependency-check.version>12.1.0</dependency-check.version>
 		<jacoco.version>0.8.12</jacoco.version>
-		<nexus-staging.version>1.6.13</nexus-staging.version>
+		<central-publishing.version>0.7.0</central-publishing.version>
 	</properties>
 
 	<licenses>
@@ -131,7 +131,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-enforcer-plugin</artifactId>
-				<version>3.4.1</version>
+				<version>3.5.0</version>
 				<executions>
 					<execution>
 						<id>enforce-java</id>
@@ -151,7 +151,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.13.0</version>
+				<version>3.14.0</version>
 				<configuration>
 					<encoding>UTF-8</encoding>
 					<showWarnings>true</showWarnings>
@@ -189,7 +189,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-shade-plugin</artifactId>
-				<version>3.5.3</version>
+				<version>3.6.0</version>
 				<executions>
 					<execution>
 						<phase>package</phase>
@@ -227,7 +227,7 @@
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>exec-maven-plugin</artifactId>
-				<version>3.2.0</version>
+				<version>3.5.0</version>
 				<executions>
 					<execution>
 						<phase>package</phase>
@@ -251,12 +251,12 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.2.5</version>
+				<version>3.5.2</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.4.1</version>
+				<version>3.4.2</version>
 				<configuration>
 					<archive>
 						<manifestEntries>
@@ -280,7 +280,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.6.3</version>
+				<version>3.11.2</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -385,7 +385,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.2.4</version>
+						<version>3.2.7</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -394,10 +394,7 @@
 									<goal>sign</goal>
 								</goals>
 								<configuration>
-									<gpgArguments>
-										<arg>--pinentry-mode</arg>
-										<arg>loopback</arg>
-									</gpgArguments>
+									<signer>bc</signer>
 								</configuration>
 							</execution>
 						</executions>
@@ -408,24 +405,16 @@
 
 		<profile>
 			<id>deploy-central</id>
-			<distributionManagement>
-				<repository>
-					<id>ossrh</id>
-					<name>Maven Central</name>
-					<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-				</repository>
-			</distributionManagement>
 			<build>
 				<plugins>
 					<plugin>
-						<groupId>org.sonatype.plugins</groupId>
-						<artifactId>nexus-staging-maven-plugin</artifactId>
-						<version>${nexus-staging.version}</version>
+						<groupId>org.sonatype.central</groupId>
+ 						<artifactId>central-publishing-maven-plugin</artifactId>
+ 						<version>${central-publishing.version}</version>
 						<extensions>true</extensions>
 						<configuration>
-							<serverId>ossrh</serverId>
-							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
-							<autoReleaseAfterClose>true</autoReleaseAfterClose>
+							<publishingServerId>central</publishingServerId>
+  							<autoPublish>true</autoPublish>
 						</configuration>
 					</plugin>
 				</plugins>

pom.xml

@@ -1,11 +1,3 @@
-/*******************************************************************************
- * Copyright (c) 2016 Sebastian Stenzel and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the accompanying LICENSE.txt.
- *
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- *******************************************************************************/
 package org.cryptomator.cryptolib.api;
 
 import java.nio.ByteBuffer;
@@ -32,17 +24,17 @@ public interface FileContentCryptor {
 	/**
 	 * Encrypts a single chunk of cleartext.
 	 * 
-	 * @param cleartextChunk Content to be encrypted
+	 * @param cleartextChunk Content to be encrypted (starting at the buffer's current position, ending at the buffer's limit)
 	 * @param chunkNumber Number of the chunk to be encrypted
 	 * @param header Header of the file, this chunk belongs to
-	 * @return Encrypted content.
+	 * @return Encrypted content. Position is set to <code>0</code> and limit to the end of the chunk.
 	 */
 	ByteBuffer encryptChunk(ByteBuffer cleartextChunk, long chunkNumber, FileHeader header);
 
 	/**
 	 * Encrypts a single chunk of cleartext.
 	 *
-	 * @param cleartextChunk Content to be encrypted
+	 * @param cleartextChunk Content to be encrypted (starting at the buffer's current position, ending at the buffer's limit)
 	 * @param ciphertextChunk Encrypted content buffer (with at least {@link #ciphertextChunkSize()} remaining bytes)
 	 * @param chunkNumber Number of the chunk to be encrypted
 	 * @param header Header of the file, this chunk belongs to
@@ -52,7 +44,7 @@ public interface FileContentCryptor {
 	/**
 	 * Decrypts a single chunk of ciphertext.
 	 * 
-	 * @param ciphertextChunk Content to be decrypted
+	 * @param ciphertextChunk Content to be decrypted (starting at the buffer's current position, ending at the buffer's limit)
 	 * @param chunkNumber Number of the chunk to be decrypted
 	 * @param header Header of the file, this chunk belongs to
 	 * @param authenticate Skip authentication by setting this flag to <code>false</code>. Should always be <code>true</code> by default.
@@ -65,7 +57,7 @@ public interface FileContentCryptor {
 	/**
 	 * Decrypts a single chunk of ciphertext.
 	 *
-	 * @param ciphertextChunk Content to be decrypted
+	 * @param ciphertextChunk Content to be decrypted (starting at the buffer's current position, ending at the buffer's limit)
 	 * @param cleartextChunk Buffer for decrypted chunk (with at least {@link #cleartextChunkSize()} remaining bytes)
 	 * @param chunkNumber Number of the chunk to be decrypted
 	 * @param header Header of the file, this chunk belongs to

src/main/java/org/cryptomator/cryptolib/api/FileContentCryptor.java

@@ -1,11 +1,3 @@
-/*******************************************************************************
- * Copyright (c) 2016 Sebastian Stenzel and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the accompanying LICENSE.txt.
- *
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- *******************************************************************************/
 package org.cryptomator.cryptolib.common;
 
 import org.cryptomator.cryptolib.api.Cryptor;
@@ -66,10 +58,8 @@ private void writeHeaderOnFirstWrite() throws IOException {
 
 	private void encryptAndFlushBuffer() throws IOException {
 		cleartextBuffer.flip();
-		if (cleartextBuffer.hasRemaining()) {
-			ByteBuffer ciphertextBuffer = cryptor.fileContentCryptor().encryptChunk(cleartextBuffer, chunkNumber++, header);
-			delegate.write(ciphertextBuffer);
-		}
+		ByteBuffer ciphertextBuffer = cryptor.fileContentCryptor().encryptChunk(cleartextBuffer, chunkNumber++, header);
+		delegate.write(ciphertextBuffer);
 		cleartextBuffer.clear();
 	}