started new unlock workflow using user-specific private key

src/main/java/org/cryptomator/ui/keyloading/hub/AuthFlowController.java

@@ -35,13 +35,13 @@ public class AuthFlowController implements FxController {
 	private final String deviceId;
 	private final HubConfig hubConfig;
 	private final AtomicReference<String> tokenRef;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 	private final Lazy<Scene> receiveKeyScene;
 	private final ObjectProperty<URI> authUri;
 	private AuthFlowTask task;
 
 	@Inject
-	public AuthFlowController(Application application, @KeyLoading Stage window, ExecutorService executor, @Named("deviceId") String deviceId, HubConfig hubConfig, @Named("bearerToken") AtomicReference<String> tokenRef, CompletableFuture<JWEObject> result, @FxmlScene(FxmlFile.HUB_RECEIVE_KEY) Lazy<Scene> receiveKeyScene) {
+	public AuthFlowController(Application application, @KeyLoading Stage window, ExecutorService executor, @Named("deviceId") String deviceId, HubConfig hubConfig, @Named("bearerToken") AtomicReference<String> tokenRef, CompletableFuture<ReceivedKey> result, @FxmlScene(FxmlFile.HUB_RECEIVE_KEY) Lazy<Scene> receiveKeyScene) {
 		this.application = application;
 		this.window = window;
 		this.executor = executor;

src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingModule.java

@@ -69,7 +69,7 @@ public abstract class HubKeyLoadingModule {
 
 	@Provides
 	@KeyLoadingScoped
-	static CompletableFuture<JWEObject> provideResult() {
+	static CompletableFuture<ReceivedKey> provideResult() {
 		return new CompletableFuture<>();
 	}
 

src/main/java/org/cryptomator/ui/keyloading/hub/HubKeyLoadingStrategy.java

@@ -36,11 +36,11 @@ public class HubKeyLoadingStrategy implements KeyLoadingStrategy {
 	private final KeychainManager keychainManager;
 	private final Lazy<Scene> authFlowScene;
 	private final Lazy<Scene> noKeychainScene;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 	private final DeviceKey deviceKey;
 
 	@Inject
-	public HubKeyLoadingStrategy(@KeyLoading Stage window, @FxmlScene(FxmlFile.HUB_AUTH_FLOW) Lazy<Scene> authFlowScene, @FxmlScene(FxmlFile.HUB_NO_KEYCHAIN) Lazy<Scene> noKeychainScene, CompletableFuture<JWEObject> result, DeviceKey deviceKey, KeychainManager keychainManager, @Named("windowTitle") String windowTitle) {
+	public HubKeyLoadingStrategy(@KeyLoading Stage window, @FxmlScene(FxmlFile.HUB_AUTH_FLOW) Lazy<Scene> authFlowScene, @FxmlScene(FxmlFile.HUB_NO_KEYCHAIN) Lazy<Scene> noKeychainScene, CompletableFuture<ReceivedKey> result, DeviceKey deviceKey, KeychainManager keychainManager, @Named("windowTitle") String windowTitle) {
 		this.window = window;
 		this.keychainManager = keychainManager;
 		window.setTitle(windowTitle);
@@ -60,7 +60,7 @@ public class HubKeyLoadingStrategy implements KeyLoadingStrategy {
 			var keypair = deviceKey.get();
 			showWindow(authFlowScene);
 			var jwe = result.get();
-			return JWEHelper.decrypt(jwe, keypair.getPrivate());
+			return jwe.decryptMasterkey(keypair.getPrivate());
 		} catch (NoKeychainAccessProviderException e) {
 			showWindow(noKeychainScene);
 			throw new UnlockCancelledException("Unlock canceled due to missing prerequisites", e);

src/main/java/org/cryptomator/ui/keyloading/hub/JWEHelper.java

@@ -10,27 +10,55 @@ import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
 import java.security.interfaces.ECPrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Arrays;
+import java.util.function.Function;
 
 class JWEHelper {
 
 	private static final Logger LOG = LoggerFactory.getLogger(JWEHelper.class);
-	private static final String JWE_PAYLOAD_MASTERKEY_FIELD = "key";
+	private static final String JWE_PAYLOAD_KEY_FIELD = "key";
+	private static final String EC_ALG = "EC";
 
 	private JWEHelper(){}
 
-	public static Masterkey decrypt(JWEObject jwe, ECPrivateKey privateKey) throws MasterkeyLoadingFailedException {
+	public static ECPrivateKey decryptUserKey(JWEObject jwe, ECPrivateKey deviceKey) {
+		try {
+			jwe.decrypt(new ECDHDecrypter(deviceKey));
+			var keySpec = readKey(jwe, JWE_PAYLOAD_KEY_FIELD, PKCS8EncodedKeySpec::new);
+			var factory = KeyFactory.getInstance(EC_ALG);
+			var privateKey = factory.generatePrivate(keySpec);
+			if (privateKey instanceof ECPrivateKey ecPrivateKey) {
+				return ecPrivateKey;
+			} else {
+				throw new IllegalStateException(EC_ALG + " key factory not generating ECPrivateKeys");
+			}
+		} catch (JOSEException e) {
+			LOG.warn("Failed to decrypt JWE: {}", jwe);
+			throw new MasterkeyLoadingFailedException("Failed to decrypt JWE", e);
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException(EC_ALG + " not supported");
+		} catch (InvalidKeySpecException e) {
+			LOG.warn("Unexpected JWE payload: {}", jwe.getPayload());
+			throw new MasterkeyLoadingFailedException("Unexpected JWE payload", e);
+		}
+	}
+
+	public static Masterkey decryptVaultKey(JWEObject jwe, ECPrivateKey privateKey) throws MasterkeyLoadingFailedException {
 		try {
 			jwe.decrypt(new ECDHDecrypter(privateKey));
-			return readKey(jwe);
+			return readKey(jwe, JWE_PAYLOAD_KEY_FIELD, Masterkey::new);
 		} catch (JOSEException e) {
 			LOG.warn("Failed to decrypt JWE: {}", jwe);
 			throw new MasterkeyLoadingFailedException("Failed to decrypt JWE", e);
 		}
 	}
 
-	private static Masterkey readKey(JWEObject jwe) throws MasterkeyLoadingFailedException {
+	private static <T> T readKey(JWEObject jwe, String keyField, Function<byte[], T> rawKeyFactory) throws MasterkeyLoadingFailedException {
 		Preconditions.checkArgument(jwe.getState() == JWEObject.State.DECRYPTED);
 		var fields = jwe.getPayload().toJSONObject();
 		if (fields == null) {
@@ -39,11 +67,11 @@ class JWEHelper {
 		}
 		var keyBytes = new byte[0];
 		try {
-			if (fields.get(JWE_PAYLOAD_MASTERKEY_FIELD) instanceof String key) {
+			if (fields.get(keyField) instanceof String key) {
 				keyBytes = BaseEncoding.base64().decode(key);
-				return new Masterkey(keyBytes);
+				return rawKeyFactory.apply(keyBytes);
 			} else {
-				throw new IllegalArgumentException("JWE payload doesn't contain field " + JWE_PAYLOAD_MASTERKEY_FIELD);
+				throw new IllegalArgumentException("JWE payload doesn't contain field " + keyField);
 			}
 		} catch (IllegalArgumentException e) {
 			LOG.error("Unexpected JWE payload: {}", jwe.getPayload());

src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java

@@ -8,6 +8,8 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.keyloading.KeyLoading;
 import org.cryptomator.ui.keyloading.KeyLoadingScoped;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -17,13 +19,13 @@ import javafx.scene.Scene;
 import javafx.stage.Stage;
 import javafx.stage.WindowEvent;
 import java.io.IOException;
-import java.io.InputStream;
 import java.io.UncheckedIOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
+import java.nio.charset.StandardCharsets;
 import java.text.ParseException;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
@@ -33,12 +35,14 @@ import java.util.concurrent.atomic.AtomicReference;
 @KeyLoadingScoped
 public class ReceiveKeyController implements FxController {
 
+	private static final Logger LOG = LoggerFactory.getLogger(ReceiveKeyController.class);
 	private static final String SCHEME_PREFIX = "hub+";
 
 	private final Stage window;
+	private final HubConfig hubConfig;
 	private final String deviceId;
 	private final String bearerToken;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 	private final Lazy<Scene> registerDeviceScene;
 	private final Lazy<Scene> unauthorizedScene;
 	private final URI vaultBaseUri;
@@ -46,8 +50,9 @@ public class ReceiveKeyController implements FxController {
 	private final HttpClient httpClient;
 
 	@Inject
-	public ReceiveKeyController(@KeyLoading Vault vault, ExecutorService executor, @KeyLoading Stage window, @Named("deviceId") String deviceId, @Named("bearerToken") AtomicReference<String> tokenRef, CompletableFuture<JWEObject> result, @FxmlScene(FxmlFile.HUB_REGISTER_DEVICE) Lazy<Scene> registerDeviceScene, @FxmlScene(FxmlFile.HUB_UNAUTHORIZED_DEVICE) Lazy<Scene> unauthorizedScene, @FxmlScene(FxmlFile.HUB_INVALID_LICENSE) Lazy<Scene> invalidLicenseScene) {
+	public ReceiveKeyController(@KeyLoading Vault vault, ExecutorService executor, @KeyLoading Stage window, HubConfig hubConfig, @Named("deviceId") String deviceId, @Named("bearerToken") AtomicReference<String> tokenRef, CompletableFuture<ReceivedKey> result, @FxmlScene(FxmlFile.HUB_REGISTER_DEVICE) Lazy<Scene> registerDeviceScene, @FxmlScene(FxmlFile.HUB_UNAUTHORIZED_DEVICE) Lazy<Scene> unauthorizedScene, @FxmlScene(FxmlFile.HUB_INVALID_LICENSE) Lazy<Scene> invalidLicenseScene) {
 		this.window = window;
+		this.hubConfig = hubConfig;
 		this.deviceId = deviceId;
 		this.bearerToken = Objects.requireNonNull(tokenRef.get());
 		this.result = result;
@@ -61,20 +66,109 @@ public class ReceiveKeyController implements FxController {
 
 	@FXML
 	public void initialize() {
-		var keyUri = appendPath(vaultBaseUri, "/keys/" + deviceId);
-		var request = HttpRequest.newBuilder(keyUri) //
+		requestUserToken();
+	}
+
+	/**
+	 * STEP 1 (Request): GET user token for this vault
+	 */
+	private void requestUserToken() {
+		var userTokenUri = appendPath(vaultBaseUri, "/user-tokens/me");
+		var request = HttpRequest.newBuilder(userTokenUri) //
+				.header("Authorization", "Bearer " + bearerToken) //
+				.GET() //
+				.build();
+		httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.US_ASCII)) //
+				.thenAcceptAsync(this::receivedUserTokenResponse, Platform::runLater) //
+				.exceptionally(this::retrievalFailed);
+	}
+
+	/**
+	 * STEP 1 (Response)
+	 *
+	 * @param response Response
+	 */
+	private void receivedUserTokenResponse(HttpResponse<String> response) {
+		LOG.debug("GET {} -> Status Code {}", response.request().uri(), response.statusCode());
+		try {
+			switch (response.statusCode()) {
+				case 200 -> requestDeviceToken(response.body());
+				case 402 -> licenseExceeded();
+				case 403 -> accessNotGranted();
+				case 404 -> requestLegacyAccessToken();
+				default -> throw new IOException("Unexpected response " + response.statusCode());
+			}
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
+	/**
+	 * STEP 2 (Request): GET device token for this user
+	 */
+	private void requestDeviceToken(String userToken) {
+		var deviceTokenUri = appendPath(URI.create(hubConfig.devicesResourceUrl), "/%s/device-token".formatted(deviceId));
+		var request = HttpRequest.newBuilder(deviceTokenUri) //
+				.header("Authorization", "Bearer " + bearerToken) //
+				.GET() //
+				.build();
+		httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.US_ASCII)) //
+				.thenAcceptAsync(response -> receivedDeviceTokenResponse(userToken, response), Platform::runLater) //
+				.exceptionally(this::retrievalFailed);
+	}
+
+	/**
+	 * STEP 2 (Response)
+	 *
+	 * @param response Response
+	 */
+	private void receivedDeviceTokenResponse(String userToken, HttpResponse<String> response) {
+		LOG.debug("GET {} -> Status Code {}", response.request().uri(), response.statusCode());
+		try {
+			switch (response.statusCode()) {
+				case 200 -> receivedDeviceTokenSuccess(userToken, response.body());
+				case 403, 404 -> needsDeviceRegistration();
+				default -> throw new IOException("Unexpected response " + response.statusCode());
+			}
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
+	private void receivedDeviceTokenSuccess(String rawUserToken, String rawDeviceToken) throws IOException {
+		try {
+			var userToken = JWEObject.parse(rawUserToken);
+			var deviceToken = JWEObject.parse(rawDeviceToken);
+			result.complete(ReceivedKey.userAndDeviceKey(userToken, deviceToken));
+			window.close();
+		} catch (ParseException e) {
+			throw new IOException("Failed to parse JWE", e);
+		}
+	}
+
+	/**
+	 * LEGACY FALLBACK (Request): GET the legacy access token from Hub 1.x
+	 */
+	private void requestLegacyAccessToken() {
+		var legacyAccessTokenUri = appendPath(vaultBaseUri, "/keys/%s".formatted(deviceId));
+		var request = HttpRequest.newBuilder(legacyAccessTokenUri) //
 				.header("Authorization", "Bearer " + bearerToken) //
 				.GET() //
 				.build();
-		httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofInputStream()) //
-				.thenAcceptAsync(this::loadedExistingKey, Platform::runLater) //
+		httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.US_ASCII)) //
+				.thenAcceptAsync(this::receivedLegacyAccessTokenResponse, Platform::runLater) //
 				.exceptionally(this::retrievalFailed);
 	}
 
-	private void loadedExistingKey(HttpResponse<InputStream> response) {
+	/**
+	 * LEGACY FALLBACK (Response)
+	 *
+	 * @param response Response
+	 */
+	private void receivedLegacyAccessTokenResponse(HttpResponse<String> response) {
 		try {
 			switch (response.statusCode()) {
-				case 200 -> retrievalSucceeded(response);
+				case 200 -> receivedLegacyAccessTokenSuccess(response.body());
 				case 402 -> licenseExceeded();
 				case 403 -> accessNotGranted();
 				case 404 -> needsDeviceRegistration();
@@ -85,10 +179,10 @@ public class ReceiveKeyController implements FxController {
 		}
 	}
 
-	private void retrievalSucceeded(HttpResponse<InputStream> response) throws IOException {
+	private void receivedLegacyAccessTokenSuccess(String rawToken) throws IOException {
 		try {
-			var string = HttpHelper.readBody(response);
-			result.complete(JWEObject.parse(string));
+			var token = JWEObject.parse(rawToken);
+			result.complete(ReceivedKey.legacyDeviceKey(token));
 			window.close();
 		} catch (ParseException e) {
 			throw new IOException("Failed to parse JWE", e);

src/main/java/org/cryptomator/ui/keyloading/hub/ReceivedKey.java

@@ -0,0 +1,24 @@
+package org.cryptomator.ui.keyloading.hub;
+
+import com.nimbusds.jose.JWEObject;
+import org.cryptomator.cryptolib.api.Masterkey;
+
+import java.security.interfaces.ECPrivateKey;
+
+@FunctionalInterface
+interface ReceivedKey {
+
+	Masterkey decryptMasterkey(ECPrivateKey deviceKey);
+
+	static ReceivedKey userAndDeviceKey(JWEObject userToken, JWEObject deviceToken) {
+		return deviceKey -> {
+			var userKey = JWEHelper.decryptUserKey(deviceToken, deviceKey);
+			return JWEHelper.decryptVaultKey(userToken, userKey);
+		};
+	}
+
+	static ReceivedKey legacyDeviceKey(JWEObject legacyAccessToken) {
+		return deviceKey -> JWEHelper.decryptVaultKey(legacyAccessToken, deviceKey);
+	}
+
+}

src/main/java/org/cryptomator/ui/keyloading/hub/RegisterDeviceController.java

@@ -36,6 +36,7 @@ import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.List;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
@@ -56,7 +57,7 @@ public class RegisterDeviceController implements FxController {
 	private final Lazy<Scene> registerFailedScene;
 	private final String deviceId;
 	private final P384KeyPair keyPair;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 	private final DecodedJWT jwt;
 	private final HttpClient httpClient;
 	private final BooleanProperty deviceNameAlreadyExists = new SimpleBooleanProperty(false);
@@ -65,7 +66,7 @@ public class RegisterDeviceController implements FxController {
 	public Button registerBtn;
 
 	@Inject
-	public RegisterDeviceController(@KeyLoading Stage window, ExecutorService executor, HubConfig hubConfig, @Named("deviceId") String deviceId, DeviceKey deviceKey, CompletableFuture<JWEObject> result, @Named("bearerToken") AtomicReference<String> bearerToken, @FxmlScene(FxmlFile.HUB_REGISTER_SUCCESS) Lazy<Scene> registerSuccessScene, @FxmlScene(FxmlFile.HUB_REGISTER_FAILED) Lazy<Scene> registerFailedScene) {
+	public RegisterDeviceController(@KeyLoading Stage window, ExecutorService executor, HubConfig hubConfig, @Named("deviceId") String deviceId, DeviceKey deviceKey, CompletableFuture<ReceivedKey> result, @Named("bearerToken") AtomicReference<String> bearerToken, @FxmlScene(FxmlFile.HUB_REGISTER_SUCCESS) Lazy<Scene> registerSuccessScene, @FxmlScene(FxmlFile.HUB_REGISTER_FAILED) Lazy<Scene> registerFailedScene) {
 		this.window = window;
 		this.hubConfig = hubConfig;
 		this.deviceId = deviceId;
@@ -104,11 +105,12 @@ public class RegisterDeviceController implements FxController {
 		var dto = new CreateDeviceDto();
 		dto.id = deviceId;
 		dto.name = deviceNameField.getText();
-		dto.publicKey = BaseEncoding.base64Url().omitPadding().encode(deviceKey);
+		dto.publicKey = Base64.getUrlEncoder().withoutPadding().encodeToString(deviceKey);
 		var json = GSON.toJson(dto); // TODO: do we want to keep GSON? doesn't support records -.-
 		var request = HttpRequest.newBuilder(keyUri) //
+				.PUT(HttpRequest.BodyPublishers.ofString(json, StandardCharsets.UTF_8)) //
 				.header("Authorization", "Bearer " + bearerToken) //
-				.header("Content-Type", "application/json").PUT(HttpRequest.BodyPublishers.ofString(json, StandardCharsets.UTF_8)) //
+				.header("Content-Type", "application/json") //
 				.build();
 		httpClient.sendAsync(request, HttpResponse.BodyHandlers.discarding()) //
 				.thenApply(response -> {

src/main/java/org/cryptomator/ui/keyloading/hub/RegisterFailedController.java

@@ -12,10 +12,10 @@ import java.util.concurrent.CompletableFuture;
 public class RegisterFailedController implements FxController {
 
 	private final Stage window;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 
 	@Inject
-	public RegisterFailedController(@KeyLoading Stage window, CompletableFuture<JWEObject> result) {
+	public RegisterFailedController(@KeyLoading Stage window, CompletableFuture<ReceivedKey> result) {
 		this.window = window;
 		this.result = result;
 	}

src/main/java/org/cryptomator/ui/keyloading/hub/UnauthorizedDeviceController.java

@@ -15,10 +15,10 @@ import java.util.concurrent.CompletableFuture;
 public class UnauthorizedDeviceController implements FxController {
 
 	private final Stage window;
-	private final CompletableFuture<JWEObject> result;
+	private final CompletableFuture<ReceivedKey> result;
 
 	@Inject
-	public UnauthorizedDeviceController(@KeyLoading Stage window, CompletableFuture<JWEObject> result) {
+	public UnauthorizedDeviceController(@KeyLoading Stage window, CompletableFuture<ReceivedKey> result) {
 		this.window = window;
 		this.result = result;
 		this.window.addEventHandler(WindowEvent.WINDOW_HIDING, this::windowClosed);