Feature: Add vault creation command (#101)

* Add vault creation command with default values

Author: infeo

src/main/java/module-info.java

@@ -10,6 +10,7 @@
     requires org.fusesource.jansi;
     requires ch.qos.logback.core;
     requires ch.qos.logback.classic;
+    requires org.cryptomator.cryptolib;
 
     provides Configurator with LogbackConfigurator;
 }

src/main/java/org/cryptomator/cli/Create.java

@@ -0,0 +1,97 @@
+package org.cryptomator.cli;
+
+import org.cryptomator.cryptofs.CryptoFileSystemProperties;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.CryptorProvider;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import picocli.CommandLine.ArgGroup;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Mixin;
+import picocli.CommandLine.Model;
+import picocli.CommandLine.Parameters;
+import picocli.CommandLine.Spec;
+
+import java.io.IOException;
+import java.net.URI;
+import java.nio.CharBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.util.concurrent.Callable;
+
+@Command(
+        name = "create",
+        header = "Creates a vault",
+        description = "Creates a new cryptomator vault at the specified path.",
+        parameterListHeading = "%nParameters:%n",
+        headerHeading = "Usage:%n%n",
+        synopsisHeading = "%n",
+        descriptionHeading = "%nDescription:%n%n",
+        optionListHeading = "%nOptions:%n",
+        mixinStandardHelpOptions = true)
+public class Create implements Callable<Integer> {
+
+    private static final Logger LOG = LoggerFactory.getLogger(Create.class);
+    private static final byte[] PEPPER = new byte[0];
+    private static final String MASTERKEY_FILE_NAME = "masterkey.cryptomator";
+    private static final URI DEFAULT_KEY_ID = URI.create("masterkeyfile:" + MASTERKEY_FILE_NAME);
+
+    @Spec Model.CommandSpec spec;
+    @Mixin LoggingMixin loggingMixin;
+
+    @Parameters(
+            index = "0",
+            paramLabel = "/path/to/vaultDirectory",
+            description = "Path to the vault directory")
+    Path pathToVault;
+
+    @ArgGroup(multiplicity = "1")
+    PasswordSource passwordSource;
+
+    private SecureRandom csprng = null;
+
+    @Override
+    public Integer call() throws Exception {
+        csprng = SecureRandom.getInstanceStrong();
+
+        try (var passphraseContainer = passwordSource.readPassphrase()) {
+            passwordSource.confirmPassphrase();
+
+            // Throw exception if there's something already there.
+            Files.createDirectory(pathToVault);
+
+            try (var masterkey = Masterkey.generate(csprng)) {
+                persistMasterkey(pathToVault, masterkey, passphraseContainer.content());
+                initializeVault(pathToVault, masterkey);
+            }
+        }
+
+        LOG.info("Vault created successfully in {}", pathToVault);
+        return 0;
+    }
+
+    private void persistMasterkey(Path path, Masterkey masterkey, char[] passphrase)
+            throws IOException {
+        Path masterkeyFilePath = path.resolve(MASTERKEY_FILE_NAME);
+        MasterkeyFileAccess masterkeyFileAccess = new MasterkeyFileAccess(PEPPER, csprng);
+        masterkeyFileAccess.persist(masterkey, masterkeyFilePath, CharBuffer.wrap(passphrase));
+    }
+
+    private void initializeVault(Path path, Masterkey masterkey) throws IOException {
+        CryptoFileSystemProperties fsProps =
+                CryptoFileSystemProperties.cryptoFileSystemProperties()
+                        .withCipherCombo(CryptorProvider.Scheme.SIV_GCM)
+                        .withKeyLoader(ignored -> masterkey.copy())
+                        .build();
+        try {
+            CryptoFileSystemProvider.initialize(path, fsProps, DEFAULT_KEY_ID);
+        } catch (CryptoException e) {
+            throw new IOException("Vault initialization failed", e);
+        }
+    }
+}

src/main/java/org/cryptomator/cli/CryptomatorCli.java

@@ -11,8 +11,8 @@
 @Command(name = "cryptomator-cli",
         mixinStandardHelpOptions = true,
         version = "${org.cryptomator.cli.version}",
-        description = "Unlocks a cryptomator vault and mounts it into the system.",
-        subcommands = { Unlock.class, ListMounters.class, CommandLine.HelpCommand.class})
+        description = "Manage Cryptomator vaults from the command line.",
+        subcommands = {Create.class, Unlock.class, ListMounters.class, CommandLine.HelpCommand.class})
 public class CryptomatorCli {
 
     private static final Logger LOG = LoggerFactory.getLogger(CryptomatorCli.class);

src/main/java/org/cryptomator/cli/PasswordSource.java

@@ -38,6 +38,23 @@ Passphrase readPassphrase() throws IOException {
         throw new IllegalStateException("Passphrase source not specified, but required.");
     }
 
+    void confirmPassphrase() throws IOException {
+        // Don't confirm the passphrase if stdin is piped.
+        if (passphraseStdin == null || System.console() == null) {
+            return;
+        }
+        char[] confirmationInput = System.console().readPassword("Confirm passphrase: ");
+        if (confirmationInput == null) {
+            throw new PassphraseNotConfirmedException("Passphrase confirmation failed (EOF reached).");
+        }
+        try (Passphrase confirmationPassphrase = new Passphrase(confirmationInput)) {
+            System.out.println("\n");
+            if (!Arrays.equals(passphraseStdin, confirmationPassphrase.content)) {
+                throw new PassphraseNotConfirmedException("Passphrase does not match. Please try again.");
+            }
+        }
+    }
+
     private Passphrase readPassphraseFromEnvironment() {
         LOG.debug("Reading passphrase from env variable '{}'", passphraseEnvironmentVariable);
         var tmp = System.getenv(passphraseEnvironmentVariable);
@@ -106,6 +123,12 @@ static class ReadingEnvironmentVariableFailedException extends PasswordSourceExc
         }
     }
 
+    static class PassphraseNotConfirmedException extends PasswordSourceException {
+      PassphraseNotConfirmedException(String msg) {
+        super(msg);
+      }
+    }
+
     record Passphrase(char[] content) implements AutoCloseable {
 
         @Override