restored compatibility with vaults created on the iOS app

This reverts commit 65550ce70f.

.travis.yml

@@ -1,4 +1,49 @@
 language: java
+
 jdk:
-  - oraclejdk8
-script: mvn -fmain/pom.xml clean package
+- oraclejdk8
+
+env:
+  global:
+    - secure: "Lgj042RD0X3rB8VZVZLWP1GetLhjd3PqI5JbJMlzgHJpDI6RkFIBLN9SWAGmkLPCehIp2zA5tu9+UVy0NNMxm9xz6SyjMCaxS28/fnYEXaNmwwDSF6O6gLUbdxyzoYIFPYOPmFxpzhebqnNIsxaM29oZpgRgUGqosCczQxiB+Ng=" #coveralls
+    - secure: "IfYURwZaDWuBDvyn47n0k1Zod/IQw1FF+CS5nnV08Q+NfC3vGGJMwV8m59XnbfwnWGxwvCaAbk4qP6s6+ijgZNKkvgfFMo3rfTok5zt43bIqgaFOANYV+OC/1c59gYD6ZUxhW5iNgMgU3qdsRtJuwSmfkVv/jKyLGfAbS4kN8BA=" #coverity
+
+before_install: "curl -L --cookie 'oraclelicense=accept-securebackup-cookie;'  http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -o /tmp/policy.zip && sudo unzip -j -o /tmp/policy.zip *.jar -d `jdk_switcher home oraclejdk8`/jre/lib/security && rm /tmp/policy.zip"
+
+script: mvn -fmain/pom.xml clean test
+
+after_success: mvn -fmain/pom.xml clean test jacoco:report coveralls:report
+
+notifications:
+  webhooks:
+    urls:
+    - https://webhooks.gitter.im/e/7d429ab35361726e26f2
+    on_success: change
+    on_failure: always
+    on_start: false
+  slack:
+    rooms:
+      secure: "lngJ/HEAFBbD5AdiO9avMqptKpZHdmEwOzS9FabZjkdFh7yAYueTk5RniPUvShjsKtThYm7cJ8AtDMDwc07NvPrzbMBRtUJGwuDT+7c7YFALGFJ1NYi+emkC9x1oafvmPgEYSE+tMKzNcwrHi3ytGgKdIotsKwaF35QNXYA9aMs="
+    on_success: change
+    on_failure: always
+
+before_deploy: mvn -fmain/pom.xml -Puber-jar clean package -DskipTests
+
+addons:
+  coverity_scan:
+    project:
+      name: "cryptomator/cryptomator"
+    notification_email: sebastian.stenzel@cryptomator.org
+    build_command: "mvn -fmain/pom.xml clean test -DskipTests"
+    branch_pattern: coverity_scan
+
+deploy:
+  provider: releases
+  prerelease: true
+  api_key:
+    secure: "ZjE1j93v3qbPIe2YbmhS319aCbMdLQw0HuymmluTurxXsZtn9D4t2+eTr99vBVxGRuB5lzzGezPR5zjk5W7iHF7xhwrawXrFzr2rPJWzWFt0aM+Ry2njU1ROTGGXGTbv4anWeBlgMxLEInTAy/9ytOGNJlec83yc0THpOY2wxnk="
+  file: main/uber-jar/target/Cryptomator-$TRAVIS_TAG.jar
+  skip_cleanup: true
+  on:
+    repo: cryptomator/cryptomator
+    tags: true

LICENSES/BSD-License.txt

@@ -1,12 +1,27 @@
-Copyright (c) <YEAR>, <OWNER>
+Copyright (c) [year], [fullname]
 All rights reserved.
 
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
 
-1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
 
-2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
 
-3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+* Neither the name of [project] nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSES/BSD-Simplified-License.txt

@@ -0,0 +1,23 @@
+Copyright (c) [year], [fullname]
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

NOTICE.md

@@ -4,53 +4,14 @@ Copyright (c) 2014, Sebastian Stenzel
 Cryptomator is licensed under the MIT license. The details can be found in the accompanying license file.
 
 ## Third party softwares
+Cryptomator uses third party libraries and fonts that may be licensed under different licenses.
 
-Cryptomator uses third party softwares that may be licensed under different licenses.
+### AquaFX
+The ProgressIndicator in ui/src/main/resource/css/mac_theme.css contains code from the AquaFX project.
 
+Copyright 2013 Claudine Zillmann (http://aquafx-project.com/)
 
-### Jackson
-Jackson is a high-performance, Free/Open Source JSON processing library.
-It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has
-been in development since 2007.
-It is currently developed by a community of developers, as well as supported
-commercially by FasterXML.com.
-
-**Licensing:** Jackson core and extension components may licensed under different licenses.
-To find the details that apply to this artifact see the accompanying Apache 2.0 license file.
-For more information, including possible other licensing options, contact
-FasterXML.com (http://fasterxml.com).
-
-**Credits:** A list of contributors may be found from CREDITS file, which is included
-in some artifacts (usually source distributions); but is always available
-from the source code management (SCM) system project uses.
-
-
-### Jetty
-Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
-
-All rights reserved. This program and the accompanying materials
-are made available under the terms of the Eclipse Public License v1.0
-and Apache License v2.0 which accompanies this distribution.
-
-The UnixCrypt.java code implements the one way cryptography used by
-Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
-modified April 2001  by Iris Van den Broeke, Daniel Deville.
-Permission to use, copy, modify and distribute UnixCrypt
-for non-commercial or commercial purposes and without fee is
-granted provided that the copyright notice appears in all copies.
-
-
-### Jackrabbit WebDAV Library
-Copyright 2004-2014 The Apache Software Foundation
-
-This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
-
-Based on source code originally developed by Day Software (http://www.day.com/).
-
-### Apache Jakarta HttpClient
-Copyright 1999-2007 The Apache Software Foundation
-
-This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+Licensed under the accompanying BSD license file.
 
 ### Apache Commons Collections
 Copyright 2001-2013 The Apache Software Foundation
@@ -83,6 +44,22 @@ Copyright (c) 2013, ControlsFX
 
 Licensed under the accompanying BSD license file.
 
+### Dagger 2
+Copyright 2014 Google, Inc.
+Copyright 2012 Square, Inc.
+
+Licensed under the Apache License, Version 2.0
+
+### EasyBind
+Copyright (c) 2014, TomasMikula
+
+Licensed under the accompanying BSD simplified license.
+
+### Apache Jakarta HttpClient
+Copyright 1999-2007 The Apache Software Foundation
+
+This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
+
 ### Apache Log4j
 Copyright 1999-2012 Apache Software Foundation
 
@@ -90,7 +67,49 @@ This product includes software developed at The Apache Software Foundation (http
 
 ResolverUtil.java Copyright 2005-2006 Tim Fennell
 
+### Ionicons
+Copyright (c) 2016 Drifty (http://drifty.com/)
+
+ionicons.ttf Licensed under the accompanying MIT license
+
+### Jackrabbit WebDAV Library
+Copyright 2004-2014 The Apache Software Foundation
+
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+
+Based on source code originally developed by Day Software (http://www.day.com/).
+
+### Jackson
+Jackson is a high-performance, Free/Open Source JSON processing library.
+It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has
+been in development since 2007.
+It is currently developed by a community of developers, as well as supported
+commercially by FasterXML.com.
+
+**Licensing:** Jackson core and extension components may licensed under different licenses.
+To find the details that apply to this artifact see the accompanying Apache 2.0 license file.
+For more information, including possible other licensing options, contact
+FasterXML.com (http://fasterxml.com).
+
+**Credits:** A list of contributors may be found from CREDITS file, which is included
+in some artifacts (usually source distributions); but is always available
+from the source code management (SCM) system project uses.
+
+### Jetty
+Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License v1.0
+and Apache License v2.0 which accompanies this distribution.
+
+The UnixCrypt.java code implements the one way cryptography used by
+Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
+modified April 2001  by Iris Van den Broeke, Daniel Deville.
+Permission to use, copy, modify and distribute UnixCrypt
+for non-commercial or commercial purposes and without fee is
+granted provided that the copyright notice appears in all copies.
+
 ### JUnit
 Copyright (c) 2000-2006, www.hamcrest.org
 
-Licensed under the accompanying BSD license file.
+Licensed under the accompanying BSD license file.

README.md

@@ -1,47 +1,44 @@
 Cryptomator
 ====================
 
-Multiplatform transparent client-side encryption of your files in the cloud. You need Java 8 in order to run the application. Get the runtime environment here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
+[![Build Status](https://travis-ci.org/cryptomator/cryptomator.svg?branch=master)](https://travis-ci.org/cryptomator/cryptomator)
+[![Join the chat at https://gitter.im/cryptomator/cryptomator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/cryptomator/cryptomator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-If you want to take a look at the current beta version, go ahead and download [Cryptomator.dmg](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.dmg), [Cryptomator.exe](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.exe) or [Cryptomator.jar](https://github.com/totalvoidness/cryptomator/releases/download/v0.3.0/Cryptomator.jar).
+Multiplatform transparent client-side encryption of your files in the cloud.
+
+If you want to take a look at the current beta version, go ahead and get your copy of cryptomator on  [Cryptomator.org](https://cryptomator.org) or clone and build Cryptomator using Maven (instructions below).
 
 ## Features
-- Totally transparent: Just work on the encrypted volume, as if it was an USB drive
-- Works with Dropbox, OneDrive (Skydrive), Google Drive and any other cloud storage, that syncs with a local directory
+- Totally transparent: Just work on the encrypted volume, as if it was an USB flash drive
+- Works with Dropbox, OneDrive (Skydrive), Google Drive and any other cloud storage, that syncs with a local directory.
 - In fact it works with any directory. You can use it to encrypt as many folders as you like
-- AES encryption with up to 256 bit key length
+- AES encryption with 256-bit key length
 - Client-side. No accounts, no data shared with any online service
 - Filenames get encrypted too
 - No need to provide credentials for any 3rd party service
 - Open Source means: No backdoors. Control is better than trust
-- Use as many encrypted folders in your dropbox as you want. Each having individual passwords
+- Use as many encrypted folders in your Dropbox as you want. Each having individual passwords
+- No commercial interest, no government agency, no wasted taxpayers' money ;-)
 
-## Security
-- Default key length is 256 bit (falls back to 128 bit, if JCE isn't installed)
-- Scrypt key generation
-- Cryptographically secure random numbers for salts, IVs and the masterkey of course
+### Privacy
+- 256 bit keys (unlimited strength policy bundled with native binaries - 128-bit elsewhere)
+- Scrypt key derivation
+- Cryptographically secure random numbers for salts, IVs and the master key of course
 - Sensitive data is swiped from the heap asap
-- Lightweight: Complexity kills security
+- Lightweight: [Complexity kills security](https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html)
 
-## Consistency
-- I/O operations are transactional and atomic, if the file systems supports it
-- ~~Metadata is stored per-folder, so it's not a SPOF~~
-- *NEW:* No Metadata at all. Encrypted files can be decrypted even on completely shuffled file systems (if their contents are undamaged).
+### Consistency
+- HMAC over file contents to recognize changed ciphertext before decryption
+- I/O operations are transactional and atomic, if the file systems support it
+- Each file contains all information needed for decryption (except for the key of course). No common metadata means no [SPOF](http://en.wikipedia.org/wiki/Single_point_of_failure)
 
-## Dependencies
-- Java 8
-- see pom.xml ;-)
+## Building
 
-## TODO
-
-### UI
-- Native L&F
-- Drive icons in WebDAV volumes
-- Change password functionality
-- Better explanations on UI
+#### Dependencies
+* Java 8 + JCE unlimited strength policy files (needed for 256-bit keys)
+* Maven 3
+* Optional: OS-dependent build tools for native packaging (See [Windows](https://github.com/cryptomator/cryptomator-win), [OS X](https://github.com/cryptomator/cryptomator-osx), [Debian](https://github.com/cryptomator/cryptomator-deb))
 
 ## License
 
-Distributed under the MIT X Consortium license license. See the LICENSE file for more info.
-
-[![Build Status](https://travis-ci.org/totalvoidness/cryptomator.svg?branch=master)](https://travis-ci.org/totalvoidness/cryptomator)
+Distributed under the MIT X Consortium license. See the LICENSE file for more info.

main/commons-test/pom.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) 2015 Markus Kreusch This file is licensed under the terms 
+	of the MIT license. See the LICENSE.txt file for more info. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.cryptomator</groupId>
+		<artifactId>main</artifactId>
+		<version>1.0.0</version>
+	</parent>
+	<artifactId>commons-test</artifactId>
+	<name>Cryptomator common test dependencies</name>
+	<description>Shared utilities for tests</description>
+
+	<dependencies>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>de.bechte.junit</groupId>
+			<artifactId>junit-hierarchicalcontextrunner</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-all</artifactId>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>commons</artifactId>
+		</dependency>
+	</dependencies>
+
+</project>

main/commons-test/src/main/java/org/cryptomator/common/test/TempFilesRemovedOnShutdown.java

@@ -0,0 +1,73 @@
+package org.cryptomator.common.test;
+
+import static java.nio.file.Files.walkFileTree;
+import static java.util.Collections.synchronizedSet;
+
+import java.io.IOException;
+import java.nio.file.FileVisitResult;
+import java.nio.file.FileVisitor;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TempFilesRemovedOnShutdown {
+
+	private static final Logger LOG = LoggerFactory.getLogger(TempFilesRemovedOnShutdown.class);
+
+	private static final Set<Path> PATHS_TO_REMOVE_ON_SHUTDOWN = synchronizedSet(new HashSet<>());
+	private static final Thread ON_SHUTDOWN_DELETER = new Thread(TempFilesRemovedOnShutdown::removeAll);
+
+	static {
+		Runtime.getRuntime().addShutdownHook(ON_SHUTDOWN_DELETER);
+	}
+
+	public static Path createTempDirectory(String prefix) throws IOException {
+		Path path = Files.createTempDirectory(prefix);
+		PATHS_TO_REMOVE_ON_SHUTDOWN.add(path);
+		return path;
+	}
+
+	private static void removeAll() {
+		PATHS_TO_REMOVE_ON_SHUTDOWN.forEach(TempFilesRemovedOnShutdown::remove);
+	}
+
+	private static void remove(Path path) {
+		try {
+			tryRemove(path);
+		} catch (Throwable e) {
+			LOG.debug("Failed to remove " + path, e);
+		}
+	}
+
+	private static void tryRemove(Path path) throws IOException {
+		walkFileTree(path, new FileVisitor<Path>() {
+			@Override
+			public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException {
+				return FileVisitResult.CONTINUE;
+			}
+
+			@Override
+			public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
+				Files.delete(file);
+				return FileVisitResult.CONTINUE;
+			}
+
+			@Override
+			public FileVisitResult visitFileFailed(Path file, IOException exc) throws IOException {
+				return FileVisitResult.CONTINUE;
+			}
+
+			@Override
+			public FileVisitResult postVisitDirectory(Path dir, IOException exc) throws IOException {
+				Files.delete(dir);
+				return FileVisitResult.CONTINUE;
+			}
+		});
+	}
+
+}

main/commons-test/src/main/java/org/cryptomator/common/test/matcher/ContainsMatcher.java

@@ -0,0 +1,27 @@
+package org.cryptomator.common.test.matcher;
+
+import org.hamcrest.Matcher;
+import org.hamcrest.Matchers;
+
+/**
+ * Wraps hamcrest contains and containsInAnyOrder matcher factory methods to
+ * avoid problems due to incorrect / inconsistent handling of generics by
+ * several java compilers.
+ * 
+ * @author Markus Kreusch
+ */
+public class ContainsMatcher {
+
+	@SuppressWarnings({ "unchecked" })
+	@SafeVarargs
+	public static <T> Matcher<Iterable<? super T>> containsInAnyOrder(Matcher<? extends T>... matchers) {
+		return Matchers.containsInAnyOrder((Matcher[]) matchers);
+	}
+
+	@SuppressWarnings({ "unchecked" })
+	@SafeVarargs
+	public static <T> Matcher<Iterable<? super T>> contains(Matcher<? extends T>... matchers) {
+		return Matchers.contains((Matcher[]) matchers);
+	}
+
+}

main/commons-test/src/main/java/org/cryptomator/common/test/matcher/ExceptionMatcher.java

@@ -0,0 +1,48 @@
+package org.cryptomator.common.test.matcher;
+
+import java.util.Optional;
+
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+
+public class ExceptionMatcher<T extends Throwable> extends TypeSafeDiagnosingMatcher<T> {
+
+	public static <T extends Throwable> ExceptionMatcher<T> ofType(Class<T> exceptionType) {
+		return new ExceptionMatcher<>(exceptionType);
+	}
+
+	private final Class<T> exceptionType;
+	private final Optional<Matcher<T>> subMatcher;
+
+	private ExceptionMatcher(Class<T> exceptionType) {
+		super(exceptionType);
+		this.exceptionType = exceptionType;
+		this.subMatcher = Optional.empty();
+	}
+
+	private ExceptionMatcher(Class<T> exceptionType, Matcher<T> subMatcher) {
+		super(exceptionType);
+		this.exceptionType = exceptionType;
+		this.subMatcher = Optional.of(subMatcher);
+	}
+
+	@Override
+	public void describeTo(Description description) {
+		subMatcher.ifPresent(description::appendDescriptionOf);
+	}
+
+	@Override
+	protected boolean matchesSafely(T item, Description mismatchDescription) {
+		if (subMatcher.map(matcher -> !matcher.matches(item)).orElse(false)) {
+			subMatcher.get().describeMismatch(item, mismatchDescription);
+			return false;
+		}
+		return true;
+	}
+
+	public Matcher<T> withCauseThat(Matcher<? super Throwable> matcher) {
+		return new ExceptionMatcher<T>(exceptionType, new PropertyMatcher<>(exceptionType, Throwable::getCause, "cause", matcher));
+	}
+
+}

main/commons-test/src/main/java/org/cryptomator/common/test/matcher/OptionalMatcher.java

@@ -0,0 +1,61 @@
+package org.cryptomator.common.test.matcher;
+
+import java.util.Optional;
+
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+
+public class OptionalMatcher {
+
+	public static <T> Matcher<Optional<T>> presentOptionalWithValueThat(Matcher<? super T> valueMatcher) {
+		return new TypeSafeDiagnosingMatcher<Optional<T>>(Optional.class) {
+			@Override
+			public void describeTo(Description description) {
+				description //
+						.appendText("a present Optional with a value that ") //
+						.appendDescriptionOf(valueMatcher);
+			}
+
+			@Override
+			protected boolean matchesSafely(Optional<T> item, Description mismatchDescription) {
+				if (item.isPresent()) {
+					if (valueMatcher.matches(item.get())) {
+						return true;
+					} else {
+						mismatchDescription.appendText("a present Optional with value that ");
+						valueMatcher.describeMismatch(item, mismatchDescription);
+						return false;
+					}
+				} else {
+					mismatchDescription.appendText("an empty Optional");
+					return false;
+				}
+
+			}
+
+		};
+	}
+
+	public static <T> Matcher<Optional<T>> emptyOptional() {
+		return new TypeSafeDiagnosingMatcher<Optional<T>>(Optional.class) {
+			@Override
+			public void describeTo(Description description) {
+				description.appendText("an empty Optional");
+			}
+
+			@Override
+			protected boolean matchesSafely(Optional<T> item, Description mismatchDescription) {
+				if (item.isPresent()) {
+					mismatchDescription.appendText("a present Optional of ").appendValue(item.get());
+					return false;
+				} else {
+					return true;
+				}
+
+			}
+
+		};
+	}
+
+}

main/commons-test/src/main/java/org/cryptomator/common/test/matcher/PropertyMatcher.java

@@ -0,0 +1,55 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.common.test.matcher;
+
+import java.util.function.Function;
+
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+
+public class PropertyMatcher<T, P> extends TypeSafeDiagnosingMatcher<T> {
+
+	private final Class<T> expectedType;
+	private final Function<? super T, P> getter;
+	private final String name;
+	private final Matcher<? super P> subMatcher;
+
+	public PropertyMatcher(Class<T> type, Function<? super T, P> getter, String name, Matcher<? super P> subMatcher) {
+		super(type);
+		this.expectedType = type;
+		this.getter = getter;
+		this.name = name;
+		this.subMatcher = subMatcher;
+	}
+
+	@Override
+	public void describeTo(Description description) {
+		description.appendText("a ") //
+				.appendText(expectedType.getSimpleName()) //
+				.appendText(" with a ") //
+				.appendText(name) //
+				.appendText(" that ") //
+				.appendDescriptionOf(subMatcher);
+	}
+
+	@Override
+	protected boolean matchesSafely(T item, Description mismatchDescription) {
+		P propertyValue = getter.apply(item);
+		if (subMatcher.matches(propertyValue)) {
+			return true;
+		} else {
+			mismatchDescription.appendText("a ") //
+					.appendText(expectedType.getSimpleName()) //
+					.appendText(" with a ") //
+					.appendText(name) //
+					.appendText(" that ");
+			subMatcher.describeMismatch(propertyValue, mismatchDescription);
+			return false;
+		}
+	}
+
+}

main/commons-test/src/main/java/org/cryptomator/common/test/mockito/Answers.java

@@ -0,0 +1,61 @@
+package org.cryptomator.common.test.mockito;
+
+import static java.util.Arrays.asList;
+
+import java.util.function.Consumer;
+
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+
+public class Answers {
+
+	public static <T> Answer<T> collectParameters(Answer<T> answer, Consumer<?>... parameterConsumers) {
+		return new Answer<T>() {
+			@SuppressWarnings({"rawtypes", "unchecked"})
+			@Override
+			public T answer(InvocationOnMock invocation) throws Throwable {
+				for (int i = 0; i < invocation.getArguments().length; i++) {
+					if (parameterConsumers.length > i) {
+						((Consumer) parameterConsumers[i]).accept(invocation.getArguments()[i]);
+					}
+				}
+				return answer.answer(invocation);
+			}
+		};
+
+	}
+
+	@SafeVarargs
+	public static <T> Answer<T> consecutiveAnswers(Answer<T>... answers) {
+		if (answers == null || answers.length == 0) {
+			throw new IllegalArgumentException("Required at least one answer");
+		}
+		if (asList(answers).contains(null)) {
+			throw new IllegalArgumentException("No answers must be null");
+		}
+		return new Answer<T>() {
+			private int nextIndex = 0;
+
+			@Override
+			public T answer(InvocationOnMock invocation) throws Throwable {
+				try {
+					return answers[nextIndex].answer(invocation);
+				} finally {
+					nextIndex = (nextIndex + 1) % answers.length;
+				}
+			}
+
+		};
+	}
+
+	public static <T> Answer<T> value(T value) {
+		return new Answer<T>() {
+			@Override
+			public T answer(InvocationOnMock invocation) throws Throwable {
+				return value;
+			}
+
+		};
+	}
+
+}

main/commons/pom.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) 2015 Markus Kreusch This file is licensed under the terms 
+	of the MIT license. See the LICENSE.txt file for more info. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.cryptomator</groupId>
+		<artifactId>main</artifactId>
+		<version>1.0.0</version>
+	</parent>
+	<artifactId>commons</artifactId>
+	<name>Cryptomator common</name>
+	<description>Shared utilities</description>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+		</dependency>
+	
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>de.bechte.junit</groupId>
+			<artifactId>junit-hierarchicalcontextrunner</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-all</artifactId>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+</project>

main/commons/src/main/java/org/cryptomator/common/CachingSupplier.java

@@ -0,0 +1,26 @@
+package org.cryptomator.common;
+
+import java.util.function.Supplier;
+
+public class CachingSupplier<T> implements Supplier<T> {
+
+	public static <T> Supplier<T> from(Supplier<T> delegate) {
+		return new CachingSupplier<>(delegate);
+	}
+
+	private Supplier<T> delegate;
+
+	private CachingSupplier(Supplier<T> delegate) {
+		this.delegate = () -> {
+			T result = delegate.get();
+			CachingSupplier.this.delegate = () -> result;
+			return result;
+		};
+	}
+
+	@Override
+	public T get() {
+		return delegate.get();
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/ConsumerThrowingException.java

@@ -0,0 +1,8 @@
+package org.cryptomator.common;
+
+@FunctionalInterface
+public interface ConsumerThrowingException<T, E extends Exception> {
+
+	void accept(T t) throws E;
+
+}

main/commons/src/main/java/org/cryptomator/common/Holder.java

@@ -0,0 +1,34 @@
+package org.cryptomator.common;
+
+import java.util.function.Consumer;
+import java.util.function.Supplier;
+
+public class Holder<V> implements Supplier<V>, Consumer<V> {
+
+	private final V initial;
+
+	private V value;
+
+	public <W extends V> Holder(W initial) {
+		this.initial = initial;
+		reset();
+	}
+
+	public V get() {
+		return value;
+	}
+
+	public void set(V value) {
+		this.value = value;
+	}
+
+	public void reset() {
+		set(initial);
+	}
+
+	@Override
+	public void accept(V value) {
+		set(value);
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/LazyInitializer.java

@@ -0,0 +1,33 @@
+package org.cryptomator.common;
+
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.function.Supplier;
+
+public final class LazyInitializer {
+
+	private LazyInitializer() {
+	}
+
+	/**
+	 * Threadsafe lazy initialization pattern as proposed on http://stackoverflow.com/a/30247202/4014509
+	 * 
+	 * @param <T> Type of the value
+	 * @param reference A reference to a maybe not yet initialized value.
+	 * @param factory A factory providing a value for the reference, if it doesn't exist yet. The factory may be invoked multiple times, but only one result will survive.
+	 * @return The initialized value
+	 */
+	public static <T> T initializeLazily(AtomicReference<T> reference, Supplier<T> factory) {
+		final T existingInstance = reference.get();
+		if (existingInstance != null) {
+			return existingInstance;
+		} else {
+			final T newInstance = factory.get();
+			if (reference.compareAndSet(null, newInstance)) {
+				return newInstance;
+			} else {
+				return reference.get();
+			}
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/Optionals.java

@@ -0,0 +1,17 @@
+package org.cryptomator.common;
+
+import java.util.Optional;
+
+public final class Optionals {
+
+	private Optionals() {
+	}
+
+	public static <T, E extends Exception> void ifPresent(Optional<T> optional, ConsumerThrowingException<T, E> consumer) throws E {
+		final T t = optional.orElse(null);
+		if (t != null) {
+			consumer.accept(t);
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/RunnableThrowingException.java

@@ -0,0 +1,8 @@
+package org.cryptomator.common;
+
+@FunctionalInterface
+public interface RunnableThrowingException<T extends Exception> {
+
+	void run() throws T;
+
+}

main/commons/src/main/java/org/cryptomator/common/WeakValuedCache.java

@@ -0,0 +1,48 @@
+package org.cryptomator.common;
+
+import java.util.concurrent.ExecutionException;
+import java.util.function.BiConsumer;
+import java.util.function.Function;
+
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.ExecutionError;
+import com.google.common.util.concurrent.UncheckedExecutionException;
+
+public class WeakValuedCache<Key, Value> {
+
+	private final LoadingCache<Key, Value> delegate;
+
+	private WeakValuedCache(Function<Key, Value> loader) {
+		delegate = CacheBuilder.newBuilder() //
+				.weakValues() //
+				.build(new CacheLoader<Key, Value>() {
+					@Override
+					public Value load(Key key) {
+						return loader.apply(key);
+					}
+				});
+	}
+
+	public static <Key, Value> WeakValuedCache<Key, Value> usingLoader(Function<Key, Value> loader) {
+		return new WeakValuedCache<>(loader);
+	}
+
+	public Value get(Key key) {
+		try {
+			return delegate.get(key);
+		} catch (ExecutionException e) {
+			throw new IllegalStateException("No checked exception can be thrown by loader", e);
+		} catch (UncheckedExecutionException e) {
+			throw (RuntimeException) e.getCause();
+		} catch (ExecutionError e) {
+			throw (Error) e.getCause();
+		}
+	}
+
+	public void forEach(BiConsumer<Key, Value> function) {
+		delegate.asMap().forEach(function);
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/AutoClosingDoubleStream.java

@@ -0,0 +1,178 @@
+package org.cryptomator.common.streams;
+
+import static org.cryptomator.common.streams.AutoClosingStreamFactory.AUTO_CLOSING_STREAM_FACTORY;
+
+import java.util.DoubleSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.function.BiConsumer;
+import java.util.function.DoubleBinaryOperator;
+import java.util.function.DoubleConsumer;
+import java.util.function.DoublePredicate;
+import java.util.function.ObjDoubleConsumer;
+import java.util.function.Supplier;
+import java.util.stream.DoubleStream;
+
+public class AutoClosingDoubleStream extends DelegatingDoubleStream {
+
+	public static DoubleStream from(DoubleStream delegate) {
+		return new AutoClosingDoubleStream(delegate);
+	}
+
+	public AutoClosingDoubleStream(DoubleStream delegate) {
+		super(delegate, AUTO_CLOSING_STREAM_FACTORY);
+	}
+
+	@Override
+	public void forEach(DoubleConsumer action) {
+		try {
+			super.forEach(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public void forEachOrdered(DoubleConsumer action) {
+		try {
+			super.forEachOrdered(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public double[] toArray() {
+		try {
+			return super.toArray();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public double reduce(double identity, DoubleBinaryOperator op) {
+		try {
+			return super.reduce(identity, op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble reduce(DoubleBinaryOperator op) {
+		try {
+			return super.reduce(op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public <R> R collect(Supplier<R> supplier, ObjDoubleConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		try {
+			return super.collect(supplier, accumulator, combiner);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public double sum() {
+		try {
+			return super.sum();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble min() {
+		try {
+			return super.min();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble max() {
+		try {
+			return super.max();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long count() {
+		try {
+			return super.count();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble average() {
+		try {
+			return super.average();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public DoubleSummaryStatistics summaryStatistics() {
+		try {
+			return super.summaryStatistics();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean anyMatch(DoublePredicate predicate) {
+		try {
+			return super.anyMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean allMatch(DoublePredicate predicate) {
+		try {
+			return super.allMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean noneMatch(DoublePredicate predicate) {
+		try {
+			return super.noneMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble findFirst() {
+		try {
+			return super.findFirst();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble findAny() {
+		try {
+			return super.findAny();
+		} finally {
+			close();
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/AutoClosingIntStream.java

@@ -0,0 +1,179 @@
+package org.cryptomator.common.streams;
+
+import static org.cryptomator.common.streams.AutoClosingStreamFactory.AUTO_CLOSING_STREAM_FACTORY;
+
+import java.util.IntSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.OptionalInt;
+import java.util.function.BiConsumer;
+import java.util.function.IntBinaryOperator;
+import java.util.function.IntConsumer;
+import java.util.function.IntPredicate;
+import java.util.function.ObjIntConsumer;
+import java.util.function.Supplier;
+import java.util.stream.IntStream;
+
+public class AutoClosingIntStream extends DelegatingIntStream {
+
+	public static IntStream from(IntStream delegate) {
+		return new AutoClosingIntStream(delegate);
+	}
+
+	public AutoClosingIntStream(IntStream delegate) {
+		super(delegate, AUTO_CLOSING_STREAM_FACTORY);
+	}
+
+	@Override
+	public void forEach(IntConsumer action) {
+		try {
+			super.forEach(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public void forEachOrdered(IntConsumer action) {
+		try {
+			super.forEachOrdered(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public int[] toArray() {
+		try {
+			return super.toArray();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public int reduce(int identity, IntBinaryOperator op) {
+		try {
+			return super.reduce(identity, op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalInt reduce(IntBinaryOperator op) {
+		try {
+			return super.reduce(op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public <R> R collect(Supplier<R> supplier, ObjIntConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		try {
+			return super.collect(supplier, accumulator, combiner);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public int sum() {
+		try {
+			return super.sum();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalInt min() {
+		try {
+			return super.min();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalInt max() {
+		try {
+			return super.max();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long count() {
+		try {
+			return super.count();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble average() {
+		try {
+			return super.average();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public IntSummaryStatistics summaryStatistics() {
+		try {
+			return super.summaryStatistics();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean anyMatch(IntPredicate predicate) {
+		try {
+			return super.anyMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean allMatch(IntPredicate predicate) {
+		try {
+			return super.allMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean noneMatch(IntPredicate predicate) {
+		try {
+			return super.noneMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalInt findFirst() {
+		try {
+			return super.findFirst();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalInt findAny() {
+		try {
+			return super.findAny();
+		} finally {
+			close();
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/AutoClosingLongStream.java

@@ -0,0 +1,179 @@
+package org.cryptomator.common.streams;
+
+import static org.cryptomator.common.streams.AutoClosingStreamFactory.AUTO_CLOSING_STREAM_FACTORY;
+
+import java.util.LongSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.OptionalLong;
+import java.util.function.BiConsumer;
+import java.util.function.LongBinaryOperator;
+import java.util.function.LongConsumer;
+import java.util.function.LongPredicate;
+import java.util.function.ObjLongConsumer;
+import java.util.function.Supplier;
+import java.util.stream.LongStream;
+
+public class AutoClosingLongStream extends DelegatingLongStream {
+
+	public static LongStream from(LongStream delegate) {
+		return new AutoClosingLongStream(delegate);
+	}
+
+	public AutoClosingLongStream(LongStream delegate) {
+		super(delegate, AUTO_CLOSING_STREAM_FACTORY);
+	}
+
+	@Override
+	public void forEach(LongConsumer action) {
+		try {
+			super.forEach(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public void forEachOrdered(LongConsumer action) {
+		try {
+			super.forEachOrdered(action);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long[] toArray() {
+		try {
+			return super.toArray();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long reduce(long identity, LongBinaryOperator op) {
+		try {
+			return super.reduce(identity, op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalLong reduce(LongBinaryOperator op) {
+		try {
+			return super.reduce(op);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public <R> R collect(Supplier<R> supplier, ObjLongConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		try {
+			return super.collect(supplier, accumulator, combiner);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long sum() {
+		try {
+			return super.sum();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalLong min() {
+		try {
+			return super.min();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalLong max() {
+		try {
+			return super.max();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public long count() {
+		try {
+			return super.count();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalDouble average() {
+		try {
+			return super.average();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public LongSummaryStatistics summaryStatistics() {
+		try {
+			return super.summaryStatistics();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean anyMatch(LongPredicate predicate) {
+		try {
+			return super.anyMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean allMatch(LongPredicate predicate) {
+		try {
+			return super.allMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public boolean noneMatch(LongPredicate predicate) {
+		try {
+			return super.noneMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalLong findFirst() {
+		try {
+			return super.findFirst();
+		} finally {
+			close();
+		}
+	}
+
+	@Override
+	public OptionalLong findAny() {
+		try {
+			return super.findAny();
+		} finally {
+			close();
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/AutoClosingStream.java

@@ -0,0 +1,173 @@
+package org.cryptomator.common.streams;
+
+import static org.cryptomator.common.streams.AutoClosingStreamFactory.AUTO_CLOSING_STREAM_FACTORY;
+
+import java.util.Comparator;
+import java.util.Optional;
+import java.util.function.BiConsumer;
+import java.util.function.BiFunction;
+import java.util.function.BinaryOperator;
+import java.util.function.Consumer;
+import java.util.function.IntFunction;
+import java.util.function.Predicate;
+import java.util.function.Supplier;
+import java.util.stream.Collector;
+import java.util.stream.Stream;
+
+/**
+ * <p>
+ * A Stream which is automatically closed after execution of a terminal operation.
+ * <p>
+ * Streams returned by intermediate operations are also auto closing.
+ * <p>
+ * <b>Note:</b> When using {@link #iterator()} or {@link #spliterator()} auto closing does not occur.
+ * 
+ * @author Markus Kreusch
+ */
+public class AutoClosingStream<T> extends DelegatingStream<T> {
+
+	public static <T> Stream<T> from(Stream<T> delegate) {
+		return new AutoClosingStream<>(delegate);
+	}
+
+	private AutoClosingStream(Stream<T> delegate) {
+		super(delegate, AUTO_CLOSING_STREAM_FACTORY);
+	}
+
+	public void forEach(Consumer<? super T> action) {
+		try {
+			super.forEach(action);
+		} finally {
+			close();
+		}
+	}
+
+	public void forEachOrdered(Consumer<? super T> action) {
+		try {
+			super.forEachOrdered(action);
+		} finally {
+			close();
+		}
+	}
+
+	public Object[] toArray() {
+		try {
+			return super.toArray();
+		} finally {
+			close();
+		}
+	}
+
+	public <A> A[] toArray(IntFunction<A[]> generator) {
+		try {
+			return super.toArray(generator);
+		} finally {
+			close();
+		}
+	}
+
+	public T reduce(T identity, BinaryOperator<T> accumulator) {
+		try {
+			return super.reduce(identity, accumulator);
+		} finally {
+			close();
+		}
+	}
+
+	public Optional<T> reduce(BinaryOperator<T> accumulator) {
+		try {
+			return super.reduce(accumulator);
+		} finally {
+			close();
+		}
+	}
+
+	public <U> U reduce(U identity, BiFunction<U, ? super T, U> accumulator, BinaryOperator<U> combiner) {
+		try {
+			return super.reduce(identity, accumulator, combiner);
+		} finally {
+			close();
+		}
+	}
+
+	public <R> R collect(Supplier<R> supplier, BiConsumer<R, ? super T> accumulator, BiConsumer<R, R> combiner) {
+		try {
+			return super.collect(supplier, accumulator, combiner);
+		} finally {
+			close();
+		}
+	}
+
+	public <R, A> R collect(Collector<? super T, A, R> collector) {
+		try {
+			return super.collect(collector);
+		} finally {
+			close();
+		}
+	}
+
+	public Optional<T> min(Comparator<? super T> comparator) {
+		try {
+			return super.min(comparator);
+		} finally {
+			close();
+		}
+	}
+
+	public Optional<T> max(Comparator<? super T> comparator) {
+		try {
+			return super.max(comparator);
+		} finally {
+			close();
+		}
+	}
+
+	public long count() {
+		try {
+			return super.count();
+		} finally {
+			close();
+		}
+	}
+
+	public boolean anyMatch(Predicate<? super T> predicate) {
+		try {
+			return super.anyMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	public boolean allMatch(Predicate<? super T> predicate) {
+		try {
+			return super.allMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	public boolean noneMatch(Predicate<? super T> predicate) {
+		try {
+			return super.noneMatch(predicate);
+		} finally {
+			close();
+		}
+	}
+
+	public Optional<T> findFirst() {
+		try {
+			return super.findFirst();
+		} finally {
+			close();
+		}
+	}
+
+	public Optional<T> findAny() {
+		try {
+			return super.findAny();
+		} finally {
+			close();
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/AutoClosingStreamFactory.java

@@ -0,0 +1,51 @@
+package org.cryptomator.common.streams;
+
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+class AutoClosingStreamFactory implements DelegatingStreamFactory {
+
+	public static final DelegatingStreamFactory AUTO_CLOSING_STREAM_FACTORY = new AutoClosingStreamFactory();
+
+	private AutoClosingStreamFactory() {
+	}
+
+	@Override
+	public <S> Stream<S> from(Stream<S> other) {
+		if (AutoClosingStream.class.isInstance(other)) {
+			return other;
+		} else {
+			return AutoClosingStream.from(other);
+		}
+	}
+
+	@Override
+	public IntStream from(IntStream other) {
+		if (AutoClosingIntStream.class.isInstance(other)) {
+			return other;
+		} else {
+			return AutoClosingIntStream.from(other);
+		}
+	}
+
+	@Override
+	public LongStream from(LongStream other) {
+		if (AutoClosingLongStream.class.isInstance(other)) {
+			return other;
+		} else {
+			return AutoClosingLongStream.from(other);
+		}
+	}
+
+	@Override
+	public DoubleStream from(DoubleStream other) {
+		if (AutoClosingDoubleStream.class.isInstance(other)) {
+			return other;
+		} else {
+			return AutoClosingDoubleStream.from(other);
+		}
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/DelegatingDoubleStream.java

@@ -0,0 +1,179 @@
+package org.cryptomator.common.streams;
+
+import java.util.DoubleSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.PrimitiveIterator.OfDouble;
+import java.util.function.BiConsumer;
+import java.util.function.DoubleBinaryOperator;
+import java.util.function.DoubleConsumer;
+import java.util.function.DoubleFunction;
+import java.util.function.DoublePredicate;
+import java.util.function.DoubleToIntFunction;
+import java.util.function.DoubleToLongFunction;
+import java.util.function.DoubleUnaryOperator;
+import java.util.function.ObjDoubleConsumer;
+import java.util.function.Supplier;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+abstract class DelegatingDoubleStream implements DoubleStream {
+
+	private final DoubleStream delegate;
+	private final DelegatingStreamFactory wrapper;
+
+	public DelegatingDoubleStream(DoubleStream delegate, DelegatingStreamFactory wrapper) {
+		this.delegate = delegate;
+		this.wrapper = wrapper;
+	}
+
+	public DoubleStream filter(DoublePredicate predicate) {
+		return wrapper.from(delegate.filter(predicate));
+	}
+
+	public boolean isParallel() {
+		return delegate.isParallel();
+	}
+
+	public DoubleStream map(DoubleUnaryOperator mapper) {
+		return wrapper.from(delegate.map(mapper));
+	}
+
+	public <U> Stream<U> mapToObj(DoubleFunction<? extends U> mapper) {
+		return wrapper.from(delegate.mapToObj(mapper));
+	}
+
+	public DoubleStream unordered() {
+		return wrapper.from(delegate.unordered());
+	}
+
+	public DoubleStream onClose(Runnable closeHandler) {
+		return wrapper.from(delegate.onClose(closeHandler));
+	}
+
+	public IntStream mapToInt(DoubleToIntFunction mapper) {
+		return wrapper.from(delegate.mapToInt(mapper));
+	}
+
+	public LongStream mapToLong(DoubleToLongFunction mapper) {
+		return wrapper.from(delegate.mapToLong(mapper));
+	}
+
+	public void close() {
+		delegate.close();
+	}
+
+	public DoubleStream flatMap(DoubleFunction<? extends DoubleStream> mapper) {
+		return wrapper.from(delegate.flatMap(mapper));
+	}
+
+	public DoubleStream distinct() {
+		return wrapper.from(delegate.distinct());
+	}
+
+	public DoubleStream sorted() {
+		return wrapper.from(delegate.sorted());
+	}
+
+	public DoubleStream peek(DoubleConsumer action) {
+		return wrapper.from(delegate.peek(action));
+	}
+
+	public DoubleStream limit(long maxSize) {
+		return wrapper.from(delegate.limit(maxSize));
+	}
+
+	public DoubleStream skip(long n) {
+		return wrapper.from(delegate.skip(n));
+	}
+
+	public void forEach(DoubleConsumer action) {
+		delegate.forEach(action);
+	}
+
+	public void forEachOrdered(DoubleConsumer action) {
+		delegate.forEachOrdered(action);
+	}
+
+	public double[] toArray() {
+		return delegate.toArray();
+	}
+
+	public double reduce(double identity, DoubleBinaryOperator op) {
+		return delegate.reduce(identity, op);
+	}
+
+	public OptionalDouble reduce(DoubleBinaryOperator op) {
+		return delegate.reduce(op);
+	}
+
+	public <R> R collect(Supplier<R> supplier, ObjDoubleConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		return delegate.collect(supplier, accumulator, combiner);
+	}
+
+	public double sum() {
+		return delegate.sum();
+	}
+
+	public OptionalDouble min() {
+		return delegate.min();
+	}
+
+	public OptionalDouble max() {
+		return delegate.max();
+	}
+
+	public long count() {
+		return delegate.count();
+	}
+
+	public OptionalDouble average() {
+		return delegate.average();
+	}
+
+	public DoubleSummaryStatistics summaryStatistics() {
+		return delegate.summaryStatistics();
+	}
+
+	public boolean anyMatch(DoublePredicate predicate) {
+		return delegate.anyMatch(predicate);
+	}
+
+	public boolean allMatch(DoublePredicate predicate) {
+		return delegate.allMatch(predicate);
+	}
+
+	public boolean noneMatch(DoublePredicate predicate) {
+		return delegate.noneMatch(predicate);
+	}
+
+	public OptionalDouble findFirst() {
+		return delegate.findFirst();
+	}
+
+	public OptionalDouble findAny() {
+		return delegate.findAny();
+	}
+
+	public Stream<Double> boxed() {
+		return wrapper.from(delegate.boxed());
+	}
+
+	public DoubleStream sequential() {
+		return wrapper.from(delegate.sequential());
+	}
+
+	public DoubleStream parallel() {
+		return wrapper.from(delegate.parallel());
+	}
+
+	public OfDouble iterator() {
+		return delegate.iterator();
+	}
+
+	public java.util.Spliterator.OfDouble spliterator() {
+		return delegate.spliterator();
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/DelegatingIntStream.java

@@ -0,0 +1,188 @@
+package org.cryptomator.common.streams;
+
+import java.util.IntSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.OptionalInt;
+import java.util.PrimitiveIterator.OfInt;
+import java.util.function.BiConsumer;
+import java.util.function.IntBinaryOperator;
+import java.util.function.IntConsumer;
+import java.util.function.IntFunction;
+import java.util.function.IntPredicate;
+import java.util.function.IntToDoubleFunction;
+import java.util.function.IntToLongFunction;
+import java.util.function.IntUnaryOperator;
+import java.util.function.ObjIntConsumer;
+import java.util.function.Supplier;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+abstract class DelegatingIntStream implements IntStream {
+
+	private final IntStream delegate;
+	private final DelegatingStreamFactory wrapper;
+
+	public DelegatingIntStream(IntStream delegate, DelegatingStreamFactory wrapper) {
+		this.delegate = delegate;
+		this.wrapper = wrapper;
+	}
+
+	public IntStream filter(IntPredicate predicate) {
+		return wrapper.from(delegate.filter(predicate));
+	}
+
+	public boolean isParallel() {
+		return delegate.isParallel();
+	}
+
+	public IntStream map(IntUnaryOperator mapper) {
+		return wrapper.from(delegate.map(mapper));
+	}
+
+	public <U> Stream<U> mapToObj(IntFunction<? extends U> mapper) {
+		return wrapper.from(delegate.mapToObj(mapper));
+	}
+
+	public IntStream unordered() {
+		return wrapper.from(delegate.unordered());
+	}
+
+	public LongStream mapToLong(IntToLongFunction mapper) {
+		return wrapper.from(delegate.mapToLong(mapper));
+	}
+
+	public IntStream onClose(Runnable closeHandler) {
+		return wrapper.from(delegate.onClose(closeHandler));
+	}
+
+	public DoubleStream mapToDouble(IntToDoubleFunction mapper) {
+		return wrapper.from(delegate.mapToDouble(mapper));
+	}
+
+	public void close() {
+		delegate.close();
+	}
+
+	public IntStream flatMap(IntFunction<? extends IntStream> mapper) {
+		return wrapper.from(delegate.flatMap(mapper));
+	}
+
+	public IntStream distinct() {
+		return wrapper.from(delegate.distinct());
+	}
+
+	public IntStream sorted() {
+		return wrapper.from(delegate.sorted());
+	}
+
+	public IntStream peek(IntConsumer action) {
+		return wrapper.from(delegate.peek(action));
+	}
+
+	public IntStream limit(long maxSize) {
+		return wrapper.from(delegate.limit(maxSize));
+	}
+
+	public IntStream skip(long n) {
+		return wrapper.from(delegate.skip(n));
+	}
+
+	public void forEach(IntConsumer action) {
+		delegate.forEach(action);
+	}
+
+	public void forEachOrdered(IntConsumer action) {
+		delegate.forEachOrdered(action);
+	}
+
+	public int[] toArray() {
+		return delegate.toArray();
+	}
+
+	public int reduce(int identity, IntBinaryOperator op) {
+		return delegate.reduce(identity, op);
+	}
+
+	public OptionalInt reduce(IntBinaryOperator op) {
+		return delegate.reduce(op);
+	}
+
+	public <R> R collect(Supplier<R> supplier, ObjIntConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		return delegate.collect(supplier, accumulator, combiner);
+	}
+
+	public int sum() {
+		return delegate.sum();
+	}
+
+	public OptionalInt min() {
+		return delegate.min();
+	}
+
+	public OptionalInt max() {
+		return delegate.max();
+	}
+
+	public long count() {
+		return delegate.count();
+	}
+
+	public OptionalDouble average() {
+		return delegate.average();
+	}
+
+	public IntSummaryStatistics summaryStatistics() {
+		return delegate.summaryStatistics();
+	}
+
+	public boolean anyMatch(IntPredicate predicate) {
+		return delegate.anyMatch(predicate);
+	}
+
+	public boolean allMatch(IntPredicate predicate) {
+		return delegate.allMatch(predicate);
+	}
+
+	public boolean noneMatch(IntPredicate predicate) {
+		return delegate.noneMatch(predicate);
+	}
+
+	public OptionalInt findFirst() {
+		return delegate.findFirst();
+	}
+
+	public OptionalInt findAny() {
+		return delegate.findAny();
+	}
+
+	public LongStream asLongStream() {
+		return wrapper.from(delegate.asLongStream());
+	}
+
+	public DoubleStream asDoubleStream() {
+		return wrapper.from(delegate.asDoubleStream());
+	}
+
+	public Stream<Integer> boxed() {
+		return wrapper.from(delegate.boxed());
+	}
+
+	public IntStream sequential() {
+		return wrapper.from(delegate.sequential());
+	}
+
+	public IntStream parallel() {
+		return wrapper.from(delegate.parallel());
+	}
+
+	public OfInt iterator() {
+		return delegate.iterator();
+	}
+
+	public java.util.Spliterator.OfInt spliterator() {
+		return delegate.spliterator();
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/DelegatingLongStream.java

@@ -0,0 +1,184 @@
+package org.cryptomator.common.streams;
+
+import java.util.LongSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.OptionalLong;
+import java.util.PrimitiveIterator.OfLong;
+import java.util.function.BiConsumer;
+import java.util.function.LongBinaryOperator;
+import java.util.function.LongConsumer;
+import java.util.function.LongFunction;
+import java.util.function.LongPredicate;
+import java.util.function.LongToDoubleFunction;
+import java.util.function.LongToIntFunction;
+import java.util.function.LongUnaryOperator;
+import java.util.function.ObjLongConsumer;
+import java.util.function.Supplier;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+abstract class DelegatingLongStream implements LongStream {
+
+	private final LongStream delegate;
+	private final DelegatingStreamFactory wrapper;
+
+	public DelegatingLongStream(LongStream delegate, DelegatingStreamFactory wrapper) {
+		this.delegate = delegate;
+		this.wrapper = wrapper;
+	}
+
+	public LongStream filter(LongPredicate predicate) {
+		return wrapper.from(delegate.filter(predicate));
+	}
+
+	public boolean isParallel() {
+		return delegate.isParallel();
+	}
+
+	public LongStream map(LongUnaryOperator mapper) {
+		return wrapper.from(delegate.map(mapper));
+	}
+
+	public <U> Stream<U> mapToObj(LongFunction<? extends U> mapper) {
+		return wrapper.from(delegate.mapToObj(mapper));
+	}
+
+	public LongStream unordered() {
+		return wrapper.from(delegate.unordered());
+	}
+
+	public LongStream onClose(Runnable closeHandler) {
+		return wrapper.from(delegate.onClose(closeHandler));
+	}
+
+	public IntStream mapToInt(LongToIntFunction mapper) {
+		return wrapper.from(delegate.mapToInt(mapper));
+	}
+
+	public DoubleStream mapToDouble(LongToDoubleFunction mapper) {
+		return wrapper.from(delegate.mapToDouble(mapper));
+	}
+
+	public void close() {
+		delegate.close();
+	}
+
+	public LongStream flatMap(LongFunction<? extends LongStream> mapper) {
+		return wrapper.from(delegate.flatMap(mapper));
+	}
+
+	public LongStream distinct() {
+		return wrapper.from(delegate.distinct());
+	}
+
+	public LongStream sorted() {
+		return wrapper.from(delegate.sorted());
+	}
+
+	public LongStream peek(LongConsumer action) {
+		return wrapper.from(delegate.peek(action));
+	}
+
+	public LongStream limit(long maxSize) {
+		return wrapper.from(delegate.limit(maxSize));
+	}
+
+	public LongStream skip(long n) {
+		return wrapper.from(delegate.skip(n));
+	}
+
+	public void forEach(LongConsumer action) {
+		delegate.forEach(action);
+	}
+
+	public void forEachOrdered(LongConsumer action) {
+		delegate.forEachOrdered(action);
+	}
+
+	public long[] toArray() {
+		return delegate.toArray();
+	}
+
+	public long reduce(long identity, LongBinaryOperator op) {
+		return delegate.reduce(identity, op);
+	}
+
+	public OptionalLong reduce(LongBinaryOperator op) {
+		return delegate.reduce(op);
+	}
+
+	public <R> R collect(Supplier<R> supplier, ObjLongConsumer<R> accumulator, BiConsumer<R, R> combiner) {
+		return delegate.collect(supplier, accumulator, combiner);
+	}
+
+	public long sum() {
+		return delegate.sum();
+	}
+
+	public OptionalLong min() {
+		return delegate.min();
+	}
+
+	public OptionalLong max() {
+		return delegate.max();
+	}
+
+	public long count() {
+		return delegate.count();
+	}
+
+	public OptionalDouble average() {
+		return delegate.average();
+	}
+
+	public LongSummaryStatistics summaryStatistics() {
+		return delegate.summaryStatistics();
+	}
+
+	public boolean anyMatch(LongPredicate predicate) {
+		return delegate.anyMatch(predicate);
+	}
+
+	public boolean allMatch(LongPredicate predicate) {
+		return delegate.allMatch(predicate);
+	}
+
+	public boolean noneMatch(LongPredicate predicate) {
+		return delegate.noneMatch(predicate);
+	}
+
+	public OptionalLong findFirst() {
+		return delegate.findFirst();
+	}
+
+	public OptionalLong findAny() {
+		return delegate.findAny();
+	}
+
+	public DoubleStream asDoubleStream() {
+		return wrapper.from(delegate.asDoubleStream());
+	}
+
+	public Stream<Long> boxed() {
+		return wrapper.from(delegate.boxed());
+	}
+
+	public LongStream sequential() {
+		return wrapper.from(delegate.sequential());
+	}
+
+	public LongStream parallel() {
+		return wrapper.from(delegate.parallel());
+	}
+
+	public OfLong iterator() {
+		return delegate.iterator();
+	}
+
+	public java.util.Spliterator.OfLong spliterator() {
+		return delegate.spliterator();
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/DelegatingStream.java

@@ -0,0 +1,194 @@
+package org.cryptomator.common.streams;
+
+import java.util.Comparator;
+import java.util.Iterator;
+import java.util.Optional;
+import java.util.Spliterator;
+import java.util.function.BiConsumer;
+import java.util.function.BiFunction;
+import java.util.function.BinaryOperator;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.IntFunction;
+import java.util.function.Predicate;
+import java.util.function.Supplier;
+import java.util.function.ToDoubleFunction;
+import java.util.function.ToIntFunction;
+import java.util.function.ToLongFunction;
+import java.util.stream.Collector;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+abstract class DelegatingStream<T> implements Stream<T> {
+
+	private final Stream<T> delegate;
+	private final DelegatingStreamFactory wrapper;
+
+	protected DelegatingStream(Stream<T> delegate, DelegatingStreamFactory wrapper) {
+		this.delegate = delegate;
+		this.wrapper = wrapper;
+	}
+
+	public Iterator<T> iterator() {
+		return delegate.iterator();
+	}
+
+	public Spliterator<T> spliterator() {
+		return delegate.spliterator();
+	}
+
+	public boolean isParallel() {
+		return delegate.isParallel();
+	}
+
+	public Stream<T> sequential() {
+		return wrapper.from(delegate.sequential());
+	}
+
+	public Stream<T> parallel() {
+		return wrapper.from(delegate.parallel());
+	}
+
+	public Stream<T> unordered() {
+		return wrapper.from(delegate.unordered());
+	}
+
+	public Stream<T> onClose(Runnable closeHandler) {
+		return wrapper.from(delegate.onClose(closeHandler));
+	}
+
+	public void close() {
+		delegate.close();
+	}
+
+	public Stream<T> filter(Predicate<? super T> predicate) {
+		return wrapper.from(delegate.filter(predicate));
+	}
+
+	public <R> Stream<R> map(Function<? super T, ? extends R> mapper) {
+		return wrapper.from(delegate.map(mapper));
+	}
+
+	public IntStream mapToInt(ToIntFunction<? super T> mapper) {
+		return wrapper.from(delegate.mapToInt(mapper));
+	}
+
+	public LongStream mapToLong(ToLongFunction<? super T> mapper) {
+		return wrapper.from(delegate.mapToLong(mapper));
+	}
+
+	public DoubleStream mapToDouble(ToDoubleFunction<? super T> mapper) {
+		return wrapper.from(delegate.mapToDouble(mapper));
+	}
+
+	public <R> Stream<R> flatMap(Function<? super T, ? extends Stream<? extends R>> mapper) {
+		return wrapper.from(delegate.flatMap(mapper));
+	}
+
+	public IntStream flatMapToInt(Function<? super T, ? extends IntStream> mapper) {
+		return wrapper.from(delegate.flatMapToInt(mapper));
+	}
+
+	public LongStream flatMapToLong(Function<? super T, ? extends LongStream> mapper) {
+		return wrapper.from(delegate.flatMapToLong(mapper));
+	}
+
+	public DoubleStream flatMapToDouble(Function<? super T, ? extends DoubleStream> mapper) {
+		return wrapper.from(delegate.flatMapToDouble(mapper));
+	}
+
+	public Stream<T> distinct() {
+		return wrapper.from(delegate.distinct());
+	}
+
+	public Stream<T> sorted() {
+		return wrapper.from(delegate.sorted());
+	}
+
+	public Stream<T> sorted(Comparator<? super T> comparator) {
+		return wrapper.from(delegate.sorted(comparator));
+	}
+
+	public Stream<T> peek(Consumer<? super T> action) {
+		return wrapper.from(delegate.peek(action));
+	}
+
+	public Stream<T> limit(long maxSize) {
+		return wrapper.from(delegate.limit(maxSize));
+	}
+
+	public Stream<T> skip(long n) {
+		return wrapper.from(delegate.skip(n));
+	}
+
+	public void forEach(Consumer<? super T> action) {
+		delegate.forEach(action);
+	}
+
+	public void forEachOrdered(Consumer<? super T> action) {
+		delegate.forEachOrdered(action);
+	}
+
+	public Object[] toArray() {
+		return delegate.toArray();
+	}
+
+	public <A> A[] toArray(IntFunction<A[]> generator) {
+		return delegate.toArray(generator);
+	}
+
+	public T reduce(T identity, BinaryOperator<T> accumulator) {
+		return delegate.reduce(identity, accumulator);
+	}
+
+	public Optional<T> reduce(BinaryOperator<T> accumulator) {
+		return delegate.reduce(accumulator);
+	}
+
+	public <U> U reduce(U identity, BiFunction<U, ? super T, U> accumulator, BinaryOperator<U> combiner) {
+		return delegate.reduce(identity, accumulator, combiner);
+	}
+
+	public <R> R collect(Supplier<R> supplier, BiConsumer<R, ? super T> accumulator, BiConsumer<R, R> combiner) {
+		return delegate.collect(supplier, accumulator, combiner);
+	}
+
+	public <R, A> R collect(Collector<? super T, A, R> collector) {
+		return delegate.collect(collector);
+	}
+
+	public Optional<T> min(Comparator<? super T> comparator) {
+		return delegate.min(comparator);
+	}
+
+	public Optional<T> max(Comparator<? super T> comparator) {
+		return delegate.max(comparator);
+	}
+
+	public long count() {
+		return delegate.count();
+	}
+
+	public boolean anyMatch(Predicate<? super T> predicate) {
+		return delegate.anyMatch(predicate);
+	}
+
+	public boolean allMatch(Predicate<? super T> predicate) {
+		return delegate.allMatch(predicate);
+	}
+
+	public boolean noneMatch(Predicate<? super T> predicate) {
+		return delegate.noneMatch(predicate);
+	}
+
+	public Optional<T> findFirst() {
+		return delegate.findFirst();
+	}
+
+	public Optional<T> findAny() {
+		return delegate.findAny();
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/streams/DelegatingStreamFactory.java

@@ -0,0 +1,22 @@
+package org.cryptomator.common.streams;
+
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+public interface DelegatingStreamFactory {
+
+	<S> Stream<S> from(Stream<S> other);
+
+	IntStream from(IntStream other);
+
+	LongStream from(LongStream other);
+
+	DoubleStream from(DoubleStream other);
+
+	public interface ObjectStreamWrapper {
+		<S> Stream<S> from(Stream<S> other);
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/CachingSupplierTest.java

@@ -0,0 +1,43 @@
+package org.cryptomator.common;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.function.Supplier;
+
+import org.junit.Test;
+
+public class CachingSupplierTest {
+
+	@Test
+	public void testInvokingGetInvokesDelegate() {
+		@SuppressWarnings("unchecked")
+		Supplier<Object> delegate = mock(Supplier.class);
+		Object expectedResult = new Object();
+		when(delegate.get()).thenReturn(expectedResult);
+		Supplier<Object> inTest = CachingSupplier.from(delegate);
+
+		Object result = inTest.get();
+
+		assertThat(result, is(expectedResult));
+	}
+
+	@Test
+	public void testInvokingGetTwiceDoesNotInvokeDelegateTwice() {
+		@SuppressWarnings("unchecked")
+		Supplier<Object> delegate = mock(Supplier.class);
+		Object expectedResult = new Object();
+		when(delegate.get()).thenReturn(expectedResult);
+		Supplier<Object> inTest = CachingSupplier.from(delegate);
+
+		inTest.get();
+		Object result = inTest.get();
+
+		assertThat(result, is(expectedResult));
+		verify(delegate).get();
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/HolderTest.java

@@ -0,0 +1,42 @@
+package org.cryptomator.common;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+import org.junit.Test;
+
+public class HolderTest {
+
+	private static final Object INITIAL = new Object();
+	private static final Object VALUE = new Object();
+
+	private Holder<Object> inTest = new Holder<>(INITIAL);
+
+	@Test
+	public void testInitialValueIsInitial() {
+		assertThat(inTest.get(), is(INITIAL));
+	}
+
+	@Test
+	public void testSetChangesValue() {
+		inTest.set(VALUE);
+
+		assertThat(inTest.get(), is(VALUE));
+	}
+
+	@Test
+	public void testAcceptChangesValue() {
+		inTest.accept(VALUE);
+
+		assertThat(inTest.get(), is(VALUE));
+	}
+
+	@Test
+	public void testResetChangesValueToInitial() {
+		inTest.set(VALUE);
+		inTest.reset();
+
+		assertThat(inTest.get(), is(INITIAL));
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/WeakValuedCacheTest.java

@@ -0,0 +1,155 @@
+package org.cryptomator.common;
+
+import static java.lang.String.format;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.sameInstance;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.function.Function;
+
+import org.cryptomator.common.WeakValuedCache;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.mockito.invocation.InvocationOnMock;
+
+public class WeakValuedCacheTest {
+
+	private final String A_KEY = "aKey";
+	private final String ANOTHER_KEY = "anotherKey";
+
+	private WeakValuedCache<String, Value> inTest;
+
+	private Function<String, Value> loader;
+
+	@SuppressWarnings("unchecked")
+	@Before
+	public void setup() {
+		loader = Mockito.mock(Function.class);
+		inTest = WeakValuedCache.usingLoader(loader);
+	}
+
+	@Test
+	public void testResultOfGetIsResultOfLoaderForTheSameKey() {
+		Value theValue = new Value();
+		Value theOtherValue = new Value();
+		when(loader.apply(A_KEY)).thenReturn(theValue);
+		when(loader.apply(ANOTHER_KEY)).thenReturn(theOtherValue);
+
+		Value result = inTest.get(A_KEY);
+		Value anotherResult = inTest.get(ANOTHER_KEY);
+
+		assertThat(result, is(sameInstance(theValue)));
+		assertThat(anotherResult, is(sameInstance(theOtherValue)));
+	}
+
+	@Test
+	public void testCachedResultIsResultOfLoaderForTheSameKey() {
+		Value theValue = new Value();
+		Value theOtherValue = new Value();
+		when(loader.apply(A_KEY)).thenReturn(theValue);
+		when(loader.apply(ANOTHER_KEY)).thenReturn(theOtherValue);
+
+		inTest.get(A_KEY);
+		inTest.get(ANOTHER_KEY);
+		Value result = inTest.get(A_KEY);
+		Value anotherResult = inTest.get(ANOTHER_KEY);
+
+		assertThat(result, is(sameInstance(theValue)));
+		assertThat(anotherResult, is(sameInstance(theOtherValue)));
+	}
+
+	@Test
+	public void testTwiceInvocationOfGetDoesNotInvokeLoaderTwice() {
+		Value theValue = new Value();
+		when(loader.apply(A_KEY)).thenReturn(theValue);
+
+		inTest.get(A_KEY);
+		inTest.get(A_KEY);
+
+		verify(loader).apply(A_KEY);
+	}
+
+	@Test
+	public void testSecondInvocationOfGetReturnsTheSameResult() {
+		Value theValue = new Value();
+		when(loader.apply(A_KEY)).thenReturn(theValue);
+
+		inTest.get(A_KEY);
+		Value result = inTest.get(A_KEY);
+
+		assertThat(result, is(sameInstance(theValue)));
+	}
+
+	@Test
+	public void testCacheDoesNotPreventGarbageCollectionOfValues() {
+		when(loader.apply(A_KEY)).thenAnswer(this::createValueUsingMoreThanHalfTheJvmMemory);
+
+		inTest.get(A_KEY);
+
+		// force garbage collection of previously created value by creating an
+		// object so large it can not coexist with the value
+		createObjectUsingMoreThanHalfTheJvmMemory();
+	}
+
+	@Test(expected = RuntimeExceptionThrownInLoader.class)
+	public void testCacheRethrowsRuntimeExceptionsFromLoader() {
+		when(loader.apply(A_KEY)).thenThrow(new RuntimeExceptionThrownInLoader());
+
+		inTest.get(A_KEY);
+	}
+
+	@Test(expected = ErrorThrownInLoader.class)
+	public void testCacheRethrowsErrorsFromLoader() {
+		when(loader.apply(A_KEY)).thenThrow(new ErrorThrownInLoader());
+
+		inTest.get(A_KEY);
+	}
+
+	private Value createValueUsingMoreThanHalfTheJvmMemory(InvocationOnMock invocation) {
+		Object data = createObjectUsingMoreThanHalfTheJvmMemory();
+		Value value = new Value();
+		value.setPayload(data);
+		return value;
+	}
+
+	private Object createObjectUsingMoreThanHalfTheJvmMemory() {
+		long maxMemory = Runtime.getRuntime().maxMemory();
+		long moreThanHalfTheJvmMemory = maxMemory / 2 + 1;
+		return createObjectUsingAtLeast(moreThanHalfTheJvmMemory);
+	}
+
+	private Object createObjectUsingAtLeast(long minMemory) {
+		if (minMemory <= Integer.MAX_VALUE) {
+			return new byte[(int) minMemory];
+		} else if ((minMemory / Integer.MAX_VALUE) <= Integer.MAX_VALUE) {
+			int numberOfArraysWithMaxIntSize = (int) (minMemory / Integer.MAX_VALUE);
+			int numberOfRemainingBytes = (int) (minMemory - Integer.MAX_VALUE * numberOfArraysWithMaxIntSize);
+			return new byte[][][] { //
+					new byte[numberOfArraysWithMaxIntSize][Integer.MAX_VALUE], //
+					new byte[1][numberOfRemainingBytes] //
+			};
+		} else {
+			throw new IllegalArgumentException(format("Can not create object with more than 3.999999996 Exabyte"));
+		}
+	}
+
+	private static class RuntimeExceptionThrownInLoader extends RuntimeException {
+	}
+
+	private static class ErrorThrownInLoader extends Error {
+	}
+
+	private static class Value {
+
+		@SuppressWarnings("unused")
+		private Object payload;
+
+		public void setPayload(Object payload) {
+			this.payload = payload;
+		}
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/streams/AutoClosingDoubleStreamTest.java

@@ -0,0 +1,227 @@
+package org.cryptomator.common.streams;
+
+import static org.hamcrest.CoreMatchers.anyOf;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.DoubleSummaryStatistics;
+import java.util.List;
+import java.util.OptionalDouble;
+import java.util.function.BiConsumer;
+import java.util.function.Consumer;
+import java.util.function.DoubleBinaryOperator;
+import java.util.function.DoubleConsumer;
+import java.util.function.DoubleFunction;
+import java.util.function.DoublePredicate;
+import java.util.function.DoubleToIntFunction;
+import java.util.function.DoubleToLongFunction;
+import java.util.function.DoubleUnaryOperator;
+import java.util.function.Function;
+import java.util.function.ObjDoubleConsumer;
+import java.util.function.Supplier;
+import java.util.stream.BaseStream;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+import org.hamcrest.Matcher;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.FromDataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.InOrder;
+
+@SuppressWarnings({"unchecked", "rawtypes"})
+@RunWith(Theories.class)
+public class AutoClosingDoubleStreamTest {
+
+	private static final DoublePredicate A_DOUBLE_PREDICATE = any -> true;
+	private static final DoubleFunction A_DOUBLE_FUNCTION = i -> null;
+	private static final BiConsumer A_BICONSUMER = (a, b) -> {
+	};
+	private static final Supplier A_SUPPLIER = () -> null;
+
+	@DataPoints("intermediateOperations")
+	public static final List<DoubleermediateOperation<?>> INTERMEDIATE_OPERATIONS = new ArrayList<>();
+
+	@DataPoints("terminalOperations")
+	public static final List<TerminalOperation<?>> TERMINAL_OPERATIONS = new ArrayList<>();
+	private static final DoubleUnaryOperator A_DOUBLE_UNARY_OPERATOR = i -> 3;
+	private static final DoubleToLongFunction A_DOUBLE_TO_LONG_FUNCTION = i -> 3L;
+	private static final DoubleToIntFunction A_DOUBLE_TO_INT_FUNCTION = i -> 5;
+	private static final DoubleConsumer A_DOUBLE_CONSUMER = i -> {
+	};
+	private static final ObjDoubleConsumer AN_OBJ_DOUBLE_CONSUMER = (a, b) -> {
+	};
+	private static final DoubleBinaryOperator A_DOUBLE_BINARY_OPERATOR = (a, b) -> a;
+
+	static {
+		// define intermediate operations
+		test(DoubleStream.class, DoubleStream::distinct);
+		test(DoubleStream.class, stream -> stream.filter(A_DOUBLE_PREDICATE));
+		test(DoubleStream.class, stream -> stream.flatMap(A_DOUBLE_FUNCTION));
+		test(DoubleStream.class, stream -> stream.limit(5));
+		test(DoubleStream.class, stream -> stream.map(A_DOUBLE_UNARY_OPERATOR));
+		test(LongStream.class, stream -> stream.mapToLong(A_DOUBLE_TO_LONG_FUNCTION));
+		test(Stream.class, stream -> stream.mapToObj(A_DOUBLE_FUNCTION));
+		test(IntStream.class, stream -> stream.mapToInt(A_DOUBLE_TO_INT_FUNCTION));
+		test(DoubleStream.class, DoubleStream::parallel);
+		test(DoubleStream.class, stream -> stream.peek(A_DOUBLE_CONSUMER));
+		test(DoubleStream.class, DoubleStream::sequential);
+		test(DoubleStream.class, stream -> stream.skip(5));
+		test(DoubleStream.class, DoubleStream::sorted);
+		test(DoubleStream.class, DoubleStream::unordered);
+		test(Stream.class, DoubleStream::boxed);
+
+		// define terminal operations
+		test(stream -> stream.allMatch(A_DOUBLE_PREDICATE), true);
+		test(stream -> stream.anyMatch(A_DOUBLE_PREDICATE), true);
+		test(stream -> stream.collect(A_SUPPLIER, AN_OBJ_DOUBLE_CONSUMER, A_BICONSUMER), 7d);
+		test(DoubleStream::count, 3L);
+		test(DoubleStream::findAny, OptionalDouble.of(3));
+		test(DoubleStream::findFirst, OptionalDouble.of(3));
+		test(stream -> stream.forEach(A_DOUBLE_CONSUMER));
+		test(stream -> stream.forEachOrdered(A_DOUBLE_CONSUMER));
+		test(stream -> stream.max(), OptionalDouble.of(3));
+		test(stream -> stream.min(), OptionalDouble.of(3));
+		test(stream -> stream.noneMatch(A_DOUBLE_PREDICATE), true);
+		test(stream -> stream.reduce(A_DOUBLE_BINARY_OPERATOR), OptionalDouble.of(3));
+		test(stream -> stream.reduce(1, A_DOUBLE_BINARY_OPERATOR), 3d);
+		test(DoubleStream::toArray, new double[1]);
+		test(DoubleStream::sum, 1d);
+		test(DoubleStream::average, OptionalDouble.of(3d));
+		test(DoubleStream::summaryStatistics, new DoubleSummaryStatistics());
+	}
+
+	private static <T> void test(Consumer<DoubleStream> consumer) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return null;
+			}
+
+			@Override
+			public T apply(DoubleStream stream) {
+				consumer.accept(stream);
+				return null;
+			}
+		});
+	}
+
+	private static <T> void test(Function<DoubleStream, T> function, T result) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return result;
+			}
+
+			@Override
+			public T apply(DoubleStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	private static <T extends BaseStream> void test(Class<? extends T> type, Function<DoubleStream, T> function) {
+		INTERMEDIATE_OPERATIONS.add(new DoubleermediateOperation<T>() {
+			@Override
+			public Class<? extends T> type() {
+				return type;
+			}
+
+			@Override
+			public T apply(DoubleStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	private DoubleStream delegate;
+	private DoubleStream inTest;
+
+	@Before
+	public void setUp() {
+		delegate = mock(DoubleStream.class);
+		inTest = AutoClosingDoubleStream.from(delegate);
+	}
+
+	@Theory
+	public void testIntermediateOperationReturnsNewAutoClosingStream(@FromDataPoints("intermediateOperations") DoubleermediateOperation intermediateOperation) {
+		BaseStream newDelegate = (BaseStream) mock(intermediateOperation.type());
+		when(intermediateOperation.apply(delegate)).thenReturn(newDelegate);
+
+		BaseStream result = intermediateOperation.apply(inTest);
+
+		assertThat(result, isAutoClosing());
+		verifyDelegate(result, newDelegate);
+	}
+
+	@Theory
+	public void testTerminalOperationDelegatesToAndClosesDelegate(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		Object expectedResult = terminalOperation.result();
+		if (expectedResult != null) {
+			when(terminalOperation.apply(delegate)).thenReturn(expectedResult);
+		}
+
+		Object result = terminalOperation.apply(inTest);
+
+		InOrder inOrder = inOrder(delegate);
+		assertThat(result, is(expectedResult));
+		inOrder.verify(delegate).close();
+	}
+
+	@Theory
+	public void testTerminalOperationClosesDelegateEvenOnException(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		RuntimeException exception = new RuntimeException();
+		terminalOperation.apply(doThrow(exception).when(delegate));
+
+		thrown.expect(is(exception));
+
+		try {
+			terminalOperation.apply(inTest);
+		} finally {
+			verify(delegate).close();
+		}
+	}
+
+	private Matcher<BaseStream> isAutoClosing() {
+		return is(anyOf(instanceOf(AutoClosingStream.class), instanceOf(AutoClosingDoubleStream.class), instanceOf(AutoClosingIntStream.class), instanceOf(AutoClosingLongStream.class)));
+	}
+
+	private void verifyDelegate(BaseStream result, BaseStream newDelegate) {
+		result.close();
+		verify(newDelegate).close();
+	}
+
+	private interface TerminalOperation<T> {
+
+		T result();
+
+		T apply(DoubleStream stream);
+
+	}
+
+	private interface DoubleermediateOperation<T extends BaseStream> {
+
+		Class<? extends T> type();
+
+		T apply(DoubleStream stream);
+
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/streams/AutoClosingIntStreamTest.java

@@ -0,0 +1,228 @@
+package org.cryptomator.common.streams;
+
+import static org.hamcrest.CoreMatchers.anyOf;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.IntSummaryStatistics;
+import java.util.List;
+import java.util.OptionalDouble;
+import java.util.OptionalInt;
+import java.util.function.BiConsumer;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.IntBinaryOperator;
+import java.util.function.IntConsumer;
+import java.util.function.IntFunction;
+import java.util.function.IntPredicate;
+import java.util.function.IntToDoubleFunction;
+import java.util.function.IntToLongFunction;
+import java.util.function.IntUnaryOperator;
+import java.util.function.ObjIntConsumer;
+import java.util.function.Supplier;
+import java.util.stream.BaseStream;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+import org.hamcrest.Matcher;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.FromDataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.InOrder;
+
+@SuppressWarnings({"unchecked", "rawtypes"})
+@RunWith(Theories.class)
+public class AutoClosingIntStreamTest {
+
+	private static final IntPredicate AN_INT_PREDICATE = any -> true;
+	private static final IntFunction AN_INT_FUNCTION = i -> null;
+	private static final BiConsumer A_BICONSUMER = (a, b) -> {
+	};
+	private static final Supplier A_SUPPLIER = () -> null;
+
+	@DataPoints("intermediateOperations")
+	public static final List<IntermediateOperation<?>> INTERMEDIATE_OPERATIONS = new ArrayList<>();
+
+	@DataPoints("terminalOperations")
+	public static final List<TerminalOperation<?>> TERMINAL_OPERATIONS = new ArrayList<>();
+	private static final IntUnaryOperator AN_INT_UNARY_OPERATOR = i -> 3;
+	private static final IntToDoubleFunction AN_INT_TO_DOUBLE_FUNCTION = i -> 3d;
+	private static final IntToLongFunction AN_INT_TO_LONG_FUNCTION = i -> 5L;
+	private static final IntConsumer AN_INT_CONSUMER = i -> {
+	};
+	private static final ObjIntConsumer AN_OBJ_INT_CONSUMER = (a, b) -> {
+	};
+	private static final IntBinaryOperator AN_INT_BINARY_OPERATOR = (a, b) -> a;
+
+	static {
+		// define intermediate operations
+		test(IntStream.class, IntStream::distinct);
+		test(IntStream.class, stream -> stream.filter(AN_INT_PREDICATE));
+		test(IntStream.class, stream -> stream.flatMap(AN_INT_FUNCTION));
+		test(IntStream.class, stream -> stream.limit(5));
+		test(IntStream.class, stream -> stream.map(AN_INT_UNARY_OPERATOR));
+		test(DoubleStream.class, stream -> stream.mapToDouble(AN_INT_TO_DOUBLE_FUNCTION));
+		test(Stream.class, stream -> stream.mapToObj(AN_INT_FUNCTION));
+		test(LongStream.class, stream -> stream.mapToLong(AN_INT_TO_LONG_FUNCTION));
+		test(IntStream.class, IntStream::parallel);
+		test(IntStream.class, stream -> stream.peek(AN_INT_CONSUMER));
+		test(IntStream.class, IntStream::sequential);
+		test(IntStream.class, stream -> stream.skip(5));
+		test(IntStream.class, IntStream::sorted);
+		test(IntStream.class, IntStream::unordered);
+		test(Stream.class, IntStream::boxed);
+
+		// define terminal operations
+		test(stream -> stream.allMatch(AN_INT_PREDICATE), true);
+		test(stream -> stream.anyMatch(AN_INT_PREDICATE), true);
+		test(stream -> stream.collect(A_SUPPLIER, AN_OBJ_INT_CONSUMER, A_BICONSUMER), 7);
+		test(IntStream::count, 3L);
+		test(IntStream::findAny, OptionalInt.of(3));
+		test(IntStream::findFirst, OptionalInt.of(3));
+		test(stream -> stream.forEach(AN_INT_CONSUMER));
+		test(stream -> stream.forEachOrdered(AN_INT_CONSUMER));
+		test(stream -> stream.max(), OptionalInt.of(3));
+		test(stream -> stream.min(), OptionalInt.of(3));
+		test(stream -> stream.noneMatch(AN_INT_PREDICATE), true);
+		test(stream -> stream.reduce(AN_INT_BINARY_OPERATOR), OptionalInt.of(3));
+		test(stream -> stream.reduce(1, AN_INT_BINARY_OPERATOR), 3);
+		test(IntStream::toArray, new int[1]);
+		test(IntStream::sum, 1);
+		test(IntStream::average, OptionalDouble.of(3d));
+		test(IntStream::summaryStatistics, new IntSummaryStatistics());
+	}
+
+	private static <T> void test(Consumer<IntStream> consumer) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return null;
+			}
+
+			@Override
+			public T apply(IntStream stream) {
+				consumer.accept(stream);
+				return null;
+			}
+		});
+	}
+
+	private static <T> void test(Function<IntStream, T> function, T result) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return result;
+			}
+
+			@Override
+			public T apply(IntStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	private static <T extends BaseStream> void test(Class<? extends T> type, Function<IntStream, T> function) {
+		INTERMEDIATE_OPERATIONS.add(new IntermediateOperation<T>() {
+			@Override
+			public Class<? extends T> type() {
+				return type;
+			}
+
+			@Override
+			public T apply(IntStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	private IntStream delegate;
+	private IntStream inTest;
+
+	@Before
+	public void setUp() {
+		delegate = mock(IntStream.class);
+		inTest = AutoClosingIntStream.from(delegate);
+	}
+
+	@Theory
+	public void testIntermediateOperationReturnsNewAutoClosingStream(@FromDataPoints("intermediateOperations") IntermediateOperation intermediateOperation) {
+		BaseStream newDelegate = (BaseStream) mock(intermediateOperation.type());
+		when(intermediateOperation.apply(delegate)).thenReturn(newDelegate);
+
+		BaseStream result = intermediateOperation.apply(inTest);
+
+		assertThat(result, isAutoClosing());
+		verifyDelegate(result, newDelegate);
+	}
+
+	@Theory
+	public void testTerminalOperationDelegatesToAndClosesDelegate(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		Object expectedResult = terminalOperation.result();
+		if (expectedResult != null) {
+			when(terminalOperation.apply(delegate)).thenReturn(expectedResult);
+		}
+
+		Object result = terminalOperation.apply(inTest);
+
+		InOrder inOrder = inOrder(delegate);
+		assertThat(result, is(expectedResult));
+		inOrder.verify(delegate).close();
+	}
+
+	@Theory
+	public void testTerminalOperationClosesDelegateEvenOnException(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		RuntimeException exception = new RuntimeException();
+		terminalOperation.apply(doThrow(exception).when(delegate));
+
+		thrown.expect(is(exception));
+
+		try {
+			terminalOperation.apply(inTest);
+		} finally {
+			verify(delegate).close();
+		}
+	}
+
+	private Matcher<BaseStream> isAutoClosing() {
+		return is(anyOf(instanceOf(AutoClosingStream.class), instanceOf(AutoClosingDoubleStream.class), instanceOf(AutoClosingIntStream.class), instanceOf(AutoClosingLongStream.class)));
+	}
+
+	private void verifyDelegate(BaseStream result, BaseStream newDelegate) {
+		result.close();
+		verify(newDelegate).close();
+	}
+
+	private interface TerminalOperation<T> {
+
+		T result();
+
+		T apply(IntStream stream);
+
+	}
+
+	private interface IntermediateOperation<T extends BaseStream> {
+
+		Class<? extends T> type();
+
+		T apply(IntStream stream);
+
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/streams/AutoClosingLongStreamTest.java

@@ -0,0 +1,228 @@
+package org.cryptomator.common.streams;
+
+import static org.hamcrest.CoreMatchers.anyOf;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.LongSummaryStatistics;
+import java.util.OptionalDouble;
+import java.util.OptionalLong;
+import java.util.function.BiConsumer;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.LongBinaryOperator;
+import java.util.function.LongConsumer;
+import java.util.function.LongFunction;
+import java.util.function.LongPredicate;
+import java.util.function.LongToDoubleFunction;
+import java.util.function.LongToIntFunction;
+import java.util.function.LongUnaryOperator;
+import java.util.function.ObjLongConsumer;
+import java.util.function.Supplier;
+import java.util.stream.BaseStream;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+import org.hamcrest.Matcher;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.FromDataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.InOrder;
+
+@SuppressWarnings({"unchecked", "rawtypes"})
+@RunWith(Theories.class)
+public class AutoClosingLongStreamTest {
+
+	private static final LongPredicate AN_LONG_PREDICATE = any -> true;
+	private static final LongFunction AN_LONG_FUNCTION = i -> null;
+	private static final BiConsumer A_BICONSUMER = (a, b) -> {
+	};
+	private static final Supplier A_SUPPLIER = () -> null;
+
+	@DataPoints("intermediateOperations")
+	public static final List<LongermediateOperation<?>> INTERMEDIATE_OPERATIONS = new ArrayList<>();
+
+	@DataPoints("terminalOperations")
+	public static final List<TerminalOperation<?>> TERMINAL_OPERATIONS = new ArrayList<>();
+	private static final LongUnaryOperator AN_LONG_UNARY_OPERATOR = i -> 3;
+	private static final LongToDoubleFunction AN_LONG_TO_DOUBLE_FUNCTION = i -> 3d;
+	private static final LongToIntFunction AN_LONG_TO_INT_FUNCTION = i -> 5;
+	private static final LongConsumer AN_LONG_CONSUMER = i -> {
+	};
+	private static final ObjLongConsumer AN_OBJ_LONG_CONSUMER = (a, b) -> {
+	};
+	private static final LongBinaryOperator AN_LONG_BINARY_OPERATOR = (a, b) -> a;
+
+	static {
+		// define intermediate operations
+		test(LongStream.class, LongStream::distinct);
+		test(LongStream.class, stream -> stream.filter(AN_LONG_PREDICATE));
+		test(LongStream.class, stream -> stream.flatMap(AN_LONG_FUNCTION));
+		test(LongStream.class, stream -> stream.limit(5));
+		test(LongStream.class, stream -> stream.map(AN_LONG_UNARY_OPERATOR));
+		test(DoubleStream.class, stream -> stream.mapToDouble(AN_LONG_TO_DOUBLE_FUNCTION));
+		test(Stream.class, stream -> stream.mapToObj(AN_LONG_FUNCTION));
+		test(IntStream.class, stream -> stream.mapToInt(AN_LONG_TO_INT_FUNCTION));
+		test(LongStream.class, LongStream::parallel);
+		test(LongStream.class, stream -> stream.peek(AN_LONG_CONSUMER));
+		test(LongStream.class, LongStream::sequential);
+		test(LongStream.class, stream -> stream.skip(5));
+		test(LongStream.class, LongStream::sorted);
+		test(LongStream.class, LongStream::unordered);
+		test(Stream.class, LongStream::boxed);
+
+		// define terminal operations
+		test(stream -> stream.allMatch(AN_LONG_PREDICATE), true);
+		test(stream -> stream.anyMatch(AN_LONG_PREDICATE), true);
+		test(stream -> stream.collect(A_SUPPLIER, AN_OBJ_LONG_CONSUMER, A_BICONSUMER), 7L);
+		test(LongStream::count, 3L);
+		test(LongStream::findAny, OptionalLong.of(3));
+		test(LongStream::findFirst, OptionalLong.of(3));
+		test(stream -> stream.forEach(AN_LONG_CONSUMER));
+		test(stream -> stream.forEachOrdered(AN_LONG_CONSUMER));
+		test(stream -> stream.max(), OptionalLong.of(3));
+		test(stream -> stream.min(), OptionalLong.of(3));
+		test(stream -> stream.noneMatch(AN_LONG_PREDICATE), true);
+		test(stream -> stream.reduce(AN_LONG_BINARY_OPERATOR), OptionalLong.of(3));
+		test(stream -> stream.reduce(1, AN_LONG_BINARY_OPERATOR), 3L);
+		test(LongStream::toArray, new long[1]);
+		test(LongStream::sum, 1L);
+		test(LongStream::average, OptionalDouble.of(3d));
+		test(LongStream::summaryStatistics, new LongSummaryStatistics());
+	}
+
+	private static <T> void test(Consumer<LongStream> consumer) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return null;
+			}
+
+			@Override
+			public T apply(LongStream stream) {
+				consumer.accept(stream);
+				return null;
+			}
+		});
+	}
+
+	private static <T> void test(Function<LongStream, T> function, T result) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return result;
+			}
+
+			@Override
+			public T apply(LongStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	private static <T extends BaseStream> void test(Class<? extends T> type, Function<LongStream, T> function) {
+		INTERMEDIATE_OPERATIONS.add(new LongermediateOperation<T>() {
+			@Override
+			public Class<? extends T> type() {
+				return type;
+			}
+
+			@Override
+			public T apply(LongStream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	private LongStream delegate;
+	private LongStream inTest;
+
+	@Before
+	public void setUp() {
+		delegate = mock(LongStream.class);
+		inTest = AutoClosingLongStream.from(delegate);
+	}
+
+	@Theory
+	public void testIntermediateOperationReturnsNewAutoClosingStream(@FromDataPoints("intermediateOperations") LongermediateOperation intermediateOperation) {
+		BaseStream newDelegate = (BaseStream) mock(intermediateOperation.type());
+		when(intermediateOperation.apply(delegate)).thenReturn(newDelegate);
+
+		BaseStream result = intermediateOperation.apply(inTest);
+
+		assertThat(result, isAutoClosing());
+		verifyDelegate(result, newDelegate);
+	}
+
+	@Theory
+	public void testTerminalOperationDelegatesToAndClosesDelegate(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		Object expectedResult = terminalOperation.result();
+		if (expectedResult != null) {
+			when(terminalOperation.apply(delegate)).thenReturn(expectedResult);
+		}
+
+		Object result = terminalOperation.apply(inTest);
+
+		InOrder inOrder = inOrder(delegate);
+		assertThat(result, is(expectedResult));
+		inOrder.verify(delegate).close();
+	}
+
+	@Theory
+	public void testTerminalOperationClosesDelegateEvenOnException(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		RuntimeException exception = new RuntimeException();
+		terminalOperation.apply(doThrow(exception).when(delegate));
+
+		thrown.expect(is(exception));
+
+		try {
+			terminalOperation.apply(inTest);
+		} finally {
+			verify(delegate).close();
+		}
+	}
+
+	private Matcher<BaseStream> isAutoClosing() {
+		return is(anyOf(instanceOf(AutoClosingStream.class), instanceOf(AutoClosingDoubleStream.class), instanceOf(AutoClosingIntStream.class), instanceOf(AutoClosingLongStream.class)));
+	}
+
+	private void verifyDelegate(BaseStream result, BaseStream newDelegate) {
+		result.close();
+		verify(newDelegate).close();
+	}
+
+	private interface TerminalOperation<T> {
+
+		T result();
+
+		T apply(LongStream stream);
+
+	}
+
+	private interface LongermediateOperation<T extends BaseStream> {
+
+		Class<? extends T> type();
+
+		T apply(LongStream stream);
+
+	}
+
+}

main/commons/src/test/java/org/cryptomator/common/streams/AutoClosingStreamTest.java

@@ -0,0 +1,231 @@
+package org.cryptomator.common.streams;
+
+import static org.hamcrest.CoreMatchers.anyOf;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Optional;
+import java.util.function.BiConsumer;
+import java.util.function.BinaryOperator;
+import java.util.function.Consumer;
+import java.util.function.Function;
+import java.util.function.IntFunction;
+import java.util.function.Predicate;
+import java.util.function.Supplier;
+import java.util.function.ToDoubleFunction;
+import java.util.function.ToIntFunction;
+import java.util.function.ToLongFunction;
+import java.util.stream.BaseStream;
+import java.util.stream.Collector;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+
+import org.hamcrest.Matcher;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.FromDataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.InOrder;
+
+@SuppressWarnings({"unchecked", "rawtypes"})
+@RunWith(Theories.class)
+public class AutoClosingStreamTest {
+
+	private static final Predicate A_PREDICATE = any -> true;
+	private static final Function A_FUNCTION = any -> null;
+	private static final ToDoubleFunction A_TO_DOUBLE_FUNCTION = any -> 0d;
+	private static final ToIntFunction A_TO_INT_FUNCTION = any -> 1;
+	private static final ToLongFunction A_TO_LONG_FUNCTION = any -> 1L;
+	private static final Consumer A_CONSUMER = any -> {
+	};
+	private static final Comparator A_COMPARATOR = (left, right) -> 0;
+	private static final Collector A_COLLECTOR = mock(Collector.class);
+	private static final BinaryOperator A_BINARY_OPERATOR = (left, right) -> null;
+	private static final Object AN_OBJECT = new Object();
+	private static final IntFunction AN_INT_FUNCTION = i -> null;
+	private static final BiConsumer A_BICONSUMER = (a, b) -> {
+	};
+	private static final Supplier A_SUPPLIER = () -> null;
+
+	@DataPoints("intermediateOperations")
+	public static final List<IntermediateOperation<?>> INTERMEDIATE_OPERATIONS = new ArrayList<>();
+
+	@DataPoints("terminalOperations")
+	public static final List<TerminalOperation<?>> TERMINAL_OPERATIONS = new ArrayList<>();
+
+	static {
+		// define intermediate operations
+		test(Stream.class, Stream::distinct);
+		test(Stream.class, stream -> stream.filter(A_PREDICATE));
+		test(Stream.class, stream -> stream.flatMap(A_FUNCTION));
+		test(DoubleStream.class, stream -> stream.flatMapToDouble(A_FUNCTION));
+		test(IntStream.class, stream -> stream.flatMapToInt(A_FUNCTION));
+		test(LongStream.class, stream -> stream.flatMapToLong(A_FUNCTION));
+		test(Stream.class, stream -> stream.limit(5));
+		test(Stream.class, stream -> stream.map(A_FUNCTION));
+		test(DoubleStream.class, stream -> stream.mapToDouble(A_TO_DOUBLE_FUNCTION));
+		test(IntStream.class, stream -> stream.mapToInt(A_TO_INT_FUNCTION));
+		test(LongStream.class, stream -> stream.mapToLong(A_TO_LONG_FUNCTION));
+		test(Stream.class, Stream::parallel);
+		test(Stream.class, stream -> stream.peek(A_CONSUMER));
+		test(Stream.class, Stream::sequential);
+		test(Stream.class, stream -> stream.skip(5));
+		test(Stream.class, Stream::sorted);
+		test(Stream.class, stream -> stream.sorted(A_COMPARATOR));
+		test(Stream.class, Stream::unordered);
+
+		// define terminal operations
+		test(stream -> stream.allMatch(A_PREDICATE), true);
+		test(stream -> stream.anyMatch(A_PREDICATE), true);
+		test(stream -> stream.collect(A_COLLECTOR), new Object());
+		test(stream -> stream.collect(A_SUPPLIER, A_BICONSUMER, A_BICONSUMER), new Object());
+		test(Stream::count, 3L);
+		test(Stream::findAny, Optional.of(new Object()));
+		test(Stream::findFirst, Optional.of(new Object()));
+		test(stream -> stream.forEach(A_CONSUMER));
+		test(stream -> stream.forEachOrdered(A_CONSUMER));
+		test(stream -> stream.max(A_COMPARATOR), Optional.of(new Object()));
+		test(stream -> stream.min(A_COMPARATOR), Optional.of(new Object()));
+		test(stream -> stream.noneMatch(A_PREDICATE), true);
+		test(stream -> stream.reduce(A_BINARY_OPERATOR), Optional.of(new Object()));
+		test(stream -> stream.reduce(AN_OBJECT, A_BINARY_OPERATOR), Optional.of(new Object()));
+		test(stream -> stream.reduce(AN_OBJECT, A_BINARY_OPERATOR, A_BINARY_OPERATOR), Optional.of(new Object()));
+		test(Stream::toArray, new Object[1]);
+		test(stream -> stream.toArray(AN_INT_FUNCTION), new Object[1]);
+	}
+
+	private static <T> void test(Consumer<Stream> consumer) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return null;
+			}
+
+			@Override
+			public T apply(Stream stream) {
+				consumer.accept(stream);
+				return null;
+			}
+		});
+	}
+
+	private static <T> void test(Function<Stream, T> function, T result) {
+		TERMINAL_OPERATIONS.add(new TerminalOperation<T>() {
+			@Override
+			public T result() {
+				return result;
+			}
+
+			@Override
+			public T apply(Stream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	private static <T extends BaseStream> void test(Class<? extends T> type, Function<Stream, T> function) {
+		INTERMEDIATE_OPERATIONS.add(new IntermediateOperation<T>() {
+			@Override
+			public Class<? extends T> type() {
+				return type;
+			}
+
+			@Override
+			public T apply(Stream stream) {
+				return function.apply(stream);
+			}
+		});
+	}
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	private Stream<Object> delegate;
+	private Stream<Object> inTest;
+
+	@Before
+	public void setUp() {
+		delegate = mock(Stream.class);
+		inTest = AutoClosingStream.from(delegate);
+	}
+
+	@Theory
+	public void testIntermediateOperationReturnsNewAutoClosingStream(@FromDataPoints("intermediateOperations") IntermediateOperation intermediateOperation) {
+		BaseStream newDelegate = (BaseStream) mock(intermediateOperation.type());
+		when(intermediateOperation.apply(delegate)).thenReturn(newDelegate);
+
+		BaseStream result = intermediateOperation.apply(inTest);
+
+		assertThat(result, isAutoClosing());
+		verifyDelegate(result, newDelegate);
+	}
+
+	@Theory
+	public void testTerminalOperationDelegatesToAndClosesDelegate(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		Object expectedResult = terminalOperation.result();
+		if (expectedResult != null) {
+			when(terminalOperation.apply(delegate)).thenReturn(expectedResult);
+		}
+
+		Object result = terminalOperation.apply(inTest);
+
+		InOrder inOrder = inOrder(delegate);
+		assertThat(result, is(expectedResult));
+		inOrder.verify(delegate).close();
+	}
+
+	@Theory
+	public void testTerminalOperationClosesDelegateEvenOnException(@FromDataPoints("terminalOperations") TerminalOperation terminalOperation) {
+		RuntimeException exception = new RuntimeException();
+		terminalOperation.apply(doThrow(exception).when(delegate));
+
+		thrown.expect(is(exception));
+
+		try {
+			terminalOperation.apply(inTest);
+		} finally {
+			verify(delegate).close();
+		}
+	}
+
+	private Matcher<BaseStream> isAutoClosing() {
+		return is(anyOf(instanceOf(AutoClosingStream.class), instanceOf(AutoClosingDoubleStream.class), instanceOf(AutoClosingIntStream.class), instanceOf(AutoClosingLongStream.class)));
+	}
+
+	private void verifyDelegate(BaseStream result, BaseStream newDelegate) {
+		result.close();
+		verify(newDelegate).close();
+	}
+
+	private interface TerminalOperation<T> {
+
+		T result();
+
+		T apply(Stream stream);
+
+	}
+
+	private interface IntermediateOperation<T extends BaseStream> {
+
+		Class<? extends T> type();
+
+		T apply(Stream stream);
+
+	}
+
+}

main/core/src/main/java/org/cryptomator/files/EncryptingFileVisitor.java

@@ -1,83 +0,0 @@
-package org.cryptomator.files;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.FileVisitResult;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.SimpleFileVisitor;
-import java.nio.file.StandardCopyOption;
-import java.nio.file.StandardOpenOption;
-import java.nio.file.attribute.BasicFileAttributes;
-
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.crypto.CryptorIOSupport;
-
-public class EncryptingFileVisitor extends SimpleFileVisitor<Path> implements CryptorIOSupport {
-
-	private final Path rootDir;
-	private final Cryptor cryptor;
-	private final EncryptionDecider encryptionDecider;
-	private Path currentDir;
-
-	public EncryptingFileVisitor(Path rootDir, Cryptor cryptor, EncryptionDecider encryptionDecider) {
-		this.rootDir = rootDir;
-		this.cryptor = cryptor;
-		this.encryptionDecider = encryptionDecider;
-	}
-
-	@Override
-	public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException {
-		if (rootDir.equals(dir) || encryptionDecider.shouldEncrypt(dir)) {
-			this.currentDir = dir;
-			return FileVisitResult.CONTINUE;
-		} else {
-			return FileVisitResult.SKIP_SUBTREE;
-		}
-	}
-
-	@Override
-	public FileVisitResult visitFile(Path plaintextFile, BasicFileAttributes attrs) throws IOException {
-		if (encryptionDecider.shouldEncrypt(plaintextFile)) {
-			final String plaintextName = plaintextFile.getFileName().toString();
-			final String encryptedName = cryptor.encryptPath(plaintextName, '/', '/', this);
-			final Path encryptedPath = plaintextFile.resolveSibling(encryptedName);
-			final InputStream plaintextIn = Files.newInputStream(plaintextFile, StandardOpenOption.READ);
-			final SeekableByteChannel ciphertextOut = Files.newByteChannel(encryptedPath, StandardOpenOption.WRITE, StandardOpenOption.CREATE_NEW);
-			cryptor.encryptFile(plaintextIn, ciphertextOut);
-			Files.delete(plaintextFile);
-		}
-		return FileVisitResult.CONTINUE;
-	}
-
-	@Override
-	public FileVisitResult postVisitDirectory(Path dir, IOException exc) throws IOException {
-		if (encryptionDecider.shouldEncrypt(dir)) {
-			final String plaintext = dir.getFileName().toString();
-			final String encrypted = cryptor.encryptPath(plaintext, '/', '/', this);
-			final Path newPath = dir.resolveSibling(encrypted);
-			Files.move(dir, newPath, StandardCopyOption.ATOMIC_MOVE);
-		}
-		return FileVisitResult.CONTINUE;
-	}
-
-	@Override
-	public void writePathSpecificMetadata(String metadataFile, byte[] encryptedMetadata) throws IOException {
-		final Path path = currentDir.resolve(metadataFile);
-		Files.write(path, encryptedMetadata, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.DSYNC);
-	}
-
-	@Override
-	public byte[] readPathSpecificMetadata(String metadataFile) throws IOException {
-		final Path path = currentDir.resolve(metadataFile);
-		return Files.readAllBytes(path);
-	}
-
-	/* callback */
-
-	public interface EncryptionDecider {
-		boolean shouldEncrypt(Path path);
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/WebDavServer.java

@@ -1,97 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav;
-
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.LinkedBlockingQueue;
-
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.webdav.jackrabbit.WebDavServlet;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.servlet.ServletContextHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
-import org.eclipse.jetty.util.thread.QueuedThreadPool;
-import org.eclipse.jetty.util.thread.ThreadPool;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public final class WebDavServer {
-
-	private static final Logger LOG = LoggerFactory.getLogger(WebDavServer.class);
-	private static final String LOCALHOST = "::1";
-	private static final int MAX_PENDING_REQUESTS = 200;
-	private static final int MAX_THREADS = 200;
-	private static final int MIN_THREADS = 4;
-	private static final int THREAD_IDLE_SECONDS = 20;
-	private final Server server;
-	private int port;
-
-	public WebDavServer() {
-		final BlockingQueue<Runnable> queue = new LinkedBlockingQueue<>(MAX_PENDING_REQUESTS);
-		final ThreadPool tp = new QueuedThreadPool(MAX_THREADS, MIN_THREADS, THREAD_IDLE_SECONDS, queue);
-		server = new Server(tp);
-	}
-
-	/**
-	 * @param workDir Path of encrypted folder.
-	 * @param cryptor A fully initialized cryptor instance ready to en- or decrypt streams.
-	 * @return <code>true</code> upon success
-	 */
-	public synchronized boolean start(final String workDir, final boolean checkFileIntegrity, final Cryptor cryptor) {
-		final ServerConnector connector = new ServerConnector(server);
-		connector.setHost(LOCALHOST);
-
-		final String contextPath = "/";
-		final String servletPathSpec = "/*";
-
-		final ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
-		context.addServlet(getWebDavServletHolder(workDir, contextPath, checkFileIntegrity, cryptor), servletPathSpec);
-		context.setContextPath(contextPath);
-		server.setHandler(context);
-
-		try {
-			server.setConnectors(new Connector[] {connector});
-			server.start();
-			port = connector.getLocalPort();
-			return true;
-		} catch (Exception ex) {
-			LOG.error("Server couldn't be started", ex);
-			return false;
-		}
-	}
-
-	public boolean isRunning() {
-		return server.isRunning();
-	}
-
-	public synchronized boolean stop() {
-		try {
-			server.stop();
-			port = 0;
-		} catch (Exception ex) {
-			LOG.error("Server couldn't be stopped", ex);
-		}
-		return server.isStopped();
-	}
-
-	private ServletHolder getWebDavServletHolder(final String workDir, final String contextPath, final boolean checkFileIntegrity, final Cryptor cryptor) {
-		final ServletHolder result = new ServletHolder("Cryptomator-WebDAV-Servlet", new WebDavServlet(cryptor));
-		result.setInitParameter(WebDavServlet.CFG_FS_ROOT, workDir);
-		result.setInitParameter(WebDavServlet.CFG_HTTP_ROOT, contextPath);
-		result.setInitParameter(WebDavServlet.CFG_CHECK_FILE_INTEGRITY, Boolean.toString(checkFileIntegrity));
-		return result;
-	}
-
-	public int getPort() {
-		return port;
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/exceptions/DavRuntimeException.java

@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.exceptions;
-
-import org.apache.jackrabbit.webdav.DavException;
-
-public class DavRuntimeException extends RuntimeException {
-
-	private static final long serialVersionUID = -4713080133052143303L;
-
-	public DavRuntimeException(DavException davException) {
-		super(davException);
-	}
-
-	@Override
-	public String getMessage() {
-		return getCause().getMessage();
-	}
-
-	@Override
-	public String getLocalizedMessage() {
-		return getCause().getLocalizedMessage();
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/exceptions/IORuntimeException.java

@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.exceptions;
-
-import java.io.IOException;
-
-public class IORuntimeException extends RuntimeException {
-
-	private static final long serialVersionUID = -4713080133052143303L;
-
-	public IORuntimeException(IOException ioException) {
-		super(ioException);
-	}
-
-	@Override
-	public String getMessage() {
-		return getCause().getMessage();
-	}
-
-	@Override
-	public String getLocalizedMessage() {
-		return getCause().getLocalizedMessage();
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/BidiLRUMap.java

@@ -1,24 +0,0 @@
-package org.cryptomator.webdav.jackrabbit;
-
-import java.util.Map;
-
-import org.apache.commons.collections4.BidiMap;
-import org.apache.commons.collections4.bidimap.AbstractDualBidiMap;
-import org.apache.commons.collections4.map.LRUMap;
-
-final class BidiLRUMap<K, V> extends AbstractDualBidiMap<K, V> {
-
-	BidiLRUMap(int maxSize) {
-		super(new LRUMap<K, V>(maxSize), new LRUMap<V, K>(maxSize));
-	}
-
-	protected BidiLRUMap(final Map<K, V> normalMap, final Map<V, K> reverseMap, final BidiMap<V, K> inverseBidiMap) {
-		super(normalMap, reverseMap, inverseBidiMap);
-	}
-
-	@Override
-	protected BidiMap<V, K> createBidiMap(Map<V, K> normalMap, Map<K, V> reverseMap, BidiMap<K, V> inverseMap) {
-		return new BidiLRUMap<V, K>(normalMap, reverseMap, inverseMap);
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavLocatorFactoryImpl.java

@@ -1,118 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit;
-
-import java.io.IOException;
-import java.nio.file.FileSystems;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardOpenOption;
-
-import org.apache.commons.collections4.BidiMap;
-import org.apache.jackrabbit.webdav.AbstractLocatorFactory;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.crypto.CryptorIOSupport;
-import org.cryptomator.crypto.SensitiveDataSwipeListener;
-
-class DavLocatorFactoryImpl extends AbstractLocatorFactory implements SensitiveDataSwipeListener, CryptorIOSupport {
-
-	private static final int MAX_CACHED_PATHS = 10000;
-	private final Path fsRoot;
-	private final Cryptor cryptor;
-	private final BidiMap<String, String> pathCache = new BidiLRUMap<>(MAX_CACHED_PATHS); // <decryptedPath, encryptedPath>
-
-	DavLocatorFactoryImpl(String fsRoot, String httpRoot, Cryptor cryptor) {
-		super(httpRoot);
-		this.fsRoot = FileSystems.getDefault().getPath(fsRoot);
-		this.cryptor = cryptor;
-		cryptor.addSensitiveDataSwipeListener(this);
-	}
-
-	/**
-	 * @return Encrypted absolute paths on the file system.
-	 */
-	@Override
-	protected String getRepositoryPath(String resourcePath, String wspPath) {
-		String encryptedPath = pathCache.get(resourcePath);
-		if (encryptedPath == null) {
-			encryptedPath = encryptRepositoryPath(resourcePath);
-			pathCache.put(resourcePath, encryptedPath);
-		}
-		return encryptedPath;
-	}
-
-	private String encryptRepositoryPath(String resourcePath) {
-		if (resourcePath == null) {
-			return fsRoot.toString();
-		}
-		final String encryptedRepoPath = cryptor.encryptPath(resourcePath, FileSystems.getDefault().getSeparator().charAt(0), '/', this);
-		return fsRoot.resolve(encryptedRepoPath).toString();
-	}
-
-	/**
-	 * @return Decrypted path for use in URIs.
-	 */
-	@Override
-	protected String getResourcePath(String repositoryPath, String wspPath) {
-		String decryptedPath = pathCache.getKey(repositoryPath);
-		if (decryptedPath == null) {
-			decryptedPath = decryptResourcePath(repositoryPath);
-			pathCache.put(decryptedPath, repositoryPath);
-		}
-		return decryptedPath;
-	}
-
-	private String decryptResourcePath(String repositoryPath) {
-		final Path absRepoPath = FileSystems.getDefault().getPath(repositoryPath);
-		if (fsRoot.equals(absRepoPath)) {
-			return null;
-		} else {
-			final Path relativeRepositoryPath = fsRoot.relativize(absRepoPath);
-			final String resourcePath = cryptor.decryptPath(relativeRepositoryPath.toString(), FileSystems.getDefault().getSeparator().charAt(0), '/', this);
-			return resourcePath;
-		}
-	}
-
-	@Override
-	public DavResourceLocator createResourceLocator(String prefix, String workspacePath, String path, boolean isResourcePath) {
-		// we don't support workspaces
-		return super.createResourceLocator(prefix, "", path, isResourcePath);
-	}
-
-	@Override
-	public DavResourceLocator createResourceLocator(String prefix, String workspacePath, String resourcePath) {
-		// we don't support workspaces
-		return super.createResourceLocator(prefix, "", resourcePath);
-	}
-
-	@Override
-	public void swipeSensitiveData() {
-		pathCache.clear();
-	}
-
-	/* Cryptor I/O Support */
-
-	@Override
-	public void writePathSpecificMetadata(String encryptedPath, byte[] encryptedMetadata) throws IOException {
-		final Path metaDataFile = fsRoot.resolve(encryptedPath);
-		Files.write(metaDataFile, encryptedMetadata, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.DSYNC);
-	}
-
-	@Override
-	public byte[] readPathSpecificMetadata(String encryptedPath) throws IOException {
-		final Path metaDataFile = fsRoot.resolve(encryptedPath);
-		if (!Files.isReadable(metaDataFile)) {
-			return null;
-		} else {
-			return Files.readAllBytes(metaDataFile);
-		}
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/DavResourceFactoryImpl.java

@@ -1,90 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit;
-
-import java.nio.file.Files;
-import java.nio.file.Path;
-
-import org.apache.commons.httpclient.HttpStatus;
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavMethods;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavServletRequest;
-import org.apache.jackrabbit.webdav.DavServletResponse;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.webdav.jackrabbit.resources.EncryptedDir;
-import org.cryptomator.webdav.jackrabbit.resources.EncryptedFile;
-import org.cryptomator.webdav.jackrabbit.resources.EncryptedFilePart;
-import org.cryptomator.webdav.jackrabbit.resources.NonExistingNode;
-import org.cryptomator.webdav.jackrabbit.resources.ResourcePathUtils;
-import org.eclipse.jetty.http.HttpHeader;
-
-class DavResourceFactoryImpl implements DavResourceFactory {
-
-	private final LockManager lockManager = new SimpleLockManager();
-	private final Cryptor cryptor;
-	private final boolean checkFileIntegrity;
-
-	DavResourceFactoryImpl(Cryptor cryptor, boolean checkFileIntegrity) {
-		this.cryptor = cryptor;
-		this.checkFileIntegrity = checkFileIntegrity;
-	}
-
-	@Override
-	public DavResource createResource(DavResourceLocator locator, DavServletRequest request, DavServletResponse response) throws DavException {
-		final Path path = ResourcePathUtils.getPhysicalPath(locator);
-		final String rangeHeader = request.getHeader(HttpHeader.RANGE.asString());
-
-		if (Files.isRegularFile(path) && DavMethods.METHOD_GET.equals(request.getMethod()) && rangeHeader != null) {
-			response.setStatus(HttpStatus.SC_PARTIAL_CONTENT);
-			return createFilePart(locator, request.getDavSession(), request);
-		} else if (Files.isRegularFile(path) || DavMethods.METHOD_PUT.equals(request.getMethod())) {
-			return createFile(locator, request.getDavSession());
-		} else if (Files.isDirectory(path) || DavMethods.METHOD_MKCOL.equals(request.getMethod())) {
-			return createDirectory(locator, request.getDavSession());
-		} else {
-			return createNonExisting(locator, request.getDavSession());
-		}
-	}
-
-	@Override
-	public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException {
-		final Path path = ResourcePathUtils.getPhysicalPath(locator);
-
-		if (Files.isRegularFile(path)) {
-			return createFile(locator, session);
-		} else if (Files.isDirectory(path)) {
-			return createDirectory(locator, session);
-		} else {
-			return createNonExisting(locator, session);
-		}
-	}
-
-	private EncryptedFile createFilePart(DavResourceLocator locator, DavSession session, DavServletRequest request) {
-		return new EncryptedFilePart(this, locator, session, request, lockManager, cryptor, checkFileIntegrity);
-	}
-
-	private EncryptedFile createFile(DavResourceLocator locator, DavSession session) {
-		return new EncryptedFile(this, locator, session, lockManager, cryptor, checkFileIntegrity);
-	}
-
-	private EncryptedDir createDirectory(DavResourceLocator locator, DavSession session) {
-		return new EncryptedDir(this, locator, session, lockManager, cryptor);
-	}
-
-	private NonExistingNode createNonExisting(DavResourceLocator locator, DavSession session) {
-		return new NonExistingNode(this, locator, session, lockManager, cryptor);
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/WebDavServlet.java

@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-
-import org.apache.jackrabbit.webdav.DavLocatorFactory;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavSessionProvider;
-import org.apache.jackrabbit.webdav.WebdavRequest;
-import org.apache.jackrabbit.webdav.server.AbstractWebdavServlet;
-import org.cryptomator.crypto.Cryptor;
-
-public class WebDavServlet extends AbstractWebdavServlet {
-
-	private static final long serialVersionUID = 7965170007048673022L;
-	public static final String CFG_FS_ROOT = "cfg.fs.root";
-	public static final String CFG_HTTP_ROOT = "cfg.http.root";
-	public static final String CFG_CHECK_FILE_INTEGRITY = "cfg.checkFileIntegrity";
-	private DavSessionProvider davSessionProvider;
-	private DavLocatorFactory davLocatorFactory;
-	private DavResourceFactory davResourceFactory;
-	private final Cryptor cryptor;
-
-	public WebDavServlet(final Cryptor cryptor) {
-		super();
-		this.cryptor = cryptor;
-	}
-
-	@Override
-	public void init(ServletConfig config) throws ServletException {
-		super.init(config);
-
-		davSessionProvider = new DavSessionProviderImpl();
-
-		final String fsRoot = config.getInitParameter(CFG_FS_ROOT);
-		final String httpRoot = config.getInitParameter(CFG_HTTP_ROOT);
-		final boolean checkFileIntegrity = Boolean.parseBoolean(config.getInitParameter(CFG_CHECK_FILE_INTEGRITY));
-		this.davLocatorFactory = new DavLocatorFactoryImpl(fsRoot, httpRoot, cryptor);
-
-		this.davResourceFactory = new DavResourceFactoryImpl(cryptor, checkFileIntegrity);
-	}
-
-	@Override
-	protected boolean isPreconditionValid(WebdavRequest request, DavResource resource) {
-		return !resource.exists() || request.matchesIfHeader(resource);
-	}
-
-	@Override
-	public DavSessionProvider getDavSessionProvider() {
-		return davSessionProvider;
-	}
-
-	@Override
-	public void setDavSessionProvider(DavSessionProvider davSessionProvider) {
-		this.davSessionProvider = davSessionProvider;
-	}
-
-	@Override
-	public DavLocatorFactory getLocatorFactory() {
-		return davLocatorFactory;
-	}
-
-	@Override
-	public void setLocatorFactory(DavLocatorFactory locatorFactory) {
-		this.davLocatorFactory = locatorFactory;
-	}
-
-	@Override
-	public DavResourceFactory getResourceFactory() {
-		return davResourceFactory;
-	}
-
-	@Override
-	public void setResourceFactory(DavResourceFactory resourceFactory) {
-		this.davResourceFactory = resourceFactory;
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/AbstractEncryptedNode.java

@@ -1,293 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.io.IOException;
-import java.nio.file.AtomicMoveNotSupportedException;
-import java.nio.file.Files;
-import java.nio.file.LinkOption;
-import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
-import java.nio.file.attribute.BasicFileAttributeView;
-import java.nio.file.attribute.FileTime;
-import java.util.List;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavServletResponse;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.MultiStatusResponse;
-import org.apache.jackrabbit.webdav.lock.ActiveLock;
-import org.apache.jackrabbit.webdav.lock.LockInfo;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.apache.jackrabbit.webdav.lock.Scope;
-import org.apache.jackrabbit.webdav.lock.Type;
-import org.apache.jackrabbit.webdav.property.DavProperty;
-import org.apache.jackrabbit.webdav.property.DavPropertyName;
-import org.apache.jackrabbit.webdav.property.DavPropertyNameSet;
-import org.apache.jackrabbit.webdav.property.DavPropertySet;
-import org.apache.jackrabbit.webdav.property.PropEntry;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.webdav.exceptions.IORuntimeException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-abstract class AbstractEncryptedNode implements DavResource {
-
-	private static final Logger LOG = LoggerFactory.getLogger(AbstractEncryptedNode.class);
-	private static final String DAV_COMPLIANCE_CLASSES = "1, 2";
-
-	protected final DavResourceFactory factory;
-	protected final DavResourceLocator locator;
-	protected final DavSession session;
-	protected final LockManager lockManager;
-	protected final Cryptor cryptor;
-	protected final DavPropertySet properties;
-
-	protected AbstractEncryptedNode(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor) {
-		this.factory = factory;
-		this.locator = locator;
-		this.session = session;
-		this.lockManager = lockManager;
-		this.cryptor = cryptor;
-		this.properties = new DavPropertySet();
-		this.determineProperties();
-	}
-
-	@Override
-	public String getComplianceClass() {
-		return DAV_COMPLIANCE_CLASSES;
-	}
-
-	@Override
-	public String getSupportedMethods() {
-		return METHODS;
-	}
-
-	@Override
-	public boolean exists() {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		return Files.exists(path);
-	}
-
-	@Override
-	public String getDisplayName() {
-		final String resourcePath = getResourcePath();
-		final int lastSlash = resourcePath.lastIndexOf('/');
-		if (lastSlash == -1) {
-			return resourcePath;
-		} else {
-			return resourcePath.substring(lastSlash);
-		}
-	}
-
-	@Override
-	public DavResourceLocator getLocator() {
-		return locator;
-	}
-
-	@Override
-	public String getResourcePath() {
-		return locator.getResourcePath();
-	}
-
-	@Override
-	public String getHref() {
-		return locator.getHref(this.isCollection());
-	}
-
-	@Override
-	public long getModificationTime() {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		try {
-			return Files.getLastModifiedTime(path).toMillis();
-		} catch (IOException e) {
-			return -1;
-		}
-	}
-
-	protected abstract void determineProperties();
-
-	@Override
-	public DavPropertyName[] getPropertyNames() {
-		return getProperties().getPropertyNames();
-	}
-
-	@Override
-	public DavProperty<?> getProperty(DavPropertyName name) {
-		return getProperties().get(name);
-	}
-
-	@Override
-	public DavPropertySet getProperties() {
-		return properties;
-	}
-
-	@Override
-	public void setProperty(DavProperty<?> property) throws DavException {
-		getProperties().add(property);
-
-		LOG.info("Set property {}", property.getName());
-
-		try {
-			final Path path = ResourcePathUtils.getPhysicalPath(this);
-			if (DavPropertyName.CREATIONDATE.equals(property.getName()) && property.getValue() instanceof String) {
-				final String createDateStr = (String) property.getValue();
-				final FileTime createTime = FileTimeUtils.fromRfc1123String(createDateStr);
-				final BasicFileAttributeView attrView = Files.getFileAttributeView(path, BasicFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
-				attrView.setTimes(null, null, createTime);
-				LOG.info("Updating Creation Date: {}", createTime.toString());
-			} else if (DavPropertyName.GETLASTMODIFIED.equals(property.getName()) && property.getValue() instanceof String) {
-				final String lastModifiedTimeStr = (String) property.getValue();
-				final FileTime lastModifiedTime = FileTimeUtils.fromRfc1123String(lastModifiedTimeStr);
-				final BasicFileAttributeView attrView = Files.getFileAttributeView(path, BasicFileAttributeView.class, LinkOption.NOFOLLOW_LINKS);
-				attrView.setTimes(lastModifiedTime, null, null);
-				LOG.info("Updating Last Modified Date: {}", lastModifiedTime.toString());
-			}
-		} catch (IOException e) {
-			throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR);
-		}
-	}
-
-	@Override
-	public void removeProperty(DavPropertyName propertyName) throws DavException {
-		getProperties().remove(propertyName);
-	}
-
-	@Override
-	public MultiStatusResponse alterProperties(List<? extends PropEntry> changeList) throws DavException {
-		final DavPropertyNameSet names = new DavPropertyNameSet();
-		for (final PropEntry entry : changeList) {
-			if (entry instanceof DavProperty) {
-				final DavProperty<?> prop = (DavProperty<?>) entry;
-				this.setProperty(prop);
-				names.add(prop.getName());
-			} else if (entry instanceof DavPropertyName) {
-				final DavPropertyName name = (DavPropertyName) entry;
-				this.removeProperty(name);
-				names.add(name);
-			}
-		}
-		return new MultiStatusResponse(this, names);
-	}
-
-	@Override
-	public DavResource getCollection() {
-		if (locator.isRootLocation()) {
-			return null;
-		}
-
-		final String parentResource = FilenameUtils.getPath(locator.getResourcePath());
-		final DavResourceLocator parentLocator = locator.getFactory().createResourceLocator(locator.getPrefix(), locator.getWorkspacePath(), parentResource);
-		try {
-			return getFactory().createResource(parentLocator, session);
-		} catch (DavException e) {
-			throw new IllegalStateException("Unable to get parent resource with path " + parentLocator.getResourcePath(), e);
-		}
-	}
-
-	@Override
-	public void move(DavResource dest) throws DavException {
-		final Path src = ResourcePathUtils.getPhysicalPath(this);
-		final Path dst = ResourcePathUtils.getPhysicalPath(dest);
-		try {
-			// check for conflicts:
-			if (Files.exists(dst) && Files.getLastModifiedTime(dst).toMillis() > Files.getLastModifiedTime(src).toMillis()) {
-				throw new DavException(DavServletResponse.SC_CONFLICT, "File at destination already exists: " + dst.toString());
-			}
-
-			// move:
-			try {
-				Files.move(src, dst, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
-			} catch (AtomicMoveNotSupportedException e) {
-				Files.move(src, dst, StandardCopyOption.REPLACE_EXISTING);
-			}
-		} catch (IOException e) {
-			LOG.error("Error moving file from " + src.toString() + " to " + dst.toString());
-			throw new IORuntimeException(e);
-		}
-	}
-
-	@Override
-	public void copy(DavResource dest, boolean shallow) throws DavException {
-		final Path src = ResourcePathUtils.getPhysicalPath(this);
-		final Path dst = ResourcePathUtils.getPhysicalPath(dest);
-		try {
-			// check for conflicts:
-			if (Files.exists(dst) && Files.getLastModifiedTime(dst).toMillis() > Files.getLastModifiedTime(src).toMillis()) {
-				throw new DavException(DavServletResponse.SC_CONFLICT, "File at destination already exists: " + dst.toString());
-			}
-
-			// copy:
-			try {
-				Files.copy(src, dst, StandardCopyOption.COPY_ATTRIBUTES, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
-			} catch (AtomicMoveNotSupportedException e) {
-				Files.copy(src, dst, StandardCopyOption.COPY_ATTRIBUTES, StandardCopyOption.REPLACE_EXISTING);
-			}
-		} catch (IOException e) {
-			LOG.error("Error copying file from " + src.toString() + " to " + dst.toString());
-			throw new IORuntimeException(e);
-		}
-	}
-
-	@Override
-	public boolean isLockable(Type type, Scope scope) {
-		return true;
-	}
-
-	@Override
-	public boolean hasLock(Type type, Scope scope) {
-		return lockManager.getLock(type, scope, this) != null;
-	}
-
-	@Override
-	public ActiveLock getLock(Type type, Scope scope) {
-		return lockManager.getLock(type, scope, this);
-	}
-
-	@Override
-	public ActiveLock[] getLocks() {
-		final ActiveLock exclusiveWriteLock = getLock(Type.WRITE, Scope.EXCLUSIVE);
-		return new ActiveLock[] {exclusiveWriteLock};
-	}
-
-	@Override
-	public ActiveLock lock(LockInfo reqLockInfo) throws DavException {
-		return lockManager.createLock(reqLockInfo, this);
-	}
-
-	@Override
-	public ActiveLock refreshLock(LockInfo reqLockInfo, String lockToken) throws DavException {
-		return lockManager.refreshLock(reqLockInfo, lockToken, this);
-	}
-
-	@Override
-	public void unlock(String lockToken) throws DavException {
-		lockManager.releaseLock(lockToken, this);
-	}
-
-	@Override
-	public void addLockManager(LockManager lockmgr) {
-		throw new UnsupportedOperationException("Locks are managed");
-	}
-
-	@Override
-	public DavResourceFactory getFactory() {
-		return factory;
-	}
-
-	@Override
-	public DavSession getSession() {
-		return session;
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/EncryptedDir.java

@@ -1,178 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.io.IOException;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.DirectoryStream;
-import java.nio.file.FileVisitResult;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.SimpleFileVisitor;
-import java.nio.file.StandardOpenOption;
-import java.nio.file.attribute.BasicFileAttributes;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceIterator;
-import org.apache.jackrabbit.webdav.DavResourceIteratorImpl;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavServletResponse;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.io.InputContext;
-import org.apache.jackrabbit.webdav.io.OutputContext;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.apache.jackrabbit.webdav.property.DavPropertyName;
-import org.apache.jackrabbit.webdav.property.DefaultDavProperty;
-import org.apache.jackrabbit.webdav.property.ResourceType;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.webdav.exceptions.DavRuntimeException;
-import org.cryptomator.webdav.exceptions.IORuntimeException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class EncryptedDir extends AbstractEncryptedNode {
-
-	private static final Logger LOG = LoggerFactory.getLogger(EncryptedDir.class);
-
-	public EncryptedDir(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor) {
-		super(factory, locator, session, lockManager, cryptor);
-	}
-
-	@Override
-	public boolean isCollection() {
-		return true;
-	}
-
-	@Override
-	public void addMember(DavResource resource, InputContext inputContext) throws DavException {
-		if (resource.isCollection()) {
-			this.addMemberDir(resource, inputContext);
-		} else {
-			this.addMemberFile(resource, inputContext);
-		}
-	}
-
-	private void addMemberDir(DavResource resource, InputContext inputContext) throws DavException {
-		final Path childPath = ResourcePathUtils.getPhysicalPath(resource);
-		try {
-			Files.createDirectories(childPath);
-		} catch (SecurityException e) {
-			throw new DavException(DavServletResponse.SC_FORBIDDEN, e);
-		} catch (IOException e) {
-			LOG.error("Failed to create subdirectory.", e);
-			throw new IORuntimeException(e);
-		}
-	}
-
-	private void addMemberFile(DavResource resource, InputContext inputContext) throws DavException {
-		final Path childPath = ResourcePathUtils.getPhysicalPath(resource);
-		SeekableByteChannel channel = null;
-		try {
-			channel = Files.newByteChannel(childPath, StandardOpenOption.WRITE, StandardOpenOption.CREATE);
-			cryptor.encryptFile(inputContext.getInputStream(), channel);
-		} catch (SecurityException e) {
-			throw new DavException(DavServletResponse.SC_FORBIDDEN, e);
-		} catch (IOException e) {
-			LOG.error("Failed to create file.", e);
-			throw new IORuntimeException(e);
-		} finally {
-			IOUtils.closeQuietly(channel);
-			IOUtils.closeQuietly(inputContext.getInputStream());
-		}
-	}
-
-	@Override
-	public DavResourceIterator getMembers() {
-		final Path dir = ResourcePathUtils.getPhysicalPath(this);
-		try {
-			final DirectoryStream<Path> directoryStream = Files.newDirectoryStream(dir, cryptor.getPayloadFilesFilter());
-			final List<DavResource> result = new ArrayList<>();
-
-			for (final Path childPath : directoryStream) {
-				final DavResourceLocator childLocator = locator.getFactory().createResourceLocator(locator.getPrefix(), locator.getWorkspacePath(), childPath.toString(), false);
-				final DavResource resource = factory.createResource(childLocator, session);
-				result.add(resource);
-			}
-			return new DavResourceIteratorImpl(result);
-		} catch (IOException e) {
-			LOG.error("Exception during getMembers.", e);
-			throw new IORuntimeException(e);
-		} catch (DavException e) {
-			LOG.error("Exception during getMembers.", e);
-			throw new DavRuntimeException(e);
-		}
-	}
-
-	@Override
-	public void removeMember(DavResource member) throws DavException {
-		final Path memberPath = ResourcePathUtils.getPhysicalPath(member);
-		try {
-			Files.walkFileTree(memberPath, new DeletingFileVisitor());
-		} catch (SecurityException e) {
-			throw new DavException(DavServletResponse.SC_FORBIDDEN, e);
-		} catch (IOException e) {
-			throw new IORuntimeException(e);
-		}
-	}
-
-	@Override
-	public void spool(OutputContext outputContext) throws IOException {
-		// do nothing
-	}
-
-	@Override
-	protected void determineProperties() {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		properties.add(new ResourceType(ResourceType.COLLECTION));
-		properties.add(new DefaultDavProperty<Integer>(DavPropertyName.ISCOLLECTION, 1));
-		if (Files.exists(path)) {
-			try {
-				final BasicFileAttributes attrs = Files.readAttributes(path, BasicFileAttributes.class);
-				properties.add(new DefaultDavProperty<String>(DavPropertyName.CREATIONDATE, FileTimeUtils.toRfc1123String(attrs.creationTime())));
-				properties.add(new DefaultDavProperty<String>(DavPropertyName.GETLASTMODIFIED, FileTimeUtils.toRfc1123String(attrs.lastModifiedTime())));
-			} catch (IOException e) {
-				LOG.error("Error determining metadata " + path.toString(), e);
-				// don't add any further properties
-			}
-		}
-	}
-
-	/**
-	 * Deletes all files and folders, it visits.
-	 */
-	private static class DeletingFileVisitor extends SimpleFileVisitor<Path> {
-
-		@Override
-		public FileVisitResult visitFile(Path file, BasicFileAttributes attributes) throws IOException {
-			if (attributes.isRegularFile()) {
-				Files.delete(file);
-			}
-			return FileVisitResult.CONTINUE;
-		}
-
-		@Override
-		public FileVisitResult postVisitDirectory(Path dir, IOException exc) throws IOException {
-			Files.delete(dir);
-			return FileVisitResult.CONTINUE;
-		}
-
-		@Override
-		public FileVisitResult visitFileFailed(Path file, IOException exc) throws IOException {
-			LOG.error("Failed to delete file " + file.toString(), exc);
-			return FileVisitResult.TERMINATE;
-		}
-
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/EncryptedFile.java

@@ -1,119 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.io.EOFException;
-import java.io.IOException;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardOpenOption;
-import java.nio.file.attribute.BasicFileAttributes;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceIterator;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.io.InputContext;
-import org.apache.jackrabbit.webdav.io.OutputContext;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.apache.jackrabbit.webdav.property.DavPropertyName;
-import org.apache.jackrabbit.webdav.property.DefaultDavProperty;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.cryptomator.webdav.exceptions.IORuntimeException;
-import org.eclipse.jetty.http.HttpHeader;
-import org.eclipse.jetty.http.HttpHeaderValue;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class EncryptedFile extends AbstractEncryptedNode {
-
-	private static final Logger LOG = LoggerFactory.getLogger(EncryptedFile.class);
-
-	protected final boolean checkIntegrity;
-
-	public EncryptedFile(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor, boolean checkIntegrity) {
-		super(factory, locator, session, lockManager, cryptor);
-		this.checkIntegrity = checkIntegrity;
-	}
-
-	@Override
-	public boolean isCollection() {
-		return false;
-	}
-
-	@Override
-	public void addMember(DavResource resource, InputContext inputContext) throws DavException {
-		throw new UnsupportedOperationException("Can not add member to file.");
-	}
-
-	@Override
-	public DavResourceIterator getMembers() {
-		throw new UnsupportedOperationException("Can not list members of file.");
-	}
-
-	@Override
-	public void removeMember(DavResource member) throws DavException {
-		throw new UnsupportedOperationException("Can not remove member to file.");
-	}
-
-	@Override
-	public void spool(OutputContext outputContext) throws IOException {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		if (Files.exists(path)) {
-			outputContext.setModificationTime(Files.getLastModifiedTime(path).toMillis());
-			outputContext.setProperty(HttpHeader.ACCEPT_RANGES.asString(), HttpHeaderValue.BYTES.asString());
-			SeekableByteChannel channel = null;
-			try {
-				channel = Files.newByteChannel(path, StandardOpenOption.READ);
-				if (checkIntegrity && !cryptor.authenticateContent(channel)) {
-					throw new DecryptFailedException("File content compromised: " + path.toString());
-				}
-				outputContext.setContentLength(cryptor.decryptedContentLength(channel));
-				if (outputContext.hasStream()) {
-					cryptor.decryptedFile(channel, outputContext.getOutputStream());
-				}
-			} catch (EOFException e) {
-				LOG.warn("Unexpected end of stream (possibly client hung up).");
-			} catch (DecryptFailedException e) {
-				throw new IOException("Error decrypting file " + path.toString(), e);
-			} finally {
-				IOUtils.closeQuietly(channel);
-			}
-		}
-	}
-
-	@Override
-	protected void determineProperties() {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		if (Files.exists(path)) {
-			SeekableByteChannel channel = null;
-			try {
-				channel = Files.newByteChannel(path, StandardOpenOption.READ);
-				final Long contentLength = cryptor.decryptedContentLength(channel);
-				properties.add(new DefaultDavProperty<Long>(DavPropertyName.GETCONTENTLENGTH, contentLength));
-
-				final BasicFileAttributes attrs = Files.readAttributes(path, BasicFileAttributes.class);
-				properties.add(new DefaultDavProperty<String>(DavPropertyName.CREATIONDATE, FileTimeUtils.toRfc1123String(attrs.creationTime())));
-				properties.add(new DefaultDavProperty<String>(DavPropertyName.GETLASTMODIFIED, FileTimeUtils.toRfc1123String(attrs.lastModifiedTime())));
-				properties.add(new HttpHeaderProperty(HttpHeader.ACCEPT_RANGES.asString(), HttpHeaderValue.BYTES.asString()));
-			} catch (IOException e) {
-				LOG.error("Error determining metadata " + path.toString(), e);
-				throw new IORuntimeException(e);
-			} finally {
-				IOUtils.closeQuietly(channel);
-			}
-		}
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/EncryptedFilePart.java

@@ -1,146 +0,0 @@
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.io.EOFException;
-import java.io.IOException;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardOpenOption;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.tuple.ImmutablePair;
-import org.apache.commons.lang3.tuple.MutablePair;
-import org.apache.commons.lang3.tuple.Pair;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavServletRequest;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.io.OutputContext;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.cryptomator.crypto.Cryptor;
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.eclipse.jetty.http.HttpHeader;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Delivers only the requested range of bytes from a file.
- * 
- * @see {@link https://tools.ietf.org/html/rfc7233#section-4}
- */
-public class EncryptedFilePart extends EncryptedFile {
-
-	private static final Logger LOG = LoggerFactory.getLogger(EncryptedFilePart.class);
-	private static final String BYTE_UNIT_PREFIX = "bytes=";
-	private static final char RANGE_SET_SEP = ',';
-	private static final char RANGE_SEP = '-';
-
-	/**
-	 * e.g. range -500 (gets the last 500 bytes) -> (-1, 500)
-	 */
-	private static final Long SUFFIX_BYTE_RANGE_LOWER = -1L;
-
-	/**
-	 * e.g. range 500- (gets all bytes from 500) -> (500, MAX_LONG)
-	 */
-	private static final Long SUFFIX_BYTE_RANGE_UPPER = Long.MAX_VALUE;
-
-	private final Set<Pair<Long, Long>> requestedContentRanges = new HashSet<Pair<Long, Long>>();
-
-	public EncryptedFilePart(DavResourceFactory factory, DavResourceLocator locator, DavSession session, DavServletRequest request, LockManager lockManager, Cryptor cryptor, boolean checkIntegrity) {
-		super(factory, locator, session, lockManager, cryptor, checkIntegrity);
-		final String rangeHeader = request.getHeader(HttpHeader.RANGE.asString());
-		if (rangeHeader == null) {
-			throw new IllegalArgumentException("HTTP request doesn't contain a range header");
-		}
-		determineByteRanges(rangeHeader);
-	}
-
-	private void determineByteRanges(String rangeHeader) {
-		final String byteRangeSet = StringUtils.removeStartIgnoreCase(rangeHeader, BYTE_UNIT_PREFIX);
-		final String[] byteRanges = StringUtils.split(byteRangeSet, RANGE_SET_SEP);
-		if (byteRanges.length == 0) {
-			throw new IllegalArgumentException("Invalid range: " + rangeHeader);
-		}
-		for (final String byteRange : byteRanges) {
-			final String[] bytePos = StringUtils.splitPreserveAllTokens(byteRange, RANGE_SEP);
-			if (bytePos.length != 2 || bytePos[0].isEmpty() && bytePos[1].isEmpty()) {
-				throw new IllegalArgumentException("Invalid range: " + rangeHeader);
-			}
-			final Long lower = bytePos[0].isEmpty() ? SUFFIX_BYTE_RANGE_LOWER : Long.valueOf(bytePos[0]);
-			final Long upper = bytePos[1].isEmpty() ? SUFFIX_BYTE_RANGE_UPPER : Long.valueOf(bytePos[1]);
-			if (lower > upper) {
-				throw new IllegalArgumentException("Invalid range: " + rangeHeader);
-			}
-			requestedContentRanges.add(new ImmutablePair<Long, Long>(lower, upper));
-		}
-	}
-
-	/**
-	 * @return One range, that spans all requested ranges.
-	 */
-	private Pair<Long, Long> getUnionRange(Long fileSize) {
-		final long lastByte = fileSize - 1;
-		final MutablePair<Long, Long> result = new MutablePair<Long, Long>();
-		for (Pair<Long, Long> range : requestedContentRanges) {
-			final long left;
-			final long right;
-			if (SUFFIX_BYTE_RANGE_LOWER.equals(range.getLeft())) {
-				left = lastByte - range.getRight();
-				right = lastByte;
-			} else if (SUFFIX_BYTE_RANGE_UPPER.equals(range.getRight())) {
-				left = range.getLeft();
-				right = lastByte;
-			} else {
-				left = range.getLeft();
-				right = range.getRight();
-			}
-			if (result.getLeft() == null || left < result.getLeft()) {
-				result.setLeft(left);
-			}
-			if (result.getRight() == null || right > result.getRight()) {
-				result.setRight(right);
-			}
-		}
-		return result;
-	}
-
-	@Override
-	public void spool(OutputContext outputContext) throws IOException {
-		final Path path = ResourcePathUtils.getPhysicalPath(this);
-		if (Files.exists(path)) {
-			outputContext.setModificationTime(Files.getLastModifiedTime(path).toMillis());
-			SeekableByteChannel channel = null;
-			try {
-				channel = Files.newByteChannel(path, StandardOpenOption.READ);
-				if (checkIntegrity && !cryptor.authenticateContent(channel)) {
-					throw new DecryptFailedException("File content compromised: " + path.toString());
-				}
-				final Long fileSize = cryptor.decryptedContentLength(channel);
-				final Pair<Long, Long> range = getUnionRange(fileSize);
-				final Long rangeLength = range.getRight() - range.getLeft() + 1;
-				outputContext.setContentLength(rangeLength);
-				outputContext.setProperty(HttpHeader.CONTENT_RANGE.asString(), getContentRangeHeader(range.getLeft(), range.getRight(), fileSize));
-				if (outputContext.hasStream()) {
-					cryptor.decryptRange(channel, outputContext.getOutputStream(), range.getLeft(), rangeLength);
-				}
-			} catch (EOFException e) {
-				if (LOG.isDebugEnabled()) {
-					LOG.debug("Unexpected end of stream during delivery of partial content (client hung up).");
-				}
-			} catch (DecryptFailedException e) {
-				throw new IOException("Error decrypting file " + path.toString(), e);
-			} finally {
-				IOUtils.closeQuietly(channel);
-			}
-		}
-	}
-
-	private String getContentRangeHeader(long firstByte, long lastByte, long completeLength) {
-		return String.format("%d-%d/%d", firstByte, lastByte, completeLength);
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/FileTimeUtils.java

@@ -1,34 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.nio.file.attribute.FileTime;
-import java.time.Instant;
-import java.time.OffsetDateTime;
-import java.time.ZoneOffset;
-import java.time.format.DateTimeFormatter;
-import java.time.temporal.Temporal;
-
-final class FileTimeUtils {
-
-	private FileTimeUtils() {
-		throw new IllegalStateException("not instantiable");
-	}
-
-	static String toRfc1123String(FileTime time) {
-		final Temporal date = OffsetDateTime.ofInstant(time.toInstant(), ZoneOffset.UTC);
-		return DateTimeFormatter.RFC_1123_DATE_TIME.format(date);
-	}
-
-	static FileTime fromRfc1123String(String string) {
-		final Instant instant = Instant.from(DateTimeFormatter.RFC_1123_DATE_TIME.parse(string));
-		return FileTime.from(instant);
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/HttpHeaderProperty.java

@@ -1,20 +0,0 @@
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import org.apache.jackrabbit.webdav.property.AbstractDavProperty;
-import org.apache.jackrabbit.webdav.property.DavPropertyName;
-
-class HttpHeaderProperty extends AbstractDavProperty<String> {
-
-	private final String value;
-
-	public HttpHeaderProperty(String key, String value) {
-		super(DavPropertyName.create(key), true);
-		this.value = value;
-	}
-
-	@Override
-	public String getValue() {
-		return value;
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/NonExistingNode.java

@@ -1,65 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.io.IOException;
-
-import org.apache.jackrabbit.webdav.DavException;
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceFactory;
-import org.apache.jackrabbit.webdav.DavResourceIterator;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-import org.apache.jackrabbit.webdav.DavSession;
-import org.apache.jackrabbit.webdav.io.InputContext;
-import org.apache.jackrabbit.webdav.io.OutputContext;
-import org.apache.jackrabbit.webdav.lock.LockManager;
-import org.cryptomator.crypto.Cryptor;
-
-public class NonExistingNode extends AbstractEncryptedNode {
-
-	public NonExistingNode(DavResourceFactory factory, DavResourceLocator locator, DavSession session, LockManager lockManager, Cryptor cryptor) {
-		super(factory, locator, session, lockManager, cryptor);
-	}
-
-	@Override
-	public boolean exists() {
-		return false;
-	}
-
-	@Override
-	public boolean isCollection() {
-		throw new UnsupportedOperationException("Resource doesn't exist.");
-	}
-
-	@Override
-	public void spool(OutputContext outputContext) throws IOException {
-		throw new UnsupportedOperationException("Resource doesn't exist.");
-	}
-
-	@Override
-	public void addMember(DavResource resource, InputContext inputContext) throws DavException {
-		throw new UnsupportedOperationException("Resource doesn't exist.");
-	}
-
-	@Override
-	public DavResourceIterator getMembers() {
-		throw new UnsupportedOperationException("Resource doesn't exist.");
-	}
-
-	@Override
-	public void removeMember(DavResource member) throws DavException {
-		throw new UnsupportedOperationException("Resource doesn't exist.");
-	}
-
-	@Override
-	protected void determineProperties() {
-		// do nothing.
-	}
-
-}

main/core/src/main/java/org/cryptomator/webdav/jackrabbit/resources/ResourcePathUtils.java

@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.webdav.jackrabbit.resources;
-
-import java.nio.file.FileSystems;
-import java.nio.file.Path;
-
-import org.apache.jackrabbit.webdav.DavResource;
-import org.apache.jackrabbit.webdav.DavResourceLocator;
-
-public final class ResourcePathUtils {
-
-	private ResourcePathUtils() {
-		throw new IllegalStateException("not instantiable");
-	}
-
-	public static Path getPhysicalPath(DavResource resource) {
-		return getPhysicalPath(resource.getLocator());
-	}
-
-	public static Path getPhysicalPath(DavResourceLocator locator) {
-		return FileSystems.getDefault().getPath(locator.getRepositoryPath());
-	}
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/Aes256Cryptor.java

@@ -1,588 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.aes256;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.DirectoryStream.Filter;
-import java.nio.file.Path;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Random;
-import java.util.UUID;
-import java.util.zip.CRC32;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.CipherInputStream;
-import javax.crypto.CipherOutputStream;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import javax.security.auth.DestroyFailedException;
-import javax.security.auth.Destroyable;
-
-import org.apache.commons.io.Charsets;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.io.output.NullOutputStream;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.bouncycastle.crypto.generators.SCrypt;
-import org.cryptomator.crypto.AbstractCryptor;
-import org.cryptomator.crypto.CryptorIOSupport;
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.cryptomator.crypto.exceptions.UnsupportedKeyLengthException;
-import org.cryptomator.crypto.exceptions.WrongPasswordException;
-import org.cryptomator.crypto.io.SeekableByteChannelInputStream;
-import org.cryptomator.crypto.io.SeekableByteChannelOutputStream;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-public class Aes256Cryptor extends AbstractCryptor implements AesCryptographicConfiguration, FileNamingConventions {
-
-	/**
-	 * PRNG for cryptographically secure random numbers. Defaults to SHA1-based number generator.
-	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecureRandom
-	 */
-	private static final SecureRandom SECURE_PRNG;
-
-	/**
-	 * Defined in static initializer. Defaults to 256, but falls back to maximum value possible, if JCE Unlimited Strength Jurisdiction
-	 * Policy Files isn't installed. Those files can be downloaded here: http://www.oracle.com/technetwork/java/javase/downloads/.
-	 */
-	private static final int AES_KEY_LENGTH_IN_BITS;
-
-	/**
-	 * Jackson JSON-Mapper.
-	 */
-	private final ObjectMapper objectMapper = new ObjectMapper();
-
-	/**
-	 * The decrypted master key. Its lifecycle starts with the construction of an Aes256Cryptor instance or
-	 * {@link #decryptMasterKey(InputStream, CharSequence)}. Its lifecycle ends with {@link #swipeSensitiveData()}.
-	 */
-	private SecretKey primaryMasterKey;
-
-	/**
-	 * Decrypted secondary key used for hmac operations.
-	 */
-	private SecretKey hMacMasterKey;
-
-	static {
-		try {
-			SECURE_PRNG = SecureRandom.getInstance(PRNG_ALGORITHM);
-			final int maxKeyLength = Cipher.getMaxAllowedKeyLength(AES_KEY_ALGORITHM);
-			AES_KEY_LENGTH_IN_BITS = (maxKeyLength >= PREF_MASTER_KEY_LENGTH_IN_BITS) ? PREF_MASTER_KEY_LENGTH_IN_BITS : maxKeyLength;
-		} catch (NoSuchAlgorithmException e) {
-			throw new IllegalStateException("Algorithm should exist.", e);
-		}
-	}
-
-	/**
-	 * Creates a new Cryptor with a newly initialized PRNG.
-	 */
-	public Aes256Cryptor() {
-		SECURE_PRNG.setSeed(SECURE_PRNG.generateSeed(PRNG_SEED_LENGTH));
-		byte[] bytes = new byte[AES_KEY_LENGTH_IN_BITS / Byte.SIZE];
-		try {
-			SECURE_PRNG.nextBytes(bytes);
-			this.primaryMasterKey = new SecretKeySpec(bytes, AES_KEY_ALGORITHM);
-
-			SECURE_PRNG.nextBytes(bytes);
-			this.hMacMasterKey = new SecretKeySpec(bytes, HMAC_KEY_ALGORITHM);
-		} finally {
-			Arrays.fill(bytes, (byte) 0);
-		}
-	}
-
-	/**
-	 * Creates a new Cryptor with the given PRNG.<br/>
-	 * <strong>DO NOT USE IN PRODUCTION</strong>. This constructor must only be used in in unit tests. Do not change method visibility.
-	 * 
-	 * @param prng Fast, possibly insecure PRNG.
-	 */
-	Aes256Cryptor(Random prng) {
-		byte[] bytes = new byte[AES_KEY_LENGTH_IN_BITS / Byte.SIZE];
-		try {
-			prng.nextBytes(bytes);
-			this.primaryMasterKey = new SecretKeySpec(bytes, AES_KEY_ALGORITHM);
-
-			prng.nextBytes(bytes);
-			this.hMacMasterKey = new SecretKeySpec(bytes, HMAC_KEY_ALGORITHM);
-		} finally {
-			Arrays.fill(bytes, (byte) 0);
-		}
-	}
-
-	/**
-	 * Encrypts the current masterKey with the given password and writes the result to the given output stream.
-	 */
-	@Override
-	public void encryptMasterKey(OutputStream out, CharSequence password) throws IOException {
-		try {
-			// derive key:
-			final byte[] kekSalt = randomData(SCRYPT_SALT_LENGTH);
-			final SecretKey kek = scrypt(password, kekSalt, SCRYPT_COST_PARAM, SCRYPT_BLOCK_SIZE, AES_KEY_LENGTH_IN_BITS);
-
-			// encrypt:
-			final Cipher encCipher = aesKeyWrapCipher(kek, Cipher.WRAP_MODE);
-			byte[] wrappedPrimaryKey = encCipher.wrap(primaryMasterKey);
-			byte[] wrappedSecondaryKey = encCipher.wrap(hMacMasterKey);
-
-			// save encrypted masterkey:
-			final KeyFile keyfile = new KeyFile();
-			keyfile.setScryptSalt(kekSalt);
-			keyfile.setScryptCostParam(SCRYPT_COST_PARAM);
-			keyfile.setScryptBlockSize(SCRYPT_BLOCK_SIZE);
-			keyfile.setKeyLength(AES_KEY_LENGTH_IN_BITS);
-			keyfile.setPrimaryMasterKey(wrappedPrimaryKey);
-			keyfile.setHMacMasterKey(wrappedSecondaryKey);
-			objectMapper.writeValue(out, keyfile);
-		} catch (InvalidKeyException | IllegalBlockSizeException ex) {
-			throw new IllegalStateException("Invalid hard coded configuration.", ex);
-		}
-	}
-
-	/**
-	 * Reads the encrypted masterkey from the given input stream and decrypts it with the given password.
-	 * 
-	 * @throws DecryptFailedException If the decryption failed for various reasons (including wrong password).
-	 * @throws WrongPasswordException If the provided password was wrong. Note: Sometimes the algorithm itself fails due to a wrong
-	 *             password. In this case a DecryptFailedException will be thrown.
-	 * @throws UnsupportedKeyLengthException If the masterkey has been encrypted with a higher key length than supported by the system. In
-	 *             this case Java JCE needs to be installed.
-	 */
-	@Override
-	public void decryptMasterKey(InputStream in, CharSequence password) throws DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException, IOException {
-		try {
-			// load encrypted masterkey:
-			final KeyFile keyfile = objectMapper.readValue(in, KeyFile.class);
-
-			// check, whether the key length is supported:
-			final int maxKeyLen = Cipher.getMaxAllowedKeyLength(AES_KEY_ALGORITHM);
-			if (keyfile.getKeyLength() > maxKeyLen) {
-				throw new UnsupportedKeyLengthException(keyfile.getKeyLength(), maxKeyLen);
-			}
-
-			// derive key:
-			final SecretKey kek = scrypt(password, keyfile.getScryptSalt(), keyfile.getScryptCostParam(), keyfile.getScryptBlockSize(), AES_KEY_LENGTH_IN_BITS);
-
-			// decrypt and check password by catching AEAD exception
-			final Cipher decCipher = aesKeyWrapCipher(kek, Cipher.UNWRAP_MODE);
-			SecretKey primary = (SecretKey) decCipher.unwrap(keyfile.getPrimaryMasterKey(), AES_KEY_ALGORITHM, Cipher.SECRET_KEY);
-			SecretKey secondary = (SecretKey) decCipher.unwrap(keyfile.getHMacMasterKey(), HMAC_KEY_ALGORITHM, Cipher.SECRET_KEY);
-
-			// everything ok, assign decrypted keys:
-			this.primaryMasterKey = primary;
-			this.hMacMasterKey = secondary;
-		} catch (NoSuchAlgorithmException ex) {
-			throw new IllegalStateException("Algorithm should exist.", ex);
-		} catch (InvalidKeyException e) {
-			throw new WrongPasswordException();
-		}
-	}
-
-	@Override
-	public void swipeSensitiveDataInternal() {
-		destroyQuietly(primaryMasterKey);
-		destroyQuietly(hMacMasterKey);
-	}
-
-	private void destroyQuietly(Destroyable d) {
-		try {
-			d.destroy();
-		} catch (DestroyFailedException e) {
-			// ignore
-		}
-	}
-
-	private Cipher aesKeyWrapCipher(SecretKey key, int cipherMode) {
-		try {
-			final Cipher cipher = Cipher.getInstance(AES_KEYWRAP_CIPHER);
-			cipher.init(cipherMode, key);
-			return cipher;
-		} catch (InvalidKeyException ex) {
-			throw new IllegalArgumentException("Invalid key.", ex);
-		} catch (NoSuchAlgorithmException | NoSuchPaddingException ex) {
-			throw new IllegalStateException("Algorithm/Padding should exist and accept GCM specs.", ex);
-		}
-	}
-
-	private Cipher aesCtrCipher(SecretKey key, byte[] iv, int cipherMode) {
-		try {
-			final Cipher cipher = Cipher.getInstance(AES_CTR_CIPHER);
-			cipher.init(cipherMode, key, new IvParameterSpec(iv));
-			return cipher;
-		} catch (InvalidKeyException ex) {
-			throw new IllegalArgumentException("Invalid key.", ex);
-		} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException ex) {
-			throw new IllegalStateException("Algorithm/Padding should exist and accept an IV.", ex);
-		}
-	}
-
-	private Cipher aesEcbCipher(SecretKey key, int cipherMode) {
-		try {
-			final Cipher cipher = Cipher.getInstance(AES_ECB_CIPHER);
-			cipher.init(cipherMode, key);
-			return cipher;
-		} catch (InvalidKeyException ex) {
-			throw new IllegalArgumentException("Invalid key.", ex);
-		} catch (NoSuchAlgorithmException | NoSuchPaddingException ex) {
-			throw new AssertionError("Every implementation of the Java platform is required to support AES/ECB/PKCS5Padding.", ex);
-		}
-
-	}
-
-	private Mac hmacSha256(SecretKey key) {
-		try {
-			final Mac mac = Mac.getInstance(HMAC_KEY_ALGORITHM);
-			mac.init(key);
-			return mac;
-		} catch (NoSuchAlgorithmException e) {
-			throw new AssertionError("Every implementation of the Java platform is required to support HmacSHA256.", e);
-		} catch (InvalidKeyException e) {
-			throw new IllegalArgumentException("Invalid key", e);
-		}
-	}
-
-	private byte[] randomData(int length) {
-		final byte[] result = new byte[length];
-		SECURE_PRNG.setSeed(SECURE_PRNG.generateSeed(PRNG_SEED_LENGTH));
-		SECURE_PRNG.nextBytes(result);
-		return result;
-	}
-
-	private SecretKey scrypt(CharSequence password, byte[] salt, int costParam, int blockSize, int keyLengthInBits) {
-		// use sb, as password.toString's implementation is unknown
-		final StringBuilder sb = new StringBuilder(password);
-		final byte[] pw = sb.toString().getBytes();
-		try {
-			final byte[] key = SCrypt.generate(pw, salt, costParam, blockSize, 1, keyLengthInBits / Byte.SIZE);
-			return new SecretKeySpec(key, AES_KEY_ALGORITHM);
-		} finally {
-			// destroy copied bytes of the plaintext password:
-			Arrays.fill(pw, (byte) 0);
-			for (int i = 0; i < password.length(); i++) {
-				sb.setCharAt(i, (char) 0);
-			}
-		}
-	}
-
-	private long crc32Sum(byte[] source) {
-		final CRC32 crc32 = new CRC32();
-		crc32.update(source);
-		return crc32.getValue();
-	}
-
-	@Override
-	public String encryptPath(String cleartextPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
-		try {
-			final String[] cleartextPathComps = StringUtils.split(cleartextPath, cleartextPathSep);
-			final List<String> encryptedPathComps = new ArrayList<>(cleartextPathComps.length);
-			for (final String cleartext : cleartextPathComps) {
-				final String encrypted = encryptPathComponent(cleartext, primaryMasterKey, ioSupport);
-				encryptedPathComps.add(encrypted);
-			}
-			return StringUtils.join(encryptedPathComps, encryptedPathSep);
-		} catch (IllegalBlockSizeException | BadPaddingException | IOException e) {
-			throw new IllegalStateException("Unable to encrypt path: " + cleartextPath, e);
-		}
-	}
-
-	/**
-	 * Each path component, i.e. file or directory name separated by path separators, gets encrypted for its own.<br/>
-	 * Encryption will blow up the filename length due to aes block sizes and base32 encoding. The result may be too long for some old file
-	 * systems.<br/>
-	 * This means that we need a workaround for filenames longer than the limit defined in
-	 * {@link FileNamingConventions#ENCRYPTED_FILENAME_LENGTH_LIMIT}.<br/>
-	 * <br/>
-	 * In any case we will create the encrypted filename normally. For those, that are too long, we calculate a checksum. No
-	 * cryptographically secure hash is needed here. We just want an uniform distribution for better load balancing. All encrypted filenames
-	 * with the same checksum will then share a metadata file, in which a lookup map between encrypted filenames and short unique
-	 * alternative names are stored.<br/>
-	 * <br/>
-	 * These alternative names consist of the checksum, a unique id and a special file extension defined in
-	 * {@link FileNamingConventions#LONG_NAME_FILE_EXT}.
-	 */
-	private String encryptPathComponent(final String cleartext, final SecretKey key, CryptorIOSupport ioSupport) throws IllegalBlockSizeException, BadPaddingException, IOException {
-		final byte[] mac = hmacSha256(hMacMasterKey).doFinal(cleartext.getBytes());
-		final byte[] partialIv = ArrayUtils.subarray(mac, 0, 10);
-		final ByteBuffer iv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		iv.put(partialIv);
-		final Cipher cipher = this.aesCtrCipher(key, iv.array(), Cipher.ENCRYPT_MODE);
-		final byte[] cleartextBytes = cleartext.getBytes(Charsets.UTF_8);
-		final byte[] encryptedBytes = cipher.doFinal(cleartextBytes);
-		final String ivAndCiphertext = ENCRYPTED_FILENAME_CODEC.encodeAsString(partialIv) + IV_PREFIX_SEPARATOR + ENCRYPTED_FILENAME_CODEC.encodeAsString(encryptedBytes);
-
-		if (ivAndCiphertext.length() + BASIC_FILE_EXT.length() > ENCRYPTED_FILENAME_LENGTH_LIMIT) {
-			final String crc32 = Long.toHexString(crc32Sum(ivAndCiphertext.getBytes()));
-			final String metadataFilename = crc32 + METADATA_FILE_EXT;
-			final LongFilenameMetadata metadata = this.getMetadata(ioSupport, metadataFilename);
-			final String alternativeFileName = crc32 + LONG_NAME_PREFIX_SEPARATOR + metadata.getOrCreateUuidForEncryptedFilename(ivAndCiphertext).toString() + LONG_NAME_FILE_EXT;
-			this.storeMetadata(ioSupport, metadataFilename, metadata);
-			return alternativeFileName;
-		} else {
-			return ivAndCiphertext + BASIC_FILE_EXT;
-		}
-	}
-
-	@Override
-	public String decryptPath(String encryptedPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
-		try {
-			final String[] encryptedPathComps = StringUtils.split(encryptedPath, encryptedPathSep);
-			final List<String> cleartextPathComps = new ArrayList<>(encryptedPathComps.length);
-			for (final String encrypted : encryptedPathComps) {
-				final String cleartext = decryptPathComponent(encrypted, primaryMasterKey, ioSupport);
-				cleartextPathComps.add(new String(cleartext));
-			}
-			return StringUtils.join(cleartextPathComps, cleartextPathSep);
-		} catch (IllegalBlockSizeException | BadPaddingException | IOException e) {
-			throw new IllegalStateException("Unable to decrypt path: " + encryptedPath, e);
-		}
-	}
-
-	/**
-	 * @see #encryptPathComponent(String, SecretKey, CryptorIOSupport)
-	 */
-	private String decryptPathComponent(final String encrypted, final SecretKey key, CryptorIOSupport ioSupport) throws IllegalBlockSizeException, BadPaddingException, IOException {
-		final String ivAndCiphertext;
-		if (encrypted.endsWith(LONG_NAME_FILE_EXT)) {
-			final String basename = StringUtils.removeEnd(encrypted, LONG_NAME_FILE_EXT);
-			final String crc32 = StringUtils.substringBefore(basename, LONG_NAME_PREFIX_SEPARATOR);
-			final String uuid = StringUtils.substringAfter(basename, LONG_NAME_PREFIX_SEPARATOR);
-			final String metadataFilename = crc32 + METADATA_FILE_EXT;
-			final LongFilenameMetadata metadata = this.getMetadata(ioSupport, metadataFilename);
-			ivAndCiphertext = metadata.getEncryptedFilenameForUUID(UUID.fromString(uuid));
-		} else if (encrypted.endsWith(BASIC_FILE_EXT)) {
-			ivAndCiphertext = StringUtils.removeEndIgnoreCase(encrypted, BASIC_FILE_EXT);
-		} else {
-			throw new IllegalArgumentException("Unsupported path component: " + encrypted);
-		}
-
-		final String partialIvStr = StringUtils.substringBefore(ivAndCiphertext, IV_PREFIX_SEPARATOR);
-		final String ciphertext = StringUtils.substringAfter(ivAndCiphertext, IV_PREFIX_SEPARATOR);
-		final ByteBuffer iv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		iv.put(ENCRYPTED_FILENAME_CODEC.decode(partialIvStr));
-
-		final Cipher cipher = this.aesCtrCipher(key, iv.array(), Cipher.DECRYPT_MODE);
-		final byte[] encryptedBytes = ENCRYPTED_FILENAME_CODEC.decode(ciphertext);
-		final byte[] cleartextBytes = cipher.doFinal(encryptedBytes);
-		return new String(cleartextBytes, Charsets.UTF_8);
-	}
-
-	private LongFilenameMetadata getMetadata(CryptorIOSupport ioSupport, String metadataFile) throws IOException {
-		final byte[] fileContent = ioSupport.readPathSpecificMetadata(metadataFile);
-		if (fileContent == null) {
-			return new LongFilenameMetadata();
-		} else {
-			return objectMapper.readValue(fileContent, LongFilenameMetadata.class);
-		}
-	}
-
-	private void storeMetadata(CryptorIOSupport ioSupport, String metadataFile, LongFilenameMetadata metadata) throws JsonProcessingException, IOException {
-		ioSupport.writePathSpecificMetadata(metadataFile, objectMapper.writeValueAsBytes(metadata));
-	}
-
-	@Override
-	public boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException {
-		// read file size:
-		final Long fileSize = decryptedContentLength(encryptedFile);
-
-		// init mac:
-		final Mac mac = this.hmacSha256(hMacMasterKey);
-
-		// read stored mac:
-		encryptedFile.position(16);
-		final ByteBuffer macBuffer = ByteBuffer.allocate(mac.getMacLength());
-		final int numMacBytesRead = encryptedFile.read(macBuffer);
-
-		// check validity of header:
-		if (numMacBytesRead != mac.getMacLength() || fileSize == null) {
-			throw new IOException("Failed to read file header.");
-		}
-
-		// read all encrypted data and calculate mac:
-		encryptedFile.position(64);
-		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
-		final InputStream macIn = new MacInputStream(in, mac);
-		IOUtils.copyLarge(macIn, new NullOutputStream(), 0, fileSize);
-
-		// compare:
-		return Arrays.equals(macBuffer.array(), mac.doFinal());
-	}
-
-	@Override
-	public Long decryptedContentLength(SeekableByteChannel encryptedFile) throws IOException {
-		// skip 128bit IV + 256 bit MAC:
-		encryptedFile.position(48);
-
-		// read encrypted value:
-		final ByteBuffer encryptedFileSizeBuffer = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		final int numFileSizeBytesRead = encryptedFile.read(encryptedFileSizeBuffer);
-
-		// return "unknown" value, if EOF
-		if (numFileSizeBytesRead != encryptedFileSizeBuffer.capacity()) {
-			return null;
-		}
-
-		// decrypt size:
-		try {
-			final Cipher sizeCipher = aesEcbCipher(primaryMasterKey, Cipher.DECRYPT_MODE);
-			final byte[] decryptedFileSize = sizeCipher.doFinal(encryptedFileSizeBuffer.array());
-			final ByteBuffer fileSizeBuffer = ByteBuffer.wrap(decryptedFileSize);
-			return fileSizeBuffer.getLong();
-		} catch (IllegalBlockSizeException | BadPaddingException e) {
-			throw new IllegalStateException(e);
-		}
-	}
-
-	@Override
-	public Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException {
-		// read iv:
-		encryptedFile.position(0);
-		final ByteBuffer countingIv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		final int numIvBytesRead = encryptedFile.read(countingIv);
-
-		// read file size:
-		final Long fileSize = decryptedContentLength(encryptedFile);
-
-		// check validity of header:
-		if (numIvBytesRead != AES_BLOCK_LENGTH || fileSize == null) {
-			throw new IOException("Failed to read file header.");
-		}
-
-		// go to begin of content:
-		encryptedFile.position(64);
-
-		// generate cipher:
-		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.DECRYPT_MODE);
-
-		// read content
-		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
-		final InputStream cipheredIn = new CipherInputStream(in, cipher);
-		return IOUtils.copyLarge(cipheredIn, plaintextFile, 0, fileSize);
-	}
-
-	@Override
-	public Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException {
-		// read iv:
-		encryptedFile.position(0);
-		final ByteBuffer countingIv = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		final int numIvBytesRead = encryptedFile.read(countingIv);
-
-		// check validity of header:
-		if (numIvBytesRead != AES_BLOCK_LENGTH) {
-			throw new IOException("Failed to read file header.");
-		}
-
-		// seek relevant position and update iv:
-		long firstRelevantBlock = pos / AES_BLOCK_LENGTH; // cut of fraction!
-		long beginOfFirstRelevantBlock = firstRelevantBlock * AES_BLOCK_LENGTH;
-		long offsetInsideFirstRelevantBlock = pos - beginOfFirstRelevantBlock;
-		countingIv.putLong(AES_BLOCK_LENGTH - Long.BYTES, firstRelevantBlock);
-
-		// fast forward stream:
-		encryptedFile.position(64 + beginOfFirstRelevantBlock);
-
-		// generate cipher:
-		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.DECRYPT_MODE);
-
-		// read content
-		final InputStream in = new SeekableByteChannelInputStream(encryptedFile);
-		final InputStream cipheredIn = new CipherInputStream(in, cipher);
-		return IOUtils.copyLarge(cipheredIn, plaintextFile, offsetInsideFirstRelevantBlock, length);
-	}
-
-	@Override
-	public Long encryptFile(InputStream plaintextFile, SeekableByteChannel encryptedFile) throws IOException {
-		// truncate file
-		encryptedFile.truncate(0);
-
-		// use an IV, whose last 8 bytes store a long used in counter mode and write initial value to file.
-		final ByteBuffer countingIv = ByteBuffer.wrap(randomData(AES_BLOCK_LENGTH));
-		countingIv.putLong(AES_BLOCK_LENGTH - Long.BYTES, 0l);
-		countingIv.position(0);
-		encryptedFile.write(countingIv);
-
-		// init crypto stuff:
-		final Mac mac = this.hmacSha256(hMacMasterKey);
-		final Cipher cipher = this.aesCtrCipher(primaryMasterKey, countingIv.array(), Cipher.ENCRYPT_MODE);
-
-		// init mac buffer and skip 32 bytes
-		final ByteBuffer macBuffer = ByteBuffer.allocate(mac.getMacLength());
-		encryptedFile.write(macBuffer);
-
-		// init filesize buffer and skip 16 bytes
-		final ByteBuffer encryptedFileSizeBuffer = ByteBuffer.allocate(AES_BLOCK_LENGTH);
-		encryptedFile.write(encryptedFileSizeBuffer);
-
-		// write content:
-		final OutputStream out = new SeekableByteChannelOutputStream(encryptedFile);
-		final OutputStream macOut = new MacOutputStream(out, mac);
-		final OutputStream cipheredOut = new CipherOutputStream(macOut, cipher);
-		final Long actualSize = IOUtils.copyLarge(plaintextFile, cipheredOut);
-
-		// copy MAC:
-		macBuffer.position(0);
-		macBuffer.put(mac.doFinal());
-
-		// append fake content:
-		final int randomContentLength = (int) Math.ceil((Math.random() + 1.0) * actualSize / 20.0);
-		final byte[] emptyBytes = new byte[AES_BLOCK_LENGTH];
-		for (int i = 0; i < randomContentLength; i += AES_BLOCK_LENGTH) {
-			cipheredOut.write(emptyBytes);
-		}
-		cipheredOut.flush();
-
-		// encrypt actualSize
-		try {
-			final ByteBuffer fileSizeBuffer = ByteBuffer.allocate(Long.BYTES);
-			fileSizeBuffer.putLong(actualSize);
-			final Cipher sizeCipher = aesEcbCipher(primaryMasterKey, Cipher.ENCRYPT_MODE);
-			final byte[] encryptedFileSize = sizeCipher.doFinal(fileSizeBuffer.array());
-			encryptedFileSizeBuffer.position(0);
-			encryptedFileSizeBuffer.put(encryptedFileSize);
-		} catch (IllegalBlockSizeException | BadPaddingException e) {
-			throw new IllegalStateException(e);
-		}
-
-		// write file header
-		encryptedFile.position(16); // skip already written 128 bit IV
-		macBuffer.position(0);
-		encryptedFile.write(macBuffer); // 256 bit MAC
-		encryptedFileSizeBuffer.position(0);
-		encryptedFile.write(encryptedFileSizeBuffer); // 128 bit encrypted file size
-
-		return actualSize;
-	}
-
-	@Override
-	public Filter<Path> getPayloadFilesFilter() {
-		return new Filter<Path>() {
-			@Override
-			public boolean accept(Path entry) throws IOException {
-				return ENCRYPTED_FILE_GLOB_MATCHER.matches(entry);
-			}
-		};
-	}
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java

@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.aes256;
-
-interface AesCryptographicConfiguration {
-
-	/**
-	 * Number of bytes used as salt, where needed.
-	 */
-	int SCRYPT_SALT_LENGTH = 8;
-
-	/**
-	 * Scrypt CPU/Memory cost parameter.
-	 */
-	int SCRYPT_COST_PARAM = 1 << 14;
-
-	/**
-	 * Scrypt block size (affects memory consumption)
-	 */
-	int SCRYPT_BLOCK_SIZE = 8;
-
-	/**
-	 * Number of bytes of the master key. Should be the maximum possible AES key length to provide best security.
-	 */
-	int PREF_MASTER_KEY_LENGTH_IN_BITS = 256;
-
-	/**
-	 * Number of bytes used as seed for the PRNG.
-	 */
-	int PRNG_SEED_LENGTH = 16;
-
-	/**
-	 * Algorithm used for random number generation.
-	 */
-	String PRNG_ALGORITHM = "SHA1PRNG";
-
-	/**
-	 * Algorithm used for en/decryption.
-	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#AlgorithmParameters
-	 */
-	String AES_KEY_ALGORITHM = "AES";
-
-	/**
-	 * Key algorithm for keyed MAC.
-	 */
-	String HMAC_KEY_ALGORITHM = "HmacSHA256";
-
-	/**
-	 * Cipher specs for RFC 3394 masterkey encryption.
-	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher
-	 */
-	String AES_KEYWRAP_CIPHER = "AESWrap";
-
-	/**
-	 * Cipher specs for file name and file content encryption. Using CTR-mode for random access.
-	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher
-	 */
-	String AES_CTR_CIPHER = "AES/CTR/NoPadding";
-
-	/**
-	 * Cipher specs for single block encryption (like file size).
-	 * 
-	 * @see http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
-	 */
-	String AES_ECB_CIPHER = "AES/ECB/PKCS5Padding";
-
-	/**
-	 * AES block size is 128 bit or 16 bytes.
-	 */
-	int AES_BLOCK_LENGTH = 16;
-
-	/**
-	 * Number of non-zero bytes in the IV used for file name encryption. Less means shorter encrypted filenames, more means higher entropy.
-	 * Maximum length is {@value #AES_BLOCK_LENGTH}. Even the shortest base32 (see {@link FileNamingConventions#ENCRYPTED_FILENAME_CODEC})
-	 * encoded byte array will need 8 chars. The maximum number of bytes that fit in 8 base32 chars is 5. Thus 5 is the ideal length.
-	 */
-	int FILE_NAME_IV_LENGTH = 5;
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java

@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.aes256;
-
-import java.nio.file.FileSystems;
-import java.nio.file.PathMatcher;
-
-import org.apache.commons.codec.binary.Base32;
-import org.apache.commons.codec.binary.BaseNCodec;
-
-interface FileNamingConventions {
-
-	/**
-	 * Extension of masterkey files inside the root directory of the encrypted storage.
-	 */
-	String MASTERKEY_FILE_EXT = ".masterkey.json";
-
-	/**
-	 * How to encode the encrypted file names safely. Base32 uses only alphanumeric characters and is case-insensitive.
-	 */
-	BaseNCodec ENCRYPTED_FILENAME_CODEC = new Base32();
-
-	/**
-	 * Maximum length possible on file systems with a filename limit of 255 chars.<br/>
-	 * Also we would need a few chars for our file extension, so lets use {@value #ENCRYPTED_FILENAME_LENGTH_LIMIT}.
-	 */
-	int ENCRYPTED_FILENAME_LENGTH_LIMIT = 250;
-
-	/**
-	 * For plaintext file names <= {@value #ENCRYPTED_FILENAME_LENGTH_LIMIT} chars.
-	 */
-	String BASIC_FILE_EXT = ".aes";
-
-	/**
-	 * Prefix in front of the actual encrypted file name used as IV.
-	 */
-	String IV_PREFIX_SEPARATOR = "_";
-
-	/**
-	 * For plaintext file names > {@value #ENCRYPTED_FILENAME_LENGTH_LIMIT} chars.
-	 */
-	String LONG_NAME_FILE_EXT = ".lng.aes";
-
-	/**
-	 * Prefix in file names > {@value #ENCRYPTED_FILENAME_LENGTH_LIMIT} chars used to determine the corresponding metadata file.
-	 */
-	String LONG_NAME_PREFIX_SEPARATOR = "_";
-
-	/**
-	 * For metadata files for a certain group of files. The cryptor may decide what files to assign to the same group; hopefully using some
-	 * kind of uniform distribution for better load balancing.
-	 */
-	String METADATA_FILE_EXT = ".meta";
-
-	/**
-	 * Matches both, {@value #BASIC_FILE_EXT} and {@value #LONG_NAME_FILE_EXT} files.
-	 */
-	PathMatcher ENCRYPTED_FILE_GLOB_MATCHER = FileSystems.getDefault().getPathMatcher("glob:**/*{" + BASIC_FILE_EXT + "," + LONG_NAME_FILE_EXT + "}");
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/KeyFile.java

@@ -1,66 +0,0 @@
-package org.cryptomator.crypto.aes256;
-
-import java.io.Serializable;
-
-import com.fasterxml.jackson.annotation.JsonPropertyOrder;
-
-@JsonPropertyOrder(value = {"scryptSalt", "scryptCostParam", "scryptBlockSize", "keyLength", "primaryMasterKey", "hMacMasterKey"})
-public class KeyFile implements Serializable {
-
-	private static final long serialVersionUID = 8578363158959619885L;
-	private byte[] scryptSalt;
-	private int scryptCostParam;
-	private int scryptBlockSize;
-	private int keyLength;
-	private byte[] primaryMasterKey;
-	private byte[] hMacMasterKey;
-
-	public byte[] getScryptSalt() {
-		return scryptSalt;
-	}
-
-	public void setScryptSalt(byte[] scryptSalt) {
-		this.scryptSalt = scryptSalt;
-	}
-
-	public int getScryptCostParam() {
-		return scryptCostParam;
-	}
-
-	public void setScryptCostParam(int scryptCostParam) {
-		this.scryptCostParam = scryptCostParam;
-	}
-
-	public int getScryptBlockSize() {
-		return scryptBlockSize;
-	}
-
-	public void setScryptBlockSize(int scryptBlockSize) {
-		this.scryptBlockSize = scryptBlockSize;
-	}
-
-	public int getKeyLength() {
-		return keyLength;
-	}
-
-	public void setKeyLength(int keyLength) {
-		this.keyLength = keyLength;
-	}
-
-	public byte[] getPrimaryMasterKey() {
-		return primaryMasterKey;
-	}
-
-	public void setPrimaryMasterKey(byte[] primaryMasterKey) {
-		this.primaryMasterKey = primaryMasterKey;
-	}
-
-	public byte[] getHMacMasterKey() {
-		return hMacMasterKey;
-	}
-
-	public void setHMacMasterKey(byte[] hMacMasterKey) {
-		this.hMacMasterKey = hMacMasterKey;
-	}
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/LongFilenameMetadata.java

@@ -1,49 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.aes256;
-
-import java.io.Serializable;
-import java.util.UUID;
-
-import org.apache.commons.collections4.BidiMap;
-import org.apache.commons.collections4.bidimap.DualHashBidiMap;
-
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-
-class LongFilenameMetadata implements Serializable {
-
-	private static final long serialVersionUID = 6214509403824421320L;
-
-	@JsonDeserialize(as = DualHashBidiMap.class)
-	private BidiMap<UUID, String> encryptedFilenames = new DualHashBidiMap<>();
-
-	/* Getter/Setter */
-
-	public synchronized String getEncryptedFilenameForUUID(final UUID uuid) {
-		return encryptedFilenames.get(uuid);
-	}
-
-	public synchronized UUID getOrCreateUuidForEncryptedFilename(String encryptedFilename) {
-		UUID uuid = encryptedFilenames.getKey(encryptedFilename);
-		if (uuid == null) {
-			uuid = UUID.randomUUID();
-			encryptedFilenames.put(uuid, encryptedFilename);
-		}
-		return uuid;
-	}
-
-	public BidiMap<UUID, String> getEncryptedFilenames() {
-		return encryptedFilenames;
-	}
-
-	public void setEncryptedFilenames(BidiMap<UUID, String> encryptedFilenames) {
-		this.encryptedFilenames = encryptedFilenames;
-	}
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/MacInputStream.java

@@ -1,39 +0,0 @@
-package org.cryptomator.crypto.aes256;
-
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.crypto.Mac;
-
-/**
- * Updates a {@link Mac} with the bytes read from this stream.
- */
-class MacInputStream extends FilterInputStream {
-
-	private final Mac mac;
-
-	/**
-	 * @param in Stream from which to read contents, which will update the Mac.
-	 * @param mac Mac to be updated during writes.
-	 */
-	public MacInputStream(InputStream in, Mac mac) {
-		super(in);
-		this.mac = mac;
-	}
-
-	@Override
-	public int read() throws IOException {
-		int b = in.read();
-		mac.update((byte) b);
-		return b;
-	}
-
-	@Override
-	public int read(byte[] b, int off, int len) throws IOException {
-		int read = in.read(b, off, len);
-		mac.update(b, off, len);
-		return read;
-	}
-
-}

main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/MacOutputStream.java

@@ -1,37 +0,0 @@
-package org.cryptomator.crypto.aes256;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.crypto.Mac;
-
-/**
- * Updates a {@link Mac} with the bytes written to this stream.
- */
-class MacOutputStream extends FilterOutputStream {
-
-	private final Mac mac;
-
-	/**
-	 * @param out Stream to redirect contents to after updating the mac.
-	 * @param mac Mac to be updated during writes.
-	 */
-	public MacOutputStream(OutputStream out, Mac mac) {
-		super(out);
-		this.mac = mac;
-	}
-
-	@Override
-	public void write(int b) throws IOException {
-		mac.update((byte) b);
-		out.write(b);
-	}
-
-	@Override
-	public void write(byte[] b, int off, int len) throws IOException {
-		mac.update(b, off, len);
-		out.write(b, off, len);
-	}
-
-}

main/crypto-aes/src/test/java/org/cryptomator/crypto/aes256/Aes256CryptorTest.java

@@ -1,222 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.aes256;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.ByteBuffer;
-import java.nio.channels.SeekableByteChannel;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Random;
-
-import org.apache.commons.io.IOUtils;
-import org.cryptomator.crypto.CryptorIOSupport;
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.cryptomator.crypto.exceptions.UnsupportedKeyLengthException;
-import org.cryptomator.crypto.exceptions.WrongPasswordException;
-import org.junit.Assert;
-import org.junit.Test;
-
-public class Aes256CryptorTest {
-
-	private static final Random TEST_PRNG = new Random();
-
-	@Test
-	public void testCorrectPassword() throws IOException, WrongPasswordException, DecryptFailedException, UnsupportedKeyLengthException {
-		final String pw = "asd";
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-		final ByteArrayOutputStream out = new ByteArrayOutputStream();
-		cryptor.encryptMasterKey(out, pw);
-		cryptor.swipeSensitiveData();
-
-		final Aes256Cryptor decryptor = new Aes256Cryptor(TEST_PRNG);
-		final InputStream in = new ByteArrayInputStream(out.toByteArray());
-		decryptor.decryptMasterKey(in, pw);
-
-		IOUtils.closeQuietly(out);
-		IOUtils.closeQuietly(in);
-	}
-
-	@Test
-	public void testWrongPassword() throws IOException, DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException {
-		final String pw = "asd";
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-		final ByteArrayOutputStream out = new ByteArrayOutputStream();
-		cryptor.encryptMasterKey(out, pw);
-		cryptor.swipeSensitiveData();
-		IOUtils.closeQuietly(out);
-
-		// all these passwords are expected to fail.
-		final String[] wrongPws = {"a", "as", "asdf", "sdf", "das", "dsa", "foo", "bar", "baz"};
-		final Aes256Cryptor decryptor = new Aes256Cryptor(TEST_PRNG);
-		for (final String wrongPw : wrongPws) {
-			final InputStream in = new ByteArrayInputStream(out.toByteArray());
-			try {
-				decryptor.decryptMasterKey(in, wrongPw);
-				Assert.fail("should not succeed.");
-			} catch (WrongPasswordException e) {
-				continue;
-			} finally {
-				IOUtils.closeQuietly(in);
-			}
-		}
-	}
-
-	@Test
-	public void testIntegrityAuthentication() throws IOException {
-		// our test plaintext data:
-		final byte[] plaintextData = "Hello World".getBytes();
-		final InputStream plaintextIn = new ByteArrayInputStream(plaintextData);
-
-		// init cryptor:
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-
-		// encrypt:
-		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
-		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
-		cryptor.encryptFile(plaintextIn, encryptedOut);
-		IOUtils.closeQuietly(plaintextIn);
-		IOUtils.closeQuietly(encryptedOut);
-
-		encryptedData.position(0);
-
-		// authenticate unmodified content:
-		final SeekableByteChannel encryptedIn1 = new ByteBufferBackedSeekableChannel(encryptedData);
-		final boolean isContentUnmodified1 = cryptor.authenticateContent(encryptedIn1);
-		Assert.assertTrue(isContentUnmodified1);
-
-		// toggle one bit inf first content byte:
-		encryptedData.position(64);
-		final byte fifthByte = encryptedData.get();
-		encryptedData.position(64);
-		encryptedData.put((byte) (fifthByte ^ 0x01));
-
-		encryptedData.position(0);
-
-		// authenticate modified content:
-		final SeekableByteChannel encryptedIn2 = new ByteBufferBackedSeekableChannel(encryptedData);
-		final boolean isContentUnmodified2 = cryptor.authenticateContent(encryptedIn2);
-		Assert.assertFalse(isContentUnmodified2);
-	}
-
-	@Test
-	public void testEncryptionAndDecryption() throws IOException, DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException {
-		// our test plaintext data:
-		final byte[] plaintextData = "Hello World".getBytes();
-		final InputStream plaintextIn = new ByteArrayInputStream(plaintextData);
-
-		// init cryptor:
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-
-		// encrypt:
-		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
-		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
-		cryptor.encryptFile(plaintextIn, encryptedOut);
-		IOUtils.closeQuietly(plaintextIn);
-		IOUtils.closeQuietly(encryptedOut);
-
-		encryptedData.position(0);
-
-		// decrypt file size:
-		final SeekableByteChannel encryptedIn = new ByteBufferBackedSeekableChannel(encryptedData);
-		final Long filesize = cryptor.decryptedContentLength(encryptedIn);
-		Assert.assertEquals(plaintextData.length, filesize.longValue());
-
-		// decrypt:
-		final ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
-		final Long numDecryptedBytes = cryptor.decryptedFile(encryptedIn, plaintextOut);
-		IOUtils.closeQuietly(encryptedIn);
-		IOUtils.closeQuietly(plaintextOut);
-		Assert.assertEquals(filesize.longValue(), numDecryptedBytes.longValue());
-
-		// check decrypted data:
-		final byte[] result = plaintextOut.toByteArray();
-		Assert.assertArrayEquals(plaintextData, result);
-	}
-
-	@Test
-	public void testPartialDecryption() throws IOException, DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException {
-		// our test plaintext data:
-		final byte[] plaintextData = new byte[65536 * Integer.BYTES];
-		final ByteBuffer bbIn = ByteBuffer.wrap(plaintextData);
-		for (int i = 0; i < 65536; i++) {
-			bbIn.putInt(i);
-		}
-		final InputStream plaintextIn = new ByteArrayInputStream(plaintextData);
-
-		// init cryptor:
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-
-		// encrypt:
-		final ByteBuffer encryptedData = ByteBuffer.allocate(64 + plaintextData.length * 4);
-		final SeekableByteChannel encryptedOut = new ByteBufferBackedSeekableChannel(encryptedData);
-		cryptor.encryptFile(plaintextIn, encryptedOut);
-		IOUtils.closeQuietly(plaintextIn);
-		IOUtils.closeQuietly(encryptedOut);
-
-		encryptedData.position(0);
-
-		// decrypt:
-		final SeekableByteChannel encryptedIn = new ByteBufferBackedSeekableChannel(encryptedData);
-		final ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream();
-		final Long numDecryptedBytes = cryptor.decryptRange(encryptedIn, plaintextOut, 25000 * Integer.BYTES, 30000 * Integer.BYTES);
-		IOUtils.closeQuietly(encryptedIn);
-		IOUtils.closeQuietly(plaintextOut);
-		Assert.assertTrue(numDecryptedBytes > 0);
-
-		// check decrypted data:
-		final byte[] result = plaintextOut.toByteArray();
-		final byte[] expected = Arrays.copyOfRange(plaintextData, 25000 * Integer.BYTES, 55000 * Integer.BYTES);
-		Assert.assertArrayEquals(expected, result);
-	}
-
-	@Test
-	public void testEncryptionOfFilenames() throws IOException {
-		final CryptorIOSupport ioSupportMock = new CryptoIOSupportMock();
-		final Aes256Cryptor cryptor = new Aes256Cryptor(TEST_PRNG);
-
-		// short path components
-		final String originalPath1 = "foo/bar/baz";
-		final String encryptedPath1a = cryptor.encryptPath(originalPath1, '/', '/', ioSupportMock);
-		final String encryptedPath1b = cryptor.encryptPath(originalPath1, '/', '/', ioSupportMock);
-		Assert.assertEquals(encryptedPath1a, encryptedPath1b);
-		final String decryptedPath1 = cryptor.decryptPath(encryptedPath1a, '/', '/', ioSupportMock);
-		Assert.assertEquals(originalPath1, decryptedPath1);
-
-		// long path components
-		final String str50chars = "aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee";
-		final String originalPath2 = "foo/" + str50chars + str50chars + str50chars + str50chars + str50chars + "/baz";
-		final String encryptedPath2a = cryptor.encryptPath(originalPath2, '/', '/', ioSupportMock);
-		final String encryptedPath2b = cryptor.encryptPath(originalPath2, '/', '/', ioSupportMock);
-		Assert.assertEquals(encryptedPath2a, encryptedPath2b);
-		final String decryptedPath2 = cryptor.decryptPath(encryptedPath2a, '/', '/', ioSupportMock);
-		Assert.assertEquals(originalPath2, decryptedPath2);
-	}
-
-	private static class CryptoIOSupportMock implements CryptorIOSupport {
-
-		private final Map<String, byte[]> map = new HashMap<>();
-
-		@Override
-		public void writePathSpecificMetadata(String encryptedPath, byte[] encryptedMetadata) {
-			map.put(encryptedPath, encryptedMetadata);
-		}
-
-		@Override
-		public byte[] readPathSpecificMetadata(String encryptedPath) {
-			return map.get(encryptedPath);
-		}
-
-	}
-
-}

main/crypto-aes/src/test/java/org/cryptomator/crypto/aes256/ByteBufferBackedSeekableChannel.java

@@ -1,79 +0,0 @@
-package org.cryptomator.crypto.aes256;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.channels.SeekableByteChannel;
-
-class ByteBufferBackedSeekableChannel implements SeekableByteChannel {
-
-	private final ByteBuffer buffer;
-	private boolean open = true;
-
-	ByteBufferBackedSeekableChannel(ByteBuffer buffer) {
-		this.buffer = buffer;
-	}
-
-	@Override
-	public boolean isOpen() {
-		return open;
-	}
-
-	@Override
-	public void close() throws IOException {
-		open = false;
-	}
-
-	@Override
-	public int read(ByteBuffer dst) throws IOException {
-		if (buffer.remaining() == 0) {
-			return -1;
-		}
-		int num = Math.min(dst.remaining(), buffer.remaining());
-		byte[] bytes = new byte[num];
-		buffer.get(bytes);
-		dst.put(bytes);
-		return num;
-	}
-
-	@Override
-	public int write(ByteBuffer src) throws IOException {
-		int num = src.remaining();
-		if (buffer.remaining() < src.remaining()) {
-			buffer.limit(buffer.limit() + src.remaining());
-		}
-		buffer.put(src);
-		return num;
-	}
-
-	@Override
-	public long position() throws IOException {
-		return buffer.position();
-	}
-
-	@Override
-	public SeekableByteChannel position(long newPosition) throws IOException {
-		if (newPosition > Integer.MAX_VALUE) {
-			throw new UnsupportedOperationException();
-		}
-		if (newPosition > buffer.limit()) {
-			buffer.limit((int) newPosition);
-		}
-		buffer.position((int) newPosition);
-		return this;
-	}
-
-	@Override
-	public long size() throws IOException {
-		return buffer.limit();
-	}
-
-	@Override
-	public SeekableByteChannel truncate(long size) throws IOException {
-		if (size > Integer.MAX_VALUE) {
-			throw new UnsupportedOperationException();
-		}
-		buffer.limit((int) size);
-		return this;
-	}
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/AbstractCryptor.java

@@ -1,38 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto;
-
-import java.util.HashSet;
-import java.util.Set;
-
-public abstract class AbstractCryptor implements Cryptor {
-
-	private final Set<SensitiveDataSwipeListener> swipeListeners = new HashSet<>();
-
-	@Override
-	public final void swipeSensitiveData() {
-		this.swipeSensitiveDataInternal();
-		for (final SensitiveDataSwipeListener sensitiveDataSwipeListener : swipeListeners) {
-			sensitiveDataSwipeListener.swipeSensitiveData();
-		}
-	}
-
-	protected abstract void swipeSensitiveDataInternal();
-
-	@Override
-	public final void addSensitiveDataSwipeListener(SensitiveDataSwipeListener listener) {
-		this.swipeListeners.add(listener);
-	}
-
-	@Override
-	public final void removeSensitiveDataSwipeListener(SensitiveDataSwipeListener listener) {
-		this.swipeListeners.remove(listener);
-	}
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/Cryptor.java

@@ -1,111 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.DirectoryStream.Filter;
-import java.nio.file.Path;
-
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.cryptomator.crypto.exceptions.UnsupportedKeyLengthException;
-import org.cryptomator.crypto.exceptions.WrongPasswordException;
-
-/**
- * Provides access to cryptographic functions. All methods are threadsafe.
- */
-public interface Cryptor extends SensitiveDataSwipeListener {
-
-	/**
-	 * Encrypts the current masterKey with the given password and writes the result to the given output stream.
-	 */
-	void encryptMasterKey(OutputStream out, CharSequence password) throws IOException;
-
-	/**
-	 * Reads the encrypted masterkey from the given input stream and decrypts it with the given password.
-	 * 
-	 * @throws DecryptFailedException If the decryption failed for various reasons (including wrong password).
-	 * @throws WrongPasswordException If the provided password was wrong. Note: Sometimes the algorithm itself fails due to a wrong
-	 *             password. In this case a DecryptFailedException will be thrown.
-	 * @throws UnsupportedKeyLengthException If the masterkey has been encrypted with a higher key length than supported by the system. In
-	 *             this case Java JCE needs to be installed.
-	 */
-	void decryptMasterKey(InputStream in, CharSequence password) throws DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException, IOException;
-
-	/**
-	 * Encrypts each plaintext path component for its own.
-	 * 
-	 * @param cleartextPath A relative path (UTF-8 encoded)
-	 * @param encryptedPathSep Path separator char like '/' used on local file system. Must not be null, even if cleartextPath is a sole
-	 *            file name without any path separators.
-	 * @param cleartextPathSep Path separator char like '/' used in webdav URIs. Must not be null, even if cleartextPath is a sole file name
-	 *            without any path separators.
-	 * @param metadataSupport Support object allowing the Cryptor to read and write its own metadata to the location of the encrypted file.
-	 * @return Encrypted path components concatenated by the given encryptedPathSep. Must not start with encryptedPathSep, unless the
-	 *         encrypted path is explicitly absolute.
-	 */
-	String encryptPath(String cleartextPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport);
-
-	/**
-	 * Decrypts each encrypted path component for its own.
-	 * 
-	 * @param encryptedPath A relative path (UTF-8 encoded)
-	 * @param encryptedPathSep Path separator char like '/' used on local file system. Must not be null, even if encryptedPath is a sole
-	 *            file name without any path separators.
-	 * @param cleartextPathSep Path separator char like '/' used in webdav URIs. Must not be null, even if encryptedPath is a sole file name
-	 *            without any path separators.
-	 * @param metadataSupport Support object allowing the Cryptor to read and write its own metadata to the location of the encrypted file.
-	 * @return Decrypted path components concatenated by the given cleartextPathSep. Must not start with cleartextPathSep, unless the
-	 *         cleartext path is explicitly absolute.
-	 */
-	String decryptPath(String encryptedPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport);
-
-	/**
-	 * @return <code>true</code> If the integrity of the file can be assured.
-	 */
-	boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException;
-
-	/**
-	 * @param metadataSupport Support object allowing the Cryptor to read and write its own metadata to the location of the encrypted file.
-	 * @return Content length of the decrypted file or <code>null</code> if unknown.
-	 */
-	Long decryptedContentLength(SeekableByteChannel encryptedFile) throws IOException;
-
-	/**
-	 * @return Number of decrypted bytes. This might not be equal to the encrypted file size due to optional metadata written to it.
-	 * @throws DecryptFailedException If decryption failed
-	 */
-	Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException, DecryptFailedException;
-
-	/**
-	 * @param pos First byte (inclusive)
-	 * @param length Number of requested bytes beginning at pos.
-	 * @return Number of decrypted bytes. This might not be equal to the number of bytes requested due to potential overheads.
-	 * @throws DecryptFailedException If decryption failed
-	 */
-	Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException, DecryptFailedException;
-
-	/**
-	 * @return Number of encrypted bytes. This might not be equal to the encrypted file size due to optional metadata written to it.
-	 */
-	Long encryptFile(InputStream plaintextFile, SeekableByteChannel encryptedFile) throws IOException;
-
-	/**
-	 * @return A filter, that returns <code>true</code> for encrypted files, i.e. if the file is an actual user payload and not a supporting
-	 *         metadata file of the {@link Cryptor}.
-	 */
-	Filter<Path> getPayloadFilesFilter();
-
-	void addSensitiveDataSwipeListener(SensitiveDataSwipeListener listener);
-
-	void removeSensitiveDataSwipeListener(SensitiveDataSwipeListener listener);
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/CryptorIOSampling.java

@@ -1,26 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto;
-
-/**
- * Optional monitoring interface. If a cryptor implements this interface, it counts bytes de- and encrypted in a thread-safe manner.
- */
-public interface CryptorIOSampling {
-
-	/**
-	 * @return Number of encrypted bytes since the last reset.
-	 */
-	Long pollEncryptedBytes(boolean resetCounter);
-
-	/**
-	 * @return Number of decrypted bytes since the last reset.
-	 */
-	Long pollDecryptedBytes(boolean resetCounter);
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/CryptorIOSupport.java

@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto;
-
-import java.io.IOException;
-
-/**
- * Methods that may be called by the Cryptor when accessing a path.
- */
-public interface CryptorIOSupport {
-
-	/**
-	 * Persists encryptedMetadata to the given encryptedPath.
-	 * 
-	 * @param encryptedPath A relative path
-	 * @throws IOException
-	 */
-	void writePathSpecificMetadata(String encryptedPath, byte[] encryptedMetadata) throws IOException;
-
-	/**
-	 * @return Previously written encryptedMetadata stored at the given encryptedPath or <code>null</code> if no such file exists.
-	 */
-	byte[] readPathSpecificMetadata(String encryptedPath) throws IOException;
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/SamplingDecorator.java

@@ -1,172 +0,0 @@
-package org.cryptomator.crypto;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.channels.SeekableByteChannel;
-import java.nio.file.DirectoryStream.Filter;
-import java.nio.file.Path;
-import java.util.concurrent.atomic.AtomicLong;
-
-import org.apache.commons.lang3.StringUtils;
-import org.cryptomator.crypto.exceptions.DecryptFailedException;
-import org.cryptomator.crypto.exceptions.UnsupportedKeyLengthException;
-import org.cryptomator.crypto.exceptions.WrongPasswordException;
-
-public class SamplingDecorator implements Cryptor, CryptorIOSampling {
-
-	private final Cryptor cryptor;
-	private final AtomicLong encryptedBytes;
-	private final AtomicLong decryptedBytes;
-
-	private SamplingDecorator(Cryptor cryptor) {
-		this.cryptor = cryptor;
-		encryptedBytes = new AtomicLong();
-		decryptedBytes = new AtomicLong();
-	}
-
-	public static Cryptor decorate(Cryptor cryptor) {
-		return new SamplingDecorator(cryptor);
-	}
-
-	@Override
-	public void swipeSensitiveData() {
-		cryptor.swipeSensitiveData();
-	}
-
-	@Override
-	public Long pollEncryptedBytes(boolean resetCounter) {
-		if (resetCounter) {
-			return encryptedBytes.getAndSet(0);
-		} else {
-			return encryptedBytes.get();
-		}
-	}
-
-	@Override
-	public Long pollDecryptedBytes(boolean resetCounter) {
-		if (resetCounter) {
-			return decryptedBytes.getAndSet(0);
-		} else {
-			return decryptedBytes.get();
-		}
-	}
-
-	/* Cryptor */
-
-	@Override
-	public void encryptMasterKey(OutputStream out, CharSequence password) throws IOException {
-		cryptor.encryptMasterKey(out, password);
-	}
-
-	@Override
-	public void decryptMasterKey(InputStream in, CharSequence password) throws DecryptFailedException, WrongPasswordException, UnsupportedKeyLengthException, IOException {
-		cryptor.decryptMasterKey(in, password);
-	}
-
-	@Override
-	public String encryptPath(String cleartextPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
-		encryptedBytes.addAndGet(StringUtils.length(cleartextPath));
-		return cryptor.encryptPath(cleartextPath, encryptedPathSep, cleartextPathSep, ioSupport);
-	}
-
-	@Override
-	public String decryptPath(String encryptedPath, char encryptedPathSep, char cleartextPathSep, CryptorIOSupport ioSupport) {
-		decryptedBytes.addAndGet(StringUtils.length(encryptedPath));
-		return cryptor.decryptPath(encryptedPath, encryptedPathSep, cleartextPathSep, ioSupport);
-	}
-
-	@Override
-	public boolean authenticateContent(SeekableByteChannel encryptedFile) throws IOException {
-		return cryptor.authenticateContent(encryptedFile);
-	}
-
-	@Override
-	public Long decryptedContentLength(SeekableByteChannel encryptedFile) throws IOException {
-		return cryptor.decryptedContentLength(encryptedFile);
-	}
-
-	@Override
-	public Long decryptedFile(SeekableByteChannel encryptedFile, OutputStream plaintextFile) throws IOException, DecryptFailedException {
-		final OutputStream countingInputStream = new CountingOutputStream(decryptedBytes, plaintextFile);
-		return cryptor.decryptedFile(encryptedFile, countingInputStream);
-	}
-
-	@Override
-	public Long decryptRange(SeekableByteChannel encryptedFile, OutputStream plaintextFile, long pos, long length) throws IOException, DecryptFailedException {
-		final OutputStream countingInputStream = new CountingOutputStream(decryptedBytes, plaintextFile);
-		return cryptor.decryptRange(encryptedFile, countingInputStream, pos, length);
-	}
-
-	@Override
-	public Long encryptFile(InputStream plaintextFile, SeekableByteChannel encryptedFile) throws IOException {
-		final InputStream countingInputStream = new CountingInputStream(encryptedBytes, plaintextFile);
-		return cryptor.encryptFile(countingInputStream, encryptedFile);
-	}
-
-	@Override
-	public Filter<Path> getPayloadFilesFilter() {
-		return cryptor.getPayloadFilesFilter();
-	}
-
-	@Override
-	public void addSensitiveDataSwipeListener(SensitiveDataSwipeListener listener) {
-		cryptor.addSensitiveDataSwipeListener(listener);
-	}
-
-	@Override
-	public void removeSensitiveDataSwipeListener(SensitiveDataSwipeListener listener) {
-		cryptor.removeSensitiveDataSwipeListener(listener);
-	}
-
-	private class CountingInputStream extends InputStream {
-
-		private final InputStream in;
-		private final AtomicLong counter;
-
-		private CountingInputStream(AtomicLong counter, InputStream in) {
-			this.in = in;
-			this.counter = counter;
-		}
-
-		@Override
-		public int read() throws IOException {
-			int count = in.read();
-			counter.addAndGet(count);
-			return count;
-		}
-
-		@Override
-		public int read(byte[] b, int off, int len) throws IOException {
-			int count = in.read(b, off, len);
-			counter.addAndGet(count);
-			return count;
-		}
-
-	}
-
-	private class CountingOutputStream extends OutputStream {
-
-		private final OutputStream out;
-		private final AtomicLong counter;
-
-		private CountingOutputStream(AtomicLong counter, OutputStream out) {
-			this.out = out;
-			this.counter = counter;
-		}
-
-		@Override
-		public void write(int b) throws IOException {
-			counter.incrementAndGet();
-			out.write(b);
-		}
-
-		@Override
-		public void write(byte[] b, int off, int len) throws IOException {
-			counter.addAndGet(len);
-			out.write(b, off, len);
-		}
-
-	}
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/SensitiveDataSwipeListener.java

@@ -1,19 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto;
-
-public interface SensitiveDataSwipeListener {
-
-	/**
-	 * Removes sensitive data from memory. Depending on the data (e.g. for passwords) it might be necessary to overwrite the memory before
-	 * freeing the object.
-	 */
-	void swipeSensitiveData();
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/DecryptFailedException.java

@@ -1,13 +0,0 @@
-package org.cryptomator.crypto.exceptions;
-
-public class DecryptFailedException extends StorageCryptingException {
-	private static final long serialVersionUID = -3855673600374897828L;
-
-	public DecryptFailedException(Throwable t) {
-		super("Decryption failed.", t);
-	}
-
-	public DecryptFailedException(String msg) {
-		super(msg);
-	}
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/StorageCryptingException.java

@@ -1,13 +0,0 @@
-package org.cryptomator.crypto.exceptions;
-
-public class StorageCryptingException extends Exception {
-	private static final long serialVersionUID = -6622699014483319376L;
-	
-	public StorageCryptingException(String string) {
-		super(string);
-	}
-	
-	public StorageCryptingException(String string, Throwable t) {
-		super(string, t);
-	}
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/UnsupportedKeyLengthException.java

@@ -1,23 +0,0 @@
-package org.cryptomator.crypto.exceptions;
-
-public class UnsupportedKeyLengthException extends StorageCryptingException {
-	private static final long serialVersionUID = 8114147446419390179L;
-
-	private final int requestedLength;
-	private final int supportedLength;
-
-	public UnsupportedKeyLengthException(int length, int maxLength) {
-		super(String.format("Key length (%d) exceeds policy maximum (%d).", length, maxLength));
-		this.requestedLength = length;
-		this.supportedLength = maxLength;
-	}
-
-	public int getRequestedLength() {
-		return requestedLength;
-	}
-
-	public int getSupportedLength() {
-		return supportedLength;
-	}
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/exceptions/WrongPasswordException.java

@@ -1,9 +0,0 @@
-package org.cryptomator.crypto.exceptions;
-
-public class WrongPasswordException extends StorageCryptingException {
-	private static final long serialVersionUID = -602047799678568780L;
-
-	public WrongPasswordException() {
-		super("Wrong password.");
-	}
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/io/SeekableByteChannelInputStream.java

@@ -1,90 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.io;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.ByteBuffer;
-import java.nio.channels.SeekableByteChannel;
-
-public class SeekableByteChannelInputStream extends InputStream {
-	private final SeekableByteChannel channel;
-	private volatile long markedPos = 0;
-
-	public SeekableByteChannelInputStream(SeekableByteChannel channel) {
-		this.channel = channel;
-	}
-
-	@Override
-	public int read() throws IOException {
-		final ByteBuffer buffer = ByteBuffer.allocate(1);
-		final int read = channel.read(buffer);
-		if (read == 1) {
-			return buffer.get(0);
-		} else {
-			return -1;
-		}
-	}
-
-	@Override
-	public int read(byte[] b, int off, int len) throws IOException {
-		final ByteBuffer buffer = ByteBuffer.wrap(b, off, len);
-		return channel.read(buffer);
-	}
-
-	@Override
-	public int available() throws IOException {
-		long available = channel.size() - channel.position();
-		if (available > Integer.MAX_VALUE) {
-			return Integer.MAX_VALUE;
-		} else {
-			return (int) available;
-		}
-	}
-
-	@Override
-	public long skip(long n) throws IOException {
-		final long pos = channel.position();
-		final long max = channel.size();
-		final long maxSkip = max - pos;
-		final long actualSkip = Math.min(n, maxSkip);
-		channel.position(channel.position() + actualSkip);
-		return actualSkip;
-	}
-
-	@Override
-	public void close() throws IOException {
-		channel.close();
-		super.close();
-	}
-
-	@Override
-	public synchronized void mark(int readlimit) {
-		try {
-			markedPos = channel.position();
-		} catch (IOException e) {
-			markedPos = 0;
-		}
-	}
-
-	@Override
-	public synchronized void reset() throws IOException {
-		channel.position(markedPos);
-	}
-
-	public synchronized void resetTo(long position) throws IOException {
-		channel.position(position);
-	}
-
-	@Override
-	public boolean markSupported() {
-		return true;
-	}
-
-}

main/crypto-api/src/main/java/org/cryptomator/crypto/io/SeekableByteChannelOutputStream.java

@@ -1,64 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2014 Sebastian Stenzel
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- * 
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- ******************************************************************************/
-package org.cryptomator.crypto.io;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-import java.nio.channels.SeekableByteChannel;
-
-public class SeekableByteChannelOutputStream extends OutputStream {
-
-	private final SeekableByteChannel channel;
-
-	public SeekableByteChannelOutputStream(SeekableByteChannel channel) {
-		this.channel = channel;
-	}
-
-	@Override
-	public void write(int b) throws IOException {
-		final byte actualByte = (byte) (b & 0x000000FF);
-		final ByteBuffer buffer = ByteBuffer.allocate(1);
-		buffer.put(actualByte);
-		channel.write(buffer);
-	}
-
-	@Override
-	public void write(byte[] b, int off, int len) throws IOException {
-		final ByteBuffer buffer = ByteBuffer.wrap(b, off, len);
-		channel.write(buffer);
-	}
-
-	@Override
-	public void close() throws IOException {
-		channel.close();
-	}
-
-	/**
-	 * @see SeekableByteChannel#truncate(long)
-	 */
-	public void truncate(long size) throws IOException {
-		channel.truncate(size);
-	}
-
-	/**
-	 * @see SeekableByteChannel#position()
-	 */
-	public long position() throws IOException {
-		return channel.position();
-	}
-
-	/**
-	 * @see SeekableByteChannel#position(long)
-	 */
-	public void position(long newPosition) throws IOException {
-		channel.position(newPosition);
-	}
-
-}

main/filesystem-api/.gitignore

@@ -0,0 +1,2 @@
+/target/
+/target/

main/filesystem-api/pom.xml

@@ -1,55 +1,32 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  Copyright (c) 2014 Sebastian Stenzel
+  Copyright (c) 2015 Markus Kreusch
   This file is licensed under the terms of the MIT license.
   See the LICENSE.txt file for more info.
-  
-  Contributors:
-      Sebastian Stenzel - initial API and implementation
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>0.4.0</version>
+		<version>1.0.0</version>
 	</parent>
-	<artifactId>core</artifactId>
-	<name>Cryptomator core I/O module</name>
-
-	<properties>
-		<jetty.version>9.2.5.v20141112</jetty.version>
-		<jackrabbit.version>2.9.0</jackrabbit.version>
-		<commons.transaction.version>1.2</commons.transaction.version>
-		<jta.version>1.1</jta.version>
-	</properties>
+	<artifactId>filesystem-api</artifactId>
+	<name>Cryptomator filesystem: API</name>
 
 	<dependencies>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
-			<artifactId>crypto-api</artifactId>
+			<artifactId>commons</artifactId>
+		</dependency>
+		
+		<!-- Guava -->
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
 		</dependency>
 
-		<!-- Jetty (Servlet Container) -->
-		<dependency>
-			<groupId>org.eclipse.jetty</groupId>
-			<artifactId>jetty-server</artifactId>
-			<version>${jetty.version}</version>
-		</dependency>
-		<dependency>
-			<groupId>org.eclipse.jetty</groupId>
-			<artifactId>jetty-webapp</artifactId>
-			<version>${jetty.version}</version>
-		</dependency>
-
-		<!-- Jackrabbit -->
-		<dependency>
-			<groupId>org.apache.jackrabbit</groupId>
-			<artifactId>jackrabbit-webdav</artifactId>
-			<version>${jackrabbit.version}</version>
-		</dependency>
-
-		<!-- I/O -->
+		<!-- apache commons -->
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
@@ -62,5 +39,18 @@
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-collections4</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>commons-test</artifactId>
+		</dependency>
 	</dependencies>
-</project>
+	
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+</project>

main/filesystem-api/src/main/java/org/cryptomator/filesystem/Copier.java

@@ -0,0 +1,55 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+
+import com.google.common.io.ByteStreams;
+
+class Copier {
+
+	public static void copy(Folder source, Folder destination) {
+		assertFoldersAreNotNested(source, destination);
+
+		destination.delete();
+		destination.create();
+
+		source.files().forEach(sourceFile -> {
+			File destinationFile = destination.file(sourceFile.name());
+			sourceFile.copyTo(destinationFile);
+		});
+
+		source.folders().forEach(sourceFolder -> {
+			Folder destinationFolder = destination.folder(sourceFolder.name());
+			sourceFolder.copyTo(destinationFolder);
+		});
+	}
+
+	public static void copy(File source, File destination) {
+		try (OpenFiles openFiles = DeadlockSafeFileOpener.withReadable(source).andWritable(destination).open()) {
+			ReadableFile readable = openFiles.readable(source);
+			WritableFile writable = openFiles.writable(destination);
+			writable.truncate();
+			ByteStreams.copy(readable, writable);
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
+	private static void assertFoldersAreNotNested(Folder source, Folder destination) {
+		if (source.isAncestorOf(destination)) {
+			throw new IllegalArgumentException("Can not copy parent to child directory (src: " + source + ", dst: " + destination + ")");
+		}
+		if (destination.isAncestorOf(source)) {
+			throw new IllegalArgumentException("Can not copy child to parent directory (src: " + source + ", dst: " + destination + ")");
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/DeadlockSafeFileOpener.java

@@ -0,0 +1,69 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem;
+
+import static java.lang.String.format;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.TreeMap;
+import java.util.function.Consumer;
+
+public class DeadlockSafeFileOpener {
+
+	public static DeadlockSafeFileOpener withReadable(File file) {
+		return new DeadlockSafeFileOpener().andReadable(file);
+	}
+
+	public static DeadlockSafeFileOpener withWritable(File file) {
+		return new DeadlockSafeFileOpener().andWritable(file);
+	}
+
+	private final SortedMap<File, Consumer<File>> filesWithOperation = new TreeMap<>();
+
+	private final Map<File, ReadableFile> readableFiles = new HashMap<>();
+	private final Map<File, WritableFile> writableFiles = new HashMap<>();
+
+	private DeadlockSafeFileOpener() {
+	}
+
+	public DeadlockSafeFileOpener andReadable(File file) {
+		if (filesWithOperation.put(file, this::openReadable) != null) {
+			throw new IllegalArgumentException(format("File %s already marked for opening", file));
+		}
+		return this;
+	}
+
+	public DeadlockSafeFileOpener andWritable(File file) {
+		if (filesWithOperation.put(file, this::openWritable) != null) {
+			throw new IllegalArgumentException(format("File %s already marked for opening", file));
+		}
+		return this;
+	}
+
+	private void openReadable(File file) {
+		readableFiles.put(file, file.openReadable());
+	}
+
+	private void openWritable(File file) {
+		writableFiles.put(file, file.openWritable());
+	}
+
+	public OpenFiles open() {
+		try {
+			filesWithOperation.forEach((file, openAction) -> openAction.accept(file));
+		} catch (RuntimeException e) {
+			OpenFiles.cleanup(readableFiles.values(), writableFiles.values());
+			throw e;
+		}
+		return new OpenFiles(readableFiles, writableFiles);
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/Deleter.java

@@ -0,0 +1,15 @@
+package org.cryptomator.filesystem;
+
+public class Deleter {
+
+	/**
+	 * Deletes all and only the content of a given {@link Folder} but <b>not</b> the folder itself.
+	 */
+	public static void deleteContent(Folder folder) {
+		if (folder.exists()) {
+			folder.folders().forEach(Folder::delete);
+			folder.files().forEach(File::delete);
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/File.java

@@ -0,0 +1,81 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+
+/**
+ * A {@link File} in a {@link FileSystem}.
+ * 
+ * @author Markus Kreusch
+ */
+public interface File extends Node, Comparable<File> {
+
+	static final int EOF = -1;
+
+	/**
+	 * <p>
+	 * Opens this file for reading.
+	 * <p>
+	 * An implementation guarantees, that per {@link FileSystem} and
+	 * {@code File} while a {@code ReadableFile} is open no {@link WritableFile}
+	 * can be open and vice versa. A {@link ReadableFile} is open when returned
+	 * from this method and not yet closed using {@link ReadableFile#close()}.
+	 * <br>
+	 * A limitation to the number of {@code ReadableFiles} is in general not
+	 * required but may be set by a specific implementation.
+	 * <p>
+	 * If a {@link WritableFile} for this {@code File} is open the invocation of
+	 * this method will block regarding the specified timeout.<br>
+	 * In addition implementations may block to lock the required IO resources
+	 * to read the file.
+	 * 
+	 * @return a {@link ReadableFile} to work with
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while opening the file, the
+	 *             file does not exist or is a directory
+	 */
+
+	ReadableFile openReadable() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Opens this file for writing.
+	 * <p>
+	 * If the file does not exist a new empty file is created.
+	 * <p>
+	 * An implementation guarantees, that per {@link FileSystem} and
+	 * {@code File} only one {@link WritableFile} is open at a time. A
+	 * {@code WritableFile} is open when returned from this method and not yet
+	 * closed using {@link WritableFile#close()} or
+	 * {@link WritableFile#delete()}.<br>
+	 * In addition while a {@code WritableFile} is open no {@link ReadableFile}
+	 * can be open and vice versa.
+	 * <p>
+	 * If a {@code Readable-} or {@code WritableFile} for this {@code File} is
+	 * open the invocation of this method will block regarding the specified
+	 * timeout.<br>
+	 * In addition implementations may block to lock the required IO resources
+	 * to read the file.
+	 * 
+	 * @return a {@link WritableFile} to work with
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while opening the file or
+	 *             the file is a directory
+	 */
+	WritableFile openWritable() throws UncheckedIOException;
+
+	default void copyTo(File destination) {
+		Copier.copy(this, destination);
+	}
+
+	/**
+	 * Moves this file including content to a new location specified by <code>destination</code>.
+	 */
+	void moveTo(File destination) throws UncheckedIOException;
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/FileSystem.java

@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.util.Optional;
+
+/**
+ * The root folder of a file system.
+ * 
+ * @author Markus Kreusch
+ */
+public interface FileSystem extends Folder {
+
+	/**
+	 * @return an empty {@link Optional} because a {@link FileSystem} represents
+	 *         the root {@link Folder} and thus does not have a parent
+	 */
+	@Override
+	default Optional<? extends Folder> parent() {
+		return Optional.empty();
+	}
+
+	Optional<Long> quotaUsedBytes();
+
+	Optional<Long> quotaAvailableBytes();
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/Folder.java

@@ -0,0 +1,145 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.util.stream.Stream;
+
+/**
+ * A {@link Folder} in a {@link FileSystem}.
+ * 
+ * @author Markus Kreusch
+ */
+public interface Folder extends Node {
+
+	/**
+	 * <p>
+	 * Creates a {@link Stream} over all child nodes of this {@code Folder}.
+	 * <p>
+	 * <b>Note:</b> The {@link Stream} may be lazily populated and thus
+	 * {@link IOException IOExceptions} may occurs after this method returned.
+	 * In this case implementors should throw a {@link UncheckedIOException}
+	 * from any method that produces an {@link IOException}. Thus users should
+	 * expect {@link UncheckedIOException UncheckedIOExceptions} when invoking
+	 * methods on the returned {@code Stream}.
+	 * 
+	 * @return the created {@code Stream}
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while initializing the
+	 *             stream or the {@code Folder} does not exist
+	 */
+	Stream<? extends Node> children() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Returns the child {@link Node} in this directory of type {@link File}
+	 * with the specified name.
+	 * <p>
+	 * This operation always returns a {@link File} without checking if the file
+	 * exists or is a {@link Folder} instead.
+	 */
+	File file(String name) throws UncheckedIOException;
+
+	/**
+	 * Returns a file by resolving a path relative to this folder.
+	 * 
+	 * @param path A unix-style path, which is always relative to this folder, no matter if it starts with a slash or not. Path must not be empty.
+	 * @return File with the given path relative to this folder
+	 * @throws IllegalArgumentException
+	 *             if relativePath is empty
+	 */
+	default File resolveFile(String relativePath) throws UncheckedIOException, IllegalArgumentException {
+		return PathResolver.resolveFile(this, relativePath);
+	}
+
+	/**
+	 * <p>
+	 * Returns the child {@link Node} in this directory of type {@link Folder}
+	 * with the specified name.
+	 * <p>
+	 * This operation always returns a {@link Folder} without checking if the
+	 * folder exists or is a {@link File} instead.
+	 */
+	Folder folder(String name) throws UncheckedIOException;
+
+	/**
+	 * Returns a folder by resolving a path relative to this folder.
+	 * 
+	 * @param path A unix-style path, which is always relative to this folder, no matter if it starts with a slash or not. Path may be empty.
+	 * @return Folder with the given path relative to this folder. Returns <code>this</code> if path is empty.
+	 */
+	default Folder resolveFolder(String relativePath) throws UncheckedIOException {
+		return PathResolver.resolveFolder(this, relativePath);
+	}
+
+	/**
+	 * Creates the directory including all parent directories, if it doesn't
+	 * exist yet. No effect, if folder already exists.
+	 * 
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while creating the folder or
+	 *             one of its parents
+	 */
+	void create() throws UncheckedIOException;
+
+	/**
+	 * Recusively copies this directory and all its contents to (not into) the
+	 * given destination, creating nonexisting parent directories. If the target
+	 * exists it is deleted before performing the copy.
+	 * 
+	 * @param target
+	 *            Destination folder. Must not be a descendant of this folder.
+	 */
+	default void copyTo(Folder target) throws UncheckedIOException {
+		Copier.copy(this, target);
+	}
+
+	/**
+	 * Moves this directory and its contents to the given destination. If the
+	 * target exists it is deleted before performing the move.
+	 */
+	void moveTo(Folder target);
+
+	/**
+	 * @return the result of {@link #children()} filtered to contain only
+	 *         {@link File Files}
+	 */
+	default Stream<? extends File> files() throws UncheckedIOException {
+		return children() //
+				.filter(File.class::isInstance) //
+				.map(File.class::cast);
+	}
+
+	/**
+	 * @return the result of {@link #children()} filtered to contain only
+	 *         {@link Folder Folders}
+	 */
+	default Stream<? extends Folder> folders() throws UncheckedIOException {
+		return children() //
+				.filter(Folder.class::isInstance) //
+				.map(Folder.class::cast);
+	}
+
+	/**
+	 * Recursively checks whether this folder or any subfolder contains the
+	 * given node.
+	 * 
+	 * @param node
+	 *            Potential child, grandchild, ...
+	 * @return <code>true</code> if this folder is an ancestor of the node.
+	 */
+	default boolean isAncestorOf(Node node) {
+		if (!node.parent().isPresent()) {
+			return false;
+		} else if (node.parent().get().equals(this)) {
+			return true;
+		} else {
+			return this.isAncestorOf(node.parent().get());
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/FolderVisitor.java

@@ -0,0 +1,131 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem;
+
+import static java.lang.String.format;
+
+import java.util.function.Consumer;
+
+public class FolderVisitor {
+
+	private final Consumer<Folder> beforeFolderVisitor;
+	private final Consumer<Folder> afterFolderVisitor;
+	private final Consumer<File> fileVisitor;
+	private final Consumer<Node> nodeVisitor;
+	private final int maxDepth;
+
+	public FolderVisitor(FolderVisitorBuilder builder) {
+		this.beforeFolderVisitor = builder.beforeFolderVisitor;
+		this.afterFolderVisitor = builder.afterFolderVisitor;
+		this.fileVisitor = builder.fileVisitor;
+		this.nodeVisitor = builder.nodeVisitor;
+		this.maxDepth = builder.maxDepth;
+	}
+
+	public static FolderVisitorBuilder folderVisitor() {
+		return new FolderVisitorBuilder();
+	}
+
+	public FolderVisitor visit(Folder folder) {
+		return visit(folder, 0);
+	}
+
+	public FolderVisitor visit(File file) {
+		return visit(file, 0);
+	}
+
+	private FolderVisitor visit(Folder folder, int depth) {
+		beforeFolderVisitor.accept(folder);
+		nodeVisitor.accept(folder);
+		final int childDepth = depth + 1;
+		if (childDepth <= maxDepth) {
+			folder.folders().forEach(childFolder -> visit(childFolder, childDepth));
+			folder.files().forEach(childFile -> visit(childFile, childDepth));
+		}
+		afterFolderVisitor.accept(folder);
+		return this;
+	}
+
+	private FolderVisitor visit(File file, int depth) {
+		nodeVisitor.accept(file);
+		fileVisitor.accept(file);
+		return this;
+	}
+
+	public static class FolderVisitorBuilder {
+
+		private Consumer<Folder> beforeFolderVisitor = noOp();
+		private Consumer<Folder> afterFolderVisitor = noOp();
+		private Consumer<File> fileVisitor = noOp();
+		private Consumer<Node> nodeVisitor = noOp();
+		private int maxDepth = Integer.MAX_VALUE;
+
+		private FolderVisitorBuilder() {
+		}
+
+		public FolderVisitorBuilder beforeFolder(Consumer<Folder> beforeFolderVisitor) {
+			if (beforeFolderVisitor == null) {
+				throw new IllegalArgumentException("Vistior may not be null");
+			}
+			this.beforeFolderVisitor = beforeFolderVisitor;
+			return this;
+		}
+
+		public FolderVisitorBuilder afterFolder(Consumer<Folder> afterFolderVisitor) {
+			if (afterFolderVisitor == null) {
+				throw new IllegalArgumentException("Vistior may not be null");
+			}
+			this.afterFolderVisitor = afterFolderVisitor;
+			return this;
+		}
+
+		public FolderVisitorBuilder forEachFile(Consumer<File> fileVisitor) {
+			if (fileVisitor == null) {
+				throw new IllegalArgumentException("Vistior may not be null");
+			}
+			this.fileVisitor = fileVisitor;
+			return this;
+		}
+
+		public FolderVisitorBuilder forEachNode(Consumer<Node> nodeVisitor) {
+			if (nodeVisitor == null) {
+				throw new IllegalArgumentException("Vistior may not be null");
+			}
+			this.nodeVisitor = nodeVisitor;
+			return this;
+		}
+
+		public FolderVisitorBuilder withMaxDepth(int maxDepth) {
+			if (maxDepth < 0) {
+				throw new IllegalArgumentException(format("maxDepth must not be smaller 0 but was %d", maxDepth));
+			}
+			this.maxDepth = maxDepth;
+			return this;
+		}
+
+		public FolderVisitor visit(Folder folder) {
+			return build().visit(folder);
+		}
+
+		public FolderVisitor visit(File file) {
+			return build().visit(file);
+		}
+
+		public FolderVisitor build() {
+			return new FolderVisitor(this);
+		}
+
+		private static <T> Consumer<T> noOp() {
+			return ignoredParameter -> {
+			};
+		}
+
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/Node.java

@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.time.Instant;
+import java.util.Optional;
+
+/**
+ * Represents a node, namely a {@link File} or {@link Folder}, in a
+ * {@link FileSystem}.
+ * <p>
+ * A node's identity (i.e. {@link #hashCode()} and {@link #equals(Object)}) depends on its parent node and its name (forming the node's path).
+ * These properties are meant to be immutable. This means that e.g. moving a node doesn't modify the node's identity but rather transfers properties to the destination node.
+ * 
+ * @author Markus Kreusch
+ * @see Folder
+ * @see File
+ */
+public interface Node {
+
+	String name() throws UncheckedIOException;
+
+	/**
+	 * @return Optional parent folder. No parent is present for the root node (see {@link FileSystem#parent()}).
+	 */
+	Optional<? extends Folder> parent() throws UncheckedIOException;
+
+	/**
+	 * @return <code>true</code> if the node exists.
+	 */
+	boolean exists() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Deletes the node if it exists.
+	 * <p>
+	 * Does nothing if the node does not exist.
+	 */
+	void delete() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Determines the last modified date of this node.
+	 * 
+	 * @returns the last modified date of the file
+	 */
+	Instant lastModified() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Sets the last modified date of the file.
+	 * 
+	 * @param lastModified the time to set as creation time
+	 */
+	void setLastModified(Instant lastModified) throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Determines the creation time of this node.
+	 * <p>
+	 * Note: Getting the creation time may not be supported by all {@link FileSystem FileSystems}.
+	 * 
+	 * @returns the creation time of the file or {@link Optional#empty()} if not supported
+	 */
+	default Optional<Instant> creationTime() throws UncheckedIOException {
+		return Optional.empty();
+	}
+
+	/**
+	 * <p>
+	 * Sets the creation time of this node.
+	 * <p>
+	 * Setting the creation time may not be supported by all {@link FileSystem FileSystems}. If the {@code FileSystem} this {@code Node} belongs to does not support the
+	 * setting the creation time the behavior of this method is unspecified.
+	 * 
+	 * @param creationTime the time to set as creation time
+	 */
+	default void setCreationTime(Instant creationTime) throws UncheckedIOException {
+		throw new UncheckedIOException(new IOException("CreationTime not supported"));
+	}
+
+	/**
+	 * @return the {@link FileSystem} this Node belongs to
+	 */
+	default FileSystem fileSystem() {
+		return parent() //
+				.map(Node::fileSystem) //
+				.orElseGet(() -> (FileSystem) this);
+	}
+
+	default boolean belongsToSameFilesystem(Node other) {
+		return fileSystem() == other.fileSystem();
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/OpenFiles.java

@@ -0,0 +1,71 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.UncheckedIOException;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.stream.Stream;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class OpenFiles implements AutoCloseable {
+
+	private final static Logger LOG = LoggerFactory.getLogger(OpenFiles.class);
+
+	private final Map<File, ReadableFile> readableFiles;
+	private final Map<File, WritableFile> writableFiles;
+
+	public OpenFiles(Map<File, ReadableFile> readableFiles, Map<File, WritableFile> writableFiles) {
+		this.readableFiles = readableFiles;
+		this.writableFiles = writableFiles;
+	}
+
+	@Override
+	public void close() throws UncheckedIOException {
+		OpenFiles.cleanup(readableFiles.values(), writableFiles.values());
+	}
+
+	public ReadableFile readable(File file) {
+		return readableFiles.computeIfAbsent(file, fileNotOpenForReading -> {
+			throw new IllegalArgumentException(String.format("File %s is not open for reading", fileNotOpenForReading));
+		});
+	}
+
+	public WritableFile writable(File file) {
+		return writableFiles.computeIfAbsent(file, fileNotOpenForWriting -> {
+			throw new IllegalArgumentException(String.format("File %s is not open for writing", fileNotOpenForWriting));
+		});
+	}
+
+	static void cleanup(Collection<ReadableFile> readableFiles, Collection<WritableFile> writableFiles) {
+		Iterator<? extends AutoCloseable> iterator = Stream.concat(readableFiles.stream(), writableFiles.stream()).iterator();
+		UncheckedIOException firstException = null;
+		while (iterator.hasNext()) {
+			AutoCloseable openFile = iterator.next();
+			try {
+				openFile.close();
+			} catch (UncheckedIOException e) {
+				if (firstException == null) {
+					firstException = e;
+				} else {
+					firstException.addSuppressed(e);
+				}
+			} catch (Exception e) {
+				LOG.error("Unexpected exception during close on " + openFile.getClass().getSimpleName(), e);
+			}
+		}
+		if (firstException != null) {
+			throw firstException;
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/PathResolver.java

@@ -0,0 +1,112 @@
+package org.cryptomator.filesystem;
+
+import java.io.FileNotFoundException;
+import java.io.UncheckedIOException;
+import java.util.Arrays;
+import java.util.Iterator;
+
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
+
+final class PathResolver {
+
+	private static final String DOT = ".";
+	private static final String DOTDOT = "..";
+
+	private PathResolver() {
+	}
+
+	/**
+	 * Resolves a relative path (separated by '/') to a folder, e.g.
+	 * <!-- @formatter:off -->
+	 * <table>
+	 * <thead>
+	 * <tr>
+	 * <th>dir</th>
+	 * <th>path</th>
+	 * <th>result</th>
+	 * </tr>
+	 * </thead>
+	 * <tbody>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td>foo/bar</td>
+	 * <td>/foo/bar/foo/bar</td>
+	 * </tr>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td>../baz</td>
+	 * <td>/foo/baz</td>
+	 * </tr>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td>./foo/..</td>
+	 * <td>/foo/bar</td>
+	 * </tr>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td>/</td>
+	 * <td>/foo/bar</td>
+	 * </tr>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td></td>
+	 * <td>/foo/bar</td>
+	 * </tr>
+	 * <tr>
+	 * <td>/foo/bar</td>
+	 * <td>../../..</td>
+	 * <td>Exception</td>
+	 * </tr>
+	 * </tbody>
+	 * </table>
+	 * 
+	 * @param dir The directory from which to resolve the path.
+	 * @param relativePath The path relative to a given directory.
+	 * @return The folder with the given path relative to the given dir.
+	 */
+	public static Folder resolveFolder(Folder dir, String relativePath) {
+		final String[] fragments = StringUtils.split(relativePath, '/');
+		if (ArrayUtils.isEmpty(fragments)) {
+			return dir;
+		}
+		return resolveFolder(dir, Arrays.stream(fragments).iterator());
+	}
+
+	/**
+	 * Resolves a relative path (separated by '/') to a file. Besides returning a File, this method is identical to {@link #resolveFile(Folder, String)}.
+	 * 
+	 * @param dir The directory from which to resolve the path.
+	 * @param relativePath The path relative to a given directory.
+	 * @return The file with the given path relative to the given dir.
+	 * @throws IllegalArgumentException
+	 *             if relativePath is empty, as this path would resolve to the directory itself, which obviously can't be a file.
+	 */
+	public static File resolveFile(Folder dir, String relativePath) {
+		final String[] fragments = StringUtils.split(relativePath, '/');
+		if (ArrayUtils.isEmpty(fragments)) {
+			throw new IllegalArgumentException("Empty relativePath");
+		}
+		final Folder folder = resolveFolder(dir, Arrays.stream(fragments).limit(fragments.length - 1).iterator());
+		final String filename = fragments[fragments.length - 1];
+		return folder.file(filename);
+	}
+
+	private static Folder resolveFolder(Folder dir, Iterator<String> remainingPathFragments) {
+		if (!remainingPathFragments.hasNext()) {
+			return dir;
+		}
+		final String fragment = remainingPathFragments.next();
+		assert fragment.length() > 0 : "iterator must not contain empty fragments";
+		if (DOT.equals(fragment)) {
+			return resolveFolder(dir, remainingPathFragments);
+		} else if (DOTDOT.equals(fragment) && dir.parent().isPresent()) {
+			return resolveFolder(dir.parent().get(), remainingPathFragments);
+		} else if (DOTDOT.equals(fragment) && !dir.parent().isPresent()) {
+			throw new UncheckedIOException(new FileNotFoundException("Unresolvable path"));
+		} else {
+			return resolveFolder(dir.folder(fragment), remainingPathFragments);
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/ReadableFile.java

@@ -0,0 +1,57 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.ByteBuffer;
+import java.nio.channels.ReadableByteChannel;
+
+public interface ReadableFile extends ReadableByteChannel {
+
+	/**
+	 * <p>
+	 * Tries to fill the remaining space in the given byte buffer with data from
+	 * this readable bytes from the current position.
+	 * <p>
+	 * May read less bytes if the end of this readable bytes has been reached.
+	 * 
+	 * @param target
+	 *            the byte buffer to fill
+	 * @return the number of bytes actually read, or {@code -1} if the end of
+	 *         file has been reached
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while reading from this
+	 *             {@code ReadableBytes}
+	 */
+	@Override
+	int read(ByteBuffer target) throws UncheckedIOException;
+
+	/**
+	 * @return The current size of the file. This value is a snapshot and might have been changed by concurrent modifications.
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs
+	 */
+	long size() throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Fast-forwards or rewinds the file to the specified position.
+	 * <p>
+	 * Consecutive reads on the file will begin at the new position.
+	 * 
+	 * @param position
+	 *            the position to set the file to
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs
+	 * 
+	 */
+	void position(long position) throws UncheckedIOException;
+
+	@Override
+	void close() throws UncheckedIOException;
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/WritableFile.java

@@ -0,0 +1,63 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ ******************************************************************************/
+package org.cryptomator.filesystem;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.ByteBuffer;
+import java.nio.channels.WritableByteChannel;
+
+public interface WritableFile extends WritableByteChannel {
+
+	void truncate() throws UncheckedIOException;
+
+	/**
+	 * Writes the data in the given byte buffer to this readable bytes at the
+	 * current position.
+	 * 
+	 * @param source
+	 *            the byte buffer to use
+	 * @return the number of bytes written, always equal to
+	 *         {@code source.remaining()}
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs while writing
+	 */
+	@Override
+	int write(ByteBuffer source) throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Fast-forwards or rewinds the file to the specified position.
+	 * <p>
+	 * Consecutive writes on the file will begin at the new position.
+	 * <p>
+	 * If the position is set to a value greater than the current end of file
+	 * consecutive writes will write data to the given position. The value of
+	 * all bytes between this position and the previous end of file will be
+	 * unspecified.
+	 * 
+	 * @param position
+	 *            the position to set the file to
+	 * @throws UncheckedIOException
+	 *             if an {@link IOException} occurs
+	 */
+	void position(long position) throws UncheckedIOException;
+
+	/**
+	 * <p>
+	 * Closes this {@code WritableFile} which finally commits all operations
+	 * performed on it to the underlying file system.
+	 * <p>
+	 * After a {@code WritableFile} has been closed all other operations will
+	 * throw an {@link UncheckedIOException}.
+	 * <p>
+	 * Invoking this method on a {@link WritableFile} which has already been
+	 * closed does nothing.
+	 */
+	@Override
+	void close() throws UncheckedIOException;
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingFile.java

@@ -0,0 +1,77 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.delegating;
+
+import java.io.UncheckedIOException;
+import java.util.Optional;
+
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.ReadableFile;
+import org.cryptomator.filesystem.WritableFile;
+
+public abstract class DelegatingFile<D extends DelegatingFolder<D, ?>> extends DelegatingNode<File>implements File {
+
+	private final D parent;
+
+	public DelegatingFile(D parent, File delegate) {
+		super(delegate);
+		this.parent = parent;
+	}
+
+	@Override
+	public Optional<D> parent() throws UncheckedIOException {
+		return Optional.of(parent);
+	}
+
+	@Override
+	public ReadableFile openReadable() throws UncheckedIOException {
+		return delegate.openReadable();
+	}
+
+	@Override
+	public WritableFile openWritable() throws UncheckedIOException {
+		return delegate.openWritable();
+	}
+
+	@Override
+	public void copyTo(File destination) {
+		if (getClass().equals(destination.getClass())) {
+			final File delegateDest = ((DelegatingFile<?>) destination).delegate;
+			delegate.copyTo(delegateDest);
+		} else {
+			delegate.copyTo(destination);
+		}
+	}
+
+	@Override
+	public void moveTo(File destination) {
+		if (getClass().equals(destination.getClass())) {
+			final File delegateDest = ((DelegatingFile<?>) destination).delegate;
+			delegate.moveTo(delegateDest);
+		} else {
+			throw new IllegalArgumentException("Can only move DelegatingFile to other DelegatingFile.");
+		}
+	}
+
+	@Override
+	public void delete() throws UncheckedIOException {
+		delegate.delete();
+	}
+
+	@Override
+	public int compareTo(File o) {
+		if (getClass().equals(o.getClass())) {
+			final File delegateOther = ((DelegatingFile<?>) o).delegate;
+			return delegate.compareTo(delegateOther);
+		} else {
+			return delegate.compareTo(o);
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingFileSystem.java

@@ -0,0 +1,22 @@
+package org.cryptomator.filesystem.delegating;
+
+import java.util.Optional;
+
+import org.cryptomator.filesystem.FileSystem;
+import org.cryptomator.filesystem.Folder;
+
+public interface DelegatingFileSystem extends FileSystem {
+
+	Folder getDelegate();
+
+	@Override
+	default Optional<Long> quotaUsedBytes() {
+		return getDelegate().fileSystem().quotaUsedBytes();
+	}
+
+	@Override
+	default Optional<Long> quotaAvailableBytes() {
+		return getDelegate().fileSystem().quotaAvailableBytes();
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingFolder.java

@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.delegating;
+
+import java.io.UncheckedIOException;
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import org.cryptomator.common.WeakValuedCache;
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.Node;
+
+public abstract class DelegatingFolder<D extends DelegatingFolder<D, F>, F extends DelegatingFile<D>> extends DelegatingNode<Folder>implements Folder {
+
+	private final D parent;
+	private final WeakValuedCache<Folder, D> folders = WeakValuedCache.usingLoader(this::newFolder);
+	private final WeakValuedCache<File, F> files = WeakValuedCache.usingLoader(this::newFile);
+
+	public DelegatingFolder(D parent, Folder delegate) {
+		super(delegate);
+		this.parent = parent;
+	}
+
+	@Override
+	public Optional<D> parent() throws UncheckedIOException {
+		return Optional.ofNullable(parent);
+	}
+
+	@Override
+	public Stream<? extends Node> children() throws UncheckedIOException {
+		return Stream.concat(folders(), files());
+	}
+
+	@Override
+	public Stream<D> folders() {
+		return delegate.folders().map(folders::get);
+	}
+
+	@Override
+	public Stream<F> files() throws UncheckedIOException {
+		return delegate.files().map(files::get);
+	}
+
+	@Override
+	public F file(String name) throws UncheckedIOException {
+		return files.get(delegate.file(name));
+	}
+
+	protected abstract F newFile(File delegate);
+
+	@Override
+	public D folder(String name) throws UncheckedIOException {
+		return folders.get(delegate.folder(name));
+	}
+
+	protected abstract D newFolder(Folder delegate);
+
+	@Override
+	public void create() throws UncheckedIOException {
+		if (exists()) {
+			return;
+		}
+		parent().ifPresent(p -> p.create());
+		delegate.create();
+	}
+
+	@Override
+	public void delete() {
+		delegate.delete();
+	}
+
+	@Override
+	public void copyTo(Folder destination) throws UncheckedIOException {
+		if (destination instanceof DelegatingFolder) {
+			final Folder delegateDest = ((DelegatingFolder<?, ?>) destination).delegate;
+			delegate.copyTo(delegateDest);
+		} else {
+			throw new IllegalArgumentException("Can only copy DelegatingFolder to other DelegatingFolder.");
+		}
+	}
+
+	@Override
+	public void moveTo(Folder destination) {
+		if (getClass().equals(destination.getClass())) {
+			final Folder delegateDest = ((DelegatingFolder<?, ?>) destination).delegate;
+			delegate.moveTo(delegateDest);
+		} else {
+			throw new IllegalArgumentException("Can only move DelegatingFolder to other DelegatingFolder.");
+		}
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingNode.java

@@ -0,0 +1,78 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.delegating;
+
+import java.io.UncheckedIOException;
+import java.time.Instant;
+import java.util.Optional;
+
+import org.cryptomator.filesystem.Node;
+
+public abstract class DelegatingNode<T extends Node> implements Node {
+
+	protected final T delegate;
+
+	public DelegatingNode(T delegate) {
+		if (delegate == null) {
+			throw new IllegalArgumentException("Delegate must not be null");
+		}
+		this.delegate = delegate;
+	}
+
+	@Override
+	public String name() throws UncheckedIOException {
+		return delegate.name();
+	}
+
+	@Override
+	public boolean exists() throws UncheckedIOException {
+		return delegate.exists();
+	}
+
+	@Override
+	public Instant lastModified() throws UncheckedIOException {
+		return delegate.lastModified();
+	}
+
+	@Override
+	public void setLastModified(Instant instant) throws UncheckedIOException {
+		delegate.setLastModified(instant);
+	}
+
+	@Override
+	public Optional<Instant> creationTime() throws UncheckedIOException {
+		return delegate.creationTime();
+	}
+
+	@Override
+	public void setCreationTime(Instant instant) throws UncheckedIOException {
+		delegate.setCreationTime(instant);
+	}
+
+	@Override
+	public int hashCode() {
+		return delegate.hashCode();
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (obj instanceof DelegatingNode) {
+			DelegatingNode<?> other = (DelegatingNode<?>) obj;
+			return this.delegate.equals(other.delegate);
+		} else {
+			return false;
+		}
+	}
+
+	@Override
+	public String toString() {
+		return "Delegate[" + delegate + "]";
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingReadableFile.java

@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.delegating;
+
+import java.io.UncheckedIOException;
+import java.nio.ByteBuffer;
+
+import org.cryptomator.filesystem.ReadableFile;
+
+public class DelegatingReadableFile implements ReadableFile {
+
+	private final ReadableFile delegate;
+
+	public DelegatingReadableFile(ReadableFile delegate) {
+		this.delegate = delegate;
+	}
+
+	@Override
+	public boolean isOpen() {
+		return delegate.isOpen();
+	}
+
+	@Override
+	public int read(ByteBuffer target) throws UncheckedIOException {
+		return delegate.read(target);
+	}
+
+	@Override
+	public long size() throws UncheckedIOException {
+		return delegate.size();
+	}
+
+	@Override
+	public void position(long position) throws UncheckedIOException {
+		delegate.position(position);
+	}
+
+	@Override
+	public void close() throws UncheckedIOException {
+		delegate.close();
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/delegating/DelegatingWritableFile.java

@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.delegating;
+
+import java.io.UncheckedIOException;
+import java.nio.ByteBuffer;
+
+import org.cryptomator.filesystem.WritableFile;
+
+public class DelegatingWritableFile implements WritableFile {
+
+	final WritableFile delegate;
+
+	public DelegatingWritableFile(WritableFile delegate) {
+		this.delegate = delegate;
+	}
+
+	@Override
+	public boolean isOpen() {
+		return delegate.isOpen();
+	}
+
+	@Override
+	public void truncate() throws UncheckedIOException {
+		delegate.truncate();
+	}
+
+	@Override
+	public int write(ByteBuffer source) throws UncheckedIOException {
+		return delegate.write(source);
+	}
+
+	@Override
+	public void position(long position) throws UncheckedIOException {
+		delegate.position(position);
+	}
+
+	@Override
+	public void close() throws UncheckedIOException {
+		delegate.close();
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/filesystem/package-info.java

@@ -0,0 +1,13 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+/**
+ * Defines a file system abstraction to allow access to real and virtual file
+ * systems through a common API.
+ */
+package org.cryptomator.filesystem;

main/filesystem-api/src/main/java/org/cryptomator/io/ByteBuffers.java

@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.io;
+
+import java.nio.ByteBuffer;
+
+public final class ByteBuffers {
+
+	private ByteBuffers() {
+	}
+
+	/**
+	 * Copies as many bytes as possible from the given source to the destination buffer.
+	 * The position of both buffers will be incremented by as many bytes as have been copied.
+	 * 
+	 * @param source ByteBuffer from which bytes are read
+	 * @param destination ByteBuffer into which bytes are written
+	 * @return number of bytes copied, i.e. {@link ByteBuffer#remaining() source.remaining()} or {@link ByteBuffer#remaining() destination.remaining()}, whatever is less.
+	 */
+	public static int copy(ByteBuffer source, ByteBuffer destination) {
+		final int numBytes = Math.min(source.remaining(), destination.remaining());
+		final ByteBuffer tmp = source.asReadOnlyBuffer();
+		tmp.limit(tmp.position() + numBytes);
+		destination.put(tmp);
+		source.position(tmp.position()); // until now only tmp pos has been incremented, so we need to adjust the position
+		return numBytes;
+	}
+
+}

main/filesystem-api/src/main/java/org/cryptomator/io/FileContents.java

@@ -0,0 +1,56 @@
+package org.cryptomator.io;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.UncheckedIOException;
+import java.nio.channels.Channels;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+
+import org.apache.commons.io.IOUtils;
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.WritableFile;
+
+public final class FileContents {
+
+	public static final FileContents UTF_8 = FileContents.withCharset(StandardCharsets.UTF_8);
+
+	private final Charset charset;
+
+	private FileContents(Charset charset) {
+		this.charset = charset;
+	}
+
+	/**
+	 * Reads the whole content from the given file.
+	 * 
+	 * @param file File whose content should be read.
+	 * @return The file's content interpreted in this FileContents' charset.
+	 */
+	public String readContents(File file) {
+		try (Reader reader = Channels.newReader(file.openReadable(), charset.newDecoder(), -1)) {
+			return IOUtils.toString(reader);
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
+	/**
+	 * Writes the string into the file encoded with this FileContents' charset.
+	 * This methods replaces any previously existing content, i.e. the string will be the sole content.
+	 * 
+	 * @param file File whose content should be written.
+	 * @param content The new content.
+	 */
+	public void writeContents(File file, String content) {
+		try (WritableFile writable = file.openWritable()) {
+			writable.truncate();
+			writable.write(charset.encode(content));
+		}
+	}
+
+	public static FileContents withCharset(Charset charset) {
+		return new FileContents(charset);
+	}
+
+}

main/filesystem-api/src/test/java/org/cryptomator/filesystem/ByteBufferMatcher.java

@@ -0,0 +1,36 @@
+package org.cryptomator.filesystem;
+
+import java.nio.ByteBuffer;
+
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+
+public class ByteBufferMatcher {
+
+	public static Matcher<ByteBuffer> byteBufferFilledWith(int value) {
+		if (((byte) value) != value) {
+			throw new IllegalArgumentException("Invalid byte value");
+		}
+		return new TypeSafeDiagnosingMatcher<ByteBuffer>(ByteBuffer.class) {
+
+			@Override
+			public void describeTo(Description description) {
+				description.appendText("a byte buffer filled with " + value);
+			}
+
+			@Override
+			protected boolean matchesSafely(ByteBuffer item, Description mismatchDescription) {
+				while (item.hasRemaining()) {
+					byte currentValue = item.get();
+					if (currentValue != value) {
+						mismatchDescription.appendText("a byte buffer containing also " + currentValue);
+						return false;
+					}
+				}
+				return true;
+			}
+		};
+	}
+
+}

main/filesystem-api/src/test/java/org/cryptomator/filesystem/CopierTest.java

@@ -0,0 +1,227 @@
+package org.cryptomator.filesystem;
+
+import static java.util.Arrays.asList;
+import static org.cryptomator.common.test.matcher.ContainsMatcher.contains;
+import static org.cryptomator.common.test.mockito.Answers.collectParameters;
+import static org.cryptomator.common.test.mockito.Answers.consecutiveAnswers;
+import static org.cryptomator.common.test.mockito.Answers.value;
+import static org.cryptomator.filesystem.File.EOF;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.inOrder;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.stream.Stream;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.mockito.InOrder;
+import org.mockito.Mock;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+import org.mockito.stubbing.Answer;
+
+import de.bechte.junit.runners.context.HierarchicalContextRunner;
+
+@RunWith(HierarchicalContextRunner.class)
+public class CopierTest {
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	@Rule
+	public MockitoRule mockitoRule = MockitoJUnit.rule();
+
+	public class CopyFiles {
+
+		@Mock
+		private File source;
+
+		@Mock
+		private File destination;
+
+		@Mock
+		private ReadableFile readable;
+
+		@Mock
+		private WritableFile writable;
+
+		@Before
+		public void setUp() {
+			when(source.openReadable()).thenReturn(readable);
+			when(destination.openWritable()).thenReturn(writable);
+		}
+
+		@Test
+		public void testCopyFileOpensFilesInSortedOrderIfSourceIsSmallerDestination() {
+			mockCompareToWithOrder(source, destination);
+			when(readable.read(any())).thenReturn(EOF);
+
+			Copier.copy(source, destination);
+
+			InOrder inOrder = inOrder(source, destination);
+			inOrder.verify(source).openReadable();
+			inOrder.verify(destination).openWritable();
+		}
+
+		@Test
+		public void testCopyFileOpensFilesInSortedOrderIfDestinationIsSmallerSource() {
+			mockCompareToWithOrder(destination, source);
+			when(readable.read(any())).thenReturn(EOF);
+
+			Copier.copy(source, destination);
+
+			InOrder inOrder = inOrder(source, destination);
+			inOrder.verify(destination).openWritable();
+			inOrder.verify(source).openReadable();
+		}
+
+		@Test
+		public void testCopyFileReadsAndWritesReadableSourceAndWritableDestintationUntilEof() {
+			int irrelevantValue = 0;
+			Collection<byte[]> written = new ArrayList<>();
+			mockCompareToWithOrder(source, destination);
+			byte[] read1 = {1, 48, 32, 33, 22};
+			byte[] read2 = {4, 3, 1, -2, -8};
+			when(readable.read(any())).then(consecutiveAnswers(fillBufferWith(read1), fillBufferWith(read2), value(EOF)));
+			when(writable.write(any())).then(collectParameters(value(irrelevantValue), (ByteBuffer buffer) -> {
+				byte[] data = new byte[buffer.remaining()];
+				buffer.get(data);
+				written.add(data);
+			}));
+
+			Copier.copy(source, destination);
+
+			InOrder inOrder = inOrder(readable, writable);
+			inOrder.verify(writable).truncate();
+			inOrder.verify(readable).read(any());
+			inOrder.verify(writable).write(any());
+			inOrder.verify(readable).read(any());
+			inOrder.verify(writable).write(any());
+			inOrder.verify(readable).read(any());
+			inOrder.verify(readable).close();
+			inOrder.verify(writable).close();
+
+			assertThat(written, contains(is(read1), is(read2)));
+		}
+
+		private Answer<Integer> fillBufferWith(byte[] data) {
+			return new Answer<Integer>() {
+				@Override
+				public Integer answer(InvocationOnMock invocation) throws Throwable {
+					ByteBuffer buffer = invocation.getArgumentAt(0, ByteBuffer.class);
+					for (byte value : data) {
+						buffer.put(value);
+					}
+					return data.length;
+				}
+
+			};
+		}
+
+		private void mockCompareToWithOrder(File first, File last) {
+			when(first.compareTo(last)).thenReturn(-1);
+			when(last.compareTo(first)).thenReturn(1);
+		}
+
+	}
+
+	public class CopyFolders {
+
+		@Mock
+		private Folder source;
+
+		@Mock
+		private Folder destination;
+
+		@Test
+		public void testCopyFolderDeletesAndCreatesDestinationBeforeIteratingOverTheFilesAndFoldersInSource() {
+			when(source.files()).thenReturn(Stream.empty());
+			when(source.folders()).thenReturn(Stream.empty());
+
+			Copier.copy(source, destination);
+
+			InOrder inOrder = inOrder(source, destination);
+			inOrder.verify(destination).delete();
+			inOrder.verify(destination).create();
+			inOrder.verify(source).files();
+			inOrder.verify(source).folders();
+		}
+
+		@Test
+		@SuppressWarnings({"unchecked", "rawtypes"})
+		public void testCopyFolderInvokesCopyToOnAllFilesInSourceWithFileWithSameNameFromDestination() {
+			String filename1 = "nameOfFile1";
+			String filename2 = "nameOfFile2";
+			File file1 = mock(File.class);
+			File file2 = mock(File.class);
+			File destinationFile1 = mock(File.class);
+			File destinationFile2 = mock(File.class);
+			when(source.files()).thenReturn((Stream) asList(file1, file2).stream());
+			when(source.folders()).thenReturn(Stream.empty());
+			when(destination.file(filename1)).thenReturn(destinationFile1);
+			when(destination.file(filename2)).thenReturn(destinationFile2);
+			when(file1.name()).thenReturn(filename1);
+			when(file2.name()).thenReturn(filename2);
+
+			Copier.copy(source, destination);
+
+			verify(file1).copyTo(destinationFile1);
+			verify(file2).copyTo(destinationFile2);
+		}
+
+		@Test
+		@SuppressWarnings({"unchecked", "rawtypes"})
+		public void testCopyFolderInvokesCopyToOnAllFoldersInSourceWithFolderWithSameNameFromDestination() {
+			String folderName1 = "nameOfFolder1";
+			String folderName2 = "nameOfFolder2";
+			Folder folder1 = mock(Folder.class);
+			Folder folder2 = mock(Folder.class);
+			Folder destinationfolder1 = mock(Folder.class);
+			Folder destinationfolder2 = mock(Folder.class);
+			when(source.folders()).thenReturn((Stream) asList(folder1, folder2).stream());
+			when(source.files()).thenReturn(Stream.empty());
+			when(destination.folder(folderName1)).thenReturn(destinationfolder1);
+			when(destination.folder(folderName2)).thenReturn(destinationfolder2);
+			when(folder1.name()).thenReturn(folderName1);
+			when(folder2.name()).thenReturn(folderName2);
+
+			Copier.copy(source, destination);
+
+			verify(folder1).copyTo(destinationfolder1);
+			verify(folder2).copyTo(destinationfolder2);
+		}
+
+		@Test
+		public void testCopyFolderFailsWithIllegalArgumentExceptionIfSourceIsNestedInDestination() {
+			when(source.isAncestorOf(destination)).thenReturn(false);
+			when(destination.isAncestorOf(source)).thenReturn(true);
+
+			thrown.expect(IllegalArgumentException.class);
+
+			Copier.copy(source, destination);
+		}
+
+		@Test
+		public void testCopyFolderFailsWithIllegalArgumentExceptionIfDestinationIsNestedInSource() {
+			when(source.isAncestorOf(destination)).thenReturn(true);
+			when(destination.isAncestorOf(source)).thenReturn(false);
+
+			thrown.expect(IllegalArgumentException.class);
+
+			Copier.copy(source, destination);
+		}
+
+	}
+
+}