Merge branch 'release/1.1.4'

Fixes #308, fixes #319, fixes #318, fixes #317, fixes #311, fixes #267

# Conflicts:
#	main/ant-kit/pom.xml
#	main/commons-test/pom.xml
#	main/commons/pom.xml
#	main/filesystem-api/pom.xml
#	main/filesystem-charsets/pom.xml
#	main/filesystem-crypto-integration-tests/pom.xml
#	main/filesystem-crypto/pom.xml
#	main/filesystem-inmemory/pom.xml
#	main/filesystem-invariants-tests/pom.xml
#	main/filesystem-nameshortening/pom.xml
#	main/filesystem-nio/pom.xml
#	main/filesystem-stats/pom.xml
#	main/frontend-api/pom.xml
#	main/frontend-webdav/pom.xml
#	main/jacoco-report/pom.xml
#	main/pom.xml
#	main/uber-jar/pom.xml
#	main/ui/pom.xml

.gitignore

@@ -11,3 +11,9 @@
 .classpath
 target/
 test-output/
+
+# IntelliJ Settings Files #
+.idea/
+out/
+.idea_modules/
+*.iws

.travis.yml

@@ -11,6 +11,7 @@ env:
   global:
     - secure: "Lgj042RD0X3rB8VZVZLWP1GetLhjd3PqI5JbJMlzgHJpDI6RkFIBLN9SWAGmkLPCehIp2zA5tu9+UVy0NNMxm9xz6SyjMCaxS28/fnYEXaNmwwDSF6O6gLUbdxyzoYIFPYOPmFxpzhebqnNIsxaM29oZpgRgUGqosCczQxiB+Ng=" #coveralls
     - secure: "IfYURwZaDWuBDvyn47n0k1Zod/IQw1FF+CS5nnV08Q+NfC3vGGJMwV8m59XnbfwnWGxwvCaAbk4qP6s6+ijgZNKkvgfFMo3rfTok5zt43bIqgaFOANYV+OC/1c59gYD6ZUxhW5iNgMgU3qdsRtJuwSmfkVv/jKyLGfAbS4kN8BA=" #coverity
+    - secure: "lV9OwUbHMrMpLUH1CY+Z4puLDdFXytudyPlG1eGRsesdpuG6KM3uQVz6uAtf6lrU8DRbMM/T7ML+PmvQ4UoPPYLdLxESLLBat2qUPOIVBOhTSlCc7I0DmGy04CSvkeMy8dPaQC0ukgNiR7zwoNzfcpGRN/U9S8tziDruuHoZSrg=" #bintray
 
 before_install: "curl -L --cookie 'oraclelicense=accept-securebackup-cookie;' http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -o /tmp/policy.zip && sudo unzip -j -o /tmp/policy.zip *.jar -d `jdk_switcher home oraclejdk8`/jre/lib/security && rm /tmp/policy.zip"
 
@@ -39,10 +40,10 @@ addons:
       name: "cryptomator/cryptomator"
     notification_email: sebastian.stenzel@cryptomator.org
     build_command: "mvn -fmain/pom.xml clean test -DskipTests"
-    branch_pattern: coverity_scan
+    branch_pattern: release.*
 
 deploy:
-  provider: releases
+- provider: releases
   prerelease: false
   api_key:
     secure: "ZjE1j93v3qbPIe2YbmhS319aCbMdLQw0HuymmluTurxXsZtn9D4t2+eTr99vBVxGRuB5lzzGezPR5zjk5W7iHF7xhwrawXrFzr2rPJWzWFt0aM+Ry2njU1ROTGGXGTbv4anWeBlgMxLEInTAy/9ytOGNJlec83yc0THpOY2wxnk="
@@ -53,3 +54,13 @@ deploy:
   on:
     repo: cryptomator/cryptomator
     tags: true
+- provider: script
+  script: "curl -X POST -u cryptobot:${BINTRAY_API_KEY} -H 'Content-Type: application/json' -d '{\"name\": \"${TRAVIS_TAG}\", \"vcs_tag\": \"${TRAVIS_TAG}\"}' https://api.bintray.com/packages/cryptomator/cryptomator/cryptomator-win/versions"
+  on:
+    repo: cryptomator/cryptomator
+    tags: true
+- provider: script
+  script: "curl -X POST -u cryptobot:${BINTRAY_API_KEY} -H 'Content-Type: application/json' -d '{\"name\": \"${TRAVIS_TAG}\", \"vcs_tag\": \"${TRAVIS_TAG}\"}' https://api.bintray.com/packages/cryptomator/cryptomator/cryptomator-osx/versions"
+  on:
+    repo: cryptomator/cryptomator
+    tags: true

README.md

@@ -2,6 +2,7 @@
 
 [![Build Status](https://travis-ci.org/cryptomator/cryptomator.svg?branch=master)](https://travis-ci.org/cryptomator/cryptomator)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/cryptomator-cryptomator/badge.svg?flat=1)](https://scan.coverity.com/projects/cryptomator-cryptomator)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/2a0adf3cec6a4143b91035d3924178f1)](https://www.codacy.com/app/cryptomator/cryptomator?utm_source=github.com&utm_medium=referral&utm_content=cryptomator/cryptomator&utm_campaign=Badge_Grade)
 [![Coverage Status](https://coveralls.io/repos/github/cryptomator/cryptomator/badge.svg?branch=master)](https://coveralls.io/github/cryptomator/cryptomator?branch=master)
 [![Join the chat at https://gitter.im/cryptomator/cryptomator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/cryptomator/cryptomator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Twitter](https://img.shields.io/badge/twitter-@Cryptomator-blue.svg?style=flat)](http://twitter.com/Cryptomator)
@@ -45,7 +46,7 @@ For more information on the security details visit [cryptomator.org](https://cry
 
 * Java 8 + JCE unlimited strength policy files (needed for 256-bit keys)
 * Maven 3
-* Optional: OS-dependent build tools for native packaging (see [Windows](https://github.com/cryptomator/cryptomator-win), [OS X](https://github.com/cryptomator/cryptomator-osx), [Debian](https://github.com/cryptomator/cryptomator-deb))
+* Optional: OS-dependent build tools for native packaging (see [Windows](https://github.com/cryptomator/cryptomator-win), [OS X](https://github.com/cryptomator/cryptomator-osx), [Linux](https://github.com/cryptomator/builder-containers))
 
 ### Run Maven
 

main/ant-kit/assembly.xml

@@ -14,6 +14,12 @@
 			</includes>
 			<outputDirectory>libs</outputDirectory>
 		</fileSet>
+		<fileSet>
+			<directory>target/fixed-binaries</directory>
+			<filtered>false</filtered>
+			<outputDirectory>fixed-binaries</outputDirectory>
+			<fileMode>755</fileMode>
+		</fileSet>
 		<fileSet>
 			<directory>target/package</directory>
 			<filtered>false</filtered>

main/ant-kit/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>ant-kit</artifactId>
 	<packaging>pom</packaging>
@@ -60,6 +60,16 @@
 								<resource>
 									<directory>src/main/resources</directory>
 									<filtering>true</filtering>
+									<excludes>
+										<exclude>fixed-binaries/**</exclude>
+									</excludes>
+								</resource>
+								<resource>
+									<directory>src/main/resources</directory>
+									<filtering>false</filtering>
+									<includes>
+										<include>fixed-binaries/**</include>
+									</includes>
 								</resource>
 							</resources>
 						</configuration>

main/ant-kit/src/main/resources/build.xml

@@ -50,6 +50,7 @@
 			<fx:resources>
 				<fx:fileset dir="antbuild" type="jar" includes="Cryptomator-${project.version}.jar" />
 				<fx:fileset dir="libs" type="jar" includes="*.jar" excludes="ui-${project.version}.jar"/>
+				<fx:fileset dir="fixed-binaries" type="data" includes="linux-launcher-*" arch=""/>
 			</fx:resources>
 			<fx:permissions elevated="false" />
 			<fx:preferences install="true" />

main/ant-kit/src/main/resources/package/linux/control

@@ -9,7 +9,7 @@ Priority: optional
 Architecture: APPLICATION_ARCH
 Provides: APPLICATION_PACKAGE
 Installed-Size: APPLICATION_INSTALLED_SIZE
-Depends: gvfs-bin, gvfs-backends, gvfs-fuse, xdg-utils
+Depends: gvfs-bin, gvfs-backends, gvfs-fuse
 Description: Multi-platform client-side encryption of your cloud files.
  Cryptomator provides free client-side AES encryption for your cloud files.
  Create encrypted vaults, which get mounted as virtual volumes. Whatever

main/ant-kit/src/main/resources/package/linux/postinst

@@ -0,0 +1,50 @@
+#!/bin/sh
+# postinst script for APPLICATION_NAME
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+        echo Adding shortcut to the menu
+SECONDARY_LAUNCHERS_INSTALL
+APP_CDS_CACHE
+        xdg-desktop-menu install --novendor /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME.desktop
+FILE_ASSOCIATION_INSTALL
+
+        rm /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+        if [ $(uname -m) = "x86_64" ]; then
+        	mv /opt/APPLICATION_FS_NAME/app/linux-launcher-x64 /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+        else
+            mv /opt/APPLICATION_FS_NAME/app/linux-launcher-x86 /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+        fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

main/ant-kit/src/main/resources/package/linux/spec

@@ -0,0 +1,54 @@
+Summary: APPLICATION_SUMMARY
+Name: APPLICATION_PACKAGE
+Version: APPLICATION_VERSION
+Release: 1
+License: APPLICATION_LICENSE_TYPE
+Vendor: APPLICATION_VENDOR
+Prefix: /opt
+Provides: APPLICATION_PACKAGE
+Requires: ld-linux.so.2 libX11.so.6 libXext.so.6 libXi.so.6 libXrender.so.1 libXtst.so.6 libasound.so.2 libc.so.6 libdl.so.2 libgcc_s.so.1 libm.so.6 libpthread.so.0 libthread_db.so.1
+Autoprov: 0
+Autoreq: 0
+
+#avoid ARCH subfolder
+%define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm
+
+#comment line below to enable effective jar compression
+#it could easily get your package size from 40 to 15Mb but 
+#build time will substantially increase and it may require unpack200/system java to install
+%define __jar_repack %{nil}
+
+%description
+APPLICATION_DESCRIPTION
+
+%prep
+
+%build
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/opt
+cp -r %{_sourcedir}/APPLICATION_FS_NAME %{buildroot}/opt
+
+%files
+APPLICATION_LICENSE_FILE
+/opt/APPLICATION_FS_NAME
+
+%post
+SECONDARY_LAUNCHERS_INSTALL
+APP_CDS_CACHE
+xdg-desktop-menu install --novendor /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME.desktop
+FILE_ASSOCIATION_INSTALL
+rm /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+if [ $(uname -m) = "x86_64" ]; then
+	mv /opt/APPLICATION_FS_NAME/app/linux-launcher-x64 /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+else
+    mv /opt/APPLICATION_FS_NAME/app/linux-launcher-x86 /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME
+fi
+
+%preun
+SECONDARY_LAUNCHERS_REMOVE
+xdg-desktop-menu uninstall --novendor /opt/APPLICATION_FS_NAME/APPLICATION_LAUNCHER_FILENAME.desktop
+FILE_ASSOCIATION_REMOVE
+
+%clean

main/commons-test/pom.xml

@@ -10,17 +10,26 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>commons-test</artifactId>
 	<name>Cryptomator common test dependencies</name>
 	<description>Shared utilities for tests</description>
 
 	<dependencies>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>commons</artifactId>
+		</dependency>
+		
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>de.bechte.junit</groupId>
 			<artifactId>junit-hierarchicalcontextrunner</artifactId>
@@ -29,11 +38,6 @@
 			<groupId>org.hamcrest</groupId>
 			<artifactId>hamcrest-all</artifactId>
 		</dependency>
-		
-		<dependency>
-			<groupId>org.cryptomator</groupId>
-			<artifactId>commons</artifactId>
-		</dependency>
 	</dependencies>
 
 </project>

main/commons/pom.xml

@@ -10,7 +10,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>commons</artifactId>
 	<name>Cryptomator common</name>
@@ -44,6 +44,11 @@
 			<artifactId>junit</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>de.bechte.junit</groupId>
 			<artifactId>junit-hierarchicalcontextrunner</artifactId>

main/commons/src/main/java/org/cryptomator/common/ConsumerThrowingException.java

@@ -1,7 +1,7 @@
 package org.cryptomator.common;
 
 @FunctionalInterface
-public interface ConsumerThrowingException<T, E extends Exception> {
+public interface ConsumerThrowingException<T, E extends Throwable> {
 
 	void accept(T t) throws E;
 

main/commons/src/main/java/org/cryptomator/common/RunnableThrowingException.java

@@ -1,7 +1,7 @@
 package org.cryptomator.common;
 
 @FunctionalInterface
-public interface RunnableThrowingException<T extends Exception> {
+public interface RunnableThrowingException<T extends Throwable> {
 
 	void run() throws T;
 

main/commons/src/main/java/org/cryptomator/common/StackTrace.java

@@ -0,0 +1,56 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Markus Kreusch and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Markus Kreusch - initial implementation
+ *******************************************************************************/
+package org.cryptomator.common;
+
+import java.util.stream.Stream;
+
+/**
+ * Utility to print stack traces while analyzing issues.
+ * 
+ * @author Markus Kreusch
+ */
+public class StackTrace {
+
+	public static void print(String message) {
+		Thread thread = Thread.currentThread();
+		System.err.println(stackTraceFor(message, thread));
+	}
+
+	private static String stackTraceFor(String message, Thread thread) {
+		StringBuilder result = new StringBuilder();
+		appendMessageAndThreadName(result, message, thread);
+		appendStackTrace(thread, result);
+		return result.toString();
+	}
+
+	private static void appendStackTrace(Thread thread, StringBuilder result) {
+		Stream.of(thread.getStackTrace()) //
+				.skip(4) //
+				.forEach(stackTraceElement -> append(stackTraceElement, result));
+	}
+
+	private static void appendMessageAndThreadName(StringBuilder result, String message, Thread thread) {
+		result //
+				.append('[') //
+				.append(thread.getName()) //
+				.append("] ") //
+				.append(message);
+	}
+
+	private static void append(StackTraceElement stackTraceElement, StringBuilder result) {
+		String className = stackTraceElement.getClassName();
+		String methodName = stackTraceElement.getMethodName();
+		String fileName = stackTraceElement.getFileName();
+		int lineNumber = stackTraceElement.getLineNumber();
+		result.append('\n') //
+				.append(className).append(':').append(methodName) //
+				.append(" (").append(fileName).append(':').append(lineNumber).append(')');
+	}
+
+}

main/commons/src/main/java/org/cryptomator/common/SupplierThrowingException.java

@@ -0,0 +1,8 @@
+package org.cryptomator.common;
+
+@FunctionalInterface
+public interface SupplierThrowingException<T, E extends Throwable> {
+
+	T get() throws E;
+
+}

main/filesystem-api/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-api</artifactId>
 	<name>Cryptomator filesystem: API</name>

main/filesystem-api/src/main/java/org/cryptomator/io/FileContents.java

@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.io.Reader;
 import java.io.UncheckedIOException;
 import java.nio.channels.Channels;
+import java.nio.channels.ReadableByteChannel;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 
@@ -28,7 +29,9 @@ public final class FileContents {
 	 * @return The file's content interpreted in this FileContents' charset.
 	 */
 	public String readContents(File file) {
-		try (Reader reader = Channels.newReader(file.openReadable(), charset.newDecoder(), -1)) {
+		try ( //
+				ReadableByteChannel channel = file.openReadable(); //
+				Reader reader = Channels.newReader(channel, charset.newDecoder(), -1)) {
 			return IOUtils.toString(reader);
 		} catch (IOException e) {
 			throw new UncheckedIOException(e);

main/filesystem-charsets/pom.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Copyright (c) 2015 Sebastian Stenzel
+  This file is licensed under the terms of the MIT license.
+  See the LICENSE.txt file for more info.
+  
+  Contributors:
+      Sebastian Stenzel - initial API and implementation
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.cryptomator</groupId>
+		<artifactId>main</artifactId>
+		<version>1.1.4</version>
+	</parent>
+	<artifactId>filesystem-charsets</artifactId>
+	<name>Cryptomator filesystem: Charset compatibility layer</name>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>filesystem-api</artifactId>
+		</dependency>
+
+		<!-- Tests -->
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>commons-test</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>filesystem-inmemory</artifactId>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+</project>

main/filesystem-charsets/src/main/java/org/cryptomator/filesystem/charsets/NormalizedNameFile.java

@@ -0,0 +1,32 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.io.UncheckedIOException;
+import java.text.Normalizer;
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.delegating.DelegatingFile;
+
+class NormalizedNameFile extends DelegatingFile<NormalizedNameFolder> {
+
+	private final Form displayForm;
+
+	public NormalizedNameFile(NormalizedNameFolder parent, File delegate, Form displayForm) {
+		super(parent, delegate);
+		this.displayForm = displayForm;
+	}
+
+	@Override
+	public String name() throws UncheckedIOException {
+		return Normalizer.normalize(super.name(), displayForm);
+	}
+
+}

main/filesystem-charsets/src/main/java/org/cryptomator/filesystem/charsets/NormalizedNameFileSystem.java

@@ -0,0 +1,27 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.delegating.DelegatingFileSystem;
+
+public class NormalizedNameFileSystem extends NormalizedNameFolder implements DelegatingFileSystem {
+
+	public NormalizedNameFileSystem(Folder delegate, Form displayForm) {
+		super(null, delegate, displayForm);
+	}
+
+	@Override
+	public Folder getDelegate() {
+		return delegate;
+	}
+
+}

main/filesystem-charsets/src/main/java/org/cryptomator/filesystem/charsets/NormalizedNameFolder.java

@@ -0,0 +1,76 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.io.UncheckedIOException;
+import java.text.Normalizer;
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.delegating.DelegatingFolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+class NormalizedNameFolder extends DelegatingFolder<NormalizedNameFolder, NormalizedNameFile> {
+
+	private static final Logger LOG = LoggerFactory.getLogger(NormalizedNameFolder.class);
+	private final Form displayForm;
+
+	public NormalizedNameFolder(NormalizedNameFolder parent, Folder delegate, Form displayForm) {
+		super(parent, delegate);
+		this.displayForm = displayForm;
+	}
+
+	@Override
+	public String name() throws UncheckedIOException {
+		return Normalizer.normalize(super.name(), displayForm);
+	}
+
+	@Override
+	public NormalizedNameFile file(String name) throws UncheckedIOException {
+		String nfcName = Normalizer.normalize(name, Form.NFC);
+		String nfdName = Normalizer.normalize(name, Form.NFD);
+		NormalizedNameFile nfcFile = super.file(nfcName);
+		NormalizedNameFile nfdFile = super.file(nfdName);
+		if (!nfcName.equals(nfdName) && nfcFile.exists() && nfdFile.exists()) {
+			LOG.warn("Ambiguous file names \"" + nfcName + "\" (NFC) vs. \"" + nfdName + "\" (NFD). Both files exist. Using \"" + nfcName + "\" (NFC).");
+		} else if (!nfcName.equals(nfdName) && !nfcFile.exists() && nfdFile.exists()) {
+			LOG.info("Moving file from \"" + nfcName + "\" (NFD) to \"" + nfdName + "\" (NFC).");
+			nfdFile.moveTo(nfcFile);
+		}
+		return nfcFile;
+	}
+
+	@Override
+	protected NormalizedNameFile newFile(File delegate) {
+		return new NormalizedNameFile(this, delegate, displayForm);
+	}
+
+	@Override
+	public NormalizedNameFolder folder(String name) throws UncheckedIOException {
+		String nfcName = Normalizer.normalize(name, Form.NFC);
+		String nfdName = Normalizer.normalize(name, Form.NFD);
+		NormalizedNameFolder nfcFolder = super.folder(nfcName);
+		NormalizedNameFolder nfdFolder = super.folder(nfdName);
+		if (!nfcName.equals(nfdName) && nfcFolder.exists() && nfdFolder.exists()) {
+			LOG.warn("Ambiguous folder names \"" + nfcName + "\" (NFC) vs. \"" + nfdName + "\" (NFD). Both files exist. Using \"" + nfcName + "\" (NFC).");
+		} else if (!nfcName.equals(nfdName) && !nfcFolder.exists() && nfdFolder.exists()) {
+			LOG.info("Moving folder from \"" + nfcName + "\" (NFD) to \"" + nfdName + "\" (NFC).");
+			nfdFolder.moveTo(nfcFolder);
+		}
+		return nfcFolder;
+	}
+
+	@Override
+	protected NormalizedNameFolder newFolder(Folder delegate) {
+		return new NormalizedNameFolder(this, delegate, displayForm);
+	}
+
+}

main/filesystem-charsets/src/main/java/org/cryptomator/filesystem/charsets/package-info.java

@@ -0,0 +1,16 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+/**
+ * Makes sure, the filesystems wrapped by this filesystem work only on UTF-8 encoded file paths using Normalization Form C.
+ * Filesystems wrapping this file system, on the other hand, will get filenames reported in a specified Normalization Form.
+ * It is recommended to use NFD for OS X and NFC for other operating systems.
+ * When looking for a file or folder with a name given in either form, both possibilities are considered
+ * and files/folders stored in NFD are automatically migrated to NFC.
+ */
+package org.cryptomator.filesystem.charsets;

main/filesystem-charsets/src/test/java/org/cryptomator/filesystem/charsets/NormalizedNameFileSystemTest.java

@@ -0,0 +1,90 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.nio.ByteBuffer;
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.FileSystem;
+import org.cryptomator.filesystem.WritableFile;
+import org.cryptomator.filesystem.inmem.InMemoryFileSystem;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class NormalizedNameFileSystemTest {
+
+	@Test
+	public void testFileMigration() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		try (WritableFile writable = inMemoryFs.file("\u006F\u0302").openWritable()) {
+			writable.write(ByteBuffer.allocate(0));
+		}
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFC);
+		Assert.assertTrue(normalizationFs.file("\u00F4").exists());
+		Assert.assertTrue(normalizationFs.file("\u006F\u0302").exists());
+		Assert.assertFalse(inMemoryFs.file("\u006F\u0302").exists());
+		Assert.assertTrue(inMemoryFs.file("\u00F4").exists());
+	}
+
+	@Test
+	public void testNoFileMigration() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		try (WritableFile writable = inMemoryFs.file("\u00F4").openWritable()) {
+			writable.write(ByteBuffer.allocate(0));
+		}
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFC);
+		Assert.assertTrue(normalizationFs.file("\u00F4").exists());
+		Assert.assertTrue(normalizationFs.file("\u006F\u0302").exists());
+		Assert.assertFalse(inMemoryFs.file("\u006F\u0302").exists());
+		Assert.assertTrue(inMemoryFs.file("\u00F4").exists());
+	}
+
+	@Test
+	public void testFolderMigration() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		inMemoryFs.folder("\u006F\u0302").create();
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFC);
+		Assert.assertTrue(normalizationFs.folder("\u00F4").exists());
+		Assert.assertTrue(normalizationFs.folder("\u006F\u0302").exists());
+		Assert.assertFalse(inMemoryFs.folder("\u006F\u0302").exists());
+		Assert.assertTrue(inMemoryFs.folder("\u00F4").exists());
+	}
+
+	@Test
+	public void testNoFolderMigration() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		inMemoryFs.folder("\u00F4").create();
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFC);
+		Assert.assertTrue(normalizationFs.folder("\u00F4").exists());
+		Assert.assertTrue(normalizationFs.folder("\u006F\u0302").exists());
+		Assert.assertFalse(inMemoryFs.folder("\u006F\u0302").exists());
+		Assert.assertTrue(inMemoryFs.folder("\u00F4").exists());
+	}
+
+	@Test
+	public void testNfcDisplayNames() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		inMemoryFs.folder("a\u00F4").create();
+		inMemoryFs.folder("b\u006F\u0302").create();
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFC);
+		Assert.assertEquals("a\u00F4", normalizationFs.folder("a\u00F4").name());
+		Assert.assertEquals("b\u00F4", normalizationFs.folder("b\u006F\u0302").name());
+	}
+
+	@Test
+	public void testNfdDisplayNames() {
+		FileSystem inMemoryFs = new InMemoryFileSystem();
+		inMemoryFs.folder("a\u00F4").create();
+		inMemoryFs.folder("b\u006F\u0302").create();
+		FileSystem normalizationFs = new NormalizedNameFileSystem(inMemoryFs, Form.NFD);
+		Assert.assertEquals("a\u006F\u0302", normalizationFs.folder("a\u00F4").name());
+		Assert.assertEquals("b\u006F\u0302", normalizationFs.folder("b\u006F\u0302").name());
+	}
+
+}

main/filesystem-charsets/src/test/java/org/cryptomator/filesystem/charsets/NormalizedNameFileTest.java

@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.File;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class NormalizedNameFileTest {
+
+	private File delegateNfc;
+	private File delegateNfd;
+
+	@Before
+	public void setup() {
+		delegateNfc = Mockito.mock(File.class);
+		delegateNfd = Mockito.mock(File.class);
+		Mockito.when(delegateNfc.name()).thenReturn("\u00C5");
+		Mockito.when(delegateNfd.name()).thenReturn("\u0041\u030A");
+	}
+
+	@Test
+	public void testDisplayNameInNfc() {
+		File file1 = new NormalizedNameFile(null, delegateNfc, Form.NFC);
+		File file2 = new NormalizedNameFile(null, delegateNfd, Form.NFC);
+		Assert.assertEquals("\u00C5", file1.name());
+		Assert.assertEquals("\u00C5", file2.name());
+	}
+
+	@Test
+	public void testDisplayNameInNfd() {
+		File file1 = new NormalizedNameFile(null, delegateNfc, Form.NFD);
+		File file2 = new NormalizedNameFile(null, delegateNfd, Form.NFD);
+		Assert.assertEquals("\u0041\u030A", file1.name());
+		Assert.assertEquals("\u0041\u030A", file2.name());
+	}
+
+}

main/filesystem-charsets/src/test/java/org/cryptomator/filesystem/charsets/NormalizedNameFolderTest.java

@@ -0,0 +1,149 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.filesystem.charsets;
+
+import java.text.Normalizer.Form;
+
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class NormalizedNameFolderTest {
+
+	private Folder delegate;
+	private File delegateSubFileNfc;
+	private File delegateSubFileNfd;
+	private Folder delegateSubFolderNfc;
+	private Folder delegateSubFolderNfd;
+
+	@Before
+	public void setup() {
+		delegate = Mockito.mock(Folder.class);
+		delegateSubFileNfc = Mockito.mock(File.class);
+		delegateSubFileNfd = Mockito.mock(File.class);
+		Mockito.when(delegate.file("\u00C5")).thenReturn(delegateSubFileNfc);
+		Mockito.when(delegateSubFileNfc.name()).thenReturn("\u00C5");
+		Mockito.when(delegate.file("\u0041\u030A")).thenReturn(delegateSubFileNfd);
+		Mockito.when(delegateSubFileNfd.name()).thenReturn("\u0041\u030A");
+		delegateSubFolderNfc = Mockito.mock(Folder.class);
+		delegateSubFolderNfd = Mockito.mock(Folder.class);
+		Mockito.when(delegate.folder("\u00F4")).thenReturn(delegateSubFolderNfc);
+		Mockito.when(delegateSubFolderNfc.name()).thenReturn("\u00F4");
+		Mockito.when(delegate.folder("\u006F\u0302")).thenReturn(delegateSubFolderNfd);
+		Mockito.when(delegateSubFolderNfd.name()).thenReturn("\u006F\u0302");
+	}
+
+	@Test
+	public void testDisplayNameInNfc() {
+		Folder folder1 = new NormalizedNameFolder(null, delegateSubFolderNfc, Form.NFC);
+		Folder folder2 = new NormalizedNameFolder(null, delegateSubFolderNfd, Form.NFC);
+		Assert.assertEquals("\u00F4", folder1.name());
+		Assert.assertEquals("\u00F4", folder2.name());
+	}
+
+	@Test
+	public void testDisplayNameInNfd() {
+		Folder folder1 = new NormalizedNameFolder(null, delegateSubFolderNfc, Form.NFD);
+		Folder folder2 = new NormalizedNameFolder(null, delegateSubFolderNfd, Form.NFD);
+		Assert.assertEquals("\u006F\u0302", folder1.name());
+		Assert.assertEquals("\u006F\u0302", folder2.name());
+	}
+
+	@Test
+	public void testNoFolderMigration1() {
+		Mockito.when(delegateSubFolderNfc.exists()).thenReturn(true);
+		Mockito.when(delegateSubFolderNfd.exists()).thenReturn(false);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		Folder sub1 = folder.folder("\u00F4");
+		Folder sub2 = folder.folder("\u006F\u0302");
+		Mockito.verify(delegateSubFolderNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testNoFolderMigration2() {
+		Mockito.when(delegateSubFolderNfc.exists()).thenReturn(true);
+		Mockito.when(delegateSubFolderNfd.exists()).thenReturn(true);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		Folder sub1 = folder.folder("\u00F4");
+		Folder sub2 = folder.folder("\u006F\u0302");
+		Mockito.verify(delegateSubFolderNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testNoFolderMigration3() {
+		Mockito.when(delegateSubFolderNfc.exists()).thenReturn(false);
+		Mockito.when(delegateSubFolderNfd.exists()).thenReturn(false);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		Folder sub1 = folder.folder("\u00F4");
+		Folder sub2 = folder.folder("\u006F\u0302");
+		Mockito.verify(delegateSubFolderNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testFolderMigration() {
+		Mockito.when(delegateSubFolderNfc.exists()).thenReturn(false);
+		Mockito.when(delegateSubFolderNfd.exists()).thenReturn(true);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		Folder sub1 = folder.folder("\u00F4");
+		Mockito.verify(delegateSubFolderNfd).moveTo(delegateSubFolderNfc);
+		Folder sub2 = folder.folder("\u006F\u0302");
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testNoFileMigration1() {
+		Mockito.when(delegateSubFileNfc.exists()).thenReturn(true);
+		Mockito.when(delegateSubFileNfd.exists()).thenReturn(false);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		File sub1 = folder.file("\u00C5");
+		File sub2 = folder.file("\u0041\u030A");
+		Mockito.verify(delegateSubFileNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testNoFileMigration2() {
+		Mockito.when(delegateSubFileNfc.exists()).thenReturn(true);
+		Mockito.when(delegateSubFileNfd.exists()).thenReturn(true);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		File sub1 = folder.file("\u00C5");
+		File sub2 = folder.file("\u0041\u030A");
+		Mockito.verify(delegateSubFileNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testNoFileMigration3() {
+		Mockito.when(delegateSubFileNfc.exists()).thenReturn(false);
+		Mockito.when(delegateSubFileNfd.exists()).thenReturn(false);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		File sub1 = folder.file("\u00C5");
+		File sub2 = folder.file("\u0041\u030A");
+		Mockito.verify(delegateSubFileNfd, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(sub1, sub2);
+	}
+
+	@Test
+	public void testFileMigration() {
+		Mockito.when(delegateSubFileNfc.exists()).thenReturn(false);
+		Mockito.when(delegateSubFileNfd.exists()).thenReturn(true);
+		Folder folder = new NormalizedNameFolder(null, delegate, Form.NFC);
+		File sub1 = folder.file("\u00C5");
+		Mockito.verify(delegateSubFileNfd).moveTo(delegateSubFileNfc);
+		File sub2 = folder.file("\u0041\u030A");
+		Assert.assertSame(sub1, sub2);
+	}
+
+}

main/filesystem-charsets/src/test/resources/log4j2.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<Configuration status="WARN">
+
+	<Appenders>
+		<Console name="Console" target="SYSTEM_OUT">
+			<PatternLayout pattern="%16d %-5p [%c{1}:%L] %m%n" />
+			<ThresholdFilter level="WARN" onMatch="DENY" onMismatch="ACCEPT" />
+		</Console>
+		<Console name="StdErr" target="SYSTEM_ERR">
+			<PatternLayout pattern="%16d %-5p [%c{1}:%L] %m%n" />
+			<ThresholdFilter level="WARN" onMatch="ACCEPT" onMismatch="DENY" />
+		</Console>
+	</Appenders>
+
+	<Loggers>
+		<Root level="DEBUG">
+			<AppenderRef ref="Console" />
+			<AppenderRef ref="StdErr" />
+		</Root>
+	</Loggers>
+
+</Configuration>

main/filesystem-crypto-integration-tests/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-crypto-integration-tests</artifactId>
 	<name>Cryptomator filesystem: Encryption layer tests</name>

main/filesystem-crypto/pom.xml

@@ -12,14 +12,14 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-crypto</artifactId>
 	<name>Cryptomator filesystem: Encryption layer</name>
 	
 	<properties>
 		<bouncycastle.version>1.51</bouncycastle.version>
-		<sivmode.version>1.0.2</sivmode.version>
+		<sivmode.version>1.0.7</sivmode.version>
 	</properties>
 
 	<dependencies>

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/CryptoException.java

@@ -8,7 +8,7 @@
  *******************************************************************************/
 package org.cryptomator.crypto.engine;
 
-abstract class CryptoException extends RuntimeException {
+public abstract class CryptoException extends RuntimeException {
 
 	public CryptoException() {
 		super();

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/FilenameCryptor.java

@@ -8,6 +8,8 @@
  *******************************************************************************/
 package org.cryptomator.crypto.engine;
 
+import java.util.regex.Pattern;
+
 /**
  * Provides deterministic encryption capabilities as filenames must not change on subsequent encryption attempts,
  * otherwise each change results in major directory structure changes which would be a terrible idea for cloud storage encryption.
@@ -22,12 +24,9 @@ public interface FilenameCryptor {
 	String hashDirectoryId(String cleartextDirectoryId);
 
 	/**
-	 * Tests without an actual decryption attempt, if a name is a well-formed ciphertext.
-	 * 
-	 * @param ciphertextName Filename in question
-	 * @return <code>true</code> if the given name is likely to be a valid ciphertext
+	 * @return A Pattern that can be used to test, if a name is a well-formed ciphertext.
 	 */
-	boolean isEncryptedFilename(String ciphertextName);
+	Pattern encryptedNamePattern();
 
 	/**
 	 * @param cleartextName original filename including cleartext file extension

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/UnsupportedVaultFormatException.java

@@ -11,28 +11,28 @@ package org.cryptomator.crypto.engine;
 public class UnsupportedVaultFormatException extends CryptoException {
 
 	private final Integer detectedVersion;
-	private final Integer supportedVersion;
+	private final Integer latestSupportedVersion;
 
-	public UnsupportedVaultFormatException(Integer detectedVersion, Integer supportedVersion) {
-		super("Tried to open vault of version " + detectedVersion + ", but can only handle version " + supportedVersion);
+	public UnsupportedVaultFormatException(Integer detectedVersion, Integer latestSupportedVersion) {
+		super("Tried to open vault of version " + detectedVersion + ", latest supported version is " + latestSupportedVersion);
 		this.detectedVersion = detectedVersion;
-		this.supportedVersion = supportedVersion;
+		this.latestSupportedVersion = latestSupportedVersion;
 	}
 
 	public Integer getDetectedVersion() {
 		return detectedVersion;
 	}
 
-	public Integer getSupportedVersion() {
-		return supportedVersion;
+	public Integer getLatestSupportedVersion() {
+		return latestSupportedVersion;
 	}
 
 	public boolean isVaultOlderThanSoftware() {
-		return detectedVersion == null || detectedVersion < supportedVersion;
+		return detectedVersion == null || detectedVersion < latestSupportedVersion;
 	}
 
 	public boolean isSoftwareOlderThanVault() {
-		return detectedVersion > supportedVersion;
+		return detectedVersion > latestSupportedVersion;
 	}
 
 }

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/Constants.java

@@ -1,11 +1,16 @@
 package org.cryptomator.crypto.engine.impl;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+
 public final class Constants {
 
 	private Constants() {
 	}
 
-	static final Integer CURRENT_VAULT_VERSION = 3;
+	static final Collection<Integer> SUPPORTED_VAULT_VERSIONS = Collections.unmodifiableCollection(Arrays.asList(3, 4));
+	static final Integer CURRENT_VAULT_VERSION = 4;
 
 	public static final int PAYLOAD_SIZE = 32 * 1024;
 	public static final int NONCE_SIZE = 16;

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/CryptorImpl.java

@@ -9,6 +9,7 @@
 package org.cryptomator.crypto.engine.impl;
 
 import static org.cryptomator.crypto.engine.impl.Constants.CURRENT_VAULT_VERSION;
+import static org.cryptomator.crypto.engine.impl.Constants.SUPPORTED_VAULT_VERSIONS;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
@@ -18,6 +19,7 @@ import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.concurrent.atomic.AtomicReference;
 
+import javax.crypto.KeyGenerator;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -81,14 +83,15 @@ class CryptorImpl implements Cryptor {
 
 	@Override
 	public void randomizeMasterkey() {
-		final byte[] randomBytes = new byte[KEYLENGTH_IN_BYTES];
 		try {
-			randomSource.nextBytes(randomBytes);
-			encryptionKey = new SecretKeySpec(randomBytes, ENCRYPTION_ALG);
-			randomSource.nextBytes(randomBytes);
-			macKey = new SecretKeySpec(randomBytes, ENCRYPTION_ALG);
-		} finally {
-			Arrays.fill(randomBytes, (byte) 0x00);
+			KeyGenerator encKeyGen = KeyGenerator.getInstance(ENCRYPTION_ALG);
+			encKeyGen.init(KEYLENGTH_IN_BYTES * Byte.SIZE, randomSource);
+			encryptionKey = encKeyGen.generateKey();
+			KeyGenerator macKeyGen = KeyGenerator.getInstance(MAC_ALG);
+			macKeyGen.init(KEYLENGTH_IN_BYTES * Byte.SIZE, randomSource);
+			macKey = macKeyGen.generateKey();
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("Hard-coded algorithm doesn't exist.", e);
 		}
 	}
 
@@ -107,7 +110,7 @@ class CryptorImpl implements Cryptor {
 		assert keyFile != null;
 
 		// check version
-		if (!CURRENT_VAULT_VERSION.equals(keyFile.getVersion())) {
+		if (!SUPPORTED_VAULT_VERSIONS.contains(keyFile.getVersion())) {
 			throw new UnsupportedVaultFormatException(keyFile.getVersion(), CURRENT_VAULT_VERSION);
 		}
 
@@ -116,12 +119,12 @@ class CryptorImpl implements Cryptor {
 			final SecretKey kek = new SecretKeySpec(kekBytes, ENCRYPTION_ALG);
 			this.macKey = AesKeyWrap.unwrap(kek, keyFile.getMacMasterKey(), MAC_ALG);
 			// future use (as soon as we need to prevent downgrade attacks):
-//			final Mac mac = new ThreadLocalMac(macKey, MAC_ALG).get();
-//			final byte[] versionMac = mac.doFinal(ByteBuffer.allocate(Integer.BYTES).putInt(CURRENT_VAULT_VERSION).array());
-//			if (!MessageDigest.isEqual(versionMac, keyFile.getVersionMac())) {
-//				destroyQuietly(macKey);
-//				throw new UnsupportedVaultFormatException(Integer.MAX_VALUE, CURRENT_VAULT_VERSION);
-//			}
+			// final Mac mac = new ThreadLocalMac(macKey, MAC_ALG).get();
+			// final byte[] versionMac = mac.doFinal(ByteBuffer.allocate(Integer.BYTES).putInt(CURRENT_VAULT_VERSION).array());
+			// if (!MessageDigest.isEqual(versionMac, keyFile.getVersionMac())) {
+			// destroyQuietly(macKey);
+			// throw new UnsupportedVaultFormatException(Integer.MAX_VALUE, CURRENT_VAULT_VERSION);
+			// }
 			this.encryptionKey = AesKeyWrap.unwrap(kek, keyFile.getEncryptionMasterKey(), ENCRYPTION_ALG);
 		} catch (InvalidKeyException e) {
 			throw new InvalidPassphraseException();

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FileHeaderPayload.java

@@ -11,12 +11,14 @@ package org.cryptomator.crypto.engine.impl;
 import java.nio.ByteBuffer;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
@@ -36,13 +38,13 @@ class FileHeaderPayload implements Destroyable {
 	private final SecretKey contentKey;
 
 	public FileHeaderPayload(SecureRandom randomSource) {
-		filesize = 0;
-		final byte[] contentKey = new byte[CONTENT_KEY_LEN];
+		this.filesize = 0;
 		try {
-			randomSource.nextBytes(contentKey);
-			this.contentKey = new SecretKeySpec(contentKey, AES);
-		} finally {
-			Arrays.fill(contentKey, (byte) 0x00);
+			KeyGenerator keyGen = KeyGenerator.getInstance(AES);
+			keyGen.init(CONTENT_KEY_LEN * Byte.SIZE, randomSource);
+			this.contentKey = keyGen.generateKey();
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("Hard-coded algorithm doesn't exist.", e);
 		}
 	}
 

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/FilenameCryptorImpl.java

@@ -12,6 +12,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.regex.Pattern;
 
 import javax.crypto.AEADBadTagException;
 import javax.crypto.SecretKey;
@@ -25,6 +26,8 @@ import org.cryptomator.siv.SivMode;
 class FilenameCryptorImpl implements FilenameCryptor {
 
 	private static final BaseNCodec BASE32 = new Base32();
+	// https://tools.ietf.org/html/rfc4648#section-6
+	private static final Pattern BASE32_PATTERN = Pattern.compile("^([A-Z2-7]{8})*[A-Z2-7=]{8}");
 	private static final ThreadLocal<MessageDigest> SHA1 = new ThreadLocalSha1();
 	private static final ThreadLocal<SivMode> AES_SIV = new ThreadLocal<SivMode>() {
 		@Override
@@ -50,8 +53,8 @@ class FilenameCryptorImpl implements FilenameCryptor {
 	}
 
 	@Override
-	public boolean isEncryptedFilename(String ciphertextName) {
-		return BASE32.isInAlphabet(ciphertextName);
+	public Pattern encryptedNamePattern() {
+		return BASE32_PATTERN;
 	}
 
 	@Override

main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/ThreadLocalAesCtrCipher.java

@@ -25,7 +25,7 @@ final class ThreadLocalAesCtrCipher {
 		try {
 			return Cipher.getInstance(AES_CTR);
 		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-			throw new IllegalStateException("Could not create MAC.", e);
+			throw new IllegalStateException("Could not create Cipher.", e);
 		}
 	}
 

main/filesystem-crypto/src/main/java/org/cryptomator/filesystem/crypto/ConflictResolver.java

@@ -0,0 +1,105 @@
+package org.cryptomator.filesystem.crypto;
+
+import static org.cryptomator.filesystem.crypto.Constants.DIR_PREFIX;
+
+import java.nio.ByteBuffer;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.function.Function;
+import java.util.regex.MatchResult;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.ReadableFile;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+final class ConflictResolver {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ConflictResolver.class);
+	private static final int UUID_FIRST_GROUP_STRLEN = 8;
+	private static final int MAX_DIR_FILE_SIZE = 87; // "normal" file header has 88 bytes
+
+	private final Pattern encryptedNamePattern;
+	private final Function<String, Optional<String>> nameDecryptor;
+	private final Function<String, Optional<String>> nameEncryptor;
+
+	public ConflictResolver(Pattern encryptedNamePattern, Function<String, Optional<String>> nameDecryptor, Function<String, Optional<String>> nameEncryptor) {
+		this.encryptedNamePattern = encryptedNamePattern;
+		this.nameDecryptor = nameDecryptor;
+		this.nameEncryptor = nameEncryptor;
+	}
+
+	public File resolveIfNecessary(File file) {
+		Matcher m = encryptedNamePattern.matcher(StringUtils.removeStart(file.name(), DIR_PREFIX));
+		if (m.matches()) {
+			// full match, use file as is
+			return file;
+		} else if (m.find(0)) {
+			// partial match, might be conflicting
+			return resolveConflict(file, m.toMatchResult());
+		} else {
+			// no match, file not relevant
+			return file;
+		}
+	}
+
+	private File resolveConflict(File conflictingFile, MatchResult matchResult) {
+		String ciphertext = matchResult.group();
+		boolean isDirectory = conflictingFile.name().startsWith(DIR_PREFIX);
+		Optional<String> cleartext = nameDecryptor.apply(ciphertext);
+		if (cleartext.isPresent()) {
+			Folder folder = conflictingFile.parent().get();
+			File canonicalFile = folder.file(isDirectory ? DIR_PREFIX + ciphertext : ciphertext);
+			if (isDirectory && canonicalFile.exists() && isSameFileBasedOnSample(canonicalFile, conflictingFile, MAX_DIR_FILE_SIZE)) {
+				// there must not be two directories pointing to the same directory id. In this case no human interaction is needed to resolve this conflict:
+				conflictingFile.delete();
+				return canonicalFile;
+			} else {
+				// conventional conflict detected! look for an alternative name:
+				File alternativeFile;
+				String conflictId;
+				do {
+					conflictId = createConflictId();
+					String alternativeCleartext = cleartext.get() + " (Conflict " + conflictId + ")";
+					String alternativeCiphertext = nameEncryptor.apply(alternativeCleartext).get();
+					alternativeFile = folder.file(isDirectory ? DIR_PREFIX + alternativeCiphertext : alternativeCiphertext);
+				} while (alternativeFile.exists());
+				LOG.info("Detected conflict {}:\n{}\n{}", conflictId, canonicalFile, conflictingFile);
+				conflictingFile.moveTo(alternativeFile);
+				return alternativeFile;
+			}
+		} else {
+			// not decryptable; false positive
+			return conflictingFile;
+		}
+	}
+
+	private boolean isSameFileBasedOnSample(File file1, File file2, int sampleSize) {
+		try (ReadableFile r1 = file1.openReadable(); ReadableFile r2 = file2.openReadable()) {
+			if (r1.size() != r2.size()) {
+				return false;
+			} else {
+				ByteBuffer beginOfFile1 = ByteBuffer.allocate(sampleSize);
+				ByteBuffer beginOfFile2 = ByteBuffer.allocate(sampleSize);
+				int bytesRead1 = r1.read(beginOfFile1);
+				int bytesRead2 = r2.read(beginOfFile2);
+				if (bytesRead1 == bytesRead2) {
+					beginOfFile1.flip();
+					beginOfFile2.flip();
+					return beginOfFile1.equals(beginOfFile2);
+				} else {
+					return false;
+				}
+			}
+		}
+	}
+
+	private String createConflictId() {
+		return UUID.randomUUID().toString().substring(0, UUID_FIRST_GROUP_STRLEN);
+	}
+
+}

main/filesystem-crypto/src/main/java/org/cryptomator/filesystem/crypto/Constants.java

@@ -8,9 +8,9 @@ public final class Constants {
 	static final String DATA_ROOT_DIR = "d";
 	static final String ROOT_DIRECOTRY_ID = "";
 
-	static final String MASTERKEY_FILENAME = "masterkey.cryptomator";
-	static final String MASTERKEY_BACKUP_FILENAME = "masterkey.cryptomator.bkup";
+	public static final String MASTERKEY_FILENAME = "masterkey.cryptomator";
+	public static final String MASTERKEY_BACKUP_FILENAME = "masterkey.cryptomator.bkup";
 
-	static final String DIR_SUFFIX = "_";
+	static final String DIR_PREFIX = "0";
 
 }

main/filesystem-crypto/src/main/java/org/cryptomator/filesystem/crypto/CryptoFile.java

@@ -8,8 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.filesystem.crypto;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-
 import java.io.UncheckedIOException;
 import java.nio.file.FileAlreadyExistsException;
 import java.util.Optional;
@@ -27,9 +25,7 @@ class CryptoFile extends CryptoNode implements File {
 
 	@Override
 	protected Optional<String> encryptedName() {
-		return parent().get().getDirectoryId().map(s -> s.getBytes(UTF_8)).map(parentDirId -> {
-			return cryptor.getFilenameCryptor().encryptFilename(name(), parentDirId);
-		});
+		return parent().get().encryptChildName(name());
 	}
 
 	@Override

main/filesystem-crypto/src/main/java/org/cryptomator/filesystem/crypto/CryptoFolder.java

@@ -8,8 +8,10 @@
  *******************************************************************************/
 package org.cryptomator.filesystem.crypto;
 
+import static java.lang.String.format;
 import static java.nio.charset.StandardCharsets.UTF_8;
-import static org.cryptomator.filesystem.crypto.Constants.DIR_SUFFIX;
+import static org.apache.commons.lang3.StringUtils.removeStart;
+import static org.cryptomator.filesystem.crypto.Constants.DIR_PREFIX;
 
 import java.io.FileNotFoundException;
 import java.io.UncheckedIOException;
@@ -18,37 +20,44 @@ import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Predicate;
+import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
 import org.apache.commons.lang3.StringUtils;
 import org.cryptomator.common.LazyInitializer;
 import org.cryptomator.common.WeakValuedCache;
 import org.cryptomator.common.streams.AutoClosingStream;
+import org.cryptomator.crypto.engine.CryptoException;
 import org.cryptomator.crypto.engine.Cryptor;
 import org.cryptomator.filesystem.Deleter;
 import org.cryptomator.filesystem.File;
 import org.cryptomator.filesystem.Folder;
 import org.cryptomator.filesystem.Node;
 import org.cryptomator.io.FileContents;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 class CryptoFolder extends CryptoNode implements Folder {
 
+	private static final Logger LOG = LoggerFactory.getLogger(CryptoFolder.class);
 	private final WeakValuedCache<String, CryptoFolder> folders = WeakValuedCache.usingLoader(this::newFolder);
 	private final WeakValuedCache<String, CryptoFile> files = WeakValuedCache.usingLoader(this::newFile);
 	private final AtomicReference<String> directoryId = new AtomicReference<>();
+	private final ConflictResolver conflictResolver;
 
 	public CryptoFolder(CryptoFolder parent, String name, Cryptor cryptor) {
 		super(parent, name, cryptor);
+		this.conflictResolver = new ConflictResolver(cryptor.getFilenameCryptor().encryptedNamePattern(), this::decryptChildName, this::encryptChildName);
 	}
 
+	/* ======================= name + directory id ======================= */
+
 	@Override
 	protected Optional<String> encryptedName() {
 		if (parent().isPresent()) {
-			return parent().get().getDirectoryId().map(s -> s.getBytes(UTF_8)).map(parentDirId -> {
-				return cryptor.getFilenameCryptor().encryptFilename(name(), parentDirId) + DIR_SUFFIX;
-			});
+			return parent().get().encryptChildName(name()).map(s -> DIR_PREFIX + s);
 		} else {
-			return Optional.of(cryptor.getFilenameCryptor().encryptFilename(name()) + DIR_SUFFIX);
+			return Optional.of(DIR_PREFIX + cryptor.getFilenameCryptor().encryptFilename(name()));
 		}
 	}
 
@@ -73,24 +82,60 @@ class CryptoFolder extends CryptoNode implements Folder {
 		}));
 	}
 
+	/* ======================= children ======================= */
+
 	@Override
 	public Stream<? extends Node> children() {
 		return AutoClosingStream.from(Stream.concat(files(), folders()));
 	}
 
+	private Stream<File> nonConflictingFiles() {
+		if (exists()) {
+			final Stream<? extends File> files = physicalFolder().filter(Folder::exists).map(Folder::files).orElse(Stream.empty());
+			return files.filter(startsWithEncryptedName()).map(conflictResolver::resolveIfNecessary).distinct();
+		} else {
+			throw new UncheckedIOException(new FileNotFoundException(format("Folder %s does not exist", this)));
+		}
+	}
+
+	private Predicate<File> startsWithEncryptedName() {
+		final Pattern encryptedNamePattern = cryptor.getFilenameCryptor().encryptedNamePattern();
+		return (File file) -> encryptedNamePattern.matcher(removeStart(file.name(),DIR_PREFIX)).find();
+	}
+
+	Optional<String> decryptChildName(String ciphertextFileName) {
+		return getDirectoryId().map(s -> s.getBytes(UTF_8)).map(dirId -> {
+			try {
+				return cryptor.getFilenameCryptor().decryptFilename(ciphertextFileName, dirId);
+			} catch (CryptoException e) {
+				LOG.warn("Filename decryption of {} failed: {}", ciphertextFileName, e.getMessage());
+				return null;
+			}
+		});
+	}
+
+	Optional<String> encryptChildName(String cleartextFileName) {
+		return getDirectoryId().map(s -> s.getBytes(UTF_8)).map(dirId -> {
+			return cryptor.getFilenameCryptor().encryptFilename(cleartextFileName, dirId);
+		});
+	}
+
 	@Override
 	public Stream<CryptoFile> files() {
-		final Stream<? extends File> files = physicalFolder().filter(Folder::exists).map(Folder::files).orElse(Stream.empty());
-		return files.map(File::name).filter(isEncryptedFileName()).map(this::decryptChildFileName).map(this::file);
+		return nonConflictingFiles().map(File::name).filter(startsWithDirPrefix().negate()).map(this::decryptChildName).filter(Optional::isPresent).map(Optional::get).map(this::file);
 	}
 
-	private Predicate<String> isEncryptedFileName() {
-		return (String name) -> !name.endsWith(DIR_SUFFIX) && cryptor.getFilenameCryptor().isEncryptedFilename(name);
+	@Override
+	public Stream<CryptoFolder> folders() {
+		return nonConflictingFiles().map(File::name).filter(startsWithDirPrefix()).map(this::removeDirPrefix).map(this::decryptChildName).filter(Optional::isPresent).map(Optional::get).map(this::folder);
 	}
 
-	private String decryptChildFileName(String encryptedFileName) {
-		final byte[] dirId = getDirectoryId().get().getBytes(UTF_8);
-		return cryptor.getFilenameCryptor().decryptFilename(encryptedFileName, dirId);
+	private Predicate<String> startsWithDirPrefix() {
+		return (String encryptedFolderName) -> StringUtils.startsWith(encryptedFolderName, DIR_PREFIX);
+	}
+
+	private String removeDirPrefix(String encryptedFolderName) {
+		return StringUtils.removeStart(encryptedFolderName, DIR_PREFIX);
 	}
 
 	@Override
@@ -98,35 +143,21 @@ class CryptoFolder extends CryptoNode implements Folder {
 		return files.get(name);
 	}
 
-	public CryptoFile newFile(String name) {
-		return new CryptoFile(this, name, cryptor);
-	}
-
-	@Override
-	public Stream<CryptoFolder> folders() {
-		final Stream<? extends File> files = physicalFolder().filter(Folder::exists).map(Folder::files).orElse(Stream.empty());
-		return files.map(File::name).filter(isEncryptedDirectoryName()).map(this::decryptChildFolderName).map(this::folder);
-	}
-
-	private Predicate<String> isEncryptedDirectoryName() {
-		return (String name) -> name.endsWith(DIR_SUFFIX) && cryptor.getFilenameCryptor().isEncryptedFilename(StringUtils.removeEnd(name, DIR_SUFFIX));
-	}
-
-	private String decryptChildFolderName(String encryptedFolderName) {
-		final byte[] dirId = getDirectoryId().get().getBytes(UTF_8);
-		final String ciphertext = StringUtils.removeEnd(encryptedFolderName, DIR_SUFFIX);
-		return cryptor.getFilenameCryptor().decryptFilename(ciphertext, dirId);
-	}
-
 	@Override
 	public CryptoFolder folder(String name) {
 		return folders.get(name);
 	}
 
-	public CryptoFolder newFolder(String name) {
+	private CryptoFile newFile(String name) {
+		return new CryptoFile(this, name, cryptor);
+	}
+
+	private CryptoFolder newFolder(String name) {
 		return new CryptoFolder(this, name, cryptor);
 	}
 
+	/* ======================= create/move/delete ======================= */
+
 	@Override
 	public void create() {
 		parent.create();
@@ -176,7 +207,7 @@ class CryptoFolder extends CryptoNode implements Folder {
 		// cut all ties:
 		this.invalidateDirectoryIdsRecursively();
 
-		assert!exists();
+		assert !exists();
 		assert target.exists();
 	}
 

main/filesystem-crypto/src/main/java/org/cryptomator/filesystem/crypto/Masterkeys.java

@@ -16,6 +16,7 @@ import java.io.InputStream;
 import java.io.UncheckedIOException;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channels;
+import java.nio.channels.ReadableByteChannel;
 
 import javax.inject.Inject;
 import javax.inject.Provider;
@@ -52,10 +53,14 @@ class Masterkeys {
 	public Cryptor decrypt(Folder vaultLocation, CharSequence passphrase) throws InvalidPassphraseException {
 		File masterkeyFile = vaultLocation.file(MASTERKEY_FILENAME);
 		Cryptor cryptor = cryptorProvider.get();
+		boolean success = false;
 		try {
 			readMasterKey(masterkeyFile, cryptor, passphrase);
-		} catch (UncheckedIOException e) {
-			cryptor.destroy();
+			success = true;
+		} finally {
+			if (!success) {
+				cryptor.destroy();
+			}
 		}
 		return cryptor;
 	}
@@ -86,7 +91,9 @@ class Masterkeys {
 	/* I/O */
 
 	private static void readMasterKey(File file, Cryptor cryptor, CharSequence passphrase) throws UncheckedIOException, InvalidPassphraseException {
-		try (InputStream in = Channels.newInputStream(file.openReadable())) {
+		try ( //
+				ReadableByteChannel channel = file.openReadable(); //
+				InputStream in = Channels.newInputStream(channel)) {
 			final byte[] fileContents = IOUtils.toByteArray(in);
 			cryptor.readKeysFromMasterkeyFile(fileContents, passphrase);
 		} catch (IOException e) {

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/NoFilenameCryptor.java

@@ -12,6 +12,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.regex.Pattern;
 
 import org.apache.commons.codec.binary.Base32;
 import org.apache.commons.codec.binary.BaseNCodec;
@@ -19,6 +20,7 @@ import org.apache.commons.codec.binary.BaseNCodec;
 class NoFilenameCryptor implements FilenameCryptor {
 
 	private static final BaseNCodec BASE32 = new Base32();
+	private static final Pattern WILDCARD_PATTERN = Pattern.compile(".*");
 	private static final ThreadLocal<MessageDigest> SHA1 = new ThreadLocalSha1();
 
 	@Override
@@ -29,8 +31,8 @@ class NoFilenameCryptor implements FilenameCryptor {
 	}
 
 	@Override
-	public boolean isEncryptedFilename(String ciphertextName) {
-		return true;
+	public Pattern encryptedNamePattern() {
+		return WILDCARD_PATTERN;
 	}
 
 	@Override

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/CryptorImplTest.java

@@ -21,20 +21,20 @@ public class CryptorImplTest {
 
 	@Test
 	public void testMasterkeyDecryptionWithCorrectPassphrase() throws IOException {
-		final String testMasterKey = "{\"version\":3,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
+		final String testMasterKey = "{\"version\":4,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
 				+ "\"primaryMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
 				+ "\"hmacMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
-				+ "\"versionMac\":\"iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLA=\"}";
+				+ "\"versionMac\":\"Z9J8Uc5K1f7YKckLUFpXG39NHK1qUjzadw5nvOqvfok=\"}";
 		final Cryptor cryptor = TestCryptorImplFactory.insecureCryptorImpl();
 		cryptor.readKeysFromMasterkeyFile(testMasterKey.getBytes(), "asd");
 	}
 
 	@Test(expected = InvalidPassphraseException.class)
 	public void testMasterkeyDecryptionWithWrongPassphrase() throws IOException {
-		final String testMasterKey = "{\"version\":3,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
+		final String testMasterKey = "{\"version\":4,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
 				+ "\"primaryMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
 				+ "\"hmacMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
-				+ "\"versionMac\":\"iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLA=\"}";
+				+ "\"versionMac\":\"Z9J8Uc5K1f7YKckLUFpXG39NHK1qUjzadw5nvOqvfok=\"}";
 		final Cryptor cryptor = TestCryptorImplFactory.insecureCryptorImpl();
 		cryptor.readKeysFromMasterkeyFile(testMasterKey.getBytes(), "qwe");
 	}
@@ -44,7 +44,7 @@ public class CryptorImplTest {
 		final String testMasterKey = "{\"version\":-1,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
 				+ "\"primaryMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
 				+ "\"hmacMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
-				+ "\"versionMac\":\"iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLA=\"}";
+				+ "\"versionMac\":\"Z9J8Uc5K1f7YKckLUFpXG39NHK1qUjzadw5nvOqvfok=\"}";
 		final Cryptor cryptor = TestCryptorImplFactory.insecureCryptorImpl();
 		cryptor.readKeysFromMasterkeyFile(testMasterKey.getBytes(), "asd");
 	}
@@ -62,23 +62,24 @@ public class CryptorImplTest {
 	@Ignore
 	@Test(expected = UnsupportedVaultFormatException.class)
 	public void testMasterkeyDecryptionWithWrongVersionMac() throws IOException {
-		final String testMasterKey = "{\"version\":3,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
+		final String testMasterKey = "{\"version\":4,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":2,\"scryptBlockSize\":8," //
 				+ "\"primaryMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
 				+ "\"hmacMasterKey\":\"mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==\"," //
-				+ "\"versionMac\":\"iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLa=\"}";
+				+ "\"versionMac\":\"z9J8Uc5K1f7YKckLUFpXG39NHK1qUjzadw5nvOqvfoK=\"}";
 		final Cryptor cryptor = TestCryptorImplFactory.insecureCryptorImpl();
 		cryptor.readKeysFromMasterkeyFile(testMasterKey.getBytes(), "asd");
 	}
 
 	@Test
 	public void testMasterkeyEncryption() throws IOException {
-		final String expectedMasterKey = "{\"version\":3,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":16384,\"scryptBlockSize\":8," //
+		final String expectedMasterKey = "{\"version\":4,\"scryptSalt\":\"AAAAAAAAAAA=\",\"scryptCostParam\":16384,\"scryptBlockSize\":8," //
 				+ "\"primaryMasterKey\":\"BJPIq5pvhN24iDtPJLMFPLaVJWdGog9k4n0P03j4ru+ivbWY9OaRGQ==\"," //
 				+ "\"hmacMasterKey\":\"BJPIq5pvhN24iDtPJLMFPLaVJWdGog9k4n0P03j4ru+ivbWY9OaRGQ==\"," //
-				+ "\"versionMac\":\"iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLA=\"}";
+				+ "\"versionMac\":\"Z9J8Uc5K1f7YKckLUFpXG39NHK1qUjzadw5nvOqvfok=\"}";
 		final Cryptor cryptor = TestCryptorImplFactory.insecureCryptorImpl();
 		cryptor.randomizeMasterkey();
 		final byte[] masterkeyFile = cryptor.writeKeysToMasterkeyFile("asd");
+		System.out.println(new String(masterkeyFile));
 		Assert.assertArrayEquals(expectedMasterKey.getBytes(), masterkeyFile);
 	}
 

main/filesystem-crypto/src/test/java/org/cryptomator/filesystem/crypto/ConflictResolverTest.java

@@ -0,0 +1,161 @@
+package org.cryptomator.filesystem.crypto;
+
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.regex.Pattern;
+
+import org.apache.commons.codec.binary.Base32;
+import org.apache.commons.codec.binary.BaseNCodec;
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.ReadableFile;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+
+public class ConflictResolverTest {
+
+	private ConflictResolver conflictResolver;
+	private Folder folder;
+	private File canonicalFile;
+	private File canonicalFolder;
+	private File conflictingFile;
+	private File conflictingFolder;
+	private File resolved;
+	private File unrelatedFile;
+
+	@Before
+	public void setup() {
+		Pattern base32Pattern = Pattern.compile("([A-Z0-9]{8})*[A-Z0-9=]{8}");
+		BaseNCodec base32 = new Base32();
+		Function<String, Optional<String>> decode = (s) -> Optional.of(new String(base32.decode(s), StandardCharsets.UTF_8));
+		Function<String, Optional<String>> encode = (s) -> Optional.of(base32.encodeAsString(s.getBytes(StandardCharsets.UTF_8)));
+		conflictResolver = new ConflictResolver(base32Pattern, decode, encode);
+
+		folder = Mockito.mock(Folder.class);
+		canonicalFile = Mockito.mock(File.class);
+		canonicalFolder = Mockito.mock(File.class);
+		conflictingFile = Mockito.mock(File.class);
+		conflictingFolder = Mockito.mock(File.class);
+		resolved = Mockito.mock(File.class);
+		unrelatedFile = Mockito.mock(File.class);
+
+		String canonicalFileName = encode.apply("test name").get();
+		String canonicalFolderName = Constants.DIR_PREFIX + canonicalFileName;
+		String conflictingFileName = canonicalFileName + " (version 2)";
+		String conflictingFolderName = canonicalFolderName + " (version 2)";
+		String unrelatedName = "notBa$e32!";
+
+		Mockito.when(canonicalFile.name()).thenReturn(canonicalFileName);
+		Mockito.when(canonicalFolder.name()).thenReturn(canonicalFolderName);
+		Mockito.when(conflictingFile.name()).thenReturn(conflictingFileName);
+		Mockito.when(conflictingFolder.name()).thenReturn(conflictingFolderName);
+		Mockito.when(unrelatedFile.name()).thenReturn(unrelatedName);
+
+		Mockito.when(canonicalFile.exists()).thenReturn(true);
+		Mockito.when(canonicalFolder.exists()).thenReturn(true);
+		Mockito.when(conflictingFile.exists()).thenReturn(true);
+		Mockito.when(conflictingFolder.exists()).thenReturn(true);
+		Mockito.when(unrelatedFile.exists()).thenReturn(true);
+
+		Mockito.doReturn(Optional.of(folder)).when(canonicalFile).parent();
+		Mockito.doReturn(Optional.of(folder)).when(canonicalFolder).parent();
+		Mockito.doReturn(Optional.of(folder)).when(conflictingFile).parent();
+		Mockito.doReturn(Optional.of(folder)).when(conflictingFolder).parent();
+		Mockito.doReturn(Optional.of(folder)).when(unrelatedFile).parent();
+
+		Mockito.when(folder.file(Mockito.startsWith(canonicalFileName.substring(0, 8)))).thenReturn(resolved);
+		Mockito.when(folder.file(Mockito.startsWith(canonicalFolderName.substring(0, 8)))).thenReturn(resolved);
+		Mockito.when(folder.file(canonicalFileName)).thenReturn(canonicalFile);
+		Mockito.when(folder.file(canonicalFolderName)).thenReturn(canonicalFolder);
+		Mockito.when(folder.file(conflictingFileName)).thenReturn(conflictingFile);
+		Mockito.when(folder.file(conflictingFolderName)).thenReturn(conflictingFolder);
+		Mockito.when(folder.file(unrelatedName)).thenReturn(unrelatedFile);
+	}
+
+	@Test
+	public void testCanonicalName() {
+		File result = conflictResolver.resolveIfNecessary(canonicalFile);
+		Assert.assertSame(canonicalFile, result);
+	}
+
+	@Test
+	public void testUnrelatedName() {
+		File result = conflictResolver.resolveIfNecessary(unrelatedFile);
+		Assert.assertSame(unrelatedFile, result);
+	}
+
+	@Test
+	public void testConflictingFile() {
+		File result = conflictResolver.resolveIfNecessary(conflictingFile);
+		Mockito.verify(conflictingFile).moveTo(resolved);
+		Assert.assertSame(resolved, result);
+	}
+
+	@Test
+	public void testConflictingFileIfCanonicalDoesntExist() {
+		Mockito.when(canonicalFile.exists()).thenReturn(false);
+		File result = conflictResolver.resolveIfNecessary(conflictingFile);
+		Mockito.verify(conflictingFile).moveTo(resolved);
+		Assert.assertSame(resolved, result);
+	}
+
+	@Test
+	public void testConflictingFolderWithDifferentId() {
+		ReadableFile directoryId1 = Mockito.mock(ReadableFile.class);
+		ReadableFile directoryId2 = Mockito.mock(ReadableFile.class);
+		Mockito.when(canonicalFolder.openReadable()).thenReturn(directoryId1);
+		Mockito.when(conflictingFolder.openReadable()).thenReturn(directoryId2);
+		Mockito.when(directoryId1.read(Mockito.any())).thenAnswer(new FillBufferAnswer("id1"));
+		Mockito.when(directoryId2.read(Mockito.any())).thenAnswer(new FillBufferAnswer("id2"));
+
+		File result = conflictResolver.resolveIfNecessary(conflictingFolder);
+		Mockito.verify(conflictingFolder).moveTo(resolved);
+		Assert.assertSame(resolved, result);
+	}
+
+	@Test
+	public void testConflictingFolderWithSameId() {
+		ReadableFile directoryId1 = Mockito.mock(ReadableFile.class);
+		ReadableFile directoryId2 = Mockito.mock(ReadableFile.class);
+		Mockito.when(canonicalFolder.openReadable()).thenReturn(directoryId1);
+		Mockito.when(conflictingFolder.openReadable()).thenReturn(directoryId2);
+		Mockito.when(directoryId1.read(Mockito.any())).thenAnswer(new FillBufferAnswer("id1"));
+		Mockito.when(directoryId2.read(Mockito.any())).thenAnswer(new FillBufferAnswer("id1"));
+
+		File result = conflictResolver.resolveIfNecessary(conflictingFolder);
+		Mockito.verify(conflictingFolder).delete();
+		Assert.assertSame(canonicalFolder, result);
+	}
+
+	private static class FillBufferAnswer implements Answer<Integer> {
+
+		private final byte[] content;
+		private int bytesRead = 0;
+
+		public FillBufferAnswer(String content) {
+			this.content = content.getBytes(StandardCharsets.UTF_8);
+		}
+
+		@Override
+		public Integer answer(InvocationOnMock invocation) throws Throwable {
+			if (bytesRead >= content.length) {
+				bytesRead = 0;
+				return -1;
+			} else {
+				ByteBuffer buf = invocation.getArgumentAt(0, ByteBuffer.class);
+				int delta = Math.min(content.length - bytesRead, buf.remaining());
+				buf.put(content, bytesRead, delta);
+				bytesRead += delta;
+				return content.length;
+			}
+		}
+
+	}
+
+}

main/filesystem-inmemory/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-inmemory</artifactId>
 	<name>Cryptomator filesystem: In-memory mock</name>

main/filesystem-inmemory/src/main/java/org/cryptomator/filesystem/inmem/InMemoryReadableFile.java

@@ -64,8 +64,10 @@ class InMemoryReadableFile implements ReadableFile {
 
 	@Override
 	public void close() throws UncheckedIOException {
-		open.set(false);
-		readLock.unlock();
+		if (open.get()) {
+			open.set(false);
+			readLock.unlock();
+		}
 	}
 
 }

main/filesystem-invariants-tests/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-invariants-tests</artifactId>
 	<name>Cryptomator filesystem: Invariants tests</name>
@@ -20,6 +20,10 @@
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-api</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>filesystem-charsets</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-crypto</artifactId>

main/filesystem-invariants-tests/src/test/java/org/cryptomator/filesystem/invariants/FileSystemFactories.java

@@ -4,11 +4,13 @@ import static org.cryptomator.common.test.TempFilesRemovedOnShutdown.createTempD
 
 import java.io.IOException;
 import java.io.UncheckedIOException;
+import java.text.Normalizer.Form;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
 import org.cryptomator.filesystem.FileSystem;
+import org.cryptomator.filesystem.charsets.NormalizedNameFileSystem;
 import org.cryptomator.filesystem.crypto.CryptoEngineTestModule;
 import org.cryptomator.filesystem.crypto.CryptoFileSystemDelegate;
 import org.cryptomator.filesystem.crypto.CryptoFileSystemTestComponent;
@@ -35,8 +37,10 @@ class FileSystemFactories implements Iterable<FileSystemFactory> {
 		add("ShorteningFileSystem > InMemoryFileSystem", this::createShorteningFileSystemInMemory);
 		add("StatsFileSystem > NioFileSystem", this::createStatsFileSystemNio);
 		add("StatsFileSystem > InMemoryFileSystem", this::createStatsFileSystemInMemory);
-		add("StatsFileSystem > CryptoFileSystem > ShorteningFileSystem > InMemoryFileSystem", this::createCompoundFileSystemInMemory);
-		add("StatsFileSystem > CryptoFileSystem > ShorteningFileSystem > NioFileSystem", this::createCompoundFileSystemNio);
+		add("NormalizingFileSystem > NioFileSystem", this::createNormalizingFileSystemNio);
+		add("NormalizingFileSystem > InMemoryFileSystem", this::createNormalizingFileSystemInMemory);
+		add("StatsFileSystem > NormalizingFileSystem > CryptoFileSystem > ShorteningFileSystem > InMemoryFileSystem", this::createCompoundFileSystemInMemory);
+		add("StatsFileSystem > NormalizingFileSystem > CryptoFileSystem > ShorteningFileSystem > NioFileSystem", this::createCompoundFileSystemNio);
 	}
 
 	private FileSystem createCryptoFileSystemInMemory() {
@@ -63,6 +67,14 @@ class FileSystemFactories implements Iterable<FileSystemFactory> {
 		return createStatsFileSystem(createInMemoryFileSystem());
 	}
 
+	private FileSystem createNormalizingFileSystemNio() {
+		return createNormalizingFileSystem(createInMemoryFileSystem());
+	}
+
+	private FileSystem createNormalizingFileSystemInMemory() {
+		return createNormalizingFileSystem(createInMemoryFileSystem());
+	}
+
 	private FileSystem createCompoundFileSystemNio() {
 		return createCompoundFileSystem(createNioFileSystem());
 	}
@@ -84,13 +96,17 @@ class FileSystemFactories implements Iterable<FileSystemFactory> {
 	}
 
 	private FileSystem createCompoundFileSystem(FileSystem delegate) {
-		return createStatsFileSystem(createCryptoFileSystem(createShorteningFileSystem(delegate)));
+		return createStatsFileSystem(createNormalizingFileSystem(createCryptoFileSystem(createShorteningFileSystem(delegate))));
 	}
 
 	private FileSystem createStatsFileSystem(FileSystem delegate) {
 		return new StatsFileSystem(delegate);
 	}
 
+	private FileSystem createNormalizingFileSystem(FileSystem delegate) {
+		return new NormalizedNameFileSystem(delegate, Form.NFC);
+	}
+
 	private FileSystem createCryptoFileSystem(FileSystem delegate) {
 		CRYPTO_FS_COMP.cryptoFileSystemFactory().initializeNew(delegate, "aPassphrase");
 		return CRYPTO_FS_COMP.cryptoFileSystemFactory().unlockExisting(delegate, "aPassphrase", Mockito.mock(CryptoFileSystemDelegate.class));

main/filesystem-nameshortening/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-nameshortening</artifactId>
 	<name>Cryptomator filesystem: Name shortening layer</name>

main/filesystem-nameshortening/src/main/java/org/cryptomator/filesystem/shortening/ConflictResolver.java

@@ -0,0 +1,70 @@
+package org.cryptomator.filesystem.shortening;
+
+import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+final class ConflictResolver {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ConflictResolver.class);
+	private static final String LONG_NAME_FILE_EXT = ".lng";
+	private static final Pattern BASE32_PATTERN = Pattern.compile("^0?([A-Z2-7]{8})*[A-Z2-7=]{8}");
+	private static final int UUID_FIRST_GROUP_STRLEN = 8;
+
+	private ConflictResolver() {
+	}
+
+	public static File resolveConflictIfNecessary(File potentiallyConflictingFile, FilenameShortener shortener) {
+		String shortName = potentiallyConflictingFile.name();
+		String basename = StringUtils.removeEnd(shortName, LONG_NAME_FILE_EXT);
+		Matcher matcher = BASE32_PATTERN.matcher(basename);
+		if (shortName.endsWith(LONG_NAME_FILE_EXT) && matcher.matches()) {
+			// no conflict.
+			return potentiallyConflictingFile;
+		} else if (shortName.endsWith(LONG_NAME_FILE_EXT) && matcher.find(0)) {
+			String canonicalShortName = matcher.group() + LONG_NAME_FILE_EXT;
+			return resolveConflict(potentiallyConflictingFile, canonicalShortName, shortener);
+		} else {
+			// not even shortened at all.
+			return potentiallyConflictingFile;
+		}
+	}
+
+	private static File resolveConflict(File conflictingFile, String canonicalShortName, FilenameShortener shortener) {
+		Folder parent = conflictingFile.parent().get();
+		File canonicalFile = parent.file(canonicalShortName);
+		if (canonicalFile.exists()) {
+			// foo (1).lng -> bar.lng
+			String canonicalLongName = shortener.inflate(canonicalShortName);
+			String alternativeLongName;
+			String alternativeShortName;
+			File alternativeFile;
+			String conflictId;
+			do {
+				conflictId = createConflictId();
+				alternativeLongName = canonicalLongName + " (Conflict " + conflictId + ")";
+				alternativeShortName = shortener.deflate(alternativeLongName);
+				alternativeFile = parent.file(alternativeShortName);
+			} while (alternativeFile.exists());
+			LOG.info("Detected conflict {}:\n{}\n{}", conflictId, canonicalFile, conflictingFile);
+			conflictingFile.moveTo(alternativeFile);
+			shortener.saveMapping(alternativeLongName, alternativeShortName);
+			return alternativeFile;
+		} else {
+			// foo (1).lng -> foo.lng
+			conflictingFile.moveTo(canonicalFile);
+			return canonicalFile;
+		}
+	}
+
+	private static String createConflictId() {
+		return UUID.randomUUID().toString().substring(0, UUID_FIRST_GROUP_STRLEN);
+	}
+
+}

main/filesystem-nameshortening/src/main/java/org/cryptomator/filesystem/shortening/FilenameShortener.java

@@ -8,8 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.filesystem.shortening;
 
-import java.io.FileNotFoundException;
-import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -19,9 +17,12 @@ import org.apache.commons.codec.binary.BaseNCodec;
 import org.cryptomator.filesystem.File;
 import org.cryptomator.filesystem.Folder;
 import org.cryptomator.io.FileContents;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 class FilenameShortener {
 
+	private static final Logger LOG = LoggerFactory.getLogger(FilenameShortener.class);
 	private static final String LONG_NAME_FILE_EXT = ".lng";
 	private static final ThreadLocal<MessageDigest> SHA1 = new ThreadLocalSha1();
 	private static final BaseNCodec BASE32 = new Base32();
@@ -71,7 +72,8 @@ class FilenameShortener {
 	private String loadMapping(String shortName) {
 		final File mappingFile = mappingFile(shortName);
 		if (!mappingFile.exists()) {
-			throw new UncheckedIOException(new FileNotFoundException("Mapping file not found " + mappingFile));
+			LOG.warn("Mapping file not found: " + mappingFile);
+			return shortName;
 		} else {
 			return FileContents.UTF_8.readContents(mappingFile);
 		}

main/filesystem-nameshortening/src/main/java/org/cryptomator/filesystem/shortening/ShorteningFile.java

@@ -22,7 +22,7 @@ class ShorteningFile extends DelegatingFile<ShorteningFolder> {
 	private final FilenameShortener shortener;
 
 	public ShorteningFile(ShorteningFolder parent, File delegate, String name, FilenameShortener shortener) {
-		super(parent, delegate);
+		super(parent, ConflictResolver.resolveConflictIfNecessary(delegate, shortener));
 		this.longName = new AtomicReference<>(name);
 		this.shortener = shortener;
 	}

main/filesystem-nameshortening/src/test/java/org/cryptomator/filesystem/shortening/ConflictResolverTest.java

@@ -0,0 +1,65 @@
+package org.cryptomator.filesystem.shortening;
+
+import java.util.Optional;
+
+import org.cryptomator.filesystem.File;
+import org.cryptomator.filesystem.Folder;
+import org.cryptomator.filesystem.inmem.InMemoryFileSystem;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class ConflictResolverTest {
+
+	private Folder metadataFolder;
+	private FilenameShortener shortener;
+	private Folder folder;
+	private File canonicalFile;
+	private File conflictingFile;
+	private File resolvedFile;
+
+	@Before
+	public void setup() {
+		metadataFolder = new InMemoryFileSystem();
+		shortener = new FilenameShortener(metadataFolder, 20);
+		folder = Mockito.mock(Folder.class);
+		canonicalFile = Mockito.mock(File.class);
+		conflictingFile = Mockito.mock(File.class);
+		resolvedFile = Mockito.mock(File.class);
+
+		String longName = "hello world, I am a very long file name. certainly longer than twenty characters.exe";
+		String shortName = shortener.deflate(longName);
+		shortener.saveMapping(longName, shortName);
+		String canonicalFileName = shortName;
+		String conflictingFileName = shortName.replace(".lng", " (1).lng");
+
+		Mockito.when(canonicalFile.name()).thenReturn(canonicalFileName);
+		Mockito.when(conflictingFile.name()).thenReturn(conflictingFileName);
+
+		Mockito.when(canonicalFile.exists()).thenReturn(true);
+		Mockito.when(conflictingFile.exists()).thenReturn(true);
+
+		Mockito.doReturn(Optional.of(folder)).when(canonicalFile).parent();
+		Mockito.doReturn(Optional.of(folder)).when(conflictingFile).parent();
+
+		Mockito.when(folder.file(Mockito.anyString())).thenReturn(resolvedFile);
+		Mockito.when(folder.file(canonicalFileName)).thenReturn(canonicalFile);
+		Mockito.when(folder.file(conflictingFileName)).thenReturn(conflictingFile);
+	}
+
+	@Test
+	public void testNoConflictToBeResolved() {
+		File resolved = ConflictResolver.resolveConflictIfNecessary(canonicalFile, new FilenameShortener(metadataFolder, 20));
+		Mockito.verify(conflictingFile, Mockito.never()).moveTo(Mockito.any());
+		Assert.assertSame(canonicalFile, resolved);
+	}
+
+	@Test
+	public void testConflictToBeResolved() {
+		File resolved = ConflictResolver.resolveConflictIfNecessary(conflictingFile, new FilenameShortener(metadataFolder, 20));
+		Mockito.verify(conflictingFile).moveTo(resolvedFile);
+		Assert.assertSame(resolvedFile, resolved);
+	}
+
+}

main/filesystem-nameshortening/src/test/java/org/cryptomator/filesystem/shortening/FilenameShortenerTest.java

@@ -8,8 +8,6 @@
  *******************************************************************************/
 package org.cryptomator.filesystem.shortening;
 
-import java.io.UncheckedIOException;
-
 import org.cryptomator.filesystem.FileSystem;
 import org.cryptomator.filesystem.inmem.InMemoryFileSystem;
 import org.junit.Assert;
@@ -45,12 +43,12 @@ public class FilenameShortenerTest {
 		Assert.assertEquals("short", shortener.inflate("short"));
 	}
 
-	@Test(expected = UncheckedIOException.class)
+	@Test
 	public void testInflateWithoutMappingFile() {
 		FileSystem fs = new InMemoryFileSystem();
 		FilenameShortener shortener = new FilenameShortener(fs, 10);
 
-		shortener.inflate("iJustMadeThisNameUp.lng");
+		Assert.assertEquals("iJustMadeThisNameUp.lng", shortener.inflate("iJustMadeThisNameUp.lng"));
 	}
 
 }

main/filesystem-nameshortening/src/test/java/org/cryptomator/filesystem/shortening/ShorteningFileSystemTest.java

@@ -16,6 +16,7 @@ import static org.junit.Assert.assertThat;
 
 import java.io.UncheckedIOException;
 import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
 import java.time.Instant;
 import java.util.concurrent.TimeoutException;
 
@@ -102,6 +103,31 @@ public class ShorteningFileSystemTest {
 		Assert.assertTrue(correspondingMetadataFile.exists());
 	}
 
+	@Test
+	public void testInflate() {
+		final FileSystem underlyingFs = new InMemoryFileSystem();
+		final Folder metadataRoot = underlyingFs.folder(METADATA_DIR_NAME);
+		final FileSystem fs = new ShorteningFileSystem(underlyingFs, METADATA_DIR_NAME, 10);
+		final File correspondingMetadataFile = metadataRoot.folder("QM").folder("JL").file("QMJL5GQUETRX2YRV6XDTJQ6NNM7IEUHP.lng");
+		final Folder shortenedFolder = underlyingFs.folder("QMJL5GQUETRX2YRV6XDTJQ6NNM7IEUHP.lng");
+		shortenedFolder.create();
+		correspondingMetadataFile.parent().get().create();
+		try (WritableFile w = correspondingMetadataFile.openWritable()) {
+			w.write(ByteBuffer.wrap("morethantenchars".getBytes(StandardCharsets.UTF_8)));
+		}
+		Assert.assertTrue(correspondingMetadataFile.exists());
+		Assert.assertTrue(fs.folders().map(Folder::name).anyMatch(n -> n.equals("morethantenchars")));
+	}
+
+	@Test
+	public void testInflateFailedDueToMissingMapping() {
+		final FileSystem underlyingFs = new InMemoryFileSystem();
+		final FileSystem fs = new ShorteningFileSystem(underlyingFs, METADATA_DIR_NAME, 10);
+		final Folder shortenedFolder = underlyingFs.folder("QMJL5GQUETRX2YRV6XDTJQ6NNM7IEUHP.lng");
+		shortenedFolder.create();
+		Assert.assertTrue(fs.folders().map(Folder::name).anyMatch(n -> n.equals("QMJL5GQUETRX2YRV6XDTJQ6NNM7IEUHP.lng")));
+	}
+
 	@Test
 	public void testMoveLongFolders() {
 		final FileSystem underlyingFs = new InMemoryFileSystem();

main/filesystem-nameshortening/src/test/resources/log4j2.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<Configuration status="WARN">
+
+	<Appenders>
+		<Console name="Console" target="SYSTEM_OUT">
+			<PatternLayout pattern="%16d %-5p [%c{1}:%L] %m%n" />
+			<ThresholdFilter level="WARN" onMatch="DENY" onMismatch="ACCEPT" />
+		</Console>
+		<Console name="StdErr" target="SYSTEM_ERR">
+			<PatternLayout pattern="%16d %-5p [%c{1}:%L] %m%n" />
+			<ThresholdFilter level="WARN" onMatch="ACCEPT" onMismatch="DENY" />
+		</Console>
+	</Appenders>
+
+	<Loggers>
+		<Root level="DEBUG">
+			<AppenderRef ref="Console" />
+			<AppenderRef ref="StdErr" />
+		</Root>
+	</Loggers>
+
+</Configuration>

main/filesystem-nio/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-nio</artifactId>
 	<name>Cryptomator filesystem: NIO-based physical layer</name>

main/filesystem-nio/src/main/java/org/cryptomator/filesystem/nio/DefaultNioAccess.java

@@ -2,6 +2,7 @@ package org.cryptomator.filesystem.nio;
 
 import java.io.IOException;
 import java.nio.channels.AsynchronousFileChannel;
+import java.nio.file.AccessDeniedException;
 import java.nio.file.CopyOption;
 import java.nio.file.FileSystems;
 import java.nio.file.Files;
@@ -53,7 +54,17 @@ class DefaultNioAccess implements NioAccess {
 
 	@Override
 	public void delete(Path path) throws IOException {
-		Files.delete(path);
+		try {
+			Files.delete(path);
+		} catch (AccessDeniedException e) {
+			// workaround for https://github.com/cryptomator/cryptomator/issues/317
+			try {
+				if (path.toFile().delete()) return;
+			} catch (UnsupportedOperationException e2) {
+				// ignore
+			}
+			throw e;
+		}
 	}
 
 	@Override

main/filesystem-nio/src/main/java/org/cryptomator/filesystem/nio/NioFile.java

@@ -30,13 +30,21 @@ class NioFile extends NioNode implements File {
 	@Override
 	public ReadableFile openReadable() throws UncheckedIOException {
 		if (lock.getWriteHoldCount() > 0) {
-			throw new IllegalStateException("Current thread is currently writing this file");
+			throw new IllegalStateException("Current thread is currently writing " + path);
 		}
 		if (lock.getReadHoldCount() > 0) {
-			throw new IllegalStateException("Current thread is already reading this file");
+			throw new IllegalStateException("Current thread is already reading " + path);
 		}
 		lock.readLock().lock();
-		return instanceFactory.readableNioFile(path, sharedChannel, this::unlockReadLock);
+		ReadableFile result = null;
+		try {
+			result = instanceFactory.readableNioFile(path, sharedChannel, this::unlockReadLock);
+		} finally {
+			if (result == null) {
+				unlockReadLock();
+			}
+		}
+		return result;
 	}
 
 	private void unlockReadLock() {
@@ -46,13 +54,21 @@ class NioFile extends NioNode implements File {
 	@Override
 	public WritableFile openWritable() throws UncheckedIOException {
 		if (lock.getWriteHoldCount() > 0) {
-			throw new IllegalStateException("Current thread is already writing this file");
+			throw new IllegalStateException("Current thread is already writing " + path);
 		}
 		if (lock.getReadHoldCount() > 0) {
-			throw new IllegalStateException("Current thread is currently reading this file");
+			throw new IllegalStateException("Current thread is currently reading " + path);
 		}
 		lockWriteLock();
-		return instanceFactory.writableNioFile(fileSystem(), path, sharedChannel, this::unlockWriteLock);
+		WritableFile result = null;
+		try {
+			result = instanceFactory.writableNioFile(fileSystem(), path, sharedChannel, this::unlockWriteLock);
+		} finally {
+			if (result == null) {
+				unlockWriteLock();
+			}
+		}
+		return result;
 	}
 
 	// visible for testing

main/filesystem-nio/src/test/java/org/cryptomator/filesystem/nio/NioFileTest.java

@@ -99,10 +99,11 @@ public class NioFileTest {
 
 		@Test
 		public void testOpenReadableInvokedBeforeInvokingAfterCloseOperationThrowsIllegalStateException() {
+			when(instanceFactory.readableNioFile(same(path), same(channel), any())).thenReturn(mock(ReadableNioFile.class));
 			inTest.openReadable();
 
 			thrown.expect(IllegalStateException.class);
-			thrown.expectMessage("already reading this file");
+			thrown.expectMessage("already reading " + path);
 
 			inTest.openReadable();
 		}
@@ -111,7 +112,7 @@ public class NioFileTest {
 		public void testOpenReadableInvokedAfterAfterCloseOperationCreatesNewReadableFile() {
 			ReadableNioFile readableNioFile = mock(ReadableNioFile.class);
 			ArgumentCaptor<Runnable> captor = ArgumentCaptor.forClass(Runnable.class);
-			when(instanceFactory.readableNioFile(same(path), same(channel), captor.capture())).thenReturn(null, readableNioFile);
+			when(instanceFactory.readableNioFile(same(path), same(channel), captor.capture())).thenReturn(mock(ReadableNioFile.class), readableNioFile);
 			inTest.openReadable();
 			captor.getValue().run();
 
@@ -122,10 +123,11 @@ public class NioFileTest {
 
 		@Test
 		public void testOpenReadableInvokedBeforeInvokingAfterCloseOperationOfOpenWritableThrowsIllegalStateException() {
+			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), any())).thenReturn(mock(WritableNioFile.class));
 			inTest.openWritable();
 
 			thrown.expect(IllegalStateException.class);
-			thrown.expectMessage("currently writing this file");
+			thrown.expectMessage("currently writing " + path);
 
 			inTest.openReadable();
 		}
@@ -133,7 +135,7 @@ public class NioFileTest {
 		@Test
 		public void testOpenReadableInvokedAfterInvokingAfterCloseOperationWorks() {
 			ArgumentCaptor<Runnable> captor = ArgumentCaptor.forClass(Runnable.class);
-			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), captor.capture())).thenReturn(null);
+			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), captor.capture())).thenReturn(mock(WritableNioFile.class));
 			inTest.openWritable();
 			captor.getValue().run();
 
@@ -154,7 +156,7 @@ public class NioFileTest {
 		public void testOpenWritableInvokedAfterAfterCloseOperationCreatesNewWritableFile() {
 			WritableNioFile writableNioFile = mock(WritableNioFile.class);
 			ArgumentCaptor<Runnable> captor = ArgumentCaptor.forClass(Runnable.class);
-			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), captor.capture())).thenReturn(null, writableNioFile);
+			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), captor.capture())).thenReturn(mock(WritableNioFile.class), writableNioFile);
 			inTest.openWritable();
 			captor.getValue().run();
 
@@ -165,28 +167,31 @@ public class NioFileTest {
 
 		@Test
 		public void testOpenWritableInvokedBeforeInvokingAfterCloseOperationThrowsIllegalStateException() {
+			when(instanceFactory.writableNioFile(same(fileSystem), same(path), same(channel), any())).thenReturn(mock(WritableNioFile.class));
 			inTest.openWritable();
 
 			thrown.expect(IllegalStateException.class);
-			thrown.expectMessage("already writing this file");
+			thrown.expectMessage("already writing " + path);
 
 			inTest.openWritable();
 		}
 
 		@Test
 		public void testOpenWritableInvokedBeforeInvokingAfterCloseOperationFromOpenReadableThrowsIllegalStateException() {
+			when(instanceFactory.readableNioFile(same(path), same(channel), any())).thenReturn(mock(ReadableNioFile.class));
 			inTest.openReadable();
 
 			thrown.expect(IllegalStateException.class);
-			thrown.expectMessage("currently reading this file");
+			thrown.expectMessage("currently reading " + path);
 
 			inTest.openWritable();
 		}
 
 		@Test
 		public void testOpenWritableInvokedAfterInvokingAfterCloseOperationWorks() {
+			ReadableNioFile readableNioFile = mock(ReadableNioFile.class);
 			ArgumentCaptor<Runnable> captor = ArgumentCaptor.forClass(Runnable.class);
-			when(instanceFactory.readableNioFile(same(path), same(channel), captor.capture())).thenReturn(null);
+			when(instanceFactory.readableNioFile(same(path), same(channel), captor.capture())).thenReturn(readableNioFile);
 			inTest.openReadable();
 			captor.getValue().run();
 

main/filesystem-stats/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>filesystem-stats</artifactId>
 	<name>Cryptomator filesystem: Throughput statistics</name>

main/frontend-api/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>frontend-api</artifactId>
 	<name>Cryptomator frontend: API</name>

main/frontend-api/src/main/java/org/cryptomator/frontend/Frontend.java

@@ -14,12 +14,20 @@ import java.util.Optional;
 public interface Frontend extends AutoCloseable {
 
 	public enum MountParam {
-		MOUNT_NAME, HOSTNAME, WIN_DRIVE_LETTER
+		MOUNT_NAME, HOSTNAME, WIN_DRIVE_LETTER,
+
+		/**
+		 * "dav" or "webdav"
+		 */
+		PREFERRED_GVFS_SCHEME
 	}
 
 	void mount(Map<MountParam, Optional<String>> map) throws CommandFailedException;
 
-	void unmount() throws CommandFailedException;
+	/**
+	 * Unmounts the file system and stops any file system handler threads.
+	 */
+	void close() throws Exception;
 
 	void reveal() throws CommandFailedException;
 

main/frontend-api/src/main/java/org/cryptomator/frontend/FrontendFactory.java

@@ -16,10 +16,11 @@ public interface FrontendFactory {
 	 * Provides a new frontend to access the given folder.
 	 * 
 	 * @param root Root resource accessible through this frontend.
-	 * @param uniqueName Name of the frontend, i.e. used to create subresources for the different frontends inside of a common virtual drive.
+	 * @param id unique id of the frontend, i.e. used to generate a unique uri
+	 * @param name Name of the frontend, i.e. used to generate a readable/recognizable name of a common virtual drive
 	 * @return A new frontend
 	 * @throws FrontendCreationFailedException If creation was not possible.
 	 */
-	Frontend create(Folder root, String uniqueName) throws FrontendCreationFailedException;
+	Frontend create(Folder root, FrontendId id, String name) throws FrontendCreationFailedException;
 
 }

main/frontend-api/src/main/java/org/cryptomator/frontend/FrontendId.java

@@ -0,0 +1,85 @@
+package org.cryptomator.frontend;
+
+import static java.util.UUID.randomUUID;
+
+import java.io.Serializable;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.UUID;
+
+public class FrontendId implements Serializable {
+
+	public static final String FRONTEND_ID_PATTERN = "[a-zA-Z0-9_-]{12}";
+
+	public static FrontendId generate() {
+		return new FrontendId();
+	}
+
+	public static FrontendId from(String value) {
+		return new FrontendId(value);
+	}
+
+	private final String value;
+
+	private FrontendId() {
+		this(generateId());
+	}
+
+	private FrontendId(String value) {
+		if (!value.matches(FRONTEND_ID_PATTERN)) {
+			throw new IllegalArgumentException("Invalid frontend id " + value);
+		}
+		this.value = value;
+	}
+
+	private static String generateId() {
+		return asBase64String(nineBytesFrom(randomUUID()));
+	}
+
+	private static String asBase64String(ByteBuffer bytes) {
+		ByteBuffer base64Buffer = Base64.getUrlEncoder().encode(bytes);
+		return new String(asByteArray(base64Buffer), StandardCharsets.US_ASCII);
+	}
+
+	private static ByteBuffer nineBytesFrom(UUID uuid) {
+		ByteBuffer uuidBuffer = ByteBuffer.allocate(9);
+		uuidBuffer.putLong(uuid.getMostSignificantBits());
+		uuidBuffer.put((byte) (uuid.getLeastSignificantBits() & 0xFF));
+		uuidBuffer.flip();
+		return uuidBuffer;
+	}
+
+	private static byte[] asByteArray(ByteBuffer buffer) {
+		if (buffer.hasArray()) {
+			return buffer.array();
+		} else {
+			byte[] bytes = new byte[buffer.remaining()];
+			buffer.get(bytes);
+			return bytes;
+		}
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (obj == null || obj.getClass() != getClass()) {
+			return false;
+		}
+		return obj == this || internalEquals((FrontendId) obj);
+	}
+
+	private boolean internalEquals(FrontendId obj) {
+		return value.equals(obj.value);
+	}
+
+	@Override
+	public int hashCode() {
+		return value.hashCode();
+	}
+
+	@Override
+	public String toString() {
+		return value;
+	}
+
+}

main/frontend-webdav/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>frontend-webdav</artifactId>
 	<name>Cryptomator frontend: WebDAV frontend</name>

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/ContextPathBuilder.java

@@ -0,0 +1,30 @@
+package org.cryptomator.frontend.webdav;
+
+import static java.lang.String.format;
+import static org.cryptomator.frontend.FrontendId.FRONTEND_ID_PATTERN;
+
+import java.util.Optional;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.cryptomator.frontend.FrontendId;
+
+class ContextPaths {
+
+	private static final Pattern SERVLET_PATH_WITH_FRONTEND_ID_PATTERN = Pattern.compile("^/(" + FRONTEND_ID_PATTERN + ")(/.*)?$");
+	private static final int FRONTEND_ID_GROUP = 1;
+
+	public static String from(FrontendId id, String name) {
+		return format("/%s/%s", id, name);
+	}
+
+	public static Optional<FrontendId> extractFrontendId(String path) {
+		Matcher matcher = SERVLET_PATH_WITH_FRONTEND_ID_PATTERN.matcher(path);
+		if (matcher.matches()) {
+			return Optional.of(FrontendId.from(matcher.group(FRONTEND_ID_GROUP)));
+		} else {
+			return Optional.empty();
+		}
+	}
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/DefaultServlet.java

@@ -11,6 +11,8 @@ package org.cryptomator.frontend.webdav;
 import java.io.IOException;
 import java.util.EnumSet;
 
+import javax.inject.Inject;
+import javax.inject.Singleton;
 import javax.servlet.DispatcherType;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
@@ -21,26 +23,38 @@ import org.cryptomator.frontend.webdav.filters.LoopbackFilter;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 
-/**
- * The server needs to respond to requests to the root resource, because Windows is stupid. 
- */
-public class WindowsCompatibilityServlet extends HttpServlet {
+@Singleton
+class DefaultServlet extends HttpServlet {
 	
 	private static final String ROOT_PATH = "/";
+	private static final String WILDCARD = "/*";
+	
+	private final Tarpit tarpit;
+	
+	@Inject
+	public DefaultServlet(Tarpit tarpit) {
+		this.tarpit = tarpit;
+	}
+	
+	@Override
+	protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		tarpit.handle(req);
+		super.service(req, resp);
+	}
 	
 	@Override
 	protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		resp.addHeader("DAV", "1, 2");
 		resp.addHeader("MS-Author-Via", "DAV");
-		// resp.addHeader("Allow", "OPTIONS, GET, HEAD, POST, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, PUT, DELETE, MOVE, LOCK, UNLOCK");
+		resp.addHeader("Allow", "OPTIONS, GET, HEAD");
 		resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
 	}
 	
-	public static ServletContextHandler createServletContextHandler() {
+	public ServletContextHandler createServletContextHandler() {
 		final ServletContextHandler servletContext = new ServletContextHandler(null, ROOT_PATH, ServletContextHandler.NO_SESSIONS);
-		final ServletHolder servletHolder = new ServletHolder(ROOT_PATH, WindowsCompatibilityServlet.class);
+		final ServletHolder servletHolder = new ServletHolder(ROOT_PATH, this);
 		servletContext.addServlet(servletHolder, ROOT_PATH);
-		servletContext.addFilter(LoopbackFilter.class, ROOT_PATH, EnumSet.of(DispatcherType.REQUEST));
+		servletContext.addFilter(LoopbackFilter.class, WILDCARD, EnumSet.of(DispatcherType.REQUEST));
 		return servletContext;
 	}
 

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/Tarpit.java

@@ -0,0 +1,72 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *******************************************************************************/
+package org.cryptomator.frontend.webdav;
+
+import static java.lang.Math.max;
+import static java.lang.System.currentTimeMillis;
+
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Optional;
+import java.util.Set;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.servlet.http.HttpServletRequest;
+
+import org.cryptomator.frontend.FrontendId;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+class Tarpit implements Serializable {
+
+	private static final Logger LOG = LoggerFactory.getLogger(Tarpit.class);
+	private static final long DELAY_MS = 10000;
+
+	private final Set<FrontendId> validFrontendIds = new HashSet<>();
+
+	@Inject
+	public Tarpit() {
+	}
+
+	public void register(FrontendId frontendId) {
+		validFrontendIds.add(frontendId);
+	}
+
+	public void unregister(FrontendId frontendId) {
+		validFrontendIds.remove(frontendId);
+	}
+
+	public void handle(HttpServletRequest req) {
+		if (isRequestWithInvalidVaultId(req)) {
+			delayExecutionUninterruptibly();
+			LOG.debug("Delayed request to " + req.getRequestURI() + " by " + DELAY_MS + "ms");
+		}
+	}
+
+	private boolean isRequestWithInvalidVaultId(HttpServletRequest req) {
+		Optional<FrontendId> frontendId = ContextPaths.extractFrontendId(req.getServletPath());
+		return frontendId.isPresent() && !isValid(frontendId.get());
+	}
+
+	private void delayExecutionUninterruptibly() {
+		long expected = currentTimeMillis() + DELAY_MS;
+		long sleepTime = DELAY_MS;
+		while (expected > currentTimeMillis()) {
+			try {
+				Thread.sleep(sleepTime);
+			} catch (InterruptedException e) {
+				sleepTime = max(0, currentTimeMillis() - expected + 10);
+			}
+		}
+	}
+
+	private boolean isValid(FrontendId frontendId) {
+		return validFrontendIds.contains(frontendId);
+	}
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/WebDavFrontend.java

@@ -24,12 +24,15 @@ class WebDavFrontend implements Frontend {
 	private final WebDavMounterProvider webdavMounterProvider;
 	private final ServletContextHandler handler;
 	private final URI uri;
+	private final Runnable afterClose;
+
 	private WebDavMount mount;
 
-	public WebDavFrontend(WebDavMounterProvider webdavMounterProvider, ServletContextHandler handler, URI uri) throws FrontendCreationFailedException {
+	public WebDavFrontend(WebDavMounterProvider webdavMounterProvider, ServletContextHandler handler, URI uri, Runnable afterUnmount) throws FrontendCreationFailedException {
 		this.webdavMounterProvider = webdavMounterProvider;
 		this.handler = handler;
 		this.uri = uri;
+		this.afterClose = afterUnmount;
 		try {
 			handler.start();
 		} catch (Exception e) {
@@ -39,19 +42,23 @@ class WebDavFrontend implements Frontend {
 
 	@Override
 	public void close() throws Exception {
-		unmount();
-		handler.stop();
+		try {
+			unmount();
+			handler.stop();
+		} finally {
+			afterClose.run();
+		}
 	}
 
 	@Override
 	public void mount(Map<MountParam, Optional<String>> mountParams) throws CommandFailedException {
-		mount = webdavMounterProvider.get().mount(uri, mountParams);
+		mount = webdavMounterProvider.chooseMounter(mountParams).mount(uri, mountParams);
 	}
 
-	@Override
-	public void unmount() throws CommandFailedException {
+	private void unmount() throws CommandFailedException {
 		if (mount != null) {
 			mount.unmount();
+			mount = null;
 		}
 	}
 

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/WebDavModule.java

@@ -0,0 +1,11 @@
+package org.cryptomator.frontend.webdav;
+
+import org.cryptomator.common.CommonsModule;
+import org.cryptomator.frontend.webdav.mount.WebDavMounterModule;
+
+import dagger.Module;
+
+@Module(includes = {CommonsModule.class, WebDavMounterModule.class})
+public class WebDavModule {
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/WebDavServer.java

@@ -8,6 +8,8 @@
  *******************************************************************************/
 package org.cryptomator.frontend.webdav;
 
+import static java.lang.String.format;
+
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.concurrent.BlockingQueue;
@@ -20,6 +22,7 @@ import org.cryptomator.filesystem.Folder;
 import org.cryptomator.frontend.Frontend;
 import org.cryptomator.frontend.FrontendCreationFailedException;
 import org.cryptomator.frontend.FrontendFactory;
+import org.cryptomator.frontend.FrontendId;
 import org.cryptomator.frontend.webdav.mount.WebDavMounterProvider;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Server;
@@ -45,9 +48,10 @@ public class WebDavServer implements FrontendFactory {
 	private final ContextHandlerCollection servletCollection;
 	private final WebDavServletContextFactory servletContextFactory;
 	private final WebDavMounterProvider webdavMounterProvider;
+	private final Tarpit tarpit;
 
 	@Inject
-	WebDavServer(WebDavServletContextFactory servletContextFactory, WebDavMounterProvider webdavMounterProvider) {
+	WebDavServer(WebDavServletContextFactory servletContextFactory, WebDavMounterProvider webdavMounterProvider, DefaultServlet defaultServlet, Tarpit tarpit) {
 		final BlockingQueue<Runnable> queue = new LinkedBlockingQueue<>(MAX_PENDING_REQUESTS);
 		final ThreadPool tp = new QueuedThreadPool(MAX_THREADS, MIN_THREADS, THREAD_IDLE_SECONDS, queue);
 		this.server = new Server(tp);
@@ -55,8 +59,9 @@ public class WebDavServer implements FrontendFactory {
 		this.servletCollection = new ContextHandlerCollection();
 		this.servletContextFactory = servletContextFactory;
 		this.webdavMounterProvider = webdavMounterProvider;
-		
-		servletCollection.addHandler(WindowsCompatibilityServlet.createServletContextHandler());
+		this.tarpit = tarpit;
+
+		servletCollection.addHandler(defaultServlet.createServletContextHandler());
 		server.setConnectors(new Connector[] {localConnector});
 		server.setHandler(servletCollection);
 	}
@@ -103,10 +108,8 @@ public class WebDavServer implements FrontendFactory {
 	}
 
 	@Override
-	public Frontend create(Folder root, String contextPath) throws FrontendCreationFailedException {
-		if (!contextPath.startsWith("/")) {
-			throw new IllegalArgumentException("contextPath must begin with '/'");
-		}
+	public Frontend create(Folder root, FrontendId id, String name) throws FrontendCreationFailedException {
+		String contextPath = format("/%s/%s", id, name);
 		final URI uri;
 		try {
 			uri = new URI("http", null, "localhost", getPort(), contextPath, null, null);
@@ -114,8 +117,9 @@ public class WebDavServer implements FrontendFactory {
 			throw new IllegalStateException(e);
 		}
 		final ServletContextHandler handler = addServlet(root, uri);
+		tarpit.register(id);
 		LOG.info("Servlet available under " + uri);
-		return new WebDavFrontend(webdavMounterProvider, handler, uri);
+		return new WebDavFrontend(webdavMounterProvider, handler, uri, () -> tarpit.unregister(id));
 	}
 
 }

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/WebDavServletContextFactory.java

@@ -22,6 +22,7 @@ import org.cryptomator.frontend.webdav.filters.AcceptRangeFilter;
 import org.cryptomator.frontend.webdav.filters.LoopbackFilter;
 import org.cryptomator.frontend.webdav.filters.MacChunkedPutCompatibilityFilter;
 import org.cryptomator.frontend.webdav.filters.MkcolComplianceFilter;
+import org.cryptomator.frontend.webdav.filters.PostRequestBlockingFilter;
 import org.cryptomator.frontend.webdav.filters.UriNormalizationFilter;
 import org.cryptomator.frontend.webdav.filters.UriNormalizationFilter.ResourceTypeChecker;
 import org.cryptomator.frontend.webdav.filters.UriNormalizationFilter.ResourceTypeChecker.ResourceType;
@@ -34,10 +35,9 @@ import org.eclipse.jetty.servlet.ServletHolder;
 class WebDavServletContextFactory {
 
 	private static final String WILDCARD = "/*";
-
+	
 	@Inject
-	public WebDavServletContextFactory() {
-	}
+	public WebDavServletContextFactory() {}
 
 	/**
 	 * Creates a new Jetty ServletContextHandler, that can be be added to a servletCollection as follows:
@@ -67,6 +67,7 @@ class WebDavServletContextFactory {
 		final ServletHolder servletHolder = new ServletHolder(contextPath, new WebDavServlet(contextRoot, root));
 		servletContext.addServlet(servletHolder, WILDCARD);
 		servletContext.addFilter(LoopbackFilter.class, WILDCARD, EnumSet.of(DispatcherType.REQUEST));
+		servletContext.addFilter(PostRequestBlockingFilter.class, WILDCARD, EnumSet.of(DispatcherType.REQUEST));
 		servletContext.addFilter(MkcolComplianceFilter.class, WILDCARD, EnumSet.of(DispatcherType.REQUEST));
 		servletContext.addFilter(AcceptRangeFilter.class, WILDCARD, EnumSet.of(DispatcherType.REQUEST));
 		servletContext.addFilter(new FilterHolder(new UriNormalizationFilter(resourceTypeChecker)), WILDCARD, EnumSet.of(DispatcherType.REQUEST));

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/filters/PostFromAllowHeaderRemovingHttpServletResponseWrapper.java

@@ -0,0 +1,43 @@
+package org.cryptomator.frontend.webdav.filters;
+
+import static java.util.Arrays.stream;
+import static java.util.function.Predicate.isEqual;
+import static java.util.stream.Collectors.joining;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+class PostFromAllowHeaderRemovingHttpServletResponseWrapper extends HttpServletResponseWrapper {
+	
+	public PostFromAllowHeaderRemovingHttpServletResponseWrapper(HttpServletResponse response) {
+		super(response);
+	}
+
+	@Override
+	public void addHeader(String name, String value) {
+		if (isAllowHeader(name)) {
+			super.setHeader(name, removePost(value));
+		} else {
+			super.addHeader(name, value);
+		}
+	}
+
+	@Override
+	public void setHeader(String name, String value) {
+		if (isAllowHeader(name)) {
+			super.setHeader(name, removePost(value));
+		} else {
+			super.setHeader(name, value);
+		}
+	}
+
+	private String removePost(String value) {
+		return stream(value.split("\\s*,\\s*"))
+				.filter(isEqual("POST").negate())
+				.collect(joining(", "));
+	}
+
+	private boolean isAllowHeader(String name) {
+		return "allow".equalsIgnoreCase(name);
+	}
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/filters/PostRequestBlockingFilter.java

@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.frontend.webdav.filters;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Blocks all post requests.
+ */
+public class PostRequestBlockingFilter implements HttpFilter {
+
+	private static final String POST_METHOD = "POST";
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+		// no-op
+	}
+	
+	@Override
+	public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
+		if (isPost(request)) {
+			response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+		} else {
+			chain.doFilter(request, new PostFromAllowHeaderRemovingHttpServletResponseWrapper(response));
+		}
+	}
+
+	private boolean isPost(HttpServletRequest request) {
+		return POST_METHOD.equalsIgnoreCase(request.getMethod());
+	}
+
+	@Override
+	public void destroy() {
+		// no-op
+	}
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFile.java

@@ -40,6 +40,11 @@ import com.google.common.io.ByteStreams;
 class DavFile extends DavNode<FileLocator> {
 
 	private static final Logger LOG = LoggerFactory.getLogger(DavFile.class);
+	protected static final String CONTENT_TYPE_VALUE = "application/octet-stream";
+	protected static final String CONTENT_DISPOSITION_HEADER = "Content-Disposition";
+	protected static final String CONTENT_DISPOSITION_VALUE = "attachment";
+	protected static final String X_CONTENT_TYPE_OPTIONS_HEADER = "X-Content-Type-Options";
+	protected static final String X_CONTENT_TYPE_OPTIONS_VALUE = "nosniff";
 
 	public DavFile(FilesystemResourceFactory factory, LockManager lockManager, DavSession session, FileLocator node) {
 		super(factory, lockManager, session, node);
@@ -56,6 +61,9 @@ class DavFile extends DavNode<FileLocator> {
 		if (!outputContext.hasStream()) {
 			return;
 		}
+		outputContext.setContentType(CONTENT_TYPE_VALUE);
+		outputContext.setProperty(CONTENT_DISPOSITION_HEADER, CONTENT_DISPOSITION_VALUE);
+		outputContext.setProperty(X_CONTENT_TYPE_OPTIONS_HEADER, X_CONTENT_TYPE_OPTIONS_VALUE);
 		try (ReadableFile src = node.openReadable(); WritableByteChannel dst = Channels.newChannel(outputContext.getOutputStream())) {
 			outputContext.setContentLength(src.size());
 			ByteStreams.copy(src, dst);

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFileWithRange.java

@@ -57,6 +57,9 @@ class DavFileWithRange extends DavFile {
 			final Long rangeLength = range.getRight() - range.getLeft() + 1;
 			outputContext.setContentLength(rangeLength);
 			outputContext.setProperty(HttpHeader.CONTENT_RANGE.asString(), contentRangeResponseHeader(range.getLeft(), range.getRight(), contentLength));
+			outputContext.setContentType(CONTENT_TYPE_VALUE);
+			outputContext.setProperty(CONTENT_DISPOSITION_HEADER, CONTENT_DISPOSITION_VALUE);
+			outputContext.setProperty(X_CONTENT_TYPE_OPTIONS_HEADER, X_CONTENT_TYPE_OPTIONS_VALUE);
 			src.position(range.getLeft());
 			InputStream limitedIn = ByteStreams.limit(Channels.newInputStream(src), rangeLength);
 			ByteStreams.copy(limitedIn, out);

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/ExclusiveSharedLockManager.java

@@ -69,7 +69,8 @@ class ExclusiveSharedLockManager implements LockManager {
 		}
 
 		String token = DavConstants.OPAQUE_LOCK_TOKEN_PREFIX + UUID.randomUUID();
-		return lockedResources.computeIfAbsent(locator, loc -> new HashMap<>()).computeIfAbsent(token, t -> new ExclusiveSharedLock(t, lockInfo));
+		Map<String, ActiveLock> lockMap = Objects.requireNonNull(lockedResources.computeIfAbsent(locator, loc -> new HashMap<>()));
+		return lockMap.computeIfAbsent(token, t -> new ExclusiveSharedLock(t, lockInfo));
 	}
 
 	private void removedExpiredLocksInLocatorHierarchy(FileSystemResourceLocator locator) {

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/FallbackWebDavMounter.java

@@ -23,7 +23,7 @@ import org.cryptomator.frontend.Frontend.MountParam;
 final class FallbackWebDavMounter implements WebDavMounterStrategy {
 
 	@Override
-	public boolean shouldWork() {
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
 		return true;
 	}
 

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/LinuxGvfsDavMounter.java

@@ -0,0 +1,94 @@
+/*******************************************************************************
+ * Copyright (c) 2014, 2016 Sebastian Stenzel, Markus Kreusch
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ * 
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *     Markus Kreusch - Refactored WebDavMounter to use strategy pattern
+ *     Mohit Raju - Added fallback schema-name "webdav" when opening file managers
+ ******************************************************************************/
+package org.cryptomator.frontend.webdav.mount;
+
+import java.net.URI;
+import java.util.Map;
+import java.util.Optional;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.frontend.CommandFailedException;
+import org.cryptomator.frontend.Frontend.MountParam;
+import org.cryptomator.frontend.webdav.mount.command.Script;
+
+@Singleton
+final class LinuxGvfsDavMounter implements WebDavMounterStrategy {
+
+	@Inject
+	LinuxGvfsDavMounter() {
+	}
+
+	@Override
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
+		if (SystemUtils.IS_OS_LINUX) {
+			Optional<String> prefScheme = mountParams.getOrDefault(MountParam.PREFERRED_GVFS_SCHEME, Optional.empty());
+			boolean prefSchemeIsUnspecifiedOrDav = !prefScheme.isPresent() || prefScheme.get().equalsIgnoreCase("dav");
+			final Script checkScripts = Script.fromLines("which gvfs-mount xdg-open");
+			try {
+				checkScripts.execute();
+				return prefSchemeIsUnspecifiedOrDav;
+			} catch (CommandFailedException e) {
+				return false;
+			}
+		} else {
+			return false;
+		}
+	}
+
+	@Override
+	public void warmUp(int serverPort) {
+		// no-op
+	}
+
+	@Override
+	public WebDavMount mount(URI uri, Map<MountParam, Optional<String>> mountParams) throws CommandFailedException {
+		final Script mountScript = Script.fromLines("set -x", "gvfs-mount \"dav:$DAV_SSP\"").addEnv("DAV_SSP", uri.getRawSchemeSpecificPart());
+		mountScript.execute();
+		return new LinuxGvfsDavMount(uri);
+	}
+
+	private static class LinuxGvfsDavMount extends AbstractWebDavMount {
+		private final URI webDavUri;
+		private final Script testMountStillExistsScript;
+		private final Script unmountScript;
+
+		private LinuxGvfsDavMount(URI webDavUri) {
+			this.webDavUri = webDavUri;
+			this.testMountStillExistsScript = Script.fromLines("set -x", "test `gvfs-mount --list | grep \"$DAV_SSP\" | wc -l` -eq 1").addEnv("DAV_SSP", webDavUri.getRawSchemeSpecificPart());
+			this.unmountScript = Script.fromLines("set -x", "gvfs-mount -u \"dav:$DAV_SSP\"").addEnv("DAV_SSP", webDavUri.getRawSchemeSpecificPart());
+		}
+
+		@Override
+		public void unmount() throws CommandFailedException {
+			boolean mountStillExists;
+			try {
+				testMountStillExistsScript.execute();
+				mountStillExists = true;
+			} catch (CommandFailedException e) {
+				mountStillExists = false;
+			}
+			// only attempt unmount if user didn't unmount manually:
+			if (mountStillExists) {
+				unmountScript.execute();
+			}
+		}
+
+		@Override
+		public void reveal() throws CommandFailedException {
+			Script.fromLines("set -x", "gvfs-open \"dav:$DAV_SSP\"").addEnv("DAV_SSP", webDavUri.getRawSchemeSpecificPart()).execute();
+		}
+
+	}
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/LinuxGvfsWebDavMounter.java

@@ -30,12 +30,14 @@ final class LinuxGvfsWebDavMounter implements WebDavMounterStrategy {
 	}
 
 	@Override
-	public boolean shouldWork() {
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
 		if (SystemUtils.IS_OS_LINUX) {
+			Optional<String> prefScheme = mountParams.getOrDefault(MountParam.PREFERRED_GVFS_SCHEME, Optional.empty());
+			boolean prefSchemeIsUnspecifiedOrWebDav = !prefScheme.isPresent() || prefScheme.get().equalsIgnoreCase("webdav");
 			final Script checkScripts = Script.fromLines("which gvfs-mount xdg-open");
 			try {
 				checkScripts.execute();
-				return true;
+				return prefSchemeIsUnspecifiedOrWebDav;
 			} catch (CommandFailedException e) {
 				return false;
 			}
@@ -84,15 +86,7 @@ final class LinuxGvfsWebDavMounter implements WebDavMounterStrategy {
 
 		@Override
 		public void reveal() throws CommandFailedException {
-			try {
-				openMountWithWebdavUri("dav:" + webDavUri.getRawSchemeSpecificPart()).execute();
-			} catch (CommandFailedException exception) {
-				openMountWithWebdavUri("webdav:" + webDavUri.getRawSchemeSpecificPart()).execute();
-			}
-		}
-
-		private Script openMountWithWebdavUri(String webdavUri) {
-			return Script.fromLines("set -x", "xdg-open \"$DAV_URI\"").addEnv("DAV_URI", webdavUri);
+			Script.fromLines("set -x", "gvfs-open \"webdav:$DAV_SSP\"").addEnv("DAV_SSP", webDavUri.getRawSchemeSpecificPart()).execute();
 		}
 
 	}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/MacOsXAppleScriptWebDavMounter.java

@@ -38,7 +38,7 @@ final class MacOsXAppleScriptWebDavMounter implements WebDavMounterStrategy {
 	}
 
 	@Override
-	public boolean shouldWork() {
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
 		return SystemUtils.IS_OS_MAC_OSX && semVerComparator.compare(SystemUtils.OS_VERSION, "10.10") >= 0;
 	}
 

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/MacOsXShellScriptWebDavMounter.java

@@ -37,7 +37,7 @@ final class MacOsXShellScriptWebDavMounter implements WebDavMounterStrategy {
 	}
 
 	@Override
-	public boolean shouldWork() {
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
 		return SystemUtils.IS_OS_MAC_OSX && semVerComparator.compare(SystemUtils.OS_VERSION, "10.10") < 0;
 	}
 

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/MountStrategies.java

@@ -1,105 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2016 Sebastian Stenzel and others.
- * This file is licensed under the terms of the MIT license.
- * See the LICENSE.txt file for more info.
- *
- * Contributors:
- *     Sebastian Stenzel - initial API and implementation
- *******************************************************************************/
-package org.cryptomator.frontend.webdav.mount;
-
-import static java.util.Arrays.asList;
-import static java.util.Collections.unmodifiableList;
-
-import java.util.Collection;
-import java.util.Iterator;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-
-@Singleton
-class MountStrategies implements Collection<WebDavMounterStrategy> {
-
-	private final Collection<WebDavMounterStrategy> delegate;
-
-	@Inject
-	MountStrategies(LinuxGvfsWebDavMounter linuxMounter, MacOsXAppleScriptWebDavMounter osxAppleScriptMounter, MacOsXShellScriptWebDavMounter osxShellScriptMounter, WindowsWebDavMounter winMounter) {
-		delegate = unmodifiableList(asList(linuxMounter, osxAppleScriptMounter, osxShellScriptMounter, winMounter));
-	}
-
-	@Override
-	public int size() {
-		return delegate.size();
-	}
-
-	@Override
-	public boolean isEmpty() {
-		return delegate.isEmpty();
-	}
-
-	@Override
-	public boolean contains(Object o) {
-		return delegate.contains(o);
-	}
-
-	@Override
-	public Iterator<WebDavMounterStrategy> iterator() {
-		return delegate.iterator();
-	}
-
-	@Override
-	public Object[] toArray() {
-		return delegate.toArray();
-	}
-
-	@Override
-	public <T> T[] toArray(T[] a) {
-		return delegate.toArray(a);
-	}
-
-	@Override
-	public boolean add(WebDavMounterStrategy e) {
-		return delegate.add(e);
-	}
-
-	@Override
-	public boolean remove(Object o) {
-		return delegate.remove(o);
-	}
-
-	@Override
-	public boolean containsAll(Collection<?> c) {
-		return delegate.containsAll(c);
-	}
-
-	@Override
-	public boolean addAll(Collection<? extends WebDavMounterStrategy> c) {
-		return delegate.addAll(c);
-	}
-
-	@Override
-	public boolean removeAll(Collection<?> c) {
-		return delegate.removeAll(c);
-	}
-
-	@Override
-	public boolean retainAll(Collection<?> c) {
-		return delegate.retainAll(c);
-	}
-
-	@Override
-	public void clear() {
-		delegate.clear();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		return delegate.equals(o);
-	}
-
-	@Override
-	public int hashCode() {
-		return delegate.hashCode();
-	}
-
-}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/WebDavMounterModule.java

@@ -0,0 +1,31 @@
+package org.cryptomator.frontend.webdav.mount;
+
+import java.util.Set;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import com.google.common.collect.Sets;
+
+import dagger.Module;
+import dagger.Provides;
+import dagger.multibindings.ElementsIntoSet;
+
+@Module
+public class WebDavMounterModule {
+
+	@Provides
+	@ElementsIntoSet
+	static Set<WebDavMounterStrategy> provideMounters(LinuxGvfsWebDavMounter linuxWebDavMounter, LinuxGvfsDavMounter linuxDavMounter, MacOsXAppleScriptWebDavMounter osxAppleScriptMounter,
+			MacOsXShellScriptWebDavMounter osxShellScriptMounter, WindowsWebDavMounter winMounter) {
+		return Sets.newHashSet(linuxWebDavMounter, linuxDavMounter, osxAppleScriptMounter, osxShellScriptMounter, winMounter);
+	}
+
+	@Provides
+	@Singleton
+	@Named("fallback")
+	static WebDavMounterStrategy provideFallbackStrategy() {
+		return new FallbackWebDavMounter();
+	}
+
+}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/WebDavMounterProvider.java

@@ -10,34 +10,35 @@
 package org.cryptomator.frontend.webdav.mount;
 
 import java.util.Collection;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
 
 import javax.inject.Inject;
-import javax.inject.Provider;
+import javax.inject.Named;
 import javax.inject.Singleton;
 
+import org.cryptomator.frontend.Frontend.MountParam;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 @Singleton
-public class WebDavMounterProvider implements Provider<WebDavMounter> {
+public class WebDavMounterProvider {
 
 	private static final Logger LOG = LoggerFactory.getLogger(WebDavMounterProvider.class);
-	private final WebDavMounterStrategy choosenStrategy;
+	private final Collection<WebDavMounterStrategy> availableStrategies;
+	private final WebDavMounterStrategy fallbackStrategy;
 
 	@Inject
-	public WebDavMounterProvider(MountStrategies availableStrategies) {
-		this.choosenStrategy = getStrategyWhichShouldWork(availableStrategies);
+	public WebDavMounterProvider(Set<WebDavMounterStrategy> availableStrategies, @Named("fallback") WebDavMounterStrategy fallbackStrategy) {
+		this.availableStrategies = availableStrategies;
+		this.fallbackStrategy = fallbackStrategy;
 	}
 
-	@Override
-	public WebDavMounter get() {
-		return this.choosenStrategy;
-	}
-
-	private WebDavMounterStrategy getStrategyWhichShouldWork(Collection<WebDavMounterStrategy> availableStrategies) {
-		WebDavMounterStrategy strategy = availableStrategies.stream().filter(WebDavMounterStrategy::shouldWork).findFirst().orElse(new FallbackWebDavMounter());
-		LOG.info("Using {}", strategy.getClass().getSimpleName());
-		return strategy;
+	public WebDavMounter chooseMounter(Map<MountParam, Optional<String>> mountParams) {
+		WebDavMounterStrategy result = availableStrategies.stream().filter(strategy -> strategy.shouldWork(mountParams)).findFirst().orElse(fallbackStrategy);
+		LOG.info("Using {}", result.getClass().getSimpleName());
+		return result;
 	}
 
 }

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/WebDavMounterStrategy.java

@@ -9,6 +9,11 @@
  ******************************************************************************/
 package org.cryptomator.frontend.webdav.mount;
 
+import java.util.Map;
+import java.util.Optional;
+
+import org.cryptomator.frontend.Frontend.MountParam;
+
 /**
  * A strategy able to mount a webdav share and display it to the user.
  * 
@@ -19,7 +24,7 @@ interface WebDavMounterStrategy extends WebDavMounter {
 	/**
 	 * @return {@code false} if this {@code WebDavMounterStrategy} can not work on the local machine, {@code true} if it could work
 	 */
-	boolean shouldWork();
+	boolean shouldWork(Map<MountParam, Optional<String>> mountParams);
 
 	/**
 	 * Invoked when mounting strategy gets chosen. On some operating systems (we don't want to tell names here) mounting might be faster,

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/WindowsDriveLetters.java

@@ -9,11 +9,11 @@
 package org.cryptomator.frontend.webdav.mount;
 
 import static java.util.stream.Collectors.toSet;
-import static java.util.stream.IntStream.rangeClosed;
 
 import java.nio.file.FileSystems;
 import java.nio.file.Path;
 import java.util.Set;
+import java.util.stream.IntStream;
 import java.util.stream.StreamSupport;
 
 import javax.inject.Inject;
@@ -24,16 +24,21 @@ import org.apache.commons.lang3.SystemUtils;
 
 import com.google.common.collect.Sets;
 
-
 @Singleton
 public final class WindowsDriveLetters {
-	
-	private static final Set<Character> A_TO_Z = rangeClosed('A', 'Z').mapToObj(i -> (char) i).collect(toSet());
-	
+
+	private static final Set<Character> A_TO_Z;
+
+	static {
+		try (IntStream stream = IntStream.rangeClosed('A', 'Z')) {
+			A_TO_Z = stream.mapToObj(i -> (char) i).collect(toSet());
+		}
+	}
+
 	@Inject
 	public WindowsDriveLetters() {
 	}
-	
+
 	public Set<Character> getOccupiedDriveLetters() {
 		if (!SystemUtils.IS_OS_WINDOWS) {
 			throw new UnsupportedOperationException("This method is only defined for Windows file systems");
@@ -41,7 +46,7 @@ public final class WindowsDriveLetters {
 		Iterable<Path> rootDirs = FileSystems.getDefault().getRootDirectories();
 		return StreamSupport.stream(rootDirs.spliterator(), false).map(Path::toString).map(CharUtils::toChar).map(Character::toUpperCase).collect(toSet());
 	}
-	
+
 	public Set<Character> getAvailableDriveLetters() {
 		return Sets.difference(A_TO_Z, getOccupiedDriveLetters());
 	}

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/WindowsWebDavMounter.java

@@ -61,7 +61,7 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 	}
 
 	@Override
-	public boolean shouldWork() {
+	public boolean shouldWork(Map<MountParam, Optional<String>> mountParams) {
 		return SystemUtils.IS_OS_WINDOWS;
 	}
 
@@ -102,7 +102,7 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 		mountScript.addEnv("DAV_UNC_PATH", uri.getRawPath().replace('/', '\\'));
 		return mountScript.execute(MOUNT_TIMEOUT_SECONDS, TimeUnit.SECONDS);
 	}
-	
+
 	private void addProxyOverrides(URI uri) throws IOException, CommandFailedException {
 		try {
 			// get existing value for ProxyOverride key from reqistry:
@@ -110,7 +110,7 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 			Process queryCmd = query.start();
 			String queryStdOut = IOUtils.toString(queryCmd.getInputStream(), StandardCharsets.UTF_8);
 			int queryResult = queryCmd.waitFor();
-			
+
 			// determine new value for ProxyOverride key:
 			Set<String> overrides = new HashSet<>();
 			Matcher matcher = REG_QUERY_PROXY_OVERRIDES_PATTERN.matcher(queryStdOut);
@@ -122,7 +122,7 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 			overrides.add("<local>");
 			overrides.add(uri.getHost());
 			overrides.add(uri.getHost() + ":" + uri.getPort());
-			
+
 			// set new value:
 			String overridesStr = StringUtils.join(overrides, ';');
 			ProcessBuilder add = new ProcessBuilder("reg", "add", "\"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\"", "/v", "ProxyOverride", "/d", "\"" + overridesStr + "\"", "/f");
@@ -133,6 +133,8 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 				String addStdErr = IOUtils.toString(addCmd.getErrorStream(), StandardCharsets.UTF_8);
 				throw new CommandFailedException(addStdErr);
 			}
+		} catch (IOException | CommandFailedException e) {
+			LOG.info("Failed to add proxy overrides", e);
 		} catch (InterruptedException e) {
 			Thread.currentThread().interrupt();
 			InterruptedIOException ioException = new InterruptedIOException();
@@ -158,7 +160,7 @@ final class WindowsWebDavMounter implements WebDavMounterStrategy {
 		private WindowsWebDavMount(String driveLetter) {
 			this.driveLetter = CharUtils.toCharacterObject(driveLetter);
 			this.openExplorerScript = fromLines("start explorer.exe " + driveLetter + ":");
-			this.unmountScript = fromLines("net use " + driveLetter + ": /delete");
+			this.unmountScript = fromLines("net use " + driveLetter + ": /delete /no");
 		}
 
 		@Override

main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/mount/command/CommandRunner.java

@@ -61,13 +61,18 @@ final class CommandRunner {
 	static CommandResult execute(Script script, long timeout, TimeUnit unit) throws CommandFailedException {
 		try {
 			final List<String> env = script.environment().entrySet().stream().map(e -> e.getKey() + "=" + e.getValue()).collect(Collectors.toList());
+			final String[] lines = script.getLines();
+			if (lines.length == 0) {
+				throw new IllegalArgumentException("Invalid script");
+			}
 			CommandResult result = null;
-			for (final String line : script.getLines()) {
+			for (final String line : lines) {
 				final String[] cmds = ArrayUtils.add(determineCli(), line);
 				final Process proc = Runtime.getRuntime().exec(cmds, env.toArray(new String[0]));
 				result = run(proc, timeout, unit);
 				result.assertOk();
 			}
+			assert result != null;
 			return result;
 		} catch (IOException e) {
 			throw new CommandFailedException(e);

main/frontend-webdav/src/test/java/org/cryptomator/frontend/webdav/DefaultServletTest.java

@@ -8,6 +8,8 @@
  *******************************************************************************/
 package org.cryptomator.frontend.webdav;
 
+import static org.mockito.Mockito.mock;
+
 import java.io.IOException;
 
 import javax.servlet.Servlet;
@@ -21,21 +23,26 @@ import org.junit.Test;
 import org.mockito.Mockito;
 
 
-public class WindowsCompatibilityServletTest {
+public class DefaultServletTest {
+	
+	private Tarpit tarpit = mock(Tarpit.class);
+	
+	private DefaultServlet inTest = new DefaultServlet(tarpit);
 	
 	@Test
 	public void testFactory() throws ServletException {
-		ServletHolder[] holders = WindowsCompatibilityServlet.createServletContextHandler().getServletHandler().getServlets();
+		
+		ServletHolder[] holders = inTest.createServletContextHandler().getServletHandler().getServlets();
 		Assert.assertEquals(1, holders.length);
 		ServletHolder holder = holders[0];
 		
 		Servlet servlet = holder.getServlet();
-		Assert.assertTrue(servlet instanceof WindowsCompatibilityServlet);
+		Assert.assertTrue(servlet instanceof DefaultServlet);
 	}
 	
 	@Test
 	public void testResponse() throws IOException, ServletException {
-		final WindowsCompatibilityServlet servlet = new WindowsCompatibilityServlet();
+		final DefaultServlet servlet = inTest;
 		final HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 		final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
 		

main/frontend-webdav/src/test/java/org/cryptomator/frontend/webdav/WebDavComponent.java

@@ -10,12 +10,10 @@ package org.cryptomator.frontend.webdav;
 
 import javax.inject.Singleton;
 
-import org.cryptomator.common.CommonsModule;
-
 import dagger.Component;
 
 @Singleton
-@Component(modules = {CommonsModule.class})
+@Component(modules = {WebDavModule.class})
 public interface WebDavComponent {
 
 	WebDavServer server();

main/jacoco-report/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.1.0-SNAPSHOT</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>jacoco-report</artifactId>
 	<name>Cryptomator Code Coverage Report</name>
@@ -26,6 +26,10 @@
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-api</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>filesystem-charsets</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-crypto</artifactId>
@@ -79,4 +83,4 @@
 			</plugin>
 		</plugins>
 	</build>
-</project>
+</project>

main/pom.xml

@@ -7,7 +7,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>main</artifactId>
-	<version>1.0.4</version>
+	<version>1.1.4</version>
 	<packaging>pom</packaging>
 	<name>Cryptomator</name>
 
@@ -43,23 +43,6 @@
 		<dagger.version>2.4</dagger.version>
 	</properties>
 
-	<repositories>
-		<repository>
-			<id>jitpack.io</id>
-			<url>https://jitpack.io</url>
-		</repository>
-	</repositories>
-	
-	<pluginRepositories>
-		<pluginRepository>
-			<id>jacoco-snapshots</id>
-			<url>https://oss.sonatype.org/content/repositories/snapshots</url>
-			<snapshots>
-				<enabled>true</enabled>
-			</snapshots>
-		</pluginRepository>
-	</pluginRepositories>
-
 	<dependencyManagement>
 		<dependencies>
 			<!-- modules -->
@@ -80,6 +63,11 @@
 				<artifactId>filesystem-api</artifactId>
 				<version>${project.version}</version>
 			</dependency>
+			<dependency>
+				<groupId>org.cryptomator</groupId>
+				<artifactId>filesystem-charsets</artifactId>
+				<version>${project.version}</version>
+			</dependency>
 			<dependency>
 				<groupId>org.cryptomator</groupId>
 				<artifactId>filesystem-nio</artifactId>
@@ -270,14 +258,6 @@
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-jul</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.mockito</groupId>
-			<artifactId>mockito-core</artifactId>
-		</dependency>
 	</dependencies>
 
 	<modules>
@@ -294,6 +274,7 @@
 		<module>frontend-api</module>
 		<module>frontend-webdav</module>
 		<module>ui</module>
+		<module>filesystem-charsets</module>
 	</modules>
 
 	<profiles>
@@ -334,7 +315,7 @@
 				<plugin>
 					<groupId>org.jacoco</groupId>
 					<artifactId>jacoco-maven-plugin</artifactId>
-					<version>0.7.7-SNAPSHOT</version>
+					<version>0.7.7.201606060606</version>
 					<executions>
 						<execution>
 							<id>prepare-agent</id>

main/uber-jar/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>uber-jar</artifactId>
 	<packaging>pom</packaging>

main/ui/pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.0.4</version>
+		<version>1.1.4</version>
 	</parent>
 	<artifactId>ui</artifactId>
 	<name>Cryptomator GUI</name>
@@ -38,6 +38,10 @@
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-crypto</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.cryptomator</groupId>
+			<artifactId>filesystem-charsets</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>filesystem-stats</artifactId>
@@ -99,5 +103,12 @@
 			<groupId>org.cryptomator</groupId>
 			<artifactId>commons-test</artifactId>
 		</dependency>
+
+		<!-- Zxcvbn -->
+		<dependency>
+			<groupId>com.nulab-inc</groupId>
+			<artifactId>zxcvbn</artifactId>
+			<version>1.1.1</version>
+		</dependency>
 	</dependencies>
 </project>

main/ui/src/main/java/org/cryptomator/ui/CryptomatorComponent.java

@@ -14,6 +14,7 @@ import javax.inject.Singleton;
 
 import org.cryptomator.ui.controllers.MainController;
 import org.cryptomator.ui.settings.Localization;
+import org.cryptomator.ui.util.AsyncTaskService;
 import org.cryptomator.ui.util.DeferredCloser;
 
 import dagger.Component;
@@ -21,6 +22,9 @@ import dagger.Component;
 @Singleton
 @Component(modules = CryptomatorModule.class)
 interface CryptomatorComponent {
+
+	AsyncTaskService asyncTaskService();
+
 	ExecutorService executorService();
 
 	DeferredCloser deferredCloser();

main/ui/src/main/java/org/cryptomator/ui/CryptomatorModule.java

@@ -17,13 +17,14 @@ import javax.inject.Singleton;
 import org.cryptomator.common.CommonsModule;
 import org.cryptomator.crypto.engine.impl.CryptoEngineModule;
 import org.cryptomator.frontend.FrontendFactory;
+import org.cryptomator.frontend.webdav.WebDavModule;
 import org.cryptomator.frontend.webdav.WebDavServer;
-import org.cryptomator.frontend.webdav.mount.WebDavMounter;
-import org.cryptomator.frontend.webdav.mount.WebDavMounterProvider;
 import org.cryptomator.ui.model.VaultObjectMapperProvider;
 import org.cryptomator.ui.settings.Settings;
 import org.cryptomator.ui.settings.SettingsProvider;
 import org.cryptomator.ui.util.DeferredCloser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -32,9 +33,10 @@ import dagger.Provides;
 import javafx.application.Application;
 import javafx.stage.Stage;
 
-@Module(includes = {CryptoEngineModule.class, CommonsModule.class})
+@Module(includes = {CryptoEngineModule.class, CommonsModule.class, WebDavModule.class})
 class CryptomatorModule {
 
+	private static final Logger LOG = LoggerFactory.getLogger(CryptomatorModule.class);
 	private final Application application;
 	private final Stage mainWindow;
 
@@ -60,7 +62,13 @@ class CryptomatorModule {
 	@Singleton
 	DeferredCloser provideDeferredCloser() {
 		DeferredCloser closer = new DeferredCloser();
-		Cryptomator.addShutdownTask(closer::close);
+		Cryptomator.addShutdownTask(() -> {
+			try {
+				closer.close();
+			} catch (Exception e) {
+				LOG.error("Error during shutdown.", e);
+			}
+		});
 		return closer;
 	}
 
@@ -83,12 +91,6 @@ class CryptomatorModule {
 		return closer.closeLater(Executors.newCachedThreadPool(), ExecutorService::shutdown).get().orElseThrow(IllegalStateException::new);
 	}
 
-	@Provides
-	@Singleton
-	WebDavMounter provideWebDavMounter(WebDavMounterProvider webDavMounterProvider) {
-		return webDavMounterProvider.get();
-	}
-
 	@Provides
 	@Singleton
 	FrontendFactory provideFrontendFactory(DeferredCloser closer, WebDavServer webDavServer, Settings settings) {