1package eu.siacs.conversations.utils;
2
3import android.os.Bundle;
4import android.util.Pair;
5
6import org.bouncycastle.asn1.x500.X500Name;
7import org.bouncycastle.asn1.x500.style.BCStyle;
8import org.bouncycastle.asn1.x500.style.IETFUtils;
9import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
10
11import java.security.MessageDigest;
12import java.security.cert.CertificateEncodingException;
13import java.security.cert.CertificateParsingException;
14import java.security.cert.X509Certificate;
15import java.text.Normalizer;
16import java.util.ArrayList;
17import java.util.Arrays;
18import java.util.Collection;
19import java.util.Iterator;
20import java.util.LinkedHashSet;
21import java.util.List;
22import java.util.Locale;
23
24import eu.siacs.conversations.Config;
25import eu.siacs.conversations.R;
26import eu.siacs.conversations.entities.Message;
27import eu.siacs.conversations.xmpp.jid.InvalidJidException;
28import eu.siacs.conversations.xmpp.jid.Jid;
29
30public final class CryptoHelper {
31 public static final String FILETRANSFER = "?FILETRANSFERv1:";
32 private final static char[] hexArray = "0123456789abcdef".toCharArray();
33 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
34
35 public static String bytesToHex(byte[] bytes) {
36 char[] hexChars = new char[bytes.length * 2];
37 for (int j = 0; j < bytes.length; j++) {
38 int v = bytes[j] & 0xFF;
39 hexChars[j * 2] = hexArray[v >>> 4];
40 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
41 }
42 return new String(hexChars);
43 }
44
45 public static byte[] hexToBytes(String hexString) {
46 int len = hexString.length();
47 byte[] array = new byte[len / 2];
48 for (int i = 0; i < len; i += 2) {
49 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
50 .digit(hexString.charAt(i + 1), 16));
51 }
52 return array;
53 }
54
55 public static String hexToString(final String hexString) {
56 return new String(hexToBytes(hexString));
57 }
58
59 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
60 byte[] result = new byte[a.length + b.length];
61 System.arraycopy(a, 0, result, 0, a.length);
62 System.arraycopy(b, 0, result, a.length, b.length);
63 return result;
64 }
65
66 /**
67 * Escapes usernames or passwords for SASL.
68 */
69 public static String saslEscape(final String s) {
70 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
71 for (int i = 0; i < s.length(); i++) {
72 char c = s.charAt(i);
73 switch (c) {
74 case ',':
75 sb.append("=2C");
76 break;
77 case '=':
78 sb.append("=3D");
79 break;
80 default:
81 sb.append(c);
82 break;
83 }
84 }
85 return sb.toString();
86 }
87
88 public static String saslPrep(final String s) {
89 return Normalizer.normalize(s, Normalizer.Form.NFKC);
90 }
91
92 public static String prettifyFingerprint(String fingerprint) {
93 if (fingerprint==null) {
94 return "";
95 } else if (fingerprint.length() < 40) {
96 return fingerprint;
97 }
98 StringBuilder builder = new StringBuilder(fingerprint.toLowerCase(Locale.US).replaceAll("\\s", ""));
99 for(int i=8;i<builder.length();i+=9) {
100 builder.insert(i, ' ');
101 }
102 return builder.toString();
103 }
104
105 public static String prettifyFingerprintCert(String fingerprint) {
106 StringBuilder builder = new StringBuilder(fingerprint);
107 for(int i=2;i < builder.length(); i+=3) {
108 builder.insert(i,':');
109 }
110 return builder.toString();
111 }
112
113 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
114 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
115 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
116 cipherSuites.retainAll(platformCiphers);
117 cipherSuites.addAll(platformCiphers);
118 filterWeakCipherSuites(cipherSuites);
119 return cipherSuites.toArray(new String[cipherSuites.size()]);
120 }
121
122 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
123 final Iterator<String> it = cipherSuites.iterator();
124 while (it.hasNext()) {
125 String cipherName = it.next();
126 // remove all ciphers with no or very weak encryption or no authentication
127 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
128 if (cipherName.contains(weakCipherPattern)) {
129 it.remove();
130 break;
131 }
132 }
133 }
134 }
135
136 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
137 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
138 List<String> emails = new ArrayList<>();
139 if (alternativeNames != null) {
140 for(List<?> san : alternativeNames) {
141 Integer type = (Integer) san.get(0);
142 if (type == 1) {
143 emails.add((String) san.get(1));
144 }
145 }
146 }
147 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
148 if (emails.size() == 0) {
149 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
150 }
151 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
152 if (emails.size() >= 1) {
153 return new Pair<>(Jid.fromString(emails.get(0)), name);
154 } else {
155 return null;
156 }
157 }
158
159 public static Bundle extractCertificateInformation(X509Certificate certificate) {
160 Bundle information = new Bundle();
161 try {
162 JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
163 X500Name subject = holder.getSubject();
164 try {
165 information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
166 } catch (Exception e) {
167 //ignored
168 }
169 try {
170 information.putString("subject_o",subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
171 } catch (Exception e) {
172 //ignored
173 }
174
175 X500Name issuer = holder.getIssuer();
176 try {
177 information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
178 } catch (Exception e) {
179 //ignored
180 }
181 try {
182 information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
183 } catch (Exception e) {
184 //ignored
185 }
186 try {
187 MessageDigest md = MessageDigest.getInstance("SHA-1");
188 byte[] fingerprint = md.digest(certificate.getEncoded());
189 information.putString("sha1", prettifyFingerprintCert(bytesToHex(fingerprint)));
190 } catch (Exception e) {
191
192 }
193 return information;
194 } catch (CertificateEncodingException e) {
195 return information;
196 }
197 }
198
199 public static int encryptionTypeToText(int encryption) {
200 switch (encryption) {
201 case Message.ENCRYPTION_OTR:
202 return R.string.encryption_choice_otr;
203 case Message.ENCRYPTION_AXOLOTL:
204 return R.string.encryption_choice_omemo;
205 case Message.ENCRYPTION_NONE:
206 return R.string.encryption_choice_unencrypted;
207 default:
208 return R.string.encryption_choice_pgp;
209 }
210 }
211}