1package eu.siacs.conversations.utils;
2
3import android.util.Log;
4import android.util.Pair;
5
6import org.bouncycastle.asn1.x500.X500Name;
7import org.bouncycastle.asn1.x500.style.BCStyle;
8import org.bouncycastle.asn1.x500.style.IETFUtils;
9import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
10import org.bouncycastle.jce.PrincipalUtil;
11
12import java.security.SecureRandom;
13import java.security.cert.CertificateEncodingException;
14import java.security.cert.CertificateParsingException;
15import java.security.cert.X509Certificate;
16import java.security.cert.X509Extension;
17import java.text.Normalizer;
18import java.util.ArrayList;
19import java.util.Arrays;
20import java.util.Collection;
21import java.util.Iterator;
22import java.util.LinkedHashSet;
23import java.util.List;
24
25import eu.siacs.conversations.Config;
26import eu.siacs.conversations.R;
27import eu.siacs.conversations.entities.Message;
28import eu.siacs.conversations.xmpp.jid.InvalidJidException;
29import eu.siacs.conversations.xmpp.jid.Jid;
30
31public final class CryptoHelper {
32 public static final String FILETRANSFER = "?FILETRANSFERv1:";
33 private final static char[] hexArray = "0123456789abcdef".toCharArray();
34 private final static char[] vowels = "aeiou".toCharArray();
35 private final static char[] consonants = "bcdfghjklmnpqrstvwxyz".toCharArray();
36 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
37
38 public static String bytesToHex(byte[] bytes) {
39 char[] hexChars = new char[bytes.length * 2];
40 for (int j = 0; j < bytes.length; j++) {
41 int v = bytes[j] & 0xFF;
42 hexChars[j * 2] = hexArray[v >>> 4];
43 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
44 }
45 return new String(hexChars);
46 }
47
48 public static byte[] hexToBytes(String hexString) {
49 int len = hexString.length();
50 byte[] array = new byte[len / 2];
51 for (int i = 0; i < len; i += 2) {
52 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
53 .digit(hexString.charAt(i + 1), 16));
54 }
55 return array;
56 }
57
58 public static String hexToString(final String hexString) {
59 return new String(hexToBytes(hexString));
60 }
61
62 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
63 byte[] result = new byte[a.length + b.length];
64 System.arraycopy(a, 0, result, 0, a.length);
65 System.arraycopy(b, 0, result, a.length, b.length);
66 return result;
67 }
68
69 public static String randomMucName(SecureRandom random) {
70 return randomWord(3, random) + "." + randomWord(7, random);
71 }
72
73 private static String randomWord(int lenght, SecureRandom random) {
74 StringBuilder builder = new StringBuilder(lenght);
75 for (int i = 0; i < lenght; ++i) {
76 if (i % 2 == 0) {
77 builder.append(consonants[random.nextInt(consonants.length)]);
78 } else {
79 builder.append(vowels[random.nextInt(vowels.length)]);
80 }
81 }
82 return builder.toString();
83 }
84
85 /**
86 * Escapes usernames or passwords for SASL.
87 */
88 public static String saslEscape(final String s) {
89 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
90 for (int i = 0; i < s.length(); i++) {
91 char c = s.charAt(i);
92 switch (c) {
93 case ',':
94 sb.append("=2C");
95 break;
96 case '=':
97 sb.append("=3D");
98 break;
99 default:
100 sb.append(c);
101 break;
102 }
103 }
104 return sb.toString();
105 }
106
107 public static String saslPrep(final String s) {
108 return Normalizer.normalize(s, Normalizer.Form.NFKC);
109 }
110
111 public static String prettifyFingerprint(String fingerprint) {
112 if (fingerprint==null) {
113 return "";
114 } else if (fingerprint.length() < 40) {
115 return fingerprint;
116 }
117 StringBuilder builder = new StringBuilder(fingerprint.replaceAll("\\s",""));
118 for(int i=8;i<builder.length();i+=9) {
119 builder.insert(i, ' ');
120 }
121 return builder.toString();
122 }
123
124 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
125 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
126 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
127 cipherSuites.retainAll(platformCiphers);
128 cipherSuites.addAll(platformCiphers);
129 filterWeakCipherSuites(cipherSuites);
130 return cipherSuites.toArray(new String[cipherSuites.size()]);
131 }
132
133 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
134 final Iterator<String> it = cipherSuites.iterator();
135 while (it.hasNext()) {
136 String cipherName = it.next();
137 // remove all ciphers with no or very weak encryption or no authentication
138 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
139 if (cipherName.contains(weakCipherPattern)) {
140 it.remove();
141 break;
142 }
143 }
144 }
145 }
146
147 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
148 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
149 List<String> emails = new ArrayList<>();
150 if (alternativeNames != null) {
151 for(List<?> san : alternativeNames) {
152 Integer type = (Integer) san.get(0);
153 if (type == 1) {
154 emails.add((String) san.get(1));
155 }
156 }
157 }
158 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
159 if (emails.size() == 0) {
160 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
161 }
162 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
163 if (emails.size() >= 1) {
164 return new Pair<>(Jid.fromString(emails.get(0)), name);
165 } else {
166 return null;
167 }
168 }
169
170 public static int encryptionTypeToText(int encryption) {
171 switch (encryption) {
172 case Message.ENCRYPTION_OTR:
173 return R.string.encryption_choice_otr;
174 case Message.ENCRYPTION_AXOLOTL:
175 return R.string.encryption_choice_omemo;
176 case Message.ENCRYPTION_NONE:
177 return R.string.encryption_choice_unencrypted;
178 default:
179 return R.string.encryption_choice_pgp;
180 }
181 }
182}