1package eu.siacs.conversations.crypto;
2
3import android.util.Log;
4import android.util.Pair;
5import androidx.annotation.NonNull;
6import com.google.common.base.CharMatcher;
7import com.google.common.base.MoreObjects;
8import com.google.common.collect.ImmutableList;
9import java.io.IOException;
10import java.net.IDN;
11import java.security.cert.Certificate;
12import java.security.cert.CertificateEncodingException;
13import java.security.cert.CertificateParsingException;
14import java.security.cert.X509Certificate;
15import java.util.ArrayList;
16import java.util.Collection;
17import java.util.Collections;
18import java.util.List;
19import java.util.Locale;
20import javax.net.ssl.SSLPeerUnverifiedException;
21import javax.net.ssl.SSLSession;
22import org.bouncycastle.asn1.ASN1Object;
23import org.bouncycastle.asn1.ASN1Primitive;
24import org.bouncycastle.asn1.ASN1TaggedObject;
25import org.bouncycastle.asn1.DERIA5String;
26import org.bouncycastle.asn1.DERUTF8String;
27import org.bouncycastle.asn1.DLSequence;
28import org.bouncycastle.asn1.x500.RDN;
29import org.bouncycastle.asn1.x500.X500Name;
30import org.bouncycastle.asn1.x500.style.BCStyle;
31import org.bouncycastle.asn1.x500.style.IETFUtils;
32import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
33
34public class XmppDomainVerifier {
35
36 private static final String LOGTAG = "XmppDomainVerifier";
37
38 private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7";
39 private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5";
40
41 private static List<String> getCommonNames(final X509Certificate certificate) {
42 final var domains = new ImmutableList.Builder<String>();
43 try {
44 final var x500name = new JcaX509CertificateHolder(certificate).getSubject();
45 final RDN[] nameRDNs = x500name.getRDNs(BCStyle.CN);
46 for (int i = 0; i < nameRDNs.length; ++i) {
47 domains.add(
48 IETFUtils.valueToString(
49 x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
50 }
51 return domains.build();
52 } catch (final CertificateEncodingException e) {
53 return Collections.emptyList();
54 }
55 }
56
57 private static Pair<String, String> parseOtherName(final byte[] otherName) {
58 try {
59 ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
60 if (asn1Primitive instanceof ASN1TaggedObject taggedObject) {
61 final ASN1Object inner = taggedObject.getBaseObject();
62 if (inner instanceof DLSequence sequence) {
63 if (sequence.size() >= 2
64 && sequence.getObjectAt(1) instanceof ASN1TaggedObject evenInner) {
65 final String oid = sequence.getObjectAt(0).toString();
66 final ASN1Object value = evenInner.getBaseObject();
67 if (value instanceof DERUTF8String derutf8String) {
68 return new Pair<>(oid, derutf8String.getString());
69 } else if (value instanceof DERIA5String deria5String) {
70 return new Pair<>(oid, deria5String.getString());
71 }
72 }
73 }
74 }
75 return null;
76 } catch (final IOException e) {
77 return null;
78 }
79 }
80
81 public static boolean matchDomain(final String domain, final List<String> certificateDomains) {
82 for (final String certificateDomain : certificateDomains) {
83 if (certificateDomain.startsWith("*.")) {
84 // https://www.rfc-editor.org/rfc/rfc6125#section-6.4.3
85 // wild cards can only be in the left most label and don’t match '.'
86 final var wildcardEntry = certificateDomain.substring(1);
87 if (CharMatcher.is('.').countIn(wildcardEntry) < 2) {
88 Log.w(LOGTAG, "not enough labels in wildcard certificate");
89 break;
90 }
91 final int position = domain.indexOf('.');
92 if (position != -1 && domain.substring(position).equalsIgnoreCase(wildcardEntry)) {
93 Log.d(LOGTAG, "domain " + domain + " matched " + certificateDomain);
94 return true;
95 }
96 } else {
97 if (certificateDomain.equalsIgnoreCase(domain)) {
98 Log.d(LOGTAG, "domain " + domain + " matched " + certificateDomain);
99 return true;
100 }
101 }
102 }
103 return false;
104 }
105
106 public boolean verify(
107 final String unicodeDomain, final String unicodeHostname, SSLSession sslSession)
108 throws SSLPeerUnverifiedException {
109 final String domain = IDN.toASCII(unicodeDomain);
110 final String hostname = unicodeHostname == null ? null : IDN.toASCII(unicodeHostname);
111 final Certificate[] chain = sslSession.getPeerCertificates();
112 if (chain.length == 0 || !(chain[0] instanceof X509Certificate certificate)) {
113 return false;
114 }
115 final List<String> commonNames = getCommonNames(certificate);
116 if (isSelfSigned(certificate)) {
117 if (commonNames.size() == 1 && matchDomain(domain, commonNames)) {
118 Log.d(LOGTAG, "accepted CN in self signed cert as work around for " + domain);
119 return true;
120 }
121 }
122 try {
123 final ValidDomains validDomains = parseValidDomains(certificate);
124 Log.d(LOGTAG, "searching for " + domain + " in " + validDomains);
125 if (hostname != null) {
126 Log.d(LOGTAG, "also trying to verify hostname " + hostname);
127 }
128 return validDomains.xmppAddresses.contains(domain)
129 || validDomains.srvNames.contains("_xmpp-client." + domain)
130 || matchDomain(domain, validDomains.domains)
131 || (hostname != null && matchDomain(hostname, validDomains.domains));
132 } catch (final Exception e) {
133 return false;
134 }
135 }
136
137 public static ValidDomains parseValidDomains(final X509Certificate certificate)
138 throws CertificateParsingException {
139 final List<String> commonNames = getCommonNames(certificate);
140 final Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
141 final List<String> xmppAddrs = new ArrayList<>();
142 final List<String> srvNames = new ArrayList<>();
143 final List<String> domains = new ArrayList<>();
144 if (alternativeNames != null) {
145 for (List<?> san : alternativeNames) {
146 final Integer type = (Integer) san.get(0);
147 if (type == 0) {
148 final Pair<String, String> otherName = parseOtherName((byte[]) san.get(1));
149 if (otherName != null && otherName.first != null && otherName.second != null) {
150 switch (otherName.first) {
151 case SRV_NAME:
152 srvNames.add(otherName.second.toLowerCase(Locale.US));
153 break;
154 case XMPP_ADDR:
155 xmppAddrs.add(otherName.second.toLowerCase(Locale.US));
156 break;
157 default:
158 Log.d(
159 LOGTAG,
160 "oid: " + otherName.first + " value: " + otherName.second);
161 }
162 }
163 } else if (type == 2) {
164 final Object value = san.get(1);
165 if (value instanceof String) {
166 domains.add(((String) value).toLowerCase(Locale.US));
167 }
168 }
169 }
170 }
171 if (srvNames.isEmpty() && xmppAddrs.isEmpty() && domains.isEmpty()) {
172 domains.addAll(commonNames);
173 }
174 return new ValidDomains(xmppAddrs, srvNames, domains);
175 }
176
177 public static final class ValidDomains {
178 final List<String> xmppAddresses;
179 final List<String> srvNames;
180 final List<String> domains;
181
182 private ValidDomains(
183 List<String> xmppAddresses, List<String> srvNames, List<String> domains) {
184 this.xmppAddresses = xmppAddresses;
185 this.srvNames = srvNames;
186 this.domains = domains;
187 }
188
189 public List<String> all() {
190 ImmutableList.Builder<String> all = new ImmutableList.Builder<>();
191 all.addAll(xmppAddresses);
192 all.addAll(srvNames);
193 all.addAll(domains);
194 return all.build();
195 }
196
197 @NonNull
198 @Override
199 public String toString() {
200 return MoreObjects.toStringHelper(this)
201 .add("xmppAddresses", xmppAddresses)
202 .add("srvNames", srvNames)
203 .add("domains", domains)
204 .toString();
205 }
206 }
207
208 private boolean isSelfSigned(X509Certificate certificate) {
209 try {
210 certificate.verify(certificate.getPublicKey());
211 return true;
212 } catch (Exception e) {
213 return false;
214 }
215 }
216}