1package eu.siacs.conversations.utils;
2
3import android.os.Bundle;
4import android.util.Pair;
5
6import org.bouncycastle.asn1.x500.X500Name;
7import org.bouncycastle.asn1.x500.style.BCStyle;
8import org.bouncycastle.asn1.x500.style.IETFUtils;
9import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
10
11import java.security.MessageDigest;
12import java.security.NoSuchAlgorithmException;
13import java.security.cert.CertificateEncodingException;
14import java.security.cert.CertificateParsingException;
15import java.security.cert.X509Certificate;
16import java.text.Normalizer;
17import java.util.ArrayList;
18import java.util.Arrays;
19import java.util.Collection;
20import java.util.Iterator;
21import java.util.LinkedHashSet;
22import java.util.List;
23import java.util.Locale;
24import java.util.regex.Pattern;
25
26import eu.siacs.conversations.Config;
27import eu.siacs.conversations.R;
28import eu.siacs.conversations.entities.Account;
29import eu.siacs.conversations.entities.Message;
30import eu.siacs.conversations.xmpp.jid.InvalidJidException;
31import eu.siacs.conversations.xmpp.jid.Jid;
32
33public final class CryptoHelper {
34 public static final String FILETRANSFER = "?FILETRANSFERv1:";
35 private final static char[] hexArray = "0123456789abcdef".toCharArray();
36
37 public static final Pattern UUID_PATTERN = Pattern.compile("[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}");
38 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
39
40 public static String bytesToHex(byte[] bytes) {
41 char[] hexChars = new char[bytes.length * 2];
42 for (int j = 0; j < bytes.length; j++) {
43 int v = bytes[j] & 0xFF;
44 hexChars[j * 2] = hexArray[v >>> 4];
45 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
46 }
47 return new String(hexChars);
48 }
49
50 public static byte[] hexToBytes(String hexString) {
51 int len = hexString.length();
52 byte[] array = new byte[len / 2];
53 for (int i = 0; i < len; i += 2) {
54 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
55 .digit(hexString.charAt(i + 1), 16));
56 }
57 return array;
58 }
59
60 public static String hexToString(final String hexString) {
61 return new String(hexToBytes(hexString));
62 }
63
64 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
65 byte[] result = new byte[a.length + b.length];
66 System.arraycopy(a, 0, result, 0, a.length);
67 System.arraycopy(b, 0, result, a.length, b.length);
68 return result;
69 }
70
71 /**
72 * Escapes usernames or passwords for SASL.
73 */
74 public static String saslEscape(final String s) {
75 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
76 for (int i = 0; i < s.length(); i++) {
77 char c = s.charAt(i);
78 switch (c) {
79 case ',':
80 sb.append("=2C");
81 break;
82 case '=':
83 sb.append("=3D");
84 break;
85 default:
86 sb.append(c);
87 break;
88 }
89 }
90 return sb.toString();
91 }
92
93 public static String saslPrep(final String s) {
94 return Normalizer.normalize(s, Normalizer.Form.NFKC);
95 }
96
97 public static String prettifyFingerprint(String fingerprint) {
98 if (fingerprint==null) {
99 return "";
100 } else if (fingerprint.length() < 40) {
101 return fingerprint;
102 }
103 StringBuilder builder = new StringBuilder(fingerprint.toLowerCase(Locale.US).replaceAll("\\s", ""));
104 for(int i=8;i<builder.length();i+=9) {
105 builder.insert(i, ' ');
106 }
107 return builder.toString();
108 }
109
110 public static String prettifyFingerprintCert(String fingerprint) {
111 StringBuilder builder = new StringBuilder(fingerprint);
112 for(int i=2;i < builder.length(); i+=3) {
113 builder.insert(i,':');
114 }
115 return builder.toString();
116 }
117
118 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
119 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
120 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
121 cipherSuites.retainAll(platformCiphers);
122 cipherSuites.addAll(platformCiphers);
123 filterWeakCipherSuites(cipherSuites);
124 return cipherSuites.toArray(new String[cipherSuites.size()]);
125 }
126
127 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
128 final Iterator<String> it = cipherSuites.iterator();
129 while (it.hasNext()) {
130 String cipherName = it.next();
131 // remove all ciphers with no or very weak encryption or no authentication
132 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
133 if (cipherName.contains(weakCipherPattern)) {
134 it.remove();
135 break;
136 }
137 }
138 }
139 }
140
141 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
142 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
143 List<String> emails = new ArrayList<>();
144 if (alternativeNames != null) {
145 for(List<?> san : alternativeNames) {
146 Integer type = (Integer) san.get(0);
147 if (type == 1) {
148 emails.add((String) san.get(1));
149 }
150 }
151 }
152 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
153 if (emails.size() == 0) {
154 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
155 }
156 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
157 if (emails.size() >= 1) {
158 return new Pair<>(Jid.fromString(emails.get(0)), name);
159 } else {
160 return null;
161 }
162 }
163
164 public static Bundle extractCertificateInformation(X509Certificate certificate) {
165 Bundle information = new Bundle();
166 try {
167 JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
168 X500Name subject = holder.getSubject();
169 try {
170 information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
171 } catch (Exception e) {
172 //ignored
173 }
174 try {
175 information.putString("subject_o",subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
176 } catch (Exception e) {
177 //ignored
178 }
179
180 X500Name issuer = holder.getIssuer();
181 try {
182 information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
183 } catch (Exception e) {
184 //ignored
185 }
186 try {
187 information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
188 } catch (Exception e) {
189 //ignored
190 }
191 try {
192 information.putString("sha1", getFingerprintCert(certificate.getEncoded()));
193 } catch (Exception e) {
194
195 }
196 return information;
197 } catch (CertificateEncodingException e) {
198 return information;
199 }
200 }
201
202 public static String getFingerprintCert(byte[] input) throws NoSuchAlgorithmException {
203 MessageDigest md = MessageDigest.getInstance("SHA-1");
204 byte[] fingerprint = md.digest(input);
205 return prettifyFingerprintCert(bytesToHex(fingerprint));
206 }
207
208 public static String getAccountFingerprint(Account account) {
209 return getFingerprint(account.getJid().toBareJid().toString());
210 }
211
212 public static String getFingerprint(String value) {
213 try {
214 MessageDigest md = MessageDigest.getInstance("SHA-256");
215 return bytesToHex(md.digest(value.getBytes("UTF-8")));
216 } catch (Exception e) {
217 return "";
218 }
219 }
220
221 public static int encryptionTypeToText(int encryption) {
222 switch (encryption) {
223 case Message.ENCRYPTION_OTR:
224 return R.string.encryption_choice_otr;
225 case Message.ENCRYPTION_AXOLOTL:
226 return R.string.encryption_choice_omemo;
227 case Message.ENCRYPTION_NONE:
228 return R.string.encryption_choice_unencrypted;
229 default:
230 return R.string.encryption_choice_pgp;
231 }
232 }
233}