1package eu.siacs.conversations.utils;
2
3import android.os.Bundle;
4import android.util.Pair;
5
6import org.bouncycastle.asn1.x500.X500Name;
7import org.bouncycastle.asn1.x500.style.BCStyle;
8import org.bouncycastle.asn1.x500.style.IETFUtils;
9import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
10
11import java.security.MessageDigest;
12import java.security.NoSuchAlgorithmException;
13import java.security.cert.CertificateEncodingException;
14import java.security.cert.CertificateParsingException;
15import java.security.cert.X509Certificate;
16import java.text.Normalizer;
17import java.util.ArrayList;
18import java.util.Arrays;
19import java.util.Collection;
20import java.util.Iterator;
21import java.util.LinkedHashSet;
22import java.util.List;
23import java.util.Locale;
24
25import eu.siacs.conversations.Config;
26import eu.siacs.conversations.R;
27import eu.siacs.conversations.entities.Message;
28import eu.siacs.conversations.xmpp.jid.InvalidJidException;
29import eu.siacs.conversations.xmpp.jid.Jid;
30
31public final class CryptoHelper {
32 public static final String FILETRANSFER = "?FILETRANSFERv1:";
33 private final static char[] hexArray = "0123456789abcdef".toCharArray();
34 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
35
36 public static String bytesToHex(byte[] bytes) {
37 char[] hexChars = new char[bytes.length * 2];
38 for (int j = 0; j < bytes.length; j++) {
39 int v = bytes[j] & 0xFF;
40 hexChars[j * 2] = hexArray[v >>> 4];
41 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
42 }
43 return new String(hexChars);
44 }
45
46 public static byte[] hexToBytes(String hexString) {
47 int len = hexString.length();
48 byte[] array = new byte[len / 2];
49 for (int i = 0; i < len; i += 2) {
50 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
51 .digit(hexString.charAt(i + 1), 16));
52 }
53 return array;
54 }
55
56 public static String hexToString(final String hexString) {
57 return new String(hexToBytes(hexString));
58 }
59
60 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
61 byte[] result = new byte[a.length + b.length];
62 System.arraycopy(a, 0, result, 0, a.length);
63 System.arraycopy(b, 0, result, a.length, b.length);
64 return result;
65 }
66
67 /**
68 * Escapes usernames or passwords for SASL.
69 */
70 public static String saslEscape(final String s) {
71 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
72 for (int i = 0; i < s.length(); i++) {
73 char c = s.charAt(i);
74 switch (c) {
75 case ',':
76 sb.append("=2C");
77 break;
78 case '=':
79 sb.append("=3D");
80 break;
81 default:
82 sb.append(c);
83 break;
84 }
85 }
86 return sb.toString();
87 }
88
89 public static String saslPrep(final String s) {
90 return Normalizer.normalize(s, Normalizer.Form.NFKC);
91 }
92
93 public static String prettifyFingerprint(String fingerprint) {
94 if (fingerprint==null) {
95 return "";
96 } else if (fingerprint.length() < 40) {
97 return fingerprint;
98 }
99 StringBuilder builder = new StringBuilder(fingerprint.toLowerCase(Locale.US).replaceAll("\\s", ""));
100 for(int i=8;i<builder.length();i+=9) {
101 builder.insert(i, ' ');
102 }
103 return builder.toString();
104 }
105
106 public static String prettifyFingerprintCert(String fingerprint) {
107 StringBuilder builder = new StringBuilder(fingerprint);
108 for(int i=2;i < builder.length(); i+=3) {
109 builder.insert(i,':');
110 }
111 return builder.toString();
112 }
113
114 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
115 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
116 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
117 cipherSuites.retainAll(platformCiphers);
118 cipherSuites.addAll(platformCiphers);
119 filterWeakCipherSuites(cipherSuites);
120 return cipherSuites.toArray(new String[cipherSuites.size()]);
121 }
122
123 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
124 final Iterator<String> it = cipherSuites.iterator();
125 while (it.hasNext()) {
126 String cipherName = it.next();
127 // remove all ciphers with no or very weak encryption or no authentication
128 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
129 if (cipherName.contains(weakCipherPattern)) {
130 it.remove();
131 break;
132 }
133 }
134 }
135 }
136
137 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
138 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
139 List<String> emails = new ArrayList<>();
140 if (alternativeNames != null) {
141 for(List<?> san : alternativeNames) {
142 Integer type = (Integer) san.get(0);
143 if (type == 1) {
144 emails.add((String) san.get(1));
145 }
146 }
147 }
148 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
149 if (emails.size() == 0) {
150 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
151 }
152 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
153 if (emails.size() >= 1) {
154 return new Pair<>(Jid.fromString(emails.get(0)), name);
155 } else {
156 return null;
157 }
158 }
159
160 public static Bundle extractCertificateInformation(X509Certificate certificate) {
161 Bundle information = new Bundle();
162 try {
163 JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
164 X500Name subject = holder.getSubject();
165 try {
166 information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
167 } catch (Exception e) {
168 //ignored
169 }
170 try {
171 information.putString("subject_o",subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
172 } catch (Exception e) {
173 //ignored
174 }
175
176 X500Name issuer = holder.getIssuer();
177 try {
178 information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
179 } catch (Exception e) {
180 //ignored
181 }
182 try {
183 information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
184 } catch (Exception e) {
185 //ignored
186 }
187 try {
188 information.putString("sha1", getFingerprintCert(certificate.getEncoded()));
189 } catch (Exception e) {
190
191 }
192 return information;
193 } catch (CertificateEncodingException e) {
194 return information;
195 }
196 }
197
198 public static String getFingerprintCert(byte[] input) throws NoSuchAlgorithmException {
199 MessageDigest md = MessageDigest.getInstance("SHA-1");
200 byte[] fingerprint = md.digest(input);
201 return prettifyFingerprintCert(bytesToHex(fingerprint));
202 }
203
204 public static int encryptionTypeToText(int encryption) {
205 switch (encryption) {
206 case Message.ENCRYPTION_OTR:
207 return R.string.encryption_choice_otr;
208 case Message.ENCRYPTION_AXOLOTL:
209 return R.string.encryption_choice_omemo;
210 case Message.ENCRYPTION_NONE:
211 return R.string.encryption_choice_unencrypted;
212 default:
213 return R.string.encryption_choice_pgp;
214 }
215 }
216}