1package eu.siacs.conversations.utils;
2
3import android.os.Bundle;
4import android.util.Pair;
5
6import org.bouncycastle.asn1.x500.X500Name;
7import org.bouncycastle.asn1.x500.style.BCStyle;
8import org.bouncycastle.asn1.x500.style.IETFUtils;
9import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
10
11import java.net.MalformedURLException;
12import java.net.URL;
13import java.security.MessageDigest;
14import java.security.NoSuchAlgorithmException;
15import java.security.cert.CertificateEncodingException;
16import java.security.cert.CertificateParsingException;
17import java.security.cert.X509Certificate;
18import java.text.Normalizer;
19import java.util.ArrayList;
20import java.util.Arrays;
21import java.util.Collection;
22import java.util.Iterator;
23import java.util.LinkedHashSet;
24import java.util.List;
25import java.util.Locale;
26import java.util.regex.Pattern;
27
28import eu.siacs.conversations.Config;
29import eu.siacs.conversations.R;
30import eu.siacs.conversations.entities.Account;
31import eu.siacs.conversations.entities.Message;
32import eu.siacs.conversations.xmpp.jid.InvalidJidException;
33import eu.siacs.conversations.xmpp.jid.Jid;
34
35public final class CryptoHelper {
36 public static final String FILETRANSFER = "?FILETRANSFERv1:";
37 private final static char[] hexArray = "0123456789abcdef".toCharArray();
38
39 public static final Pattern UUID_PATTERN = Pattern.compile("[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}");
40 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
41
42 public static String bytesToHex(byte[] bytes) {
43 char[] hexChars = new char[bytes.length * 2];
44 for (int j = 0; j < bytes.length; j++) {
45 int v = bytes[j] & 0xFF;
46 hexChars[j * 2] = hexArray[v >>> 4];
47 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
48 }
49 return new String(hexChars);
50 }
51
52 public static byte[] hexToBytes(String hexString) {
53 int len = hexString.length();
54 byte[] array = new byte[len / 2];
55 for (int i = 0; i < len; i += 2) {
56 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
57 .digit(hexString.charAt(i + 1), 16));
58 }
59 return array;
60 }
61
62 public static String hexToString(final String hexString) {
63 return new String(hexToBytes(hexString));
64 }
65
66 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
67 byte[] result = new byte[a.length + b.length];
68 System.arraycopy(a, 0, result, 0, a.length);
69 System.arraycopy(b, 0, result, a.length, b.length);
70 return result;
71 }
72
73 /**
74 * Escapes usernames or passwords for SASL.
75 */
76 public static String saslEscape(final String s) {
77 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
78 for (int i = 0; i < s.length(); i++) {
79 char c = s.charAt(i);
80 switch (c) {
81 case ',':
82 sb.append("=2C");
83 break;
84 case '=':
85 sb.append("=3D");
86 break;
87 default:
88 sb.append(c);
89 break;
90 }
91 }
92 return sb.toString();
93 }
94
95 public static String saslPrep(final String s) {
96 return Normalizer.normalize(s, Normalizer.Form.NFKC);
97 }
98
99 public static String prettifyFingerprint(String fingerprint) {
100 if (fingerprint==null) {
101 return "";
102 } else if (fingerprint.length() < 40) {
103 return fingerprint;
104 }
105 StringBuilder builder = new StringBuilder(fingerprint.toLowerCase(Locale.US).replaceAll("\\s", ""));
106 for(int i=8;i<builder.length();i+=9) {
107 builder.insert(i, ' ');
108 }
109 return builder.toString();
110 }
111
112 public static String prettifyFingerprintCert(String fingerprint) {
113 StringBuilder builder = new StringBuilder(fingerprint);
114 for(int i=2;i < builder.length(); i+=3) {
115 builder.insert(i,':');
116 }
117 return builder.toString();
118 }
119
120 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
121 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
122 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
123 cipherSuites.retainAll(platformCiphers);
124 cipherSuites.addAll(platformCiphers);
125 filterWeakCipherSuites(cipherSuites);
126 return cipherSuites.toArray(new String[cipherSuites.size()]);
127 }
128
129 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
130 final Iterator<String> it = cipherSuites.iterator();
131 while (it.hasNext()) {
132 String cipherName = it.next();
133 // remove all ciphers with no or very weak encryption or no authentication
134 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
135 if (cipherName.contains(weakCipherPattern)) {
136 it.remove();
137 break;
138 }
139 }
140 }
141 }
142
143 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
144 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
145 List<String> emails = new ArrayList<>();
146 if (alternativeNames != null) {
147 for(List<?> san : alternativeNames) {
148 Integer type = (Integer) san.get(0);
149 if (type == 1) {
150 emails.add((String) san.get(1));
151 }
152 }
153 }
154 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
155 if (emails.size() == 0) {
156 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
157 }
158 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
159 if (emails.size() >= 1) {
160 return new Pair<>(Jid.fromString(emails.get(0)), name);
161 } else {
162 return null;
163 }
164 }
165
166 public static Bundle extractCertificateInformation(X509Certificate certificate) {
167 Bundle information = new Bundle();
168 try {
169 JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
170 X500Name subject = holder.getSubject();
171 try {
172 information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
173 } catch (Exception e) {
174 //ignored
175 }
176 try {
177 information.putString("subject_o",subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
178 } catch (Exception e) {
179 //ignored
180 }
181
182 X500Name issuer = holder.getIssuer();
183 try {
184 information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
185 } catch (Exception e) {
186 //ignored
187 }
188 try {
189 information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
190 } catch (Exception e) {
191 //ignored
192 }
193 try {
194 information.putString("sha1", getFingerprintCert(certificate.getEncoded()));
195 } catch (Exception e) {
196
197 }
198 return information;
199 } catch (CertificateEncodingException e) {
200 return information;
201 }
202 }
203
204 public static String getFingerprintCert(byte[] input) throws NoSuchAlgorithmException {
205 MessageDigest md = MessageDigest.getInstance("SHA-1");
206 byte[] fingerprint = md.digest(input);
207 return prettifyFingerprintCert(bytesToHex(fingerprint));
208 }
209
210 public static String getAccountFingerprint(Account account) {
211 return getFingerprint(account.getJid().toBareJid().toString());
212 }
213
214 public static String getFingerprint(String value) {
215 try {
216 MessageDigest md = MessageDigest.getInstance("SHA-256");
217 return bytesToHex(md.digest(value.getBytes("UTF-8")));
218 } catch (Exception e) {
219 return "";
220 }
221 }
222
223 public static int encryptionTypeToText(int encryption) {
224 switch (encryption) {
225 case Message.ENCRYPTION_OTR:
226 return R.string.encryption_choice_otr;
227 case Message.ENCRYPTION_AXOLOTL:
228 return R.string.encryption_choice_omemo;
229 case Message.ENCRYPTION_NONE:
230 return R.string.encryption_choice_unencrypted;
231 default:
232 return R.string.encryption_choice_pgp;
233 }
234 }
235
236 public static URL toAesGcmUrl(URL url) {
237 if (!url.getProtocol().equalsIgnoreCase("https")) {
238 return url;
239 }
240 try {
241 return new URL("aesgcm"+url.toString().substring(url.getProtocol().length()));
242 } catch (MalformedURLException e) {
243 return url;
244 }
245 }
246
247 public static boolean isPgpEncryptedUrl(String url) {
248 if (url == null) {
249 return false;
250 }
251 final String u = url.toLowerCase();
252 return !u.contains(" ") && (u.startsWith("https://") || u.startsWith("http://")) && u.endsWith(".pgp");
253 }
254}