1package eu.siacs.conversations.utils;
2
3import android.os.Bundle;
4import android.util.Log;
5import android.util.Pair;
6
7import org.bouncycastle.asn1.x500.X500Name;
8import org.bouncycastle.asn1.x500.style.BCStyle;
9import org.bouncycastle.asn1.x500.style.IETFUtils;
10import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
11import org.bouncycastle.jce.PrincipalUtil;
12
13import java.security.MessageDigest;
14import java.security.SecureRandom;
15import java.security.cert.CertificateEncodingException;
16import java.security.cert.CertificateParsingException;
17import java.security.cert.X509Certificate;
18import java.security.cert.X509Extension;
19import java.text.Normalizer;
20import java.util.ArrayList;
21import java.util.Arrays;
22import java.util.Collection;
23import java.util.Iterator;
24import java.util.LinkedHashSet;
25import java.util.List;
26
27import eu.siacs.conversations.Config;
28import eu.siacs.conversations.R;
29import eu.siacs.conversations.entities.Message;
30import eu.siacs.conversations.xmpp.jid.InvalidJidException;
31import eu.siacs.conversations.xmpp.jid.Jid;
32
33public final class CryptoHelper {
34 public static final String FILETRANSFER = "?FILETRANSFERv1:";
35 private final static char[] hexArray = "0123456789abcdef".toCharArray();
36 private final static char[] vowels = "aeiou".toCharArray();
37 private final static char[] consonants = "bcdfghjklmnpqrstvwxyz".toCharArray();
38 final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
39
40 public static String bytesToHex(byte[] bytes) {
41 char[] hexChars = new char[bytes.length * 2];
42 for (int j = 0; j < bytes.length; j++) {
43 int v = bytes[j] & 0xFF;
44 hexChars[j * 2] = hexArray[v >>> 4];
45 hexChars[j * 2 + 1] = hexArray[v & 0x0F];
46 }
47 return new String(hexChars);
48 }
49
50 public static byte[] hexToBytes(String hexString) {
51 int len = hexString.length();
52 byte[] array = new byte[len / 2];
53 for (int i = 0; i < len; i += 2) {
54 array[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character
55 .digit(hexString.charAt(i + 1), 16));
56 }
57 return array;
58 }
59
60 public static String hexToString(final String hexString) {
61 return new String(hexToBytes(hexString));
62 }
63
64 public static byte[] concatenateByteArrays(byte[] a, byte[] b) {
65 byte[] result = new byte[a.length + b.length];
66 System.arraycopy(a, 0, result, 0, a.length);
67 System.arraycopy(b, 0, result, a.length, b.length);
68 return result;
69 }
70
71 public static String randomMucName(SecureRandom random) {
72 return randomWord(3, random) + "." + randomWord(7, random);
73 }
74
75 private static String randomWord(int lenght, SecureRandom random) {
76 StringBuilder builder = new StringBuilder(lenght);
77 for (int i = 0; i < lenght; ++i) {
78 if (i % 2 == 0) {
79 builder.append(consonants[random.nextInt(consonants.length)]);
80 } else {
81 builder.append(vowels[random.nextInt(vowels.length)]);
82 }
83 }
84 return builder.toString();
85 }
86
87 /**
88 * Escapes usernames or passwords for SASL.
89 */
90 public static String saslEscape(final String s) {
91 final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
92 for (int i = 0; i < s.length(); i++) {
93 char c = s.charAt(i);
94 switch (c) {
95 case ',':
96 sb.append("=2C");
97 break;
98 case '=':
99 sb.append("=3D");
100 break;
101 default:
102 sb.append(c);
103 break;
104 }
105 }
106 return sb.toString();
107 }
108
109 public static String saslPrep(final String s) {
110 return Normalizer.normalize(s, Normalizer.Form.NFKC);
111 }
112
113 public static String prettifyFingerprint(String fingerprint) {
114 if (fingerprint==null) {
115 return "";
116 } else if (fingerprint.length() < 40) {
117 return fingerprint;
118 }
119 StringBuilder builder = new StringBuilder(fingerprint.replaceAll("\\s",""));
120 for(int i=8;i<builder.length();i+=9) {
121 builder.insert(i, ' ');
122 }
123 return builder.toString();
124 }
125
126 public static String prettifyFingerprintCert(String fingerprint) {
127 StringBuilder builder = new StringBuilder(fingerprint);
128 for(int i=2;i < builder.length(); i+=3) {
129 builder.insert(i,':');
130 }
131 return builder.toString();
132 }
133
134 public static String[] getOrderedCipherSuites(final String[] platformSupportedCipherSuites) {
135 final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
136 final List<String> platformCiphers = Arrays.asList(platformSupportedCipherSuites);
137 cipherSuites.retainAll(platformCiphers);
138 cipherSuites.addAll(platformCiphers);
139 filterWeakCipherSuites(cipherSuites);
140 return cipherSuites.toArray(new String[cipherSuites.size()]);
141 }
142
143 private static void filterWeakCipherSuites(final Collection<String> cipherSuites) {
144 final Iterator<String> it = cipherSuites.iterator();
145 while (it.hasNext()) {
146 String cipherName = it.next();
147 // remove all ciphers with no or very weak encryption or no authentication
148 for (String weakCipherPattern : Config.WEAK_CIPHER_PATTERNS) {
149 if (cipherName.contains(weakCipherPattern)) {
150 it.remove();
151 break;
152 }
153 }
154 }
155 }
156
157 public static Pair<Jid,String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
158 Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
159 List<String> emails = new ArrayList<>();
160 if (alternativeNames != null) {
161 for(List<?> san : alternativeNames) {
162 Integer type = (Integer) san.get(0);
163 if (type == 1) {
164 emails.add((String) san.get(1));
165 }
166 }
167 }
168 X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
169 if (emails.size() == 0) {
170 emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
171 }
172 String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
173 if (emails.size() >= 1) {
174 return new Pair<>(Jid.fromString(emails.get(0)), name);
175 } else {
176 return null;
177 }
178 }
179
180 public static Bundle extractCertificateInformation(X509Certificate certificate) {
181 Bundle information = new Bundle();
182 try {
183 JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
184 X500Name subject = holder.getSubject();
185 try {
186 information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
187 } catch (Exception e) {
188 //ignored
189 }
190 try {
191 information.putString("subject_o",subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
192 } catch (Exception e) {
193 //ignored
194 }
195
196 X500Name issuer = holder.getIssuer();
197 try {
198 information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
199 } catch (Exception e) {
200 //ignored
201 }
202 try {
203 information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
204 } catch (Exception e) {
205 //ignored
206 }
207 try {
208 MessageDigest md = MessageDigest.getInstance("SHA-1");
209 byte[] fingerprint = md.digest(certificate.getEncoded());
210 information.putString("sha1", prettifyFingerprintCert(bytesToHex(fingerprint)));
211 } catch (Exception e) {
212
213 }
214 return information;
215 } catch (CertificateEncodingException e) {
216 return information;
217 }
218 }
219
220 public static int encryptionTypeToText(int encryption) {
221 switch (encryption) {
222 case Message.ENCRYPTION_OTR:
223 return R.string.encryption_choice_otr;
224 case Message.ENCRYPTION_AXOLOTL:
225 return R.string.encryption_choice_omemo;
226 case Message.ENCRYPTION_NONE:
227 return R.string.encryption_choice_unencrypted;
228 default:
229 return R.string.encryption_choice_pgp;
230 }
231 }
232}