release notes
This commit is contained in:
Thomas
parent
9e701f82ba
commit
8fe26abec7
|
|
@ -0,0 +1,251 @@
|
|||
package app.fedilab.android.helper;
|
||||
/* Copyright 2022 Thomas Schneider
|
||||
*
|
||||
* This file is a part of Fedilab
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* Fedilab is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
|
||||
* the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||
* Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with Fedilab; if not,
|
||||
* see <http://www.gnu.org/licenses>. */
|
||||
|
||||
import static app.fedilab.android.client.entities.app.StatusCache.restoreNotificationFromString;
|
||||
|
||||
import android.content.Context;
|
||||
import android.content.SharedPreferences;
|
||||
import android.util.Base64;
|
||||
import android.util.Log;
|
||||
|
||||
import androidx.preference.PreferenceManager;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.Security;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.security.spec.ECGenParameterSpec;
|
||||
import java.security.spec.ECPoint;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.KeyAgreement;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.GCMParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import app.fedilab.android.client.entities.api.Notification;
|
||||
|
||||
|
||||
public class ECDHFedilab {
|
||||
|
||||
|
||||
public static final String kp_public = "kp_public";
|
||||
public static final String peer_public = "peer_public";
|
||||
|
||||
public static final String name = "prime256v1";
|
||||
private static final byte[] P256_HEAD = new byte[]{(byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a,
|
||||
(byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86,
|
||||
(byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00};
|
||||
|
||||
static {
|
||||
Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
|
||||
}
|
||||
|
||||
private final KeyPairGenerator kpg;
|
||||
private final PublicKey publicKey;
|
||||
private final String encodedPublicKey;
|
||||
private final byte[] authKey;
|
||||
private final String slug;
|
||||
private final String pushPublicKey;
|
||||
private final String encodedAuthKey;
|
||||
private final String pushAccountID;
|
||||
private final String pushPrivateKey;
|
||||
PrivateKey privateKey;
|
||||
private String pushPrivateKe;
|
||||
|
||||
public ECDHFedilab(Context context, String slug) throws Exception {
|
||||
if (slug == null) {
|
||||
throw new Exception("slug cannot be null");
|
||||
}
|
||||
try {
|
||||
kpg = KeyPairGenerator.getInstance("EC");
|
||||
ECGenParameterSpec spec = new ECGenParameterSpec("prime256v1");
|
||||
kpg.initialize(spec);
|
||||
KeyPair keyPair = kpg.generateKeyPair();
|
||||
publicKey = keyPair.getPublic();
|
||||
privateKey = keyPair.getPrivate();
|
||||
encodedPublicKey = Base64.encodeToString(serializeRawPublicKey(publicKey), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
|
||||
authKey = new byte[16];
|
||||
SecureRandom secureRandom = new SecureRandom();
|
||||
secureRandom.nextBytes(authKey);
|
||||
byte[] randomAccountID = new byte[16];
|
||||
secureRandom.nextBytes(randomAccountID);
|
||||
pushPrivateKey = Base64.encodeToString(privateKey.getEncoded(), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
|
||||
pushPublicKey = Base64.encodeToString(publicKey.getEncoded(), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
|
||||
encodedAuthKey = Base64.encodeToString(authKey, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
|
||||
pushAccountID = Base64.encodeToString(randomAccountID, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
|
||||
SharedPreferences.Editor prefsEditor = PreferenceManager
|
||||
.getDefaultSharedPreferences(context).edit();
|
||||
prefsEditor.putString("pushPrivateKey" + slug, pushPrivateKey);
|
||||
prefsEditor.putString("pushPublicKey" + slug, pushPublicKey);
|
||||
prefsEditor.putString("encodedAuthKey" + slug, encodedAuthKey);
|
||||
prefsEditor.putString("pushAccountID" + slug, pushAccountID);
|
||||
prefsEditor.apply();
|
||||
this.slug = slug;
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
e.printStackTrace();
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String getServerKey(Context context, String slug) {
|
||||
SharedPreferences sharedPreferences = PreferenceManager
|
||||
.getDefaultSharedPreferences(context);
|
||||
return sharedPreferences.getString("server_key" + slug, null);
|
||||
}
|
||||
|
||||
private static byte[] serializeRawPublicKey(PublicKey key) {
|
||||
ECPoint point = ((ECPublicKey) key).getW();
|
||||
byte[] x = point.getAffineX().toByteArray();
|
||||
byte[] y = point.getAffineY().toByteArray();
|
||||
if (x.length > 32)
|
||||
x = Arrays.copyOfRange(x, x.length - 32, x.length);
|
||||
if (y.length > 32)
|
||||
y = Arrays.copyOfRange(y, y.length - 32, y.length);
|
||||
byte[] result = new byte[65];
|
||||
result[0] = 4;
|
||||
System.arraycopy(x, 0, result, 1 + (32 - x.length), x.length);
|
||||
System.arraycopy(y, 0, result, result.length - y.length, y.length);
|
||||
return result;
|
||||
}
|
||||
|
||||
public static Notification decryptNotification(Context context, String slug, byte[] messageEncrypted) {
|
||||
|
||||
|
||||
SharedPreferences sharedPreferences = PreferenceManager
|
||||
.getDefaultSharedPreferences(context);
|
||||
Log.v(Helper.TAG, ">>slug: " + slug);
|
||||
String pushPrivateKey = sharedPreferences.getString("pushPrivateKey" + slug, null);
|
||||
String pushPublicKey = sharedPreferences.getString("pushPublicKey" + slug, null);
|
||||
String encodedAuthKey = sharedPreferences.getString("encodedAuthKey" + slug, null);
|
||||
sharedPreferences.getString("pushAccountID" + slug, null);
|
||||
|
||||
|
||||
Log.v(Helper.TAG, "getServerKey(context, slug): " + getServerKey(context, slug));
|
||||
|
||||
|
||||
Log.v(Helper.TAG, "pushPrivateKey: " + pushPrivateKey);
|
||||
Log.v(Helper.TAG, "pushPublicKey: " + pushPublicKey);
|
||||
Log.v(Helper.TAG, "encodedAuthKey: " + encodedAuthKey);
|
||||
|
||||
PublicKey serverKey = null;
|
||||
serverKey = deserializeRawPublicKey(Base64.decode(getServerKey(context, slug), Base64.URL_SAFE));
|
||||
Log.v(Helper.TAG, "serverKey: " + serverKey);
|
||||
PrivateKey privateKey;
|
||||
PublicKey publicKey;
|
||||
byte[] authKey;
|
||||
try {
|
||||
KeyFactory kf = KeyFactory.getInstance("EC");
|
||||
privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(pushPrivateKey, Base64.URL_SAFE)));
|
||||
publicKey = kf.generatePublic(new X509EncodedKeySpec(Base64.decode(pushPublicKey, Base64.URL_SAFE)));
|
||||
authKey = Base64.decode(encodedAuthKey, Base64.URL_SAFE);
|
||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
||||
e.printStackTrace();
|
||||
Log.v(Helper.TAG, "err1: " + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
byte[] sharedSecret;
|
||||
try {
|
||||
KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
|
||||
keyAgreement.init(privateKey);
|
||||
keyAgreement.doPhase(serverKey, true);
|
||||
sharedSecret = keyAgreement.generateSecret();
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
|
||||
e.printStackTrace();
|
||||
Log.v(Helper.TAG, "err2: " + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
byte[] secondSaltInfo = "Content-Encoding: auth\0".getBytes(StandardCharsets.UTF_8);
|
||||
byte[] deriveKey;
|
||||
try {
|
||||
deriveKey = deriveKey(authKey, sharedSecret, secondSaltInfo, 32);
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
|
||||
e.printStackTrace();
|
||||
Log.v(Helper.TAG, "err3: " + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
String decryptedStr;
|
||||
try {
|
||||
|
||||
SecretKeySpec aesKey = new SecretKeySpec(deriveKey, "AES");
|
||||
byte[] iv = Arrays.copyOfRange(messageEncrypted, 0, 12);
|
||||
byte[] ciphertext = Arrays.copyOfRange(messageEncrypted, 12, messageEncrypted.length); // Separate ciphertext (the MAC is implicitly separated from the ciphertext)
|
||||
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
||||
GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, iv);
|
||||
cipher.init(Cipher.DECRYPT_MODE, aesKey, gCMParameterSpec);
|
||||
byte[] decrypted = cipher.doFinal(ciphertext);
|
||||
decryptedStr = new String(decrypted, 2, decrypted.length - 2, StandardCharsets.UTF_8);
|
||||
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
|
||||
e.printStackTrace();
|
||||
Log.v(Helper.TAG, "err4: " + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
return restoreNotificationFromString(decryptedStr);
|
||||
}
|
||||
|
||||
protected static PublicKey deserializeRawPublicKey(byte[] rawBytes) {
|
||||
if (rawBytes.length != 65 && rawBytes.length != 64)
|
||||
return null;
|
||||
try {
|
||||
KeyFactory kf = KeyFactory.getInstance("EC");
|
||||
ByteArrayOutputStream os = new ByteArrayOutputStream();
|
||||
os.write(P256_HEAD);
|
||||
if (rawBytes.length == 64)
|
||||
os.write(4);
|
||||
os.write(rawBytes);
|
||||
return kf.generatePublic(new X509EncodedKeySpec(os.toByteArray()));
|
||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException | IOException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private static byte[] deriveKey(byte[] firstSalt, byte[] secondSalt, byte[] info, int length) throws NoSuchAlgorithmException, InvalidKeyException {
|
||||
Mac hmacContext = Mac.getInstance("HmacSHA256");
|
||||
hmacContext.init(new SecretKeySpec(firstSalt, "HmacSHA256"));
|
||||
byte[] hmac = hmacContext.doFinal(secondSalt);
|
||||
hmacContext.init(new SecretKeySpec(hmac, "HmacSHA256"));
|
||||
hmacContext.update(info);
|
||||
byte[] result = hmacContext.doFinal(new byte[]{1});
|
||||
return result.length <= length ? result : Arrays.copyOfRange(result, 0, length);
|
||||
}
|
||||
|
||||
public String getPublicKey() {
|
||||
return this.encodedPublicKey;
|
||||
}
|
||||
|
||||
public String getAuthKey() {
|
||||
return this.encodedAuthKey;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -15,21 +15,17 @@ package app.fedilab.android.helper;
|
|||
* see <http://www.gnu.org/licenses>. */
|
||||
|
||||
|
||||
import static app.fedilab.android.helper.ECDH.kp_private;
|
||||
import static app.fedilab.android.helper.ECDH.kp_public;
|
||||
|
||||
import android.content.Context;
|
||||
import android.content.SharedPreferences;
|
||||
import android.os.Handler;
|
||||
import android.os.Looper;
|
||||
import android.util.Log;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.preference.PreferenceManager;
|
||||
|
||||
import java.util.Random;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import app.fedilab.android.BaseMainActivity;
|
||||
import app.fedilab.android.R;
|
||||
import app.fedilab.android.client.endpoints.MastodonNotificationsService;
|
||||
import app.fedilab.android.client.entities.api.PushSubscription;
|
||||
|
|
@ -50,24 +46,18 @@ public class PushNotifications {
|
|||
|
||||
SharedPreferences prefs = PreferenceManager
|
||||
.getDefaultSharedPreferences(context);
|
||||
String strPub = prefs.getString(kp_public + slug, "");
|
||||
String strPriv = prefs.getString(kp_private + slug, "");
|
||||
ECDH ecdh = null;
|
||||
ECDHFedilab ecdh = null;
|
||||
try {
|
||||
ecdh = ECDH.getInstance(slug);
|
||||
ecdh = new ECDHFedilab(context, slug);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
if (ecdh == null) {
|
||||
return;
|
||||
}
|
||||
if (strPub.trim().isEmpty() || strPriv.trim().isEmpty()) {
|
||||
ecdh.newPair(context);
|
||||
}
|
||||
String pubKey = ecdh.getPublicKey(context);
|
||||
byte[] randBytes = new byte[16];
|
||||
new Random().nextBytes(randBytes);
|
||||
String auth = ECDH.base64Encode(randBytes);
|
||||
|
||||
String pubKey = ecdh.getPublicKey();
|
||||
String auth = ecdh.getAuthKey();
|
||||
|
||||
|
||||
boolean notif_follow = prefs.getBoolean(context.getString(R.string.SET_NOTIF_FOLLOW), true);
|
||||
|
|
@ -75,8 +65,6 @@ public class PushNotifications {
|
|||
boolean notif_share = prefs.getBoolean(context.getString(R.string.SET_NOTIF_SHARE), true);
|
||||
boolean notif_poll = prefs.getBoolean(context.getString(R.string.SET_NOTIF_POLL), true);
|
||||
boolean notif_fav = prefs.getBoolean(context.getString(R.string.SET_NOTIF_FAVOURITE), true);
|
||||
MastodonNotificationsService mastodonNotificationsService = init(context, BaseMainActivity.currentInstance);
|
||||
ECDH finalEcdh = ecdh;
|
||||
new Thread(() -> {
|
||||
String[] slugArray = slug.split("@");
|
||||
BaseAccount accountDb = null;
|
||||
|
|
@ -85,9 +73,11 @@ public class PushNotifications {
|
|||
} catch (DBException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
if (accountDb == null) {
|
||||
return;
|
||||
}
|
||||
MastodonNotificationsService mastodonNotificationsService = init(context, accountDb.instance);
|
||||
PushSubscription pushSubscription;
|
||||
Call<PushSubscription> pushSubscriptionCall = mastodonNotificationsService.pushSubscription(
|
||||
accountDb.token,
|
||||
|
|
@ -105,10 +95,16 @@ public class PushNotifications {
|
|||
if (pushSubscriptionResponse.isSuccessful()) {
|
||||
pushSubscription = pushSubscriptionResponse.body();
|
||||
if (pushSubscription != null) {
|
||||
finalEcdh.saveServerKey(context, pushSubscription.server_key);
|
||||
pushSubscription.server_key = pushSubscription.server_key.replace('/', '_');
|
||||
pushSubscription.server_key = pushSubscription.server_key.replace('+', '-');
|
||||
SharedPreferences.Editor prefsEditor = PreferenceManager
|
||||
.getDefaultSharedPreferences(context).edit();
|
||||
prefsEditor.putString("server_key" + slug, pushSubscription.server_key);
|
||||
prefsEditor.apply();
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
Log.v(Helper.TAG, slug + " -> " + e.getMessage());
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
|
@ -122,6 +118,7 @@ public class PushNotifications {
|
|||
|
||||
}
|
||||
|
||||
|
||||
public static String getToken(Context context, String slug) {
|
||||
return context.getSharedPreferences("unifiedpush.connector", Context.MODE_PRIVATE).getString(
|
||||
slug + "/unifiedpush.connector", null);
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ package app.fedilab.android.services;
|
|||
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.util.Log;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
|
||||
|
|
@ -23,6 +24,7 @@ import org.jetbrains.annotations.NotNull;
|
|||
import org.jetbrains.annotations.Nullable;
|
||||
import org.unifiedpush.android.connector.MessagingReceiver;
|
||||
|
||||
import app.fedilab.android.helper.Helper;
|
||||
import app.fedilab.android.helper.NotificationsHelper;
|
||||
import app.fedilab.android.helper.PushNotifications;
|
||||
|
||||
|
|
@ -38,13 +40,15 @@ public class CustomReceiver extends MessagingReceiver {
|
|||
@Override
|
||||
public void onMessage(@NotNull Context context, @NotNull byte[] message, @NotNull String slug) {
|
||||
// Called when a new message is received. The message contains the full POST body of the push message
|
||||
Log.v(Helper.TAG, "onMessage: " + slug);
|
||||
new Thread(() -> {
|
||||
try {
|
||||
/* ECDH ecdh = ECDH.getInstance(slug);
|
||||
if (ecdh == null) {
|
||||
return;
|
||||
}*/
|
||||
//String decrypted = ecdh.uncryptMessage(context, String.valueOf(message));
|
||||
/*Notification notification = ECDHFedilab.decryptNotification(context, slug, message);
|
||||
Log.v(Helper.TAG,"notification: " + notification);
|
||||
if(notification != null) {
|
||||
Log.v(Helper.TAG,"id: " + notification.id);
|
||||
}
|
||||
*/
|
||||
NotificationsHelper.task(context, slug);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
|
|
|
|||
Loading…
Reference in New Issue