kopia lustrzana https://github.com/ryukoposting/Signal-Android
Replace spongy with libsignal x509 generation for device transfer.
Cody Henthorne
GitHub
rodzic
6770d21cf7
commit
11df2bc51f
|
|
@ -378,18 +378,6 @@ dependencyVerification {
|
|||
['com.klinkerapps:logger:1.0.3',
|
||||
'177e325259a8b111ad6745ec10db5861723c99f402222b80629f576f49408541'],
|
||||
|
||||
['com.madgag.spongycastle:core:1.58.0.0',
|
||||
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
|
||||
|
||||
['com.madgag.spongycastle:pg:1.54.0.0',
|
||||
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
|
||||
|
||||
['com.madgag.spongycastle:pkix:1.54.0.0',
|
||||
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
|
||||
|
||||
['com.madgag.spongycastle:prov:1.58.0.0',
|
||||
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
|
||||
|
||||
['com.makeramen:roundedimageview:2.1.0',
|
||||
'1f5a1865796b308c6cdd114acc6e78408b110f0a62fc63553278fbeacd489cd1'],
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ android {
|
|||
defaultConfig {
|
||||
minSdkVersion MINIMUM_SDK
|
||||
targetSdkVersion TARGET_SDK
|
||||
consumerProguardFiles 'lib-proguard-rules.pro'
|
||||
}
|
||||
|
||||
compileOptions {
|
||||
|
|
@ -29,16 +28,7 @@ dependencyVerification {
|
|||
dependencies {
|
||||
implementation 'androidx.appcompat:appcompat:1.2.0'
|
||||
implementation project(':core-util')
|
||||
implementation 'com.madgag.spongycastle:core:1.58.0.0'
|
||||
implementation('com.madgag.spongycastle:prov:1.58.0.0') {
|
||||
exclude group: 'junit'
|
||||
}
|
||||
implementation('com.madgag.spongycastle:pkix:1.54.0.0') {
|
||||
exclude group: 'junit'
|
||||
}
|
||||
implementation('com.madgag.spongycastle:pg:1.54.0.0') {
|
||||
exclude group: 'junit'
|
||||
}
|
||||
implementation 'org.whispersystems:signal-client-java:0.5.1'
|
||||
api 'org.greenrobot:eventbus:3.0.0'
|
||||
|
||||
testImplementation 'junit:junit:4.12'
|
||||
|
|
|
|||
|
|
@ -1,8 +0,0 @@
|
|||
-keep class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
|
||||
-keepclassmembers class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
|
||||
|
||||
-keep class org.spongycastle.jcajce.provider.asymmetric.RSA**
|
||||
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.RSA** {*;}
|
||||
|
||||
-keep class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}
|
||||
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}
|
||||
|
|
@ -3,32 +3,22 @@ package org.signal.devicetransfer;
|
|||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
import org.spongycastle.asn1.x500.X500Name;
|
||||
import org.spongycastle.asn1.x500.X500NameBuilder;
|
||||
import org.spongycastle.asn1.x500.style.BCStyle;
|
||||
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
|
||||
import org.spongycastle.cert.X509CertificateHolder;
|
||||
import org.spongycastle.cert.X509v3CertificateBuilder;
|
||||
import org.spongycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.spongycastle.operator.ContentSigner;
|
||||
import org.spongycastle.operator.OperatorCreationException;
|
||||
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
|
||||
import org.signal.libsignal.devicetransfer.DeviceTransferKey;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.KeyStore;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.Security;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Date;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
|
@ -43,24 +33,19 @@ import javax.net.ssl.X509TrustManager;
|
|||
final class SelfSignedIdentity {
|
||||
|
||||
private static final String KEY_GENERATION_ALGORITHM = "RSA";
|
||||
private static final int KEY_SIZE = 4096;
|
||||
private static final String SSL_CONTEXT_PROTOCOL = "TLS";
|
||||
private static final String CERTIFICATE_TYPE = "X509";
|
||||
private static final String KEYSTORE_TYPE = "BKS";
|
||||
private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
|
||||
|
||||
private SelfSignedIdentity() { }
|
||||
|
||||
public static @NonNull SelfSignedKeys create() throws KeyGenerationFailedException {
|
||||
try {
|
||||
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM);
|
||||
keyPairGenerator.initialize(KEY_SIZE);
|
||||
|
||||
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
||||
X509CertificateHolder x509 = createX509(keyPair);
|
||||
|
||||
return new SelfSignedKeys(x509.getEncoded(), keyPair.getPrivate());
|
||||
} catch (GeneralSecurityException | OperatorCreationException | IOException e) {
|
||||
DeviceTransferKey key = new DeviceTransferKey();
|
||||
byte[] x509 = key.generateCertificate("SignalTransfer", 1);
|
||||
PrivateKey privateKey = KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(key.keyMaterial()));
|
||||
return new SelfSignedKeys(x509, privateKey);
|
||||
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
|
||||
throw new KeyGenerationFailedException(e);
|
||||
}
|
||||
}
|
||||
|
|
@ -73,7 +58,7 @@ final class SelfSignedIdentity {
|
|||
|
||||
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
|
||||
keyStore.load(null);
|
||||
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[]{certificate});
|
||||
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[] { certificate });
|
||||
|
||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keyStore, null);
|
||||
|
|
@ -88,40 +73,10 @@ final class SelfSignedIdentity {
|
|||
throws GeneralSecurityException
|
||||
{
|
||||
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
|
||||
sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
|
||||
sslContext.init(null, new TrustManager[] { trustManager }, new SecureRandom());
|
||||
return sslContext.getSocketFactory();
|
||||
}
|
||||
|
||||
private static @NonNull X509CertificateHolder createX509(@NonNull KeyPair keyPair) throws OperatorCreationException {
|
||||
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
|
||||
Date endDate = new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000);
|
||||
|
||||
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
|
||||
nameBuilder.addRDN(BCStyle.C, "United States");
|
||||
nameBuilder.addRDN(BCStyle.ST, "California");
|
||||
nameBuilder.addRDN(BCStyle.L, "San Francisco");
|
||||
nameBuilder.addRDN(BCStyle.O, "Signal Foundation");
|
||||
nameBuilder.addRDN(BCStyle.CN, "SignalTransfer");
|
||||
|
||||
X500Name x500Name = nameBuilder.build();
|
||||
BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().nextLong()).abs();
|
||||
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
|
||||
|
||||
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name,
|
||||
serialNumber,
|
||||
startDate,
|
||||
endDate,
|
||||
x500Name,
|
||||
subjectPublicKeyInfo);
|
||||
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME)
|
||||
.build(keyPair.getPrivate());
|
||||
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
|
||||
|
||||
return certificateBuilder.build(signer);
|
||||
}
|
||||
|
||||
static final class SelfSignedKeys {
|
||||
private final byte[] x509Encoded;
|
||||
private final PrivateKey privateKey;
|
||||
|
|
|
|||
|
|
@ -78,19 +78,10 @@ dependencyVerification {
|
|||
['com.google.protobuf:protobuf-javalite:3.10.0',
|
||||
'215a94dbe100130295906b531bb72a26965c7ac8fcd9a75bf8054a8ac2abf4b4'],
|
||||
|
||||
['com.madgag.spongycastle:core:1.58.0.0',
|
||||
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
|
||||
|
||||
['com.madgag.spongycastle:pg:1.54.0.0',
|
||||
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
|
||||
|
||||
['com.madgag.spongycastle:pkix:1.54.0.0',
|
||||
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
|
||||
|
||||
['com.madgag.spongycastle:prov:1.58.0.0',
|
||||
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
|
||||
|
||||
['org.greenrobot:eventbus:3.0.0',
|
||||
'180d4212467df06f2fbc9c8d8a2984533ac79c87769ad883bc421612f0b4e17c'],
|
||||
|
||||
['org.whispersystems:signal-client-java:0.5.1',
|
||||
'682a8094d38a91c8759071b77177ed8196a7137314fdfbb17e819c9ca57a0397'],
|
||||
]
|
||||
}
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue